680242
14
Verklein
Vergroot
Pagina terug
1/211
Pagina verder
VigorSwitch G2280 User’s Guide
ii
VigorSwitch G2280
24 Ports + 4 Combo UTP/SFP Ports
L2 Managed Gigabit Switch
User’s Guide
Version: 1.2
Firmware Version: V2.3.2
(For future update, please visit DrayTek web site)
Date: June 13, 2018
VigorSwitch G2280 User’s Guide
iii
Copyrights
© All rights reserved. This publication contains information that is protected by copyright. No part may be
reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without
written permission from the copyright holders.
Trademarks
The following trademarks are used in this document:
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7, 8, 10 and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.
Caution
Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather
conditions or walking across a carpeted floor may cause you to acquire a static electrical charge.
To protect your device, always:
Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit
device.
Pick up the device by holding it on the left and right edges only.
Warranty
We warrant to the original end user (purchaser) that the device will be free from any defects in workmanship or
materials for a period of one (1) year from the date of purchase from the dealer. Please keep your purchase
receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of
purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at
our discretion, repair or replace the defective products or components, without charge for either parts or labor,
to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement
will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely
at our discretion. This warranty will not apply if the product is modified, misused, tampered with, damaged by an
act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed
software of other vendors. Defects which do not significantly affect the usability of the product will not be
covered by the warranty. We reserve the right to revise the manual and online documentation and to make
changes from time to time in the contents hereof without obligation to notify any person of such revision or
changes.
Be a Registered Owner
Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com.
Firmware & Tools Updates
Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the
DrayTek web site for more information on newest firmware, tools and documents.
More update, please visit www.draytek.com.
VigorSwitch G2280 User’s Guide
i
v
T
T
a
a
b
b
l
l
e
e
o
o
f
f
C
C
o
o
n
n
t
t
e
e
n
n
t
t
s
s
Part I Introduction..............................................................................................................1
I-1 Introduction ................................................................................................................................... 2
I-1-1 Key Features ....................................................................................................................... 2
I-1-2 Specifications ...................................................................................................................... 3
I-1-3 Packing List ......................................................................................................................... 4
I-1-4 LED Indicators and Connectors .......................................................................................... 4
I-2 Installation..................................................................................................................................... 6
I-2-1 Network Connection ............................................................................................................ 6
I-2-2 Wall-Mounted Installation .................................................................................................... 6
I-2-3 Connection via Console Cable............................................................................................ 7
I-2-4 Typical Applications........................................................................................................... 11
I-2-5 Installing Network Cables.................................................................................................. 15
I-2-6 Configuring the Management Agent of Switch.................................................................. 15
I-2-7 Managing VigorSwitch G2280 through Ethernet Port....................................................... 15
I-2-8 IP Address Assignment .....................................................................................................16
I-3 Accessing Web Page of VigorSwitch.......................................................................................... 20
I-4 Dashboard................................................................................................................................... 21
I-5 Status .......................................................................................................................................... 22
I-5-1 Port Bandwidth Utilization ................................................................................................. 22
I-5-2 LLDP Statistics .................................................................................................................. 22
I-5-3 GVRP Statistics................................................................................................................. 23
I-5-4 MLD Snooping Statistics ...................................................................................................23
Part II Switch LAN............................................................................................................25
II-1 General Setup............................................................................................................................ 26
II-1-1 IP Address........................................................................................................................ 26
II-1-2 IPv6 Address .................................................................................................................... 27
II-1-3 Management VLAN ..........................................................................................................28
II-2 Port Setting ................................................................................................................................ 29
II-3 Mirror.......................................................................................................................................... 31
II-4 Link Aggregation ........................................................................................................................ 32
II-4-1 LAG Setting ...................................................................................................................... 32
II-4-2 LAG Management ............................................................................................................ 33
II-4-3 LAG Port Setting............................................................................................................... 34
II-4-4 LACP Setting.................................................................................................................... 35
II-4-5 LACP Port Setting ............................................................................................................ 36
II-5 VLAN Management.................................................................................................................... 37
II-5-1 Create VLAN .................................................................................................................... 37
II-5-2 Interface Settings.............................................................................................................. 38
VigorSwitch G2280 User’s Guide
v
II-5-3 Voice VLAN ...................................................................................................................... 40
II-5-3-1 Properties .................................................................................40
II-5-3-2 Telephony OUI Setting ..................................................................41
II-5-3-3 Port Setting ...............................................................................42
II-5-4 MAC VLAN ....................................................................................................................... 43
II-5-4-1 MAC Group ................................................................................43
I-5-4-3 Group Binding .............................................................................43
II-5-5 Protocol VLAN.................................................................................................................. 45
II-5-5-1 Protocol Group ...........................................................................45
II-5-5-2 Group Binding ............................................................................46
II-5-6 Surveillance VLAN............................................................................................................ 48
II-5-6-1 Property ...................................................................................48
II-5-6-1 Surveillance OUI..........................................................................49
II-5-7 GVRP ............................................................................................................................... 51
II-5-7-1 Property ...................................................................................51
II-5-7-2 Membership...............................................................................52
II-6 EEE............................................................................................................................................ 53
II-7 Multicast..................................................................................................................................... 54
II-7-1 Properties ......................................................................................................................... 54
II-7-2 IGMP Snooping ................................................................................................................ 56
II-7-2-1 IGMP Setting ..............................................................................56
II-7-2-2 IGMP Querier Setting....................................................................58
II-7-2-3 IGMP Static Group .......................................................................59
II-7-2-4 IGMP Group Table........................................................................60
II-7-2-5 IGMP Router Table.......................................................................61
II-7-2-6 Forward All ...............................................................................62
II-7-2-7 Throttling .................................................................................63
II-7-2-8 Filtering Profile ..........................................................................64
II-7-2-9 Filtering Binding .........................................................................65
II-7-3 MVR.................................................................................................................................. 67
II-7-3-1 Property ...................................................................................67
II-7-3-2 Port Setting ...............................................................................68
II-7-3-3 Group Address............................................................................69
II-7-4 MLD Snooping.................................................................................................................. 70
II-7-4-1 MLD Setting ...............................................................................70
II-7-4-2 MLD Static Group ........................................................................72
II-7-4-3 MLD Group Table.........................................................................74
II-7-4-4 MLD Router Table........................................................................75
II-7-4-5 Forward All ...............................................................................76
II-7-4-6 Throttling .................................................................................77
II-7-4-7 Filtering Profile ..........................................................................78
II-7-4-8 Filtering Binding .........................................................................79
II-8 Jumbo Frame............................................................................................................................. 81
II-9 STP ............................................................................................................................................ 82
II-9-1 Properties ......................................................................................................................... 82
II-9-2 Port Setting....................................................................................................................... 83
II-9-3 Bridge Setting................................................................................................................... 85
II-9-4 Port Advanced Setting...................................................................................................... 86
II-9-5 Statistics ........................................................................................................................... 87
II-9-6 MST Instance ................................................................................................................... 88
VigorSwitch G2280 User’s Guide
vi
II-9-7 MST Port Setting .............................................................................................................. 89
II-10 MAC Address Table.................................................................................................................. 91
II-10-1 Static MAC Setting ......................................................................................................... 91
II-10-2 Dynamic Address Setting ............................................................................................... 92
II-10-3 Dynamic Learned ........................................................................................................... 92
II-11 Blocked Port Recover............................................................................................................... 94
Part III Security.................................................................................................................95
III-1 RADIUS..................................................................................................................................... 96
III-2 TACACS+.................................................................................................................................. 98
III-3 Management Access Authentication......................................................................................... 99
III-3-1 Method Profile ................................................................................................................. 99
III-3-2 Application Authentication............................................................................................. 100
III-4 Management Access Control.................................................................................................. 101
III-4-1 Management Access Control Profile (ACL)................................................................... 101
III-4-2 Management Access Control Entries (ACE)................................................................. 102
III-5 802.1X/MAC Authentication.................................................................................................... 104
III-5-1 Properties ...................................................................................................................... 104
III-5-1-1 Global Settings ........................................................................ 104
III-5-1-2 Port Authentication Setting......................................................... 105
III-5-2 Port Control/Settings ..................................................................................................... 106
III-5-3 MAC-Based Local Account ........................................................................................... 108
III-5-4 Authenticated Hosts ...................................................................................................... 109
III-6 Port Security.............................................................................................................................110
III-7 Protected Ports ........................................................................................................................112
III-8 Storm Control...........................................................................................................................113
III-8-1 Properties ...................................................................................................................... 113
III-8-2 Port Setting.................................................................................................................... 114
III-9 DoS ..........................................................................................................................................116
III-9-1 Properties ...................................................................................................................... 116
III-9-2 DoS Port Setting............................................................................................................ 118
III-10 Dynamic ARP Inspection .......................................................................................................119
III-10-1 Properties .................................................................................................................... 119
III-10-1-1 Global Property Settings ........................................................... 119
III-10-1-2 Per Port Property Settings ......................................................... 120
III-10-2 Statistics ...................................................................................................................... 121
III-11 DHCP Snooping.................................................................................................................... 122
III-11-1 Properties .................................................................................................................... 122
III-11-1-1 Global Property Settings ........................................................... 122
III-11-1-2 Per Port Property Settings ......................................................... 123
III-11-2 Statistics ...................................................................................................................... 124
III-11-3 Option82 Property ....................................................................................................... 124
III-11-3-1 Global Option82 Property Settings ............................................... 124
VigorSwitch G2280 User’s Guide
vii
III-11-3-2 Per Port Option82 Property Settings ............................................. 125
III-11-4 Option82 Circuit ID...................................................................................................... 126
III-12 IP Source Guard ................................................................................................................... 127
III-12-1 Port Settings................................................................................................................ 127
III-12-2 IMPV Binding............................................................................................................... 128
III-12-3 Save Database............................................................................................................ 129
Part IV ACL Configuration.............................................................................................131
IV-1 Create ACL ............................................................................................................................. 132
IV-1-1 MAC .............................................................................................................................. 132
IV-1-2 IPv4............................................................................................................................... 133
IV-1-3 IPv6............................................................................................................................... 133
IV-2 Create ACE............................................................................................................................. 135
IV-2-1 MAC .............................................................................................................................. 135
IV-2-2 IPv4............................................................................................................................... 136
IV-2-3 IPv6............................................................................................................................... 138
