Page 41 / 86 Scroll up to view Page 36 - 40
Chapter 5
Advanced Configuration
35
8-Port 10/100 Ethernet Switch with Webview
Security > 802.1x Settings
Security > 802.1x Settings
Port based authentication enables authenticating system
users on a per-port basis via an external server. Only
authenticated and approved system users can transmit
and receive data. Ports are authenticated via the RADIUS
server using the Extensible Authentication Protocol
(EAP).
Enable 802.1x
Place a checkmark in the check box to
enable 802.1x authentication.
Port
Indicates the port name.
Status Port Control
Specifies the port authorization
state. The possible field values are as follows:
Force-Authorized
The controlled port state is set to
Force-Authorized (forward traffic).
Force-Unauthorized
The controlled port state is set
to Force-Unauthorized (discard traffic).
Enable Periodic Reauthentication
Permits immediate
port reauthentication.
Setting Timer
The
Setting Timer
button opens the
Setting Timer screen to configure ports for 802.1x
functionality.
Setting Timer
802.1x Settings > Setting Timer
Port
Indicates the port name.
Reauthentication
Period
Specifies
the
number
of
seconds in which the selected port is reauthenticated
(Range: 300-4294967295). The field default is
3600
seconds.
Quiet Period
Specifies the number of seconds that
the switch remains in the quiet state following a failed
authentication exchange (Range: 0-65535).
Resending EAP
Specifies the number of seconds that the
switch waits for a response to an EAP - request/identity
frame, from the supplicant (client), before resending the
request.
Max EAP Requests
The total amount of EAP requests
sent. If a response is not received after the defined period,
the authentication process is restarted. The field default
is
2
retries.
Supplicant Timeout
Displays the number of seconds that
lapses before EAP requests are resent to the supplicant
(Range: 1-65535). The field default is
30
seconds.
Server
Timeout
Specifies
the
number
of
seconds
that lapses before the switch resends a request to the
authentication server (Range: 1-65535). The field default
is
30
seconds.
Security > Ports Security
Security > Ports Security
Network security can be increased by limiting access on
a specific port only to users with specific MAC addresses.
MAC addresses can be dynamically learned or statically
configured. Locked port security monitors both received
and learned packets that are received on specific ports.
Access to the locked port is limited to users with specific
MAC addresses. These addresses are either manually
defined on the port, or learned on that port up to the
point when it is locked. When a packet is received on a
locked port, and the packet source MAC address is not tied
Page 42 / 86
Chapter 5
Advanced Configuration
36
8-Port 10/100 Ethernet Switch with Webview
to that port (either it was learned on a different port, or it
is unknown to the system), the protection mechanism is
invoked, and can provide various options. Unauthorized
packets arriving at a locked port are either:
Forwarded
Discarded with no trap
Discarded with a trap
Cause the port to be shut down.
Locked port security also enables storing a list of MAC
addresses in the configuration file. The MAC address list
can be restored after the device has been reset.
Disabled ports are activated from the Port Security page.
Interface
Displays the port or LAG name.
Lock Interface
Selecting this option locks the specified
interface.
Learning Mode
Defines the locked port type. The
Learning Mode field is enabled only if Locked is selected
in the Interface Status field.The possible field values are:
Classic Lock
Locks the port using the classic lock
mechanism. The port is immediately locked, regardless
of the number of addresses that have already been
learned.
Limited Dynamic Lock
Locks the port by deleting
the current dynamic MAC addresses associated with
the port. The port learns up to the maximum addresses
allowed on the port. Both relearning and aging MAC
addresses are enabled.
In order to change the Learning Mode, the Lock Interface
must be set to Unlocked. Once the mode is changed, the
Lock Interface can be reinstated.
Max Entries
Specifies the number of MAC addresses that
can be learned on the port. The Max Entries field is enabled
only if Locked is selected in the Interface Status field. In
addition, the Limited Dynamic Lock mode is selected. The
default is
1
.
Action on Violation
Indicates the action to be applied to
packets arriving on a locked port. The possible field values
are:
Discard
Discards packets from any unlearned source.
This is the default value.
Forward Normal
Forwards packets from an unknown
source without learning the MAC address.
Discard Disable
Discards packets from any unlearned
source and shuts down the port. The port remains shut
down until reactivated, or until the device is reset.
