Gigabit Managed Switches
Managed Gigabit Switch
LGB1108A LGB1126A LGB1148A
Customer Support Information
Trademarks
Page
Trademarks Used in this Manual
Page
FCC Statement
NOM Statement
Normas Oficiales Mexicanas Electrical Safety Statement
Instrucciones de Seguridad
Page
Table of Contents
Table of Contents
Page
Page
Chapter 1 Overview
Chapter 1 Overview
Page
3.13 GVRP
Chapter 1 Overview
Page
4.6 AAA
1 Overview
Chapter 1 Overview
Page
1.1 Initial Configuration
Chapter 1 Overview
Page
The Gigabit Managed Switch supports a simple user management function allowing only one administrator to configure the system at the same time. If there are two or more users using an administrator’s identity, it will only allow the one who logs in first to configure the system. The rest of the users, even with an administrator’s identity, can only monitor the system. Those who have no administrator’s identity can only monitor the system. There is a maximum of three users able to login simultaneously in the Gigabit Managed Switch
Chapter 1 Overview
Page
Figure 1-2. Accessing the on-line help function
Chapter 2 System Configuration
Page
LGB1108A
1.2 Connecting to PCs, Servers, Hubs, and Switches
Chapter 2 System Configuration
Page
1.3 Network Wiring Connections
Chapter 2 System Configuration
Page
2.1 System Information
2. System Configuration
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Device Name The name of the switch. User-defined
Page
Chapter 2 System Configuration
2.1.2 Configuration
Page
Page
Chapter 2 System Configuration
2.2 Time
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Daylight Savings Time Set Offset Daylight savings time is used in some countries. If you select this setting, the unit will adjust the time, forward or backward in increments of one hour, between the starting date and the ending date that you select. For example, if you set the daylight savings offset to be 1 hour, when the time reaches the starting time, the system time will be increased one hour. And when the time reaches the ending time, the system time will be decreased one hour
Page
2.3 Account
Chapter 2 System Configuration
Page
Page
Chapter 2 System Configuration
Chapter 2 System Configuration
Page
2.3.2 Privilege Levels
Chapter 2 System Configuration
Page
Parameter Description Group Name
2.4 IP Internet Protocol
Chapter 2 System Configuration
Page
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
2.5 Syslog
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
2.5.2 Log
Page
Chapter 2 System Configuration
2.6 SNMP
Chapter 2 System Configuration
Page
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Chapter 2 System Configuration
Page
None No privacy protocol
Page
Chapter 2 System Configuration
Page
Chapter 2 System Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
2.6.7 Trap
Page
Chapter 3 Configuration
3.1 Port
3. Configuration
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
3.1.3 Traffic Overview
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Receive Queue Counters
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
3.1.6 SFP Information
Chapter 3 Configuration
Page
3.1.7 EEE
Page
Chapter 3 Configuration
3.2 ACL
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
This section describes how to configure Access Control List rule. An Access Control List ACL is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted. Other actions can also be invoked when a matching packet is found, including rate limiting, copying matching packets to another port or to the system log, or shutting down a port
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.3 Aggregation
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.4 Spanning Tree
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.5 IGMP Snooping
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Type Indicates the Type. It can be either Allow or Deny
3.6 MLD Snooping
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.7 MVR
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.8 LLDP
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Figure 3-44. The LLDP-MED Configuration screen
Page
Chapter 3 Configuration
Page
Parameter Description Coordinates Location
Chapter 3 Configuration
Page
Apartment Unit Apartment, suite - Example Apt Floor Floor - Example
Chapter 3 Configuration
Page
Application Type Intended use of the application types
Page
Chapter 3 Configuration
Chapter 3 Configuration
LLDP-MED Generic Endpoint Class I The LLDP-MED Generic Endpoint Class I definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA-1057, however do not support IP media or act as an end-user communication appliance. Such devices may include but are not limited to IP Communication Controllers, other communication related servers, or any device requiring basic services as defined in TIA-1057
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.9 Filtering Data Base
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
33-33-FF-A8-01-01 your switch MAC address for IPv6 global IP
00-40-C7-73-01-29 your switch MAC address for IPv4
NOTE the following MAC addresses
FF-FF-FF-FF-FF-FF for Broadcast
3.10 VLAN
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
NOTE The port must be a member of the same VLAN as the Port VLAN ID
Page
Table 3-1 Port Types
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
NOTE Special character and underscore are not allowed
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.11 Voice VLAN
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.12 GARP
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.13 GVRP
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.14 QoS
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Click the Port Index to set the QoS Egress Port Schedulers
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Click the Port Index to set the QoS Egress Port Shapers