IV-3 ACL Binding ............................................................................................................................ 140
Part V QoS Configuration..............................................................................................141
V-1 General .................................................................................................................................... 142
V-1-1 Properties....................................................................................................................... 142
V-1-1-1 QoS General Setting................................................................... 142
V-1-1-2 Trust Ports .............................................................................. 143
V-1-2 Port Settings................................................................................................................... 144
V-1-3 Queue Settings .............................................................................................................. 145
V-1-4 CoS Mapping ................................................................................................................. 146
V-1-5 DSCP Mapping .............................................................................................................. 147
V-1-6 IP Precedence Mapping................................................................................................. 148
V-2 Bandwidth ................................................................................................................................ 149
V-2-1 Ingress Rate Limit .......................................................................................................... 149
V-2-2 Egress Shaping Rate..................................................................................................... 150
V-2-3 Egress Shaping Per Queue ........................................................................................... 151
Part VI System Maintenance.........................................................................................153
VI-1 TR-069.................................................................................................................................... 154
VI-2 LLDP....................................................................................................................................... 156
VI-2-1 Properties...................................................................................................................... 156
VI-2-2 LLDP Port Setting ......................................................................................................... 157
VI-2-3 LLDP Local Device........................................................................................................ 158
VI-2-4 MED Network Policy ..................................................................................................... 159
VI-2-5 LLDP MED Port Settings .............................................................................................. 160
VI-2-6 LLDP Remote Device.................................................................................................... 161
VI-2-7 LLDP Overloading......................................................................................................... 162
VigorSwitch G2280 User’s Guide
viii
VI-3 SNMP ..................................................................................................................................... 163
VI-3-1 View............................................................................................................................... 164
VI-3-2 Group ............................................................................................................................ 165
VI-3-3 Community.................................................................................................................... 166
VI-3-4 User............................................................................................................................... 167
VI-3-5 Engine ID ...................................................................................................................... 169
VI-3-5-1 Local Engine ID ........................................................................ 169
VI-3-5-2 Remote Engine ID ..................................................................... 169
VI-3-6 Trap Event..................................................................................................................... 171
VI-3-7 Notification .................................................................................................................... 172
VI-4 Access Manager ..................................................................................................................... 174
VI-5 Time and Date ........................................................................................................................ 175
VI-5-1 System Time Zone........................................................................................................ 175
VI-5-2 Time .............................................................................................................................. 176
VI-6 Backup Manager..................................................................................................................... 177
VI-7 Upgrade Manager................................................................................................................... 178
VI-8 Firmware Information.............................................................................................................. 179
VI-9 Account Manager.................................................................................................................... 180
VI-10 Factory Default ..................................................................................................................... 182
VI-11 Reboot Switch....................................................................................................................... 183
Part VII Diagnostics.......................................................................................................185
VII-1 Cable Diagnostics.................................................................................................................. 186
VII-2 Ping Test................................................................................................................................ 187
VII-3 SysLog................................................................................................................................... 188
VII-3-1 SysLog Explorer........................................................................................................... 188
VII-3-2 SysLog Settings ........................................................................................................... 189
VII-3-2-1 SysLog Service......................................................................... 189
VII-3-2-2 Local SysLog ........................................................................... 190
VII-3-2-3 Remote SysLog ........................................................................ 191
Appendix: Reference.....................................................................................................193
A-1 What’s the Ethernet................................................................................................................. 193
A-2 Media Access Control (MAC) .................................................................................................. 196
A-3 Flow Control............................................................................................................................. 200
Index ...............................................................................................................................203
VigorSwitch G2280 User’s Guide
1
P
P
a
a
r
r
t
t
I
I
I
I
n
n
t
t
r
r
o
o
d
d
u
u
c
c
t
t
i
i
o
o
n
n
VigorSwitch G2280 User’s Guide
2
I
I
-
-
1
1
I
I
n
n
t
t
r
r
o
o
d
d
u
u
c
c
t
t
i
i
o
o
n
n
VigorSwitch G2280, 24 Ports + 4 Combo UTP/SFP Ports L2 Managed Gigabit Switch, is a
standard switch that meets all IEEE 802.3/u/x/z Gigabit, Fast Ethernet specifications. The
switch has 24 10/100/1000Mbps TP ports. It supports telnet, http, https, SSH and SNMP
interface for switch management. The network administrator can login the switch to monitor,
configure and control each port’s activity. In addition, the switch implements the QoS
(Quality of Service), VLAN, and Trunking. It is suitable for office application.
Vigor switch supports IEEE 802.3az, Energy-Efficient Ethernet, and provides power saving
feature. It can efficiently save the switch power with auto detect the client idle and cable
length to provide different power.
1000Mbps SFP Fiber port fully complies with all IEEE 802.3z and 1000Base-SX/LX standards.
I
I
-
-
1
1
-
-
1
1
K
K
e
e
y
y
F
F
e
e
a
a
t
t
u
u
r
r
e
e
s
s
Below shows key features of this device:
Q
Q
o
o
S
S
The switch offers powerful QoS function. This function supports 802.1p VLAN tag priority and
DSCP on Layer 3 of network framework.
V
V
L
L
A
A
N
N
Support IEEE802.1Q Tag VLAN. Support 24 active VLANs and VLAN ID 1~4094.
P
P
o
o
r
r
t
t
T
T
r
r
u
u
n
n
k
k
i
i
n
n
g
g
Allows one or more links to be aggregated together to form a Link Aggregation Group by the
static setting.
P
P
o
o
w
w
e
e
r
r
S
S
a
a
v
v
i
i
n
n
g
g
The Power saving using the IEEE 802.3az, Energy-Efficient Ethernet to detect the client idle
and cable length automatically and provides the different power. It could efficient to save
the switch power and reduce the power consumption.
VigorSwitch G2280 User’s Guide
3
I
I
-
-
1
1
-
-
2
2
S
S
p
p
e
e
c
c
i
i
f
f
i
i
c
c
a
a
t
t
i
i
o
o
n
n
s
s
The VigorSwitch G2280, a standalone off-the-shelf switch, provides the comprehensive
features listed below for users to perform system network administration and efficiently and
securely serve your network.
H
H
a
a
r
r
d
d
w
w
a
a
r
r
e
e
24 10/100/1000Mbps Auto-negotiation Gigabit Ethernet ports
Jumbo frame support 9KB
4 UTP/SFP Combo Ethernet Ports
Programmable classifier for QoS (Layer 2/Layer 3)
8K MAC address and support VLAN ID(1~4094)
Per-port shaping, policing, and Broadcast Storm Control
Power Saving with IEEE 802.3az, Energy-Efficient Ethernet
Full-duplex flow control (IEEE802.3x) and half-duplex backpressure
Extensive front-panel diagnostic LEDs; Power, System
Hardware reset button for resetting configuration to factory default by pressing over 5
seconds
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
Supports per port traffic monitoring counters
Supports a snapshot of the system Information when you login
Supports port mirror function
Supports the static trunk function
Supports 802.1Q VLAN
Supports user management and limits three users to login
Maximal packet length can be up to 9600 bytes for jumbo frame application
Supports Broadcasting Suppression to avoid network suspended or crashed
Supports to send the trap event while monitored events happened
Supports default configuration which can be restored to overwrite the current
configuration which is working on via Web UI and Reset button of the switch
Supports on-line plug/unplug SFP modules
Supports Quality of Service (QoS) for real time applications based on the information
taken from Layer 2 to Layer 3
Built-in web-based management and CLI management, providing a more convenient UI
for the user
VigorSwitch G2280 User’s Guide
4
I
I
-
-
1
1
-
-
3
3
P
P
a
a
c
c
k
k
i
i
n
n
g
g
L
L
i
i
s
s
t
t
Before you start installing the switch, verify that the package contains the following:
VigorSwitch G2280
AC Power Cord
Quick Start Guide
Rubber feet
Rack mount kit
Please notify your sales representative immediately if any of the aforementioned items is
missing or damaged.
I
I
-
-
1
1
-
-
4
4
L
L
E
E
D
D
I
I
n
n
d
d
i
i
c
c
a
a
t
t
o
o
r
r
s
s
a
a
n
n
d
d
C
C
o
o
n
n
n
n
e
e
c
c
t
t
o
o
r
r
s
s
Before you use the Vigor device, please get acquainted with the LED indicators and
connectors first. There are 8 Ethernet ports and SFP ports on the front panel of the switch.
LED display area, locating on the front panel, contains an ACT, Power LED and ports working
status of the switch.
L
L
E
E
D
D
E
E
x
x
p
p
l
l
a
a
n
n
a
a
t
t
i
i
o
o
n
n
LED Color Explanation
On (Green)
The switch finishes system booting and the system
is ready.
Blinking (Green)
The switch is powered on and starts system
booting.
SYS
Off
The power is off or the system is not ready /
malfunctioning.
On (Green) The device is powered on and running normally.
PWR
Off The device is not ready or is failed.
On (Green) The device is connected with 1000Mbps.
On (Amber) The device is connected with 10/100Mbps.
Blinking The system is sending or receiving data through
the port.
RJ 45
LNK/ACT
Port 1 ~ 24
Off The port is disconnected or the link is failed.
On (Green) The device is connected with 1000Mbps. Combo for
Port 25 ~ 28
On (Amber) The device is connected with 10/100Mbps.
SFP LNK/ACT
RJ45 LNK/ACT Port 1 to Port 24
Combo Port
VigorSwitch G2280 User’s Guide
5
Blinking The system is sending or receiving data through
the port.
(RJ 45
LNK/ACT)
Off The port is disconnected or the link is failed.
On (Green) The device is connected with 1000Mbps.
On (Amber) The device is connected with 10/100Mpps.
Blinking The system is sending or receiving data through
the port.
SFP LNK/ACT
Off The port is disconnected or the link is failed.
C
C
o
o
n
n
n
n
e
e
c
c
t
t
o
o
r
r
E
E
x
x
p
p
l
l
a
a
n
n
a
a
t
t
i
i
o
o
n
n
Interface Description
RJ 45 LNK/ACT Port 1 ~ 24
Port 1 to Port 24 can be used for Ethernet
connection
.
SFP LNK/ACT Port 25 ~ 28
Port 25 to Port 28 are used for fiber connection.
Console
Used to perform telnet command control.
Power inlet for AC input (100~240V/AC, 50/60Hz).
VigorSwitch G2280 User’s Guide
6
I
I
-
-
2
2
I
I
n
n
s
s
t
t
a
a
l
l
l
l
a
a
t
t
i
i
o
o
n
n
I
I
-
-
2
2
-
-
1
1
N
N
e
e
t
t
w
w
o
o
r
r
k
k
C
C
o
o
n
n
n
n
e
e
c
c
t
t
i
i
o
o
n
n
Use a Cat. 5e twisted-pair cable to connect a PoE device to the port (1~24) of this
switch.
The switch will supply power to PoE Device over the twisted-pair cable.
Please note that Power Device must comply with IEEE 802.3af/at.
Other PCs, servers and network devices can be connected to the switch using a standard
‘straight through’ twisted pair cable.
I
I
-
-
2
2
-
-
2
2
R
R
a
a
c
c
k
k
-
-
M
M
o
o
u
u
n
n
t
t
e
e
d
d
I
I
n
n
s
s
t
t
a
a
l
l
l
l
a
a
t
t
i
i
o
o
n
n
The switch can be installed easily by using rack mount kit.
1. Attach the brackets to the chassis of a 19- or a 23-inch rack. The second bracket attaches
the other side of the chassis as above procedure.
2. After the bracket installation, the VigorSwitch’s chassis can be installed in a rack by using
four screws for each side of the rack.
VigorSwitch G2280 User’s Guide
7
I
I
-
-
2
2
-
-
3
3
C
C
o
o
n
n
n
n
e
e
c
c
t
t
i
i
o
o
n
n
v
v
i
i
a
a
C
C
o
o
n
n
s
s
o
o
l
l
e
e
C
C
a
a
b
b
l
l
e
e
You can perform debugging, configuration and firmware upgrade, through the console
connection.
To connect VigorSwitch to a PC via console cable, please
1. Connect the RJ45 connector of console cable to the console port on Vigor device.
2. Connect the DB9 connector of the console cable to the RS232 port on the PC.
To connect VigorSwitch to a notebook, please
1. Connect the DB9 connector of the console cable to the DB9 connector of USB to RS232
cable first.
2. Connect the RJ45 connector of console cable into the Console Port of the switch.
3. Connect the USB connector to the USB port of the notebook.
1
2
3
VigorSwitch G2280 User’s Guide
8
C
C
o
o
n
n
s
s
o
o
l
l
e
e
P
P
o
o
r
r
t
t
C
C
o
o
n
n
f
f
i
i
g
g
u
u
r
r
a
a
t
t
i
i
o
o
n
n
1. Open Hyper Terminal on the PC.
2. Open the following dialog to configure COM1 Properties as
Baud rate: 115200
Data bits: 8
Stop bits: 1
Parity: None
Flow control: None
Or, you can make configuration via PuTTY utility.
1. Make sure the PuTTY utility has been installed on your PC. Execute PuTTY.
2. Configure the settings as the following figures. The default settings of the console port
are:
Baud rate: 115200
Data bits: 8
Stop bits: 1
Parity: None
Flow control: None
VigorSwitch G2280 User’s Guide
9
VigorSwitch G2280 User’s Guide
1
0
3. Click Open. The default login is:
Username: admin
Password: admin
VigorSwitch G2280 User’s Guide
11
I
I
-
-
2
2
-
-
4
4
T
T
y
y
p
p
i
i
c
c
a
a
l
l
A
A
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
s
s
The VigorSwitch implements 24 Gigabit Ethernet TP ports with auto MDIX and four slots for
the removable module supporting comprehensive fiber types of connection, including LC and
BiDi-LC SFP modules. The switch is suitable for the following applications:
C
C
a
a
s
s
e
e
1
1
:
:
A
A
l
l
l
l
s
s
w
w
i
i
t
t
c
c
h
h
p
p
o
o
r
r
t
t
s
s
a
a
r
r
e
e
i
i
n
n
t
t
h
h
e
e
s
s
a
a
m
m
e
e
l
l
o
o
c
c
a
a
l
l
a
a
r
r
e
e
a
a
n
n
e
e
t
t
w
w
o
o
r
r
k
k
.
.
Every port can access each other. (*The switch image is sample only.)
If VLAN is enabled and configured, each node in the network that can communicate each
other directly is bounded in the same VLAN area.
Here VLAN area is defined by what VLAN you are using. The switch supports both port-based
VLAN and tag-based VLAN. They are different in practical deployment, especially in physical
location. The following diagram shows how it works and what the difference they are.
C
C
a
a
s
s
e
e
2
2
:
:
P
P
o
o
r
r
t
t
-
-
b
b
a
a
s
s
e
e
d
d
V
V
L
L
A
A
N
N
-
-
1
1
(
(
*
*
T
T
h
h
e
e
s
s
w
w
i
i
t
t
c
c
h
h
i
i
m
m
a
a
g
g
e
e
i
i
s
s
s
s
a
a
m
m
p
p
l
l
e
e
o
o
n
n
l
l
y
y
.
.
)
)
The same VLAN members could not be in different switches.
Every VLAN members could not access VLAN members each other.
The switch manager has to assign different names for each VLAN groups at one switch.
VigorSwitch G2280 User’s Guide
12
C
C
a
a
s
s
e
e
3
3
:
:
P
P
o
o
r
r
t
t
-
-
b
b
a
a
s
s
e
e
d
d
V
V
L
L
A
A
N
N
-
-
2
2
VLAN1 members could not access VLAN2, VLAN3 and VLAN4 members.
VLAN2 members could not access VLAN1 and VLAN3 members, but they could access
VLAN4 members.
VLAN3 members could not access VLAN1, VLAN2 and VLAN4.
VLAN4 members could not access VLAN1 and VLAN3 members, but they could access
VLAN2 members.
C
C
a
a
s
s
e
e
4
4
:
:
T
T
h
h
e
e
s
s
a
a
m
m
e
e
V
V
L
L
A
A
N
N
m
m
e
e
m
m
b
b
e
e
r
r
s
s
c
c
a
a
n
n
b
b
e
e
a
a
t
t
d
d
i
i
f
f
f
f
e
e
r
r
e
e
n
n
t
t
s
s
w
w
i
i
t
t
c
c
h
h
e
e
s
s
w
w
i
i
t
t
h
h
t
t
h
h
e
e
s
s
a
a
m
m
e
e
V
V
I
I
D
D
VigorSwitch G2280 User’s Guide
13
C
C
a
a
s
s
e
e
5
5
:
:
D
D
e
e
s
s
k
k
t
t
o
o
p
p
I
I
n
n
s
s
t
t
a
a
l
l
l
l
a
a
t
t
i
i
o
o
n
n
1. Install the switch on a level surface that can support the weight of the unit and the
relevant components.
2. Plug the switch with the female end of the provided power cord and plug the male end
to the power outlet.
C
C
a
a
s
s
e
e
6
6
:
:
R
R
a
a
c
c
k
k
-
-
m
m
o
o
u
u
n
n
t
t
I
I
n
n
s
s
t
t
a
a
l
l
l
l
a
a
t
t
i
i
o
o
n
n
The switch may be standalone, or mounted in a rack. Rack mounting facilitate to an orderly
installation when you are going to install series of networking devices.
Procedures to Rack-mount the switch:
1. Disconnect all the cables from the switch before continuing.
2. Place the unit the right way up on a hard, flat surface with the front facing you.
3. Locate a mounting bracket over the mounting holes on one side of the unit.
4. Insert the screws and fully tighten with a suitable screwdriver.
5. Repeat the two previous steps for the other side of the unit.
6. Insert the unit into the rack and secure with suitable screws.
7. Reconnect all the cables.
C
C
a
a
s
s
e
e
7
7
:
:
C
C
e
e
n
n
t
t
r
r
a
a
l
l
S
S
i
i
t
t
e
e
/
/
R
R
e
e
m
m
o
o
t
t
e
e
s
s
i
i
t
t
e
e
a
a
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
i
i
s
s
u
u
s
s
e
e
d
d
i
i
n
n
c
c
a
a
r
r
r
r
i
i
e
e
r
r
o
o
r
r
I
I
S
S
P
P
VigorSwitch G2280 User’s Guide
1
4
C
C
a
a
s
s
e
e
8
8
:
:
P
P
e
e
e
e
r
r
-
-
t
t
o
o
-
-
p
p
e
e
e
e
r
r
a
a
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
i
i
s
s
u
u
s
s
e
e
d
d
i
i
n
n
t
t
w
w
o
o
r
r
e
e
m
m
o
o
t
t
e
e
o
o
f
f
f
f
i
i
c
c
e
e
s
s
C
C
a
a
s
s
e
e
9
9
:
:
O
O
f
f
f
f
i
i
c
c
e
e
n
n
e
e
t
t
w
w
o
o
r
r
k
k
VigorSwitch G2280 User’s Guide
15
I
I
-
-
2
2
-
-
5
5
I
I
n
n
s
s
t
t
a
a
l
l
l
l
i
i
n
n
g
g
N
N
e
e
t
t
w
w
o
o
r
r
k
k
C
C
a
a
b
b
l
l
e
e
s
s
Crossover or straight-through cable: All the ports on the switch support Auto-MDI/MDI-X
functionality. Both straight-through or crossover cables can be used as the media to connect
the switch with PCs as well as other devices like switches, hubs or router.
Category 3, 4, 5 or 5e, 6 UTP/STP cable: To make a valid connection and obtain the optimal
performance, an appropriate cable that corresponds to different transmitting/receiving
speed is required. To choose a suitable cable, please refer to the following table.
Media Speed Wiring
10 Mbps Category 3,4,5 UTP/STP
100Mbps Category 5 UTP/STP
10/100/1000
Mbps copper
1000 Mbps Category 5e, 6 UTP/STP
I
I
-
-
2
2
-
-
6
6
C
C
o
o
n
n
f
f
i
i
g
g
u
u
r
r
i
i
n
n
g
g
t
t
h
h
e
e
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A
A
g
g
e
e
n
n
t
t
o
o
f
f
S
S
w
w
i
i
t
t
c
c
h
h
Users can monitor and configure the switch through the following procedures.
Configuring the Management Agent of VigorSwitch G2280 through the Ethernet Port.
There are several ways to configure and monitor the switch through Ethernet port, includes
