PRIMERGY BX900/BX400 Blade Server Systems -...

User Guide

PRIMERGY BX900/BX400 Blade Server Systems PRIMERGY 10GbE Connection Blade 18/8

Web-based Management InterfaceEnglish

2/198

Comments… Suggestions… Corrections… The User Documentation Department would like to know your opinion on this manual. Your feedback helps us to optimize our documentation to suit your individual needs.

Feel free to send us your comments by e-mail to: [email protected]

Certified documentation according to DIN EN ISO 9001:2008 To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2008.

cognitas. Gesellschaft für Technik-Dokumentation mbH www.cognitas.de

1/328

PRIMERGY 10 Gigabit Ethernet Connection Blade 18/8

Web-based Management Interface Guide V0300 Edition April 2012

2/328

Comments… Suggestions… Corrections… The User Documentation Department would like to know your opinion on this manual. Your feedback helps us to optimize our documentation to suit your individual needs.

Feel free to send us your comments by e-mail to: [email protected]

Certified documentation according to DIN EN ISO 9001:2008 To ensure a consistently high quality standard and user-friendliness, this documentation was created to meet the regulations of a quality management system which complies with the requirements of the standard DIN EN ISO 9001:2008.

cognitas. Gesellschaft für Technik-Dokumentation mbH www.cognitas.de

Copyright and Trademarks Copyright © Fujitsu Limited

Copyright © Fujitsu Technology Solutions GmbH 2012

All rights reserved.

Delivery subject to availability; right of technical modifications reserved.

All hardware and software names used are trademarks of their respective manufacturers.

3/328

Table of Contents 1. Switch mode Web Interface ................................................................................................. 5

1.1. Overview ....................................................................................................................................................... 5 1.1.1. Menu Options ................................................................................................................................................................................... 6

1.2. Management Menu ....................................................................................................................................... 8 1.2.1. Information ........................................................................................................................................................................................ 8 1.2.2. Configuration .................................................................................................................................................................................. 10 1.2.3. System Utilities ............................................................................................................................................................................... 14 1.2.4. File Management ............................................................................................................................................................................ 15 1.2.5. User Management .......................................................................................................................................................................... 18 1.2.6. Logging ........................................................................................................................................................................................... 20 1.2.7. Statistics ......................................................................................................................................................................................... 22 1.2.8. SNMP ............................................................................................................................................................................................. 28 1.2.9. RMON ............................................................................................................................................................................................. 30 1.2.10. SNTP ......................................................................................................................................................................................... 32 1.2.11. LLDP .......................................................................................................................................................................................... 35 1.2.12. DHCP Client .............................................................................................................................................................................. 40 1.2.13. IPv6 ............................................................................................................................................................................................ 41

1.3. Switching Menu .......................................................................................................................................... 42 1.3.1. Forwarding Database ..................................................................................................................................................................... 42 1.3.2. Port ................................................................................................................................................................................................. 43 1.3.3. VLAN .............................................................................................................................................................................................. 47 1.3.4. Protocol-based VLAN Config .......................................................................................................................................................... 50 1.3.5. GVRP ............................................................................................................................................................................................. 53 1.3.6. GMRP ............................................................................................................................................................................................. 57 1.3.7. IGMP .............................................................................................................................................................................................. 60 1.3.8. MLD ................................................................................................................................................................................................ 63 1.3.9. Multicast Forwarding Database ...................................................................................................................................................... 65 1.3.10. Link Aggregation ........................................................................................................................................................................ 65 1.3.11. Spanning Tree ........................................................................................................................................................................... 69 1.3.12. Port Backup ............................................................................................................................................................................... 77 1.3.13. IEEE802.1Q Tunneling .............................................................................................................................................................. 78 1.3.14. MAC Filter .................................................................................................................................................................................. 79

1.4. Security Menu ............................................................................................................................................. 81 1.4.1. Port Access Control ........................................................................................................................................................................ 81 1.4.2. RADIUS .......................................................................................................................................................................................... 92 1.4.3. TACACS+ ....................................................................................................................................................................................... 97 1.4.4. LDAP ............................................................................................................................................................................................ 102 1.4.5. AAA .............................................................................................................................................................................................. 106 1.4.6. Access Control List ....................................................................................................................................................................... 107 1.4.7. IP Filter ......................................................................................................................................................................................... 115 1.4.8. VLAN Filter ................................................................................................................................................................................... 116 1.4.9. Application Filter ........................................................................................................................................................................... 117

1.5. QoS Menu ................................................................................................................................................. 125 1.5.1. Port Configuration ......................................................................................................................................................................... 125 1.5.2. VLAN Configuration ...................................................................................................................................................................... 128 1.5.3. DSCP Rewriting ............................................................................................................................................................................ 129

2. End Host mode Web Interface ......................................................................................... 131 2.1. Overview ................................................................................................................................................... 131

2.1.1. Menu Options ............................................................................................................................................................................... 132 2.2. Management Menu ................................................................................................................................... 134

2.2.1. Information .................................................................................................................................................................................... 134 2.2.2. Configuration ................................................................................................................................................................................ 136 2.2.3. System Utilities ............................................................................................................................................................................. 140 2.2.4. File Management .......................................................................................................................................................................... 141 2.2.5. User Management ........................................................................................................................................................................ 144 2.2.6. Logging ......................................................................................................................................................................................... 146 2.2.7. Statistics ....................................................................................................................................................................................... 148 2.2.8. SNMP ........................................................................................................................................................................................... 154 2.2.9. RMON ........................................................................................................................................................................................... 156 2.2.10. SNTP ....................................................................................................................................................................................... 158 2.2.11. LLDP ........................................................................................................................................................................................ 161 2.2.12. DHCP Client ............................................................................................................................................................................ 166 2.2.13. IPv6 .......................................................................................................................................................................................... 167

2.3. Switching Menu ........................................................................................................................................ 168

4/328

2.3.1. Forwarding Database ................................................................................................................................................................... 168 2.3.2. Port ............................................................................................................................................................................................... 169 2.3.3. VLAN ............................................................................................................................................................................................ 173 2.3.4. Protocol-based VLAN Config ........................................................................................................................................................ 177 2.3.5. GVRP ........................................................................................................................................................................................... 179 2.3.6. GMRP ........................................................................................................................................................................................... 183 2.3.7. IGMP ............................................................................................................................................................................................ 187 2.3.8. MLD .............................................................................................................................................................................................. 190 2.3.9. Multicast Forwarding Database .................................................................................................................................................... 192 2.3.10. Link Aggregation ...................................................................................................................................................................... 192 2.3.11. Port Backup ............................................................................................................................................................................. 195 2.3.12. IEEE802.1Q Tunneling ............................................................................................................................................................ 196 2.3.13. MAC Filter ................................................................................................................................................................................ 197

2.4. Security Menu ........................................................................................................................................... 199 2.4.1. Port Access Control ...................................................................................................................................................................... 199 2.4.2. RADIUS ........................................................................................................................................................................................ 210 2.4.3. TACACS+ ..................................................................................................................................................................................... 215 2.4.4. LDAP ............................................................................................................................................................................................ 220 2.4.5. AAA .............................................................................................................................................................................................. 224 2.4.6. Access Control List ....................................................................................................................................................................... 225 2.4.7. IP Filter ......................................................................................................................................................................................... 233 2.4.8. VLAN Filter ................................................................................................................................................................................... 234 2.4.9. Application Filter ........................................................................................................................................................................... 235

2.5. QoS Menu ................................................................................................................................................. 243 2.5.1. Port Configuration ......................................................................................................................................................................... 243 2.5.2. VLAN Configuration ...................................................................................................................................................................... 246 2.5.3. DSCP Rewriting ............................................................................................................................................................................ 247

3. IBP mode Web Interface .................................................................................................. 249 3.1. Overview ................................................................................................................................................... 249

3.1.1. Menu Options ............................................................................................................................................................................... 250 3.2. Management Menu ................................................................................................................................... 252

3.2.1. Information .................................................................................................................................................................................... 252 3.2.2. Configuration ................................................................................................................................................................................ 253 3.2.3. System Utilities ............................................................................................................................................................................. 257 3.2.4. File Management .......................................................................................................................................................................... 258 3.2.5. User Management ........................................................................................................................................................................ 261 3.2.6. Logging ......................................................................................................................................................................................... 263 3.2.7. Statistics ....................................................................................................................................................................................... 265 3.2.8. SNMP ........................................................................................................................................................................................... 271 3.2.9. RMON ........................................................................................................................................................................................... 273 3.2.10. SNTP ....................................................................................................................................................................................... 275 3.2.11. LLDP ........................................................................................................................................................................................ 278 3.2.12. DHCP Client ............................................................................................................................................................................ 282 3.2.13. IPv6 .......................................................................................................................................................................................... 283

3.3. Group Administration Menu ...................................................................................................................... 284 3.3.1. Group List ..................................................................................................................................................................................... 284 3.3.2. Uplink Sets ................................................................................................................................................................................... 285 3.3.3. Port Groups .................................................................................................................................................................................. 288 3.3.4. VLAN Port Groups ........................................................................................................................................................................ 290 3.3.5. Service LAN .................................................................................................................................................................................. 292 3.3.6. Service VLAN ............................................................................................................................................................................... 294 3.3.7. Port Backup .................................................................................................................................................................................. 295 3.3.8. VLAN ............................................................................................................................................................................................ 297 3.3.9. Port ............................................................................................................................................................................................... 298 3.3.10. Link Aggregation ...................................................................................................................................................................... 301

3.4. Security Menu ........................................................................................................................................... 303 3.4.1. Port Access Control ...................................................................................................................................................................... 303 3.4.2. RADIUS ........................................................................................................................................................................................ 309 3.4.3. TACACS+ ..................................................................................................................................................................................... 313 3.4.4. LDAP ............................................................................................................................................................................................ 318 3.4.5. AAA .............................................................................................................................................................................................. 321 3.4.6. Application Filter ........................................................................................................................................................................... 322

3.5. QoS Menu ................................................................................................................................................. 327 3.5.1. Port Configuration ......................................................................................................................................................................... 327

5/328

1. Switch mode Web Interface 1.1. Overview PRIMERGY 10 Gigabit Ethernet Connection Blade 18/8 provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser. This software interface also allows for system monitoring and management of this connection blade. When you configure this for the first time from the console, you have to assign an IP address and subnet mask to this connection blade. Thereafter, you can access this Web software interface directly using your Web browser by entering its IP address into the address bar. In this way, you can use your Web browser to manage this connection blade form any remote PC station, just as if you ware directly connected to its console port.

Figure 1 Web Management Interface

6/328

1.1.1. Menu Options There are following Menu options in Web Interface in Switch Mode: Management, Switching, Security, and QoS. 1. Management Menu: This section provides information for configuring SNMP and trap manager, Ping, DHCP client, SNTP, system parameters including Hostname, in-band/out-of-band network management setting, Log setting, User management, configure file backup and so on.

Figure 2 2. Switching Menu: This section provides the setting that related to switching functions, such as forwarding mode, port configuration, VLAN, IGMP, Link Aggregation, Spanning Tree, and Port Backup etc,

Figure 3

7/328

3. Security Menu: This section provides users to configure security including IEEE802.1x, Radius, TACACS, LDAP, Access Control Lists, IP filter, VLAN filter etc.

Figure 4 4. QoS Menu: This section provides users to configure QoS setting like queue configuration, Diffserve/CoS configuration of port and vlan.

Figure 5

8/328

1.2. Management Menu 1.2.1. Information 1.2.1.1. Inventory Info

Figure 6 System Description

It displays the device name. Base MAC Address

It displays the MAC address in hexadecimal number of 12 digits. Boot ROM Version

It displays the ROM version. Runtime Version

It displays the firmware version and the time when the firmware is made. Memory

It displays the memory size of the device. ASIC Firmware

It displays the ASIC firmware version. Port

It displays the port number. Media type

It displays the module type. Vendor PN

It displays the vendor PN of the module. Status

It displays the module status.

9/328

1.2.1.2. ARP Cache

Figure 7 It displays the entry of ARP table. 1.2.1.3. NDP Cache

Figure 8 It displays the entries of NDP table.

10/328

1.2.2. Configuration 1.2.2.1. System Description


It displays the device name. Host Name

Please set the Host Name of this device within 32 characters. It cannot be deleted. System Name

Please set MIB variable "sysName" which means the machine name of this device within 32 characters. When it is omitted, it is considered that the "sysName" is not set.

System Location Please set MIB variable "sysLocation" which means the location of this device within 72 characters. When it is omitted, it is considered that the "sysLocation" is not set.

System Contact Please set MIB variable "sysContact" which means the admin name of this device within 40 characters. When it is omitted, it is considered that the "sysContact" is not set.

Engine ID Please set SNMP engine ID for SNMPv3 within 27 characters. When it is omitted, the engine ID will be generated automatically. The value of SNMP engine ID set to the device is as follows. When it is set

1st ~ 5th octet : Fixed as 0x800000d304 6th octet ~ after : Engine ID of this setting

When it is omitted 1st ~ 5th octet : Fixed as 0x800000d380 6th octet ~ after : Random value

IP Address Set the address of SNMP agent. When it is omitted, it is considered that the agent address is not set. The range that can be specified is as follows. Valid Range)

IPv4 address:

11/328

1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 IPv6 address: ::2 ~ fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

System Object ID It displays the Object ID of the device.

System Up Time It displays the startup time of the device.

1.2.2.2. In-Band Mgmt

Figure 10 IPv4 Address

Please set the IPv4 address. Please set it as DHCP client or set a static IPv4 address. When IPv4 address is changed, you have to input user/password again to login to WEB page.

IPv4 Static Route Please set the IPv4 Static Route. It can be set up to 4.

IPv6 Please set whether to use IPv6.

IPv6 Address Please set the IPv6 address when IPv6 is used. Please set to use the prefix distributed by RA or set a static IPv6 address. When IPv6 address is changed, you have to input user/password again to login to WEB page.

IPv6 DHCP Please set whether to use IPv6 DHCP.


Burned-in MAC Address It displays the MAC address used in In-Band Mgmt LAN.

Management VLAN ID Please set VLAN ID by integer within 1~4094.

12/328

1.2.2.3. Out-of-Band Mgmt








Burned-in MAC Address It displays the MAC address used in Out-of-Band Mgmt LAN.

13/328

1.2.2.4. Telnet Session

Figure 12 Auto Logout

Specify the length of the auto logout time within the range of 0 second ~ 86400 seconds(1 day). If the command input/output is not done from the client connected by telnet, after the period of the auto logout time, the telnet connection will be cut off automatically. The time unit can be specified as any of the (day), (hour), (minute), or (second).

1.2.2.5. Serial Port


Specify the length of the auto logout time within the range of 0 second ~ 86400 seconds(1 day). During the login state, if the command input/output is not done from the serial port, after the period of the auto logout time, it will be forced to logout. The time unit can be specified as any of the (day), (hour), (minute), or (second).

14/328

1.2.3. System Utilities 1.2.3.1. Save All Changes Saving all applied changes will cause all changes to configuration panels that were applied but not saved, to be saved, thus retaining their new values across a system reboot. 1.2.3.2. System Reset Resetting the switch will cause all operations of this switch to stop. This session will be broken and you will have to login again after the switch has rebooted. Any unsaved changes will be lost. 1.2.3.3. Set Config to Default Initialize the configuration and reboot the switch. 1.2.3.4. Set Passwords to Default Set the password of admin and user to default. 1.2.3.5. Ping

Figure 14 IPv4/IPv6 Address

Specify the IPv4 address or IPv6 address of sending destination. 1.2.3.6. DDNS Summary

It displays summary of dynamic DNS action.

15/328

1.2.4. File Management 1.2.4.1. Download to Switch

Figure 15 TFTP server IP Address

Set IPv4 or IPv6 address of TFTP server. TFTP File Path(Source)

Set the path on the TFTP server where to download the file. TFTP File Name(Source)

Set the name of the file to download. TFTP File Name(Target)

Set the file name of the downloaded file on this device. Set it from the follows. config1 Config Definition 1

config2 Config Definition 2

switch_firmware Switch Firmware

ibp_firmware IBP Firmware

sshkey SSH Key Information

16/328

1.2.4.2. Upload from Switch


Set IPv4 or IPv6 address of TFTP server. TFTP File Path(Target)

Set the path on the TFTP server where to upload the file. TFTP File Name(Target)

Set the file name of the uploaded file on TFTP server. TFTP File Name(Source)

Set the file name on this device to upload. Set it from the follows. running-config Config Definition in use

startup-config Config Definition when start up





17/328

1.2.4.3. Start-Up File

Figure 17 Change config definition or firm and then reset the device. Current Runtime File

It displays the name of the firm which is being used. Current Configuration File

It displays the name of the current configuration file, which is being used. Runtime File

Set the firm to be used when the device is started next time. Set it from the follows. switch_firm Switch Firm

ehm_firm EHM Firm

ibp_firm IBP Firm Configuration File

Set the name of configuration file which will be used as Startup-config when the device is started next time. Set it from the follows.


config2 Config Definition 2 Caution:

- "Save" button is disabled when "Configuration File" is different from "Current Configuration File". - When "Save" button is clicked, the selected "Runtime File" will be saved. - When "Save and Reset" button is clicked, the device will be reset with the selected parameter

18/328

1.2.4.4. Copy File

Figure 18 File Name

Set the name of configuration file which will be used to save running-config. Set it from the follows.


config2 Config Definition 2 1.2.4.5. Clear SSH Key Delete SSH user public key. 1.2.5. User Management 1.2.5.1. User Accounts

Figure 19

19/328

Please set the password used for operating the device. The admin password is the password used when the user name is "admin", and the user password is the password used when the user name is "user". The authority class is decided by login user, and the web pages which can be executed are different according to the authority class. It becomes the administrator class when login with "admin" and it becomes the general user class when login with "user". When login by console, TELNET or SSH, the admin password and the user password are used. When login by FTP or SFTP, the admin password is used. After input password it can be operated for 10 minutes. After that it needs to input password again to operate. Admin Password

Set the password within 64 characters. It is the password when user name is "admin". The authority class is administrator class when login with "admin".

User Password Set the password within 64 characters. It is the password when user name is "user". The authority class is general user class when login with "user".

Caution:

- If the password is set less than 7 characters, English letters only or numbers only, or if the admin password is deleted, it can be set or deleted normally. However, the warning message of weak password will be displayed.

User Account Extension

Please set whether to extend user accounts besides the fixed accounts(admin/user). enable Extend it. disable Do not extend it.

AAA Group Index Specify the group ID of AAA which is referred to when user authentication is done. Specify the group ID of AAA in decimal number of less than 10.

20/328

1.2.5.2. Login Session

Figure 20 It displays the information of login user.

Line It displays the connection type(console, http, ssh) and connection line.

User Name It displays the user name.

Class It displays the authority class of user.

Remote Host It displays the information of remote host.

Since It displays the login time.

Idle It displays the period of time without any operation. 1.2.6. Logging 1.2.6.1. Configuration – Syslog

Figure 21

21/328

Server Address Set IP address of the server where the system log information(message) will be sent.

Priority Specify the priority level from the follows for the system log information to be output. error Check it when priority LOG_ERROR is included in the ouput object. warn Check it when priority LOG_WARNING is included in the ouput object. notice Check it when priority LOG_NOTICE is included in the ouput object. info Check it when priority LOG_INFO is included in the ouput object.

Facility Set the facility of system log information within the range of 0~23 in decimal number.

Duplication Abbreviation Specify whether to abbreviate the message which is duplicated to the message output before, when output message to system log.

Command Logging Specify whether to output the command execution history to system log. As for the parameter of encrypted object, the log will be encrypted before output for security consideration.

1.2.6.2. View - System Log

Figure 22 It displays the system log information.