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Click the Port Index to set the QoS Port Tag Remarking
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
Chapter 3 Configuration
Page
Any All types of Destination MAC addresses are allowed
Chapter 3 Configuration
5. IPv4 A valid protocol IP may range from 0-255 TCP or UDP or ’Any’. A specific Source IP address in the value/mask format or ’Any’. The IP and Mask are in the format x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When the Mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.15 Thermal Protection
Chapter 3 Configuration
Page
Chapter 3 Configuration
NOTE The temperature means the MAC and PHY chipset’s TA temperature, not the PSU device or environment temperature. Do not set environment temperature limitation value
Page
3.16 sFlow Agent
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
Page
Chapter 3 Configuration
3.17 Loop Protection
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.18 Single IP
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.19 Easy Port
Chapter 3 Configuration
Page
Page
Chapter 3 Configuration
3.20 Mirroring
Chapter 3 Configuration
Page
3.21 Trap Event Severity
Chapter 3 Configuration
Page
3.22 SMTP Configuration
Chapter 3 Configuration
Page
3.23 UPnP
Chapter 3 Configuration
Page
4. Security
Chapter 4 Security
4.1. IP Source Guard
Page
Page
Chapter 4 Security
Page
Chapter 4 Security
4.2 ARP Inspection
Chapter 4 Security
Page
Page
Chapter 4 Security
Page
Chapter 4 Security
4.3 DHCP Snooping
Chapter 4 Security
Page
Page
Chapter 4 Security
4.4 DHCP Relay
Chapter 4 Security
Page
Page
Chapter 4 Security
Page
Chapter 4 Security
4.5 NAS
Chapter 4 Security
Page
When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time. This parameter controls exactly this period and can be set to a number between 10 and 1,000,000 seconds
Chapter 4 Security
Page
Page
Chapter 4 Security
Multi 802.1X In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port for instance through a hub to piggyback on the successfully authenticated client and get network access even though they really arent authenticated. To overcome this security breach, use the Multi 802.1X variant
Chapter 4 Security
Page
RADIUS-Assigned QoS Enabled When RADIUS-Assigned QoS is both globally enabled and enabled checked on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicants port will be classified to the given QoS Class. If re-authentication fails or the RADIUS Access-Accept packet no longer carries a QoS Class or its invalid, or the supplicant is otherwise no longer present on the port, the ports QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned
Chapter 4 Security
Page
Chapter 4 Security
Page
Value of Tunnel-Type must be set to VLAN ordinal
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.6 AAA
Chapter 4 Security
Page
Figure 4-17. The RADIUS Accounting Configuration screen
Figure 4-16. The RADIUS Authentication Configuration screen
Figure 4-18. The TACACS+ Authentication Configuration screen
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
Page
Chapter 4 Security
4.7 Port Security
Chapter 4 Security
Page
Port Configuration
Chapter 4 Security
Page
Page
Chapter 4 Security
Page
Chapter 4 Security
This section shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules, including the user modules. When a user module has enabled port security on a port, the port is set up for software-based learning. In this mode, frames from unknown MAC addresses are passed on to the port security module, which in turn asks all user modules whether to allow this new MAC address to forward or block it. For a MAC address to be set in the forwarding state, all enabled user modules must unanimously agree on allowing the MAC address to forward. If only one chooses to block it, it will be blocked until that user module decides otherwise
Chapter 4 Security
Page
4.8 Access Management
Chapter 4 Security
Page
Page
Chapter 4 Security
4.9 SSH
Chapter 4 Security
Page
4.10 HTTPS
Chapter 4 Security
Page
4.11 Authentication Method
Chapter 4 Security
Page
5. Maintenance
Chapter 5 Maintenance
5.1 Restart Device
Page
5.2 Firmware
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
Page
5.2.2 Firmware Selection
5.3 Save / Restore
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
Page
5.3.2 Save Start
Page
Chapter 5 Maintenance
5.4 Export / Import
Chapter 5 Maintenance
Page
Page
Chapter 5 Maintenance
5.5 Diagnostics
Chapter 5 Maintenance
Page
Page
Chapter 5 Maintenance
Page
Chapter 5 Maintenance
Appendix
Appendix Glossary of Web-Based Management Terms
Page
Appendix
Page
CDP CDP is an acronym for Cisco Discovery Protocol
DSCP DSCP is an acronym for Differentiated Services Code Point. It is a field in the header of IP packets for packet classification purposes
Appendix
Page
Appendix
Page
IPMC IPMC is an acronym for IP MultiCast
MEP MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU-T Y.1731
Appendix
Page
Appendix
Page
Policer A policer can limit the bandwidth of received frames. It is located in front of the ingress queue
SNAP The SubNetwork Access Protocol SNAP is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point SAP fields. SNAP supports identifying protocols by Ethernet type field values it also supports vendor-private protocol identifier
Appendix
Page
UDP provides two services not provided by the IP layer. It provides port numbers to help distinguish different user requests and, optionally, a checksum capability to verify that the data arrived intact. Common network applications that use UDP include the Domain Name System DNS, streaming media applications such as IPTV, Voice over IP VoIP, and Trivial File Transfer Protocol TFTP
Appendix
Page
Black Box Tech Support FREE! Live. 24/7
Tech support the way it should be
About Black Box