ORing IGS-P9164 Series Industrial IEC 61850-3 Managed Gigabit Ethernet Switch User Manual
- June 3, 2024
- ORing
Table of Contents
IGS-P9164 Series Industrial IEC 61850-3 Managed Gigabit Ethernet Switch
IGS-P9164 Series
Industrial IEC 61850-3 Managed Gigabit Ethernet Switch
User Manual
Version 1.1 July, 2020
www.oringnet.com
IGS-P9164 Series User Manual
COPYRIGHT NOTICE
Copyright © 2015 ORing Industrial Networking Corp. All rights reserved. No
part of this publication may be reproduced in any form without the prior
written consent of ORing Industrial Networking Corp.
TRADEMARKS
is a registered trademark of ORing Industrial Networking Corp. All other
trademarks belong to their respective owners.
REGULATORY COMPLIANCE STATEMENT
Product(s) associated with this publication complies/comply with all
applicable regulations. Please refer to the Technical Specifications section
for more details.
WARRANTY
ORing warrants that all ORing products are free from defects in material and
workmanship for a specified warranty period from the invoice date (5 years for
most products). ORing will repair or replace products found by ORing to be
defective within this warranty period, with shipment expenses apportioned by
ORing and the distributor. This warranty does not cover product modifications
or repairs done by persons other than ORing-approved personnel, and this
warranty does not apply to ORing products that are misused, abused, improperly
installed, or damaged by accidents. Please refer to the Technical
Specifications section for the actual warranty period(s) of the product(s)
associated with this publication.
DISCLAIMER
Information in this publication is intended to be accurate. ORing shall not be
responsible for its use or infringements on third-parties as a result of its
use. There may occasionally be unintentional errors on this publication. ORing
reserves the right to revise the contents of this publication without notice.
CONTACT INFORMATION
ORing Industrial Networking Corp. 3F., NO.542-2, Jhongjheng Rd., Sindian
District, New Taipei City 231, Taiwan, R.O.C. Tel: + 886 2 2218 1066 // Fax: +
886 2 2218 1014 Website: www.oring-networking.com Technical Support E-mail:
support@oring-networking.com Sales Contact E-mail: sales@oring-networking.com
(Headquarters)
sales@oring-networking.com.cn (China)
ORing Industrial Networking Corp
1
IGS-P9164 Series User Manual
Table of Content
Getting Started ………………………………………………………………………………….. 6
1.1 About the IGS-P9164 Series ………………………………………………………………………… 6 1.2 Software
Features ………………………………………………………………………………………. 6 1.3 Hardware Specifications
……………………………………………………………………………… 7
Hardware Overview…………………………………………………………………………….8
2.1 Front Panel ………………………………………………………………………………………………… 8 2.1.1 Available Models
…………………………………………………………………………………….. 8 2.1.2 Ports and Connectors
……………………………………………………………………………… 8 2.1.3 LED
…………………………………………………………………………………………………….. 10
2.2 Rear Panel ………………………………………………………………………………………………. 10
Hardware Installation………………………………………………………………………..12
3.1 DIN-rail Installation ……………………………………………………………………………………. 12 3.2 Wall
Mounting…………………………………………………………………………………………… 12 3.3 Wiring
……………………………………………………………………………………………………… 14 3.3.1
Grounding………………………………………………………………………………………………… 15 3.3.2 Fault Relay
………………………………………………………………………………………………. 15 3.3.3 Redundant Power
Inputs……………………………………………………………………………. 15 3.4 Connection
………………………………………………………………………………………………. 16 3.4.1 Cables
…………………………………………………………………………………………………….. 16
10/100/1000BASE-T(X) Pin Assignments ……………………………………………………………. 16 RS-232
console port wiring………………………………………………………………………………… 17 3.4.2
O-Ring/O-Chain………………………………………………………………………………………… 18 O-Ring 18
Redundancy ……………………………………………………………………………………. 21
4.1 O-Ring …………………………………………………………………………………………………….. 21 4.1.1
Introduction………………………………………………………………………………………………. 21 4.1.2 Configurations
………………………………………………………………………………………….. 21 4.2 Open-Ring
……………………………………………………………………………………………….. 23 4.2.1
Introduction………………………………………………………………………………………………. 23 4.2.2 Configurations
………………………………………………………………………………………….. 23 4.3 O-Chain
…………………………………………………………………………………………………… 24 4.3.1
Introduction………………………………………………………………………………………………. 24 4.3.2 Configurations
………………………………………………………………………………………….. 24
ORing Industrial Networking Corp
2
IGS-P9164 Series User Manual
4.4 STP/RSTP/MSTP ……………………………………………………………………………………… 25 4.4.1 STP/RSTP ……………………………………………………………………………………………….. 25 4.4.2 MSTP ……………………………………………………………………………………………………… 29 Bridge Settings …………………………………………………………………………………………………….. 30 Bridge Port ………………………………………………………………………………………………………….. 32 4.5 Fast Recovery ………………………………………………………………………………………….. 34
Management ……………………………………………………………………………………. 36
5.1 Basic Settings ………………………………………………………………………………………. 37
5.1.1 System Information ……………………………………………………………………………….. 37
5.1.2
Admin & Password ………………………………………………………………………… 38
5.1.3
Authentication……………………………………………………………………………….. 39
5.1.4
IP Settings ……………………………………………………………………………………. 39
5.1.5
IPv6 Settings ………………………………………………………………………………… 40
5.1.6
Daylight Saving Time …………………………………………………………………….. 41
5.1.7
HTTPS…………………………………………………………………………………………. 43
5.1.8
SSH …………………………………………………………………………………………….. 43
5.1.9
LLDP …………………………………………………………………………………………… 44
LLDP Neighbor Information ……………………………………………………………………………………. 45
Port Statistics ………………………………………………………………………………………………………. 46
5.1.10 NTP …………………………………………………………………………………………….. 47
5.1.11 Modbus TCP ………………………………………………………………………………… 48
5.1.12 Backup/Restore Configurations ………………………………………………………. 48
5.1.13 Firmware Update…………………………………………………………………………… 48
5.2 DHCP Server ……………………………………………………………………………………….. 49
5.2.1
Basic Settings……………………………………………………………………………….. 49
5.2.2
Dynamic Client List………………………………………………………………………… 49
5.2.3
Client List……………………………………………………………………………………… 49
5.2.4
Port and IP Binding ……………………………………………………………………….. 50
5.2.5
Relay Agent ………………………………………………………………………………….. 50
5.3 Port Setting ………………………………………………………………………………………….. 53
5.3.1
Port Control ………………………………………………………………………………….. 53
5.3.2
Port Alias ……………………………………………………………………………………… 55
5.3.3
Port Trunk …………………………………………………………………………………….. 55
5.3.4
LACP …………………………………………………………………………………………… 56
5.3.5
Loop Gourd ………………………………………………………………………………….. 59
5.4 VLAN…………………………………………………………………………………………………… 61
5.4.1
VLAN Membership ………………………………………………………………………… 61
ORing Industrial Networking Corp
3
IGS-P9164 Series User Manual
5.4.2
Port Configurations………………………………………………………………………… 61
Examples of VLAN Settings …………………………………………………………………………… 66
5.4.3
Private VLAN ………………………………………………………………………………… 71
5.5 SNMP………………………………………………………………………………………………….. 72
5.5.1
SNMP System Configurations…………………………………………………………. 72
5.5.2
SNMP Community Configurations …………………………………………………… 75
5.5.3
SNMP User Configurations …………………………………………………………….. 75
5.5.4
SNMP Group Configurations…………………………………………………………… 77
5.5.5
SNMP View Configurations …………………………………………………………….. 78
5.5.6
SNMP Access Configurations …………………………………………………………. 78
5.6 Traffic Prioritization ……………………………………………………………………………….. 79
5.6.1
Storm Control ……………………………………………………………………………….. 79
5.6.2
Port Classification………………………………………………………………………….. 80
5.6.3
Port Tag Remaking ………………………………………………………………………… 82
5.6.4
Port DSCP ……………………………………………………………………………………. 83
5.6.5
Port Policing …………………………………………………………………………………. 85
Queue Policing …………………………………………………………………………………………….. 86
5.6.6
Scheduling and Shaping ………………………………………………………………… 86
5.6.7
Port Scheduler………………………………………………………………………………. 89
5.6.8
Port Shaping…………………………………………………………………………………. 90
5.6.9
DSCP Based QoS …………………………………………………………………………. 90
5.6.10 DSCP Translation ………………………………………………………………………….. 91
5.6.11 DSCP Classification ………………………………………………………………………. 92
5.6.12 QoS Control List ……………………………………………………………………………. 92
5.6.13 QoS Counters……………………………………………………………………………….. 95
5.6.14 QCL Status …………………………………………………………………………………… 95
5.7 Multicast ………………………………………………………………………………………………. 96
5.7.1
IGMP Snooping …………………………………………………………………………….. 96
5.7.2
VLAN Configurations of IGMP Snooping ………………………………………….. 97
5.7.3
IGMP Snooping Status…………………………………………………………………… 98
5.7.4
Groups Information of IGMP Snooping …………………………………………….. 99
5.8 Security ……………………………………………………………………………………………… 100
5.8.1
Remote Control Security Configurations…………………………………………. 100
5.8.2
Device Binding ……………………………………………………………………………. 100
5.8.3
ACL …………………………………………………………………………………………… 105
5.8.4
Authentication, Authorization, and Accounting…………………………………..117
5.8.5
RADIUS ……………………………………………………………………………………….117
ORing Industrial Networking Corp
4
IGS-P9164 Series User Manual
Authentication and Accounting Server Status Overview …………………………………….119
Authentication and Accounting Server Statistics ……………………………………………… 121
5.8.6
NAS (802.1x) ………………………………………………………………………………. 123
5.9 Alerts …………………………………………………………………………………………………. 133
5.9.1
Fault Alarm …………………………………………………………………………………. 133
5.9.2
System Warning ………………………………………………………………………….. 134
5.10 Monitor and Diag…………………………………………………………………………………. 136
5.10.1 MAC Table ………………………………………………………………………………….. 136
5.10.2 Port Statistics ……………………………………………………………………………… 140
5.10.3 Port Mirroring………………………………………………………………………………. 142
5.10.4 System Log Information ……………………………………………………………….. 143
5.10.5 Cable Diagnostics ……………………………………………………………………….. 144
5.10.6 SFP Monitor ……………………………………………………………………………….. 144
5.10.7 Ping …………………………………………………………………………………………… 145
5.10.8 IPv6 Ping ……………………………………………………………………………………. 146
5.11 Synchronization ………………………………………………………………………………….. 146
5.11.1 PTP External Clock Mode …………………………………………………………….. 146
5.11.2 PTP Clock Configurations …………………………………………………………….. 147
5.12 Troubleshooting ………………………………………………………………………………….. 148
5.12.1 Factory Defaults ………………………………………………………………………….. 148
5.12.2 System Reboot……………………………………………………………………………. 149
Command Line Interface Management ……………………………………………. 150
ORing Industrial Networking Corp
5
IGS-P9164 Series User Manual
Getting Started
1.1 About the IGS-P9164 Series
The IGS-P9164 series is a managed industrial Ethernet switch designed for
power substation and rolling stock applications as it is fully compliant with
the requirements of IEC 61850-3 and IEEE 1613. The series consists of three
models: IGS-P9164GF, IGS-P9164FX, and IGS-P9164GC, each comes with
16×10/100/1000Base-T(X) ports and differ numbers of optical fiber ports. The
devices can be managed centrally via web browsers, TELNET, Console or other
third-party SNMP software as well as ORing’s proprietary Open-Vision
management utility. With complete support for Ethernet redundancy protocols
such as O-Ring (recovery time < 30ms over 250 units of connection) and MSTP
(RSTP/STP compatible), the devices can protect your mission-critical
applications from network interruptions or temporary malfunctions with its
fast recovery technology. Boasting a wide operating temperature from -40oC to
85oC, the switch can meet the demanding requirements of power substations and
rolling stock applications.
