Ruijie RG-NBS3100 Reyee RG-NBS Series Switch User Guide
- May 15, 2024
- RuiJie
Table of Contents
- Ruijie RG-NBS3100 Reyee RG-NBS Series Switch
- Product Usage Instructions
- Frequently Asked Questions
- Preface
- Web-based Configuration Guide
- Network management
- Basic Management
- Port Management
- L2 Multicast
- L3 Management
- Firewall Management
- Security
- Advanced Configuration
- References
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
Ruijie RG-NBS3100 Reyee RG-NBS Series Switch
Specifications:
- Product: Ruijie Reyee RG-NBS Series Switches
- Operating System: ReyeeOS 1.212
- Manufacturer: Ruijie Networks
Product Usage Instructions
1. Login:
1.1 Configuration Environment Requirements:
To access the web-based configuration interface of the Ruijie Reyee RG-NBS Series Switches, ensure that you meet the following requirements:
- Supported Browsers: Google Chrome, Internet Explorer 9.0, 10.0, and 11.0, and some Chromium/Internet Explorer kernel-based browsers (such as 360 Extreme Explorer).
- Screen Resolution: A minimum of 1024 x 768 resolution is recommended for optimal display. Using other resolutions may lead to alignment issues in fonts and formats.
Frequently Asked Questions
- Q: Where can I find technical support for the Ruijie Reyee RG-NBS Series Switches?
- A: You can visit the official website of Ruijie Reyee at https://www.ruijienetworks.com/products/reyee for technical support. Additionally, you can access technical support via the Technical Support Website, Case Portal, Community, or contact Technical Support Email at service_rj@ruijienetworks.com.
- Q: What are the GUI symbols used in the web-based configuration guide?
- A: The GUI symbols include button names, window names, tab names, field names, and menu items. For example, clicking on “OK,” selecting “Config Wizard,” or clicking on a “Download File” link. Multi-level menu items are accessed by navigating through options like “System > Time.”
- Q: What do the warning, caution, and note signs signify in the user manual?
- A: The warning sign alerts users to important rules and information that could result in data loss or equipment damage if not followed. The caution sign highlights essential information that could lead to function failure or performance degradation if not understood. The note sign provides additional or supplementary information that, if not followed, will not have serious consequences.
“`
Ruijie Reyee RG-NBS Series Switches ReyeeOS 1.212
Web-based Configuration Guide
Document Version: V1.0 Date: 2022.12.2 Copyright © 2022 Ruijie Networks
Copyright
Copyright © 2022 Ruijie Networks All rights are reserved in this document and
this statement. Any reproduction, excerption, backup, modification,
transmission, translation or commercial use of this document or any portion of
this document, in any form or by any means, without the prior written consent
of Ruijie Networks is prohibited.
Trademarks including
,
are owned by Ruijie Networks.
All other trademarks or registered trademarks mentioned in this document are owned by their respective owners.
Disclaimer
The products, services, or features you purchase are subject to commercial
contracts and terms. Some or all of the products, services or features
described in this document may not be within the scope of your purchase or
use. Unless otherwise agreed in the contract, Ruijie Networks does not make
any express or implied statement or guarantee for the content of this
document.
Due to product version upgrades or other reasons, the content of this document
will be updated from time to time. Ruijie Networks reserves the right to
modify the content of the document without any notice or prompt.
This manual is for reference only. Ruijie Networks endeavors to ensure content
accuracy and will not shoulder any responsibility for losses and damages
caused due to content omissions, inaccuracies or errors.
I
Preface
Intended Audience
This document is intended for: Network engineers Technical support and
servicing engineers Network administrators
Technical Support
Official website of Ruijie Reyee:
https://www.ruijienetworks.com/products/reyee Technical Support Website:
https://ruijienetworks.com/support Case Portal:
https://caseportal.ruijienetworks.com Community:
https://community.ruijienetworks.com Technical Support Email:
service_rj@ruijienetworks.com
Conventions
1. GUI Symbols
Interface symbol
Description
Example
Boldface
1. Button names 2. Window names, tab name, field name and menu items 3. Link
1. Click OK. 2. Select Config Wizard. 3. Click the Download File link.
Multi-level menus items
Select System > Time.
2. Signs The signs used in this document are described as follows:
Warning An alert that calls attention to important rules and information that if not understood or followed can result in data loss or equipment damage.
Caution An alert that calls attention to essential information that if not understood or followed can result in function failure or performance degradation.
Note An alert that contains additional or supplementary information that if
not understood or followed will not lead to serious consequences.
I
Specification An alert that contains a description of product or version
support. 3. Note The manual offers configuration information (including model,
description, port type, software interface) for indicative purpose only. In
case of any discrepancy or inconsistency between the manual and the actual
version, the actual version prevails.
II
Web-based Configuration Guide
Login
1 Login
1.1 Configuration Environment Requirements
1.1.1 PC
Google Chrome, Internet Explorer 9.0, 10.0, and 11.0, and some
Chromium/Internet Explorer kernel-based browsers (such as 360 Extreme
Explorer) are supported. Exceptions such as garble characters or format error
may occur if an unsupported browser is used.
1024 x 768 or a higher resolution is recommended. If other resolutions are
used, the page fonts and formats may not be aligned, the GUI is less artistic,
or other exceptions may occur.
1.2 Logging in to the Web Page
1.2.1 Connecting to the Device
Use a network cable to connect the switch port to the network port of the PC,
and configure an IP address for the PC that is on the same network segment as
the default IP of the device to ensure that the PC can ping through the
switch. For example, set the IP address of the PC to 10.44.77.100.
Table 1-1 Default settings Feature Device IP Address
Password
Default Value 10.44.77.200 Username and password are not required at your first login and you can configure the bridge directly.
1.2.2 Logging in to the Web Page
(1) Enter the IP address (10.44.77.254 by default) of the device in the
address bar of the browser to open the login page. Note
If the static IP address of the device is changed, or the device dynamically
obtains a new IP address, the new IP address can be used to access the web
management system of the device as long as the PC and the device are on the
same LAN, and their IP addresses are in the same network segment.
(2) Enter the password and click Log In to open the homepage of the web
management system.
1
Web-based Configuration Guide
Login
Username and password are not required at your first login and you can
configure the bridge directly. For device security, you are advised to set the
management password after your first login to the web management system. After
the password is set, you need to enter the password when you log in to the web
management system again. If you forget the Device IP address or password, hold
down the Reset button on the device panel for more than 5s when the device is
connected to the power supply to restore factory settings. After restoration,
you can use the default IP address and password to log in.
Caution Restoring factory settings will delete all configurations of the
device. Therefore, exercise caution when performing this operation.
1.3 Quick Setup
1.3.1 Configuration Preparations
Connect the device to the power supply, and connect the device port to an
uplink device with a network cable.
1.3.2 Procedure
1. Adding Device to Network By default, users can perform batch settings and
centralized management of all devices in the network. Therefore, before
starting configuration, you need to check and confirm the number of online
devices and network status in the network.
2
Web-based Configuration Guide
Login
Note
Under normal circumstances, when multiple new devices are powered on and
connected, they will be automatically interconnected into a network, and the
user only needs to confirm that the number of devices is correct.
If there are other devices in the network that are not added to the current network, you can click Add to My Network and enter the management password of the added device to manually add the corresponding device to the network where the device is located, and then start the network-wide configuration.
2. Creating a Web Project Click Start Setup to set the networking modes and
management password of the device. (1) Network Name: Identify the network
where the device is located. (2) Internet: Select the networking mode.
DHCP: An IP address is assigned to the device by the uplink DHCP server. By
default, the device detects whether the IP address can be dynamically
obtained. If the IP address is obtained successfully, there is no need to
manually set the IP address.
Static IP: The user manually enter a specified IP address, subnet mask,
gateway IP address, and DNS address.
(3) Management Password: Set the password for logging in to the management
page. (4) Country/Region: Select the country or region where the device is
located. (5) Time Zone: Set the system time. The network time server is
enabled to provide time services by default.
Please select your actual time zone.
3
Web-based Configuration Guide
Login
Click Create Network & Connect to deliver related configuration for
initialization and detect the network. After completing the quick setup, the
new device is connected to the Internet, and you can continue to bind the
device to the cloud account for remote management. For specific operations,
please refer to the instructions on the page to log in to the Noc Cloud
platform for configuration.
Note Click Exit in the upper right corner and follow prompts to perform
operations. Then, the device can skip
quick setup to go to the Eweb management system. To configure again after
exiting or completing the quick configuration, click the sign in the
navigation bar at the top of the web page. After changing the management
password, you need to re-visit the device management address and use the new
password to log in to the device.
1.4 Work Mode
The device supports two work modes: Standalone and Self-Organizing Network. It
works in Self-Organizing Network mode by default. The system presents
different menu items based on the work mode. To modify the work mode, see
Switching the Work Mode. Self-Organizing Network: After the self-organizing
network discovery function is enabled, the device can be discovered in the
network and discover other devices in the network. Devices network with each
other based on the device status and synchronize global configuration. You can
log in to the Web management page of the device to check management
information about all devices in the network. After self-organizing network
discovery is enabled, users can maintain and manage the current network more
efficiently. You are advised to keep this function enabled. When the device is
in self-organizing network mode, the Web page has two configuration modes: the
network mode and the local device mode. For more information, see Switching
the Management Mode. Standalone mode: If the self-organizing network discovery
function is disabled, the device will not be discovered in the network. After
logging in to the Web page, you can configure and manage only the currently
4
Web-based Configuration Guide
Login
logged in device. If only one device is configured or global configuration does not need to be synchronized to the device, you can disable the self- organizing network discovery function.
1.5 Switching the Management Mode
In standalone mode, you can configure and manage only the current logged in
device without self-organizing network function. As shown in In self-
organizing network mode, the Web page has the network mode and the local
device mode. Click the Currently in Network mode in the navigation bar and
select the desired mode from the drop-down list box.
The network mode: Display the management information of all devices in the
network and configure all devices in the current network from the network-wide
perspective. As shown in;
The local device mode: Only configure the device that you log in to. As shown
in.
5
Web-based Configuration Guide Figure1-1 The Web Page in Standalone Mode
Login
Figure1-2 The Web Page in Network Mode in Self-Organizing Mode 6
Web-based Configuration Guide Figure1-3 The Web Page in Local Device Mode in Self-Organizing Mode
Login
7
Web-based Configuration Guide
Network management
2 Network management
2.1 Overviewing Network Information
In network mode, the Overview page displays the current network topology,
uplink and downlink real-time traffic, network connection status, and number
of users and provides short-cut entries for configuring the network and
devices. Users can monitor and manage the network status of the entire network
on the page.
2.2 Viewing Networking Information
Choose Network > Overview. The networking topology contains information about
online devices, connected port numbers, device SNs, and uplink and downlink
real-time traffic.
8
Web-based Configuration Guide
Network management
Click a traffic data item to view the real-time total traffic information.
Click a device in the topology to view the running status and configuration of the device and configure device
functions. By default, the product model is used as the device name. Click so that the description can distinguish devices from one another.
to modify the device name
9
Web-based Configuration Guide
Network management
The update time is displayed in the lower-left corner of the topology view. Click Refresh to update the topology to the latest state. It takes some time to update the topology data. Please wait patiently.
10
Web-based Configuration Guide
Network management
2.3 Adding Networking Devices
2.3.1 Wired Connection
(1) When a new device connects to an existing device on the network, the
system displays the message “A device not in SON is discovered.” and the
number of such devices in orange under “Devices” on the upper-left corner of
the [Overview] page. You can click Manage to add this device to the current
network.
(2) After the system switches to the Network List page, click Other Network.
In the Other Network section, select the device to be added to the network and
click Add to My Network.
11
Web-based Configuration Guide
Network management
(3) You do not need to enter the password if the device to add is newly
delivered from factory. If the device has a password, enter the configuring
password of the device. Device addition fails if the password is incorrect.
12
Web-based Configuration Guide
Network management
2.3.2 AP Mesh
If the AP supports the AP Mesh (Reyee Mesh) function, you do not need to
connect cables after powering on the AP. The AP can be added to the current
network in Reyee Mesh mode, establish a mesh networking with other wireless
devices, and automatically synchronize Wi-Fi configuration.
Caution To scan the AP, the Reyee Mesh function must be enabled on the current network. (For details, see 0.) The AP should be powered on nearby. It may fail to be scanned in case of long distance or obstacle blocking.
(1) Place the powered new AP near an existing AP, where the new AP can receive Wi-Fi signals from the existing AP. Log in to a device in the network. On the Overview page, click +AP in the upper-right corner of the topology to scan nearby APs that do not belong to the current network and are not connected to a network cable.
(2) Select the target AP to add it to the current network. You do not need to
enter the password if the device to add is new. If the device has a password,
enter the management password of the device.
2.4 Managing Networking Devices
On the Overview page, click List in the upper-left corner of the topology or
click Devices in the menu bar to switch to the device list view. Then, you can
view all the device information in the current networking. Users only need to
log in to one device in the network to configure and manage devices in the
entire network.
13
Web-based Configuration Guide
Network management
Click the device SN to configure the specified device separately. 14
Web-based Configuration Guide
Network management
Check offline devices and click Delete Offline Devices to remove them from the
list and networking topology.
2.5 Configuring the Service Network
The wireless and wired network configurations of the current network are
displayed in the lower-left of the Overview page. Click Setup to switch to the
service network configuration page (or click Network > Network Planning).
15
Web-based Configuration Guide
Network management
2.5.1 Configuring the Wired Network
(1) Click Add Wired VLAN to add wired network configuration, or select an
existing wired VLAN and click Setup to modify its configuration.
(2) Configure a VLAN for wired access, specify the address pool server for
access clients in this VLAN, and determine whether to create a new DHCP
address pool. A switch or gateway device can be selected as the address pool
server. After setting the service parameters, click Next. 16
Web-based Configuration Guide
Network management
(3) Select the switch to configure in the topology, select the switch ports
added to this VLAN, and click Next.
