isw series managed industrial ethernet switch hardware

97
ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide ISW 4-10/100P, 2-10/100T, 2-SFP ISW 4GbP, 2GbT, 2-SFP ISW 8-10/100P, 4-SFP ISW 8GbP, 4-SFP 9034965 Rev. 04 Published May 2017

Upload: phungtuong

Post on 13-Feb-2017

246 views

Category:

Documents


5 download

TRANSCRIPT

Page 1: ISW Series Managed Industrial Ethernet Switch Hardware

ISW Series ManagedIndustrial Ethernet SwitchHardware Installation & UserGuideISW 4-10/100P, 2-10/100T, 2-SFPISW 4GbP, 2GbT, 2-SFPISW 8-10/100P, 4-SFPISW 8GbP, 4-SFP

9034965 Rev. 04

Published May 2017

Page 2: ISW Series Managed Industrial Ethernet Switch Hardware

Copyright © 2017 Extreme Networks, Inc. All rights reserved.

Legal NoticeExtreme Networks, Inc. reserves the right to make changes in specifications and other informationcontained in this document and its website without prior notice. The reader should in all casesconsult representatives of Extreme Networks to determine whether any such changes have beenmade.The hardware, firmware, software or any specifications described or referred to in this documentare subject to change without notice.

TrademarksExtreme Networks and the Extreme Networks logo are trademarks or registered trademarks ofExtreme Networks, Inc. in the United States and/or other countries.All other names (including any product names) mentioned in this document are the property oftheir respective owners and may be trademarks or registered trademarks of their respectivecompanies/owners.For additional information on Extreme Networks trademarks, please see: www.extremenetworks.com/company/legal/trademarks

Software LicensingSome software files have been licensed under certain open source or third-party licenses. End-user license agreements and open source declarations can be found at: www.extremenetworks.com/support/policies/software-licensing

SupportFor product support, phone the Global Technical Assistance Center (GTAC) at 1-800-998-2408(toll-free in U.S. and Canada) or +1-408-579-2826. For the support phone number in othercountries, visit: http://www.extremenetworks.com/support/contact/For product documentation online, visit: https://www.extremenetworks.com/documentation/

Page 3: ISW Series Managed Industrial Ethernet Switch Hardware

Table of ContentsPreface.........................................................................................................................................4

Text Conventions...................................................................................................................................................................4Getting Help.............................................................................................................................................................................5Extreme Networks Publications.....................................................................................................................................5Providing Feedback to Us.................................................................................................................................................5

Chapter 1: Industrial Switch Series Overview........................................................................ 7Safety Instructions................................................................................................................................................................7Faceplate and Panels.......................................................................................................................................................... 8Technical Specifications................................................................................................................................................... 10

Chapter 2: Installing Industrial Switches...............................................................................16Mounting the ISW (DIN-Rail)......................................................................................................................................... 16Mounting the ISW (Wall)..................................................................................................................................................17Connecting the Ethernet Interface (RJ45 Ethernet)......................................................................................... 18Connecting the Ethernet Interface (Fiber)............................................................................................................. 19Connecting the Power Terminal Block...................................................................................................................... 21Alarm Relay and Ground Connection........................................................................................................................21Console Connection.......................................................................................................................................................... 22System Reset........................................................................................................................................................................ 23Connecting & Logging in to the Switch.................................................................................................................. 24Monitoring the Ethernet Interface..............................................................................................................................25Upgrading and Downgrading Software.................................................................................................................. 25Resetting Configuration Defaults via CLI Command........................................................................................25Resetting Configuration Defaults via Web UI.......................................................................................................26

Chapter 3: ISW Application Guides.......................................................................................28VLAN Application Guide.................................................................................................................................................28Security Application Guide............................................................................................................................................34Ring Version 2 Application Guide.............................................................................................................................. 48QoS Application Guide....................................................................................................................................................58IGMP Application Guide..................................................................................................................................................64802.1x Authentication Application Guide...............................................................................................................69Power over Ethernet (PoE) Application Guide....................................................................................................73

Appendix A: Regulatory and Compliance Information......................................................80

Glossary........................................................................................................................................... 82

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 3

Page 4: ISW Series Managed Industrial Ethernet Switch Hardware

PrefaceScopeThis document provides an overview on the ISW and includes information about installing andconfiguring the ISW for the first time. Also are practical application guides to guide you through typicalfirst-time setup tasks.

AudienceThe guide is intended for system engineers or operating personnel who want to have a basicunderstanding of the ISW series.

Text ConventionsThe following tables list text conventions that are used throughout this guide.

Table 1: Notice IconsIcon Notice Type Alerts you to...

General Notice Helpful tips and notices for using the product.

Note Important features or instructions.

Caution Risk of personal injury, system damage, or loss of data.

Warning Risk of severe personal injury.

New This command or section is new for this release.

Table 2: Text ConventionsConvention Description

Screen displays This typeface indicates command syntax, or represents information as it appears on thescreen.

The words enter andtype

When you see the word “enter” in this guide, you must type something, and then pressthe Return or Enter key. Do not press the Return or Enter key when an instructionsimply says “type.”

[Key] names Key names are written with brackets, such as [Return] or [Esc]. If you must press twoor more keys simultaneously, the key names are linked with a plus sign (+). Example:Press [Ctrl]+[Alt]+[Del]

Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined inthe text. Italics are also used when referring to publication titles.

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 4

Page 5: ISW Series Managed Industrial Ethernet Switch Hardware

Getting HelpIf you require assistance, contact Extreme Networks using one of the following methods:

• GTAC (Global Technical Assistance Center) for Immediate Support

• Phone: 1-800-998-2408 (toll-free in U.S. and Canada) or +1 408-579-2826. For the supportphone number in your country, visit: www.extremenetworks.com/support/contact

• Email: [email protected]. To expedite your message, enter the product name ormodel number in the subject line.

• GTAC Knowledge — Get on-demand and tested resolutions from the GTAC Knowledgebase, orcreate a help case if you need more guidance.

• The Hub — A forum for Extreme customers to connect with one another, get questions answered,share ideas and feedback, and get problems solved. This community is monitored by ExtremeNetworks employees, but is not intended to replace specific guidance from GTAC.

• Support Portal — Manage cases, downloads, service contracts, product licensing, and training andcertifications.

Before contacting Extreme Networks for technical support, have the following information ready:

• Your Extreme Networks service contract number and/or serial numbers for all involved ExtremeNetworks products

• A description of the failure

• A description of any action(s) already taken to resolve the problem

• A description of your network environment (such as layout, cable type, other relevant environmentalinformation)

• Network load at the time of trouble (if known)

• The device history (for example, if you have returned the device before, or if this is a recurringproblem)

• Any related RMA (Return Material Authorization) numbers

Extreme Networks Publications

GeneralProduct documentation is available at: http://documentation.extremenetworks.com. Release notes areavailable at: www.extremenetworks.com/support/release-notes

Open Source DeclarationsSome software files have been licensed under certain open source licenses. More information isavailable at: www.extremenetworks.com/support/policies/software-licensing

Providing Feedback to UsWe are always striving to improve our documentation and help you work better, so we want to hearfrom you! We welcome all feedback but especially want to know about:

Preface

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 5

Page 6: ISW Series Managed Industrial Ethernet Switch Hardware

• Content errors or confusing or conflicting information.

• Ideas for improvements to our documentation so you can find the information you need faster.

• Broken links or usability issues.

If you would like to provide feedback to the Extreme Networks Information Development team aboutthis document, please contact us using our short online feedback form. You can also email us directly at [email protected].

Preface

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 6

Page 7: ISW Series Managed Industrial Ethernet Switch Hardware

1 Industrial Switch Series Overview

Safety InstructionsFaceplate and PanelsTechnical Specifications

Extreme Networks ISW Series Industrial Switches deliver high quality, wide operation temperaturerange, extended power input range, and advanced VLAN (Virtual LAN) & QoS (Quality of Service)features. It's ideal for harsh environments and mission-critical applications.

The Managed Ethernet Switch solutions are designed for supporting standard industrial applications.Managed switches are easier to prioritize, partition, and organize user’s network, providing a morereliable and better quality services.

This guide covers installation for the following Industrial Switches:

• ISW 4-10/100P,2-10/100T,2-SFP

• ISW 8-10/100P,4-SFP

• ISW 4GBP,2GBT,2-SFP

• ISW 8GBP,4-SFP

Safety InstructionsWhen a connector is removed during installation, testing, or servicing, or when an energized fiber isbroken, a risk of ocular exposure to optical energy that may be potentially hazardous occurs, dependingon the laser output power.

The primary hazards of exposure to laser radiation from an optical-fiber communication system are:

• Damage to the eye by accidental exposure to a beam emitted by a laser source.

• Damage to the eye from viewing a connector attached to a broken fiber or an energized fiber.

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 7

Page 8: ISW Series Managed Industrial Ethernet Switch Hardware

Faceplate and Panels

Figure 1: 4-Port PoE Series Faceplate

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 8

Page 9: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 2: 8-Port PoE Series Faceplate

Front Panel

System Status LED P1, P2 and Alarm

Gigabit Ethernet Copper Ports RJ45

Gigabit Ethernet SFP ports SFP Slots

POE LED POE port status

RR/RS LED Device info/status

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 9

Page 10: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 3: Top Panel

Top Panel

Power Input (Dual) 6P Terminal Block

Console (RS232) RJ45

Reset Push Button

Technical Specifications

Ethernet

Operating mode Store and forward, L2 wire-speed/non-blocking switching engine

MAC addresses 8K

Jumbo frames 9K Bytes

Copper RJ45 Ports

Speed 10/100/1000 Mbps

MDI/MDIX Auto-crossover Support straight or cross wired cables

Auto-negotiating 10/100/1000 Mbps speed auto-negotiation; Full and half duplex

Ethernet isolation 1500 VRMS 1 minute

SFP (pluggable) Ports

Port types supported SFP (pluggable) Ports 100/1000Base SFP slotSupport 100/1000BaseT SFP transceiver

Fiber port connector LC typically for fiber (depends on module)

Optimal fiber cable Typical 50 or 62.5/125 μm for multimode (mm);Typical 8 or 9/125 μm for single mode (sm)

Network Redundancy

Fast failover protection rings Single & Multiple rings supported

Spanning Tree Protocol IEEE 802.1D STP, IEEE 802.1w RSTP, IEEE 802.1s MSTP

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 10

Page 11: ISW Series Managed Industrial Ethernet Switch Hardware

Port Trunk with LACP Static trunk or Dynamic via LACP

Bridge, VLANs & Protocols

Flow control IEEE 802.3x (Full Duplex) and Back-Pressure(Half Duplex)

VLAN Types Port-based VLANsIEEE 802.1Q tag-based VLANsIEEE 802.1ad Double Tagging (Q in Q)

Multicast protocols IGMP (Internet Group Management Protocol) v1, v2IGMP snooping and queryingImmediate leave and leave proxyThrottling and filtering

LLDP (Link Layer Discovery Protocol) IEEE 802.1ab LLDP

Traffic management & QoS

Priority IEEE 802.1p QoS

Number of queues per port 8

Scheduling schemes SPQ, WRR

Traffic Shaper Port-based shaping

Security

Port security IP and MAC-based access controlIEEE 802.1X authentication Network Access Control

Power

Power input Redundant Input Terminals

Input voltage rangeMax. power consumption

Non-POE mode: 12–58 VDC802.3af POE mode 46–58 VDC802.3at POE mode 50–58 VDCPower Consumption: 15 Watts without POE PD loading

Reverse power protection Yes

Total PoE output power budgetPoE PSE port output powermanagement

120W (ISW 16801) / 240W (ISW 16803)Scheduling; power control; PoE PD power consumption monitoring

Transient protection 15,000 watts peak

Indicators

Power Status indication Indication of power input status

Ethernet port indication Link & Speed

Management

User Management interfaces • CLI

• Web-based Management

• SNMP (Simple Network Management Protocol) v1, v2c

• Telnet (5 sessions)

Management Security HTTPS, SSHRadius Client for Management

Upgrade & Restore Configuration Import/ExportFirmware Upgrade

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 11

Page 12: ISW Series Managed Industrial Ethernet Switch Hardware

Diagnostic SyslogPer-VLAN mirroringSFP with DDM (Digital Diagnostic Monitoring)

MIBs RMON 1,2,3,9; Q-Bridge MIB,RFC 1213 MIB-II, RFC 4188 Bridge MIB

DHCP (Dynamic Host ConfigurationProtocol)

Client, Server, Relay, Snooping, Option 82

NTP/SNTP (Simple Network TimeProtocol)

Yes

Environmental & Compliances

Operating temperature range -40 to +75°C (cold startup at -40°C)

Storage temperature range -40 to +85 °C

Humidity (non-condensing) 5 to 95% RH

Vibration, shock & freefall IEC68-2-6, -27, -32

Certification compliance CE/FCC; EN-50121-4

Electrical safety CSA C22, EN61010-1, CE

EMC FCC Part 15, CISPR 22 (EN55022) Class AIEC61000-4-2, -3, -4, -5, -6

RoHS and WEEE RoHS (Pb free) and WEEE compliant

MTBF > 25 years

Mechanical

Ingress protection IP30

Installation optionDimensionWeight

DIN-Rail mounting, Wall mounting154mm x 109mm x 60mm (ISW series: 154mm(H) x 128mm(D) x 77mm(W))1056g (IISW series:1410g)

System Statistics

Function Name System Max Value

VLAN ID 4096

VLAN Limitation 2048

Privilege Level of User 15

RMON Statistic Entry 65535

RMON Alarm Entry 65

RMON Event Entry 65535

IPMC Profile 64

IPMC Rule / Address Entry 128

ACE 256

ICMP Type / Code 255

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 12

Page 13: ISW Series Managed Industrial Ethernet Switch Hardware

Function Name System Max Value

RADIUS (Remote Authentication Dial InUser Service) Server

5

TACACS+ Server 5

MAC-based VLAN Entry 256

IP subnet-based VLAN Entry 128

Protocol-based VLAN Group 125

Voice VLAN OUI 16

QCE 256

IP Interface 8

IP Route 32

Security Access Management 16

MVR VLAN 4

MAC Learning table address 8k

IGMP Group 1000

LED Status Indicators

Table 3: LED Status IndicatorsLED State Description

P1

On Green P1 power line has power

OffP1 power line disconnect or does not havesupply power

P2

On Green P2 power line has power

OffP2 power line disconnect or does not havesupply power

AlarmOn Red Alarm event occurs

Off No alarm

Copper ports Link/Act

On Green Ethernet link up but no traffic is detected

Flashing Green Ethernet link up and there is traffic detected

Off Ethernet link down

Copper ports SpeedOn Yellow

A 100 Mbps or a 1000Mbps connection isdetected

Off No link or a 10 Mbps connection is detected

SFP port Link/ActOn Green Ethernet link up

Off Ethernet link down

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 13

Page 14: ISW Series Managed Industrial Ethernet Switch Hardware

Table 3: LED Status Indicators (continued)LED State Description

SFP portSpeed

On YellowSFP port speed 1000Mbps connection isdetected.