Web-UI and SNMP.
I
I
-
-
2
2
-
-
7
7
M
M
a
a
n
n
a
a
g
g
i
i
n
n
g
g
V
V
i
i
g
g
o
o
r
r
S
S
w
w
i
i
t
t
c
c
h
h
G
G
2
2
2
2
8
8
0
0
t
t
h
h
r
r
o
o
u
u
g
g
h
h
E
E
t
t
h
h
e
e
r
r
n
n
e
e
t
t
P
P
o
o
r
r
t
t
Before start using the switch, the IP address setting of the switch should be done, then
perform the following steps:
1. Set up a physical path between the configured the switch and a PC by a qualified UTP Cat.
5e cable with RJ-45 connector.
Note: If PC directly connects to the switch, you have to setup the same subnet mask
between them. But, subnet mask may be different for the PC in the remote site. Please
refer to the above figure about the Web Smart Switch default IP address information.
2. After configuring correct IP address on your PC, open your web browser and access
switch's IP address.
VigorSwitch G2280 User’s Guide
16
Default system account is "admin", with password "admin" in default. Switch IP address is
"192.168.1.224" by default with DHCP client enabled.
I
I
-
-
2
2
-
-
8
8
I
I
P
P
A
A
d
d
d
d
r
r
e
e
s
s
s
s
A
A
s
s
s
s
i
i
g
g
n
n
m
m
e
e
n
n
t
t
For IP address configuration, there are three parameters needed to be filled in. They are IP
address, Subnet Mask, Default Gateway and DNS.
IP address:
The address of the network device in the network is used for internetworking communication.
Its address structure looks is shown below. It is “classful” because it is split into predefined
address classes or categories.
Each class has its own network range between the network identifier and host identifier in the
32 bits address. Each IP address comprises two parts: network identifier (address) and host
identifier (address). The former indicates the network where the addressed host resides, and
the latter indicates the individual host in the network which the address of host refers to. And
the host identifier must be unique in the same LAN. Here the term of IP address we used is
version 4, known as IPv4.
Network identifier Host identifier
32 bits
With the classful addressing, it divides IP address into three classes, class A, class B and class
C. The rest of IP addresses are for multicast and broadcast. The bit length of the network
prefix is the same as that of the subnet mask and is denoted as IP address/X, for example,
192.168.1.0/24. Each class has its address range described below.
Class A:
Address is less than 126.255.255.255. There are a total of 126 networks can be defined
because the address 0.0.0.0 is reserved for default route and 127.0.0.0/8 is reserved for
loopback function.
Class B:
IP address range between 128.0.0.0 and 191.255.255.255. Each class B network has a 16-bit
network prefix followed 16-bit host address. There are 16,384 (2^14)/16 networks able to be
defined with a maximum of 65534 (2^16 –2) hosts per network.
Class C:
VigorSwitch G2280 User’s Guide
1
7
IP address range between 192.0.0.0 and 223.255.255.255. Each class C network has a 24-bit
network prefix followed 8-bit host address. There are 2,097,152 (2^21)/24 networks able to
be defined with a maximum of 254 (2^8 –2) hosts per network.
Class D and E:
Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP
Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for IP
broadcast.
According to IANA (Internet Assigned Numbers Authority), there are three specific IP address
blocks reserved and able to be used for extending internal network. We call it Private IP
address and list below:
Class A 10.0.0.0 --- 10.255.255.255
Class B 172.16.0.0 --- 172.31.255.255
Class C 192.168.0.0 --- 192.168.255.255
Please refer to RFC 1597 and RFC 1466 for more information.
Subnet mask:
It means the sub-division of a class-based network or a CIDR block. The subnet is used to
determine how to split an IP address to the network prefix and the host address in bitwise
basis. It is designed to utilize IP address more efficiently and ease to manage IP network.
For a class B network, 128.1.2.3, it may have a subnet mask 255.255.0.0 in default, in which
the first two bytes is with all 1s. This means more than 60 thousands of nodes in flat IP
address will be at the same network. It’s too large to manage practically. Now if we divide it
into smaller network by extending network prefix from 16 bits to, say 24 bits, that’s using its
third byte to subnet this class B network. Now it has a subnet mask 255.255.255.0, in which
each bit of the first three bytes is 1. It’s now clear that the first two bytes is used to identify
the class B network, the third byte is used to identify the subnet within this class B network
and, of course, the last byte is the host number.
Not all IP address is available in the sub-netted network. Two special addresses are reserved.
They are the addresses with all zero’s and all one’s host number. For example, an IP address
128.1.2.128, what IP address reserved will be looked like? All 0s mean the network itself, and
all 1s mean IP broadcast.
VigorSwitch G2280 User’s Guide
18
In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.128, contains 126
members in the sub-netted network. Another is that the length of network prefix equals the
number of the bit with 1s in that subnet mask. With this, you can easily count the number of
IP addresses matched. The following table shows the result.
Prefix Length No. of IP matched No. of Addressable IP
/32 1 -
/31 2 -
/30 4 2
/29 8 6
/28 16 14
/27 32 30
/26 64 62
/25 128 126
/24 256 254
/23 512 510
/22 1024 1022
/21 2048 2046
/20 4096 4094
/19 8192 8190
/18 16384 16382
/17 32768 32766
/16 65536 65534
According to the scheme above, a subnet mask 255.255.255.0 will partition a network with
the class C. It means there will have a maximum of 254 effective nodes existed in this
sub-netted network and is considered a physical network in an autonomous network. So it
owns a network IP address which may looks like 168.1.2.0.
With the subnet mask, a bigger network can be cut into small pieces of network. If we want to
have more than two independent networks in a worknet, a partition to the network must be
performed. In this case, subnet mask must be applied.
For different network applications, the subnet mask may look like 255.255.255.240. This
means it is a small network accommodating a maximum of 15 nodes in the network.
VigorSwitch G2280 User’s Guide
1
9
For assigning an IP address to the switch, you just have to check what the IP address of the
network will be connected with the switch. Use the same network address and append your
host address to it.
First, IP Address: as shown above, enter “192.168.1.224”, for instance. For sure, an
IP address such as 192.168.1.x must be set on your PC.
Second, Subnet Mask: as shown above, enter “255.255.255.0”. Choose a subnet mask
suitable for your network.
Note: The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on
network connected to the switch, check before accessing your switch is essential.
VigorSwitch G2280 User’s Guide
2
0
I
I
-
-
3
3
A
A
c
c
c
c
e
e
s
s
s
s
i
i
n
n
g
g
W
W
e
e
b
b
P
P
a
a
g
g
e
e
o
o
f
f
V
V
i
i
g
g
o
o
r
r
S
S
w
w
i
i
t
t
c
c
h
h
1. Open any browser (e.g., Firefox) and type “192.168.1.224” as URL.
2. Please type “admin/admin” as the Username/Password and click Login.
3. Now, the Main Screen will appear.
Info
The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on
network connected to VigorSwitch, checking before accessing VigorSwitch is
essential.
VigorSwitch G2280 User’s Guide
21
I
I
-
-
4
4
D
D
a
a
s
s
h
h
b
b
o
o
a
a
r
r
d
d
Click Dashboard from the main menu on the left side of the main page.
A web page with default selections will be displayed on the screen. Refer to the following
figure:
VigorSwitch G2280 User’s Guide
22
I
I
-
-
5
5
S
S
t
t
a
a
t
t
u
u
s
s
I
I
-
-
5
5
-
-
1
1
P
P
o
o
r
r
t
t
B
B
a
a
n
n
d
d
w
w
i
i
d
d
t
t
h
h
U
U
t
t
i
i
l
l
i
i
z
z
a
a
t
t
i
i
o
o
n
n
This page offers the traffic statistics inlcuding data information and data of interframe gap
for each port (GE1 to GE28). In which, data of interframe gap can be displayed or hidden by
choose Enable / Disable for IFG.
I
I
-
-
5
5
-
-
2
2
L
L
L
L
D
D
P
P
S
S
t
t
a
a
t
t
i
i
s
s
t
t
i
i
c
c
s
s
This page offers the statistics of LLDP packets (in, out and error) of each port (GE1 to GE28).
VigorSwitch G2280 User’s Guide
23
I
I
-
-
5
5
-
-
3
3
G
G
V
V
R
R
P
P
S
S
t
t
a
a
t
t
i
i
s
s
t
t
i
i
c
c
s
s
GVRP (Generic Attribute Registration Protocol) is used automatically for exchanging
information for VLAN membership between switches. This page counts the GVRP information
received on each port.
I
I
-
-
5
5
-
-
4
4
M
M
L
L
D
D
S
S
n
n
o
o
o
o
p
p
i
i
n
n
g
g
S
S
t
t
a
a
t
t
i
i
s
s
t
t
i
i
c
c
s
s
This page counts the MLD messages received or transmitted on the network.
VigorSwitch G2280 User’s Guide
2
4
This page is left blank.
VigorSwitch G2280 User’s Guide
25
P
P
a
a
r
r
t
t
I
I
I
I
S
S
w
w
i
i
t
t
c
c
h
h
L
L
A
A
N
N
VigorSwitch G2280 User’s Guide
26
I
I
I
I
-
-
1
1
G
G
e
e
n
n
e
e
r
r
a
a
l
l
S
S
e
e
t
t
u
u
p
p
General setup is used to configure settings for the switch network interface and offers how
the switch connects to a remote server to get services.
I
I
I
I
-
-
1
1
-
-
1
1
I
I
P
P
A
A
d
d
d
d
r
r
e
e
s
s
s
s
Use the IP Address screen to configure the switch IP address and the default gateway device.
The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic.
The switch needs an IP address for it to be managed over the network. The factory default IP
address is 192.168.1.224. The subnet mask specifies the network number portion of an IP
address. The factory default subnet mask is 255.255.255.0.
Info
If VigorSwitch has connected to Vigor router, it will use the IP address obtained from
the DHCP server on Vigor router. Thus, the user must type the assigned IP as URL for
accessing into the web user interface of VigorSwitch. If not, 192.168.1.224 shall be
the default IP.
Available settings are explained as follows:
Item Description
Mode Select the mode of network connection.
Static- Use static IPv4 address.
DHCP – Use DHCP provisioned IP address and Gateway if
feasible.
IP Address It is available when Static is selected as Mode.
Enter the IP address of your switch in dotted decimal notation
for example 192.168.1.224. If static mode is enabled, enter IP
address in this field.
Subnet Mask It is available when Static is selected as Mode.
Enter the IP subnet mask of your switch in dotted decimal
notation for example 255.255.255.0. If static mode is enabled,
VigorSwitch G2280 User’s Guide
2
7
enter subnet mask in this field.
Gateway It is available when Static is selected as Mode.
Enter the IP address of the gateway in dotted decimal
notation. If static mode is enabled, enter gateway address in
this field.
DNS Server 1 It is available when Static is selected as Mode.
If static mode is enabled, enter primary DNS server address in
this field.
DNS Server 2 It is available when Static is selected as Mode.
If static mode is enabled, enter secondary DNS server address
in this field.
Apply Apply the settings to the switch.
I
I
I
I
-
-
1
1
-
-
2
2
I
I
P
P
v
v
6
6
A
A
d
d
d
d
r
r
e
e
s
s
s
s
Use the IPv6 Address screen to configure the switch IPv6 address and the default gateway
device. The gateway field specifies the IPv6 address of the gateway (next hop) for outgoing
traffic.
Available settings are explained as follows:
Item Description
Auto Configuration Enable - Check it to let switch automatically configure IPv6
address.
IPv6 Address It is available when Auto Configuration is set as Disable.
Enter the IPv6 address of your switch. If auto configuration
mode is disabled, enter IPv6 address in this field.
Link Local Address Display link local address.
Gateway It is available when Auto Configuration is set as Disable.
Enter the IPv6 address of the router as your default IPv6
gateway to access IPv6 Internet or other IPv6 network.
DNS Server 1 It is available when Auto Configuration is set as Disable.
VigorSwitch G2280 User’s Guide
28
If static mode is enabled, enter primary DNS server address in
this field.
DNS Server 2 It is available when Auto Configuration is set as Disable.
If static mode is enabled, enter secondary DNS server address
in this field.
DHCPv6 Client It is available when Auto Configuration is set as Enable.
Enable this feature if there is a DHCPv6 server on your network
for assigning IPv6 Address, instead of using Router
Advertisement.
Apply Apply the settings to the switch.
I
I
I
I
-
-
1
1
-
-
3
3
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
V
V
L
L
A
A
N
N
This page allows the network administrator to change the VLAN ID of management access.
Management access protocols such as http, https, SNMP and etc., are only accessible from the
VLAN specified as management VLAN.
Available settings are explained as follows:
Item Description
Management VLAN Select the VLAN ID as management VLAN. You can create
additional VLAN profiles by Switch LAN>>VLAN
management>> Create VLAN.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
2
9
I
I
I
I
-
-
2
2
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
Port Setting is used to configure settings for the switch ports, trunk, Layer 2 protocols and
other switch features.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to selelct one or more LAN port(s).
Enable State Enable –Click it to enable the port.
Disable – Click it to disable the port.
Speed Port speed capabilities:
Auto: Auto speed with all capabilities.
Auto-10M: Auto speed with 10M ability only.
Auto-100M: Auto speed with 100M ability only.
Auto-1000M: Auto speed with 1000M ability only.
Auto-10/100M: Auto speed with 10/100M ability.
10M: Force speed with 10M ability.
100M: Force speed with 100M ability.
1000M: Force speed with 1000M ability.
Selecting Auto (auto-negotiation) allows one port to negotiate
with a peer port automatically to obtain the connection speed
and duplex mode that both ends support. When
auto-negotiation is turned on, a port on the switch negotiates
with the peer automatically to determine the connection
speed and duplex mode. If the peer port does not support
auto-negotiation or turns off this feature, the switch
determines the connection speed by detecting the signal on
the cable and using half duplex mode. When the switch’s
auto-negotiation is turned off, a port uses the pre-configured
speed and duplex mode when making a connection, thus
requiring you to make sure that the settings of the peer port
are the same in order to connect.
For SFP fiber module, you might need to manually configure
the speed to match fiber module speed.
VigorSwitch G2280 User’s Guide
3
0
Duplex Port duplex capabilities:
Auto: Auto duplex with all capabilities.
Half: Auto speed with 10/100M ability only.
Full: Auto speed with 10/100/1000M ability only.
Flow Control A concentration of traffic on a port decreases port bandwidth
and overflows buffer memory causing packet discards and
frame losses. Flow Control is used to regulate transmission of
signals to match the bandwidth of the receiving port. The
switch uses IEEE802.3x flow control in full duplex mode and
backpressure flow control in half duplex mode. IEEE802.3x
flow control is used in full duplex mode to send a pause signal
to the sending port, causing it to temporarily stop sending
signals when the receiving port memory buffers fill. Back
Pressure flow control is typically used in half duplex mode to
send a "collision" signal to the sending port (mimicking a state
of packet collision) causing the sending port to temporarily
stop sending signals and resend later.
Enable – Click it to enable such function.
Disable – Click it to disable such function.
Apply Apply the settings to the switch.
Modify It is used to manually enter the description, state, speed,
duplex, flow control for the port.
VigorSwitch G2280 User’s Guide
31
I
I
I
I
-
-
3
3
M
M
i
i
r
r
r
r
o
o
r
r
This section provides ability to mirror packets coming in or going out on any port to a
destination port. Through the packet duplication in the destination port, this feature is
convinent for system administrator to monitor / understand the traffic operation.
Session ID 1 to 4 can be enabled simultaneously and operate independently.
Available settings are explained as follows:
Item Description
Session ID Select the session ID (profile 1 to 4) of mirror operation you
wish to configure.
Monitor Session State Enable – Enable specified mirror session.
Disable - Disable specified mirror session.
Destination Port Specify the port where you wish to observe the mirrored
packets.
Allow Operation as
Normal Port
Enable – The destination port is able to function as a port
connecting to network, communicating with other network
devices.
Disable - Only observe the mirrored packets.
Sniff Ports (RX) / (TX) Select the port(s) which you wish to mirror the traffic, Rx for
mirror the packets into the port, Tx for mirror the packets
going out from the port.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
32
I
I
I
I
-
-
4
4
L
L
i
i
n
n
k
k
A
A
g
g
g
g
r
r
e
e
g
g
a
a
t
t
i
i
o
o
n
n
LAG means Link Aggregation Group which groups some physical ports together to make a
single high-bandwidth data path. Thus it can implement traffic load sharing among the
member ports in a group to enhance the connection reliability.
I
I
I
I
-
-
4
4
-
-
1
1
L
L
A
A
G
G
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows to configure Load Balance Algorithm for Link Aggregation.
Available settings are explained as follows:
Item Description
Load Balance Algorithm Select your Load balance algorithm.
MAC address - Aggregated group will balance the traffic based
on different MAC addresses. Therefore, the packets from
different MAC addresses will be sent to different links.
IP/Mac Address - Aggregated group will balance the traffic
based on MAC addresses and IP addresses. Therefore, the
packets from same MAC addresses but different IP addresses
will be sent to different links.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
33
I
I
I
I
-
-
4
4
-
-
2
2
L
L
A
A
G
G
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
There are eight LAG profiles allowed to group different physical ports (GE1 to GE28). The
system will assign certain port(s) as Active Member and Standby Member according to the GE
selections.
Available settings are explained as follows:
Item Description
Description Display the port description.
Port Type Display the type of the LAG.
Link Status Display LAG port link status.
Active Member Display active member ports of the LAG.
Standby Member Display inactive or candidate member ports of the LAG.
Modify It is used to edit the name, type and port number for each link
aggregation profile.
Name- Enter a string as LAG name.
Type – Use the drop down menu to specify the type for LAG.
Static- The static aggregated port sends packets over
active member without detecting or negotiating with
remote aggregated port.
LACP- The LACP aggregated ports place member into
active only after negotiated with remote aggregated port
for best reliability.
VigorSwitch G2280 User’s Guide
3
4
I
I
I
I
-
-
4
4
-
-
3
3
L
L
A
A
G
G
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page defines port setting for each LAG profile (LAG1 to LAG8), including data speed and
enabling/disabling the flow control.
Available settings are explained as follows:
Item Description
LAG Use the drop down list to selelct one or more LAG profiles.
Enable Enable Click it to enable the profile.
Disable – Click it to disable the profile.
Speed Port speed capabilities:
Auto: Auto speed with all capabilities.
Auto-10M: Auto speed with 10M ability only.
Auto-100M: Auto speed with 100M ability only.
Auto-1000M: Auto speed with 1000M ability only.
Auto-10/100M: Auto speed with 10/100M ability.
10M: Force speed with 10M ability.
100M: Force speed with 100M ability.
1000M: Force speed with 1000M ability.
Selecting Auto (auto-negotiation) allows one port to negotiate
with a peer port automatically to obtain the connection speed
and duplex mode that both ends support. When
auto-negotiation is turned on, a port on the switch negotiates
with the peer automatically to determine the connection
speed and duplex mode. If the peer port does not support
auto-negotiation or turns off this feature, the switch
determines the connection speed by detecting the signal on
the cable and using half duplex mode. When the switch’s
auto-negotiation is turned off, a port uses the pre-configured
speed and duplex mode when making a connection, thus
requiring you to make sure that the settings of the peer port
are the same in order to connect.
For SFP fiber module, you might need to manually configure
the speed to match fiber module speed.
Flow Control A concentration of traffic on a port decreases port bandwidth
and overflows buffer memory causing packet discards and
VigorSwitch G2280 User’s Guide
35
frame losses. Flow Control is used to regulate transmission of
signals to match the bandwidth of the receiving port. The
switch uses IEEE802.3x flow control in full duplex mode and
backpressure flow control in half duplex mode. IEEE802.3x
flow control is used in full duplex mode to send a pause signal
to the sending port, causing it to temporarily stop sending
signals when the receiving port memory buffers fill. Back
Pressure flow control is typically used in half duplex mode to
send a "collision" signal to the sending port (mimicking a state
of packet collision) causing the sending port to temporarily