22/328

1.2.6.3. View - Error Log

Figure 23 It displays the hard error diagnosed in ROM or I/O driver and the error log information of system down. 1.2.7. Statistics 1.2.7.1. Port Summary

Figure 24 [Input Statistics] Octets

The number of octets of the data received bits/sec The number of received bits per second(bits/sec)

Frames The total number of frames received frames/sec

23/328

The number of received frames per second(frames/sec) Unicast

The number of unicast frames received frames/sec The number of received unicast frames per second(frames/sec)

Multicast/Broadcast The number of multicast/broadcast frames received frames/sec The number of received multicast/broadcast frames per second(frames/sec)

Discards DiscardsPkts The total number of discarded frames after received

Errors Oversize The number of oversize frames received(more than 1519 bytes without TAG, more than 1523 bytes with TAG). FCSErrors The number of frames where FCS errors are detected with the data size of 64~1518 bytes AlignmentErrors The number of received frames where Alignment errors are detected

[Output Statistics] Octets

The number of octets of the data sent bits/sec The number of sent bits per second(bits/sec)

Frames The total number of frames sent frames/sec The number of sent frames per second(frames/sec)

Unicast The number of unicast frames sent frames/sec The number of sent unicast frames per second(frames/sec)

Multicast/Broadcast The number of multicast/broadcast frames sent frames/sec

The number of sent multicast frames per second(frames/sec) Discards DiscardsPkts

The total number of discarded frames after sent Errors CarrierSenseErrors The total number of error frames due to undetected carrier ExcessiveCollisions The total number of error frames that failed to send due to a lot of collision

24/328

LateCollisions The total number of late collisions

SingleCollisionFrames

The total number of frames succeeded to send after one collision occurred. MultipleCollisionFrames

The total number of frames succeeded to send after several collisions occurred. DeferredTransmissions

The total number of frames delayed to send due to busy of transmission path. 1.2.7.2. Port Detailed


The number of octets of the data received bits/sec

The number of received bits per second(bits/sec) Frames

The total number of frames received frames/sec


The number of unicast frames received frames/sec

The number of received unicast frames per second(frames/sec) Multicast

The number of multicast frames received frames/sec

The number of received multicast frames per second(frames/sec) Broadcast

The number of broadcast frames received frames/sec

25/328

The number of received broadcast frames per second(frames/sec) Pause frames

The number of PAUSE frames received Mac Control frames

The number of MAC control frames received Priority pause 0 frames

The number of received pause frames for priority 0 Priority pause 1 frames







The number of received pause frames for priority 7 Discards All DiscardsPkts

The total number of discarded frames after received Resource Full

The number of discarded received frames due to insufficient resource Policy Discards

The number of discarded received frames due to discards policy VLAN dropped

The number of discarded received unicast frames due to no member of setting vlan Errors Undersize

The number of undersize frames received(under 64 bytes) FCSErrors

The number of frames where FCS errors are detected with the data size of 64~1518 bytes AlignmentErrors

The number of received frames where Alignment errors are detected FragmentErrors

The number of frames with short size(under 64 bytes) where FCS errors or alignment errors are detected

Jabbers Over size(more than 1519 bytes without TAG, or more than 1523 bytes with TAG)

SymbolErrors Over size(more than 1519 bytes without TAG, or more than 1523 bytes with TAG)

UnknownOpcodes Over size(more than 1519 bytes without TAG, or more than 1523 bytes with TAG)

26/328


The number of octets of the data sent bits/sec

The number of sent bits per second(bits/sec) Frames

The total number of frames sent frames/sec

The number of sent frames per second(frames/sec) Unicast

The number of unicast frames sent frames/sec

The number of sent unicast frames per second(frames/sec) Multicast

The number of multicast frames sent frames/sec

The number of sent multicast frames per second(frames/sec) Broadcast

The number of broadcast frames sent frames/sec

The number of sent broadcast frames per second(frames/sec) Pause frames

The number of PAUSE frames sent Mac Control frames

The number of MAC control frames sent Priority pause 0 frames

The number of sent pause frames for priority 0 Priority pause 1 frames







The number of sent pause frames for priority 7 Discards DiscardsPkts

The total number of discarded frames after received DelayExceededDiscards

The number of discarded frames due to exceeded delay

27/328

Errors Undersize


The number of frames where FCS errors are detected with the data size of 64~1518 bytes FragmentErrors


[Detail Statistics]

The number of frames per second accumulated by different frame size. 1.2.7.3. IP

Figure 26 It displays the statistics of IPv4 packets. 1.2.7.4. LACP It displays the statistics of LACP packets. The items won't be displayed if the Count is 0. 1.2.7.5. Net Time It displays the statistics of SNTP/TIME client. 1.2.7.6. SNMP It displays the statistics of SNMP.

28/328

1.2.8. SNMP 1.2.8.1. Community Config

Figure 27 SNMP Agent

Set whether to enable SNMP Agent function and SNMP Trap function. RMON

Set whether to use RMON function. Community Name

Specify the community name within 1~32 characters used when sending trap. Specify it as "public" for it to communicate with any SNMP manager.

IP Address Specify the address of the SNMP manager. Valid Range) IPv4 address: 1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 IPv6 address: ::2 ~ fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Access Mode Specify whether writing from SNMP manager is permitted.

Trap Mode Specify whether to send trap. Off Select it when not sending trap. V1 Select it when sending SNMPv1 trap. V2c Select it when sending SNMPv2 trap.

29/328

1.2.8.1.1. Trap Flags

Figure 28 Cold Start

Set to enable or disable the coldStart trap. Link Down

Set to enable or disable the linkDown trap. Link Up

Set to enable or disable the linkUp trap. Authentication

Set to enable or disable the authenticationFailure trap. Rising Alarm

Set to enable or disable the risingAlarm trap. Falling Alarm

Set to enable or disable the fallingAlarm trap. New Root

Set to enable or disable the newRoot trap. Topology Change

Set to enable or disable the topologyChange trap. LLDP Remote Tables Change

Set to enable or disable the lldpRemTablesChange trap. LLDP DCBX

Set to enable or disable all the following lldpXdcbx traps. lldpXdcbxMiscControlError lldpXdcbxMiscFeatureError lldpXdcbxMultiplePeers lldpXdcbxLldpTxDisabled lldpXdcbxLldpRxDisabled lldpXdcbxDupControlTlv lldpXdcbxDupFeatureTlv lldpXdcbxPeerNoFeat lldpXdcbxPeerNoResp lldpXdcbxPeerConfigMismatch

30/328

1.2.9. RMON 1.2.9.1. Alarm Config

Figure 29 Alarm ID

Specify ID of the RMON alarm group in decimal number value of 1 ~ 64. Sampling Variable

Specify the object identifier of MIB that will be checked with the threshold in the dot form or the alphanumeric character. The range that can be specified is as follows.

1 ~ 63(characters) The object identifier can only be specified with the following types.

INTEGER Integer32 Counter32 Counter64 Gauge32 TimeTicks

Sampling Interval Please set the interval time of checking the threshold within the range of 1 ~ 43200 (seconds). The unit can be specified as hour, minute or second.

Sampling Type Specify the type of checking threshold.

Absolute(default value) The current value is compared directly with the threshold. Delta The difference between the current value and the value when sampling it last time is compared with the threshold.

Rising-Threshold Specify the upper threshold of the RMON alarm group. The range that can be specified is as follows.

31/328

0 ~ 4294967295 Rising-Threshold Event ID

Specify the corresponding RMON event group id in decimal number which has been set in "Event ID" of [Event Config]. It is used as the event definition number which will be generated when the upper threshold is exceeded. The alarm event will not be generated when there is no specified definition number.

Falling-Threshold Specify the lower threshold of the RMON alarm group. The range that can be specified is as follows.

0 ~ 4294967295 Falling-Threshold Event ID

Specify the corresponding RMON event group id in decimal number which has been set in "Event ID" of [Event Config]. It is used as the event definition number which will be generated when the lower threshold is surpassed. The alarm event will not be generated when there is no specified definition number.

1.2.9.2. Event Config

Figure 30 Event ID

Specify ID of the RMON event group in decimal number value of 1 ~ 64. Type

Specify the notification method of this event(alarm). Blank No event processing. Log The log of the event will be kept. Trap The trap will be transmitted to the SNMP host who has the community name specified in "Community" of [Event Config]. Log-Trap The log of the event will be kept while the trap will be transmitted to the SNMP host who has the community name specified in "Community" of [Event Config].

32/328

Description Set the description of the RMON event group. Specify the explanation of the event (the note related to the content of the event) by the character string of 0x21, 0x23 ~ 0x7e. The range that can be specified is as follows.

1~ 127 (characters) Community

Specify the community name which will be set to the trap packets when the trap is sent. This setting is effective when the notification method specified in "Type" of [Event Config] is "Trap" or "Log-Trap". And the trap will be sent in the following case.

When the community name specified here has been set in [Community Config] of [SNMP]. The range that can be specified is as follows.

1 ~ 32(characters) 1.2.10. SNTP 1.2.10.1. Server Config

Figure 31 Client Mode

Please set the protocol when time information is acquired from the time server. Disable Time information is not acquired. SNTP Select it when the simple NTP protocol(UDP) is used. TIME Select it when the TIME protocol(TCP) is used. DHCP Select it when the protocol notified by DHCP is used.

IP Address IPv4 Address Specify the IPv4 address of the server that offers time information. The range that can be specified is as follows.

0.0.0.0 (from DHCP server)

33/328

1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 224.0.0.1 ~ 239.255.255.254 (Multicast) 255.255.255.255 (Broadcast)

IPv6 Address Specify the IPv6 address of the server that offers time information. The range that can be specified is as follows.

::2 ~ fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

Interface Please set the interface used to communicate with time server. When IPv4 address of server is multicast or broadcast address and protocol is SNTP, please set it other than "Auto". Otherwise, set it as "Auto". Auto Interface is auto-selected. Out-of-Band Use Out-of-Band interface(oob0). In-Band Use In-Band interface(lan0).

Interval Please set the acquisition cycle within the range of 0~10 day, when acquiring time information from the time server periodically. The time unit can be specified as any of the day, hour, minute or second. If it is omitted or 0 is set, time information will be acquired only when the device starts (restarts).

1.2.10.2. Server Status

Figure 32 Protocol

It displays the protocol when time information is acquired from the time server. Version

34/328

It displays the version of protocol. Last Update Time

It displays the last time when time information is acquired from server. Server IP Address

It displays the IP address of time server. Unicast Server Max Entries

It displays the maximum number of time server. 1.2.10.3. Current Time

Figure 33 Current Time

Set the current time. Please select from the following 3 methods. Set it as the time of PC used for setting. Set it from the SNTP/TIME server. Set it manually.

35/328

1.2.10.4. Time Zone Settings

Figure 34 Time Zone Hours

Please set the time difference(hour) from GMT(Greenwich Standard Time) in decimal number from 0 to 12.

Time Zone Minutes Please set the time difference(minute) from GMT in decimal number from 0 to 59.

Direction Please set whether it is before GMT or after GMT.

Before GMT It means it is ahead of GMT.

After GMT It means it is late than GMT. 1.2.11. LLDP 1.2.11.1. Configuration – Global Config

Figure 35

36/328

Transmit Interval Specify a fixed time interval to transmit LLDP information by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 32768 seconds. This setting is corresponding to the variable "msgTxInterval" of 802.1AB.

Transmit Delay Specify the minimum time interval to transmit LLDP information by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 1 second ~ 0.25 * <Interval> (no more than 8192 seconds). This setting is corresponding to the variable "txDelay" of 802.1AB.

Transmit Hold As for the time length that adjacent device should maintain LLDP information of this device, specify it by the count of "Transmit Interval" of LLDP. The range that can be specified is 2 times ~ 10 times, specify it by decimal number within the range of 2~10. TTL(no more than 65535 seconds) which is calculated by the method of [LLDP Transmit Interval * LLDP Transmit Hold] will be notified to the adjacent device. This setting is corresponding to the variable "msgTxHold" of 802.1AB.

Reinitialize Delay When the LLDP transmission is set to be disabled, after sending LLDP information with TTL value of 0, the internal state will be re-initialized. Specify the delay time of re-initialized by decimal number and time unit. The range that can be specified is 1second ~ 10seconds. This setting is corresponding to the variable "reinitDelay" of 802.1AB.

SNMP Notification Interval Specify the minimum time interval of the transmission of SNMP Notification Trap by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 3600 seconds. This setting is corresponding to the variable "NotificationInterval" of 802.1AB.

37/328

1.2.11.2. Configuration – Interface Config

Figure 36 Slot/Port

Select a port to set. Mode

Specify the action mode of the LLDP function at the specified port. Port Description

Specify whether to transmit Port Description TLV. System Name

Specify whether to transmit System Name TLV. System Description

Specify whether to transmit System Description TLV. System Capabilities

Specify whether to transmit System Capabilities TLV. Management Address

Specify whether to transmit Management Address TLV. Port VLAN ID

Specify whether to transmit IEEE802.1 Port VLAN ID TLV. Port and Protocol VLAN ID

Specify whether to transmit Protocol VLAN ID information. VLAN Name

Specify whether to transmit IEEE802.1 VLAN Name TLV. Protocol Identity

Specify whether to transmit IEEE802.1 Protocol VLAN Identity TLV. MAC PHY Configuration Status

Specify whether to transmit IEEE802.3 MAC/PHY Configuration/Status TLV. Power via MDI

Specify whether to transmit IEEE802.3 Power Via MDI TLV. Link Aggregation

Specify whether to transmit IEEE802.3 Link Aggregation TLV. Maximum Frame Size

Specify whether to transmit IEEE802.3 Maximum Frame Size TLV.

38/328

1.2.11.3. Information – Interface Summary

Figure 37 It displays the LLDP setup information at all physical ports where the LLDP function is enabled. The content of "Info" is as follows. About TLV

P Port Description TLV is transmitted N System Name TLV is transmitted D System Description TLV is transmitted C System Capabilities TLV is transmitted A Management Address TLV is transmitted - No Transmit (disable) Blank No Transmit (receive only)

About VLAN

P Port VLAN ID

p Port And Protocol VLAN ID

N VLAN Name I Protocol Identity - No Transmit (disable) Blank No Transmit (receive only)

About Configration

M MAC/PHY Configuration/Status P Power Via MDI L Link Aggregation F Maximum Frame Size

39/328

- No Transmit (disable) Blank No Transmit (receive only)

About SNMP

T SNMP Notification Trap - No Transmit (disable) Blank No Transmit (receive only)

1.2.11.4. Information – Statistics

It displays the LLDP statistics information. 1.2.11.5. Information – Local Info

Figure 38 It displays the LLDP setup information and LLDP transmission information at all physical ports where the LLDP function is enabled.

40/328

1.2.11.6. Information – Local Summary

Figure 39 It displays the number of physical ports where the LLDP function is enabled. 1.2.11.7. Information – Remote Info

It displays the detail information of adjacent device. 1.2.11.8. Information – Remote Summary

It displays the LLDP adjacent device information at all physical ports where the LLDP function is enabled.

1.2.12. DHCP Client 1.2.12.1. DHCP Restart Issues a DHCP client request for any IP interface that has been set to DHCP mode. 1.2.12.2. DHCPv6 Restart Issues a DHCPv6 client request for any IPv6 interface that has been set to DHCP mode.

41/328

1.2.13. IPv6 1.2.13.1. Statistics

Figure 40 It displays statistics information of IPv6 packets.

42/328

1.3. Switching Menu 1.3.1. Forwarding Database 1.3.1.1. Config

Figure 41 Forwarding Mode

Set the switching method. Buffering Mode

Set the mode of buffer control. When "max mode" is set, the buffer control mode of using maximum buffer will be used and it is possible that it will not operate according to the QoS operation settings. When "QoS mode" is set, the buffer control mode of using QoS priority will be used and the possibility of discarding frame becomes higher.

Aging Interval Specify Age Out Time of MAC Address Learning Table within the range of 10~ 3500 seconds.

43/328

1.3.1.2. Search

Figure 42 It displays the contents of Learning Table. You can specify a certain part of MAC address, VLAN ID or port name to display. 1.3.1.3. Clear To delete the Forwarding Database. 1.3.2. Port 1.3.2.1. Config

Figure 43 Enable/Disable Port

44/328

Specify whether to use ether port. Link Aggregation Group

Specify the group number of Link Aggregation group to be used. LACP Port Priority

Specify the LACP Port Priority. When LACP is not used, this definition means nothing.

Backup Group Specify the backup group number for using backup port. Set it as master port or backup port.

Master Master Port

Backup Backup Port STP Mode

Specify whether to use STP. Even if "enable" is set here, this setting is invalid when the STP operation mode of this device is "disable".

Flow Control Set the action of "send" and "receive" for the Flow Control Function.

Egress Permission Set the port list where forwarding is permitted. If the ports specified in the port list are Link Aggregation ports or backup ports, forwarding will be permitted for all the ports in the Link Aggregation group or backup group.

Start-up Link Status Set block state of the ports when the device starts or doing dynamic definition reflection.

Link Recovery Limit Specify the limit of Link Down frequency. It is the upper limit for the corresponding port to enter block state. When the Link Down frequency reaches the limit, the port which displays in system log will enter the block state.

Link Down Relay Set the list of the ports which will be relayed to Link Down(port block) when other ports Link Down. When the operation of Link Down Relay is done, it will be output in system log that the relayed port enters block state. In "Recovery Mode", the block release method can be set. It is used for the ports set in the relay port list information of the Link Down Relay function to be released from block state. When "Manual" is set as Recovery Mode, the relayed ports can be released from block state by the block release command or definition change. When "Auto" is set as Recovery Mode, besides block release command or definition change, the relayed ports can also be released from block state by Link Up of the ports set in the Link Down Relay function. In the case of "Auto" , when block release is done by Link Up, it will output to system log. In "Recovery Cause", specify block factor as the block release object of relay port list. When "Link Relay" is set, only the block factor of Link Down Relay function is the release object. When "All" is set, block release will be done for all block factors. In "Recovery Sync", the synchronization operation of the relay port list can be specified. When "Recovery Sync" is set as "Enable", by synchronization operation before the port link up, the relayed ports will stand by in block state by Link Down Relay. When "Recovery Sync" is set as "Disable", the synchronization operation will not be done.

45/328

ICMP Watching IP Address Please specify the destination IP address to monitor when using monitor function. ICMP ECHO packets will be sent from the ether port to the specified destination IP address, and existence can be confirmed by the response. Please do not set it as the IP address of the device itself. Please also confirm that the specified IP address is in the same subnet, or the monitor function may not operate normally.

ICMP Watching Interval Specify the normal sending interval of ICMP ECHO packets within the range of 1 second ~ 60 seconds(1 minute).

ICMP Watching Timeout Specify the timeout interval within the range of 5 seconds ~ 180 seconds(3 minutes). It is considered that monitor fails when reaching the timeout interval.

ICMP Watching Retry When there is no response for the normal sending ICMP ECHO packets, the ICMP ECHO packets will be resent. Specify the resend interval within the range of 1 second ~ (ICMP Watching Timeout) - 1 seconds.

Broadcast Storm Control Set the threshold of the traffic for broadcast storm. Set the data amount in 1 second within the range of 8Kbps~8Gbps. When the threshold is not set(text box is blank), the storm observation will not be done.

Multicast Storm Control Set the threshold of the traffic for multicast storm. Set the data amount in 1 second within the range of 8Kbps~8Gbps. When the threshold is not set(text box is blank), the storm observation will not be done.

Storm Control Action Specify the action when broadcast/multicast storm occurs.

Link down Block the port

Discard Discard the data that surpasses threshold Output Rate Control

The output rate is set by the unit of bps. The actual operation for the device is controlled by the value rounded down to the unit of 1/256 of 10Gbps (About 40Mbps).

LLDP Notification Trap Set whether to send SNMP Notification Trap when LLDP information is changed.

IEEE802.1Q Tunneling Mode Select whether to use IEEE802.1Q Tunneling. Even if "Enable" is set here, this setting is invalid when the IEEE802.1Q Tunneling mode of this device is "Disable".

MAC Learning Set the mac learning.

Converged Enhanced Ethernet mode Select whether to use Converged Enhanced Ethernet.

Priority group Set the Priority group number.

Weight Set the Weight within the range of 1~100.

Priority-based Flow Control

46/328

Select whether to use Priority-based Flow Control. Priority map

Set Priority group to each priority. Buffer optimization mode Select whether to enable the buffer optimization appropriate for the situation where PFC

enabled traffic is excessively congested. FCoE Priority

Set the priority of FCoE. FCoE use Select whether to use FCoE.

iSCSI-Priority Set the priority of iSCSI.

iSCSI use Select whether to use iSCSI.

Caution: - If total weight exceeds 100, Converged Enhanced Ethernet is invalid. - If more than 1 Priority-based Flow Control exist, port is disabled. - If Converged Enhanced Ethernet mode is "Disable" even if Priority group and Priority map are set, Converged Enhanced Ethernet is invalid. - If Priority group, Weight or Priority map is not set even if Converged Enhanced Ethernet mode is "Enable", Converged Enhanced Ethernet is invalid.

1.3.2.2. Summary

Figure 44 It displays the port information simply.

47/328

1.3.2.3. Mirroring

Figure 45 Target Port

Set the target port number. Source Port

Set the source port number in decimal number. If you want to specify two or more ports, delimit them by ","(comma).

Source Link Aggregation Group Set the source Link Aggregation Group number in decimal number. If you want to specify two or more Link Aggregation Groups, delimit them by ","(comma).

1.3.3. VLAN 1.3.3.1. Config

Figure 46

48/328

VLAN ID and Name

Select existing VLAN or newly created VLAN. Select "Create" to create a new one. However, if "Create" is selected but the port belongs to the new VLAN is not set, the VLAN will not be created.

VLAN ID Specify VLAN ID within the range of 1~4094 in decimal number.

VLAN Name Specify VLAN name with no more than 32 ASCII characters within the range of 0x21,0x23 ~ 0x7e.

VLAN Type It displays VLAN type. The contents are as follows.

Default It displays "Default" when VLAN ID is 1.

Static It displays "Static" for defined VLAN. Participation

It is set whether each port belongs to current VLAN or not. Include The corresponding port belongs to the VLAN.

Exclude The corresponding port does not belong to the VLAN. And if there is no corresponding port which belongs to the VLAN, the VLAN will be deleted.

Tagging Set the tag of each port.

Tagged Add tag to the corresponding port.

Untagged Remove tag from the corresponding port. 1.3.3.2. Status

Figure 47 VLAN ID

It displays VLAN ID. VLAN Name

It displays VLAN NAME.

49/328



Static It displays "Static" for defined VLAN. Slot/Port

It displays the ports which belong to the corresponding VLAN. 1.3.3.3. Forward Database Config

Figure 48 VLAN ID Specify VLAN ID within the range of 1 ~ 4094 in decimal number.