OffNo link or a SFP port speed 100Mbpsconnection is detected

RR (Redundant Role) On Redundant Master (Ring Master, RingCoupling Backup, Dual Homing, Chain Head,Balancing Chain Central Block ) is enabled inthe system.

Off No Redundant Master is enabled in thesystem.

RS (Redundant Status) On 1 If any Ring port links are down, the RSLED will be ON.

2 If the device has any of Redundant Master(Ring Master, Ring Coupling Backup, DualHoming, Chain Head, Balancing ChainCentral Block ) and detects a Ring/Coupling/Dual Homing/Chain/BalancingChain failure (any node is link down), andthen RS LED will be ON.

Off All of the Ring ports are link up or Ring/Coupling/Dual Homing/Chain/BalancingChain is healthy.

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 14

Page 15: ISW Series Managed Industrial Ethernet Switch Hardware

Industrial Switch Series Overview

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 15

Page 16: ISW Series Managed Industrial Ethernet Switch Hardware

2 Installing Industrial Switches

Mounting the ISW (DIN-Rail)Mounting the ISW (Wall)Connecting the Ethernet Interface (RJ45 Ethernet)Connecting the Ethernet Interface (Fiber)Connecting the Power Terminal BlockAlarm Relay and Ground ConnectionConsole ConnectionSystem ResetConnecting & Logging in to the SwitchMonitoring the Ethernet InterfaceUpgrading and Downgrading SoftwareResetting Configuration Defaults via CLI CommandResetting Configuration Defaults via Web UI

Mounting the ISW (DIN-Rail)Mounting steps:

1 Screw the DIN-Rail bracket on with the bracket and screws in the accessory kit.

2 Hook the unit over the DIN rail.

3 Push the bottom of the unit towards the DIN Rail until it snaps into place.

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 16

Page 17: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 4: ISW DIN-Rail Mounting

Mounting the ISW (Wall)Attach the wall-mounting plates with the screws provided in the accessory kit.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 17

Page 18: ISW Series Managed Industrial Ethernet Switch Hardware

Connecting the Ethernet Interface (RJ45 Ethernet)ISW provides two types of electrical (RJ45) and optical (mini-GBIC) interfaces.

• To connect to a PC, use a straight-through or a cross-over Ethernet cable.

• To connect the ISW copper port to an Ethernet device, use UTP (Unshielded Twisted Pair) or STP(Shielded Twisted Pair) Ethernet cables.

The pin assignment of RJ45 connector is shown in Figure 5 and Table 4

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 18

Page 19: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 5: RJ45 Connector Pins

Table 4: RJ45 Connector Pin AssignmentPin Assignment PoE Assignment

1, 2 T/Rx+, T/Rx- Positive VPort

3, 6 T/Rx+, T/Rx- Negative VPort

4, 5 T/Rx+, T/Rx- X

7, 8 T/Rx+, T/Rx- X

Connecting the Ethernet Interface (Fiber)For both 100/1000 Mbps fiber speed connections, the SFP slots are available. The SFP slot accepts thefiber transceivers that typically have an LC connector.

The fiber transceivers have options of multimode, single mode, long-haul, or special-applicationtransceivers.

Prepare a proper SFP module and install it into the optical port. Then you can connect fiber opticscabling that uses LC connectors or SC connectors (with the use of an optional SC-to-LC adapter) to thefiber optics connector.

Refer to Table 3 on page 13 for the normal operational LED status.

Figure 6: Fiber optics cable with LC duplex connector

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 19

Page 20: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 7: Connect the optical fiber to the SFP socket

DangerNever attempt to view optical connectors that might be emitting laser energy.

Do not power up the laser product without connecting the laser to the optical fiber andputting the cover in position, as laser outputs will emit infrared laser light at this point.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 20

Page 21: ISW Series Managed Industrial Ethernet Switch Hardware

Connecting the Power Terminal BlockThe DC power interface is a 6-pin terminal block with polarity signs on the top panel. The ISW can bepowered from two power supply (input range 12V – 58V). The DC power connector is a 6-pin terminalblock; there is alarm contact on the middle terminal block.

The switch can be powered from two power supplies (input range 12V – 58V). Insert the positive andnegative wires into V+ and V- contacts on the terminal block respectively and tighten the wire-clampscrews to prevent the wires from being loosened.

NoteThe DC power should be connected to a well-fused power supply.

Figure 8: Power Supplies

Power Connector (6P Terminal Block)

Input DC 12-58V

PWR1 +/- Power Input 1 +/-

PWR2 +/- Power Input 2 +/-

ALM Alarm relay output

Alarm Relay and Ground ConnectionThe alarm relay output contacts are in the middle of the DC terminal block connector as shown in Figure9.

The alarm relay out is “Normal Open,” and it will be closed when detected any predefined failure such aspower failures or Ethernet link failures.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 21

Page 22: ISW Series Managed Industrial Ethernet Switch Hardware

The relay output with current carrying capacity of 0.5A @ 24 VDC.

Figure 9: Alarm Relay and Ground Connector

Console ConnectionThe Console port is for local management by using a terminal emulator or a computer with terminalemulation software.

Figure 10: ISW Console Port

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 22

Page 23: ISW Series Managed Industrial Ethernet Switch Hardware

To connect the host PC to the switch, use the supplied RJ45 (male) connector-to-RS232 DB9 (female)connector. Connect the RJ45 connector to the switch's Console port shown in Figure 10, and thenconnect the DB9 connector to the PC COM port.

ImportantUsing a different cable than the one provided with the switch may cause bootup issues.

Once the host PC is connected to the switch, enter the following terminal settings:

• Speed (baud rate): 115200 bps

• Data bits: 8

• Stop bits: 1

• Parity: None

• Flow control: None

The pin assignment of the Console cable is shown in Figure 11.

Figure 11: Console Cable Pin Assignment

System ResetThe Reset button is provided to reboot the system without the need to remove power. Under normalcircumstances, you will not have to use it. However, on rare occasions, the ISW may not respond andyou may need to push the Reset button.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 23

Page 24: ISW Series Managed Industrial Ethernet Switch Hardware

Connecting & Logging in to the Switch1 Connect to ISW Ethernet port (RJ45 Ethernet port) using factory default IP: 192.0.2.1.

2 Log in with default account and password (admin / [none])

3 Optional: Change the IP with commands listed below:

enableconfigure terminalinterface vlan 1ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxxexit

4 To log in to the web interface, enter your switch's IP address in a web browser.

Refer to Web Browser Support on page 24 to ensure your browser is supported.

5 Enter the account name and password.

6 Click Sign in.

For information on configuring and monitoring the switch through the web interface, see the ISW-SeriesManaged Industrial Ethernet Switch Web Configuration Guide.

Web Browser Support

Internet Explorer

IE 7 (or newer version) with the following default settings is recommended:

Language script Latin based

Web page font Times New Roman

Plain text font Courier New

Encoding Unicode (UTF-8)

Text size Medium

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 24

Page 25: ISW Series Managed Industrial Ethernet Switch Hardware

Firefox

Firefox with the following default settings is recommended:

Web page font Times New Roman

Encoding Unicode (UTF-8)

Text size 16

Chrome

Google Chrome with the following default settings is recommended:

Web page font Times New Roman

Encoding Unicode (UTF-8)

Text size Medium

Monitoring the Ethernet InterfaceBy RJ45 Ethernet: See the figures in Industrial Switch Series Overview on page 7 for monitoring 8Gigabit Ethernet with copper connector (RJ45). Also refer to Table 3 on page 13 for the normaloperational LED status.

By SFP: See the figures in Industrial Switch Series Overview on page 7 for monitoring 4 Gigabit Ethernetwith SFP connector. Also refer to Table 3 on page 13 for the normal operational LED status.

Upgrading and Downgrading Software1 From the web UI, go to Maintenance > > Software > > Upload page.

2 Select the software file, and click Upload.

3 After beginning the upload process, do not cold/warm start device. Instead, wait for auto-reboot,and then the upgrade can complete.

Resetting Configuration Defaults via CLI CommandIf you want to reset the configuration to default, but keep management IP settings, do the following:

1 Execute the command: reload defaults keep-ip

2 Check interface VLAN (Virtual LAN) and IP address, and confirm only management IP setting is kept.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 25

Page 26: ISW Series Managed Industrial Ethernet Switch Hardware

3 Execute the command: copy running-config startup-config

If you want to reset all configurations to the default:

4 Execute the command: reload defaults

5 Check interface VLAN and IP address, and confirm they all change to default settings.

6 Execute the command: copy running-config startup-config

Resetting Configuration Defaults via Web UIIf you want to reset the configuration to default, but keep management IP settings, do the following:

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 26

Page 27: ISW Series Managed Industrial Ethernet Switch Hardware

1 Go to Maintenance > Factory Default and click Yes.

2 Go to Maintenance > Configuration > Save startup-config and click Save Configuration.

If you want to reset all configurations to the default:

3 Go to Maintenance > Configuration > Activate.

4 Select default-config and then click Activate Configuration.

5 Change PC’s IP address belong to 192.0.2.X networks.

6 Change web’s IP be 192.0.2.1 (default IP) to login DUT’s Web UI.

7 Go to Maintenance > Configuration > Save startup config and then click Save Configuration.

Installing Industrial Switches

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 27

Page 28: ISW Series Managed Industrial Ethernet Switch Hardware

3 ISW Application Guides

VLAN Application GuideSecurity Application GuideRing Version 2 Application GuideQoS Application GuideIGMP Application Guide802.1x Authentication Application GuidePower over Ethernet (PoE) Application Guide

This chapter describes how to configure VLAN (Virtual LAN)s in ISW. The ISW supports up to 2048VLANs. Ports are grouped into broadcast domains by assigning them to the same VLAN. Framesreceived in on VLAN can only be forwarded within that VLAN, and multicast frames and unknownunicast frames are flooded only to ports in the same VLAN.

VLAN Application Guide

Example 1: Default VLAN SettingsEach port in the ISW has a configurable default VLAN number, known as its PVID. This places all portson the same VLAN initially, although each port PVID is configurable to any VLAN number between 1 and4094.

The default configuration settings for ISW have all ports set as untagged members of VLAN 1 with allports configured as PVID=1. In default configuration example shown in the following figure, all incomingpackets are assigned to VLAN 1 by the default port VLAN identifier (PVID=1).

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 28

Page 29: ISW Series Managed Industrial Ethernet Switch Hardware

Example 2: Port-based VLANsWhen the ISW receives an untagged VLAN packet, it will add a VLAN tag to the frame according to thePVID setting on a port. As shown in the following figure, the untagged packet is marked (tagged) as itleaves the ISW through Port 2, which is configured as a tagged member of VLAN100. The untaggedpacket remains unchanged as it leaves the ISW through Port 7, which is configured as an untaggedmember of VLAN100.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 29

Page 30: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Port-based VLANs from the Web UI

1 Go to Configuration > VLANs > Port VLAN configuration table and configure PVID 100 on Port 1,Port 2, and Port 7.

2 Select Configuration > VLAN > Static > VLAN.

3 Create a VLAN with VLAN ID 100.

4 Enter a VLAN name in the Name field.

5 Assign VLAN tag setting to or remove it from a port by toggling the check box under the individualport number.

The tag settings determine if packets that are transmitted from the port tagged or untagged withthe VLAN ID. The possible tag settings are:

Tag All Specifies that the egress packet is tagged for the port.

Untag port VLAN Specifies that the egress packet is untagged for the port.

Untag All Specifies that all frames, whether classified to the Port VLAN or not, are transmittedwithout a tag.