stop sending signals and resend later.
Enable – Click it to enable such function.
Disable – Click it to disable such function.
Apply Apply the settings to the switch.
Modify It is used to edit status, speed, and flow control for the LAG.
I
I
I
I
-
-
4
4
-
-
4
4
L
L
A
A
C
C
P
P
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows the network administrator to enable or disable the LACP function.
Available settings are explained as follows:
Item Description
LACP Enable – Click it to enable such function.
Disable – Click it to disable the function.
System Priority The priority is used to determine which switch (local or
remote) on the LAG connection is able to decide LACP
activities. The lower the number is, the higher the priority for
Vigorwitch will be. Therefore, the switch with the highest
system priority (e.g., 1) can make decisions about which ports
actively participate in LAG at a given time.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
36
I
I
I
I
-
-
4
4
-
-
5
5
L
L
A
A
C
C
P
P
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This section provides few detailed configuration regarding to Ports under LACP protocol.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to specify LAN Port.
Priority Enter a port priority number for the port.
Timeout The timeout option decides how local switch of LAG
connection determines connection to be lost. Switch would
also notify the remote switch about this setting value, so that
remote switch can send LACP PDU in correct timing.
Long - LACP PDU will be sent every 30 seconds. If port member
is not seen over 90 seconds, it will cause port member
timeout.
Short - LACP PDU will be sent per second. If port member is
not seen over 3 seconds, it will cause port member timeout.
Apply Apply the settings to the switch.
Modify It is used to edit settings (priority and timeout) for LACP port.
VigorSwitch G2280 User’s Guide
3
7
I
I
I
I
-
-
5
5
V
V
L
L
A
A
N
N
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of
requirements that communicate as if they were attached to the same broadcast domain,
regardless of their physical location. A VLAN has the same attributes as a physical local area
network (LAN), but it allows for end stations to be grouped together even if they are not
located on the same network switch. VLAN membership can be configured through software
instead of physically relocating devices or connections.
I
I
I
I
-
-
5
5
-
-
1
1
C
C
r
r
e
e
a
a
t
t
e
e
V
V
L
L
A
A
N
N
This page allows a user to add, edit or delete VLAN settings.
Available settings are explained as follows:
Item Description
Action Select which action to perform, add VLANs or delete VLANs.
Add – Create a new VLAN profile.
Delete – Delete an existed VLAN profile.
VLAN ID Enter the number as VLAN ID to be created or deleted. If you
want to create / delete multiple VLAN profiles, simply enter
multiple VLAN ID separated by comma, and/or range of VLAN
ID using hyphen.
VLAN Name Enter the prefix you wish to add followed by VLAN ID as VLAN
name. Leave it empty for using default "VLAN".
After clicking Apply, you will see:
Apply Apply the settings to the switch.
Modify
- Modify the name of the selected VLAN ID.
VigorSwitch G2280 User’s Guide
38
New Name - Type a name for such VLAN profile.
OK - Apply the settings to the switch.
Cancel - Close the page and return to previous page.
- Delete the selected VALN ID.
I
I
I
I
-
-
5
5
-
-
2
2
I
I
n
n
t
t
e
e
r
r
f
f
a
a
c
c
e
e
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure interface setting related to VLAN.
Available settings are explained as follows:
Item Description
Port Select Select LAN ports to configure VLAN Settings.
Interface VLAN Mode Select the VLAN mode of the interface.
Hybrid – Support all functions as defined in IEEE 802.1Q
specification.
Access – Accept only untagged frames and join an untagged
VLAN.
Trunk - An untagged member of one VLAN at most, and is a
tagged member of zero or more VLANs.
PVID A PVID (Port VLAN ID) is a tag that adds to incoming untagged
frames received on a port so that the frames are forwarded to
VigorSwitch G2280 User’s Guide
3
9
the VLAN group that the tag defines.
For port under Access Mode, VLAN ID provided as PVID would
automatically be selected as the untagged VLAN.
Accepted Type Specify the acceptable-frame-type of the specified interfaces.
It’s only available with Hybrid mode.
All - Accept frames regardless it's tagged with 802.1q or not.
Tag Only - Accept frames only with 802.1q tagged.
Untag Only - Accept frames untagged.
Ingress Filtering Enable the ingress filtering to filter out any packets not belong
to any VLAN members of this port. It is enabled automatically
while operating in Access and Trunk mode.
Enabled – Click it to enable the function.
Disabled - Click it to disable the function.
Tagged VLAN Specify the VLAN profile tagged in the VLAN.
Untagged VLAN Specify the VLAN profile untagged in the VLAN.
Forbidden VLAN Specify the VLAN profile forbidden in the VLAN.
Apply Apply the settings to the switch.
Modify
- It is used to edit settings for the selected port.
VigorSwitch G2280 User’s Guide
41
I
I
I
I
-
-
5
5
-
-
3
3
-
-
2
2
T
T
e
e
l
l
e
e
p
p
h
h
o
o
n
n
y
y
O
O
U
U
I
I
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows a user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined
OUI MAC.
Available settings are explained as follows:
Item Description
OUI Address Type OUI address.
Description Enter a description of the specified MAC address to the voice
VLAN OUI table.
Add Click it to create a new voice OUI based on the settings
configured above.
Modify
- Modify OUI setting for voice VLAN.
- Click it to remove the selected OUI entry.
VigorSwitch G2280 User’s Guide
42
I
I
I
I
-
-
5
5
-
-
3
3
-
-
3
3
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows a user to specify LAN port(s) as Voice LAN port.
Available settings are explained as follows:
Item Description
Port Use the drop down list to specify one or more LAN ports.
State Enabled – Click it to enable the port settings for Voice LAN.
Disabled – Click it to disable the port settings for Voice LAN.
Cos Mode If Remark CoS/802.1p is enabled in Voice VLAN>>Properties,
settings in this page shall be applied. Otherwise, this option
will not take effect.
All - Once this port is identified as Voice VLAN by frame with
matched OUI, remark CoS/802.1p shall tag for all ingress
frame regardless of remarked frame matched with
pre-configured OUI or not.
Src (Source) - Once this port is identified as Voice VLAN by
frame with matched OUI, remark CoS/802.1p shall tag for only
the matched ingress frame with pre-configured OUI.
Apply Apply the settings to the switch.
Edit Click the icon under Edit for one entry to modify port settings
(State, Cos Mode) for voice VLAN.
VigorSwitch G2280 User’s Guide
43
I
I
I
I
-
-
5
5
-
-
4
4
M
M
A
A
C
C
V
V
L
L
A
A
N
N
I
I
I
I
-
-
5
5
-
-
4
4
-
-
1
1
M
M
A
A
C
C
G
G
r
r
o
o
u
u
p
p
The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es).
VigorSwitch allows you configure multiple groups with configured MAC address and mask to be
active on ports and to be bound with VLAN ID. This page allows the network administrator to
define groups with specific MAC addresses for later binding with VLAN and Port.
Available settings are explained as follows:
Item Description
Group ID It is a number for identification later, while chosen to be
bound with VLAN/Port.
MAC Address Enter the MAC address you wish to be classified in this group
Mask The mask is the length of matching prefix you wish to have on
MAC address.
For example, configure mask in 10. It means a host with
beginning of the 10-digit of MAC address will be checked, and
classified into this group if matched.
Add Click it to create a new MAC group profile based on the
settings configured above.
Edit Click the icon under Edit for one entry to modify settings for
group ID.
I
I
-
-
5
5
-
-
4
4
-
-
3
3
G
G
r
r
o
o
u
u
p
p
B
B
i
i
n
n
d
d
i
i
n
n
g
g
The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es).
VigorSwitch allows you to configure multiple groups with configured MAC address and mask to
be active on ports and to be bound with VLAN ID. This page allows the network administrator
to bind the group of specified MAC addresses with VLAN and Port.
VigorSwitch G2280 User’s Guide
4
4
Available settings are explained as follows:
Item Description
Ports Select the ports you wish to be bound with specified MAC
address group.
Group ID Choose the group ID you have created in earlier section, which
specified a group of host by MAC address and its mask.
VLAN Enter the VLAN ID that you wish to be bound with.
Add Click it to create a new MAC group binding profile based on the
settings configured above.
Edit Click the icon under Edit for one entry to modify settings for
selected port profile.
VigorSwitch G2280 User’s Guide
45
I
I
I
I
-
-
5
5
-
-
5
5
P
P
r
r
o
o
t
t
o
o
c
c
o
o
l
l
V
V
L
L
A
A
N
N
VigorSwitch offers protocol VLANs which allows Network Administrator to filter out untagged
traffic of certain protocol and then assign them a specific VLAN ID.
I
I
I
I
-
-
5
5
-
-
5
5
-
-
1
1
P
P
r
r
o
o
t
t
o
o
c
c
o
o
l
l
G
G
r
r
o
o
u
u
p
p
Up to eight protocol groups can be defined, each of them can have a unique filtering criteria
such as frame type and protocol value.
Available settings are explained as follows:
Item Description
Group ID It is a number for identification while bounding with
VLAN/Port.
Frame Type Use the drop-down list to specify the frame type which you
would like to filter.
Ethernet_II - Packet will be mapped based on Ethernet version
2.
IEEE802.3_LLC_Other –Packet will be mapped based on 802.3
packet with LLC other header.
RFC_1042 - Packet will be mapped based on RFC 1042.
Protocol Value Input a value (ranging from 0x600 ~0xFFFE). Packets match
with such value will be classified into this group.
Add Click it to create a new protocol group profile based on the
settings configured above.
VigorSwitch G2280 User’s Guide
46
Edit
- Modify setting for selected group.
- Click it to remove the group.
I
I
I
I
-
-
5
5
-
-
5
5
-
-
2
2
G
G
r
r
o
o
u
u
p
p
B
B
i
i
n
n
d
d
i
i
n
n
g
g
This page is for setting up the ports and protocol group that we would like to filter, and the
VLAN ID we would like to assign.
Available settings are explained as follows:
Item Description
Ports Use the drop-down list to select one or more ports for applying
protocol-based VLAN. Note that protocol-based VLAN can only
be applied to the ports of which Interface VLAN Mode (at VLAN
Management >> Interface Settings) is set to “Hybrid”.
Group ID Select the protocol group defined in Protocol Group setup.
VLAN Use drop down list to choose a value as VLAN number.
Add Add the above settings to the switch.
Before using Add, open Switch LAN>>VLAN
Management>>Interface Settings to specify Hybrid as
VigorSwitch G2280 User’s Guide
4
7
Interface VLAN Mode for the GE ports first. Otherwise, the
following error message will appear.
Edit
- Modify setting for the selected group.
- Click it to remove the selected group.
VigorSwitch G2280 User’s Guide
76
I
I
I
I
-
-
7
7
-
-
4
4
-
-
5
5
F
F
o
o
r
r
w
w
a
a
r
r
d
d
A
A
l
l
l
l
This page is allowed to determine which port(s) would like to receive the data (multicast
packets) that forwarded by VigorSwitch.
Available settings are explained as follows:
Item Description
Available VLAN To display all of the available VLAN, the State must be set as
Enabled in MLD Setting first.
Use the drop down list to specify a VLAN profile (created in
Switch LAN>>VLAN Management>>Create Vlan) that
multicast packets will be forwarded to.
Static Ports Use the drop down list to specify LAN Port (GE/LAG).
Later, the multicast packets will be delivered to the network
device connected by these ports.
Forbidden Ports Use the drop down list to specify forbidden LAN Port
(GE/LAG).
Later, the multicast packets will not be delivered to the
network device connected by these ports.
Add Click it to display the result based on the settings configured
VigorSwitch G2280 User’s Guide
7
7
above.
Edit
- Click it to modify port setting (static port and forbidden
port).
- Click it to remove the selected entry.
I
I
I
I
-
-
7
7
-
-
4
4
-
-
6
6
T
T
h
h
r
r
o
o
t
t
t
t
l
l
i
i
n
n
g
g
The administrator can configure the user on a switch port (GE/LAG port) belonging to which
multicast group and restrict the number of multicast group that the user on the switch can
join. Then the administrator is able to control the network service (e.g, IP/TV service) that
the user can enjoy.
The Throttling page is used for configuring the maximum number (0~255) of MLD group that a
user on a switch port can join
. After defined the maximum number, each switch port
interface can be set to deny the MLD join report or set to replace randomly selected multicast
interface with received MLD join report.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to specify LAN Port (GE/LAG) for
applying throttling feature.
Max Group Define the maximum number of MLD group profile that a user
on the switch can join. If “0” is selected, then such interface
(port) can join all of the MLD group profiles (defined in
Filtering Profile).
Exceed Action VigorSwitch will perform the action defined below when the
number of MLD join report for the specified interface exceeds
value defined in Max Group.
Deny – It is default setting. The MLD join report (for multicast
service) received by such interface will be discarded.
Replace – When it is selected, a new group with MLD report
received will replace the existing group.
Apply Apply the settings to the switch.
Edit
- Click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
78
I
I
I
I
-
-
7
7
-
-
4
4
-
-
7
7
F
F
i
i
l
l
t
t
e
e
r
r
i
i
n
n
g
g
P
P
r
r
o
o
f
f
i
i
l
l
e
e
The administrator can configure the user on a switch port (GE/LAG port) belonging to which
multicast group and restrict the number of multicast group that the user on the switch can
join. Then the administrator is able to control the network service (e.g, IP/TV service) that
the user can enjoy.
The filtering profile page allows to configure up to 128 IP-group (for multicast servie) profiles
(starting and ending point within an IP range shall be specified). Each IP group profile can be
set for permission of / denial of network service respectively.
In addition, such filtering profile is only effective for controlling the query for multicast
traffic. It has nothing to do with the general MLD query.
Available settings are explained as follows:
Item Description
Profile ID Use the drop down list to select one filtering profile (1~128)
for MLD snooping.
Start Address Enter an IP address as the starting point for the IP range.
End Address Enter an IP address as the ending point for the IP range.
Action Deny It is default setting. The forwarding request of
multicast traffic will be discarded.
Allow – When it is selected, the request for multicast traffic
will be forwarded to the multicast group normally.
Add Click it to display the result based on the settings configured
above.
Edit
- Click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
7
9
I
I
I
I
-
-
7
7
-
-
4
4
-
-
8
8
F
F
i
i
l
l
t
t
e
e
r
r
i
i
n
n
g
g
B
B
i
i
n
n
d
d
i
i
n
n
g
g
This page allows the network administrator to select a filtering profile for LAN/GE port to
process multicast traffic.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to specify LAN Port (GE/LAG).
Profile ID Use the drop down list to choose the filtering profile for the
select port/interface.
Enable – Check this box first to make profile ID selection be
available for choosing.
Apply Apply the settings to the switch.
Edit
- Click it to modify port setting (enabling / disabling filter
function and choosing a profile for such interface).
VigorSwitch G2280 User’s Guide
8
0
VigorSwitch G2280 User’s Guide
81
I
I
I
I
-
-
8
8
J
J
u
u
m
m
b
b
o
o
F
F
r
r
a
a
m
m
e
e
This page allows a user to configure switch port jumbo frame settings.
Available settings are explained as follows:
Item Description
Jumbo Frame (Bytes) Enter Jumbo frame size. The valid range is 1526 bytes – 9216
bytes.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
82
I
I
I
I
-
-
9
9
S
S
T
T
P
P
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for
any bridged Ethernet local area network.
Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning
Tree Protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and
a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:CC:CD for Per
VLAN Spanning Tree).
For STP algorithms to function, the switches need to share information about themselves and
their connections. What they share are bridge protocol data units (BPDUs).
BPDUs are sent out as multicast frames to which only other layer 2 switches or bridges are
listening. If any loops (multiple possible paths between switches) are found in the network
topology, the switches will co-operate to disable a port or ports to ensure that there are no
loops; that is, from one device to any other device in the layer 2 network, only one path can
be taken.
I
I
I
I
-
-
9
9
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
This page allows a user to configure and display Spanning Tree Protocol (STP) property
configuration.
Available settings are explained as follows:
Item Description
STP Mode Set the operating mode of Spanning Tree (STP).
Disabled – Disable the STP operation.
STP - Enable the Spanning Tree (STP) operation.
RSTP - Enable the Rapid Spanning Tree (RSTP) operation.
MSTP – Enable the Multiple Spanning Tree Protocol (MSTP)
operation.
BPDU Handling Specify the BPDU forward method when the STP is disabled.
Filtering - Filter the BPDU when STP is disabled.
Flooding - Flood the BPDU when STP is disabled.
VigorSwitch G2280 User’s Guide
93
VLAN Display the VLAN group to which the MAC address belongs.
Type Display whether the MAC address is Dynamic (learned by the
Switch) or Static Unicast (manually entered in the Static MAC
Forwarding screen).
Port Display the port to which this MAC address belongs.
Add to Static Click this button to add any port into the static MAC table.
VigorSwitch G2280 User’s Guide
9
4
I
I
I
I
-
-
1
1
1
1
B
B
l
l
o
o
c
c
k
k
e
e
d
d
P
P
o
o
r
r
t
t
R
R
e
e
c
c
o
o
v
v
e
e
r
r
This page is used for configuring settings to recover the port which is being blocked by the
following functions after a defined period of time.
Available settings are explained as follows:
Item Description
Recovery Interval The port being blocked will be able to receive and send traffic
after the time period configured here.
BPDU Guard Enable – Recover the port being blocked by BPDU Guard after
the time set in Recovery Interval.
Self Loop Enable – Recover the port being blocked by self loop Guard
after the time set in Recovery Interval.
Broadcast Flood Enable –Recover the port being blocked by broadcast flood
after the time set in Recovery Interval.
Unknown Multicast Flood Enable – Recover the port being blocked by unknown multicast
flood after the time set in Recovery Interval.
Unicast Flood Enable – Recover the port being blocked by unicast flood after
the time set in Recovery Interval.
ACL Enable – Recover the port being blocked by ACL after the time
set in Recovery Interval.
Port Security Enable – Recover the port being blocked by port security after
the time set in Recovery Interval.
DHCP Rate Limit Enable – Recover the port being blocked by DHCP rate limit
after the time set in Recovery Interval.
ARP Rate Limit Enable – Recover the port being blocked by ARP rate limit
after the time set in Recovery Interval.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
95
P
P
a
a
r
r
t
t
I
I
I
I
I
I
S
S
e
e
c
c
u
u
r
r
i
i
t
t
y
y
VigorSwitch G2280 User’s Guide
96
I
I
I
I
I
I
-
-
1
1
R
R
A
A
D
D
I
I
U
U
S
S
This page allows the network administrator to add and configure multiple RADIUS servers.
Available settings are explained as follows:
Item Description
Use Default Parameters Retries - The retry time before this server being considered
not-reachable.
Timeout for Reply – Set the time (in seconds) before this
server being considered lost connection.
Key String – Enter the string used to encrypt and authenticate
with RADIUS server.
Apply - Save the settings.
Add RADIUS Server Address Type – Specify whether switch uses a hostname to
resolve address by DNS to connect to server, or directly
connect using IPv4 address.
Sever Address – Enter the server’s address corresponding with
address type given.
Server Port – Enter the port number used by RADIUS server.
Priorty - Specify the priority that switch uses this server. The
higher number, the lower priority. Switch will start with server
with lowest priority.
Retry – Set the time before this server being considered
not-reachable
Timeout – Set the time (in seconds) before this server being
considered lost connection.
Key String – Enter the key string used for encrypting and
authenticating with server. Unless Key String is specified here,
the default string will be used.
Usage –Specify whether you would like to use this server for
switch login authentication or 802.1x access port
authentication, or both.
Add – Click it to add a new RADIUS server and display in this
page.
VigorSwitch G2280 User’s Guide
9
7
under Edit- Click it to modify the priority setting for the
selected GE port / LAG port.
VigorSwitch G2280 User’s Guide
98
I
I
I
I
I
I
-
-
2
2
T
T
A
A
C
C
A
A
C
C
S
S
+
+
