ORing IGS-P9164 Series Industrial IEC 61850-3 Managed Gigabit Ethernet Switch User Manual

IGS-P9164 Series Industrial IEC 61850-3 Managed Gigabit Ethernet Switch

IGS-P9164 SeriesIndustrial IEC 61850-3 Managed Gigabit Ethernet SwitchUser ManualVersion 1.1 July, 2020www.oringnet.com

IGS-P9164 Series User Manual

COPYRIGHT NOTICECopyright © 2015 ORing Industrial Networking Corp. All rights reserved. No part of this publication may be reproduced in any form without the prior written consent of ORing Industrial Networking Corp.TRADEMARKSis a registered trademark of ORing Industrial Networking Corp. All other trademarks belong to their respective owners.REGULATORY COMPLIANCE STATEMENTProduct(s) associated with this publication complies/comply with all applicable regulations. Please refer to the Technical Specifications section for more details.WARRANTYORing warrants that all ORing products are free from defects in material and workmanship for a specified warranty period from the invoice date (5 years for most products). ORing will repair or replace products found by ORing to be defective within this warranty period, with shipment expenses apportioned by ORing and the distributor. This warranty does not cover product modifications or repairs done by persons other than ORing-approved personnel, and this warranty does not apply to ORing products that are misused, abused, improperly installed, or damaged by accidents. Please refer to the Technical Specifications section for the actual warranty period(s) of the product(s) associated with this publication.DISCLAIMERInformation in this publication is intended to be accurate. ORing shall not be responsible for its use or infringements on third-parties as a result of its use. There may occasionally be unintentional errors on this publication. ORing reserves the right to revise the contents of this publication without notice.CONTACT INFORMATIONORing Industrial Networking Corp. 3F., NO.542-2, Jhongjheng Rd., Sindian District, New Taipei City 231, Taiwan, R.O.C. Tel: + 886 2 2218 1066 // Fax: + 886 2 2218 1014 Website: www.oring-networking.com Technical Support E-mail: support@oring-networking.com Sales Contact E-mail: sales@oring-networking.com (Headquarters)sales@oring-networking.com.cn (China)

ORing Industrial Networking Corp

1

IGS-P9164 Series User Manual

Table of Content

Getting Started ………………………………………………………………………………….. 61.1 About the IGS-P9164 Series ………………………………………………………………………… 6 1.2 Software Features ………………………………………………………………………………………. 6 1.3 Hardware Specifications ……………………………………………………………………………… 7

Hardware Overview…………………………………………………………………………….82.1 Front Panel ………………………………………………………………………………………………… 8 2.1.1 Available Models …………………………………………………………………………………….. 8 2.1.2 Ports and Connectors ……………………………………………………………………………… 8 2.1.3 LED …………………………………………………………………………………………………….. 102.2 Rear Panel ………………………………………………………………………………………………. 10

Hardware Installation………………………………………………………………………..123.1 DIN-rail Installation ……………………………………………………………………………………. 12 3.2 Wall Mounting…………………………………………………………………………………………… 12 3.3 Wiring ……………………………………………………………………………………………………… 14 3.3.1 Grounding………………………………………………………………………………………………… 15 3.3.2 Fault Relay ………………………………………………………………………………………………. 15 3.3.3 Redundant Power Inputs……………………………………………………………………………. 15 3.4 Connection ………………………………………………………………………………………………. 16 3.4.1 Cables …………………………………………………………………………………………………….. 1610/100/1000BASE-T(X) Pin Assignments ……………………………………………………………. 16 RS-232 console port wiring………………………………………………………………………………… 17 3.4.2 O-Ring/O-Chain………………………………………………………………………………………… 18 O-Ring 18

Redundancy ……………………………………………………………………………………. 214.1 O-Ring …………………………………………………………………………………………………….. 21 4.1.1 Introduction………………………………………………………………………………………………. 21 4.1.2 Configurations ………………………………………………………………………………………….. 21 4.2 Open-Ring ……………………………………………………………………………………………….. 23 4.2.1 Introduction………………………………………………………………………………………………. 23 4.2.2 Configurations ………………………………………………………………………………………….. 23 4.3 O-Chain …………………………………………………………………………………………………… 24 4.3.1 Introduction………………………………………………………………………………………………. 24 4.3.2 Configurations ………………………………………………………………………………………….. 24

ORing Industrial Networking Corp

2

IGS-P9164 Series User Manual

4.4 STP/RSTP/MSTP ……………………………………………………………………………………… 25 4.4.1 STP/RSTP ……………………………………………………………………………………………….. 25 4.4.2 MSTP ……………………………………………………………………………………………………… 29 Bridge Settings …………………………………………………………………………………………………….. 30 Bridge Port ………………………………………………………………………………………………………….. 32 4.5 Fast Recovery ………………………………………………………………………………………….. 34

Management ……………………………………………………………………………………. 36

5.1 Basic Settings ………………………………………………………………………………………. 37

5.1.1 System Information ……………………………………………………………………………….. 37

5.1.2

Admin & Password ………………………………………………………………………… 38

5.1.3

Authentication……………………………………………………………………………….. 39

5.1.4

IP Settings ……………………………………………………………………………………. 39

5.1.5

IPv6 Settings ………………………………………………………………………………… 40

5.1.6

Daylight Saving Time …………………………………………………………………….. 41

5.1.7

HTTPS…………………………………………………………………………………………. 43

5.1.8

SSH …………………………………………………………………………………………….. 43

5.1.9

LLDP …………………………………………………………………………………………… 44

LLDP Neighbor Information ……………………………………………………………………………………. 45

Port Statistics ………………………………………………………………………………………………………. 46

5.1.10 NTP …………………………………………………………………………………………….. 47

5.1.11 Modbus TCP ………………………………………………………………………………… 48

5.1.12 Backup/Restore Configurations ………………………………………………………. 48

5.1.13 Firmware Update…………………………………………………………………………… 48

5.2 DHCP Server ……………………………………………………………………………………….. 49

5.2.1

Basic Settings……………………………………………………………………………….. 49

5.2.2

Dynamic Client List………………………………………………………………………… 49

5.2.3

Client List……………………………………………………………………………………… 49

5.2.4

Port and IP Binding ……………………………………………………………………….. 50

5.2.5

Relay Agent ………………………………………………………………………………….. 50

5.3 Port Setting ………………………………………………………………………………………….. 53

5.3.1

Port Control ………………………………………………………………………………….. 53

5.3.2

Port Alias ……………………………………………………………………………………… 55

5.3.3

Port Trunk …………………………………………………………………………………….. 55

5.3.4

LACP …………………………………………………………………………………………… 56

5.3.5

Loop Gourd ………………………………………………………………………………….. 59

5.4 VLAN…………………………………………………………………………………………………… 61

5.4.1

VLAN Membership ………………………………………………………………………… 61

ORing Industrial Networking Corp

3

IGS-P9164 Series User Manual

5.4.2

Port Configurations………………………………………………………………………… 61

Examples of VLAN Settings …………………………………………………………………………… 66

5.4.3

Private VLAN ………………………………………………………………………………… 71

5.5 SNMP………………………………………………………………………………………………….. 72

5.5.1

SNMP System Configurations…………………………………………………………. 72

5.5.2

SNMP Community Configurations …………………………………………………… 75

5.5.3

SNMP User Configurations …………………………………………………………….. 75

5.5.4

SNMP Group Configurations…………………………………………………………… 77

5.5.5

SNMP View Configurations …………………………………………………………….. 78

5.5.6

SNMP Access Configurations …………………………………………………………. 78

5.6 Traffic Prioritization ……………………………………………………………………………….. 79

5.6.1

Storm Control ……………………………………………………………………………….. 79

5.6.2

Port Classification………………………………………………………………………….. 80

5.6.3

Port Tag Remaking ………………………………………………………………………… 82

5.6.4

Port DSCP ……………………………………………………………………………………. 83

5.6.5

Port Policing …………………………………………………………………………………. 85

Queue Policing …………………………………………………………………………………………….. 86

5.6.6

Scheduling and Shaping ………………………………………………………………… 86

5.6.7

Port Scheduler………………………………………………………………………………. 89

5.6.8

Port Shaping…………………………………………………………………………………. 90

5.6.9

DSCP Based QoS …………………………………………………………………………. 90

5.6.10 DSCP Translation ………………………………………………………………………….. 91

5.6.11 DSCP Classification ………………………………………………………………………. 92

5.6.12 QoS Control List ……………………………………………………………………………. 92

5.6.13 QoS Counters……………………………………………………………………………….. 95

5.6.14 QCL Status …………………………………………………………………………………… 95

5.7 Multicast ………………………………………………………………………………………………. 96

5.7.1

IGMP Snooping …………………………………………………………………………….. 96

5.7.2

VLAN Configurations of IGMP Snooping ………………………………………….. 97

5.7.3

IGMP Snooping Status…………………………………………………………………… 98

5.7.4

Groups Information of IGMP Snooping …………………………………………….. 99

5.8 Security ……………………………………………………………………………………………… 100

5.8.1

Remote Control Security Configurations…………………………………………. 100

5.8.2

Device Binding ……………………………………………………………………………. 100

5.8.3

ACL …………………………………………………………………………………………… 105

5.8.4

Authentication, Authorization, and Accounting…………………………………..117

5.8.5

RADIUS ……………………………………………………………………………………….117

ORing Industrial Networking Corp

4

IGS-P9164 Series User Manual

Authentication and Accounting Server Status Overview …………………………………….119

Authentication and Accounting Server Statistics ……………………………………………… 121

5.8.6

NAS (802.1x) ………………………………………………………………………………. 123

5.9 Alerts …………………………………………………………………………………………………. 133

5.9.1

Fault Alarm …………………………………………………………………………………. 133

5.9.2

System Warning ………………………………………………………………………….. 134

5.10 Monitor and Diag…………………………………………………………………………………. 136

5.10.1 MAC Table ………………………………………………………………………………….. 136

5.10.2 Port Statistics ……………………………………………………………………………… 140

5.10.3 Port Mirroring………………………………………………………………………………. 142

5.10.4 System Log Information ……………………………………………………………….. 143

5.10.5 Cable Diagnostics ……………………………………………………………………….. 144

5.10.6 SFP Monitor ……………………………………………………………………………….. 144

5.10.7 Ping …………………………………………………………………………………………… 145

5.10.8 IPv6 Ping ……………………………………………………………………………………. 146

5.11 Synchronization ………………………………………………………………………………….. 146

5.11.1 PTP External Clock Mode …………………………………………………………….. 146

5.11.2 PTP Clock Configurations …………………………………………………………….. 147

5.12 Troubleshooting ………………………………………………………………………………….. 148

5.12.1 Factory Defaults ………………………………………………………………………….. 148

5.12.2 System Reboot……………………………………………………………………………. 149

Command Line Interface Management ……………………………………………. 150

ORing Industrial Networking Corp

5

IGS-P9164 Series User Manual

Getting Started

1.1 About the IGS-P9164 SeriesThe IGS-P9164 series is a managed industrial Ethernet switch designed for power substation and rolling stock applications as it is fully compliant with the requirements of IEC 61850-3 and IEEE 1613. The series consists of three models: IGS-P9164GF, IGS-P9164FX, and IGS-P9164GC, each comes with 16×10/100/1000Base-T(X) ports and differ numbers of optical fiber ports. The devices can be managed centrally via web browsers, TELNET, Console or other third-party SNMP software as well as ORing’s proprietary Open-Vision management utility. With complete support for Ethernet redundancy protocols such as O-Ring (recovery time < 30ms over 250 units of connection) and MSTP (RSTP/STP compatible), the devices can protect your mission-critical applications from network interruptions or temporary malfunctions with its fast recovery technology. Boasting a wide operating temperature from -40oC to 85oC, the switch can meet the demanding requirements of power substations and rolling stock applications.

