Page is loading ...
MANAGEMENT GUIDE
Web Smart
10-Port GE PoE Switch
SMCGS10P-Smart
No. 1, Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
TEL: +886 3 5638888
Fax: +886 3 6686111
Web Smart 10-Port GE PoE Switch
Management Guide
February 2012
Pub. # 149100000169A
SMC-UG-0212-02
Information furnished by SMC Networks, Inc. (SMC) is believed to be accurate and reliable.
However, no responsibility is assumed by SMC for its use, nor for any infringements of patents or
other rights of third parties which may result from its use. No license is granted by implication or
otherwise under any patent or patent rights of SMC. SMC reserves the right to change specifications
at any time without notice.
Copyright © 2012 by
SMC Networks, Inc.
No. 1 Creation Road III,
Hsinchu Science Park,
30077, Taiwan, R.O.C.
All rights reserved
Trademarks:
SMC is a registered trademark; and Barricade, EZ Switch, TigerStack, TigerSwitch, and TigerAccess
are trademarks of SMC Networks, Inc. Other product and company names are trademarks or
registered trademarks of their respective holders.
– 4 –
WARRANTY AND PRODUCT REGISTRATION
To register SMC products and to review the detailed warranty statement,
please refer to the Support Section of the SMC Website at http://
www.smc.com.
– 5 –
ABOUT THIS GUIDE
PURPOSE This guide gives specific information on how to operate and use the
management functions of the switch.
AUDIENCE The guide is intended for use by network administrators who are
responsible for operating and maintaining network equipment;
consequently, it assumes a basic working knowledge of general switch
functions, the Internet Protocol (IP), and Simple Network Management
Protocol (SNMP).
CONVENTIONS The following conventions are used throughout this guide to show
information:
N
OTE
:
Emphasizes important information or calls your attention to related
features or instructions.
C
AUTION
:
Alerts you to a potential hazard that could cause loss of data, or
damage the system or equipment.
W
ARNING
:
Alerts you to a potential hazard that could cause personal injury.
RELATED PUBLICATIONS The following publication details the hardware features of the switch,
including the physical and performance-related characteristics, and how to
install the switch:
The Installation Guide
Also, as part of the switch’s software, there is an online web-based help
that describes all management related features.
A
BOUT
T
HIS
G
UIDE
– 6 –
REVISION HISTORY This section summarizes the changes in each revision of this guide.
FEBRUARY 2012 REVISION
This is the second version of this guide. This guide is valid for software
release v1.0.0.3. It includes the following changes:
â—† Updated phone and fax numbers for SMC headquarters
â—† Corrrected PVLAN ID range to 1-10
OCTOBER 2011 REVISION
This is the first version of this guide. This guide is valid for software release
v1.0.0.3.
– 7 –
CONTENTS
WARRANTY AND PRODUCT REGISTRATION 4
A
BOUT THIS GUIDE 5
C
ONTENTS 7
F
IGURES 13
T
ABLES 17
SECTION I GETTING STARTED 19
1INTRODUCTION 20
Key Features 20
Description of Software Features 21
System Defaults 25
2INITIAL SWITCH CONFIGURATION 28
SECTION II WEB CONFIGURATION 30
3USING THE WEB INTERFACE 31
Navigating the Web Browser Interface 31
Home Page 31
Configuration Options 32
Panel Display 32
Main Menu 33
4CONFIGURING THE SWITCH 41
Configuring System Information 41
Setting an IP Address 42
Setting an IPv4 Address 42
Setting an IPv6 Address 44
Configuring NTP Service 46
Configuring Remote Log Messages 47
Configuring Power Reduction 48
C
ONTENTS
– 8 –
Controlling LED Intensity 48
Reducing Power to Idle Queue Circuits 50
Configuring Thermal Protection 51
Configuring Port Connections 52
Configuring Security 55
Configuring User Accounts 55
Configuring User Privilege Levels 57
Configuring The Authentication Method For Management Access 59
Configuring SSH 61
Configuring HTTPS 62
Filtering IP Addresses for Management Access 63
Using Simple Network Management Protocol 65
Configuring Port Limit Controls 75
Configuring Authentication Through Network Access Servers 77
Filtering Traffic with Access Control Lists 88
Configuring DHCP Snooping 99
Configuring DHCP Relay and Option 82 Information 101
Configuring IP Source Guard 102
Configuring ARP Inspection 106
Specifying Authentication Servers 109
Creating Trunk Groups 111
Configuring Static Trunks 112
Configuring LACP 114
Configuring the Spanning Tree Algorithm 116
