3com 3CRUS2475 User-Guide

3Com Unified Gigabit Wireless PoE Switch 24 User Guide
3CRUS2475
www.3Com.com
Part No. 10015245 Rev. AA Published October 2006
3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064
Copyright 2006, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation. 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change. 3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time. If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you. UNITED STATES GOVERNMENT LEGEND If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following: All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide. Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries. 3Com and the 3Com logo are registered trademarks of 3Com Corporation. ntel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd. IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc. All other company and product names may be trademarks of the respective companies with which they are associated. ENVIRONMENTAL STATEMENT It is the policy of 3Com Corporation to be environmentally friendly in all operations. To uphold our policy, we are committed to: Establishing environmental performance standards that comply with national legislation and regulations. Conserving energy, materials and natural resources in all operations. Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products. Ensuring that all products can be recycled, reused and disposed of safely. Ensuring that all products are labelled according to recognized environmental standards. Improving our environmental record on a continual basis. End of Life Statement 3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components. Regulated Materials Statement 3Com products do not contain any hazardous or ozone-depleting material. Environmental Statement about the Documentation The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally friendly, and the inks are vegetable-based with a low heavy-metal content.
ABOUT THIS GUIDE
This guide provides information about the Web user interface for the 3Com Unified Gigabit Wireless PoE Switch 24. The Embedded Web System (EWS) is a network management system. The Embedded Web Interface configures, monitors, and troubleshoots network devices from a remote web browser. The Embedded Web Interface web pages are easy-to-use and easy-to-navigate. In addition, The Embedded Web Interface provides real time graphs and RMON statistics to help system administrators monitor network performance. This preface provides an overview to the Embedded Interface User Guide, and includes the following sections:

User Guide Overview Intended Audience
CHAPTER : ABOUT THIS GUIDE
User Guide Overview
This section provides an overview to the Embedded Web System User Guide. The Embedded Web System User Guide provides the following sections:
Configuring the Wizard Provides information for configuring the Setup wizard which enables system administrator configure basic device settings at the Setup stage or to return and reconfigure the device settings at any stage. Getting Started Provides information for using the Embedded Web Management System, including adding, editing, and deleting device configuration information. Viewing Basic Settings provides information for viewing and configuring essential information required for setting up and maintaining device settings. Section 4, Configuring Device Security Provides information for configuring both system and network security, including traffic control, ACLs, and device access methods. Managing System Information Provides information for configuring general system information including the user-defined
system name, the user-defined system location, and the system contact person.
Configuring Wired Ports Provides information for configuring Port Settings. Aggregating Ports Provides information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG. Configuring VLANs Provides information for configuring VLANs. VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. Defining WLAN Provides information for configuring WLANs. A Wireless Local Area Network (WLAN) is a technology that provides network services using radio waves. Configuring IP Information Provides information for configuring IP addresses, DHCP and ARP. Configuring Mulitcast Forwarding Provides information for configuring Multicast forwarding.
User Guide Overview
Configuring Spanning Tree Provides information for configuring Classic, Rapid, and multiple Spanning Tree. Configuring Quality of Service Provides information for Basic and Advanced Quality of Service, including DSCP and CoS mapping, policies, and configuring Trust mode. Managing System Logs Provides information for viewing system logs, and configuring device log servers. Managing System Files Provides information for defining File maintenance and includes both configuration file management as well as device access. Viewing Statistics Provides information for viewing RMON and interface statistics. WLAN Country Settings Provides the individual WLAN country settings.
CHAPTER : ABOUT THIS GUIDE
Intended Audience
This guide is intended for network administrators familiar with IT concepts and terminology. If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes. Most user guides and release notes are available in Adobe Acrobat Reader Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:
http://www.3com.com/
Conventions
Table 1 lists conventions that are used throughout this guide.

Table 1 Notice Icons
Icon Notice Type Information note Caution Warning Description Information that describes important features or instructions. Information that alerts you to potential loss of data or potential damage to an application, system, or device. Information that alerts you to potential personal injury.
Related Documentation
In addition to this guide, other documentation available for the 3Com Unified Switch 24 include the following:

Quick Start Guide: Provides installation and set-up information. Command Reference Guide: Provides complete details for using the command line interface (CLI).
CONTENTS
ABOUT THIS GUIDE

User Guide Overview 2 Intended Audience 4 Conventions 4 Related Documentation 4
CONFIGURING THE WIZARD

Step 1 Viewing Factory Defaults 13 Step 2 Configuring System Settings 16 Step 3 Configuring IP Settings 17 Step 4 Defining Wireless Settings 18 Step 5 Saving Configured Settings 19
GETTING STARTED
Starting the 3Com Embedded Web Interface 20 Understanding the 3Com Embedded Web Interface Using Screen and Table Options 25 Saving the Configuration 30 Resetting the Device 30 Restoring Factory Defaults 31 Logging Off the Device 32 22
VIEWING BASIC SETTINGS

Device Summary Section 33 Viewing Device Settings 34 Viewing Wired Settings 35 Viewing Wireless Settings 37
CONTENTS
MANAGING DEVICE SECURITY

Configuring Management Security 39 Defining Management Access 39 Configuring Password Management 44 Defining RADIUS Authentication 48 Defining TACACS+ Authentication 50 Configuring Network Security 53 Modifying Port Authentication 56 Advanced Port-based Authentication 58 Viewing Authenticated Hosts 59 Defining Multiple Hosts 59 Defining Multiple Hosts 61 Modifying Multiple Hosts 62 Managing Port Security 64 Enabling Storm Control 68 Configuring EAP Statistics 71 Defining ACLs 73 Configuring ACLs 76 Defining MAC-based ACL Rules 78 Removing MAC-based ACLs 80 Defining IP-based ACLs 82 Defining IP-based ACLs 84 Defining IP-based ACLs 87 Removing IP-based ACLs 90 Binding ACLs 92
MANAGING SYSTEM INFORMATION

Viewing System Description 95 Defining System Settings 97 Configuring Country Codes 98 Configuring System Name 107 Configuring System Time 108 Saving the Device Configuration 113 Resetting the Device 114
CONTENTS
CONFIGURING WIRED PORTS

Viewing Port Settings 116 Defining Port Settings 119 Configuring Address Tables 122 Viewing Static Addresses 122 Defining Static Addresses 123 Removing Static Addresses 125 Viewing Dynamic Addresses 127
AGGREGATING PORTS
Configuring LACP 130 Defining Link Aggregation 132 Configuring Link Aggregation 132 Defining LAG Membership 136
CONFIGURING VLANS
Defining VLAN Properties 140 Defining VLAN Membership 144 Defining VLAN Interface Settings 147 Defining GVRP 151 Defining Voice VLAN 154
DEFINING WLAN
Defining Wireless Access Points 157 Defining Wireless Security 162 Configuring Wireless Access Point Security Defining Wireless Rogue Handling 164 Mitigating Rogue Handling 168 Defining Wireless Radio Settings 169 Configuring Radio 802.11a Settings 174 Defining Radio 802.11a Settings 176 Managing VAPs 177 Viewing WLAN Profiles 179 Defining WLAN Profiles 181
162
CONTENTS
Modifying WLAN Profiles 182 Removing WLAN Profiles 185 Viewing WLAN Stations 186 Removing WLAN Stations 187 Defining WLAN Power Settings 189
CONFIGURING IP INFORMATION
Defining IP Addressing 191 Configuring ARP 193 Defining ARP Interface Settings 195 Configuring Address Tables 198 Defining Static Addresses 200 Viewing Dynamic Addresses 202
10
CONFIGURING MULITCAST FORWARDING

Defining IGMP Snooping 205 Enabling IGMP Snooping 207 Defining Multicast Groups 209 Defining Router Groups 215
11
CONFIGURING SPANNING TREE

Defining Classic Spanning Tree for Ports 219 Configuring Classic Spanning Tree 222 Modifying Spanning Tree Settings 225 Defining Rapid Spanning Tree 227 Modifying Rapid Spanning Tree Settings 229 Defining Multiple Spanning Tree 232 Defining Multiple STP Instance Settings 234 Defining MSTP Port Settings 239
12
CONFIGURING QUALITY OF SERVICE

Quality of Service Overview 243 Defining QoS Basic Mode 243 Configuring Trust Settings 244
CONTENTS
Configure DSCP Rewrite 245 Defining QoS General Mode 247 Defining CoS Services 247 Defining Queues 250 Defining Bandwidth Settings 251 DSCP to Queue 254 Configuring DSCP Queue Mappings Configuring QoS Mapping 256 Defining CoS to Queue 257
255
13
MANAGING SYSTEM LOGS

Viewing Logs 260 Configuring Logging 261
14
MANAGING SYSTEM FILES

Backing Up and Restoring System Files 265 Downloading the Software Image 267 Activating Image Files 269
15
VIEWING STATISTICS
Viewing RMON Statistics 271 Configuring RMON History 274 Modifying RMON History Entries 277 Removing RMON History Entries 279 Viewing RMON History Summeries 281 Configuring RMON Events 283 Configuring RMON Event Control 285 Configuring RMON Events Control 287 Removing RMON Events 289 Viewing RMON Events 291 Defining RMON Alarms 292 Defining RMON Alarm Setups 294 Removing RMON Alarms 298
10
CONTENTS
A B
WLAN COUNTRY SETTINGS DEVICE SPECIFICATIONS AND FEATURES

Related Standards 308 Environmental 308 Physical 309 Electrical 309 Unified Switch 24 Features
310
TROUBLESHOOTING
Problem Management 316 Troubleshooting Solutions 316
GLOSSARY INDEX
CONFIGURING THE WIZARD
This section contains information for configuring the Setup wizard. The 3Com Web-based Interface presents a Setup wizard as part of the Device Summary Section . The Setup wizard enables system administrator configure basic device settings at the Setup stage or to return and reconfigure the device settings at any stage. Each step in the wizard displays a set of parameters that can be manually configured by the system administrator. The wizard includes the following steps:

Step 1 Viewing Factory Defaults Step 2 Configuring System Settings Step 3 Configuring IP Settings Step 4 Defining Wireless Settings Step 5 Saving Configured Settings
Step 1 Viewing Factory Defaults
The Welcome to the Setup Wizard Page is the first step in the wizard and it displays a summary of factory default settings. The table displays three sets of settings: System parameters, IP configuration and Wireless configuration. Each section is displayed as a step within the wizard.
14
SECTION 1: CONFIGURING THE WIZARD
To start the Setup Wizard: 1 Click Device Summary > Wizard. The Welcome to the Setup Wizard Page opens:
Figure 1 Welcome to the Setup Wizard Page
Step 1 - The Setup Wizard Page contains the following sections:
System Parameters Displays parameters for configuring general device information. The System Parameters are manually configured in Appendix 1.
System Name Defines the user-defined device name. The field range is 0-160 characters. System Location Defines the location where the system is currently running. The field range is 0-160 characters. System Contact Defines the name of the contact person. The field range is 0-160 characters.
IP Configuration Displays parameters for assigning IP addresses. Packets are forwarded to the default IP when frames are sent to a remote network. The IP Configuration parameters are manually configured in Step 3. The section includes the following fields:
Method Indicates if the IP address has been configured statically or added dynamically. The possible field values are:
Manual Indicates the IP Interface is configured by the user.
Step 1 Viewing Factory Defaults
15
DHCP Indicates the IP Interface is dynamically created.
IP Address Displays the currently configured IP address. Subnet Mask Displays the currently configured IP address mask. Default Gateway Displays the currently configured default gateway.
Wireless Configuration Provides information for configuring Extended Service Sets (ESS). The Wireless Configuration parameters can be manually configured in Step 4. The section includes the following fields:
SSID Name Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiate between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters. Security Type Indicates the method used to secure WLAN access. The possible field values are:
Open Enables open system authentication without encryption. WEP Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys. WPA-PSK Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems. WPA2-PSK Indicates that WPA2-PSK is the selected WLAN security method. WPA2-PSK improves system security by encrypting signals at a higher bit rates.
VLAN ID Displays the VLAN ID. The field range is 1-4094. . Start configuring the Wizard.
2 Click
The System Setup Page opens:
16
Step 2 Configuring System Settings
The System Setup Page displays basic parameters for configuring general device information.
Figure 2 System Setup Page
The System Setup Page contains the following fields:

Master Radio Enable Enables the Master Radio. Country Code Displays a list of country codes. System Name Defines the user-defined device name. The field range is 0-160 characters. System Location Defines the location where the system is currently running. The field range is 0-160 characters. System Contact Defines the name of the contact person. The field range is 0-160 characters. to move to the next stage.
3 Define the fields. 4 Click The IP Configuration Page opens:
Step 3 Configuring IP Settings
17
Step 3 Configuring IP Settings
Figure 3 IP Configuration Page
The IP Configuration Page contains the following fields:
Configuration Method Indicates if the IP address has been configured statically or added dynamically. The possible field values are:

Manual Indicates that the IP Interface is configured by the user. DHCP Indicates that the IP Interface is dynamically created.
IP Address Displays the currently configured IP address. Subnet Mask Displays the currently configured IP address mask. Default Gateway Displays the currently configured default gateway. to move to the next stage.
5 Define the fields. 6 Click The Wireless Configuration Page opens: Note: The Wireless Configuration Page appears only if the Master Radio Enable checkbox was selected on the System Setup Page.
18
Step 4 Defining Wireless Settings
Figure 4 Wireless Configuration Page
The Wireless Configuration Page contains the following fields:
SSID Name Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiate between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters. Security Type Indicates the method used to secure WLAN access. The possible field values are:

Open Enables open system authentication without encryption. WEP Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys. WPA-PSK Indicates that Wi-If Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity
Step 5 Saving Configured Settings
19
Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems.
WPA2-PSK Indicates that WPA2-PSK is the selected WLAN security method. WPA2-PSK improves system security by encrypting signals at a higher bit rates.
Passphrase/Key Indicates the encryption key type. VLAN ID Specifies the VLAN ID. to move to the final stage.
7 Define the fields. 8 Click
Step 5 Saving Configured Settings
The Manual Configuration Wizard - Completed Page opens:

Figure 5 Manual Configuration Wizard - Completed Page
The Manual Configuration Wizard - Completed Page displays the manually configured settings. The system administrator can choose to go back and edit the parameters or, 9 Click . The manually configured settings are saved, and the device is updated.
GETTING STARTED
This section provides an introduction to the user interface, and includes the following topics:

Starting the 3Com Embedded Web Interface Understanding the 3Com Embedded Web Interface Saving the Configuration Resetting the Device Restoring Factory Defaults Logging Off the Device
Starting the 3Com Embedded Web Interface
Disable the popup blocker before beginning device configuration using the EWS. This section contains information on starting the 3Com Embedded Web interface. To access the 3Com user interface: 1 Open an Internet browser. 2 Ensure that pop-up blockers are disabled. If pop-up blockers are enable, edit, add, and device information messages may not open. 3 Enter the device IP address in the address bar and press Enter. The Enter Network Password Page opens:
Starting the 3Com Embedded Web Interface
21
Figure 6 Enter Network Password Page
4 Enter your user name and password. The device is configured with a user name that is admin and a password that is blank, and can be configured without entering a password. Passwords are case sensitive. To operate the device, disable all pop-ups with a popup blocker. 5 Click . The 3Com Embedded Web Interface Home Page opens:
22
CHAPTER 2: GETTING STARTED
Figure 7 3Com Embedded Web Interface Home Page
Understanding the 3Com Embedded Web Interface
The 3Com Embedded Web Interface Home Page contains the following views:
Tab View Tab Area provides the device summary configuration located at the top of the home page, the tab view contains a Setup Wizard and the Summary, Wired and Wireless configuration views. Tree View Tree View provides easy navigation through the
configurable device features. The main branches expand to display the sub-features.
Port LED Indicators Located under the Wired Tab at the top of the home page, the port LED indicators provide a visual representation of the ports on the front panel.
Understanding the 3Com Embedded Web Interface
23
Figure 8 Embedded Web Interface Components
The following table lists the user interface components with their corresponding numbers:
Table 1: Vi ew 1 Tree View 2 Tab View 3 3Com Web Interface Information Tabs Interface Components Desc ription Tree View provides easy navigation through the configurable device features. The main branches expand to display the sub-features. The Tab Area enables navigation through the different device features. Click the tabs to view all the components under a specific feature. Provide access to online help, and contain information about the EWS.
This section provides the following additional information:
Device Representation Provides an explanation of the user interface buttons, including both management buttons and task icons. Using the 3Com Embedded Web Interface Management Buttons Provides instructions for adding, modifying, and deleting configuration parameters.
Device Representation
The 3Com Embedded Web Interface Home Page contains a graphical panel representation of the device that appears within the Wired Tab.
24
To access the Device Representation: 1 Click Device Summary > Wired.

Figure 9 Device Representation
2 By selecting a specific port with your mouse, you can either choose to configure the port settings or view the port statistics. For detailed information on configuring ports, please refer to Section 6 Configuring Wired Ports. Using the 3Com Embedded Web Interface Management Buttons
Table 2: Butto n
Configuration Management buttons and icons provide an easy method of configuring device information, and include the following:
3Com Web Interface Configuration Buttons Bu tto n Na me Clear Logs Activate Apply Delete D escr ip tio n Clears system logs. Activates creation of configuration entries. Saves configuration changes to the device. Deletes configuration settings.
Table 3: Ta b
3Com Web Interface Information Tabs Ta b Name Help Logout D escr ip tio n Opens the online help. Opens the Logout page.
Using Screen and Table Options
25
3Com contains screens and tables for configuring devices. This section contains the following topics:

Viewing Configuration Information Adding Configuration Information Modifying Configuration Information Removing Configuration Information
26
Viewing Configuration Information To view configuration information: 1 Click Wired Ports > Port Settings > Summary. The Port Settings Summary Page opens:
Figure 10 Port Settings Summary Page
Adding Configuration Information User-defined information can be added to specific 3Com Web Interface pages, by opening a Setup page. To configure Password Management: 1 Click Administration > Authentication > Password Management > Setup. The Password Management Setup Page opens:
27
Figure 11 Password Management Setup Page
2 Define the fields. 3 Click updated. . The configuration information is saved, and the device is
28
Modifying Configuration Information 1 Click Wired Ports > LACP > Modify. A modification page, such as the LACP Modify Page opens:
Figure 12 LACP Modify Page
2 Modify the fields. 3 Click device. . The fields are modified, and the information is saved to the
29
Removing Configuration Information 1 Click Administration > Management Access > Remove. The Management Access [Remove] Page opens:
Figure 13 Management Access [Remove] Page
2 Select the management method to be deleted. 3 Click updated. . The Management Method is deleted, and the device is
30
Saving the Configuration
The Save Configuration tab allows the latest configuration to be saved to the flash memory. To save the device configuration: 1 Click Save Configuration. The Save Configuration Page opens:
Figure 14 Save Configuration Page
A message appears: The operation will save your configuration. Do you wish to continue? 2 Click . A Configuration is saved to flash memory successful message appears. 3 Click . The configuration is saved.
Resetting the Device
The Reset page enables resetting the device from a remote location. To prevent the current configuration from being lost, save all changes from the running configuration file to the startup configuration file before resetting the device.
Restoring Factory Defaults
31
To reset the device: 1 Click Administration > Reset. The Reset page opens:
Figure 15 Reset Page
2 Click
. A confirmation message is displayed.
3 Click . The device is reset, and a prompt for a user name and password is displayed. 4 Enter a user name and password to reconnect to the web interface.
Restoring Factory Defaults
The Restore option appears on the Reset page. The Restore option restores device factory defaults.
32
To Restore the device: 1 Click Administration > Reset. The Reset Page opens:
Figure 16 Reset Page
2 Click
. The system is restored to factory defaults.
Logging Off the Device
To log off the device: 1 Click . The Logout Page opens.
2 The following message appears:
3 Click closes.
. The 3Com Embedded Web Interface Home Page
VIEWING BASIC SETTINGS
This section contains information for viewing basic settings. The 3Com Embedded Web Interface Home Page presents a device summary section that provides the system administrator with the option to view and configure essential information required for setting up and maintaining device settings. The various views display the settings configured in the Wizard and other basic maintenance views. For further information regarding the Wizard refer to Section 3, Configuring the Wizard.
Device Summary Section
The Device Summary Section contains the following views:

Viewing Device Settings Viewing Wired Settings Viewing Wireless Settings
34
CHAPTER 3: VIEWING BASIC SETTINGS
Viewing Device Settings
The Device Summary Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions. To view the Device Summary Page: 1 Click Device Summary. The Device Summary Page opens:
Figure 17 Device Summary Page
The Device Summary Page contains the following fields:

Product Description Displays the device model number and name System Name Defines the user-defined device name. The field range is 0-160 characters. System Location Defines the location where the system is currently running. The field range is 0-160 characters. System Contact Defines the name of the contact person. The field range is 0-160 characters. Serial Number Displays the device serial number. Product 3C Number Displays the 3Com device serial number.
Viewing Wired Settings
35
System Object ID Displays the vendors authoritative identification of the network management subsystem contained in the entity. MAC Address Displays the device MAC address. System Up Time Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds. Software Version Displays the installed software version number. Boot Version Displays the current boot version running on the device. Hardware Version Displays the current hardware version of the device.
Viewing Wired Settings
The Device Summary Wired Page displays port LED Indicators that include port status and basic port settings. The port status is presented with a color scheme that is described in the following table. The system administrator can view the port settings by scrolling over the relevant port with the mouse.
36
To view Wired Settings: 1 Click Device Summary > Wired. The Device Summary Wired Page opens:
Figure 18 Device Summary Wired Page
The Device Summary Wired Page contains the following fields:
Poll Now Enables polling the ports for port information including speed, utilization and port status. RJ45 Displays the port status of the RJ45 (Registered Jack 45) connections which are the physical interface used for terminating twisted pair type cable. SFP Displays the port status of the Small Form Factor (SFP) optical transmitter modules that combine transmitter and receiver functions.
The table includes the color and the port status:

White Unconnected. No link detected. Yellow Lower speed on 10/100/1000M capable port. Green Maximum speed 10/100/1000M RJ45 or RJ45 SFP. Link detected. Light Blue SX/LX SFP. Link detected.
Viewing Wireless Settings
37
Light Gray Port has been set to inactive by User or Protocol. Dark Blue Port has been selected by user. Red Port or Transceiver has failed POST or Transceivers not recognized.
Viewing Wireless Settings
The Wireless Page displays information regarding the currently configured access points including IP Address, MAC address, the type and radio configuration and the current access point status. Ensure that the Wireless Controller Software (WCS) has been activated. To view Wireless Access Point Settings: 1 Click Device Summary > Wireless. The Wireless Page opens:
Figure 19 Wireless Page
The Wireless Page contains the following fields:
Display Displays access points according to categories. The possible field values are:

Discovered APs Displays the discovered access points. Activated APs Displays the activated access points. All Displays the access points on the network.
Name Displays the user-defined access point name. IP Address Displays the IP Address assigned to the access point.
38
MAC Address Displays the MAC Address assigned to the access point. Type Displays the antenna type. Radios Displays the radio type attached to the access point. The possible field values are:
A Indicates the radio type is 802.11a and provides specifications for wireless ATM systems. G Indicates the radio type is 802.11g that offers transmission over relatively short distances at up to 54 mbps. b/g Indicates the radio type is 802.11b/g. n Indicates the radio type that is based on MIMO (Multiple input, multiple output) technology, which uses multiple antennas at both the source (transmitter) and the destination (receiver) to minimize errors and optimize data speed.
Channel Displays the access point channel used. State Displays the selected access point transceivers status. The possible field values are:

Disabled Indicates the Access Point is currently disabled. Enabled Indicates the Access point is currently enabled.
Activation Indicates the access point state. The possible field values are:

Activated Indicates access point is currently active. Discovered Indicates access point was discovered, but was not activated by the user.
2 Select an option from the Display drop-down list.
MANAGING DEVICE SECURITY
This section provides access to security pages that contain fields for setting security parameters for ports, device management methods, users, and server security. This section contains the following topics:

Configuring Management Security Configuring Network Security
Configuring Management Security
The Management Security section provides links that enable you to configure device management security, password management, defining RADIUS and TACACS+ authentication. This section includes the following topics:

Defining Management Access Configuring Password Management Port-based Authentication Defining TACACS+ Authentication
Defining Management Access
Management Access are rules for accessing the device. Access to management functions can be limited on the source IP Address level. Administrative Interfaces contain management methods for accessing and managing the device. The device administrative interfaces include:

Telnet SNMP HTTP Secure HTTP (HTTPS) Secure Telnet (SSH)
40
CHAPTER 3: MANAGING DEVICE SECURITY
Management access to different management methods may differ between source IP Addresses. The Management Access Summary Page contains currently configured administrative interfaces and their activity status. Assigning an access profile to an interface denies access via other interfaces. If an access profile is assigned to any interface, the device can be accessed by all interfaces. To view Management Access: 1 Click Administration > Management Access > Summary. The Management Access Summary Page opens:
Figure 20 Management Access Summary Page
The Management Access Summary Page contains the following fields:
Administrative Interfaces Defines the management access methods. Source IP Address Defines the interface source IP address to which the Management Access applies. The Source IP Address field is valid for a subnetwork. Prefix Length Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.
41
To configure Management Access: 1 Click Administration > Management Access > Setup. The Management Access Setup Page opens:
Figure 21 Management Access Setup Page
The Management Access Setup Page contains the following fields:
Administrative Interfaces Defines the management access methods. The possible field values are:
Telnet Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device. SNMP Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device. HTTP Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device. Secure HTTP (SSL) Assigns SSL access to the rule. If selected, users accessing the device using SSL meeting access profile criteria are permitted or denied access to the device. Secure Telnet (SSH) Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.
42
Source IP Address Defines the interface source IP address to which the Management Access applies. The Source IP Address field is valid for a subnetwork. Network Mask Determines what subnet the source IP Address belongs to in the network. Prefix Length Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address. Authentication Method Binding Assigns authentication methods for accessing the system. User authentication can be performed either locally or on an external server. User authentication occurs in the order the methods are selected. If the first authentication method is not available, the next selected method is used. The possible field values are:
Optional Methods The user authentication methods. The possible options are: Local Authenticates the user at the device level. The device checks the user name and password for authentication. RADIUS Authenticates the user at the RADIUS server. TACACS+ Authenticates the user at the TACACS+ Selected Methods The selected authentication method. The possible options is: None Assigns no authentication method to the authentication profile. . Management Access is defined, and the device is updated.
43
To remove Management Access Methods: 1 Click Administration > Management Access > Remove. The Management Access Remove Page opens:
Figure 22 Management Access Remove Page
The Management Access Remove Page contains the following fields:
Remove Removes the selected access profile. The possible field values are:
Checked Removes the selected access profile. Access Profiles cannot be removed when Active. Unchecked Maintains the access profiles.
Management Method Defines the management method for which the rule is defined. Source IP Address Defines the interface source IP address to which the Management Access applies. The Source IP Address field is valid for a subnetwork. Prefix Length Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address. . The Source IP is removed, and the device is updated.
2 Select a Source IP to be removed. 3 Click
44
Configuring Password Management
Network administrators can define users, passwords, and access levels for users using the Password Management Interface. To view Password Management: 1 Click Administration > Authentication > Password Management > Summary. The Password Management Summary Page opens:
Figure 23 Password Management Summary Page
The Password Management Summary Page contains the following fields:

User Name Displays the user name. Access Level Displays the user access level. The lowest user access level is Monitoring and the highest is Configuration.
Configuration Provides the user with read and write access rights. Monitoring Provides the user with read access rights.
45
To define Password Management: 1 Click Administration > Authentication > Password Management > Setup. The Password Management Setup Page opens:
Figure 24 Password Management Setup Page
The Password Management Setup Page contains the following fields:


Configuration Provides users read and write access rights. Monitoring Provides users read access rights.
Password Defines the local user password. Local user passwords can contain up to 159 characters. Confirm Password Verifies the password. . The Users are created, and the device is updated.
46
To modify Password Management: 1 Click Administration > Authentication > Password Management > Modify. The Password Management Modify Page opens:
Figure 25 Password Management Modify Page
The Password Management Modify Page contains the following fields:


Configuration Provides users read and write access rights. Monitoring Provides users read access rights.
Password Defines the local user password. Local user passwords can contain up to 159 characters. Confirm Password Verifies the password.
2 Select a User Name to be modified. 3 Modify the fields. 4 Click . The User settings are modified, and the device is updated.
47
To remove Password Management: 1 Click Administration > Authentication > Password Management > Remove. The Password Management Remove Page opens:
Figure 26 Password Management Remove Page
The Password Management Remove Page contains the following fields:
Remove Removes the user from the User Name list. The possible field values are:

Checked Removes the selected local user. Unchecked Maintains the local users.