MAC Address Set the destination MAC address. Specify it in the format of xx:xx:xx:xx:xx:xx(xx is

hexadecimal of 2 digits). 00:00:00:00:00:00, broadcast or multicast can not be specified.

Slot/Port Select the corresponding port for the destination MAC address. If the selected port is a Link

Aggregation member port, the settings are effective for the Link Aggregation Group. If the selected port is a Backup port, the settings are effective for the working port of the Backup Port Group.

50/328

1.3.3.4. Forward Database Summary

Figure 49 It displays the contents of VLAN forward database.

VLANID VLANID

Number Destination MAC Address number

MAC Address Destination MAC Address

Slot/Port Corresponding forwarding port 1.3.3.5. Reset Config Exercising this function will cause all VLAN configuration parameters to be reset to their default values. 1.3.4. Protocol-based VLAN Config 1.3.4.1. Config

Figure 50 VLAN ID and Name

51/328

Select existing protocol VLAN or newly created protocol VLAN. Select "Create" to create a new one.

VLAN Name Specify VLAN name of protocol VLAN with no more than 32 ASCII characters within the range of 0x21,0x23 ~ 0x7e.

VLAN ID Specify VLAN ID of protocol VLAN within the range of 2 ~ 4094 in decimal number.

Protocol IPv4

Specify it as IPv4 protocol. It is the packets of EthernetII Ethertype=0800,0806,8035. IPv6

Specify it as IPv6 protocol. It is the packets of EthernetII Ethertype=86dd.

52/328

1.3.4.2. Summary VLAN Name

It displays VLAN name of protocol VLAN. VLAN ID

It displays VLAN ID of protocol VLAN. Protocol IPv4

It is specified as IPv4 protocol. It is the packets of EthernetII Ethertype=0800,0806,8035. IPv6

It is specified as IPv6 protocol. It is the packets of EthernetII Ethertype=86dd.

53/328

1.3.5. GVRP 1.3.5.1. GVRP - Global Config

Figure 51 GVRP Mode

Specify whether to use GVRP on this device. - Disable

GVRP is not to be used on this device. - Enable

GVRP is to be used on this device. 1.3.5.2. GVRP - Port Config

Figure 52 GVRP Mode

Specify whether to use GVRP on this port. - Disable


GVRP is to be used on this device. Registration Specify Registrar Administrative Control value of GVRP on this port.

- Normal Specify Registrar as Normal Registration on this port. The Registrar responds normally to incoming GVRP messages. Dynamic VLAN can be added or deleted on this port.

Static VLAN can not be configured through CLI command on this port. - Fixed

Specify Registrar as Registration Fixed on this port. The Registrar transmit GVRP messages, but Dynamic VLAN can not be added or deleted on this port.

54/328

Dynamic VLANs which have been configed on this port must be deleted. Static VLAN can be configed through CLI command on this port.

- Forbidden Specify Registrar as Registration Forbidden on this port. The Registrar transmit GVRP messages, but Dynamic VLAN can not be added or deleted on this port. Dynamic VLANs and static VLANs (exclude default VLAN) which have been configed on this port must be deleted. Static VLAN can not be configed through CLI command on this port.

Join Time Specify interval between transmitting of GVRP messages, within the range of 20 centiseconds to 16375 centiseconds. Default value is 20 centiseconds. If not set, default value will be used.

Leave Time Specify the time to wait after receiving an unregister request for a VLAN before deleting the associated entry, within the range of 45 centiseconds to 32760 centiseconds. Default value is 60 centiseconds. If not set, default value will be used.

Leaveall Time The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. Specify GVRP leaveall timer within the range of 50 centiseconds to 32765 centiseconds. Default value is 1000 centiseconds. If not set, default value will be used.

55/328

1.3.5.3. GVRP - Port Status

Figure 53 If GVRP is enabled, GVRP information will be displayed here. Port Port number.

Gvrp GVRP is enabled or disabled on this port.

Regist Registrar Administrative Control value of GVRP on this port.

join timer The time between the transmission of GARP PDUs registering (or re-registering) membership for a VLAN.

leave timer The time to wait after receiving an unregister request for a VLAN before deleting the associated entry.

leaveall timer The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration.

Vlan Dynamic VLAN registered by GVRP.

56/328

1.3.5.4. GVRP - Port Statistics

Figure 54 It displays the statistics of received and sent GVRP BPDU of the port which is selected. 1.3.5.5. GVRP – Clear Statistics GVRP statistics of all ports will be cleared when "clear" button be clicked.

57/328

1.3.6. GMRP 1.3.6.1. GMRP - Global Config

Figure 55 GMRP Mode

Specify whether to use GMRP on this device. - Disable

GMRP is not to be used on this device. - Enable

GMRP is to be used on this device. 1.3.6.2. GMRP – Port Config

Figure 56 GMRP Mode Specify whether to use GMRP on this port.

- Disable GMRP is not to be used on this port.

- Enable GMRP is to be used on this port.

Forward All Specify whether to forward all multicast packets through this port when GMRP is used on this device. Please set Forward All option as Enable when the port is connected to multicast router.

Join Time Specify interval between transmitting of GMRP messages, within the range of 20 centiseconds to 16375 centiseconds. Default value is 20 centiseconds. If not set, default value will be used.

Leave Time

58/328

Specify the time to wait after receiving an unregister request for a multicast MAC address before deleting the associated entry, within the range of 45 centiseconds to 32760 centiseconds. Default value is 60 centiseconds. If not set, default value will be used.

Leaveall Time The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. Specify GMRP leaveall timer within the range of 50 centiseconds to 32765 centiseconds. Default value is 1000 centiseconds. If not set, default value will be used.

1.3.6.3. GMRP – Port Status

Figure 57 If GMRP is enabled, GMRP information will be displayed here. Port Port number.

Gmrp GMRP is enabled or disabled on this port.

forward-all Forward all option is enabled or disabled on this port.

join timer The time between the transmission of GARP PDUs registering (or re-registering) membership for a multicast MAC address.

leave timer

59/328

The time to wait after receiving an unregister request for a multicast MAC address before deleting the associated entry.


1.3.6.4. GMRP – GMRP Registration Table

Figure 58 It displays multicast MAC address registered by GMRP and the corresponding port for each multicast MAC address. 1.3.6.5. GMRP – Port Statistics

Figure 59 It displays the statistics of received and sent GMRP BPDU of the port which is selected. 1.3.6.6. GMRP – Clear Statistics GMRP statistics of all ports will be cleared when "clear" button be clicked.

60/328

1.3.7. IGMP 1.3.7.1. IGMP Snooping – Config and Status

Figure 60 Admin Mode

Specify the operation mode of IGMP Snoop Function. Enable Enable IGMP Snoop Function.

Disable Disable IGMP Snoop Function. Local Multicast Group

Set the action when receiving packets of Local Multicast Group. Auto Join Multicast packets of local group can be transferred when it is received.

Watch Join When Membership Report of local group is received, it can be transferred.

Flooding Multicast packets of local group can be transferred.

61/328

1.3.7.2. IGMP Snooping – VLAN Config

Figure 61 VLAN ID

Specify VLAN ID within the range of 1 ~ 4094 in decimal number. Multicast Router Port

Specify the judging method of Multicast Router Port. Auto Multicast Router Port is judged dynamically. Yes Multicast Router Port is specified statically. Only the specified port is set as router port.

1.3.7.3. Snooping Querier – VLAN Config

Figure 62

62/328

VLAN ID

Specify VLAN ID within the range of 1 ~ 4094 in decimal number. Querier

Specify the operation mode of querier. Enable Operates as querier when multicast router does not exist. Disable Do not operate as querier regardless of the existence of multicast router.

IP Address Specify the source IP address for using IGMP snoop. The IP address set here will be set as source address in the IGMP packets sent from this device. The valid range is as follows.

0.0.0.0 1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254

IGMP Proxy Specify the mode of sending IGMP proxy response. Disable IGMP proxy response will not be sent. Enable IGMP proxy response will be sent.

Please specify it as "Disable" when the device using IGMP V1 exists. If querier operation mode is disabled, when multicast router does not exist, multicast transfer will be stopped.

1.3.7.4. Snooping Querier – VLAN Status It displays the information of IGMP snoop port.

63/328

1.3.8. MLD 1.3.8.1. MLD Snooping – Config and Status


Specify the operation mode of MLD Snoop Function. Enable Enable MLD Snoop Function.

Disable Disable MLD Snoop Function. Local Multicast Group

Set the action when receiving packets of Local Multicast Group. Flooding Multicast packets of local group can be transferred.

Watch Join When Membership Report of local group is received, it can be transferred. 1.3.8.2. MLD Snooping – VLAN Config

Figure 64

64/328

VLAN ID Specify VLAN ID within the range of 1 ~ 4094 in decimal number.

Multicast Router Port Specify the judging method of Multicast Router Port. Auto Multicast Router Port is judged dynamically. Yes Multicast Router Port is specified statically. Only the specified port is set as router port.


Figure 65 VLAN ID



IP Address Specify the source IP address for using MLD snoop. The IP address set here will be set as source address in the MLD packets sent from this device. The valid range is as follows.

FE80::/10 ... Link-Local Unicast address MLD Proxy

Specify the mode of sending MLD proxy response. Disable MLD proxy response will not be sent. Enable MLD proxy response will be sent.

65/328

If querier operation mode is disabled, when multicast router does not exist, multicast transfer will be stopped.

1.3.8.4. Snooping Querier – VLAN Status

It displays the information of MLD snoop port. 1.3.9. Multicast Forwarding Database 1.3.9.1. IGMP – IGMP Snooping Table

It displays the multicast listener information of IGMP Snoop. 1.3.9.2. IGMP – IGMP Statistics It displays the statistics information of IGMP Snoop. 1.3.9.3. MLD – MLD Snooping Table It displays the multicast listener information of MLD Snoop. 1.3.9.4. MLD – MLD Statistics It displays the statistics information of MLD Snoop. 1.3.10. Link Aggregation 1.3.10.1. LACP Config

Figure 66 System Priority

Set the LACP system priority. The Link Aggregation Group will exchange information with other Link Aggregation Group, then use the system priority to decide which one has higher priority. When they have the same system priority, the one with smaller system ID(Designated MAC Address + 1) has higher priority. When LACP is not used, this definition is meaningless.

BPDU Mode

66/328

Set whether to transfer BPDU frame when LACP function is ineffective. Enable Set as BPDU transfer mode. Disable Set as BPDU discard mode. When Link Aggregation has been set in the device, BPDU frame will not be transferred.

1.3.10.2. Group Config

Figure 67 Group

Set the Link Aggregation group id. Algorithm

Specify the load-balance algorithm. Source MAC Address Divide by source MAC address

Destination MAC Address Divide by destination MAC address

Both MAC Address Divide by both source and destination MAC address

Source IP Address Divide by source IP address

Destination IP Address Divide by destination IP address

Both IP Address Divide by XOR of source and destination IP address

Received Ethernet Port Divide by received Ethernet port Mode

Set the operation mode of Link Aggregation. When "Static" is set, it will compose the static Link Aggregation without using LACP. When "Active" or "Passive" is set, it is the dynamic Link Aggregation using LACP. In the "Active" mode, the LACPDU periodical transmission to remote LACP device will start voluntarily. In the "Passive" mode, as long as LACPDU is not received from remote LACP, LACPDU periodical transmission will not be done. In other words, Link Aggregation is not composed when both devices are in "Passive" mode.

67/328

Backup Group Specify the backup group number for using backup Link Aggregation. Set it as master port or backup port.

Master Master Port

Backup Backup Port Minimum Link

Set the Minimum number of member ports for Link Aggregation communication within the range of 1 ~ 10 in decimal number. If the number of ports united by Link Aggregation is less than the specified Minimum Link, communication can not be done in the Link Aggregation. And when the number of member ports falls below the specified Minimum Link because of trouble, etc, communication can not be done in the Link Aggregation.

Link Down Relay Set the list of the ports which will be relayed to Link Down(port block) when Link Aggregation is down. When the operation of Link Down Relay is done, it will be output in system log that the relayed port enters block state. In "Recovery Mode", the block release method can be set. It is used for the ports set in the relay port list information of the Link Down Relay function to be released from block state. When "Manual" is set as Recovery Mode, the relayed ports can be released from block state by the block release command or definition change. When "Auto" is set as Recovery Mode, besides block release command or definition change, the relayed ports can also be released from block state by Link Up of the ports set in the Link Down Relay function. In the case of "Auto" , when block release is done by Link Up, it will output to system log. In "Recovery Cause", specify block factor as the block release object of relay port list. When "Link Relay" is set, only the block factor of Link Down Relay function is the release object. When "All" is set, block release will be done for all block factors. In "Recovery Sync", the synchronization operation of the relay port list can be specified. When "Recovery Sync" is set as "Enable", by synchronization operation before the port link up, the relayed ports will stand by in block state by Link Down Relay. When "Recovery Sync" is set as "Disable", the synchronization operation will not be done.




ICMP Watching Retry

68/328

When there is no response for the normal sending ICMP ECHO packets, the ICMP ECHO packets will be resent. Specify the resend interval within the range of 1 second ~ (ICMP Watching Timeout) - 1 seconds.



Weight Set the Weight within the range of 1-100.

Priority-based Flow Control Select whether to use Priority-based Flow Control.

Priority map Set Priority group to each priority.

Buffer optimization mode Select whether to enable the buffer optimization appropriate for the situation where PFC enabled traffic is excessively congested.

FCoE Priority Set the priority of FCoE.

FCoE use Select whether to use FCoE.



Caution:

- If total weight exceeds 100, Converged Enhanced Ethernet is invalid. - If more than 1 Priority-based Flow Control exist, port is disabled. - If Converged Enhanced Ethernet mode is "Disable" even if Priority group and Priority map are set, Converged Enhanced Ethernet is invalid. - If Priority group, Weight or Priority map is not set even if Converged Enhanced Ethernet mode is "Enable", Converged Enhanced Ethernet is invalid.

69/328

1.3.11. Spanning Tree 1.3.11.1. Switch Config/Status

Figure 68 Spanning Tree Mode

Set the operation mode of Spanning Tree Protocol. Disable Select it when not using STP. STP Select it when using STP(802.1d). RSTP Select it when using RSTP(802.1w). MSTP Select it when using MSTP(802.1s).

Spanning Tree Forward BPDU Set whether to forward BPDU frame when STP function is disabled.

Region Name Set the MST region name of MST Structure Information. It is effective only for the MSTP operation mode.

Revision Level Set the revision level of MST Structure Information. It is effective only for the MSTP operation mode.

Spanning Tree Maximum Hops It displays valid hop count of the BPDU sent by Root Bridge. It is effective only for the MSTP operation mode. If hop count of the received BPDU is 0, it starts to send BPDU set with maximum hop count and this device operates as the Root Bridge of itself. The hop count will be subtracted each time it passed neighbor device. So if this device has Root Bridge and hop count is set as 1, Spanning Tree can be made only between this device and neighbor device.

1.3.11.2. CST

70/328

Figure 69 Bridge Priority

Specify the priority of this device in bridge network in decimal number within the range of 0 ~ 61440. The smaller value has higher priority. Please specify the value which can be divided by 4096(valid values).

Valid Values:

0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440

If the values other than the valid values are specified, the setting is ineffective.

Bridge Max Age (secs) Specify the effective period of the BPDU information sent from Root Bridge within the range of 6 seconds ~ 40 seconds. Bridge Max Age will be checked with Bridge Hello Time and Bridge Forward Delay, the rules are as follows.

Check with Bridge Forward Delay Bridge Max Age <= 2 × (Bridge Forward Delay - 1 second) Check with Bridge Hello Time Bridge Max Age >= 2 × (Bridge Hello Time + 1 second)

If any one of the above rules is not matched, it becomes invalid definition and the settings of Bridge Max Age, Bridge Hello Time and Bridge Forward Delay become invalid.

Bridge Hello Time (secs) Specify the sending interval of BPDU Structure Information when this device becomes Root Bridge within the range of 1 second ~ 10 seconds. If this device is not Root Bridge, the setting is ineffective.

Bridge Forward Delay (secs) Set the maximum forward delay within the range of 4 seconds ~ 30 seconds. If this device is not Root Bridge, the setting is ineffective.

Bridge ID It displays the Spanning Tree Bridge information of self device. Priority

71/328

It displays the bridge priority which is used to identify the bridge of this device. Address

It displays the MAC address which is used to identify the bridge of this device. Hello Time

It displays the sending interval(seconds) of BPDU Structure Information. Max Age

It displays the maximum meeting time(seconds) of BPDU Structure Information. Forward Delay

It displays the maximum forward delay time(seconds). BPDU Mode

It displays BPDU Forwarding function(on/off). STP Mode

It displays STP operation mode(disable/stp/rstp/mstp). Root ID

It displays Spanning Tree information of Root Bridge. Priority

It displays priority of Root Bridge. Address

It displays MAC address of Root Bridge. Cost

It displays the path cost value to Root Bridge. Port

It displays interface name of root port. It displays as follows when this device is Root Bridge.

Port 0 (This bridge is the root) Hello Time



It displays the maximum forward delay time(seconds).

72/328

1.3.11.3. MST

Figure 70 MST

Select instance ID. Priority

Specify the priority of bridge used in algorithm to decide the Root Bridge. Please specify the minimum value to set the bridge as Root Bridge. Please specify the value which can be divided by 4096(valid values). Valid Values:

0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440

If the values other than the valid values are specified, the setting is ineffective.

VLAN ID Specify the VLAN ID allocated to MSTP instance within the range of 1 ~ 4094 in decimal number. If you want to set two or more VLAN ID, delimit them by ","(comma). If you want to set consecutive numbers, delimit them by "-"(hyphen)(Example:"1-10,100,200").

MSTP Configuration Information It displays detail information of Spanning Tree of the instance. Region Name

It displays Region Name. Revision Level

It displays Revision Level. Instance ID

It displays Instance ID. Vlans

It displays Vlan ID which belongs to the instance. Root ID

It displays Spanning Tree information of Root Bridge.

73/328

Priority It displays priority of Root Bridge.

Address It displays MAC address of Root Bridge.

Cost It displays the path cost value to Root Bridge.

Port It displays interface name of root port. It displays as follows when this device is Root Bridge.

Port 0 (This bridge is the root) Hello Time



It displays the maximum forward delay time(seconds). Remaining Hops

It displays remaining hop count from Root Bridge. Bridge ID

It displays the Spanning Tree Bridge information of self device. Priority

It displays the bridge priority which is used to identify the bridge of this device. Address

It displays the MAC address which is used to identify the bridge of this device. Hello Time



It displays the maximum forward delay time(seconds). Hop count

It displays the hop count of maximum forward delay. BPDU Mode

It displays BPDU Forwarding function(on/off). STP Mode

It displays STP operation mode(disable/stp/rstp/mstp). Interface

It only displays the interface in action. Port ID

It displays the port ID of the specified instance and the port ID of the designated bridge of the specified instance.

Cost It displays path cost (it displays "*" behind numbers when calculated automatically) of the port of the specified instance and the designated path cost of the BPDU of specified instance.

Status It displays port state with one of the follows.

Disabled STP is disabled

74/328

Discarding Discarding State

Blocking Blocking State

Listening Listening State

Learning Learning State

Forwarding Forwarding State (Role)

It displays port role state with one of the follows. Disabled STP is disabled

Root Root Port

Designated Designated Port

Blocking Blocking Port

Alternate Alternate Port

Backup Backup Port Enable

It displays the operation state of port(displays as "*" when effective). Designated Bridge ID

It displays designated Bridge ID(priority and MAC address) of specified instance. 1.3.11.4. CST Port

Figure 71 Port Priority

Set the priority of the port. Please specify the value which can be divided by 16.(valid value) Valid Values: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240 If the values other than the valid values are specified, the setting is ineffective.

Port Path Cost

75/328

Set the path cost of the STP port. Specify the path cost within the range of 1 ~ 200000000 in decimal number. When "auto" is set, the cost is decided automatically.

Port STP Mode Set the STP operation mode of port. When the device is in MSTP(STP version(3)) operation mode, it can operate in STP/RSTP/MSTP. When the device is in RSTP(STP version(2)) operation mode, it can operate in STP/RSTP. When the device is in STP(STP version(0)) operation mode, it can operate in STP. When it is set other than the possible operation mode, the setting is ineffective.

STP Port Information It displays Spanning Tree Information of port.

1.3.11.5. MST Port

Figure 72 Port Priority

Set the priority of the port. Please specify the value which can be divided by 16.(valid value) Valid Values: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240 If the values other than the valid values are specified, the setting is ineffective.

Port Path Cost Set the path cost of the STP port. Specify the path cost within the range of 1 ~ 200000000 in decimal number. When "auto" is set, the cost is decided automatically.

MSTP Configuration Information It displays Spanning Tree Information of instance.

76/328

1.3.11.6. Statistics

Figure 73 BPDU statistics

It displays the statistics of received and sent BPDU.

77/328

1.3.12. Port Backup 1.3.12.1. Configuration

Figure 74 Group ID

Set the backup group id. Group Mode

Set the method for selecting the port to use when both ports can be used. Master Make use of the master port in preference.

Earlier Make use of the port which is link up (become usable) first. Standby Mode

Set the standby state of the backup ports. Link Up The backup port will standby in link up state.

Link Down The backup port will be link down to standby. Change Notify Use this field to configure change notify.

