EKI-7659C/7659CI Industrial 8+2G Combo Ports Managed Redundant Gigabit Ethernet Switch User Manual Copyright The documentation and the software included with this product are copyrighted 2010 by Advantech Co., Ltd. All rights are reserved. Advantech Co., Ltd. reserves the right to make improvements in the products described in this manual at any time without notice. No part of this manual may be reproduced, copied, translated or transmitted in any form or by any means without the prior written permission of Advantech Co., Ltd. Information provided in this manual is intended to be accurate and reliable. However, Advantech Co., Ltd. assumes no responsibility for its use, nor for any infringements of the rights of third parties, which may result from its use. Acknowledgements Microsoft Windows and MS-DOS are registered trademarks of Microsoft Corp. All other product names or trademarks are properties of their respective owners. Part No. Printed in China EKI-7659C_7659CI_Manual 5th Edition October 2010 ii Product Warranty (2 years) Advantech warrants to you, the original purchaser, that each of its products will be free from defects in materials and workmanship for two years from the date of purchase. This warranty does not apply to any products which have been repaired or altered by persons other than repair personnel authorized by Advantech, or which have been subject to misuse, abuse, accident or improper installation. Advantech assumes no liability under the terms of this warranty as a consequence of such events. Because of Advantechs high quality-control standards and rigorous testing, most of our customers never need to use our repair service. If an Advantech product is defective, it will be repaired or replaced at no charge during the warranty period. For out-of-warranty repairs, you will be billed according to the cost of replacement materials, service time and freight. Please consult your dealer for more details. If you think you have a defective product, follow these steps: 1. Collect all the information about the problem encountered. (For example, network speed, Advantech products used, other hardware and software used etc.) Note anything abnormal and list any onscreen messages you get when the problem occurs. 2. Call your dealer and describe the problem. Please have your manual, product, and any helpful information readily available. 3. If your product is diagnosed as defective, obtain an RMA (return merchandize authorization) number from your dealer. This allows us to process your return more quickly. 4. Carefully pack the defective product, a fully-completed Repair and Replacement Order Card and a photocopy proof of purchase date (such as your sales receipt) in a shippable container. A product returned without proof of the purchase date is not eligible for warranty service. 5. Write the RMA number visibly on the outside of the package and ship it prepaid to your dealer. iii Declaration of Conformity CE This product has passed the CE test for environmental specifications. Test conditions for passing included the equipment being operated within an industrial enclosure. In order to protect the product from being damaged by ESD (Electrostatic Discharge) and EMI leakage, we strongly recommend the use of CE-compliant industrial enclosure products. FCC Class A This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. Technical Support and Assistance Step 1. Visit the Advantech web site at www.advantech.com/support where you can find the latest information about the product. Step 2. Contact your distributor, sales representative, or Advantech's customer service center for technical support if you need additional assistance. Please have the following information ready before you call: - Product name and serial number - Description of your peripheral attachments - Description of your software (operating system, version, application software etc.) - A complete description of the problem - The exact wording of any error messages EKI-7659C_7659CI_Manual iv Safety Instructions 1. Read these safety instructions carefully. 2. Keep this User's Manual for later reference. 3. Disconnect this equipment from any AC outlet before cleaning. Use a damp cloth. Do not use liquid or spray detergents for cleaning. 4. For plug-in equipment, the power outlet socket must be located near the equipment and must be easily accessible. 5. Keep this equipment away from humidity. 6. Put this equipment on a reliable surface during installation. Dropping it or letting it fall may cause damage. 7. The openings on the enclosure are for air convection. Protect the equipment from overheating. DO NOT COVER THE OPENINGS. 8. Make sure the voltage of the power source is correct before connecting the equipment to the power outlet. 9. Position the power cord so that people cannot step on it. Do not place anything over the power cord. 10. All cautions and warnings on the equipment should be noted. 11. If the equipment is not used for a long time, disconnect it from the power source to avoid damage by transient overvoltage. 12. Never pour any liquid into an opening. This may cause fire or electrical shock. 13. Never open the equipment. For safety reasons, the equipment should be opened only by qualified service personnel. 14. If one of the following situations arises, get the equipment checked by service personnel: a. The power cord or plug is damaged. b. Liquid has penetrated into the equipment. c. The equipment has been exposed to moisture. d. The equipment does not work well, or you cannot get it to work according to the user's manual. e. The equipment has been dropped and damaged. f. The equipment has obvious signs of breakage. 15. DO NOT LEAVE THIS EQUIPMENT IN AN ENVIRONMENT WHERE THE STORAGE TEMPERATURE MAY GO BELOW -40 (-40) OR ABOVE 85 (185 ). THIS COULD DAMAGE THE EQUIPMENT. THE EQUIPMENT SHOULD BE IN A CONTROLLED ENVIRONMENT. v Safety Precaution - Static Electricity Follow these simple precautions to protect yourself from harm and the products from damage. 1. To avoid electrical shock, always disconnect the power from your equipment chassis before you work on it. 2. Disconnect power before making any configuration changes. EKI-7659C_7659CI_Manual vi Chapter 1 Contents Overview........................................... 2 1.1 Introduction ........................................................... 2 1.1.1 The SFP Advantage .................................. 2 1.1.2 High-Speed Transmissions ....................... 2 1.1.3 Dual Power Inputs ..................................... 2 1.1.4 Flexible Mounting ...................................... 2 1.1.5 Wide Operating Temperature .................... 3 1.1.6 Easy Troubleshooting................................ 3 1.2 Features ................................................................ 4 1.3 Specification.......................................................... 5 1.4 Packing List........................................................... 7 1.5 Safety Precaution.................................................. 7 Chapter 2 Installation...................................... 10 2.1 LED Indicators..................................................... 10 Table 2.1: EKI-7659C LED Definition ......................................10 2.2 Dimensions (unit: mm) ........................................ 11 Figure 2.1: Front View of EKI-7659C........................................11 Figure 2.2: Side View of EKI-7659C .........................................12 Figure 2.3: Rear View of EKI-7659C.........................................13 Figure 2.4: Top View of EKI-7659C..........................................14 2.3 Mounting ............................................................. 15 2.3.1 Wall mounting.......................................... 15 Figure 2.5: Combine the Metal Mounting Kit ............................15 2.3.2 DIN-rail Mounting..................................... 16 Figure 2.6: Installation to DIN-rail Step 1 ..................................16 Figure 2.7: Installation to DIN-rail Step 2 ..................................17 2.4 Network Connection............................................ 18 2.5 Connection to a Fiber Optic Network .................. 18 Figure 2.8: Transceiver to the SFP slot.......................................18 Figure 2.9: Transceiver Inserted .................................................19 Figure 2.10: LC connector to the transceiver..............................19 Figure 2.11: Remove LC connector............................................20 Figure 2.12: Pull out from the transceiver ..................................20 2.6 Power Connection............................................... 21 Figure 2.13: Pin Assignments of the Power Connector..............21 2.7 X-Ring Application............................................... 22 2.8 Coupling Ring Application ................................... 23 2.9 Dual Homing Application..................................... 24 Chapter 3 Configuration ................................. 26 3.1 RS-232 Console.................................................. 26 Figure 3.1-1 Figure 3.1-2 Figure 3.1-3 Console Cable .....................................................26 Launching Hyper Terminal.................................26 COM Port Properties Setting ..............................27 vii Contents Figure 3.1-4 Figure 3.1-5 Login Screen: RS-232 Configuration .................27 Command Line Interface ....................................28 3.2 Commands Set ................................................... 29 3.2.1 Commands Level..................................... 29 Table 3.1: Command Level.........................................................29 3.2.2 Commands Set List ................................. 29 Table 3.2: Commands Set List....................................................29 3.2.3 System Commands Set........................... 30 Table 3.3: System Commands Set ..............................................30 3.2.4 Port Commands Set ................................ 31 Table 3.4: Port Commands Set ..................................................31 3.2.5 Trunk Commands Set.............................. 32 Table 3.5: Trunk Commands Set ...............................................32 3.2.6 VLAN Commands Set ............................. 32 Table 3.6: VLAN Commands Set ..............................................32 3.2.7 Spanning Tree Commands Set ............... 33 Table 3.7: Spanning Tree Commands Set..................................33 3.2.8 QOS Commands Set............................... 34 Table 3.8: QOS Commands Set .................................................34 3.2.9 IGMP Commands Set.............................. 35 Table 3.9: QOS Commands Set .................................................35 3.2.10 Mac/Filter Table Commands Set ............. 35 Table 3.10: Mac/Filter Table Commands Set .............................35 3.2.11 SNMP Commands Set ............................ 35 Table 3.11: SNMP Commands Set .............................................35 3.2.12 Port Mirroring Commands Set ................. 36 Table 3.12: Port Mirroring Commands Set.................................36 3.2.13 802.1x Commands Set ............................ 37 Table 3.13: 802.1x Commands Set ............................................37 3.2.14 TFTP Commands Set.............................. 38 Table 3.14: TFTP Commands Set..............................................38 3.2.15 SystemLog, SMTP and Event ................. 38 Table 3.15: SysLog,SMTP,Event Commands Set .....................38 3.2.16 SNTP Commands Set ............................. 39 Table 3.16: SNTP Commands Set ..............................................39 3.2.17 X-ring Commands Set ............................. 39 Table 3.17: X-ring Commands Set .............................................39 3.3 Web Browser....................................................... 41 Figure 3.3-1 Figure 3.3-2 Figure 3.3-3 Type the address in the URL ..............................41 Web Login Window............................................41 Main page............................................................42 3.3.1 System..................................................... 43 Figure 3.3-4 Figure 3.3-5 Figure 3.3-6 Figure 3.3-7 Figure 3.3-8 EKI-7659C_7659CI_Manual System Information.............................................43 IP Configuration..................................................44 DHCP Server - System Configuration................45 DHCP Server - Client Entries ............................46 DHCP Server - Port and IP Binding...................47 viii Figure 3.3-9 TFTP - Update Firmware ...................................48 Figure 3.3-10 TFTP - Restore Configuration............................49 Figure 3.3-11 TFTP - Backup Configuration............................50 Figure 3.3-12 Syslog Configuration ..........................................51 Figure 3.3-13 SMTP Configuration...........................................52 Figure 3.3-14 Event Configuration............................................53 Figure 3.3-15 Fault Relay Alarm...............................................54 Table 3.18: UTC Timezone ........................................................55 Figure 3.3-16 SNTP Configuration ...........................................56 Figure 3.3-17 IP Security...........................................................57 Figure 3.3-18 User Authentication ............................................58 3.3.2 Port .......................................................... 