1.2 Software Features
Supports O-Ring (recovery time < 30ms over 250 units of connection) and
MSTP(RSTP/STP compatible) for Ethernet redundancy
Supports Open-Ring to interoperate with other vendors’ ring technology in open
architecture
Supports O-Chain to allow multiple redundant network rings Supports standard
IEC 62439-2 MRP (Media Redundancy Protocol) Supports IEEE 1588v2 clock
synchronization Supports IPv6 new internet protocol version Supports Modbus
TCP protocol Provided HTTPS/SSH protocol to enhance network security Support
IEEE 802.3az Energy-Efficient Ethernet technology Supports SMTP client
Supports IP-based bandwidth management Supports application-based QoS
management Supports Device Binding security function Supports DOS/DDOS auto
prevention Supports IGMP v2/v3 (IGMP snooping support) to filter multicast
traffic Supports SNMP v1/v2c/v3 & RMON & 802.1Q VLAN Network Management
ORing Industrial Networking Corp
6
IGS-P9164 Series User Manual
Supports ACL, TACACS+ and 802.1x user authentication for secure connections
Supports 9.6K Bytes Jumbo Frame Supports DBU-01 backup unit for fast
backup/restore configuration Multiple notifications for warning of unexpected
events Configuration via Web, Telnet, Console (CLI), and Windows utility
(Open-Vision) Supports LLDP Protocol
1.3 Hardware Specifications
16 x 10/100/1000Base-T(X) 4 x 100Base-X fiber ports (IGS-P9164GFX) 4 x
1000Base-X fiber ports (IGS-P9164GF) 4 x Gigabit combo ports (IGS-P9164GC) 1 x
Console Port Compliance with IEC 61850-3 and IEEE 1613 Redundant DC power
inputs DIN-rail and wall-mounting available Operating Temperature: -40 to 85oC
Storage Temperature: -40 to 85oC Operating Humidity: 5% to 95%, non-condensing
Casing: IP-30 Dimensions: 96.4 x 105.5 x 154 mm (3.80 x 4.15 x 6.06 inch)
ORing Industrial Networking Corp
7
IGS-P9164 Series User Manual
Hardware Overview
2.1 Front Panel
2.1.1 Available Models
Model name IGS-P9164GF
Description 16×10/100/1000Base-T(X) ports & 4x1000Base-X fiber ports with SC connector
IGS-P9164FX 16×10/100/1000Base-T(X) ports & 4x100Base-FX fiber ports with SC connector
IGS-P9164GC 16×10/100/1000Base-T(X) ports and 4xGigabit combo ports with SFP socket
2.1.2 Ports and Connectors
The device provides the following ports on the front panel. The Ethernet ports on the switches
use RJ-45 connectors.
Port
Description
Copper ports
16 x 10/100/1000Base-T(X)
Fiber ports
4 x 1000Base-X optical fiber ports (IGS-P9164GF) or 4 x 100Base-FX optical fiber ports (IGS-P9164GFX) or
4 x Gigabit combo ports (IGS-P9164GC)
Console port Reset button
1 x console port 1 x reset button. Press the button for 3 seconds to reset and 5 seconds to return to factory default.
IGS-P9164GF-HV
ORing Industrial Networking Corp
IGS-P9164GF-LV 8
IGS-P9164 Series User Manual
IGS-P9164FX-HV
IGS-P9164FX-LV
IGS-P9164GC-HV
IGS-P9164GC-LV
ORing Industrial Networking Corp
9
IGS-P9164 Series User Manual
1. LNK/ACT port for Ethernet ports 2. 10/100/100Base T(X) Ethernet ports 3.
Fiber ports (IGS-P9164GF/GFX) or
Combo ports (IGS-P9164GC) 4. LNK status LED for fiber/combo ports 5. Console
port 6. Power indicator 7. Power 1 module indicator
8. Power 2 module indicator 9. LED for Ring Master status 10. LED for Ring status 11. Fault indicator 12. Relay output 13. Power 2 module 14. Power 1 module 15. Reset button
2.1.3 LED
LED PWR
Color Green
Status On
PW1
Green
On
PW2
Green
On
R.M
Green
On
Ring
Green
On Blinking
Fault
Amber
On
10/100/1000Base-T(X) Fast Ethernet ports
Green
On
LNK/ACT
Amber
On
Green/Amber 1000Base-X fiber ports LNK/ACT Green 100Base-FX fiber ports LNK/ACT Green 100/1000Base-X SFP ports LNK/ACT Green
Off
On Blinking
On Blinking
On Blinking
Description DC power on DC power module 1 activated DC power module 2
activated System running in Ring Master mode System running in Ring mode Ring
structure is broken Faults occurs
Port is connected and running at 1000Mbps Port is connected and running at
100Mbps Port running at 10Mbps
Ethernet links connected Transmitting data
Ethernet links connected Transmitting data
Ethernet links connected Transmitting data
2.2 Rear Panel
On the rear panel of the switch sit three sets of screw holes. The two sets
placed in
ORing Industrial Networking Corp
10
IGS-P9164 Series User Manual triangular patterns on both ends of the rear
panel are used for wall-mounting (red boxes in the figure below) and the set
of four holes in the middle are used for Din-rail installation (blue box in
the figure below). For more information on installation, please refer to 23.1
Din-rail Installation.
1. Wall-mount screw holes 2. Din-rail screw holes
ORing Industrial Networking Corp
11
IGS-P9164 Series User Manual
Hardware Installation
3.1 DIN-rail Installation
The device comes with a DIN-rail kit to allow you to fasten the switch to a
DIN-rail in any environments.
DIN-rail Kit Measurement (Unit = mm) Installing the switch on the DIN-rail is
easy. First, screw the Din-rail kit onto the back of the switch, right in the
middle of the back panel. Then slide the switch onto a DIN-rail from the Din-
rail kit and make sure the switch clicks into the rail firmly.
3.2 Wall Mounting
Besides Din-rail, the switch can be fixed to the wall via a wall mount panel,
which can be found in the package.
ORing Industrial Networking Corp
12
IGS-P9164 Series User Manual
Wall-Mount Kit Measurement (Unit = mm) To mount the switch onto the wall,
follow the steps: 1. Screw the two pieces of wall-mount kits onto both ends of
the rear panel of the switch. A total of six screws are required, as shown
below.
2. Use the switch, with wall mount plates attached, as a guide to mark the correct locations of the four screws. 3. Insert screws through the round screw holes (the red arrow as below) on the sides or through the cross-shaped aperture (the green arrow as below) in the middle of the plate and fasten the screw to the wall with a screwdriver. 4. If the screw goes through the cross- shaped aperture, slide the switch down before tightening the screw.
ORing Industrial Networking Corp
13
IGS-P9164 Series User Manual
Note: Instead of screwing the screws in all the way, leave about 2 mm to allow
room for sliding the wall mount panel between the wall and the screws.
3.3 Wiring
WARNING Do not disconnect modules or wires unless power has been switched off
or the area is known to be non-hazardous. The devices may only be connected to
the supply voltage shown on the type plate.
ORing Industrial Networking Corp
14
IGS-P9164 Series User Manual
ATTENTION 1. Be sure to disconnect the power cord before installing and/or
wiring your
switches. 2. Calculate the maximum possible current in each power wire and
common wire. Observe all electrical codes dictating the maximum current
allowable for each wire size. 3. If the current goes above the maximum
ratings, the wiring could overheat, causing serious damage to your equipment.
4. Use separate paths to route wiring for power and devices. If power wiring
and device wiring paths must cross, make sure the wires are perpendicular at
the intersection point. 5. Do not run signal or communications wiring and
power wiring through the same wire conduit. To avoid interference, wires with
different signal characteristics should be routed separately. 6. You can use
the type of signal transmitted through a wire to determine which wires should
be kept separate. The rule of thumb is that wiring sharing similar electrical
characteristics can be bundled together 7. You should separate input wiring
from output wiring 8. It is advised to label the wiring to all devices in the
system
3.3.1 Grounding
Grounding and wire routing help limit the effects of noise due to
electromagnetic interference (EMI). Run the ground connection from the ground
screw on the power module to the grounding surface prior to connecting
devices.
3.3.2 Fault Relay
The switch provides fail open and fail close options for you to form relay
circuits based on your needs. If you want the relay device to start operating
at power failure, attach the two wires to COM and fail close to form a close
circuit, vice versa. The relay contact of the 2-pin terminal block connector
will respond to user-configured events according to the wiring.
3.3.3 Redundant Power Inputs
The switch has two sets of power inputs, power input 1 and power input 2,
which sit on the front panel along with LAN ports. Follow the steps below to
wire redundant power inputs. Step 1: insert the negative/positive wires into
the V-/V+ terminals, respectively. Step 2: to keep the wires from pulling
loose, use a small flat-blade screwdriver to tighten the wire-clamp screws on
the front of the terminal block connector.
ORing Industrial Networking Corp
15
IGS-P9164 Series User Manual
3.4 Connection
3.4.1 Cables
10/100/1000BASE-T(X) Pin Assignments
The series has standard Ethernet ports. According to the link type, the switch
uses CAT 3, 4, 5,5e UTP cables to connect to any other network devices (PCs,
servers, switches, routers, or hubs). Please refer to the following table for
cable specifications.
Cable Types and Specifications:
Cable
10BASE-T 100BASE-TX 1000BASE-TX
Type
Cat. 3, 4, 5 100-ohm Cat. 5 100-ohm UTP Cat. 5/Cat. 5e 100-ohm UTP
Max. Length
Connector
UTP 100 m (328 ft) UTP 100 m (R8 ft) UTP 100 m (328ft)
RJ-45 RJ-45 RJ-45
With 10/100Base-T(X) cables, pins 1 and 2 are used for transmitting data, and pins 3 and 6 are used for receiving data.
10/100Base-T(X) RJ-45 Pin Assignments :
Pin Number 1 2 3 4 5 6 7 8
Assignment TD+ TDRD+
Not used Not used
RDNot used Not used
1000Base-T RJ-45 Pin Assignments :
Pin Number 1 2 3 4 5
Assignment BI_DA+ BI_DABI_DB+ BI_DC+ BI_DC-
ORing Industrial Networking Corp
16
IGS-P9164 Series User Manual
6
BI_DB-
7
BI_DD+
8
BI_DD-
The series supports auto MDI/MDI-X operation. You can use a cable to connect the switch to a PC. The table below shows the 10/100Base-T(X) MDI and MDI-X port pin outs.
10/100Base-T(X) MDI/MDI-X Pin Assignments:
Pin Number 1 2 3 4 5 6 7 8
MDI port TD+(transmit) TD-(transmit) RD+(receive)
Not used Not used RD-(receive) Not used Not used
MDI-X port RD+(receive) RD-(receive) TD+(transmit)
Not used Not used TD-(transmit) Not used Not used
1000Base-T MDI/MDI-X Pin Assignments:
Pin Number 1 2 3 4 5 6 7 8
MDI port BI_DA+ BI_DABI_DB+ BI_DC+ BI_DCBI_DBBI_DD+ BI_DD-
MDI-X port BI_DB+ BI_DBBI_DA+ BI_DD+ BI_DDBI_DABI_DC+ BI_DC-
Note: “+” and “-” signs represent the polarity of the wires that make up each wire pair.
RS-232 console port wiring
The series can be managed via console ports using a RS-232 cable which can be
found in the package. You can connect the port to a PC via the RS-232 cable
with a DB-9 female connector. The DB-9 female connector of the RS-232 cable
should be connected the PC while the other end of the cable (RJ-45 connector)
should be connected to the console port of the switch.
ORing Industrial Networking Corp
17
IGS-P9164 Series User Manual
PC pin out (male) assignment Pin #2 RD Pin #3 TD Pin #5 GD
RS-232 with DB9 female connector Pin #2 TD Pin #3 RD Pin #5 GD
DB9 to RJ 45 Pin #2 Pin #3 Pin #5
3.4.2 O-Ring/O-Chain
O-Ring
You can connect three or more switches to form a ring topology to gain network
redundancy capabilities through the following steps. 1. Connect each switch to
form a daisy chain using an Ethernet cable. 2. Set one of the connected
switches to be the master and make sure the port setting of each connected
switch on the management page corresponds to the physical ports connected. For
infomration about the port setting, please refer to 4.1.2 Configurations. 3.
Connect the last switch to the first switch to form a ring topology.
ORing Industrial Networking Corp
18
IGS-P9164 Series User Manual
Coupling Ring
If you already have two O-Ring topologies and would like to connect the rings,
you can form them into a couping ring. All you need to do is select two
switches from each ring to be connected, for example, switch A and B from Ring
1 and switch C and D from ring 2. Decide which port on each switch to be used
as the coupling port and then link them together, for example, port 1 of
switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D.
Then, enable Coupling Ring option by checking the checkbox on the management
page and select the coupling ring in correspondance to the connected port. For
more inforamtion on port setting, please refer to 4.1.2 Configurations. Once
the setting is completed, one of the connections will act as the main path
while the other will act as the backup path.
Dual Homing
If you want to connect your ring topology to a RSTP network environment, you
can use dual homing. Choose two switches (Switch A & B) from the ring for
connecting to the switches in the RSTP network (core switches). The connection
of one of the switches (Switch A or B) will act as the primary path, while the
other will act as the backup path that is activated when the primary path
connection fails.
ORing Industrial Networking Corp
19
IGS-P9164 Series User Manual
O-Chain
When connecting multiple O-Rings to meet your expansion demand, you can create
an O-Chain topology through the following steps. 1. Select two switches from
the chain (Switch A & B) that you want to connect to the O-Ring and connect
them to the switches in the ring (Switch C & D). 2. In correspondence to the
port connected to the ring, configure an edge port for both of the connected
switches in the chain by checking the box in the management page (see 4.1.2
Configurations). 3. Once the setting is completed, one of the connections will
act as the main path, and the ohter as the back up path.