1.3.12.2. Status

Figure 75 It displays the information of the ports

78/328

1.3.13. IEEE802.1Q Tunneling 1.3.13.1. IEEE802.1Q Tunneling Configuration

Figure 76

Select whether to use IEEE802.1Q Tunneling. If "Enable" is selected, the IEEE802.1Q Tunneling will be done. If "Disable" is selected,the IEEE802.1Q Tunneling will not be done.

Caution: - Even if "Enable" is selected here, IEEE802.1Q Tunneling will be disabled if IEEE802.1Q Tunneling Mode is set as "Disable" in IEEE802.1Q Tunneling Mode of [Switching]-[Port]-[Config].

79/328

1.3.14. MAC Filter 1.3.14.1. Config

Figure 77 Filter Address

Set the MAC Filtering. The filtering operation specified in "Action" will be done to the packets corresponding to the MAC address, VLAN ID, IP, ICMP, TCP or UDP definition of the specified Access Control List.

1.3.14.2. IPv6 Config

Figure 78 IPv6 Filter Address

Set the IPv6 Filtering.

80/328

The filtering operation specified in "Action" will be done to the packets corresponding to the MAC address, VLAN ID, IPv6, ICMP, TCP or UDP definition of the specified Access Control List.

81/328

1.4. Security Menu 1.4.1. Port Access Control 1.4.1.1. Config – IEEE802.1X

Figure 79 IEEE802.1X Authentication

Select whether to use IEEE802.1X authentication for the device. If "Use" is selected, the IEEE802.1X authentication of the transmission source terminal will be done. If the result of the terminal authentication is success, the packets will be relayed; otherwise the packets will be discarded. If "Disuse" is selected, the IEEE802.1X authentication will not be done.

Caution: - Even if "Use" is selected here, IEEE802.1X authentication will be disabled if IEEE802.1X Authentication is set as "Disuse" in IEEE802.1X of [Security]-[Port Access Control]-[Port Config].

Authentication Method

Select the system default authentication unit as the authentication method. Caution:

- When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. - When the port in which WEB Authentication or MAC Address Authentication is also enabled exists, please set the same Authentication Method for all the authentication function.

EAPOL Transfer Mode

Select the transfer mode of EAPOL frames which is used for IEEE802.1X authentication. Transmit

When EAPOL frames are received, the frames will be transmitted to the ports with the same VLAN ID as the "untagged" VLAN ID set in the port where the frames are received.

Don't Transmit

82/328

EAPOL frames are not transmitted. Caution:

- EAPOL frame is forbidden to be transmitted in IEEE 802.1D. - EAPOL frame can not be transmitted when IEEE802.1X authentication is used. Please don't select "Transmit".

1.4.1.2. Config – Web Authentication

Figure 80 Authentication Function

Select whether to use Web authentication for the device. If "Use" is selected, the authentication will be done for the terminals where Web browser is used and only the communication of the successfully authenticated terminal is allowed. If "Disuse" is selected, Web authentication will not be done.

Caution: - Even if "Use" is selected here, WEB authentication will be disabled in the port where Web Authentication is set as "Disuse" in Web Authentication of [Security]-[Port Access Control]-[Port Config].

Authentication Protocol

Select authentication protocol of Web authentication.

83/328

1.4.1.3. Config – MAC Address Authentication


Select whether to use MAC address authentication for the device. If "Use" is selected, the MAC address authentication of the transmission source terminal will be done. If the result of the MAC address authentication is success, the packets will be relayed; otherwise the packets will be discarded. If "Disuse" is selected, the MAC address authentication will not be done.

Caution: - Even if "Use" is selected here, MAC address authentication will be disabled if MAC Address Authentication is set as "Disuse" in MAC Address Authentication of [Security]-[Port Access Control]-[Port Config].

Password

Specify the authentication password used for MAC address authentication. Specify it with a string composed of 0x21, 0x23~0x7e within 128 characters. If it is omitted, the MAC address of authentication terminal will be used as password.

Confirm Password Specify the password above once more.

Authentication Protocol Select authentication protocol of MAC address authentication.

84/328

1.4.1.4. Port Config – IEEE802.1X


Select whether to use IEEE802.1X authentication. If "Use" is selected, IEEE802.1X authentication of the source terminal of packets will be done. If the result is success, the packets will be relayed; otherwise the packets will be discarded. For the port where "Disuse" is selected, IEEE802.1X authentication will not be done. Even if "Use" is selected here, IEEE802.1X authentication will be disabled if authentication function is set as "Disuse" for the device.

Authentication Method Select the system default authentication unit as the authentication method. When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which WEB Authentication or MAC Address Authentication is also enabled exists, please set the same authentication method for all the authentication function.

AAA Group Specify AAA group ID within the range of 0 ~ 9 in decimal number used as reference when doing IEEE802.1X authentication.

Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of IEEE802.1X authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.

Wakeup On LAN Packet Mode Set forward mode of Wake On LAN packet. Only the Wake On LAN packet to Directed Broadcast Address can be forwarded.

85/328

EAPOL MAC Address Set the permitted destination MAC address of EAPOL frame.

Quiet Period Set the time it waits to begin re-authentication after first authentication of the terminal(Supplicant) failed. Set it within the range of 0 ~ 600 seconds. If 0 second is specified, after first authentication failed, authentication will not be restrained and it will access second authentication request immediately.

Transmit Period Set the sending interval of user ID request within the range of 1 ~ 600 seconds.

Supplicant Timeout Set the waiting time for EAP response from terminal(Supplicant) within the range of 1 ~ 600 seconds.

Maximum Requests Specify the EAP resending count when EAP response is not received. Specify the count within the range of 1 ~ 10.

Reauthentication Period Specify the re-authentication interval for terminal(Supplicant) within the range of 15 seconds ~ 18000 seconds. If 0 is specified, the re-authentication will not be done.

1.4.1.5. Port Config – Web Authentication

Figure 83 Web Authentication

Select whether to use Web authentication. If "Use" is selected, WEB authentication of the terminal using WEB browser will be done, only the terminal whose authentication result is success is permitted to do communication. For the port where "Disuse" is selected, WEB authentication will not be done. Even if "Use" is selected here, WEB authentication will be disabled if authentication function is set as "Disuse" for the device.


Select the system default authentication unit as the authentication method.

86/328

When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which IEEE802.1X Authentication or MAC Address Authentication is also enabled exists, please set the same authentication method for all the authentication function.

AAA Group Specify AAA group ID within the range of 0 ~ 9 in decimal number used as reference when doing WEB authentication.

Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of WEB authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.


Web Authentication Auto Logout Specify the valid time for Web authentication. If "Absolute" is selected, after authentication is done, the authentication will be released after the specified time (time unit is minute). If "Disable" is selected, Web authentication will not be released. Because it checks for Web authentication auto logout time every 30 seconds, the maximum difference with the real Web authentication auto logout time is 30 seconds. If physical port of this device is connected to switching HUB, etc, and two or more terminals are authenticated at one physical port, please set the Web authentication auto logout time. If "Disable"(not to release WEB authentication) is selected here, unless Link Down occurs at the physical port where authentication has completed for authenticated terminal, it can not access network through this device if the terminal is moved to other physical ports of this device. After authentication is released according to the settings of the Web authentication auto logout time, please connect the terminal to other physical ports of this device. If the terminal is connected to other physical ports of this device before authentication is released, it can not access network through this device until the authentication is released, or it needs to re-acquire the IP address of the connected terminal.

Authenticated Terminal Set the terminal which is permitted to do communication without WEB authentication. If "Disuse" is selected for "Web Authentication" or "Each Port" is selected for "Authentication Method", the settings here are ineffective. 00:00:00:00:00:00, broadcast or multicast can not be specified in MAC Address. If the VLAN specified by VLAN ID is unregistered, the settings are ineffective. The same address can not be registered to two or more ports. It is possible that the specified Authenticated Terminal can not do communication normally when it is connected to other ports.

87/328

1.4.1.6. Port Config – MAC Address Authentication

Figure 84 MAC Address Authentication

Select whether to use MAC Address authentication. If "Use" is selected, MAC address authentication of the source terminal of packets will be done. If it has the authenticated MAC address, the packets will be relayed; otherwise the packets will be discarded. For the port where "Disuse" is selected, MAC address authentication will not be done. Even if "Use" is selected here, MAC address authentication will be disabled if authentication function is set as "Disuse" for the device.

Authentication Method Select the system default authentication unit as the authentication method. When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which IEEE802.1X Authentication or WEB Authentication is also enabled exists, please set the same authentication method for all the authentication function.

AAA Group Specify AAA group ID within the range of 0 ~ 9 in decimal number used as reference when doing MAC address authentication.

Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of MAC address authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.


88/328

Authentication Result Hold Time Specify the result hold time of MAC address authentication. The re-authentication of successfully authenticated terminal will be done after the time specified in "Success" passed. The re-authentication of authentication failed terminal will not be done until the time specified in "Failure" passed. Because it checks for authentication result hold time every 30 seconds, the maximum difference with the real authentication result hold time is 30 seconds.

Authenticated Terminal Set the terminal which is permitted to do communication without MAC address authentication. If "Disuse" is selected for "MAC Address Authentication" or "Each Port" is selected for "Authentication Method", the settings here are ineffective. 00:00:00:00:00:00, broadcast or multicast can not be specified in MAC Address. If the VLAN specified by VLAN ID is unregistered, the settings are ineffective. The same address can not be registered to two or more ports. It is possible that the specified Authenticated Terminal can not do communication normally when it is connected to other ports.

1.4.1.7. Port Status – IEEE802.1X

Figure 85

It displays authentication information, including user name, authentication method, authentication state and statistics of authenticated successfully terminal(Supplicant).

Port Port Number

User User Name

EAP-Type Authentication method

Authentication Authentication State

- Means that the port has not been set or is not connected.

Authenticating In authentication processing

Authenticated Authentication Complete

89/328

Failure Authentication Failed

OK times Success times of Authentication

NG times Failure times of Authentication

Status Displays internal state of IEEE802.1X authentication.

S0: Before Authentication State S1: In Authentication State S2: Charge Starting State S3: Normal State S4: Charge Stopping State

VLAN VLAN ID

MAC address MAC address of terminal(Supplicant)

Since Time when authentication succeeded(Not update when re-authentication) 1.4.1.8. Port Status – Web Authentication

Figure 86

It displays Web authentication state. PORT Physical port number

USER User Name

MAC Authentication terminal number and MAC address

STATUS Web authentication status

Displays as one of the follows.

response Wait for authentication result after input ID and password

idle Wait for ID and password of Web authentication

success Web authentication succeed and VLAN ID has been allocated

VLAN VLAN ID

TYPE Authentication method

90/328


mac Authenticate for each MAC address

port Authenticate for each port

- VLAN has not been set

DATE Time when authentication succeeded 1.4.1.9. Port Status – MAC Address Authentication

Figure 87

It displays MAC address authentication state. Port Port number

Mode Authentication method



MAC Address MAC Address

Status Authentication State

idle No authentication terminal detected

response Wait for authentication result

success authentication succeed

permanent Authenticated Terminal

failure authentication failed or surpass authentication limit times

Note: Before authentication, it displays as "idle"

VLAN VLAN ID

Since Time when authentication started, succeeded or failed

91/328

1.4.1.10. Port Summary – Authentication Information It displays successfully authenticated terminal information of each authentication function(IEEE802.1X authentication , WEB authentication , MAC address authentication).

Port Port Number

Mode Authentication Method(at first line of each port)




Function successfully authenticated function

dot1x IEEE802.1X authentication

webauth Web authentication

macauth MAC address authentication

VLAN VLAN ID Note: For the port where successfully authenticated terminal does not exits, the items other than Port Number displays as "-".

92/328

1.4.1.11. Statistics – IEEE802.1X

It displays statistics information of IEEE802.1X authentication. 1.4.1.12. Statistics – Web Authentication

It displays statistics information of WEB authentication. 1.4.1.13. Statistics – MAC Address Authentication

It displays statistics information of MAC address authentication. 1.4.2. RADIUS 1.4.2.1. Config

Figure 88 AAA Group ID

Specify AAA group ID with the decimal number less than 10. Authentication Mode

Specify whether to use RADIUS authentication function. Authentication Source IP Address Set self IP address used to communicate with the RADIUS authentication server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254

IPv6: ::2 ~ fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff

fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Message-Authenticator

Set whether to do authentication by Message-Authenticator. When doing IEEE802.1X authentication, it will do authentication by Message-Authenticator regardless of this setting.

93/328

It can only be used for authentication request message in this device. Accounting Mode

Set whether to use RADIUS accounting function. Accounting Source IP Address

Set self IP address used to communicate with the RADIUS accounting server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Retry Interval

Set packets resent interval when there is no response from RADIUS server. The valid ranges are as follows.

1 ~ 10(seconds) Retry Times

Set packets resent count when there is no response from RADIUS server. The valid ranges are as follows.

1 ~ 10(times) Security Mode

Set security level when there is no response from RADIUS server. When "High" is selected, it operates as authentication failed. When "Normal" is selected, it operates as authentication succeeded.

94/328

1.4.2.2. Server Config

Figure 89 IP Address

Set IP address of RADIUS authentication server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Secret

Set the share key(RADIUS secret) between this device and RADIUS authentication server. Priority

Specify the priority used to decide which RADIUS server to use for authentication when there are several RADIUS servers in the same group. In the same group, the highest priority RADIUS server which is not in "dead" status will be used. If there is more than one RADIUS server with the highest priority, the RADIUS server to be used will be randomly decided.

Dead Time Specify the recover time it waits to recover to "alive" status automatically after RADIUS server enters "dead" status. If the response from RADIUS server is not received, that RADIUS server will be set as "dead" status and set as the lowest priority. The RADIUS server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.

- The specified Dead Time period passed

95/328

- After all the possible server enters "dead" status, the packets are sent to the RADIUS server in "dead" status, and response is received - Recover manually

The valid ranges are as follows. 0 ~ 86400(seconds)

If 0 is specified, it will not recover to "alive" status automatically. 1.4.2.3. Accounting Server Config


Set IP address of RADIUS accounting server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key(RADIUS secret) between this device and RADIUS accounting server. Priority Specify the priority used to decide which RADIUS server to use for authentication when there are several RADIUS servers in the same group. In the same group, the highest priority RADIUS server which is not in "dead" status will be used. If there is more than one RADIUS server with the highest priority, the RADIUS server to be used will be randomly decided.

Dead Time Specify the recover time it waits to recover to "alive" status automatically after RADIUS server enters "dead" status. If the response from RADIUS server is not received, that RADIUS server will be set as "dead" status and set as the lowest priority. The RADIUS server in "dead" status can not be used as

96/328

long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.

- The specified Dead Time period passed - After all the possible server enters "dead" status, the packets are sent to the RADIUS server in "dead" status, and response is received - Recover manually


If 0 is specified, it will not recover to "alive" status automatically. 1.4.2.4. Summary

It displays the status of RADIUS server. Type Server Type

Auth Authentication Server

Acct Accounting Server

No. Server definition Number

Server Address Server IP Address

Port Server Port Number

Pri Priority

State Server status

alive usable

dead no response

recover recover remaining time / recover standby time

When server status is "alive", displays as "-".

97/328

1.4.3. TACACS+ 1.4.3.1. Config


Specify AAA group ID within the range of 0 ~ 9 in decimal number. TACACS+ Service

Specify whether to use TACACS+ function. Timeout

Set timeout when there is no response from TACACS+ server. The valid ranges are as follows.

1 ~ 300(seconds) Authentication Security Mode

Set TACACS+ Authentication security operation when there is no response from server. When "High", it operates as a failure to authenticate. When "Normal", it operates as a success to authenticate.

Authorization Security Mode Set TACACS+ Authorization security operation when there is no response from server. When "High", it operates as a failure to authorize. When "Normal", it operates as a success to authorize.

98/328



To set the IP address of the TACACS+ authentication server. The IP Address of authentication server cannot be omitted. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key between this device and TACACS+ authentication server. It is considered that the share key is not set when omitted. Moreover, when it is not set, the communication between TACACS+ servers is not encrypted.

Priority To specify the priority of some TACACS+ servers in the same group, which decides which TACACS+ server to use at the time of authentication. In the same group, the highest priority TACACS+ server not in dead status will be used. If there are multiple TACACS+ servers with the highest priority, the used TACACS+ server will be decided randomly.

Dead Time Specify the recover time it waits to recover to "alive" status automatically after TACACS+ server enters "dead" status. If the response from TACACS+ server is not received, that TACACS+ server will be set as "dead" status and set as the lowest priority. The TACACS+ server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it

99/328

enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.

- The specified Dead Time period passed - After all the possible server enters "dead" status, the packets are sent to the TACACS+ server in "dead" status, and response is received - Recover manually


If 0 is specified, it will not recover to "alive" status automatically. Source IP Address

Source IP address used to communicate with the TACACS+ authentication server is set. Source IP address used to communicate with the authentication server is automatically allotted when it is not set. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 1.4.3.3. Authorization Server Config


To set the IP address of the TACACS+ authorization server. The IP Address of authorization server cannot be omitted. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

100/328

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key between this device and TACACS+ authorization server. It is considered that the share key is not set when omitted. Moreover, when it is not set, the communication between TACACS+ servers is not encrypted.

Priority To specify the priority of some TACACS+ servers in the same group, which decides which TACACS+ server to use at the time of authorization. In the same group, the highest priority TACACS+ server not in dead status will be used. If there are multiple TACACS+ servers with the highest priority, the used TACACS+ server will be decided randomly.

Dead Time Specify the recover time it waits to recover to "alive" status automatically after TACACS+ server enters "dead" status. If the response from TACACS+ server is not received, that TACACS+ server will be set as "dead" status and set as the lowest priority. The TACACS+ server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.


The value range can be specified as followed. 0~86400(second)

If specified 0, it does not automatically restore the alive status. Source IP Address

Source IP address used to communicate with the TACACS+ authorization server is set. Source IP address used to communicate with the authorization server is automatically allotted when it is not set. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff

101/328

1.4.3.4. Summary

It displays the status of TACACS+ server. Type Server Type

Authen Authentication Server

Author Authorization Server



Pri Priority

State Server status

alive usable

dead no response



102/328

1.4.4. LDAP 1.4.4.1. Config


Specify AAA group ID within the range of 0 ~ 9 in decimal number. LDAP Service

Specify whether to use LDAP Client function. Timeout

Set timeout when there is no response from LDAP server. The valid ranges are as follows.


Set LDAP Authentication security operation when there is no response from server. When "High", it operates as a failure to authenticate. When "Normal", it operates as a success to authenticate.

103/328



Specify AAA group ID within the range of 0 ~ 9 in decimal number. Server

Specify Server number within the range of 0 ~ 3 in decimal number. LDAP Server IP Address

Specify the IP address of LDAP authentication server. The IP Address of LDAP authentication server cannot be omitted. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff RDN attribute

Specify RDN attribute of Bind DN, default is empty string. Bind DN without RDN

Specify Partial Bind DN exclude RDN with it, default is empty string. Class attribute

Specify user class attribute, default is empty string. Admin class value

Specify Admin class value, default is empty string. If you want to specify two or more values, delimit them by ","(comma).

Priority Specify the priority of some LDAP servers in the same group, which decides which LDAP server to use at the time of authentication. In the same group, the highest priority LDAP server not in dead status will be used. If there are multiple LDAP servers with the highest priority, the used LDAP server will be decided randomly.

104/328

Dead Time Specify the recover time it waits to recover to "alive" status automatically after LDAP server enters "dead" status. If the response from LDAP server is not received, that LDAP server will be set as "dead" status and set as the lowest priority. The LDAP server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.

- The specified Dead Time period passed - After all the possible server enters "dead" status, the packets are sent to the LDAP server in "dead" status, and response is received - Recover manually



Source IP address used to communicate with the LDAP authentication server is set. Source IP address used to communicate with the authentication server is automatically allotted when it is not set. The value range can be specified as followed.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff Caution:

- For example, if RDN(Relative Distinguished Name) attribute is set as "cn"(common name), and Bind DN(Distinguished Name) without RDN is set as "dc=test,dc=com". When input user name is "root", and input password is "1234", then Bind DN sent to LDAP server will be "cn=root,dc=test,dc=com", and password sent to LDAP server will be "1234". - For example, If Class attribute is set as "uidNumber", and Admin class value is set as "1,2". According to LDAP search result, if value of "uidNumber" exists and equals to "1" or "2", it becomes "Administrator" class, otherwise it becomes "General User" class.

105/328

1.4.4.3. Summary

It displays the status of LDAP server. Type Server Type




Pri Priority

State Server status

alive usable

dead no response



106/328

1.4.5. AAA 1.4.5.1. Config


Specify AAA Group ID within 0 ~ 9 in decimal number. User Number

Specify definition number of AAA user information with decimal number of less than 1000. User ID

Specify user ID by characters of 0x21,0x23 ~ 0x7e within 128 characters. If it is used for MAC address authentication, please specify it as the MAC address of the terminal which is permitted to access with 12 digits of hexadecimal numbers(using lower case letters while not using ":" ,etc).

User Password Specify password for authentication by characters of 0x21,0x23 ~ 0x7e within 128 characters. If MAC address authentication is used and password has been set in MAC Address Authentication, please also set the same password here. If password has not been set in MAC Address Authentication, specify it as the MAC address of the terminal which is permitted to access with 12 digits of hexadecimal numbers(using lower case letters while not using ":" ,etc).