This page allows the network administrator to add and configure multiple TACACS+ server.
Available settings are explained as follows:
Item Description
Use Default Parameters Timeout –Set the time (in seconds) before this server being
considered lost connection.
Key String – Enter the string used to encrypt and authenticate
with TACACS+ server.
Apply - Save the settings.
Add TACACS+ Server Address Type – Specify whether switch use a hostname to
resolve address by DNS to connect to server, or directly
connect using IPv4 address.
Sever Address – Enter the server’s address corresponding with
address type given.
Server Port – Enter the port number used by TACACS+ server.
Priorty - Specify the priority that switch uses this server. The
higher number, the lower priority. Switch will start with server
with lowest priority.
Timeout –Set the time (in seconds) before this server being
considered lost connection.
Key String – Enter the key string used for encrypting and
authenticating with server. Unless Key String is specified here,
the default string will be used.
Add – Click it to add a new RADIUS server and display in this
page.
under Edit- Click it to modify the priority setting for the
selected GE port / LAG port.
VigorSwitch G2280 User’s Guide
9
9
I
I
I
I
I
I
-
-
3
3
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A
A
c
c
c
c
e
e
s
s
s
s
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
I
I
I
I
I
I
-
-
3
3
-
-
1
1
M
M
e
e
t
t
h
h
o
o
d
d
P
P
r
r
o
o
f
f
i
i
l
l
e
e
This page allows a user to create method list for applying on management service.
Available settings are explained as follows:
Item Description
Method Profile Name – Enter a name for creating a method.
Optional Methods – Available methods include Local, RADIUS
and TACACS+.
Selected Methods – The method listed in this field will be
applied for such method profile.
Add – Click it to add a method from Optional Method onto
Selected Method.
under Edit
Click it to modify the optional methods/selected methods for
the selected profile.
VigorSwitch G2280 User’s Guide
100
I
I
I
I
I
I
-
-
3
3
-
-
2
2
A
A
p
p
p
p
l
l
i
i
c
c
a
a
t
t
i
i
o
o
n
n
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
This page allows the network administrator to select the customized Method List to apply to
any management service, for management access control.
Available settings are explained as follows:
Item Description
Application There are five methods to be configured with different profile
respectively.
Console/Telnet/SSH/HTTP/HTTPS
Selected Profile Specify one of customized method profiles to apply to any
management service, for management access control.
Apply Save the settings.
VigorSwitch G2280 User’s Guide
101
I
I
I
I
I
I
-
-
4
4
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A
A
c
c
c
c
e
e
s
s
s
s
C
C
o
o
n
n
t
t
r
r
o
o
l
l
I
I
I
I
I
I
-
-
4
4
-
-
1
1
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A
A
c
c
c
c
e
e
s
s
s
s
C
C
o
o
n
n
t
t
r
r
o
o
l
l
P
P
r
r
o
o
f
f
i
i
l
l
e
e
(
(
A
A
C
C
L
L
)
)
This page allows a user to add, edit, and delete Management Access Control profiles.
Available settings are explained as follows:
Item Description
ACL Name Enter a name to create a profile for ACL.
Once a profile is created, it will be displayed on this page.
Add Click it to create a new ACL profile after entering the ACL
name.
ACL Profile Name Display the name of the ACL profile.
State Display if such ACL profile is active or inactive.
Rule Display the number of ACE used by this ACL profile.
Activate / Deactivate
- Click it to activate / deactivate such entry.
To configure detailed settings for the selected ACL profile, do
not click Activate for that profile.
Delete Click the icon under Delete to remove the selected entry.
VigorSwitch G2280 User’s Guide
102
I
I
I
I
I
I
-
-
4
4
-
-
2
2
M
M
a
a
n
n
a
a
g
g
e
e
m
m
e
e
n
n
t
t
A
A
c
c
c
c
e
e
s
s
s
s
C
C
o
o
n
n
t
t
r
r
o
o
l
l
E
E
n
n
t
t
r
r
i
i
e
e
s
s
(
(
A
A
C
C
E
E
)
)
This page allows a user to add, edit, or remove Access Control Entries (ACE) of the
Management Access Control profiles. However, only the ACE of inactive profiles can be
modified, and before configuring ACE, at least one ACL profile should be created.
Available settings are explained as follows:
Item Description
ACL Profile Name Use the drop-down list to select the inactive ACL profile you
would like to modify.
Priority Specify a priority number (1 to 65535) for such rule. The lower
the number, the higher the priority.
Service Choose the service type you would like to control the access.
Action Select the action to be taken on the traffic of selected service
type.
Deny – Incoming / outgoing data which meets ACE rules will be
blocked.
Permit – Incoming / outgoing data which meets ACE rule is
allowed to pass through.
Ports Select the ports to which the ACL should be applied.
IP Versions Specify the IP address/subnet to which the ACL should be
applied.
All – All the IP address should be applied.
IPv4 – Specify the IPv4 address /subnet.
IPv6 –Specify the IPv6 address /subnet.
IPv4 Enter the IPv4 address/subnet to which the ACE rule should
apply.
IPv6 Enter the IPv6 address/subnet to which the ACE rule should
apply.
Add Click it to create an ACE rule profile.
Then, such ACE rule profile will be shown on the table below.
Edit
- click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
103
- click it to remove the selected entry.
VigorSwitch G2280 User’s Guide
104
I
I
I
I
I
I
-
-
5
5
8
8
0
0
2
2
.
.
1
1
X
X
/
/
M
M
A
A
C
C
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
The authentication manager allows you to configure securely access from any host connected
to physical ports. You may apply multiple ways of authentication to each port.
I
I
I
I
I
I
-
-
5
5
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
I
I
I
I
I
I
-
-
5
5
-
-
1
1
-
-
1
1
G
G
l
l
o
o
b
b
a
a
l
l
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
VigorSwitch G2280 supports 802.1x and MAC-based authentication methods. In Global Settings
page, you can specify authentication type, enable Guest VLAN function, specify a VID and
select format for MAC address entry.
Available settings are explained as follows:
Item Description
Global Settings Authentication Types - Use the drop down list to specify
which type (802.1x, MAC-based) will be used for
authentication. Choose to enable 802.1x or MAC-based
authenticate method for host connecting to Ethernet port. You
may configure which type to be used per port, but enabling
any per port without enabling here will not be effective.
Guest VLAN – Check to enable a Guest VLAN for those have not
successfully authenticated with any given methods. Choose
one of the VLAN ID as a Guest VLAN.
Selected VID – If Guest VLAN is enabled, use the drop down list
to specify one VID number.
MAC-Based User ID Format –Specify how the MAC-based user
ID should be expressed in EAP message between AAA server
and switch.
Apply – Click it to save the settings.
Apply Save and activate the settings configured above.
VigorSwitch G2280 User’s Guide
105
I
I
I
I
I
I
-
-
5
5
-
-
1
1
-
-
2
2
P
P
o
o
r
r
t
t
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
i
i
o
o
n
n
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows the network administrator to configure detailed authentication settings for
each port.
Available settings are explained as follows:
Item Description
Apply Settings to Ports Select physical port(s) for applying settings.
Note that port authentication will not be effective if none of
them were enabled.
Authentication Types
Enabled
Select 802.1x and/or MAC-based authenticate method for host
connecting to this port.
Host Mode Multiple Authentication - Each host are authenticated
individually.
Multiple Hosts - Authentication is done on port basis, only one
authenticated host is required; other hosts connected to this
port can access freely as authenticated host.
Single Host - Only one host can be authenticated, and access
the port.
Available Authentication
Types
Display available authentication types of AAA server (or local)
you wish to have on this port.
Selected Authentication
Types
Specify the order of authentication type you wish to have on
this port.
Available Methods Display available methods of AAA server (or local) you wish to
have on this port.
Selected Methods Specify the order of authentication methods you wish to have
on this port.
Guest VLAN Check Enable to enable Guest VLAN on this port for those
didn't authenticated successfully.
RADIUS VLAN Assignment Disable - Switch will ignore the VLAN assignment from the
RADIUS server and keep the original VLAN of the host.
Static – Switch will use the VLAN assignment from the RADIUS
server if it receives the information. If there is not VLAN
information, it will keep the original VLAN of the host.
VigorSwitch G2280 User’s Guide
106
Reject - Switch will reject the host if it does not receive the
VLAN information from RADIUS server.
Apply The modification made above can be applied on to the
selected GE port immediately.
I
I
I
I
I
I
-
-
5
5
-
-
2
2
P
P
o
o
r
r
t
t
C
C
o
o
n
n
t
t
r
r
o
o
l
l
/
/
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows the network administrator to controls port setting, based on 802.1X, for
ethernet port authentication.
Available settings are explained as follows:
Item Description
Ports Select the ports to modify the port control settings.
Port Control Specify if you wish this account to be allowed (Authorized) or
blocked (Unauthorized) or determined by VigorSwtich (Auto).
Disabled - Disable any authentication requirement for
port access. All clients are allowed to access the
network.
Force Authorized- Port will be considered authorized.
All clients are allowed to access the network.
Force Unauthorized - Port will be considered
un-authorized. All clients are NOT allowed to access the
network.
Auto - Port will be considered authorized or
unauthorized based on the authentication results of the
host.
Periodic
Reauthentication
Enable – The hosts via the selected GE port will be
re-authenticated periodically.
Max Hosts If Multiple Authentication mode is selected as Host Mode
(802.1X/MAC Authenticaion>>Properties>>Port Authentication
Setting), the total number of hosts cannot exceed the
maximum numer of hosts configured here.
VigorSwitch G2280 User’s Guide
10
7
Reauthentication Period
Enter a time period. When the time is up, the host shall return
to initial state and prepare to pass authentication procedure
again. Default is 3600 seconds.
Inactivate Timeout When there is no packet coming from the authenticated host,
the system will start the inactive timer. After inactive
timeout, the host will be unauthorized and corresponding
session will be deleted. In Multiple Hosts mode (configured in
802.1X/MAC Authenticaion>>Properties>>Port Authentication
Setting), the packet is counted on the authorized host only and
not all packets on the port.
Quiet Period When a GE port is disabled just because authentication fails
several times, the host connected to that port will be blocked
for a period of time configured in quiet period.
Later, after the time period set in this field, the host wll be
allowed to perform authentication again.
Resend EAP Period
(802.1X Parameter)
Set the period for host to re-send EAP (Ethernet Automatic
Protection) requests.
Default value is 30 (seconds).
Supplicant
Timeout(802.1X
Parameter)
Set a period of time for the maximum number of EAP requests
will be sent.
If a response from the host is not received by VigorSwitch after
the defined period (supplicant timeout), the authentication
process will be started again.
Server Timeout (802.1X
Parameter)
Set a period of time for the server. The EAP requests shall be
resent to the supplicant within the time; otherwise, the time
setting will lapse and the requests won’t be sent out.
MAX EAP Request
(802.1X Parameter)
Set the maximum time interval for EAP request sent out.
Apply The modification made above can be applied on to the
selected GE port immediately.
VigorSwitch G2280 User’s Guide
108
I
I
I
I
I
I
-
-
5
5
-
-
3
3
M
M
A
A
C
C
-
-
B
B
a
a
s
s
e
e
d
d
L
L
o
o
c
c
a
a
l
l
A
A
c
c
c
c
o
o
u
u
n
n
t
t
This page allows the network administrator to create profiles by entering MAC address of the
hosts to be authenticated.
Available settings are explained as follows:
Item Description
MAC Address Enter the MAC address of the host.
Port Control Specify a control type for the host.
Force Authorized – Click it to forcefully authenticate the host
specified above.
Force Unauthorized - The host specified above will not be
authenticated by VigorSwitch.
VLAN User Defined – Check it to specify which VLAN will be assigned
by the host of this account.
Reauthentication Period User Defined – Check it to specify the time this account
required to be authenticated again after authentication taken
place.
Inactive Timeout User Defined – Check it to specify the time of inactive this
account becoming log-off.
Add Click it to create a new account.
Edit It is available when there is one profile existed.
- Click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
10
9
I
I
I
I
I
I
-
-
5
5
-
-
4
4
A
A
u
u
t
t
h
h
e
e
n
n
t
t
i
i
c
c
a
a
t
t
e
e
d
d
H
H
o
o
s
s
t
t
s
s
This page displays information related to the host authenticated by VigorSwitch.
VigorSwitch G2280 User’s Guide
110
I
I
I
I
I
I
-
-
6
6
P
P
o
o
r
r
t
t
S
S
e
e
c
c
u
u
r
r
i
i
t
t
y
y
This page allows the network administrator to configure security settings for each port
interface (GE port /LAG group). When port security is enabled for each interface, releated
action will be performed once detecting that the number of MAC address exceeds the limit.
Available settings are explained as follows:
Item Description
State Enable or disable port security function on the switch.
Enabled - Enable the port security function.
Disabled - Disable the port security function.
Ports Select the port(s) you would like to configure the port security
settings.
Port State Enable or disable port security function on the ports selected
above.
Enabled – The selected port applies the port security settings.
Disabled – The selected port does not apply the port security
settings.
MAC Address Enter the maximum number of MAC addresses that the port is
allowed to learn.
Action Select an action to perform when there is an unknown MAC
address on the port.
Forward- Forward a packet whose source MAC is unknown to
the switch.
Discard- Discard a packet whose source MAC is unknown to the
switch.
Shutdown- Shutdown this port when a packet with unknown
source MAC is received.
Apply The modification made above can be applied on to the
selected GE/LAG port immediately.
Edit
- click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
111
VigorSwitch G2280 User’s Guide
112
I
I
I
I
I
I
-
-
7
7
P
P
r
r
o
o
t
t
e
e
c
c
t
t
e
e
d
d
P
P
o
o
r
r
t
t
s
s
This page allows the network administrator to configure protected port setting to prevent the
selected ports from communication with each other. Protected port is only allowed to
communicate with unprotected port.
For example, GE1 and GE3 are selected in Port List and Enable is clicked as Protected, then
users behind GE1 and GE3 are separated and can not communicate with each other.
Available settings are explained as follows:
Item Description
Protected Ports Settings Port List – Use the drop down list to select the port(s) (GE1 to
GE28) for applying the settings configured in this page.
Protected – Click Enable to activate the protected port
function.
Apply - The modification made above can be applied on to the
selected GE port immediately.
Protected Port Status Display current status for each GE port.
VigorSwitch G2280 User’s Guide
113
I
I
I
I
I
I
-
-
8
8
S
S
t
t
o
o
r
r
m
m
C
C
o
o
n
n
t
t
r
r
o
o
l
l
Storm Control helps to suppress possible broadcast, unknown multicast or unknown unicast
storm by applying a rate limit on those packets.
I
I
I
I
I
I
-
-
8
8
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
This page allows a user to configure general settings for Storm Control.
Available settings are explained as follows:
Item Description
Storm Control Mode Select the mode of storm control.
Packet/sec – Storm control rate will be calculated by
packet-based.
Kbits/sec - Storm control rate will be calculated by
octet-based.
Preamble & Inter Frame
Gap
Select the rate calculation with/without preamble & IFG (20
bytes).
Excluded – Exclude preamble & IFG (20 bytes) when count
ingress storm control rate.
Included - Include preamble & IFG (20 bytes) when count
ingress storm control rate.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
114
I
I
I
I
I
I
-
-
8
8
-
-
2
2
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows the network administrator to configure port settings for Storm Control. The
configuration result for each port will be displayed on the table listed on the lower side of this
web page.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port profile (GE1 to GE28).
Storm Control Disable – Disable the storm control configuration for the
selected port profile.
Enable – Enable the storm control configuration for the
selected port profile.
Limiting Rate Check the box(es) to enable strom control rate limited for
Broadcast, Unknown Multicast and/or Unknow Unicast packet.
Broadcast – Specify the storm control rate for Broadcast
packet. Value of storm control rate, Unit: Kbps (Kbits
per-second). The range is from 16 to 1000000.
Unknown Multicast – Specify the storm control rate for
unknown multicast packet. Value of storm control rate, Unit:
Kbps (Kbits per-second). The range is from 16 to 1000000.
Unknown Unicast - Specify the storm control rate for
unknown multicast packet. Value of storm control rate, Unit:
Kbps (Kbits per-second). The range is from 16 to 1000000.
Action Select the state of setting.
Drop – Packets exceed storm control rate will be dropped.
Shutdown - Port exceeds storm control rate will be shutdown.
Apply Apply the settings to the switch.
Modify
- click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
115
VigorSwitch G2280 User’s Guide
116
I
I
I
I
I
I
-
-
9
9
D
D
o
o
S
S
A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users.
DoS attacks saturate the device with external communication requests, so that it cannot
respond to legitimate traffic. These attacks usually lead to a device CPU overload.
The DoS protection feature is a set of predefined rules that protect the network from
malicious attacks. The DoS Security Suite Setting enables activating the security suite.
I
I
I
I
I
I
-
-
9
9
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
This page allows a user to configure DoS setting to enable/disable DoS function for global
setting.
Available settings are explained as follows:
Item Description
Dst MAC=Src MAC Drop the packets if the destination MAC address is equal to the
source MAC address.
Disabled – Disable the item function.
Enabled - Enable the item function.
LAND Drop the packets if the source IP address is equal to the
destination IP address.
Disabled – Disable the item function.
Enabled - Enable the item function.
UDP Blat Drop the packets if the UDP source port equals to the UDP
destination port.
Disabled – Disable the item function.
Enabled - Enable the item function.
TCP Blat Drop the packages if the TCP source port is equal to the TCP
destination port.
Disabled – Disable the item function.
Enabled - Enable the item function.
Ping of Death Avoid ping of death attack.
VigorSwitch G2280 User’s Guide
11
7
Ping packets that length are larger than 65535 bytes.
Disabled – Disable the item function.
Enabled - Enable the item function.
IPv6 Min Fragments Check the minimum size of IPv6 fragments, and drop the
packets smaller than the minimum size. The valid range is
from 0 to 65535 bytes, and default value is 1240 bytes.
Disabled – Disable the item function.
Enabled - Enable the item function.
ICMP Fragments Drop the fragmented ICMP packets.
Disabled – Disable the item function.
Enabled - Enable the item function.
IPv4 Ping Max Size Determine the IPv4 PING packet with the length.
Disabled – Disable the item function.
Enabled - Enable the item function.-
IPv6 Ping Max Size Determine the IPv6 PING packet with the length.
Disabled – Disable the item function.
Enabled - Enable the item function.
Ping Max Size Setting Determine the IPv4/IPv6 PING packet with the length. Specify
the maximum size of the ICMPv4/ICMPv6 ping packets. The
valid range is from 0 to 65535 bytes, and the default value is
512 bytes.
Smurf Attack Avoid smurf attack. The length range of the netmask is from 0
to 323 bytes, and default length is 0 byte.
Disabled – Disable the item function.
Enabled - Enable the item function.
TCP Min Hdr Size Check the minimum TCP header and drops the TCP packets
with the header smaller than the minimum size. The length
range is from 0 to 31 bytes, and default length is 20 bytes.
Disabled – Disable the item function.
Enabled - Enable the item function.
TCP-SYN (SPORT<1024) Drop SYN packets with sport less than 1024.
Disabled – Disable the item function.
Enabled - Enable the item function.
Null Scan Attack Drop the packets with NULL scan.
Disabled – Disable the item function.
Enabled - Enable the item function.
X-mas Scan Attack Drop the packets if the sequence number is zero, and the FIN,
URG and PSH bits are set.
Disabled – Disable the item function.
Enabled - Enable the item function.
TCP SYN-FIN Attack Drop the packets with SYN and FIN bits set.