ORing Industrial Networking Corp
20
IGS-P9164 Series User Manual
Redundancy
Redundancy for minimized system downtime is one of the most important concerns
for industrial networking devices. Hence, ORing has developed proprietary
redundancy technologies including O-Ring and Open-Ring featuring faster
recovery time than existing redundancy technologies widely used in commercial
applications, such as STP, RSTP, and MSTP. ORing’s proprietary redundancy
technologies not only support different networking topologies, but also assure
the reliability of the network.
4.1 O-Ring
4.1.1 Introduction
O-Ring is ORing’s proprietary redundant ring technology, with recovery time of
less than 30 milliseconds (in full-duplex Gigabit operation) or 10
milliseconds (in full-duplex Fast Ethernet operation) and up to 250 nodes. The
ring protocols identify one switch as the master of the network, and then
automatically block packets from traveling through any of the network’s
redundant loops. In the event that one branch of the ring gets disconnected
from the rest of the network, the protocol automatically readjusts the ring so
that the part of the network that was disconnected can reestablish contact
with the rest of the network. The O-Ring redundant ring technology can protect
mission-critical applications from network interruptions or temporary
malfunction with its fast recover technology.
4.1.2 Configurations
O-Ring supports three ring topologies: Ring Master, Coupling Ring, and Dual
Homing. You can configure the settings in the interface below.
ORing Industrial Networking Corp
21
IGS-P9164 Series User Manual
Label
Enable Ring
Description
Check to enable O-Ring topology.
Only one ring master is allowed in a ring. However, if more than
Enable Ring Master
one switches are set to enable Ring Master, the switch with the lowest MAC address will be the active ring master and the others
will be backup masters.
1st Ring Port 2nd Ring Port Enable Coupling Ring
The primary port when the switch is ring master The backup port when the switch is ring master Check to enable Coupling Ring. Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches. It is a good method for connecting two rings.
Couple Port
Ports for connecting multiple rings. A coupling ring needs four switches to build an active and a backup link.
Enable Dual Homing
Links formed by the coupling ports will run in active/backup mode. Check to enable Dual Homing. When Dual Homing is enabled, the ring will be connected to normal switches through two RSTP links (ex: backbone Switch). The two links work in active/backup mode, and connect each ring to the normal switches in RSTP mode.
Apply
Click to activate the configurations.
Note: due to heavy loading, setting one switch as ring master and coupling ring at the same time is not recommended.
ORing Industrial Networking Corp
22
IGS-P9164 Series User Manual
4.2 Open-Ring
4.2.1 Introduction
Open-Ring is a technology developed by ORing to enhance ORing switches’
interoperability with other vendors’ products. With this technology, you can
add any ORing switches to the network based on other ring technologies.
4.2.2 Configurations
Label
Enable Vender 1st Ring Port 2nd Ring Port
Description
Check to enable Open-Ring topology Choose the venders that you want to join in
their rings The first port to connect to the ring The second port to connect
to the ring
ORing Industrial Networking Corp
23
IGS-P9164 Series User Manual
4.3 O-Chain
4.3.1 Introduction
O-Chain is ORing’s revolutionary network redundancy technology which enhances
network redundancy for any backbone networks, providing ease-of-use and
maximum fault-recovery swiftness, flexibility, compatibility, and cost-
effectiveness in a set of network redundancy topologies. The self-healing
Ethernet technology designed for distributed and complex industrial networks
enables the network to recover in less than 30 milliseconds (in full-duplex
Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation)
for up to 250 switches if at any time a segment of the chain fails. O-Chain
allows multiple redundant rings of different redundancy protocols to join and
function together as a large and the most robust network topologies. It can
create multiple redundant networks beyond the limitations of current redundant
ring technologies.
4.3.2 Configurations
O-Chain is very easy to configure and manage. Only one edge port of the edge
switch needs to be defined. Other switches beside them just need to have
O-Chain enabled.
ORing Industrial Networking Corp
24
IGS-P9164 Series User Manual
Label Enable 1st Ring Port 2nd Ring Port Edge Port
Description Check to enable O-Chain function The first port connecting to the ring The second port connecting to the ring An O-Chain topology must begin with edge ports. The ports with a smaller switch MAC address will serve as the backup link and RM LED will light up.
4.4 STP/RSTP/MSTP
4.4.1 STP/RSTP
STP (Spanning Tree Protocol), and its advanced versions RSTP (Rapid Spanning
Tree Protocol) and MSTP (Multiple Spanning Tree Protocol), are designed to
prevent network loops and provide network redundancy. Network loops occur
frequently in large networks as when two or more paths run to the same
destination, broadcast packets may get in to an infinite loop and hence
causing congestion in the network. STP can identify the best path to the
destination, and block all other paths. The blocked links will stay connected
but inactive. When the best path fails, the blocked links will be activated.
Compared to STP which recovers a link in 30 to 50 seconds, RSTP can shorten
the time to 5 to 6 seconds. In other words, RSTP provides faster spanning tree
convergence after a topology changes. The switch supports STP and will auto
detect the connected device running on STP or RSTP protocols.
ORing Industrial Networking Corp
25
RSTP Bridge Setting
IGS-P9164 Series User Manual
Label Protocol Version Bridge Priority (0-61440)
Forwarding Delay Time (4-30)
Max Age Time(6-40)
Description Select Spanning Tree type , support STP / RSTP / MSTP A value used to identify the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. If the value changes, you must reboot the switch. The value must be a multiple of 4096 according to the protocol standard rule The time of a port waits before changing from RSTP learning and listening states to forwarding state. The valid value is between 4 through 30. The number of seconds a bridge waits without receiving Spanning-tree Protocol configuration messages before attempting a reconfiguration. The valid value is between 6 through 40.
ORing Industrial Networking Corp
26
IGS-P9164 Series User Manual
Maximum Hop Count This defines the initial value of remaining Hops for MSTI
information generated at the boundary of an MSTI region. It
defines how many bridges a root bridge can distribute its BPDU
information to. Valid values are in the range 6 to 40 hops.
Transmit Hold Count The number of BPDU’s a bridge port can send per second. When
exceeded, transmission of the next BPDU will be delayed. Valid
values are in the range 1 to 10 BPDU’s per second.
Edge Port BPDU
Control whether a port explicitly configured as Edge will transmit
Filtering
and receive BPDUs.
Edge Port BPDU
Control whether a port explicitly configured as Edge will disable
Guard
itself upon reception of a BPDU. The port will enter the
error-disabled state, and will be removed from the active topology.
Port Error Recovery Control whether a port in the error-disabled state automatically
will be enabled after a certain time. If recovery is not enabled,
ports have to be disabled and re-enabled for normal STP
operation. The condition is also cleared by a system reboot.
Port Error Recovery The time to pass before a port in the error-disabled state can be
Timeout
enabled. Valid values are between 30 and 86400 seconds (24
hours).
NOTE: the calculation of the MAX Age, Hello Time, and Forward Delay Time is as follows: 2 x (Forward Delay Time value 1) > = Max Age value >= 2 x (Hello Time value +1)
The following pages show the information of the root bridge, including its port status.
ORing Industrial Networking Corp
27
IGS-P9164 Series User Manual
Label Port STP Enable Path Cost Auto Path Cost Value
(1-200000000)
Port Priority (0-240)
Admin Edge Auto Edge
Restricted Role
Description Port number User can by port enable / disable STP Function User can setting Path Cost Auto or Specific Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports. Valid values are in the range 1 to 200000000. Decide which port should be blocked by priority in the LAN. The valid value is between 0 and 240, and must be a multiple of 16 Controls whether the operEdge flag should start as set or cleared. (The initial operEdge state when a port is initialized). Controls whether the bridge should enable automatic edge detection on the bridge port. This allows operEdge to be derived from whether BPDU’s are received on the port or not. If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, it can cause lack of spanning tree connectivity. It can be set by a network
ORing Industrial Networking Corp
28
IGS-P9164 Series User Manual
Restrcted -TCN
BPDU Guard Point to Point Apply
administrator to prevent bridges external to a core region of the network influence the spanning tree active topology, possibly because those bridges are not under the full control of the administrator. This feature is also known as Root Guard. If enabled, causes the port not to propagate received topology change notifications and topology changes to other ports. If set it can cause temporary loss of connectivity after changes in a spanning tree’s active topology as a result of persistently incorrect learned station location information. It is set by a network administrator to prevent bridges external to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently. If enabled, causes the port to disable itself upon receiving valid BPDU’s. Contrary to the similar bridge setting, the port Edge status does not effect this setting. Controls whether the port connects to a point-to-point LAN rather than to a shared medium. This can be automatically determined, or forced either true or false. Transition to the forwarding state is faster for point-to-point LANs than for shared media. Click to apply the configurations.
4.4.2 MSTP
Since the recovery time of STP and RSTP takes seconds, which is unacceptable
in industrial applications, MSTP was developed. The technology supports
multiple spanning trees within a network by grouping and mapping multiple
VLANs into different spanning-tree instances, known as MSTIs, to form
individual MST regions. Each switch is assigned to an MST region. Hence, each
MST region consists of one or more MSTP switches with the same VLANs, at least
one MST instance, and the same MST region name. Therefore, switches can use
different paths in the network to effectively balance loads.
ORing Industrial Networking Corp
29
IGS-P9164 Series User Manual
Bridge Settings
This page allows you to examine and change the configurations of current MSTI
ports. A MSTI port is a virtual port, which is instantiated separately for
each active CIST (physical) port for each MSTI instance configured and
applicable for the port. The MSTI instance must be selected before MSTI port
configuration options are displayed.
ORing Industrial Networking Corp
30
IGS-P9164 Series User Manual
Label
Description
MSTP Enable
Enables or disables MSTP function.
Force Version
Forces a VLAN bridge that supports RSTP to operate in an
STP-compatible manner.
Configuration Name The name which identifies the VLAN to MSTI mapping. Bridges
must share the name and revision (see below), as well as the
VLAN-to-MSTI mapping configurations in order to share spanning
trees for MSTIs (intra-region). The name should not exceed 32
characters.
Revision
Level Revision of the MSTI configuration named above. This must be
(0-65535)
an integer between 0 and 65535.
Priority (0-61440)
A value used to identify the root bridge. The bridge with the lowest
value has the highest priority and is selected as the root. If the
value changes, you must reboot the switch. The value must be a
multiple of 4096 according to the protocol standard rule.
Max Age Time(6-40) The number of seconds a bridge waits without receiving
Spanning-tree Protocol configuration messages before
attempting a reconfiguration. The valid value is between 6
through 40.
Hello Time (1-10)
The time interval a switch sends out the BPDU packet to check
RSTP current status. The time is measured in seconds and the
ORing Industrial Networking Corp
31
IGS-P9164 Series User Manual
valid value is between 1 through 10.
Forwarding Delay The time of a port waits before changing from RSTP learning and
Time (4-30)
listening states to forwarding state. The valid value is between 4
through 30.
Max Hops (1-40)
An additional parameter for those specified for RSTP. A single
value applies to all STP within an MST region (the CIST and all
MSTIs) for which the bridge is the regional root.
Apply
Click to apply the configurations.
Bridge Port
Label
Description
Port No.
The number of port you want to configure
Priority (0-240)
Decide which port should be blocked by priority in the LAN. The
valid value is between 0 and 240, and must be a multiple of 16.
Path
Cost The path cost incurred by the port. The path cost is used when
(1-200000000)
establishing an active topology for the network. Lower path cost
ports are chosen as forwarding ports in favor of higher path cost
ports. The range of valid values is 1 to 200000000.
Admin P2P
Configures whether the port connects to a point-to-point LAN
rather than a shared medium. This can be configured
automatically or set to true or false manually. True means P2P
enabling. False means P2P disabling. Transiting to forwarding
state is faster for point-to-point LANs than for shared media.
Admin Edge
Specify whether this port is an edge port or a non-edge port. An
edge port is not connected to any other bridge. Only edge ports
and point-to-point links can rapidly transition to forwarding state.
To configure the port as an edge port, set the port to True.
ORing Industrial Networking Corp
32
IGS-P9164 Series User Manual
Admin Non STP Apply
The port includes the STP mathematic calculation. True is not including STP mathematic calculation, false is including the STP mathematic calculation. Click to apply the configurations.
Instance Setting
This page allows you to change the configurations of current MSTI bridge
instance.
Label Instance State VLANs
Priority (0-61440)
Apply
Description Set the instance from 1 to 15 Enables or disables the instance The VLAN which is mapped to the MSTI. A VLAN can only be mapped to one MSTI. An unused MSTI will be left empty (ex. without any mapped VLANs). A value used to identify the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. If the value changes, you must reboot the switch. The value must be a multiple of 4096 according to the protocol standard Click to apply the configurations.
Port Priority
This page allows you to change the configurations of current MSTI bridge
instance priority.