6 Transmit untagged unicast packets from Port 1 to Port 2 and Port 7.

The ISW should tag it with VID 100. The packet has access to Port2 and Port 7. The outgoing packetis stripped of its tag to leave Port 7 as an untagged packet. For Port 2, the outgoing packet leaves asa tagged packet with VID 100.

7 Transmit untagged unicast packets from Port 2 to Port 1 and Port 7.

The ISW should tag it with VID 100. The packet has access to Port1 and Port 7. The outgoing packetis stripped of its tag to leave Port 7 as an untagged packet. For Port 1, the outgoing packet leaves asa tagged packet with VID 100.

8 Transmit untagged unicast packets from Port 7 to Port 1 and Port 2.

The ISW should tag it with VID 100. The packet has access to Port1 and Port 2. For Port 1 and Port 2,the outgoing packet leaves as a tagged packet with VID 100.

9 Repeat step 6 on page 30 using broadcast and multicast packets.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 30

Page 31: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Port-based VLANs from the CLI

To configure VLANs from the CLI, execute the following commands:

vlan 1vlan 100interface GigabitEthernet 1/1switchport access vlan 100switchport trunk native vlan 100switchport trunk allowed vlan 1,100switchport trunk vlan tag nativeswitchport mode trunkexitinterface GigabitEthernet 1/2switchport access vlan 100switchport trunk native vlan 100switchport trunk allowed vlan 1,100switchport trunk vlan tag nativeswitchport mode trunkexitinterface GigabitEthernet 1/7switchport access vlan 100switchport trunk native vlan 100switchport trunk allowed vlan 1,100switchport mode trunkexit

Example 3: IEEE 802.1Q TaggingISW is able to construct Layer-2 broadcast domain by identifying VLAN ID specified by IEEE 802.1Q. Itforwards a frame between bridge ports assigned to the same VLAN ID and can set multiple VLANs oneach bridge port.

In the following figure, the tagged incoming packets are assigned directly to VLAN 100 and VLAN 200because of the tag assignment in the packet. Port 2 is configured as a tagged member of VLAN 100,and Port 7 is configured as an untagged member of VLAN 200. Hosts in the same VLAN communicatewith each other as if they in a LAN. However, hosts in different VLANs cannot communicate with eachother directly.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 31

Page 32: ISW Series Managed Industrial Ethernet Switch Hardware

In this case:

1 The hosts from Group A can communicate with each other.

2 The hosts from Group B can communicate with each other.

3 The hosts of Group A and Group B can’t communicate with each other.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 32

Page 33: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring 802.1Q Tagging from the Web UI

Go to Configuration > > VLANs > Port VLAN configuration table and specify the VLANmembership:

a Transmit unicast packets with VLAN tag 100 from Port 1 to Port 2 and Port 7.

The ISW should tag it with VID 100. The packet only has access to Port2. For Port 2, the outgoingpacket leaves as a tagged packet with VID 100.

b Transmit unicast packets with VLAN tag 200 from Port 1 to Port 2 and Port 7.

The ISW should tag it with VID 200. The packet only has access to Port7. The outgoing packet onPort 7 is stripped of its tag as an untagged packet.

c Transmit unicast packets with VLAN tag 100 from Port 2 to Port 1 and Port 7.

The ISW should tag it with VID 100. The packet only has access to Port1. For Port 1, the outgoingpacket leaves as a tagged packet with VID 100.

d Transmit unicast packets with VLAN tag 200 from Port 7 to Port 1 and Port 2.

The ISW should tag it with VID 200. The packet only has access to Port1. The outgoing packet onPort 1 will leave as a tagged packet with VID 200.

e Repeat the above steps using broadcast and multicast packets.

Configuring 802.1Q Tagging from the CLI

vlan 100vlan 200interface GigabitEthernet 1/1switchport access vlan 100switchport trunk allowed vlan 1,100,200switchport trunk vlan tag nativeswitchport mode trunkexitinterface GigabitEthernet 1/1switchport access vlan 100switchport trunk allowed vlan 1,100switchport trunk vlan tag nativeswitchport mode trunk

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 33

Page 34: ISW Series Managed Industrial Ethernet Switch Hardware

exitinterface GigabitEthernet 1/7switchport access vlan 100switchport trunk allowed vlan 1,200switchport trunk vlan tag nativeswitchport mode trunkexit

Security Application GuideACL (Access Control List) function supports access control security for MAC address, IP address, Layer4Port, and Type of Service. Each has five actions: Deny, Permit, Queue Mapping, CoS (Class of Service)Marking, and Copy Frame. You can set the default ACL rule to Permit or Deny.

To get more clearly for these ACL function, see following table.

Default ACL Rule Actions

Deny PermitQueueMapping

CoS Marking Copy Frame

Permit (a) (b) (c) (d) (e)

Deny (f) (g) (h) (i) (j)

Brief descriptions of the above table:

(a): Permit all frames, but deny frames set in ACL entry.

(b): Permit all frames.

(c): Permit all frames, and to do queue mapping of the transmitting frames.

(d): Permit all frames, and to change CoS value of the transmitting frames.

(e): Permit all frames, and to copy frame which set in ACL entry to a defined GE port.

(f): Deny all frames.

(g): Deny all frames, but permit frames set in ACL entry.

(h): Deny all frames.

(i): Deny all frames.

(j): Deny all frames, but to copy frame which set in ACL entry to a defined GE port.

Case 1: ACL for MAC AddressFor MAC address ACL, it can filter on source MAC address, destination MAC address, or both. When itfilters on both MAC address, packets coincident with both rules will take effect. In other words, it doesnot do filter if it only coincident with one rule.

If you want to filter only one directional MAC address, the other MAC address just set to all zero. Itmeans “don’t care” portion. Besides MAC address, it also supports VLAN and Ether type for filter

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 34

Page 35: ISW Series Managed Industrial Ethernet Switch Hardware

additionally. Certain VLAN or Ether type under these MAC address will take effect. If you don’t careVLAN or Ether type, you can just set to zero values.

Following are examples about the above table:

Case 1: (a)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “deny” actionfor ACL. It means GE port can pass through all packets but not ACL entry of the profile binding.

Case 1: (b)

This case acts as no ACL function. It means all frames will pass through.

Case 1: (c)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “QueueMapping” action for some ACL function. It means GE port can do queue mapping 0~7 of the framereceived from this port.

Case 1: (d)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “CoS Marking”action for some ACL function. It means GE port can remark CoS of the VLAN frame received from thisport.

Case 1: (e)

You can set default ACL Rule of GE port as “Permit”, then to bind a suitable profile with “Copy Frame”action for mirror analyzer used. It means the system will copy frames from binding GE Port to analyzerport.

Case 1: (f)

This case means all frames will not pass through.

Case 1: (g)

You can set default ACL Rule of GE port as “Deny”, then to bind a suitable profile with “Permit” actionfor ACL. It means GE port can not pass through all packets but ACL entry of the profile binding.

Case 1: (h)

Because the default ACL Rule of GE port is “Deny”, Queue Mapping action has no sense. We do not dothis case.

Case 1: (i)

Because the default ACL Rule of GE port is “Deny”, CoS Marking action has no sense. We do not do thiscase.

Case 1: (j)

You can set default ACL Rule of GE port as “Deny”, then to bind a suitable profile with “Copy Frame”action for mirror analyzer used. It means the system will copy frames from binding GE Port to analyzerport. There is no frame received from the denied GE port but the mirror analyzer port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 35

Page 36: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring One-directional MAC Address with One VLAN Deny Filtering (Web UI)

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2Click to create a new ACL Profile (profile name: DenySomeMac).

3 Create a new ACL Entry rule under this ACL profile. (Deny MAC: 11 and VLAN: 4)

4 Bind this ACL profile to a GE port (PORT4).

5 Send frames between PORT3 and PORT4, and see test result.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 36

Page 37: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring One-directional MAC Address with One VLAN Deny Filtering (CLI Commands)

access-list ace 1 ingress interface GigabitEthernet 1/4 policy 1 vid 4 frametype etype smac 00-00-00-00-00-11 action denyexitinterface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativevlan 4exit

ConfiguringTwo-directional MAC Address with all VLAN Deny Filtering (Web UI)

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2Click the second to create a new ACL Profile after the first one (profile name: DenySomeMac).

3 Create a new ACL Entry rule under this ACL profile (Deny SrcMAC: 13 and DesMAC: 11).

4 Bind this ACL profile to a GE port (PORT3).

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 37

Page 38: ISW Series Managed Industrial Ethernet Switch Hardware

5 Send frames between PORT3 and PORT4, and see test result.

ConfiguringTwo-directional MAC Address with all VLAN Deny Filtering (CLI Commands)

access-list ace 2 ingress interface GigabitEthernet 1/3 policy 0 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11 action denyexitinterface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 38

Page 39: ISW Series Managed Industrial Ethernet Switch Hardware

interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativevlan 4exit

Configuring One-directional MAC Address with CoS Marking Action (one VLAN, and don’t careEther Type) – Web UI

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2 Create a new ACL Profile (profile name: CoSMarkingTest).

3 Create a new ACL Entry rule under this ACL profile (Filter SrcMAC: 11 and VLAN ID: 4 frame to CoS:2).

4 Bind this ACL profile to a GE port (PORT4).

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 39

Page 40: ISW Series Managed Industrial Ethernet Switch Hardware

5 Send frames between PORT3 and PORT4, and see test result.

Configuring One-directional MAC Address with CoS Marking Action (one VLAN, and don’t careEther Type) – CLI Commands

access-list ace 1 next 2 ingress interface GigabitEthernet 1/4 policy 1 vid 4 frametype etype smac 00-00-00-00-00-11 action denyexitinterface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativeexit

Configuring Two-directional MAC Address with Copy Frame action (Don’t care VLAN ID, EtherType) – Web UI

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2 Create a new ACL Profile (profile name: CopyFrameTest).

3 Create a new ACL Entry rule under this ACL profile (SrcMAC: 13 and DesMAC: 11).

4 Set analyzer port to enable and mirror analyzer port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 40

Page 41: ISW Series Managed Industrial Ethernet Switch Hardware

5 Bind this ACL profile to a GE port (PORT3).

6 Send frames between PORT3 and PORT4, and see test result.

Configuring Two-directional MAC Address with Copy Frame action (Don’t care VLAN ID, EtherType) – CLI Commands

access-list ace 2 next 3 ingress interface GigabitEthernet 1/3 policy 0 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11 action deny mirror redirect interface GigabitEthernet 1/5exit

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 41

Page 42: ISW Series Managed Industrial Ethernet Switch Hardware

interface GigabitEthernet 1/3switchport trunk allowed vlan 4,5switchport trunk vlan tag native!interface GigabitEthernet 1/4switchport trunk allowed vlan 4,5switchport trunk vlan tag nativeexit

Configuring One-directional MAC Address with One VLAN Permit Filtering (Web UI)

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2 Create a new ACL Profile (profile name: AllowSomeMac).

3 Create a new ACL Entry rule under this ACL profile (allow MAC: 11 and VLAN: 4).

4 Bind this ACL profile to a GE port (PORT4.)

5 Send frames between PORT3 and PORT4, and see test result.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 42

Page 43: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring One-directional MAC Address with One VLAN Permit Filtering (CLI Commands)

access-list ace 4 ingress interface GigabitEthernet 1/4 policy 3 tag tagged vid 4 frametype etype smac 00-00-00-00-00-11exit interface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativeexit

Configuring Two-directional MAC Address with All VLAN Permit Filtering (Web UI)

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2 Create a new ACL Profile (profile name: AllowSomeMac).

3 Create a new ACL Entry rule under this ACL profile (allow SrcMAC: 13 and DesMAC: 11).

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 43

Page 44: ISW Series Managed Industrial Ethernet Switch Hardware

4 Bind this ACL profile to a GE port (PORT3).

5 Send frames between PORT3 and PORT4 (see test result below).

Configuring Two-directional MAC Address with All VLAN Permit Filtering (CLI Commands)

access-list ace 5 ingress interface GigabitEthernet 1/3 policy 5 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11exitinterface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!interface GigabitEthernet 1/4

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 44

Page 45: ISW Series Managed Industrial Ethernet Switch Hardware

switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativeexit

Configuring One-directional MAC Address with Copy Frame Action (don’t care VLAN, EtherType) – Web UI

1 Navigate to Configuration > Security > Network > ACL > Access Control List.

2 Create a new ACL Profile (profile name: CopyFrameTest).

3 Create a new ACL Entry rule under this ACL profile (SrcMAC: 13 and DesMAC: 11).

4 Bind this ACL profile to a GE port (PORT3).

5 Save the entry.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 45

Page 46: ISW Series Managed Industrial Ethernet Switch Hardware

6 From Configuration > Mirroring, set the analyzer port to enable and mirror analyzer port.

7 Send frames between PORT3 and PORT4, see test result.

Configuring One-directional MAC Address with Copy Frame Action (don’t care VLAN, EtherType) – CLI Commands

access-list ace 5 next 6 ingress interface GigabitEthernet 1/3 policy 5 frametype etype smac 00-00-00-00-00-13 dmac 00-00-00-00-00-11Exit

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 46

Page 47: ISW Series Managed Industrial Ethernet Switch Hardware

monitor destination interface GigabitEthernet 1/5 monitor source cpu bothexitinterface GigabitEthernet 1/3 switchport trunk allowed vlan 4,5 switchport trunk vlan tag native!interface GigabitEthernet 1/4 switchport trunk allowed vlan 4,5 switchport trunk vlan tag nativeexit

Case 2: ACL for IP addressFor IP address ACL, it can filter on source IP address, destination IP address, or both. It also supports toset IP range ACL. When it filters on both IP address, packets coincident with both rules will take effect.In other words, it does not do filter if it only coincident with one rule.