59 Figure 3.3-19 Figure 3.3-20 Figure 3.3-21 Figure 3.3-22 Figure 3.3-23 Figure 3.3-24 Figure 3.3-25 Port Statistics ......................................................59 Port Control.........................................................60 Aggregator Setting ..............................................61 Aggregator Information ......................................62 State Activity ......................................................63 Port Mirroring .....................................................64 Rate Limiting ......................................................65 3.3.3 Protocol ................................................... 66 Figure 3.3-26 VLAN Configuration ..........................................66 Figure 3.3-27 Port based mode..................................................67 Figure 3.3-28 Port based mode-Add interface...........................68 Figure 3.3-29 802.1Q VLAN Configuration .............................69 Figure 3.3-30 802.1Q Group Configuration ..............................71 Figure 3.3-31 802.1Q Group Configuration-Edit ......................71 Figure 3.3-32 RSTP System Configuration interface................72 Figure 3.3-33 RSTP Port Configuration interface.....................73 Figure 3.3-34 SNMP System Configuration interface ..............74 Figure 3.3-35 Trap Configuration interface...............................75 Figure 3.3-36 SNMP V3 configuration interface ......................77 Figure 3.3-37 QoS Configuration interface ...............................79 Table 3.19: IGMP types..............................................................80 Figure 3.3-38 IGMP Configuration interface ............................80 Figure 3.3-39 X-ring Interface...................................................82 3.3.4 Security.................................................... 83 Figure 3.3-40 Figure 3.3-41 Figure 3.3-42 Figure 3.3-43 Figure 3.3-44 Figure 3.3-45 Figure 3.3-46 Figure 3.3-47 Figure 3.3-48 802.1x/Radius System Configuration .................83 802.1x/Radius - Port Setting interface ................84 802.1x/Radius - Misc Configuration...................85 Static MAC Addresses interface.........................86 MAC Filtering interface......................................87 All MAC Address interface ................................88 Factory Default interface ....................................89 Save Configuration interface ..............................89 System Reboot interface .....................................89 Chapter 4 Troubleshooting ............................ 92 Appendix A Pin Assignments & Wiring ......... 94 Figure A.1: RJ-45 Pin Assignments............................................94 Figure A.2: EIA/TIA-568B.........................................................94 ix Contents Figure A.3: EIA/TIA-568A ........................................................94 Figure A.4: DB 9-pin female connector .....................................95 Appendix B EKI-7659C_7659CI_Manual Compatible SFP Transceivers ... 98 x CHAPTER Overview Sections include: z Introduction z Features z Specifications z Packing List z Safety Precaution 1 Chapter1 Chapter 1 Overview 1.1 Introduction To create reliability in your network, the EKI-7659C comes equipped with a proprietary redundant network protocol--X-Ring that was developed by Advantech, which provides users with an easy way to establish a redundant Ethernet network with ultra high-speed recovery time less than 10 ms. Aside from 8 x 10/100Base-TX fast Ethernet ports, the EKI-7659C comes equipped with 2 combo 10/100/1000 Mbps RJ-45 copper ports or mini-GBIC expansion ports. Traditional RJ-45 ports can be used for uplinking wide-band paths in short distance (< 100 m), or the appropriate replaceable SFP ports can be used for the application of wideband uploading and long distance transmissions to fit the field request flexibility. Also, the long MTBF (Mean Time Between Failures) ensures that the EKI-7659C will continue to operate until a Gigabit network infrastructure has been established, without requiring any extra upgrade costs. 1.1.1 The SFP Advantage The EKI-7659C's two SFP fiber slots provide a lot of flexibility when planning and implementing a network. The slots can accept any SFP-type fiber transceivers and these tranceivers are designed for transmitting over distances of either 500m (multimode), 10km, 30km, 50km, 70km or 110km (single-mode) - and the slots support SFP transceivers for WDM single-fiber transmissions. This means that you can easily change the transmission mode and distance of the switch by simply pulling out the SFP transceiver and plugging in a different one. The SFP ports are hot-swappable and plug-and-play! Also, the fact that the switch has two of these slots, means that the network manager can, for example, have one 10km transceiver in one slot and one 110km in the other. 1.1.2 High-Speed Transmissions The EKI-7659C includes a switch controller that can automatically sense transmission speeds (10/100 Mbps). The RJ-45 interface can also be auto-detected, so MDI or MDIX is automatically selected and a crossover cable is not required. All Ethernet ports have memory buffers that support the store-and-forward mechanism. This assures that data is properly transmitted. 1.1.3 Dual Power Inputs To reduce the risk of power failure, the EKI-7659C provides +12 ~ 48 VDC dual power inputs. If there is power failure, EKI-7659C will automatically switch to the secondary power input. 1.1.4 Flexible Mounting EKI-7659C is compact and can be mounted on a DIN-rail or panel, so it is suitable for any space-constrained environment. EKI-7659C_7659CI_Manual 2 1.1.5 Wide Operating Temperature The operating temperature of the EKI-7659C is between -10 ~ 60 . With such a wide range, you can use the EKI-7659C in some of the harshest industrial environments that exist. 1.1.6 Easy Troubleshooting LED indicators make troubleshooting quick and easy. Each 10/100 Base-TX port has 2 LED indicators that display the link status, transmission speed and collision status. Also the three power indicators P1, P2 and P-Fail help you diagnose the unit immediately. 3 Chapter1 1.2 Features 2 Gigabit Copper/SFP combo ports, plus 8 Fast Ethernet ports SFP socket for Easy and Flexible Fiber Expansion Redundancy: Gigabit X-Ring (ultra high-speed recovery time<10ms), RSTP/STP (802.1w/1D) Management: Web, Telnet, Serial Console, Windows Utility and SNMP Control: VLAN/GVRP, QOS, IGMP Snooping, LACP, and Rate Limit Security: IP/MAC and port binding, DHCP Server, IP access list, 802.1x, SNMPv3 Diagnostic: Port Statistic, Port Mirroring, RMON, Trap, SNMP Alert, and Syslog Dual 12 ~ 48 VDC power inputs and 1 Relay Output Robust mechanism and special heat spreader design EKI-7659C_7659CI_Manual 4 1.3 Specification Communications Standard LAN Transmission Distance Transmission Speed IEEE 802.3, 802.3u, 802.3x, 802.3z, 802.1D IEEE 802.1w, 802.1p, 802.1Q, 802.1X, 802.3ad 10/100/1000Base-T, Optional 100Base-FX, 1000Base-SX/LX/LHX/XD/ZX/EZX Ethernet: Up to 100m (4-wire Cat.5e, Cat.6 RJ-45 cable suggested for Gigabit port) SFP: Up to 110km (depends on SFP) Fast Ethernet: 10/100Mbps, Auto-Negotiation Gigabit Copper: Up to 1000 Mbps Gigabit Fiber: Up to 1000Mbps Interface Connectors LED Indicators Console 8 x RJ-45 2 x RJ-45/SFP (mini-GBIC) combo ports 6-pin removable screw terminal (Power & Relay) System: PWR, PWR1, PWR2, R.M., P-Fail 10/100TX: Link/Activity, Duplex/Collision Gigabit Copper: Link/Activity, Speed (1000Mbps) SFP: Link/Activity RS-232 (RJ-45) Power Power Consumption Power Input Fault Output Max. 7.9 W 2 x Unregulated +12 ~ 48 VDC 1 Relay Output Mechanism Dimensions (WxHxD) Enclosure Mounting 79 x 152 x 105 mm IP30, metal shell with solid mounting kits DIN-rail, wall Environment Operating Temperature Operating Humidity -10 ~ 60 (14 ~ 140 ) EKI-7659CI (Wide temp.): -40~75 (-40~167 ) 5 ~ 95% (non-condensing) 5 Chapter1 Storage Temperature Storage Humidity MTBF -40 ~ 85 (-40~185 ) 0 ~ 95% (non-condensing) 284,409 hours Certifications Safety EMC Freefall Shock Vibration EKI-7659C_7659CI_Manual UL, 60950-1, CAN/CSA-C22.2 No.60950 EU: EN55011, EN61000-6-4 EN55022, Class A, EN61000-3-2/3 EN55024 IEC61000-4-2/3/4/5/6/8 EN61000-6-2 IEC60068-2-32 IEC60068-2-27 IEC60068-2-6 6 1.4 Packing List 1 x EKI-7659C Industrial Managed Gigabit Ethernet Switch 1 x eAutomation Industrial Communication CD-ROM with software, and User manual 2 x Wall Mounting Bracket and Screws 1 x DIN-rail Mounting Bracket and Screws 1 x 8-pin RJ-45 to RS-232 serial cable 1 x DC Jack Cable 2.0/150mm 1 x EKI-7659C Startup Manual 1.5 Safety Precaution Attention IF DC voltage is supplied by an external circuit, please use a protection device on the power supply input. 7 Chapter1 EKI-7659C_7659CI_Manual 8 CHAPTER Installation Sections include: z LED Indicators z Dimensions z Mounting z Network Connection z Connection to a Fiber Optic Network z Power Connection z X-Ring Application z Coupling Ring Application z Dual Homing Application 9 Chapter2 Chapter 2 Installation In this chapter, you will be given an overview of the EKI-7659C hardware installation procedures. 2.1 LED Indicators There are few LEDs display the power status and network status located on the front panel of EKI-7659C, each of them has its own specific meaning shown as below. Table 2.1: EKI-7659C LED Definition LED Color PWR Green R.M. PWR1 PWR2 P-Fail Link/Active (for G9, G10 SFP) System power on Off No power input On The industrial switch is the master of the X-ring group Off The industrial switch is not the master of the X-ring group On Power input 1 is active Off Power input 1 is inactive On Power input 2 is active Off Power input 2 is inactive On Power input 1 or 2 is inactive or port link down (depends on Fault Relay Alarm configuration) Off Power input 1 and 2 are both active, or no power input On SFP port is linking Flashing Data is transmitting or receiving Off Not connected to network On The port is operating at speed of 1000M Off The port is disconnected or not operating at speed of 1000M On Connected to network Flashing Networking is active Off Not connected to network On Connected to network Flashing Networking is active Off Not connected to network On Ethernet port full duplex Flashing Collision of packets occurs Off Ethernet port half duplex or not connected to network Green Green Red Green G9, G10 (RJ-45) Green (Lower LED) Duplex/Collision (1~8) On Green Green (Upper LED) Link/Active (1~8) Description Green Orange EKI-7659C_7659CI_Manual 10 2.2 Dimensions (unit: mm) Figure 2.1: Front View of EKI-7659C 11 Chapter2 Figure 2.2: Side View of EKI-7659C EKI-7659C_7659CI_Manual 12 Figure 2.3: Rear View of EKI-7659C 13 Chapter2 Figure 2.4: Top View of EKI-7659C EKI-7659C_7659CI_Manual 14 2.3 Mounting The EKI-7659C supports two mounting methods: DIN-rail & Wall. 2.3.1 Wall mounting EKI-7659C can be wall-mounted by using the included mounting kit. Then, hang on the EKI-7659C to the nails on the wall. First, use the screws included in the package to combine the EKI-7659C and metal mounting kit. And then you can install the device firmly via the components, please see Figure 2.5 as below. Unit: mm Figure 2.5: Combine the Metal Mounting Kit 15 Chapter2 2.3.2 DIN-rail Mounting You can also mount EKI-7659C on a standard DIN-rail by steps below. The DIN-rail kit is screwed on the industrial switch when out of factory. If the DIN-rail kit is not screwed on the industrial switch, please screw the DIN-rail kit on the switch first. First, hang the EKI-7659C to the DIN-rail with angle of inclination. See Figure 2.6. Figure 2.6: Installation to DIN-rail Step 1 EKI-7659C_7659CI_Manual 16 Then, let the device down straight to slide over the rail smoothly. See Figure 2.7. Figure 2.7: Installation to DIN-rail Step 2 17 Chapter2 2.4 Network Connection The EKI-7659C has 8 x RJ-45 ports that support connection to 10 Mbps Ethernet, or 100 Mbps Fast Ethernet, and half or full duplex operation. EKI-7659C can be connected to other hubs or switches via a twisted-pair straight-through or crossover cable up to 100m long. The connection can be made from any TX port of the EKI7659C (MDI-X) to another hub or switch either MDI-X or uplink MDI port. The EKI-7659C supports auto-crossover to make networking more easy and flexible. You can connect any RJ-45 (MDI-X) station port on the switch to any device such as a switch, bridge or router. 