ORing Industrial Networking Corp
33
IGS-P9164 Series User Manual
Label
Description
Instance
The bridge instance. CIST is the default instance, which is always active.
Port
The port number which you want to configure.
Priority (0-240)
Decides the priority of ports to be blocked in the LAN. The valid value is between 0 and 240, and must be a multiple of 16
The path cost incurred by the port. The path cost is used when
Path
Cost establishing an active topology for the network. Lower path cost
(1-200000000)
ports are chosen as forwarding ports in favor of higher path cost
ports. The range of valid values is 1 to 200000000.
Apply
Click to apply the configurations.
4.5 Fast Recovery
Fast recovery mode can be set to connect multiple ports to one or more
switches, thereby providing redundant links. Fast recovery mode supports 5
priorities. Only the first priority will be the active port, and the other
ports with different priorities will be backup ports.
ORing Industrial Networking Corp
34
IGS-P9164 Series User Manual
Label Active Port.01 – 05
Apply
Description Activate fast recovery mode Ports can be set to 5 priorities. Only the port with the highest priority will be the active port. 1st Priority is the highest. Click to activate the configurations.
ORing Industrial Networking Corp
35
IGS-P9164 Series User Manual
Management
The switch can be controlled via a built-in web server which supports Internet
Explorer (Internet Explorer 5.0 or above versions) and other Web browsers such
as Chrome. Therefore, you can manage and configure the switch easily and
remotely. You can also upgrade firmware via a Web browser. The Web management
function not only reduces network bandwidth consumption, but also enhances
access speed and provides a user-friendly viewing screen.
Note: By default, IE5.0 or later version do not allow Java applets to open
sockets. You need to modify the browser setting separately in order to enable
Java applets for network ports.
Management via Web Browser
Follow the steps below to manage your switch via a Web browser
System Login
1. Launch an Internet Explorer. 2. Type http:// and the IP address of the
switch. Press Enter.
3. A login screen appears. 4. Type in the username and password. The default
username and password is
admin. 5. Press Enter or click OK, the management page appears.
Note: you can use the following default values: IP Address: 192.168.10.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.10.254
ORing Industrial Networking Corp
36
IGS-P9164 Series User Manual
User Name: admin Password: admin After logging in, you will see the
information of the switch as below.
On the right hand side of the management interface shows links to various
settings. Clicking on the links will bring you to individual configuration
pages.
5.1 Basic Settings
The Basic Settings page allows you to configure the basic functions of the
switch.
5.1.1 System Information
This page shows the general information of the switch.
Label System Name
Description An administratively assigned name for the managed node. By convention, this is the node’s fully-qualified domain name. A domain name is a text string consisting of alphabets (A-Z, a-z),
ORing Industrial Networking Corp
37
IGS-P9164 Series User Manual
System Description System Location
System Contact Save Reset
digits (0-9), and minus sign (-). Space is not allowed to be part of the name. The first character must be an alpha character. And the first or last character must not be a minus sign. The allowed string length is 0 to 255. Description of the device The physical location of the node (e.g., telephone closet, 3rd floor). The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed. The textual identification of the contact person for this managed node, together with information on how to contact this person. The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed. Click to save changes. Click to undo any changes made locally and revert to previously saved values.
5.1.2 Admin & Password
This page allows you to configure the system password required to access the
web pages or log in from CLI.
Label Old Password
New Password
Confirm New Password Save
Description The existing password. If this is incorrect, you cannot set the new password. The new system password. The allowed string length is 0 to 31, and only ASCII characters from 32 to 126 are allowed. Re-type the new password. Click to save changes.
ORing Industrial Networking Corp
38
IGS-P9164 Series User Manual
5.1.3 Authentication
This page allows you to configure how a user is authenticated when he/she logs
into the switch via one of the management interfaces.
Label Client Authentication Method
Fallback
Save Reset
Description The management client for which the configuration below applies. Authentication Method can be set to one of the following values: None: authentication is disabled and login is not possible. Local: local user database on the switch is used for authentication. Radius: a remote RADIUS server is used for authentication. Check to enable fallback to local authentication. If none of the configured authentication servers are active, the local user database is used for authentication. This is only possible if Authentication Method is set to a value other than none or local. Click to save changes Click to undo any changes made locally and revert to previously saved values
5.1.4 IP Settings
You can configure IP information of the switch in this page.
ORing Industrial Networking Corp
39
IGS-P9164 Series User Manual
Label DHCP Client
IP Address
IP Mask IP Router VLAN ID DNS Server Save Reset
Description Enable the DHCP client by checking this box. If DHCP fails or the
configured IP address is zero, DHCP will retry. If DHCP retry fails, DHCP will
stop trying and the configured IP settings will be used.
Assigns the IP address of the network in use. If DHCP client function is
enabled, you do not need to assign the IP address. The network DHCP server
will assign an IP address to the switch and it will be displayed in this
column. The default IP is 192.168.10.1. Assigns the subnet mask of the IP
address. If DHCP client function is enabled, you do not need to assign the
subnet mask.
Assigns the network gateway for the switch. The default gateway is
192.168.10.254. Provides the managed VLAN ID. The allowed range is 1 through
4095. Enter the IP address of the DNS server in dotted decimal notation. Click
to save changes Click to undo any changes made locally and revert to
previously saved values
5.1.5 IPv6 Settings
IPv6 is the next-generation IP that uses a 128-bit address standard. It is
developed to supplement, and eventually replace the IPv4 protocol. You can
configure IPv6 information of the switch on the following page.
Label
Auto Configuration
Address
Description Check to enable IPv6 auto-configuration. If the system cannot obtain the stateless address in time, the configured IPv6 settings will be used. The router may delay responding to a router solicitation for a few seconds; therefore, the total time needed to complete auto-configuration may be much longer. Specify an IPv6 address for the switch. IPv6 address consists of 128 bits
ORing Industrial Networking Corp
40
IGS-P9164 Series User Manual
Prefix
Router
Save Reset
represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in ‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, ‘::192.1.2.34’. Specify an IPv6 prefix for the switch. The allowed range is 1 to 128. Specify an IPv6 address for the switch. IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in ‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, ‘::192.1.2.34’. Click to save changes Click to undo any changes made locally and revert to previously saved values
5.1.6 Daylight Saving Time
Time Zone Configuration
Label Time Zone
Acronym
Description Lists various time zones worldwide. Select an appropriate time zone from the drop down and click Save. User can set the acronym of the time zone. This is a User configurable acronym to identify the time zone. ( Range : Up to 16 alpha-numeric characters and can contain ‘-‘, ‘_’ or ‘.’)
Daylight Saving Time Configuration
ORing Industrial Networking Corp
41
IGS-P9164 Series User Manual
Label
Description
This is used to set the clock forward or backward according to the
configurations set below for a defined Daylight Saving Time
duration. Select ‘Disable’ to disable the Daylight Saving Time
Daylight Saving Time configuration. Select ‘Recurring’ and configure the Daylight
Saving Time duration to repeat the configuration every year.
Select ‘Non-Recurring’ and configure the Daylight Saving Time
duration for single time configuration. ( Default : Disabled )
Start Time Settings
Label Week Day Month Hours Minutes
Description Select the starting week number. Select the starting day. Select the starting month. Select the starting hour. Select the starting minute.
End Time Settings
Week Day
Label
Description Select the ending week number. Select the ending day.
ORing Industrial Networking Corp
42
Month Hours Minutes
Offset Settings
Select the ending month. Select the ending hour. Select the ending minute.
IGS-P9164 Series User Manual
Label Week
Description ter the number of minutes to add during Daylight Saving Time. ( Range: 1 to 1440 )
5.1.7 HTTPS
You can configure the HTTPS mode in the following page.
Label Mode Save Reset
Description Indicates the selected HTTPS mode. When the current connection is HTTPS, disabling HTTPS will automatically redirect web browser to an HTTP connection. The modes include: Enabled: enable HTTPS. Disabled: disable HTTPS. Click to save changes Click to undo any changes made locally and revert to previously saved values
5.1.8 SSH
SSH (Secure Shell) is a cryptographic network protocol intended for secure
data transmission and remote access by creating a secure channel between two
networked PCs. You can configure the SSH mode in the following page.
ORing Industrial Networking Corp
43
IGS-P9164 Series User Manual
Label Mode Save Reset
Description Indicates the selected SSH mode. The modes include: Enabled: enable SSH. Disabled: disable SSH. Click to save changes Click to undo any changes made locally and revert to previously saved values
5.1.9 LLDP
LLDP Configurations
LLDP (Link Layer Discovery Protocol) provides a method for networked devices
to receive and/or transmit their information to other connected devices on the
network that are also using the protocols, and to store the information that
is learned about other devices. This page allows you to examine and configure
current LLDP port settings.
Label Port
Mode
Description The switch port number to which the following settings will be applied. Indicates the selected LLDP mode Rx only: the switch will not send out LLDP information, but LLDP information from its neighbors will be analyzed. Tx only: the switch will drop LLDP information received from its neighbors,
ORing Industrial Networking Corp
44
IGS-P9164 Series User Manual
but will send out LLDP information. Disabled: the switch will not send out
LLDP information, and will drop LLDP information received from its neighbors.
Enabled: the switch will send out LLDP information, and will analyze LLDP
information received from its neighbors.
LLDP Neighbor Information
This page provides a status overview for all LLDP neighbors. The following
table contains information for each port on which an LLDP neighbor is
detected. The columns include the following information:
Label Local Port Chassis ID Remote Port ID System Name Port Description
System Capabilities
Management Address Refresh Auto-refresh
Description The port that you use to transmits and receives LLDP frames. The identification number of the neighbor sending out the LLDP frames. The identification of the neighbor port The name advertised by the neighbor. The description of the port advertised by the neighbor. Description of the neighbor’s capabilities. The capabilities include: 1. Other 2. Repeater 3. Bridge 4. WLAN Access Point 5. Router 6. Telephone 7. DOCSIS Cable Device 8. Station Only 9. Reserved When a capability is enabled, a (+) will be displayed. If the capability is disabled, a (-) will be displayed. The neighbor’s address which can be used to help network management. This may contain the neighbor’s IP address. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals
ORing Industrial Networking Corp
45
IGS-P9164 Series User Manual
Port Statistics
This page provides an overview of all LLDP traffic. Two types of counters are
shown. Global counters will apply settings to the whole switch stack, while
local counters will apply settings to specified switches.
Global Counters
Label Neighbor entries were last changed at Total Neighbors Entries Added
Total Neighbors Entries Deleted Total Neighbors Entries Dropped Total
Neighbors Entries Aged Out
Description Shows the time when the last entry was deleted or added. Shows the number of new entries added since switch reboot Shows the number of new entries deleted since switch reboot Shows the number of LLDP frames dropped due to full entry table Shows the number of entries deleted due to expired time-to-live
Local Counters
Label Local Port Tx Frames Rx Frames Rx Errors
Frames Discarded
Description The port that receives or transmits LLDP frames The number of LLDP frames transmitted on the port The number of LLDP frames received on the port The number of received LLDP frames containing errors If a port receives an LLDP frame, and the switch’s internal table is full, the LLDP frame will be counted and discarded. This situation is
ORing Industrial Networking Corp
46
IGS-P9164 Series User Manual
TLVs Discarded TLVs Unrecognized Org. Discarded
Age-Outs
Refresh Clear Auto-refresh
known as “too many neighbors” in the LLDP standard. LLDP frames require a new entry in the table if Chassis ID or Remote Port ID is not included in the table. Entries are removed from the table when a given port links down, an LLDP shutdown frame is received, or when the entry ages out. Each LLDP frame can contain multiple pieces of information, known as TLVs (Type Length Value). If a TLV is malformed, it will be counted and discarded. The number of well- formed TLVs, but with an unknown type value The number of organizationally TLVs received Each LLDP frame contains information about how long the LLDP information is valid (age-out time). If no new LLDP frame is received during the age-out time, the LLDP information will be removed, and the value of the age-out counter will be incremented. Click to refresh the page immediately Click to clear the local counters. All counters (including global counters) are cleared upon reboot. Check to enable an automatic refresh of the page at regular intervals
5.1.10 NTP
Network Time Protocol (NTP) is a networking protocol for clock synchronization
between computer systems over packet-switched, variable-latency data networks.
ORing Industrial Networking Corp
47
Label Mode Server Date/ Time
IGS-P9164 Series User Manual
Description Enabled: enable NTP Disabled: disable NTP Input Server IP Address.
If NTP synchronization completed , this field will show Date /Time Info.
5.1.11 Modbus TCP
Modbus TCP uses TCP/IP and Ethernet to carry the data of the Modbus message
structure between compatible devices. The protocol is commonly used in SCADA
systems for communications between a human-machine interface (HMI) and
programmable logic controllers. This page enables you to enable and disable
Modbus TCP support of the switch.
Label Mode
Description Shows the existing status of the Modbus TCP function
5.1.12 Backup/Restore Configurations
You can save/view or load switch configurations. The configuration file is in
XML format.