1.2 Software FeaturesSupports O-Ring (recovery time < 30ms over 250 units of connection) and MSTP(RSTP/STP compatible) for Ethernet redundancySupports Open-Ring to interoperate with other vendors’ ring technology in open architectureSupports O-Chain to allow multiple redundant network rings Supports standard IEC 62439-2 MRP (Media Redundancy Protocol) Supports IEEE 1588v2 clock synchronization Supports IPv6 new internet protocol version Supports Modbus TCP protocol Provided HTTPS/SSH protocol to enhance network security Support IEEE 802.3az Energy-Efficient Ethernet technology Supports SMTP client Supports IP-based bandwidth management Supports application-based QoS management Supports Device Binding security function Supports DOS/DDOS auto prevention Supports IGMP v2/v3 (IGMP snooping support) to filter multicast traffic Supports SNMP v1/v2c/v3 & RMON & 802.1Q VLAN Network Management

ORing Industrial Networking Corp

6

IGS-P9164 Series User ManualSupports ACL, TACACS+ and 802.1x user authentication for secure connections Supports 9.6K Bytes Jumbo Frame Supports DBU-01 backup unit for fast backup/restore configuration Multiple notifications for warning of unexpected events Configuration via Web, Telnet, Console (CLI), and Windows utility (Open-Vision) Supports LLDP Protocol1.3 Hardware Specifications16 x 10/100/1000Base-T(X) 4 x 100Base-X fiber ports (IGS-P9164GFX) 4 x 1000Base-X fiber ports (IGS-P9164GF) 4 x Gigabit combo ports (IGS-P9164GC) 1 x Console Port Compliance with IEC 61850-3 and IEEE 1613 Redundant DC power inputs DIN-rail and wall-mounting available Operating Temperature: -40 to 85oC Storage Temperature: -40 to 85oC Operating Humidity: 5% to 95%, non-condensing Casing: IP-30 Dimensions: 96.4 x 105.5 x 154 mm (3.80 x 4.15 x 6.06 inch)

ORing Industrial Networking Corp

7

IGS-P9164 Series User Manual

Hardware Overview

2.1 Front Panel

2.1.1 Available Models

Model name IGS-P9164GF

Description 16×10/100/1000Base-T(X) ports & 4x1000Base-X fiber ports with SC connector

IGS-P9164FX 16×10/100/1000Base-T(X) ports & 4x100Base-FX fiber ports with SC connector

IGS-P9164GC 16×10/100/1000Base-T(X) ports and 4xGigabit combo ports with SFP socket

2.1.2 Ports and Connectors

The device provides the following ports on the front panel. The Ethernet ports on the switches

use RJ-45 connectors.

Port

Description

Copper ports

16 x 10/100/1000Base-T(X)

Fiber ports

4 x 1000Base-X optical fiber ports (IGS-P9164GF) or 4 x 100Base-FX optical fiber ports (IGS-P9164GFX) or

4 x Gigabit combo ports (IGS-P9164GC)

Console port Reset button

1 x console port 1 x reset button. Press the button for 3 seconds to reset and 5 seconds to return to factory default.

IGS-P9164GF-HVORing Industrial Networking Corp

IGS-P9164GF-LV 8

IGS-P9164 Series User Manual

IGS-P9164FX-HV

IGS-P9164FX-LV

IGS-P9164GC-HV

IGS-P9164GC-LV

ORing Industrial Networking Corp

9

IGS-P9164 Series User Manual

1. LNK/ACT port for Ethernet ports 2. 10/100/100Base T(X) Ethernet ports 3. Fiber ports (IGS-P9164GF/GFX) orCombo ports (IGS-P9164GC) 4. LNK status LED for fiber/combo ports 5. Console port 6. Power indicator 7. Power 1 module indicator

8. Power 2 module indicator 9. LED for Ring Master status 10. LED for Ring status 11. Fault indicator 12. Relay output 13. Power 2 module 14. Power 1 module 15. Reset button

2.1.3 LED

LED PWR

Color Green

Status On

PW1

Green

On

PW2

Green

On

R.M

Green

On

Ring

Green

On Blinking

Fault

Amber

On

10/100/1000Base-T(X) Fast Ethernet ports

Green

On

LNK/ACT

Amber

On

Green/Amber 1000Base-X fiber ports LNK/ACT Green 100Base-FX fiber ports LNK/ACT Green 100/1000Base-X SFP ports LNK/ACT Green

OffOn BlinkingOn BlinkingOn Blinking

Description DC power on DC power module 1 activated DC power module 2 activated System running in Ring Master mode System running in Ring mode Ring structure is broken Faults occursPort is connected and running at 1000Mbps Port is connected and running at 100Mbps Port running at 10MbpsEthernet links connected Transmitting dataEthernet links connected Transmitting dataEthernet links connected Transmitting data

2.2 Rear PanelOn the rear panel of the switch sit three sets of screw holes. The two sets placed in

ORing Industrial Networking Corp

10

IGS-P9164 Series User Manual triangular patterns on both ends of the rear panel are used for wall-mounting (red boxes in the figure below) and the set of four holes in the middle are used for Din-rail installation (blue box in the figure below). For more information on installation, please refer to 23.1 Din-rail Installation.1. Wall-mount screw holes 2. Din-rail screw holes

ORing Industrial Networking Corp

11

IGS-P9164 Series User ManualHardware Installation3.1 DIN-rail InstallationThe device comes with a DIN-rail kit to allow you to fasten the switch to a DIN-rail in any environments.DIN-rail Kit Measurement (Unit = mm) Installing the switch on the DIN-rail is easy. First, screw the Din-rail kit onto the back of the switch, right in the middle of the back panel. Then slide the switch onto a DIN-rail from the Din-rail kit and make sure the switch clicks into the rail firmly.

3.2 Wall MountingBesides Din-rail, the switch can be fixed to the wall via a wall mount panel, which can be found in the package.

ORing Industrial Networking Corp

12

IGS-P9164 Series User ManualWall-Mount Kit Measurement (Unit = mm) To mount the switch onto the wall, follow the steps: 1. Screw the two pieces of wall-mount kits onto both ends of the rear panel of the switch. A total of six screws are required, as shown below.

2. Use the switch, with wall mount plates attached, as a guide to mark the correct locations of the four screws. 3. Insert screws through the round screw holes (the red arrow as below) on the sides or through the cross-shaped aperture (the green arrow as below) in the middle of the plate and fasten the screw to the wall with a screwdriver. 4. If the screw goes through the cross-shaped aperture, slide the switch down before tightening the screw.

ORing Industrial Networking Corp

13

IGS-P9164 Series User Manual

Note: Instead of screwing the screws in all the way, leave about 2 mm to allow room for sliding the wall mount panel between the wall and the screws.3.3 WiringWARNING Do not disconnect modules or wires unless power has been switched off or the area is known to be non-hazardous. The devices may only be connected to the supply voltage shown on the type plate.

ORing Industrial Networking Corp

14

IGS-P9164 Series User ManualATTENTION 1. Be sure to disconnect the power cord before installing and/or wiring yourswitches. 2. Calculate the maximum possible current in each power wire andcommon wire. Observe all electrical codes dictating the maximum current allowable for each wire size. 3. If the current goes above the maximum ratings, the wiring could overheat, causing serious damage to your equipment. 4. Use separate paths to route wiring for power and devices. If power wiring and device wiring paths must cross, make sure the wires are perpendicular at the intersection point. 5. Do not run signal or communications wiring and power wiring through the same wire conduit. To avoid interference, wires with different signal characteristics should be routed separately. 6. You can use the type of signal transmitted through a wire to determine which wires should be kept separate. The rule of thumb is that wiring sharing similar electrical characteristics can be bundled together 7. You should separate input wiring from output wiring 8. It is advised to label the wiring to all devices in the system3.3.1 GroundingGrounding and wire routing help limit the effects of noise due to electromagnetic interference (EMI). Run the ground connection from the ground screw on the power module to the grounding surface prior to connecting devices.3.3.2 Fault RelayThe switch provides fail open and fail close options for you to form relay circuits based on your needs. If you want the relay device to start operating at power failure, attach the two wires to COM and fail close to form a close circuit, vice versa. The relay contact of the 2-pin terminal block connector will respond to user-configured events according to the wiring.3.3.3 Redundant Power InputsThe switch has two sets of power inputs, power input 1 and power input 2, which sit on the front panel along with LAN ports. Follow the steps below to wire redundant power inputs. Step 1: insert the negative/positive wires into the V-/V+ terminals, respectively. Step 2: to keep the wires from pulling loose, use a small flat-blade screwdriver to tighten the wire-clamp screws on the front of the terminal block connector.

ORing Industrial Networking Corp

15

IGS-P9164 Series User Manual

3.4 Connection3.4.1 Cables10/100/1000BASE-T(X) Pin AssignmentsThe series has standard Ethernet ports. According to the link type, the switch uses CAT 3, 4, 5,5e UTP cables to connect to any other network devices (PCs, servers, switches, routers, or hubs). Please refer to the following table for cable specifications.

Cable Types and Specifications:

Cable10BASE-T 100BASE-TX 1000BASE-TX

TypeCat. 3, 4, 5 100-ohm Cat. 5 100-ohm UTP Cat. 5/Cat. 5e 100-ohm UTP

Max. Length

Connector

UTP 100 m (328 ft) UTP 100 m (R8 ft) UTP 100 m (328ft)

RJ-45 RJ-45 RJ-45

With 10/100Base-T(X) cables, pins 1 and 2 are used for transmitting data, and pins 3 and 6 are used for receiving data.

10/100Base-T(X) RJ-45 Pin Assignments :Pin Number 1 2 3 4 5 6 7 8

Assignment TD+ TDRD+Not used Not usedRDNot used Not used

1000Base-T RJ-45 Pin Assignments :Pin Number 1 2 3 4 5

Assignment BI_DA+ BI_DABI_DB+ BI_DC+ BI_DC-

ORing Industrial Networking Corp

16

IGS-P9164 Series User Manual

6

BI_DB-

7

BI_DD+

8

BI_DD-

The series supports auto MDI/MDI-X operation. You can use a cable to connect the switch to a PC. The table below shows the 10/100Base-T(X) MDI and MDI-X port pin outs.

10/100Base-T(X) MDI/MDI-X Pin Assignments:

Pin Number 1 2 3 4 5 6 7 8

MDI port TD+(transmit) TD-(transmit) RD+(receive)Not used Not used RD-(receive) Not used Not used

MDI-X port RD+(receive) RD-(receive) TD+(transmit)Not used Not used TD-(transmit) Not used Not used

1000Base-T MDI/MDI-X Pin Assignments:

Pin Number 1 2 3 4 5 6 7 8

MDI port BI_DA+ BI_DABI_DB+ BI_DC+ BI_DCBI_DBBI_DD+ BI_DD-

MDI-X port BI_DB+ BI_DBBI_DA+ BI_DD+ BI_DDBI_DABI_DC+ BI_DC-

Note: “+” and “-” signs represent the polarity of the wires that make up each wire pair.

RS-232 console port wiringThe series can be managed via console ports using a RS-232 cable which can be found in the package. You can connect the port to a PC via the RS-232 cable with a DB-9 female connector. The DB-9 female connector of the RS-232 cable should be connected the PC while the other end of the cable (RJ-45 connector) should be connected to the console port of the switch.

ORing Industrial Networking Corp

17

IGS-P9164 Series User Manual

PC pin out (male) assignment Pin #2 RD Pin #3 TD Pin #5 GD

RS-232 with DB9 female connector Pin #2 TD Pin #3 RD Pin #5 GD

DB9 to RJ 45 Pin #2 Pin #3 Pin #5

3.4.2 O-Ring/O-ChainO-RingYou can connect three or more switches to form a ring topology to gain network redundancy capabilities through the following steps. 1. Connect each switch to form a daisy chain using an Ethernet cable. 2. Set one of the connected switches to be the master and make sure the port setting of each connected switch on the management page corresponds to the physical ports connected. For infomration about the port setting, please refer to 4.1.2 Configurations. 3. Connect the last switch to the first switch to form a ring topology.

ORing Industrial Networking Corp

18

IGS-P9164 Series User ManualCoupling RingIf you already have two O-Ring topologies and would like to connect the rings, you can form them into a couping ring. All you need to do is select two switches from each ring to be connected, for example, switch A and B from Ring 1 and switch C and D from ring 2. Decide which port on each switch to be used as the coupling port and then link them together, for example, port 1 of switch A to port 2 of switch C and port 1 of switch B to port 2 of switch D. Then, enable Coupling Ring option by checking the checkbox on the management page and select the coupling ring in correspondance to the connected port. For more inforamtion on port setting, please refer to 4.1.2 Configurations. Once the setting is completed, one of the connections will act as the main path while the other will act as the backup path.

Dual HomingIf you want to connect your ring topology to a RSTP network environment, you can use dual homing. Choose two switches (Switch A & B) from the ring for connecting to the switches in the RSTP network (core switches). The connection of one of the switches (Switch A or B) will act as the primary path, while the other will act as the backup path that is activated when the primary path connection fails.

ORing Industrial Networking Corp

19

IGS-P9164 Series User Manual

O-ChainWhen connecting multiple O-Rings to meet your expansion demand, you can create an O-Chain topology through the following steps. 1. Select two switches from the chain (Switch A & B) that you want to connect to the O-Ring and connect them to the switches in the ring (Switch C & D). 2. In correspondence to the port connected to the ring, configure an edge port for both of the connected switches in the chain by checking the box in the management page (see 4.1.2 Configurations). 3. Once the setting is completed, one of the connections will act as the main path, and the ohter as the back up path.