Configuring Global Settings for STA 118
Configuring Multiple Spanning Trees 122
Configuring Spanning Tree Bridge Priorities 124
Configuring STP/RSTP/CIST Interfaces 125
Configuring MIST Interfaces 129
Multicast VLAN Registration 130
IGMP Snooping 133
Configuring Global and Port-Related Settings for IGMP Snooping 134
Configuring VLAN Settings for IGMP Snooping and Query 137
Configuring IGMP Filtering 139
MLD Snooping 140
Configuring Global and Port-Related Settings for MLD Snooping 140
C
ONTENTS
– 9 –
Configuring VLAN Settings for MLD Snooping and Query 143
Configuring MLD Filtering 145
Link Layer Discovery Protocol 146
Configuring LLDP Timing and TLVs 146
Configuring LLDP-MED TLVs 149
Power over Ethernet 155
Configuring the MAC Address Table 158
IEEE 802.1Q VLANs 160
Assigning Ports to VLANs 161
Configuring VLAN Attributes for Port Members 162
Configuring Private VLANs 165
Using Port Isolation 166
Configuring MAC-based VLANs 167
Protocol VLANs 168
Configuring Protocol VLAN Groups 169
Mapping Protocol Groups to Ports 170
Managing VoIP Traffic 171
Configuring VoIP Traffic 172
Configuring Telephony OUI 174
Quality of Service 175
Configuring Port Classification 176
Configuring Egress Port Scheduler 178
Configuring Egress Port Shaper 181
Configuring Port Remarking Mode 181
Configuring Port DSCP Translation and Rewriting 184
Configuring DSCP-based QoS Ingress Classification 186
Configuring DSCP Translation 187
Configuring DSCP Classification 188
Configuring QoS Control Lists 189
Configuring Storm Control 193
Configuring Port Mirroring 194
Configuring UPnP 196
5MONITORING THE SWITCH 199
Displaying Basic Information About the System 199
Displaying System Information 199
Displaying CPU Utilization 200
C
ONTENTS
– 10 –
Displaying Log Messages 201
Displaying Log Details 203
Displaying Thermal Protection 203
Displaying Information About Ports 204
Displaying Port Status On the Front Panel 204
Displaying an Overview of Port Statistics 205
Displaying QoS Statistics 205
Displaying QCL Status 206
Displaying Detailed Port Statistics 207
Displaying Information About Security Settings 210
Displaying Access Management Statistics 210
Displaying Information About Switch Settings for Port Security 211
Displaying Information About Learned MAC Addresses 213
Displaying Port Status for Authentication Services 214
Displaying Port Statistics for 802.1X or Remote Authentication
Service 215
Displaying ACL Status 219
Displaying Statistics for DHCP Snooping 221
Displaying DHCP Relay Statistics 222
Displaying MAC Address Bindings for ARP Packets 223
Displaying Entries in the IP Source Guard Table 224
Displaying Information on Authentication Servers 225
Displaying a List of Authentication Servers 225
Displaying Statistics for Configured Authentication Servers 226
Displaying Information on LACP 229
Displaying an Overview of LACP Groups 229
Displaying LACP Port Status 230
Displaying LACP Port Statistics 231
Displaying Information on the Spanning Tree 232
Displaying Bridge Status for STA 232
Displaying Port Status for STA 234
Displaying Port Statistics for STA 235
Displaying MVR Information 236
Displaying MVR Statistics 236
Displaying MVR Group Information 237
Showing IGMP Snooping Information 238
Showing IGMP Snooping Status 238
C
ONTENTS
– 11 –
Showing IGMP Snooping Group Information 239
Showing IPv4 SSM Information 240
Showing MLD Snooping Information 241
Showing MLD Snooping Status 241
Showing MLD Snooping Group Information 242
Showing IPv6 SSM Information 243
Displaying LLDP Information 244
Displaying LLDP Neighbor Information 244
Displaying LLDP-MED Neighbor Information 245
Displaying LLDP Neighbor EEE Information 247
Displaying LLDP Port Statistics 249
Displaying LLDP Neighbor PoE Information 250
Displaying PoE Status 251
Displaying the MAC Address Table 252
Displaying Information About VLANs 253
VLAN Membership 253
VLAN Port Status 254
Displaying Information About MAC-based VLANs 256
6PERFORMING BASIC DIAGNOSTICS 257
Pinging an IPv4 or IPv6 Address 257
Running Cable Diagnostics 258
7PERFORMING SYSTEM MAINTENANCE 261
Restarting the Switch 261
Restoring Factory Defaults 262
Upgrading Firmware 262
Managing Configuration Files 263
Saving Configuration Settings 263
Restoring Configuration Settings 264
SECTION III APPENDICES 265
ASOFTWARE SPECIFICATIONS 266
Software Features 266
Management Features 267
Standards 268
Management Information Bases 268
