Managed Gigabit Switch
Gigabit Managed Switches
LGB1108A LGB1126A LGB1148A
Customer Support Information
Page
Trademarks
Trademarks Used in this Manual
FCC Statement
Page
Normas Oficiales Mexicanas Electrical Safety Statement
NOM Statement
Instrucciones de Seguridad
Page
Table of Contents
Table of Contents
Page
Chapter 1 Overview
Page
Page
Chapter 1 Overview
3.13 GVRP
Page
Chapter 1 Overview
4.6 AAA
Chapter 1 Overview
1 Overview
Page
Chapter 1 Overview
1.1 Initial Configuration
Page
Chapter 1 Overview
The Gigabit Managed Switch supports a simple user management function allowing only one administrator to configure the system at the same time. If there are two or more users using an administrator’s identity, it will only allow the one who logs in first to configure the system. The rest of the users, even with an administrator’s identity, can only monitor the system. Those who have no administrator’s identity can only monitor the system. There is a maximum of three users able to login simultaneously in the Gigabit Managed Switch
Page
Chapter 2 System Configuration
Figure 1-2. Accessing the on-line help function
Page
LGB1108A
Chapter 2 System Configuration
1.2 Connecting to PCs, Servers, Hubs, and Switches
Page
Chapter 2 System Configuration
1.3 Network Wiring Connections
Page
2. System Configuration
2.1 System Information
Chapter 2 System Configuration
Page
Device Name The name of the switch. User-defined
Chapter 2 System Configuration
Page
2.1.2 Configuration
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
2.2 Time
Page
Daylight Savings Time Set Offset Daylight savings time is used in some countries. If you select this setting, the unit will adjust the time, forward or backward in increments of one hour, between the starting date and the ending date that you select. For example, if you set the daylight savings offset to be 1 hour, when the time reaches the starting time, the system time will be increased one hour. And when the time reaches the ending time, the system time will be decreased one hour
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
2.3 Account
Page
Chapter 2 System Configuration
Page
Page
Chapter 2 System Configuration
2.3.2 Privilege Levels
Page
Chapter 2 System Configuration
Parameter Description Group Name
Chapter 2 System Configuration
2.4 IP Internet Protocol
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
2.5 Syslog
Page
Page
Chapter 2 System Configuration
2.5.2 Log
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
2.6 SNMP
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
Page
Chapter 2 System Configuration
None No privacy protocol
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
2.6.7 Trap
Chapter 3 Configuration
Page
3. Configuration
3.1 Port
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.1.3 Traffic Overview
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Receive Queue Counters
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.1.6 SFP Information
Page
Chapter 3 Configuration
3.1.7 EEE
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.2 ACL
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
This section describes how to configure Access Control List rule. An Access Control List ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted. Other actions can also be invoked when a matching packet is found, including rate limiting, copying matching packets to another port or to the system log, or shutting down a port
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.3 Aggregation
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.4 Spanning Tree
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.5 IGMP Snooping
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Type Indicates the Type. It can be either Allow or Deny
Chapter 3 Configuration
3.6 MLD Snooping
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.7 MVR
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.8 LLDP
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Figure 3-44. The LLDP-MED Configuration screen
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Parameter Description Coordinates Location
Page
Chapter 3 Configuration
Apartment Unit Apartment, suite - Example Apt Floor Floor - Example
Page
Chapter 3 Configuration
Application Type Intended use of the application types
Chapter 3 Configuration
Page
LLDP-MED Generic Endpoint Class I The LLDP-MED Generic Endpoint Class I definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA-1057, however do not support IP media or act as an end-user communication appliance. Such devices may include but are not limited to IP Communication Controllers, other communication related servers, or any device requiring basic services as defined in TIA-1057
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.9 Filtering Data Base
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
00-40-C7-73-01-29 your switch MAC address for IPv4
33-33-FF-A8-01-01 your switch MAC address for IPv6 global IP
NOTE the following MAC addresses
FF-FF-FF-FF-FF-FF for Broadcast
Chapter 3 Configuration
3.10 VLAN
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
NOTE The port must be a member of the same VLAN as the Port VLAN ID
Chapter 3 Configuration
Page
Table 3-1 Port Types
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
NOTE Special character and underscore are not allowed
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.11 Voice VLAN
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.12 GARP
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.13 GVRP
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.14 QoS