5.1.13 Firmware Update
This page allows you to update the firmware of the switch.
ORing Industrial Networking Corp
48
IGS-P9164 Series User Manual
5.2 DHCP Server
The switch provides DHCP server functions. By enabling DHCP, the switch will
become a DHCP server and dynamically assigns IP addresses and related IP
information to network clients.
5.2.1 Basic Settings
This page allows you to set up DHCP settings for the switch. You can check the
Enabled checkbox to activate the function. Once the box is checked, you will
be able to input information in each column.
5.2.2 Dynamic Client List
When DHCP server functions are activated, the switch will collect DHCP client
information and display in the following table.
5.2.3 Client List
You can assign a specific IP address within the dynamic IP range to a specific
port. When a
ORing Industrial Networking Corp
49
IGS-P9164 Series User Manual device is connected to the port and requests for
dynamic IP assigning, the switch will assign the IP address that has
previously been assigned to the connected device.
5.2.4 Port and IP Binding
As below screenshot , the function allow user by setting IP Address value ,
DHCP Server will follow this IP address ,assign IP to DHCP Client device .
5.2.5 Relay Agent
DHCP relay is used to forward and transfer DHCP messages between the clients
and the server when they are not in the same subnet domain. You can configure
the function in this page.
ORing Industrial Networking Corp
50
IGS-P9164 Series User Manual
Label Relay Mode
Relay Server Relay Information Mode
Description Indicates the existing DHCP relay mode. The modes include: Enabled: activate DHCP relay. When DHCP relay is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations. Disabled: disable DHCP relay Indicates the DHCP relay server IP address. A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. Indicates the existing DHCP relay information mode. The format of DHCP option 82 circuit ID format is “[vlan_id][module_id][port_no]”. The first four characters represent the VLAN ID, and the fifth and sixth characters are the module ID. In stand-alone devices, the module ID always equals to 0; in stacked devices, it means switch ID. The last two characters are the port number. For example, “00030108” means the DHCP message received form VLAN ID 3, switch ID 1, and port No. 8. The option 82 remote ID value equals to the switch MAC address. The modes include: Enabled: activate DHCP relay information. When DHCP relay information is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client. It only works when DHCP relay mode is enabled.
ORing Industrial Networking Corp
51
IGS-P9164 Series User Manual
Relay Information Policy
Disabled: disable DHCP relay information Indicates the policies to be enforced when receiving DHCP relay information. When DHCP relay information mode is enabled, if the agent receives a DHCP message that already contains relay agent information, it will enforce the policy. The Replace option is invalid when relay information mode is disabled. The policies includes: Replace: replace the original relay information when a DHCP message containing the information is received. Keep: keep the original relay information when a DHCP message containing the information is received. Drop: drop the package when a DHCP message containing the information is received.
The relay statistics shows the information of relayed packet of the switch.
Label Transmit to Sever Transmit Error Receive from Server Receive Missing
Agent Option Receive Missing Circuit ID Receive Missing Remote ID Receive Bad
Circuit ID
Receive Bad Remote ID
Description The number of packets relayed from the client to the server The
number of packets with errors when being sent to clients The number of packets
received from the server The number of packets received without agent
information
The number of packets received with Circuit ID
The number of packets received with the Remote ID option missing. The number
of packets whose Circuit ID do not match the known circuit ID The number of
packets whose Remote ID do not match the known Remote ID
ORing Industrial Networking Corp
52
IGS-P9164 Series User Manual
Label Transmit to Client Transmit Error Receive from Client Receive Agent
Option
Replace Agent Option
Keep Agent Option
Drop Agent Option
Description The number of packets relayed from the server to the client The number of packets with errors when being sent to servers The number of packets received from the server The number of received packets containing relay agent information The number of packets replaced when received messages contain relay agent information. The number of packets whose relay agent information is retained The number of packets dropped when received messages contain relay agent information.
5.3 Port Setting
Port Setting allows you to manage individual ports of the switch, including traffic, power, and trunks.
5.3.1 Port Control
This page shows current port configurations. Ports can also be configured
here.
ORing Industrial Networking Corp
53
IGS-P9164 Series User Manual
Label Port Link Current Link Speed Configured Link Speed
Flow Control
Maximum Frame
Power Control
Total Power Usage Save Reset Refresh
Description The switch port number to which the following settings will be applied. The current link state is shown by different colors. Green indicates the link is up and red means the link is down. Indicates the current link speed of the port The drop-down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link partner Disabled disables switch port configuration <> configures all ports When Auto is selected for the speed, the flow control will be negotiated to the capacity advertised by the link partner. When a fixed-speed setting is selected, that is what is used. Current Rx indicates whether pause frames on the port are obeyed, and Current Tx indicates whether pause frames on the port are transmitted. The Rx and Tx settings are determined by the result of the last auto-negotiation. You can check the Configured column to use flow control. This setting is related to the setting of Configured Link Speed. You can enter the maximum frame size allowed for the switch port in this column, including FCS. The allowed range is 1518 bytes to 9600 bytes. Shows the current power consumption of each port in percentage. The Configured column allows you to change power saving parameters for each port. Disabled: all power savings functions are disabled ActiPHY: link down and power savings enabled PerfectReach: link up and power savings enabled Enabled: both link up and link down power savings enabled Total power consumption of the board, measured in percentage Click to save changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page. Any changes made locally will be undone.
ORing Industrial Networking Corp
54
IGS-P9164 Series User Manual
5.3.2 Port Alias
This page provides alias IP address configuration. Some devices might have
more than one IP addresses. You could specify other IP addresses here.
5.3.3 Port Trunk
A port trunk is a group of ports that have been grouped together to function
as one logical path. This method provides an economical way for you to
increase the bandwidth between the switch and another networking device. In
addition, it is useful when a single physical link between the devices is
insufficient to handle the traffic load. This page allows you to configure the
aggregation hash mode and the aggregation group.
Label
Description
Source MAC Address Calculates the destination port of the frame. You can check this
box to enable the source MAC address, or uncheck to disable. By
default, Source MAC Address is enabled.
Destination MAC
Calculates the destination port of the frame. You can check this
Address
box to enable the destination MAC address, or uncheck to
disable. By default, Destination MAC Address is disabled.
IP Address
Calculates the destination port of the frame. You can check this
box to enable the IP address, or uncheck to disable. By default, IP
Address is enabled.
ORing Industrial Networking Corp
55
TCP/UDP Port Number
IGS-P9164 Series User Manual
Calculates the destination port of the frame. You can check this box to enable
the TCP/UDP port number, or uncheck to disable. By default, TCP/UDP Port
Number is enabled.
Label Group ID
Port Members
Description Indicates the ID of each aggregation group. Normal means no aggregation. Only one group ID is valid per port. Lists each switch port for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group.
5.3.4 LACP
LACP (Link Aggregation Control Protocol) trunks are similar to static port
trunks, but they are more flexible because LACP is compliant with the IEEE
802.3ad standard. Hence, it is interoperable with equipment from other vendors
that also comply with the standard. This page allows you to enable LACP
functions to group ports together to form single virtual links and change
associated settings, thereby increasing the bandwidth between the switch and
other LACP-compatible devices.
ORing Industrial Networking Corp
56
IGS-P9164 Series User Manual
Label Port LACP Enabled
Key
Role Save Reset
Description Indicates the ID of each aggregation group. Normal indicates there is no aggregation. Only one group ID is valid per port. Lists each switch port for each group ID. Check to include a port in an aggregation, or clear the box to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group. The Key value varies with the port, ranging from 1 to 65535. Auto will set the key according to the physical link speed (10Mb = 1, 100Mb = 2, 1Gb = 3). Specific allows you to enter a user-defined value. Ports with the same key value can join in the same aggregation group, while ports with different keys cannot. Indicates LACP activity status. Active will transmit LACP packets every second, while Passive will wait for a LACP packet from a partner (speak if spoken to). Click to save changes Click to undo changes made locally and revert to previous values
LACP System Status
This page provides a status overview for all LACP instances.
ORing Industrial Networking Corp
57
IGS-P9164 Series User Manual
Label Aggr ID
Partner System ID Partner Key Last Changed Last Changed
Refresh Auto-refresh
Description The aggregation ID is associated with the aggregation instance. For LLAG, the ID is shown as ‘isid:aggr-id’ and for GLAGs as ‘aggr-id’ System ID (MAC address) of the aggregation partner The key assigned by the partner to the aggregation ID The time since this aggregation changed. Indicates which ports belong to the aggregation of the switch/stack. The format is: “Switch ID:Port”. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals
LACP Status
This page provides an overview of the LACP status for all ports.
Label Port LACP
Description Switch port number Yes means LACP is enabled and the port link is up. No means LACP is not enabled or the port link is down. Backup means the
ORing Industrial Networking Corp
58
IGS-P9164 Series User Manual
Key
Aggr ID Partner System ID Partner Port Refresh Auto-refresh
port cannot join in the aggregation group unless other ports are removed. The LACP status is disabled. The key assigned to the port. Only ports with the same key can be aggregated The aggregation ID assigned to the aggregation group The partner’s system ID (MAC address) The partner’s port number associated with the port Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals
LACP Statistics
This page provides an overview of the LACP statistics for all ports.
Label Port LACP Transmitted LACP Received Discarded
Refresh Auto-refresh Clear
Description Switch port number The number of LACP frames sent from each port The number of LACP frames received at each port The number of unknown or illegal LACP frames discarded at each port. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals Click to clear the counters for all ports
5.3.5 Loop Gourd
This feature prevents loop attack. When receiving loop packets, the port will
be disabled automatically, preventing the loop attack from affecting other
network devices.
ORing Industrial Networking Corp
59
IGS-P9164 Series User Manual
Label
Enable Loop Protection Transmission Time
Shutdown Time
Description
Activate loop protection functions (as a whole) The interval between each loop
protection PDU sent on each port. The valid value is 1 to 10 seconds. The
period (in seconds) for which a port will be kept disabled when a loop is
detected (shutting down the port). The valid value is 0 to 604800 seconds (7
days). A value of zero will keep a port disabled permanently (until the device
is restarted).
Label
Port Enable Action
Tx Mode
Description
Switch port number Activate loop protection functions (as a whole) Configures
the action to take when a loop is detected. Valid values include Shutdown
Port, Shutdown Port, and Log or Log Only. Controls whether the port is
actively generating loop protection PDUs or only passively look for looped
PDUs.
ORing Industrial Networking Corp
60
IGS-P9164 Series User Manual
5.4 VLAN
5.4.1 VLAN Membership
A VLAN (Virtual LAN) is a logical LAN based on a physical LAN with links that
does not consist of a physical (wired or wireless) connection between two
computing devices but is implemented using methods of network virtualization.
A VLAN can be created by partitioning a physical LAN into multiple logical
LANs using a VLAN ID. You can assign switch ports to a VLAN and add new VLANs
in this page.
Label Delete VLAN ID MAC Address Port Members
Add New VLAN
Description Check to delete the entry. It will be deleted during the next save. The VLAN ID for the entry The MAC address for the entry Checkmarks indicate which ports are members of the entry. Check or uncheck as needed to modify the entry Click to add a new VLAN ID. An empty row is added to the table, and the VLAN can be configured as needed. Valid values for a VLAN ID are 1 through 4095. After clicking Save, the new VLAN will be enabled on the selected switch stack but contains no port members. A VLAN without any port members on any stack will be deleted when you click Save. Click Delete to undo the addition of new VLANs.
5.4.2 Port Configurations
This page allows you to set up VLAN ports individually.
ORing Industrial Networking Corp
61
IGS-P9164 Series User Manual
Label Ethertype for customer S-Ports Port
Port type
Ingress Filtering
Frame Type
Port VLAN
Description
This field specifies the Ether type used for custom S-ports. This is a global
setting for all custom S-ports.
The switch port number to which the following settings will be applied. Port
can be one of the following types: Unaware, Customer (C-port), Service
(S-port), Custom Service (S-custom-port). If port type is Unaware, all frames
are classified to the port VLAN ID and tags are not removed. Enable ingress
filtering on a port by checking the box. This parameter affects VLAN ingress
processing. If ingress filtering is enabled and the ingress port is not a
member of the classified VLAN of the frame, the frame will be discarded. By
default, ingress filtering is disabled (no check mark). Determines whether the
port accepts all frames or only tagged/untagged frames. This parameter affects
VLAN ingress processing. If the port only accepts tagged frames, untagged
frames received on the port will be discarded. By default, the field is set to
All. The allowed values are None or Specific. This parameter affects VLAN
ORing Industrial Networking Corp
62
IGS-P9164 Series User Manual
Mode
Port VLAN ID Tx Tag
ingress and egress processing. If None is selected, a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN-aware switches. Tx tag should be set to Untag_pvid when this mode is used. If Specific (the default value) is selected, a port VLAN ID can be configured (see below). Untagged frames received on the port are classified to the port VLAN ID. If VLAN awareness is disabled, all frames received on the port are classified to the port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID, a VLAN tag with the classified VLAN ID will be inserted in the frame. Configures the VLAN identifier for the port. The allowed range of the values is 1 through 4095. The default value is 1. Note: The port must be a member of the same VLAN as the port VLAN ID. Determines egress tagging of a port. Untag_pvid: all VLANs except the configured PVID will be tagged. Tag_all: all VLANs are tagged. Untag_all: all VLANs are untagged.