User Role Specify authority class of user as the login user information.

VLAN ID Specify VLAN ID allocated to supplicant(user terminal).

107/328

1.4.5.2. Summary

It displays the contents of AAA local database. No. User Definition Number

User ID User ID

User Role Authority Class of User

VLAN ID VLAN ID of User 1.4.6. Access Control List 1.4.6.1. IP Config

Figure 97 ACL ID

Specify ACL definition number with decimal number of less than 700. Source IP Address

Specify source IP address and mask bits to be the object of ACL. - IP address/mask bits(or mask value) Specify the combination of source IP address and mask bits to be the object of ACL. Please set the mask value with consecutive 1 from the highest bit. - any All the source IP address become the object of ACL.

Destination IP Address Specify destination IP address and mask bits to be the object of ACL.

- IP address/mask bits(or mask value) Specify the combination of destination IP address and mask bits to be the object of ACL. Please set the mask value with consecutive 1 from the highest bit. - any All the destination IP address become the object of ACL.

Protocol Specify protocol number to be the object of ACL.

108/328

- Protocol number Specify protocol number within 0 ~ 255 in decimal number to be the object of ACL. If "0" is specified, it displays as "any". (Example: ICMP:1, TCP:6, UDP:17 etc). - any All the protocol number become the object of ACL.

Type Of Service Specify the judging method of QoS to be the object of ACL.

- ToS Specify it when judge ACL object by ToS value. Specify ToS value within 0 ~ ff in hexadecimal number to be the object of ACL. - DSCP Specify it when judge ACL object by DSCP value. Specify DSCP value within 0 ~ 63 in decimal number to be the object of ACL. - Any All the ToS values and DSCP values become the object of ACL.

109/328


Figure 98 ACL ID

Specify ACL definition number with decimal number of less than 700. Source IPv6 Address

Specify source IPv6 address and prefix length to be the object of ACL. - IPv6 address/prefix length Specify the combination of source IPv6 address and prefix length to be the object of ACL. - any All the source IPv6 address become the object of ACL.

Destination IPv6 Address Specify destination IPv6 address and prefix length to be the object of ACL.

- IPv6 address/prefix length Specify the combination of destination IPv6 address and prefix length to be the object of ACL. - any All the destination IPv6 address become the object of ACL.



Traffic Class Specify the judging method of QoS to be the object of ACL.

- TC Specify it when judge ACL object by Traffic Class value. Specify TC value within 0 ~ ff in hexadecimal number to be the object of ACL.

110/328

- DSCP Specify it when judge ACL object by DSCP value. Specify DSCP value within 0 ~ 63 in decimal number to be the object of ACL. - Any All the TC values and DSCP values become the object of ACL.

1.4.6.3. TCP Config

Figure 99 ACL ID

Specify ACL definition number with decimal number of less than 700. IP Protocol

Specify IP protocol to be the object of ACL. Source Port Number

Specify source port number to be the object of ACL. - Port number Specify source port number within 1 ~ 65535 in decimal number to be the object of ACL. If you want to specify two or more ports, delimit them by ","(comma). By using ","(comma), the total number of source port and destination port can be set up to 10. The valid formats are as follows.

- decimal number within 1 ~ 65535 (Example: 65535 = 65535 port) - port number,port number, ... (Example: 10,20,30 = port of 10 and 20 and 30)

- any All the source port number become the object of ACL.

Destination Port Number Specify destination port number within 1 ~ 65535 in decimal number to be the object of ACL. The format is the same as source port number.

- any All the destination port number become the object of ACL.

111/328

1.4.6.4. UDP Config

Figure 100 ACL ID




- decimal number within 1 ~ 65535 (Example: 65535 = 65535 port) port number,port number, ... (Example: 10,20,30 = port of 10 and 20 and 30) - any All the source port number become the object of ACL.



112/328

1.4.6.5. ICMP Config

Figure 101 ACL ID


Specify IP protocol to be the object of ACL. ICMP Type

Specify ICMP TYPE to be the object of ACL. - ICMP TYPE Specify ICMP TYPE within 0 ~ 255 in decimal number to be the object of ACL. If you want to specify two or more ICMP TYPE, delimit them by ","(comma). By using ","(comma), the total number of ICMP TYPE can be set up to 10. The valid formats are as follows.

- decimal number within 0 ~ 255 (Example: 8 = ICMP TYPE 8) - ICMP TYPE,ICMP TYPE, ... (Example: 0,8,30 = ICMP TYPE of 0 and 8 and 30)

- any All the ICMP TYPE become the object of ACL.

ICMP CODE Specify ICMP CODE to be the object of ACL.

- ICMP CODE Specify ICMP CODE within 0 ~ 255 in decimal number to be the object of ACL. If you want to specify two or more ICMP CODE, delimit them by ","(comma). By using ","(comma), the total number of ICMP CODE can be set up to 10. The valid formats are as follows.

- decimal number within 0 ~ 255 (Example: 8 = ICMP CODE 8) - ICMP CODE,ICMP CODE, ... (Example: 0,8,30 = ICMP CODE of 0 and 8 and 30)

- any All the ICMP CODE become the object of ACL.

113/328

1.4.6.6. MAC Config

Figure 102 ACL ID

Specify ACL definition number with decimal number of less than 700. Source MAC Address

Specify source MAC address to be the object of ACL. - Unicast Specify the source MAC address to be the object. Specify it with the format of xx:xx:xx:xx:xx:xx(xx is hexadecimal of 2 digits) or "any". - Broadcast Select it when broadcast MAC address is the object. - Multicast Select it when multicast MAC address is the object.

Destination MAC Address Specify destination MAC address to be the object of ACL.

- Unicast Specify the destination MAC address to be the object. Specify it with the format of xx:xx:xx:xx:xx:xx(xx is hexadecimal of 2 digits) or "any". - Broadcast Select it when broadcast MAC address is the object. - Multicast Select it when multicast MAC address is the object.

Format Specify the frame format to be the object of ACL.

- Ether Specify it when the frame in Ethernet format is the object. Specify it within 5dd ~ ffff in hexadecimal number or "any". If it is specified as "any", or it is omitted, all the frame in Ethernet format become the object. - LLC Specify it when the frame in LLC format is the object.

114/328

Specify it within 0 ~ ffff in hexadecimal number or "any". If it is specified as "any", or it is omitted, all the frame in LLC format become the object. - Any All the frame become the object.

1.4.6.7. VLAN Config

Figure 103 ACL ID

Specify ACL definition number with decimal number of less than 700. VLAN ID

Specify VID as the object. The range of VID for ACL object is 1 ~ 4094 or "any". COS

Specify COS to be the object of ACL. - Any All the COS become the object. - Others Specify COS to be the object. The range of COS for ACL object is 0 ~ 7.

115/328

1.4.7. IP Filter 1.4.7.1. Config


Set IP Filter for the LAN interface. IP Filter is used to pass or reject the packets which match the address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE in ACL. It will be checked whether it is matched in the priority order set before, when it is matched the filtering operation will be done, and the following conditions will not be referred to. If none of the conditions is matched, the packets will be passed.


Figure 105

116/328

IPv6 Filter Address Set IPv6 Filter for the LAN interface. IP Filter is used to pass or reject the packets which match the IPv6 address, protocol, Traffic Class, DSCP value, port number, ICMP TYPE or ICMP CODE in ACL. It will be checked whether it is matched in the priority order set before, when it is matched the filtering operation will be done, and the following conditions will not be referred to. If none of the conditions is matched, the packets will be passed.

1.4.8. VLAN Filter 1.4.8.1. Config


Set the MAC filtering for each VLAN. The filtering operation specified in "Action" will be done to the input packets corresponding to the MAC address, VLAN ID, IP address, ICMP, TCP or UDP definition in the Access Control List specified by ACL.

117/328



Set the IPv6 filtering for each VLAN. The filtering operation specified in "Action" will be done to the input packets corresponding to the VLAN ID, IPv6 address, ICMP, TCP or UDP definition in the Access Control List specified by ACL.

1.4.9. Application Filter 1.4.9.1. FTP config

Figure 108

118/328

FTP IPv4 Server Set whether to enable IPv4 of FTP server function.

FTP IPv6 Server Set whether to enable IPv6 of FTP server function.

Filter Address Set application filter for FTP server function. The following definitions of ACL are used in application filter.

- ip Only use the source IP address and mask bits. If ip value is not set, the definition of filter is invalid and it will be ignored. - ip6 Only use the source IPv6 address and prefix length. If ip6 value is not set, the definition of filter for IPv6 is invalid and it will be ignored.

1.4.9.2. SFTP config

Figure 109 SFTP IPv4 Server

Set whether to enable IPv4 of SFTP server function. SFTP IPv6 Server

Set whether to enable IPv6 of SFTP server function. Filter Address

Set application filter for SFTP server function. The following definitions of ACL are used in application filter.

- ip Only use the source IP address and mask bits. If IP value is not set, the definition of filter is invalid and it will be ignored. - ip6 Only use the source IPv6 address and prefix length. If IPv6 value is not set, the definition of filter for IPv6 is invalid and it will be ignored.

*Note:

119/328

This definition is effective for both SSH server function and SFTP server function. Different filter settings can not be set in SSH server function and SFTP server function.

1.4.9.3. TELNET config

Figure 110 TELNET IPv4 Server

Set whether to enable IPv4 of TELNET server function. TELNET IPv6 Server

Set whether to enable IPv6 of TELNET server function. Filter Address

Set application filter for TELNET server function. The following definitions of ACL are used in application filter.


120/328

1.4.9.4. SSH config

Figure 111 SSH IPv4 Server

Set whether to enable IPv4 of SSH server function. SSH IPv6 Server

Set whether to enable IPv6 of SSH server function. Filter Address

Set application filter for SSH server function. The following definitions of ACL are used in application filter.


*Note: This definition is effective for both SSH server function and SFTP server function. Different filter settings can not be set in SSH server function and SFTP server function.

121/328

1.4.9.5. HTTP config

Figure 112 HTTP IPv4 Server

Set whether to enable IPv4 of HTTP server function. HTTP IPv6 Server

Set whether to enable IPv6 of HTTP server function. Filter Address

Set application filter for HTTP server function. The following definitions of ACL are used in application filter.


122/328

1.4.9.6. HTTPS config

Figure 113 HTTPS IPv4 Server

Set whether to enable IPv4 of HTTPS server function. HTTPS IPv6 Server

Set whether to enable IPv6 of HTTPS server function. Filter Address

Set application filter for HTTPS server function. The following definitions of ACL are used in application filter.


123/328

1.4.9.7. SNTP config

Figure 114 SNTP IPv4 Server

Set whether to enable IPv4 of SNTP server function. SNTP IPv6 Server

Set whether to enable IPv6 of SNTP server function. Filter Address

Set application filter for SNTP server function. The following definitions of ACL are used in application filter.


124/328

1.4.9.8. TIME config

Figure 115 TIME IPv4 Server(UDP)

Set whether to enable IPv4 of TIME server function by UDP. TIME IPv4 Server(TCP)

Set whether to enable IPv4 of TIME server function by TCP. TIME IPv6 Server(UDP)


Set whether to enable IPv6 of TIME server function by TCP. Filter Address

Set application filter for TIME server function. The following definitions of ACL are used in application filter.


1.5. QoS Menu 1.5.1. Port Configuration 1.5.1.1. Queue Config

Figure 116 Untagged Priority

Set tag priority value assigned to the untagged received packets of ether port. Output Mode

Set the QoS sending algorithm of ether port. Select from STRICT(send from higher priority sequentially) and DRR(Deficit round robin) method. If DRR is selected, specify lowest guarantee band for each queue. Please set it so that the total of specified band is 10Gbps.

Queue Mapping Specify which COS value the packets have and in which output queue the packets will be output. The queue with larger queue number has higher output priority.

126/328

1.5.1.2. Queue Summary

Figure 117

It displays the correspondence of packets COS value and storage queue. 1.5.1.3. Classification

Figure 118 IPv4 Type of Service field

Priority is decided by the value of IP Precedence field of the Type of Service field of IPv4. IPv6 Traffic Class field

Priority is decided by the value of upper 3 bits of Traffic Class field of IPv6.

127/328

1.5.1.4. Diffserve/COS Config

Figure 119 Packet Pattern

Set the packet pattern for QoS within the range of 0 to 63. The smaller number has higher priority. When some packet patterns are omitted or deleted, the packet patterns which have not been set will be omitted and only the ones with value will be set.

IP protocol Specify the protocol.

ACL Specify the ACL definition number of the Access Control List in which the packet pattern to be set for QoS is defined.

Action DSCP

When corresponded packets in Access Control List are IP packets, rewrite with DSCP value(upper 6 bits of TOS field in IP header).

ToS When corresponded packets in Access Control List are IP packets, rewrite with ip precedence value(upper 3 bits of TOS field in IP header).

Queue Change the queue of the output port used when corresponded input packets in Access Control List are output.

Value Rewrite Value

When DSCP is selected in "Action": Set the DSCP value after rewriting within 0 ~ 63 in decimal number.

When ToS is selected in "Action": Set the ip precedence value after rewriting within 0 ~ 7 in decimal number.

When Queue is selected in "Action": Set the queue number of the used output port within 0 ~ 7 in decimal number. The queue with larger value has higher output priority.

128/328

Change Queue It can be specified when DSCP or ToS is selected in "Action". After rewrite with DSCP value or ip precedence value, the queues with the value corresponding to the upper 3 bits of DSCP value or ip precedence value will be the output queue.

1.5.2. VLAN Configuration 1.5.2.1. Diffserve/COS Config


Set the packet pattern for QoS within the range of 0 to 63. The smaller number has higher priority.



Action DSCP




Value Rewrite Value


129/328




1.5.3. DSCP Rewriting 1.5.3.1. Config

Figure 121 DSCP Rewriting Address

Set DSCP rewriting values for LAN interface. The specified DSCP values between 0 ~ 63 will be rewrote to the packets corresponding to the address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE specified in ACL.

130/328


Figure 122 IPv6 DSCP Rewriting Address

Set DSCP rewriting values for LAN interface. The specified DSCP values between 0 ~ 63 will be rewrote to the packets corresponding to the IPv6 address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE specified in ACL.

131/328

2. End Host mode Web Interface

2.1. Overview PRIMERGY 10 Gigabit Ethernet Connection Blade 18/8 provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser. This software interface also allows for system monitoring and management of this connection blade. When you configure this for the first time from the console, you have to assign an IP address and subnet mask to this connection blade. Thereafter, you can access this Web software interface directly using your Web browser by entering its IP address into the address bar. In this way, you can use your Web browser to manage this connection blade form any remote PC station, just as if you ware directly connected to its console port.

Figure 123

132/328

2.1.1. Menu Options There are following Menu options in Web Interface in EHM: Management, Switching, Security, and QoS. 1. Management Menu: This section provides information for configuring SNMP and trap manager, Ping, DHCP client, SNTP, system parameters including Hostname, in-band/out-of-band network management setting, Log setting, User management, configure file backup and so on.

Figure 124 2. Switching Menu: This section provides the setting that related to switching functions, such as forwarding mode, port configuration, VLAN, IGMP, Link Aggregation, and Port Backup etc,

Figure 125

133/328

3. Security Menu: This section provides users to configure security including IEEE802.1x, Radius, TACACS, LDAP, Access Control Lists, IP filter, VLAN filter etc.

Figure 126 4. QoS Menu: This section provides users to configure QoS setting like queue configuration, Diffserve/CoS configuration of port and vlan.

Figure 127

134/328

2.2. Management Menu 2.2.1. Information 2.2.1.1. Inventory Info











It displays the module status.

135/328

2.2.1.2. ARP Cache

Figure 129 It displays the entry of ARP table. 2.2.1.3. NDP Cache

Figure 130 It displays the entries of NDP table.

136/328

2.2.2. Configuration 2.2.2.1. System Description











IPv4 address:

137/328

1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 IPv6 address: ::2 ~ fe7f:ffff:ffff:ffff:ffff:ffff:ffff:ffff fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff













138/328










139/328







140/328

2.2.3. System Utilities 2.2.3.1. Save All Changes Saving all applied changes will cause all changes to configuration panels that were applied but not saved, to be saved, thus retaining their new values across a system reboot. 2.2.3.2. System Reset Resetting the switch will cause all operations of this switch to stop. This session will be broken and you will have to login again after the switch has rebooted. Any unsaved changes will be lost. 2.2.3.3. Set Config to Default Initialize the configuration and reboot the switch. 2.2.3.4. Set Passwords to Default Set the password of admin and user to default. 2.2.3.5. Ping



It displays summary of dynamic DNS action.

141/328

2.2.4. File Management 2.2.4.1. Download to Switch









sshkey SSH Key Information

142/328

2.2.4.2. Upload from Switch











143/328

2.2.4.3. Start-Up File





ehm_firm EHM Firm




config2 Config Definition 2 Caution:


144/328

2.2.4.4. Copy File

Figure 140 File Name



config2 Config Definition 2 2.2.4.5. Clear SSH Key Delete SSH user public key. 2.2.5. User Management 2.2.5.1. User Accounts

Figure 141

145/328

Please set the password used for operating the device. The admin password is the password used when the user name is "admin", and the user password is the password used when the user name is "user". The authority class is decided by login user, and the web pages which can be executed are different according to the authority class. It becomes the administrator class when login with "admin" and it becomes the general user class when login with "user". When login by console, TELNET or SSH, the admin password and the user password are used. When login by FTP or SFTP, the admin password is used. After input password it can be operated for 10 minutes. After that it needs to input password again to operate. Admin Password



Caution:





146/328









Figure 143

147/328

Server Address Set IP address of the server where the system log information(message) will be sent.

Priority Specify the priority level from the follows for the system log information to be output. error Check it when priority LOG_ERROR is included in the ouput object. warn Check it when priority LOG_WARNING is included in the ouput object. notice Check it when priority LOG_NOTICE is included in the ouput object. info Check it when priority LOG_INFO is included in the ouput object.




2.2.6.2. View - System Log

Figure 144 It displays the system log information.

148/328

2.2.6.3. View - Error Log

Figure 145 It displays the hard error diagnosed in ROM or I/O driver and the error log information of system down. 2.2.7. Statistics 2.2.7.1. Port Summary


The number of octets of the data received bits/sec The number of received bits per second(bits/sec)

Frames The total number of frames received frames/sec

149/328


The number of unicast frames received frames/sec The number of received unicast frames per second(frames/sec)

Multicast/Broadcast The number of multicast/broadcast frames received frames/sec The number of received multicast/broadcast frames per second(frames/sec)

Discards DiscardsPkts The total number of discarded frames after received

Errors Oversize The number of oversize frames received(more than 1519 bytes without TAG, more than 1523 bytes with TAG). FCSErrors The number of frames where FCS errors are detected with the data size of 64~1518 bytes AlignmentErrors The number of received frames where Alignment errors are detected


The number of octets of the data sent bits/sec The number of sent bits per second(bits/sec)

Frames The total number of frames sent frames/sec The number of sent frames per second(frames/sec)

Unicast The number of unicast frames sent frames/sec The number of sent unicast frames per second(frames/sec)

Multicast/Broadcast The number of multicast/broadcast frames sent frames/sec


The total number of discarded frames after sent Errors CarrierSenseErrors The total number of error frames due to undetected carrier ExcessiveCollisions The total number of error frames that failed to send due to a lot of collision

150/328

LateCollisions The total number of late collisions

SingleCollisionFrames

The total number of frames succeeded to send after one collision occurred. MultipleCollisionFrames

The total number of frames succeeded to send after several collisions occurred. DeferredTransmissions

The total number of frames delayed to send due to busy of transmission path. 2.2.7.2. Port Detailed











151/328























152/328







The number of sent unicast frames per second(frames/sec) Multicast

The number of multicast frames sent frames/sec

The number of sent multicast frames per second(frames/sec) Broadcast

The number of broadcast frames sent frames/sec

The number of sent broadcast frames per second(frames/sec) Pause frames

The number of PAUSE frames sent Mac Control frames

The number of MAC control frames sent Priority pause 0 frames








The number of sent pause frames for priority 7 Discards DiscardsPkts


The number of discarded frames due to exceeded delay

153/328

Errors Undersize


The number of frames where FCS errors are detected with the data size of 64~1518 bytes FragmentErrors


[Detail Statistics]

The number of frames per second accumulated by different frame size. 2.2.7.3. IP

Figure 148 It displays the statistics of IPv4 packets. 2.2.7.4. LACP It displays the statistics of LACP packets. The items won't be displayed if the Count is 0. 2.2.7.5. Net Time It displays the statistics of SNTP/TIME client. 2.2.7.6. SNMP It displays the statistics of SNMP.

154/328









155/328

2.2.8.1.1. Trap Flags












156/328


Figure 151 Alarm ID









157/328







Figure 152 Event ID



158/328

Description Set the description of the RMON event group. Specify the explanation of the event (the note related to the content of the event) by the character string of 0x21, 0x23 ~ 0x7e. The range that can be specified is as follows.

1~ 127 (characters) Community

Specify the community name which will be set to the trap packets when the trap is sent. This setting is effective when the notification method specified in "Type" of [Event Config] is "Trap" or "Log-Trap". And the trap will be sent in the following case.






