Manuals / Planet Technology / Computer Equipment / Switch

Planet Technology SGSW-24040R, WGSW-24040R user manual MAC Table Learning, Auto, Disable, Secure

Models: SGSW-24040R WGSW-24040R

1 308

Download 308 pages 62.4 Kb

Page 185

User’s Manual of WGSW-24040 / WGSW-24040R

SGSW-24040 / SGSW-24040R

4.13Port Security (To be Continued)

Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port.

When port security is enabled on a port, the Managed Switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be authorized to access the network through that port. If a device with an unauthorized MAC address attempts to use the switch port, the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message.

<source MAC address, VLAN> pair for frames received on the port.

Note that you can also manually add secure addresses to the port using the Static Address Table. The selected port will stop learning. The MAC addresses already in the address table will be retained and will not age out. Any other device that attempts to use the port will be prevented from accessing the switch.

MAC Table Learning

Figure 4-13-1Port Security Settings screenshot

The page includes the following fields:


Object		Description
•	Auto	Learning is done automatically as soon as a frame with unknown SMAC is
		received.

•	Disable	No learning is done.

•	Secure	Only static MAC entries are learned, all other frames are dropped.

185

Image 185

Planet Technology SGSW-24040R, WGSW-24040R user manual MAC Table Learning, Auto, Disable, Secure

