Page 41 / 81 Scroll up to view Page 36 - 40
Chapter 5
Advanced Configuration
35
8-Port 10/100/1000 Gigabit Switch with Webview
to that port (either it was learned on a different port, or it
is unknown to the system), the protection mechanism is
invoked, and can provide various options. Unauthorized
packets arriving at a locked port are either:
Forwarded
Discarded with no trap
Discarded with a trap
Cause the port to be shut down.
Locked port security also enables storing a list of MAC
addresses in the configuration file. The MAC address list
can be restored after the device has been reset.
Disabled ports are activated from the Port Security page.
Interface
Displays the port or LAG name.
Lock Interface
Selecting this option locks the specified
interface.
Learning Mode
Defines the locked port type. The
Learning Mode field is enabled only if Locked is selected
in the Interface Status field.The possible field values are:
Classic Lock
Locks the port using the classic lock
mechanism. The port is immediately locked, regardless
of the number of addresses that have already been
learned.
Limited Dynamic Lock
Locks the port by deleting
the current dynamic MAC addresses associated with
the port. The port learns up to the maximum addresses
allowed on the port. Both relearning and aging MAC
addresses are enabled.
In order to change the Learning Mode, the Lock Interface
must be set to Unlocked. Once the mode is changed, the
Lock Interface can be reinstated.
Max Entries
Specifies the number of MAC addresses that
can be learned on the port. The Max Entries field is enabled
only if Locked is selected in the Interface Status field. In
addition, the Limited Dynamic Lock mode is selected. The
default is
1
.
Action on Violation
Indicates the action to be applied to
packets arriving on a locked port. The possible field values
are:
Discard
Discards packets from any unlearned source.
This is the default value.
Forward Normal
Forwards packets from an unknown
source without learning the MAC address.
Discard Disable
Discards packets from any unlearned
source and shuts down the port. The port remains shut
down until reactivated, or until the device is reset.
Enable Trap
Enables traps when a packet is received on
a locked port.
Trap Frequency
The amount of time (in seconds)
between traps. The default value is
10
seconds.
Security > Multiple Hosts
The
Multiple Hosts
screen allows network managers to
configure advanced port-based authentication settings
for specific ports and VLANs.
Security > HTTPS Settings
Port
Displays the port number for which advanced port-
based authentication is enabled.
Enable Multiple Hosts
When checked, indicates that
multiple hosts are enabled. Multiple hosts must be
enabled in order to either disable the ingress-filter, or to
use port-lock security on the selected port.
Action on Violation
Defines the action to be applied to
packets arriving in single-host mode, from a host whose
MAC address is not the supplicant MAC address. The
possible field values are:
Discard
Discards the packets. This is the default
value.
Forward
Forwards the packet.
Discard Disable
Discards the packets and shuts
down the port. The ports remains shut down until
reactivated, or until the device is reset.
Enable Traps
When checked, indicates that traps are
enabled for Multiple Hosts.
Trap Frequency
Defines the time period by which traps
are sent to the host. The Trap Frequency (1-1000000) field
can be defined only if multiple hosts are disabled. The
default is 10 seconds.
Status
Indicates the host status. If there is an asterisk (*),
the port is either not linked or is down.
Page 42 / 81
Chapter 5
Advanced Configuration
36
8-Port 10/100/1000 Gigabit Switch with Webview
Number of Violations
Indicates the number of packets
that arrived on the interface in single-host mode, from
a host whose MAC address is not the supplicant MAC
address.
Security > Storm Control
Port
Displays the port number for which storm control is
enabled.
Security > Storm Control
Broadcast Control
Indicates whether broadcast packet
types are forwarded on the specific interface.
Mode
Specifies the Broadcast mode currently enabled
on the device. The possible field values are:
Unknown Unicast, Multicast & Broadcast
Counts
Unicast, Multicast, and Broadcast traffic.
Multicast
&
Broadcast
Counts
Broadcast
and
Multicast traffic together.
Broadcast Only
Counts only Broadcast traffic.
Rate Threshold
The maximum rate (packets per second)
at which unknown packets are forwarded. The default
value is
3500
. The range is 70 -100000.