If you want to filter only one directional IP address, the other IP address just set to all zero. It meansdon’t care portion. Besides IP address, it also supports Protocol for filter additionally. (TCP=6, UDP=17,etc.) Certain Protocol under these IP addresses will take effect. If you use doesn’t care Protocol, you canjust set to zero value. The detail testing (refer to MAC ACL above).

Case 3: ACL for L4 PortFor Layer4 port ACL, it can filter on (1) source IP address, (2) source L4 port, (3) destination IP address,(4) destination L4 port, and (5) UDP or TCP Protocol. You can select to filter on (1)~(4) for all or somespecific values, but it should select exact one Protocol from UDP or TCP.

When it filters on both directional IP address and L4 port, packets coincident with both rules will takeeffect. In other words, it does not do filter if it only coincident with one rule.

If you want to filter only one directional IP address or L4 port, the other IP address and L4 port must beset to all zeroes. It means don’t care portion. The detail testing (refer to MAC ACL above).

Case 4: ACL for ToSFor Type of Service (ToS) ACL, it can filter on (1) source IP address with ToS type , or (2) destination IPaddress with ToS type, or (3) both, or (4) both not (just filter ToS). When it filters on both IP address,packets coincident with both rules will take effect. In other words, it does not do filter if it onlycoincident with one rule.

If you want to filter only one directional IP address, the other IP address must be set to all zeroes. Itmeans don’t care portion. The detail testing, please refer to case 1 MAC ACL above.

Valid Values: Precedence: 0-7, ToS: 0-15, DSCP: 0-63

Value 7 is reserved and set to 0.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 47

Page 48: ISW Series Managed Industrial Ethernet Switch Hardware

Examples:

• Pre (001) means 1

• Pre (100) means 4

• ToS (00010) means 1

• ToS (10000) means 8

• DSCP (000001) means 1

• DSCP (100000) means 32

Ring Version 2 Application GuideHaving a reliable network is very important to Ethernet applications, especially in an Industrial domain.Extreme Networks ISW Series Industrial Switches provide fast failover ring protection; this feature offersa seamless working network even if encountering some matters with connections. It is able to beapplied by Ethernet cable and Fiber.

Ring Version 2 Features

Group 1 - It supports options ring-master and ring-slave.

# Ring - it could be master or slave.

# When role is ring master, one ring port is forward port and another is block port. The block port is redundant port. It is blocked in normal state.

# When role is ring/slave, both ring ports are forward port.

Group 2 - It supports configuration of the ring, coupling and dual-homing.

# Ring - it could be master or slave.

# Coupling - it could be primary and backup.

# When role is coupling/primary, only it need configure one ring port named primary port.

# When role is coupling/backup, only it need configure one ring port named backup port. This backupport is redundant port. In normal state, it is blocked.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 48

Page 49: ISW Series Managed Industrial Ethernet Switch Hardware

# Dual-Homing

# When role is dual-homing, one ring port is primary port and another is backup port. This backup portis redundant port. In normal state, it is blocked.

Group 3 - It supports configuration of the chain and balancing-chain.

# Chain - it could be head, tail or member.

# When role is chain/head, one ring port is head port and another is member port. Both ring ports areforwarded in normal state.

# When role is chain/tail, one ring port is tail port and another is member port. The tail port isredundant port. It is blocked in normal state.

# When role is chain/member, both ring ports are member port. Both ring ports are forwarded innormal state.

# Balancing Chain - it could be central-block, terminal-1/2 or member.

# When role is balancing-chain/central-block, one ring port is member port and another is block port.The block port is redundant port. It is blocked in normal state.

# When role is balancing-chain/terminal-1/2, one ring port is terminal port and another is member port.Both ring ports are forwarded in normal state.

# When role is balancing-chain/member, both ring ports are member port. Both ring ports areforwarded in normal state.

Note

1 Enable group1 before configure group2 as coupling.

2 When group1 or group2 is enabled, the configuration of group3 is invisible.

3 When group3 is enabled, the configuration of group1 and group3 is invisible.

Configuring Ringv2 (Console)To configure the ring protection in ISW series management switch:

1 Log in to the console with the admin account.

2 Go to Configure mode by executing: configure terminal

3 Go to configure ring protection group by executing: ringv2 protect group1

4 Before configuring the ring, you must disable ring protection status by executing: mode disable

5 Set all necessary parameters:

For Node 1 and Node 2, choose the ports that you connect with other switch. For example, choosePORT-1 and PORT-2 that means PORT-1 is one of the ports connected with other switch, so isPORT-2. Then choose one of ring connection devices be “Master” that can accept the “Node 2 port”and be the blocking port.node1 interface GigabitEthernet 1/1node2 interface GigabitEthernet 1/2role ring-master

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 49

Page 50: ISW Series Managed Industrial Ethernet Switch Hardware

6 To finish, enable ring protection status by executing command: mode enable

ImportantNote the status of Previous Command Result after every action.

configure terminalring protect group1mode disablenode1 interface GigabitEthernet 1/1node2 interface GigabitEthernet 1/2role ring-mastermode enableexit

Configuring Ringv2 (Web UI)This section introduces the Industrial Switch Series Software Spec for Ringv3.

In the current design, one device supports a three-ring index, including Ring & Chain (single ring, dualring, coupling, dual-homing, chain, and balancing-chain.)

Note

1 Enable group1 before configure group2 as coupling.

2 When group1 or group2 is enabled, the configuration of group3 is invisible.

3 When group3 is enabled, the configuration of group1 and group3 is invisible.

1 Disable RSTP on all ring ports by navigating to Configuration > Spanning Tree > CIST ports.

2 Clear STP Enabled on the desired ring ports.

3 Click Save.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 50

Page 51: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Ring Master

1 Navigate to Configuration > RingV2.

2 Enable Index1, and select role as Ring(Master).

3 Select one port as a Forward Port, and another as Block Port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 51

Page 52: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Ring Slave

1 Navigate to Configuration > RingV2.

2 Enable Index1, and select role as Ring(Slave).

3 Select two ports as Forward Ports.

Configuring the Coupling Primary

1 Navigate to Configuration > RingV2.

2 Enable Index1, and select role as Ring(Slave).

3 Select two ports as Forward Ports.

4 Enable Index2, and select role as Coupling(Primary).

5 Select one port as a Primary Port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 52

Page 53: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring the Coupling Backup

1 Navigate to Configuration > RingV2.

2 Enable Index1, and select role as Ring(Slave).

3 Select two ports as Forward Ports.

4 Enable Index2, and select role as Coupling(Backup).

5 Select one port as a Backup Port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 53

Page 54: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Dual-Homing

1 Navigate to Configuration > RingV2.

2 Enable Index1, and select role as Ring(Slave).

3 Select two ports as Forward Ports.

4 Enable Index2, and select role as Dual Homing.

5 Select one port as a Primary Port, and the other as Backup Port.

Chain Configuration

Configuring Chain Member

1 Navigate to Configuration > RingV2.

2 Disable Index1 and Index2, and then enable Index3.

3 Select role as Chain(Member).

4 Select two member ports for this chain member switch.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 54

Page 55: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Chain Head

1 Navigate to Configuration > RingV2.

2 Disable Index1 and Index2, and then enable Index3.

3 Select role as Chain(Head).

4 Select a member port and a head port for this chain head switch.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 55

Page 56: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Chain Tail

1 Navigate to Configuration > RingV2.

2 Disable Index1 and Index2, and then enable Index3.

3 Select role as Chain(Tail).

4 Select a member port and a tail port for this chain tail switch.

Balance Chain Configuration

Configuring Balance Chain – Central Block

1 Navigate to Configuration > RingV2.

2 Disable Index1 and Index2, and then enable Index3.

3 Select role as Balancing Chain(Central Block).

4 Select a member port and a block port for this central block switch.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 56

Page 57: ISW Series Managed Industrial Ethernet Switch Hardware

Configuring Balance Chain (Terminal-1 or -2

1 Navigate to Configuration > RingV2.

2 Disable Index1 and Index2, and then enable Index3.

3 Select role as Balancing Chain(Terminal-1 or -2).

4 Select a member port and a terminal port for this balancing chain terminal switch.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 57

Page 58: ISW Series Managed Industrial Ethernet Switch Hardware

QoS Application GuideQoS (Quality of Service) features allow you to allocate network resources to mission-critical applicationsat the expense of applications that are less sensitive to such factors as time delays or networkcongestion. You can configure your network to prioritize specific types of traffic, ensuring that eachtype receives the appropriate QoS level.

SP/SPWRRThe KGS can be configured to have 8 output CoS queues (Q0~Q7) per port, into which each packet isplaced. Q0 is the highest priority Queue. Each packet’s 802.1p priority determines its CoS queue. Youneed to bind VLAN priority/queue mapping profile to each port, for every VLAN priority need assign atraffic descriptor for it. The traffic descriptor defines the shape parameter on every VLAN priority forEthernet interface. Currently KGS supports Strict Priority and SP+WRR (Weighted Round Robin)scheduling methods on each port. Please find the detail reference on ISW user manual.

Default Priority and Queue mapping is as follows:

Priority0 Priority1 Priority2 Priority3 Priority4 Priority5 Priority6 Priority7

Queue0 Queue1 Queue2 Queue3 Queue4 Queue5 Queue6 Queue7

SPQ SPQ SPQ SPQ SPQ SPQ SPQ SPQ

Application ExamplesFollowing we provide several examples for various QoS combinations and you can configure QoS usingthe web-based management system, CLI or SNMP (Simple Network Management Protocol).

Example 1: SPQ without Shaping (Default profile)

We send 2 Streams (Stream0, Stream1) from PORT-1 to PORT-2. Both 2 Streams each have 100Mbps.Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority7. Set PORT-2 link speed to 100Mbps.

Expected Result

We expect PORT-2 only can receive 100Mbps of Stream1, and Stream0 will be discarded. This case willhelp you to understand how SPQ works on the ISW.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 58

Page 59: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 12: Gigabit port VLAN Priority & Queue Mapping

Stream0:

• Dst Mac : 00:00:00:00:20:01

• Src Mac : 00:00:00:00:10:01

• Vlan : 100

• Vlan prio : 0

• Send rate : 100Mbps

• Packet length: 1518bytes

Stream1:

• Dst Mac : 00:00:00:00:20:02

• Src Mac : 00:00:00:00:10:02

• Vlan : 100

• Vlan prio : 7

• Send rate : 100Mbps

• Packet length: 1518bytes

Web Management

1 Navigate to Configuration > Ports.

2 Set port 2 link speed to 100Mbps full duplex.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 59

Page 60: ISW Series Managed Industrial Ethernet Switch Hardware

3 Select Configuration > VLANs and create a VLAN with VLAN ID 100.

4 Enter a VLAN name in the Name field. In this example, we set tagged VLAN100 on PORT1 andPORT2.

CLI Configuration

interface GigabitEthernet 1/1 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk!interface GigabitEthernet 1/2 switchport trunk native vlan 100 switchport trunk allowed vlan 1,100 switchport trunk vlan tag native switchport mode trunk

Example 2: SPQ with Shaping

We send two Streams (Stream0, Stream1) from port1 to port-2. Both streams each have 100 Mbps.Stream0 includes VLAN Priority0, Stream1 includes VLAN Priority7. Stream3 and Stream4 only forlearning which make sure the traffic are not flooding.

Expected Result

We expect PORT-2 only can receive 20Mbps of Stream1, and 80Mbps of Stream0. This case will helpyou to understand how SPQ works on the ISW.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 60

Page 61: ISW Series Managed Industrial Ethernet Switch Hardware

Figure 13: VDSL port VLAN Priority & Queue Mapping

Stream0:

• Dst Mac : 00:00:00:00:20:01

• Src Mac : 00:00:00:00:10:01

• Vlan : 100

• Vlan prio : 0

• Send rate : 100Mbps

• Packet length: 1518bytes

Stream1:

• Dst Mac : 00:00:00:00:20:02

• Src Mac : 00:00:00:00:10:02

• Vlan : 100

• Vlan prio : 7

• Send rate : 100Mbps

• Packet length: 1518bytes

Stream3: (for Learning)

• Dst Mac : 00:00:00:00:10:01

• Src Mac : 00:00:00:00:20:01

• Vlan : 100

• Vlan prio : 0

• Send rate : 10Mbps

• Packet length: 1518bytes

Stream4: (for Learning)

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 61

Page 62: ISW Series Managed Industrial Ethernet Switch Hardware

• Dst Mac : 00:00:00:00:10:02

• Src Mac : 00:00:00:00:20:02

• Vlan : 100

• Vlan prio : 0

• Send rate : 10Mbps

• Packet length: 1518bytes

Web Management

1 Navigate to Configuration > QoS > Port Shaping and create a QoS profile on Port 2.

2 Select schedule mode Strict Priority and set shaping rate for queue 0 and queue 7 as below.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 62

Page 63: ISW Series Managed Industrial Ethernet Switch Hardware

CLI Configuration

interface GigabitEthernet 1/2switchport trunk native vlan 100switchport trunk allowed vlan 1,100switchport trunk vlan tag nativeswitchport mode trunkqos queue-shaper queue 0 80000qos queue-shaper queue 7 20000

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 63

Page 64: ISW Series Managed Industrial Ethernet Switch Hardware

IGMP Application Guide

IGMP (Internet Group Management Protocol) is a communications protocol used to manage themembership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicastrouters to establish multicast group memberships. It is an integral part of the IP multicast specification,like ICMP (Internet Control Message Protocol) for unicast connections. IGMP can be used for onlinevideo and gaming, and allows more efficient use of resources when supporting these uses.