Disabled – Disable the item function.
Enabled - Enable the item function.-
TCP SYN-RST Attack Drop the packets with SYN and RST bits set.
Disabled – Disable the item function.
Enabled - Enable the item function.
TCP Fragment (Offset=1) Drop the fragmented ICMP packets.
VigorSwitch G2280 User’s Guide
118
Disabled – Disable the item function.
Enabled - Enable the item function.
Apply Apply the settings to the switch.
I
I
I
I
I
I
-
-
9
9
-
-
2
2
D
D
o
o
S
S
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows a user to configure and display the state of DoS protection for interfaces.
The configuration result for each port will be displayed on the table listed on the lower side
of this web page.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
DoS Protection Disabled – Disable the function of DoS Protection.
Enabled - Enable the function of DoS Protection.
Apply Apply the settings to the switch.
Modify
- Click it to modify settings.
VigorSwitch G2280 User’s Guide
11
9
I
I
I
I
I
I
-
-
1
1
0
0
D
D
y
y
n
n
a
a
m
m
i
i
c
c
A
A
R
R
P
P
I
I
n
n
s
s
p
p
e
e
c
c
t
t
i
i
o
o
n
n
Dynamic ARP inspection (DAI) can prevent ARP spoofing attacks by validating ARP packet in a
network. It can intercept, record, and discard ARP packets with invalid IP-to-MAC address
bindings; and then protect the network against malicious attacks.
I
I
I
I
I
I
-
-
1
1
0
0
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
I
I
I
I
I
I
-
-
1
1
0
0
-
-
1
1
-
-
1
1
G
G
l
l
o
o
b
b
a
a
l
l
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure global property settings for the fuction of Dynamic ARP
Inspection.
Available settings are explained as follows:
Item Description
State Enable – Check the box to enable global property settings.
VLANs Select VLAN profile(s) to apply the function of Dynamic ARP
Inspection.
Only the GE port /LAG group within the selected VLAN will
apply DAI function.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
120
I
I
I
I
I
I
-
-
1
1
0
0
-
-
1
1
-
-
2
2
P
P
e
e
r
r
P
P
o
o
r
r
t
t
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure detailed settings of DAI for each port (GE/LAG).
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying DAI function.
Trust Enable – Enable the function of DAI for the port(s) selected
above.
Source MAC Address Enable Check it to enable the function of source MAC address
validation mechanism for the selected port(s).
Destination MAC Address Enable - Check it to enable the function of destination MAC
address validation mechanism for the selected port(s).
IP Address Enable - Check it to enable the function of IP address
validation mechanism for the selected port(s).
Allow Zero – The IP address of “0.0.0.0” can be applied to the
selected port(s) if it is enabled.
Rate Limit Use the drop down list to choose a rate limitation value (0~50)
for the selected port(s).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
121
I
I
I
I
I
I
-
-
1
1
0
0
-
-
2
2
S
S
t
t
a
a
t
t
i
i
s
s
t
t
i
i
c
c
s
s
This page displays all statistics recorded by Dynamic ARP Inspection function.
VigorSwitch G2280 User’s Guide
122
I
I
I
I
I
I
-
-
1
1
1
1
D
D
H
H
C
C
P
P
S
S
n
n
o
o
o
o
p
p
i
i
n
n
g
g
DHCP snooping is able to validate DHCP messages obtained from untrusted sources and filter
out invalid message.
For DHCP snooping to function properly, it is suggested to connect DHCP servers to
VigorSwitch through trusted interfaces; because untrusted DHCP messages will be forwarded
to trusted interfaces only.
I
I
I
I
I
I
-
-
1
1
1
1
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
I
I
I
I
I
I
-
-
1
1
1
1
-
-
1
1
-
-
1
1
G
G
l
l
o
o
b
b
a
a
l
l
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure global property settings for the fuction of DHCP snooping
Inspection.
In default, DHCP snooping is inactive on all VLANs. You can enable such feature on a single
VLAN or a range of VLANs.
Available settings are explained as follows:
Item Description
State Enable – Check the box to enable global property settings.
VLANs Select VLAN profile(s) to apply the function of DHCP Snooping
Inspection.
Only the GE/LAG port within the selected VLAN will apply
DHCP Snooping function.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
123
I
I
I
I
I
I
-
-
1
1
1
1
-
-
1
1
-
-
2
2
P
P
e
e
r
r
P
P
o
o
r
r
t
t
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure detailed settings of DHCP Snooping for each port
(GE/LAG).
Any device that is not in the service provider network will be regarded as an untrusted source
(such as a customer switch). Host ports are untrusted sources. In VigorSwitch, you can assign
a source as trusted device by configuring the trust state of its connecting port.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying DHCP snooping function.
Trust Enable – Check it to make the port(s) selected above as
trusted interface.
Verify Chaddr Enable - Check it to enable chaddr (client hardware address)
validation of GE/LAG port. All DHCP packets will be checked if
the client hardware MAC address is the same as source MAC in
Ethernet header or not. Default is disabled.
Rate Limit Input rate limitation (0~300) of DHCP packets. The unit is
“pps”. “0” means unlimited. Default is unlimited.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
124
I
I
I
I
I
I
-
-
1
1
1
1
-
-
2
2
S
S
t
t
a
a
t
t
i
i
s
s
t
t
i
i
c
c
s
s
This page displays all statistics recorded by DHCP snooping function.
I
I
I
I
I
I
-
-
1
1
1
1
-
-
3
3
O
O
p
p
t
t
i
i
o
o
n
n
8
8
2
2
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
You can use information settings including Remote ID and Circuit ID for Option82 Property,
also known as the DHCP relay agent, to protect VigorSwitch against spoofing attacks.
I
I
I
I
I
I
-
-
1
1
1
1
-
-
3
3
-
-
1
1
G
G
l
l
o
o
b
b
a
a
l
l
O
O
p
p
t
t
i
i
o
o
n
n
8
8
2
2
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user setting string as remote ID for DHCP option82. For example, use a
switch-configured hostname or specify an ASCII text string as remote ID.
Available settings are explained as follows:
Item Description
Remote ID The string specified here is used to identify the remote host.
VigorSwitch G2280 User’s Guide
125
User Defined – Check it and manually enter ASCII text string in
the entry box.
Apply Apply the settings to the switch.
I
I
I
I
I
I
-
-
1
1
1
1
-
-
3
3
-
-
2
2
P
P
e
e
r
r
P
P
o
o
r
r
t
t
O
O
p
p
t
t
i
i
o
o
n
n
8
8
2
2
P
P
r
r
o
o
p
p
e
e
r
r
t
t
y
y
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows a user to configure detailed settings of DHCP Snooping, Option82 for each
port (GE/LAG).
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying DHCP snooping, Option82
Property function.
State Enable – Check it to make the port(s) selected above apply the
settings configured in this page.
Allow Untrust Untrusted packets detected by VigorSwitch will be performed
by the action determined here.
Keep – Packets are allowed to pass through.
Drop – Packets are blocked and discarded.
Replace – Packets will be replaced.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
126
I
I
I
I
I
I
-
-
1
1
1
1
-
-
4
4
O
O
p
p
t
t
i
i
o
o
n
n
8
8
2
2
C
C
i
i
r
r
c
c
u
u
i
i
t
t
I
I
D
D
This page allows a user setting string as circuit ID for DHCP option82 setting. Circuit ID shall
be combined with VLAN name (or VLAN ID number) and interface name (GE/LAG port).
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying DHCP snooping, Option82
Property function.
VLAN Choose a number as VLAN ID which is easy to be identified for
a packet containing with it.
It is optional setting.
Circuit ID Enter ASCII text string in the entry box. Later, any packet
passes through the specified interface (GE/LAG port) will be
inserted with such information.
Add Click it to create a profile.
Edit
- click it to modify the circuit ID value for the selected
entry.
- click it to remove the selected entry.
VigorSwitch G2280 User’s Guide
12
7
I
I
I
I
I
I
-
-
1
1
2
2
I
I
P
P
S
S
o
o
u
u
r
r
c
c
e
e
G
G
u
u
a
a
r
r
d
d
By using the source IP address filtering function, IP source guard can prevent a malicious host
from feigning a legal host with its IP address and performing malicious attack.
I
I
I
I
I
I
-
-
1
1
2
2
-
-
1
1
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
IP source guard is a port-based feature. Therefore, it is necessary to configure detailed
settings for each GE/LAG port interface separately.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying IP source guard function.
State Enable – Check it to make the port(s) selected above apply the
settings configured in this page.
Verify Source Specify the type of source IP for the packet coming from.
IP – Only the packet with specified IP address will be verified.
IP-MAC – Only the packet with specified IP address and MAC
address will be verified.
Max Entry Define the number (0~50) for the port.
The default is 0 (no limit).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
128
I
I
I
I
I
I
-
-
1
1
2
2
-
-
2
2
I
I
M
M
P
P
V
V
B
B
i
i
n
n
d
d
i
i
n
n
g
g
This page allows the network administrator to set the filtering conditions (binding type, MAC
address, IPv4 address) for packets through the specified LAN port.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28, LAG1
to LAG8) or ports for applying IMPV Binding function.
VLAN Choose a number as VLAN ID which is easy to be identified for
a packet containing with it.
It is optional setting.
Binding Select the binding type for such feature.
IP-MAC-Port-VLAN – Packets will be allowed to pass through
the port interface if they meet the conditions specified by IP
address, MAC address, Port setting and VLAN ID setting.
IP-Port-VLAN – Packets will be allowed to pass through the
port interface if they meet the conditions specified by IP
address, Port setting and VLAN ID setting.
MAC Address Enter the MAC address of the device connecting to the port
interface selected above.
IPv4 Address Enter the IP address with mask address of the device
connecting to the port interface selected above.
Add Click it to create a new binding profile.
Edit
- Click it to modify the settings for the selected entry.
VigorSwitch G2280 User’s Guide
12
9
- click it to remove the selected entry.
I
I
I
I
I
I
-
-
1
1
2
2
-
-
3
3
S
S
a
a
v
v
e
e
D
D
a
a
t
t
a
a
b
b
a
a
s
s
e
e
This page allows the network administrator to configure the DHCP Snooping database.
Available settings are explained as follows:
Item Description
Type None – Do not save the database.
Flash – Save the database to flash memory.
TFTP – Save the database to a TFTP server.
Filename Enter a filename if TFTP is used.
Address Type Specify the address type if TFTP is used.
Hostname – Use hostname as server address.
IPv4 – Use IPv4 address.
VigorSwitch G2280 User’s Guide
130
Server Address Enter an IP address or hostname of TFTP sever if TFTP is used.
Write Delay Set a value from 15 to 86400. After the database is changed,
the transfer work will be delayed for the value set.
The default value is 300 (seconds).
Timeout Set a value from 0 to 86400. Stop the transfer process if it is
not finished after waiting for the set value.
Set a value. The default value is 300 (seconds).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
131
P
P
a
a
r
r
t
t
I
I
V
V
A
A
C
C
L
L
C
C
o
o
n
n
f
f
i
i
g
g
u
u
r
r
a
a
t
t
i
i
o
o
n
n
VigorSwitch G2280 User’s Guide
132
I
I
V
V
-
-
1
1
C
C
r
r
e
e
a
a
t
t
e
e
A
A
C
C
L
L
An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP
addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets
against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a
permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is
accepted.
I
I
V
V
-
-
1
1
-
-
1
1
M
M
A
A
C
C
The function is used to show the Access Control List (ACL) based on Layer 2 filtering, the MAC
layer. The ACL is composed by many Access Control Element (ACE) rules. You can create a
new ACL here; then add multiple ACEs.
Available settings are explained as follows:
Item Description
ACL Profile Name Enter a name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action
- click it to remove the selected entry.
VigorSwitch G2280 User’s Guide
133
I
I
V
V
-
-
1
1
-
-
2
2
I
I
P
P
v
v
4
4
The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering,
the IPv4. The ACL is composed by many Access Control Element (ACE) rules. You may create a
new ACL here; then add multiple ACEs.
Available settings are explained as follows:
Item Description
ACL Profile Name Enter a name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action
- click it to remove the selected entry.
I
I
V
V
-
-
1
1
-
-
3
3
I
I
P
P
v
v
6
6
The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering,
the IPv6. The ACL is composed by many Access Control Element (ACE) rules. You may create a
new ACL here; then add multiple ACEs.
VigorSwitch G2280 User’s Guide
134
Available settings are explained as follows:
Item Description
ACL Profile Name Enter a name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action
- click it to remove the selected entry.
VigorSwitch G2280 User’s Guide
135
I
I
V
V
-
-
2
2
C
C
r
r
e
e
a
a
t
t
e
e
A
A
C
C
E
E
Since ACL based on MAC, IPv4 and/or IPv4 has been created on the section of IV-1, now you
can add multiple ACE rules for each ACL.
I
I
V
V
-
-
2
2
-
-
1
1
M
M
A
A
C
C
This page shows ACE based on MAC address. You may choose ACL, permit, and deny particular
packet or frame, even shutdown the port.
You may provide filtering/matching criteria for one or more of packet characteristic (such as
Source/Destination MAC, Ethertype, VLAN, 802.1p) for this ACE to identify the packet.
Available settings are explained as follows:
Item Description
ACL Profile Name Use the drop down list to selected one of the user defined ACL
profiles.
Sequence Assign a sequence number to this ACE. The sequence is used to
identify which one of ACEs in an ACL is firstly used to match
ingress packets. The switch port bound with an ACL use the
contained ACE rules, start with the one with lower sequence
number to match the packet first.
Action Select the action applied to the packet matched this ACE.
Permit or deny the packets into switch core, or shutdown the
port for stopping further transmission.
Permit
Deny
Shutdown
Source MAC / Destination
MAC
Specify the source and the destination MAC address for
filtering.
Any – All packets will be filtered.
Or, enter the IP address to filter the packets coming from that
VigorSwitch G2280 User’s Guide
136
address.
Ethertype Specify ethernet type for filtering.
Select Any.
Or, enter the value with the format of “0x600 ~ 0xFFF”.
VLAN Specify VLAN profile for filtering.
Select Any.
Or, enter a VLAN number. The packets coming from the VLAN
specified here will be filtered by Vigor device.
802.1p Specify the 802.1p priority value for filtering. Select Any, or a
number from 0 to 7.
Add Click it to create a new ACE rule.
Modify
- click it to modify the settings for the selected entry.
- click it to remove the selected entry.
I
I
V
V
-
-
2
2
-
-
2
2
I
I
P
P
v
v
4
4
This page shows ACE based on IPv4 address. You may choose ACL, permit, and deny particular
packet or frame, even shutdown the port.
You may provide filtering/matching criteria for one or more of following packet characteristic
(such as Protocol over the IP layer, Source/Destination IPv4 address, Type of Service,
Source/Destination port number, TCP flags, ICMP Type, if chosen protocol contains ICMP), for
this ACE to identify the packet.
Available settings are explained as follows:
Item Description
ACL Profile Name Use the drop down list to selected one of the user defined ACL
profiles.
Sequence Assign a sequence number to this ACE. The sequence is used to
identify which one of ACEs in an ACL is firstly used to match
ingress packets. The switch port bound with an ACL use the
VigorSwitch G2280 User’s Guide
138
I
I
V
V
-
-
2
2
-
-
3
3
I
I
P
P
v
v
6
6
This page allows the network administrator to create ACE based on IPv6 address.
Available settings are explained as follows:
Item Description
ACL Profile Name Use the drop down list to selected one of the user defined ACL
profiles.
Sequence Assign a sequence number to this ACE. The sequence is used to
identify which one of ACEs in an ACL is firstly used to match
ingress packets. The switch port bound with an ACL use the
contained ACE rules, start with the one with lower sequence
number to match the packet first.
Action Select the action applied to the packet matched this ACE.
Permit or deny the packets into switch core, or shutdown the
port for stopping further transmission.
Permit
Deny
Shutdown
Protocol Specify the protocol for filtering.
Any – All packets will be filtered.
Select – Choose one of the protocol (e.g., ICMP, TCP, EGP…)
from the drop down list. Packets passing through the selected
protocol will be filtered.
Define – Specify a type number (0 – 255) for ICMP code. For
example, 0 means “Echo Reply”; 254 means “RFC3692-style
Experiment 2”.
Source IP / Destination IP Specify the source and the destination IPv6 address for
filtering.
Any – All packets will be filtered.
Or, enter the IPv6 address to filter the packets coming from
that address.
Service Any – All packets will be filtered.
VigorSwitch G2280 User’s Guide
13
9
DSCP – All IP traffic is mapped to queues based on the DSCP
field in the IP header. If traffic is not IP traffic, it is mapped to
the lowest priority queue.
IP Precedence - All IP traffic is mapped to queues based on
the IP Precedence field in the IP header. If traffic is not IP
traffic, it is mapped to the lowest priority queue.
Source Port / Destination
Port
Specify the source and destination port number for filtering
the packets.
Any – All packets will be filtered.
Single – Only the packets passing through the number defined
here will be filtered.
Range – Only the packets passing through the port range
defined here will be filtered.
ICMP Type Any – All packets will be filtered.
Select – Choose one of the type (e.g., Destination Unreachable
Echo Reply, MLD Query….) from the drop down list.
Define – Specify a type number (0 – 255) for ICMP code. For
example, 0 means “Echo Reply”; 254 means “RFC3692-style
Experiment 2”.
ICMP code Each ICMP type can be defined with different codes. For
example, if you define ICMP Type as “3”, then the available
codes for Type 3 will be 0-15.
Any – All packets will be filtered.
Or, enter 0 to 255 based on the ICMP type specifed.
Add Click it to create a new binding profile.
Modify
- Click it to modify the settings for the selected profile.
- Click it to remove the selected entry.
VigorSwitch G2280 User’s Guide
143
V
V
-
-
1
1
-
-
1
1
-
-
2
2
T
T
r
r
u
u
s
s
t
t
P
P
o
o
r
r
t
t
s
s
This page allows the network administrator to enable the trust mode of basic QoS on each
port. Port that is trust disabled will be sent with lowest priority queue. The configuration
result for each port will be displayed on the table listed on the lower side of this web page.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
Trust Click Enable to make traffic follow the trust mode in general
setting.
Enable - Traffic will follow trust mode in general setting.
Disable – No QoS service for this port.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
144
V
V
-
-
1
1
-
-
2
2
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows the network administrator to configure port settings for QoS. The
configuration result for each port will be displayed on the table listed on the lower side of this
web page.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
Ingress Default CoS Specify the default CoS priority value for those ingress frames
without given trust QoS tag (802.1q/DSCP/IP Precedence,
depending on configuration).
Engress Remarking
Remark CoS Disable – Disable CoS remarking function for outgoing packets.
Enable - Egress traffic will be marked with CoS value
according to the Queue to CoS mapping table.
Remark DSCP/IP
Precedence
Disable – Disable DSCP/IP Precedence remarking function for
outgoing packets.
DSCP – Egress traffic will be marked with DSCP value according
to the Queue to DSCP mapping table.
IP Precedence - Egress traffic will be marked with IP
Precedence value according to the Queue to IP Precedence
mapping table.
Apply Apply the settings to the switch.
Modify
- Click it to modify the settings for the selected port
profile.
VigorSwitch G2280 User’s Guide
145
V
V
-
-
1
1
-
-
3
3
Q
Q
u
u
e
e
u
u
e
e
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
VigorSwitch supports multiple queues for each interface. The higher numbered queue
represents the higher priority. The following lists the types of supported priority queue:
Strict Priority (SP) - Egress traffic from the higher priority queue will be transmitted first,
lower priority queue shall wait until all traffic in SP queue is transmitted.
Weighted Round Robin (WRR) - The number of packets sent from the queue is
proportional to the weight of the queue.
Available settings are explained as follows:
Item Description
Queue There are eight queue ID numbers allowed to be configured.
Schedule Strict Priority – Click it to set queue to strict priority type.
WRR – Click it to set queue to Weight round robin type.
Weight If the queue type is WRR, set the queue weight for the queue.
% of WRR Bandwidth Display the percentage of traffic which can be sent by current
queue compared to total WRR queues.
Apply Apply the settings to the switch.
Strict Priority Queue
Number
Display the number of queues using Strict Priority method.