ORing Industrial Networking Corp

20

IGS-P9164 Series User ManualRedundancyRedundancy for minimized system downtime is one of the most important concerns for industrial networking devices. Hence, ORing has developed proprietary redundancy technologies including O-Ring and Open-Ring featuring faster recovery time than existing redundancy technologies widely used in commercial applications, such as STP, RSTP, and MSTP. ORing’s proprietary redundancy technologies not only support different networking topologies, but also assure the reliability of the network.4.1 O-Ring4.1.1 IntroductionO-Ring is ORing’s proprietary redundant ring technology, with recovery time of less than 30 milliseconds (in full-duplex Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation) and up to 250 nodes. The ring protocols identify one switch as the master of the network, and then automatically block packets from traveling through any of the network’s redundant loops. In the event that one branch of the ring gets disconnected from the rest of the network, the protocol automatically readjusts the ring so that the part of the network that was disconnected can reestablish contact with the rest of the network. The O-Ring redundant ring technology can protect mission-critical applications from network interruptions or temporary malfunction with its fast recover technology.

4.1.2 ConfigurationsO-Ring supports three ring topologies: Ring Master, Coupling Ring, and Dual Homing. You can configure the settings in the interface below.

ORing Industrial Networking Corp

21

IGS-P9164 Series User Manual

LabelEnable Ring

DescriptionCheck to enable O-Ring topology.Only one ring master is allowed in a ring. However, if more than

Enable Ring Master

one switches are set to enable Ring Master, the switch with the lowest MAC address will be the active ring master and the others

will be backup masters.

1st Ring Port 2nd Ring Port Enable Coupling Ring

The primary port when the switch is ring master The backup port when the switch is ring master Check to enable Coupling Ring. Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches. It is a good method for connecting two rings.

Couple Port

Ports for connecting multiple rings. A coupling ring needs four switches to build an active and a backup link.

Enable Dual Homing

Links formed by the coupling ports will run in active/backup mode. Check to enable Dual Homing. When Dual Homing is enabled, the ring will be connected to normal switches through two RSTP links (ex: backbone Switch). The two links work in active/backup mode, and connect each ring to the normal switches in RSTP mode.

Apply

Click to activate the configurations.

Note: due to heavy loading, setting one switch as ring master and coupling ring at the same time is not recommended.

ORing Industrial Networking Corp

22

IGS-P9164 Series User Manual4.2 Open-Ring4.2.1 IntroductionOpen-Ring is a technology developed by ORing to enhance ORing switches’ interoperability with other vendors’ products. With this technology, you can add any ORing switches to the network based on other ring technologies.

4.2.2 Configurations

LabelEnable Vender 1st Ring Port 2nd Ring Port

DescriptionCheck to enable Open-Ring topology Choose the venders that you want to join in their rings The first port to connect to the ring The second port to connect to the ring

ORing Industrial Networking Corp

23

IGS-P9164 Series User Manual4.3 O-Chain4.3.1 IntroductionO-Chain is ORing’s revolutionary network redundancy technology which enhances network redundancy for any backbone networks, providing ease-of-use and maximum fault-recovery swiftness, flexibility, compatibility, and cost-effectiveness in a set of network redundancy topologies. The self-healing Ethernet technology designed for distributed and complex industrial networks enables the network to recover in less than 30 milliseconds (in full-duplex Gigabit operation) or 10 milliseconds (in full-duplex Fast Ethernet operation) for up to 250 switches if at any time a segment of the chain fails. O-Chain allows multiple redundant rings of different redundancy protocols to join and function together as a large and the most robust network topologies. It can create multiple redundant networks beyond the limitations of current redundant ring technologies.

4.3.2 ConfigurationsO-Chain is very easy to configure and manage. Only one edge port of the edge switch needs to be defined. Other switches beside them just need to have O-Chain enabled.

ORing Industrial Networking Corp

24

IGS-P9164 Series User Manual

Label Enable 1st Ring Port 2nd Ring Port Edge Port

Description Check to enable O-Chain function The first port connecting to the ring The second port connecting to the ring An O-Chain topology must begin with edge ports. The ports with a smaller switch MAC address will serve as the backup link and RM LED will light up.

4.4 STP/RSTP/MSTP4.4.1 STP/RSTPSTP (Spanning Tree Protocol), and its advanced versions RSTP (Rapid Spanning Tree Protocol) and MSTP (Multiple Spanning Tree Protocol), are designed to prevent network loops and provide network redundancy. Network loops occur frequently in large networks as when two or more paths run to the same destination, broadcast packets may get in to an infinite loop and hence causing congestion in the network. STP can identify the best path to the destination, and block all other paths. The blocked links will stay connected but inactive. When the best path fails, the blocked links will be activated. Compared to STP which recovers a link in 30 to 50 seconds, RSTP can shorten the time to 5 to 6 seconds. In other words, RSTP provides faster spanning tree convergence after a topology changes. The switch supports STP and will auto detect the connected device running on STP or RSTP protocols.

ORing Industrial Networking Corp

25

RSTP Bridge Setting

IGS-P9164 Series User Manual

Label Protocol Version Bridge Priority (0-61440)Forwarding Delay Time (4-30)Max Age Time(6-40)

Description Select Spanning Tree type , support STP / RSTP / MSTP A value used to identify the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. If the value changes, you must reboot the switch. The value must be a multiple of 4096 according to the protocol standard rule The time of a port waits before changing from RSTP learning and listening states to forwarding state. The valid value is between 4 through 30. The number of seconds a bridge waits without receiving Spanning-tree Protocol configuration messages before attempting a reconfiguration. The valid value is between 6 through 40.

ORing Industrial Networking Corp

26

IGS-P9164 Series User Manual

Maximum Hop Count This defines the initial value of remaining Hops for MSTI

information generated at the boundary of an MSTI region. It

defines how many bridges a root bridge can distribute its BPDU

information to. Valid values are in the range 6 to 40 hops.

Transmit Hold Count The number of BPDU’s a bridge port can send per second. When

exceeded, transmission of the next BPDU will be delayed. Valid

values are in the range 1 to 10 BPDU’s per second.

Edge Port BPDU

Control whether a port explicitly configured as Edge will transmit

Filtering

and receive BPDUs.

Edge Port BPDU

Control whether a port explicitly configured as Edge will disable

Guard

itself upon reception of a BPDU. The port will enter the

error-disabled state, and will be removed from the active topology.

Port Error Recovery Control whether a port in the error-disabled state automatically

will be enabled after a certain time. If recovery is not enabled,

ports have to be disabled and re-enabled for normal STP

operation. The condition is also cleared by a system reboot.

Port Error Recovery The time to pass before a port in the error-disabled state can be

Timeout

enabled. Valid values are between 30 and 86400 seconds (24

hours).

NOTE: the calculation of the MAX Age, Hello Time, and Forward Delay Time is as follows: 2 x (Forward Delay Time value ­1) > = Max Age value >= 2 x (Hello Time value +1)

The following pages show the information of the root bridge, including its port status.

ORing Industrial Networking Corp

27

IGS-P9164 Series User Manual

Label Port STP Enable Path Cost Auto Path Cost Value(1-200000000)Port Priority (0-240)Admin Edge Auto EdgeRestricted ­ Role

Description Port number User can by port enable / disable STP Function User can setting Path Cost Auto or Specific Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports. Valid values are in the range 1 to 200000000. Decide which port should be blocked by priority in the LAN. The valid value is between 0 and 240, and must be a multiple of 16 Controls whether the operEdge flag should start as set or cleared. (The initial operEdge state when a port is initialized). Controls whether the bridge should enable automatic edge detection on the bridge port. This allows operEdge to be derived from whether BPDU’s are received on the port or not. If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, it can cause lack of spanning tree connectivity. It can be set by a network

ORing Industrial Networking Corp

28

IGS-P9164 Series User Manual

Restrcted -TCNBPDU Guard Point to Point Apply

administrator to prevent bridges external to a core region of the network influence the spanning tree active topology, possibly because those bridges are not under the full control of the administrator. This feature is also known as Root Guard. If enabled, causes the port not to propagate received topology change notifications and topology changes to other ports. If set it can cause temporary loss of connectivity after changes in a spanning tree’s active topology as a result of persistently incorrect learned station location information. It is set by a network administrator to prevent bridges external to a core region of the network, causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently. If enabled, causes the port to disable itself upon receiving valid BPDU’s. Contrary to the similar bridge setting, the port Edge status does not effect this setting. Controls whether the port connects to a point-to-point LAN rather than to a shared medium. This can be automatically determined, or forced either true or false. Transition to the forwarding state is faster for point-to-point LANs than for shared media. Click to apply the configurations.

4.4.2 MSTPSince the recovery time of STP and RSTP takes seconds, which is unacceptable in industrial applications, MSTP was developed. The technology supports multiple spanning trees within a network by grouping and mapping multiple VLANs into different spanning-tree instances, known as MSTIs, to form individual MST regions. Each switch is assigned to an MST region. Hence, each MST region consists of one or more MSTP switches with the same VLANs, at least one MST instance, and the same MST region name. Therefore, switches can use different paths in the network to effectively balance loads.

ORing Industrial Networking Corp

29

IGS-P9164 Series User Manual

Bridge SettingsThis page allows you to examine and change the configurations of current MSTI ports. A MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured and applicable for the port. The MSTI instance must be selected before MSTI port configuration options are displayed.

ORing Industrial Networking Corp

30

IGS-P9164 Series User Manual

Label

Description

MSTP Enable

Enables or disables MSTP function.

Force Version

Forces a VLAN bridge that supports RSTP to operate in an

STP-compatible manner.

Configuration Name The name which identifies the VLAN to MSTI mapping. Bridges

must share the name and revision (see below), as well as the

VLAN-to-MSTI mapping configurations in order to share spanning

trees for MSTIs (intra-region). The name should not exceed 32

characters.

Revision

Level Revision of the MSTI configuration named above. This must be

(0-65535)

an integer between 0 and 65535.

Priority (0-61440)

A value used to identify the root bridge. The bridge with the lowest

value has the highest priority and is selected as the root. If the

value changes, you must reboot the switch. The value must be a

multiple of 4096 according to the protocol standard rule.

Max Age Time(6-40) The number of seconds a bridge waits without receiving

Spanning-tree Protocol configuration messages before

attempting a reconfiguration. The valid value is between 6

through 40.

Hello Time (1-10)

The time interval a switch sends out the BPDU packet to check

RSTP current status. The time is measured in seconds and the

ORing Industrial Networking Corp

31

IGS-P9164 Series User Manual

valid value is between 1 through 10.

Forwarding Delay The time of a port waits before changing from RSTP learning and

Time (4-30)

listening states to forwarding state. The valid value is between 4

through 30.

Max Hops (1-40)

An additional parameter for those specified for RSTP. A single

value applies to all STP within an MST region (the CIST and all

MSTIs) for which the bridge is the regional root.

Apply

Click to apply the configurations.

Bridge Port

Label

Description

Port No.

The number of port you want to configure

Priority (0-240)

Decide which port should be blocked by priority in the LAN. The

valid value is between 0 and 240, and must be a multiple of 16.

Path

Cost The path cost incurred by the port. The path cost is used when

(1-200000000)

establishing an active topology for the network. Lower path cost

ports are chosen as forwarding ports in favor of higher path cost

ports. The range of valid values is 1 to 200000000.

Admin P2P

Configures whether the port connects to a point-to-point LAN

rather than a shared medium. This can be configured

automatically or set to true or false manually. True means P2P

enabling. False means P2P disabling. Transiting to forwarding

state is faster for point-to-point LANs than for shared media.

Admin Edge

Specify whether this port is an edge port or a non-edge port. An

edge port is not connected to any other bridge. Only edge ports

and point-to-point links can rapidly transition to forwarding state.

To configure the port as an edge port, set the port to True.

ORing Industrial Networking Corp

32

IGS-P9164 Series User Manual

Admin Non STP Apply

The port includes the STP mathematic calculation. True is not including STP mathematic calculation, false is including the STP mathematic calculation. Click to apply the configurations.

Instance SettingThis page allows you to change the configurations of current MSTI bridge instance.

Label Instance State VLANsPriority (0-61440)Apply

Description Set the instance from 1 to 15 Enables or disables the instance The VLAN which is mapped to the MSTI. A VLAN can only be mapped to one MSTI. An unused MSTI will be left empty (ex. without any mapped VLANs). A value used to identify the root bridge. The bridge with the lowest value has the highest priority and is selected as the root. If the value changes, you must reboot the switch. The value must be a multiple of 4096 according to the protocol standard Click to apply the configurations.

Port PriorityThis page allows you to change the configurations of current MSTI bridge instance priority.

ORing Industrial Networking Corp

33

IGS-P9164 Series User Manual

Label

Description

Instance

The bridge instance. CIST is the default instance, which is always active.

Port

The port number which you want to configure.