Configuration Provides users read and write access rights. Monitoring Provides users read access rights. . The User is deleted, and the device is updated.
2 Select a User to be deleted. 3 Click
48
Defining RADIUS Authentication
Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for web access. The default parameters are user-defined, and are applied to newly defined RADIUS servers. If new default parameters are not defined, the system default values are applied to newly defined RADIUS servers. To configure RADIUS Servers: 1 Click Administration > Authentication > RADIUS > Setup. The Radius Authentication Setup Page opens:
Figure 27 Radius Authentication Setup Page
The Radius Authentication Setup Page contains the following fields:
Primary Server Defines the RADIUS Primary Server authentication fields. Backup Server Defines the RADIUS Backup Server authentication fields. Host IP Address Defines the RADIUS Server IP address. Authentication Port Identifies the authentication port. The authentication port is used to verify the RADIUS server authentication. The authenticated port default is 1812.
Defining RADIUS Authentication
49
Number of Retries Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default value is 3. Timeout for Reply Defines the amount of time (in seconds) the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Possible field values are 1-30. The default value is 3. Dead Time Defines the default amount of time (in minutes) that a RADIUS server is bypassed for service requests. The range is 0-2000. The default value is 0. Key String Defines the default key string used for authenticating and encrypting all RADIUS-communications between the device and the RADIUS server. This key must match the RADIUS encryption. Usage Type Specifies the RADIUS server authentication type. The default value is All. The possible field values are:
Log in Indicates the RADIUS server is used for authenticating user name and passwords. 802.1X Indicates the RADIUS server is used for 802.1X authentication. All Indicates the RADIUS server is used for authenticating user names and passwords, and 802.1X port authentication. . The RADIUS Servers are enabled, and the system is
2 Define the fields. 3 Click updated.
50
Defining TACACS+ Authentication
Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The system supports up-to 4 TACACS+ servers. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services:
Authentication Provides authentication during login and via user names and user-defined passwords. Authorization Performed at login. Once the authentication session is completed, an authorization session starts using the authenticated user name.
The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS+ server. The TACACS+ default parameters are user-assigned defaults. The default settings are applied to newly defined TACACS+ servers. If default values are not defined, the system defaults are applied to the new TACACS+ new servers.
Defining TACACS+ Authentication
51
To define TACACS+ Authentication Settings: 1 Click Administration > Authentication > TACACS+. The TACACS+ Setup Page opens:
Figure 28 TACACS+ Setup Page
The TACACS+ Setup Page contains the following fields:
Primary Server Defines the RADIUS Primary Server authentication fields. Backup Server Defines the RADIUS Backup Server authentication fields. Host IP Address Defines the TACACS+ Server IP address. Key String Defines the default authentication and encryption key for TACACS+ communication between the device and the TACACS+ server. Authentication Port (0-65535) Defines the port number via which the TACACS+ session occurs. The default port is port 49. Timeout for Reply Defines the default time that passes before the connection between the device and the TACACS+ times out. The default is 5. Single Connection Maintains a single open connection between the device and the TACACS+ server. The possible field values are:
52
Checked Enables a single connection. Unchecked Disables a single connection. . The TACACS+ Server is enabled, and the device is updated.
Configuring Network Security
53
The Network Security section provides links that enable you to configure Port-based authentication, port security, storm control and EAP statistics. This section includes the following:

Port-based Authentication Advanced Port-based Authentication Managing Port Security Enabling Storm Control Configuring EAP Statistics Binding ACLs
Port-based Authentication
Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol (EAP). Port-based authentication includes:
Authenticators Specifies the device port which is authenticated before permitting system access. Supplicants Specifies the host connected to the authenticated port requesting to access the system services. Authentication Server Specifies the server that performs the authentication on behalf of the authenticator, and indicates whether the supplicant is authorized to access system services. Controlled Access Permits communication between the supplicant and the system, if the supplicant is authorized. Uncontrolled Access Permits uncontrolled communication regardless of the port state.
Port-based authentication creates two access states:
54
Configuring Port Authentication Settings To configure 802.1x Global Settings: 1 Click Policy > Security > 802.1x Global Settings > Setup. The 802.1x Global Settings Setup Page opens:
Figure 29 802.1x Global Settings Setup Page
The 802.1x Global Settings Setup Page contains the following fields:
Port-based Authentication State Indicates if Port Authentication is enabled on the device. The possible field values are:

Enable Enables port-based authentication on the device. Disable Disables port-based authentication on the device.
Authentication Method Specifies the authentication method used for port authentication. The possible field values are:

RADIUS Provides port authentication using the RADIUS server. RADIUS, None Provides port authentication, first using the RADIUS server. If the port is not authenticated, then no authentication method is used, and the session is permitted. None Indicates that no authentication method is used to authenticate the port.
Enable Guest VLAN Provides limited network access to authorized ports. If a port is denied network access via port-based authorization,
55
but the Guest VLAN is enabled, the port receives limited network access. For example, a network administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to unauthorized users.
Guest VLAN ID Specifies the guest VLAN ID. . The 802.1x Global Settings are enabled, and the device is
To view Port-based Authentication: 1 Click Policy > Security > Port Authentication > Summary. The Port Authentication Summary Page opens:
Figure 30 Port Authentication Summary Page
The Port Authentication Summary Page contains the following fields:
Copy from Entry Number Copies port authentication information from the selected port. To Entry Number(s) Copies port authentication information to the selected port.
56
Port Displays a list of interfaces on which port-based authentication is enabled. User Name Displays the supplicant user name. Current Port Control Displays the current port authorization state. Guest VLAN Indicates if the Guest VLAN is enabled. Periodic Reauthentication Indicates if Period Reauthentication is enabled on the device. Reauthentication Period Displays the time span (in seconds) in which the selected port is reauthenticated. The field default is 3600 seconds. The field range is 300-4294967295 seconds. Termination Cause Displays the reason for which the port authentication was terminated. Authenticator State Displays the current authenticator state.
Modifying Port Authentication
The Port Authentication Modify Page allows network managers to configure port-based authentication parameters. To modify Port-based Authentication:
Modifying Port Authentication
57
Authenticator State Displays the current authenticator state.
1 Click Policy > Security > Port Authentication > Modify. The Port Authentication Modify Page opens:
Figure 31 Port Authentication Modify Page
The Port Authentication Modify Page contains the following fields:
Port Displays a list of interfaces on which port-based authentication is enabled. Admin Port Control Displays the admin port authorization state.
ForceUnauthorized Indicates that either the port control is force Unauthorized and the port link is down, or the port control is Auto but a client has not been authenticated via the port. ForceAuthorized Indicates that the port control is Forced Authorized, and clients have full port access. Auto Indicates that the port control is Auto and a single client has been authenticated via the port.
Current Port Control Displays the current port authorization state. Enable Guest VLAN Specifies whether the Guest VLAN is enabled on the device. The possible field values are:
58
Enable Enables using a Guest VLAN for unauthorized ports. If a Guest VLAN is enabled, the unauthorized port automatically joins the VLAN selected in the VLAN List field. Disable Disables port-based authentication on the device. This is the default.
Enable Periodic Reauthentication Permits immediate port reauthentication. Reauthentication Period Displays the time span (in seconds) in which the selected port is reauthenticated. The field default is 3600 seconds. The field range is 300-4294967295 seconds. Authenticator State Displays the current authenticator state. Quiet Period Displays the Quiet Period. The field range is 0-65535. Resending EAP Defines the amount of time (in seconds) that lapses before EAP requests are resent. The field default is 30 seconds. The field range is 0-65535. Max EAP Requests Displays the total amount of EAP requests sent. If a response is not received after the defined period, the authentication process is restarted. The field default is 2 retries. The field range is 0-65535. Supplicant Timeout Displays the Supplicant Timeout. The field range is 0-65535. Server Timeout Displays the Server Timeout. The field range is 0-65535. Termination Cause Indicates the reason for which the port authentication was terminated. . Port Authentication is enabled, and the device is
2 Click updated.
Advanced Port-based Authentication
Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based authentication requires only one host to be authorized for all hosts to have system access. If the port is unauthorized, all attached hosts are denied access to the network. Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are always available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does not require authentication, while data traffic requires authentication. VLANs for which authorization is not required can be
Viewing Authenticated Hosts
59
defined. Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are defined as authorized. Advanced port-based authentication is implemented in the following modes:

Single Host Mode Allows port access only to the authorized host. Multiple Host Mode Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are denied access to the network. Unauthenticated VLANS Are available to users, even if the ports attached to the VLAN are defined as unauthorized.
Viewing Authenticated Hosts
The Authenticated Hosts Page displays user port access lists. The Authenticated Hosts Page contians the following fields:
User Name Contains a list of the various RADIUS servers used as authenticators, as defined in the Add User Name. Port Indicates the port number for which the User Name List applies. User Name Lists can apply to more than one port. Session Time Indicates the amount of time the user was logged on to the device. The field format is Day:Hour:Minute:Seconds, for example, 3 days:2 hours: 4 minutes: 39 seconds. Authentication Method Indicates the method by which the last session was authenticated. The possible field values are:
Remote Indicates that the user was authenticated from a remote server. None Indicates that the user was not authenticated. MAC Address Indicates the supplicant MAC address was used for authentication.
MAC Address Displays the supplicant MAC address.
Defining Multiple Hosts
The Authenticated Host Summary Page contains a list of authenticated users.
60
To view Authenticated Hosts: 1 Click Policy > Security > Authenticated Host > Summary. The Authenticated Host Summary Page opens:
Figure 32 Authenticated Host Summary Page
The Authenticated Host Summary Page contains the following fields:

Port Displays the port number. Multiple Hosts User Name Lists the supplicants that were authenticated, and are permitted on each port. Session Time Displays the amount of time (in seconds) the supplicant was logged on the port. Authentication Method Displays the method by which the last session was authenticated. The possible field values are:
Remote 802.1x authentication is not used on this port (port is forced-authorized). None The supplicant was not authenticated. RADIUS The supplicant was authenticated by a RADIUS server.
MAC Address Displays the supplicant MAC address.
61
The Multiple Host Summary Page allows network managers to configure advanced port-based authentication settings for specific ports and VLANs. To view Multiple Hosts: 1 Click Policy > Security > Multiple Host > Summary. The Multiple Host Summary Page opens:
Figure 33 Multiple Host Summary Page
The Multiple Host Summary Page contains the following fields:
Port Displays the port number for which advanced port-based authentication is enabled. Multiple Hosts Indicates whether multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. Action on Violation Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

Forward Forwards the packet. Discard Discards the packets. This is the default value. Shutdown Discards the packets and shuts down the port. The port remains shut down until reactivated, or until the device is reset.
62
Traps Indicates if traps are enabled for multiple Hosts. The possible field values are:

Checked Indicates that traps are enabled for multiple hosts. Unchecked Indicates that traps are disabled for Multiple hosts.
Trap Frequency Defines the time period by which traps are sent to the host. The Trap Frequency field can be defined only if multiple hosts are disabled. The field range is 1-1,000,000. The default is 10 seconds. Status Indicates the host status. If there is an asterisk (*), the port is either not linked or is down. The possible field values are: Number of Violations Indicates the number of packets that arrived on the interface in single-host mode, from a host whose MAC address is not the supplicant MAC address.
Modifying Multiple Hosts
The Multiple Host Modify Page allows network managers to configure advanced port-based authentication settings for specific ports and VLANs.
Modifying Multiple Hosts
63
To modify Multiple Hosts: 1 Click Policy > Security > Multiple Host > Modify. The Multiple Host Modify Page opens:
Figure 34 Multiple Host Modify Page
The Multiple Host Modify Page contains the following fields:
Port Displays the port number for which advanced port-based authentication is enabled. Enable Multiple Hosts Indicates whether multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. The possible field values are:

Multiple Multiple hosts are enabled. Disable Multiple hosts are disabled.
Action on Violation Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

64
Enable Traps Indicates if traps are enabled for multiple Hosts. The possible field values are:

Checked Indicates that traps are enabled for multiple hosts. Unchecked Indicates that traps are disabled for multiple hosts.
Trap Frequency Defines the time period by which traps are sent to the host. The Trap Frequency (1-1000000) field can be defined only if multiple hosts are disabled. The default is 10 seconds.
2 Define the fields. 3 Click . The Multiple Host Authentication fields are modified, and the device is updated.
Managing Port Security
Network security can be increased by limiting access on a specific port only to users with specific MAC addresses. The MAC addresses can be dynamically learned or statically configured. Locked port security monitors both received and learned packets that are received on specific ports. Access to the locked port is limited to users with specific MAC addresses. These addresses are either manually defined on the port, or learned on that port up to the point when it is locked. When a packet is received on a locked port, and the packet source MAC address is not tied to that port (either it was learned on a different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving at a locked port are either:

Forwarded Discarded with no trap Discarded with a trap Shuts down the port.
Locked port security also enables storing a list of MAC addresses in the configuration file. The MAC address list can be restored after the device has been reset.
65
To view Port Security: 1 Click Policy > Security > Port Security > Summary. The Port Security Summary Page opens:
Figure 35 Port Security Summary Page
The Port Security Summary Page contains the following fields:

Interface Displays the port or LAG name. Port-based Indicates the port operational status. Possible field values are:
Unlocked The port is currently active and is currently receiving and transmitting traffic. Locked The port is currently disabled, and is not currently receiving or transmitting traffic.
Learning Mode Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Set Port field.The possible field values are:
Classic Lock Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned. Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns
66
up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
Max Entries Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The field range is 1- 128. The default is 1. Action Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

Trap Enables traps when a packet is received on a locked port. Trap Frequency (Sec) The amount of time (in seconds) between traps. The field range is 1-1,000,000. The default value is 10 seconds. . The Port Security settings are defined, and the device is
2 Modify the relevant fields. 3 Click updated.
67
To modify Port Security: 1 Click Policy > Security > Port Security > Modify. The Port Security Modify Page opens:
Figure 36 Port Security Modify Page
The Port Security Modify Page contains the following fields:

Interface Displays the port or LAG name. Enable Lock Interface Enables locking the port. When a port is locked, all the current addresses that had been dynamically learned by the switch on that port, are transformed to static MAC addresses. When the port is unlocked, they are removed from the static list. Learning Mode Defines the locked port type. The Learning Mode field is enabled only if Locked is selected in the Set Port field.The possible field values are:
Classic Lock Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the number of addresses that have already been learned. Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port. The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are enabled.
68
Max Entries Specifies the number of MAC address that can be learned on the port. The Max Entries field is enabled only if Locked is selected in the Set Port field. In addition, the Limited Dynamic Lock mode is selected. The field range is 1- 128. The default is 1. Action on Violation Defines the action to be applied to packets arriving in single-host mode, from a host whose MAC address is not the supplicant MAC address. The possible field values are:

Trap Enables traps when a packet is received on a locked port. Trap Frequency (Sec) The amount of time (in seconds) between traps. The default value is 10 seconds. . The Port Security settings are modified, and the device is
Enabling Storm Control
Storm control limits the amount of Multicast, Broadcast and Unknown Unicast frames accepted and forwarded by the device. When Layer 2 frames are forwarded, Broadcast, Multicast and Unknown Unicast frames are flooded to all ports on the relevant VLAN. This occupies bandwidth, and loads all nodes on all ports. A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out. Storm control is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted. The system measures the incoming Broadcast and Multicast frame rates separately on each port, and discards the frames when the rate exceeds a user-defined rate.
Enabling Storm Control
69
To view Storm Control Traffic: 1 Click Policy > Storm Control > Summary. The Storm Control Summary Page opens:
Figure 37 Storm Control Summary Page
The Storm Control Summary Page contains the following fields:
Copy from Entry Number Copies the storm control parameters from the selected port. To Entry Numbers Copies the storm control parameters to the selected ports. Port Indicates the port from which storm control is enabled. Enable Broadcast Control Indicates if forwarding Broadcast packet types is enabled on the interface.

Enable Enables broadcast control on the selected port. Disable Disables broadcast control on the selected port.
Broadcast Rate Threshold Indicates the maximum rate (kilobits per second) at which unknown packets are forwarded. The range is 3,500-1,000,000. The default value is 3,500. Broadcast Mode Specifies the Broadcast mode currently enabled on the device. The possible field values are:
70
Unknown Unicast, Multicast & Broadcast Counts Unicast, Multicast, and Broadcast traffic. Multicast & Broadcast Counts Broadcast and Multicast traffic together. Broadcast Only Counts only Broadcast traffic.
The Storm Control Modify Page provides fields for configuring broadcast storm control. To modify Storm Control Settings: 1 Click Policy > Storm Control > Modify. The Storm Control Modify Page opens:
Figure 38 Storm Control Modify Page
The Storm Control Modify Page contains the following fields:

Port Indicates the port from which storm control is enabled. Enable Broadcast Control Indicates if forwarding Broadcast packet types on the interface. The possible field values are:

Enable Enables storm control on the selected port. Disable Disables storm control on the selected port.
Configuring EAP Statistics
71
Broadcast Mode Specifies the Broadcast mode currently enabled on the device. The possible field values are:
Unknown Unicast, Multicast & Broadcast Counts Unicast, Multicast, and Broadcast traffic. Multicast & Broadcast Counts Broadcast and Multicast traffic together. Broadcast Only Counts only Broadcast traffic.
Broadcast Rate Threshold Indicates the maximum rate (kilobits per second) at which unknown packets are forwarded. The range is 3,500-1,000,000. The default value is 3,500. . Storm control is enabled on the device.
2 Modify the fields. 3 Click
Configuring EAP Statistics
The EAP Statistics Summary Page contains information about EAP packets received on a specific port. To view EAP Statistics: 1 Click Policy > Security > EAP Statistics. The EAP Statistics Summary Page opens:
Figure 39 EAP Statistics Summary Page
The EAP Statistics Summary Page contains the following fields:
72
Port Displays the port number for which advanced port-based authentication is enabled. Refresh Rate Defines the amount of time that passes before the statistics are refreshed. The possible field values are:
15 SecIndicates that the statistics are refreshed every 15 seconds. 30 SecIndicates that the statistics are refreshed every 30 seconds. 60 SecIndicates that the statistics are refreshed every 60 seconds. No RefreshIndicates that the statistics are not refreshed.
Frames Receive Indicates the number of valid EAPOL frames received on the port. Frames Transmit Indicates the number of EAPOL frames transmitted via the port. Start Frames Receive Indicates the number of EAPOL Start frames received on the port. Log off Frames Receive Indicates the number of EAPOL Logoff frames that have been received on the port. Respond ID Frames Receive Indicates the number of EAP Resp/Id frames that have been received on the port. Respond Frames Receive Indicates the number of valid EAP Response frames received on the port. Request ID Frames Transmit Indicates the number of EAP Req/Id frames transmitted via the port. Request Frames Transmit Indicates the number of EAP Request frames transmitted via the port. Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port. Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port. Last Frame Version Indicates the protocol version number attached to the most recently received EAPOL frame. Last Frame Source Indicates the source MAC address attached to the most recently received EAPOL frame.
Defining ACLs
73
2 Define the fields. 3 Click . The Port Statistics are displayed, and the device is updated.
Defining ACLs
Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and the ingress port is disabled. If they are denied entry, the user can disable the port. For example, an ACL rule is defined that states, port number 20 can receive TCP packets, however, if a UDP packet is received, the packet is dropped. ACLs are composed of access control entries (ACEs) that are made of the filters that determine traffic classifications. The following fiters can be defined as ACEs:
Source Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard mask. Destination Port IP Address and Wildcard Mask Filters the packets by the Source port IP address and wildcard mask. ACE Priority Filters the packets by the ACE priority. Protocol Filters the packets by the IP protocol. DSCP Filters the packets by the DiffServ Code Point (DSCP) value. IP Precendence Filters the packets by the IP Precedence. Action Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned rate limiting restrictions for forwarding.
74
Viewing MAC-based ACLs
To view MAC-based ACLs: 1 Click Policy > ACL > MAC Based ACL > ACL Summary. The MAC-based ACL Summary Page opens:
Figure 40 MAC-based ACL Summary Page
The MAC-based ACL Summary Page contains the following fields:
Priority Indicates the ACE priority, which determines which ACE is matched to a packet on a first-match basis. The possible field values are 1-2147483647. Source Address Indicates the source MAC address. Source Mask Indicates the MAC address Source Mask. Destination Address Indicates the destination MAC address. Destination Mask Indicated the MAC address Destination Mask. VLAN ID Specifies the VLAN ID. CoS Classifies traffic based on the CoS tag value. CoS Mask Defines the Cost of Service mask. Ethertype Provides an identifier that differentiates between various types of protocols.
Defining ACLs
75
Action Indicates the ACL forwarding action. Possible field values are:

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria. Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page.
76
Configuring ACLs
1 Click Policy > ACL > MAC Based ACL > ACL Setup. The ACL Setup Page opens:
Figure 41 ACL Setup Page
The ACL Setup Page contains the following fields:

ACL Name Contains a list of the MAC-based ACLs. New Rule Priority Defines the rule priority. When the packet is matched to a rule, user groups are either granted permission or denied device management access. The rule number is essential to matching packets to rules, as packets are matched on a first-fit basis. Source Address Indicates the source MAC address. Source Wild Card Mask Indicates the source MAC Address wild card mask. Wild cards are used to mask all or part of a source MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard of 00.00.00.00.00.00.00 indicates that all bits are important. For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored. Destination Address Indicates the destination MAC address.
Configuring ACLs
77
Destination Wild Card Mask Indicates the destination MAC Address wild card mask. Wild cards are used to mask all or part of a destination MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF indicates that no bit is important. A wild card mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored. VLAN ID Matches the packet's VLAN ID to the ACL. CoS Classifies traffic based on the CoS tag value. CoS Mask Defines the CoS mask used to classify network traffic. Ethertype Provides an identifier that differentiates between various types of protocols. Action Indicates the ACL forwarding action. Possible field values are:

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria. Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page. .
78
Defining MAC-based ACL Rules
To define MAC-based ACL Rules: 1 Click Policy > ACL > MAC Based ACL > Rule Setup. The MAC-based ACL Rule Setup Page opens:
Figure 42 MAC-based ACL Rule Setup Page
The MAC-based ACL Rule Setup Page contains the following fields:

ACL Name Contains a list of the MAC-based ACLs. New Rule Priority Defines the ACL priority. ACLs are checked on the first fit basis. The ACL priority defines the ACL order in the ACL list. Source Address Indicates the source MAC address. Source Wild Card Mask Indicates the source MAC Address wild card mask. Wild cards are used to mask all or part of a source MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF:FF indicates that no bit is important. A wildcard of 00.00.00.00.00.00.00 indicates that all bits are important. For example, if the source MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored. Destination Address Indicates the destination MAC address.
Defining MAC-based ACL Rules
79
Destination Wild Card Mask Indicates the destination MAC Address wild card mask. Wild cards are used to mask all or part of a destination MAC address. Wild card masks specify which bits are used and which are ignored. A wild card mask of FF:FF:FF:FF:FF indicates that no bit is important. A wild card mask of 00.00.00.00.00.00 indicates that all bits are important. For example, if the destination MAC address is E0:3B:4A:C2:CA:E2 and the wildcard mask is 00:3B:4A:C2:CA:FF, the first two bits of the MAC are used, while the last two bits are ignored. VLAN ID Specifies the VLAN ID. CoS Classifies traffic based on the CoS tag value. CoS Mask Defines the CoS mask used to classify network traffic. Ethertype Provides an identifier that differentiates between various types of protocols. Action Indicates the ACL forwarding action. Possible field values are:

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria. Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page. . The Rule Setup settings are configured, and the
2 Define the fields. 3 Click device is updated.
80
Removing MAC-based ACLs
To remove MAC-based Class Maps: 1 Click Policy > ACL > MAC Based ACL > Remove. The MAC-based ACL Remove Page opens:
Figure 43 MAC-based ACL Remove Page
The MAC-based ACL Remove Page contains the following fields:

ACL Name Contains a list of the MAC-based ACLs. Remove ACL Enables the ACL to be removed. Priority Defines the rule priority for the MAC-based ACL. VLAN ID Specifies the VLAN ID. CoS Classifies Class of Service of the packet. CoS Mask Defines the wildcard bits to be applied to the CoS. Ethertype Provides an identifier that differentiates between various types of protocols. Action Indicates the ACL forwarding action. Possible field values are:

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria.
Removing MAC-based ACLs
81
Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page.
2 Select the ACL Name to be deleted. 3 Enable ACL Removal and select the ACL to be removed from the table. 4 Click the Remove Checkbox. The ACL is removed. 5 Click updated. . The selected ACLs are deleted, and the device is
82
Defining IP-based ACLs
The IP Based ACL Page contains information for defining IP-based ACLs, including defining the ACEs defined for IP-based ACLs. To view IP-based Class Maps: 1 Click Policy > ACL > IP Based ACL > ACL Summary. The IP-based ACL Summary Page opens:
Figure 44 IP-based ACL Summary Page
The IP-based ACL Summary Page contains the following fields:

ACL Name Contains a list of the IP-based ACLs. Priority Indicates the ACE priority that determines which ACE is matched to a packet based on a first-match basis. The possible field value is 1-2147483647. Protocol Creates an ACE based on a specific protocol. The possible field values are:
IP Internet Protocol (IP). Specifies the format of packets and their addressing method. IP addresses packets and forwards the packets to the correct port. TCP Transmission Control Protocol (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent.
83
UDP User Datagram Protocol (UDP). Communication protocol that transmits packets but does not guarantee their delivery. ICMP Internet Control Message Protocol (ICMP). The ICMP allows the gateway or destination host to communicate with the source host. For example, to report a processing error. IGMP Internet Group Management Protocol (IGMP). Allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific multicast group.
Flag Type Indicates TCP flags by which the packet is classified. Flag Set Sets the indicated TCP flag that can be triggered. ICMP Type Specifies an ICMP message type for filtering ICMP packets. ICMP Code Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. IGMP Type IGMP packets can be filtered by IGMP message type. Source Defines the TCP/UDP source port to which the ACL is matched. Destination Defines the TCP/UDP destination port. DSCP Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-63. IP - Prec. Indicates matching ip-precedence with the packet ip-precedence value. Action Indicates the ACL forwarding action.
84
To configure IP-based Class Maps: 1 Click Policy > ACL > IP Based ACL > ACL Setup. The IP-based ACL Setup Page opens:
Figure 45 IP-based ACL Setup Page
The IP-based ACL Setup Page contains the following fields:

ACL Name Contains a list of the IP-based ACLs. Enable New Rule Priority Enables the new rule priority. New Rule Priority Defines the ACL priority. ACLs are checked on the first fit basis. The ACL priority defines the ACL order in the ACL list. Protocol Creates an ACE based on a specific protocol.
Select from List Selects a protocol from a list on which ACE can be based. Some of the possible field values are: Any Matches the protocol to any protocol. IDRP Matches the packet to the Inter-Domain Routing Protocol (IDRP). RSVP Matches the packet to the ReSerVation Protocol (RSVP).
85
OSPF Matches the packet to the Open Shortest Path First (OSPF) protocol. PIM Matches the packet to Protocol Independent Multicast (PIM). L2IP Matches the packet to Layer 2 Internet Protocol (L2IP). Protocol ID Adds user-defined protocols by which packets are matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255.
Source Port Enables creating an ACL based on a specific protocol. Destination Port Indicates the destination port that is matched packets. Enabled only when TCP or UDP are selected in the Protocol list.