Enable Trap
Enables traps when a packet is received on
a locked port.
Trap Frequency
The amount of time (in seconds)
between traps. The default value is
10
seconds.
Security > Multiple Hosts
The
Multiple Hosts
screen allows network managers to
configure advanced port-based authentication settings
for specific ports and VLANs.
Security > HTTPS Settings
Port
Displays the port number for which advanced port-
based authentication is enabled.
Enable Multiple Hosts
When checked, indicates that
multiple hosts are enabled. Multiple hosts must be
enabled in order to either disable the ingress-filter, or to
use port-lock security on the selected port.
Action on Violation
Defines the action to be applied to
packets arriving in single-host mode, from a host whose
MAC address is not the supplicant MAC address. The
possible field values are:
Discard
Discards the packets. This is the default
value.
Forward
Forwards the packet.
Discard Disable
Discards the packets and shuts
down the port. The ports remains shut down until
reactivated, or until the device is reset.
Enable Traps
When checked, indicates that traps are
enabled for Multiple Hosts.
Trap Frequency
Defines the time period by which traps
are sent to the host. The Trap Frequency (1-1000000) field
can be defined only if multiple hosts are disabled. The
default is 10 seconds.
Status
Indicates the host status. If there is an asterisk (*),
the port is either not linked or is down.
Page 43 / 86
Chapter 5
Advanced Configuration
37
8-Port 10/100 Ethernet Switch with Webview
Number of Violations
Indicates the number of packets
that arrived on the interface in single-host mode, from
a host whose MAC address is not the supplicant MAC
address.
Security > Storm Control
Port
Displays the port number for which storm control is
enabled.
Security > Storm Control
Broadcast Control
Indicates whether broadcast packet
types are forwarded on the specific interface.
Mode
Specifies the Broadcast mode currently enabled
on the device. The possible field values are:
Unknown Unicast, Multicast & Broadcast
Counts
Unicast, Multicast, and Broadcast traffic.
Multicast
&
Broadcast
Counts
Broadcast
and
Multicast traffic together.
Broadcast Only
Counts only Broadcast traffic.
Rate Threshold
The maximum rate (packets per second)
at which unknown packets are forwarded. The default
value is
3500
. The range is 70 -100000.
QoS
Network traffic is usually unpredictable, and the only
basic assurance that can be offered is best effort traffic
delivery. To overcome this challenge, Quality of Service
(QoS) is applied throughout the network. This ensures that
network traffic is prioritized according to specified criteria,
and that specific traffic receives preferential treatment.
QoS in the network optimizes network performance and
entails two basic facilities:
Classifying incoming traffic into handling classes, based
on an attribute, including:
The ingress interface
Packet content
A combination of these attributes
Providing
various
mechanisms
for
determining
the
allocation of network resources to different handling
classes, including:
The assignment of network traffic to a particular
hardware queue
The assignment of internal resources
Traffic shaping
The terms Class of Service (CoS) and QoS are used in the
following context:
CoS provides varying Layer 2 traffic services. CoS refers to
classification of traffic to traffic-classes, which are handled
as an aggregate whole, with no per-flow settings. CoS is
usually related to the 802.1p service that classifies flows
according to their Layer 2 priority, as set in the VLAN
header.
QoS refers to Layer 2 traffic and above. QoS handles per-
flow settings, even within a single traffic class.
QoS > CoS Settings
QOS > CoS Settings
The
CoS Settings
screen contains fields for enabling or
disabling CoS. In addition, the Trust mode can be selected.
The Trust mode relies on predefined fields within the
packet to determine the egress queue settings.
The
CoS Settings
screen has two areas, CoS Settings and
CoS to Queue.
CoS Mode
Indicates if QoS is enabled on the interface.
The possible values are:
Disable
Disables QoS on the interface.
Page 44 / 86
Chapter 5
Advanced Configuration
38
8-Port 10/100 Ethernet Switch with Webview
Basic
Enables QoS on the interface.
Advanced
Enables Advanced mode QoS on the
interface.
Class of Service
Specifies the CoS priority tag values,
where zero is the lowest and 7 is the highest.
Queue
Defines the traffic forwarding queue to which the
CoS priority is mapped. Four traffic priority queues are
supported.