Priority (0-240)

Decides the priority of ports to be blocked in the LAN. The valid value is between 0 and 240, and must be a multiple of 16

The path cost incurred by the port. The path cost is used when

Path

Cost establishing an active topology for the network. Lower path cost

(1-200000000)

ports are chosen as forwarding ports in favor of higher path cost

ports. The range of valid values is 1 to 200000000.

Apply

Click to apply the configurations.

4.5 Fast RecoveryFast recovery mode can be set to connect multiple ports to one or more switches, thereby providing redundant links. Fast recovery mode supports 5 priorities. Only the first priority will be the active port, and the other ports with different priorities will be backup ports.

ORing Industrial Networking Corp

34

IGS-P9164 Series User Manual

Label Active Port.01 – 05Apply

Description Activate fast recovery mode Ports can be set to 5 priorities. Only the port with the highest priority will be the active port. 1st Priority is the highest. Click to activate the configurations.

ORing Industrial Networking Corp

35

IGS-P9164 Series User ManualManagementThe switch can be controlled via a built-in web server which supports Internet Explorer (Internet Explorer 5.0 or above versions) and other Web browsers such as Chrome. Therefore, you can manage and configure the switch easily and remotely. You can also upgrade firmware via a Web browser. The Web management function not only reduces network bandwidth consumption, but also enhances access speed and provides a user-friendly viewing screen.Note: By default, IE5.0 or later version do not allow Java applets to open sockets. You need to modify the browser setting separately in order to enable Java applets for network ports.Management via Web BrowserFollow the steps below to manage your switch via a Web browserSystem Login1. Launch an Internet Explorer. 2. Type http:// and the IP address of the switch. Press Enter.3. A login screen appears. 4. Type in the username and password. The default username and password isadmin. 5. Press Enter or click OK, the management page appears.

Note: you can use the following default values: IP Address: 192.168.10.1 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.10.254

ORing Industrial Networking Corp

36

IGS-P9164 Series User ManualUser Name: admin Password: admin After logging in, you will see the information of the switch as below.

On the right hand side of the management interface shows links to various settings. Clicking on the links will bring you to individual configuration pages.5.1 Basic SettingsThe Basic Settings page allows you to configure the basic functions of the switch.5.1.1 System InformationThis page shows the general information of the switch.

Label System Name

Description An administratively assigned name for the managed node. By convention, this is the node’s fully-qualified domain name. A domain name is a text string consisting of alphabets (A-Z, a-z),

ORing Industrial Networking Corp

37

IGS-P9164 Series User Manual

System Description System LocationSystem Contact Save Reset

digits (0-9), and minus sign (-). Space is not allowed to be part of the name. The first character must be an alpha character. And the first or last character must not be a minus sign. The allowed string length is 0 to 255. Description of the device The physical location of the node (e.g., telephone closet, 3rd floor). The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed. The textual identification of the contact person for this managed node, together with information on how to contact this person. The allowed string length is 0 to 255, and only ASCII characters from 32 to 126 are allowed. Click to save changes. Click to undo any changes made locally and revert to previously saved values.

5.1.2 Admin & PasswordThis page allows you to configure the system password required to access the web pages or log in from CLI.

Label Old PasswordNew PasswordConfirm New Password Save

Description The existing password. If this is incorrect, you cannot set the new password. The new system password. The allowed string length is 0 to 31, and only ASCII characters from 32 to 126 are allowed. Re-type the new password. Click to save changes.

ORing Industrial Networking Corp

38

IGS-P9164 Series User Manual5.1.3 AuthenticationThis page allows you to configure how a user is authenticated when he/she logs into the switch via one of the management interfaces.

Label Client Authentication MethodFallbackSave Reset

Description The management client for which the configuration below applies. Authentication Method can be set to one of the following values: None: authentication is disabled and login is not possible. Local: local user database on the switch is used for authentication. Radius: a remote RADIUS server is used for authentication. Check to enable fallback to local authentication. If none of the configured authentication servers are active, the local user database is used for authentication. This is only possible if Authentication Method is set to a value other than none or local. Click to save changes Click to undo any changes made locally and revert to previously saved values

5.1.4 IP SettingsYou can configure IP information of the switch in this page.

ORing Industrial Networking Corp

39

IGS-P9164 Series User Manual

Label DHCP ClientIP AddressIP Mask IP Router VLAN ID DNS Server Save Reset

Description Enable the DHCP client by checking this box. If DHCP fails or the configured IP address is zero, DHCP will retry. If DHCP retry fails, DHCP will stop trying and the configured IP settings will be used.Assigns the IP address of the network in use. If DHCP client function is enabled, you do not need to assign the IP address. The network DHCP server will assign an IP address to the switch and it will be displayed in this column. The default IP is 192.168.10.1. Assigns the subnet mask of the IP address. If DHCP client function is enabled, you do not need to assign the subnet mask.Assigns the network gateway for the switch. The default gateway is 192.168.10.254. Provides the managed VLAN ID. The allowed range is 1 through 4095. Enter the IP address of the DNS server in dotted decimal notation. Click to save changes Click to undo any changes made locally and revert to previously saved values

5.1.5 IPv6 SettingsIPv6 is the next-generation IP that uses a 128-bit address standard. It is developed to supplement, and eventually replace the IPv4 protocol. You can configure IPv6 information of the switch on the following page.

LabelAuto ConfigurationAddress

Description Check to enable IPv6 auto-configuration. If the system cannot obtain the stateless address in time, the configured IPv6 settings will be used. The router may delay responding to a router solicitation for a few seconds; therefore, the total time needed to complete auto-configuration may be much longer. Specify an IPv6 address for the switch. IPv6 address consists of 128 bits

ORing Industrial Networking Corp

40

IGS-P9164 Series User Manual

PrefixRouterSave Reset

represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in ‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, ‘::192.1.2.34’. Specify an IPv6 prefix for the switch. The allowed range is 1 to 128. Specify an IPv6 address for the switch. IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in ‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can appear only once. It can also represent a legally valid IPv4 address. For example, ‘::192.1.2.34’. Click to save changes Click to undo any changes made locally and revert to previously saved values

5.1.6 Daylight Saving Time

Time Zone Configuration

Label Time ZoneAcronym

Description Lists various time zones worldwide. Select an appropriate time zone from the drop down and click Save. User can set the acronym of the time zone. This is a User configurable acronym to identify the time zone. ( Range : Up to 16 alpha-numeric characters and can contain ‘-‘, ‘_’ or ‘.’)

Daylight Saving Time Configuration

ORing Industrial Networking Corp

41

IGS-P9164 Series User Manual

Label

Description

This is used to set the clock forward or backward according to the

configurations set below for a defined Daylight Saving Time

duration. Select ‘Disable’ to disable the Daylight Saving Time

Daylight Saving Time configuration. Select ‘Recurring’ and configure the Daylight

Saving Time duration to repeat the configuration every year.

Select ‘Non-Recurring’ and configure the Daylight Saving Time

duration for single time configuration. ( Default : Disabled )

Start Time Settings

Label Week Day Month Hours Minutes

Description Select the starting week number. Select the starting day. Select the starting month. Select the starting hour. Select the starting minute.

End Time Settings

Week Day

Label

Description Select the ending week number. Select the ending day.

ORing Industrial Networking Corp

42

Month Hours MinutesOffset Settings

Select the ending month. Select the ending hour. Select the ending minute.

IGS-P9164 Series User Manual

Label Week

Description ter the number of minutes to add during Daylight Saving Time. ( Range: 1 to 1440 )

5.1.7 HTTPSYou can configure the HTTPS mode in the following page.

Label Mode Save Reset

Description Indicates the selected HTTPS mode. When the current connection is HTTPS, disabling HTTPS will automatically redirect web browser to an HTTP connection. The modes include: Enabled: enable HTTPS. Disabled: disable HTTPS. Click to save changes Click to undo any changes made locally and revert to previously saved values

5.1.8 SSHSSH (Secure Shell) is a cryptographic network protocol intended for secure data transmission and remote access by creating a secure channel between two networked PCs. You can configure the SSH mode in the following page.

ORing Industrial Networking Corp

43

IGS-P9164 Series User Manual

Label Mode Save Reset

Description Indicates the selected SSH mode. The modes include: Enabled: enable SSH. Disabled: disable SSH. Click to save changes Click to undo any changes made locally and revert to previously saved values

5.1.9 LLDPLLDP ConfigurationsLLDP (Link Layer Discovery Protocol) provides a method for networked devices to receive and/or transmit their information to other connected devices on the network that are also using the protocols, and to store the information that is learned about other devices. This page allows you to examine and configure current LLDP port settings.

Label PortMode

Description The switch port number to which the following settings will be applied. Indicates the selected LLDP mode Rx only: the switch will not send out LLDP information, but LLDP information from its neighbors will be analyzed. Tx only: the switch will drop LLDP information received from its neighbors,

ORing Industrial Networking Corp

44

IGS-P9164 Series User Manualbut will send out LLDP information. Disabled: the switch will not send out LLDP information, and will drop LLDP information received from its neighbors. Enabled: the switch will send out LLDP information, and will analyze LLDP information received from its neighbors.LLDP Neighbor InformationThis page provides a status overview for all LLDP neighbors. The following table contains information for each port on which an LLDP neighbor is detected. The columns include the following information:

Label Local Port Chassis ID Remote Port ID System Name Port DescriptionSystem CapabilitiesManagement Address Refresh Auto-refresh

Description The port that you use to transmits and receives LLDP frames. The identification number of the neighbor sending out the LLDP frames. The identification of the neighbor port The name advertised by the neighbor. The description of the port advertised by the neighbor. Description of the neighbor’s capabilities. The capabilities include: 1. Other 2. Repeater 3. Bridge 4. WLAN Access Point 5. Router 6. Telephone 7. DOCSIS Cable Device 8. Station Only 9. Reserved When a capability is enabled, a (+) will be displayed. If the capability is disabled, a (-) will be displayed. The neighbor’s address which can be used to help network management. This may contain the neighbor’s IP address. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals

ORing Industrial Networking Corp

45

IGS-P9164 Series User ManualPort StatisticsThis page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters will apply settings to the whole switch stack, while local counters will apply settings to specified switches.

Global CountersLabel Neighbor entries were last changed at Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dropped Total Neighbors Entries Aged Out

Description Shows the time when the last entry was deleted or added. Shows the number of new entries added since switch reboot Shows the number of new entries deleted since switch reboot Shows the number of LLDP frames dropped due to full entry table Shows the number of entries deleted due to expired time-to-live

Local CountersLabel Local Port Tx Frames Rx Frames Rx ErrorsFrames Discarded

Description The port that receives or transmits LLDP frames The number of LLDP frames transmitted on the port The number of LLDP frames received on the port The number of received LLDP frames containing errors If a port receives an LLDP frame, and the switch’s internal table is full, the LLDP frame will be counted and discarded. This situation is

ORing Industrial Networking Corp

46

IGS-P9164 Series User Manual

TLVs Discarded TLVs Unrecognized Org. DiscardedAge-OutsRefresh Clear Auto-refresh

known as “too many neighbors” in the LLDP standard. LLDP frames require a new entry in the table if Chassis ID or Remote Port ID is not included in the table. Entries are removed from the table when a given port links down, an LLDP shutdown frame is received, or when the entry ages out. Each LLDP frame can contain multiple pieces of information, known as TLVs (Type Length Value). If a TLV is malformed, it will be counted and discarded. The number of well-formed TLVs, but with an unknown type value The number of organizationally TLVs received Each LLDP frame contains information about how long the LLDP information is valid (age-out time). If no new LLDP frame is received during the age-out time, the LLDP information will be removed, and the value of the age-out counter will be incremented. Click to refresh the page immediately Click to clear the local counters. All counters (including global counters) are cleared upon reboot. Check to enable an automatic refresh of the page at regular intervals

5.1.10 NTPNetwork Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

ORing Industrial Networking Corp

47

Label Mode Server Date/ Time

IGS-P9164 Series User ManualDescription Enabled: enable NTP Disabled: disable NTP Input Server IP Address. If NTP synchronization completed , this field will show Date /Time Info.

5.1.11 Modbus TCPModbus TCP uses TCP/IP and Ethernet to carry the data of the Modbus message structure between compatible devices. The protocol is commonly used in SCADA systems for communications between a human-machine interface (HMI) and programmable logic controllers. This page enables you to enable and disable Modbus TCP support of the switch.

Label Mode

Description Shows the existing status of the Modbus TCP function

5.1.12 Backup/Restore ConfigurationsYou can save/view or load switch configurations. The configuration file is in XML format.

5.1.13 Firmware UpdateThis page allows you to update the firmware of the switch.

ORing Industrial Networking Corp

48

IGS-P9164 Series User Manual5.2 DHCP ServerThe switch provides DHCP server functions. By enabling DHCP, the switch will become a DHCP server and dynamically assigns IP addresses and related IP information to network clients.5.2.1 Basic SettingsThis page allows you to set up DHCP settings for the switch. You can check the Enabled checkbox to activate the function. Once the box is checked, you will be able to input information in each column.