2.5 Connection to a Fiber Optic Network EKI-7659C has two SFP slots for connecting to the network segment with single or multi-mode fiber. You can choose the appropriate mini-GBIC transceiver to plug into the slot. Make sure the transceiver is aligned correctly and then slide the transceiver into the SFP slot until a click is heard. You can use proper multi-mode or single-mode fiber according to the used SFP transceiver. With fiber optic, it transmits speed up to 1000 Mbps and you can prevent noise interference from the system and transmission distance up to 110 km, depending on the mini-GBIC transceiver. The small form-factor pluggable (SFP) is a compact optical transceiver used in optical communications for both telecommunication and data communications applications. Note The SFP/Copper Combo port can be used at one time either. The SFP port has the higher priority than copper port; if you insert the 1000M SFP transceiver into the SFP port which is connected to the remote device, the connection of the accompanying copper port will link down. If you insert the 100M SFP transceiver into the SFP port even without a fiber connection to the remote, the connection of the accompanying copper port will link down immediately. To connect the transceiver and LC cable, please follow the steps shown below: First, insert the transceiver into the SFP slot. Notice that the triangle mark indicates the bottom of the slot. Figure 2.8: Transceiver to the SFP slot EKI-7659C_7659CI_Manual 18 Figure 2.9: Transceiver Inserted Second, insert the fiber cable of LC connector into the transceiver. Figure 2.10: LC connector to the transceiver 19 Chapter2 To remove the LC connector from the transceiver, please follow the steps shown below: First, press the upper side of the LC connector to release from the transceiver and pull it out. Figure 2.11: Remove LC connector Second, push down the metal loop and pull the transceiver out by the plastic handle. Figure 2.12: Pull out from the transceiver EKI-7659C_7659CI_Manual 20 2.6 Power Connection The EKI-7659C supports dual +12 ~ 48 VDC power inputs and power-fail relay output. Figure 2.13: Pin Assignments of the Power Connector You can connect an alarm indicator, buzzer or other signaling equipment through the relay output. The relay opens if power input 1, 2 fails or port link down/break (Open means if you connect relay output with an LED, the light would be off). 21 Chapter2 2.7 X-Ring Application The industrial switch supports the X-Ring protocol that can help the network system recover from network connection failure within 10ms or less and make the network system more reliable. The X-Ring algorithm is similar to Spanning Tree Protocol (STP) and Rapid STP (RSTP) algorithm but its recovery time is less than STP/RSTP. The figure below is a sample of X-Ring application. Note The Ethernet switches with firmware version before v3.0 use the X-Ring function that has the limitation as follows. However, the one with firmware version after v3.0 (included) use the X-Ring Pro function that gets rid of the limitation. 1. The X-Ring is supposed to recover from connection failure within 10ms when the amount of the connected devices of the X-Ring group is less than 50. EKI-7659C_7659CI_Manual 22 2.8 Coupling Ring Application As the illustration shown below, users can use the X-Ring groups to form a coupling ring for redundant backup. It can ensure the transmissions between X-Ring groups not to fail. The following figure is a sample of coupling ring application. Note The Ethernet switches with firmware version before v3.0 use the X-Ring function that has the limitations as follows. However, the ones with firmware version after v3.0 (included) use the X-Ring Pro function that gets rid of the limitations. 1. To ensure the coupling ring to work normally, the connection between control ports of each X-ring group, as the figure illustrated above, should always be active. 2. The switches to be configured as members of the Coupling Ring group cannot be the X-Ring Master device of their X-ring group. 3. As the figure illustrated above, Coupling Ring only supports two X-ring groups. 23 Chapter2 2.9 Dual Homing Application The Dual Homing function is to prevent the connection loss between the particular XRing group and the upper level/core switch. Assign one port, and only one, to be the Dual Homing port that is the backup port in each single X-Ring group. The Dual Homing function only works when the X-Ring function is active. Note The Ethernet switches with firmware version before v3.0 use the X-Ring function that has the limitations as follows. However, the ones with firmware version after v3.0 (included) use the X-Ring Pro function that gets rid of the limitations. 1. In Dual Homing application architecture, the upper level switches need to enable their Rapid Spanning Tree protocol. 2. The switches to be configured as members of the Dual Homing group cannot be the X-Ring Master device of their X-ring group. 3. As the figure illustrated above, Dual Homing only supports two X-ring groups. EKI-7659C_7659CI_Manual 24 CHAPTER Configuration Sections include: z RS-232 Console z Commands Set z Web Browser 25 Chapter3 Chapter 3 Configuration The EKI-7659C can be configured via RS-232 Console or the web browser. 3.1 RS-232 Console EKI-7659C's RS-232 console is designed for rapidly configuring which provides the console management - CLI command. Attach the supplied cable, which one end is RJ-45 and the other end is female DB9, to connect EKI7659C and your host PC or terminal. The connected PC or terminal must support the terminal emulation program. Figure 3.1-1 Console Cable From the Windows desktop, click: Start/Programs/Accessories/Communications/HyperTerminal to open the Hyper Terminal program. Figure 3.1-2 EKI-7659C_7659CI_Manual Launching Hyper Terminal 26 Select the appropriate COM port, and set the parameter as the figure shown below (9600 for Baud Rate, 8 for Data Bits, None for Parity, 1 for Stop Bits, and None for Flow Control). Figure 3.1-3 COM Port Properties Setting Press Enter for login screen (If you can not find the login screen, press Enter one more time). The default user name and password are both "admin". Key-in the user name and password to enter the command line interface. Figure 3.1-4 Login Screen: RS-232 Configuration 27 Chapter3 After you have logged in to the system, you will see a command prompt. To enter CLI management interface, type in "enable" command. Figure 3.1-5 EKI-7659C_7659CI_Manual Command Line Interface 28 3.2 Commands Set The following table lists the CLI commands and description. 3.2.1 Commands Level Table 3.1: Command Level Modes Access Method Prompt Begin a session with your switch. Enter the enable command while in user EXEC mode. Privileged EXEC Global Configuration VLAN database 3.2.2 About This Model Enter logout or quit. The user commands available at the user level are a subset of those available at the privileged level. Use this mode to * Perform basic tests. * Display system information. The privileged commands are the advanced mode. Use this mode to * Display advanced function status * Save configuration Use this mode to configure the parameters to be applied to your switch switch> User EXEC Interface configuration Exit Method Enter the configure command while in privileged EXEC mode. Enter the vlan database command while in privileged EXEC mode. Enter the interface command with a specific interface while in the Global Configuration mode Enter disable to exit. switch# To exit to the Privileged EXEC mode, enter exit or end To return to the User EXEC mode, enter exit. switch(config)# switch(vlan)# switch(config-if)# To return to the previous mode, enter exit or end. Use this mode to configure VLAN-specific parameters. Use this mode to configure the parameters for the switch and Ethernet ports. Commands Set List Table 3.2: Commands Set List Command Code Word User EXEC E Privileged EXEC P Global configuration G VLAN database V Interface configuration I 29 Chapter3 3.2.3 System Commands Set Table 3.3: System Commands Set Commands show config show terminal write memory system name [System Name] system location [System Location] system description [System Description] system contact [System Contact] show system-info ip address [Ip-address] [Subnet-mask] [Gateway] ip dhcp Level E P P G G G G E Description Show switch configuration Show console information Save user configuration into permanent memory (flash rom) Configure system name switch>show config switch#show terminal switch#write memory Set switch system location string switch(config)#system location xxx Set switch system contact window string Show system information Configure the IP address of switch switch(config)#system contact xxx switch(config)#ip dhcp switch(config)#no dhcpserver reload default admin username [Username] admin password [Password] show admin dhcpserver enable G G G Enable DHCP client function of switch Show IP information of switch Disable DHCP client function of switch Halt and perform a cold restart Restore to default Changes a login username. (maximum 10 words) Specifies a password (maximum 10 words) Show administrator information Enable DHCP Server Dhcpserver disable G Disable DHCP Server show ip no ip dhcp dhcpserver lowip [Low IP] dhcpserver highip [High IP] dhcpserver subnetmask [Subnet mask] dhcpserver gateway [Gateway] P G G G P G G G G dhcpserver leasetime [Hours] G no dhcpserver security enable security http security telnet security ip [Index(1..10)] [IP Address] EKI-7659C_7659CI_Manual switch>show system-info switch(config)#ip address 192.168.1.1 255.255.255.0 192.168.1.254 switch#show ip switch(config)#no ip dhcp switch(config)#reload switch(config)#default switch(config)#admin username xxxxxx switch(config)#admin password xxxxxx switch#show admin switch(config)#dhcpserver enable Configure low IP address for IP pool switch(config)#dhcpserver lowip 192.168.1.100 Configure high IP address for IP pool switch(config)#dhcpserver highip 192.168.1.200 Configure subnet mask for DHCP switch(config)#dhcpserver subnetmask clients 255.255.255.0 Configure gateway for DHCP clients switch(config)#dhcpserver gateway 192.168.1.254 G dhcpserver dnsip [DNS IP] dhcpserver ipbinding [IP address] show dhcpserver configuration show dhcpserver clients show dhcpserver ip-binding switch(config)#system name xxx Set switch system description string switch(config)#system description xxx G G Example I P P P G G G G G Configure DNS IP for DHCP clients switch(config)#dhcpserver dnsip 192.168.1.1 Configure lease time (in hour) switch(config)#dhcpserver leasetime 1 Set static IP for DHCP clients by port switch(config)#interface fastEthernet 2 switch(config)#dhcpserver ipbinding 192.168.1.1 Show configuration of DHCP server switch#show dhcpserver configuration Show client entries of DHCP server switch#show dhcpserver clients Show IP-Binding information of switch#show dhcpserver ip-binding DHCP server Disable DHCP server function switch(config)#no dhcpserver Enable IP security function switch(config)#security enable Enable IP security of HTTP server switch(config)#security http Enable IP security of telnet server switch(config)#security telnet Set the IP security list switch(config)#security ip 1 192.168.1.55 30 show security P no security G no security http G no security telnet 3.2.4 G Show the information of IP security switch#show security Disable IP security function switch(config)#no security Disable IP security of HTTP server switch(config)#no security http Disable IP security of telnet server switch(config)#no security telnet Port Commands Set Table 3.4: Port Commands Set Commands interface fastEthernet [Portid] duplex [full | half] Level Description Example Choose the port for modification. switch(config)#interface fastEthernet 2 Use the duplex configuration command to specify the duplex mode of operation for Fast Ethernet. switch(config)#interface fastEthernet 2 switch(config-if)#duplex full G I speed [10|100|1000|auto] I no flowcontrol switch(config)#interface fastEthernet 2 Use the speed configuration switch(config-if)#speed 100 command to specify the speed mode of operation for Fast Ethernet., the speed can't be set to 1000 if the port isn't a giga port.. Disable flow control of interface switch(config-if)#no flowcontrol Enable security of interface switch(config)#interface fastEthernet 2 switch(config-if)#security enable Disable security of interface switch(config)#interface fastEthernet 2 switch(config-if)#no security Set interface ingress limit frame type to "accept all frame" switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth type all Set interface ingress limit frame type to "accept broadcast, multicast, and flooded unicast frame" Set interface ingress limit frame type to "accept broadcast and multicast frame" switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth type broadcastmulticast-flooded-unicast Set interface ingress limit frame type to "only accept broadcast frame" switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth type broadcast-only Set interface input bandwidth. Rate Range is from 100 kbps to 102400 kbps or to 256000 kbps for giga ports, and zero means no limit. Set interface output bandwidth. Rate Range is from 100 kbps to 102400 kbps or to 256000 kbps for giga ports, and zero means no limit. Show interfaces bandwidth control switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth in 100 Use the state interface configuration command to specify the state mode of operation for Ethernet ports. Use the disable switch(config)#interface fastEthernet 2 switch(config-if)#state Disable I security enable I no security I bandwidth type all I bandwidth type broadcast-multicastflooded-unicast I bandwidth type broadcast-multicast I bandwidth type broadcast-only I bandwidth in [Value] I bandwidth out [Value] show bandwidth state [Enable | Disable] I I 31 switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth type broadcastmulticast switch(config)#interface fastEthernet 2 switch(config-if)#bandwidth out 100 switch(config)#interface fastEthernet 2 switch(config-if)#show bandwidth Chapter3 form of this command to disable the port. show interface configuration show interface status I Clear interface accounting information I show interface accounting no accounting 3.2.5 I show interface configuration status switch(config)#interface fastEthernet 2 switch(config-if)#show interface configuration show interface actual status switch(config)#interface fastEthernet 2 switch(config-if)#show interface status show interface statistic counter switch(config)#interface fastEthernet 2 switch(config-if)#show interface accounting I switch(config)#interface fastEthernet 2 switch(config-if)#no accounting Trunk Commands Set Table 3.5: Trunk Commands Set Commands Level aggregator priority [1~65535] aggregator activityport [Group ID] [Port Numbers] aggregator group [GroupID] [Port-list] lacp workp [Workport] G Description Example Set port group system priority switch(config)#aggregator priority 22 Set activity port switch(config)#aggregator activityport 2 Assign a trunk group with LACP active. [GroupID] :1~3 [Port-list]:Member port list, This parameter could be a port range(ex.1-4) or a port list separate by a comma(ex.2, 3, 6) [Workport]: The amount of work ports, this value could not be less than zero or be large than the amount of member ports. Assign a static trunk group. [GroupID] :1~3 [Port-list]:Member port list, This parameter could be a port range(ex.1-4) or a port list separate by a comma(ex.2, 3, 6) switch(config)#aggregator group 1 1-4 lacp workp 2 or switch(config)#aggregator group 2 1,4,3 lacp workp 3 Show the information of trunk group switch#show aggregator 1 or switch#show aggregator 2 or switch#show aggregator 3 Disable the LACP function of trunk group switch(config)#no aggreator lacp 1 Remove a trunk group switch(config)#no aggreator group 2 G G aggregator group [GroupID] [Port-list] nolacp G show aggregator P no aggregator lacp [GroupID] switch(config)#aggregator group 1 2-4 nolacp or switch(config)#aggregator group 1 3,1,2 nolacp G no aggregator group [GroupID] 3.2.6 G VLAN Commands Set Table 3.6: VLAN Commands Set Commands vlan database Vlanmode EKI-7659C_7659CI_Manual Level P V Description Enter VLAN configure mode To set switch VLAN mode. 32 Example switch#vlan database switch(vlan)#vlanmode portbase [portbase| 802.1q | gvrp] no vlan V or switch(vlan)#vlanmode 802.1q or switch(vlan)#vlanmode gvrp Switch(vlan)#no vlan No VLAN Ported based VLAN configuration vlan port-based grpname [Group Name] grpid [GroupID] port [PortNumbers] show vlan [GroupID] or show vlan no vlan group [GroupID] Add new port based VALN switch(vlan)#vlan port-based grpname test grpid 2 port 2-4 or switch(vlan)#vlan port-based grpname test grpid 2 port 2,3,4 Show VLAN information switch(vlan)#show vlan 23 Delete port base group ID switch(vlan)#no vlan group 2 V V V IEEE 802.1Q VLAN vlan 8021q name [GroupName] vid [VID] vlan 8021q port [PortNumber] access-link untag [UntaggedVID] vlan 8021q port [PortNumber] trunk-link tag [TaggedVID List] vlan 8021q port [PortNumber] hybrid-link untag [UntaggedVID] tag [TaggedVID List] vlan 8021q trunk [PortNumber] access-link untag [UntaggedVID] vlan 8021q trunk [PortNumber] trunk-link tag [TaggedVID List] V V V V V V vlan 8021q trunk [PortNumber] hybrid-link untag [UntaggedVID] tag [TaggedVID List] show vlan [GroupID] or show vlan V Assign a access link for VLAN by port, if the port belong to a trunk group, this command can't be applied. Assign a trunk link for VLAN by port, if the port belong to a trunk group, this command can't be applied. Assign a hybrid link for VLAN by port, if the port belong to a trunk group, this command can't be applied. Assign a access link for VLAN by trunk group switch(vlan)#vlan 8021q port 3 access-link untag 33 switch(vlan)#vlan 8021q port 3 trunk-link tag 2,3,6,99 or switch(vlan)#vlan 8021q port 3 trunk-link tag 3-20 switch(vlan)#vlan 8021q port 3 hybrid-link untag 4 tag 3,6,8 or switch(vlan)#vlan 8021q port 3 hybrid-link untag 5 tag 6-8 switch(vlan)#vlan 8021q trunk 3 access-link untag 33 Assign a trunk link for VLAN by trunk switch(vlan)#vlan 8021q trunk 3 trunk-link tag group 2,3,6,99 or switch(vlan)#vlan 8021q trunk 3 trunk-link tag 320 Assign a hybrid link for VLAN by switch(vlan)#vlan 8021q trunk 3 hybrid-link untag trunk group 4 tag 3,6,8 or switch(vlan)#vlan 8021q trunk 3 hybrid-link untag 5 tag 6-8 Show VLAN information switch(vlan)#show vlan 23 Delete port base group ID switch(vlan)#no vlan group 2 V no vlan group [GroupID] 3.2.7 Change the name of VLAN group, if switch(vlan)#vlan 8021q name test vid 22 the group didn't exist, this command can't be applied. V Spanning Tree Commands Set Table 3.7: Spanning Tree Commands Set Commands spanning-tree enable Level G Description Enable spanning tree 33 Example switch(config)#spanning-tree enable Chapter3 spanning-tree priority [0~61440] G spanning-tree max-age [seconds] G spanning-tree hello-time [seconds] G spanning-tree forward-time [seconds] G stp-path-cost [1~200000000] I stp-path-priority [Port Priority] I stp-admin-p2p [Auto|True|False] stp-admin-edge [True|False] stp-admin-non-stp [True|False] show spanning-tree I I I E no spanning-tree 3.2.8 G Configure spanning tree priority parameter Use the spanning-tree max-age global configuration command to change the interval between messages the spanning tree receives from the root switch. If a switch does not receive a bridge protocol data unit (BPDU) message from the root switch within this interval, it recomputed the Spanning Tree Protocol (STP) topology. Use the spanning-tree hello-time global configuration command to specify the interval between hello bridge protocol data units (BPDUs). Use the spanning-tree forwardtime global configuration command to set the forwarding-time for the specified spanning-tree instances. The forwarding time determines how long each of the listening and learning states last before the port begins forwarding. Use the spanning-tree cost interface configuration command to set the path cost for Spanning Tree Protocol (STP) calculations. In the event of a loop, spanning tree considers the path cost when selecting an interface to place into the forwarding state. Use the spanning-tree port-priority interface configuration command to configure a port priority that is used when two switches tie for position as the root switch. Admin P2P of STP priority on this interface. Admin Edge of STP priority on this interface. Admin NonSTP of STP priority on this interface. Displays a summary of the spanning-tree states. Disable spanning-tree. switch(config)#spanning-tree priority 32767 switch(config)#spanning-tree max-age 15 switch(config)#spanning-tree hello-time 3 switch(config)#spanning-tree forward-time 20 switch(config)#interface fastEthernet 2 switch(config-if)#stp-path-cost 20 switch(config)#interface fastEthernet 2 switch(config-if)#stp-path-priority 128 switch(config)#interface fastEthernet 2 switch(config-if)#stp-admin-p2p Auto switch(config)#interface fastEthernet 2 switch(config-if)#stp-admin-edge True switch(config)#interface fastEthernet 2 switch(config-if)#stp-admin-non-stp False switch>show spanning-tree switch(config)#no spanning-tree QOS Commands Set Table 3.8: QOS Commands Set Commands qos policy [weighted-fair|strict] qos prioritytype [port-based|cos-only|tos-only|cosfirst|tos-first] qos priority portbased [Port] [lowest|low|middle|high] Level G Example Select QOS policy scheduling switch(config)#qos policy weighted-fair Setting of QOS priority type switch(config)#qos prioritytype Configure Port-based Priority switch(config)#qos priority portbased 1 low Configure COS Priority switch(config)#qos priority cos 0 middle Configure TOS Priority switch(config)#qos priority tos 3 high G G qos priority cos [Priority][lowest|low|middle|high] G qos priority tos [Priority][lowest|low|middle|high] G EKI-7659C_7659CI_Manual Description 34 show qos P no qos G 3.2.9 Displays the information of QoS configuration Disable QoS function Switch#show qos switch(config)#no qos IGMP Commands Set Table 3.9: QOS Commands Set Commands Level igmp enable Description Example Enable IGMP snooping function switch(config)#igmp enable Set IGMP query to auto mode switch(config)#Igmp-query auto Set IGMP query to force mode switch(config)#Igmp-query force P Displays the details of an IGMP configuration. switch#show igmp configuration P Displays the details of an IGMP snooping entries. switch#show igmp multi Disable IGMP snooping function switch(config)#no igmp Disable IGMP query switch#no igmp-query G Igmp-query auto G Igmp-query force G show igmp configuration show igmp multi no igmp G no igmp-query 3.2.10 G Mac/Filter Table Commands Set Table 3.10: Mac/Filter Table Commands Set Commands Level mac-address-table static hwaddr [MAC] I mac-address-table filter hwaddr [MAC] show mac-address-table show mac-address-table static show mac-address-table filter no mac-address-table static hwaddr [MAC] G P P P I no mac-address-table filter hwaddr [MAC] no mac-address-table 3.2.11 G G Description Example Configure MAC address table of interface (static). switch(config)#interface fastEthernet 2 switch(config-if)#mac-address-table static hwaddr 000012345678 Configure MAC address switch(config)#mac-address-table filter hwaddr table(filter) 000012348678 Show all MAC address table switch#show mac-address-table Show static MAC address table switch#show mac-address-table static Show filter MAC address table. switch#show mac-address-table filter Remove an entry of MAC address switch(config)#interface fastEthernet 2 table of interface (static) switch(config-if)#no mac-address-table static hwaddr 000012345678 Remove an entry of MAC address switch(config)#no mac-address-table filter hwaddr table (filter) 000012348678 Remove dynamic entry of MAC switch(config)#no mac-address-table address table SNMP Commands Set Table 3.11: SNMP Commands Set Commands snmp system-name [System Name] Level G Description Set SNMP agent system name 35 Example switch(config)#snmp system-name l2switch Chapter3 snmp system-location [System Location] snmp system-contact [System Contact] snmp agent-mode [v1v2c|v3|v1v2cv3] snmp community-strings [Community] right [RO/RW] snmp-server host [IP address] community [Community-string] trap-version [v1|v2c] snmpv3 context-name [Context Name ] snmpv3 user [User Name] group [Group Name] password [Authentication Password] [Privacy Password] snmpv3 access context-name [Context Name ] group [Group Name ] security-level [NoAuthNoPriv|AuthNoPriv|AuthPriv] match-rule [Exact|Prifix] views [Read View Name] [Write View Name] [Notify View Name] snmpv3 mibview view [View Name] type [Excluded|Included] sub-oid [OID] show snmp no snmp community-strings [Community] no snmp-server host [Host-address] no snmpv3 user [User Name] no snmpv3 access context-name [Context Name ] group [Group Name ] security-level [NoAuthNoPriv|AuthNoPriv|AuthPriv] match-rule [Exact|Prifix] views [Read View Name] [Write View Name] [Notify View Name] no snmpv3 mibview view [View Name] type [Excluded|Included] sub-oid [OID] 3.2.12 G G G Set SNMP agent system location switch(config)#snmp system-location lab Set SNMP agent system contact switch(config)#snmp system-contact where Select the agent mode of SNMP switch(config)#snmp agent-mode v1v2cv3 Add SNMP community string. switch(config)#snmp community-strings public right rw Configure SNMP server host information and community string switch(config)#snmp-server host 192.168.1.50 community public trap-version v1 (remove) Switch(config)# no snmp-server host 192.168.1.50 switch(config)#snmpv3 context-name Test G G G Configure the context name Configure the userprofile for switch(config)#snmpv3 user test01 group G1 SNMPV3 agent. Privacy password password AuthPW PrivPW could be empty. G Configure the access table of SNMPV3 agent switch(config)#snmpv3 access context-name Test group G1 security-level AuthPriv match-rule Exact views V1 V1 V1 Configure the mibview table of SNMPV3 agent switch(config)#snmpv3 mibview view V1 type Excluded sub-oid 1.3.6.1 G G P G G G Show SNMP configuration switch#show snmp Remove the specified community. switch(config)#no snmp community-strings public Remove the SNMP server host. Remove specified user of SNMPv3 switch(config)#no snmpv3 user Test agent. Remove specified access table of switch(config)#no snmpv3 access context-name SNMPv3 agent. Test group G1 security-level AuthPr iv match-rule Exact views V1 V1 V1 G Remove specified mibview table of switch(config)#no snmpv3 mibview view V1 type SNMPV3 agent. Excluded sub-oid 1.3.6.1 G Port Mirroring Commands Set Table 3.12: Port Mirroring Commands Set EKI-7659C_7659CI_Manual switch(config)#no snmp-server 192.168.1.50 36 Commands monitor rx Level G monitor tx G show monitor P monitor [RX|TX|Both] I show monitor I no monitor I 3.2.13 Description Example Set RX destination port of monitor switch(config)#monitor rx function Set TX destination port of monitor switch(config)#monitor tx function Show port monitor information switch#show monitor Configure source port of monitor function