Contents

User’s Manual Disclaimer TrademarksFCC Warning CE Mark Warning Weee WarningTable of Conetnts 5.1 118 105132 140181 159185 187212 208244 229237 265 251257 277 272282 287293 290295 297Product Description Packet ContentsHigh Performance How to Use This Manual High-performance 5GbE Stacking interface ¾ Layer 2 Features Product Features¾ Physical Port 24-Port 10/100/1000Base-T Gigabit Ethernet RJ-45¾ Security ¾ Multicast¾ Management ¾ StackingHardware Specification Product SpecificationTraffic classification based, Strict priority and WRR Hardware Description Switch Front PanelGigabit TP interface Gigabit SFP slotsAbout 1~3 second Reset buttonStack ID Master LEDLED Indications Off To indicate that the SFP port is link down 1000Base-SX/LX SFP interfaces Shared Port-21~Port-24Speed 1000Mbps 5Rear panel of WGSW-24040 Switch Rear PanelCascade UP AC Power ReceptacleStack ports 9SGSW-24040 / SGSW-24040R Stack Ports DC Power ConnectorDesktop Installation Install the SwitchRack Mounting Supply power to the Managed Switch13Plug-in the SFP transceiver Installing the SFP transceiver„ Remove the transceiver module „ Approved Planet SFP Transceivers„ Connect the fiber cable Page Power switch in the OFF position and the DC power is OFF Connecting DC Power Supply WGSW-24040R / SGSW-24040RSGSW-24040 / SGSW-24040R Stack InstallationManagement Stacking Connecting Stacking cableStack ID Master LED 21Separated Stack connection This chapter covers the following topics RequirementsMethod Advantages Disadvantages Management Access OverviewAdministration Console „ 115200 bps „ 8 data bits „ No parity „ 1 stop bit Direct AccessWeb Management 4Web main screen of Managed SwitchVirtual Terminal Protocols SNMP-Based Network ManagementProtocols Management Architecture Snmp ProtocolAbout Web-based Management WEB ConfigurationHttp//192.168.0.100 „ Logging on the switchPage Panel Display Main WEBState RJ-45 Ports SFP Ports Stack PortsMain Menu 5WGSW/SGSW Managed Switch Main Funcrions MenuSystem IP ConfigurationSystem Information Page IP Configuration Old Password User AuthenticationNew Password PasswordSntp Configuration Click System Web Firmware Upgrade WEB Firmware UpgradeUpgrade button Tftp Firmware UpgradeClick System -TFTP Firmware Upgrade Tftp Server IP8TFTP Firmware upgrade pop-up message „ Configuration Download Configuration Save„ Configuration Upload Configuration UploadPage Factory Default System Reboot 18Set Start-up screenshot „ Example 1 Save Current Configuration setting19Download system software screenshot „ Example 2 Downloading System Software from a Server„ Example 3 Downloading Configuration Settings from a Server „ Example 4 Saving or Restoring Configuration Settings Simple Network Management Protocol Snmp System ConfigurationSnmp Overview Snmp OperationsVersion ModeRead Community Write CommunitySnmp Trap Configuration Snmp System Information ConfigurationSystem Contact System NameTrap Version Trap ModeTrap Community Trap DestinationSNMPv3 Accesses Configuration SNMPv3 ConfigurationDelete Group NameSecurity Model SNMPv3 Communities ConfigurationSecurity Level Read View NameSecurity Name SNMPv3 Groups ConfigurationAuthentication SNMPv3 Users ConfigurationUser Name ProtocolPrivacy Password SNMPv3 Views ConfigurationPrivacy Protocol View NameOID Subtree „ Example Add a new SNMPv3 userView Type 9SNMPv3 Users-NEW page screenshot „ Example Add a new SNMPv3 Group11SNMPv3 Groups-NEW page screenshot Port Management Port ConfigurationPort Power ControlLink Flow Control2Port Statistics Overview page screenshot Port Statistics OverviewDetailed Port Statistics Receive Total and Transmit Total Receive Error CountersReceive and Transmit Size Counters Receive and Transmit Queue CountersTx Drops Port Mirroring ConfigurationTransmit Error Counters Port to mirror to Mirror Port Configuration6Port Mirror Configuration page screenshot „ Sgsw Stackable Switch1Link Aggregation Link AggregationPage Static Aggregation Group Configuration Static Aggregation ConfigurationHash Code Contributors Destination MACPort Members LocalityGroup ID Lacp Enabled Lacp ConfigurationKey RoleLacp Port Status Lacp System StatusPartner Port LacpLacp Transmitted Lacp statisticsLacp Received DiscardedVlan Overview VlanIeee 802.1Q