Example 1If every client should get multicast stream, navigate to Configuration > IPMC > Basic Configuration toselect the Snooping Enabled check box.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 64

Page 65: ISW Series Managed Industrial Ethernet Switch Hardware

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 65

Page 66: ISW Series Managed Industrial Ethernet Switch Hardware

Example 2

1 Navigate to Configuration > IPMC > Basic Configuration,

2 Select the Snooping Enabled check box.

3 Clear the Unregistered IPMCv4 Flooding Enabled check box.

4 If Multicast stream is from L3 switch, then the uplink port must be “Router Port.”

NoteIf an aggregation member port is selected as a router port, the whole aggregation will actas a router port.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 66

Page 67: ISW Series Managed Industrial Ethernet Switch Hardware

5 Go to Configuration > IPMC > VLAN Configuration.

6 Select the Snooping Enabled check box.

7 Set VLAN ID of port14.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 67

Page 68: ISW Series Managed Industrial Ethernet Switch Hardware

Example 3

In this scenario, these clients belong to multiple VLANs, so you have to create more one VLAN to be theagent for all client VLANs.

1 To create a VLAN, navigate to Configuration > VLANs > Allow Access VLANs.

2 Set port 14 be vlan200 member port.

3 Navigate to Configuration > IPMC > VLAN Configuration.

4 Select the Snooping Enable check box.

5 Set VLAN ID of port14.

6 If there is no querier on the L3 switch, you have to select Querier Election, and set the QuerierAddress. The IP address is in the same network as uplink interface.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 68

Page 69: ISW Series Managed Industrial Ethernet Switch Hardware

7 Select the IGMP version as server.

802.1x Authentication Application GuideIEEE 802.1x derives keys which can be used to provide per-packet authentication, integrity andconfidentially. Typically use along with well-known key derivation algorithms (e.g., TLS, SRP, MD5(Message-Digest algorithm 5)-Challenge, etc.). The Industrial Switch Series supports 802.1xauthentication function per port (port1~port10). You should enable 802.1x function of the system, andchoose ports and type you want to apply. If you enable 802.1x authentication control for an Ethernetport, it should be authenticated before using any service from the network.

802.1x Configuration Overview

Configuring RADIUS Server

1 Prepare a Linux PC with RADIUS (Remote Authentication Dial In User Service) server installed.

2 Edit secret key for RADIUS server using the following settingsclient 20.20.20.0/24 {.......secret = a1b2c3d4

}

NoteThe secret in the ISW should be the same as this one.

3 Edit user name and password for supplicant to authenticate with server with the following settings:test123.......Cleartext-Password := “test123”aaaa.......Cleartext-Password := “aaaa”

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 69

Page 70: ISW Series Managed Industrial Ethernet Switch Hardware

4 Set a static IP address for this RADIUS Server:

Setting: 20.20.20.20

5 Start the RADIUS server.

Supplicant’s NIC Setting

After setting this function in NIC, supplicant should enter a correct pair of account and password inorder to use this Ethernet port service from the ISW.

1 Configure a static IP address 20.20.20.10 and net mask 255.255.255.0 for supplicant.

(If there is a DHCP (Dynamic Host Configuration Protocol) server to assign IP address for supplicant,this step can be ignored.)

2 Select the IEEE802.1x Authentication Enable check box, and then set EAP type to MD5-Challenge.

Authentication Behavior

Supplicant should pass authentication process in order to use any service. After supplicant enterscorrect account and password which stored in RADIUS server, it can be authenticated successfully. Theauthentication process is as following.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 70

Page 71: ISW Series Managed Industrial Ethernet Switch Hardware

Example Configuration

Below is an example 802.1x Authentication via ISW to be authenticated by RADIUS server. In this basicexample, we take port 1 as a testing port, which enables 802.1x in ISW.

With default configuration, use the following web UI settings:

1 Navigate to Configuration > Security > > Network > NAS.

2 Select Enabled mode to enable authentication.

3 Set port1 and port2 as Port-based 802.1x.

4 Navigate to Configuration > Security > AAA > RADIUS.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 71

Page 72: ISW Series Managed Industrial Ethernet Switch Hardware

5 Click Add New Server and enter 20.20.20.20 as the server and a1b2c3d4 as the secret key.

6 Click Save.

CLI Command Configuration Example

configure terinterface vlan 1ip address 20.20.20.120 255.0.0.0exitexitradius-server host 20.20.20.20 timeout 5 retransmit 3 key a1b2c3d4dot1x re-authenticationdot1x system-auth-controlinterface GigabitEthernet 1/1dot1x port-control auto

802.1x Timer Parameters

Item Parameter (sec) Description

1 ReAuth Period ISW will restart authentication after each Reauth-Period when authenticationsuccess and ReAuth option is enabled

2 Quiet Period ISW will wait QuietPeriod to restart authentication process again whenauthentication failed in previous time.

3 Tx Period ISW will send EAP-request to Supplicant every TxPeriod when authenticationis running and Quiet Period is not running.

4 Supplicant Timeout ISW will wait SupplicantTmeout to receive response from Supplicant.

5 Server Timeout ISW will wait ServerTimeout to receive response from RADIUS server.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 72

Page 73: ISW Series Managed Industrial Ethernet Switch Hardware

Power over Ethernet (PoE) Application GuideThe ISW series switches support PoE function for connected powered device. The operation modecontains 802.3af (15.4W), 802.3at (30W). Each port has five classes for selection (class 0–4). Totalpower budget of the system is up to 240 watts.

For power management friendly use, it supports power scheduler for each PoE port. Each time intervalis 30 minutes from Sunday to Saturday. Customer can select which interval to set PoE on or PoE off. Italso supports PoE reset function to power off, then power on the PoE function on a port at certain time.Maximum five time can be created in a week.

Reserved Power Determination

There are three modes for configuring how the ports/PDs may reserve power:

Class Mode In this mode each port automatically determines how much power to reserve according to theclass the connected PD belongs to, and reserves the power accordingly. Five different portclasses exist and one for 4, 7, 15.4 or 30 Watts.

AllocatedMode

In this mode, you allocate the amount of power that each port may reserve. The allocated/reserved power for each port/PD is specified in the Maximum Power fields.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 73

Page 74: ISW Series Managed Industrial Ethernet Switch Hardware

LLDP-MEDMode

This mode is similar to the Class mode expect that each port determine the amount power itreserves by exchanging PoE information using the LLDP (Link Layer Discovery Protocol) protocoland reserves power accordingly. If no LLDP information is available for a port, the port willreserve power using the class mode.

NoteFor all modes: If a port uses more power than the reserved power for the port, the port is shutdown.

Power Management Mode

There are two modes for configuring when to shut down the ports:

ActualConsumption

In this mode the ports are shut down when the actual power consumption for all ports exceedsthe amount of power that the power supply can deliver or if the actual power consumption for agiven port exceeds the reserved power for that port. The ports are shut down according to theports priority. If two ports have the same priority the port with the highest port number is shutdown.

Port Priority: Critical > High > Low.

When priorities are the same, the lowest number of the port has higher priority.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 74

Page 75: ISW Series Managed Industrial Ethernet Switch Hardware

Reserved Power In this mode the ports are shut down when total reserved powered exceeds the amount ofpower that the power supply can deliver. In this mode the port power is not turned on if the PDrequests more power than available from the power supply.

Other PoE Parameters

PoE PowerSupply

For being able to determine the amount of power the PD may use, it must be defined whatamount of power a power source can deliver. Valid values are in the range 0 to 240 Watts.

PoE Mode The PoE Mode represents the PoE operating mode for the port.

• Disable: PoE disabled for the port.

• Enable: Enables PoE for the port.

• Schedule: Enables PoE for the port by scheduling.

Operation Mode The Operation Mode represents the PoE power operating protocol for the port.

• 802.3af : Sets PoE protocol to IEEE 802.3af.

• 802.3at : Sets PoE protocol to IEEE 802.3at.

PoE Priority The Priority represents the port's priority. There are three levels of power priority named Low,High, and Critical.The priority is used in the case where the remote devices require more power than the powersupply can deliver. In this case the port with the lowest priority will be turn off starting from theport with the highest port number.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 75

Page 76: ISW Series Managed Industrial Ethernet Switch Hardware

MaximumPower

The Maximum Power value contains a numerical value that indicates the maximum power inwatts that can be delivered to a remote device.

PoE Power Scheduling & ResetThe power scheduling is used to control the power alive interval on PoE port. It is allowed to set thespecific interval to schedule power on/off in one week.

The current scheduling state is displayed graphically during the week. Green indicates the power is onand red that it is off. Directly changes checkmarks to indicate which day are members of the timeinterval. Check or uncheck as needed to modify the scheduling table.

Day Checkmarks indicate which day are members of the set. From Sunday to Saturday.

Interval There are 48 time interval one day. Each interval has 30 minutes.

• Start - Select the start hour and minute.

• End - Select the end hour and minute.

Action • Power On - Select the radio button to apply power on during the interval.

• Power Off - Select the radio button to apply power off during the interval.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 76

Page 77: ISW Series Managed Industrial Ethernet Switch Hardware

PoEPowerReset

The entry is used to control the power reset time on PoE port. It is allowed to create at maximum five entries for each PoE port.

PoE Example 1

1 Parameter Setting:

• Reserved Power determined: Class

• Power Management Mode: Actual Consumption

• Primary Power Supply: 6W

2 Test Port

• Port 1: 802.3at with critical priority

• Port 2: 802.3af with high priority

• Port 3: 802.3af with low priority

3 PD Power Consumption

• Port 1: 1.3 watt (PoE Splitter)

• Port 2: 1.3 watt (PoE VoIP Phone)

• Port 3: 3.8 watt (PoE WiFi AP)

4 Web Configuration

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 77

Page 78: ISW Series Managed Industrial Ethernet Switch Hardware

5 Test Result:

PoE port status can be monitored from the Monitor > PoE menu.

If system budget is not enough for all PoE devices, the port with higher priority port will get powerfirst. The last priority port (Port 3) will not be powered.

PoE Example 2

1 Parameter Setting:

• Reserved Power determined: Allocation

• Power Management Mode: Reserved Power

• Primary Power Supply: 138 W (> all port reserved power)

2 Port Maximum Power

• Port 1: 30 W

• Port 2~ Port8: 15.4 W

• Total: 137.8 W

3 PD Power Consumption

• Port 1: 1.3 watt (PoE Splitter) Port 2: 1.3 watt (PoE VoIP Phone)

• Port 3: 3.8 watt (PoE WiFi AP)

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 78

Page 79: ISW Series Managed Industrial Ethernet Switch Hardware

4 Web Configuration

5 Test Result

PoE port status can be monitored by web: Monitor > PoE.

Because power has reserved for each port in advance, each powered device can use power budgetof its corresponding port without exceeding its maximum power.

ISW Application Guides

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 79

Page 80: ISW Series Managed Industrial Ethernet Switch Hardware

A Regulatory and ComplianceInformation

Federal Communications Commission (FCC) NoticeThis device complies with Part 15 of the FCC rules. Operation is subject to the following two conditions:(1) this device may not cause harmful interference, and (2) this device must accept any interferencereceived, including interference that may cause undesired operation.

NoteThis equipment has been tested and found to comply with the limits for a class A digitaldevice, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonableprotection against harmful interference when the equipment is operated in a commercialenvironment. This equipment uses, generates, and can radiate radio frequency energy and ifnot installed in accordance with the operator’s manual, may cause harmful interference toradio communications. Operation of this equipment in a residential area is likely to causeinterference in which case the user will be required to correct the interference at his ownexpense.

WarningChanges or modifications made to this device which are not expressly approved by the partyresponsible for compliance could void the user’s authority to operate the equipment.

Industry Canada NoticeCAN ICES-3 (A)/NMB-3(A)This digital apparatus does not exceed the class A limits for radio noise emissions from digital apparatusset out in the Radio Interference Regulations of the Canadian Department of Communications.

Le present appareil numerique n’emet pas de bruits radioelectriques depassant les limites applicablesaux appareils numeriques de la class A prescrites dans le Reglement sur le brouillage radioelectriqueedicte par le ministere des Communications du Canada.