QoS
Network traffic is usually unpredictable, and the only
basic assurance that can be offered is best effort traffic
delivery. To overcome this challenge, Quality of Service
(QoS) is applied throughout the network. This ensures that
network traffic is prioritized according to specified criteria,
and that specific traffic receives preferential treatment.
QoS in the network optimizes network performance and
entails two basic facilities:
Classifying incoming traffic into handling classes, based
on an attribute, including:
The ingress interface
Packet content
A combination of these attributes
Providing
various
mechanisms
for
determining
the
allocation of network resources to different handling
classes, including:
The assignment of network traffic to a particular
hardware queue
The assignment of internal resources
Traffic shaping
The terms Class of Service (CoS) and QoS are used in the
following context:
CoS provides varying Layer 2 traffic services. CoS refers to
classification of traffic to traffic-classes, which are handled
as an aggregate whole, with no per-flow settings. CoS is
usually related to the 802.1p service that classifies flows
according to their Layer 2 priority, as set in the VLAN
header.
QoS refers to Layer 2 traffic and above. QoS handles per-
flow settings, even within a single traffic class.
QoS > CoS Settings
QOS > CoS Settings
The
CoS Settings
screen contains fields for enabling or
disabling CoS. In addition, the Trust mode can be selected.
The Trust mode relies on predefined fields within the
packet to determine the egress queue settings.
The
CoS Settings
screen has two areas, CoS Settings and
CoS to Queue.
CoS Mode
Indicates if QoS is enabled on the interface.
The possible values are:
Disable
Disables QoS on the interface.
Page 43 / 81
Chapter 5
Advanced Configuration
37
8-Port 10/100/1000 Gigabit Switch with Webview
Basic
Enables QoS on the interface.
Advanced
Enables Advanced mode QoS on the
interface.
Class of Service
Specifies the CoS priority tag values,
where zero is the lowest and 7 is the highest.
Queue
Defines the traffic forwarding queue to which the
CoS priority is mapped. Four traffic priority queues are
supported.
The
Restore Defaults
button restores the device factory
defaults for mapping CoS values to a forwarding queue.
CoS Default
Interface
Interface to which the CoS configuration
applies.
Default CoS
Determines the default CoS value for
incoming packets for which a VLAN tag is not defined. The
possible field values are 0-7. The default CoS is
0
.
Restore Defaults
Restores the device factory defaults for
mapping CoS values to a forwarding queue.
LAG
LAG to which the CoS configuration applies.
QoS > Queue Settings
QoS > Queue Settings
The
Queue Setting
screen contains fields for defining the
QoS queue forwarding types.
Strict Priority
Indicates that traffic scheduling for the
selected queue is based strictly on the queue priority.
WRR
Indicates that traffic scheduling for the selected
queue is based strictly on the WRR.
Queue
Displays the queue for which the queue settings
are displayed. The possible field range is 1 - 4.
WRR Weight
Displays the WRR weights to queues.
% of WRR Bandwidth
Displays the amount of bandwidth
assigned to the queue. These values are fixed and are not
user defined.
QoS > DSCP Settings
QoS > DSCP Settings
The
DSCP Settings
screen enables mapping DSCP values to
specific queues.
The
DSCP Settings
screen contains the following fields:
DSCP
Indicates the Differentiated Services Code Point
value in the incoming packet.
Queue
Maps the DSCP value to the selected queue.
QoS > Bandwidth
QoS > Bandwidth
The
Bandwidth
screen allows network managers to define
the bandwidth settings for a specified egress interface.
Page 44 / 81
Chapter 5
Advanced Configuration
38
8-Port 10/100/1000 Gigabit Switch with Webview
Modifying queue scheduling affects the queue settings
globally. The
Bandwidth
screen is not used with the Service
mode, as bandwidth settings are based on services.
Queue shaping can be based per queue and/or per
interface. Shaping is determined by the lower specified
value. The queue shaping type is selected in the Bandwidth
screen.
Interface
Indicates the interface for which the queue
shaping information is displayed. The possible field values
are:
Port
Indicates the port for which the bandwidth
settings are displayed.
LAG
Indicates the LAG for which the bandwidth
settings are displayed.
Ingress Rate Limit Status
Indicates if rate limiting is
defined on the interface.