(4) Confirm that the configuration items to be delivered are correct and then
click Save. Wait a moment for the configuration to take effect. 17
Web-based Configuration Guide
Network management
2.5.2 Configuring the Wireless Network
(1) Click Add Wi-Fi VLAN to add wireless network configuration, or select an
existing Wi-Fi VLAN and click Setup to modify its configuration.
(2) Set the Wi-Fi name, Wi-Fi password, and applicable bands. Click Next. 18
Web-based Configuration Guide
Network management
(3) Configure a VLAN for wireless access, specify the address pool server for
access clients in this VLAN, and determine whether to create a new DHCP
address pool. A switch or gateway device can be selected as the address pool
server. After setting the service parameters, click Next.
(4) Confirm that the configuration items to be delivered are correct and then
click Save. Wait a moment for the configuration to take effect. 19
Web-based Configuration Guide
Network management
2.6 Processing Alerts
Choose Network > Overview. If a network exception occurs, alert message on
this exception and the corresponding solution are displayed on the Overview
page. Click the alert message in the Alert Center section to view the faulty
device, problem details, and its solution. Troubleshoot and process the alert
according to the solution.
20
Web-based Configuration Guide
Network management
21
Web-based Configuration Guide
Network management
2.7 Viewing Online Clients
The Clients in the upper-left corner of the Overview page displays the total
number of online clients in the current network; moving the cursor to the
number of users will display the number of current wired users, wireless users
in the 2.4GHz band, and wireless users in the 5GHz band.
Click to switch to the online clients page (or click Clients > Online
Clients).
Table 2-1 Description of Online Client Information
Field
Description
Username/Type
Indicate the name and access type of the client. The access type can be wireless or wired.
Access Location
Indicate the SN of the device that the user accesses to. You can click it to view the access port during wired access.
22
Web-based Configuration Guide
Network management
Field IP/MAC Current Rate
Wi-Fi
Description The IP address and the MAC address of the client. Indicate the uplink and downlink data transmission rates of the client. Wireless network information associated with wireless clients, including channel, signal strength, online time, negotiation rate, etc.
2.8 Smart Device Network
Caution Currently, the function is supported by RG-NBS6002 Series, RG-NBS7003
Series and RG-NBS7006 Series devices.
2.8.1 Overview
The smart device network is used to quickly plan and set up an isolation
network for smart clients, so as to isolate the client network from the normal
service network and other types of clients, and improve the stability of the
network. The smart device network supports rapid identification of various
types of clients (such as cameras, access control, background broadcasting,
smart charging piles, etc.) and batch execution of isolation planning on
clients. Compared with traditional client network planning and deployment
steps, it eliminates the tedious process, collects information and simplifies
the steps to set up client isolation. After setting up the smart device
network, the page visually displays client information, and actively alerts
abnormality, which can effectively improve the efficiency of troubleshooting.
2.8.2 Procedure
Choose Network > Clients > Smart Device Network. (1) Click Identify Client.
23
Web-based Configuration Guide
Network management
(2) Click +Client Subnet, enter the client type (which can be selected or
customized in the drop-down box), the network segment of the client, the
planned number and the corresponding server IP address to identify the client.
Multi-type client network segments can be set. Click Identify Client after
filling in.
(3) Display the identified client and client server information, including IP
address, MAC address, SN number of the connected switch and connection port.
Click to view the detailed information. If the connection information to the
client server is not identified, you need to click Configure and fill in the
relevant information manually. After confirming that the client device
information is correct, click Isolate Client.
24
Web-based Configuration Guide
Network management
(4) Input the name of the VLAN, VLAN ID, gateway address, and subnet mask of
the isolated client. Check the target network segment and click Generate
Config.
(5) After confirming the configuration, click Deliver Config. If you need to
modify it, you can click Previous to return to the setting page. 25
Web-based Configuration Guide
Network management
(6) The page displays that the configuration has been delivered successfully, indicating that the settings have been completed. Click the configuration item to view the configuration delivery details. After the configuration is delivered, click View Details to switch to the page that displays monitoring information of the smart device network; click Add Client to continue setting the client network segment.
(7) After completing the smart device network settings, you can view the
client monitoring information on the page, including client online status,
connection information, device information, and online and offline time.
Select the client entry and click Delete Client to remove the specified client
from the current network. Click Batch Edit Hostnames to import a txt file
containing client IP and client name (one line for each client, each line
contains an IP and a name, and the IP and the name are separated by the Tab
key), and modify the client names in batches. Click Client Subnet to modify
servers and isolate VLAN information, or add a new client network segment.
Click Delete Subnet to delete the corresponding smart device network
configuration.
26
Web-based Configuration Guide
Network management
27
Web-based Configuration Guide
Basic Management
3 Basic Management
3.1 Overviewing Switch Information
3.1.1 Basic information about the Device
Choose Local Device > Home > Basic Info. Basic information includes device
name, device model, SN number, software version, management IP, MAC address,
networking status, system time, working mode, etc.
1. Setting the device name Click the device name to modify the device name in
order to distinguish between different devices.
28
Web-based Configuration Guide
Basic Management
2. Switching the Work Mode Click the current work mode to change the work mode.
3. Setting MGMT IP Click current management IP address to jump to the
management IP configuration page. For more information, see 4.6 .
29
Web-based Configuration Guide
Basic Management
3.1.2 Hardware Monitor Information
Caution Only RG-NBS6002 Series, RG-NBS7003 Series and RG-NBS7006 Series
devices support displaying this type of information.
Choose Local Device > Home > Smart Monitoring. Display the current hardware
operating status of the device, such as the device temperature and power
supply status, etc.
3.1.3 Port Info
Choose Local Device > Home > Port Info. The port info page displays the
details of all ports currently on the switch. Click Panel View to view the
port
roles and statuses corresponding to port icons of different colors or shapes.
30
Web-based Configuration Guide
Basic Management
Move the cursor to the icon of a port (for example, Gi14) on the port panel,
and more information about the port will be displayed, including the port ID,
port status, port rate, uplink and downlink traffic, transmission rate, and
optical/electrical attribute of the port.
31
Web-based Configuration Guide
Basic Management
Traffic data is automatically updated every five minutes. You can click
Refresh above the port panel to obtain the latest port traffic and status
information simultaneously.
3.2 Port Flow Statistics
Choose Local Device > Monitor > Port Flow. Display traffic statistics such as
the rate of the device port, the number of sent and received packets, and the
number of error packets. The rate of the port is updated every five seconds.
Other traffic statistics are updated every five minutes. Select a port and
click Clear Selected, or click Clear All to clear statistics such as current
port traffic and start statistics collection again.
Note Aggregate ports can be configured. Traffic of an aggregate port is the
sum of traffic of all member ports.
32
Web-based Configuration Guide
Basic Management
3.3 MAC Address Management
3.3.1 Overview
A MAC address table records mappings of MAC addresses and interfaces to
virtual local area networks (VLANs). A device queries the MAC address table
based on the destination MAC address in a received packet. If the device finds
an entry that is consistent with the destination MAC Address in the packet,
the device forwards the packet through the interface corresponding to the
entry in unicast mode. If the device does not find such an entry, it forwards
the packet through all interfaces other than the receiving interface in
broadcast mode. MAC address entries are classified into the following types:
Static MAC address entries: Manually configured by the user. Packets whose
destination MAC address
matches the one in such an entry are forwarded through the correct interface.
This type of entries does not age. Dynamic MAC address entries: Automatically
generated by devices. Packets whose destination MAC address matches the one in
such an entry are forwarded through the correct interface. This type of
entries ages. Filtering MAC address entries: Manually configured by the user.
Packets whose source or destination MAC address matches the one in such an
entry are discarded. This type of entries does not age.
Note This section describes the management of static, dynamic, and filtering
MAC address entries, without involving multicast MAC address entries.
3.3.2 Displaying the MAC Address Table
Choose Local Device > Monitor > Clients > MAC List. Displays the MAC address
information of the device, including the static MAC address manually set by
the user, the filtering MAC address, and the dynamic MAC address automatically
learned by the device.
33
Web-based Configuration Guide
Basic Management
Querying MAC address entries: Support querying MAC address entries based on MAC address, VLAN ID or port. Select the search type, enter the search string, and click Search. MAC entries that meet the search criteria are displayed in the list. Support fuzzy search.
Note The MAC address entry capacity depends on the product. For example, the
MAC address entry capacity of the device shown in the figure above is 32K.
3.3.3 Displaying Dynamic MAC Address
Choose Local Device > Monitor > Clients > Dynamic MAC. After receiving the
packet, the device will automatically generate dynamic MAC address entries
based on the source MAC address of the packet. The current page displays the
dynamic MAC address entries learned by the device. Click Refresh to obtain the
latest dynamic MAC address entries.
34
Web-based Configuration Guide
Basic Management
Delete dynamic MAC address: Select the clear type (by MAC address, by VLAN, or
by port), enter a string for matching the dynamic MAC address entry, and click
Clear. The device will clear MAC address entries that meet the conditions.
3.3.4 Configuring Static MAC Binding
The switch forwards data based on the MAC address table. You can set a static
MAC address entry to manually bind the MAC address of a downlink network
device with the port of the device. After a static address entry is
configured, when the device receives a packet destined to this address from
the VLAN, it will forward the packet to the specified port. For example, when
802.1x authentication is enabled on the port, you can configure static MAC
address binding to implement authentication exemption.
35
Web-based Configuration Guide
Basic Management
1. Adding Static MAC Address Entries
Choose Local Device > Monitor > Clients > Static MAC. Click Add, enter the MAC
address and VLAN VLAN ID, select the port for packet forwarding, and click OK.
After the addition is successful, the MAC address table will update the entry
data.
2. Deleting Static MAC Address Entries Choose Local Device > Monitor >
Clients > Static MAC. Batch delete: In MAC List, select the MAC address
entries to be deleted and click Delete Selected. In the displayed dialog box,
click OK.
36
Web-based Configuration Guide
Basic Management
Delete an entry: In MAC List, find the entry to be deleted, click Delete in the last Action column. In the displayed dialog box, click OK.
3.3.5 Configuring MAC Address Filtering
To prohibit a user from sending and receiving packets in certain scenarios,
you can add the MAC address of the user to a filtering MAC address entry.
After the entry is configured, packets whose source or destination MAC address
matches the MAC address in the filtering MAC address entry are directly
discarded. For example, if a user initiates ARP attacks, the MAC address of
the user can be configured as a to-be-filtered address to prevent attacks.
1. Adding Filtering MAC Address Choose Local Device > Monitor > Clients > MAC
Filter. Click Add. In the dialog box that appears, enter the MAC addresses and
VLAN ID, and then click OK.
37
Web-based Configuration Guide
Basic Management
2. MAC Filter Choose Local Device > Monitor > Clients > MAC Filter. Batch
delete: In MAC List, select the MAC address entries to be deleted and click
Delete Selected. In the displayed dialog box, click OK. Delete an entry: In
MAC List, find the entry to be deleted, click Delete in the last Action
column. In the displayed dialog box, click OK.
3.3.6 Configuring MAC Address Aging Time
Set the aging time of dynamic MAC address entries learned by the device.
Static MAC address entries and filtering MAC address entries do not age. The
device deletes useless dynamic MAC address entries based on the aging time to
save entry resources on the device. An overly long aging time may lead to
untimely deletion of useless entries, whereas an overly short aging time may
lead to deletion of some valid entries and repeated learning of MAC addresses
by the device, which increases the packet broadcast frequency. Therefore, you
are advised to configure a proper aging time of dynamic MAC address entries as
required to save device resources without affecting network stability. Choose
Local Device > Monitor > Clients > Aging Time. Enter valid aging time and
click Save. The value range of the aging time is from 10 to 630, in seconds.
The value 0 specifies no aging.
38
Web-based Configuration Guide
Basic Management
3.4 Displaying ARP Information
Choose Local Device > Monitor > Clients > ARP List. When two IP-based devices
need to communicate with each other, the sender must know the IP address and
MAC address of the peer. With MAC addresses, an IP-based device can
encapsulate link-layer frames and then send data frames to the physical
network. The process of obtaining MAC addresses based on IP addresses is
called address resolution. The Address Resolution Protocol (ARP) is used to
resolve IP addresses into MAC addresses. ARP can obtain the MAC Address
associated with an IP address. ARP stores the mappings between IP addresses
and MAC addresses in the ARP cache of the device. The device learns the IP
address and MAC address of the network devices connected to its interfaces and
generates the corresponding ARP entries. The ARP List page displays ARP
entries learned by the device. The ARP list allows you search for specified
ARP entries by IP or MAC address. Click Refresh to obtain the latest ARP
entries.
Note For more ARP entry function introduction, see 6.4 .
39
Web-based Configuration Guide
Basic Management
3.5 VLAN
3.5.1 VLAN Overview
A virtual local area network (VLAN) is a logical network created on a physical
network. A VLAN has the same properties as a normal physical network except
that it is not limited by its physical location. Each VLAN has an independent
broadcast domain. Different VLANs are L2-isolated. L2 unicast, broadcast, and
multicast frames are forwarded and spread within one VLAN and will not be
transmitted to other VLANs. When a port is defined as a member of a VLAN, all
clients connected to the port are a part of the VLAN. A network supports
multiple VLANs. VLANs can make L3 communication with each other through L3
devices or L3 interfaces. VLAN division includes two functions: creating VLANs
and setting port VLANs.
3.5.2 Creating a VLAN
Choose Local Device > VLAN > VLAN List. The VLAN list contains all the
existing VLAN information. You can modify or delete the existing VLAN, or
create a new VLAN.
1. Adding a VLAN Create multiple VLANs: Click Batch Add. In the displayed
dialog box, enter VLAN ID range (separate multiple VLAN ID ranges with commas
(,)), and click OK. The VLANs added will be displayed in VLAN List.
40
Web-based Configuration Guide
Basic Management
Create a VLAN: Click Add. Enter the VLAN ID and description for the VLAN, and click OK. The VLAN added will be displayed in VLAN List.