Product SafetyThis product complies with the following international safety standards:

• UL 60950-1 2nd edition, A2:2014

• CAN/CSA-C22.2 No.60950-1-07 2nd Ed. 2014-10

• IEC 60950-1:2005 2nd+A1:2009+A2:2013

• EN 60950-1:2006+A11+A1+A12+A2

• 2014/35/EU (2006/95/EC will invalid by 20 April 2016)

Electromagnetic Compatibility (EMC)This product complies with the following:

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 80

Page 81: ISW Series Managed Industrial Ethernet Switch Hardware

FCC 47 CFR Part 15 Subpart B Class A (US), ICES-003 (Canada)EN 55022 (ITE Emissions), EN 55024 (ITE Immunity)2014/30/EU (EMC Directive), EN 50121-4: 2006, EN 55011(ISM)EN 61000-6-2 (Ind. Immunity), EN61000-6-4 Ind. Emissions)RCM (Australia), MSIP KCC (Korea), BSMI (Taiwan)

Korea EMC Statement (KCC)

BSMI EMC Statement - TaiwanThis is a Class A product. In a domestic environemnt this product may cause radio interference in whichcase the user may be required to take adequate measurers.

Regulatory and Compliance Information

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 81

Page 82: ISW Series Managed Industrial Ethernet Switch Hardware

GlossaryACL

An Access Control List is a mechanism for filtering packets at the hardware level. Packets can beclassified by characteristics such as the source or destination MAC, IP address, IP type, or QoS (Qualityof Service) queue. Once classified, the packets can be forwarded, counted, queued, or dropped.

ad-hoc mode

An 802.11 networking framework in which devices or stations communicate directly with each other,without the use of an AP.

AP

In wireless technology, Access Points are LAN transceivers or "base stations" that can connect to theregular wired network and forward and receive the radio signals that transmit wireless data.

ARP

Address Resolution Protocol is part of the TCP/IP suite used to dynamically associate a device's physicaladdress (MAC address) with its logical address (IP address). The system broadcasts an ARP request,containing the IP address, and the device with that IP address sends back its MAC address so that trafficcan be transmitted.

AS

In OSPF (Open Shortest Path First), an Autonomous System is a connected segment of a networktopology that consists of a collection of subnetworks (with hosts attached) interconnected by a set ofroutes. The subnetworks and the routers are expected to be under the control of a single administration.Within an AS, routers may use one or more interior routing protocols and sometimes several sets ofmetrics. An AS is expected to present to other autonomous systems an appearance of a coherentinterior routing plan and a consistent picture of the destinations reachable through the AS. An AS isidentified by a unique 16-bit number.

ATM

Asynchronous Transmission Mode is a start/stop transmission in which each character is preceded by astart signal and followed by one or more stop signals. A variable time interval can exist betweencharacters. ATM is the preferred technology for the transfer of images.

backbone area

In OSPF (Open Shortest Path First), a network that has more than one area must have a backbone area,configured as 0.0.0.0. All areas in an Autonomous System (AS) must connect to the backbone area.

BGP

Border Gateway Protocol is a router protocol in the IP suite designed to exchange network reachabilityinformation with BGP systems in other autonomous systems. You use a fully meshed configuration withBGP.

BGP provides routing updates that include a network number, a list of ASs that the routing informationpassed through, and a list of other path attributes. BGP works with cost metrics to choose the bestavailable path; it sends updated router information only when one host has detected a change, and onlythe affected part of the routing table is sent.

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 82

Page 83: ISW Series Managed Industrial Ethernet Switch Hardware

BGP communicates within one AS using Interior BGP (IBGP) because BGP does not work well with IGP.Thus the routers inside the AS maintain two routing tables: one for the IGP and one for IBGP. BGP usesexterior BGP (EBGP) between different autonomous systems.

BPDU

In STP (Spanning Tree Protocol), a Bridge Protocol Data Unit is a packet that initiates communicationbetween devices. BPDU packets contain information on ports, addresses, priorities, and costs and theyensure that the data ends up where it was intended to go. BPDU messages are exchanged acrossbridges to detect loops in a network topology. The loops are then removed by shutting down selectedbridge interfaces and placing redundant switch ports in a backup, or blocked, state.

BSS

Basic Service Set is a wireless topology consisting of one access point connected to a wired networkand a set of wireless devices. Also called an infrastructure network. See also IBSS (Independent BasicService Set).

CA

A Certificate Authority is a trusted third-party that generates and signs certificates. A CA may be acommercial concern, such as GoDaddy or GeoTrust. A CA may also be an in-house server for certificatesused within an enterprise.

carrier VLAN

In STP (Spanning Tree Protocol), carrier VLAN (Virtual LAN)s define the scope of the STPD (SpanningTree Domain), including the physical and logical ports that belong to the STPD as well as the 802.1Qtags used to transport EMISTP- or PVST+-encapsulated BPDUs. Only one carrier VLAN can exist in anygiven STPD.

CCM

In CFM (Connectivity Fault Management), Connectivity Check Messages are frames transmittedperiodically by a MEP (Maintenance End Point) to ensure connectivity across the maintenance entitiesto which the transmitting MEP belongs. The CCMs contain a unique ID for the specified domain.Because a failure to receive a CCM indicates a connectivity fault in the network, CCMs proactively checkfor network connectivity.

CFM

Connectivity Fault Management allows an ISP to proactively detect faults in the network for eachcustomer service instance individually and separately. CFM comprises capabilities for detecting,verifying, and isolating connectivity failures in virtual bridged LANs.

Chalet

Chalet is a web-based user interface for setting up and viewing information about a switch, removingthe need to enter common commands individually in the CLI.

CHAP

Challenge-Handshake Authentication Protocol is one of the two main authentication protocols used toverify a user's name and password for PPP Internet connections. CHAP is more secure because itperforms a three-way handshake during the initial link establishment between the home and remotemachines. It can also repeat the authentication anytime after the link has been established.

CIST

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 83

Page 84: ISW Series Managed Industrial Ethernet Switch Hardware

In an MSTP (Multiple Spanning Tree Protocol) environment, Common and Internal Spanning Tree is asingle spanning tree domain that connects MSTP regions. The CIST is responsible for creating a loop-free topology by exchanging and propagating BPDU (Bridge Protocol Data Unit)s across MSTP regions.You can configure only one CIST on each switch.

CIST regional root bridge

Within an MSTP (Multiple Spanning Tree Protocol) region, the bridge with the lowest path cost to theCIST (Common and Internal Spanning Tree) root bridge is the CIST regional root bridge If the CIST rootbridge is inside an MSTP region, that same bridge is the CIST regional root for that region because it hasthe lowest path cost to the CIST root. If the CIST root bridge is outside an MSTP region, all regionsconnect to the CIST root through their respective CIST regional roots.

CIST root bridge

In an MSTP (Multiple Spanning Tree Protocol) environment, the bridge with the lowest bridge IDbecomes the CIST (Common and Internal Spanning Tree) root bridge. The bridge ID includes the bridgepriority and the MAC address. The CIST root bridge can be either inside or outside an MSTP region. TheCIST root bridge is unique for all regions and non-MSTP bridges, regardless of its location.

CLI

Command Line Interface. The CLI provides an environment to issue commands to monitor and manageswitches and wireless appliances.

CNP

Customer Network Port.

CoS

Class of Service specifies the service level for the classified traffic type.

CRC

Cyclic Redundancy Check is a simple checksum is designed to detect transmission errors. A decodercalculates the CRC for the received data and compares it to the CRC that the encoder calculated, whichis appended to the data. A mismatch indicates that the data was corrupted in transit.

CVID

CVLAN ID. The CVID represents the CVLAN tag for tagged VLAN (Virtual LAN) traffic.

CVLAN

Customer VLAN (Virtual LAN).

Data Center Connect

DCC, formerly known as DCM (Data Center Manager), is a data center fabric management andautomation tool that improves the efficiency of managing a large virtual and physical network. DCCprovides an integrated view of the server, storage, and networking operations, removing the need touse multiple tools and management systems. DCC automates VM assignment, allocates appropriatenetwork resources, and applies individual policies to various data objects in the switching fabric(reducing VM sprawl). Learn more about DCC at http://www.extremenetworks.com/product/data-center-connect/.

DCB

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 84

Page 85: ISW Series Managed Industrial Ethernet Switch Hardware

Data Center Bridging is a set of IEEE 802.1Q extensions to standard Ethernet, that provide anoperational framework for unifying Local Area Networks (LAN), Storage Area Networks (SAN) andInter-Process Communication (IPC) traffic between switches and endpoints onto a single transportlayer.

DHCP

Dynamic Host Configuration Protocol allows network administrators to centrally manage and automatethe assignment of IP addresses on the corporate network. DHCP sends a new IP address when acomputer is plugged into a different place in the network. The protocol supports static or dynamic IPaddresses and can dynamically reconfigure networks in which there are more computers than there areavailable IP addresses.

DoS attack

Denial of Service attacks occur when a critical network or computing resource is overwhelmed so thatlegitimate requests for service cannot succeed. In its simplest form, a DoS attack is indistinguishablefrom normal heavy traffic. ExtremeXOS software has configurable parameters that allow you to defeatDoS attacks.

DSSS

Direct-Sequence Spread Spectrum is a transmission technology used in Local Area Wireless Network(LAWN) transmissions where a data signal at the sending station is combined with a higher data rate bitsequence, or chipping code, that divides the user data according to a spreading ratio. The chippingcode is a redundant bit pattern for each bit that is transmitted, which increases the signal's resistance tointerference. If one or more bits in the pattern are damaged during transmission, the original data canbe recovered due to the redundancy of the transmission. (Compare with FHSS (Frequency-HoppingSpread Spectrum).)

EAP-TLS/EAP-TTLS

EAP-TLS Extensible Authentication Protocol - Transport Layer Security. A general protocol forauthentication that also supports multiple authentication methods, such as token cards, Kerberos, one-time passwords, certificates, public key authentication and smart cards.

IEEE 802.1x specifies how EAP should be encapsulated in LAN frames.In wireless communications using EAP, a user requests connection to a WLAN (Wireless Local AreaNetwork) through an access point, which then requests the identity of the user and transmits thatidentity to an authentication server such as RADIUS (Remote Authentication Dial In User Service) Theserver asks the access point for proof of identity, which the access point gets from the user and thensends back to the server to complete the authentication.

EAP-TLS provides for certificate-based and mutual authentication of the client and the network. It relieson client-side and server-side certificates to perform authentication and can be used to dynamicallygenerate user-based and session-based WEP (Wired Equivalent Privacy) keys.

EAP-TTLS (Tunneled Transport Layer Security) is an extension of EAP-TLS to provide certificate-based,mutual authentication of the client and network through an encrypted tunnel, as well as to generatedynamic, per-user, per-session WEP keys. Unlike EAP-TLS, EAP-TTLS requires only server-sidecertificates. (See also PEAP (Protected Extensible Authentication Protocol).)

EAPS

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 85

Page 86: ISW Series Managed Industrial Ethernet Switch Hardware

Extreme Automatic Protection Switching is an Extreme Networks-proprietary version of the EthernetAutomatic Protection Switching protocol that prevents looping Layer 2 of the network. This feature isdiscussed in RFC 3619.

ECMP

Equal Cost Multi Paths is a routing algorithm that distributes network traffic across multiple high-bandwidth OSPF (Open Shortest Path First), BGP (Border Gateway Protocol), IS-IS, and static routes toincrease performance. The Extreme Networks implementation supports multiple equal cost pathsbetween points and divides traffic evenly among the available paths.

EGP

Exterior Gateway Protocol is an Internet routing protocol for exchanging reachability informationbetween routers in different autonomous systems. BGP (Border Gateway Protocol) is a more recentprotocol that accomplishes this task.

ELRP

Extreme Loop Recovery Protocol is an Extreme Networks-proprietary protocol that allows you to detectLayer 2 loops.

EMISTP

Extreme Multiple Instance Spanning Tree Protocol. This Extreme Networks-proprietary protocol uses aunique encapsulation method for STP (Spanning Tree Protocol) messages that allows a physical port tobelong to multiple STPD (Spanning Tree Domain)s.

EPS

Ethernet Protection Switching is defined in ITU/T G.8031.

ESRP

Extreme Standby Router Protocol is an Extreme Networks-proprietary protocol that provides redundantLayer 2 and routing services to users.

ESS

Several BSS (Basic Service Set)s can be joined together to form one logical WLAN (Wireless Local AreaNetwork) segment, referred to as an extended service set (ESS). The SSID is used to identify the ESS.

Extreme Access Control

EAC, formerly NAC™, featuring both physical and virtual appliances, is a pre- and post-connect solutionfor wired and wireless LAN and VPN users. Using Identity and Access appliances and/or Identity andAccess Virtual Appliance with the EMC (Extreme Management Center) software, you can ensure onlythe right users have access to the right information from the right place at the right time. EAC is tightlyintegrated with the Intrusion Prevention System (IPS) and Security Information and Event Manager(SIEM) to deliver best-in-class post-connect access control. Learn more about EAC at http://www.extremenetworks.com/product/extreme-access-control/.

Extreme Application Analytics

EAA, formerly Purview™, is a network powered application analytics and optimization solution thatcaptures and analyzes context-based application traffic to deliver meaningful intelligence aboutapplications, users, locations, and devices. EAA provides data to show how applications are being used.This can be used to better understand customer behavior on the network, identify the level of user

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 86

Page 87: ISW Series Managed Industrial Ethernet Switch Hardware

engagement, and assure business application delivery to optimize the user experience. The softwarealso provides visibility into network and application performance allowing IT to pinpoint and resolveperformance issues in the infrastructure whether they are caused by the network, application, or server.Learn more about EAA at http://www.extremenetworks.com/product/extremeanalytics/.