Any Enables creating an ACL based on any protocol. Source Wild Card Mask Source IP address wildcard mask.Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all the bits are important. For example, if the source IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first eight bits of the IP address are ignored, while the last eight bits are used.
Source IP Address Matches the source IP address from which packets originate to the ACL. Destination IP Address Matches the destination IP address to which packets are addressed to the ACL.
Destination Wild Card Mask Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important. For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored.
Match DSCP Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.
86
Match IP Precedence Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria. Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page.
87
To configure IP-based Rules: 1 Click Policy > ACL > IP Based ACL > Rule Setup. The IP-based ACL Rule Setup Page opens:
Figure 46 IP-based ACL Rule Setup Page
The IP-based ACL Rule Setup Page contains the following fields:

ACL Name Contains a list of the IP-based ACLs. New Rule Priority Defines the ACL priority. ACLs are checked on the first fit basis. The ACL priority defines the ACL order in the ACL list. Protocol Enables creating an ACL based on a specific protocol.
Select from List Selects a protocol from a list on which ACE can be based.Some of the possible field values are: Protocol ID Adds user-defined protocols by which packets are matched to the ACE. Each protocol has a specific protocol number which is unique. The possible field range is 0-255. Any Enables creating an ACL based on any protocol.
Source Port Enables creating an ACL based on a specific protocol.
88
Destination Port Indicates the destination port that is matched packets. Enabled only when TCP or UDP are selected in the Protocol list.
Any Enables creating an ACL Based on any protocol.
Source IP Address Matches the source IP address to which packets are addressed to the ACL.
Wild Card Mask Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important. For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored.
Destination IP Address Matches the destination IP address to which packets are addressed to the ACL.
Wild Card Mask Indicates the destination IP Address wild card mask. Wild cards are used to mask all or part of a destination IP Address. Wild card masks specify which bits are used and which bits are ignored. A wild card mask of 255.255.255.255 indicates that no bit is important. A wildcard of 00.00.00.00 indicates that all bits are important. For example, if the destination IP address 149.36.184.198 and the wildcard mask is 255.36.184.00, the first two bits of the IP address are used, while the last two bits are ignored. Match DSCP Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. Match IP Precedence Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP Precedence value is used to match packets to ACLs.

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria.
89
Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page. 2 Select an ACL from the ACL Name drop-down list. 3 Define the rule setup fields. 4 Click . The ACL rule setup is enabled, and the device is updated.
90
Removing IP-based ACLs
To remove IP-based ACL: 1 Click Policy > ACL > IP Based ACL > Remove ACL. The IP-based ACL Remove Page opens:
Figure 47 IP-based ACL Remove Page
The IP-based ACL Remove Page contains the following fields:

ACL Name Contains a list of the IP-based ACLs. Remove ACL Removes an ACL. The possible field values are:

Checked Removes the selected IP-based ACL. Unchecked Maintains the IP-based ACL.
Priority Indicates the ACL priority, which determines which ACL is matched to a packet on a first-match basis. The possible field values are 1-2147483647. Protocol Creates an ACE based on a specific protocol. Destination Port Defines the TCP/UDP destination port. Source Port Defines the TCP/UDP source port to which the ACL is matched. Flag Set Sets the indicated TCP flag matched to the packet.
Removing IP-based ACLs
91
ICMP Type Specifies an ICMP message type for filtering ICMP packets. ICMP Code Specifies an ICMP message code for filtering ICMP packets. ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code. IGMP Type IGMP packets can be filtered by IGMP message type. DSCP Matches the packet DSCP value to the ACL. Either the DSCP value or the IP Precedence value is used to match packets to ACLs. IP - Prec. Indicates matching ip-precedence with the packet ip-precedence value. Action Indicates the ACL forwarding action. Possible field values are:

Permit Forwards packets which meet the ACL criteria. Deny Drops packets which meet the ACL criteria. Shutdown Drops packet that meet the ACL criteria, and disables the port to which the packet was addressed. Ports are reactivated from the Interface Configuration Page. . The selected ACLs are deleted, and the device is
2 Select an ACL to be removed. 3 Click updated.
92
Binding ACLs
To define ACL Binding: 1 Click Policy > ACL > ACL Binding > Binding Summary. The ACL Binding Summary Page opens:
Figure 48 ACL Binding Summary Page
The ACL Binding Summary Page contains the following fields:
Ports Displays the ACL Port parameters. The possible field values are:
Interface Displays the port interface for which the ACL parameters are defined. ACL Name Contains a list of ACL Names.
LAGs Displays the ACL LAG parameters. The possible field values are:
Interface Displays the LAG interface for which the ACL parameters are defined. ACL Name Contains a list of ACL Names.
Binding ACLs
93
To define ACL Binding: 1 Click Policy > ACL > ACL Binding > Binding Setup. The ACL Binding Setup Page opens:
Figure 49 ACL Binding Setup Page
The ACL Binding Setup Page contains the following fields:
Interface Selects the Ports or LAGs interface to be configured.

Ports Selects the ports interface to be bound. LAGs Selects the LAGs interface to be bound. MAC-based ACL Binds the interface to the MAC-based ACL. IP-based ACL Binds the interface to the IP-based ACL.
Bind ACL Binds the interface to the ACL interface.

Select ACL Selects the ACL to be bound. Define the fields. . The ACL Binding Page is defined, and the device is
MANAGING SYSTEM INFORMATION
This section contains information for configuring general system information, and includes the following:

Viewing System Description Defining System Settings Configuring Country Codes Configuring System Name Configuring System Time Saving the Device Configuration
Viewing System Description
95
Viewing System Description
The Device Summary Information Page displays parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, and MAC addresses, and both software, boot, and hardware versions. To view Service Summary Information: 1 Click Device Summary. The Device Summary Information Page opens:
Figure 50 Device Summary Information Page
The Device Summary Information Page contains the following fields:

Product Description Displays the device model number and name System Name Defines the user-defined device name. The field range is 0-160 characters. System Location Defines the location where the system is currently running. The field range is 0-160 characters. System Contact Defines the name of the contact person. The field range is 0-160 characters. Serial Number Displays the device serial number.
96
CHAPTER 4: MANAGING SYSTEM INFORMATION
Product 3C Number Displays the internal 3Com device serial number. System Object ID Displays the vendors authoritative identification of the network management subsystem contained in the entity. MAC Address Displays the device MAC address. System Up Time Displays the amount of time since the most recent device reset. The system time is displayed in the following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 minutes and 15 seconds. Software Version Displays the installed software version number. Boot Version Displays the current boot version running on the device. Hardware Version Displays the current hardware version of the device.
Defining System Settings
97
Defining System Settings
The following section allows system administrators to configure advanced system settings. The section includes the following:

Configuring Country Codes Configuring System Name Configuring System Time
98
Configuring Country Codes
Defines the country code by which WLAN settings are set. For the complete list of country codes and settings, see WLAN Country Settings. To configure the Country Code: 1 Click Administration > Country Code. The Country Codes Page opens:
Figure 51 Country Codes Page
The Country Codes Page contains the following fields:

Master Radio Enable Enables the master radio. Country Code Displays a list of country codes.
The following are the possible country code settings:
99
Country Austria Australia
Country Code AT AU
Access Point Domain -E -N
Channels Allowed 36, 40, 44, 48 1 - 11 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1 - 11 36, 40, 44, 48,52, 56, 60, 64 1 - 12,13
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 60 mW EIRP 100 mW EIRP 200 mW EIRP 200 mW EIRP 1 W EIRP 200 mW EIRP 120 mW EIRP 120 mW EIRP 100 mW EIRP 100 mW EIRP 200 mW EIRP 1 W EIRP 1 W EIRP 50 mW+6 dBi=200 mW, 250 mW+6 dBi=1 W, 1 W+6 dBi=4 W 1 W+Restricted Antennas 200 mW EIRP 200 mW EIRP 100 mW EIRP 150 mW+6 dBi~600 mW 150 mW+6 dBi~600 mW 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas
Frequency Range (GHz) 5.15-5.25 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.825 2.4-2.4835 5.15-5.25
Belgium
BE
-E
2.4-2.4835 5.725-5.85
Brazil
BR
-C
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1 - 11 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .35 2.4-2.4835 5.725-5.825 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835
Canada
CA
-A
Switzerland and Liechtenstein
CH
-E
36, 40, 44, 48,52, 56, 60, 64 1-11 149, 153, 157, 161 1-13
China
CN
-C
Cyprus
CY
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
100
Country Czech Republic
Country Code CZ
Access Point Domain -E
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 200 mW EIRP200 mW EIRP1 W EIRP
Frequency Range (GHz) 5.15-5.255.25-5 .355.725-5.825
200 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.255.25-5 .355.47-5.725
Germany
DE
-E
2.4-2.4835 200 mW EIRP200 mW EIRP1 W EIRP 5.15-5.255.25-5 .355.47-5.725
Denmark
DK
-E
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835
Estonia
EE
-E
Spain Finland
ES FI
-E 1-11 -E 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11 100 mW EIRP 2.4-2.4835 5.15-5.255.25-5 .355.47-5.725
101
Country France
Country Code FR
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64 1 - 7,8 - 11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 200 mW EIRP200 mW EIRP 100 mW EIRP100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
Frequency Range (GHz) 5.15-5.255.25-5 .35 2.4-2.48352.4-2 .454 5.15-5.25 5.25-5.35 5.47-5.725
United Kingdom
GB
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 100 mW EIRP 200 mW EIRP200 mW EIRP1 W+6 dBi=4 W 100 mW EIRP 200 mW EIRP
2.4-2.4835 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .35 2.4-2.4835 5.725-5.875 2.4-2.5 5.15-5.25 5.25-5.35 5.47-5.725 2.4-2.4835 5.15-5.25 5.25-5.35
Greece Hong Kong
GR HK
-E -N
1-11 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Hungary
HU
-E
36, 40, 44, 48,52, 56, 60, 64 1-11
1 W EIRP N/A 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP 100 mW EIRP 200 mW EIRP200 mW EIRP
Indonesia
ID
-R
N/A 1-13
Ireland
IE
-E
36, 40, 44, 48,52, 56, 60, 64 1-11
Israel
IL
-I
36, 40, 44, 48,52, 56, 60, 64
102
Country
Country Code
Access Point Domain
Channels Allowed 1-13
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 100 mW EIRP 200 mW EIRP200 mW EIRP 100 mW EIRP N/A 4 W EIRP
Frequency Range (GHz) 2.4-2.4835 5.15-5.255.25-5 .35 2.4-2.4835 N/A 2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Israel OUTDOOR
ILO
36, 40, 44, 48,52, 56, 60, 64 5-13
India
IN
TBA
N/A
Iceland
IS
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Italy
IT
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 100 mW EIRP100 mW EIRP 10 mW/ MHz~200mW EIRP 10 mW/ MHz~200mW EIRP 150 mW+6 dBi~600 mW
2.4-2.4835 5.03-5.09 5.15-5.25 2.4-2.497 2.4-2.497 5.725-5.825
Japan
JP
-J
1-3,1-4 1-14 1-13
Republic of Korea
KR
-C
149, 153, 157, 161
103
Country
Country Code
Access Point Domain
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 150 mW+6 dBi~600 mW 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 200 mW EIRP200 mW EIRP1 W EIRP
Frequency Range (GHz) 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
Lithuania
LT
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Luxembourg
LU
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
Latvia
LV
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 2.4-2.5 5.15-5.25 5.25-5.35 5.47-5.725
Malaysia Netherlands
MY NL
-E -E
1-13 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140
104
Country
Country Code
Access Point Domain
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
Norway
NO
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas TBA 100 mW EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
New Zealand
NZ
-N
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.725-5.875 2.4-2.4835 2.4-2.4835
Philippines
PH
-C
TBA
Poland
PL
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
200 mW EIRP 1 W EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Portugal
PT
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP
2.4-2.4835
105
Country Sweden
Country Code SE
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 200 mW EIRP200 mW EIRP1 W EIRP
Frequency Range (GHz) 5.15-5.25 5.25-5.35 5.47-5.725
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .355.725-5.85
Singapore
SG
-S
36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161 1-13
200 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas N/A 100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W
Slovenia
SI
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.725-5.875 2.4-2.5 5.25-5.35 5.47-5.725 5.725-5.825
Slovak Republic
SK
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Thailand
TL
-R
N/A 1-13
Taiwan
TW
-T
56, 60, 64, 100 - 140,149, 153, 157, 161
106
Country
Country Code
Access Point Domain
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 1 W EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W Conducted Output 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output N/A 1 W EIRP
United States of America
US
-A
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 2.4-2.4835 5.15-5.25 5.25-5.35 2.4-2.4835 5.15-5.25 5.25-5.35 2.4-2.4835 5.25-5.355.7255.825 2.4-2.4835
United States of America
USE
-A
36, 40, 44, 48,52, 56, 60, 64 1-11
United States of America LOW
USL
-A
36, 40, 44, 48,52, 56, 60, 64 1-11
United States of America EXTENDED
USX
TBA
36, 40, 44, 48,52, 56, 60, 64 1-11
South Africa
ZA
TBA
N/A 1-13
Configuring System Name
107
Configuring System Name
To configure the System Name: 1 Click Administration > System Name > Setup. The System Name Setup Page opens:
Figure 52 System Name Setup Page
The System Name Setup Page includes the following fields:
System Name Defines the user-defined device name. The field range is 0-160 characters. System Location Defines the location where the system is currently running. The field range is 0-160 characters. System Contact Defines the name of the contact person. The field range is 0-160 characters. . The System Name is enabled, and the device is updated.
108
Configuring System Time
The Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device. The following is a list of Daylight Savings Time start and end times in specific countries:
Albania From the last weekend of March until the last weekend of October. Australia From the end of October until the end of March. Australia - Tasmania From the beginning of October until the end of March. Armenia From the last weekend of March until the last weekend of October. Austria From the last weekend of March until the last weekend of October. Bahamas From April to October, in conjunction with Daylight Savings Time in the United States. Belarus From the last weekend of March until the last weekend of October. Belgium From the last weekend of March until the last weekend of October. Brazil From the third Sunday in October until the third Saturday in March. During the period of Daylight Saving Time, Brazilian clocks go forward one hour in most of the Brazilian southeast. Chile In Easter Island, from March 9 until October 12. In the rest of the country, from the first Sunday in March or after 9th March. China China does not use Daylight Saving Time. Canada From the first Sunday in April until the last Sunday of October. Daylight Saving Time is usually regulated by provincial and territorial governments. Exceptions may exist in certain municipalities. Cuba From the last Sunday of March to the last Sunday of October. Cyprus From the last weekend of March until the last weekend of October.
109
Denmark From the last weekend of March until the last weekend of October. Egypt From the last Friday in April until the last Thursday in September. Estonia From the last weekend of March until the last weekend of October. Finland From the last weekend of March until the last weekend of October. France From the last weekend of March until the last weekend of October. Germany From the last weekend of March until the last weekend of October. Greece From the last weekend of March until the last weekend of October. Hungary From the last weekend of March until the last weekend of October. India India does not use Daylight Saving Time. Iran From Farvardin 1 until Mehr 1. Iraq From April 1 until October 1. Ireland From the last weekend of March until the last weekend of October. Israel Varies year-to-year. Italy From the last weekend of March until the last weekend of October. Japan Japan does not use Daylight Saving Time. Jordan From the last weekend of March until the last weekend of October. Latvia From the last weekend of March until the last weekend of October. Lebanon From the last weekend of March until the last weekend of October. Lithuania From the last weekend of March until the last weekend of October. Luxembourg From the last weekend of March until the last weekend of October.
110
Macedonia From the last weekend of March until the last weekend of October. Mexico From the first Sunday in April at 02:00 to the last Sunday in October at 02:00. Moldova From the last weekend of March until the last weekend of October. Montenegro From the last weekend of March until the last weekend of October. Netherlands From the last weekend of March until the last weekend of October. New Zealand From the first Sunday in October until the first Sunday on or after March 15. Norway From the last weekend of March until the last weekend of October. Paraguay From April 6 until September 7. Poland From the last weekend of March until the last weekend of October. Portugal From the last weekend of March until the last weekend of October. Romania From the last weekend of March until the last weekend of October. Russia From the last weekend of March until the last weekend of October. Serbia From the last weekend of March until the last weekend of October. Slovak Republic - From the last weekend of March until the last weekend of October. South Africa South Africa does not use Daylight Saving Time. Spain From the last weekend of March until the last weekend of October. Sweden From the last weekend of March until the last weekend of October. Switzerland From the last weekend of March until the last weekend of October. Syria From March 31 until October 30.
111
Taiwan Taiwan does not use Daylight Saving Time. Turkey From the last weekend of March until the last weekend of October. United Kingdom From the last weekend of March until the last weekend of October. United States of America From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.
To configure the System Time: 1 Click Administration > Time. The Time Page opens:
Figure 53 Time Page
The Time Page contains the following sections:
Local Settings Displays the system time in the following format:
Time Indicates the system time. The system time is displayed in the following format HH:MM:SS. Hour, Minute, Seconds. Day Displays the week day. The possible field range is Sunday-Saturday. Month Displays the month of the year. The possible field range is Jan-Dec. Year Displays the year.
Time Zone Offset Indicates the difference between Greenwich Mean Time (GMT) and local time. For example, the Time Zone Offset
112
for Paris is GMT +1, while the Time Zone Offset for New York is GMT 5.
Daylight Savings Enables automatic Daylight Savings Time (DST) on the device based on the devices location. There are two types of daylight settings, either by a specific date in a particular year or a recurring setting irrespective of the year. Define the fields. From Defines the time that DST ends each year. For example, DST ends locally every fourth Friday in October at 5:00 am. The possible field values are:
Day The day of the week at which DST ends every year. The possible field range is Sunday-Saturday. Week The week within the month at which DST ends every year. The possible field range is 1-5. Month The month of the year in which DST ends every year. The possible field range is Jan.-Dec. Time The time at which DST ends every year. The field format is Hour:Minute, for example, 05:30.
To Defines the time that DST begins each year. For example, DST begins locally every second Sunday in April at 5:00 am. The possible field values are:
Day The day of the week from which DST begins every year. The possible field range is Sunday-Saturday. Week The week within the month from which DST begins every year. The possible field range is 1-5. Month The month of the year in which DST begins every year. The possible field range is Jan.-Dec. Time The time at which DST begins every year. The field format is Hour:Minute, for example, 02:10.
Recurring Defines the time that DST starts in countries other than USA or European where the DST is constant year to year. . The Time settings are saved, and the device is updated.
2 Click
Saving the Device Configuration
113
Saving the Device Configuration
The Save Configuration tab allows the latest configuration to be saved to the flash memory. To save the device configuration: 1 Click Save Configuration. The Save Configuration Page opens:
Figure 54 Save Configuration Page
The following message displays: The operation will save your configuration. Do you wish to continue?
114
Resetting the Device
The Reset page enables resetting the device from a remote location. To prevent the current configuration from being lost, save all changes from the running configuration file to the startup configuration file before resetting the device.
CONFIGURING WIRED PORTS
This section contains information for configuring Port Settings, and includes the following sections:

Viewing Port Settings Defining Port Settings Configuring Address Tables Viewing Static Addresses Defining Static Addresses Viewing Dynamic Addresses
116
CHAPTER 5: CONFIGURING WIRED PORTS
Viewing Port Settings
The Port Setting Summary Page contains information regarding specific port settings. To view Port Settings: 1 Click Wired Ports > Port Settings > Summary. The Port Setting Summary Page opens:
Figure 55 Port Setting Summary Page
The Port Setting Summary Page contains the following fields:

Port Indicates the selected port number. PortType Displays the type of the port. Port Status Indicates whether the port is currently operational or non-operational. The possible field values are:

Up Indicates the port is currently operating. Down Indicates the port is currently not operating.
Port Speed Displays the configured rate for the port. The port type determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are:
Viewing Port Settings
117
10M Indicates the port is currently operating at 10 Mbps. 100M Indicates the port is currently operating at 100 Mbps. 1000M Indicates the port is currently operating at 1000 Mbps.
Duplex Mode Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M or 1000M per second. This field cannot be configured on LAGs. The possible field values are:
Full The interface supports transmission between the device and its link partner in both directions simultaneously. Half The interface supports transmission between the device and the client in only one direction at a time.
Auto Negotiation Displays the auto negotiation status on the port. Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode, and flow control abilities to its partner. Advertisement Defines the auto negotiation setting the port advertises. The possible field values are:
Max Capability Indicates that all port speeds and duplex mode settings are accepted. 10 Half Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting. 10 Full Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting. 100 Half Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting. 100 Full Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting. 1000 Full Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting.
Back Pressure Displays the back pressure mode on the Port. Back pressure mode is used with half duplex mode to disable ports from receiving messages. Flow Control Displays the flow control status on the port. Operates when the port is in full duplex mode. MDI/MDIX Displays the MDI/MDIX status on the port. Hubs and switches are deliberately wired opposite the way end stations are
118
wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are matched up properly. When two hubs or switches are connected to each other, or two end stations are connected to each other, a crossover cable is used to ensure that the correct pairs are connected. The possible field values are:
MDIX (Media Dependent Interface with Crossover) Use for hubs and switches. MDI (Media Dependent Interface) Use for end stations. Auto Use to automatically detect the cable type.
LAG Displays the LAG for which the port setting parameters are defined.
Defining Port Settings
119
The Port Settings Setup Page allows network managers to configure port parameters for specific ports. To configure Port Settings: 1 Click Wired Ports> Port Settings > Setup. The Port Settings Setup Page opens:
Figure 56 Port Settings Setup Page
The Port Settings Setup Page contains the following fields:

Port Indicates the selected port number. Description Displays a port description. Port Type Indicates the type of the port. Admin Status Indicates whether the port is currently operational or non-operational. The possible field values are:

Up Indicates the port is currently operating. Down Indicates the port is currently not operating.
Current Port Status Displays current port status. Reactivate Suspended Port Reactivates a port if the port has been disabled through the locked port security option.
120
Operational Status Indicates whether the port is currently operational or non-operational. Admin Speed Displays the configured rate for the port. The port type determines what speed setting options are available. Port speeds can only be configured when auto negotiation is disabled. The possible field values are:

10M Indicates the port is currently operating at 10 Mbps. 100M Indicates the port is currently operating at 100 Mbps. 1000M Indicates the port is currently operating at 1000 Mbps.
Current Port Speed Displays the current configured port speed. Admin Duplex Displays the port duplex mode. This field is configurable only when auto negotiation is disabled, and the port speed is set to 10M or 100M. This field cannot be configured on LAGs. The possible field values are:
Full The interface supports transmission between the device and its link partner in both directions simultaneously. Half The interface supports transmission between the device and the client in only one direction at a time.
Current Duplex Mode Displays the current port duplex mode. Auto Negotiation Displays the auto negotiation status on the port. Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate, duplex mode, and flow control abilities to its partner. Current Auto Negotiation Displays the current auto negotiation status on the port. Admin Advertisement Defines the auto negotiation setting the port advertises. The possible field values are:
Max Capability Indicates that all port speeds and duplex mode settings are accepted. 10 Half Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting. 10 Full Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting. 100 Half Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting.
121
100 Full Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting. 1000 Full Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting.
Current Advertisement Displays the current port advertisement. Neighbor Advertisement Indicates the neighboring ports advertisement settings. The field values are identical to the Admin Advertisement field values. Back Pressure Displays the back pressure mode on the Port. Back pressure mode is used with half duplex mode to disable ports from receiving messages. Current Back Pressure Displays the currently configured back pressure mode on the port. Flow Control Displays the flow control status on the port. Operates when the port is in full duplex mode. Current Flow Control Displays the current flow control status on the port. MDI/MDIX Displays the MDI/MDIX status on the port. Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are matched up properly. When two hubs or switches are connected to each other, or two end stations are connected to each other, a crossover cable is used to ensure that the correct pairs are connected. The possible field values are:
MDIX (Media Dependent Interface with Crossover) Use for hubs and switches. MDI (Media Dependent Interface) Use for end stations. Auto Use to automatically detect the cable type.
Current MDI/MDIX Displays the current MDI/MDIX status on the port. LAG Displays the LAG for which the port setting parameters are defined. . The ports are enabled, and the device is updated.
122
Configuring Address Tables
MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address. MAC addresses are dynamically learned as packets from sources arrive at the device . Addresses are associated with ports by learning the ports from the frames source address. Frames addressed to a destination MAC address that is not associated with any port, are flooded to all ports of the relevant VLAN. Static addresses are manually configured. In order to prevent the bridging table from overflowing, dynamic MAC addresses, from which no traffic is seen for a certain period, are erased.
Viewing Static Addresses
To open the Figure 57: 1 Click Wired Ports > Address Tables > Static Addresses Summary.
Figure 57 Static Addresses Summary Page
The Static Addresses Summary Page contains the following fields:
VLAN ID The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.
Defining Static Addresses
123
MAC Address The MAC addresses listed in the current static addresses list. Interface The specific port or LAG to which the static MAC address is applied. Status Displays the MAC address status. Possible values are:

Permanent The MAC address is permanent. Delete on Reset The MAC address is deleted when the device is reset. Delete on Time out The MAC address is deleted when a timeout occurs. Secure Used for defining static MAC Addresses for Locked ports.
The Static Address Table page contains a list of static MAC addresses. Static Address can be added and removed from the Static Address Table
124
page. In addition, several MAC Addresses can be defined for a single port. To open the Figure 58: 1 Click Wired Ports > Address Tables > Static Addresses > Setup. The Static Addresses Setup Page opens:
Figure 58 Static Addresses Setup Page
The Static Addresses Setup Page contains the following fields:
Interface Displays specific port or LAG to which the static MAC address is applied. MAC address Displays the MAC addresses listed in the current static addresses list. VLAN ID Displays the VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface. Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured. VLAN Name Displays the User-defined VLAN name. Status Displays the MAC address status. Possible values are:
Removing Static Addresses
125
Removing Static Addresses
To remove Static addresses: 1 Click Wired Ports > Address Tables > Static Addresses > Remove. The Figure 59 opens:
Figure 59 Static Addresses Remove Page
The Static Addresses Setup Page contains the following fields:
126
Remove Removes a specific static address. The possible field values are:

Checked Removes the selected static address entries. Unchecked Maintains the current static address entries.
VLAN ID The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured. MAC address The MAC addresses listed in the current static addresses list. Interface The specific port or LAG to which the static MAC address is applied. Status MAC address status. Possible values are:

Viewing Dynamic Addresses
127
The Dynamic MAC Address page contains information for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting. Packets forwarded to an address stored in the address table are forwarded directly to those ports. The Dynamic MAC Address page also contains information about the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic Address list. The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports. To open the Dynamic MAC Address Summary Page: 1 Click Wired Ports > Address Tables > Dynamic Addresses > Summary. The Dynamic MAC Address Summary Page opens:
Figure 60 Dynamic MAC Address Summary Page
The Dynamic MAC Address Summary Page contains the following fields:
Aging Interval (10-630) Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is timed out if no traffic from the source is detected. The default value is 300 seconds. Clear Table Clears the Dynamic Address table when checked.
128
Interface Specifies the interface for which the table is queried. There are two interface types from which to select. MAC Address Specifies the MAC address for which the table is queried. VLAN ID The VLAN ID for which the table is queried. Address Table Sort Key Specifies the means by which the Dynamic Address Table is sorted. The address table can be sorted by address, VLAN or interface.
AGGREGATING PORTS
This section contains information for configuring Link Aggregation which optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. The device supports both static LAGs and Link Aggregation Control Protocol (LACP) LAGs. LACP LAGs negotiate aggregating port links with other LACP ports located on a different device. If the other device ports are also LACP ports, the devices establish a LAG between them. Ensure the following:

All ports within a LAG must be the same media type. A VLAN is not configured on the port. The port is not assigned to a different LAG. Auto-negotiation mode is not configured on the port. The port is in full-duplex mode. All ports in the LAG have the same ingress filtering and tagged modes. All ports in the LAG have the same back pressure and flow control modes. All ports in the LAG have the same priority. All ports in the LAG have the same transceiver type. The device supports up to 64 LAGs, and eight ports in each LAG. Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG. Ports added to a LAG lose their individual port configuration. When ports are removed from the LAG, the original port configuration is applied to the ports.
This section contains the following topics:
130
CHAPTER 6: AGGREGATING PORTS
Configuring LACP Defining Link Aggregation
Configuring LACP
LAGs can contain different media types if the ports are operating at the same speed. Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-aggregation port-groups. Each group is comprised of ports with the same speed. To configure LACP Setup: 1 Click Wired Ports > LACP > Setup. The LACP Setup Page opens:
Figure 61 LACP Setup Page
The LACP Setup Page contains the following fields:
LACP System Priority Specifies system priority value. The field range is 1-65535. The field default is 1. Port Displays the port number to which timeout and priority values are assigned. Port Priority Specifies port priority value. The field range is 1-65535. The field default is 1.
Configuring LACP
131
LACP Timeout Displays the administrative LACP timeout.