5.2.2 Dynamic Client ListWhen DHCP server functions are activated, the switch will collect DHCP client information and display in the following table.

5.2.3 Client ListYou can assign a specific IP address within the dynamic IP range to a specific port. When a

ORing Industrial Networking Corp

49

IGS-P9164 Series User Manual device is connected to the port and requests for dynamic IP assigning, the switch will assign the IP address that has previously been assigned to the connected device.5.2.4 Port and IP BindingAs below screenshot , the function allow user by setting IP Address value , DHCP Server will follow this IP address ,assign IP to DHCP Client device .

5.2.5 Relay AgentDHCP relay is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. You can configure the function in this page.

ORing Industrial Networking Corp

50

IGS-P9164 Series User Manual

Label Relay ModeRelay Server Relay Information Mode

Description Indicates the existing DHCP relay mode. The modes include: Enabled: activate DHCP relay. When DHCP relay is enabled, the agent forwards and transfers DHCP messages between the clients and the server when they are not in the same subnet domain to prevent the DHCP broadcast message from flooding for security considerations. Disabled: disable DHCP relay Indicates the DHCP relay server IP address. A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. Indicates the existing DHCP relay information mode. The format of DHCP option 82 circuit ID format is “[vlan_id][module_id][port_no]”. The first four characters represent the VLAN ID, and the fifth and sixth characters are the module ID. In stand-alone devices, the module ID always equals to 0; in stacked devices, it means switch ID. The last two characters are the port number. For example, “00030108” means the DHCP message received form VLAN ID 3, switch ID 1, and port No. 8. The option 82 remote ID value equals to the switch MAC address. The modes include: Enabled: activate DHCP relay information. When DHCP relay information is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to a DHCP server and removes it from a DHCP message when transferring to a DHCP client. It only works when DHCP relay mode is enabled.

ORing Industrial Networking Corp

51

IGS-P9164 Series User Manual

Relay Information Policy

Disabled: disable DHCP relay information Indicates the policies to be enforced when receiving DHCP relay information. When DHCP relay information mode is enabled, if the agent receives a DHCP message that already contains relay agent information, it will enforce the policy. The Replace option is invalid when relay information mode is disabled. The policies includes: Replace: replace the original relay information when a DHCP message containing the information is received. Keep: keep the original relay information when a DHCP message containing the information is received. Drop: drop the package when a DHCP message containing the information is received.

The relay statistics shows the information of relayed packet of the switch.

Label Transmit to Sever Transmit Error Receive from Server Receive Missing Agent Option Receive Missing Circuit ID Receive Missing Remote ID Receive Bad Circuit IDReceive Bad Remote ID

Description The number of packets relayed from the client to the server The number of packets with errors when being sent to clients The number of packets received from the server The number of packets received without agent informationThe number of packets received with Circuit IDThe number of packets received with the Remote ID option missing. The number of packets whose Circuit ID do not match the known circuit ID The number of packets whose Remote ID do not match the known Remote ID

ORing Industrial Networking Corp

52

IGS-P9164 Series User Manual

Label Transmit to Client Transmit Error Receive from Client Receive Agent OptionReplace Agent OptionKeep Agent OptionDrop Agent Option

Description The number of packets relayed from the server to the client The number of packets with errors when being sent to servers The number of packets received from the server The number of received packets containing relay agent information The number of packets replaced when received messages contain relay agent information. The number of packets whose relay agent information is retained The number of packets dropped when received messages contain relay agent information.

5.3 Port Setting

Port Setting allows you to manage individual ports of the switch, including traffic, power, and trunks.

5.3.1 Port ControlThis page shows current port configurations. Ports can also be configured here.

ORing Industrial Networking Corp

53

IGS-P9164 Series User Manual

Label Port Link Current Link Speed Configured Link SpeedFlow ControlMaximum FramePower ControlTotal Power Usage Save Reset Refresh

Description The switch port number to which the following settings will be applied. The current link state is shown by different colors. Green indicates the link is up and red means the link is down. Indicates the current link speed of the port The drop-down list provides available link speed options for a given switch port Auto selects the highest speed supported by the link partner Disabled disables switch port configuration <> configures all ports When Auto is selected for the speed, the flow control will be negotiated to the capacity advertised by the link partner. When a fixed-speed setting is selected, that is what is used. Current Rx indicates whether pause frames on the port are obeyed, and Current Tx indicates whether pause frames on the port are transmitted. The Rx and Tx settings are determined by the result of the last auto-negotiation. You can check the Configured column to use flow control. This setting is related to the setting of Configured Link Speed. You can enter the maximum frame size allowed for the switch port in this column, including FCS. The allowed range is 1518 bytes to 9600 bytes. Shows the current power consumption of each port in percentage. The Configured column allows you to change power saving parameters for each port. Disabled: all power savings functions are disabled ActiPHY: link down and power savings enabled PerfectReach: link up and power savings enabled Enabled: both link up and link down power savings enabled Total power consumption of the board, measured in percentage Click to save changes Click to undo any changes made locally and revert to previously saved values Click to refresh the page. Any changes made locally will be undone.

ORing Industrial Networking Corp

54

IGS-P9164 Series User Manual5.3.2 Port AliasThis page provides alias IP address configuration. Some devices might have more than one IP addresses. You could specify other IP addresses here.

5.3.3 Port TrunkA port trunk is a group of ports that have been grouped together to function as one logical path. This method provides an economical way for you to increase the bandwidth between the switch and another networking device. In addition, it is useful when a single physical link between the devices is insufficient to handle the traffic load. This page allows you to configure the aggregation hash mode and the aggregation group.

Label

Description

Source MAC Address Calculates the destination port of the frame. You can check this

box to enable the source MAC address, or uncheck to disable. By

default, Source MAC Address is enabled.

Destination MAC

Calculates the destination port of the frame. You can check this

Address

box to enable the destination MAC address, or uncheck to

disable. By default, Destination MAC Address is disabled.

IP Address

Calculates the destination port of the frame. You can check this

box to enable the IP address, or uncheck to disable. By default, IP

Address is enabled.

ORing Industrial Networking Corp

55

TCP/UDP Port Number

IGS-P9164 Series User ManualCalculates the destination port of the frame. You can check this box to enable the TCP/UDP port number, or uncheck to disable. By default, TCP/UDP Port Number is enabled.

Label Group IDPort Members

Description Indicates the ID of each aggregation group. Normal means no aggregation. Only one group ID is valid per port. Lists each switch port for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group.

5.3.4 LACPLACP (Link Aggregation Control Protocol) trunks are similar to static port trunks, but they are more flexible because LACP is compliant with the IEEE 802.3ad standard. Hence, it is interoperable with equipment from other vendors that also comply with the standard. This page allows you to enable LACP functions to group ports together to form single virtual links and change associated settings, thereby increasing the bandwidth between the switch and other LACP-compatible devices.

ORing Industrial Networking Corp

56

IGS-P9164 Series User Manual

Label Port LACP EnabledKeyRole Save Reset

Description Indicates the ID of each aggregation group. Normal indicates there is no aggregation. Only one group ID is valid per port. Lists each switch port for each group ID. Check to include a port in an aggregation, or clear the box to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only full duplex ports can join an aggregation and the ports must be in the same speed in each group. The Key value varies with the port, ranging from 1 to 65535. Auto will set the key according to the physical link speed (10Mb = 1, 100Mb = 2, 1Gb = 3). Specific allows you to enter a user-defined value. Ports with the same key value can join in the same aggregation group, while ports with different keys cannot. Indicates LACP activity status. Active will transmit LACP packets every second, while Passive will wait for a LACP packet from a partner (speak if spoken to). Click to save changes Click to undo changes made locally and revert to previous values

LACP System StatusThis page provides a status overview for all LACP instances.

ORing Industrial Networking Corp

57

IGS-P9164 Series User Manual

Label Aggr IDPartner System ID Partner Key Last Changed Last ChangedRefresh Auto-refresh

Description The aggregation ID is associated with the aggregation instance. For LLAG, the ID is shown as ‘isid:aggr-id’ and for GLAGs as ‘aggr-id’ System ID (MAC address) of the aggregation partner The key assigned by the partner to the aggregation ID The time since this aggregation changed. Indicates which ports belong to the aggregation of the switch/stack. The format is: “Switch ID:Port”. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals

LACP StatusThis page provides an overview of the LACP status for all ports.

Label Port LACP

Description Switch port number Yes means LACP is enabled and the port link is up. No means LACP is not enabled or the port link is down. Backup means the

ORing Industrial Networking Corp

58

IGS-P9164 Series User Manual

KeyAggr ID Partner System ID Partner Port Refresh Auto-refresh

port cannot join in the aggregation group unless other ports are removed. The LACP status is disabled. The key assigned to the port. Only ports with the same key can be aggregated The aggregation ID assigned to the aggregation group The partner’s system ID (MAC address) The partner’s port number associated with the port Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals

LACP StatisticsThis page provides an overview of the LACP statistics for all ports.

Label Port LACP Transmitted LACP Received DiscardedRefresh Auto-refresh Clear

Description Switch port number The number of LACP frames sent from each port The number of LACP frames received at each port The number of unknown or illegal LACP frames discarded at each port. Click to refresh the page immediately Check to enable an automatic refresh of the page at regular intervals Click to clear the counters for all ports

5.3.5 Loop GourdThis feature prevents loop attack. When receiving loop packets, the port will be disabled automatically, preventing the loop attack from affecting other network devices.

ORing Industrial Networking Corp

59

IGS-P9164 Series User Manual

LabelEnable Loop Protection Transmission TimeShutdown Time

DescriptionActivate loop protection functions (as a whole) The interval between each loop protection PDU sent on each port. The valid value is 1 to 10 seconds. The period (in seconds) for which a port will be kept disabled when a loop is detected (shutting down the port). The valid value is 0 to 604800 seconds (7 days). A value of zero will keep a port disabled permanently (until the device is restarted).

LabelPort Enable ActionTx Mode

DescriptionSwitch port number Activate loop protection functions (as a whole) Configures the action to take when a loop is detected. Valid values include Shutdown Port, Shutdown Port, and Log or Log Only. Controls whether the port is actively generating loop protection PDUs or only passively look for looped PDUs.

ORing Industrial Networking Corp

60

IGS-P9164 Series User Manual5.4 VLAN5.4.1 VLAN MembershipA VLAN (Virtual LAN) is a logical LAN based on a physical LAN with links that does not consist of a physical (wired or wireless) connection between two computing devices but is implemented using methods of network virtualization. A VLAN can be created by partitioning a physical LAN into multiple logical LANs using a VLAN ID. You can assign switch ports to a VLAN and add new VLANs in this page.

Label Delete VLAN ID MAC Address Port MembersAdd New VLAN

Description Check to delete the entry. It will be deleted during the next save. The VLAN ID for the entry The MAC address for the entry Checkmarks indicate which ports are members of the entry. Check or uncheck as needed to modify the entry Click to add a new VLAN ID. An empty row is added to the table, and the VLAN can be configured as needed. Valid values for a VLAN ID are 1 through 4095. After clicking Save, the new VLAN will be enabled on the selected switch stack but contains no port members. A VLAN without any port members on any stack will be deleted when you click Save. Click Delete to undo the addition of new VLANs.

5.4.2 Port ConfigurationsThis page allows you to set up VLAN ports individually.

ORing Industrial Networking Corp

61

IGS-P9164 Series User Manual

Label Ethertype for customer S-Ports PortPort typeIngress FilteringFrame TypePort VLAN

DescriptionThis field specifies the Ether type used for custom S-ports. This is a global setting for all custom S-ports.The switch port number to which the following settings will be applied. Port can be one of the following types: Unaware, Customer (C-port), Service (S-port), Custom Service (S-custom-port). If port type is Unaware, all frames are classified to the port VLAN ID and tags are not removed. Enable ingress filtering on a port by checking the box. This parameter affects VLAN ingress processing. If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame, the frame will be discarded. By default, ingress filtering is disabled (no check mark). Determines whether the port accepts all frames or only tagged/untagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on the port will be discarded. By default, the field is set to All. The allowed values are None or Specific. This parameter affects VLAN

ORing Industrial Networking Corp

62

IGS-P9164 Series User Manual

ModePort VLAN ID Tx Tag

ingress and egress processing. If None is selected, a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN-aware switches. Tx tag should be set to Untag_pvid when this mode is used. If Specific (the default value) is selected, a port VLAN ID can be configured (see below). Untagged frames received on the port are classified to the port VLAN ID. If VLAN awareness is disabled, all frames received on the port are classified to the port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the port VLAN ID, a VLAN tag with the classified VLAN ID will be inserted in the frame. Configures the VLAN identifier for the port. The allowed range of the values is 1 through 4095. The default value is 1. Note: The port must be a member of the same VLAN as the port VLAN ID. Determines egress tagging of a port. Untag_pvid: all VLANs except the configured PVID will be tagged. Tag_all: all VLANs are tagged. Untag_all: all VLANs are untagged.