Extreme Management Center

EMC, formerly Netsight™, is a web-based control interface that provides centralized visibility into yournetwork. EMC reaches beyond ports, VLAN (Virtual LAN)s, and SSIDs and provides detailed control ofindividual users, applications, and protocols. When coupled with wireless and Identity & AccessManagement products, EMC becomes the central location for monitoring and managing all thecomponents in the infrastructure. Learn more about EMC at http://www.extremenetworks.com/product/management-center/.

ExtremeCloud

ExtremeCloud is a cloud-based network management Software as a Service (SaaS) tool. ExtremeCloudallows you to manage users, wired and wireless devices, and applications on corporate and guestnetworks. You can control the user experience with smarter edges – including managing QoS (Qualityof Service), call admission control, secure access policies, rate limiting, multicast, filtering, and trafficforwarding, all from an intuitive web interface. Learn more about ExtremeCloud at http://www.extremenetworks.com/product/extremecloud/.

ExtremeSwitching

ExtremeSwitching is the family of products comprising different switch types: Modular (X8 and 8000series [formerly BlackDiamond] and S and K series switches); Stackable (X-series and A, B, C, and 7100series switches); Standalone (SSA, X430, and D, 200, 800, and ISW series); and Mobile Backhaul (E4G).Learn more about ExtremeSwitching at http://www.extremenetworks.com/products/switching-routing/.

ExtremeWireless

ExtremeWireless products and solutions offer high-density WiFi access, connecting your organizationwith employees, partners, and customers everywhere they go. The family of wireless products andsolutions includes AP (Access Point)s, wireless appliances, and controller software. Learn more aboutExtremeWireless at http://www.extremenetworks.com/products/wireless/.

ExtremeXOS

ExtremeXOS, a modular switch operating system, is designed from the ground up to meet the needs oflarge cloud and private data centers, service providers, converged enterprise edge networks, andeverything in between. Based on a resilient architecture and protocols, ExtremeXOS supports networkvirtualization and standards-based SDN capabilities like VXLAN gateway, OpenFlow, and OpenStackCloud orchestration. ExtremeXOS also supports comprehensive role-based policy. Learn more aboutExtremeXOS at http://www.extremenetworks.com/product/extremexos-network-operating-system/.

FHSS

Frequency-Hopping Spread Spectrum is a transmission technology used in Local Area WirelessNetwork (LAWN) transmissions where the data signal is modulated with a narrowband carrier signalthat 'hops' in a random but predictable sequence from frequency to frequency as a function of timeover a wide band of frequencies. This technique reduces interference. If synchronized properly, a singlelogical channel is maintained. (Compare with DSSS (Direct-Sequence Spread Spectrum).)

GARP

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 87

Page 88: ISW Series Managed Industrial Ethernet Switch Hardware

Generic Attribute Registration Protocol registers an attribute with other participants. It is specified inIEEE 802.1D-2004, clause 12.

IBSS

An IBSS is the 802.11 term for an ad-hoc network. See ad-hoc mode.

ICMP

Internet Control Message Protocol is the part of the TCP/IP protocol that allows generation of errormessages, test packets, and operating messages. For example, the ping command allows you to sendICMP echo messages to a remote IP device to test for connectivity. ICMP also supports traceroute,which identifies intermediate hops between a given source and destination.

ICV

Integrity Check Value is a 4-byte code appended in standard WEP (Wired Equivalent Privacy) to the802.11 message. Enhanced WPA inserts an 8-byte MIC just before the ICV. (See MIC (Message IntegrityCheck or Code ).)

IETF

The Internet Engineering Task Force is a large, open, international community of network designers,operators, vendors, and researchers concerned with the evolution of the Internet architecture and thesmooth operation of the Internet. The technical work of the IETF is done in working groups, which areorganized by topic.

IGMP

Hosts use Internet Group Management Protocol to inform local routers of their membership in multicastgroups. Multicasting allows one computer on the Internet to send content to multiple other computersthat have identified themselves as interested in receiving the originating computer's content. When allhosts leave a group, the router no longer forwards packets that arrive for the multicast group.

IMAP

Internet Message Access Protocol is used by email clients to retrieve messages from a mail server. IMAPis the protocol that IMAP clients use to communicate with the servers, and SMTP (Simple Mail TransferProtocol) is the protocol used to transport mail to an IMAP server.

The current version is IMAP4. It is similar to POP3 (Post Office Protocol version 3), but offers additionalfeatures. For example, the IMAP4 protocol leaves your email messages on the server rather thandownloading them to your computer. If you wish to remove your messages from the server, you mustuse your mail client to generate local folders, copy messages to your local hard drive, and then deleteand expunge the messages from the server.

IP MultiCast

IPMC supports IPv4 and IPv6 multicasting. IPMCv4 denotes multicast for IPv4. IPMCv6 denotesmulticast for IPv6.

IPTV

Internal Protocol Television uses a digital signal sent via broadband through a switched telephone orcable system. An accompanying set top box (that sits on top of the TV) decodes the video and convertsit to standard television signals.

IVL

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 88

Page 89: ISW Series Managed Industrial Ethernet Switch Hardware

In Independent VLAN Learning, every VLAN uses its own logical source address table, as opposed toSVL (Shared VLAN Learning), where two or more VLANs share the same part of the MAC address table.

LACP

Link Aggregation Control Protocol is part of the IEEE 802.3ad and automatically configures multipleaggregated links between switches.

LAG

A Link Aggregation Group is the logical high-bandwidth link that results from grouping multiplenetwork links in link aggregation (or load sharing). You can configure static LAGs or dynamic LAGs(using the LACP (Link Aggregation Control Protocol)).

LLC

The IEEE 802.2 Logical Link Control protocol provides a link mechanism for upper layer protocols. It isthe upper sub-layer of the Data Link Layer and provides multiplexing mechanisms that make it possiblefor several network protocols (IP, IPX) to coexist within a multipoint network. The LLC header consists ofa 1 byte Destination Service Access Point (DSAP), 1 byte Source Service Access Point (SSAP), and a 1 or2 byte Control field, followed by LLC information.

LLDP

Link Layer Discovery Protocol conforms to IEEE 802.1ab and is a neighbor discovery protocol. EachLLDP-enabled device transmits information to its neighbors, including chassis and port identification,system name and description, VLAN (Virtual LAN) names, and other selected networking information.The protocol also specifies timing intervals in order to ensure current information is being transmittedand received.

load sharing

Load sharing, also known as trunking or link aggregation, conforms to IEEE 802.3ad. This feature is thegrouping of multiple network links into one logical high-bandwidth link. For example, by grouping four100 Mbps of full-duplex bandwidth into one logical link, you can create up to 800 Mbps of bandwidth.Thus, you increase bandwidth and availability by using a group of ports to carry traffic in parallelbetween switches.

LSA

A Link State Advertisement is a broadcast packet used by link state protocols, such as OSPF (OpenShortest Path First). The LSA contains information about neighbors and path costs and is used by thereceiving router to maintain a routing table.

MAC

Media Access Control layer. One of two sublayers that make up the Data Link Layer of the OSI model.The MAC layer is responsible for moving data packets to and from one NIC to another across a sharedchannel.

MD5

Message-Digest algorithm is a hash function that is commonly used to generate a 128-bit hash value. Itwas designed by Ron Rivest in 1991. MD5 is officially defined in RFC 1321 - The MD5 Message-DigestAlgorithm.

MEP

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 89

Page 90: ISW Series Managed Industrial Ethernet Switch Hardware

In CFM (Connectivity Fault Management), a Maintenance End Point is an end point for a single domain,or maintenance association. The MEP may be either an UP MEP or a DOWN MEP.

MIB

Management Information Bases make up a database of information (for example, traffic statistics andport settings) that the switch makes available to network management systems. MIB names identifyobjects that can be managed in a network and contain information about the objects. MIBs provide ameans to configure a network device and obtain network statistics gathered by the device. Standard,minimal MIBs have been defined, and vendors often have private enterprise MIBs.

MIC

Message Integrity Check (or Code), also called ‘Michael’, is part of WPA and TKIP (Temporal KeyIntegrity Protocol). The MIC is an additional 8-byte code inserted before the standard 4-byte ICV(Integrity Check Value) appended in by standard WEP (Wired Equivalent Privacy) to the 802.11message. This greatly increases the difficulty in carrying out forgery attacks. Both integrity check mechanisms are calculated by the receiver and compared against the values sentby the sender in the frame. If the values match, there is assurance that the message has not beentampered with.

MLD

Multicast Listener Discovery is used by IPv6 routers to discover multicast listeners on a directly attachedlink, much as IGMP (Internet Group Management Protocol) is used in IPv4. The protocol is embedded inICMPv6 instead of using a separate protocol.

MPLS

Multiprotocol Label Switching speeds up network traffic. When forwarding packets, the Layer 2(Switching) label is used to avoid complex destination lookups in the routing table. MPLS uses LabelSwitched Paths (LSPs) to establish the network path. The packet will be labeled so that serviceproviders can decide the best way to keep traffic flowing. The Multiprotocol Label Switching TransportProfile (MPLS-TP) extensions to MPLS are designed to meet service provider requirements and are usedas a network layer technology in transport networks. MPLS-TP gives service providers a reliable packet-based technology that is based on circuit-based transport networking. MPLS-TP is expected to be a lowcost level 2 technology (if the limited profile is implemented in isolation) that will provide QoS (Qualityof Service), end-to-end OAM (Operation Administration & Maintenance) and protection switching.

MSM

This Extreme Networks-proprietary name refers to the module that holds both the control plane andthe switch fabric for switches that run the ExtremeXOS software on modular switches. One MSM isrequired for switch operation; adding an additional MSM increases reliability and throughput. Each MSMhas two CPUs. The MSM has LEDs as well as a console port, management port, modem port, andcompact flash; it may have data ports as well. The MSM is responsible for upper-layer protocolprocessing and system management functions. When you save the switch configuration, it is saved toall MSMs.

MSTI

Multiple Spanning Tree Instances control the topology inside an MSTP (Multiple Spanning Tree Protocol)region. An MSTI is a spanning tree domain that operates within a region and is bounded by that region;and MSTI does not exchange BPDU (Bridge Protocol Data Unit)s or send notifications to other regions.

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 90

Page 91: ISW Series Managed Industrial Ethernet Switch Hardware

You can map multiple VLAN (Virtual LAN)s to an MSTI; however, each VLAN can belong to only oneMSTI. You can configure up to 64 MSTIs in an MSTP region.

MSTP

Multiple Spanning Tree Protocol, based on IEEE 802.1Q-2003 (formerly known as IEEE 892.1s), allowsyou to bundle multiple VLANs into one STP (Spanning Tree Protocol) topology, which also providesenhanced loop protection and better scaling. MSTP uses RSTP (Rapid Spanning Tree Protocol) as theconverging algorithm and is compatible with legacy STP protocols.

MTU

A Maximum Transmission Unit is a configurable parameter that determines the largest packet than canbe transmitted by an IP interface (without the packet needing to be broken down into smaller units).

NotePackets that are larger than the configured MTU size are dropped at the ingress port. Or, ifconfigured to do so, the system can fragment the IPv4 packets and reassemble them at thereceiving end.

NAT

The Network Address Translation (or Translator) is a network capability that enables a group ofcomputers to dynamically share a single incoming IP address. NAT takes the single incoming IP addressand creates a new IP address for each client computer on the network.

netmask

A netmask is a string of 0s and 1s that mask, or screen out, the network part of an IP address, so thatonly the host computer part of the address remains. A frequently-used netmask is 255.255.255.0, usedfor a Class C subnet (one with up to 255 host computers). The ".0" in the netmask allows the specifichost computer address to be visible.

NTP

Network Time Protocol is an Internet standard protocol (built on top of TCP/IP) that assures accuratesynchronization to the millisecond of computer clock times in a network of computers. Based on UTC,NTP synchronizes client workstation clocks to the U.S. Naval Observatory Master Clocks in Washington,DC and Colorado Springs, CO. Running as a continuous background client program on a computer, NTPsends periodic time requests to servers, obtaining server time stamps and using them to adjust theclient's clock. (RFC 1305)

OAM

Operation Administration & Maintenance is a protocol described in ITU-T Y.1731. It is used to implementcarrier ethernet functionality.

OSPF

An interior gateway routing protocol for TCP/IP networks, Open Shortest Path First uses a link staterouting algorithm that calculates routes for packets based on a number of factors, including least hops,speed of transmission lines, and congestion delays. You can also configure certain cost metrics for thealgorithm. This protocol is more efficient and scalable than vector-distance routing protocols. OSPFfeatures include least-cost routing, ECMP (Equal Cost Multi Paths) routing, and load balancing. AlthoughOSPF requires CPU power and memory space, it results in smaller, less frequent router table updates

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 91

Page 92: ISW Series Managed Industrial Ethernet Switch Hardware

throughout the network. This protocol is more efficient and scalable than vector-distance routingprotocols.

PCP

The Priority Code Point is a 3-bit field that stores the priority-level for the 802.1Q frame. It is also knownas User Priority.

PDU

A Protocol Data Unit is a message of a given protocol comprising payload and protocol-specific controlinformation, typically contained in a header.