switch(config)#interface fastEthernet 2 switch(config-if)#monitor RX Show port monitor information switch(config)#interface fastEthernet 2 switch(config-if)#show monitor Disable source port of monitor function switch(config)#interface fastEthernet 2 switch(config-if)#no monitor 802.1x Commands Set Table 3.13: 802.1x Commands Set Commands 8021x enable Level G 8021x system radiousip [IP address] G 8021x system serverport [port ID] G 8021x system accountport [port ID] G 8021x system sharekey [ID] G 8021x system nasid [words] G 8021x misc quietperiod [sec.] 8021x misc txperiod [sec.] G G 8021x misc supportimeout [sec.] G 8021x misc servertimeout [sec.] G 8021x misc maxrequest [number] G 8021x misc reauthperiod [sec.] G 8021x portstate [disable | reject | accept | authorize] show 8021x I E Description Use the 802.1x global configuration command to enable 802.1x protocols. Use the 802.1x system radious IP global configuration command to change the radious server IP. Use the 802.1x system server port global configuration command to change the radious server port Use the 802.1x system account port global configuration command to change the accounting port Use the 802.1x system share key global configuration command to change the shared key value. Use the 802.1x system nasid global configuration command to change the NAS ID Use the 802.1x misc quiet period global configuration command to specify the quiet period value of the switch. Use the 802.1x misc TX period global configuration command to set the TX period. Use the 802.1x misc supp timeout global configuration command to set the supplicant timeout. Use the 802.1x misc server timeout global configuration command to set the server timeout. Use the 802.1x misc max request global configuration command to set the MAX requests. Use the 802.1x misc reauth period global configuration command to set the reauth period. Use the 802.1x port state interface configuration command to set the state of the selected port. Displays a summary of the 802.1x properties and also the port sates. 37 Example switch(config)# 8021x enable switch(config)# 8021x system radiousip 192.168.1.1 switch(config)# 8021x system serverport 1815 switch(config)# 8021x system accountport 1816 switch(config)# 8021x system sharekey 123456 switch(config)# 8021x system nasid test1 switch(config)# 8021x misc quietperiod 10 switch(config)# 8021x misc txperiod 5 switch(config)# 8021x misc supportimeout 20 switch(config)#8021x misc servertimeout 20 switch(config)# 8021x misc maxrequest 3 switch(config)# 8021x misc reauthperiod 3000 switch(config)#interface fastethernet 3 switch(config-if)#8021x portstate accept switch>show 8021x Chapter3 no 8021x G 3.2.14 Disable 802.1x function switch(config)#no 8021x TFTP Commands Set Table 3.14: TFTP Commands Set Commands Level Defaults Example G Save configuration to TFTP and need switch(config)#backup flash:backup_cfg to specify the IP of TFTP server and the file name of image. G Get configuration from TFTP server and need to specify the IP of TFTP server and the file name of image. G Upgrade firmware by TFTP and need switch(config)#upgrade lash:upgrade_fw to specify the IP of TFTP server and the file name of image. backup flash:backup_cfg restore flash:restore_cfg upgrade flash:upgrade_fw 3.2.15 Description switch(config)#restore flash:restore_cfg SystemLog, SMTP and Event Table 3.15: SysLog,SMTP,Event Commands Set Commands systemlog ip [IP address] systemlog mode [client|server|both] Level G G show systemlog show systemlog E no systemlog smtp enable smtp serverip [IP address] smtp authentication smtp account [account] smtp password [password] smtp rcptemail [Index] [Email address] show smtp no smtp event device-cold-start [Systemlog|SMTP|Both] G G event authentication-failure [Systemlog|SMTP|Both] event X-ring-topology-change [Systemlog|SMTP|Both] event systemlog [Link-UP|Link-Down|Both] event smtp [Link-UP|Link-Down|Both] show event no event device-cold-start no event authentication-failure no event X-ring-topology-change no event systemlog EKI-7659C_7659CI_Manual P G G G G G P G Description Example Set System log server IP address. switch(config)# systemlog ip 192.168.1.100 Specified the log mode switch(config)# systemlog mode both Displays system log. Show system log client & server information Disable systemlog functon Enable SMTP function Configure SMTP server IP Switch>show systemlog switch#show systemlog Enable SMTP authentication Configure authentication account switch(config)#smtp authentication switch(config)#smtp account User switch(config)#no systemlog switch(config)#smtp enable switch(config)#smtp serverip 192.168.1.5 Configure authentication password switch(config)#smtp password Configure Rcpt e-mail Address switch(config)#smtp rcptemail 1 Alert@test.com Show the information of SMTP Disable SMTP function Set cold start event type switch#show smtp switch(config)#no smtp switch(config)#event device-cold-start both Set Authentication failure event type Set X - ring topology changed event type Set port event for system log switch(config)#event authentication-failure both G G G I I P G G G I Set port event for SMTP switch(config)#event X-ring-topology-change both switch(config)#interface fastethernet 3 switch(config-if)#event systemlog both switch(config)#interface fastethernet 3 switch(config-if)#event smtp both switch#show event switch(config)#no event device-cold-start switch(config)#no event authentication-failure Show event selection Disable cold start event type Disable Authentication failure event type Disable X - ring topology changed switch(config)#no event X-ring-topology-change event type Disable port event for system log switch(config)#interface fastethernet 3 38 no event smpt I show systemlog 3.2.16 P Disable port event for SMTP Show system log client & server information switch(config-if)#no event systemlog switch(config)#interface fastethernet 3 switch(config-if)#no event smtp switch#show systemlog SNTP Commands Set Table 3.16: SNTP Commands Set Commands Level sntp enable G sntp daylight G sntp daylight-period [Start time] [End time] G sntp daylight-offset [Minute] G sntp ip [IP] G sntp timezone [Timezone] G sntp sync-interval [SEC.] show sntp show sntp timezone G no sntp daylight 3.2.17 Example switch(config)#sntp enable Enable daylight saving time, if SNTP function is inactive, this command can't be applied. switch(config)#sntp daylight Set period of daylight saving time, switch(config)# sntp daylight-period 20060101if SNTP function is inactive, this 01:01 20060202-01-01 command can't be applied. Parameter format: [yyyymmdd-hh:mm] Set offset of daylight saving time, if switch(config)#sntp daylight-offset 3 SNTP function is inactive, this command can't be applied. Set SNTP server IP, if SNTP switch(config)#sntp ip 192.169.1.1 function is inactive, this command can't be applied. Set timezone index, use "show switch(config)#sntp timezone 22 sntp timzezone" command to get more information of index number Set synchronization interval switch(config)#sntp sync-interval 0 switch#show sntp switch#show sntp timezone P Show SNTP information Show index number of time zone list G Disable SNTP function switch(config)#no sntp G Disable daylight saving time switch(config)#no sntp daylight P no sntp Description Enable SNTP function X-ring Commands Set Table 3.17: X-ring Commands Set Commands Level Description Example ring enable G Enable X-ring switch(config)#ring enable ring master G Enable ring master switch(config)#ring master ring couplering G Enable couple ring switch(config)#ring couplering ring dualhoming G Enable dual homing switch(config)#ring dualhoming ring ringport [1st Ring Port] [2nd Ring Port] G Configure 1st/2nd Ring Port switch(config)#ring ringport 7 8 Configure Coupling Port switch(config)#ring couplingport 1 Configure Control Port switch(config)#ring controlport 2 Configure Dual Homing Port switch(config)#ring homingport 3 P Show the information of X - Ring switch#show ring G Disable X-ring switch(config)#no ring ring couplingport [Coupling Port] ring controlport [Control Port] ring homingport [Dual Homing Port] show ring no ring G G G 39 Chapter3 no ring master G Disable ring master switch(config)# no ring master no ring couplering G Disable couple ring switch(config)# no ring couplering no ring dualhoming G Disable dual homing switch(config)# no ring dualhoming EKI-7659C_7659CI_Manual 40 3.3 Web Browser EKI-7659C provides a convenient configuring way via web browser. You can follow the steps below to access EKI-7659C. EKI-7659C's default IP is 192.168.1.1. Make sure your host PC and EKI-7659 are on the same logical sub-network. Warning Your host PC should be in the same VLAN setting with EKI-7659C, or the management will not be configured. Connect EKI-7659C to the Ethernet then your host PC could be configured via Ethernet. Or you can directly connect EKI-7659C to your host PC with a straight-through or cross over Ethernet cable. Before to use web management, install the industrial switch on the network and make sure that any one of PCs on the network can connect with the industrial switch through the web browser. The industrial switch default value of IP, subnet mask, username and password are as below: IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.254 User Name: admin Password: admin Open Internet Explorer and type EKI-7659C's IP in the Address field then press Enter to open the web login page. Figure 3.3-1 Type the address in the URL Figure 3.3-2 Web Login Window The default user name and password are both admin, fill in the user name and password then press OK to enter the configuration. You can change the password in the system setting. 41 Chapter3 In the main page, you can find the tree menu structure of the EKI-7659C in the left side. Click the "+" symbol to unroll the hiding hyperlink, and click the hyperlink to open the function page you want to configure. Figure 3.3-3 EKI-7659C_7659CI_Manual 42 Main page 3.3.1 System System Information Here you can view the system information and assign the system name and location to make this switch more easily to be identified on your network. System Name: Assign the name of the switch. The maximum length is 64 bytes. System Description: Displays the description of switch. Read only cannot be modified. System Location: Assign the switch physical location. The maximum length is 64 bytes. System Contact: Enter the name of contact person or organization. Firmware Version: Displays the switch's firmware version. Kernel Version: Displays the kernel software version. MAC Address: Displays the unique hardware address assigned by manufacturer (default). Warning Don't set "0" for the first segment of the subnet mask and default gateway (000.xxx.xxx.xxx). Refresh the web screen if the web could not be displayed while you change the setting. Figure 3.3-4 System Information 43 Chapter3 IP Configuration This interface allows users to configure the switch to receive an IP address from DHCP server or manually fill in IP Address, Subnet Mask, Gateway, IP addresses of the primary and the secondary DNS servers. * DHCP Client: Enable or disable the DHCP client function. When DHCP client function is enabled, the industrial switch will be assigned an IP address from the network DHCP server. The default IP address will be replaced by the assigned IP address on DHCP server. After users click Apply, a popup dialog shows up. It is to inform the user that when the DHCP client is enabled, the current IP will lose and user should find the new IP on the DHCP server. * IP Address: Assign the IP address that the network is using. If DHCP client function is enabled, and then the user doesn't need to assign the IP address. And, the network DHCP server will assign the IP address displaying in this column for the industrial switch. The default IP is 192.168.1.1. * Subnet Mask: Assign the subnet mask to the IP address. If DHCP client function is enabled, and then the user does not need to assign the subnet mask. * Gateway: Assign the network gateway for the industrial switch. The default gateway is 192.168.1.254. * DNS1: The abbreviation of Domain Name Server--an Internet service that translate domain name into IP addresses. Domain name are alphabetic which are easy to be remembered. Because the Internet is based on IP address; every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.net.com might translate to 192.168.1.1 * DNS2: The backup for DNS1. When DNS1 cannot function, DNS2 will then replace DNS1 immediately. * And then, click Apply . Figure 3.3-5 EKI-7659C_7659CI_Manual IP Configuration 44 DHCP Server - System configuration DHCP is the abbreviation of Dynamic Host Configuration Protocol that is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. The system provides the DHCP server function. Enable the DHCP server function, the switch system will be a DHCP server. DHCP Server: Enable or Disable the DHCP Server function. Enable - the switch will be the DHCP server on your local network. Low IP Address: the dynamic IP assign range. Low IP address is the beginning of the dynamic IP assigns range. For example: dynamic IP assign range is from 192.168.1.100 ~ 192.168.1.200. 