Introduction of Port Types

Below is a detailed description of each port type, including Unaware, C-port, S-port, and

S-custom-port.

Ingress action

Egress action

Unaware

When the port receives untagged frames, The TPID of a frame

The function of

an untagged frame obtains a tag (based transmitted by

Unaware can be

on PVID) and is forwarded.

Unaware port will be

used for 802.1QinQ When the port receives tagged frames: set to 0x8100.

(double tag).

1. If the tagged frame contains a TPID of The final status of the

0x8100, it will become a double-tag frame frame after egressing

and will be forwarded.

will also be affected

2. If the TPID of tagged frame is not by the Egress Rule.

0x8100 (ex. 0x88A8), it will be discarded.

C-port

When the port receives untagged frames, The TPID of a frame

an untagged frame obtains a tag (based transmitted by C-port

on PVID) and is forwarded.

will be set to 0x8100.

When the port receives tagged frames:

1. If the tagged frame contains a TPID of

0x8100, it will be forwarded.

ORing Industrial Networking Corp

63

S-port S-custom-port

IGS-P9164 Series User Manual

2. If the TPID of tagged frame is not

0x8100 (ex. 0x88A8), it will be discarded.

When the port receives untagged frames, The TPID of a frame

an untagged frame obtains a tag (based transmitted by S-port

on PVID) and is forwarded.

will be set to 0x88A8.

When the port receives tagged frames:

1. If the tagged frame contains a TPID of

0x8100, it will be forwarded.

2. If the TPID of tagged frame is not

0x88A8 (ex. 0x8100), it will be discarded.

When the port receives untagged frames, The TPID of a frame

an untagged frame obtains a tag (based transmitted by

on PVID) and is forwarded.

S-custom-port will be

When the port receives tagged frames: set to a

1. If the tagged frame contains a TPID of self-customized

0x8100, it will be forwarded.

value, which can be

2. If the TPID of tagged frame is not set by the user via

0x88A8 (ex. 0x8100), it will be discarded. Ethertype for

Custom S-ports.

ORing Industrial Networking Corp

64

IGS-P9164 Series User Manual

ORing Industrial Networking Corp

65

IGS-P9164 Series User Manual

Examples of VLAN SettingsVLAN Access Mode:

Switch A, Port 7 is VLAN Access mode = Untagged 20 Port 8 is VLAN Access mode = Untagged 10Below are the switch settings.

ORing Industrial Networking Corp

66

IGS-P9164 Series User Manual

VLAN 1Q Trunk Mode:

Switch B, Port 1 = VLAN 1Qtrunk mode = tagged 10, 20 Port 2 = VLAN 1Qtrunk mode = tagged 10, 20Below are the switch settings.

ORing Industrial Networking Corp

67

IGS-P9164 Series User Manual

VLAN Hybrid Mode: Port 1 VLAN Hybrid mode = untagged 10Tagged 10, 20Below are the switch settings.

ORing Industrial Networking Corp

68

IGS-P9164 Series User Manual

VLAN QinQ Mode:VLAN QinQ mode is usually adopted when there are unknown VLANs, as shown in the figurebelow.VLAN “X” = Unknown VLAN

9000 Series Port 1 VLAN Settings:

ORing Industrial Networking Corp

69

IGS-P9164 Series User Manual

VLAN ID SettingsWhen setting the management VLAN, only the same VLAN ID port can be used to control the switch.9000ies VLAN Settings:

ORing Industrial Networking Corp

70

IGS-P9164 Series User Manual5.4.3 Private VLANA private VLAN contains switch ports that can only communicate with a given “uplink”. The restricted ports are called private ports. Each private VLAN typically contains many private ports and a single uplink. The switch forwards all frames received on a private port out the uplink port, regardless of VLAN ID or destination MAC address. A port must be a member of both a VLAN and a private VLAN to be able to forward packets. This page allows you to configure private VLAN memberships for the switch. By default, all ports are VLAN unaware and members of VLAN 1 and private VLAN 1.

Label Delete Private VLAN ID MAC AddressPort MembersAdding a New Static Entry

Description Check to delete the entry. It will be deleted during the next save. Indicates the ID of this particular private VLAN. The MAC address for the entry. A row of check boxes for each port is displayed for each private VLAN ID. You can check the box to include a port in a private VLAN. To remove or exclude the port from the private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked. Click Add new Private VLAN to add a new private VLAN ID. An empty row is added to the table, and the private VLAN can be configured as needed. The allowed range for a private VLAN ID is the same as the switch port number range. Any values outside this range are not accepted, and a warning message appears. Click OK to discard the incorrect entry, or click Cancel to return to the editing and make a correction. The private VLAN is enabled when you click Save. The Delete button can be used to undo the addition of new private VLANs.

ORing Industrial Networking Corp

71

IGS-P9164 Series User ManualA private VLAN is defined as a pairing of a primary VLAN with a secondary VLAN. A promiscuous port is a port that can communicate with all other private VLAN port types via the primary VLAN and any associated secondary VLANs, whereas isolated ports can communicate only with a promiscuous port.

Label Port Members

Description A check box is provided for each port of a private VLAN. When checked, port isolation is enabled for that port. When unchecked, port isolation is disabled for that port. By default, port isolation is disabled for all ports.

5.5 SNMPSNMP (Simple Network Management Protocol) is a protocol for managing devices on IP networks. It is mainly used network management systems to monitor the operational status of networked devices. In an event-triggered situation, traps and notifications will be sent to administrators.5.5.1 SNMP System Configurations

ORing Industrial Networking Corp

72

IGS-P9164 Series User Manual

Label Mode Version Read CommunityWrite Community Engine ID

Description Indicates existing SNMP mode. Possible modes include: Enabled: enable SNMP mode Disabled: disable SNMP mode Indicates the supported SNMP version. Possible versions include: SNMP v1: supports SNMP version 1. SNMP v2c: supports SNMP version 2c. SNMP v3: supports SNMP version 3. Indicates the read community string to permit access to SNMP agent. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed. The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table. Indicates the write community string to permit access to SNMP agent. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed. The field only suits to SNMPv1 and SNMPv2c. SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMPv3 community table. Indicates the SNMPv3 engine ID. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-‘F’s are not allowed. Change of the Engine ID will clear all original local users.

ORing Industrial Networking Corp

73

IGS-P9164 Series User Manual

Label Trap ModeTrap VersionTrap Community Trap Destination AddressTrap Destination IPv6 AddressTrap Authentication FailureTrap Link-up and Link-downTrap Inform Mode Trap Inform Timeout(seconds) Trap Inform Retry Times

Description Indicates existing SNMP trap mode. Possible modes include: Enabled: enable SNMP trap mode Disabled: disable SNMP trap mode Indicates the supported SNMP trap version. Possible versions include: SNMP v1: supports SNMP trap version 1 SNMP v2c: supports SNMP trap version 2c SNMP v3: supports SNMP trap version 3 Indicates the community access string when sending SNMP trap packets. The allowed string length is 0 to 255, and only ASCII characters from 33 to 126 are allowed. Indicates the SNMP trap destination addressProvides the trap destination IPv6 address of this switch. IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field (:). For example, in ‘fe80::215:c5ff:fe03:4dc7’, the symbol ‘::’ is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can only appear once. It also uses a following legally IPv4 address. For example, ‘::192.1.2.34’. Indicates the SNMP entity is permitted to generate authentication failure traps. Possible modes include: Enabled: enable SNMP trap authentication failure Disabled: disable SNMP trap authentication failure Indicates the SNMP trap link-up and link-down mode. Possible modes include: Enabled: enable SNMP trap link-up and link-down mode Disabled: disable SNMP trap link-up and link-down mode Indicates the SNMP trap inform mode. Possible modes include: Enabled: enable SNMP trap inform mode Disabled: disable SNMP trap inform mode Configures the SNMP trap inform timeout. The allowed range is 0 to 2147. Configures the retry times for SNMP trap inform. The allowed range is 0 to 255.

ORing Industrial Networking Corp

74

IGS-P9164 Series User Manual5.5.2 SNMP Community ConfigurationsYou can define access to the SNMP data on your devices by creating one or more SNMP communities. An SNMP community is the group that devices and management stations running SNMP belong to. It helps define where information is sent. A SNMP device or agent may belong to more than one SNMP community. It will not respond to requests from management stations that do not belong to one of its communities. This page allows you to configure SNMPv3 community table. The entry index key is Community.

Label DeleteCommunitySource IP Source Mask

Description Check to delete the entry. It will be deleted during the next save. Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the SNMP source address Indicates the SNMP source address mask

5.5.3 SNMP User ConfigurationsEach SNMP user has a specified username, a group to which the user belongs, authentication password, authentication protocol, privacy protocol, and privacy password. When you create a user, you must associate it with an SNMP group. The user then inherits the security model of the group. This page allows you to configure the SNMPv3 user table. The entry index keys are Engine ID and User Name.

Label Delete

Description Check to delete the entry. It will be deleted during the next save.

ORing Industrial Networking Corp

75

IGS-P9164 Series User Manual

Engine IDUser Name Security LevelAuthentication Protocol Authentication Password

An octet string identifying the engine ID that this entry should belong to. The string must contain an even number between 10 and 64 hexadecimal digits, but all-zeros and all-‘F’s are not allowed. The SNMPv3 architecture uses User-based Security Model (USM) for message security and View-based Access Control Model (VACM) for access control. For the USM entry, the usmUserEngineID and usmUserName are the entry keys. In a simple agent, usmUserEngineID is always that agent’s own snmpEngineID value. The value can also take the value of the snmpEngineID of a remote SNMP engine with which this user can communicate. In other words, if user engine ID is the same as system engine ID, then it is local user; otherwise it’s remote user. A string identifying the user name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the security model that this entry should belong to. Possible security models include: NoAuth, NoPriv: no authentication and none privacy Auth, NoPriv: Authentication and no privacy Auth, Priv: Authentication and privacy The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation. Indicates the authentication protocol that this entry should belong to. Possible authentication protocols include: None: no authentication protocol MD5: an optional flag to indicate that this user is using MD5 authentication protocol SHA: an optional flag to indicate that this user is using SHA authentication protocol The value of security level cannot be modified if the entry already exists, which means the value must be set correctly at the time of entry creation. A string identifying the authentication pass phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the allowed string length is 8 to 40. Only ASCII characters from 33 to 126 are allowed.

ORing Industrial Networking Corp

76

IGS-P9164 Series User Manual

Privacy Protocol Privacy Password

Indicates the privacy protocol that this entry should belong to. Possible privacy protocols include: None: no privacy protocol DES: an optional flag to indicate that this user is using DES authentication protocol A string identifying the privacy pass phrase. The allowed string length is 8 to 32, and only ASCII characters from 33 to 126 are allowed.

5.5.4 SNMP Group ConfigurationsAn SNMP group is an access control policy for you to add users. Each SNMP group is configured with a security model, and is associated with an SNMP view. A user within an SNMP group should match the security model of the SNMP group. These parameters specify what type of authentication and privacy a user within an SNMP group uses. Each SNMP group name and security model pair must be unique. This page allows you to configure the SNMPv3 group table. The entry index keys are Security Model and Security Name.

Label DeleteSecurity ModelSecurity Name Group Name

Description Check to delete the entry. It will be deleted during the next save. Indicates the security model that this entry should belong to. Possible security models included: v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). A string identifying the security name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. A string identifying the group name that this entry should belong to.

ORing Industrial Networking Corp

77

IGS-P9164 Series User ManualThe allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed.5.5.5 SNMP View ConfigurationsThe SNMP v3 View table specifies the MIB object access requirements for each View Name. You can specify specific areas of the MIB that can be accessed or denied based on the entries or create and delete entries in the View table in this page. The entry index keys are View Name and OID Subtree.

Label Delete View NameView TypeOID Subtree

Description Check to delete the entry. It will be deleted during the next save. A string identifying the view name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the view type that this entry should belong to. Possible view types include: Included: an optional flag to indicate that this view subtree should be included. Excluded: An optional flag to indicate that this view subtree should be excluded. Generally, if an entry’s view type is Excluded, it should exist another entry whose view type is Included, and its OID subtree oversteps the Excluded entry. The OID defining the root of the subtree to add to the named view. The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk (*).

5.5.6 SNMP Access ConfigurationsThis page allows you to configure SNMPv3 access table. The entry index keys are Group Name, Security Model, and Security Level.