0.0.0.0 (from DHCP server)

159/328

1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 224.0.0.1 ~ 239.255.255.254 (Multicast) 255.255.255.255 (Broadcast)






Figure 154 Protocol


160/328




It displays the maximum number of time server. 2.2.10.3. Current Time



161/328








Figure 157

162/328

Transmit Interval Specify a fixed time interval to transmit LLDP information by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 32768 seconds. This setting is corresponding to the variable "msgTxInterval" of 802.1AB.




SNMP Notification Interval Specify the minimum time interval of the transmission of SNMP Notification Trap by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 3600 seconds. This setting is corresponding to the variable "NotificationInterval" of 802.1AB.

163/328


Figure 158 Slot/Port













Specify whether to transmit IEEE802.3 Power Via MDI TLV. Link Aggregation

Specify whether to transmit IEEE802.3 Link Aggregation TLV. Maximum Frame Size

Specify whether to transmit IEEE802.3 Maximum Frame Size TLV.

164/328




About VLAN

P Port VLAN ID



About Configration

M MAC/PHY Configuration/Status P Power Via MDI L Link Aggregation F Maximum Frame Size

165/328

- No Transmit (disable) Blank No Transmit (receive only)

About SNMP


2.2.11.4. Information – Statistics

It displays the LLDP statistics information. 2.2.11.5. Information – Local Info


166/328






167/328

2.2.13. IPv6 2.2.13.1. Statistics


168/328

2.3. Switching Menu 2.3.1. Forwarding Database 2.3.1.1. Config

Figure 163 Forwarding Mode

Set the switching method. Buffering Mode

Set the mode of buffer control. When "max mode" is set, the buffer control mode of using maximum buffer will be used and it is possible that it will not operate according to the QoS operation settings. When "QoS mode" is set, the buffer control mode of using QoS priority will be used and the possibility of discarding frame becomes higher.

Aging Interval Specify Age Out Time of MAC Address Learning Table within the range of 10~ 3500 seconds.

169/328

2.3.1.2. Search

Figure 164 It displays the contents of Learning Table. You can specify a certain part of MAC address, VLAN ID or port name to display. 2.3.1.3. Clear To delete the Forwarding Database. 2.3.2. Port 2.3.2.1. Config

Figure 165 Enable/Disable Port

Specify whether to use ether port. Pin-Group Specify the group number of Pin-Group to be used.

170/328

Link Aggregation Group Specify the group number of Link Aggregation group to be used.

LACP Port Priority Specify the LACP Port Priority. When LACP is not used, this definition means nothing.










Link down Block the port

Discard Discard the data that surpasses threshold Output Rate Control

The output rate is set by the unit of bps. The actual operation for the device is controlled by the value rounded down to the unit of 1/256 of 10Gbps (About 40Mbps).


IEEE802.1Q Tunneling Mode Select whether to use IEEE802.1Q Tunneling.

171/328

Even if "Enable" is set here, this setting is invalid when the IEEE802.1Q Tunneling mode of this device is "Disable".

Edge Relay Reflective Relay Mode Select the port reflective relay mode.



Weight Set the Weight within the range of 1~100.



Buffer optimization mode Select whether to enable the buffer optimization appropriate for the situation where PFC

enabled traffic is excessively congested. FCoE Priority

Set the priority of FCoE. FCoE use Select whether to use FCoE.



Caution: - If total weight exceeds 100, Converged Enhanced Ethernet is invalid. - If more than 1 Priority-based Flow Control exist, port is disabled. - If Converged Enhanced Ethernet mode is "Disable" even if Priority group and Priority map are set, Converged Enhanced Ethernet is invalid. - If Priority group, Weight or Priority map is not set even if Converged Enhanced Ethernet mode is "Enable", Converged Enhanced Ethernet is invalid.

172/328

2.3.2.2. Summary

Figure 166 It displays the port information simply.

173/328

2.3.2.3. Mirroring





2.3.3. VLAN 2.3.3.1. Config

Figure 168

174/328

VLAN ID and Name

Select existing VLAN or newly created VLAN. Select "Create" to create a new one. However, if "Create" is selected but the port belongs to the new VLAN is not set, the VLAN will not be created.

VLAN ID Specify VLAN ID within the range of 1~4094 in decimal number.

VLAN Name Specify VLAN name with no more than 32 ASCII characters within the range of 0x21,0x23 ~ 0x7e.



Static It displays "Static" for defined VLAN. Participation

It is set whether each port belongs to current VLAN or not. Include The corresponding port belongs to the VLAN.

Exclude The corresponding port does not belong to the VLAN. And if there is no corresponding port which belongs to the VLAN, the VLAN will be deleted.

Tagging Set the tag of each port.

Tagged Add tag to the corresponding port.

Untagged Remove tag from the corresponding port. 2.3.3.2. Status

Figure 169 VLAN ID

It displays VLAN ID. VLAN Name

It displays VLAN NAME.

175/328



Static It displays "Static" for defined VLAN. Slot/Port

It displays the ports which belong to the corresponding VLAN. 2.3.3.3. Forward Database Config


MAC Address Set the destination MAC address. Specify it in the format of xx:xx:xx:xx:xx:xx(xx is

hexadecimal of 2 digits). 00:00:00:00:00:00, broadcast or multicast can not be specified.

Slot/Port Select the corresponding port for the destination MAC address. If the selected port is a Link

Aggregation member port, the settings are effective for the Link Aggregation Group. If the selected port is a Backup port, the settings are effective for the working port of the Backup Port Group.

176/328



VLANID VLANID



Slot/Port Corresponding forwarding port 2.3.3.5. Reset Config Exercising this function will cause all VLAN configuration parameters to be reset to their default values.

177/328

2.3.4. Protocol-based VLAN Config 2.3.4.1. Config

Figure 172 VLAN ID and Name

Select existing protocol VLAN or newly created protocol VLAN. Select "Create" to create a new one.

VLAN Name Specify VLAN name of protocol VLAN with no more than 32 ASCII characters within the range of 0x21,0x23 ~ 0x7e.

VLAN ID Specify VLAN ID of protocol VLAN within the range of 2 ~ 4094 in decimal number.

Protocol IPv4

Specify it as IPv4 protocol. It is the packets of EthernetII Ethertype=0800,0806,8035. IPv6

Specify it as IPv6 protocol. It is the packets of EthernetII Ethertype=86dd.

178/328

2.3.4.2. Summary VLAN Name

It displays VLAN name of protocol VLAN. VLAN ID

It displays VLAN ID of protocol VLAN. Protocol IPv4

It is specified as IPv4 protocol. It is the packets of EthernetII Ethertype=0800,0806,8035. IPv6

It is specified as IPv6 protocol. It is the packets of EthernetII Ethertype=86dd.

179/328

2.3.5. GVRP 2.3.5.1. GVRP - Global Config

Figure 173 GVRP Mode

Specify whether to use GVRP on this device. - Disable


GVRP is to be used on this device. 2.3.5.2. GVRP - Port Config

Figure 174 GVRP Mode

Specify whether to use GVRP on this port. - Disable


GVRP is to be used on this device. Registration Specify Registrar Administrative Control value of GVRP on this port.

- Normal Specify Registrar as Normal Registration on this port. The Registrar responds normally to incoming GVRP messages. Dynamic VLAN can be added or deleted on this port.

Static VLAN can not be configured through CLI command on this port. - Fixed

Specify Registrar as Registration Fixed on this port.

180/328

The Registrar transmit GVRP messages, but Dynamic VLAN can not be added or deleted on this port. Dynamic VLANs which have been configed on this port must be deleted. Static VLAN can be configed through CLI command on this port.

- Forbidden Specify Registrar as Registration Forbidden on this port. The Registrar transmit GVRP messages, but Dynamic VLAN can not be added or deleted on this port. Dynamic VLANs and static VLANs (exclude default VLAN) which have been configed on this port must be deleted. Static VLAN can not be configed through CLI command on this port.

Join Time Specify interval between transmitting of GVRP messages, within the range of 20 centiseconds to 16375 centiseconds. Default value is 20 centiseconds. If not set, default value will be used.

Leave Time Specify the time to wait after receiving an unregister request for a VLAN before deleting the associated entry, within the range of 45 centiseconds to 32760 centiseconds. Default value is 60 centiseconds. If not set, default value will be used.

Leaveall Time The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. Specify GVRP leaveall timer within the range of 50 centiseconds to 32765 centiseconds. Default value is 1000 centiseconds. If not set, default value will be used.

181/328

2.3.5.3. GVRP - Port Status

Figure 175 If GVRP is enabled, GVRP information will be displayed here. Port Port number.

Gvrp GVRP is enabled or disabled on this port.

Regist Registrar Administrative Control value of GVRP on this port.

join timer The time between the transmission of GARP PDUs registering (or re-registering) membership for a VLAN.

leave timer The time to wait after receiving an unregister request for a VLAN before deleting the associated entry.


Vlan Dynamic VLAN registered by GVRP.

182/328

2.3.5.4. GVRP - Port Statistics

Figure 176 It displays the statistics of received and sent GVRP BPDU of the port which is selected. 2.3.5.5. GVRP – Clear Statistics GVRP statistics of all ports will be cleared when "clear" button be clicked.

183/328

2.3.6. GMRP 2.3.6.1. GMRP - Global Config

Figure 177 GMRP Mode

Specify whether to use GMRP on this device. - Disable

GMRP is not to be used on this device. - Enable

GMRP is to be used on this device. 2.3.6.2. GMRP – Port Config

Figure 178 GMRP Mode Specify whether to use GMRP on this port.

- Disable GMRP is not to be used on this port.

- Enable GMRP is to be used on this port.

Forward All Specify whether to forward all multicast packets through this port when GMRP is used on this device. Please set Forward All option as Enable when the port is connected to multicast router.

Join Time Specify interval between transmitting of GMRP messages, within the range of 20 centiseconds to 16375 centiseconds. Default value is 20 centiseconds. If not set, default value will be used.

184/328

Leave Time Specify the time to wait after receiving an unregister request for a multicast MAC address before deleting the associated entry, within the range of 45 centiseconds to 32760 centiseconds. Default value is 60 centiseconds. If not set, default value will be used.

Leaveall Time The Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll PDU indicates that all registrations will shortly be deregistered. Participants will need to rejoin in order to maintain registration. Specify GMRP leaveall timer within the range of 50 centiseconds to 32765 centiseconds. Default value is 1000 centiseconds. If not set, default value will be used.

2.3.6.3. GMRP – Port Status

Figure 179 If GMRP is enabled, GMRP information will be displayed here. Port Port number.

Gmrp GMRP is enabled or disabled on this port.

forward-all Forward all option is enabled or disabled on this port.

join timer The time between the transmission of GARP PDUs registering (or re-registering) membership for a multicast MAC address.

leave timer

185/328

The time to wait after receiving an unregister request for a multicast MAC address before deleting the associated entry.


2.3.6.4. GMRP – GMRP Registration Table

Figure 180 It displays multicast MAC address registered by GMRP and the corresponding port for each multicast MAC address. 2.3.6.5. GMRP – Port Statistics

Figure 181 It displays the statistics of received and sent GMRP BPDU of the port which is selected. 2.3.6.6. GMRP – Clear Statistics GMRP statistics of all ports will be cleared when "clear" button be clicked.

186/328

187/328

2.3.7. IGMP 2.3.7.1. IGMP Snooping – Config and Status


Specify the operation mode of IGMP Snoop Function. Enable Enable IGMP Snoop Function.

Disable Disable IGMP Snoop Function. Local Multicast Group

Set the action when receiving packets of Local Multicast Group. Auto Join Multicast packets of local group can be transferred when it is received.

Watch Join When Membership Report of local group is received, it can be transferred.

Flooding Multicast packets of local group can be transferred.

188/328

2.3.7.2. IGMP Snooping – VLAN Config

Figure 183 VLAN ID

Specify VLAN ID within the range of 1 ~ 4094 in decimal number. Multicast Router Port

Specify the judging method of Multicast Router Port. Auto Multicast Router Port is judged dynamically. Yes Multicast Router Port is specified statically. Only the specified port is set as router port.


Figure 184

189/328

VLAN ID



IP Address Specify the source IP address for using IGMP snoop. The IP address set here will be set as source address in the IGMP packets sent from this device. The valid range is as follows.

0.0.0.0 1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254

IGMP Proxy Specify the mode of sending IGMP proxy response. Disable IGMP proxy response will not be sent. Enable IGMP proxy response will be sent.

Please specify it as "Disable" when the device using IGMP V1 exists. If querier operation mode is disabled, when multicast router does not exist, multicast transfer will be stopped.

2.3.7.4. Snooping Querier – VLAN Status It displays the information of IGMP snoop port.

190/328

2.3.8. MLD 2.3.8.1. MLD Snooping – Config and Status


Specify the operation mode of MLD Snoop Function. Enable Enable MLD Snoop Function.

Disable Disable MLD Snoop Function. Local Multicast Group

Set the action when receiving packets of Local Multicast Group. Flooding Multicast packets of local group can be transferred.

Watch Join When Membership Report of local group is received, it can be transferred. 2.3.8.2. MLD Snooping – VLAN Config

Figure 186

191/328

VLAN ID Specify VLAN ID within the range of 1 ~ 4094 in decimal number.

Multicast Router Port Specify the judging method of Multicast Router Port. Auto Multicast Router Port is judged dynamically. Yes Multicast Router Port is specified statically. Only the specified port is set as router port.


Figure 187 VLAN ID



IP Address Specify the source IP address for using MLD snoop. The IP address set here will be set as source address in the MLD packets sent from this device. The valid range is as follows.

FE80::/10 ... Link-Local Unicast address MLD Proxy

Specify the mode of sending MLD proxy response. Disable MLD proxy response will not be sent. Enable MLD proxy response will be sent.

192/328

If querier operation mode is disabled, when multicast router does not exist, multicast transfer will be stopped.

2.3.8.4. Snooping Querier – VLAN Status

It displays the information of MLD snoop port. 2.3.9. Multicast Forwarding Database 2.3.9.1. IGMP – IGMP Snooping Table

It displays the multicast listener information of IGMP Snoop. 2.3.9.2. IGMP – IGMP Statistics It displays the statistics information of IGMP Snoop. 2.3.9.3. MLD – MLD Snooping Table It displays the multicast listener information of MLD Snoop. 2.3.9.4. MLD – MLD Statistics It displays the statistics information of MLD Snoop. 2.3.10. Link Aggregation 2.3.10.1. LACP Config



193/328


Figure 189 Group

Set the Link Aggregation group id. Pin-Group Specify the group number of Pin-Group to be used.

Algorithm Specify the load-balance algorithm.

Source MAC Address Divide by source MAC address

Destination MAC Address Divide by destination MAC address

Both MAC Address Divide by both source and destination MAC address

Source IP Address Divide by source IP address

Destination IP Address Divide by destination IP address

Both IP Address Divide by XOR of source and destination IP address

Received Ethernet Port Divide by received Ethernet port Mode


Minimum Link Set the Minimum number of member ports for Link Aggregation communication within the range of 1 ~ 10 in decimal number. If the number of ports united by Link Aggregation is less than the specified Minimum Link, communication can not be done in the Link Aggregation.

194/328

And when the number of member ports falls below the specified Minimum Link because of trouble, etc, communication can not be done in the Link Aggregation.







Weight Set the Weight within the range of 1-100.



Buffer optimization mode Select whether to enable the buffer optimization appropriate for the situation where PFC enabled traffic is excessively congested.

FCoE Priority Set the priority of FCoE.

FCoE use Select whether to use FCoE.



Caution:

- If total weight exceeds 100, Converged Enhanced Ethernet is invalid. - If more than 1 Priority-based Flow Control exist, port is disabled. - If Converged Enhanced Ethernet mode is "Disable" even if Priority group and Priority map are set, Converged Enhanced Ethernet is invalid. - If Priority group, Weight or Priority map is not set even if Converged Enhanced Ethernet mode is "Enable", Converged Enhanced Ethernet is invalid.

195/328

2.3.11. Port Backup 2.3.11.1. Configuration

Figure 190 Group ID

Set the backup group id. Group Mode

Set the method for selecting the port to use when both ports can be used. Master Make use of the master port in preference.

Earlier Make use of the port which is link up (become usable) first. Standby Mode

Set the standby state of the backup ports. Link Up The backup port will standby in link up state.

Link Down The backup port will be link down to standby. Change Notify Use this field to configure change notify.

2.3.11.2. Status

Figure 191 It displays the information of the ports

196/328

2.3.12. IEEE802.1Q Tunneling 2.3.12.1. IEEE802.1Q Tunneling Configuration

Figure 192

Select whether to use IEEE802.1Q Tunneling. If "Enable" is selected, the IEEE802.1Q Tunneling will be done. If "Disable" is selected,the IEEE802.1Q Tunneling will not be done.

Caution: - Even if "Enable" is selected here, IEEE802.1Q Tunneling will be disabled if IEEE802.1Q Tunneling Mode is set as "Disable" in IEEE802.1Q Tunneling Mode of [Switching]-[Port]-[Config].

197/328

2.3.13. MAC Filter 2.3.13.1. Config


Set the MAC Filtering. The filtering operation specified in "Action" will be done to the packets corresponding to the MAC address, VLAN ID, IP, ICMP, TCP or UDP definition of the specified Access Control List.



Set the IPv6 Filtering.

198/328

The filtering operation specified in "Action" will be done to the packets corresponding to the MAC address, VLAN ID, IPv6, ICMP, TCP or UDP definition of the specified Access Control List.

199/328




Caution: - Even if "Use" is selected here, IEEE802.1X authentication will be disabled if IEEE802.1X Authentication is set as "Disuse" in IEEE802.1X of [Security]-[Port Access Control]-[Port Config].


Select the system default authentication unit as the authentication method. Caution:

- When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. - When the port in which WEB Authentication or MAC Address Authentication is also enabled exists, please set the same Authentication Method for all the authentication function.

EAPOL Transfer Mode



Don't Transmit

200/328

EAPOL frames are not transmitted. Caution:


2.4.1.2. Config – Web Authentication


Select whether to use Web authentication for the device. If "Use" is selected, the authentication will be done for the terminals where Web browser is used and only the communication of the successfully authenticated terminal is allowed. If "Disuse" is selected, Web authentication will not be done.

Caution: - Even if "Use" is selected here, WEB authentication will be disabled in the port where Web Authentication is set as "Disuse" in Web Authentication of [Security]-[Port Access Control]-[Port Config].

Authentication Protocol

Select authentication protocol of Web authentication.

201/328




Caution: - Even if "Use" is selected here, MAC address authentication will be disabled if MAC Address Authentication is set as "Disuse" in MAC Address Authentication of [Security]-[Port Access Control]-[Port Config].

Password




202/328




Authentication Method Select the system default authentication unit as the authentication method. When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which WEB Authentication or MAC Address Authentication is also enabled exists, please set the same authentication method for all the authentication function.


Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of IEEE802.1X authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.


203/328



Transmit Period Set the sending interval of user ID request within the range of 1 ~ 600 seconds.

Supplicant Timeout Set the waiting time for EAP response from terminal(Supplicant) within the range of 1 ~ 600 seconds.


Reauthentication Period Specify the re-authentication interval for terminal(Supplicant) within the range of 15 seconds ~ 18000 seconds. If 0 is specified, the re-authentication will not be done.

2.4.1.5. Port Config – Web Authentication

Figure 199 Web Authentication

Select whether to use Web authentication. If "Use" is selected, WEB authentication of the terminal using WEB browser will be done, only the terminal whose authentication result is success is permitted to do communication. For the port where "Disuse" is selected, WEB authentication will not be done. Even if "Use" is selected here, WEB authentication will be disabled if authentication function is set as "Disuse" for the device.


Select the system default authentication unit as the authentication method.

204/328

When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which IEEE802.1X Authentication or MAC Address Authentication is also enabled exists, please set the same authentication method for all the authentication function.

AAA Group Specify AAA group ID within the range of 0 ~ 9 in decimal number used as reference when doing WEB authentication.

Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of WEB authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.


Web Authentication Auto Logout Specify the valid time for Web authentication. If "Absolute" is selected, after authentication is done, the authentication will be released after the specified time (time unit is minute). If "Disable" is selected, Web authentication will not be released. Because it checks for Web authentication auto logout time every 30 seconds, the maximum difference with the real Web authentication auto logout time is 30 seconds. If physical port of this device is connected to switching HUB, etc, and two or more terminals are authenticated at one physical port, please set the Web authentication auto logout time. If "Disable"(not to release WEB authentication) is selected here, unless Link Down occurs at the physical port where authentication has completed for authenticated terminal, it can not access network through this device if the terminal is moved to other physical ports of this device. After authentication is released according to the settings of the Web authentication auto logout time, please connect the terminal to other physical ports of this device. If the terminal is connected to other physical ports of this device before authentication is released, it can not access network through this device until the authentication is released, or it needs to re-acquire the IP address of the connected terminal.

Authenticated Terminal Set the terminal which is permitted to do communication without WEB authentication. If "Disuse" is selected for "Web Authentication" or "Each Port" is selected for "Authentication Method", the settings here are ineffective. 00:00:00:00:00:00, broadcast or multicast can not be specified in MAC Address. If the VLAN specified by VLAN ID is unregistered, the settings are ineffective. The same address can not be registered to two or more ports. It is possible that the specified Authenticated Terminal can not do communication normally when it is connected to other ports.