Note The range of a VLAN ID is from 1 to 4094. You can separate multiple VLANs
to be added in batches with commas (,), and separate the start and end
VLAN IDs of a VLAN range with a hyphen (-). If no VLAN description is
configured when the VLAN is added, the system automatically creates a VLAN
description in the specified format, for example, VLAN000XX. The VLAN
descriptions of different VLANs must be unique. If the device supports L3
functions, VLANs, routed ports, and L3 aggregate ports (L3APs) share limited
hardware resources. If resources are insufficient, a message indicating
resource insufficiency for VLAN will be displayed.
2. VLAN Description Modifying
In VLAN List, Click Edit in the last Action column to modify the description
information of the specified VLAN.
3. Deleting a VLAN Batch delete VLANs: In VLAN List, select the VLAN entries
to be deleted and click Delete Selected to delete VLANs in a batch.
41
Web-based Configuration Guide
Basic Management
Delete a VLAN: In VLAN List, click Delete in the last Action column to delete
the specified VLAN.
Note The default VLAN (VLAN 1), management VLAN, native VLAN, and access VLAN
cannot be deleted. For these VLANs, the Delete button is unavailable in gray.
3.5.3 Configuring Port VLAN
1. Overview Choose Local Device > VLAN > Port List. Port List displays the
VLAN division of the current port. Create VLANs in VLAN List page (see
3.5.2Creating a VLAN) and then configure the port based on the VLANs.
42
Web-based Configuration Guide
Basic Management
You can configure the port mode and VLAN members for a port to determine VLANs that are allowed to pass through the port and whether packets to be forwarded by the port carry the tag field.
Table 3-1 Port Modes Description Port mode Function
One access port can belong to only one VLAN and allow only frames from this VLAN to pass through. This VLAN is called an access VLAN.
Access port
Access VLAN has attributes of both Native VLAN and Permitted VLAN
The frames sent from the Access port do not carry tags. When the access port
receives an untagged frame from a peer device, the local device determines
that the frame comes from the Access VLAN and adds the access VLAN ID to the
frame.
Trunk port
One trunk port supports one native VLAN and several allowed VLANs. Native VLAN
frames forwarded by a trunk port do not carry tags while allowed VLAN frames
forwarded by the trunk port carry tags.
A trunk port belongs to all VLANs of the device by default, and can forward
frames of all VLANs. You can set the allowed VLAN range to limit VLAN frames
that can be forwarded.
Note that the trunk ports on both ends of the link must be configured with the
same Native VLAN.
Hybrid port
A hybrid port supports one native VLAN and several allowed VLANs. The allowed VLANs are divided into Tag VLAN and Untag VLAN. The frames forwarded by the hybrid port from a Tag VLAN carry tags, and the frames forwarded by the hybrid port from an Untag VLAN do not carry tags. The frames forwarded by the hybrid port from Native VLAN must not carry tags, therefore Native VLAN can only belong to Untag VLAN List.
Note Whether the hybrid mode function is supported depends on the product
version.
43
Web-based Configuration Guide
Basic Management
2. Procedure
Choose Local Device > VLAN > Port List. Configure port VLANs in a batch: Click
Batch Edit, select the port to be configured on the port panel, and select the
port mode. If the port mode is Access port, you need to select Access VLAN; if
the port mode is Trunk port, you need to select Native VLAN and enter the
allowed VLAN ID range; if the port mode is Hybrid port, you need to select
Native VLAN and enter the allowed VLAN range and Untag VLAN range. Click OK to
complete the batch configuration.
Note In Hybrid mode, the allowed VLANs include Tag VLAN and Untag VLAN, and
the Untag VLAN range must include Native VLAN.
Configure one port: In Port List, click Edit in the last Action column of a
specified port, configure the port mode and corresponding VLAN, and click OK.
44
Web-based Configuration Guide
Basic Management
Note VLAN ID range is from 1 to 4094, among which VLAN 1 is the default VLAN
that cannot be deleted. When hardware resources are insufficient, the system
displays a VLAN creation failure message. Improper configuration of VLANs on a
port (especially uplink port) may cause the failure to log in to the
Eweb management system. Therefore, exercise caution when configuring VLANs.
3.5.4 Batch Switch Configuration
1. Overview You can batch create VLANs, configure port attributes, and divide
port VLANs for switches in the network. 2. Procedure Choose Network > Batch
Config. (1) The page displays all switches in the current network. Select the
switches to configure, and then select the
desired ports in the device port view that appears below. If there are a large
number of devices in the current network, select a product model from the
drop-down list box to filter the devices. After the desired devices and ports
are selected, click Next.
(2) Click Add VLAN to create a VLAN for the selected devices in a batch. If
you want to create multiple VLANs, click Batch Add and enter the VLAN ID
range, such as 3-5,100. After setting the VLANs, click Next.
45
Web-based Configuration Guide
Basic Management
(3) Configure port attributes for the ports selected in Step 1 in a batch. Select a port type. If you set Type to Access Port, you need to configure VLAN ID. If you set Type to Trunk Port, you need to configure Native VLAN and Permitted VLAN. After setting the port attributes, click Override to deliver the batch configurations to the target devices.
46
Web-based Configuration Guide
Basic Management
3.5.5 Verifying Configuration
View the VLAN and port information of switches to check whether the batch configurations are successfully delivered.
47
Web-based Configuration Guide
Port Management
4 Port Management
4.1 Overview
Ports are important components for data exchange on network devices. The port
management module allows you to configure basic settings for ports, and
configure port aggregation, switched port analyzer (SPAN), port rate limiting,
management IP address, etc.
48
Web-based Configuration Guide
Port Management
Table 4-1 Description of Port Type
Port Type
Note
Remarks
A switch port consists of a single physical port on the device and provides only the L2 switching function. Switch ports are used to manage physical port and their associated L2 protocols.
Switch Port
Described in this section
49
Web-based Configuration Guide
Port Management
Port Type
Note
Remarks
An Interface binds multiple physical members to form a logical link. For L2 switching, an aggregate port is like a high-bandwidth switch port. It can combine the bandwidths of multiple ports to expand link bandwidth. In addition, for frames sent through an L2 aggregate port, load balancing is performed on member ports of the L2 aggregate port. If one member link of the aggregate port fails, the L2 aggregate port automatically transfers traffic on this link to other available member links, improving connection reliability.
L2 aggregate port
Described in this section
50
Web-based Configuration Guide
Port Management
Port Type
Note
Remarks
A switch virtual interface (SVI) serves as the management interface of the device, through which the device can be managed. You can also create an SVI as a gateway interface, which is equivalent to the virtual interface of corresponding VLAN and can be used for inter-VLAN routing on L3 devices.
SVI Port
For related configuration, see 6.1
On L3 devices, you can configure a single physical port as a routed port and use it as the gateway interface of L3 switching. Route interfaces do not have L2 switching functions and have no corresponding relationship with VLANs, but only serve as access interfaces.
Routed Port
For related configuration, see 6.1
51
Web-based Configuration Guide
Port Management
Port Type
Note
Remarks
L3 Aggregate Port
An L3 aggregate port is a logical aggregate port group composed of multiple physical member ports, just like an L2 aggregate port. The ports to be aggregated must be L3 ports of the same type. An aggregate port serves as the gateway interface of L3 switching. It treats multiple physical links in the same aggregate group as one logical link. It is an important way to expand link bandwidth. Multiple physical links are combined into one logical link, expanding the bandwidth of a link. Frames sent over the L3 AP are balanced among the L3 AP member ports. If one member link fails, the L3 AP automatically transfers the traffic on the faulty link to other member links, improving reliability of connections.
For related configuration, see 6.1
L3 aggregate ports do not support the L2 switching function.
4.2 Port Configuration
Port configuration includes common attributes such as basic settings and
physical settings of the port. Users can adjust the port rate, set port
switch, duplex mode, flow control mode, energy efficient Ethernet switch, port
media type and MTU, etc.
4.2.1 Basic Settings
Choose Local Device > Ports > Basic Settings > Basic Settings. Support setting
whether to enable the port, the speed and duplex mode of the port, and the
flow control mode, and display the current actual status of each port.
52
Web-based Configuration Guide
Port Management
Batch configure: Click Batch Edit, select the port to be configured In the
displayed dialog box, select the port switch, rate, work mode, and flow
control mode, and click OK to deliver the configuration. In batch
configuration, optional configuration items are a common collection of
selected ports (that is, attributes supported the selected ports).
53
Web-based Configuration Guide
Port Management
Configure one port: In Port List, select a port entry and click Edit in the Action column. In the displayed dialog box, select port status, rate, work mode, and flow control mode, and click OK.
Table 4-2 Description of Basic Port Configuration Parameters
Parameter
Description
Default Value
Status
If a port is closed, no frame will be received and sent on this Enable
54
Web-based Configuration Guide
Port Management
Parameter Rate Work Mode Flow Control
Description
Default Value
port, and the corresponding data processing function will be lost, but the PoE power supply function of the port will not be affected.
Set the rate at which the Ethernet physical interface works. Set to Auto means that the port rate is determined by the auto-negotiation between the local and peer devices. The negotiated rate can be any rate within the port capability.
Auto
Full duplex: realize that the port can receive packets while sending.
Half duplex: control that the port can receive or send packets at a time.
Auto
Auto: the duplex mode of the port is determined through auto negotiation between the local port and peer port
After flow control is enabled, the port will process the received flow control frames, and send the flow control frames when congestion occurs on the port.
Disable
Note The rate of a 100M (Fa) port can be set to 100M, 10M or auto. The rate of
a GE (Gi) port can be set to 1000M, 100M, or auto. The rate of a 10G (Te) port
can be set to 10G, 1000M, or auto.
4.2.2 Physical Settings
Choose Local Device > Ports > Basic Settings > Physical Settings. Support to
enable the energy-efficient Ethernet (EEE) function of the port, and set the
media type and MTU of the port.
55
Web-based Configuration Guide
Port Management
Batch configure: Click Batch Edit. In the displayed dialog box, select the
port to be configured, configure the EEE switch, MTU, enter the port
description, and click OK.
Note Copper ports and SFP ports cannot be both configured during batch
configuration.
56
Web-based Configuration Guide
Port Management
Configure one port: Click Edit in the Action column of the list. In the displayed configuration box, configure the EEE switch, port mode, enter the port description, and click OK.
Table 4-3 Description of Physical Configuration Parameters
Parameter
Description
Default Value
EEE
Attribute Description MTU
It is short for energy-efficient Ethernet, which is based on the standard IEEE
802.3az protocol. When enabled, EEE saves energy by making the interface enter
LPI (Low Power Idle) mode when the Ethernet connection is idle.
Value: Disable/Enable
Disable
The port attribute indicates whether the port is a copper port or an SFP port. Coper port: copper mode (cannot be changed); SFP port: fiber mode (cannot be changed); Only combo ports support mode change.
Depending on the port attribute
You can add a description to label the functions of a port.
NA
MTU (Maximum Transmission Unit) is used to notify the peer of the acceptable maximum size of a data service unit. It indicates the size of the payload acceptable to the sender.. You can configure the MTU of a port to limit the length of a frame that can be received or forwarded through this port.
1500
Note
Different ports support different attributes and configuration items. Only the
SFP combo ports support port mode switching. SFP ports do not support enabling
EEE.
57
Web-based Configuration Guide
Port Management
4.3 Aggregate Ports
4.3.1 Aggregate Port Overview
An aggregate port (AP) is a logical link formed by binding multiple physical
links. It is used to expand link bandwidth, thereby improving connection
reliability. The AP function supports load balancing and therefore, evenly
distributes traffic to member links. The AP implements link backup. When a
member link of an AP is disconnected, the system automatically distributes
traffic of this link to other available member links. Broadcast or multicast
packets received by one member link of an AP are not forwarded to other member
links. If a single interface that connects two devices supports the maximum
rate of 1000 Mbps (assume that
interfaces of both devices support the rate of 1000 Mbps), when the service
traffic on the link exceeds 1000 Mbps, the excess traffic will be discarded.
Link aggregation can solve this problem. For example, use n network cables to
connect the two devices and bind the interfaces together. In this way, the
interfaces are logically bound to support the maximum traffic of 1000 Mbps ×
n. If two devices are connected through a single cable, when the link between
the two interfaces is disconnected, services carried on this link are
interrupted. After multiple interconnected interfaces are bound, as long as
there is one link available, services carried on these interfaces will not be
interrupted.
4.3.2 Overview
1. Static AP Address
In static AP mode, you can manually add a physical interface to an aggregate
port. An aggregate port in static AP mode is called a static aggregate port
and the member ports are called member ports of the static aggregate port.
Static AP can be easily implemented. You can aggregate multiple physical links
by running commands to add specified physical interfaces to an AP. Once a
member interface is added to an AP, it can send and receive data and balance
traffic in the AP.
2. Dynamic Aggregation
Dynamic aggregation mode is a special port aggregation function developed for
the WAN port of RG-MR series gateway devices. The maximum bandwidth of the WAN
port of the MR device can support 2000M, but after the intranet port is
connected to the switch, a single port can only support a maximum bandwidth of
1000M. In order to prevent the downlink bandwidth from being wasted, it is
necessary to find a way to increase the maximum bandwidth of the port between
the MR device and the switch, and the dynamic aggregation function emerged to
meet the need. After connecting the two fixed AG (aggregation) member ports on
the MR gateway device to any two ports on the switch, through packet exchange,
the two ports on the switch can be automatically aggregated, thereby doubling
the bandwidth. The aggregate port automatically generated in this way on the
switch is called a dynamic aggregate port, and the corresponding two ports are
the member ports of the aggregate port.
Note Dynamic aggregate ports do not support manual creation and can be deleted
after they are automatically generated by the device, but member ports cannot
be modified.