ORing Industrial Networking Corp

78

IGS-P9164 Series User Manual

Label Delete Group NameSecurity ModelSecurity LevelRead View Name Write View Name

Description Check to delete the entry. It will be deleted during the next save. A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. Indicates the security model that this entry should belong to. Possible security models include: any: Accepted any security model (v1|v2c|usm). v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). Indicates the security model that this entry should belong to. Possible security models include: NoAuth, NoPriv: no authentication and no privacy Auth, NoPriv: Authentication and no privacy Auth, Priv: Authentication and privacy The name of the MIB view defining the MIB objects for which this request may request the current values. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed. The name of the MIB view defining the MIB objects for which this request may potentially SET new values. The allowed string length is 1 to 32, and only ASCII characters from 33 to 126 are allowed.

5.6 Traffic Prioritization

5.6.1 Storm ControlA LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in network configuration, or users issuing a denial-of-service attack can cause a storm. Storm control

ORing Industrial Networking Corp

79

IGS-P9164 Series User Manualprevents traffic on a LAN from being disrupted by a broadcast, multicast, or unicast storm on a port. In this page, you can specify the rate at which packets are received for unicast, multicast, and broadcast traffic. The unit of the rate can be either pps (packets per second) or kpps (kilopackets per second). Note: frames sent to the CPU of the switch are always limited to approximately 4 kpps. For example, broadcasts in the management VLAN are limited to this rate. The management VLAN is configured on the IP setup page.

Label Frame Type StatusRate

Description Frame types supported by the Storm Control function, including Unicast, Multicast, and Broadcast. Enables or disables the given frame type The rate is packet per second (pps), configure the rate as 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K, or 1024K. The 1 kpps is actually 1002.1 pps.

5.6.2 Port ClassificationQoS (Quality of Service) is a method to achieve efficient bandwidth utilization between devices by prioritizing frames according to individual requirements and transmit the frames based on their importance. Frames in higher priority queues receive a bigger slice of bandwidth than those in a lower priority queue.

ORing Industrial Networking Corp

80

IGS-P9164 Series User Manual

Label PortQoS ClassDP level

Description The port number for which the configuration below applies Controls the default QoS class All frames are classified to a QoS class. There is a one to one mapping between QoS class, queue, and priority. A QoS class of 0 (zero) has the lowest priority. If the port is VLAN aware and the frame is tagged, then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below. Otherwise the frame is classified to the default QoS class. PCP value: 0 1 2 3 4 5 6 7 QoS class: 1 0 2 3 4 5 6 7 If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default QoS class. The classified QoS class can be overruled by a QCL entry. Note: if the default QoS class has been dynamically changed, then the actual default QoS class is shown in parentheses after the configured default QoS class. Controls the default Drop Precedence Level

ORing Industrial Networking Corp

81

IGS-P9164 Series User Manual

PCP DEI Tag Class DSCP Based

All frames are classified to a DP level. If the port is VLAN aware and the frame is tagged, then the frame is classified to a DP level that is equal to the DEI value in the tag. Otherwise the frame is classified to the default DP level. If the port is VLAN aware, the frame is tagged, and Tag Class is enabled, then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag. Otherwise the frame is classified to the default DP level. The classified DP level can be overruled by a QCL entry. Controls the default PCP value All frames are classified to a PCP value. If the port is VLAN aware and the frame is tagged, then the frame is classified to the PCP value in the tag. Otherwise the frame is classified to the default PCP value. Controls the default DEI value All frames are classified to a DEI value. If the port is VLAN aware and the frame is tagged, then the frame is classified to the DEI value in the tag. Otherwise the frame is classified to the default DEI value. Shows the classification mode for tagged frames on this port Disabled: Use default QoS class and DP level for tagged frames Enabled: Use mapped versions of PCP and DEI for tagged frames Click on the mode to configure the mode and/or mapping Note: this setting has no effect if the port is VLAN unaware. Tagged frames received on VLAN-unaware ports are always classified to the default QoS class and DP level. Click to enable DSCP-based QoS Ingress Port Classification

5.6.3 Port Tag RemakingYou can set QoS egress queues on a port such as classifying data and marking it according to its priority and the policies. Packets will then travel across the switch’s internal paths carrying their assigned QoS tag markers. At the egress port, these markers are read and used to determine which queue each data packet is forwarded to. When the traffic does not conform to the conditions set in a policer command, you can remark the traffic.

ORing Industrial Networking Corp

82

IGS-P9164 Series User Manual

Label PortMode

Description The switch port number to which the following settings will be applied. Click on the port number to configure tag remarking Shows the tag remarking mode for this port Classified: use classified PCP/DEI values Default: use default PCP/DEI values Mapped: use mapped versions of QoS class and DP level

5.6.4 Port DSCPDSCP (Differentiated Services Code Point) is a measure of QoS. It can classify data packets by using the 6-bit DS field in the IP header so you can manage each traffic class differently and efficiently, thereby achieving optimized use of network bandwidth. DSCP-enabled routers on the network will read the DSCP value of the data packet and put the packet into different queues before transmission, such as high priority and most efficient transmission. With such QoS functions, you can ensure low-latency for critical traffic. This page allows you to configure DSCP settings for each port.

ORing Industrial Networking Corp

83

IGS-P9164 Series User Manual

Label Port IngressEgress

Description Shows the list of ports for which you can configure DSCP Ingress and Egress settings. In Ingress settings you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in Ingress: Translate: check to enable the function Classify: includes four values Disable: no Ingress DSCP classification DSCP=0: classify if incoming (or translated if enabled) DSCP is 0. Selected: classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP. All: classify all DSCP Port egress rewriting can be one of the following options: Disable: no Egress rewrite Enable: rewrite enabled without remapping Remap DP Unaware: DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value. The remapped DSCP value is always taken from the ‘DSCP Translation->Egress Remap DP0’ table.

ORing Industrial Networking Corp

84

IGS-P9164 Series User ManualRemap DP Aware: DSCP from the analyzer is remapped and the frame is remarked with a remapped DSCP value. Depending on the DP level of the frame, the remapped DSCP value is either taken from the ‘DSCP Translation->Egress Remap DP0’ table or from the ‘DSCP Translation->Egress Remap DP1′ table.5.6.5 Port PolicingPolicing is a traffic regulation mechanism for limiting the rate of traffic streams, thereby controlling the maximum rate of traffic sent or received on an interface. When the traffic rate exceeds the configured maximum rate, policing drops or remarks the excess traffic. This page allows you to configure Policer for all switch ports.Port Policing

Label Port Enable RateUnti Flow Control

Description The port number for which the configuration below applies Check to enable the policer for individual switch ports Configures the rate of each policer. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps or fps, and is restricted to 1 to 3300 when the Unit is Mbps or kfps. Configures the unit of measurement for each policer rate as kbps, Mbps, fps, or kfps. The default value is kbps. If Flow Control is enabled and the port is in Flow Control mode, then pause frames are sent instead of being discarded.

ORing Industrial Networking Corp

85

Queue Policing

IGS-P9164 Series User Manual

Label Port Enable(E)RateUnit

Description The port number for which the configuration below applies. Check to enable queue policer for individual switch ports Configures the rate of each queue policer. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and is restricted to 1 to 3300 when the Unit is Mbps. This field is only shown if at least one of the queue policers is enabled. Configures the unit of measurement for each queue policer rate as kbps or Mbps. The default value is kbps. This field is only shown if at least one of the queue policers is enabled.

5.6.6 Scheduling and ShapingPort scheduling can solve performance degradation during network congestions. The schedulers allow switches to maintain separate queues for packets from each source and prevent specific traffic to use up all bandwidth. This page allows you to configure Scheduler and Shapers for individual ports.

QoS Egress Port Scheduler and ShaperStrict PriorityStrict Priority uses queues based only priority. When traffic arrives the device, traffic on the highest priority queue will be transmitted first, followed by traffic on lower priorities. If there is always some content in the highest priority queue, then the other packets in the rest of queues will not be sent until the highest priority queue is empty. The SP algorithm is preferred when the received packets contain high priority data, such as voice and video.

ORing Industrial Networking Corp

86

IGS-P9164 Series User Manual

Label Scheduler Mode Queue Shaper EnableQueue Shaper RateQueues Shaper UnitQueue Shaper Excess Port Shaper Enable Port Shaper Rate

Description Two scheduling modes are available: Strict Priority or WeightedCheck to enable queue shaper for individual switch portsConfigures the rate of each queue shaper. The default value is 500. This value is restricted to 100 to 1000000 whn the Unit is kbps”, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures the rate for each queue shaper. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.Allows the queue to use excess bandwidthCheck to enable port shaper for individual switch ports Configures the rate of each port shaper. The default value is 500

ORing Industrial Networking Corp

87

IGS-P9164 Series User Manual

Port Shaper Unit

This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures the unit of measurement for each port shaper rate as kbps or Mbps. The default value is kbps.

WeightedWeighted scheduling will deliver traffic on a rotating basis. It can guarantee each queue’s minimum bandwidth based on their bandwidth weight when there is traffic congestion. Only when a port has more traffic than it can handle will this mode be activated. A queue is given an amount of bandwidth regardless of the incoming traffic on that port. Queue with larger weights will have more guaranteed bandwidth than others with smaller weights.

Label Scheduler Mode Queue Shaper Enable

Description Two scheduling modes are available: Strict Priority or WeightedCheck to enable queue shaper for individual switch ports

ORing Industrial Networking Corp

88

IGS-P9164 Series User Manual

Queue Shaper RateQueues Shaper UnitQueue Shaper Excess Queue Scheduler Weight Queue Scheduler Percent Port Shaper EnablePort Shaper RatePort Shaper Unit

Configures the rate of each queue shaper. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures the rate of each queue shaper. The default value is 500. This value is restricted to 100 to 1000000 when the Unit” is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps.Allows the queue to use excess bandwidthConfigures the weight of each queue. The default value is 17. This value is restricted to 1 to 100. This parameter is only shown if Scheduler Mode is set to Weighted. Shows the weight of the queue in percentage. This parameter is only shown if Scheduler Mode is set to Weighted. Check to enable port shaper for individual switch ports Configures the rate of each port shaper. The default value is 500. This value is restricted to 100 to 1000000 when the Unit is kbps, and it is restricted to 1 to 3300 when the Unit is Mbps. Configures the unit of measurement for each port shaper rate as kbps or Mbps. The default value is kbps.

5.6.7 Port SchedulerThis page provides an overview of QoS Egress Port Schedulers for all switch ports.

Label Port Mode Qn

Description The switch port number to which the following settings will be applied. Click on the port number to configure the schedulers Shows the scheduling mode for this port Shows the weight for this queue and port

ORing Industrial Networking Corp

89

IGS-P9164 Series User Manual5.6.8 Port ShapingPort shaping enables you to limit traffic on a port, thereby controlling the amount of traffic passing through the port. With port shaping, you can shape the aggregate traffic through an interface to a rate that is less than the line rate for that interface. When configuring port shaping on an interface, you specify a value indicating the maximum amount of traffic allowable for the interface. This value must be less than the maximum bandwidth for that interface.

Label Port Mode Q0~Q7

Description The switch port number to which the following settings will be applied. Click on the port number to configure the shapers Shows disabled or actual queue shaper rate – e.g. “800 Mbps” Shows disabled or actual port shaper rate – e.g. “800 Mbps”

5.6.9 DSCP Based QoSThis page allows you to configure DSCP-based QoS Ingress Classification settings for all ports.

ORing Industrial Networking Corp

90

IGS-P9164 Series User Manual

Label DSCPTrustQoS Class DPL

Description Maximum number of supported DSCP values is 64 Check to trust a specific DSCP value. Only frames with trusted DSCP values are mapped to a specific QoS class and drop precedence level. Frames with untrusted DSCP values are treated as a non-IP frame. QoS class value can be any number from 0-7. Drop Precedence Level (0-1)

5.6.10 DSCP TranslationThis page allows you to configure basic QoS DSCP translation settings for all switches. DSCP translation can be done in Ingress or Egress.

Label DSCPIngress

Description Maximum number of supported DSCP values is 64 and valid DSCP value ranges from 0 to 63. Ingress DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation 1. Translate: Enables ingress translation of DSCP values based on the specified classification method. DSCP can be translated to any of (0-63) DSCP values.

ORing Industrial Networking Corp

91

IGS-P9164 Series User Manual

Egress

2. Classify: Enable Classification at ingress side as defined in the QoS Port DSCP Configuration table. Configurable engress parameters include; Remap DP0: Re-maps DP0 field to selected DSCP value. DP0 indicates a drop precedence with a low priority. You can select the DSCP value from a selected menu to which you want to remap. DSCP value ranges form 0 to 63. Remap DP1: Re-maps DP1 field to selected DSCP value. DP1 indicates a drop precedence with a high priority. You can select the DSCP value from a selected menu to which you want to remap. DSCP value ranges form 0 to 63.