VigorSwitch G2280 User’s Guide
146
V
V
-
-
1
1
-
-
4
4
C
C
o
o
S
S
M
M
a
a
p
p
p
p
i
i
n
n
g
g
This section allows user to configure how ingress frames with CoS/802.1p tag map to QoS
queues, and QoS queues to CoS/802.1p on egress frames.
Actual effectiveness is based on how QoS is configured in previous QoS section. This page
provides settings for user to configure mapping only.
Available settings are explained as follows:
Item Description
CoS to Queue Mapping (for Ingress) – Settings for incoming packets.
Class of Service Display the class of service value (0 to 7).
Queue Define the queue ID (level 1 to 8) for different class of service
values.
Queue to CoS Mapping (for Egress Remarking) – Settings for outgoing packets.
Queue Display the queue ID (level 1 to 8) for different class of service
values.
Class of Service Define the class of service value (0 to 7).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
14
7
V
V
-
-
1
1
-
-
5
5
D
D
S
S
C
C
P
P
M
M
a
a
p
p
p
p
i
i
n
n
g
g
This section allows user to configure how ingress packets with DSCP tag map to QoS queues,
and QoS queues to DSCP on egress packets.
Actual effectiveness is based on how QoS is configured in previous QoS section. This page
provides settings for user to configure mapping only.
Available settings are explained as follows:
Item Description
DSCP to Queue Mapping (for Ingress) – Settings for the incoming packets.
DSCP Display the DSCP value (0 to 7).
Queue Define the queue ID (level 1 to 8) for different DSCP values.
Queue to DSCP Mapping (for Egress Remarking) - Settings for outgoing packets.
Queue Display the queue ID (level 1 to 8) for different DSCP values.
DSCP Define the DSCP value (0 to 7).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
148
V
V
-
-
1
1
-
-
6
6
I
I
P
P
P
P
r
r
e
e
c
c
e
e
d
d
e
e
n
n
c
c
e
e
M
M
a
a
p
p
p
p
i
i
n
n
g
g
This section allows user to configure how ingress packets with IP Precedence tag map to QoS
queues, and QoS queues to IP Precedence on egress packets.
Actual effectiveness is based on how QoS is configured in previous QoS section. This page
provides settings for user to configure mapping only.
Available settings are explained as follows:
Item Description
IP Precedence to Queue Mapping (for Ingress) - Settings for the incoming packets
.
.
IP Precedence Display the IP Precedence value (0 to 7).
Queue Define the queue ID (level 1 to 8) for different IP Precedence
values.
Queue to IP Precedence Mapping (for Egress Remarking) - Settings for outgoing packets.
Queue Display the queue ID (level 1 to 8) for different IP Precedence
values.
IP Precedence Define the IP Precedence value (0 to 7).
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
149
V
V
-
-
2
2
B
B
a
a
n
n
d
d
w
w
i
i
d
d
t
t
h
h
Use the bandwidth setting pages to define values that determine how much traffic the switch
can receive and send on specific port or queue.
V
V
-
-
2
2
-
-
1
1
I
I
n
n
g
g
r
r
e
e
s
s
s
s
R
R
a
a
t
t
e
e
L
L
i
i
m
m
i
i
t
t
This page allows a user to configure ingress port rate limit. The ingress rate limit is the
number of bits per second that can be received from the ingress interface. Excess bandwidth
above this limit is discarded. The configuration result for each port will be displayed on the
table listed on the lower side of this web page.
Available settings are explained as follows:
Item Description
Ingress Rate Limit
Ports Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
State Disable – Disable ingress bandwidth control.
Enable - Enable ingress bandwidth control.
Rate (Kbps) Enter the rate value,<16-1000000>,unit:16 Kbps.
Apply Apply the settings to the switch.
Modify
- Click it to modify the settings for the selected port
profile.
VigorSwitch G2280 User’s Guide
150
V
V
-
-
2
2
-
-
2
2
E
E
g
g
r
r
e
e
s
s
s
s
S
S
h
h
a
a
p
p
i
i
n
n
g
g
R
R
a
a
t
t
e
e
This page allows a user to configure egress port rate limit. The egress rate limit is the number
of bits per second that can be received from the egress interface. Excess bandwidth above
this limit is discarded.
Available settings are explained as follows:
Item Description
Egress Shapping Rate
Ports Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
State Disable – Disable egress bandwidth control.
Enable - Enable egress bandwidth control.
CIR (Kbps) Enter the rate value,<16-1000000>,unit:16 Kbps.
Apply Apply the settings to the switch.
Modify
- Click it to modify the settings for the selected port
profile.
VigorSwitch G2280 User’s Guide
151
V
V
-
-
2
2
-
-
3
3
E
E
g
g
r
r
e
e
s
s
s
s
S
S
h
h
a
a
p
p
i
i
n
n
g
g
P
P
e
e
r
r
Q
Q
u
u
e
e
u
u
e
e
This page allows user to configure the maximum egress bandwidth not only by port but also by
specific QoS queues. The configuration result for each port will be displayed on the table
listed on the lower side of this web page.
Available settings are explained as follows:
Item Description
Egress Shapping Per Queue
Port Use the drop down list to select the port profile (GE1 to GE28)
or profiles.
Queue Use the drop down list to select queue number (1 to 8) for the
selected GE port.
State Disable – Disable egress bandwidth control.
Enable - Enable egress bandwidth control.
CIR (Kbps) Enter the rate value,<16-1000000>,unit:16 Kbps.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
152
This page is left blank.
VigorSwitch G2280 User’s Guide
153
P
P
a
a
r
r
t
t
V
V
I
I
S
S
y
y
s
s
t
t
e
e
m
m
M
M
a
a
i
i
n
n
t
t
e
e
n
n
a
a
n
n
c
c
e
e
VigorSwitch G2280 User’s Guide
154
V
V
I
I
-
-
1
1
T
T
R
R
-
-
0
0
6
6
9
9
This page allows a user setting TR-069 parameters that VigorSwitch can be managed by
VigorACS.
Item Description
ACS Settings TR-069 –Click Enable to activate the settings on this page.
URL / Username / Password –Such data must be typed
according to the ACS (Auto Configuration Server) you want to
link. Please refer to Auto Configuration Server user’s manual
for detailed information.
Last Inform –Display the time that VigorACS server made a
response while receiving Inform message from CPE last time.
Test Inform – Click Test With Inform to send a message based
on the event code selection to test if such CPE is able to
communicate with VigorACS SI server.
CPE Settings Such information is useful for Auto Configuration Server.
Enable/Disable – Allow/Deny the CPE Client connecting with
Auto Configuration Server.
Port – Sometimes, port conflict might be occurred. To solve
such problem, you might change port number for CPE.
Username and Password – Enter the username and password
that VigorACS can use to access into such CPE.
Periodic Inform Settings Periodic Inform Settings –The default setting is Enable.
Please set interval time or schedule time for the router to
send notification to CPE.
Interval Time – Enter a value.
STUN Settings STUN Settings – The default is Disable. If you click Enable,
please type the relational settings listed below:
Server IP – Type the IP address of the STUN server.
Server Port – Type the port number of the STUN server.
Minimum Keep Alive Period – If STUN is enabled, the CPE
must send binding request to the server for the purpose of
VigorSwitch G2280 User’s Guide
155
maintaining the binding in the Gateway. Please type a number
as the minimum period. The default setting is “60 seconds”.
Maximum Keep Alive Period – If STUN is enabled, the CPE
must send binding request to the server for the purpose of
maintaining the binding in the Gateway. Please type a number
as the maximum period. A value of “-1” indicates that no
maximum period is specified.
Apply Apply the settings to the switch.
Clear Clear current modification of this page.
VigorSwitch G2280 User’s Guide
156
V
V
I
I
-
-
2
2
L
L
L
L
D
D
P
P
LLDP is a one-way protocol; there are no request/response sequences. Information is
advertised by stations implementing the transmit function, and is received and processed by
stations implementing the receive function. The LLDP category contains LLDP and LLDP-MED
pages.
V
V
I
I
-
-
2
2
-
-
1
1
P
P
r
r
o
o
p
p
e
e
r
r
t
t
i
i
e
e
s
s
This page allows a user configuring general settings for LLDP.
Available settings are explained as follows:
Item Description
LLDP State Enable – Enable LLDP protocol on this switch.
Disable – Disable LLDP protocol on this switch.
Transmission Interval Select the interval at which frames are transmitted. The
default is 30 seconds, and the valid range is 5–32768seconds.
Holdtime Multiplier Select the multiplier on the transmit interval to assign to TTL
(range 2–10, default = 4).
Reinitialization Delay Select the delay before a re-initialization (range 1–10 seconds,
default = 2).
Transmit Delay Select the delay after an LLDP frame is sent (range 1–8192
seconds, default = 3).
LLDP-MED Fast Start
Repeat Count
Select the number of LLDP packets that will be sent during
LLDP-MED Fast Start period.
The default is 3. Available range is from 1 to 10.
LLDP MED Network
Policy for Voice
Application
Auto – The default setting is enabled. Vigor switch will
determine which voice application to be used automatically.
Howerver, if you want to manually configure voice application
for LLDP MED Netowrk Policy in LLDP>>LLDP MED Network
Policy, you have to disable such function.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
157
V
V
I
I
-
-
2
2
-
-
2
2
L
L
L
L
D
D
P
P
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
This page allows a user to select specified port or all ports to configure LLDP state.
Available settings are explained as follows:
Item Description
Ports Use the drop down list to select the port (GE1 to GE28) or
ports for device check.
State Disable – Disable the transmission of LLDP PDUs.
TX&RX – Transmit and receive LLDP PDUs both.
TX Only – Transmit LLDP PDUs only.
RX Only - Receive LLDP PDUs only.
Optional TLVs
Within data communication protocols, optional information
may be encoded as a type-length-value or TLV element inside
a protocol. TLV is also known as tag-length value.
The type and length are fixed in size (typically 1-4 bytes),
and the value field is of variable size.
Select the LLDP optional TLVs to be carried (multiple selection
is allowed).
Available items include System Name, Port Description,
System Description, System Capability, 802.3 MAC-PHY, 802.3
Link Aggregation, 802.3 Maximum Frame Size, Management
Address and 802.1 PVID.
VLAN Select the VLAN ID number to be performed (multiple
selections are allowed).
Apply Apply the settings to the switch.
Modify
- Click it to modify the settings for the selected port
profile.
VigorSwitch G2280 User’s Guide
158
V
V
I
I
-
-
2
2
-
-
3
3
L
L
L
L
D
D
P
P
L
L
o
o
c
c
a
a
l
l
D
D
e
e
v
v
i
i
c
c
e
e
This page displays information for LLDP Local Device.
Available settings are explained as follows:
Item Description
Device Summary Display a summary of the LLDP information for this switch.
Chassis ID Subtype - Display the type of chassis ID, such as the
MAC address.
Chassis ID - Display Identifier of chassis. Where the chassis ID
subtype is a MAC address, the MAC address of the switch is
displayed.
System Name - Display model name of switch.
System Description - Display description of switch.
Capabilities Supported - Display the primary functions of the
device, such as Bridge, WLAN AP, or Router.
Capabilities Enabled - Primary enabled functions of the
device.
Port ID Subtype - Display the type of the port identifier that is
shown.
Port Details Display detailed information of the selected GE port.
Detail - Click the button under it to review the detailed
information contained in TLVs sent out from each interface,
containing MAC/PHY, 802.3, 802.3 Link Aggregation, 802.1
VLAN and Protocol for each LAN port (GE1 to GE28).
VigorSwitch G2280 User’s Guide
160
V
V
I
I
-
-
2
2
-
-
5
5
L
L
L
L
D
D
P
P
M
M
E
E
D
D
P
P
o
o
r
r
t
t
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
This page allows the network administrator to configure TLV (Type / Length / Value) settings
for each port.
Available settings are explained as follows:
Item Description
Ports Choose the port(s) for configuring TLV settings.
State Enable – Click it to enable LLDP MED on the selected port.
Available Optional TLV Available TLV items will be shown in this field.
Choose the one(s) you want and click the >> arrow to transfer
the selection(s) to the field of “Selected Optional TLV”.
Selected Optional TLV Display the selected TLV items.
Selected Network
Policies
Select network policy profiles (created in LLDP>>LLDP MED
Network Policy) for applying onto the selected port.
Location TLV Settings Define the location, civic address and ECS ELIN for LLDP
protocol.
Coordinate –Enter the coordinate location in 16 pairs of
hexadecimal characters.
Civic – Enter the civic address in 6 ~ 160 pairs of hexadecimal
characters.
ECS ELIN - Enter the ECS (Emergency Call Service) ELIN
(Emergency Location Identification Number) in 10 ~ 25 pairs of
hexadecimal characters.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
161
V
V
I
I
-
-
2
2
-
-
6
6
L
L
L
L
D
D
P
P
R
R
e
e
m
m
o
o
t
t
e
e
D
D
e
e
v
v
i
i
c
c
e
e
This page allows the network administrator to view the information sent from neighboring
devices by LLDP protocol.
Available settings are explained as follows:
Item Description
Local Port Display the number of the local port to which the neighbor is
connected.
Chassis ID Subtype Display the type of chassis ID (for example, MAC address).
Chassis ID Display the identifier of the 802 LAN neighboring device’s
chassis.
Port ID Subtype Display the type of port identifier.
Port ID Display the number of port identifier.
System Name Display the name of the switch.
Time to Live Display the time interval in seconds after which the
information for remote device will be deleted.
Details Display detailed information contained in TLVs sent out from
neighboring devices.
Delete Click it to remove information of the selected port.
VigorSwitch G2280 User’s Guide
162
V
V
I
I
-
-
2
2
-
-
7
7
L
L
L
L
D
D
P
P
O
O
v
v
e
e
r
r
l
l
o
o
a
a
d
d
i
i
n
n
g
g
This page allows user to review current size, overall size of LLDP packet and whether it is to
exceed maximum allowed size of single LLDP packet.
Available settings are explained as follows:
Item Description
Port Display the name of the port.
Total(Bytes) Display the total number of bytes of LLDP information in each
packet.
Left to Send(Bytes) Display the total number of available bytes left for additional
LLDP information in each packet.
Status Display if LLDP TLVs has overloaded the PDU maximum size or
not.
Mandatory TLVs Display how many bytes used by mandatory TLVs.
802.3 TLVs Display how many bytes used by 802.3 TLVs.
Optional TLVs Displays how many bytes used by optional TLVs.
802.1 TLVs Displays how many bytes used by 802.1 TLVs.
VigorSwitch G2280 User’s Guide
186
V
V
I
I
I
I
-
-
1
1
C
C
a
a
b
b
l
l
e
e
D
D
i
i
a
a
g
g
n
n
o
o
s
s
t
t
i
i
c
c
s
s
After finished copper test, the results will be shown on the lower side of this web page.
Available settings are explained as follows:
Item Description
Port Use the drop down list to select the port (GE1 to GE28) or
ports for performing cable diagnostics.
Start Perform the copper test action.
VigorSwitch G2280 User’s Guide
188
V
V
I
I
I
I
-
-
3
3
S
S
y
y
s
s
L
L
o
o
g
g
V
V
I
I
I
I
-
-
3
3
-
-
1
1
S
S
y
y
s
s
L
L
o
o
g
g
E
E
x
x
p
p
l
l
o
o
r
r
e
e
r
r
After clicking View, the results will be shown on the lower side of this web page.
Available settings are explained as follows:
Item Description
Source Volatile Memory – Explore the logs contained in volatile
memory (also known as RAM).
Non-Volatile Memory - Explore the logs contained in
non-volatile memory (also known as Flash).
Severity Select severity (emerg, alert, crit, error, warning, notice, info
and debug) of log messages which you wish to filter out for
review.
Category Select the categories (related features) of logs you wish to
review.
Category contains AAA, ACL, AUTHMGR, CABLE_DIAG, DAI,
DHCP_SNOOPING, GVRP, IGMP_SNOOPING, IPSG, L2, LLDP,
Mac-based VLAN, Mirror, MLD_SNOOPING, Platform, PM, Port,
PORT_SECURITY, QoS, Rate, SNMP, STP, Security suite,
System, Surveillance VLAN, Trunk, UDLD and VLAN.
View Click it to display logs based on the settings configured above.
Refresh Click it to refresh the log.
Clear All Clear it to remove all logs displayed in this page.
VigorSwitch G2280 User’s Guide
189
V
V
I
I
I
I
-
-
3
3
-
-
2
2
S
S
y
y
s
s
L
L
o
o
g
g
S
S
e
e
t
t
t
t
i
i
n
n
g
g
s
s
V
V
I
I
I
I
-
-
3
3
-
-
2
2
-
-
1
1
S
S
y
y
s
s
L
L
o
o
g
g
S
S
e
e
r
r
v
v
i
i
c
c
e
e
This page allows user to enable system logging into local syslog and specific remote syslog
server for storage.
Available settings are explained as follows:
Item Description
SysLog Service Enable Click it to activate function of syslog.
Disable – Click it to inactivate the function.
Apply Apply the settings to the switch.
VigorSwitch G2280 User’s Guide
190
V
V
I
I
I
I
-
-
3
3
-
-
2
2
-
-
2
2
L
L
o
o
c
c
a
a
l
l
S
S
y
y
s
s
L
L
o
o
g
g
This page allows user to enable logging into volatile memory or non-volatile memory.
Available settings are explained as follows:
Item Description
Source Volatile Memory – Select the volatile memory for saving local
log. Volatile memory does not hold the log after reboot or
power off.
Non-Volatile Memory - Select the non-volatile memory for
saving.
If you want to modify Volatile Memory / Non-Volatile
Memory, select Volatile Memory / Non-Volatile Memory in
this field. Then, use the drop down list of severity to specify
type of log message. After clicking Apply, the Volatile
Memory / Non-Volatile Memory will be modified with new
configured severity level.
Severity Select severity (emerg, alert, crit, error, warning, notice, info
and debug) of log messages which will be stored.
Apply Apply the settings to the switch.
Delete Remove all logs displayed in this page.
VigorSwitch G2280 User’s Guide
191
V
V
I
I
I
I
-
-
3
3
-
-
2
2
-
-
3
3
R
R
e
e
m
m
o
o
t
t
e
e
S
S
y
y
s
s
L
L
o
o
g
g
This page allows user to enable system logging into specific remote syslog server for storage.
After clicking Apply, the results will be shown on the lower side of this web page.
Available settings are explained as follows:
Item Description
Server Address Enter the IP address of Syslog server.
Server Port Specify the port that syslog should be sent to.
Severity Select severity (emerg, alert, crit, error, warning, notice, info
and debug) of log messages which will be stored.
Facility One device supports multiple facilities (represented with
facility ID, local0 to local7) of remote Syslog server. For each
facility ID contains different syslog server configuration,
please choose a facility ID for such Syslog server.
Apply Apply the settings to the switch.
Delete Remove specific remote syslog entry.
VigorSwitch G2280 User’s Guide
202
Note: RIF is used in Token Ring network to provide source routing and comprises two fields,
Routing Control and Route Descriptor.
When MAC parses the received frame and finds a reserved special value 0x8100 at the location
of the Length/Type field of the normal non-VLAN frame, it will interpret the received frame
as a tagged VLAN frame. If this happens in a switch, the MAC will forward it, according to its
priority and egress rule, to all the ports that is associated with that VID. If it happens in a
network interface card, MAC will deprive of the tag header and process it in the same way as
a basic normal frame. For a VLAN-enabled LAN, all involved devices must be equipped with
VLAN optional function.
At operating speeds above 100 Mbps, the slotTime employed at slower speeds is inadequate
to accommodate network topologies of the desired physical extent. Carrier Extension
provides a means by which the slotTime can be increased to a sufficient value for the desired
topologies, without increasing the minFrameSize parameter, as this would have deleterious
effects. Nondata bits, referred to as extension bits, are appended to frames that are less than
slotTime bits in length so that the resulting transmission is at least one slotTime in duration.
Carrier Extension can be performed only if the underlying physical layer is capable of sending
and receiving symbols that are readily distinguished from data symbols, as is the case in most
physical layers that use a block encoding/decoding scheme.
The maximum length of the extension is equal to the quantity (slotTime - minFrameSize). The
MAC continues to monitor the medium for collisions while it is transmitting extension bits,
and it will treat any collision that occurs after the threshold (slotTime) as a late collision.
VigorSwitch G2280 User’s Guide
203
I
I
n
n
d
d
e
e
x
x
Account Manager, 171, 172
Backup Manager, 169
Bandwidth, 143
CoS Mapping, 140
Dashboard, 16, 17
Diagnostics, 177
DoS, 110
DoS Port Setting, 112
DoS Protection, 112
Egress Shaping Per Queue, 145
Egress Shaping Rate, 144
Factory Default, 174
General, 126, 129, 134, 136
General Setup, 20
Ingress Rate Limit, 143
Installation for VigorAPM, 6
License Agreement, 23
License Information, 25, 26, 31, 47, 48, 75, 76, 85
Limiting Rate, 108
Preamble, 107
Properties, 110
QoS Configuration, 125, 135
Security, 89
SNMP, 155
SNMP Community, 158, 159, 161
Storm Control, 108
Storm Control, 90, 92, 93, 95, 98, 104, 106, 107
Storm Control, 113
Storm Control, 116
Storm Control, 121
Stric Priority Queue, 139
System Configuration, 19
System Maintenance, 147
Upgrade Manager, 170
Weight, 139
WRR Bandwidth, 139
14