58
Web-based Configuration Guide
Port Management
3. Load Balancing
An AP, based on packet characteristics such as the source MAC address,
destination MAC address, source IP address, destination IP address, L4 source
port ID, and L4 destination port ID of packets received by an inbound
interface, differentiates packet flows according to one or several combined
algorithms. It sends the same packet flow through the same member link, and
evenly distributes different packet flows among member links. For example, in
load balancing mode based on source MAC addresses, packets are distributed to
different member links of an AP based on their source MAC addresses. Packets
with different source MAC addresses are distributed to different member links;
packets with a same source MAC address are forwarded along a same member link.
Currently, the AP supports the traffic balancing modes based on the following:
Source MAC address or destination MAC address Source MAC address + destination
MAC address Source IP address or destination IP address Source IP address +
destination IP address Source port L4 source port or L4 destination port L4
source port + L4 destination port
4.3.3 Aggregate Port Configuration
Choose Local Device > Ports > Aggregate Ports > Aggregate Port Settings. 1. Adding a Static Aggregate Port
Enter an aggregate port ID, select member ports (ports that have been added to an aggregate port cannot be selected), and click Save. The port panel displays a successfully added aggregate port.
Note
An aggregate port contains a maximum of eight member ports. The attributes of
aggregate ports must be the same, and copper ports and SFP ports cannot be
aggregated. Dynamic aggregate ports do not support manual creation.
59
Web-based Configuration Guide
Port Management
2. Modifying Member Ports of a Static Aggregate Port Click an added static
aggregate port. Member ports of the aggregate port will become selected. Click
a port to deselect it; or select other ports to join the current aggregate
port. Click Save to modify the member ports of the aggregate port.
Note Dynamic aggregation ports do not support to modify member ports.
60
Web-based Configuration Guide
Port Management
3. Deleting an Aggregate Port Move the cursor over an aggregate port icon and
click upper-right, or select the aggregate port to be deleted, and click
Delete Selected to delete the selected aggregate port. After deleted, the
corresponding ports become available on the port panel to set a new aggregate
port.
Caution After an aggregate port is deleted, its member ports are restored to
the default settings and are disabled.
4.3.4 Configuring a Load Balancing Mode
Choose Local Device > Ports > Aggregate Port > Global Settings. 61
Web-based Configuration Guide
Port Management
Select Load Balance Algorithm and click Save. The Device distributes incoming packets among member links by using the specified load balancing algorithm. The packet flow with the consistent feature is transmitted by one member link, whereas different packet flows are evenly distributed to various links.
4.4 Port Mirroring
4.4.1 Overview
The switched port analyzer (SPAN) function is a function that copies packets
of a specified port to another port that is connected to a network monitoring
device, After port mirroring is set, the packets on the source port will be
copied and forwarded to the destination port, and a packet analyzer is usually
connected to the destination port to analyze the packet status of the source
port, so as to monitor all incoming and outgoing packets on source ports. As
shown, by configuring port mirroring on Device A, the device copies the
packets on Port 1 to Port 10. Although the network analysis device connected
to Port 10 is not directly connected to Port 1, it can receive packets through
Port 1. Therefore, the aim to monitor the data flow transmitted by Port 1 is
realized.
Figure 4-1 Port Mirroring Principles Figure
Device A
Port 1
Port 10
Network Analyzer
The SPAN function not only realizes the data traffic analysis of suspicious
network nodes or device ports, but also does not affect the data forwarding of
the monitored device. It is mainly used in network monitoring and
troubleshooting scenarios.
4.4.2 Procedure
Choose Local Device > Ports > Port Mirroring. Click Edit, select the source
port, destination port, monitor direction, and whether to receive packets from
non-Src ports, and click OK. A maximum of four SPAN entries can be configured.
To delete the port mirroring configuration, click Delete in the corresponding
Action column.
62
Web-based Configuration Guide
Port Management
Caution
You can select multiple source traffic monitoring ports but only one
destination port. Moreover, the source traffic monitoring ports cannot contain
the destination port.
An aggregate port cannot be used as the destination port. A maximum of four
SPAN entries can be configured. SPAN cannot be configured for ports that have
been
used for SPAN.
63
Web-based Configuration Guide
Port Management
Table 4-4 Description of Port Mirroring Parameters
Parameter
Description
Default Value
Src Port
A source port is also called a monitored port. Data flows on the source port
are monitored for network analysis or troubleshooting. N/A
Support selecting multiple source ports and mirroring multiple ports to one
destination port
Dest Port
The destination port is also called the monitoring port, that is, the port
connected to the monitoring device, and forwards the received packets
N/A
from the source port to the monitoring device.
64
Web-based Configuration Guide
Port Management
Parameter
Description
Default Value
The type of packets (data flow direction) to be monitored by a source port.
Monitor Direction
Both: All packets passing through the port, including incoming and outgoing
packets
Incoming: All packets received by a source port are copied to the destination
port
Both
Outcoming: All packets transmitted by a source port are copied to the destination port
Receive Pkt from Non-Src Ports
It is applied to the destination port and indicates whether a destination port forwards other packets while monitoring packets.
Enabled: While monitoring the packets of the source port, the packets of other non-Src ports are normally forwarded
Enable
Disabled: Only monitor source port packets
4.5 Rate Limiting
Choose Local Device > Ports > Rate Limiting. The Rate Limiting module allows
you to configure traffic limits for ports, including rate limits for inbound
and outbound direction of ports.
1. Rate Limiting Configuration Click Batch Edit. In the displayed dialog box,
select ports and enter the rate limits, and click OK. You must configure at
least the ingress rate or egress rate. After the configuration is completed,
it will be displayed in the list of port rate limiting rules.
65
Web-based Configuration Guide
Port Management
Table 4-5 Description of Rate Limiting Parameters
Parameter
Description
Default Value
Rx Rate
Max Rate at which packets are sent from a port to a switch, in kbps.
Not limited
Tx Rate
Max Rate at which packets are sent out of a switch through a port, in kbps.
Not limited
2. Changing Rate Limits of a Single Port
In the port list for which the rate limit has been set, click Edit on the
corresponding port entry, enter the ingress rate and egress rate in the
displayed dialog box, and click OK.
66
Web-based Configuration Guide
Port Management
3. Deleting Rate Limiting Batch configure: Select multiple records in Port
List, click Delete Selected and click OK in the confirmation dialog box.
Configure one port: In Port List, click Delete on the corresponding port
entry, and click OK in the confirmation dialog box.
Note When configuring rate limits for a port, you must configure at least the
ingress rate or egress rate. When the ingress rate or egress rate is not set,
the port rate is not limited.
4.6 MGMT IP Configuration
Choose Local Device > Ports > MGMT IP. The MGMT IP page allows you to
configure the management IP address for the device. Users can configure and
manage the device by accessing the management IP.
67
Web-based Configuration Guide
Port Management
The device can be networked in two modes: DHCP: Uses a temporary IP address
dynamically assigned by the upstream DHCP server for Internet
access. Static IP: Uses a static IP address manually configured by users for
Internet access. If you select DHCP, the device obtains parameters from the
DHCP Server. If Static IP is selected, you need to enter the management VLAN,
IP address, subnet mask, default gateway IP address, and address of a DNS
server. Click Save to make the configuration take effect.
Note If the management VLAN is null or not specified, VLAN 1 takes effect by
default. The management VLAN must be selected from existing VLANs. If no VLAN
is created, go to the VLAN list
to add a VLAN (for details, see 3.5.2 ). You are advised to bind a configured
management VLAN to an uplink port. Otherwise, you may fail to
access the Eweb management system.
4.7 Out-of-Band IP Configuration
Caution Only the RG-NBS6002 Series, RG-NBS7003 Series and RG-NBS7006 Series
support this function.
Choose Local Device > Ports > Out-of-Band IP.
68
Web-based Configuration Guide
Port Management
Set the MGMT management port IP of the chassis to centrally manage the modules in multiple slots of the device.
Note No IP address is configured for the MGMT port by default. Currently, only
a static IP address can be configured for the MGMT port but DHCP is not
supported.
4.8 PoE Configuration
Caution Only PoE switches (The device models are marked with -P) support this
function.
Choose Local Device > Ports > PoE. The device supplies power to PoE powered
devices through ports. Users can view the current power supply status, and set
the system power supply and port power supply policies respectively to achieve
flexible power distribution.
69
Web-based Configuration Guide
Port Management
4.8.1 PoE Global Settings
Choose Local Device > Ports > PoE > PoE Settings. PoE Transmit Power Mode
refers to the way that a device allocates power to a connected PD (Powered
Device). It supports Auto mode and Energy-saving mode. In Auto mode, the
system allocates power based on the classes of PDs detected on ports. The
device allocates power to PD devices of Class 0~4 based on a fixed value:
Class 0 is 15.4W, Class 1 is 4W, Class 2 is 7W, Class 3 is 15.4W, Class 4 Type
1 is 15.4W, and Class 4 Type 2 is 30W. In this mode, if the port is connected
to a device of Class 3, even if the actual power consumption is only 11W, the
PoE power supply device will allocate power to the port based on the power of
15.4W. In energy-saving mode, the PoE device dynamically adjusts allocated
power based on actual consumption of PDs. In this mode, in order to prevent
the power supply of the port from fluctuating due to the fluctuation of the
actual power consumption of the PD when the power is fully loaded, you can set
the Reserved Transmit Power, and the reserved power will not be used for power
supply, so as to ensure that the total power consumed by the current system
does not exceed the limit of the PoE device. The size of the reserved power is
expressed as a percentage of the total PoE power. The value ranges from 0 to
50.
70
Web-based Configuration Guide
Port Management
4.8.2 Power Supply Configuration of Ports
Choose Local Device > Ports > PoE > Port List. Click Edit in the port entry or
click Batch Edit to set the PoE power supply function of the port.
71
Web-based Configuration Guide
Port Management
Table 4-6 Description of Parameters for Power Supply Configuration of Ports
Parameter
Description
Default Value
PoE
Whether to enable the power supply function on the ports Enable
Non-Standard
By default, the device only supplies power to PDs that comply with the
standard IEEE 802.3af and 802.3at protocols. In practical applications, there
may be PDs that do
Disable not conform to the standard. After the non-standard mode is enabled,
the device port can supply power to some non-standard PD devices.
Priority
The power supply priority of the port is divided into three levels: High,
Medium, and Low
In auto and energy-saving modes, ports with high priorities are powered first.
When the system power of the PoE device Low is insufficient, ports with low
priorities are powered off first.
Ports with the same priority are sorted by the port number. A smaller port
number indicates a higher priority.
The maximum power that the port can transmit, ranging from
Max Transmit Power
Not limit
0 to 30, in watts (W). A blank value indicates no limit
4.8.3 Displaying Global PoE Information
Choose Local Device > Ports > PoE > PoE Overview. Displays the global power
supply information of the PoE function, including the total system power, used
power, reserved power, remaining available power, peak maximum power, and the
number of ports currently powered.
4.8.4 Displaying the Port PoE Information
Choose Local Device > PoE > Port List. The Port List displays the PoE
configuration and status information of each port. Click to expand the
detailed information. When the PD device connected to the port needs to be
restarted, for example, when the AP connected to the port is abnormal, you can
click Repower to make the port power off briefly and then power on again to
restart the device connected to the power supply port.
72
Web-based Configuration Guide
Port Management
Table 4-7 Description of Port Power Supply Info
Field
Description
Port
Device Port ID
PoE Status
Whether to enable the PoE function on the ports.
Transmit Power Status
Whether the port supplys power for Pds currently.
Priority
The power supply priority of the port is divided into three levels: High, Medium, and Low.
Current Transmit Power
Indicates the power output by the current port, in watts (W).
Non-Standard
Indicates whether the non-standard compatibility mode is enabled.
Work Status
Current work status of PoE ports.
Current
Indicates the present current of the port in milliamps (mA).
Voltage
Indicates the present current of the port in volts (V).
Avg Transmit Power
Indicates the current average power of the port, namely, the sampling average of current power after the port is powered on, in watts (W).
Max Transmit Power
The maximum output power of the port in watts (W).
PD Requested Transmit Power
The power requested by the PD to the PSE (Power Sourcing Equipment, power supply equipment), in watts (W).
PSE Allocated Transmit Power
Indicates the power allocated to a PD by PSE in watts (W).
PD Type
Information of PD type obtained through LLDP classification are divided into Type 1 and Type 2.
PD Class
The classification level of the PD connected to the port is divided into Class 0~4, based on the IEEE 802.3af/802.3at standard.
73
Web-based Configuration Guide
Port Management
74
Web-based Configuration Guide
L2 Multicast
5 L2 Multicast
5.1 Multicast Overview
IP transmission methods are categorized into unicast, multicast, and
broadcast. In IP multicast, an IP packet is sent from a source and forwarded
to a specific group of receivers. Compared with unicast and broadcast, IP
multicast saves bandwidth and reduces network loads. Therefore, IP multicast
is applied to different network services that have high requirements for real
timeliness, for example, Internet TV, distance education, live broadcast and
multimedia conference.
5.2 Multicast Global Settings
Choose Local Device > Multicast > Global Settings. Global Settings allow you
to specify the version of the IGMP protocol, whether to enable report packet
suppression, and the behavior for processing unknown multicast packets.
75
Web-based Configuration Guide
L2 Multicast
Table 5-1 Description of Configuration Parameters of Global Multicast
Parameter
Description
Default Value
Version
The Internet Group Management Protocol (IGMP) is a TCP/IP protocol that manages members in an IPv4 multicast group and runs on the multicast devices and hosts residing on the stub of the multicast network, creating and maintaining membership of the multicast group between the hosts and connected multicast devices. There are three versions of IGMP: IGMPv1, IGMPv2, IGMPv3.
IGMPv2
This parameter is used to set the highest version of IGMP packets that can be processed by Layer 2 multicast, and can be set to IGMPv2 or IGMPv3.
IGMP Report Suppression
After this function is enabled, to reduce the number of packets in the network, save network bandwidth and ensure the performance of the IGMP multicast device, the switch forwards only one report packet to the multicast router if multiple downlink clients connected to the switch simultaneously send the report packet to demand the same multicast group.