205/328

2.4.1.6. Port Config – MAC Address Authentication



Authentication Method Select the system default authentication unit as the authentication method. When "Each Port" is selected as the authentication method, if one terminal (Supplicant) connected to that port has been successfully authenticated, all the access from other terminals connected to the same port will be passed. When the port in which IEEE802.1X Authentication or WEB Authentication is also enabled exists, please set the same authentication method for all the authentication function.


Default VLAN ID Specify default VLAN ID allocated to supplicant when the result of MAC address authentication is success. If VLAN ID allocated to terminal (Supplicant) is notified from AAA/RADIUS server, the VLAN ID notified from AAA/RADIUS server will be allocated instead of the VLAN ID defined here. Please make sure that the interface with the same VLAN ID set here needs to be set to other ports. If the interface with the same VLAN ID does not exist, authentication fails regardless of the authentication result.


206/328


Authenticated Terminal Set the terminal which is permitted to do communication without MAC address authentication. If "Disuse" is selected for "MAC Address Authentication" or "Each Port" is selected for "Authentication Method", the settings here are ineffective. 00:00:00:00:00:00, broadcast or multicast can not be specified in MAC Address. If the VLAN specified by VLAN ID is unregistered, the settings are ineffective. The same address can not be registered to two or more ports. It is possible that the specified Authenticated Terminal can not do communication normally when it is connected to other ports.


Figure 201


Port Port Number

User User Name






207/328






VLAN VLAN ID


Since Time when authentication succeeded(Not update when re-authentication) 2.4.1.8. Port Status – Web Authentication

Figure 202

It displays Web authentication state. PORT Physical port number

USER User Name

MAC Authentication terminal number and MAC address

STATUS Web authentication status


response Wait for authentication result after input ID and password

idle Wait for ID and password of Web authentication

success Web authentication succeed and VLAN ID has been allocated

VLAN VLAN ID

TYPE Authentication method

208/328




- VLAN has not been set

DATE Time when authentication succeeded 2.4.1.9. Port Status – MAC Address Authentication

Figure 203













VLAN VLAN ID


209/328

2.4.1.10. Port Summary – Authentication Information It displays successfully authenticated terminal information of each authentication function(IEEE802.1X authentication , WEB authentication , MAC address authentication).

Port Port Number

Mode Authentication Method(at first line of each port)






webauth Web authentication



210/328


It displays statistics information of IEEE802.1X authentication. 2.4.1.12. Statistics – Web Authentication

It displays statistics information of WEB authentication. 2.4.1.13. Statistics – MAC Address Authentication




Specify whether to use RADIUS authentication function. Authentication Source IP Address Set self IP address used to communicate with the RADIUS authentication server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set whether to do authentication by Message-Authenticator.

211/328

When doing IEEE802.1X authentication, it will do authentication by Message-Authenticator regardless of this setting. It can only be used for authentication request message in this device.

Accounting Mode Set whether to use RADIUS accounting function.

Accounting Source IP Address Set self IP address used to communicate with the RADIUS accounting server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254








212/328




IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254






- The specified Dead Time period passed

213/328

- After all the possible server enters "dead" status, the packets are sent to the RADIUS server in "dead" status, and response is received - Recover manually





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key(RADIUS secret) between this device and RADIUS accounting server. Priority Specify the priority used to decide which RADIUS server to use for authentication when there are several RADIUS servers in the same group. In the same group, the highest priority RADIUS server which is not in "dead" status will be used. If there is more than one RADIUS server with the highest priority, the RADIUS server to be used will be randomly decided.

Dead Time Specify the recover time it waits to recover to "alive" status automatically after RADIUS server enters "dead" status. If the response from RADIUS server is not received, that RADIUS server will be set as "dead" status and set as the lowest priority. The RADIUS server in "dead" status can not be used as

214/328

long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.










Pri Priority

State Server status

alive usable

dead no response



215/328

2.4.3. TACACS+ 2.4.3.1. Config








216/328




IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key between this device and TACACS+ authentication server. It is considered that the share key is not set when omitted. Moreover, when it is not set, the communication between TACACS+ servers is not encrypted.


Dead Time Specify the recover time it waits to recover to "alive" status automatically after TACACS+ server enters "dead" status. If the response from TACACS+ server is not received, that TACACS+ server will be set as "dead" status and set as the lowest priority. The TACACS+ server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it

217/328

enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 2.4.3.3. Authorization Server Config



IPv4: 1.0.0.1 ~ 126.255.255.254

218/328

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254










IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



219/328

2.4.3.4. Summary






Pri Priority

State Server status

alive usable

dead no response



220/328

2.4.4. LDAP 2.4.4.1. Config







221/328






IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254








222/328

Dead Time Specify the recover time it waits to recover to "alive" status automatically after LDAP server enters "dead" status. If the response from LDAP server is not received, that LDAP server will be set as "dead" status and set as the lowest priority. The LDAP server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254




223/328

2.4.4.3. Summary





Pri Priority

State Server status

alive usable

dead no response



224/328

2.4.5. AAA 2.4.5.1. Config





User Password Specify password for authentication by characters of 0x21,0x23 ~ 0x7e within 128 characters. If MAC address authentication is used and password has been set in MAC Address Authentication, please also set the same password here. If password has not been set in MAC Address Authentication, specify it as the MAC address of the terminal which is permitted to access with 12 digits of hexadecimal numbers(using lower case letters while not using ":" ,etc).


VLAN ID Specify VLAN ID allocated to supplicant(user terminal).

225/328

2.4.5.2. Summary


User ID User ID

User Role Authority Class of User

VLAN ID VLAN ID of User 2.4.6. Access Control List 2.4.6.1. IP Config

Figure 213 ACL ID

Specify ACL definition number with decimal number of less than 700. Source IP Address

Specify source IP address and mask bits to be the object of ACL. - IP address/mask bits(or mask value) Specify the combination of source IP address and mask bits to be the object of ACL. Please set the mask value with consecutive 1 from the highest bit. - any All the source IP address become the object of ACL.

Destination IP Address Specify destination IP address and mask bits to be the object of ACL.

- IP address/mask bits(or mask value) Specify the combination of destination IP address and mask bits to be the object of ACL. Please set the mask value with consecutive 1 from the highest bit. - any All the destination IP address become the object of ACL.


226/328


Type Of Service Specify the judging method of QoS to be the object of ACL.

- ToS Specify it when judge ACL object by ToS value. Specify ToS value within 0 ~ ff in hexadecimal number to be the object of ACL. - DSCP Specify it when judge ACL object by DSCP value. Specify DSCP value within 0 ~ 63 in decimal number to be the object of ACL. - Any All the ToS values and DSCP values become the object of ACL.

227/328


Figure 214 ACL ID

Specify ACL definition number with decimal number of less than 700. Source IPv6 Address

Specify source IPv6 address and prefix length to be the object of ACL. - IPv6 address/prefix length Specify the combination of source IPv6 address and prefix length to be the object of ACL. - any All the source IPv6 address become the object of ACL.

Destination IPv6 Address Specify destination IPv6 address and prefix length to be the object of ACL.

- IPv6 address/prefix length Specify the combination of destination IPv6 address and prefix length to be the object of ACL. - any All the destination IPv6 address become the object of ACL.



Traffic Class Specify the judging method of QoS to be the object of ACL.

- TC Specify it when judge ACL object by Traffic Class value. Specify TC value within 0 ~ ff in hexadecimal number to be the object of ACL.

228/328

- DSCP Specify it when judge ACL object by DSCP value. Specify DSCP value within 0 ~ 63 in decimal number to be the object of ACL. - Any All the TC values and DSCP values become the object of ACL.

2.4.6.3. TCP Config

Figure 215 ACL ID




- decimal number within 1 ~ 65535 (Example: 65535 = 65535 port) - port number,port number, ... (Example: 10,20,30 = port of 10 and 20 and 30)

- any All the source port number become the object of ACL.



229/328

2.4.6.4. UDP Config

Figure 216 ACL ID




- decimal number within 1 ~ 65535 (Example: 65535 = 65535 port) port number,port number, ... (Example: 10,20,30 = port of 10 and 20 and 30) - any All the source port number become the object of ACL.



230/328

2.4.6.5. ICMP Config

Figure 217 ACL ID


Specify IP protocol to be the object of ACL. ICMP Type

Specify ICMP TYPE to be the object of ACL. - ICMP TYPE Specify ICMP TYPE within 0 ~ 255 in decimal number to be the object of ACL. If you want to specify two or more ICMP TYPE, delimit them by ","(comma). By using ","(comma), the total number of ICMP TYPE can be set up to 10. The valid formats are as follows.

- decimal number within 0 ~ 255 (Example: 8 = ICMP TYPE 8) - ICMP TYPE,ICMP TYPE, ... (Example: 0,8,30 = ICMP TYPE of 0 and 8 and 30)

- any All the ICMP TYPE become the object of ACL.

ICMP CODE Specify ICMP CODE to be the object of ACL.

- ICMP CODE Specify ICMP CODE within 0 ~ 255 in decimal number to be the object of ACL. If you want to specify two or more ICMP CODE, delimit them by ","(comma). By using ","(comma), the total number of ICMP CODE can be set up to 10. The valid formats are as follows.

- decimal number within 0 ~ 255 (Example: 8 = ICMP CODE 8) - ICMP CODE,ICMP CODE, ... (Example: 0,8,30 = ICMP CODE of 0 and 8 and 30)

- any All the ICMP CODE become the object of ACL.

231/328

2.4.6.6. MAC Config

Figure 218 ACL ID

Specify ACL definition number with decimal number of less than 700. Source MAC Address

Specify source MAC address to be the object of ACL. - Unicast Specify the source MAC address to be the object. Specify it with the format of xx:xx:xx:xx:xx:xx(xx is hexadecimal of 2 digits) or "any". - Broadcast Select it when broadcast MAC address is the object. - Multicast Select it when multicast MAC address is the object.

Destination MAC Address Specify destination MAC address to be the object of ACL.

- Unicast Specify the destination MAC address to be the object. Specify it with the format of xx:xx:xx:xx:xx:xx(xx is hexadecimal of 2 digits) or "any". - Broadcast Select it when broadcast MAC address is the object. - Multicast Select it when multicast MAC address is the object.

Format Specify the frame format to be the object of ACL.

- Ether Specify it when the frame in Ethernet format is the object. Specify it within 5dd ~ ffff in hexadecimal number or "any". If it is specified as "any", or it is omitted, all the frame in Ethernet format become the object. - LLC Specify it when the frame in LLC format is the object.

232/328

Specify it within 0 ~ ffff in hexadecimal number or "any". If it is specified as "any", or it is omitted, all the frame in LLC format become the object. - Any All the frame become the object.

2.4.6.7. VLAN Config

Figure 219 ACL ID

Specify ACL definition number with decimal number of less than 700. VLAN ID

Specify VID as the object. The range of VID for ACL object is 1 ~ 4094 or "any". COS

Specify COS to be the object of ACL. - Any All the COS become the object. - Others Specify COS to be the object. The range of COS for ACL object is 0 ~ 7.

233/328

2.4.7. IP Filter 2.4.7.1. Config


Set IP Filter for the LAN interface. IP Filter is used to pass or reject the packets which match the address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE in ACL. It will be checked whether it is matched in the priority order set before, when it is matched the filtering operation will be done, and the following conditions will not be referred to. If none of the conditions is matched, the packets will be passed.


Figure 221

234/328

IPv6 Filter Address Set IPv6 Filter for the LAN interface. IP Filter is used to pass or reject the packets which match the IPv6 address, protocol, Traffic Class, DSCP value, port number, ICMP TYPE or ICMP CODE in ACL. It will be checked whether it is matched in the priority order set before, when it is matched the filtering operation will be done, and the following conditions will not be referred to. If none of the conditions is matched, the packets will be passed.

2.4.8. VLAN Filter 2.4.8.1. Config


Set the MAC filtering for each VLAN. The filtering operation specified in "Action" will be done to the input packets corresponding to the MAC address, VLAN ID, IP address, ICMP, TCP or UDP definition in the Access Control List specified by ACL.

235/328



Set the IPv6 filtering for each VLAN. The filtering operation specified in "Action" will be done to the input packets corresponding to the VLAN ID, IPv6 address, ICMP, TCP or UDP definition in the Access Control List specified by ACL.

2.4.9. Application Filter 2.4.9.1. FTP config

Figure 224 FTP IPv4 Server

236/328

Set whether to enable IPv4 of FTP server function. FTP IPv6 Server

Set whether to enable IPv6 of FTP server function. Filter Address

Set application filter for FTP server function. The following definitions of ACL are used in application filter.


2.4.9.2. SFTP config



Set whether to enable IPv6 of SFTP server function. Filter Address

Set application filter for SFTP server function. The following definitions of ACL are used in application filter.

- ip Only use the source IP address and mask bits. If IP value is not set, the definition of filter is invalid and it will be ignored. - ip6 Only use the source IPv6 address and prefix length. If IPv6 value is not set, the definition of filter for IPv6 is invalid and it will be ignored.


237/328

2.4.9.3. TELNET config



Set whether to enable IPv6 of TELNET server function. Filter Address

Set application filter for TELNET server function. The following definitions of ACL are used in application filter.


238/328

2.4.9.4. SSH config



Set whether to enable IPv6 of SSH server function. Filter Address

Set application filter for SSH server function. The following definitions of ACL are used in application filter.



239/328

2.4.9.5. HTTP config



Set whether to enable IPv6 of HTTP server function. Filter Address

Set application filter for HTTP server function. The following definitions of ACL are used in application filter.


240/328




Set whether to enable IPv6 of HTTPS server function. Filter Address

Set application filter for HTTPS server function. The following definitions of ACL are used in application filter.


241/328

2.4.9.7. SNTP config



Set whether to enable IPv6 of SNTP server function. Filter Address

Set application filter for SNTP server function. The following definitions of ACL are used in application filter.


242/328






Set whether to enable IPv6 of TIME server function by TCP. Filter Address

Set application filter for TIME server function. The following definitions of ACL are used in application filter.


244/328


Figure 233





245/328

2.5.1.4. Diffserve/COS Config


Set the packet pattern for QoS within the range of 0 to 63. The smaller number has higher priority. When some packet patterns are omitted or deleted, the packet patterns which have not been set will be omitted and only the ones with value will be set.



Action DSCP




Value Rewrite Value




246/328


2.5.2. VLAN Configuration 2.5.2.1. Diffserve/COS Config


Set the packet pattern for QoS within the range of 0 to 63. The smaller number has higher priority.



Action DSCP




Value Rewrite Value


247/328




2.5.3. DSCP Rewriting 2.5.3.1. Config

Figure 237 DSCP Rewriting Address

Set DSCP rewriting values for LAN interface. The specified DSCP values between 0 ~ 63 will be rewrote to the packets corresponding to the address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE specified in ACL.

248/328


Figure 238 IPv6 DSCP Rewriting Address

Set DSCP rewriting values for LAN interface. The specified DSCP values between 0 ~ 63 will be rewrote to the packets corresponding to the IPv6 address, protocol, TOS value, DSCP value, port number, ICMP TYPE or ICMP CODE specified in ACL.

3. IBP mode Web Interface 3.1. Overview PRIMERGY 10 Gigabit Ethernet Connection Blade 18/8 provides a built-in browser software interface that lets you configure and manage it remotely using a standard Web browser. This software interface also allows for system monitoring and management of this connection blade. When you configure this for the first time from the console, you have to assign an IP address and subnet mask to this connection blade. Thereafter, you can access this Web software interface directly using your Web browser by entering its IP address into the address bar. In this way, you can use your Web browser to manage this connection blade form any remote PC station, just as if you ware directly connected to its console port.

Figure 239

250/328

3.1.1. Menu Options There are following Menu options in Web Interface In IBP: Management, Group Administration, Security, and QoS. 1. Management Menu: This section provides information for configuring SNMP and trap manager, Ping, DHCP client, SNTP, system parameters including Hostname, in-band/out-of-band network management setting, Log setting, User management, configure file backup and so on.

Figure 240 2. Group Administration Menu: This section provides the users to configure Uplink Set, Port Group, VLAN Port Group, Service LAN, Service VLAN, Port, Link Aggregation, and Port Backup

Figure 241

251/328

3. Security Menu: This section provides users to configure IBP security including IEEE802.1x, Radius, TACACS, LDAP, Access Control Lists, IP filter, VLAN filter etc.

Figure 242 4. QoS Menu: This section provides users to configure port QoS setting like queue configuration.

Figure 243

3.2. Management Menu 3.2.1. Information 3.2.1.1. Inventory info











It displays the module status. 3.2.1.2. ARP Cache

253/328

Figure 245

It displays the entry of ARP table. 3.2.1.3. NDP Cache

Figure 246

It displays the entries of NDP table. 3.2.2. Configuration 3.2.2.1. System Description

254/328











IPv4 address: 1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 IPv6 address:

255/328















256/328










257/328






3.2.3. System Utilities 3.2.3.1. Save All Changes

Saving all applied changes will cause all changes to configuration panels that were applied but not saved, to be saved, thus retaining their new values across a system reboot.

258/328

3.2.3.2. System Reset

Resetting the switch will cause all operations of this switch to stop. This session will be broken and you will have to login again after the switch has rebooted. Any unsaved changes will be lost.

3.2.3.3. Set Config to Default

Initialize the configuration and reboot the switch. 3.2.3.4. Set Passwords to Default

Set the password of admin and user to default. 3.2.3.5. Ping



It displays summary of dynamic DNS action. 3.2.4. File Management 3.2.4.1. Download to IBP

259/328









sshkey SSH Key Information 3.2.4.2. Upload from IBP


260/328









ibp_firmware IBP Firmware 3.2.4.3. Start-Up File





ehm_firm EHM Firm





261/328

Caution:


3.2.4.4. Copy File

Figure 256 File Name



config2 Config Definition 2 3.2.4.5. Clear SSH Key

Delete SSH user public key. 3.2.5. User Management 3.2.5.1. User Accounts

262/328

Figure 257 Please set the password used for operating the device. The admin password is the password used when the user name is "admin", and the user password is the password used when the user name is "user". The authority class is decided by login user, and the web pages which can be executed are different according to the authority class. It becomes the administrator class when login with "admin" and it becomes the general user class when login with "user". When login by console, TELNET or SSH, the admin password and the user password are used. When login by FTP or SFTP, the admin password is used. After input password it can be operated for 10 minutes. After that it needs to input password again to operate. Admin Password



Caution:





263/328









Figure 259 Server Address

Set IP address of the server where the system log information(message) will be sent. Priority

264/328

Specify the priority level from the follows for the system log information to be output. error Check it when priority LOG_ERROR is included in the ouput object. warn Check it when priority LOG_WARNING is included in the ouput object. notice Check it when priority LOG_NOTICE is included in the ouput object. info Check it when priority LOG_INFO is included in the ouput object.




3.2.6.2. View – System Log

Figure 260

It displays the system log information. 3.2.6.3. View – Error Log

265/328

Figure 261

It displays the hard error diagnosed in ROM or I/O driver and the error log information of system down.

3.2.7. Statistics 3.2.7.1. Port Summary







The number of received unicast frames per second(frames/sec)

266/328

Multicast/Broadcast The number of multicast/broadcast frames received frames/sec The number of received multicast/broadcast frames per second(frames/sec) Discards DiscardsPkts The total number of discarded frames after received Errors Oversize

The number of oversize frames received(more than 1519 bytes without TAG, more than 1523 bytes with TAG)

FCSErrors The number of frames where FCS errors are detected with the data size of 64~1518 bytes

AlignmentErrors The number of received frames where Alignment errors are detected







The number of sent unicast frames per second(frames/sec) Multicast/Broadcast

The number of multicast/broadcast frames sent frames/sec


The total number of discarded frames after sent Errors CarrierSenseErrors

The total number of error frames due to undetected carrier ExcessiveCollisions

The total number of error frames that failed to send due to a lot of collision LateCollisions

The total number of late collisions SingleCollisionFrames

The total number of frames succeeded to send after one collision occurred.

267/328

MultipleCollisionFrames The total number of frames succeeded to send after several collisions occurred.

DeferredTransmissions The total number of frames delayed to send due to busy of transmission path.

3.2.7.2. Port Detailed














268/328






















The number of sent bits per second(bits/sec)

269/328

Frames The total number of frames sent

frames/sec The number of sent frames per second(frames/sec)

Unicast The number of unicast frames sent

frames/sec The number of sent unicast frames per second(frames/sec)

Multicast The number of multicast frames sent

frames/sec The number of sent multicast frames per second(frames/sec)

Broadcast The number of broadcast frames sent

frames/sec The number of sent broadcast frames per second(frames/sec)

Pause frames The number of PAUSE frames sent

Mac Control frames The number of MAC control frames sent

Priority pause 0 frames The number of sent pause frames for priority 0








Discards DiscardsPkts


The number of discarded frames due to exceeded delay Errors Undersize


The number of frames where FCS errors are detected with the data size of 64~1518 bytes

270/328

FragmentErrors The number of frames with short size(under 64 bytes) where FCS errors or alignment errors are detected

[Detail Statistics] The number of frames per second accumulated by different frame size. 3.2.7.3. IP

Figure 264

It displays the statistics of IPv4 packets. 3.2.7.4. LACP

It displays the statistics of LACP packets. The items won't be displayed if the Count is 0. 3.2.7.5. Net Time

It displays the statistics of SNTP/TIME client. 3.2.7.6. SNMP

It displays the statistics of SNMP.