192.168.1.100 will be the Low IP address. High IP Address: the dynamic IP assign range. High IP address is the end of the dynamic IP assigns range. For example: dynamic IP assign range is from 192.168.1.100 ~ 192.168.1.200. 192.168.1.200 will be the High IP address. Subnet Mask: the dynamic IP assign range subnet mask. Gateway: the gateway in your network. DNS: Domain Name Server IP Address in your network. Lease Time (sec): It is the time period that system will reset the dynamic IP assignment to ensure the dynamic IP will not been occupied for a long time or the server doesn't know that the dynamic IP is idle. And then, click Apply Figure 3.3-6 DHCP Server - System Configuration 45 Chapter3 DHCP Client - Client Entries When the DHCP server function is active, the system will collect the DHCP client information and displays them here. Figure 3.3-7 EKI-7659C_7659CI_Manual DHCP Server - Client Entries 46 DHCP Server - Port and IP Bindings You can assign a specific IP address, which is the IP in dynamic IP assign range, to the specific port. When a device is connecting to the port and asks for dynamic IP assigning, the system will assign the IP address to the connected device. Figure 3.3-8 DHCP Server - Port and IP Binding 47 Chapter3 TFTP - Update Firmware Trivial File Transfer Protocol (TFTP) is a very simple file transfer protocol, with the functionality of a very basic form of FTP. It provides the functions to allow the user to update the switch firmware. Before updating, make sure you have your TFTP server ready and the firmware image is on the TFTP server. TFTP Server IP Address: fill in your TFTP server IP. Firmware File Name: the name of firmware image. And then, click Apply Figure 3.3-9 EKI-7659C_7659CI_Manual TFTP - Update Firmware 48 TFTP - Restore Configuration You can restore Flash ROM value from TFTP server, but you must put the image file on TFTP server first, switch will download back flash image. TFTP Server IP Address: fill in the TFTP server IP. Restore File Name: fill in the correct restore file name. Click Apply Figure 3.3-10 TFTP - Restore Configuration 49 Chapter3 TFTP - Backup Configuration You can save current Flash ROM value from the switch to TFTP server, then go to the TFTP restore configuration page to restore the Flash ROM value. TFTP Server IP Address: fill in the TFTP server IP Backup File Name: fill the file name Click Apply . Figure 3.3-11 EKI-7659C_7659CI_Manual TFTP - Backup Configuration 50 System Event Log - Syslog Configuration Configure the system event mode and system log server IP which you want to collect. Syslog Client Mode: select the system log mode - client only, server only, or both S/C. System Log Server IP Address: assign the system log server IP. Click Reload to refresh the events log. Click Clear to clear all current events log. After configuring, Click Apply . Figure 3.3-12 Syslog Configuration 51 Chapter3 System Event Log - SMTP Configuration You can set up the mail server IP, mail account, account password, and forwarded email account for receiving the event alert. Email Alert: enable or disable the email alert function. SMTP Server IP: set up the mail server IP address (when Email Alert enabled, this function will then be available). Sender: key in a complete email address, e.g. switch101@123.com, to identify where the event log comes from. Authentication: mark the check box to enable and configure the email account and password for authentication (when Email Alert enabled, this function will then be available). Mail Account: set up the email account, e.g. johnadmin@123.com, to receive the alert. It must be an existing email account on the mail server, which you had set up in SMTP Server IP Address column. Password: The email account password. Confirm Password: reconfirm the password. Rcpt e-mail Address 1 ~ 6: you can assign up to 6 e-mail accounts also to receive the alert. Click Apply . Figure 3.3-13 EKI-7659C_7659CI_Manual SMTP Configuration 52 System Event Log - Event Configuration You can select the `Syslog' and `SMTP' events for each port. When selected events occur, the system will send out the log information to the system log server. After configuring, Click Apply . System event selection: 4 selections - Device cold start, Device warm start, SNMP Authentication Failure, and X-ring topology change. Mark the checkbox to select the event. When selected events occur, the system will issue the logs. 3/4 3/4 3/4 3/4 Device cold start: when the device executes cold start action, the system will issue a log event. Device warm start: when the device executes warm start, the system will issue a log event. Authentication Failure: when the SNMP authentication fails, the system will issue a log event. X-ring topology change: when the X-ring topology has changed, the system will issue a log event. Port event selection: select the syslog and SMTP events for each port. It has 3 selections--Link Up, Link Down, and Link UP & Link Down. Disable means no event is selected. 3/4 Link UP: the system will issue a log message when port connection links up only. 3/4 Link Down: the system will issue a log message when port connection links down only. 3/4 Link UP & Link Down: the system will issue a log message when port connection is up and down. Figure 3.3-14 Event Configuration 53 Chapter3 Fault Relay Alarm Power Failure: Mark the check box to enable the function of lighting up FAULT LED on the panel when power fails. Port Link Down/Broken: Mark the check box to enable the function of lighting up FAULT LED on the panel when ports' states are link-down or broken. Figure 3.3-15 EKI-7659C_7659CI_Manual Fault Relay Alarm 54 SNTP Configuration You can configure the SNTP (Simple Network Time Protocol) settings. The SNTP allows you to synchronize switch clocks on the Internet. SNTP Client: enable or disable SNTP function to get the time from the SNTP server. Daylight Saving Time: enable or disable daylight saving time function. When daylight saving time is enabled, you need to configure the daylight saving time period. UTC Timezone: set the switch location time zone. The following table lists the different location time zone for your reference. Table 3.18: UTC Timezone Local Time Zone Conversion from UTC Time at 12:00 UTC November Time Zone - 1 hour 11am Oscar Time Zone -2 hours 10 am ADT - Atlantic Daylight -3 hours 9 am AST - Atlantic Standard EDT - Eastern Daylight -4 hours 8 am EST - Eastern Standard CDT - Central Daylight -5 hours 7 am CST - Central Standard MDT - Mountain Daylight -6 hours 6 am MST - Mountain Standard PDT - Pacific Daylight -7 hours 5 am PST - Pacific Standard ADT - Alaskan Daylight -8 hours 4 am ALA - Alaskan Standard -9 hours 3 am HAW - Hawaiian Standard -10 hours 2 am Nome, Alaska -11 hours 1 am CET - Central European FWT - French Winter MET - Middle European MEWT - Middle European Winter SWT - Swedish Winter +1 hour 1 pm EET - Eastern European, USSR Zone 1 +2 hours 2 pm BT - Baghdad, USSR Zone 2 +3 hours 3 pm ZP4 - USSR Zone 3 +4 hours 4 pm 55 Chapter3 ZP5 - USSR Zone 4 +5 hours 5 pm ZP6 - USSR Zone 5 +6 hours 6 pm WAST - West Australian Standard +7 hours 7 pm CCT - China Coast, USSR Zone 7 +8 hours 8 pm JST - Japan Standard, USSR Zone 8 +9 hours 9 pm EAST - East Australian Standard GST Guam Standard, USSR Zone 9 +10 hours 10 pm IDLE - International Date Line NZST - New Zealand Standard NZT - New Zealand +12 hours Midnight SNTP Sever URL: Set the SNTP server IP address. Switch Timer: Displays the current time of the switch. Daylight Saving Period: set up the Daylight Saving beginning time and Daylight Saving ending time. Both will be different in every year. Daylight Saving Offset (mins): set up the offset time. Synchronization Interval (secs): The Synchronization Interval is used for sending synchronizing packets periodically. Users can assign the time ranging from 64 to 1024 seconds. The "0" value displaying by default means that you disable the auto-synchronized feature in the SNTP client mode. You can enable the feature by filling the interval range from 64 ~ 1024 seconds. Click Apply . Figure 3.3-16 EKI-7659C_7659CI_Manual SNTP Configuration 56 IP Security IP security function allows the user to assign 10 specific IP addresses that have permission to access the switch through the web browser for the securing switch management. IP Security Mode: when this option is in Enable mode, the Enable HTTP Server and Enable Telnet Server check boxes will then be available. Enable HTTP Server: when this check box is checked, the IP addresses among Security IP1 ~ IP10 will be allowed to access via HTTP service. Enable Telnet Server: when checked, the IP addresses among Security IP1 ~ IP10 will be allowed to access via telnet service. Security IP 1 ~ 10: Assign up to 10 specific IP address. Only these 10 IP address can access and manage the switch through the Web browser And then, click Apply to apply the configuration. Note Remember to execute the "Save Configuration" action, otherwise the new configuration will lose when switch power off. Figure 3.3-17 57 IP Security Chapter3 User Authentication You can change login user name and password for the management security issue. User name: Key in the new user name (The default is "admin") Password: Key in the new password (The default is "admin") Confirm password: Re-type the new password And then, click Apply to apply the configuration. Figure 3.3-18 EKI-7659C_7659CI_Manual User Authentication 58 3.3.2 Port Port setting includes Port Statistics, Port Control, Port Trunk, Port Mirroring, and Rate Limiting. User can use this interface to set the parameters and control the packet flow among the ports. Port Statistics The following information provides the current port statistic information. Port: The port number. Type: Displays the current speed of connection to the port. Link: The status of linking--`Up' or `Down'. State: It's set by Port Control. When the state is disabled, the port will not transmit or receive any packet. Tx Good Packet: The counts of transmitting good packets via this port. Tx Bad Packet: The counts of transmitting bad packets (including undersize [less than 64 bytes], oversize, CRC Align errors, fragments and jabbers packets) via this port. Rx Good Packet: The counts of receiving good packets via this port. Rx Bad Packet: The counts of receiving bad packets (including undersize [less than 64 bytes], oversize, CRC error, fragments and jabbers) via this port. Tx Abort Packet: The aborted packet while transmitting. Packet Collision: The counts of collision packet. Packet Dropped: The counts of dropped packet. Rx Bcast Packet: The counts of broadcast packet. Rx Mcast Packet: The counts of multicast packet. click Apply to apply the configuration. Figure 3.3-19 59 Port Statistics Chapter3 Port Control In Port Control, you can pull down the selection items to set the parameters of each port to control the transmitting/receiving packets. Port: select the port that you want to configure. State: current port status. The port can be set to disable or enable mode. If the port setting is disable then will not receive or transmit any packet. Negotiation: set auto negotiation status of port. Speed: set the port link speed. Duplex: set full-duplex or half-duplex mode of the port. Flow Control: set flow control function as Enable or Disable in Full Duplex mode. The default value is Enable. Security: when its state is "On" that means this port accepts only one MAC address. Click Apply to apply the configuration. Figure 3.3-20 EKI-7659C_7659CI_Manual 60 Port Control Port Trunk The Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems on a link to allow their Link Aggregation Control instances to reach agreement on the identity of the Link Aggregation Group to which the link belongs, move the link to that Link Aggregation Group, and enable its transmission and reception functions in an orderly manner. Link aggregation lets you group up to 4 ports into one dedicated connections. This feature can expand bandwidth to a device on the network. LACP operation requires full-duplex mode; for more detail information please refers to IEEE 802.3ad. Aggregator setting System Priority: a value used to identify the active LACP. The switch with the lowest value has the highest priority and is selected as the active LACP. Group ID: There are four trunk groups to provide configure. Choose the "Group ID" and click Select . LACP: If enable, the group is LACP dynamic trunk group. If disable, the group is static trunk group. All ports support LACP dynamic trunk group. If connecting to the device that also supports LACP, the LACP dynamic trunk group will be created automatically. Work ports: allows max four ports to be aggregated at the same time. With LACP dynamic trunk group, the exceed ports are standby and can be aggregated if work ports fail. If it is static trunk group, the number of ports must be the same as the group member ports. Select the ports to join the trunk group. Allows max four ports to be aggregated at the same time. Click Add to add the port. To remove unwanted ports, select the port and click Remov . If LACP enable, you can configure LACP Active/Passive status in each ports on State Activity page. Click Apply . Use Apply to delete Trunk Group. Select the Group ID and click Delete . Figure 3.3-21 Aggregator Setting 61 Chapter3 Aggregator Information When you have set up the aggregator