Standard Ieee 802.1Q Vlan802.1Q Vlan Tags Port Vlan ID Vlan Classification Vlan Basic Information ObjectDescription Vlan ModeSupported VLANs VLANs Vlan LearningUnderstand nomenclature of the Switch Vlan Port ConfigurationPvid This is the logical port number for this rowLink Type In-Q ModeEther type Port Vlan IDVlan ID Vlan Membership Configuration„ Adding Static Members to VLANs Vlan Index Overview Private Vlan Configuration„ Promiscuous ports „ Isolated portsPromiscuous Pvlan Port TypeIsolated Bridge Protocol Data Units Rapid Spanning Tree ProtocolPort transitions from one state to another as follows Creating a Stable STP TopologySTP Port States Except by setting priority ConfigurableSTP Parameters STP Operation Levels BelowForward Delay Timer Maximum Age TimerVariable Description Default Value Port Priority Default Spanning-Tree Configuration Feature Default ValueIllustration of STP 110 Forward Delay Rstp System ConfigurationSystem Priority Max AgeRstp Bridge Status Path Cost Rstp Port ConfigurationRstp Enabled Point2Point PriorityEdge Port Type Link Type Ieee 802.1w-2001 Ethernet Rstp Port Status Rstp Rstp Port StatisticsSTP TCNQoS Terminology Quality of ServiceUnderstand QOS QCL # QoS Control List ConfigurationQCE Type Frame.The following QCE types are supportedTraffic Class QoS Control Entry ConfigurationType Value Port QoS Configuration Queuing Mode Default ClassQueue Weighted User PriorityApplication Rules QCL Configuration WizardSet up Policy Rules QCL ID Includes the folling fileds Object DescriptionFrames that hit this QCE are set to match this specific QCL Port in a QCL member, click the radio buttonGames Set up Typical Network Application RulesAudio and Video Select the QCL ID to which these QCEs apply User DefinitionButtons Set up ToS Precedence Mapping Set up Vlan Tag Priority Mapping QoS Statistics Bandwidth Control Frame Type Storm Control ConfigurationStatus RateAbout the Internet Group Management Protocol Igmp Snooping MulticastIgmp Snooping 133 0x12 Igmp Versions 10x17 „ Igmp Querier Idle MemberFlooding enabled Igmp Snooping ConfigurationEnabled Igmp Querier Igmp SnoopingFast Leave Igmp Port Related ConfigurationRouter Port Vlan ID of the entry Igmp Snooping StatusObject Description Multicast Address Table Overview of MAC-Based Authentication Ieee 802.1X Network Access ControlOverview of 802.1X Port-Based Authentication „ Device Roles Understanding Ieee 802.1X Port-Based Authentication„ Authentication Initiation and Message Exchange „ Ports in Authorized and Unauthorized States 10-2EAP message exchangeRadius Secret 10.2 802.1X System ConfigurationRadius IP Enabled ReauthenticationEAP Timeout Period10.3 802.1X and MAC-Based Authentication Port Configuration Max Clients Port StateRestart State 10.4 802.1X Port StatusLast Source Last ID10-6802.1X Statistics Port 1 page screenshot 10.5 802.1X and MAC-Based Authentication StatisticsDirection Name Ieee Name Description Eapol CountersDescription Port-based Radius Counters Direction Name Ieee NameMAC-based Port- and MAC-basedMAC-based „ Last Supplicant/Client InfoWindows Platform Radius Server Configuration 155 „ Configure Sample EAP-MD5 Authentication 10.7 802.1X Client Configuration157 158 Ingress Port Access Control ListsAccess Control List Configuration Rate Limiter ActionPort Copy LoggingSwitch ACE Configuration„ Vlan Parameters „ MAC ParametersSmac Filter Dmac FilterARP/ Rarp „ ARP ParametersIP/Ethernet Length „ IP ParametersEthernet IP Protocol FilterIP TTL „ TCP/UDP Parameters „ Icmp ParametersTCP SYN TCP FINTCP PSH TCP ACKEtherType Filter ACL Configuration wizard„ Ethernet Type Parameters 11-3Set up Policy Rules page screenshot Policy 5 for guest ports Internet access onlyPolicy ID Set up Port PoliciesInstant Messaging Common ServersMSN Messenger Google Talk Yahoo Messenger Ethernet TypeSnmp Traps NetBIOS Ping Request Ping ReplyOthers 173 Source IP Address Set up Source MAC and Source IP BindingBinding Enabled UDP DoS Fraggle Set up DoS Attack Detection RulesIcmp DoS Smurf DeathPort n Switch nPolicy n DenyRate Limiter ID ACL Rate Limiter Configuration16K 32K 64K 128K 512KACL Ports Configuration 180 Aging Configuration MAC Address Table ConfigurationRange 10-10000000 seconds Default 300 seconds Address TableStatic