Introduction of Port Types
Below is a detailed description of each port type, including Unaware, C-port, S-port, and
S-custom-port.
Ingress action
Egress action
Unaware
When the port receives untagged frames, The TPID of a frame
The function of
an untagged frame obtains a tag (based transmitted by
Unaware can be
on PVID) and is forwarded.
Unaware port will be
used for 802.1QinQ When the port receives tagged frames: set to 0x8100.
(double tag).
1. If the tagged frame contains a TPID of The final status of the
0x8100, it will become a double-tag frame frame after egressing
and will be forwarded.
will also be affected
2. If the TPID of tagged frame is not by the Egress Rule.
0x8100 (ex. 0x88A8), it will be discarded.
C-port
When the port receives untagged frames, The TPID of a frame
an untagged frame obtains a tag (based transmitted by C-port
on PVID) and is forwarded.
will be set to 0x8100.
When the port receives tagged frames:
1. If the tagged frame contains a TPID of
0x8100, it will be forwarded.
ORing Industrial Networking Corp
63
S-port S-custom-port
IGS-P9164 Series User Manual
2. If the TPID of tagged frame is not
0x8100 (ex. 0x88A8), it will be discarded.
When the port receives untagged frames, The TPID of a frame
an untagged frame obtains a tag (based transmitted by S-port
on PVID) and is forwarded.
will be set to 0x88A8.
When the port receives tagged frames:
1. If the tagged frame contains a TPID of
0x8100, it will be forwarded.
2. If the TPID of tagged frame is not
0x88A8 (ex. 0x8100), it will be discarded.
When the port receives untagged frames, The TPID of a frame
an untagged frame obtains a tag (based transmitted by
on PVID) and is forwarded.
S-custom-port will be
When the port receives tagged frames: set to a
1. If the tagged frame contains a TPID of self-customized
0x8100, it will be forwarded.
value, which can be
2. If the TPID of tagged frame is not set by the user via
0x88A8 (ex. 0x8100), it will be discarded. Ethertype for
Custom S-ports.
ORing Industrial Networking Corp
64
IGS-P9164 Series User Manual
ORing Industrial Networking Corp
65
IGS-P9164 Series User Manual
Examples of VLAN Settings
VLAN Access Mode:
Switch A, Port 7 is VLAN Access mode = Untagged 20 Port 8 is VLAN Access mode
= Untagged 10
Below are the switch settings.
ORing Industrial Networking Corp
66
IGS-P9164 Series User Manual
VLAN 1Q Trunk Mode:
Switch B, Port 1 = VLAN 1Qtrunk mode = tagged 10, 20 Port 2 = VLAN 1Qtrunk
mode = tagged 10, 20
Below are the switch settings.
ORing Industrial Networking Corp
67
IGS-P9164 Series User Manual
VLAN Hybrid Mode: Port 1 VLAN Hybrid mode = untagged 10
Tagged 10, 20
Below are the switch settings.
ORing Industrial Networking Corp
68
IGS-P9164 Series User Manual
VLAN QinQ Mode:
VLAN QinQ mode is usually adopted when there are unknown VLANs, as shown in
the figure
below.
VLAN “X” = Unknown VLAN
9000 Series Port 1 VLAN Settings:
ORing Industrial Networking Corp
69
IGS-P9164 Series User Manual
VLAN ID Settings
When setting the management VLAN, only the same VLAN ID port can be used to
control the switch.
9000ies VLAN Settings:
ORing Industrial Networking Corp
70
IGS-P9164 Series User Manual
5.4.3 Private VLAN
A private VLAN contains switch ports that can only communicate with a given
“uplink”. The restricted ports are called private ports. Each private VLAN
typically contains many private ports and a single uplink. The switch forwards
all frames received on a private port out the uplink port, regardless of VLAN
ID or destination MAC address. A port must be a member of both a VLAN and a
private VLAN to be able to forward packets. This page allows you to configure
private VLAN memberships for the switch. By default, all ports are VLAN
unaware and members of VLAN 1 and private VLAN 1.
Label Delete Private VLAN ID MAC Address
Port Members
Adding a New Static Entry
Description Check to delete the entry. It will be deleted during the next save. Indicates the ID of this particular private VLAN. The MAC address for the entry. A row of check boxes for each port is displayed for each private VLAN ID. You can check the box to include a port in a private VLAN. To remove or exclude the port from the private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked. Click Add new Private VLAN to add a new private VLAN ID. An empty row is added to the table, and the private VLAN can be configured as needed. The allowed range for a private VLAN ID is the same as the switch port number range. Any values outside this range are not accepted, and a warning message appears. Click OK to discard the incorrect entry, or click Cancel to return to the editing and make a correction. The private VLAN is enabled when you click Save. The Delete button can be used to undo the addition of new private VLANs.
ORing Industrial Networking Corp
71
IGS-P9164 Series User Manual
A private VLAN is defined as a pairing of a primary VLAN with a secondary
VLAN. A promiscuous port is a port that can communicate with all other private
VLAN port types via the primary VLAN and any associated secondary VLANs,
whereas isolated ports can communicate only with a promiscuous port.
Label Port Members
Description A check box is provided for each port of a private VLAN. When checked, port isolation is enabled for that port. When unchecked, port isolation is disabled for that port. By default, port isolation is disabled for all ports.
5.5 SNMP
SNMP (Simple Network Management Protocol) is a protocol for managing devices
on IP networks. It is mainly used network management systems to monitor the
operational status of networked devices. In an event-triggered situation,
traps and notifications will be sent to administrators.
5.5.1 SNMP System Configurations
ORing Industrial Networking Corp
72
IGS-P9164 Series User Manual
Label Mode Version Read Community
Write Community Engine ID
Description Indicates existing SNMP mode. Possible modes include: Enabled: enable SNMP mode Disabled: disable SNMP mode Indicates the supported SNMP version. Possible versions include: SNMP v1: supports SNMP version 1. SNMP v2c: supports SNMP version 2c. SNMP v3: supports SNMP version 3. Indicates the read community string to permit access to SNMP agent. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed. The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table. Indicates the write community string to permit access to SNMP agent. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed. The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table. Indicates the SNMPv3 engine ID. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-‘F’s are not allowed. Change of the Engine ID will clear all original local users.
ORing Industrial Networking Corp
73
IGS-P9164 Series User Manual
Label Trap Mode
Trap Version
Trap Community Trap Destination Address
Trap Destination IPv6 Address
Trap Authentication Failure
Trap Link-up and Link-down
Trap Inform Mode Trap Inform Timeout(seconds) Trap Inform Retry Times
Description Indicates existing SNMP trap mode. Possible modes include:
Enabled: enable SNMP trap mode Disabled: disable SNMP trap mode Indicates the
supported SNMP trap version. Possible versions include: SNMP v1: supports SNMP
trap version 1 SNMP v2c: supports SNMP trap version 2c SNMP v3: supports SNMP
trap version 3 Indicates the community access string when sending SNMP trap
packets. The allowed string length is 0 to 255, and only ASCII characters from
33 to 126 are allowed. Indicates the SNMP trap destination address
Provides the trap destination IPv6 address of this switch. IPv6 address
consists of 128 bits represented as eight groups of four hexadecimal digits
with a colon separating each field (:). For example, in
‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be
used as a shorthand way of representing multiple 16-bit groups of contiguous
zeros; but it can only appear once. It also uses a following legally IPv4
address. For example, ‘::192.1.2.34’. Indicates the SNMP entity is permitted
to generate authentication failure traps. Possible modes include: Enabled:
enable SNMP trap authentication failure Disabled: disable SNMP trap
authentication failure Indicates the SNMP trap link-up and link-down mode.
Possible modes include: Enabled: enable SNMP trap link-up and link-down mode
Disabled: disable SNMP trap link-up and link-down mode Indicates the SNMP trap
inform mode. Possible modes include: Enabled: enable SNMP trap inform mode
Disabled: disable SNMP trap inform mode Configures the SNMP trap inform
timeout. The allowed range is 0 to 2147. Configures the retry times for SNMP
trap inform. The allowed range is 0 to 255.
ORing Industrial Networking Corp
74
IGS-P9164 Series User Manual
5.5.2 SNMP Community Configurations
You can define access to the SNMP data on your devices by creating one or more
SNMP communities. An SNMP community is the group that devices and management
stations running SNMP belong to. It helps define where information is sent. A
SNMP device or agent may belong to more than one SNMP community. It will not
respond to requests from management stations that do not belong to one of its
communities. This page allows you to configure SNMPv3 community table. The
entry index key is Community.
Label Delete
Community
Source IP Source Mask
Description Check to delete the entry. It will be deleted during the next save. Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the SNMP source address Indicates the SNMP source address mask
5.5.3 SNMP User Configurations
Each SNMP user has a specified username, a group to which the user belongs,
authentication password, authentication protocol, privacy protocol, and
privacy password. When you create a user, you must associate it with an SNMP
group. The user then inherits the security model of the group. This page
allows you to configure the SNMPv3 user table. The entry index keys are Engine
ID and User Name.
Label Delete
Description Check to delete the entry. It will be deleted during the next save.
ORing Industrial Networking Corp
75
IGS-P9164 Series User Manual
Engine ID
User Name Security Level
Authentication Protocol Authentication Password
An octet string identifying the engine ID that this entry should belong to. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-‘F’s are not allowed. The SNMPv3 architecture uses User- based Security Model (USM) for message security and View-based Access Control Model (VACM) for access control. For the USM entry, the usmUserEngineID and usmUserName are the entry keys. In a simple agent, usmUserEngineID is always that agent’s own snmpEngineID value. The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate. In other words, if user engine ID is the same as system engine ID, then it is local user; otherwise it’s remote user. A string identifying the user name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the security model that this entry should belong to. Possible security models include: NoAuth, NoPriv: no authentication and none privacy Auth, NoPriv: Authentication and no privacy Auth, Priv: Authentication and privacy The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation. Indicates the authentication protocol that this entry should belong to. Possible authentication protocols include: None: no authentication protocol MD5: an optional flag to indicate that this user is using MD5 authentication protocol SHA: an optional flag to indicate that this user is using SHA authentication protocol The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation. A string identifying the authentication pass phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. Only ASCII characters from 33 to 126 are allowed.
ORing Industrial Networking Corp
76
IGS-P9164 Series User Manual
Privacy Protocol Privacy Password
Indicates the privacy protocol that this entry should belong to. Possible privacy protocols include: None: no privacy protocol DES: an optional flag to indicate that this user is using DES authentication protocol A string identifying the privacy pass phrase. The allowed string length is 8 to 32, and only ASCII characters from 33 to 126 are allowed.
5.5.4 SNMP Group Configurations
An SNMP group is an access control policy for you to add users. Each SNMP
group is configured with a security model, and is associated with an SNMP
view. A user within an SNMP group should match the security model of the SNMP
group. These parameters specify what type of authentication and privacy a user
within an SNMP group uses. Each SNMP group name and security model pair must
be unique. This page allows you to configure the SNMPv3 group table. The entry
index keys are Security Model and Security Name.
Label Delete
Security Model
Security Name Group Name
Description Check to delete the entry. It will be deleted during the next save. Indicates the security model that this entry should belong to. Possible security models included: v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). A string identifying the security name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. A string identifying the group name that this entry should belong to.
ORing Industrial Networking Corp
77
IGS-P9164 Series User Manual
The allowed string length is 1 to 32, and only ASCII characters from 33 to 126
are allowed.
5.5.5 SNMP View Configurations
The SNMP v3 View table specifies the MIB object access requirements for each
View Name. You can specify specific areas of the MIB that can be accessed or
denied based on the entries or create and delete entries in the View table in
this page. The entry index keys are View Name and OID Subtree.
Label Delete View Name
View Type
OID Subtree
Description Check to delete the entry. It will be deleted during the next save. A string identifying the view name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the view type that this entry should belong to. Possible view types include: Included: an optional flag to indicate that this view subtree should be included. Excluded: An optional flag to indicate that this view subtree should be excluded. Generally, if an entry’s view type is Excluded, it should exist another entry whose view type is Included, and its OID subtree oversteps the Excluded entry. The OID defining the root of the subtree to add to the named view. The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk (*).
5.5.6 SNMP Access Configurations
This page allows you to configure SNMPv3 access table. The entry index keys
are Group Name, Security Model, and Security Level.