271/328









272/328

3.2.8.2. Trap Flags












273/328


Figure 267 Alarm ID










274/328






Figure 268 Event ID



Description Set the description of the RMON event group. Specify the explanation of the event (the note related to the content of the event) by the character string of 0x21, 0x23 ~ 0x7e.

275/328

The range that can be specified is as follows. 1~ 127 (characters)

Community Specify the community name which will be set to the trap packets when the trap is sent. This setting is effective when the notification method specified in "Type" of [Event Config] is "Trap" or "Log-Trap". And the trap will be sent in the following case.






0.0.0.0 (from DHCP server) 1.0.0.1 ~ 126.255.255.254 128.0.0.1 ~ 191.255.255.254 192.0.0.1 ~ 223.255.255.254 224.0.0.1 ~ 239.255.255.254 (Multicast) 255.255.255.255 (Broadcast)

276/328






Figure 270 Protocol





It displays the maximum number of time server.

277/328

3.2.10.3. Current Time








278/328



Figure 273 Transmit Interval

Specify a fixed time interval to transmit LLDP information by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 32768 seconds. This setting is corresponding to the variable "msgTxInterval" of 802.1AB.




SNMP Notification Interval

279/328

Specify the minimum time interval of the transmission of SNMP Notification Trap by decimal number and time unit. The time unit can be specified as any of the (hour), (minute) or (second). The range that can be specified is 5 seconds ~ 3600 seconds. This setting is corresponding to the variable "NotificationInterval" of 802.1AB.


Figure 274 Slot/Port













Specify whether to transmit IEEE802.3 Power Via MDI TLV.

280/328

Link Aggregation Specify whether to transmit IEEE802.3 Link Aggregation TLV.

Maximum Frame Size Specify whether to transmit IEEE802.3 Maximum Frame Size TLV.




About VLAN

P Port VLAN ID



About Configration

M MAC/PHY Configuration/Status P Power Via MDI

281/328

L Link Aggregation F Maximum Frame Size - No Transmit (disable) Blank No Transmit (receive only)

About SNMP


3.2.11.4. Information – Statistics It displays the LLDP statistics information. 3.2.11.5. Information – Local Info


282/328






283/328

3.2.13. IPv6 3.2.13.1. Statistics


3.3. Group Administration Menu 3.3.1. Group List

This page displays the summary of all currently configured group of port. 3.3.1.1. Group List

Figure 279 Non-Configurable Data

Slot/Port - Identifies the port.

Uplink Sets - The group name of Uplink Sets.

Port Groups - The group name of Port Groups.

VLAN Port Groups - The group name of VLAN Port Groups.

Service LAN - The group name of Service LAN.

Service VLAN - The group name of Service VLAN.

Command Buttons

Refresh Re-fetch the configuration value again.

285/328

3.3.2. Uplink Sets 3.3.2.1. Config

Figure 280

An "Uplink Set" is defined as a set of 1 to n external (uplink) ports, which is be used in port group definitions to connect a group of server blades to the customer's LAN. The purpose of the uplink set configuration is to create groups, and to add or modify the existing external ports to groups. Link state, port backup, and IGMP snooping of the uplink set groups can be configured in this page.

Selection Criteria

Uplink Set Name - Use this pull-down menu to select one of the existing uplink set.

Configurable Data Uplink Set Name

- Input the uplink set name to create a new group. Link State

- Use this field to configure link state. Port Backup

- Use this field to configure port backup. Failback Time

- Input the failback-time to configure port backup. Change Notify

- Use this field to configure change notify. IGMP Snooping

- Use this field to configure IGMP snooping. MLD Snooping

- Use this field to configure MLD snooping. LACP

- Use this field to configure LACP. Converged Enhanced Ethernet

- Use this field to configure Converged Enhanced Ethernet. Priority group

286/328

- Set the Priority group number. Weight

- Set the Weight within the range of 1~100. Priority-based Flow Control

- Select whether to use Priority-based Flow Control. Priority map

- Set Priority group to each priority. FCoE Priority

- Set the priority of FCoE. FCoE

- Select whether to use FCoE. iSCSI Priority - Set the priority of iSCSI.

iSCSI - Select whether to use iSCSI.

If total weight exceeds 100, Converged Enhanced Ethernet is invalid. If more than 1 Priority-based Flow Control exist, port is disabled. If Converged Enhanced Ethernet mode is "Disable" even if Priority group and Priority map are set, Converged Enhanced Ethernet is invalid. If Priority group, Weight or Priority map is not set even if Converged Enhanced Ethernet mode is "Enable", Converged Enhanced Ethernet is invalid. Participation

- Use this field to specify whether an interface will participate in this uplink set. The factory default is 'Exclude'. The possible values are: Include

- This interface is the member of the uplink set. Exclude

- This interface is not the member of the uplink set. Non-Configurable Data

Slot/Port - The interface.

Type - The interface type. Type should be External.

Status - The interface is belong to this uplink set or not.

Command Buttons

Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save.

Delete - Delete the Uplink Set. You are not allowed to delete the "default" uplink set.

Cancel - Revert to the previous settings.

287/328

3.3.2.2. Status

Figure 281

This page displays the status of all currently configured Uplink Set. Non-Configurable Data

Uplink Set Name - The name of the uplink set.

External Active Ports - List the external active port members.

External Backup Ports - List the external backup port members.

Link State - The status of link state.

Port Backup - The status of backup.

Failback Time - The wait time of failback.

Change Notify - The status of change notify.

IGMP Snooping - The status of IGMP Snooping.

MLD Snooping - The status of MLD Snooping.

LACP - The status of LACP.

288/328

3.3.3. Port Groups 3.3.3.1. Config

Figure 282

The purpose of the port group configuration is to create port groups, and to modify the existing port groups. Only the internal ports could be defined to be the member of the port groups. The external connection is defined by specifying an Uplink Set.

Selection Criteria Port Group Name

- Use this pull-down menu to select one of the existing groups. Configurable Data

Port Group Name - Input the group name to create a new port group.

Uplink Set Name - Use this pull-down menu to specify the external connection.

Isolate - Use this field to isolate downlinks of the port group.

Participation - Use this field to specify whether an interface will participate in this port group. The factory default is 'Exclude'. The possible values are: Include

- This interface is the member of the port group. Exclude

- This interface is not the member of the port group. Non-Configurable Data


Type - The interface type. Type should be Internal.

Status - The interface is belong to this port group or not.

Command Buttons Apply

289/328

- Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save.

Delete - Delete the port group. You are not allowed to delete the "default" port group.


3.3.3.2. Status

Figure 283

This page displays the status of all currently configured port group. Non-Configurable Data

Port Group Name - The group name of the port group.

Internal Ports - List the internal port members.

Uplink Set Name - The name of the uplink set.

External Ports - List the external ports of the port group.

Isolate - The isolate status of the port group.

290/328

3.3.4. VLAN Port Groups 3.3.4.1. Config

Figure 284 Selection Criteria

VLAN Port Group Name - You can use this screen to configure an existing VLAN Port Group, or to create a new one. Use this pulldown menu to select one of the existing VLAN Port Groups, or select 'Create' to add a new one.

Configurable Data VLAN Port Group Name

- Specify the name for the new VLAN Port Group. VLAN ID

- Specify the VLAN Identifier for the VLAN Port Group. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.

Uplink Set Name - Specify the uplink set for the external connection.

Native VLAN - Change the behavior of the external interfaces: to process/forward untagged packets only. Enable

- The external interfaces of this group will only process/forward the untagged packets. Disable

- The external interfaces of this group will process/forward both tagged and untagged packets.

Isolate - Use this field to isolate downlinks of the VLAN Port Group.

Participation - Use this field to specify whether an interface will participate in this VLAN Port Group. The factory default is 'Exclude'. The possible values are: Include

- This interface is the member of the VLAN Port Group. Exclude

- This interface is not the member of the VLAN Port Group.

291/328

Tagged Option - The Tagged Option status of the VLAN Port Group. The possible values are: Tagged

- This interface is set in the Tagged Option. Untagged - This interface is not set in the Tagged Option.

Non-Configurable Data Slot/Port

- The interface. Type

- The interface type. Type should be Internal. Status

- Indicates the current value of the participation parameter for the interface. Command Buttons

Apply - Update the IBP with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.

Delete - Delete a VLAN Port Group.


292/328

3.3.4.2. Status

This page displays the status of all currently configured VLAN Port Groups. VLAN Port Group Name

- The name for the VLAN Port Group. VLAN ID

- The VLAN Identifier of the VLAN Port Group. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.

Internal Ports - Internal interface, member of that VLAN Port Group.

Uplink Set Name - Specify the Uplink Set for the external connection.

External Ports - External interface, member of the specified Uplink Set.

Native VLAN - Change the behavior of external interfaces: to process/forward untagged packets only.

Isolate - The isolate status of the VLAN Port Group.

3.3.5. Service LAN 3.3.5.1. Config


Service LAN Name - You can use this screen to configure an existing Service LAN, or to create a new one. Use this pulldown menu to select one of the existing Service LAN, or select 'Create' to add a new one.

Configurable Data Service LAN Name

- Specify the name for the new Service LAN. Service VLAN ID

293/328

- Specify the VLAN Identifier for the Service LAN. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.


Isolate - Use this field to isolate downlinks of the Service LAN.

Participation - Use this field to specify whether an interface will participate in this Service LAN. The factory default is 'Exclude'. The possible values are: Include

- This interface is the member of the Service LAN. Exclude

- This interface is not the member of the Service LAN. Non-Configurable Data



Status - Indicates the current value of the participation parameter for the interface.


- Update the IBP with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.

Delete - Delete a Service LAN.


3.3.5.2. Status

This page displays the status of all currently configured Service LAN. Service LAN Name

- The name for the Service LAN. Service VLAN ID

- The VLAN Identifier of the Service LAN. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.

Internal Ports - Internal interface, member of that Service LAN.



Isolate - The isolate status of the Service LAN.

294/328

3.3.6. Service VLAN 3.3.6.1. Config


Service VLAN Name - You can use this screen to configure an existing Service VLAN, or to create a new one. Use this pulldown menu to select one of the existing Service VLAN, or select 'Create' to add a new one.

Configurable Data Service VLAN Name

- Specify the name for the new Service VLAN. Service VLAN ID

- Specify the VLAN Identifier for the Service VLAN. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.


Isolate - Use this field to isolate downlinks of the Service VLAN.

Participation - Use this field to specify whether an interface will participate in this Service VLAN. The factory default is 'Exclude'. The possible values are: Include

- This interface is the member of the Service VLAN. Exclude

- This interface is not the member of the Service VLAN. Non-Configurable Data



Status - Indicates the current value of the participation parameter for the interface.


295/328

- Update the IBP with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save.

Delete - Delete a Service VLAN.


3.3.6.2. Status

This page displays the status of all currently configured Service VLAN. Service VLAN Name

- The name for the Service VLAN. Service VLAN ID

- The VLAN Identifier of the Service VLAN. The range of the VLAN ID is 1 to 4094 except reserved 1006 to 1024.

Internal Ports - Internal interface, member of that Service VLAN.



Isolate - The isolate status of the Service VLAN.

3.3.7. Port Backup 3.3.7.1. Config

Figure 287

Two link aggregation groups are associated with one port group as the port group is created. Two link aggregation groups are defined as active and backup port internally. One of two link aggregation groups will be activated at a time. For example, as active link aggregation group is link up, the backup aggregation group will be blocked (no traffic could be sent or received). Otherwise, if active aggregation group is link down (all members of the active aggregation group are link down), the backup aggregation group will be activated. As the active aggregation group is link up again, the backup aggregation group will be deactivated.

296/328

Configurable Data Active/Backup

- Select field to set the interface to be in active aggregation group or backup aggregation group.

Non-Configurable Data Slot/Port

- The interface. Uplink Set Name

- The name of uplink set that this interface belongs to. Status

- Active or Backup. Command Buttons

Apply - Update the IBP with the values on this screen. If you want the IBP to retain the new values across a power cycle, you must perform a save.


3.3.7.2. Status

Figure 288

This page displays the status of all currently configured port-backup. Non-Configurable Data

Uplink Set Name - The name of the Uplink Set.

External Active Ports - The configured external active port.

External Backup Ports - The configured external backup port.

Port Backup - Current port backup setting for the Uplink Set. (Enable or Disable)

Failback Time - The time delay for activating the active port if the link of active port is resumed.

Current Activated Port - Current activated port for the Uplink Set.

297/328

Command Buttons Refresh

- Re-fetch the configuration value again. 3.3.8. VLAN 3.3.8.1. Forward Database Config


MAC Address Set the destination MAC address. Specify it in the format of xx:xx:xx:xx:xx:xx(xx is hexadecimal of 2 digits). 00:00:00:00:00:00, broadcast or multicast can not be specified.

Slot/Port Select the corresponding port for the destination MAC address. If the selected port is a Link Aggregation member port, the settings are effective for the Link Aggregation Group. If the selected port is a Backup port, the settings are effective for the working port of the Backup Port Group.



VLAN ID VLAN ID



Slot/Port Corresponding forwarding port

298/328

3.3.9. Port 3.3.9.1. Config

Figure 291 Link Aggregation Group

Specify the group number of Link Aggregation group to be used. LACP Port Priority

Specify the LACP Port Priority. When LACP is not used, this definition means nothing.



Link Down Relay Set the list of the ports which will be relayed to Link Down(port block) when other ports Link Down. When the operation of Link Down Relay is done, it will be output in system log that the relayed port enters block state. In "Recovery Mode", the block release method can be set. It is used for the ports set in the relay port list information of the Link Down Relay function to be released from block state. When "Manual" is set as Recovery Mode, the relayed ports can be released from block state by the block release command or definition change. When "Auto" is set as Recovery Mode, besides block release command or definition change, the relayed ports can also be released from block state by Link Up of the ports set in the Link Down Relay function. In the case of "Auto" , when block release is done by Link Up, it will output to system log. In "Recovery Cause", specify block factor as the block release object of relay port list. When "Link Relay" is set, only the block factor of Link Down Relay function is the release object. When "All" is set, block release will be done for all block factors. In "Recovery Sync", the synchronization operation of the relay port list can be specified. When "Recovery Sync" is set as "Enable", by synchronization operation before the port link up, the relayed ports will stand by in block state by Link Down Relay. When "Recovery Sync" is set as "Disable", the synchronization operation will not be done.

ICMP Watching IP Address

299/328

Please specify the destination IP address to monitor when using monitor function. ICMP ECHO packets will be sent from the ether port to the specified destination IP address, and existence can be confirmed by the response. Please do not set it as the IP address of the device itself. Please also confirm that the specified IP address is in the same subnet, or the monitor function may not operate normally.







- Link down : Block the port - Discard : Discard the data that surpasses threshold

Output Rate Control The output rate is set by the unit of bps. The actual operation for the device is controlled by the value rounded down to the unit of 1/256 of 10Gbps (About 40Mbps).

Mac Detection Select whether to use Mac detection function. If "Enable" is selected, an illegal connection that exceeds the connection is detected.

Max User Set limit the maximum number of connection within the range of 1 - 31 in decimal number. If it is omitted, max user is set to 1.

Port Disable Specify the action when number of connection reaches the limit.

- Don't Link down : Do nothing - Link down : Block the port


MAC Learning Set the mac learning.

Flooding Mode Set the flooding mode.

300/328

Edge Relay Reflective Relay Mode Select the port reflective relay mode.

3.3.9.2. Summary

Figure 292

It displays the port information simply. 3.3.9.3. Mirroring





301/328

3.3.10. Link Aggregation 3.3.10.1. LACP Config




Figure 295 Group Set the Link Aggregation group id.

Algorithm Specify the load-balance algorithm.

Source MAC Address : Divide by source MAC address

302/328

Destination MAC Address : Divide by destination MAC address Both MAC Address : Divide by both source and destination MAC address Source IP Address : Divide by source IP address Destination IP Address : Divide by destination IP address Both IP Address : Divide by XOR of source and destination IP address Received Ethernet Port : Divide by received Ethernet port

Mode


Minimum Link Set the Minimum number of member ports for Link Aggregation communication within the range of 1 ~ 10 in decimal number. If the number of ports united by Link Aggregation is less than the specified Minimum Link, communication can not be done in the Link Aggregation. And when the number of member ports falls below the specified Minimum Link because of trouble, etc, communication can not be done in the Link Aggregation.








Caution:

- Even if "Use" is selected here, IEEE802.1X authentication will be disabled if IEEE802.1X Authentication is set as "Disuse" in IEEE802.1X of [Security]-[Port Access Control]-[Port Config].

EAPOL Transfer Mode



Don't Transmit EAPOL frames are not transmitted.

Caution:


304/328




Caution:

- Even if "Use" is selected here, MAC address authentication will be disabled if MAC Address Authentication is set as "Disuse" in MAC Address Authentication of [Security]-[Port Access Control]-[Port Config].

Password




305/328








Transmit Period Set the sending interval of user ID request within the range of 1 ~ 600 seconds. Supplicant Timeout Set the waiting time for EAP response from terminal(Supplicant) within the range of 1 ~ 600 seconds.


Reauthentication Period Specify the re-authentication interval for terminal(Supplicant) within the range of 15 seconds ~ 18000 seconds.

306/328

If 0 is specified, the re-authentication will not be done. 3.4.1.4. Port Config – MAC Address Authentication






307/328


Figure 300


Port Port Number

User User Name











VLAN VLAN ID


Since Time when authentication succeeded(Not update when re-authentication)

308/328

3.4.1.6. Port Status – MAC Address Authentication

Figure 301













VLAN VLAN ID


309/328

3.4.1.7. Port Summary – Authentication Information

It displays successfully authenticated terminal information of each authentication function(IEEE802.1X authentication , MAC address authentication).

Port Port Number







It displays statistics information of IEEE802.1X authentication. 3.4.1.9. Statistics – MAC Address Authentication




Specify whether to use RADIUS authentication function. Authentication Source IP Address

Set self IP address used to communicate with the RADIUS authentication server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

310/328

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set whether to do authentication by Message-Authenticator. When doing IEEE802.1X authentication, it will do authentication by Message-Authenticator regardless of this setting. It can only be used for authentication request message in this device.

Accounting Mode Set whether to use RADIUS accounting function.

Accounting Source IP Address Set self IP address used to communicate with the RADIUS accounting server. The valid ranges are as follows.

IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254








311/328




IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254







312/328





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key(RADIUS secret) between this device and RADIUS accounting server. Priority



313/328










Pri Priority

State Server status

alive usable

dead no response


When server status is "alive", displays as "-". 3.4.3. TACACS+ 3.4.3.1. Config

Figure 305

314/328

AAA Group ID










IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



Set the share key between this device and TACACS+ authentication server.

315/328

It is considered that the share key is not set when omitted. Moreover, when it is not set, the communication between TACACS+ servers is not encrypted.







IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254



316/328

3.4.3.3. Authorization Server Config



IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254






317/328





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254


fec0:: ~ feff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 3.4.3.4. Summary






Pri Priority

State Server status

alive usable

dead no response



318/328

3.4.4. LDAP 3.4.4.1. Config







319/328






IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254








Dead Time

320/328

Specify the recover time it waits to recover to "alive" status automatically after LDAP server enters "dead" status. If the response from LDAP server is not received, that LDAP server will be set as "dead" status and set as the lowest priority. The LDAP server in "dead" status can not be used as long as the server in "alive" exists. This setting is used to set the waiting time after it enters "dead" status, when the time expires, it can recover to "alive" status with the specified priority. In order to recover from "dead" status to "alive" status, one of the following conditions has to be matched.





IPv4: 1.0.0.1 ~ 126.255.255.254

128.0.0.1 ~ 191.255.255.254

192.0.0.1 ~ 223.255.255.254




321/328

3.4.4.3. Summary





Pri Priority

State Server status

alive usable

dead no response


When server status is "alive", displays as "-". 3.4.5. AAA 3.4.5.1. Config





User Password Specify password for authentication by characters of 0x21,0x23 ~ 0x7e within 128 characters.

322/328

If MAC address authentication is used and password has been set in MAC Address Authentication, please also set the same password here. If password has not been set in MAC Address Authentication, specify it as the MAC address of the terminal which is permitted to access with 12 digits of hexadecimal numbers(using lower case letters while not using ":" ,etc).


3.4.5.2. Summary


User ID User ID

User Role Authority Class of User 3.4.6. Application Filter 3.4.6.1. FTP config

Figure 311 FTP IPv4 Server

Set whether to enable IPv4 of FTP server function. FTP IPv6 Server

Set whether to enable IPv6 of FTP server function. 3.4.6.2. SFTP config

323/328



Set whether to enable IPv6 of SFTP server function. 3.4.6.3. TELNET config



Set whether to enable IPv6 of TELNET server function.

324/328

3.4.6.4. SSH config



Set whether to enable IPv6 of SSH server function. 3.4.6.5. HTTP config



Set whether to enable IPv6 of HTTP server function.

325/328




Set whether to enable IPv6 of HTTPS server function. 3.4.6.7. SNTP config



Set whether to enable IPv6 of SNTP server function.

326/328






Set whether to enable IPv6 of TIME server function by TCP.

327/328







Figure 320

328/328





PRIMERGY BX900/BX400 Blade Server Systems -...

Documents

Transcript of PRIMERGY BX900/BX400 Blade Server Systems -...