5.6.11 DSCP ClassificationThis page allows you to configure the mapping of QoS class and Drop Precedence Level to DSCP value.

Label QoS Class DPL DSCP

Description Actual QoS class Actual Drop Precedence Level Select the classified DSCP value (0-63)

5.6.12 QoS Control ListThis page shows all the QCE (Quality Control Entries) for a given QCL. You can edit or ad new QoS control entries in this page. A QCE consists of several parameters. These parameters vary with the frame type you select.

ORing Industrial Networking Corp

92

IGS-P9164 Series User Manual

Label Port Members Key ParametersAny Ethernet

Description Check to include the port in the QCL entry. By default, all ports are included. Key configurations include: Tag: value of tag, can be Any, Untag or Tag. VID: valid value of VLAN ID from 1 to 4095 Any: can be a specific value or a range of VIDs. PCP: Priority Code Point, can be specific numbers (0, 1, 2, 3, 4, 5, 6, 7), a range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or Any DEI: Drop Eligible Indicator, can be any of values between 0 and 1 or Any SMAC: Source MAC Address, can be 24 MS bits (OUI) or Any DMAC Type: Destination MAC type, can be unicast (UC), multicast (MC), broadcast (BC) or Any Frame Type can be the following values: Any, Ethernet, LLC, SNAP, IPv4, and IPv6 Note: all frame types are explained below. Allow all types of frames Valid Ethernet values can range from 0x600 to 0xFFFF or Any’ but

ORing Industrial Networking Corp

93

IGS-P9164 Series User Manual

LLC SNAP IPv4IPv6 Action Parameters

excluding 0x800(IPv4) and 0x86DD(IPv6). The default value is Any. SSAP Address: valid SSAP (Source Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is Any. DSAP Address: valid DSAP (Destination Service Access Point) values can range from 0x00 to 0xFF or Any. The default value is Any. Control Valid Control: valid values can range from 0x00 to 0xFF or Any. The default value is Any. PID: valid PID (a.k.a ethernet type) values can range from 0x00 to 0xFFFF or Any. The default value is Any. Protocol IP Protocol Number: (0-255, TCP or UDP) or Any Source IP: specific Source IP address in value/mask format or Any. IP and mask are in the format of x.y.z.w where x, y, z, and w are decimal numbers between 0 and 255. When the mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero. DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE, CS1-CS7, EF or AF11-AF43. IP Fragment: Ipv4 frame fragmented options include ‘yes’, ‘no’, and ‘any’. Sport Source TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Dport Destination TCP/UDP Port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Protocol IP protocol number: (0-255, TCP or UDP) or Any Source IP IPv6 source address: (a.b.c.d) or Any, 32 LS bits DSCP (Differentiated Code Point): can be a specific value, a range, or Any. DSCP values are in the range 0-63 including BE, CS1-CS7, EF or AF11-AF43. Sport Source TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Dport Destination TCP/UDP port: (0-65535) or Any, specific value or port range applicable for IP protocol UDP/TCP Class QoS class: (0-7) or Default Valid Drop Precedence Level value can be (0-1) or Default.

ORing Industrial Networking Corp

94

IGS-P9164 Series User ManualValid DSCP value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) or Default. Default means that the default classified value is not modified by this QCE.5.6.13 QoS CountersThis page provides the statistics of individual queues for all switch ports.

Label Port Qn Rx / Tx

Description The switch port number to which the following settings will be applied. There are 8 QoS queues per port. Q0 is the lowest priority The number of received and transmitted packets per queue

5.6.14 QCL StatusThis page shows the QCL status by different QCL users. Each row describes the QCE that is defined. It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations. The maximum number of QCEs is 256 on each switch.

Label User

Description Indicates the QCL user

ORing Industrial Networking Corp

95

IGS-P9164 Series User Manual

QCE# Frame Type Port ActionConflict

Indicates the index of QCE Indicates the type of frame to look for incoming frames. Possible frame types are: Any: the QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed. IPv4: the QCE will match only IPV4 frames. IPv6: the QCE will match only IPV6 frames. Indicates the list of ports configured with the QCE. Indicates the classification action taken on ingress frame if parameters configured are matched with the frame’s content. There are three action fields: Class, DPL, and DSCP. Class: Classified QoS; if a frame matches the QCE, it will be put in the queue. DPL: Drop Precedence Level; if a frame matches the QCE, then DP level will set to a value displayed under DPL column. DSCP: if a frame matches the QCE, then DSCP will be classified with the value displayed under DSCP column. Displays the conflict status of QCL entries. As hardware resources are shared by multiple applications, resources required to add a QCE may not be available. In that case, it shows conflict status as Yes, otherwise it is always No. Please note that conflict can be resolved by releasing the hardware resources required to add the QCL entry by pressing Resolve Conflict button.

5.7 Multicast

5.7.1 IGMP SnoopingIGMP (Internet Group Management Protocol) snooping monitors the IGMP traffic between hosts and multicast routers. The switch uses what IGMP snooping learns to forward multicast traffic only to interfaces that are connected to interested receivers. This conserves bandwidth by allowing the switch to send multicast traffic to only those interfaces that are connected to hosts that want to receive the traffic, instead of flooding the traffic to all interfaces in the VLAN. This page allows you to set up IGMP snooping configurations.

ORing Industrial Networking Corp

96

IGS-P9164 Series User Manual

Label Snooping Enabled Unregistered IPMCv4Flooding enabledRouter PortFast Leave

Description Check to enable global IGMP snoopingCheck to enable unregistered IPMC traffic floodingSpecifies which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Check to enable fast leave on the port

5.7.2 VLAN Configurations of IGMP SnoopingIf a VLAN is not IGMP snooping-enabled, it floods multicast data and control packets to the entire VLAN in hardware. When snooping is enabled, IGMP packets are trapped to the CPU. Data packets are mirrored to the CPU in addition to being VLAN flooded. The CPU then installs hardware resources, so that subsequent data packets can be switched to desired ports in hardware without going to the CPU. Each page shows up to 99 entries from the VLAN table, depending on the value in the Entries Per Page field. By default, the page will show the first 20 entries from the beginning of the VLAN table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table. The VLAN field allows the user to select the starting point in the VLAN Table. Clicking Refresh

ORing Industrial Networking Corp

97

IGS-P9164 Series User Manualwill update the displayed table starting from that or the next closest VLAN Table match. The >> button will use the last entry of the currently displayed entry as a basis for the next lookup. When the end is reached, the text No more entries is shown in the displayed table. Use the |<< button to start over.

LabelDeleteVLAN ID IGMP Snooping Enable IGMP Querier

Description Check to delete the entry. The designated entry will be deleted during the next save. The VLAN ID of the entry Check to enable IGMP snooping for individual VLAN. Up to 32 VLANs can be selected. Check to enable the IGMP Querier in the VLAN

5.7.3 IGMP Snooping StatusThis page provides IGMP snooping status.

ORing Industrial Networking Corp

98

IGS-P9164 Series User Manual

Label VLAN ID Querier Version Host Version Querier Status Querier Receive V1 Reports Receive V2 Reports Receive V3 Reports Receive V2 Leave Receive Refresh Clear Auto-refresh Port Status

Description The VLAN ID of the entry Active Querier version Active Host version Shows the Querier status as ACTIVE or IDLE The number of transmitted QuerierThe number of received V1 reportsThe number of received V2 reportsThe number of received V3 reportsThe number of received V2 leave packets Click to refresh the page immediately Clear all statistics counters Check to enable an automatic refresh of the page at regular intervals Switch port number Indicates whether a specific port is a router port or not

5.7.4 Groups Information of IGMP SnoopingInformation about entries in the IGMP Group Table is shown in this page. The IGMP Group Table is sorted first by VLAN ID, and then by group.

Label VLAN ID Groups Port Members

Description The VLAN ID of the group The group address of the group displayed Ports under this group

ORing Industrial Networking Corp

99

IGS-P9164 Series User Manual5.8 Security5.8.1 Remote Control Security ConfigurationsRemote Control Security allows you to limit remote access to the management interface. When enabled, requests of the client which is not in the allowed list will be rejected.

Label Port IP Address Web Telnet SNMP Delete

Description Port number of the remote client IP address of the remote client. 0.0.0.0 means “any IP”. Check to enable management via a Web interface Check to enable management via a Telnet interface Check to enable management via a SNMP interface Check to delete entries

5.8.2 Device BindingDevice binding is ORing’s proprietary technology which binds the IP/MAC address of a device with a specified Ethernet port. If the IP/MAC address of the device connected to the Ethernet port does not conform to the binding requirements, the device will be locked for security concerns. Device Binding also provides security functions via alive checking, streaming check, and DoS/DDoS prevention.

ORing Industrial Networking Corp

100

IGS-P9164 Series User Manual

Label

Description

Indicates the device binding operation for each port. Possible modes

are:

—: disable

Mode

Scan: scans IP/MAC automatically, but no binding function

Binding: enables binding. Under this mode, any IP/MAC that does

not match the entry will not be allowed to access the network.

Shutdown: shuts down the port (No Link)

Alive Check

Check to enable alive check. When enabled, switch will ping the

Active

device continually.

Indicates alive check status. Possible statuses are:

—: disable

Alive Check

Got Reply: receive ping reply from device, meaning the device is still

Status

alive

Lost Reply: not receiving ping reply from device, meaning the device

might have been dead.

Stream Check

Check to enable stream check. When enabled, the switch will detect

Active

the stream change (getting low) from the device.

Indicates stream check status. Possible statuses are:

Stream Check

—: disable

Status

Normal: the stream is normal.

Low: the stream is getting low.

DDoS Prevention Check to enable DDOS prevention. When enabled, the switch will

Acton

monitor the device against DDOS attacks.

Indicates DDOS prevention status. Possible statuses are:

DDoS Prevention Status

—: disable Analyzing: analyzes packet throughput for initialization Running: analysis completes and ready for next move

Attacked: DDOS attacks occur

Device IP Address Specifies IP address of the device

Device MAC Address

Specifies MAC address of the device

Advanced ConfigurationsAlias IP AddressThis page provides alias IP address configuration. Some devices might have more than one IP addresses. You could specify other IP addresses here.

ORing Industrial Networking Corp

101

IGS-P9164 Series User Manual

Label Alias IP Address

Description Specifies alias IP address. Keep 0.0.0.0 if the device does not have an alias IP address.

Alive CheckAlive Checking monitors the real-time status of the device connected to the port. live-checking packets will be sent to the device to probe if the device is running. If the switch receives no response from the device, actions will be taken according to your configurations.

Label Link Change Only log it Shunt Down the Port Reboot Device

Description Disables or enables the port Simply sends logs to the log server Disables the port Disables or enables PoE power

ORing Industrial Networking Corp

102

IGS-P9164 Series User ManualDDoS PreventionThe switch can monitor ingress packets, and perform actions when DDOS attack occurred on this port. When network traffic from a specific device increases significantly in a short period of time, the switch will lock the IP address of that device to protect the network from attacks. You can configure DDoS prevention on this page to achieve maximum protection.

Label Mode SensibilityPacket TypeSocket Number Filter Action

Description Enables or disables DDOS prevention of the port Indicates the level of DDOS detection. Possible levels are: Low: low sensibility Normal: normal sensibility Medium: medium sensibility High: high sensibility Indicates the types of DDoS attack packets to be monitored. Possible types are: RX Total: all ingress packets RX Unicast: unicast ingress packets RX Multicast: multicast ingress packets RX Broadcast: broadcast ingress packets TCP: TCP ingress packets UDP: UDP ingress packets If packet type is UDP (or TCP), please specify the socket number here. The socket number can be a range, from low to high. If the socket number is only one, please fill the same number in the low and high fields. If packet type is UDP (or TCP), please choose the socket direction (Destination/Source). Indicates the action to take when DDOS attacks occur. Possible

ORing Industrial Networking Corp

103

IGS-P9164 Series User Manual

Status

actions are: —: no action Blocking 1 minute: blocks the forwarding for 1 minute and log the event Blocking 10 minute: blocks the forwarding for 10 minutes and log the event Blocking: blocks and logs the event Shunt Down the Port: shuts down the port (No Link) and logs the event Only Log it: simply logs the event Reboot Device: if PoE is supported, the device can be rebooted. The event will be logged. Indicates the DDOS prevention status. Possible statuses are: —: disables DDOS prevention Analyzing: analyzes packet throughput for initialization Running: analysis completes and ready for next move Attacked: DDOS attacks occur

Device DescriptionThis page allows you to configure device description settings.

Label Device Type

Description Indicates device types. Possible types are: —: no specification

ORing Industrial Networking Corp

104

IGS-P9164 Series User Manual

report this ad

Location Address

References

[xyz-ips snippet=”download-snippet”]