– 13 –
FIGURES
Figure 1: Home Page 31
Figure 2: Front Panel Indicators 32
Figure 3: System Information Configuration 42
Figure 4: IP Configuration 44
Figure 5: IPv6 Configuration 46
Figure 6: NTP Configuration 47
Figure 7: Configuring Settings for Remote Logging of Error Messages 48
Figure 8: Configuring LED Power Reduction 49
Figure 9: Configuring EEE Power Reduction 51
Figure 10: Configuring Thermal Protection 52
Figure 11: Port Configuration 54
Figure 12: Showing User Accounts 56
Figure 13: Configuring User Accounts 57
Figure 14: Configuring Privilege Levels 58
Figure 15: Authentication Server Operation 59
Figure 16: Authentication Method for Management Access 61
Figure 17: SSH Configuration 62
Figure 18: HTTPS Configuration 63
Figure 19: Access Management Configuration 64
Figure 20: SNMP System Configuration 69
Figure 21: SNMPv3 Community Configuration 70
Figure 22: SNMPv3 User Configuration 72
Figure 23: SNMPv3 Group Configuration 73
Figure 24: SNMPv3 View Configuration 74
Figure 25: SNMPv3 Access Configuration 75
Figure 26: Port Limit Control Configuration 77
Figure 27: Using Port Security 78
Figure 28: Network Access Server Configuration 88
Figure 29: ACL Port Configuration 90
Figure 30: ACL Rate Limiter Configuration 91
Figure 31: Access Control List Configuration 98
F
IGURES
– 14 –
Figure 32: DHCP Snooping Configuration 101
Figure 33: DHCP Relay Configuration 102
Figure 34: Configuring Global and Port-based Settings for IP Source Guard 104
Figure 35: Configuring Static Bindings for IP Source Guard 106
Figure 36: Configuring Global and Port Settings for ARP Inspection 108
Figure 37: Configuring Static Bindings for ARP Inspection 109
Figure 38: Authentication Configuration 110
Figure 39: Static Trunk Configuration 114
Figure 40: LACP Port Configuration 116
Figure 41: STP Root Ports and Designated Ports 117
Figure 42: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree 117
Figure 43: Common Internal Spanning Tree, Common Spanning Tree, Internal
Spanning Tree 118
Figure 44: STA Bridge Configuration 122
Figure 45: Adding a VLAN to an MST Instance 124
Figure 46: Configuring STA Bridge Priorities 125
Figure 47: STP/RSTP/CIST Port Configuration 128
Figure 48: MSTI Port Configuration 130
Figure 49: MVR Concept 131
Figure 50: Configuring MVR 133
Figure 51: Configuring Global and Port-related Settings for IGMP Snooping 136
Figure 52: Configuring VLAN Settings for IGMP Snooping and Query 138
Figure 53: IGMP Snooping Port Group Filtering Configuration 139
Figure 54: Configuring Global and Port-related Settings for MLD Snooping 143
Figure 55: Configuring VLAN Settings for MLD Snooping and Query 145
Figure 56: MLD Snooping Port Group Filtering Configuration 146
Figure 57: LLDP Configuration 149
Figure 58: LLDP-MED Configuration 155
Figure 59: Configuring PoE Settings 158
Figure 60: MAC Address Table Configuration 160
Figure 61: VLAN Membership Configuration 162
Figure 62: VLAN Port Configuration 164
Figure 63: Private VLAN Membership Configuration 166
Figure 64: Port Isolation Configuration 166
Figure 65: Configuring MAC-Based VLANs 168
Figure 66: Configuring Protocol VLANs 170
Figure 67: Assigning Ports to Protocol VLANs 171
F
IGURES
– 15 –
Figure 68: Configuring Global and Port Settings for a Voice VLAN 174
Figure 69: Configuring an OUI Telephony List 175
Figure 70: Configuring Ingress Port QoS Classification 177
Figure 71: Configuring Ingress Port Tag Classification 178
Figure 72: Displaying Egress Port Schedulers 180
Figure 73: Configuring Egress Port Schedulers and Shapers 180
Figure 74: Displaying Egress Port Shapers 181
Figure 75: Displaying Port Tag Remarking Mode 183
Figure 76: Configuring Port Tag Remarking Mode 184
Figure 77: Configuring Port DSCP Translation and Rewriting 186
Figure 78: Configuring DSCP-based QoS Ingress Classification 187
Figure 79: Configuring DSCP Translation and Re-mapping 188
Figure 80: Mapping DSCP to CoS/DPL Values 189
Figure 81: QoS Control List Configuration 193
Figure 82: Storm Control Configuration 194
Figure 83: Mirror Configuration 195
Figure 84: UPnP Configuration 197
Figure 85: System Information 200
Figure 86: CPU Load 201
Figure 87: System Log Information 202
Figure 88: Detailed System Log Information 203
Figure 89: Thermal Protection Status 204
Figure 90: Port State Overview 204
Figure 91: Port Statistics Overview 205
Figure 92: Queueing Counters 206