Long Specifies a long timeout value. Short Specifies a short timeout value.
To modify LACP for LAGs: 1 Click Wired Ports > LACP > Modify. The LACP Modify Page opens:
Figure 62 LACP Modify Page
The LACP Modify Page contains the following fields:
Port Displays the port number to which timeout and priority values are assigned. LACP Port Priority Specifies port priority value. The field range is 1-65535. The field default is 1. LACP Timeout Displays the administrative LACP timeout.

Long Specifies a long timeout value. Short Specifies a short timeout value. . The LACP settings are saved, and the device is updated.
2 Edit the Port Priority and LACP Timeout fields. 3 Click
132
Defining Link Aggregation

Configuring Link Aggregation Defining LAG Membership
Configuring Link Aggregation
The Link Aggregation Page optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. To view Link Aggregation: 1 Click Wired Ports > Link Aggregation > Summary. The Link Aggregation Summary Page opens:
Figure 63 Link Aggregation Summary Page
The Link Aggregation Summary Page includes the following pages:
LAG Displays the LAG for which the link aggregation parameters are defined. Description Displays a description of the configured LAG. Type Displays the current LAG type. Status Indicates the LAG status. The possible fields values are:
133
Up Indicates the LAG is active. Down Indicates the LAG is inactive. 10M Indicates the LAG is currently operating at 10 Mbps. 100M Indicates the LAG is currently operating at 100 Mbps. 1000M Indicates the LAG is currently operating at 1000 Mbps.
Speed Indicates the LAG speed. The possible fields values are:

Auto Negotiation Displays the auto negotiation status on the LAG. Auto negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate, duplex mode, and flow control abilities to its partner. Flow Control Displays the flow control status on the LAG. Operates when the LAG is in full duplex mode.
To configure Link Aggregation: 1 Click Wired Ports > Link Aggregation > Setup. The Link Aggregation Setup Page opens:
Figure 64 Link Aggregation Setup Page
The Link Aggregation Setup Page includes the following pages:
LAG Displays the LAG number.
134
Description Displays a description of the configured LAG. Type Displays the current LAG type. Admin Status Displays the LAG status. The possible fields values are:

Up Indicates the LAG is active. Down Indicates the LAG is inactive.
Current Status Indicates the current LAG status. Reactivate Suspended Select Reactivate Suspended field to return a suspended LAG to active status Operational Status Indicates whether the LAG is currently operational or non-operational. Admin Auto Negotiation Displays the LAG auto negotiation status. Auto negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate, duplex mode, and flow control abilities to its partner. Current Auto Negotiation Displays the current LAG auto negotiation status. Admin Advertisement Defines the auto negotiation setting the LAG advertises. The possible field values are:
Max Capability Indicates that all LAG speeds and duplex mode settings are accepted. 10 Full Indicates that the LAG advertises for a 10 Mbps speed LAG and full duplex mode setting. 100 Full Indicates that the LAG advertises for a 100 Mbps speed LAG and full duplex mode setting. 1000 Full Indicates that the LAG advertises for a 1000 Mbps speed LAG and full duplex mode setting.
Current Advertisement Displays current auto negotiation setting that the LAG advertises. Neighbor Advertisement Indicates the neighboring ports advertisement settings. The field values are identical to the Admin Advertisement field value. Admin Speed Displays the configured rate for the LAG. The LAG type determines what speed setting options are available. LAG speeds
135
can only be configured when auto negotiation is disabled. The possible field values are:

10M Indicates the LAG is currently operating at 10 Mbps. 100M Indicates the LAG is currently operating at 100 Mbps. 1000M Indicates the LAG is currently operating at 1000 Mbps.
Current Speed Displays the current LAG speed. Admin Flow Control Displays the flow control status on the LAG. Operates when the LAG is in full duplex mode. Current Flow Control Displays the current flow control status on the LAG. . Link Aggregation is configured, and the application is
136
Defining LAG Membership
The Link Aggregation Membership Page contains fields for configuring parameters for configured LAGs. The device supports up to eight ports per LAG, and eight LAGs per system. To define LAG Membership: 1 Click Wired Ports > Link Aggregation > Membership. The Link Aggregation Membership Page opens:
Figure 65 Link Aggregation Membership Page
The Link Aggregation Setup Page contains the following fields:

LAG Specifies if the port is part of a LAG. LAG Name Displays the LAG name. LACP Displays the link operational status. Port List Displays the ports that can be assigned or removed from the LAG membership list. LAG Members Displays the ports which are currently configured to the LAG. . LAG Membership is established, and the device is updated.
Defining LAG Membership
137
CONFIGURING VLANS
This section contains information for configuring VLANs. VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups. VLANs use software to reduce the amount of time it takes for network changes, additions, and moves to be implemented. VLANs have no minimum number of ports, and can be created per unit, per device, or through any other logical connection combination, since they are software-based and not defined by physical attributes. VLANs function at Layer 2. Since VLANs isolate traffic within the VLAN, a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs. Layer 3 routers identify segments and coordinate with VLANs. VLANs are Broadcast and Multicast domains. Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated. VLAN tagging provides a method of transferring VLAN information between VLAN groups. VLAN tagging attaches a 4-byte tag to packet headers. The VLAN tag indicates to which VLAN the packets belong. VLAN tags are attached to the VLAN by either the end station or the network device. VLAN tags also contain VLAN network priority information. Combining VLANs and GARP (Generic Attribute Registration Protocol) allows network managers to define network nodes into Broadcast domains. This section contains the following topics:

Defining VLAN Properties Defining VLAN Membership Defining VLAN Interface Settings
139
Defining Voice VLAN Defining GVRP
140
CHAPTER 7: CONFIGURING VLANS
Defining VLAN Properties
The VLAN Setup Summary provides information and global parameters on VLANS configured on the system. To view VLANs: 1 Click Policy > VLAN > Setup > Summary. The VLAN Setup Summary Page opens:
Figure 66 VLAN Setup Summary Page
The VLAN Setup Summary Page contains the following fields and buttons:
Back Displays the following page of VLANs in the VLAN Summary table, if there is a page following the current page. Next Displays the previous page of VLANs in the VLAN Summary table, if there is a previous page. Go To Displays a specific page of VLANs in the VLAN Summary table. VLAN ID Displays the VLAN ID. The field range is 1-4094. VLAN Name Displays the user-defined VLAN name. Type Displays the VLAN type. The possible field values are:
141
Dynamic Indicates the VLAN was dynamically created through GVRP. Static Indicates the VLAN is user-defined. Default Indicates the VLAN is the default VLAN.
Authentication Indicates whether authentication is enabled for the specific VLAN ID. The possible field values are:
Enabled Indicates authentication is disabled for the specified VLAN ID. Disabled Indicates authentication is enabled for the specified VLAN ID.
The Setup Page creates VLANS on the system. To create VLANs: 1 Click Policy > VLAN > Setup > Setup. The VLAN Setup [Setup]Page opens:
Figure 67 VLAN Setup [Setup]Page
The Setup Page contains the following fields:

VLAN ID Displays the VLAN ID. VLAN Name Displays the user-defined VLAN name.
2 Define the fields.
142
3 Click
. The VLANs are configured, and the device is updated.
To edit VLAN Settings: 1 Click Policy > VLAN > Setup > Modify. The Modify VLAN Page opens:
Figure 68 Modify VLAN Page
The Modify VLAN Page contains the following fields:

VLAN ID Displays the VLAN ID. VLAN Name Displays the user-defined VLAN name. Disable Authentication Indicates whether authentication is enabled for the specific VLAN ID. The possible field values are:
Enable Indicates authentication is disabled for the specified VLAN ID. Disable Indicates authentication is enabled for the specified VLAN ID. . The VLANs are configured, and the device is updated.
143
To delete VLANs: 1 Click Policy > VLAN > Setup > Remove. The VLAN Remove Page opens:
Figure 69 VLAN Remove Page
The VLAN Remove Page contains the following fields:
Remove Removes a specific VLAN. The possible field values are:

Checked Removes the selected VLAN entries. Unchecked Maintains the current VLAN entries.
VLAN ID Displays the VLAN ID. VLAN Name Displays the user-defined VLAN name. Type Indicates the if the VLAN was dynamically or statically created. Authentication Indicates whether authentication is enabled for the specific VLAN ID. The possible field values are:
Enabled Indicates authentication is disabled for the specified VLAN ID. Disabled Indicates authentication is enabled for the specified VLAN ID. . The selected VLANs are deleted, and the device is updated.
2 Select the VLAN ID to be deleted. 3 Click
144
Defining VLAN Membership
The VLAN Membership Summary Page contains a table that maps VLAN parameters to ports. Ports are assigned VLAN membership by toggling through the Port Control settings. To define VLAN Membership: 1 Click Policy > VLAN > Membership > Summary. The VLAN Membership Summary Page opens:
Figure 70 VLAN Membership Summary Page
The VLAN Membership Summary Page contains the following fields:

VLAN ID Displays the user-defined VLAN ID. VLAN Name Displays the name of the VLAN VLAN Type Indicates the VLAN type. The possible field values are:
Dynamic Indicates the VLAN was dynamically created through GARP. Static Indicates the VLAN is user-defined. Default Indicates the VLAN is the default VLAN.
Port Indicates the port membership.
Defining VLAN Membership
145
LAG Indicates the LAG membership. Interface Displays the port or LAG number included in the VLAN. Interface Status Displays the port-based for each Interface.
The Membership Modify Page contains a table that maps VLAN parameters to ports. Ports are assigned VLAN membership by toggling through the Port Control settings. To modify VLAN Membership: 1 Click Policy > VLAN > Membership > Modify. The VLAN Membership Modify Page opens:
Figure 71 VLAN Membership Modify Page
The VLAN Membership Modify Page contains the following fields:

VLAN ID Displays the user-defined VLAN ID. VLAN Name Displays the name of the VLAN Interface Displays the port or LAG number included in the VLAN. Interface Status Displays the port-based for each Interface.
146
Exclude Excludes the interface from the VLAN. However, the interface can be added to the VLAN through GARP. Forbidden Denies the interface VLAN membership, even if GARP indicates the port is to be added. Tagged Indicates the interface is a tagged member of a VLAN. All packets forwarded by the interface are tagged. The packets contain VLAN information. Untagged Indicates the interface is a untagged member of the VLAN. . VLAN membership is modified, and the device is updated.
Defining VLAN Interface Settings
147
The VLAN contains fields for managing ports that are part of a VLAN. The Port Default VLAN ID (PVID) is configured on the VLAN Interface Settings Modify Page. All untagged packets arriving at the device are tagged with the port PVID. To view VLAN Settings: 1 Click Policy > VLAN > Interface Settings > Summary. The VLAN Interface Settings Summary Page opens:
Figure 72 VLAN Interface Settings Summary Page
The VLAN Interface Settings Summary Page contains the following fields:

Port Displays the port interface settings. LAG Displays the LAG interface settings. Interface Displays the port number or LAG number included in the VLAN. Interface VLAN Mode Displays the interface mode. The possible values are:
General Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode).
148
Access Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled or disabled on an access port. Trunk Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged.
PVID Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped. Frame Type Specifies the packet type accepted on the port. The possible field values are:

Admit Tag Only Only tagged packets are accepted on the port. Admit All Both tagged and untagged packets are accepted on the port.
Ingress Filtering Indicates whether ingress filtering is enabled on the port. The possible field values are:
Enable Enables ingress filtering on the device. Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member. Disable Disables ingress filtering on the device.
149
To modify VLAN Interfaces: 1 Click Policy > VLAN > Interface Settings > Modify. The VLAN Interface Settings Modify Page opens:
Figure 73 VLAN Interface Settings Modify Page
The VLAN Interface Settings Modify Page contains the following fields:

Interface Displays the port or LAG number included in the VLAN. Port VLAN Mode Displays the port mode. The possible values are:
General Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full IEEE802.1q mode). Access Indicates a port belongs to a single untagged VLAN. When a port is in Access mode, the packet types which are accepted on the port cannot be designated. Ingress filtering cannot be enabled or disabled on an access port. Trunk Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged.
PVID Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per standard and industry practice as the Discard VLAN. Packets classified to the Discard VLAN are dropped.
150
Frame Type Specifies the packet type accepted on the port. The possible field values are:

Admit Tag Only Only tagged packets are accepted on the port. Admit All Both tagged and untagged packets are accepted on the port.
Ingress Filtering Indicates whether ingress filtering is enabled on the port. The possible field values are:
Enable Enables ingress filtering on the device. Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member. Disable Disables ingress filtering on the device. . The VLAN interface settings are defined, and the device is
Defining GVRP
151
Defining GVRP
GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports mapping, without having to individually configure each bridge and register VLAN membership. The GVRP Summary Page displays the GVRP configuration for ports and LAGS. To view GVRP Settings: 1 Click Policy > VLAN > GVRP > Summary. The GVRP Summary Page opens:
Figure 74 GVRP Summary Page
The GVRP Summary Page contains the following fields:
GVRP Global Status Indicates if GVRP is enable on the device. The possible field values are:

Enable Enables GVRP on the device. Disable Disables GVRP on the device. This is the default value.
152
Ports Displays the GVRP port configuration. LAGs Displays the GVRP LAGs configuration. GVRP State Indicates if GVRP is enabled on the selected interface. The possible field values are:

Enable Enables GVRP on the interface. Disable Disables GVRP on the interface. This is the default value.
Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface. The possible field values are:

Enabled Enables Dynamic VLAN creation on the interface. Disabled Disables Dynamic VLAN creation on the interface.
GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device. The possible field values are:

Enabled Enables GVRP registration on the device. Disabled Disables GVRP registration on the device.
To configure GVRP: 1 Click Policy > VLAN > GVRP > Modify. The GVRP Modify Page opens:
Figure 75 GVRP Modify Page
The GVRP Modify Page contains the following fields:
Defining GVRP
153
Interface Displays the port or LAG drop-down list. GVRP State Indicates if GVRP is enabled on the selected interface. The possible field values are:

Enable Enables GVRP on the interface. Disable Disables GVRP on the interface. This is the default value.
Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface. The possible field values are:

Enable Enables Dynamic VLAN creation on the interface. Disable Disables Dynamic VLAN creation on the interface.
GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device. The possible field values are:

Enable Enables GVRP registration on the device. Disable Disables GVRP registration on the device. . GVRP is enabled, and the device is updated.
154
Defining Voice VLAN
Voice VLANs allows network administrators enhance VoIP service by configuring access ports to carry IP voice traffic from IP phones on specific VLANs. Network Administrators can configure VLANs on which voice IP traffic is forwarded. Non-VoIP traffic is dropped from the Voice VLAN. Voice VLAN also provides QoS to VoIP, ensuring that the quality of sounds does not deteriorate if the IP traffic is received unevenly. The system currently supports one voice VLAN. When configuring Voice VLAN, ensure the following:
IP phones are configured with VLAN-mode as enabled, ensuring that tagged packets are used for all communications. If the IP phones VLAN-mode is disabled, the phone uses untagged packets. The phone uses untagged packets while retrieving the initial IP address through DHCP. The phone eventually use the Voice VLAN and start sending tagged packets.
The Voice VLAN Page contains the following fields: To configure Voice VLANs: 1 Click Policy > Voice VLAN. The Voice VLAN Page opens:
Figure 76 Voice VLAN Page
The Voice VLAN Page contains the following fields:
Defining Voice VLAN
155
Activate Activates voice VLAN on the device. Voice VLAN is disabled by default. Port Indicates the ports which are members of the voice VLAN. Only ports which were defined in the VLAN membership page, are active. Secured Indicates if secure ports drop all non-voice IP traffic. The possible field values are:
Checked Indicates that all ports are secured, and all non-voice IP traffic originating from the port is dropped from the VLAN. Unchecked Permits all non VoIP traffic on the VLAN with high-priority.
DEFINING WLAN
This section contains information for configuring WLANs. A Wireless Local Area Network (WLAN) is a technology that provides network services using radio waves. WLAN provides wireless network service connections to all users within a defined service area. WLAN users are connected to the network via the access points. Access Points act as communication hubs for wireless networks. In additional, access points provide both encryption and bridging between 802.11 and ethernet points. Access points also extend the physical size of wireless networks. When several access points are grouped, they allow network users to roam. This section includes the following topics:

Defining Wireless Access Points Defining Wireless Security Configuring Wireless Access Point Security Defining Wireless Rogue Handling Mitigating Rogue Handling Defining Wireless Radio Settings Defining 802.11b/g Radio Settings Managing VAPs Configuring Radio 802.11a Settings Defining Radio 802.11a Settings Viewing WLAN Profiles Defining WLAN Profiles Modifying WLAN Profiles Removing WLAN Profiles Viewing WLAN Stations
Defining Wireless Access Points
157
Removing WLAN Stations Defining WLAN Power Settings
This section contains information for configuring and viewing general WLAN parameters. The Wireless Access Point Summary Page displays information regarding the currently configured access points including IP Address, MAC address, the type and radio configuration and the current access point status. Ensure that the Wireless Controller Software (WCS) has been activated. To view Wireless Access Points: 1 Click Wireless > Access Point > Summary. The Wireless Access Point Summary Page opens:
Figure 77 Wireless Access Point Summary Page
The Wireless Access Point Summary Page contains the following fields:
Display Displays access points according to categories. The possible field values are:

Discovered APs Displays the discovered access points. Active APs Displays the activated access points.
158
CHAPTER 8: DEFINING WLAN
All Displays the access points on the network.
Name Displays the user-defined access point name. IP Address Displays the IP Address assigned to the access point. MAC Address Displays the MAC Address assigned to the access point. Type Displays the antenna type. Radios Indicates the radio transceiver type. The field values are:

A Indicates the radio type is 802.11a. G Indicates the radio type is 802.11g. b/g Indicates the radio type is 802.11b/g. n Indicates the radio type is 802.11n.
Discovered Indicates access point was discovered, but was not activated by the user. Activated Indicates access point is currently active.
159
To configure Wireless Access Points: 1 Click Wireless > Access Point > Setup. The Wireless Access Point Setup Page opens:
Figure 78 Wireless Access Point Setup Page
The Wireless Access Point Setup Page contains the following fields:

Access Point Displays the current Access Points. Activation State Indicates the access point state. The possible field values are:

Activated Indicates access point is currently active. Discovered Indicates access point was discovered, but was not activated by the user.
Name Displays the user-defined access point name. Radio 802.11b/g Enables High-frequency and longer transmission ranges. Radio 802.11a Enables radio 802.11a transmissions. . The Access Point is enabled, and the device is updated.
160
To Reset Access Points: 1 Click Wireless > Access Point > Reset. The Wireless Access Point Reset Page opens:
Figure 79 Wireless Access Point Reset Page
The Wireless Access Point Reset Page contains the following fields:
Access Point Contains a list of either the user-defined access points or the MAC address assigned to wireless networks.
All Resets all the access points. . The Access Point is reset, and the device is updated.
2 Reset Resets the selected device.Select the Access Point to be Reset.
Click
161
To remove Wireless Access Points: 1 Click Wireless > Access Point > Remove. The Wireless Access Point Setup Page opens:
Figure 80 Wireless Access Point Remove Page
The Wireless Access Point Remove Page contains the following fields:
Display Displays the current Access Points. The optional displays are:

All Displays all Access Points. Discovered APs Displays discovered Access Points. Active APs Displays active Access Points.
Name Displays the user-defined access point name. IP Address Displays the IP Address assigned to the access point. MAC Address Displays the MAC Address assigned to the access point. Type Displays the antenna type. Radios Indicates the radio transceiver type. The field values are:

A Indicates the radio type is 802.11a. G Indicates the radio type is 802.11g.
162
b/g Indicates the radio type is 802.11b/g. n Indicates the radio type is 802.11n.
Discovered Indicates access point was discovered, but was not activated by the user. Activated Indicates access point is currently active. . The Access Point is enabled, and the device is updated.
Defining Wireless Security
The Wireless Configuration section in the wizard provides information for configuring Extended Service Sets (ESS). ESS are the primary method of organizing access points, security, and VLANs in a WLAN network. An ESS are a group of access points that share the same Service Set Identification (SSID). APs announce their ESS membership by SSID parameter via Beacon frames. When stations roam between the same ESS APs, stations remain connected to the same wired network domain. Since the station remains in the same broadcast domain and IP subnet, the station retains the same IP address while roaming between the same ESS APs.
Configuring Wireless Access Point Security
The Wireless Setup Wizard provides the option to configure access point security as part of the devices Setup wizard. The wireless configuration following the stage of configuring the basic IP Interfaces and is saved at the end of the process. To configure Access Point Security: The Access Point security is configured through the Setup Wizard that appears within the Device Summary Link.
Configuring Wireless Access Point Security
163
Note: The Wireless Configuration Page appears only if the Master Radio Enable checkbox was selected on the System Setup Page. 1 Click Device Summary > Wizard > Wireless Configuration. The Wireless Configuration Page opens:
Figure 81 Wireless Configuration Page
The Wireless Configuration Page contains the following fields:

Enabled Enables the SSID configuration. SSID Name Displays the Service Set Identifier SSID for the ESS. SSIDs act as a password when a mobile device attempts to connect to the BSS. SSIDs differentiates between WLANs, therefore all access points and devices which comprise the specific WLAN must have the same SSID. Devices not providing a unique SSID are denied network access. Each SSID must be unique, and can contain up-to 32 characters. Security Type Displays the WLAN security type. The possible field values are:

Open Enables open system authentication without encryption. WEP Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security
164
level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys.
WPA-PSK Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WPA improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems. WPA2-PSK Indicates that WPA2-PSK is the selected WLAN security method. WPA2-PSK improves system security by encrypting signals at a higher bit rates.
Passphrase/Key Indicates the encryption key type.
2 Define the fields. 3 Click . The Wireless Configuration is saved at the end of the wizard setup, and the device is updated.
Defining Wireless Rogue Handling
Access points are constantly scanning wireless channels. Scanning occurs while WLAN stations are being serviced. The WLAN rogue contains information for viewing WLAN rogue statistics. Access points then report the discovered neighbors to the system. The system filters the information and looks for rogue neighbors or known SSIDs. Access points are considered rouges if: An issue occurs in the security configuration. The access point is located in an Ad-hoc network. A Organizationally Unique Identifier (OUI) is detected in the rogue BSSID. WLAN rogues can cause disrupt WLAN service, in addition, stations which are connected to the rogue AP are disconnected.
165
To configure Rogue Handling: 1 Click Wireless > Rogue Handling > Setup. The Rogue Handling Setup Page opens:
Figure 82 Rogue Handling Setup Page
The Rogue Handling Setup Page contains the following fields:
Access Point Contains a list of either the user-defined access points or the MAC address assigned to wireless networks. Scanning Interval Indicates the scanning Intervals. The possible field values are:

Long Scans for rouges at 240 second intervals. Short Scans for rouges at 20 second intervals. Medium Scans for rouges at 150 second intervals.
Detect on Radio 802.11b/g Enables Rogue Detection on the Radio 802.11b/g range. Detect on Radio 802.11a Enables Rogue Detection on Radio 802.11a range.
2 Select the Access Point to be configured. 3 Enable Radio 802.11b/g or Radio 802.11a Rogue Handling detection.
166
4 Click
. Rouge Handling is enabled, and the device is updated.
To view Wireless Rogue Handling: 1 Click Wireless > Rogue Handling > Display. The Rogue Handling Display Page opens:
Figure 83 Rogue Handling Display Page
The Rogue Handling Display Page contains the following fields:
Sort by Defines the parameter that will be applied to displaying the table. The possible field values are:
SSID Sorts according to the access point Service Set IDentifier (SSID) associated with the rogue. The SSID is the name of the ESS to which the transceiver belongs. Status Sorts according to the Rogue status. Mac Address Sorts according to the MAC address associated with the rogue WLAN device. Radio Sorts according to the selected Radio Interface. Last Time Heard Sorts according to the last time the rogue was detected on wireless network. Channel Sorts according to the access point channel used from which the rogue is transmitting.
167
Status Defines the Rogue status. The possible field values are:

Known Indicates the rogue is known to the system. Unknown Indicates the rogue is unknown to the system. . The table information is cleared.
2 Select an Access Point to from the List. 3 Click 4 Select a field from the Sort by drop-down list. 5 Once the detected access points appears in the table, define the Status for each access point. 6 Click . The table is updated, and the device is updated.
168
Mitigating Rogue Handling
The Rogue Handling Mitigate Page allows network managers to configure WLAN mitigation. Deleting a rogue AP does not mitigate or suppress the rogue. If the rogue AP is still physically present and active, it will still appear in the Rogue Access Point list after scanning for rogue APs. To configure Rogue Mitigation: 1 Click Wireless > Rogue Handling > Mitigate. The Rogue Handling Mitigate Page opens:
Figure 84 Rogue Handling Mitigate Page
The Rogue Handling Mitigate Page contains the following fields:
Sort by Defines the parameter that will be applied to displaying the table. The possible field values are:
SSID Sorts according to the access point Service Set IDentifier (SSID) associated with the rogue. The SSID is the name of the ESS to which the transceiver belongs. Status Sorts according to the Rogue status. Mac Address Sorts according to the MAC address associated with the rogue WLAN device. Radio Sorts according to the selected Radio Interface.
Defining Wireless Radio Settings
169
Last Time Heard Sorts according the last time the rogue was detected on wireless network. Channel Sorts according to the access point channel used from which the rogue is transmitting. Mitigate Sorts by mitigated access point channels.
2 Select an option from Sort by drop-down list to display the table. 3 Once the table appears, select the check box to enable mitigation for each access point. 4 Click . The Mitigation table is updated, and the device is updated.
Access Points can have up-to two radio interfaces. However, each radio interface is configured and controlled separately. Radio interfaces inherit the common configuration parameters from the ESS configuration. This section contains information for defining WLAN Radio settings, and includes the following topics:

Defining 802.11b/g Radio Settings Configuring Radio 802.11a Settings
Defining 802.11b/g Radio Settings
WLAN communications are transmitted via radio waves. The Defining 802.11b/g Radio Settings allows network managers to configure WLAN Radio settings for transmitting WLAN communications.
170
To view Radio 802.11 b/g Settings: 1 Click Wireless > Radio 802.11b/g > Summary. The 802.11b/g Radio Summary Page opens:
Figure 85 802.11b/g Radio Summary Page
The 802.11b/g Radio Summary Page contains the following fields:
Access Point Name Displays the specific access point to which the radio settings are assigned. VAP Displays the virtual access point number. SSID Broadcast Indicates SSID Broadcasting is enabled. SSID Broadcasting allows access points to advertise their presence several times per second by broadcasting beacon frames that carry the SSID Name. BSSID Defines the Basic Service set by SSID. Profile Displays the Profile Name.
2 Select the Access Point to be displayed from the drop-down list.
171
To configure the Radio 802.11b/g Settings: 1 Click Wireless > Radio 802.11b/g > Setup. The Radio 802.11b/g Setup Page opens:
Figure 86 Radio 802.11b/g Setup Page
The Radio 802.11b/g Setup Page contains the following fields:
Access Point Displays the specific access point to which the radio settings are assigned. RTS Threshold Defines the Request-to-Send (RTS) Threshold that reduces collisions when multiple stations are within a specific common access point range but outside range of each other. Beacon Interval Indicates the access point beacon transmission rates. Short Preamble Indicates that a short preamble is enabled. Radio preambles contain data that the access point and the client devices use for sending and receiving packets. A short preamble improves the systems performance. Power Level Indicates the access points power settings. The possible field values are:
Max Defines a Maximum power setting relative to the selected countrys device power regulations. Half Defines half of the maximum power relative to the selected countrys device power regulations.
172
Quarter Defines a quarter of the maximum power relative to the selected countrys device power regulations. Eighth Defines an eighth of the maximum power relative to the selected countrys device power regulations. Minimum Sets the power to the minimum power settings relative to the selected countrys device power regulations.
Auto-Channel Enables access point channeling. Channel Displays the user-defined channel.
2 Select the Access Point. 3 Select the relevant Radio 802.11b/g fields. 4 Click updated. Managing VAPs . The Radio 802.11b/g option is enabled, and the device is
VAPs are virtual access points and are based on (VAP) technology on 802.11a, 802.11b and 802.11g standards. VAP enables a single device to be divided, with each layer being assigned different usage rights.
173
To Manage VAPs: 1 Click Wireless > Radio 802.11b/g > Manage VAPs. The Radio 802.11b/g Manage VAPs Page opens:
Figure 87 Radio 802.11b/g Manage VAPs Page
The Radio 802.11b/g Manage VAPs Page contains the following fields:
Access Point Name Displays the specific access point to which the radio settings are assigned. Remove Removes VAP management for the specific VAP. Select Enables VAP management for the specific VAP. VAP Displays the VAP (Virtual Access Point). BSSID Defines the Basic Service set by the SSID. Suppress SSID Broadcast Enables SSID Broadcast Suppression. Profile Displays the Profile Name. Radio Type Displays the radio type attached to the BSS. The possible field values are:
174
802.11g Indicates that the radio attached to the BSS in 802.11g. 802.11b/g Indicates that the radio attached to the BSS in 802.11b/g.
Data Rate Indicates the rate at which data is transferred. . The data rage can help ensure the link quality between the client device and the access point. The default wireless data rates are 1, 2, 5.5, and 11Mbps. The possible field values are:
Mandatory Indicates the device must transmit or communicate at this data rate. Optional Indicates the device can communicate at this date rate, but does not transmit at the selected data rate. Not Allowed Indicates the device cannot transmit or communicate at this data rate.
2 Select the Access Point to be configured. 3 Define the fields. 4 Click . VAP Management is enabled, and the device is updated.
Configuring Radio 802.11a Settings
WLAN communications are transmitted via radio waves. The Radio 802.11a Summary Page allows network managers to configure WLAN Radio settings for transmitting WLAN communications.
Configuring Radio 802.11a Settings
175
To view Radio 802.11a Settings: 1 Click Wireless > Radio 802.11a > Summary. The Radio 802.11a Summary Page opens:
Figure 88 Radio 802.11a Summary Page
The Radio 802.11a Summary Page contains the following fields:
Access Point Name Displays the specific access point to which the radio settings are assigned. DFS Status Indicates the current Dynamic Frequency Selection (DFS) status. DFS permits the system to scan and switch to different channels. DFS listens for signals and monitors operating spectrums. IF DFS detects a signal, the channel associated with the signal is vacated or tagged as unavailable. The possible field values is:
Scanning Indicates the system is currently scanning channels.
VAP Displays the Virtual Access Point number. SSID Broadcast Indicates that SSID Broadcasting is enabled. BS SID Defines the Basic Service set by the SSID. Profile Displays the Profile Name.
Select the access point to be displayed from the drop-down list.
176
Defining Radio 802.11a Settings
To configure Radio 802.11a Settings: 1 Click Wireless > Radio 802.11a > Setup. The Radio 802.11a Setup Page opens:
Figure 89 Radio 802.11a Setup Page
The Radio 802.11a Setup Page contains the following fields:
Access Point Name Displays the specific access point to which the radio settings are assigned. RTS Threshold Defines the Request-to-Send (RTS) Threshold that reduces collisions when multiple stations are within a specific common access point range but outside range of each other. Beacon Interval Indicates the access point beacon transmission rates. Power Level Indicates the access points power setting. The possible field values are:
Managing VAPs
177
Max Defines a Maximum power setting relative to the selected countrys device power regulations. Half Defines half of the maximum power relative to the selected countrys device power regulations. Quarter Defines a quarter of the maximum power relative to the selected countrys device power regulations. Eighth Defines an eighth of the maximum power relative to the selected countrys device power regulations. Minimum Sets the power to the minimum power settings relative to the selected countrys device power regulations.
Auto-Channel Enables the access point channeling. Channel Displays the user-defined access point channel.
2 Select the Access Point. 3 Define the Radio 802.11a fields. 4 Click updated. . The Radio 802.11a option is enabled, and the device is
Managing VAPs
VAPs are virtual access points and is based on (VAP) technology on 802.11a, 802.11b and 802.11g standards. VAP enables a single device to be divided, with each layer being assigned different usage rights.
178
To manage VAPs: 1 Click Wireless > Radio 802.11a > Manage VAPs. The Radio 802.11a Manage VAPs Page opens:
Figure 90 Radio 802.11a Manage VAPs Page
The Radio 802.11a Manage VAPs Page contains the following fields:
Access Point Name Displays the specific access point to which the radio settings are assigned. Remove Removes VAP management for the specific VAP. Select Enables VAP management for the specific VAP. VAP Displays the VAP (Virtual Access Point). VAP Enabled Enables VAP management. BSSID Defines the Basic Service set by the SSID. Suppress SSID Broadcast Enables SSID Broadcast Suppression. Profile Displays the Profile Name. Radio Type Displays the radio type attached to the BSS. The possible field values are:
Viewing WLAN Profiles
179
802.11a Indicates that the radio attached to the BSS in 802.11a.
Data Rate - Indicates the rate at which data is transferred. . The data rage can help ensure the link quality between the client device and the access point. The default wireless data rates are 1, 2, 5.5, and 11Mbps. The possible field values are:
Mandatory Indicates the device must transmit or communicate at this data rate. Optional Indicates the device can communicate at this date rate, but does not transmit at the selected data rate. Not Allowed Indicates the device cannot transmit or communicate at this data rate.
Viewing WLAN Profiles
The Profiles Summary Page allows network managers to define profiles and rules for accessing the device. Just one profile can be defined per ESS
and contains configurations of security type, MAC address filtering, load
180
balancing, QoS and VLAN are belonged to this ESS. Viewing Wireless
Profiles: 1 Click Wireless > Profiles> Summary . The Profiles Summary Page Profiles Summary Page opens:
Figure 91 Profiles Summary Page
Profile Name SSID Displays the Profile Name. QoS Mode Determines the QoS mode on the interface. The possible values are:
WMM Indicates that QoS is enabled for Wi-Fi Multimedia (EDCF). None Indicates that QoS mode is disabled.
MAC Address Control Status Indciates the MAC address control status. Security Suite Defines the WLAN Security method applied. VLAN Defines the VLAN associated with the access point.
Defining WLAN Profiles
181
Defining WLAN Profiles
To configure WLAN profiles: 1 Click Wireless > Profiles > Setup. The Profiles Summary Page Profiles Setup Page opens:
Figure 92 Profiles Setup Page
The Profiles Setup Page contains the following fields:
Profile Name (SSID) Displays the user-defined WLAN profile name. Profile Name Index Displays the WLAN profile index.
182
Modifying WLAN Profiles
To Modify the Profiles Page: 1 Click Wireless > Profiles > Modify. The Profiles Modify Page Profiles Modify Page opens:
Figure 93 Profiles Modify Page
The Profiles Modify Page contains the following fields:
Profile Name (SSID) Displays the user-defined WLAN profile name. Rename SSID Enables renaming of SSID. Load Balancing Enables the even distribution of data or processing packets across available network resources. For example, load balancing may distribute the incoming packets evenly to all servers, or redirect the packets to the next available server.
Disable Indicates that load balancing is not enabled for the wireless network. If load balancing is not enabled, the system autonomously provides services to stations. However, this may result in uneven stations distribution between AP.
Modifying WLAN Profiles
183
At Association Enables load balancing with the associated station. Stations can be moved to an adjacent access point when load balancing is set to At Association. Services are assigned when the stations associate with the access point. If there is a access point which is not as busy, the station to access point association is rejected. Periodically Enables load balancing to occur at a fixed time period. Stations are moved to less busy APs in the ESS based on load balancing periods.
QoS Mode Determines the QoS mode on the interface. The possible values are:
VLAN Displays the VLAN mapped to the SSID. Security Type Defines the WLAN Security type. The security type options are:

Open Enables open system authentication without encryption. WEP Indicates that Wired Equivalent Privacy (WEP) is the selected WLAN security method. WEP provides the same security level as a wired LAN. WEP encrypts data over radio waves during the packet transmission. WEP keys are 40 bit or 104 bit encryption keys.
Open WEP Enables Open WEP. Open WEP authenticates only with WEP encryption.
Open-WEP, shared WEP, and Open-shared-WEP security suites cannot be enabled simultaneously.
Shared WEP Enables Shared WEP. Shared authentication only with WEP encryption. Open-Shared WEP Enables Shared WEP. Open or shared authenticates with WEP encryption. Key Input Indicates the key type used for authentication. The possible field values are: Hex Authenticates using an Hex key. One hexadecimal character is 4 bits.
184
ASCII Authenticates using an ASCII key. Each letter, number, or symbol, is 8 bits. WPA Indicates that Wi-Fi Protected Access (WPA) is the selected WLAN security method. WPA is based on WEP, but provides enhanced encryption using Temporal Key Integrity Protocol (TKIP). In addition, WEP improves authentication using EAP. EAP ensures that only authorized network users access the network though secure encryption systems. WPA2-PSK Indicates that WPA2-PSK is the selected WLAN security method. Network Key Indicates that network key is the selected WLAN security method. WPA2-PSK Indicates that WPA2-PSK is the selected WLAN security method. WPA2-PSK improves system security by encrypting signals at a higher bit rates. Network Key Indicates that network key is the selected WLAN security method. 802.1X Indicates that 802.1x authentication is enabled.
WEP Key Indicates the WEP key used for authentication.
MAC Address Control List Displays the MAC addresses on which the WLAN profile is enabled.

Disable Disables source MAC address filtering on an ESS. Deny Denies stations with a MAC address in the MAC-address-filtering list. Permit Permits only stations with a MAC address in the MAC-address-filtering list
Add MAC Address Allows network managers to create new MAC address for filtering.

New MAC Address Creates a new MAC address for filtering. Select from List Allows network managers to select a previously created MAC address from the list.
Remove Selected MAC Address Deletes MAC addresses.
Removing WLAN Profiles
185
Removing WLAN Profiles
The Profiles Remove Page allows network managers to delete profiles and rules for accessing the device. Deleting Wireless Profiles: 1 Click Wireless > Profiles > Remove. The Profiles Summary Page Profiles Remove Page opens:
Figure 94 Profiles Remove Page
The Profiles Remove Page contains the following fields:

Profile Name SSID Displays the Profile Name. QoS Mode Determines the QoS mode on the interface. The possible values are:
MAC Address Control Status Indciates the MAC address control status. Security Suite Defines the WLAN Security method applied. VLAN Defines the VLAN associated with the access point.
186
Viewing WLAN Stations
The Wireless Stations Summary Page provides information to network

manager regarding the stations associated with the access point. To view the
WLAN stations:
1 Click Wireless > Stations > Summary. The Wireless Stations Summary Page opens:
Figure 95 Wireless Stations Summary Page
The Wireless Stations Summary Page contains the following fields:
MAC Address Displays the MAC address attached to the WLAN station. Type Displays the WLAN IP Address Displays the WLAN stations IP address. State Indicates the stations current status. The possible field values are:
Associated Indicates that the station is currently associated with the wireless network but has not been authorized and authenticated. Authorized Indicates that the station is currently in the authorization process and waiting for authentication.
Removing WLAN Stations
187
Authenticated Indicates that the station has been authenticated.
Access Point Displays the access point associated with the wireless station. SSID Displays the SSID associated with the wireless network. Security Displays Security suite used to protect station communications. VLAN Displays the VLAN on which the WLAN station is located. Session Time Indicates the amount of time the station has been connected to the access point.
Removing WLAN Stations
The Removing WLAN Stations page provides information to network manager regarding removing stations associated with the access point. To
remove WLAN stations
Figure 96 Removing Wireless Stations Page:
The Removing WLAN Stations page contains the following fields:
188
Remove Removes stations associated with the access point. The possible field values for:

Checked Removes the selected WLAN stations Unchecked Maintains the WLAN stations.
MAC Address Displays the MAC address attached to the WLAN station. Type Displays the WLAN station type. IP Address Displays the WLAN stations IP address. State Indicates the stations current status. The possible field values are:
Associated Indicates that the station is currently associated with the wireless network but has not been authorized and authenticated. Authorized Indicates that the station is currently in the authorization process and waiting for authentication. Authenticated Indicates that the station has been authenticated.
Access Point Displays the access point associated with the wireless station. SSID Displays the SSID associated with the wireless network. Security Displays Security suite used to protect station communications. VLAN Displays the VLAN on which the WLAN station is located. Session Time Indicates the amount of time the station has been connected to the access point.
Defining WLAN Power Settings
189
Defining WLAN Power Settings
The WLAN Radio Power Settings Page allows network managers to define WLAN radio power settings. To define WLAN radio power settings: 1 Click Wireless > Power Settings. The WLAN Radio Power Settings Page opens:
Figure 97 WLAN Radio Power Settings Page
The WLAN Radio Power Settings Page contains the following fields:
Auto Adjust Signal Strength Enables adjusting the target signal strength received by closest access point. The possible field values are:

Checked Enables automatic signal adjustments. Unchecked Disables automatic signal adjustments.
CONFIGURING IP INFORMATION
This section contains information for defining IP interfaces, and includes the following sections:

Defining IP Addressing Configuring ARP Configuring Address Tables
Defining IP Addressing
191
Defining IP Addressing
The IP Interface Setup Page contains fields for assigning IP addresses. Packets are forwarded to the default IP when frames are sent to a remote network. The configured IP address must belong to the same IP address subnet of one of the IP interfaces. To define an IP interface: 1 Click Administration > IP Addressing > IP Interface > Setup. The IP Interface Setup Page opens:
Figure 98 IP Interface Setup Page
The IP Interface Setup Page contains the following fields:
Configuration Method Indicates if the IP address has been configured statically or added dynamically. The possible field values are:

Static Indicates that the IP Interface is configured by the user. DHCP Indicates that the IP Interface is dynamically created.
IP Address Displays the currently configured IP address. Subnet Mask Displays the currently configured IP address mask. Default Gateway Displays the currently configured default gateway.
2 Select Manual or DHCP mode.
192
CHAPTER 9: CONFIGURING IP INFORMATION
3 If Manual has been selected, configure the IP Address, Subnet Mask and Default Gateway. 4 Click . The IP configuration is enabled, and the device is updated.
Configuring ARP
193
Configuring ARP
The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC address. ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known. To view ARP Settings: 1 Click Administration > IP Addressing > ARP Settings > Summary. The ARP Settings Summary Page opens:
Figure 99 ARP Settings Summary Page
The ARP Settings Summary Page contains the following fields:
Interface Displays the interface type for which ARP parameters are displayed. The possible field value is:
VLAN Indicates the VLAN for which ARP parameters are defined.
IP Address Indicates the station IP address, which is associated with the MAC Address. MAC Address Displays the station MAC address, which is associated in the ARP table with the IP address. Status Displays the ARP table entry type. Possible field values are:
Dynamic Indicates the ARP entry is learned dynamically.
194
Static Indicates the ARP entry is a static entry.
Defining ARP Interface Settings
195
To configure ARP Entries: 1 Click Administration > IP Addressing > ARP Settings > Setup. The ARP Settings Setup Page opens:
Figure 100 ARP Settings Setup Page
The ARP Settings Setup Page allows network managers to define ARP parameters for specific interfaces. The ARP Settings Setup Page contains the following fields:
Interface Displays the interface type for which ARP parameters are displayed. The possible field value is:
VLAN Indicates the VLAN for which ARP parameters are defined.
IP Address Indicates the station IP address, which is associated with the MAC address filled in below. MAC Address Displays the station MAC address, which is associated in the ARP table with the IP address. ARP Entry Age Out Specifies the amount of time (in seconds) that passes between ARP Table entry requests. Following the ARP Entry Age period, the entry is deleted from the table. The range is 1 40000000. The default value is 60000 seconds.
196
Clear ARP Table Entries Specifies the types of ARP entries that are cleared. The possible values are:

None Maintains the ARP entries. All Clears all ARP entries. Dynamic Clears only dynamic ARP entries. Static Clears only static ARP entries. . The ARP parameters are defined, and the device is
2 Define the fields. 3 Click updated. Removing ARP Entries
To remove ARP Entries: 1 Click Administration > IP Addressing > ARP Settings > Remove. The ARP Settings Remove Page opens:
Figure 101 ARP Settings Remove Page
The ARP Settings Remove Page provides parameters for removing ARP entries from the ARP Table. The ARP Settings Remove Page contains the following fields:
Remove Removes a specific ARP entry. The possible field values are:
Checked Removes the selected ARP entries.
197
Unchecked Maintains the current ARP entries.
198
MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Dynamic Address Table can be sorted by interface, VLAN, and MAC Address. MAC addresses are dynamically learned as packets from sources arrive at the device . Addresses are associated with ports by learning the ports from the frames source address. Frames addressed to a destination MAC address that is not associated with any port, are flooded to all ports of the relevant VLAN. Static addresses are manually configured. In order to prevent the bridging table from overflowing, dynamic MAC addresses, from which no traffic is seen for a certain period, are erased. 1 Click Wired Ports>Address Tables > Static Addresses. The Port Settings Setup Page opens:
Figure 102 Static Addresses Summary Page
The Static Addresses Summary Page contains the following fields:

VLAN ID Displays the VLAN ID. MAC Address Displays the static MAC address. Interface Displays the interface.
199
Status Displays the static address status. The possible field values are:

200
The Static Addresses Setup Page contains a list of static MAC addresses. Static Address can be added and removed from the Static Address Table page. In addition, several MAC Addresses can be defined for a single port. 1 Click Wired Ports>Address Tables > Static Addresses. The Static Addresses Setup Page opens:
Figure 103 Static Addresses Setup Page
The Static Addresses Setup Page contains the following fields: Interface The specific port or LAG to which the static MAC address is applied. MAC address The MAC addresses listed in the current static addresses list. VLAN ID The VLAN ID attached to the MAC Address, and a VLAN called a Routed Interface.Routed Interfaces are the internally-used VLANs assigned to an port or trunk on which an IP address is configured. VLAN Name User-defined VLAN name.
Status MAC address status. Possible values are:

Permanent The MAC address is permanent. Delete on Reset The MAC address is deleted when the device is reset.
201
Delete on Time out The MAC address is deleted when a timeout occurs. Secure Used for defining static MAC Addresses for Locked ports.
202
The Dynamic MAC Address contains information for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting. Packets forwarded to an address stored in the address table are forwarded directly to those ports. The Dynamic MAC Address page also contains information about the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic Address list. The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports.
Click Wired Ports >Address Tables > Dynamic Addresses. The Dynamic Addresses Summary Page opens:
Figure 104 Dynamic Addresses Summary Page
The Dynamic Addresses Summary Page contains the following fields and button:
Query Updates the Dynamic Address table.
203
Aging Interval (10-630) Specifies the amount of time the MAC Address remains in the Dynamic MAC Address before it is timed out if no traffic from the source is detected. The default value is 300 seconds. Clear Table Clears the Dynamic Address table when checked. Interface Specifies the interface for which the table is queried. There are two interface types from which to select. Port or LAG MAC Address Specifies the MAC address for which the table is queried. VLAN ID The VLAN ID for which the table is queried. Address Table Sort Key Specifies the means by which the Dynamic Address Table is sorted. The address table can be sorted by address, VLAN or interface. . The ARP entries are deleted, and the device is updated.
2 Select the check box to remove the selected ARP entries. 3 Click
10
CONFIGURING MULITCAST FORWARDING
This section contains information for configuring Multicast forwarding, and includes the following sections:

Defining IGMP Snooping Defining Multicast Groups Defining Router Groups
Defining IGMP Snooping
205
Defining IGMP Snooping
When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming packets and determines:

Which ports want to join which Multicast groups. Which ports have Multicast routers generating IGMP queries. Which routing protocols are forwarding packets and Multicast traffic.
Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting members. This results in the creation of the Multicast filtering database. To view IGMP Snooping configuration: 1 Click Policy > Multicast > IGMP Snooping > Summary. The IGMP Snooping Summary Page opens:
Figure 105 IGMP Snooping Summary Page
The IGMP Snooping Summary Page contains the following fields:

VLAN ID Specifies the VLAN ID. IGMP Snooping Status Indicates if IGMP snooping is enabled on the VLAN. The possible field values are:
206
CHAPTER 10: CONFIGURING MULITCAST FORWARDING
Enabled Enables IGMP Snooping on the VLAN. Disabled Disables IGMP Snooping on the VLAN.
Auto Learn Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the devices automatically learns where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device. The possible field values are:

Enabled Enables auto learn. Disabled Disables auto learn.
Host Timeout Indicates the amount of time host waits to receive a message before timing out. The field range is 1-2147483648. The default time is 260 seconds. MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out. The field range is 1-2147483648. The default value is 300 seconds. Leave Timeout Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, or an immediate leave value. The field range is 1-2147483648. The default timeout is 10 seconds.
Enabling IGMP Snooping
207
Enabling IGMP Snooping
The IGMP Snooping Setup Page allows network manages to define IGMP Snooping parameters: To enable IGMP Snooping: 1 Click Policy > Multicast > IGMP Snooping > Setup. The IGMP Snooping Setup Page opens:
Figure 106 IGMP Snooping Setup Page
The IGMP Snooping Setup Page contains the following fields:
IGMP Snooping Status Indicates if IGMP Snooping is enabled on the device. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled. The possible field values are:

Enable Indicates that IGMP Snooping is enabled on the device. Disable Indicates that IGMP Snooping is disabled on the device.
VLAN ID Specifies the VLAN ID. IGMP Snooping Status Indicates if IGMP snooping is enabled on the VLAN. The possible field values are:

Enable Enables IGMP Snooping on the VLAN. Disable Disables IGMP Snooping on the VLAN.
208
Auto Learn Indicates if Auto Learn is enabled on the device. If Auto Learn is enabled, the devices automatically learns where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device. The possible field values are:

Enable Enables auto learn. Disable Disables auto learn.
Host Timeout Indicates the amount of time host waits to receive a message before timing out. The default time is 260 seconds. MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out. The default value is 300 seconds. Leave Timeout Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, or an immediate leave value. The default timeout is 10 seconds.
2 Select Enable IGMP Snooping. 3 Define the fields. 4 Click . IGMP Snooping is enabled, and the device is updated.
Defining Multicast Groups
209
The Multicast Group Summary Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables. The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group. Ports can be added either to existing groups or to new Multicast service groups. The Multicast Group Summary Page permits new Multicast service groups to be created. The Multicast Group Summary Page also assigns ports to a specific Multicast service address group. To view Multicast Groups: 1 Click Policy > Multicast > Multicast Group > Group Summary. The Multicast Group Summary Page opens:
Figure 107 Multicast Group Summary Page
The Multicast Group Summary Page contains the following information:
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Multicast Address Identifies the Multicast group MAC address/IP address.
210
To enable Multicast Filtering: 1 Click Policy > Multicast > Multicast Group > Setup Group. The Multicast Group Setup Page opens:
Figure 108 Multicast Group Setup Page
The Multicast Group Setup Page contains the following information:
Enables Bridge Multicast Filtering Indicate if bridge Multicast filtering is enabled on the device. The possible field values are:

Enabled Enables Multicast filtering on the device. Disabled Disables Multicast filtering on the device. If Multicast filtering is disabled, Multicast frames are flooded to all ports in the relevant VLAN. Disabled is the default value.
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Bridge Multicast IP Address Identifies the Multicast group IP address. Bridge Multicast MAC Address Identifies the Multicast group MAC address. . The Multicast group is defined, and the device is updated.
211
To configure Port Setup: 1 Click Policy > Multicast > Multicast Group > Setup Port. The Multicast Port Setup Page opens:
Figure 109 Multicast Port Setup Page
The Multicast Port Setup Page contains the following information:
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Bridge Multicast IP Address Identifies the Multicast group IP address. Bridge Multicast IP Address Identifies the Multicast group MAC address. Interface Displays the port number. Interface Status Indicates the port status. The possible field values are:
Static Attaches the port to the Multicast group as static member. Forbidden Indicates the port is not included in the Multicast group, even if IGMP snooping designated the port to join a Multicast group.
212
Excluded Excludes the interface from the Multicast group. None Indicates the port is not part of a Multicast group. . The Interface Status is set, and the device is enabled.
2 Select the Interface Status. 3 Click To view Port Details: 1 Click Policy > Multicast > Multicast Group > Port Details. The Multicast Port Details Page opens:
Figure 110 Multicast Port Details Page
The Multicast Port Details Page contains the following information:
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Bridge Multicast Address Identifies the Multicast group MAC/IP address. Ports/LAG Ports that can be added to a Multicast service. Interface Displays the port number. Interface Status Indicates the port status. The possible field values are:
213
Static Attaches the port to the Multicast group as static member. Forbidden Indicates the port is not included in the Multicast group, even if IGMP snooping designated the port to join a Multicast group. Excluded Excludes the interface from the Multicast group. None Indicates the port is not part of a Multicast group.
To remove Multicast Groups: 1 Click Policy > Multicast > Multicast Group > Remove Group. The Multicast Port Remove Group Page opens:
Figure 111 Multicast Port Remove Group Page
The Multicast Port Remove Group Page contains the following information:
Remove Removes the selected access profile. The possible field values are:

Checked Removes the selected multicast group. Unchecked Maintains the selected multicast group.
VLAN ID Identifies a VLAN and contains information about the Multicast group address.
214
Multicast Address Identifies the Multicast group MAC/IP address. . The Multicast group is deleted, and the device is updated.
2 Select the VLAN ID to be removed. 3 Click
Defining Router Groups
215
The Multicast Router Group Summary Page allows net work managers to define Multicast groups. To view Multicast Router Groups: 1 Click Policy > Multicast > Router Group. The Multicast Router Group Summary Page opens:
Figure 112 Multicast Router Group Summary Page
The Multicast Router Group Summary Page contains the following information:
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Ports/LAG Displays status table according to Port/LAG. Interface Displays the port number. Interface Status Indicates the port status. The possible field values are:
Static Attaches the port to the Multicast group as static member. Forbidden Indicates the port is not included in the Multicast group, even if IGMP snooping designated the port to join a Multicast group.
216
Excluded Excludes the interface from the Multicast group. None Indicates the port is not part of a Multicast group
To modify Multicast Router Group Status: 1 Click Policy > Multicast > Router Group. The Multicast Router Group Modify Page opens:
Figure 113 Multicast Router Group Modify Page
The Multicast Router Group Modify Page contains the following information:
VLAN ID Identifies a VLAN and contains information about the Multicast group address. Interface Displays the port number. Interface Status Indicates the port status. The possible field values are:

Static Attaches the port to the Multicast group as static member. Forbidden Indicates the port is not included in the Multicast group,
even if IGMP snooping designated the port to join a Multicast group.
Excluded Excludes the interface from the Multicast group. None Indicates the port is not part of a Multicast group.
217
2 Modify the Interface Status. 3 Click . The Interface Status is modified, and the device is updated.
11
CONFIGURING SPANNING TREE
This section contains information for configuring STP. The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency. The device supports the following STP versions:
Classic STP Provides a single path between end stations, avoiding and eliminating loops. For more information on configuring Classic STP, see Defining Classic Spanning Tree for Ports. Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree, without creating forwarding loops. For more information on configuring Rapid STP, see Defining Rapid Spanning Tree. Multiple STP Provides various load balancing scenarios. For example, if port A is blocked in one STP instance, the same port can be placed in the Forwarding State in another STP instance. For more information on configuring Multiple STP, see Defining Multiple Spanning Tree.