Disable
Unknown Multicast Pkt
When both the global and VLAN multicast functions are enabled, the processing method for receiving unknown multicast packets can be set to Discard or Flood.
Discard
5.3 IGMP Snooping
5.3.1 Overview
The Internet Group Management Protocol (IGMP) snooping is an IP multicast
snooping mechanism running on a VLAN to manage and control the forwarding of
IP multicast traffic within the VLAN. It implements the L2 multicast function.
Generally, multicast packets need to pass through L2 switches, especially in
some local area networks (LANs). When the Layer 2 switching device does not
run IGMP Snooping, the IP multicast packets are broadcast in the VLAN; when
the Layer 2 switching device runs IGMP Snooping, the Layer 2 device can snoop
the IGMP protocol packets of the user host and the upstream PIM multicast
device. In this way, an Layer 2 multicast entry is established, and IP
multicast packets are controlled to be sent only to group member receivers,
preventing multicast data from being broadcast on the Layer 2 network.
76
Web-based Configuration Guide
L2 Multicast
5.3.2 Enabling Global IGMP Snooping
Choose Local Device > Multicast > IGMP Snooping. Turn on IGMP Snooping and
click Save.
5.3.3 Configuring Protocol Packet Processing Parameters
By controlling protocol packet processing, an L2 multicast device can
establish static or dynamic multicast forwarding entries. In addition, the
device can adjust parameters to refresh dynamic multicast forwarding entries
and IGMP snooping membership quickly. Choose Local Device > Multicast > IGMP
Snooping. The IGMP Snooping function is implemented based on VLANs. Therefore,
each VLAN corresponds to an IGMP Snooping setting entry. There are as many
IGMP Snooping entries as VLANs on the device. Click Edit in the VLAN entry. In
the displayed dialog box enable/disable the VLAN multicast function, dynamic
learning function, fast leave function and static route connection port , and
set the router aging time and the host aging time, and click OK.
77
Web-based Configuration Guide
L2 Multicast
Table 5-2 Description of VLAN Configuration Parameters of IGMP Snooping
Parameter
Description
Default Value
Multicast Status
Whether to enable or disable the VLAN multicast function. The multicast function of a VLAN takes effect only when both the global IGMP snooping and VLAN multicast functions are enabled.
Disable
78
Web-based Configuration Guide
L2 Multicast
Parameter
Description
Default Value
Dynamic Learning
The device running IGMP Snooping identifies the ports in the VLAN as router ports or member ports. The router port is the port on the Layer 2 multicast device that is connected to the Layer 3 multicast device, and the member port is the host port connected to the group on the Layer 2 multicast device.
Enable
By snooping IGMP packets, the L2 multicast device can automatically discover and maintain dynamic multicast router ports.
Router Port
List of current multicast router ports includes dynamically learned routed ports (if Dynamic Learning function is enabled) NA and statically configured routed ports.
Fast Leave
After it is enabled, when the port receives the Leave packets, it will immediately delete the port from the multicast group without waiting for the aging timeout. After that, when the device receives the corresponding specific group query packets and multicast data packets, the device will no longer forward it to the port.
Disable
This function is applicable when only one host is connected to one port of the device, and is generally enabled on the access switch directly connected to the endpoint.
Router Aging Time Aging time of dynamically learned multicast router ports
(Sec)
ranges from 30 to 3600, in seconds.
300 seconds
Host Aging Time (Sec)
Aging time of dynamically learned member ports of a multicast 260 seconds
group, in seconds.
Select Port
In the displayed dialog box, select a port and set it as the static router port. When a port is configured as a static router port, NA the port will not age out
5.4 Configuring MVR
5.4.1 Overview
IGMP snooping can forward multicast traffic only in the same VLAN. If
multicast traffic needs to be forwarded to different VLANs, the multicast
source must send multicast traffic to different VLANs. In order to save
upstream bandwidth and reduce the burden of multicast sources, multicast VLAN
register (MVR) comes into being. MVR can copy multicast traffic received from
an MVR VLAN to the VLAN to which the user belongs and forward the traffic.
79
Web-based Configuration Guide
L2 Multicast
5.4.2 Configuring Global MVR Parameters
Choose Local Device > L2 Multicast > MVR. Click to enable the MVR, select the
MVR VLAN, set the multicast group supported by the VLAN, and click Save.
Multiple multicast groups can be specified by entering the start and end
multicast IP addresses.
Table 5-3 Description of Configuring Global MVR Parameters
Parameter
Description
MVR
Enables/Disables MVR globally
80
Default Value Disable
Web-based Configuration Guide
Parameter Multicast VLAN Start IP Address
End IP Address
Description
VLAN of a multicast source
Learned or configured start multicast IP address of an MVR multicast group.
Learned or configured end multicast IP address of an MVR multicast group.
L2 Multicast Default Value 1 NA
NA
5.4.3 Configuring the MVR Ports
Choose Local Device > L2 Multicast > MVR. Batch configure: Click Batch Edit,
select the port role, the port to be set, and whether to enable the Fast Leave
function on the port, and click OK.
Configure one port: Click the drop-down list box to select the MVR role type
of the port. Click the switch in the Fast Leave column to set whether the port
enables the fast leave function.
81
Web-based Configuration Guide
L2 Multicast
Table 5-4 Description of MVR Configuration Parameters of Ports
Parameter
Description
Default Value
Role
NONE: Indicates that the MVR function is disabled. SOURCE: Indicates the
source port that receives multicast data
NONE streams. RECEIVER: Indicates the receiver port connected to a client.
Fast Leave
Configures the fast leave function for a port. After the function is
enabled, if the port receives the leave packet, it is directly
Disable
deleted from the multicast group.
Note
If a source port or a receiver port is configured, the source port must belong
to the MVR VLAN and the receiver port must not belong to the MVR VLAN.
The fast leave function takes effect only on the receiver port.
5.5 Configuring Multicast Group
Choose Local Device > L2 Multicast > Multicast Group. A multicast group
consists of the destination ports, to which multicast packets are to be sent.
Multicast packets are sent to all ports in the multicast group. You can view
the Multicast List on the current page. The search box in the upper-right
corner supports searching for multicast group entries based on VLAN IDs or
multicast addresses. Click Add to create a multicast group.
82
Web-based Configuration Guide
L2 Multicast
Table 5-5 Description of Multicast Group Configuration Parameters
Parameter
Description
Default Value
VLAN ID
VLAN, to which received multicast traffic belongs
NA
Multicast IP
On-demand multicast IP address
NA
Address
Protocol
If the VLAN ID is a multicast VLAN and the multicast address is within the multicast IP address range of the MVR, the protocol is NA MVR. In other cases, the protocol is IGMP snooping.
Type
Multicast group generation mode can be statically configured or dynamically
learned.
In normal cases, a port can join a multicast group only after the port
receives an IGMP Report packet from the multicast, that is,
NA dynamically learned mode.
If you manually add a port to a group, the port can be statically added to the
group and exchanges multicast group information with the PIM router without
IGMP packet exchange.
Forwarding Port List of ports that forward multicast traffic
NA
Note Static multicast groups cannot learn other dynamic forwarding ports.
83
Web-based Configuration Guide
L2 Multicast
5.6 Configuring a Port Filter
Choose Local Device > L2 Multicast > IGMP Filter. Generally, the device
running ports can join any multicast group. A port filter can configure a
range of multicast groups that permit or deny user access, you can customize
the multicast service scope for users to guarantee the interest of operators
and prevent invalid multicast traffic. There are 2 steps to configure the port
filter: configure the profile and set a limit to the range of the port group
address.
5.6.1 Configuring Profile
Choose Local Device > L2 Multicast > IGMP Filter > Profile List. Click Add to
create a Profile. A profile is used to define a range of multicast groups that
permit or deny user access for reference by other functions.
84
Web-based Configuration Guide
L2 Multicast
Table 5-6 Description of Profile Configuration Parameters
Parameter
Description
Default Value
Profile ID
Profile ID
NA
Behavior
DENY: Forbids demanding multicast IP addresses in a specified
range. NA
PERMIT: Only allows demanding multicast IP addresses in a
specified range.
Start Multicast IP address of the range of multicast group
Start IP Address
NA
addresses
End Multicast IP address of the range of multicast group
End IP Address
NA
addresses
5.6.2 Configuring a Range of Multicast Groups for a Profile
Choose Local Device > L2 Multicast > IGMP Filter > Filter List. The port
filter can cite a profile to define the range of multicast group addresses
that can be or cannot be demanded by users on a port. Click Batch Edit, or
click Edit of a single port entry. In the displayed dialog box, select profile
ID and enter the maximum number of multicast groups allowed by a port and
click OK.
85
Web-based Configuration Guide
L2 Multicast
Table 5-7 Description of Port Filter Configuration Parameters
Parameter
Description
Default Value
Profile ID
Profile that takes effect on a port. If it is not set, no profile rule is NA
bound to the port.
Max Multicast Groups
Maximum number of multicast groups that a port can join.
If too much multicast traffic is requested concurrently, the
multicast device will be severely burdened. Therefore,
256
configuring the maximum number of multicast groups allowed
for the port can guarantee the bandwidth.
86
Web-based Configuration Guide
L2 Multicast
5.7 Setting an IGMP Querier
5.7.1 Overview
In a three-layer multicast network, the L3 multicast device serves as the
querier and runs IGMP to maintain group membership. L2 multicast devices only
need to listen to IGMP packets to establish and maintain forwarding entries
and implement L2 multicasting. When a multicast source and user host are in
the same L2 network, the query function is unavailable because the L2 device
does not support IGMP. To resolve this problem, you can configure the IGMP
snooping querier function on the L2 device so that the L2 device sends IGMP
Query packets to user hosts on behalf of the L3 multicast device, and listens
to and maintains IGMP Report packets responded by user hosts to establish L2
multicast forwarding entries.
5.7.2 Procedure
Choose Local Device > L2 Multicast > Querier. One querier is set for each
VLAN. The number of queriers is the same as that of device VLANs. In Querier
List, click Edit in the last Action column. In the displayed dialog box,
select whether to enable the querier, set the querier version, querier source
IP address, and packet query interval, and click OK.
87
Web-based Configuration Guide
L2 Multicast
Table 5-8 Description of Querier Configuration Parameters
Parameter
Description
Default Value
Querier Status
Whether to enable or disable the VLAN querier function.
Disable
Version
IGMP Protocol version of query packets sent by the querier. It can be set to IGMPv2 or IGMPv3.
IGMPv2
Src IP Address
Source IP address carried in query packets sent by the querier.
NA
Query Interval (Sec)
Packet transmission interval, of which the value range is from 30 to 60
seconds
18000, in seconds.
Note
The querier version cannot be higher than the global IGMP version. When the
global IGMP version is lowered, the querier version is lowered accordingly.
If no querier source IP is configured, the device management IP is used as the
source IP address of the querier.
88
Web-based Configuration Guide
L3 Management
6 L3 Management
Caution
This section is applicable only to NBS Series Switches that support L3
functions. Products that do not support L3 functions such as RG-NBS3100 Series
Switches, RG-NBS3200 Series Switches, do not support the functions mentioned
in this section.
6.1 Setting an L3 Interface
Choose Local Device > L3 Interfaces > L3 Interfaces. The port list displays
various types of L3 interfaces on the device, including SVIs, Routed Ports,
and L3 Aggregate Ports. Click Add L3 Interfaces to set a new L3 Interface.
89
Web-based Configuration Guide
L3 Management
Table 6-1 Description of Configuration Parameters of L3 Interfaces
Parameter
Description
Port Type
The type of a created L3 interface. It can be an SVI, routed port, or L3 aggregate port. For details, see Table 4-1
Networking
Specifies DHCP or static mode for a port to obtain the IP address.
VLAN
Specifies the VLAN, to which an SVI belongs.
IP/Mask
When Networking is set to Static IP, you need to manually enter the IP address and subnet mask.
Select Port
Select the device port to be configured.
Aggregate
Specifies the aggregate port ID, for example, Ag1, when an L3 aggregate port is created.
DHCP Mode
Select whether to enable the DHCP service on the L3 interface.
Disabled: Indicates that the DHCP service is disabled. No IP address can be
assigned to clients connected to the interface.
DHCP Server: Indicates that the device functions as the DHCP server to assign
IP addresses to downlink devices connected to the interface. You need to set
the start IP address of an address pool, number of IP addresses that can be
assigned, and address lease; for more information, see 6.2.
DHCP Relay: Indicates that the device serves as a DHCP relay, obtains IP
addresses from an external server, and assigns the IP addresses to downlink
devices. The interface IP address and DHCP server IP address need to be
configured. The interface IP address must be in the same network segment as
the address pool of the DHCP server.
Excluded IP
When the device acts as a DHCP server, set the IP address in the address pool that is not used for
Address (Range) assignment
Note
VLAN 1 is the default SVI of the device. It can be neither modified nor
deleted. The management VLAN is only displayed on the L3 Interfaces page but
cannot be modified.To modify it,
choose Ports > MGMT IP. For details, see 4.6 . The DHCP relay and DHCP server
functions of an L3 interface are mutually exclusive and cannot be
configured at the same time. Member ports of an L3 interface must be routed
ports.
6.2 Configuring the DHCP Service
After the DHCP server function is enabled on the L3 interface, the device can
assign IP addresses to downlink devices connected to the port.
90
Web-based Configuration Guide
L3 Management
6.2.1 Enable DHCP Services
Choose Local Device > L3 Interfaces > L3 Interfaces.
Click Edit on the designated port, or click Add L3 Interface to add a Layer 3
interface, select DHCP mode for local allocation, and enter the starting IP of
the address pool, the number of allocated IPs, the excluded IP address range,
and the address lease time.
91
Web-based Configuration Guide
L3 Management
Table 6-2 Description of DHCP Server Configuration Parameters
Parameter
Description
DHCP Mode
To choose DHCP server
Start
The DHCP server assigns the Start IP address automatically, which is the Start IP address of the DHCP address pool. A client obtains an IP address from the address pool. If all the addresses in the address pool are used up, no IP address can be obtained from the address pool.