PEAP

Protected Extensible Authentication Protocol is an IETF (Internet Engineering Task Force) draft standardto authenticate wireless LAN clients without requiring them to have certificates. In PEAP authentication,first the user authenticates the authentication server, then the authentication server authenticates theuser. If the first phase is successful, the user is then authenticated over the SSL tunnel created in phaseone using EAP-Generic Token Card (EAP-GTC) or Microsoft Challenged Handshake Protocol Version 2(MSCHAP V2). (See also EAP-TLS/EAP-TTLS.)

PoE

The Power over Ethernet standard (IEEE 802.3af) defines how power can be provided to networkdevices over existing Ethernet connections, eliminating the need for additional external power supplies.

PVST+

Per VLAN Spanning Tree +. This implementation of STP (Spanning Tree Protocol) has a 1:1 relationshipwith VLANs. The Extreme Networks implementation of PVST+ allows you to interoperate with third-party devices running this version of STP. PVST is a earlier version of this protocol and is compatiblewith PVST+.

QL

QL In SyncE this is the Quality Level of a given clock source. This is received on a port in a SSMindicating the quality of the clock received in the port.

QoS

Quality of Service is a technique that is used to manage network resources and guarantee a bandwidthrelationship between individual applications or protocols. A communications network transports amultitude of applications and data, including high-quality video and delay-sensitive data such as real-time voice. Networks must provide secure, predictable, measurable, and sometimes guaranteedservices. Achieving the required QoS becomes the secret to a successful end-to-end business solution.

RADIUS

RADIUS is a client/server protocol and software that enables remote access servers to communicatewith a central server to authenticate dial-in users and authorize their access to the requested system orservice. RADIUS allows a company to maintain user profiles in a central database that all remote serverscan share. It provides better security, allowing a company to set up a policy that can be applied at asingle administered network point. With RADIUS, you can track usage for billing and for keepingnetwork statistics.

RF

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 92

Page 93: ISW Series Managed Industrial Ethernet Switch Hardware

Radio Frequency is a frequency in the electromagnetic spectrum associated with radio wavepropagation. When an RF current is supplied to an antenna, an electromagnetic field is created that canpropagate through space. These frequencies in the electromagnetic spectrum range from Ultra-lowfrequency (ULF):0-3 Hz to Extremely high frequency (EHF): 30 GHz–300 GHz. The middle ranges are:Low frequency (LF): 30 kHz–300 kHz; Medium frequency (MF): 300 kHz–3 MHz; High frequency (HF): 3MHz–30 MHz; Very high frequency (VHF): 30 MHz–300 MHz; and Ultra-high frequency (UHF): 300MHz–3 GHz.

RIP

This IGP vector-distance routing protocol is part of the TCP/IP suite and maintains tables of all knowndestinations and the number of hops required to reach each. Using Routing Information Protocol,routers periodically exchange entire routing tables. RIP is suitable for use only as an IGP.

RMON

Remote monitoring is a standardized method to make switch and router information available toremote monitoring applications. It is an SNMP (Simple Network Management Protocol) networkmanagement protocol that allows network information to be gathered remotely. RMON collectsstatistics and enables a management station to monitor network devices from a central location. Itprovides multivendor interoperability between monitoring devices and management stations. RMON isdescribed in more detail in IETF RFC 1757 and RFC 2201.

RSN

Robust Security Network is a new standard within IEEE 802.11 to provide security and privacymechanisms. The RSN (and related TSN) both specify IEEE 802.1x authentication with ExtensibleAuthentication Protocol (EAP).

RSTP

Rapid Spanning Tree Protocol, described in IEEE 802.1w, is an enhanced version of STP (Spanning TreeProtocol) that provides faster convergence. The Extreme Networks implementation of RSTP allowsseamless interoperability with legacy STP.

SMTP

Simple Mail Transfer Protocol uses the TCP (Transmission Control Protocol) to provide a mail servicemodeled on the FTP file transfer service. SMTP transfers mail between systems.

SNMP

Simple Network Management Protocol is a standard that uses a common software agent to remotelymonitor and set network configuration and runtime parameters. SNMP operates in a multivendorenvironment, and the agent uses MIB (Management Information Base)s, which define what informationis available from any manageable network device. You can also set traps using SNMP, which sendnotifications of network events to the system log.

SNTP

Simple Network Time Protocol is used to synchronize the system clocks throughout the network. Anextension of NTP (Network Time Protocol), SNTP can usually operate with a single server and allows forIPv6 addressing.

SSH

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 93

Page 94: ISW Series Managed Industrial Ethernet Switch Hardware

Secure Shell, sometimes known as Secure Socket Shell, is a UNIX-based command interface andprotocol of securely gaining access to a remote computer. With SSH commands, both ends of theclient/server connection are authenticated using a digital certificate, and passwords are protected bybeing encrypted. At Extreme Networks, the SSH is a separate software module, which must bedownloaded separately. (SSH is bundled with SSL in the software module.)

SSID

The Service Set Identifier is a 32-character unique identifier attached to the header of packets sent overa Wireless LAN that acts as a password when a wireless device tries to connect to the BSS (BasicService Set). Several BSSs can be joined together to form one logical WLAN (Wireless Local AreaNetwork) segment, referred to as an (ESS (Extended Service Set)). The SSID is used to identify the ESS.

In 802.11 networks, each AP (Access Point) advertises its presence several times per second bybroadcasting beacon frames that carry the ESS name (SSID). Stations discover APs by listening forbeacons, or by sending probe frames to search for an AP with a desired SSID. When the station locatesan appropriately-named access point, it sends an associate request frame containing the desired SSID.The AP replies with an associate response frame, also containing the SSID. Some APs can be configured to send a zero-length broadcast SSID in beacon frames instead of sendingtheir actual SSID. The AP must return its actual SSID in the probe response.

SSL

Secure Socket Layer is a protocol for transmitting private documents using the Internet. SSL works byusing a public key to encrypt data that is transferred over the SSL connection. SSL uses the public-and-private key encryption system, which includes the use of a digital certificate. SSL is used for otherapplications than SSH (Secure Shell), for example, OpenFlow.

STP

Spanning Tree Protocol, defined in IEEE 802.1d, used to eliminate redundant data paths and to increasenetwork efficiency. STP allows a network to have a topology that contains physical loops; it operates inbridges and switches. STP opens certain paths to create a tree topology, thereby preventing packetsfrom looping endlessly on the network. To establish path redundancy, STP creates a tree that spans allof the switches in an extended network, forcing redundant paths into a standby, or blocked, state.

STP allows only one active path at a time between any two network devices (this prevents the loops)but establishes the redundant links as a backup if the initial link should fail. If STP costs change, or if onenetwork segment in the STP becomes unreachable, the spanning tree algorithm reconfigures the STPtopology and re-establishes the link by activating the standby path.

STPD

Spanning Tree Domain is an STP (Spanning Tree Protocol) instance that contains one or more VLAN(Virtual LAN)s. The switch can run multiple STPDs, and each STPD has its own root bridge and activepath. In the Extreme Networks implementation of STPD, each domain has a carrier VLAN (for carryingSTP information) and one or more protected VLANs (for carrying the data).

stub area

In OSPF (Open Shortest Path First), a stub area is connected to only one other area (which can be thebackbone area). External route information is not distributed to stub areas.

SVL

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 94

Page 95: ISW Series Managed Industrial Ethernet Switch Hardware

In Shared VLAN Learning, two or more VLANs are grouped to share common source addressinformation in the MAC table. The common entry in the MAC table is identified by a Filter ID (FID). SVLis useful for configuration of more complex, asymmetrical cross-VLAN traffic patterns, like E-TREE(Rooted-Multipoint) and Multi-netted Server. The alternative VLAN learning mode is IVL (IndependentVLAN Learning). The default VLAN learning mode is IVL. Not all switches support SVL.

Syslog

A protocol used for the transmission of event notification messages across networks, originallydeveloped on the University of California Berkeley Software Distribution (BSD) TCP/IP systemimplementations, and now embedded in many other operating systems and networked devices. Adevice generates a messages, a relay receives and forwards the messages, and a collector (a syslogserver) receives the messages without relaying them. Syslog uses the UDP (User Datagram Protocol) as its underlying transport layer mechanism. The UDPport that has been assigned to syslog is 514. (RFC 3164)

TCP

Transmission Control Protocol uses the Internet Protocol (IP) to exchange messages betweencomputers. It is known as a connection-oriented protocol, which means that a connection is establishedand maintained until messages have been exchanged. TCP divides messages into packets for transfervia IP and reassembles the packets into complete messages for delivery to the receiving computer.Common network applications that use TCP include the worldwide web, email, and FTP.

TCP/IP

Transmission Control Protocol/Internet Protocol is one of the core protocols underlying the Internet. Thetwo protocols are usually referred to as a group, by the term TCP/IP. TCP provides a reliable connection,which means that each end of the session is guaranteed to receive all of the data transmitted by theother end of the connection, in the same order that it was originally transmitted without receivingduplicates.

Telnet

Teletype Network is a terminal emulation protocol that enables the Telnet client to control the Telnetserver and communicate with other servers on the network. To start a Telnet session, users must enter avalid username and password. After logging in, they can enter commands as if they were workingdirectly on the server console.

TKIP

Temporal Key Integrity Protocol is an enhancement to WEP (Wired Equivalent Privacy) encryption. Ituses a set of algorithms to rotate session keys. The protocol's enhanced encryption includes a per-packet key mixing function, a MIC (Message Integrity Check or Code ), an extended initialization vector(IV) with sequencing rules, and a re-keying mechanism. The encryption keys are changed (re-keyed)automatically and authenticated between devices after the re-key interval (either a specified period oftime, or after a specified number of packets has been transmitted).

TLV

An LLDP (Link Layer Discovery Protocol) frame that can contain multiple pieces of information. Eachpiece is known as a Type Length Value.

TSN

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 95

Page 96: ISW Series Managed Industrial Ethernet Switch Hardware

Transition Security Network is a subset of RSN (Robust Security Network), which provides an enhancedsecurity solution for legacy hardware. The Wi-Fi Alliance has adopted a solution called WPA, based onTSN. RSN and TSN both specify IEEE 802.1x authentication with Extensible Authentication Protocol(EAP).

UDP

User Datagram Protocol is an efficient but unreliable, connectionless protocol that is layered over IP (asis TCP (Transmission Control Protocol)). Application programs must supplement the protocol to provideerror processing and retransmitting data. UDP is an OSI Layer 4 protocol.

virtual router

In the Extreme Networks implementations, virtual routers allow a single physical switch to be split intomultiple virtual routers. Each virtual router has its own IP address and maintains a separate logicalforwarding table. Each virtual router also serves as a configuration domain. The identity of the virtualrouter you are working in currently displays in the prompt line of the CLI. The virtual routers discussed inrelation to Extreme Networks switches themselves are not the same as the virtual router in VRRP(Virtual Router Redundancy Protocol).

In VRRP, the virtual router is identified by a virtual router (VRID) and an IP address. A router runningVRRP can participate in one or more virtual routers. The VRRP virtual router spans more than onephysical router, which allows multiple routers to provide redundant services to users.

VLAN

The term VLAN is used to refer to a collection of devices that communicate as if they are on the samephysical LAN. Any set of ports (including all ports on the switch) is considered a VLAN. LAN segmentsare not restricted by the hardware that physically connects them. The segments are defined by flexibleuser groups you create with the CLI.

VM

A virtual machine is a logical machine that runs on a VM server, which can host multiple VMs.

VMAN

In ExtremeXOS software, Virtual MANs are a bi-directional virtual data connection that creates a privatepath through the public network. One VMAN is completely isolated from other VMANs; theencapsulation allows the VMAN traffic to be switched over Layer 2 infrastructure. You implement VMANusing an additional 892.1Q tag and a configurable EtherType; this feature is also known as Q-in-Qswitching.

VRRP

The Virtual Router Redundancy Protocol specifies an election protocol that dynamically assignsresponsibility for a virtual router (VR) to one of the VRRP routers on a LAN. The VRRP router controllingthe IP address(es) associated with a virtual router is called the master router, and forwards packets sentto these IP addresses. The election process provides dynamic failover in the forwarding responsibilityshould the master router become unavailable. In case the master router fails, the virtual IP address ismapped to a backup router's IP address; this backup becomes the master router. This allows any of thevirtual router IP addresses on the LAN to be used as the default first-hop router by end-hosts. Theadvantage gained from using VRRP is a higher availability default path without requiring configurationof dynamic routing or router discovery protocols on every host. VRRP is defined in RFC 2338.

WEP

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 96

Page 97: ISW Series Managed Industrial Ethernet Switch Hardware

Wired Equivalent Privacy is a security protocol for WLAN (Wireless Local Area Network)s defined in the802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it isprotected as it is transmitted from one end point to another.

WLAN

Wireless Local Area Network.

WPA

Wireless Protected Access is a security solution adopted by the Wi-Fi Alliance that adds authenticationto WEP (Wired Equivalent Privacy)'s basic encryption. For authentication, WPA specifies IEEE 802.1xauthentication with Extensible Authentication Protocol (EAP). For encryption, WPA uses the TKIP(Temporal Key Integrity Protocol) mechanism, which shares a starting key between devices, and thenchanges their encryption key for every packet. CA (Certificate Authority) can also be used. Also part ofthe encryption mechanism are 802.1x for dynamic key distribution and MIC (Message Integrity Check orCode ).WPA requires that all computers and devices have WPA software.

Glossary

ISW Series Managed Industrial Ethernet Switch Hardware Installation & User Guide 97