setting with LACP disabled, you will see the local static trunk group information here. Figure 3.3-22 EKI-7659C_7659CI_Manual Aggregator Information 62 State Activity When you had set up the LACP aggregator, you can configure port state activity. You can mark or unmark the port. When you mark the port and click Apply the port state activity will change to Active. Opposite is Passive. Active: The port automatically sends LACP protocol packets. Passive: The port does not automatically send LACP protocol packets, and responds only if it receives LACP protocol packets from the opposite device. Note A link having either two active LACP ports or one active port can perform dynamic LACP trunk. A link has two passive LACP ports will not perform dynamic LACP trunk because both ports are waiting for an LACP protocol packet from the opposite device. If you are the active LACP's actor, after you have selected trunk port, the active status will be activated automatically. Figure 3.3-23 63 State Activity Chapter3 Port Mirroring The Port mirroring is a method for monitoring traffic in switched networks. Traffic through ports can be monitored by one specific port. That means traffic which goes in or out the monitored (source) ports will be duplicated into the mirror (destination) port. Destination Port: There is only one port can be selected to be destination (mirror) port for monitoring both RX and TX traffic which come from source port. Or, use one of two ports for monitoring RX traffic only and the other one for TX traffic only. User can connect mirror port to LAN analyzer or Netxray Source Port: The ports that user wants to monitor. All monitored port traffic will be copied to mirror (destination) port. User can select multiple source ports by checking the RX or TX check boxes to be monitored. And then, click Apply . Figure 3.3-24 EKI-7659C_7659CI_Manual 64 Port Mirroring Rate Limiting You can set up the bandwidth rate and frame limitation type for each port. Ingress Limit Frame type: select the frame type that wants to filter. The frame types have 4 options for selecting: All, Broadcast/Multicast/Flooded Unicast, Broadcast/Multicast and Broadcast only. Broadcast/Multicast/Flooded Unicast, Broadcast/Multicast and Bbroadcast only types are only for ingress frames. The egress rate only supports All type. All the ports support port ingress and egress rate control. For example, assume port 1 is 10Mbps, users can set it's effective egress rate is 1Mbps, ingress rate is 500Kbps. The switch performs the ingress rate by packet counter to meet the specified rate Ingress: Click the pull-down menu to select the port effective ingress rate (The default value is "0" kbps). Egress: Click the pull-down menu to select the port effective egress rate (The default value is "0" kbps) And then, click Apply to apply the settings Figure 3.3-25 65 Rate Limiting Chapter3 3.3.3 Protocol User can set the layer 2 protocol setting via this interface. VLAN configuration A Virtual LAN (VLAN) is a logical network grouping that limits the broadcast domain, which would allow you to isolate network traffic, so only the members of the VLAN will receive traffic from the same members of VLAN. Basically, creating a VLAN from a switch is logically equivalent of reconnecting a group of network devices to another Layer 2 switch. However, all the network devices are still plugged into the same switch physically. The industrial switch supports port-based and 802.1Q (tagged-based) VLAN. The default configuration of VLAN operation mode is "Disable". Figure 3.3-26 EKI-7659C_7659CI_Manual VLAN Configuration 66 VLAN configuration - Port-based VLAN Packets can go among only members of the same VLAN group. Note all unselected ports are treated as belonging to another single VLAN. If the port-based VLAN enabled, the VLAN-tagging is ignored. In order for an end station to send packets to different VLAN groups, it itself has to be either capable of tagging packets it sends with VLAN tags or attached to a VLAN-aware bridge that is capable of classifying and tagging the packet with different VLAN ID based on not only default PVID but also other information about the packet, such as the protocol. Figure 3.3-27 Port based mode Pull down the select item menu of VLAN Operation Mode, and select Port Based mode. Click Add to add a new VLAN group(The maximum VLAN group is up to 256 VLAN groups) Entering the VLAN name, group ID and grouping the members of VLAN group And then, click Apply 67 Chapter3 Figure 3.3-28 Port based mode-Add interface You will see the VLAN displays. Use Delete to delete unwanted VLAN. Use Edit to modify existing VLAN group. Note EKI-7659C_7659CI_Manual Remember to execute the "Save Configuration" action, otherwise the new configuration will lose when switch power off. 68 802.1Q VLAN Tagged-based VLAN is an IEEE 802.1Q specification standard. Therefore, it is possible to create a VLAN across devices from different switch venders. IEEE 802.1Q VLAN uses a technique to insert a "tag" into the Ethernet frames. Tag contains a VLAN Identifier (VID) that indicates the VLAN numbers. You can create Tag-based VLAN, and enable or disable GVRP protocol. There are 256 VLAN groups to provide configure. Enable 802.1Q VLAN, the all ports on the switch belong to default VLAN, VID is 1. The default VLAN can't be deleting. GVRP allows automatic VLAN configuration between the switch and nodes. If the switch is connected to a device with GVRP enabled, you can send a GVRP request using the VID of a VLAN defined on the switch; the switch will automatically add that device to the existing VLAN. Figure 3.3-29 802.1Q VLAN Configuration 69 Chapter3 802.1Q Configuration Pull down the select item menu of VLAN Operation Mode, and select Port Based mode. Enable GVRP Protocol: mark the check box to enable GVRP protocol that allows network devices to dynamically exchange VLAN configuration information with other devices. If GVRP protocol is not enabled, user has to set the tagging information manually. Select the port that you want to configure. Link Type: there are 3 types of link type. 3/4 Access Link: single switch only, allow user to group ports by setting the same VID. 3/4 Trunk Link: the extended application of Access Link. While the ports are set in this type, they can forward the packets with specified tag among the switches which are included in the same VLAN group. 3/4 Hybrid Link: Both Access Link and Trunk Link are available. Untagged VID: assign the untagged frame VID. Tagged VID: assign the tagged frame VID. Click Apply EKI-7659C_7659CI_Manual 70 Group Configuration Edit the existing VLAN Group. Select the VLAN group in the table list. Click Apply Figure 3.3-30 802.1Q Group Configuration You can Change the VLAN group name and VLAN ID. Click Apply . Figure 3.3-31 802.1Q Group Configuration-Edit 71 Chapter3 Rapid Spanning Tree The Rapid Spanning Tree Protocol (RSTP) is an evolution of the Spanning Tree Protocol and provides for faster spanning tree convergence after a topology change. The system also supports STP and the system will auto detect the connected device that is running STP or RSTP protocol. RSTP - System Configuration User can view spanning tree information about the Root Bridge User can modify RSTP state. After modification, click Apply 3/4 RSTP mode: user must enable or disable RSTP function before configure the related parameters 3/4 Priority (0-61440): a value used to identify the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. If the value changes, user must reboot the switch. The value must be multiple of 4096 according to the protocol standard rule 3/4 Max Age (6-40): the number of seconds a bridge waits without receiving Spanning-tree Protocol configuration messages before attempting a reconfiguration. Enter a value between 6 through 40 3/4 Hello Time (1-10): the time that controls switch sends out the BPDU packet to check RSTP current status. Enter a value between 1 through 10 3/4 Forward Delay Time (4-30): the number of seconds a port waits before changing from its Rapid Spanning-Tree Protocol learning and listening STP states to the forwarding state. Enter a value between 4 through 30 Note Follow the rule to configure the MAX Age, Hello Time, and Forward Delay Time. 2 x (Forward Delay Time value -1) > = Max Age value >= 2 x (Hello Time value +1) Figure 3.3-32 EKI-7659C_7659CI_Manual RSTP System Configuration interface 72 RSTP - Port Configuration You can configure the path cost and priority of each port. Select the port in Port column. Path Cost: The cost of the path to the other bridge from this transmitting bridge at the specified port. Enter a number 1 through 200000000. Priority: Decide which port should be blocked by priority in LAN. Enter a number 0 through 240. The value of priority must be the multiple of 16. P2P: Some of the rapid state transactions that are possible within RSTP are dependent upon whether the port concerned can only be connected to exactly one other bridge (i.e. it is served by a point-topoint LAN segment), or can be connected to two or more bridges (i.e. it is served by a shared medium LAN segment). This function allows the P2P status of the link to be manipulated administratively. True is P2P enabling. False is P2P disabling. Edge: The port directly connected to end stations cannot create bridging loop in the network. To configure the port as an edge port, set the port to "True" status. Non Stp: The state of whether the port includes the STP mathematic calculation. True is not including STP mathematic calculation. False is including the STP mathematic calculation. Click Apply . Figure 3.3-33 RSTP Port Configuration interface 73 Chapter3 SNMP Configuration Simple Network Management Protocol (SNMP) is the protocol developed to manage nodes (servers, workstations, routers, switches and hubs etc.) on an IP network. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth. Network management systems learn of problems by receiving traps or change notices from network devices implementing SNMP. System Configuration Community Strings You can define new community string set and remove unwanted community string. String: Fill the name string. RO: Read only. Enables requests accompanied by this string to display MIB-object information. RW: Read write. Enables requests accompanied by this string to display MIB-object information and to set MIB objects. Click Add . To remove the community string, select the community string that you have defined and click Remove . You cannot edit the name of the default community string set. Agent Mode Select the SNMP version that you want to use it. And then click Change to switch to the selected SNMP version mode. Figure 3.3-34 EKI-7659C_7659CI_Manual SNMP System Configuration interface 74 Trap Configuration A trap manager is a management station that receives traps, the system alerts generated by the switch. If no trap manager is defined, no traps will issue. Create a trap manager by entering the IP address of the station and a community string. To define management stations as trap manager and enter SNMP community strings and selects the SNMP version. IP Address: Enter the IP address of trap manager. Community: Enter the community string. Trap Version: Select the SNMP trap version type - v1 or v2c. Click Add . To remove the community string, select the community string that you have defined and click Remove . You cannot edit the name of the default community string set. Figure 3.3-35 Trap Configuration interface 75 Chapter3 SNMPV3 Configuration Configure the SNMP V3 function. Context Table Configure SNMP v3 context table. Assign the context name of the context table. Click Apply to add context name. User Table Configure SNMP v3 user table.. User ID: set up the user name. Authentication Password: set up the authentication password. Privacy Password: set up the private password. Click Add to add context name. Click Remove to remove unwanted context name. Group Table Configure SNMP v3 group table. Security Name (User ID): Assign the user name that you have set up in user table. Group Name: Set up the group name. Click Add to add context name. Click Remove to remove unwanted context name. Access Table Configure SNMP v3 access table. Context Prefix: Set up the context name. Group Name: Set up the group. Security Level: Set up the access level. Context Match Rule: Select the context match rule. Read View Name: Set up the read view. Write View Name: Set up the write view. Notify View Name: Set up the notify view. Click Add to add context name. Click Remove to remove unwanted context name. MIBview Table Configure MIB view table. ViewName: Set up the name. Sub-Oid Tree: Fill the Sub OID. Type: Select the type - exclude or included. Click Add to add context name. Click Remove to remove unwanted context name. EKI-7659C_7659CI_Manual 76 Figure 3.3-36 SNMP V3 configuration interface 77 Chapter3 QoS Configuration Here you can configure Qos policy and priority setting, per port priority setting, COS and TOS setting. QoS Policy and Priority Type * Qos Policy: Select the QoS policy rule. 3/4 Use an 8,4,2,1 weighted fair queuing scheme: The switch will follow 8:4:2:1 rate to process priority queue from High to lowest queue. For example, while the system processing, 1 frame of the lowest queue, 2 frames of the low queue, 4 frames of the middle queue, and 8 frames of the high queue will be processed at the same time in accordance with the 8,4,2,1 policy rule. 3/4 Use a strict priority scheme: Always the higher queue will be processed first, except the higher queue is empty. 