IP Count
The number of IP addresses in the address pool
Excluded IP Address (Range)
IP addresses in the address pool that are not used for allocation, support inputting a single IP address or IP network segment, and add up to 20 address segments.
Lease Time(Min)
The lease of the address, in minutes.. Lease Time(Min): When a downlink client is connected, the leased IP address is automatically renewed. If a leased IP address is not renewed due to client disconnection or network instability, the IP address will be reclaimed after the lease term expires. After the downlink client connection is restored, the client can request an IP address again
6.2.2 Viewing the DHCP Client
Choose Local Device > L3 Interfaces > DHCP Clients. View the addresses
automatically allocated to downlink clients after the L3 Interfaces enable
DHCP services. You can find the client information based on the MAC address,
IP address, or username. Find the target client and click Convert to Static IP
in the Status column, or select desired clients and click Batch Convert. The
dynamic address allocation relationship is added to the static address
allocation list, so that the host can obtain the bound IP address for each
connection. For details on how to view the static address allocation list, see
6.2.3 .
6.2.3 Configuring Static IP Addresses Allocation
Choose Local Device > L3 Interfaces > Static IP Addresses. 92
Web-based Configuration Guide
L3 Management
Displays the client entries which are converted into static addresses in the client list as well as manually added static address entries. The upper-right search box supports searching for corresponding entries based on the assigned IP address or the Device MAC Address
Click Add. In the displayed static IP address binding dialog box, enter the MAC address and IP address of the client to be bound, and click OK. After a static IP address is bound, the bound IP address will be obtained each time the corresponding downlink client connects to the network.
. To delete a static address, select the static entry to be deleted in Static
IP Address List, and click Delete Selected; or click Delete in the last Action
column of the corresponding entry.
6.2.4 Configuring the DHCP Server Options
Choose Local Device > L3 Interfaces > DHCP Option. The configuration delivered
to the downlink devices is optional and takes effect globally when the L3
interface
serves as the DHCP server.
93
Web-based Configuration Guide
L3 Management
Table 6-3 Description of the DHCP Server Options Configuration Parameters
Parameter
Description
DNS Server
DNS server address provided by an ISP. Multiple IP addresses can be entered and separated by spaces.
Option 43
When the AC (wireless controller) and the AP are not in the same LAN, the AP cannot discover the AC through broadcast after obtaining an IP address from the DHCP server. To enable the AP to discover the AC, you need to configure Option 43 carried in the DHCP response packet on the DHCP server.
Option 138
Enter the IP address of the AC. Similar to Option 43, when the AC and AP are not in the same LAN, you can configure Option 138 to enable the AP to obtain the IPv4 address of the AC.
Option 150
Enter the IP address of the TFTP server. Enter the IP address of the TFTP server to specify the TFTP server address assigned to the client. Multiple IP addresses can be entered and separated by spaces.
Note
DHCP options are optional configuration when the device functions as an L3
DHCP server. The configuration takes effect globally and does not need to be
configured by default. If no DNS server address is specified, the DNS address
assigned to a downlink port is the gateway IP address by default.
6.3 Configuring Static Routes
Choose Local Device > L3 Interfaces > Static Routing. 94
Web-based Configuration Guide
L3 Management
Static routes are manually configured by the user. When a data packet matches a static route, the packet will be forwarded according to the specified forwarding mode.
Caution Static routes cannot automatically adapt to changes of the network topology. When the network topology changes, you need to reconfigure the static routes.
Click Add. In the dialog box that appears, enter the destination address, subnet mask, outbound interface, and next-hop IP address to create a static route.
Table 6-4 Description of Static Routes Configuration Parameters
Parameter
Description
Dest IP Address
Specify the destination network to which the data packet is to be sent. The device matches the data packet based on the destination address and subnet mask.
95
Web-based Configuration Guide Parameter Subnet Mask Outbound Interface Next Hop
L3 Management
Description
Specify the subnet mask of the destination network. The device matches the
data packet based on the destination address and subnet mask. Specify the
interface that forwards the data packet. Specify the IP address of the next
hop in the route for the data packet
After a static route is created, you can find the relevant route configuration and reachability status in the static route list. The Reachable parameter specifies whether the next hop is reachable, based on which you can determine whether the route takes effect. If the value is No, check whether the outbound interface in the current route can ping the next-hop address.
To delete or modify a static route, in Static Route List, you can click Delete
or Edit in the last Action column; or select the static route entry to be
deleted, click Delete Selected to delete multiple static route entries.
6.4 Configuring a Static ARP Entry
Choose Local Device > L3 Interfaces > ARP List. The device learns the IP
address and MAC address of the network devices connected to its interfaces and
generates the corresponding ARP entries. Supports binding ARP mappings or
manually specifying the IP address and MAC address mapping to prevent devices
from learning wrong ARP entries and improve network security. To bind a
dynamic ARP entry to a static entry: Select the ARP mapping entry dynamically
obtained in the
ARP List, and click Bind to complete the binding. To manually configure a
static ARP entry: Click Add, enter the IP address and MAC address to be bound,
and click OK.
96
Web-based Configuration Guide
Firewall Management
To remove the binding between a static IP address and a MAC address, click
Delete in the Action column.
7 Firewall Management
After a firewall is added to the network, you can manage and configure the
firewall on the Web management system.
97
Web-based Configuration Guide
Firewall Management
7.1 Viewing Firewall Information
You can view the basic information and license of the firewall on the Web
management system. Choose Network > Firewall.
(1) If the password of the firewall is inconsistent with that of the gateway,
please enter the management password of the firewall and click OK.
(2) The basic information, capacity, and security service license of the firewall are displayed on the Web management system.
Click Manage Firwall to go to the Web management interface of the firewall.
Configure the security policy and license activation for the firewall. For
details, see the Web-based configuration guide of the firewall.
7.2 Configuring Firewall Port
If the firewall is set to transparent mode, the Firewall Port Config page
appears. You can select the WAN port connected to the gateway or the LAN port
connected to the switch and enable Security Guard.
98
Web-based Configuration Guide
Security
8 Security
8.1 DHCP Snooping
8.1.1 Overview
The Dynamic Host Configuration Protocol (DHCP) snooping function allows a
device to snoop DHCP packets exchanged between clients and a server to record
and monitor the IP address usage and filter out invalid DHCP packets,
including request packets from the clients and response packets from the
server. DHCP snooping records generated user data entries to serve security
applications such as IP Source Guard.
8.1.2 Standalone Device Configuration
Choose Local Device > Security > DHCP Snooping. Turn on the DHCP snooping
function, select the port to be set as trusted ports on the port panel and
click Save. After DHCP Snooping is enabled, request packets from DHCP clients
are forwarded only to trusted ports; for response packets from DHCP servers,
only those from trusted ports are forwarded.
Note Generally, the uplink port connected to the DHCP server is configured as
a trusted port.
Option 82 is used to enhance the DHCP server security and optimize the IP
address assignment policy. Option 82 information will be carried in the DHCP
request packet when Option 82 is turned on.
99
Web-based Configuration Guide
Security
8.1.3 Batch Configuring Network Switches
Choose Network > DHCP Snooping. Enabling DHCP Snooping on network switches can
ensure that users can only obtain network configurationparameters from the
DHCP server within the control range, and avoid the occurrence of “the
Internet terminal in the original network obtains the IP address assigned by
the privately accessed router”, to guarantee the stability of the network. (1)
Click Enable to access the DHCP Snooping Config page.
100
Web-based Configuration Guide
Security
(2) In the networking topology, you can select the access switches on which you want to enable DHCP Snooping in either recommended or custom mode. If you select the recommended mode, all switches in the network are selected automatically. If you select the custom mode, you can manually select the desired switches. Click Deliver Config. DHCP Snooping is enabled on the selected switches.
(3) After the configuration is delivered, if you need to modify the effective
range of the anti-private connection function, click Configure to reselect the
switch that enables the anti-private connection in the topology.After the
configuration is delivered, if you want to modify the effective range of the
DHCP Snooping function, click Configure to select desired switches in the
topology again. Turn off DHCP Snooping to disable DHCP Snooping on all
switches with one click.
101
Web-based Configuration Guide
Security
8.2 Storm Control
8.2.1 Overview
When a local area network (LAN) has excess broadcast, multicast, or unknown
unicast data flows, the network speed will slow down and packet transmission
will have an increased timeout probability. This is called LAN storm, which
may be caused by topology protocol execution errors or incorrect network
configuration. Users can perform storm control separately for the broadcast,
multicast, and unknown unicast data flows. When the rate of broadcast,
multicast, or unknown unicast data flows received over a device port exceeds
the specified range, the device transmits only packets in the specified range
and discards packets beyond the range until the packet rate falls within the
range. This prevents flooded data from entering the LAN and causing a storm.
8.2.2 Procedure
Choose Local Device > Security > Storm Control. Click Batch Edit. In the
displayed dialog box, select configuration types and ports, enter the rate
limits of broadcast, unknown multicast, and unknown unicast, and click OK. To
modify or delete the rate limit rules after completing the configuration, you
can click Edit or Delete in the Action column. There are two configuration
types: Storm control based on packets per second: If the rate of data flows
received over a device port exceeds the
configured packets-per-second threshold, excess data flows are discarded until
the rate falls within the
102
Web-based Configuration Guide
Security
threshold. Storm control based on kilobytes per second: If the rate of data
flows received over a device port exceeds
the configured kilobytes-per-second threshold, excess data flows are discarded
until the rate falls within the threshold.
8.3 ACL
8.3.1 Overview
An access control list (ACL) is commonly referred to as packet filter in some
documents. An ACL defines a series of permit or deny rules and applies these
rules to device interfaces to control packets sent to and from the interfaces,
so as to enhance security of the network device. You can add ACLs based on MAC
addresses or IP addresses and bind ACLs to ports.
103
Web-based Configuration Guide
Security
8.3.2 Creating ACL Rules
Choose Local Device > Security > ACL > ACL List. (1) Click Add to set the ACL
control type, enter an ACL name, and click OK.
Based on MAC address: To control the L2 packets entering/leaving the port, and
deny or permit specific L2 packets destined to a network. Based on IP address:
To control the Ipv4 packets entering/leaving a port, and deny or permit
specific Ipv4 packets destined to a network.
(2) Click Details in the Action column of the ACL entry, set the filtering
rules in the pop-up sidebar, and click Save to add rules for the ACL. Multiple
rules can be added. The rules include two actions of Allow or Block, and the
matching rules of packets. The sequence of a Rule in an ACL determines the
matching priority of the Rule in the ACL. When processing packets, the network
device matches packets with ACEs based on the Rule sequence numbers. Click
Move in the rule list to adjust the matching order.
104
Web-based Configuration Guide
Security
Table 7-1 Description of ACL Rule Configuration Parameters
Parameter
Description
Configuring ACL Rules Action
ACL
Block: If packets match this rule, the packets are denied.
Allow: If packets match this rule, the packets are permitted.
IP Protocol Number
Match IP protocol number The value ranges from 0 to 255. Check All to match all IP protocols.
Src IP Address
Match the source IP address of the packet. Check All to match all source IP addresses.
Dest IP Address
Match the destination IP address of the packet. Check All to match all destination IP addresses
EtherType Value
Match Ethernet protocol type. The value range is 0x600~0xFFFF. Check All to
105
Web-based Configuration Guide Parameter
Src Mac Dest MAC
Security
Description match all protocol type numbers. Match the MAC address of the
source host. Check All to match all source MAC addresses Match the MAC address
of the destination host. Check All to match all destination MAC addresses
Note ACLs cannot have the same name. Only the name of a created ACL can be
edited. An ACL applied by a port cannot be edited or deleted. To edit, unbind
the ACL from the port first. There is one default ACL rule that denies all
packets hidden at the end of an ACL.
8.3.3 Applying ACL Rules
Choose Local Device > Security > ACL > ACL List. Click Batch Add or Edit in
the Action column, select the desired MAC ACL and IP ACL for ports, and click
OK.
Note Currently, ACLs can be applied only in the inbound direction of ports,
that is, to filter incoming packets.
106
Web-based Configuration Guide
Security
After an ACL is applied to a port, you can click Unbind in the Action column,
or check the port entry and click Delete Selected to unbind the ACL from the
port.
8.4 Port Protection
Choose Local Device > Security > Port Protection. In some scenarios, it is
required that communication be disabled between some ports on the device. For
this purpose, you can configure some ports as protected ports. Ports that
enable port protection (protected ports) cannot communicate with each other,
users on different ports are L2-isolated. The protected ports can communicate
with non-protected ports. Port protection is disabled by default, which can be
enabled by clicking to batch enable port protection for multiple ports, you
can click Batch Edit to enable port protection, select desired port and click
OK.
107
Web-based Configuration Guide
Security
8.5 IP-MAC Binding
8.5.1 Overview
After IP-MAC binding is configured on a port, to improve security, the device
checks whether the source IP addresses and source MAC addresses of IP packets
are those configured for the device, filters out IP packets not matching the
binding, and strictly control the validity of input sources.
8.5.2 Procedure
Choose Local Device > Security > IP-MAC Binding. 1. Adding an IP-MAC Binding
Entry Click Add, select the desired port, enter the IP address and MAC address
to be bound, and click OK. At least one of the IP address and MAC address
needs to be entered. To modify the binding, you can click Edit in the Action
column.
Caution IP-MAC Binding take effects prior to ACL, but it has the same
privilege with IP Source Guard. The packet matching either configuration will
be allowed to pass through.
108
Web-based Configuration Guide
Security
2. Searching Binding Entries The search box in the upper-right corner
supports finding binding entries based on IP addresses, MAC addresses or
ports. Select the search type, enter the search string, and click Search.
Entries that meet the search criteria are displayed in the list.