ORing Industrial Networking Corp
78
IGS-P9164 Series User Manual
Label Delete Group Name
Security Model
Security Level
Read View Name Write View Name
Description Check to delete the entry. It will be deleted during the next save. A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the security model that this entry should belong to. Possible security models include: any: Accepted any security model (v1|v2c|usm). v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User- based Security Model (USM). Indicates the security model that this entry should belong to. Possible security models include: NoAuth, NoPriv: no authentication and no privacy Auth, NoPriv: Authentication and no privacy Auth, Priv: Authentication and privacy The name of the MIB view defining the MIB objects for which this request may request the current values. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. The name of the MIB view defining the MIB objects for which this request may potentially SET new values. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed.
5.6 Traffic Prioritization
5.6.1 Storm Control
A LAN storm occurs when packets flood the LAN, creating excessive traffic and
degrading network performance. Errors in the protocol-stack implementation,
mistakes in network configuration, or users issuing a denial-of-service attack
can cause a storm. Storm control
ORing Industrial Networking Corp
79
IGS-P9164 Series User Manual
prevents traffic on a LAN from being disrupted by a broadcast, multicast, or
unicast storm on a port. In this page, you can specify the rate at which
packets are received for unicast, multicast, and broadcast traffic. The unit
of the rate can be either pps (packets per second) or kpps (kilopackets per
second). Note: frames sent to the CPU of the switch are always limited to
approximately 4 kpps. For example, broadcasts in the management VLAN are
limited to this rate. The management VLAN is configured on the IP setup page.
Label Frame Type Status
Rate
Description Frame types supported by the Storm Control function, including Unicast, Multicast, and Broadcast. Enables or disables the given frame type The rate is packet per second (pps), configure the rate as 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, or 1024K. The 1 kpps is actually 1002.1 pps.
5.6.2 Port Classification
QoS (Quality of Service) is a method to achieve efficient bandwidth
utilization between devices by prioritizing frames according to individual
requirements and transmit the frames based on their importance. Frames in
higher priority queues receive a bigger slice of bandwidth than those in a
lower priority queue.
ORing Industrial Networking Corp
80
IGS-P9164 Series User Manual
Label Port
QoS Class
DP level
Description The port number for which the configuration below applies Controls the default QoS class All frames are classified to a QoS class. There is a one to one mapping between QoS class, queue, and priority. A QoS class of 0 (zero) has the lowest priority. If the port is VLAN aware and the frame is tagged, then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below. Otherwise the frame is classified to the default QoS class. PCP value: 0 1 2 3 4 5 6 7 QoS class: 1 0 2 3 4 5 6 7 If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default QoS class. The classified QoS class can be overruled by a QCL entry. Note: if the default QoS class has been dynamically changed, then the actual default QoS class is shown in parentheses after the configured default QoS class. Controls the default Drop Precedence Level
ORing Industrial Networking Corp
81
IGS-P9164 Series User Manual
PCP DEI Tag Class DSCP Based
All frames are classified to a DP level. If the port is VLAN aware and the frame is tagged, then the frame is classified to a DP level that is equal to the DEI value in the tag. Otherwise the frame is classified to the default DP level. If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default DP level. The classified DP level can be overruled by a QCL entry. Controls the default PCP value All frames are classified to a PCP value. If the port is VLAN aware and the frame is tagged, then the frame is classified to the PCP value in the tag. Otherwise the frame is classified to the default PCP value. Controls the default DEI value All frames are classified to a DEI value. If the port is VLAN aware and the frame is tagged, then the frame is classified to the DEI value in the tag. Otherwise the frame is classified to the default DEI value. Shows the classification mode for tagged frames on this port Disabled: Use default QoS class and DP level for tagged frames Enabled: Use mapped versions of PCP and DEI for tagged frames Click on the mode to configure the mode and/or mapping Note: this setting has no effect if the port is VLAN unaware. Tagged frames received on VLAN-unaware ports are always classified to the default QoS class and DP level. Click to enable DSCP-based QoS Ingress Port Classification
5.6.3 Port Tag Remaking
You can set QoS egress queues on a port such as classifying data and marking
it according to its priority and the policies. Packets will then travel across
the switch’s internal paths carrying their assigned QoS tag markers. At the
egress port, these markers are read and used to determine which queue each
data packet is forwarded to. When the traffic does not conform to the
conditions set in a policer command, you can remark the traffic.
ORing Industrial Networking Corp
82
IGS-P9164 Series User Manual
Label Port
Mode
Description The switch port number to which the following settings will be applied. Click on the port number to configure tag remarking Shows the tag remarking mode for this port Classified: use classified PCP/DEI values Default: use default PCP/DEI values Mapped: use mapped versions of QoS class and DP level
5.6.4 Port DSCP
DSCP (Differentiated Services Code Point) is a measure of QoS. It can classify
data packets by using the 6-bit DS field in the IP header so you can manage
each traffic class differently and efficiently, thereby achieving optimized
use of network bandwidth. DSCP-enabled routers on the network will read the
DSCP value of the data packet and put the packet into different queues before
transmission, such as high priority and most efficient transmission. With such
QoS functions, you can ensure low-latency for critical traffic. This page
allows you to configure DSCP settings for each port.
ORing Industrial Networking Corp
83
IGS-P9164 Series User Manual
Label Port Ingress
Egress
Description Shows the list of ports for which you can configure DSCP Ingress and Egress settings. In Ingress settings you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in Ingress: Translate: check to enable the function Classify: includes four values Disable: no Ingress DSCP classification DSCP=0: classify if incoming (or translated if enabled) DSCP is 0. Selected: classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP. All: classify all DSCP Port egress rewriting can be one of the following options: Disable: no Egress rewrite Enable: rewrite enabled without remapping Remap DP Unaware: DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value. The remapped DSCP value is always taken from the ‘DSCP Translation->Egress Remap DP0’ table.
ORing Industrial Networking Corp
84
IGS-P9164 Series User Manual
Remap DP Aware: DSCP from the analyzer is remapped and the frame is remarked
with a remapped DSCP value. Depending on the DP level of the frame, the
remapped DSCP value is either taken from the ‘DSCP Translation->Egress Remap
DP0’ table or from the ‘DSCP Translation->Egress Remap DP1′ table.
5.6.5 Port Policing
Policing is a traffic regulation mechanism for limiting the rate of traffic
streams, thereby controlling the maximum rate of traffic sent or received on
an interface. When the traffic rate exceeds the configured maximum rate,
policing drops or remarks the excess traffic. This page allows you to
configure Policer for all switch ports.
Port Policing
Label Port Enable Rate
Unti Flow Control
Description The port number for which the configuration below applies Check to enable the policer for individual switch ports Configures the rate of each policer. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps or fps, and is restricted to 1 to 3300 when the Unit is Mbps or kfps. Configures the unit of measurement for each policer rate as kbps, Mbps, fps, or kfps. The default value is kbps. If Flow Control is enabled and the port is in Flow Control mode, then pause frames are sent instead of being discarded.
ORing Industrial Networking Corp
85
Queue Policing
IGS-P9164 Series User Manual
Label Port Enable(E)
Rate
Unit
Description The port number for which the configuration below applies. Check to enable queue policer for individual switch ports Configures the rate of each queue policer. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and is restricted to 1 to 3300 when the Unit is Mbps. This field is only shown if at least one of the queue policers is enabled. Configures the unit of measurement for each queue policer rate as kbps or Mbps. The default value is kbps. This field is only shown if at least one of the queue policers is enabled.
5.6.6 Scheduling and Shaping
Port scheduling can solve performance degradation during network congestions.
The schedulers allow switches to maintain separate queues for packets from
each source and prevent specific traffic to use up all bandwidth. This page
allows you to configure Scheduler and Shapers for individual ports.
QoS Egress Port Scheduler and Shaper
Strict Priority
Strict Priority uses queues based only priority. When traffic arrives the
device, traffic on the highest priority queue will be transmitted first,
followed by traffic on lower priorities. If there is always some content in
the highest priority queue, then the other packets in the rest of queues will
not be sent until the highest priority queue is empty. The SP algorithm is
preferred when the received packets contain high priority data, such as voice
and video.
ORing Industrial Networking Corp
86
IGS-P9164 Series User Manual
Label Scheduler Mode Queue Shaper Enable
Queue Shaper Rate
Queues Shaper Unit
Queue Shaper Excess Port Shaper Enable Port Shaper Rate
Description Two scheduling modes are available: Strict Priority or Weighted
Check to enable queue shaper for individual switch ports
Configures the rate of each queue shaper. The default value is 500. This value
is restricted to 100 to 1000000 whn the Unit is kbps”, and it is restricted to
1 to 3300 when the Unit is Mbps. Configures the rate for each queue shaper.
The default value is 500. This value is restricted to 100 to 1000000 when the
Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.
Allows the queue to use excess bandwidth
Check to enable port shaper for individual switch ports Configures the rate of
each port shaper. The default value is 500
ORing Industrial Networking Corp
87
IGS-P9164 Series User Manual
Port Shaper Unit
This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures the unit of measurement for each port shaper rate as kbps or Mbps. The default value is kbps.
Weighted
Weighted scheduling will deliver traffic on a rotating basis. It can guarantee
each queue’s minimum bandwidth based on their bandwidth weight when there is
traffic congestion. Only when a port has more traffic than it can handle will
this mode be activated. A queue is given an amount of bandwidth regardless of
the incoming traffic on that port. Queue with larger weights will have more
guaranteed bandwidth than others with smaller weights.
Label Scheduler Mode Queue Shaper Enable
Description Two scheduling modes are available: Strict Priority or Weighted
Check to enable queue shaper for individual switch ports
ORing Industrial Networking Corp
88
IGS-P9164 Series User Manual
Queue Shaper Rate
Queues Shaper Unit
Queue Shaper Excess Queue Scheduler Weight Queue Scheduler Percent Port Shaper
Enable
Port Shaper Rate
Port Shaper Unit
Configures the rate of each queue shaper. The default value is 500. This value
is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to
1 to 3300 when the Unit is Mbps. Configures the rate of each queue shaper. The
default value is 500. This value is restricted to 100 to 1000000 when the
Unit” is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.
Allows the queue to use excess bandwidth
Configures the weight of each queue. The default value is 17. This value is
restricted to 1 to 100. This parameter is only shown if Scheduler Mode is set
to Weighted. Shows the weight of the queue in percentage. This parameter is
only shown if Scheduler Mode is set to Weighted. Check to enable port shaper
for individual switch ports Configures the rate of each port shaper. The
default value is 500. This value is restricted to 100 to 1000000 when the Unit
is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures
the unit of measurement for each port shaper rate as kbps or Mbps. The default
value is kbps.
5.6.7 Port Scheduler
This page provides an overview of QoS Egress Port Schedulers for all switch
ports.
Label Port Mode Qn
Description The switch port number to which the following settings will be applied. Click on the port number to configure the schedulers Shows the scheduling mode for this port Shows the weight for this queue and port
ORing Industrial Networking Corp
89
IGS-P9164 Series User Manual
5.6.8 Port Shaping
Port shaping enables you to limit traffic on a port, thereby controlling the
amount of traffic passing through the port. With port shaping, you can shape
the aggregate traffic through an interface to a rate that is less than the
line rate for that interface. When configuring port shaping on an interface,
you specify a value indicating the maximum amount of traffic allowable for the
interface. This value must be less than the maximum bandwidth for that
interface.
Label Port Mode Q0~Q7
Description The switch port number to which the following settings will be applied. Click on the port number to configure the shapers Shows disabled or actual queue shaper rate – e.g. “800 Mbps” Shows disabled or actual port shaper rate – e.g. “800 Mbps”
5.6.9 DSCP Based QoS
This page allows you to configure DSCP-based QoS Ingress Classification
settings for all ports.
ORing Industrial Networking Corp
90
IGS-P9164 Series User Manual
Label DSCP
Trust
QoS Class DPL
Description Maximum number of supported DSCP values is 64 Check to trust a specific DSCP value. Only frames with trusted DSCP values are mapped to a specific QoS class and drop precedence level. Frames with untrusted DSCP values are treated as a non-IP frame. QoS class value can be any number from 0-7. Drop Precedence Level (0-1)
5.6.10 DSCP Translation
This page allows you to configure basic QoS DSCP translation settings for all
switches. DSCP translation can be done in Ingress or Egress.
Label DSCP
Ingress
Description Maximum number of supported DSCP values is 64 and valid DSCP value ranges from 0 to 63. Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation 1. Translate: Enables ingress translation of DSCP values based on the specified classification method. DSCP can be translated to any of (0-63) DSCP values.
ORing Industrial Networking Corp
91
IGS-P9164 Series User Manual
Egress
2. Classify: Enable Classification at ingress side as defined in the QoS Port DSCP Configuration table. Configurable engress parameters include; Remap DP0: Re-maps DP0 field to selected DSCP value. DP0 indicates a drop precedence with a low priority. You can select the DSCP value from a selected menu to which you want to remap. DSCP value ranges form 0 to 63. Remap DP1: Re-maps DP1 field to selected DSCP value. DP1 indicates a drop precedence with a high priority. You can select the DSCP value from a selected menu to which you want to remap. DSCP value ranges form 0 to 63.