Hulp nodig? Stel uw vraag in het forum

Spelregels

Misbruik melden

Gebruikershandleiding.com neemt misbruik van zijn services uitermate serieus. U kunt hieronder aangeven waarom deze vraag ongepast is. Wij controleren de vraag en zonodig wordt deze verwijderd.

Product:

Bijvoorbeeld antisemitische inhoud, racistische inhoud, of materiaal dat gewelddadige fysieke handelingen tot gevolg kan hebben.

Bijvoorbeeld een creditcardnummer, een persoonlijk identificatienummer, of een geheim adres. E-mailadressen en volledige namen worden niet als privégegevens beschouwd.

Spelregels forum

Om tot zinvolle vragen te komen hanteren wij de volgende spelregels:

Belangrijk! Als er een antwoord wordt gegeven op uw vraag, dan is het voor de gever van het antwoord nuttig om te weten als u er wel (of niet) mee geholpen bent! Wij vragen u dus ook te reageren op een antwoord.

Belangrijk! Antwoorden worden ook per e-mail naar abonnees gestuurd. Laat uw emailadres achter op deze site, zodat u op de hoogte blijft. U krijgt dan ook andere vragen en antwoorden te zien.

Abonneren

Abonneer u voor het ontvangen van emails voor uw Draytek VigorSwitch G2280 bij:


U ontvangt een email met instructies om u voor één of beide opties in te schrijven.


Ontvang uw handleiding per email

Vul uw emailadres in en ontvang de handleiding van Draytek VigorSwitch G2280 in de taal/talen: Engels als bijlage per email.

De handleiding is 3,73 mb groot.

 

U ontvangt de handleiding per email binnen enkele minuten. Als u geen email heeft ontvangen, dan heeft u waarschijnlijk een verkeerd emailadres ingevuld of is uw mailbox te vol. Daarnaast kan het zijn dat uw internetprovider een maximum heeft aan de grootte per email. Omdat hier een handleiding wordt meegestuurd, kan het voorkomen dat de email groter is dan toegestaan bij uw provider.

Stel vragen via chat aan uw handleiding

Stel uw vraag over deze PDF

Uw handleiding is per email verstuurd. Controleer uw email

Als u niet binnen een kwartier uw email met handleiding ontvangen heeft, kan het zijn dat u een verkeerd emailadres heeft ingevuld of dat uw emailprovider een maximum grootte per email heeft ingesteld die kleiner is dan de grootte van de handleiding.

Er is een email naar u verstuurd om uw inschrijving definitief te maken.

Controleer uw email en volg de aanwijzingen op om uw inschrijving definitief te maken

U heeft geen emailadres opgegeven

Als u de handleiding per email wilt ontvangen, vul dan een geldig emailadres in.

Uw vraag is op deze pagina toegevoegd

Wilt u een email ontvangen bij een antwoord en/of nieuwe vragen? Vul dan hier uw emailadres in.



Info