3/4 Priority Type: There are 5 priority type selections available--Port-based, TOS only, COS only, TOS first, and COS first. Disable means no priority type is selected. * Click Apply to make the settings effective. Port Base Priority Configure the priority level for each port. With the drop-down selection item of Priority Type above being selected as Port-based, this control item will then be available to set the queuing policy for each port. * Port x: Each port has 4 priority levels--High, Middle, Low, and Lowest--to be chosen. * Click Apply to have the settings taken effect. COS Configuration Set up the COS priority level. With the drop-down selection item of Priority Type above being selected as COS only/COS first, this control item will then be available to set the queuing policy for each port. * COS priority: Set up the COS priority level 0~7--High, Middle, Low, Lowest. * Click Apply . TOS Configuration Set up the TOS priority. With the drop-down selection item of Priority Type above being selected as TOS only/TOS first, this control item will then be available to set the queuing policy for each port. * TOS priority: The system provides 0~63 TOS priority level. Each level has 4 types of priority--High, Middle, Low, and Lowest. The default value is `Lowest' priority for each level. When the IP packet is received, the system will check the TOS level value in the IP packet that has received. For example, the user sets the TOS level 25 as high, the system will check the TOS value of the received IP packet. If the TOS value of received IP packet is 25 (priority = high), and then the packet priority will have highest priority. * Click Apply to make the settings taken effect. EKI-7659C_7659CI_Manual 78 Figure 3.3-37 QoS Configuration interface 79 Chapter3 IGMP Configuration The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast connections. IGMP can be used for online video and gaming, and allows more efficient use of resources when supporting these uses. IGMP have three fundamental types of message as follows: Table 3.19: IGMP types Message Description Query A message sent from the querier (IGMP router or switch) asking for a response from each host belonging to the multicast group. Report A message sent by a host to the querier to indicate that the host wants to be or is a member of a given group indicated in the report message. Leave Group A message sent by a host to the querier to indicate that the host has quit being a member of a specific multicast group. The switch support IP multicast, you can enable IGMP protocol on web management's switch setting advanced page, then displays the IGMP snooping information. IP multicast addresses range are from 224.0.0.0 through 239.255.255.255. IGMP Protocol: Enable or disable the IGMP protocol. IGMP Query: Select the IGMP query function as Enable or Auto to set the switch as a querier for IGMP version 2 multicast network. Click Apply . Figure 3.3-38 EKI-7659C_7659CI_Manual IGMP Configuration interface 80 X-Ring X-Ring provides a faster redundant recovery than Spanning Tree topology. The action is similar to STP or RSTP, but the algorithms between them are not the same. In the X-Ring topology, each switch should be enabled with the X-Ring function and two ports of each switch should be configured as the member ports in the ring. Only one switch in the X-Ring group would be set as the master switch that one of its two member ports, known as backup port, would be blocked and the other port is called working port. Other switches in the X-Ring group are called working switches and their two member ports are called working ports. When the failure of network connection occurs, the backup port (blocked) of the master switch (Ring Master) will automatically become a working port to help the entire group recover from the failure. The switch supports the function and interface to configure the switch being a ring master. The ring master can negotiate and place commands to other switches in the X-Ring group. If there are two or more switches in master mode, the software will configure the switch with lowest MAC address number as the ring master. The ring master mode can be enabled via the X-Ring configuration interface. Also, the user can identify whether the switch is the ring master by checking the corresponding LED indicator on the panel of the switch. The system also supports the Couple Ring topology that can connect two X-Ring groups for the redundant backup function. Besides, the Dual Homing topology can prevent connection lose between the X-Ring group and the upper level/core switch. Enable X-Ring: To enable the X-Ring function. Marking the check box to enable the X-Ring function. Enable Ring Master: Mark the check box for enabling this machine to be a ring master. 1st & 2nd Ring Ports: Pull down the selection menu to assign two ports as the member ports. 1st Ring Port is the working port and 2nd Ring Port is the backup port. When 1st Ring Port fails, the system will automatically upgrade the 2nd Ring Port to be the working port. Enable Coupling Ring: To enable the coupling ring function. Marking the check box to enable the coupling ring function. Coupling port: Assign the member port. Control port: Set the switch as the master switch in the coupling ring. Enable Dual Homing: Set up one of port on the switch to be the Dual Homing port. In an X-Ring group, maximum Dual Homing port is one. Dual Homing only work when the X-Ring function enable. And then, click Apply to apply the configuration. 81 Chapter3 Figure 3.3-39 Note EKI-7659C_7659CI_Manual X-ring Interface To enable the X-Ring function, users must disable the RSTP first. The X-Ring function and RSTP function cannot both be activated on a single switch. Remember to execute the "Save Configuration" action, otherwise the new configuration will lose when switch powers off. 82 3.3.4 Security In this section, you can configure 802.1x and MAC address table. 802.1X/Radius Configuration 802.1x is an IEEE authentication specification that allows a client to connect to a wireless access point or wired switch but prevents the client from gaining access to the Internet until it provides authority, like a user name and password that are verified by a separate server. 802.1X/Radius - System Configuration After enabling the IEEE 802.1X function, you can configure the parameters of this function. IEEE 802.1x Protocol: .enable or disable 802.1x protocol. Radius Server IP: set the Radius Server IP address. Server Port: set the UDP destination port for authentication requests to the specified Radius Server. Accounting Port: set the UDP destination port for accounting requests to the specified Radius Server. Shared Key: set an encryption key for using during authentication sessions with the specified radius server. This key must match the encryption key used on the Radius Server. NAS, Identifier: set the identifier for the radius client. Click Apply . Figure 3.3-40 802.1x/Radius System Configuration 83 Chapter3 802.1x/Radius - Port Configuration You can configure 802.1x authentication state for each port. The State provides Disable, Accept, Reject and Authorize. Use "Space" key change the state value. Reject: the specified port is required to be held in the unauthorized state. Accept: the specified port is required to be held in the Authorized state. Authorized: the specified port is set to the Authorized or Unauthorized state in accordance with the outcome of an authentication exchange between the Supplicant and the authentication server. Disable: The specified port is required to be held in the Authorized state Click Apply . Figure 3.3-41 EKI-7659C_7659CI_Manual 802.1x/Radius - Port Setting interface 84 802.1X/Radius - Misc Configuration Quiet Period: set the period during which the port doesn't try to acquire a supplicant. TX Period: set the period the port wait for retransmit next EAPOL PDU during an authentication session. Supplicant Timeout: set the period of time the switch waits for a supplicant response to an EAP request. Server Timeout: set the period of time the switch waits for a server response to an authentication request. Max Requests: set the number of authentication that must time-out before authentication fails and the authentication session ends. Reauth period: set the period of time after which clients connected must be re-authenticated. Click Apply . Figure 3.3-42 802.1x/Radius - Misc Configuration 85 Chapter3 MAC Address Table Use the MAC address table to ensure the port security. You can add a static MAC address; it remains in the switch's address table, regardless of whether the device is physically connected to the switch. This saves the switch from having to re-learn a device's MAC address when the disconnected or powered-off device is active on the network again. You can add / modify / delete a static MAC address. MAC Address Table - Static MAC Address You can add static MAC address in the switch MAC table here. MAC Address: Enter the MAC address of the port that should permanently forward traffic, regardless of the device network activity. Port No.: pull down the selection menu to select the port number. Click Add . If you want to delete the MAC address from filtering table, select the MAC address and click Delete . Figure 3.3-43 EKI-7659C_7659CI_Manual Static MAC Addresses interface 86 MAC Address Table - MAC Filtering By filtering MAC address, the switch can easily filter pre-configure MAC address and reduce the unsafety. You can add and delete filtering MAC address. Figure 3.3-44 MAC Filtering interface MAC Address: Enter the MAC address that you want to filter. Click Add . If you want to delete the MAC address from filtering table, select the MAC address and click Delete . 87 Chapter3 MAC Address Table - All MAC Addresses You can view the port of the connected device's MAC address and related devices' MAC address. Select the port. The selected port of static MAC address information will be displayed here. Click Clear MAC Table to clear the current port static MAC address information on screen. Figure 3.3-45 EKI-7659C_7659CI_Manual All MAC Address interface 88 Factory Default Reset switch to default configuration. Click Reset to reset all configurations to the default value. Figure 3.3-46 Factory Default interface Save Configuration Save all configurations that you have made in the system. To ensure the all configuration will be saved, click Save to save the all configuration to the flash memory. Figure 3.3-47 Save Configuration interface System Reboot Reboot the switch in software reset. Click Figure 3.3-48 Reboot to reboot the system. System Reboot interface 89 Chapter3 EKI-7659C_7659CI_Manual 90 CHAPTER Troubleshooting 91 Chapter 4 Troubleshooting Verify that is using the included or appropriate power cord/adapter. Don't use the power adaptor with DC output voltage higher than the power rating of the device. Otherwise, the device will burn down. Select the proper UTP cable to construct the network. Please check that is using the right cable. Use Unshielded Twisted-Pair (UTP) or Shielded Twisted-Pair (STP) cable for RJ-45 connections: 100 Category 3, 4 or 5 cable for 10 Mbps connections or 100 Category 5 cable for 100 Mbps connections. Also, be sure that the length of any twisted-pair connection does not exceed 100 meters (328 feet). Diagnosing LED Indicators The switch can be easily monitored through panel indicators, which describes common problems user may encounter and where user can find possible solutions, to assist in identifying. If the power indicator does not light up when the power cord is plugged in, user may have a problem with power cord. Then check for loose power connections, power losses or surges at power outlet. If user still cannot resolve the problem, contact the local dealer for assistance. If the Industrial switch LED indicators are normal and the connected cables are correct but the packets still cannot transmit, please check your system's Ethernet devices configuration or status. EKI-7659C_7659CI_Manual 92 APPENDIX Pin Assignments & Wiring 93 Appendix A Pin Assignments & Wiring It is suggested to adopt ELA/TIA as the wiring of the RJ-45. Figure A.1: RJ-45 Pin Assignments Figure A.2: EIA/TIA-568B Figure A.3: EIA/TIA-568A EKI-7659C_7659CI_Manual 94 Figure A.4: DB 9-pin female connector DB9 Connector RJ-45 Connector NC 2 3 NC 5 NC NC NC 1 2 3 4 5 6 7 8 95 Orange/White Orange Green/White Blue Blue/White Green Brown/White Brown EKI-7659C_7659CI_Manual 96 APPENDIX Compatible SFP Transceivers 97 Appendix B Compatible SFP Transceivers The table below shows compatible SFP transceivers for EKI-7659C. Item Brand Part Number Mode 1 AVAGO AFBR-5710PZ 2 APAC LM28-C3S-TC-N Transmission Distance 550m 550m Multi-mode 3 HOATECH HTI8512-X5ATO 550m 4 SPACE SHUTTLE S56L-S85-6L-N 550m SP-GB-LX 10km SP-GB-ELX 20km 5 LuminentOIC SP-GB-XD 50km Single-mode 6 AVAGO AFCT-5710PZ 10km 7 APAC LS38-C3M-TC-N 20km 8 SPACE SHUTTLE S56L-L13-6L-N 10km EKI-7659C_7659CI_Manual 98