3. Deleting an IP-MAC Binding Entry Batch Configure: In IP-MAC Binding List,
select an entry to be deleted and click Delete Selected. In the displayed
dialog box, click OK. Delete one binding entry: click Delete in the last
Action column of the entry in the list. In the displayed dialog box, click OK.
109
Web-based Configuration Guide
Security
8.6 IP Source Guard
8.6.1 Overview
After the IP Source Guard function is enabled, the device checks IP packets
from DHCP non-trusted ports. You can configure the device to check only the IP
field or IP+MAC field to filter out IP packets not matching the binding list.
It can prevent users from setting private IP addresses and forging IP packets.
Caution IP Source Gusrd should be enabled together with DHCP snooping.
Otherwise, IP packet forwarding may be affected. To configure DHCP Snooping
function, see 7.1 for details.
8.6.2 Viewing Binding List
Choose Local Device > Security > IP Source Guard > Binding List. The binding
list is the basis for IP Source Guard. Currently, data in Binding List is
sourced from dynamic learning results of DHCP snooping binding database. When
IP Source Guard is enabled, data of the DHCP Snooping binding database is
synchronized to the binding list of IP Source Guard. In this case, IP packets
are filtered strictly through IP Source Guard on devices with DHCP Snooping
enabled. Click Refresh to obtain the latest data in Binding List.
The search box in the upper-right corner supports finding the specified entry
in Binding List based on IP addresses, MAC addresses, VLANs or ports. Click
the drop-down list box to select the search type, enter the search string, and
click Search.
110
Web-based Configuration Guide
Security
8.6.3 Enabling Port IP Source Guard
Choose Local Device > Security > IP Source Guard > Basic Settings. In Port
List, click Edit in the Action column. Select Enabled and select the match
rule, and click OK. There are two match rules: IP address: The source IP
addresses of all IP packets passing through the port are checked. Packets are
allowed to pass through the port only when the source IP addresses of these
packets match those in the binding list. IP address+ MAC address: The source
IP addresses and MAC addresses of IP packets passing through the port are
checked. Packets are allowed to pass through the port only when both the L2
source MAC addresses and L3 source IP addresses of these packets match an
entry in the binding list.
Caution IP Source Guard is not supported to be enabled on a DHCP Snooping
trusted port. Only on an L2 interface is IP Source Guard supported to be
enabled.
111
Web-based Configuration Guide
Security
8.6.4 Configuring Exceptional VLAN Addresses
Choose Local Device > Security > IP Source Guard > Excluded VLAN. When IP
Source Guard is enabled on an interface, it is effective to all the virtual
local area networks (VLANs) under the interface by default. Users can specify
excluded VLANs, within which IP packets are not checked or filtered, that is,
such IP packets are not controlled by IP Source Guard. Click Edit, enter the
Excluded VLAN ID and the desired port, and click OK.
Caution Excluded VLANs can be specified on a port only after IP Source Guard
is enabled on the port. Specified excluded VLANs will be deleted automatically
when IP Source Guard is disabled on the port.
112
Web-based Configuration Guide
Security
8.7 Anti-ARP Spoofing
8.7.1 Overview
Gateway-targeted ARP spoofing prevention is used to check whether the source
IP address of an ARP packet through an access port is set to the gateway IP
address. If yes, the packet will be discarded to prevent hosts from receiving
wrong ARP response packets. If not, the packet will not be handled. In this
way, only the uplink devices can send ARP packets, and the ARP response
packets sent from other clients which pass for the gateway are filtered out.
8.7.2 Procedure
Choose Local Device > Security > IP Source Guard > Excluded VLAN. 1. Enabling
Anti-ARP Spoofing Click Add, select the desired port and enter the gateway IP,
click OK.
Note Generally, the anti-ARP spoofing function is enabled on the downlink
ports of the device.
113
Web-based Configuration Guide
Security
2. Disabling Anti-ARP Spoofing Batch disable: Select an entry to be deleted
in the list and click Delete Selected. Disable one port: click Delete in the
last Action column of the corresponding entry.
114
Web-based Configuration Guide
Advanced Configuration
Advanced Configuration
9.1 STP
STP (Spanning Tree Protocol) is an L2 management protocol that eliminates L2
loops by selectively blocking redundant links in the network. It also provides
the link backup function.
9.1.1 STP Global Settings
Choose Local Device > Advanced > STP > STP. (1) Click to to enable the STP
function, and click OK in the displayed box. The STP function is disabled by
default. Caution Enabling the STP or changing the STP mode will initiate a new
session. Do not refresh the page during the configuration.
(2) Configure the STP global parameters, and click Save.
115
Web-based Configuration Guide
Advanced Configuration
Table 8-1 Description of STP Global Configuration Parameters
Parameter
Description
Default Value
Whether to enable the STP function. It takes effect globally. STP attributes can
STP
Disable
be configured only after STP is enabled.
Priority
Bridge priority. The device compares the bridge priority first during root
bridge 32768
selection. A smaller value indicates a higher priority.
Max Age
The maximum expiration time of BPDUs The packets expiring will be discarded. If a non-root bridge fails to receive a BPDU from the root bridge before the aging time expires, the root bridge or the link to the root bridge is deemed as faulty
20 seconds
Recovery Time Network recovery time when redundant links occur on the network.
30 seconds
Hello Time
Interval for sending two adjacent BPDUs
2 seconds
Forward Delay
The interval at which the port status changes, that is, the interval for the port to 15
change from Listening to Learning, or from Learning to Forwarding.
seconds
STP Mode
The versions of Spanning Tree Protocol. Currently the device supports STP (Spanning Tree Protocol) and RSTP (Rapid Spanning Tree Protocol).
RSTP
9.1.2 Applying STP to a Port
Choose Local Device > Advanced >STP > STP. Configure the STP properties for a
port Click Batch Edit to select ports and configure STP parameters, or click
Edit in the Action column in Port List to configure designated ports.
116
Web-based Configuration Guide
Advanced Configuration
Table 8-2 Description of STP Configuration Parameters of Ports
Parameter
Description
Default Value
Role
Root: A port with the shortest path to the root
Alternate: A backup port of a root port. Once the root port fails, the
alternate port becomes the root port immediately. Designated (designated
ports): A port that connects a root bridge or NA a upstream bridge to a
downstream device.
Disable (blocked ports): Ports that have no effect in the spanning tree.
117
Web-based Configuration Guide
Advanced Configuration
Parameter
Status
Priority Link Status Config Statis Link Status Actual Status BPDU Guard
Port Fast
Description
Default Value
Disable: The port is closed manually or due to a fault, does not participate
in spanning tree and does not forward data, and can be turned into a blocking
state after initialization or opening.
Blocking: A port in the blocking state cannot forward data packets or learn
addresses, but can send or receive configuration BPDUs and send them to the
CPU.
Listening: If a port can become the root port or designated port, the port
will enter the listening state. Listening: A port in the listening NA state
does not forward data or learn addresses, but can receive and send
configuration BPDUs.
Learning: A port in the learning state cannot forward data, but starts to
learn addresses, and can receive, process, and send configuration BPDUs.
Forwarding: Once a port enters the state, it can forward any data, learn
addresses, and receive, process, and send configuration BPDUs.
The priority of the port is used to elect the port role, and the port with
high 128
priority is preferentially selected to enter the forwarding state
Configure the link type, the options include: Shared, Point-to-Point and Auto. In
auto mode, the interface type is determined based on the duplex mode. For full-duplex ports, the interface type is point-to-point, and for half-duplex ports,
Auto
the interface type is shared.
Actual link type: Shared, Point-to-Point
NA
Whether to enable the BPDU guard function. After the function is enabled, if Port Fast is enabled on a port or the port is automatically identified as an edge port connected to an endpoint, but the port receives BPDUs, the port will be disabled and enters the Error-disabled state. This indicates that an unauthorized user may add a network device to the network, resulting in network topology change.
Disable
Whether to enable the Port Fast function. After Port Fast is enabled on a
port, the port will neither receive nor send BPDUs. In this case, the host
directly connected to the port cannot receive BPDU.s. If a port, on which Port
Fast is enabled exits the Port Fast state automatically when it receives
BPDUs, the BPDU filter feature is automatically disabled.
Generally, the port connected to a PC is enabled with Port Fast.
Disable
118
Web-based Configuration Guide
Advanced Configuration
Note
It is recommended to enable Port Fast on the port connected to a PC. A port
switches to the forwarding state after STP is enabled more than 30 seconds.
Therefore transient
disconnection may occur and packets cannot be forwarded.
9.2 LLDP
9.2.1 Overview
LLDP (Link Layer Discovery Protocol) is defined by IEEE 802.1AB. LLDP can
discover devices and detect topology changes. With LLDP, the Eweb management
system can learn the topological connection status, for example, ports of the
device that are connected to other devices, port rates at both ends of a link,
and duplex mode matching status. An administrator can locate and troubleshoot
faults quickly based on the preceding information.
9.2.2 LLDP Global Settings
Choose Local Device > Advanced >LLDP > LLDP Settings. (1) Click to to enable
the LLDP function, and click OK in the displayed box. The STP function is
enabled by
default. When the LLDP is enabled, this step can be skipped.
(2) Configure the global LLDP parameters and click Save.
Table 8-3 Description of LLDP Global Configuration Parameters
Parameter
Description
LLDP
Indicates whether the LLDP function is enabled.
119
Default Value Enable
Web-based Configuration Guide
Advanced Configuration
Parameter
Description
Default Value
Hold Multiplier
TTL multiplier of LLDP
In LLDP packets, TTL TLV indicates the TTL of local information on a neighbor.
The value of TTL TLV is calculated using the following formula: TTL 4 TLV =
TTL multiplier × Packet transmission interval + 1. The TTL TLV value can be
modified by configuring the TTL multiplier and LLDP packet transmission
interval.
Transmit Interval
Transmission interval of LLDP packets, in seconds
The value of TTL TLV is calculated using the following formula: TTL TLV = TTL multiplier × Packet transmission interval + 1. The TTL TLV value can be modified by configuring the TTL multiplier and LLDP packet transmission interval.
30 seconds
Fast Count
Number of packets that are transmitted rapidly
When a new neighbor is discovered, or the LLDP working mode is changed,
the device will start the fast transmission mechanism in order to let the
neighboring devices learn the information of the device as soon as possible.
The fast transmission mechanism shortens the LLDP packet transmission
3
interval to 1s, sends a certain number of LLDP packets continuously, and then
restores the normal transmission interval. You can configure the number of
LLDP packets that can be transmitted rapidly for the fast transmission
mechanism.
Reinitialization Delay
Port initialization delay, in seconds You can configure an initialization delay to prevent frequent initialization of the state machine caused by frequent changes of the port work mode.
2 seconds
Forward Delay
Delay for sending LLDP packets, in seconds.
When local information of a device changes, the device immediately transmits
LLDP packets to its neighbors. You can configure a transmission delay to
prevent frequent transmission of LLDP packets caused by frequent changes of
local information.
If the delay is set to a very small value, frequent change of the local
information will cause frequent transmission of LLDP packets. If the delay is
set to a very large value, no LLDP packet may be transmitted even if local
information is changed. Set an appropriate delay according to actual
conditions.
2 seconds
9.2.3 Applying LLDP to a Port
Choose Local Device > Advanced > LLDP > LLDP Management. In Port List, Click
Edit in the Action column, or click Batch Edit, select the desired port,
configure the LLDP working mode on the port and whether to enable LLDP-MED,
and click OK.
120
Web-based Configuration Guide
Advanced Configuration
Send LLDPDU: After Send LLDPDU is enabled on a port, the port can send LLDPDUs. Receive LLDPDU: After Receive LLDPDU is enabled on a port, the port can receive LLDPDUs. LLDPMED: After LLDPMED is enabled, the device is capable of discovering neighbors when its peer endpoint supports LLDP-MED (the Link Layer Discovery Protocol-Media Endpoint Discovery).
9.2.4 Displaying LLDP information
Choose Local Device > Advanced > LLDP > LLDP Info. To display LLDP
information, including Including the LLDP information of the local device and
the neighbor devices of each port. Click the port name to display details
about port neighbors. You can check the topology connection through LLDP
information, or use LLDP to detect errors. For example, if two switch devices
are directly connected in the network topology. When an administrator
configures the VLAN,
121
Web-based Configuration Guide
Advanced Configuration
port rate, duplex mode, an error will be prompted if the configurations do not match those on the connected neighbor.
9.3 RLDP
9.3.1 Overview
The Rapid Link Detection Protocol (RLDP) is an Ethernet link failure detection
protocol, which is used to rapidly detect unidirectional link failures,
bidirectional link failures, and downlink loop failures. When a failure is
found,
122
Web-based Configuration Guide
Advanced Configuration
RLDP automatically shuts down relevant ports or asks users to manually shut
down the ports according to the configured failure handling methods, to avoid
wrong forwarding of traffic or Ethernet L2 loops.
Supports enabling the RLDP function of the access switches in the network in a
batch. By default, the switch ports will be automatically shut down when a
loop occurs. You can also set a single switch to configure whether loop
detection is enabled on each port and the handling methods after a link fault
is detected
9.3.2 Standalone Device Configuration
1. RLDP Global Settings
Choose Local Device > Advanced > RLDP > RLDP Settings. (1) Enable the RLDP
function and click OK in the displayed dialog box. The RLDP function is
disabled by
default.
(2) Configure RLDP global parameters and click Save.
Table 8-4 Description of RLDP Global Configuration Parameters
Parameter
Description
Default Value
RLDP
Indicates whether the RLDP function is enabled.
Disable
Hello Interval
Interval for RLDP to send detection packets, in seconds
3 seconds
After it is enabled, a port automatically recovers to the initialized state after
Errdisable Recovery
Disable
a loop occurs.
Errdisable Recovery The interval at which the failed ports recover to the initialized state
Interval
regularly and link detection is restarted, in seconds.