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Click the Port Index to set the QoS Egress Port Schedulers
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Click the Port Index to set the QoS Egress Port Shapers
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Click the Port Index to set the QoS Port Tag Remarking
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Any All types of Destination MAC addresses are allowed
5. IPv4 A valid protocol IP may range from 0-255 TCP or UDP or ’Any’. A specific Source IP address in the value/mask format or ’Any’. The IP and Mask are in the format x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When the Mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.15 Thermal Protection
Page
NOTE The temperature means the MAC and PHY chipset’s TA temperature, not the PSU device or environment temperature. Do not set environment temperature limitation value
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.16 sFlow Agent
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.17 Loop Protection
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.18 Single IP
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.19 Easy Port
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.20 Mirroring
Page
Chapter 3 Configuration
3.21 Trap Event Severity
Page
Chapter 3 Configuration
3.22 SMTP Configuration
Page
Chapter 3 Configuration
3.23 UPnP
Page
Chapter 4 Security
4. Security
4.1. IP Source Guard
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.2 ARP Inspection
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.3 DHCP Snooping
Page
Chapter 4 Security
Page
Chapter 4 Security
4.4 DHCP Relay
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.5 NAS
Page
Chapter 4 Security
When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time. This parameter controls exactly this period and can be set to a number between 10 and 1,000,000 seconds
Page
Chapter 4 Security
Page
Chapter 4 Security
Multi 802.1X In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port for instance through a hub to piggyback on the successfully authenticated client and get network access even though they really arent authenticated. To overcome this security breach, use the Multi 802.1X variant
Page
Chapter 4 Security
RADIUS-Assigned QoS Enabled When RADIUS-Assigned QoS is both globally enabled and enabled checked on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicants port will be classified to the given QoS Class. If re-authentication fails or the RADIUS Access-Accept packet no longer carries a QoS Class or its invalid, or the supplicant is otherwise no longer present on the port, the ports QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned
Page
Page
Chapter 4 Security
Value of Tunnel-Type must be set to VLAN ordinal
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.6 AAA
Page
Figure 4-16. The RADIUS Authentication Configuration screen
Figure 4-17. The RADIUS Accounting Configuration screen
Figure 4-18. The TACACS+ Authentication Configuration screen
Chapter 4 Security
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.7 Port Security
Page
Chapter 4 Security
Port Configuration
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
This section shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules, including the user modules. When a user module has enabled port security on a port, the port is set up for software-based learning. In this mode, frames from unknown MAC addresses are passed on to the port security module, which in turn asks all user modules whether to allow this new MAC address to forward or block it. For a MAC address to be set in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, it will be blocked until that user module decides otherwise
Page
Chapter 4 Security
4.8 Access Management
Page
Chapter 4 Security
Page
Chapter 4 Security
4.9 SSH
Page
Chapter 4 Security
4.10 HTTPS
Page
Chapter 4 Security
4.11 Authentication Method
Page
Chapter 5 Maintenance
5. Maintenance
5.1 Restart Device
Page
Chapter 5 Maintenance
5.2 Firmware
Page
Page
Chapter 5 Maintenance
5.2.2 Firmware Selection
Chapter 5 Maintenance
5.3 Save / Restore
Page
Page
Chapter 5 Maintenance
5.3.2 Save Start
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
5.4 Export / Import
Page
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
5.5 Diagnostics
Page
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
Page
Appendix Glossary of Web-Based Management Terms
Appendix
Page
Page
Appendix
CDP CDP is an acronym for Cisco Discovery Protocol
Appendix
DSCP DSCP is an acronym for Differentiated Services Code Point. It is a field in the header of IP packets for packet classification purposes
Page
Page
Appendix
IPMC IPMC is an acronym for IP MultiCast
Appendix
MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU-T Y.1731
Page
Page
Appendix
Policer A policer can limit the bandwidth of received frames. It is located in front of the ingress queue
Appendix
SNAP The SubNetwork Access Protocol SNAP is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point SAP fields. SNAP supports identifying protocols by Ethernet type field values it also supports vendor-private protocol identifier
Page
Appendix
UDP provides two services not provided by the IP layer. It provides port numbers to help distinguish different user requests and, optionally, a checksum capability to verify that the data arrived intact. Common network applications that use UDP include the Domain Name System DNS, streaming media applications such as IPTV, Voice over IP VoIP, and Trivial File Transfer Protocol TFTP
Page
Tech support the way it should be
Black Box Tech Support FREE! Live. 24/7
About Black Box