The
Restore Defaults
button restores the device factory
defaults for mapping CoS values to a forwarding queue.
CoS Default
Interface
Interface to which the CoS configuration
applies.
Default CoS
Determines the default CoS value for
incoming packets for which a VLAN tag is not defined. The
possible field values are 0-7. The default CoS is
0
.
Restore Defaults
Restores the device factory defaults for
mapping CoS values to a forwarding queue.
LAG
LAG to which the CoS configuration applies.
QoS > Queue Settings
QoS > Queue Settings
The
Queue Setting
screen contains fields for defining the
QoS queue forwarding types.
Strict Priority
Indicates that traffic scheduling for the
selected queue is based strictly on the queue priority.
WRR
Indicates that traffic scheduling for the selected
queue is based strictly on the WRR.
Queue
Displays the queue for which the queue settings
are displayed. The possible field range is 1 - 4.
WRR Weight
Displays the WRR weights to queues.
% of WRR Bandwidth
Displays the amount of bandwidth
assigned to the queue. These values are fixed and are not
user defined.
QoS > DSCP Settings
QoS > DSCP Settings
The
DSCP Settings
screen enables mapping DSCP values to
specific queues.
The
DSCP Settings
screen contains the following fields:
DSCP
Indicates the Differentiated Services Code Point
value in the incoming packet.
Queue
Maps the DSCP value to the selected queue.
QoS > Bandwidth
QoS > Bandwidth
The
Bandwidth
screen allows network managers to define
the bandwidth settings for a specified egress interface.
Page 45 / 86
Chapter 5
Advanced Configuration
39
8-Port 10/100 Ethernet Switch with Webview
Modifying queue scheduling affects the queue settings
globally. The
Bandwidth
screen is not used with the Service
mode, as bandwidth settings are based on services.
Queue shaping can be based per queue and/or per
interface. Shaping is determined by the lower specified
value. The queue shaping type is selected in the Bandwidth
screen.
Interface
Indicates the interface for which the queue
shaping information is displayed. The possible field values
are:
Port
Indicates the port for which the bandwidth
settings are displayed.
LAG
Indicates the LAG for which the bandwidth
settings are displayed.
Ingress Rate Limit Status
Indicates if rate limiting is
defined on the interface.
Rate Limit (62-1000000 Kbps)
Defines the amount of
bandwidth assigned to the interface. The possible field
values are 62-1000000 Kbps.
Egress Shaping Rate on Selected Port
Indicates if rate
limiting is enabled on the interface.
Committed Information Rate (CIR)
Defines CIR as
the queue shaping type. The possible field value is 64 -
1,000,000 Kbps.
Committed Burst Size (CBS)
Defines CBS as the queue
shaping type. The possible field value is 4096-16,769,020
bits. Committed Burst Size cannot be configured on FE
ports.
The
Add to List
button adds the Bandwidth configuration
to the Bandwidth Table at the bottom of the screen.
QoS > Basic Mode
QoS > Basic Mode
The
Basic Mode
screen contains the following fields:
Trust Mode
Displays the trust mode. If a packet’s CoS
tag and DSCP tag are mapped to different queues, the
Trust Mode determines the queue to which the packet is
assigned. Possible values are:
CoS
Sets trust mode to CoS on the device. The CoS
mapping determines the packet queue
DSCP
Sets trust mode to DSCP on the device. The
DSCP mapping determines the packet queue
QoS > Advanced Mode
QoS > Advanced Mode
Advanced QoS mode provides rules for specifying flow
classification and assigning rule actions that relate to
bandwidth management. The rules are based on the
Access Control Lists (see Access Control Tab).
MAC ACLs and IP ACLs can be grouped together in more
complex structures, called policies. Policies can be applied
to an interface. Policy ACLs are applied in the sequence
they appear within the policy. Only a single policy can be
attached to a port.
In advanced QoS mode, ACLs can be applied directly to
an interface in the Security - ACL Binding. However, a
policy and ACL cannot be simultaneously applied to an
interface.
After assigning packets to a specific queue, services such
as configuring output queues for the scheduling scheme,
or configuring output shaping for burst size, CIR, or CBS
per interface or per queue, can be applied.
Out of Profile DSCP Assignments
This button opens up
the
Out of Profile DSCP
screen.

Rate

4.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top