Figure 93: QoS Control List Status 207
Figure 94: Detailed Port Statistics 209
Figure 95: Access Management Statistics 210
Figure 96: Port Security Switch Status 212
Figure 97: Port Security Port Status 213
Figure 98: Network Access Server Switch Status 215
Figure 99: NAS Statistics for Specified Port 219
Figure 100: ACL Status 220
Figure 101: DHCP Snooping Statistics 222
Figure 102: DHCP Relay Statistics 223
Figure 103: Dynamic ARP Inspection Table 224
F
IGURES
– 16 –
Figure 104: Dynamic IP Source Guard Table 224
Figure 105: RADIUS Overview 225
Figure 106: RADIUS Details 229
Figure 107: LACP System Status 230
Figure 108: LACP Port Status 231
Figure 109: LACP Port Statistics 231
Figure 110: Spanning Tree Bridge Status 234
Figure 111: Spanning Tree Detailed Bridge Status 234
Figure 112: Spanning Tree Port Status 235
Figure 113: Spanning Tree Port Statistics 236
Figure 114: MVR Statistics 237
Figure 115: MVR Group Information 238
Figure 116: IGMP Snooping Status 239
Figure 117: IGMP Snooping Group Information 240
Figure 118: IPv4 SSM Information 241
Figure 119: MLD Snooping Status 242
Figure 120: MLD Snooping Group Information 243
Figure 121: IPv6 SSM Information 243
Figure 122: LLDP Neighbor Information 245
Figure 123: LLDP-MED Neighbor Information 247
Figure 124: LLDP Neighbor EEE Information 248
Figure 125: LLDP Port Statistics 250
Figure 126: LLDP Neighbor PoE Information 251
Figure 127: Power over Ethernet Status 252
Figure 128: MAC Address Table 253
Figure 129: Showing VLAN Members 254
Figure 130: Showing VLAN Port Status 255
Figure 131: Showing MAC-based VLAN Configuration 256
Figure 132: ICMP Ping 258
Figure 133: VeriPHY Cable Diagnostics 259
Figure 134: Restart Device 261
Figure 135: Factory Defaults 262
Figure 136: Software Upload 263
Figure 137: Configuration Save 264
Figure 138: Configuration Upload 264
– 17 –
TABLES
Table 1: Key Features 20
Table 2: System Defaults 25
Table 3: Web Page Configuration Buttons 32
Table 4: Main Menu 33
Table 5: HTTPS System Support 63
Table 6: SNMP Security Models and Levels 65
Table 7: Dynamic QoS Profiles 81
Table 8: QCE Modification Buttons 92
Table 9: Recommended STA Path Cost Range 126
Table 10: Recommended STA Path Costs 126
Table 11: Default STA Path Costs 126
Table 12: QCE Modification Buttons 190
Table 13: System Capabilities 244
Table 14: Troubleshooting Chart 270
T
ABLES
– 18 –
– 19 –
S
ECTION
I
GETTING STARTED
This section provides an overview of the switch, and introduces some basic
concepts about network switches. It also describes the basic settings
required to access the management interface.
This section includes these chapters:
â—† "Introduction" on page 20
â—† "Initial Switch Configuration" on page 28
– 20 –
1 INTRODUCTION
This switch provides a broad range of features for Layer 2 switching. It
includes a management agent that allows you to configure the features
listed in this manual. The default configuration can be used for most of the
features provided by this switch. However, there are many options that you
should configure to maximize the switch’s performance for your particular
network environment.
KEY FEATURES
Table 1: Key Features
Feature Description
Configuration Backup
and Restore
Backup to management station using Web
Authentication Telnet, Web – user name/password, RADIUS, TACACS+
Web – HTTPS
Tel net – SS H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
General Security
Measures
Private VLANs
Port Authentication
Port Security
DHCP Snooping (with Option 82 relay information)
IP Source Guard
Access Control Lists Supports up to 256 rules
DHCP Client
DNS Client and Proxy service
Port Configuration Speed, duplex mode, flow control, MTU, response to excessive
collisions, power saving mode
Rate Limiting Input rate limiting per port (manual setting or ACL)
Port Mirroring 1 sessions, up to 10 source port to one analysis port per session
Port Trunking Supports up to 5 trunks – static or dynamic trunking (LACP)
Congestion Control Throttling for broadcast, multicast, unknown unicast storms
Address Table 8K MAC addresses in the forwarding table, 1000 static MAC
addresses, 1K L2 IGMP multicast groups and 128 MVR groups
IP Version 4 and 6 Supports IPv4 and IPv6 addressing, management, and QoS
IEEE 802.1D Bridge Supports dynamic data switching and addresses learning
Store-and-Forward
Switching
Supported to ensure wire-speed switching while eliminating bad
frames
/