30 seconds
123
Web-based Configuration Guide
Advanced Configuration
2. Applying RLDP to a Port
Choose Local Device > Advanced > RLDP > RLDP Management. In Port List, click
Edit in the Action column or click Batch Edit, select the desired port,
configure whether to enable loop detection on the port and the handling method
after a fault is detected, and click OK. There are three methods to handle
port failures: Warning: Only the relevant information is prompted to indicate
the failed port and the failure type. Block: After alerting the fault, set the
faulty port not to forward the received packets Shutdown port: After alerting
the fault, shutdown the port.
Caution When RLDP is applied to an aggregate port, the Action can only be set
to Warning and Shutdown. When performing RLDP detection on an aggregate port,
if detection packets are received on the same
device, even if the VLANs of the port sending the packets and the port
receiving them are different, it will not be judged as a loop failure.
3. Displaying RLDP information Choose Local Device > Advanced > RLDP > RLDP
Info.
124
Web-based Configuration Guide
Advanced Configuration
You can view the detection status, failure handling methods, and ports that connect the neighbor device to the local device. You can click Reset to restore the faulty RLDP status triggered by a port to the normal state.
9.3.3 Batch Configuring Network Switches
Choose Network > RLDP. (1) Click Enable to access the RLDP Config page.
125
Web-based Configuration Guide
Advanced Configuration
(2) In the networking topology, you can select the access switches on which you want to enable RLDP in either recommended or custom mode. If you select the recommended mode, all access switches in the network are selected automatically. If you select the custom mode, you can manually select the desired access switches. Click Deliver Config. RLDP is enabled on the selected switches.
(3) After the configuration is delivered, if you want to modify the effective
range of the RLDP function, click Configure to select desired switches in the
topology again. Turn off RLDP to disable RLDP on all the switches with one
click.
126
Web-based Configuration Guide
Advanced Configuration
9.4 Configuring the Local DNS
The local DNS server is optional. The device obtains the DNS server address
from the connected uplink device by default. Choose Local Device > Advanced >
Local DNS. Enter the DNS server address used by the local device. If multiple
addresses exist, separate them with spaces. Click Save. After configuring the
local DNS, the device first use the DNS of the management IP address for
parsing domain names. If the device fail to parse domain names, then use this
DNS address instead.
127
Web-based Configuration Guide
9.5 Voice VLAN
Advanced Configuration
Caution The Voice VLAN function is supported by RG-NBS3100 Series, RG-NBS3200 Series, RG-NBS5100 Series and RG-NBS5200 Series Switches.
9.5.1 Overview
A voice virtual local area network (VLAN) is a VLAN dedicated to voice traffic
of users. By creating a voice VLAN and adding ports connected to voice devices
to the voice VLAN, you can have voice data transmitted in the voice VLAN and
deliver specified policy of the quality of service (QoS) for voice streams, to
improve the transmission priority of voice traffic and ensure the call
quality.
9.5.2 Voice VLAN Global Configuration
Choose Local Device > Advanced > Voice VLAN > Global Settings. Turn on the
voice VLAN function, configure global parameters, and click Save.
Table 8-5 Description of VLAN Global Configuration Parameters
Parameter
Description
Voice VLAN
Whether to enable the Voice VLAN function
VLAN
VLAN ID as Voice VLAN
128
Default Value Disable NA
Web-based Configuration Guide
Advanced Configuration
Parameter Max Age CoS Priority
Description
Default Value
Aging time of voice VLAN, in minutes. In automatic mode, after the MAC address in a voice packet ages, if the port does not receive any more voice packets within the aging time, the device removes this port from the voice VLAN
1440 minutes
The L2 Priority of voice stream packets in a Voice VLAN. The value range is
from 0 to 7. A greater value indicates a higher priority.
6
You can modify the priority of the voice traffic to improve the call quality.
9.5.3 Configuring a Voice VLAN OUI
Choose Local Device > Advanced > Voice VLAN > OUI. The source MAC address of a
voice packet contains the organizationally unique identifier (OUI) of the
voice device manufacturer. After the voice VLAN OUI is configured, the device
compares the voice VLAN OUI with the source MAC address in a received packet
to identify voice data packets, and sends them to the voice VLAN for
transmission.
Note After the voice VLAN function is enabled on a port, when the port
receives LLDP packets sent by IP phones, it can identify the device capability
fields in the packets, and identify the devices with the capability of
Telephone as voice devices. It aslo extracts the source MAC address of a
protocol packet and processes it as the MAC address of the voice device. In
this way, the OUI can be added automatically.
Click Add. In the displayed dialog box, enter an MAC address and OUI, and
click OK.
129
Web-based Configuration Guide
Advanced Configuration
9.5.4 Configuring the Voice VLAN Function on a Port
Choose Local Device > Advanced > Voice VLAN > Port Settings. Click Edit in the
port entry or click Batch Edit on the upper -right corner. In the displayed
dialog box, select whether to enable the voice VLAN function on the port,
voice VLAN mode to be applied, and whether to enable the security mode, and
Click OK.
130
Web-based Configuration Guide
Advanced Configuration
Table 8-6 Description of the Voice VLAN Configuration Parameters on a Port
Parameter
Description
Default Value
Based on different ways the Voice VLAN function is enabled on the port, the Voice VLAN Mode can be Auto Mode or Manual Mode:
Voice VLAN Mode
Auto Mode: In this mode, the device checks whether the permit VLANs of a port contain the voice VLAN after the voice VLAN function is enabled on the port. If yes, the device deletes the voice VLAN from the permit VLANs of the port until the port receives a voice packet containing a specified OUI. Then, the device automatically adds the voice VLAN to the port’s permit VLANs. If the port does not receive a voice packet containing the specified OUI within the global aging time, the device removes the Voice VLAN from the permit VLANs of the port.
Auto Mode
Manual Mode: If the permit VLANs of a port contains the voice VLAN, voice packets can be transmitted in the voice VLAN.
Security Mode
When the security mode is enabled, only voice traffic can be transmitted in the voice VLAN. The device checks the source MAC address in each packet. When the source MAC address in the packet matches the voice VLAN OUI, the packet can be transmitted in the voice VLAN. Otherwise, the device discards the packet.
Enable
When the security mode is disabled, the source MAC addresses of packets are not checked and all packets can be transmitted in the voice VLAN.
Caution
The voice VLAN mode of the port can be set as the auto mode only when the VLAN
mode of the port is Trunk mode. When the voice VLAN mode of the port work in
the auto mode, the port exits the voice VLAN first and is automatically added
to the voice VLAN only after receiving voice data.
131
Web-based Configuration Guide
Advanced Configuration
After the voice VLAN function is enabled on a port, do not switch the L2 mode
(trunk or access mode) of the port to ensure normal operation of the function.
If you need to switch the L2 mode of the port, disable the voice VLAN function
on the port first.
It is not recommended that both voice data and service data be transmitted
over the voice VLAN. If you want to transmit both voice data and service data
over the voice VLAN, disable the voice VLAN function in security mode.
The voice VLAN function is unavailable on L3 ports or aggregate ports.
132
Web-based Configuration Guide
10 Diagnostics
Diagnostics
10.1 Info Center
Choose Local Device > Diagnostics > Info Center. In Info Center, you can view
port traffic, VLAN information, routing information, client list, ARP list,
MAC address, DHCP snooping , IP-MAC binding, IP Source Guard, and CPP
statistics of the device and relevant configurations.
10.1.1 Port Info
Choose Local Device > Diagnostics > Info Center > Port Info. Port Info
displays the status and configuration information of the port. Click the port
icon to view the detailed information of the port.
Note To configure the flow control of the port or the optical/electrical
attribute of a combo port, see 4.2. To configure the L2 mode of the port and
the VLAN to which it belongs, see 3.5.3.
133
Web-based Configuration Guide
Diagnostics
10.1.2 VLAN Info
Choose Local Device > Diagnostics > Info Center > VLAN Info. Display SVI port
and routed port information, including the port information included in the
VLAN, the port IP address, and whether the DHCP address pool is enabled.
Note To configure VLAN, see 3.5 . To configure SVI ports and routed ports, see
6.1.
10.1.3 Routing Info
Caution If the device does not support L3 functions (such as RG-NBS3100 Series
and RG-NBS3200 Series Switches), this type of information is not displayed.
134
Web-based Configuration Guide
Diagnostics
Choose Local Device > Diagnostics > Info Center > Routing Info. Displays the routing information on the device. The search box in the upper-right corner supports finding route entries based on IP addresses.
Note To set up static routes, see 6.3.
10.1.4 DHCP Clients
Caution If the device does not support L3 functions (such as RG-NBS3100 Series
and RG-NBS3200 Series Switches), this type of information is not displayed.
Choose Local Device > Diagnostics > Info Center > DHCP Clients. Displays the
IP address information assigned to endpoints by the device as a DHCP server.
Note To configure DHCP server related functions, see 6.2.
10.1.5 ARP List
Choose Local Device > Diagnostics > Info Center > ARP List. Displays ARP
information on the device, including dynamically learned and statically
configured ARP mapping entries.
135
Web-based Configuration Guide
Note To bind dynamic ARP or manually configure static ARP, see 6.4.
Diagnostics
10.1.6 MAC Address
Choose Local Device > Diagnostics > Info Center > MAC. Displays the MAC
address information of the device, including the static MAC address manually
configured by the user, the filtering MAC address, and the dynamic MAC address
automatically learned by the device.
Note To configure and manage the MAC address, see 3.3.
136
Web-based Configuration Guide
Diagnostics
10.1.7 DHCP Snooping
Choose Local Device > Diagnostics > Info Center > DHCP Snooping. Displays the current configuration of the DHCP snooping function and the user information dynamically learned by the trust port.
Note To modify DHCP Snooping related configuration, see 7.1.
10.1.8 IP-MAC Binding
Choose Local Device > Diagnostics > Info Center > IP-MAC Binding. Displays the
configured IP-MAC binding entries. The device checks whether the source IP
addresses and source MAC addresses of IP packets match those configured for
the device and filters out IP packets not matching the binding.
Note To add or modify the IP-MAC binding, see 7.5.
137
Web-based Configuration Guide
Diagnostics
10.1.9 IP Source Guard
Choose Local Device > Diagnostics > Info Center > Source Guard. Displays the
binding list of the IP Source Guard function. The IP Source Guard function
will check the IP packets from non-DHCP trusted ports according to the list,
and filter out the IP packets that are not in the binding list.
Note To configure IP Source Guard function, see 7.6.
10.1.10 CPP Info
Choose Local Device > Diagnostics > Info Center > CPP. Displays the current
total CPU bandwidth and statistics of various packet types, including the
bandwidth, current rate, and total number of packets.
138
Web-based Configuration Guide
Diagnostics
10.2 Network Tools
The Network Tools page provides three tools to detect the network status:
Ping, Traceroute, and DNS Lookup.
10.2.1 Ping
Choose Local Device > Diagnostics > Network Tools. The Ping command is used to
detect the network connectivity. Select Ping as the diagnosis mode, enter the
destination IP address or website address, configure the ping count and packet
size, and click Start to test the network connectivity between the device and
the IP address or website. If “Ping failed” is displayed, the device is not
reachable to the IP address or website.
10.2.2 Traceroute
Choose Local Device > Diagnostics > Network Tools. The Traceroute function is
used to identify the network path from one device to another. On a simple
network, the network path may pass through only one routing node or none at
all. On a complex network, packets may pass through dozens of routing nodes
before reaching their destination. The traceroute function can be used to
judge the transmission path of data packets during communication.
139
Web-based Configuration Guide
Diagnostics
Select Traceroute as the diagnosis mode, enter a destination IP address or the maximum TTL value used by the URL and traceroute, and click Start.
10.2.3 DNS Lookup
Choose Local Device > Diagnostics > Network Tools. DNS Lookup is used to query
the information of network domain name or diagnose DNS server problems. If the
device can ping through the IP address of the Internet from your web page but
the browser cannot open the web page, you can use the DNS lookup function to
check whether domain name resolution is normal. Select DNS Lookup as the
diagnosis mode, enter a destination IP address or URL, and click Start.
140
Web-based Configuration Guide
Diagnostics
10.3 Fault Collection
Choose Local Device > Diagnostics > Fault Collection. When an unknown fault
occurs on the device, you can collect fault information by one click on this
page. Click Start. The configuration files of the device will be packed into a
compressed file. Download the compressed file locally and provide it to R&D
personnel for fault locating.
10.4 Cable Diagnostics
Choose Local Device > Diagnostics > Cable Diagnostics. The cable diagnostics
function can detect the approximate length of a cable connected to a port and
whether the cable is faulty. Select the port to be detected on the port panel
and click Start. The detection results will be displayed below.
141
Web-based Configuration Guide
Diagnostics
Caution The SPF port does not support the function. If a detected port
contains an uplink port, the network may be intermittently disconnected.
Exercise
caution when performing this operation.
10.5 System Logs
Choose Local Device > Diagnostics > System Logs. System logs record device
operations, operation time, and operation modules. System logs are used by
administrators to monitor the running status of the device, analyze network
status, and locate faults. You can search for specified logs by fault type,
faulty module, and keyword in fault information.
10.6 Alerts
Choose Local Device > Diagnostics > Alerts. Note
Choose Network > Alerts to view the alert information of other devices in the
network. 142
Web-based Configuration Guide
Diagnostics
Displays possible problems on the network environment to facilitate fault
prevention and troubleshooting. You can view the alert occurrence time, port,
alert impact, and handling suggestions, and rectify device faults according to
handling suggestions. All types of alerts are concerned by default. You can
click Unfollow to unfollow this type of alert. The system will no longer
display this type of alert. To enable the notification function of a type of
alert again, follow the alert type on the Removed Alert page.
Caution After unfollowing an alert, the system will not issue an alert prompt
for this type of fault, and users cannot find and deal with the fault in time.
Exercise caution when performing this operation.
Table 9-1 Alert Types and Product Support
Alert Type
Desc
References
- csm
- csm
- Ruijie Community
- Ruijie Community
- Support Center - Ruijie Reyee
- Ruijie Reyee - Redefine your easy network