Rate Limit (62-1000000 Kbps)
Defines the amount of
bandwidth assigned to the interface. The possible field
values are 62-1000000 Kbps.
Egress Shaping Rate on Selected Port
Indicates if rate
limiting is enabled on the interface.
Committed Information Rate (CIR)
Defines CIR as
the queue shaping type. The possible field value is 64 -
1,000,000 Kbps.
Committed Burst Size (CBS)
Defines CBS as the queue
shaping type. The possible field value is 4096-16,769,020
bits. Committed Burst Size cannot be configured on FE
ports.
The
Add to List
button adds the Bandwidth configuration
to the Bandwidth Table at the bottom of the screen.
QoS > Basic Mode
QoS > Basic Mode
The
Basic Mode
screen contains the following fields:
Trust Mode
Displays the trust mode. If a packet’s CoS
tag and DSCP tag are mapped to different queues, the
Trust Mode determines the queue to which the packet is
assigned. Possible values are:
CoS
Sets trust mode to CoS on the device. The CoS
mapping determines the packet queue
DSCP
Sets trust mode to DSCP on the device. The
DSCP mapping determines the packet queue
QoS > Advanced Mode
QoS > Advanced Mode
Advanced QoS mode provides rules for specifying flow
classification and assigning rule actions that relate to
bandwidth management. The rules are based on the
Access Control Lists (see Access Control Tab).
MAC ACLs and IP ACLs can be grouped together in more
complex structures, called policies. Policies can be applied
to an interface. Policy ACLs are applied in the sequence
they appear within the policy. Only a single policy can be
attached to a port.
In advanced QoS mode, ACLs can be applied directly to
an interface in the Security - ACL Binding. However, a
policy and ACL cannot be simultaneously applied to an
interface.
After assigning packets to a specific queue, services such
as configuring output queues for the scheduling scheme,
or configuring output shaping for burst size, CIR, or CBS
per interface or per queue, can be applied.
Out of Profile DSCP Assignments
This button opens up
the
Out of Profile DSCP
screen.
Page 45 / 81
Chapter 5
Advanced Configuration
39
8-Port 10/100/1000 Gigabit Switch with Webview
Out of Profile DSCP
Advanced Mode > Out of Profile DSCP
DSCP In
Displays the DSCP In value.
DSCP Out
Displays the current DSCP out value. A new
value can be selected from the pull-down menu.
The
Policy Settings
button opens the
Policy Name
screen.
Policy Name
Advanced Mode > Policy Name
Policy Name
Defines a new Policy name.
Add to List
The Add to List button will add the policy to
the Policy Name table.
Select Policy
Selects an existing Policy by name. The
Policy can be comprised of:
Class Map
Action
Policer
New Policy Name
Defines a new Policy name.
Class Map
Selects an existing Class Map by name.
New Class Map
The
New Class Map
button opens the
New Class Map
screen.
New Class Map
Advanced Mode > New Class Map
Class Map Name
Defines a new Class Map name
Preferred ACL
Indicates if packets are first matched to
an IP based ACL or a MAC based ACL. The possible field
values are:
IP Based ACLs
Matches packets to IP based ACLs first,
then matches packets to MAC based ACLs.
MAC Based ACLs
Matches packets to MAC based
ACLs first, then matches packets to IP based ACLs.
IP ACL
Matches packets to IP based ACLs first, then
matches packets to MAC based ACLs.
Match
Criteria used to match IP addresses and /or MAC
addresses with an ACL’s address.The possible field values
are:
And
Both the MAC-based and the IP-based ACL must
match a packet.
Or
Either the MAC-based or the IP-based ACL must
match a packet.
MAC ACL
Matches packets to MAC based ACLs first, then
matches packets to IP based ACLs.
Police
Enables Policer functionality.
Type
Policer type for the class. Possible values are:
Aggregate
Policer
Configures
the
class
to
use
a
configured aggregate policer selected from the drop-
down menu. An aggregate policer is defined if the
policer is shared with multiple classes. Traffic from two
different ports can be configured for policing purposes.
An aggregate policer can be applied to multiple classes in
the same policy map, but cannot be used across different
policy maps.
Single
Configures the class to use manually configured
information rates and exceed actions.
Aggregate Policer
User-defined aggregate policers.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top