5.6.11 DSCP Classification
This page allows you to configure the mapping of QoS class and Drop Precedence
Level to DSCP value.
Label QoS Class DPL DSCP
Description Actual QoS class Actual Drop Precedence Level Select the classified DSCP value (0-63)
5.6.12 QoS Control List
This page shows all the QCE (Quality Control Entries) for a given QCL. You can
edit or ad new QoS control entries in this page. A QCE consists of several
parameters. These parameters vary with the frame type you select.
ORing Industrial Networking Corp
92
IGS-P9164 Series User Manual
Label Port Members Key Parameters
Any Ethernet
Description Check to include the port in the QCL entry. By default, all ports are included. Key configurations include: Tag: value of tag, can be Any, Untag or Tag. VID: valid value of VLAN ID from 1 to 4095 Any: can be a specific value or a range of VIDs. PCP: Priority Code Point, can be specific numbers (0, 1, 2, 3, 4, 5, 6, 7), a range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or Any DEI: Drop Eligible Indicator, can be any of values between 0 and 1 or Any SMAC: Source MAC Address, can be 24 MS bits (OUI) or Any DMAC Type: Destination MAC type, can be unicast (UC), multicast (MC), broadcast (BC) or Any Frame Type can be the following values: Any, Ethernet, LLC, SNAP, IPv4, and IPv6 Note: all frame types are explained below. Allow all types of frames Valid Ethernet values can range from 0x600 to 0xFFFF or Any’ but
ORing Industrial Networking Corp
93
IGS-P9164 Series User Manual
LLC SNAP IPv4
IPv6 Action Parameters
excluding 0x800(IPv4) and 0x86DD(IPv6). The default value is Any. SSAP Address: valid SSAP (Source Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is Any. DSAP Address: valid DSAP (Destination Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is Any. Control Valid Control: valid values can range from 0x00 to 0xFF or Any. The default value is Any. PID: valid PID (a.k.a ethernet type) values can range from 0x00 to 0xFFFF or Any. The default value is Any. Protocol IP Protocol Number: (0-255, TCP or UDP) or Any Source IP: specific Source IP address in value/mask format or Any. IP and mask are in the format of x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When the mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero. DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE, CS1-CS7, EF or AF11-AF43. IP Fragment: Ipv4 frame fragmented options include ‘yes’, ‘no’, and ‘any’. Sport Source TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Dport Destination TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Protocol IP protocol number: (0-255, TCP or UDP) or Any Source IP IPv6 source address: (a.b.c.d) or Any, 32 LS bits DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE, CS1-CS7, EF or AF11-AF43. Sport Source TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Dport Destination TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Class QoS class: (0-7) or Default Valid Drop Precedence Level value can be (0-1) or Default.
ORing Industrial Networking Corp
94
IGS-P9164 Series User Manual
Valid DSCP value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) or Default.
Default means that the default classified value is not modified by this QCE.
5.6.13 QoS Counters
This page provides the statistics of individual queues for all switch ports.
Label Port Qn Rx / Tx
Description The switch port number to which the following settings will be applied. There are 8 QoS queues per port. Q0 is the lowest priority The number of received and transmitted packets per queue
5.6.14 QCL Status
This page shows the QCL status by different QCL users. Each row describes the
QCE that is defined. It is a conflict if a specific QCE is not applied to the
hardware due to hardware limitations. The maximum number of QCEs is 256 on
each switch.
Label User
Description Indicates the QCL user
ORing Industrial Networking Corp
95
IGS-P9164 Series User Manual
QCE# Frame Type Port Action
Conflict
Indicates the index of QCE Indicates the type of frame to look for incoming frames. Possible frame types are: Any: the QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed. IPv4: the QCE will match only IPV4 frames. IPv6: the QCE will match only IPV6 frames. Indicates the list of ports configured with the QCE. Indicates the classification action taken on ingress frame if parameters configured are matched with the frame’s content. There are three action fields: Class, DPL, and DSCP. Class: Classified QoS; if a frame matches the QCE, it will be put in the queue. DPL: Drop Precedence Level; if a frame matches the QCE, then DP level will set to a value displayed under DPL column. DSCP: if a frame matches the QCE, then DSCP will be classified with the value displayed under DSCP column. Displays the conflict status of QCL entries. As hardware resources are shared by multiple applications, resources required to add a QCE may not be available. In that case, it shows conflict status as Yes, otherwise it is always No. Please note that conflict can be resolved by releasing the hardware resources required to add the QCL entry by pressing Resolve Conflict button.
5.7 Multicast
5.7.1 IGMP Snooping
IGMP (Internet Group Management Protocol) snooping monitors the IGMP traffic
between hosts and multicast routers. The switch uses what IGMP snooping learns
to forward multicast traffic only to interfaces that are connected to
interested receivers. This conserves bandwidth by allowing the switch to send
multicast traffic to only those interfaces that are connected to hosts that
want to receive the traffic, instead of flooding the traffic to all interfaces
in the VLAN. This page allows you to set up IGMP snooping configurations.
ORing Industrial Networking Corp
96
IGS-P9164 Series User Manual
Label Snooping Enabled Unregistered IPMCv4Flooding enabled
Router Port
Fast Leave
Description Check to enable global IGMP snooping
Check to enable unregistered IPMC traffic flooding
Specifies which ports act as router ports. A router port is a port on the
Ethernet switch that leads towards the Layer 3 multicast device or IGMP
querier. If an aggregation member port is selected as a router port, the whole
aggregation will act as a router port. Check to enable fast leave on the port
5.7.2 VLAN Configurations of IGMP Snooping
If a VLAN is not IGMP snooping-enabled, it floods multicast data and control
packets to the entire VLAN in hardware. When snooping is enabled, IGMP packets
are trapped to the CPU. Data packets are mirrored to the CPU in addition to
being VLAN flooded. The CPU then installs hardware resources, so that
subsequent data packets can be switched to desired ports in hardware without
going to the CPU. Each page shows up to 99 entries from the VLAN table,
depending on the value in the Entries Per Page field. By default, the page
will show the first 20 entries from the beginning of the VLAN table. The first
displayed will be the one with the lowest VLAN ID found in the VLAN Table. The
VLAN field allows the user to select the starting point in the VLAN Table.
Clicking Refresh
ORing Industrial Networking Corp
97
IGS-P9164 Series User Manual
will update the displayed table starting from that or the next closest VLAN
Table match. The >> button will use the last entry of the currently displayed
entry as a basis for the next lookup. When the end is reached, the text No
more entries is shown in the displayed table. Use the |<< button to start
over.
Label
Delete
VLAN ID IGMP Snooping Enable IGMP Querier
Description Check to delete the entry. The designated entry will be deleted during the next save. The VLAN ID of the entry Check to enable IGMP snooping for individual VLAN. Up to 32 VLANs can be selected. Check to enable the IGMP Querier in the VLAN
5.7.3 IGMP Snooping Status
This page provides IGMP snooping status.
ORing Industrial Networking Corp
98
IGS-P9164 Series User Manual
Label VLAN ID Querier Version Host Version Querier Status Querier Receive V1 Reports Receive V2 Reports Receive V3 Reports Receive V2 Leave Receive Refresh Clear Auto-refresh Port Status
Description The VLAN ID of the entry Active Querier version Active Host
version Shows the Querier status as ACTIVE or IDLE The number of transmitted
Querier
The number of received V1 reports
The number of received V2 reports
The number of received V3 reports
The number of received V2 leave packets Click to refresh the page immediately
Clear all statistics counters Check to enable an automatic refresh of the page
at regular intervals Switch port number Indicates whether a specific port is a
router port or not
5.7.4 Groups Information of IGMP Snooping
Information about entries in the IGMP Group Table is shown in this page. The
IGMP Group Table is sorted first by VLAN ID, and then by group.
Label VLAN ID Groups Port Members
Description The VLAN ID of the group The group address of the group displayed Ports under this group
ORing Industrial Networking Corp
99
IGS-P9164 Series User Manual
5.8 Security
5.8.1 Remote Control Security Configurations
Remote Control Security allows you to limit remote access to the management
interface. When enabled, requests of the client which is not in the allowed
list will be rejected.
Label Port IP Address Web Telnet SNMP Delete
Description Port number of the remote client IP address of the remote client. 0.0.0.0 means “any IP”. Check to enable management via a Web interface Check to enable management via a Telnet interface Check to enable management via a SNMP interface Check to delete entries
5.8.2 Device Binding
Device binding is ORing’s proprietary technology which binds the IP/MAC
address of a device with a specified Ethernet port. If the IP/MAC address of
the device connected to the Ethernet port does not conform to the binding
requirements, the device will be locked for security concerns. Device Binding
also provides security functions via alive checking, streaming check, and
DoS/DDoS prevention.
ORing Industrial Networking Corp
100
IGS-P9164 Series User Manual
Label
Description
Indicates the device binding operation for each port. Possible modes
are:
—: disable
Mode
Scan: scans IP/MAC automatically, but no binding function
Binding: enables binding. Under this mode, any IP/MAC that does
not match the entry will not be allowed to access the network.
Shutdown: shuts down the port (No Link)
Alive Check
Check to enable alive check. When enabled, switch will ping the
Active
device continually.
Indicates alive check status. Possible statuses are:
—: disable
Alive Check
Got Reply: receive ping reply from device, meaning the device is still
Status
alive
Lost Reply: not receiving ping reply from device, meaning the device
might have been dead.
Stream Check
Check to enable stream check. When enabled, the switch will detect
Active
the stream change (getting low) from the device.
Indicates stream check status. Possible statuses are:
Stream Check
—: disable
Status
Normal: the stream is normal.
Low: the stream is getting low.
DDoS Prevention Check to enable DDOS prevention. When enabled, the switch will
Acton
monitor the device against DDOS attacks.
Indicates DDOS prevention status. Possible statuses are:
DDoS Prevention Status
—: disable Analyzing: analyzes packet throughput for initialization Running: analysis completes and ready for next move
Attacked: DDOS attacks occur
Device IP Address Specifies IP address of the device
Device MAC Address
Specifies MAC address of the device
Advanced Configurations
Alias IP Address
This page provides alias IP address configuration. Some devices might have
more than one IP addresses. You could specify other IP addresses here.
ORing Industrial Networking Corp
101
IGS-P9164 Series User Manual
Label Alias IP Address
Description Specifies alias IP address. Keep 0.0.0.0 if the device does not have an alias IP address.
Alive Check
Alive Checking monitors the real-time status of the device connected to the
port. live-checking packets will be sent to the device to probe if the device
is running. If the switch receives no response from the device, actions will
be taken according to your configurations.
Label Link Change Only log it Shunt Down the Port Reboot Device
Description Disables or enables the port Simply sends logs to the log server Disables the port Disables or enables PoE power
ORing Industrial Networking Corp
102
IGS-P9164 Series User Manual
DDoS Prevention
The switch can monitor ingress packets, and perform actions when DDOS attack
occurred on this port. When network traffic from a specific device increases
significantly in a short period of time, the switch will lock the IP address
of that device to protect the network from attacks. You can configure DDoS
prevention on this page to achieve maximum protection.
Label Mode Sensibility
Packet Type
Socket Number Filter Action
Description Enables or disables DDOS prevention of the port Indicates the level of DDOS detection. Possible levels are: Low: low sensibility Normal: normal sensibility Medium: medium sensibility High: high sensibility Indicates the types of DDoS attack packets to be monitored. Possible types are: RX Total: all ingress packets RX Unicast: unicast ingress packets RX Multicast: multicast ingress packets RX Broadcast: broadcast ingress packets TCP: TCP ingress packets UDP: UDP ingress packets If packet type is UDP (or TCP), please specify the socket number here. The socket number can be a range, from low to high. If the socket number is only one, please fill the same number in the low and high fields. If packet type is UDP (or TCP), please choose the socket direction (Destination/Source). Indicates the action to take when DDOS attacks occur. Possible
ORing Industrial Networking Corp
103
IGS-P9164 Series User Manual
Status
actions are: —: no action Blocking 1 minute: blocks the forwarding for 1 minute and log the event Blocking 10 minute: blocks the forwarding for 10 minutes and log the event Blocking: blocks and logs the event Shunt Down the Port: shuts down the port (No Link) and logs the event Only Log it: simply logs the event Reboot Device: if PoE is supported, the device can be rebooted. The event will be logged. Indicates the DDOS prevention status. Possible statuses are: —: disables DDOS prevention Analyzing: analyzes packet throughput for initialization Running: analysis completes and ready for next move Attacked: DDOS attacks occur
Device Description
This page allows you to configure device description settings.
Label Device Type
Description Indicates device types. Possible types are: —: no specification
ORing Industrial Networking Corp
104
IGS-P9164 Series User Manual
Location Address
References
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>