Configuring Classic Spanning Tree Defining Rapid Spanning Tree Defining Multiple Spanning Tree
Defining Classic Spanning Tree for Ports
219
Network administrators can assign STP settings to specific interfaces using the Classic STP Summary Page. The Global LAGs section displays the STP information for Link Aggregated Groups. To assign STP settings to an interface: To view Classic STP: 1 Click Policy > Spanning Tree > Classic STP > Summary. The Classic STP Summary Page opens:
Figure 114 Classic STP Summary Page
The Classic STP Summary Page contains the following fields:

Port The interface for which the information is displayed. STP Indicates if STP is enabled on the port. The possible field values are:

Enable Indicates that STP is enabled on the port. Disable Indicates that STP is disabled on the port.
Port Fast Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in
220
CHAPTER 11: CONFIGURING SPANNING TREE
the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks.
Root Guard Restricts the interface from acting as the root port of the
switch.
Port State Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:
Forwarding Indicates that the port forwards traffic while learning MAC addresses.
Port Role Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:
Root Provides the lowest cost path to forward packets to the root switch. Designated The port or LAG through which the designated switch is attached to the LAN. Alternate Provides an alternate path to the root switch from the root interface. Backup Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment. Disabled The port is not participating in the Spanning Tree.
Speed Indicates the speed at which the port is operating. Path Cost Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed. Priority Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority range is between 0 -240. The priority value is determined in increments of 16. Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge. Designated Port ID Indicates the selected port priority and interface.
221
Designated Cost Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state.
222
Configuring Classic Spanning Tree
To configure Classic STP Setup: 1 Click Policy > Spanning Tree > Classic STP > Setup. The Classic STP Setup Page opens:
Figure 115 Classic STP Setup Page
The Classic STP Setup Page contains the following fields:

Global Settings Bridge Settings Designated Root Settings Spanning Tree State Indicates whether STP is enabled on the device. The possible field values are:

Global Setting Parameters
Enable Enables STP on the device. Disable Disables STP on the device.
STP Operation Mode Specifies the STP mode that is enabled on the device. The possible field values are:
Configuring Classic Spanning Tree
223
Classic STP Enables Classic STP on the device. This is the default value. Rapid STP Enables Rapid STP on the device. Multiple STP Enables Multiple STP on the device.
BPDU Handling Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs are used to transmit spanning tree information. The possible field values are:
Filtering Filters BPDU packets when spanning tree is disabled on an interface. This is the default value. Flooding Floods BPDU packets when spanning tree is disabled on an interface.
Path Cost Default Values Specifies the method used to assign default path cost to STP ports. The possible field values are:
Short Specifies 1 through 65,535 range for port path cost. This is the default value. Long Specifies 1 through 200,000,000 range for port path cost. The default path cost assigned to an interface varies according to the selected method (Hello Time, Max Age, or Forward Delay).
Bridge Setting Parameters
Priority Specifies the bridge priority value. When switches or bridges are running STP, each is assigned a priority. After exchanging BPDUs, the device with the lowest priority value becomes the Root Bridge. The field range is 0-61440. The default value is 32768. The port priority value is provided in increments of 4096. Hello Time (1-10) Specifies the device Hello Time. The Hello Time indicates the amount of time in seconds a Root Bridge waits between configuration messages. The default is 2 seconds. Max Age (6-40) Specifies the device Maximum Age Time. The Maximum Age Time is the amount of time in seconds a bridge waits before sending configuration messages. The default Maximum Age Time is 20 seconds. Forward Delay (4-30) Specifies the device Forward Delay Time. The Forward Delay Time is the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets. The default is 15 seconds.
Designated Root Parameters
224
Bridge ID Identifies the Bridge priority and MAC address. Root Bridge ID Identifies the Root Bridge priority and MAC address. Root Port Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge. This field is significant when the bridge is not the Root Bridge. The default is zero. Root Path Cost Specifies the cost of the path from this bridge to the Root Bridge. Topology Changes Counts Specifies the total amount of STP state changes that have occurred. Last Topology Change Indicates the amount of time that has elapsed since the bridge was initialized or reset, and the last topographic change that occurred. The time is displayed in a day-hour-minute-second format, such as 2 days 5 hours 10 minutes and 4 seconds. . STP is enabled, and the device is updated.
Modifying Spanning Tree Settings
225
Modifying Spanning Tree Settings
To modify Classic STP:
1 Click Policy > Spanning Tree > Classic STP > Modify. The Classic STP Modify Page opens:
Figure 116 Classic STP Modify Page
The Classic STP Modify Page contains the following fields:

Interface The interface for which the information is displayed. STP Indicates if STP is enabled on the port. The possible field values are:

Enabled Indicates that STP is enabled on the port. Disabled Indicates that STP is disabled on the port.
Port Fast Indicates if Fast Link is enabled on the port. If Fast Link mode is enabled for a port, the Port State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol convergence. STP convergence can take 30-60 seconds in large networks. Root Guard Restricts the interface from acting as the root port of the
switch.
226
Port State Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:
Speed Indicates the speed at which the port is operating. Default Path Cost Indicates that default path cost is enabled. Path Cost Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed. The field range is 1-200,000,000. Priority Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0 -240. The priority value is determined in increments of 16. Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge. Designated Port ID Indicates the selected port priority and interface. Designated Cost Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops. . Classic STP is modified on the interface, and the device is
Defining Rapid Spanning Tree
227
Defining Rapid Spanning Tree
While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops. The Global System LAG information displays the same field information as the ports, but represent the LAG RSTP information. To define RSTP: 1 Click Policy > Spanning Tree > Rapid STP > Summary. The RSTP Summary Page opens:
Figure 117 RSTP Summary Page
The RSTP Summary Page contains the following fields:

Interface Displays the port or LAG on which Rapid STP is enabled. Role Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:
Root Provides the lowest cost path to forward packets to the root switch.
228
Designated The port or LAG through which the designated switch is attached to the LAN. Alternate Provides an alternate path to the root switch from the root interface. Backup Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment. Disabled The port is not participating in the Spanning Tree.
Mode Displays the current STP mode. The STP Operation Mode is selected in the Global STP Properties Page. The possible field values are:

Classic STP Classic STP is enabled on the device. Rapid STP Rapid STP is enabled on the device. Multiple STP Multiple STP is enabled on the device.
Port Status Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:
Disabled Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses. Blocking is displayed when Classic STP is enabled.
Fast Link Operational Status Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is Automatically placed in the forwarding state. Point-to-Point Operational Status Displays the point-to-point operating state. Migrate to RSTP Indicates whether sending Link Control Protocol (LCP) packets to configure and test the data link is enabled. The possible field values are: Activate Activates port migration to Rapid STP. . The selected port is migrated to RSTP.
2 Click
Modifying Rapid Spanning Tree Settings
229
To modify Rapid STP:
1 Click Policy > Spanning Tree > Rapid STP > Modify. The RSTP Summary Page opens:
Figure 118 Rapid STP Modify Page
The Rapid STP Modify Page contains the following fields:

Interface Displays the port or LAG on which Rapid STP is enabled. Role Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:
Root Provides the lowest cost path to forward packets to the root switch. Designated The port or LAG through which the designated switch is attached to the LAN. Alternate Provides an alternate path to the root switch from the root interface. . Backup Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when
230
two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment.
Disabled The port is not participating in the Spanning Tree.
Mode Displays the current STP mode. The STP Operation Mode is selected in the Global STP Properties Page. The possible field values are:

Classic STP Classic STP is enabled on the device. Rapid STP Rapid STP is enabled on the device. Multiple STP Multiple STP is enabled on the device.
Fast Link Operational Status Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is enabled for a port, the port is Automatically placed in the forwarding state. Port State Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:
Disabled Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC addresses. Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses. Blocking is displayed when Classic STP is enabled.
Point-to-Point Admin Status Indicates whether a point-to-point link is established, or if the device is permitted to establish a point-to-point link. The possible field values are:

Auto Detects and enables the point-to-point link automatically. Enable Enables the device to establish a point-to-point link, or is configured to automatically establish a point-to-point link. To establish communications over a point-to-point link, the originating PPP first sends Link Control Protocol (LCP) packets to configure and test the data link. After a link is established and optional facilities are negotiated as needed by the LCP, the originating PPP sends Network Control Protocol (NCP) packets to select and configure one or more network layer protocols. When each of the chosen network layer protocols has been configured, packets from each network layer protocol can be sent over the link. The link remains configured for communications until explicit LCP or NCP packets close the link, or until some external event occurs.
231
This is the actual switch port link type. It may differ from the administrative state.
Disable Disables point-to-point link.
Point-to-Point Operational Status Displays the point-to-point operating state.
2 Click . The Rapid STP Interface settings are modified, and the device is updated.
232
Defining Multiple Spanning Tree
Multiple Spanning Tree (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in one STP instance, the same port can be placed in the Forwarding state in another STP instance. The Multiple STP Setup Page contains information for defining global MSTP settings, including region names, MSTP revisions, and maximum hops. To configure Multiple STP: 1 Click Policy > Spanning Tree > Multiple STP > Setup. The Multiple STP Setup Page opens:
Figure 119 Multiple STP Setup Page
The Multiple STP Setup Page contains the following fields:

Region Name User-defined STP region name. Revision An unsigned 16-bit number that identifies the revision of the current MSTP configuration. The revision number is required as part of the MSTP configuration. The possible field range is 0-65535. Max Hops Specifies the total number of hops that occur in a specific region before the BPDU is discarded. Once the BPDU is discarded, the port information is aged out. The possible field range is 1-40. The field default is 20 hops. IST Master Identifies the Spanning Tree Master instance. The IST Master is the specified instance root.
Defining Multiple Spanning Tree
233
2 Define the fields. 3 Click updated. . The Multiple STP properties are defined, and the device is
234
Defining Multiple STP Instance Settings
MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted. In configuring MSTP, the MST region to which the device belongs is defined. A configuration consists of the name, revision, and region to which the device belongs. Network administrators can define the MSTP instance settings using the Multiple STP Instance Summary Page. To view Multiple STP: 1 Click Policy > Spanning Tree > Multiple STP> Instance Summary. The Multiple STP Instance Summary Page opens:
Figure 120 Multiple STP Instance Summary Page
The Multiple STP Instance Summary Page contains the following fields:
Instance ID Specifies the VLAN group to which the interface is assigned. Included VLAN Maps the selected VLANs to the selected instance. Each VLAN belongs to one instance.
235
Bridge Priority Specifies the selected spanning tree instance device priority. The field range is 0-61440. Designated Root Bridge ID Indicates the ID of the bridge with the lowest path cost to the instance ID. Root Port Indicates the selected instances root port. Root Path Cost Indicates the selected instances path cost. Bridge ID Indicates the bridge ID of the selected instance. Remaining Hops Indicates the number of hops remaining to the next destination. . The MSTP instance is displayed, and the device is updated.
To configure Multiple STP Configuration Table: 1 Click Policy > Spanning Tree > Multiple STP > Modify Instance. The Multiple STP Instance Summary Page opens:
Figure 121 Multiple STP Modify Instance Page
The Multiple STP Modify Instance Page contains the following fields:
236
VLAN Specifies the VLAN to be assigned to the Instance ID. Instance ID Specifies the VLAN group to which the VLAN is assigned. . The Multiple STP Instances are assigned, and the device is
2 Define the Instance ID field. 3 Click updated.
To view Multiple STP Port Settings: 1 Click Policy > Spanning Tree > Multiple STP > Port Summary. The Multiple STP Port Summary Page opens:
Figure 122 Multiple STP Port Summary Page
The Multiple STP Port Summary Page contains the following fields:

Interface The interface for which the information is displayed. Role Displays the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:
Root Provides the lowest cost path to forward packets to the root switch. Designated The port or LAG through which the designated switch is attached to the LAN.
237
Alternate Provides an alternate path to the root switch from the root interface. Backup Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections connected to a shared segment. Disabled The port is not participating in the Spanning Tree.
Mode Indicates the STP mode by which STP is enabled on the device. The possible field values are:
Classic STP Classic STP is enabled on the device. This is the default value. Rapid STP Rapid STP is enabled on the device. Multiple STP Multiple STP is enabled on the device.
Type Indicates whether the port is a Boundary or Master port. The possible field values are:
Boundary Port Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an outlying region. If the port is a Boundary port, this field also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port Indicates the port is a master port. A Master port provides connectivity from a MSTP region to the outlying CIST root.
Port Priority Priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority range is between 0-240. The priority value is determined in increments of 16. Path Cost Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value, and is used to forward traffic when a path is re-routed. Port State Displays the current STP state of a port. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are:
Designated Cost Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely to be blocked if STP detects loops.
238
Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge. Designated Port ID Indicates the selected port priority and interface. Remaining Hops Indicates the number of hops remaining to the next destination.
Defining MSTP Port Settings
239
Network Administrators can assign MSTP port settings in the Multiple STP Modify Port Page. To define Multiple STP Port settings: 1 Click Policy > Spanning Tree > Multiple STP > Modify Port. The Multiple STP Modify Port Page opens:
Figure 123 Multiple STP Modify Port Page
The Multiple STP Modify Port Page contains the following fields:
Instance ID Lists the MSTP instances configured on the device. Possible field range is 0-15. Port State Indicates whether the port is enabled for the specific instance. The possible field values are:

Enabled Enables the port for the specific instance. Disabled Disables the port for the specific instance.
Type Indicates whether the port is a Boundary or Master port. The possible field values are:
Boundary Port Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an outlying region.
240
If the port is a Boundary port, this field also indicates whether the device on the other side of the link is working in RSTP or STP mode
Master Port Indicates the port is a master port. A Master port provides connectivity from a MSTP region to the outlying CIST root.
Role Indicates the port role assigned by the STP algorithm to provide to STP paths. The possible field values are:
Root Provides the lowest cost path to forward packets to the root device. Designated Indicates the port or LAG through which the designated device is attached to the LAN. Alternate Provides an alternate path to the root device from the root interface. Backup Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur only when two ports are connected in a loop by a point-to-point link or when a LAN has two or more connections connected to a shared segment. Disabled Indicates the port is not participating in the Spanning Tree.
Mode Indicates the STP mode by which STP is enabled on the device. The possible field values are:
Classic STP Classic STP is enabled on the device. This is the default value. Rapid STP Rapid STP is enabled on the device. Multiple STP Multiple STP is enabled on the device.
Interface Priority Defines the interface priority for the specified instance. The field range is 0-240. The default value is 128. Path Cost Indicates the port contribution to the Spanning Tree instance. The range should always be 1-200,000,000. Designated Bridge ID Displays the ID of the bridge that connects the link or shared LAN to the root. Designated Port ID Displays the ID of the port on the designated bridge that connects the link or the shared LAN to the root. Designated Cost Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings page.
241
Forward Transitions Indicates the number of times the LAG State has changed from a Forwarding state to a Blocking state. Remain Hops Indicates the hops remaining to the next destination.Define the Instance ID, MSTP Port Status and the Interface Priority fields. . The Multiple STP ports are assigned, and the device is
2 Click updated.
12
CONFIGURING QUALITY OF SERVICE
This section contains information for configuring QoS, and includes the following topics:

Quality of Service Overview Defining QoS Basic Mode Defining QoS General Mode Configuring QoS Mapping
Quality of Service Overview
243
Quality of Service Overview
Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network. For example, certain types of traffic that require minimal delay, such as Voice, Video, and real-time traffic can be assigned a high priority queue, while other traffic can be assigned a lower priority queue. The result is an improved traffic flow for traffic with high demand. QoS is defined by:
Classification Specifies which packet fields are matched to specific values. All packets matching the user-defined specifications are classified together. Action Defines traffic management where packets are forwarded are based on packet information, and packet field values such as VLAN Priority Tag (VPT) and DiffServ Code Point (DSCP).
VPT Classification Information VLAN Priority Tags (VPT) are used to classify packets by mapping packets to one of the egress queues. VPT-to-queue assignments are user-definable. Packets arriving untagged are assigned a default VPT value, which is set on a per-port basis. The assigned VPT is used to map the packet to the egress queue.
Defining QoS Basic Mode
This section contains information for defining QoS basic settings and includes the following topics:

Configuring Trust Settings Configure DSCP Rewrite
244
CHAPTER 12: CONFIGURING QUALITY OF SERVICE
Configuring Trust Settings
The Trust Setup Page contains information for enabling trust on configured interfaces. The original device QoS default settings can be reassigned to the interface in the Trust Setup Page. To enable Trust: 1 Click Policy > QoS Basic Mode > Trust. The Trust Setup Page opens:
Figure 124 Trust Setup Page
The Trust Setup Page contains the following fields:
Trust Mode Defines which packet fields to use for classifying packets entering the device. When no rules are defined, the traffic containing the predefined packet CoS field is mapped according to the relevant trust modes table. Traffic not containing a predefined packet field is mapped to best effort. The possible Trust Mode field values are:

CoS Classifies traffic based on the CoS tag value. DSCP Classifies traffic based on the DSCP tag value.
Always Rewrite DSCP Enables Rewrite DSCP classified traffic. . Trust mode is enabled on the device.
Configure DSCP Rewrite
245
Configure DSCP Rewrite
The DSCP Rewrite Summary page allows network managers to assign new DSCP values to incoming packets. To view DSCP Rewrite Values: 1 Click Policy > QoS Basic Mode > DSCP Rewrite > Summary. The DSCP Rewrite Summary Page opens:
Figure 125 DSCP Rewrite Summary Page
The DSCP Rewrite Summary Page contains the following fields:

DSCP In Displays the incoming packets DSCP value. DSCP Out Displays the outgoing packets DSCP value.
246
To rewrite DSCP values: 1 Click Policy > QoS Basic Mode > DSCP Rewrite > Setup. The DSCP Rewrite Setup Page opens:
Figure 126 DSCP Rewrite Setup Page
The DSCP Rewrite Setup Page contains the following fields:

DSCP In Displays the incoming packets DSCP value. DSCP Out Displays the outgoing packets DSCP value. . The DSCP values are updated on the device.
2 Select an DSCP Out value for each DSCP In entry. 3 Click
Defining QoS General Mode
247
Defining QoS General Mode
This section contains information for configuring QoS general mode, and includes the following topics:

Defining CoS Services Defining Queues Defining Bandwidth Settings DSCP to Queue
Defining CoS Services
To view CoS Settings: 1 Click Policy > QoS General > CoS > Summary. The CoS Summary Page opens:
Figure 127 CoS Summary Page
The CoS Summary Page contains the following fields:

Disable Disables QoS on the interface. Basic Enables Basic mode on the device. Advanced Enables the Advanced QoS mode on the device.
248
Interface Displays the interface for which the global QoS parameters are defined. Default CoS Displays the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0. Restore Defaults Displays the device factory defaults for mapping CoS values to a forwarding queue.
2 Select the Restore Defaults field to restore Interface factory defaults. To configure CoS Settings: 1 Click Policy > QoS General > CoS > Modify. The CoS Modify Page opens:
Figure 128 CoS Modify Page
The CoS Modify Page contains the following fields:

Disable Disables QoS on the interface. Basic Enables Basic mode on the device. Advanced Enables the Advanced QoS mode on the device.
Interface Displays the interface for which the global QoS parameters are defined. The possible values are:
Defining CoS Services
249
Port Selects the port for which the global QoS parameters are defined. LAG Selects the LAG for which the global QoS parameters are defined.
Set Default User Priority Determines the default CoS value for incoming packets for which a VLAN tag is not defined. The possible field values are 0-7. The default CoS is 0. . CoS is enabled on the device, and the device is
250
Defining Queues
The Queue Setup Page contains fields for defining the QoS queue forwarding types. To set Queue Settings: 1 Click Policy > QoS General > Queue > Setup. The Queue Setup Page opens:
Figure 129 Queue Setup Page
The Queue Setup Page contains the following fields:
Strict Priority Specifies whether traffic scheduling is based strictly on the queue priority. WRR Assigns WRR weights to queues. This field is enabled only for queues in WRR queue mode. When WRR is selected, the weight are assigned to queues in the ratio 1:2:4:8. . The queue settings are set, and the device is
2 Select the Strict Priority or WRR field. 3 Click updated.
Defining Bandwidth Settings
251
The Bandwidth Summary Page allows network managers to define the bandwidth settings for a specified egress interface. Modifying queue scheduling affects the queue settings globally. Viewing Bandwidth Settings Queue shaping can be based per queue and/or per interface. Shaping is determined by the lower specified value. The queue shaping type is selected in the Bandwidth Summary Page. To view Bandwidth Settings: 1 Click Policy > QoS General > Bandwidth > Summary. The Bandwidth Summary Page opens:
Figure 130 Bandwidth Summary Page
The Bandwidth Summary Page contains the following fields:
Interface Displays the interface for which the global QoS parameters are defined. Ingress Rate Limit Status Indicates if rate limiting is defined on the interface. The field range is 1-1,000,000 kbits per second. The possible field values are:

Enable Enables ingress rate limiting on the interface. Disable Disables ingress rate limiting on the interface.
252
Egress Shaping Rates Configures the traffic shaping type for selected interfaces. The possible field values are:

Status Defines the shaping status. CIR Defines CIR as the queue shaping type. The possible field range is 64-1,000,000,000 kbits per second. CbS Defines CbS as the queue shaping type. The possible field range is 4096-16,769,020 kbits per second.
To configure Bandwidth Settings: 1 Click Policy > QoS General > Bandwidth > Setup. The Bandwidth Setup Page opens:
Figure 131 Bandwidth Setup Page
The Bandwidth Setup Page contains the following fields:
Interface Displays the interface for which the global QoS parameters are defined. The possible values are:
Port Selects the port for which the global QoS parameters are defined. LAG Selects the LAG for which the global QoS parameters are defined.
Enable Ingress Rate Limit Enables setting an Ingress Rate Limit. Ingress Rate Limit Indicates the traffic limit for the port.
253
Enable Egress Shaping Rate Enable Egress Shaping Rates. Committed Information Rate (CIR) Defines CIR as the queue shaping type. The possible field value is 4096 - 1,000,000,000 bits per second. Committed Burst Size (CbS) Defines CbS as the queue shaping type. The possible field value is 4096-16,000,000 bytes. . The bandwidth is defined, and the device is
254
DSCP to Queue
The DSCP Queue contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2. To view the DSCP Queue: 1 Click Policy > QoS General > DSCP to Queue > Summary. The DSCP to Queue Summary Page opens:
Figure 132 DSCP to Queue Summary Page
The DSCP to Queue Summary Page contains the following fields:

DSCP Displays the incoming packets DSCP value. Queue Specifies the traffic forwarding queue to which the DSCP priority is mapped. Eight traffic priority queues are supported.
Configuring DSCP Queue Mappings
255
Configuring DSCP Queue Mappings
The DSCP to Queue Setup Page contains fields for mapping DSCP settings to traffic queues. For example, a packet with a DSCP tag value of 3 can be assigned to queue 2. To map General CoS to Queues: 1 Click Policy > QoS General > DSCP to Queue > Setup. The DSCP to Queue Setup Page opens:
Figure 133 DSCP to Queue Setup Page
The DSCP to Queue Setup Page contains the following fields:

DSCP Displays the incoming packets DSCP value. Queue Specifies the traffic forwarding queue to which the DSCP priority is mapped. Eight traffic priority queues are supported.
2 Define the queue number in the Queue field next to the required DSCP value. 3 Click device is updated. . The DSCP values are mapped to a queue, and the
256
Configuring QoS Mapping
This section contains information for mapping CoS and DSCP values to queues, and includes the following sections:

Defining CoS to Queue Defining Class Maps
Defining CoS to Queue
257
Defining CoS to Queue
The CoS to Queue Summary Page contains fields for mapping CoS values to traffic queues. To view CoS Values to Queues: 1 Click Policy > QoS General > CoS to Queue > Summary. The CoS to Queue Summary Page opens:
Figure 134 CoS to Queue Summary Page
The CoS to Queue Summary Page contains the following fields:
Class of Service Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest. Queue Defines the traffic forwarding queue to which the CoS priority is mapped. Eight traffic priority queues are supported.
The CoS to Queue Setup Page contains fields for mapping CoS values to traffic queues.
258
To configure CoS values to queues: 1 Click Policy > QoS General > CoS to Queue > Setup. The CoS to Queue Setup Page opens:
Figure 135 CoS to Queue Setup Page
The CoS to Queue Setup Page contains the following fields:
Restore Defaults Restores the device factory defaults for mapping CoS values to a forwarding queue. Class of Service Specifies the CoS priority tag values, where zero is the lowest and 7 is the highest. Queue Defines the traffic forwarding queue to which the CoS priority is mapped. Eight traffic priority queues are supported.
2 Define the queue number in the Queue field next to the required CoS value. 3 Click device is updated. . The CoS value is mapped to a queue, and the
13
MANAGING SYSTEM LOGS
This section provides information for managing system logs. The system logs enable viewing device events in real time, and recording the events for later usage. System Logs record and manage events and report errors and informational messages. Event messages have a unique format, as per the Syslog protocols recommended message format for all error reporting. For example, Syslog and local device reporting messages are assigned a severity code, and include a message mnemonic, which identifies the source application generating the message. It allows messages to be filtered based on their urgency or relevancy. Each message severity determines the set of event logging devices that are sent per each event message. The following table lists the log severity levels:
Table 4 System Log Severity Levels
Severity Emergency Alert Critical Error Warning Notice Informational Debug Level Highest (0) 1 2 3 4 5 6 7 Message The system is not functioning. The system needs immediate attention. The system is in a critical state. A system error has occurred. A system warning has occurred. The system is functioning properly, but a system notice has occurred. Provides device information. Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support.
This section includes the following topics:

Viewing Logs Configuring Logging
260
CHAPTER 13: MANAGING SYSTEM LOGS
Viewing Logs
The Logging Display Page contains all system logs in a chronological order that are saved in RAM (Cache). To view Logging: 1 Click Administration > Logging > Display. The Logging Display Page opens:
Figure 136 Logging Display Page
The Logging Display Page contains the following fields and buttons:

Save Preview Saves the displayed Log table. Clear Logs Deletes all logs from the Log table. Log Time Displays the time at which the log was generated. Severity Displays the log severity. Description Displays the log message text. . The selected logs are cleared, and the device is
2 Click updated.
Configuring Logging
261
Configuring Logging
The Logging Setup Page contains fields for defining which events are recorded to which logs. It contains fields for enabling logs globally, and parameters for defining logs. Log messages are listed from the highest severity to the lowest severity level. To define Log Parameters: 1 Click Administration > Logging > Setup. The Logging Setup Page opens:
Figure 137 Logging Setup Page
The Logging Setup Page contains the following fields:
Enable Local Logging Indicates if device local logs for Cache, File, and Server Logs are enabled. Console logs are enabled by default. The possible field values are:

Checked Enables device logs. Unchecked Disables device logs. Emergency The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location. Alert The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down.
262
CHAPTER 13: MANAGING SYSTEM LOGS
Critical The third highest warning level. A critical log is saved if a critical device malfunction occurs; for example, two device ports are not functioning, while the rest of the device ports remain functional. Error A device error has occurred, for example, if a single port is offline. Warning The lowest level of a device warning. The device is functioning, but an operational problem has occurred. Notice Provides device information. Info Provides device information. Debug Provides debugging messages. Not Active Provides no messages.
When a severity level is selected, all severity level choices above the selection are selected automatically.
Enable Syslogging Indicates if device local logs are enabled. The possible field values:

Checked Enables device logs. Unchecked Disables device logs. Emergency The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location. Alert The second highest warning level. An alert log is saved, if there is a serious device malfunction; for example, all device features are down. Critical The third highest warning level. A critical log is saved if a critical device malfunction occurs; for example, two device ports are not functioning, while the rest of the device ports remain functional. Error A device error has occurred, for example, if a single port is offline. Warning The lowest level of a device warning. The device is functioning, but an operational problem has occurred. Note Provides device information. Informational Provides device information.
Configuring Logging
263
Debug Provides debugging messages.
Syslog IP Address Defines IP Address to upload syslog messages. Syslog Port Defines the Port through which syslog messages are uploaded. The log parameters are set, and the device is updated.
2 Enable Logging and define the fields. 3 Click.
14
MANAGING SYSTEM FILES
The configuration file structure consists of the following configuration files:
Startup Configuration File Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file. Running Configuration File Contains all configuration file commands, as well as all commands entered during the current session. After the device is powered down or rebooted, all commands stored in the Running Configuration file are lost. During the startup process, all commands in the Startup file are copied to the Running Configuration File and applied to the device. During the session, all new commands entered are added to the commands existing in the Running Configuration file. Commands are not overwritten. To update the Startup file, before powering down the device, the Running Configuration file must be copied to the Startup Configuration file. The next time the device is restarted, the commands are copied back into the Running Configuration file from the Startup Configuration file. Image files Software upgrades are used when a new version file is downloaded. The file is checked for the right format, and that it is complete. After a successful download, the new version is marked, and is used after the device is reset.
This section contains information for defining File maintenance and includes both configuration file management as well as device access. This section contains the following topics:

Backing Up and Restoring System Files Downloading the Software Image Activating Image Files
Backing Up and Restoring System Files
265
Backing Up and Restoring System Files
There are two types of files, firmware files and configuration files. The firmware files manage the device, and the configuration files configure the device for transmissions. Only one type of download can be performed at any one time. To download a file: The Backup & Restore Configurations Page contains parameters for downloading system files. To download System Files: 1 Click Administration > Backup & Restore Configurations > Restore. The Backup & Restore Configurations Page opens:
Figure 138 Backup & Restore Configurations Page
The Backup & Restore Configurations Page contains the following fields:
Download via TFTP Enables initiating a download via the TFTP

server.
Download via HTTP Enables initiating a download via the HTTP

server or HTTPS server.
Configuration Download Indicates that the download is for configuration files. TFTP Server IP Address Specifies the TFTP Server IP Address from which the configuration files are downloaded.
266
CHAPTER 14: MANAGING SYSTEM FILES
Source File Name Specifies the configuration files to be downloaded. Destination File Specifies the destination file to which to the configuration file is downloaded. The possible field values are:
Running Configuration Downloads commands into the Running Configuration file. Startup Configuration Downloads the Startup Configuration file, and overwrites the old Startup Configuration file.
Downloading the Software Image
267
Downloading the Software Image
The Get Image Page permits network managers to retrieve the device software or the device boot code. To download the software image: 1 Click Administration > Software Update. The Get Image Page opens:
Figure 139 Get Image Page
The Get Image Page contains the following fields:
Download via TFTP Enables initiating a download via the TFTP

server.
Download via HTTP Enables initiating a download via the HTTP

server or HTTPS server.
TFTP Server IP Address Specifies the TFTP Server IP Address from which the configuration files are downloaded. Source File Name Specifies the configuration files to be downloaded. Destination File Specifies the destination file to which to the configuration file is downloaded. The possible field values are:
268
CHAPTER 14: MANAGING SYSTEM FILES
Running Configuration Downloads commands into the Running Configuration file. Startup Configuration Downloads the Startup Configuration file, and overwrites the old Startup Configuration file. . The files are downloaded, and the device is updated.
Activating Image Files
269
Activating Image Files
The Active Image Page allows network managers to select and reset the Image files. To upload System Files: 1 Click Administration > Backup & Restore > Active Image. The Active Image Page opens:
Figure 140 Active Image Page
The Active Image Page contains the following fields:

Active Image The Image file which is currently active on the unit. After Reset The Image file which is active on the unit after the device is reset. The possible field values are:

Image 1 Activates Image file 1 after the device is reset. Image 2 Activates Image file 2 after the device is reset.
15
VIEWING STATISTICS
This section contains information for viewing and configuring RMON

statistics, and contains the following sections:

Viewing RMON Statistics Configuring RMON History Configuring RMON Events Defining RMON Alarms
Viewing RMON Statistics
271
The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. To view RMON statistics: 1 Click Wired Ports > Stats > RMON Statistics > Display. The RMON Statistics Page opens:
Figure 141 RMON Statistics Page
The RMON Statistics Page contains the following fields:
Interface Indicates the device for which statistics are displayed. The possible field values are:
Port Defines the specific port for which RMON statistics are displayed. LAG Defines the specific LAG for which RMON statistics are displayed.
Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed. The possible field values are:

No Refresh Indicates that the RMON Statistics are not refreshed. 15 Sec Indicates that the RMON statistics are refreshed every 15 seconds. 30 Sec Indicates that the RMON statistics are refreshed every 30 seconds.
272
CHAPTER 15: VIEWING STATISTICS
60 Sec Indicates that the RMON statistics are refreshed every 60 seconds.
Received Bytes (Octets) Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits. Received Packets Displays the number of packets received on the interface, including bad packets, Multicast and broadcast packets, since the device was last refreshed. Broadcast Packets Received Displays the number of good broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets. Multicast Packets Received Displays the number of good Multicast packets received on the interface since the device was last refreshed. CRC & Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed. Undersize Packets Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed. Oversize Packets Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed. Fragments Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed. Jabbers Displays the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms. Collisions Displays the number of collisions received on the interface since the device was last refreshed. Frames of 64 Bytes Number of 64-byte frames received on the interface since the device was last refreshed.
273
Frames of 65 to 127 Bytes Number of 65 to 127 byte frames received on the interface since the device was last refreshed. Frames of 128 to 255 Bytes Number of 128 to 255 byte frames received on the interface since the device was last refreshed. Frames of 256 to 511 Bytes Number of 256 to 511 byte frames received on the interface since the device was last refreshed. Frames of 512 to 1023 Bytes Number of 512 to 1023 byte frames received on the interface since the device was last refreshed. Frames of 1024 to 1518 Bytes Number of 1024 to 1518 byte frames received on the interface since the device was last refreshed.
2 Select a port. The RMON statistics are displayed. 3 Click . The RMON statistics counters are cleared and the new statistics are displayed.
274
Configuring RMON History
The RMON History Control Summary Page contains information about samples of data taken from ports. For example, the samples may include interface definitions or polling periods. To view RMON History: 1 Click Wired Ports > Stats > RMON History > Control Summary. The RMON History Control Summary Page opens:
Figure 142 RMON History Control Summary Page
The RMON History Control Summary Page contains the following fields:
History Entry No. Displays the entry number for the History Control Table page. Source Interface Displays the interface from which the history samples were taken. The possible field values are:
Port Specifies the port from which the RMON information was taken.
Sampling Interval Indicates in seconds the time that samplings are taken from the ports. The field range is 1-3600. The default is 1800 seconds (equal to 30 minutes). Sampling Requested Displays the number of samples to be saved. The field range is 1-65535. The default value is 50.
Configuring RMON History
275
Current Number of Samples Displays the current number of samples taken. Owner Displays the RMON station or user that requested the RMON information. The field range is 0-20 characters.
To configure RMON History: 1 Click Wired Ports > Stats > RMON History > Control Setup. The RMON History Control Setup Page opens:
Figure 143 RMON History Control Setup Page
The RMON History Control Setup Page contains the following fields:
New History Entry No. Displays the new entry number for the History Control Table page. Source Interface Displays the interface from which the history samples were taken. The possible field values are:
Owner Displays the RMON station or user that requested the RMON information. The field range is 0-20 characters. Max No. of Samples to Keep Number of samples to be saved. The default value is 50.
276
Sampling Interval Indicates in seconds the time that samplings are taken from the ports. The field range is 1-3600. The default is 1800 seconds (equal to 30 minutes). . RMON History Control is enabled, and the device is
Modifying RMON History Entries
277
Modifying RMON History Entries
To modify RMON History: 1 Click Wired Ports > Stats > RMON History > Modify Control. The RMON History Modify Control Page opens:
Figure 144 RMON History Modify Control Page
The RMON History Modify Control Page contains the following fields:
Owner Displays the RMON station or user that requested the RMON information. The field range is 0-20 characters. Max No. of Samples to Keep Indicates the maximum number of samples to keep.
278
Sampling Interval Indicates in seconds the time that samplings are taken from the ports. The field range is 1-3600. The default is 1800 seconds (equal to 30 minutes). . RMON History Control is modified, and the device is
2 Modify the fields. 3 Click updated.
Removing RMON History Entries
279
Removing RMON History Entries
To delete RMON History: 1 Click Wired Ports > Stats > RMON History > Remove Control. The RMON History Remove Control Page opens:
Figure 145 RMON History Remove Control Page
The RMON History Remove Control Page contains the following fields:
Remove Removes a RMON event. The possible field values are:

Checked Removes a selected RMON event. Unchecked Maintains RMON events.
280
Sampling Interval Indicates in seconds the time that samplings are taken from the ports. The field range is 1-3600. The default is 1800 seconds (equal to 30 minutes). Sampling Requested Displays the number of samples to be saved. The field range is 1-65535. The default value is 50. Current Number of Samples Displays the current number of samples taken. Owner Displays the RMON station or user that requested the RMON information. The field range is 0-20 characters. . The History Control entries are deleted, and the device is
2 Select the History Entry to be deleted from the table. 3 Click updated. .
Viewing RMON History Summeries
281
Viewing RMON History Summeries
The RMON History Summary Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view the RMON History Table: 1 Click Wired Ports > Stats > RMON History > History Summary. The RMON History Summary Page opens:
Figure 146 RMON History Summary Page
The RMON History Summary Page contains the following fields:
History Entry No. Displays the entry number for the History Control Table page. Owner Displays the RMON station or user that requested the RMON information. Sample No. Indicates the sample number from which the statistics were taken. Received Bytes (Octets) Displays the number of octets received on the interface since the device was last refreshed. This number includes bad packets and FCS octets, but excludes framing bits.
282
Received Packets Displays the number of packets received on the interface since the device was last refreshed, including bad packets, Multicast and Broadcast packets. Broadcast Packets Displays the number of good Broadcast packets received on the interface since the device was last refreshed. This number does not include Multicast packets. Multicast Packets Displays the number of good Multicast packets received on the interface since the device was last refreshed. CRC Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed. Undersize Packets Displays the number of undersized packets (less than 64 octets) received on the interface since the device was last refreshed. Oversize Packets Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed. Fragments Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed. Jabbers Displays the total number of received packets that were longer than 1518 octets. This number excludes frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The field range to detect jabbers is between 20 ms and 150 ms. Collisions Displays the number of collisions received on the interface since the device was last refreshed. Utilization Displays the percentage of the interface utilized.
Configuring RMON Events
283
Configuring RMON Events
This section includes the following topics:

Defining RMON Events Control Configuring RMON Events Control
Defining RMON Events Control
The RMON Events Control Summary Page contains fields for defining RMON events. To view RMON Events: 1 Click Wired Ports > Stats > RMON Events > Control Summary. The RMON Events Control Summary Page opens:
Figure 147 RMON Events Control Summary Page
The RMON Events Control Summary Page contains the following fields:

Event Entry Displays the event. Community Displays the community to which the event belongs. Description Displays the user-defined event description. Type Describes the event type. Possible values are:
Log Indicates that the event is a log entry.
284
Trap Indicates that the event is a trap. Log and Trap Indicates that the event is both a log entry and a trap. None Indicates that no event occurred.
Time Displays the time that the event occurred. Owner Displays the device or user that defined the event.
Configuring RMON Event Control
285
Configuring RMON Event Control
To configure RMON Event Control: 1 Click Wired Ports > Stats > RMON Events > Control Setup. The RMON Events Control Setup Page opens:
Figure 148 RMON Events Control Setup Page
The RMON Events Control Setup Page contains the following fields:


Log Indicates that the event is a log entry. Trap Indicates that the event is a trap. Log and Trap Indicates that the event is both a log entry and a trap. None Indicates that no event occurred.
Owner Displays the device or user that defined the event.
2 Define the fields.
286
3 Click
. The RMON Events are defined, and the device is updated.
Configuring RMON Events Control
287
Configuring RMON Events Control
To modify RMON Event Control Information: 1 Click Wired Ports > Stats > RMON Events > Modify Control. The RMON Event Modify Control Page opens:
Figure 149 RMON Event Modify Control Page
The RMON Event Modify Control Page contains the following fields:

Event Entry No. Displays the event. Community Displays the community to which the event belongs. Description Displays the user-defined event description. Type Describes the event type. Possible values are:

Log Indicates that the event is a log entry. Trap Indicates that the event is a trap. Log and Trap Indicates that the event is both a log entry and a trap. None Indicates that no event occurred.
Owner Displays the device or user that defined the event.
288
2 Modify the fields. 3 Click updated. . The RMON Events Control is modified, and the device is
Removing RMON Events
289
Removing RMON Events
To remove RMON Event Control Information: 1 Click Wired Ports > Stats > RMON Events > Remove Control. The RMON Events Remove Control Page opens:
Figure 150 RMON Events Remove Control Page
The RMON Events Remove Control Page contains the following fields:


Log Indicates that the event is a log entry. Trap Indicates that the event is a trap. Log and Trap Indicates that the event is both a log entry and a trap.
290
None Indicates that no event occurred.
Time Displays the time that the event occurred. Owner Displays the device or user that defined the event. . The RMON Event is removed, and the device is updated.
2 Select the event to be deleted. 3 Click
Viewing RMON Events
291
Viewing RMON Events
The RMON Events Summary Page contains interface specific statistical network samplings. Each table entry represents all counter values compiled during a single sample. To view RMON Events Summary: 1 Click Wired Ports> Stats > RMON Events > Events Summary. The RMON Events Summary Page opens:
Figure 151 RMON Events Summary Page
The RMON Events Summary Page contains the following fields:

Event Displays the RMON Events Log entry number. Log No. Displays the log number. Log Time Displays the time when the log entry was entered. Description Displays the log entry description.
292
Defining RMON Alarms
The RMON Alarm Summary Page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. To view RMON Alarms: 1 Click Wired Ports > Stats > RMON Alarms > Alarms Summary. The RMON Alarm Summary Page opens:
Figure 152 RMON Alarm Summary Page
The RMON Alarm Summary Page contains the following fields:

Alarm Entry Indicates a specific alarm. Counter Name Displays the selected MIB variable. Interface Displays interface for which RMON statistics are displayed. The possible field values are:

Port Displays the RMON statistics for the selected port. LAG Indicates LAG statistics are displayed.
Counter Value Displays the selected MIB variable value. Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:
Defining RMON Alarms
293
Delta Subtracts the last sampled value from the current value. The difference in the values is compared to the threshold. Absolute Compares the values directly with the thresholds at the end of the sampling interval.
Rising Threshold Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color. Rising Event Displays the mechanism in which the alarms are reported. The possible field values are:
LOG Indicates there is not a saving mechanism for either the device or in the management system. If the device is not reset, the entry remains in the Log Table. TRAP Indicates that an SNMP trap is generated, and sent via the Trap mechanism. The Trap can also be saved using the Trap mechanism. Both Indicates that both the Log and Trap mechanism are used to report alarms.
Falling Threshold Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. Falling Event Displays the mechanism in which the alarms are reported. Startup Alarm Displays the trigger that activates the alarm generation.
Rising Alarm Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color. Falling Alarm Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. Rising and Falling Alarm Indicates both Rising and Falling alarms are selected as the startup alarm.
Interval Defines the alarm interval time in seconds. Owner Displays the device or user that defined the alarm.
294
Defining RMON Alarm Setups
To configure RMON Alarms: 1 Click Wired Ports > Stats > RMON Alarms > Alarms Setup. The RMON Alarms Alarm Setup Page opens:
Figure 153 RMON Alarms Alarm Setup Page
The RMON Alarms Alarm Setup Page contains the following fields:

Alarm Entry Indicates a specific alarm. Interface Displays interface for which RMON statistics are displayed. The possible field values are:

Port Displays the RMON statistics for the selected port. LAG Displays the RMON statistics for the selected LAG.
Counter Name Displays the selected MIB variable. Counter Value Displays the selected MIB variable value. Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:
295
Falling Threshold Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. Falling Event Displays the mechanism in which the alarms are reported. Startup Alarm Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold.
Rising Alarm Defines rising as crossing the threshold from a low-value threshold to a higher-value threshold. Falling Alarm Defines falling as the falling counter value that triggers the falling threshold alarm. Rising and Falling Alarm Both alarms are triggered
Interval Defines the alarm interval time in seconds. Owner Displays the device or user that defined the alarm. . The RMON alarm is added, and the device is updated.
296
To modify Alarm Settings: 1 Click Wired Ports > Stats > RMON Alarms > Modify Alarm. The RMON Alarms Modify Alarm Page opens:
Figure 154 RMON Alarms Modify Alarm Page
The RMON Alarms Modify Alarm Page contains the following fields:

Alarm Entry Indicates a specific alarm. Interface Displays interface for which RMON statistics are displayed. The possible field values are:

Counter Name Displays the selected MIB variable. Counter Value Displays the selected MIB variable value. Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:
Delta Subtracts the last sampled value from the current value. The difference in the values is compared to the threshold.
297
Absolute Compares the values directly with the thresholds at the end of the sampling interval.
Falling Threshold Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is graphically presented on top of the graph bars. Each monitored variable is designated a color. Falling Event Displays the mechanism in which the alarms are reported. Startup Alarm Displays the trigger that activates the alarm generation. Rising is defined by crossing the threshold from a low-value threshold to a higher-value threshold.
Interval Defines the alarm interval time in seconds. Owner Displays the device or user that defined the alarm. . The RMON alarm is modified, and the device is updated.
298
Removing RMON Alarms
To delete Alarm Settings: 1 Click Wired Ports > Stats > RMON Alarms > Remove Alarms. The RMON Alarms Remove Alarm Page opens:
Figure 155 RMON Alarms Remove Alarm Page
The RMON Alarms Remove Alarm Page contains the following fields:

Alarm Entry Indicates a specific alarm. Counter Name Displays the selected MIB variable. Interface Displays interface for which RMON statistics are displayed. The possible field values are:

Counter Value Displays the selected MIB variable value.
Removing RMON Alarms
299
Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are:
Falling Threshold Displays the falling counter value that triggers the falling threshold alarm. Falling Event Displays the mechanism in which the alarms are reported. Startup Alarm Displays the trigger that activates the alarm generation.
Interval Defines the alarm interval time in seconds. Owner Displays the device or user that defined the alarm. . The RMON alarm is deleted, and the device is updated.
2 Select the Alarm Entry to be deleted 3 Click
WLAN COUNTRY SETTINGS
This appendix contains vital information for configuring WLAN, including the country codes, power regulations, and frequency ranges.
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 60 mW EIRP 100 mW EIRP 200 mW EIRP 200 mW EIRP 1 W EIRP 200 mW EIRP 120 mW EIRP 120 mW EIRP 100 mW EIRP 100 mW EIRP Brazil BR -C 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1 - 11 Canada CA -A 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11 200 mW EIRP 1 W EIRP 1 W EIRP 50 mW+6 dBi=200 mW, 250 mW+6 dBi=1 W, 1 W+6 dBi=4 W 1 W+Restricted Antennas 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.725-5.85 2.4-2.4835 2.4-2.4835 5.15-5.25
Country Austria
Country Code AT
Channels Allowed 36, 40, 44, 48 1 - 11
Frequency Range (GHz) 5.15-5.25 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.825
Australia
AU
-N
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1 - 11
Belgium
BE
-E
36, 40, 44, 48,52, 56, 60, 64 1 - 12,13
309
Country Switzerland and Liechtenstein
Country Code CH
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 200 mW EIRP 200 mW EIRP 100 mW EIRP 150 mW+6 dBi~600 mW 150 mW+6 dBi~600 mW 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 200 mW EIRP200 mW EIRP1 W EIRP
Frequency Range (GHz) 5.15-5.255.25-5 .35 2.4-2.4835 5.725-5.825 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .355.725-5.825
China
CN
-C
149, 153, 157, 161 1-13
Cyprus
CY
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Czech Republic
CZ
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.255.25-5 .355.47-5.725
Germany
DE
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
2.4-2.4835 200 mW EIRP200 mW EIRP1 W EIRP 5.15-5.255.25-5 .355.47-5.725
Denmark
DK
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
Estonia
EE
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161
310
APPENDIX : WLAN COUNTRY SETTINGS
Country
Country Code
Access Point Domain
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 1 W+Restricted Antennas
Frequency Range (GHz) 2.4-2.4835
Spain
ES
-E 1-11 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP 5.15-5.255.25-5 .355.47-5.725
Finland
FI
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 200 mW EIRP200 mW EIRP 100 mW EIRP100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.255.25-5 .35 2.4-2.48352.4-2 .454 5.15-5.25 5.25-5.35 5.47-5.725
France
FR
-E
36, 40, 44, 48,52, 56, 60, 64 1 - 7,8 - 11
United Kingdom
GB
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 100 mW EIRP 200 mW EIRP200 mW EIRP1 W+6 dBi=4 W 100 mW EIRP 200 mW EIRP
2.4-2.4835 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .35
Greece Hong Kong
GR HK
-E -N
1-11 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Hungary
HU
-E
36, 40, 44, 48,52, 56, 60, 64
311
Country
Country Code
Access Point Domain
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 1 W EIRP N/A 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP 100 mW EIRP 200 mW EIRP200 mW EIRP 100 mW EIRP 200 mW EIRP200 mW EIRP 100 mW EIRP N/A 4 W EIRP
Frequency Range (GHz) 2.4-2.4835 5.725-5.875 2.4-2.5 5.15-5.25 5.25-5.35 5.47-5.725 2.4-2.4835 5.15-5.25 5.25-5.35 2.4-2.4835 5.15-5.255.25-5 .35 2.4-2.4835 N/A 2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Indonesia
ID
-R
N/A 1-13
Ireland
IE
-E
36, 40, 44, 48,52, 56, 60, 64 1-11
Israel
IL
-I
36, 40, 44, 48,52, 56, 60, 64 1-13
Israel OUTDOOR
ILO
36, 40, 44, 48,52, 56, 60, 64 5-13
India
IN
TBA
N/A
Iceland
IS
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Italy
IT
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120,
312
Country
Country Code
Access Point Domain
Channels Allowed 124, 128, 132, 140 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP)
Frequency Range (GHz)
100 mW EIRP 100 mW EIRP100 mW EIRP 10 mW/ MHz~200mW EIRP 10 mW/ MHz~200mW EIRP 150 mW+6 dBi~600 mW 150 mW+6 dBi~600 mW 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 5.03-5.09 5.15-5.25 2.4-2.497 2.4-2.497 5.725-5.825 2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
Japan
JP
-J
1-3,1-4 1-14 1-13
Republic of Korea
KR
-C
149, 153, 157, 161 1-13
Lithuania
LT
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Luxembourg
LU
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
Latvia
LV
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153,
313
Country
Country Code
Access Point Domain
Channels Allowed 157, 161 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) dBi=4 W 1 W+Restricted Antennas 100 mW EIRP 200 mW EIRP200 mW EIRP1 W EIRP
2.4-2.4835 2.4-2.5 5.15-5.25 5.25-5.35 5.47-5.725
Malaysia Netherlands
MY NL
-E -E
1-13 36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Norway
NO
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas TBA 100 mW EIRP
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
New Zealand
NZ
-N
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835 5.725-5.875 2.4-2.4835 2.4-2.4835
Philippines
PH
-C
TBA
Poland
PL
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153,
200 mW EIRP 1 W EIRP
314
Country
Country Code
Access Point Domain
Channels Allowed 157, 161 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP)
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Portugal
PT
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.47-5.725
Sweden
SE
-E
36, 40, 44, 48,52, 56, 60, 64,104, 108, 112, 116, 120, 124, 128, 132, 140 1-11
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.15-5.255.25-5 .355.725-5.85
Singapore
SG
-S
36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161 1-13
200 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas
Slovenia
SI
-E
36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
2.4-2.4835
315
Country Slovak Republic
Country Code SK
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W+Restricted Antennas N/A 100 mW EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W
Frequency Range (GHz) 5.15-5.25 5.25-5.35 5.725-5.85 2.4-2.4835 5.725-5.875 2.4-2.5 5.25-5.35 5.47-5.725 5.725-5.825
Thailand
TL
-R
N/A 1-13
Taiwan
TW
-T
56, 60, 64, 100 - 140,149, 153, 157, 161
1-13 United States of America US -A 36, 40, 44, 48,52, 56, 60, 64,149, 153, 157, 161 1-11 United States of America USE -A 36, 40, 44, 48,52, 56, 60, 64 1-11 United States of America LOW USL -A 36, 40, 44, 48,52, 56, 60, 64 1-11
1 W EIRP 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W1 W+6 dBi=4 W 1 W Conducted Output 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output
2.4-2.4835 5.15-5.25 5.25-5.35 5.725-5.85
2.4-2.4835 5.15-5.25 5.25-5.35 2.4-2.4835 5.15-5.25 5.25-5.35
2.4-2.4835
316
Country United States of America EXTENDED
Country Code USX
Access Point Domain TBA
Channels Allowed 36, 40, 44, 48,52, 56, 60, 64 1-11
Maximum Transmit Power (Radio Tx + Antenna Gain = EIRP) 50 mW+6 dBi=200 mW250 mW+6 dBi=1 W 1 W Conducted Output N/A 1 W EIRP
Frequency Range (GHz) 5.15-5.25 5.25-5.35
2.4-2.4835 5.25-5.355.7255.825 2.4-2.4835
South Africa
ZA
TBA
N/A 1-13
B
Related Standards
DEVICE SPECIFICATIONS AND FEATURES
The 3Com Unified Gigabit Wireless PoE Switch 24 has been designed to the following standards:
Function IEEE 802.3 (Ethernet, 10Base-T), IEEE 802.3u (Fast Ethernet, 100Base-TX), IEEE 802.3ab (Gigabit Ethernet, 1000Base-T) and IEEE 802.3z (Gigabit Ethernet, 1000Base-X), IEEE 802.3x (Flow Control), IEEE 802.1d 1998 (Bridging), IEEE 802.1p (Virtual LAN), IEEE 802.af (DTE Power) 8192 UL 60950-1, CSA 22.2 No. 60950-1, EN 60950-1, IEC 60950-1 FCC Part 15 Subpart B Class A, EN 55022 Class A, ICES-003 Class A, CISPR 22 Class A, VCCI Class A, EN 61000-3-2, EN 61000-3-3 EN 55024, EN 60601-1-2
MAC Address Safety EMC Emissions
Immunity
Environmental
Operating Temperature 0 to 40 C (32 to 104 F) Storage Temperature Humidity Standard 40 to +70 C (40 to +158 F) 10 to 95% (non-condensing) EN 60068 (IEC 68)
Physical
309
Physical
Width Length Height Weight Mounting 44.0 cm (17.3 in.) 41.5 cm (16.3 in.) 4.4 cm (1.75 in.) or 1U. 5.9 kg (13.0 lb) Free-standing, or 19 in. rack-mounted using the supplied mounting kit
Electrical
Power Inlet AC Line Frequency Input Voltage Current Rating Maximum Power Consumption Maximum Power Dissipation PoE Maximum Output Power per Port IEC 320 50/60 Hz (3 Hz) 100240 Vac (auto range) 8 Amp (maximum) 465 Watts 207 BTU/hr 15.4 watts Power can also be provided by the switch through any of its 24 Ethernet ports based on the IEEE 802.3af Power over Ethernet (PoE) specifications. For PoE to work, the receiving device must be PoE-compliant.
310
APPENDIX A: DEVICE SPECIFICATIONS AND FEATURES
Unified Switch 24 Features