MAC Table Configuration Dynamic MAC Table MAC Address Table StatusNavigating the MAC Table MAC Table Columns184 MAC Table Learning DisableAuto Secure186 Link Layer Discovery Protocol LldpTx Interval Lldp Configuration„ Lldp Parameters Tx Delay „ 4.14.2.2 Lldp Port ConfigurationTx Hold Tx ReinitSys Name Port DescrSys Descr Sys CapaLldp Neighbor „ Global Counters Lldp StatisticsLocal Counters Cable Status Cable DiagnosticsNetwork Diagnastics Ping Size PingDestination IP Address „ Ring topology „ Chain topology same as a disconnected ring Stacking SGSW-24040 / SGSW-24040R197 „ Assigning and Swapping Switch IDs Switch IDs„ Removing a Switch From the Stack „ Replacing a SwitchStack Redundancy „ General Switch ID Assignment RulesMaster Election Utilize all stack links in the ring Shortest Path ForwardingStack Configuration Stack Information Master Switch„ Stack Topology „ Stack List„ Master Forwarding Table 16-10Port State Overview page screenshot Stack Port State OvewviewStack Example „ Identify the Master Switch206 207 Logon to the Console Accessing the CLI„ Configure IP address Configure IP addressSubnet Mask Gateway Switch/ ip setup 192.168.1.100 255.255.255.0Telnet login Command Groups System CommandSystem Configuration SyntaxExample System RebootSystem Restore Default System Prompt Default SettingSystem Name System Sntp System PasswordSystem Firmware Load System Timezone217 Parameters IP ConfigurationSyntax IP Ping IP Setup220 Port State Port Management CommandPort Configuration Port Flow Control Port ModePort Maximum Frame Port Excessive Port PowerPort VeriPHY Port StatisticsPort Numbers Mirror SID Mirror ConfigurationMirror Port Mirror Mode Aggregation Configuration Link Aggregation CommandAggregation Add Parameters portlist Port listAggregation Lookup Aggregation DeleteAggregation Mode Lacp Configuration Lacp Key Lacp ModeLacp Status Lacp RoleLacp Statistics 236 Vlan Mode Vlan Configuration CommandVlan Configuration Tagged Allow tagged frames only Vlan Frame TypeAll Vlan Link Type Vlan Ingress FilterMan Set out layer Vlan tag ether type MAN Vlan Q-in-Q ModeVlan Ethernet Type Vlan Delete Vlan AddVlan Lookup Pvlan Isolate Pvlan ConfigurationRstp SysPrio Spanning Tree Protocol CommandRstp Configuration Rstp Age Rstp DelayRstp Version Rstp ModeNormal Rstp Default Setting Rstp Priority Rstp CostRstp P2P Rstp EdgeRstp Status Rstp mCheck Rstp StatisticsIgmp Mode Multicast Configuration CommandIgmp Configuration Igmp State Igmp Fast Leave Igmp QuerierIgmp Router Igmp Status Igmp FloodingIgmp Groups 256 QoS Configuration Quality of Service CommandQoS Default QoS ClassesQoS QCL Port QoS Tag PriorityQoS QCL Add Qclid QCL ID Default SettingParameters Qclid QceidQoS QCL Lookup QoS QCL DeleteQoS Rate Limiter QoS ModeQoS Weight QoS Shaper QoS Multicast QoS UnicastQoS Broadcast Dotx1 Mode 802.1x Port Access Control CommandDot1x Configuration Dot1x Server Dot1x StatusDot1x Secret Dot1x AuthenticateDot1x Period Dot1x Re-authenticationDot1x Statistics Dot1x TimeoutParameters Portlist Dot1x ClientsDot1x Agetime Dot1x Holdtime ACL Action Access Control List CommandACL Configuration ACL Rate ACL PolicyACL Add ACL Delete ACL Lookup Mac Add MAC Address Table CommandMAC Configuration MAC Lookup MAC DeleteMAC Learning MAC Age TimeMAC Statistics MAC DumpMAC Flash Lldp Mode Lldp CommandLldp Configuration Lldp Interval Lldp Optional TLVLldp Hold Lldp DelayLldp Information Lldp ReinitLldp Statistics Stack Master Reelect Stack Management CommandStack List Stack SID Delect Stack SelectStack SID Swap Stack SID Asign Store-and-Forward LearningForwarding & Filtering If attached device is 100Base-TX port will set to Auto-Negotiation292 Performance is bad Solution Link LED is not lit SolutionWhy the Switch doesnt connect to the network Solution Switch does not power up Solution„ While IP Address be changed or forgotten admin password Stacking not functioning Solution10/100Mbps, 10/100Base-TX Switchs RJ-45 Pin AssignmentsRJ-45 Connector pin assignment Contact = Brown Straight Cable= Brown Straight Cable ACL ACEAggregation ARPDhcp DESDNS DoSEthernet Type DscpFTP HttpIeee IcmpIgmp ImapMAC Table IpmcLldp MD5 NetBIOSMirroring NFSPolicer PingPOP3 Private VlanQoS QCLRarp SambaSmtp SHASnmp SntpTelnet TCPTftp ToSUDP 308