Feature Auto Negotiation
This appendix describes the device features. The system supports the following features:
Description Auto negotiation allows an device to advertise modes of operation. The auto negotiation function provides the means to exchange information between two devices that share a point-to-point link segment, and to automatically configure both devices to take maximum advantage of their transmission capabilities. Auto negotiation provides port advertisement. Port advertisement allows the system administrator to configure the port speeds advertised.
Automatic MAC Addresses Aging Back Pressure Class Of Service
MAC addresses from which no traffic is received for a given period are aged out. This prevents the Bridging Table from overflowing. On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic. The IEEE 802.1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link/MAC sub-layer. 802.1p traffic is classified and sent to the destination. No bandwidth reservations or limits are established or enforced. 802.1p is a spin-off of the 802.1Q (VLANs) standard. 802.1p establishes eight levels of priority, similar to the IP Precedence IP Header bit-field. Command Line Interface (CLI) syntax and semantics conform as much as possible to common industry practice. Syslog Syslog is a protocol that enables event notifications to be sent to a set of remote servers, where they can be stored, examined and acted upon. The system sends notifications of significant events in real time, and keeps a record of these events for after-the-fact usage.
Command Line Interface
Configuration File Management
The device configuration is stored in a configuration file. The Configuration file includes both system wide and port specific device configuration. The system can display configuration files in the form of a collection of CLI commands, which are stored and manipulated as text files. Dynamic Host Client Protocol. DHCP enables additional setup parameters to be received from a network server upon system startup. DHCP service is an on-going process. Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated to 192.87.56.2. DNS servers maintain domain name databases and their corresponding IP addresses.
DHCP Clients
Domain Name System
311
Feature Fast Link
Description STP can take up to 30-60 seconds to converge. During this time, STP detects possible loops, allowing time for status changes to propagate and for relevant devices to respond. 30-60 seconds is considered too long of a response time for many applications. The Fast Link option bypasses this delay, and can be used in network topologies where forwarding loops do not occur. IEEE 802.1Q defines an architecture for virtual bridged LANs, the services provided in VLANs and the protocols and algorithms involved in the provision of these services. An important requirement included in this standard is the ability to mark frames with a desired Class of Service (CoS) tag value. GARP VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q trunk ports. When GVRP is enabled, the device registers and propagates VLAN membership on all ports that are part of the active underlying Spanning Tree Protocol Features topology. IGMP Snooping examines IGMP frame contents, when they are forwarded by the device from work stations to an upstream Multicast router. From the frame, the device identifies work stations configured for Multicast sessions, and which Multicast routers are sending Multicast frames. LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems. LACP automatically determines, configures, binds and monitors the port binding within the system. Link Aggregated Group (LAG). The system provides up-to eight Aggregated Links may be defined, each with up to eight member ports, to form a single. LAGs provide: Fault tolerance protection from physical link disruption Higher bandwidth connections Improved bandwidth granularity High bandwidth server connectivity LAG is composed of ports with the same speed, set to full-duplex operation.
Full 802.1Q VLAN Tagging Compliance
GVRP Support
IGMP Snooping
LACP
Link Aggregated Groups
MAC Address Capacity Support
The device supports up to 8K MAC addresses. The device reserves specific MAC addresses for system use.
312
Feature MAC Multicast Support
Description Multicast service is a limited broadcast service, which allows one-to-many and many-to-many connections for information distribution. Layer 2 Multicast service is where a single frame is addressed to a specific Multicast address, from where copies of the frame are transmitted to the relevant ports. The device automatically detects whether the cable connected to an RJ-45 port is crossed or straight through, when auto-negotiation is enabled. Standard wiring for end stations is Media-Dependent Interface (MDI) and the standard wiring for hubs and switches is known as Media-Dependent Interface with Crossover (MDIX).
MDI/MDIX Support
Multiple Spanning Tree
Multiple Spanning Tree (MSTP) operation maps VLANs into STP instances. MSTP provides differing load balancing scenario. Packets assigned to various VLANs are transmitted along different paths within MSTP Regions (MST Regions). Regions are one or more MSTP bridges by which frames can be transmitted. The standard lets administrators assign VLAN traffic to unique paths. Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP, HTTPS, and SNMP access are assigned security features. For more information on Password Management, see Managing Passwords. Port-based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP). Port-based VLANs classify incoming packets to VLANs based on their ingress port. Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port. Users specify which target port receives copies of all traffic passing through a specified source port.
Password Management
Port-based Authentication
Port-based Virtual LANs Port Mirroring
313
Feature Power over Ethernet
Description Power over Ethernet (PoE) provide power to devices over existing LAN cabling, without updating or modifying the network infrastructure. Power over Ethernet removes the necessity of placing network devices next to power sources. Power over Ethernet can be used in the following applications: IP Phones Wireless Access Points IP Gateways PDAs Audio and video remote monitoring
Private VLANs RADIUS Clients
Private VLAN ports are a Layer 2 security feature which provide isolation between ports within the same Broadcast domain. RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-user authentication information, such as user name, password and accounting information. Spanning Tree can take 30-60 seconds for each host to decide whether its ports are actively forwarding traffic. Rapid Spanning Tree (RSTP) detects uses of network topologies to enable faster convergence, without creating forwarding loops. Remote Monitoring (RMON) is an extension to SNMP, which provides comprehensive network traffic monitoring capabilities (as opposed to SNMP which allows network device management and monitoring). RMON is a standard MIB that defines current and historical MAC-layer statistics and control objects, allowing real-time information to be captured across the entire network. The device enables automatic MAC address learning from incoming packets. The MAC addresses are stored in the Bridging Table The system logs events with severity codes and timestamps. Events are sent as SNMP traps to a Trap Recipient List. Simple Network Management Protocol (SNMP) over the UDP/IP protocol controls access to the system, a list of community entries is defined, each of which consists of a community string and its access privileges. There are 3 levels of SNMP security read-only, read-write and super. Only a super user can access the community table. The Simple Network Time Protocol (SNTP) assures accurate network Ethernet Switch clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. Time sources are established by Stratums. Stratums define the distance from the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
Rapid Spanning Tree
Remote Monitoring
Self-Learning MAC Addresses SNMP Alarms and Trap Logs SNMP Versions 1, 2 and 3
SNTP
314
Feature Spanning Tree Protocol
Description 802.1d Spanning tree is a standard Layer 2 switch requirement that allows bridges to automatically prevent and resolve L2 forwarding loops. Switches exchange configuration messages using specifically formatted frames and selectively enable and disable forwarding on ports. Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 2 is currently supported. The SSH server feature enables an SSH client to establish a secure, encrypted connection with a device. This connection provides functionality that is similar to an inbound telnet connection. SSH uses RSA and DSA Public Key cryptography for device connections and authentication. Secure Socket Layer (SSL) is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates and public and private keys. MAC entries can be manually entered in the Bridging Table, as an alternative to learning them from incoming frames. These user-defined entries are not subject to aging, and are preserved across resets and reboots. TACACS+ provides centralized security for validation of users accessing the device. TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. Transport Control Protocol (TCP). TCP connections are defined between 2 ports by an initial synchronization exchange. TCP ports are identified by an IP address and a 16-bit port number. Octets streams are divided into TCP packets, each carrying a sequence number. The device supports boot image, software and configuration upload/download via TFTP. Traceroute discovers IP routes that packets were forwarded along during the forwarding process. The CLI Traceroute utility can be executed from either the user-exec or privileged modes. VCT detects and reports copper link cabling occurrences, such as open cables and cable shorts. VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents. Packets sharing common attributes can be grouped in the same VLAN.
SSH
SSL
Static MAC Entries
TACACS+
TCP
TFTP Trivial File Transfer Protocol Traceroute
Virtual Cable Testing VLAN Support
315
Feature VLAN-aware MAC-based Switching
Description The device always performs VLAN-aware bridging. Classic bridging(IEEE802.1D) is not performed, where frames are forwarded based only on their destination MAC address. However, a similar functionality may be configured for untagged frames. Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN. With web-based management, the system can be managed from any web browser. The system contains an Embedded Web Server (EWS), which serves HTML pages, through which the system can be monitored and configured. The system internally converts web-based input into configuration commands, MIB variable settings and other management-related settings.
Web-based Management
TROUBLESHOOTING
This section describes problems that may arise when installing the and how to resolve these issue. This section includes the following topics:
Problem Management Provides information about problem management with . Troubleshooting Solutions Provides a list of troubleshooting issues and solutions for using the device.
Problem Management
Problem management includes isolating problems, quantifying the problems, and then applying the solution. When a problem is detected, the exact nature of the problem must be determined. This includes how the problem is detected, and what are the possible causes of the problem. With the problem known, the effect of the problem is recorded with all known results from the problem. Once the problem is quantified, the solution is applied. Solutions are found either in this chapter, or through customer support. If no solution is found in this chapter, contact Customer Support.
Troubleshooting Solutions
Listed below are some possible troubleshooting problems and solutions. These error messages include:

Cannot connect to management using RS-232 serial connection Cannot connect to switch management using Telnet, HTTP, SNMP, etc. Self-test exceeds 15 seconds No connection is established and the port LED is on Device is in a reboot loop No connection and the port LED is off Lost password.
317
Problems Cannot connect to management using RS-232 serial connection
Possible Cause
Solution Be sure the terminal emulator program is set to VT-100 compatible, 9600 baud rate, no parity, 8 data bits and one stop bit Use the included cable, or be sure that the pin-out complies with a standard null-modem cable
Cannot connect to switch management using Telnet, HTTP, SNMP, etc.
Be sure the switch has a valid IP address, subnet mask and default gateway configured Check that your cable is properly connected with a valid link light, and that the port has not been disabled Ensure that your management station is plugged into the appropriate VLAN to manage the device If you cannot connect using Telnet or the web, the maximum number of connections may already be open. Please try again at a later time.
No response from the terminal emulation software
Faulty serial cable Incorrect serial cable Software settings
Replace the serial cable Replace serial cable for a pin-to-pin straight/flat cable Reconfigure the emulation software connection settings. Replace the serial cable Reconfigure the emulation software connection settings. Remove and reinstall the device. If that does not help, consult your technical support representative. Configure the network address in the workstation Configure the network address in the workstation
Response from the terminal emulations software is not readable Self-test exceeds 15 seconds No connection is established and the port LED is on
Faulty serial cable Software settings The device may not be correctly installed. Wrong network address in the workstation No network address set Wrong or missing protocol Faulty ethernet cable Faulty port Faulty module Incorrect initial configuration
Configure the workstation with IP protocol Replace the cable Replace the module Replace the module Erase the connection and reconfigure the port
Device is in a reboot loop
Software fault
Download and install a working or previous software version from the console
318
APPENDIX C: TROUBLESHOOTING
Problems No connection and the port LED is off
Possible Cause Incorrect ethernet cable, e.g., crossed rather than straight cable, or vice versa, split pair (incorrect twisting of pairs) Fiber optical cable connection is reversed Bad cable Wrong cable type
Solution Check pinout and replace if necessary
Change if necessary. Check Rx and Tx on fiber optic cable Replace with a tested cable Verify that all 10 Mbps connections use a Cat 5 cable Check the port LED or zoom screen in the NMS application, and change setting if necessary
319
Problems Lost password
Possible Cause
Solution The Password Recovery Procedure enables the user to override the current password configuration, and disables the need for a password to access the console. The password recovery is effective until the device is reset. If the password/user name has been forgotten or lost. The password must be reconfigured using either the CLI commands or via the Embedded Web Interface. The Password Recovery Procedure is invoked from the Startup menu: 1 Reboot the system either by disconnecting the power supply, or enter the command: the following message is displayed: Console #reload Are you sure you want to reboot the system (y/n)[n]? 2 Enter Y. The device reboots. After the POST, when the text Autoboot in 2 seconds - press
RETURN or Esc. to abort and enter prom. is displayed, press <Enter>. The Startup
Menu is displayed. [1] Download software [2] Erase flash file [3] Erase flash sectors [4] Password Recovery Procedure [5] Enter Diagnostic Mode [6] Back
3 Enter 4 within 15 seconds after the bootup process from the StartUp menu. If the startup menu option is not selected within 15 seconds, the accessibility requirements are erased, and the system continues to load. The password is defined using the CLI mode. 4 Enter the CLI configuration mode. 5 Enter the password commands: username, enable password, or password [line]. For example: enable password level 1
password *****
6 Enter the command exit. The CLI mode is exited. For example: enable password level 1
password *****.
320
APPENDIX C: TROUBLESHOOTING
GLOSSARY
Access Control List (ACL) Address Resolution Protocol (ARP)
ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. ARP converts between IP addresses and MAC (i.e., hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address. This allows the switch to use IP addresses for routing decisions and the corresponding MAC addresses to forward packets from one hop to the next.
BOOTP is used to provide bootup information for network devices,
Boot Protocol (BOOTP) Class of Service (CoS)
including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file. CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue. Data is transmitted from the queues using weighted round-robin service to enforce priority service and prevent blockage of lower-level queues. Priority may be set according to the port default, the packets priority bit (in the VLAN tag), TCP/UDP port number, IP Precedence bit, or DSCP priority bit. DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues. A system used for translating host names for network nodes into IP addresses. A distance-vector-style routing protocol used for routing multicast datagrams through the Internet. DVMRP combines many of the features of RIP with Reverse Path Forwarding (RPF).
Differentiated Services Code Point Service (DSCP) Domain Name Service (DNS) Distance Vector Multicast Routing Protocol (DVMRP)
322
APPENDIX : GLOSSARY
Dynamic Host Control Protocol (DHCP) Extensible Authentication Protocol over LAN (EAPOL)
Provides a framework for passing configuration information to hosts on a TCP/IP network. DHCP is based on the Bootstrap Protocol (BOOTP), adding the capability of automatic allocation of reusable network addresses and additional configuration options. EAPOL is a client authentication protocol used by this switch to verify the network access rights for any device that is plugged into the switch. A user name and password is requested by the switch, and then passed to an authentication server (e.g., RADIUS) for verification. EAPOL is implemented as part of the IEEE 802.1x Port Authentication standard. Defines a way for switches to exchange VLAN information in order to register necessary VLAN members on ports along the Spanning Tree so that VLANs defined in each switch can work automatically over a Spanning Tree network. GARP is a protocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment so that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations. Formerly called Group Address Registration Protocol. GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. See Generic Attribute Registration Protocol.
GARP VLAN Registration Protocol (GVRP) Generic Attribute Registration Protocol (GARP)
Generic Multicast Registration Protocol (GMRP) Group Attribute Registration Protocol (GARP) IEEE 802.1D IEEE 802.1Q
Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. VLAN TaggingDefines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based on the tagged priority value.
IEEE 802.1p
323
IEEE 802.1s IEEE 802.1x IEEE 802.3ac IEEE 802.3x IGMP Snooping
An IEEE standard for the Multiple Spanning Tree Protocol (MSTP) which provides independent spanning trees for VLAN groups. Port Authentication controls access to the switch ports by requiring users to first enter a user ID and password for authentication. Defines frame extensions for VLAN tagging. Defines Ethernet frame start/stop requests and timers used for flow control on full-duplex links. Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. On each subnetwork, one IGMP-capable device will act as the querier that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork. A network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. A protocol through which hosts can register with their local router for multicast services. If there is more than one multicast switch/router on a given subnetwork, one of the devices is made the querier and assumes responsibility for keeping track of group membership. Management of the network from a station attached directly to the network. A process whereby this switch can pass multicast traffic along to participating hosts. The Type of Service (ToS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic. The eight values are mapped one-to-one to the Class of Service categories by default, but may be configured differently to suit the requirements for specific network applications.
IGMP Query
Internet Control Message Protocol (ICMP) Internet Group Management Protocol (IGMP) In-Band Management IP Multicast Filtering IP Precedence
324
APPENDIX : GLOSSARY
Layer 2
Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Network layer in the ISO 7-Layer Data Communications Protocol. This layer handles the routing functions for data moving from one open system to another. See Port Trunk. Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device. An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest. A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast VLAN group. NTP provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master-slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. OSPF is a link-state routing protocol that functions better over a larger network such as the Internet, as opposed to distance-vector routing protocols such as RIP. It includes features such as unlimited hop count, authentication of routing updates, and Variable Length Subnet Masks (VLSM). Management of the network from a station not attached to the network. See IEEE 802.1x.
Layer 3
Link Aggregation Link Aggregation Control Protocol (LACP) Management Information Base (MIB) MD5 Message Digest Algorithm
Multicast Switching
Network Time Protocol (NTP)
Open Shortest Path First (OSPF)
Out-of-Band Management Port Authentication
325
Port Mirroring
A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively. Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links. Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports. A protocol proposed by Microsoft, Cisco and RSA Security for securely transporting authentication data, including passwords, over 802.11 wireless networks. Like the competing standard Tunneled Transport Layer Security (TTLS), PEAP makes it possible to authenticate wireless LAN clients without requiring them to have certificates, simplifying the architecture of secure wireless LANs.Protocol-Independent Multicasting (PIM) This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding. PIM uses the routers IP routing table rather than maintaining a separate multicast routing table as with DVMRP. PIM - Sparse Mode is designed for networks where the probability of a multicast client is low, such as on a Wide Area Network. PIM - Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic can be justified.
Port Trunk
Private VLANs
Protected Extensible Authentication Protocol (PEAP)
Remote Authentication Dial-in User Service (RADIUS) Remote Monitoring (RMON) Rapid Spanning Tree Protocol (RSTP) Secure Shell (SSH)
RADIUS is a logon authentication protocol that uses software running
on a central server to control access to RADIUS-compliant devices on the network. RMON provides comprehensive network monitoring capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types.
RSTP reduces the convergence time for network topology changes to
about 10% of that required by the older IEEE 802.1D STP standard. A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch.
326
APPENDIX : GLOSSARY
Routing Information Protocol (RIP)
The RIP protocol seeks to find the shortest route to another device by minimizing the distance-vector, or hop count, which serves as a rough estimate of transmission cost. RIP-2 is a compatible upgrade to RIP. It adds useful capabilities for subnet routing, authentication, and multicast transmissions. A standard host-to-host mail transport protocol that operates over TCP, port 25. The application protocol in the Internet suite of protocols which offers network management services.
SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server. Updates can be requested from a specific NTP server, or can be received via broadcasts sent by NTP servers.
Simple Mail Transfer Protocol (SMTP) Simple Network Management Protocol (SNMP) Simple Network Time Protocol (SNTP)
Spanning Tree Protocol (STP)
A technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network. Defines a remote communication facility for interfacing to a terminal device over TCP/IP. This multicast routing protocol floods multicast traffic downstream, and calculates the shortest-path back to the multicast source network via reverse path forwarding. PIM uses the routers IP routing table rather than maintaining a separate multicast routing table as with DVMRP. PIM - Sparse Mode is designed for networks where the probability of a multicast client is low, such as on a Wide Area Network. PIM - Dense Mode is designed for networks where the probability of a multicast client is high and frequent flooding of multicast traffic can be justified.
TACACS+ is a logon authentication protocol that uses software running on a central server to control access to TACACS-compliant devices on the network.
Telnet Protocol-Independent Multicasting (PIM)
Terminal Access Controller Access Control System Plus (TACACS+)
Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol suite that includes TCP as the primary transport protocol, and IP as the network layer protocol.
327
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL). A TCP/IP protocol commonly used for software downloads. A proposed wireless security protocol, developed by Funk Software and Certicom, that combines network-based certificates with other authentication such as tokens or passwords. Also known as EAP-TTLS.
UDP provides a datagram mode for packet-switched communications. It
Trivial File Transfer Protocol (TFTP) Tunneled Transport Layer Security (TTLS) User Datagram Protocol (UDP)
uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets connection-less datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. A VLAN serves as a logical workgroup with no physical barriers, and allows users to share information and resources as though located on the same LAN. A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected.
Virtual LAN (VLAN)
XModem
328
APPENDIX : GLOSSARY
INDEX
A Access profiles 39 Access_Profiles 40 ACL_Binding 92 ACL_Setup 76 Activating Image Files 269 Active_Image 269 Address Resolution Protocol 193 AP_Summary 157 ARP 193, 196 ARP_Remove 196 ARP_setup 195 Authenticated_Host_Summary 59 authenticated_hosts 59 AuthenticatedUsers 60 B Bandwidth_Settings 251 BPDU 232 Bridge Multicast Filtering 210 C Cannot connect to management using RS-232 serial connection 317 Cannot connect to switch management using Telnet, HTTP, SNMP, etc. 317 CIR 252 Class of Service 311 Classic_STP 219 CLI 310 Command Line Interface 310 Committed Information Rate 252
Configuring ARP 193 Configuring_RMON_Events 283 conventions notice icons, About This Guide 4 CoS 311 CoS_to_queue 257 CountryCode 98 D Defining Default Gateways 193 Defining IGMP Snooping 205 Defining Port Authentication 56, 57 Defining Router Groups 215 Defining_RMON_alarms 292 Defining_RMON_Control 283 Device is in a reboot loop 317 DHCP 310 DNS 310 Domain Name System 310 Downloading 265 DSCP 243 DSCP to Queue Page 254, 255 DSCP_Queue_Mappings 255 DSCP_rewrite 245 DSCP_to_Queue 254 Dynamic_addresses 202 E EAP 312 EAP_Statistics 71 Enabling System Logs 261 ESS 15, 162 Extended service sets 15, 162
330
INDEX
Extensible Authentication Protocol 312 F Fast link 219, 225, 311 FCS 272, 282 FCS error 272, 282 Figure 153 Syslog Properties Page 261 Figure 115 Queue Page 250 Figure Title Figure 145 Time Page 111 Figure Title 82 IP Interface Page 191 Frame Check Sequence 272, 282 G GARP VLAN Registration Protocol 311 General 95 Get_Image 267 GVRP 151, 311 H Heading 1 Defining System Settings 97 I IEEE 802.1Q- 311 IGMP 205 instance 235 Internet 82 IP 82 IP addresses 14, 191 IP_Based_ACL 82 IP_based_Rules 87 IP_Based_Setup 84 IP_interfaces 191 L LACP 130 LAG_Membership 136
LCP 230 LEDs 22 Link Aggregation Control Protocol 130 Link Control Protocol 230 Log_Display 260 Logging_Setup 261 Lost password 319 M MAC addresses 64 MAC_based_Rules 78 Management Access Lists 40 Management_Access 39 MDI 312 MDIX 312 mitagate 168 modify_rstp 229 modify_stp 225 Modifyijng_RMON_History 277 modifying_multiple_hosts 62 modifying_port_authentication 56 modifying_profiles 181, 182 MST 234 MSTP Instance Settings Page 236 mstp_interface 234 mstp_port 239 MSTP_Port_Summary 236 multi_stp 232 Multicast Bridging 209 Multicast Group Page 209 Multiple Spanning Tree 232 Multiple_Host_Summary 61 Multiple_Hosts 59 N NCP 230 Network Control Protocols 230 No connection and the port LED is off 318 No connection is established and the port LED is on 317
INDEX
331
No response from the terminal emulation software 317 P Page 29, 54, 71 Passwords 44 PoE 313 Port Based Authenticatio 315 Port_Authentication_settings 54 Port_Security 65 Port_Settings 116 Port_Settings_Setup 119 Power over Ethernet 313 power_settings 189 Q QoS 243 QoS services 247 Queue 250 Queue_Setup 250 R RADIUS 48 Rapid Spanning Tree Protocol 227 Rapid_STP 240 Remote Authentication Dial In User Service 312 61084 figure caption Figure 13 Management Access 29 Removing_ACLs 90 Removing_History_Entries 279 Removing_MAC_Based_ACL 80 Removing_RMON_Alarms 298 Response from the terminal emulations software is not readable 317 RMON_Alarm_Setup 294 RMON_Events_Control 287 RMON_History_Control 274 RMON_History_Summeries 281 RMON_statistics 271
Rouge_setup 164 RSTP 227, 313 rstp 227 S Self-test exceeds 15 seconds 317 Service set identifier 15, 18, 163 80207 figure caption Figure 6 802.1x Global Settings 54 Simple Network Management Protocol 313 Simple Network Time Protocol 313 SNMP 313 SNTP 108, 313, 315 Spanning Tree 218 Spanning Tree Protocol 314 SSH 314 SSID 15, 18, 163 SSL 314 Starting the application 20 Static MAC Entries 314 static-addresses 200 Stations 187 Storm contro 68 Storm_Control 68 STP 228, 230 STP_Global 222 STP_interface 222 EAP Statistics 71 System time 108 SystemName 107 T Tab area 23 Tabs 22 TACACS+ 314 TACACS_Configuration 50 TCP 82, 314 Temporal Key Integrity Protocol 15, 18,
332
INDEX
164 Terminal Access Controller Access Control System (TACACS+) 50 TFTP Trivial File Transfer Protocol 314 Time 108 TKIP 15, 19, 164 Traceroute 314, 315 Transmission 82 Transport Control Protocol 314 Tree view 22 Troubleshooting 316 Trunk_Settings 132 Trust 244 U UDP 83 Understanding the interface 22 User 83 V VAPs 172, 177 Viewing System Description 95 Virtual Cable Testing 314 VLAN 140, 151 VLAN priority 243 VLAN_interface 147 VLAN_membership 140 VLAN_Membership_Modify 145 VLAN_Membership_Summary 144 Voice_VLAN 154
W WEP 15, 18, 163 Wi-Fi Protected Access 15, 18, 19, 164 82693 figure caption Figure 2 Device Summary 36 Wired Equivalent Privacy 15, 18, 163 Wireless_Conf 162 Wireless_Wizard 162 WLAN_profiles 179, 185 WPA 15, 18, 164 X X22879 24 X24627 20 X40270 68 X51921 22 X78856 264 X91025 28 X94141 23

3com 3CRUS2475 User-Guide

Uploaded by

Copyright:

Available Formats

3com 3CRUS2475 User-Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3com 3CRUS2475 User-Guide

Uploaded by

Copyright:

Available Formats

3Com Unified Gigabit Wireless PoE Switch 24 User Guide

3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064

ABOUT THIS GUIDE

User Guide Overview Intended Audience

CHAPTER : ABOUT THIS GUIDE

User Guide Overview

User Guide Overview

CHAPTER : ABOUT THIS GUIDE

Table 1 lists conventions that are used throughout this guide.

ABOUT THIS GUIDE

CONFIGURING THE WIZARD

VIEWING BASIC SETTINGS

MANAGING DEVICE SECURITY

MANAGING SYSTEM INFORMATION

CONFIGURING WIRED PORTS

CONFIGURING MULITCAST FORWARDING

CONFIGURING SPANNING TREE

CONFIGURING QUALITY OF SERVICE

MANAGING SYSTEM LOGS

MANAGING SYSTEM FILES

WLAN COUNTRY SETTINGS DEVICE SPECIFICATIONS AND FEATURES

CONFIGURING THE WIZARD

Step 1 Viewing Factory Defaults

SECTION 1: CONFIGURING THE WIZARD

Step 1 - The Setup Wizard Page contains the following sections:

Manual Indicates the IP Interface is configured by the user.

Step 1 Viewing Factory Defaults

DHCP Indicates the IP Interface is dynamically created.

The System Setup Page opens:

SECTION 1: CONFIGURING THE WIZARD

Step 2 Configuring System Settings

The System Setup Page contains the following fields:

3 Define the fields. 4 Click The IP Configuration Page opens:

Step 3 Configuring IP Settings

Step 3 Configuring IP Settings

Figure 3 IP Configuration Page

The IP Configuration Page contains the following fields:

SECTION 1: CONFIGURING THE WIZARD

Step 4 Defining Wireless Settings

Figure 4 Wireless Configuration Page

The Wireless Configuration Page contains the following fields:

Step 5 Saving Configured Settings

7 Define the fields. 8 Click

Step 5 Saving Configured Settings

The Manual Configuration Wizard - Completed Page opens:

Starting the 3Com Embedded Web Interface

Starting the 3Com Embedded Web Interface

Figure 6 Enter Network Password Page

CHAPTER 2: GETTING STARTED

Figure 7 3Com Embedded Web Interface Home Page

Understanding the 3Com Embedded Web Interface

Understanding the 3Com Embedded Web Interface

Figure 8 Embedded Web Interface Components

This section provides the following additional information:

CHAPTER 2: GETTING STARTED

To access the Device Representation: 1 Click Device Summary > Wired.

Using Screen and Table Options

Using Screen and Table Options

CHAPTER 2: GETTING STARTED