Advanced

System

Management Access

Use the System Connectivity page to configure connection settings for the switch.

Configurable settings include:

  • Telnet — Enable to allow telnet connections on port 23.

  • HTTPS — Enable to require an HTTPS connection for the switch’s local interface. When enabled, you must type https:// before the IP address in your browser’s address bar.

  • SSH — Enable to allow SSH connections. You can specify the port to use and The Session Timeout, in seconds.

SNTP

Global Configuration

Use this page to configure the Simple Network Time Protocol (SNTP) to make the switch’s clock time accurate to the millisecond.

The SNTP server the switch synchronizes to is configured on the Server Configuration tab.

Configurable settings include:

  • Client Mode — Use the dropdown to determine how SNTP operates. Options include:

    • Unicast — Makes STNP operate in a point-to-point fashion. A unicast client sends a request to a designated server at its unicast address and expects a reply to determine the time, and potential round-trip delays to calculate an offset from the local time.

    • Broadcast — SNTP operates like it’s multicast but uses a local broadcast
      address instead of a multicast address. The broadcast address has a single subnet scope, while a multicast address has an internet-wide scope.

    • Disable — Disables the SNTP protocol on the switch.

  • Port — Enter a local UDP port to listen for responses and/or broadcasts.

  • Unicast Poll Interval (Seconds) — Enter the number of seconds between unicast poll requests, expressed as a power of two when configured in unicast mode.

  • Unicast Poll Timeout (Seconds) — Enter the number of seconds between broadcast poll requests, expressed as a power of two when configured in unicast mode. Broadcasts received prior to the expiry of the interval are discarded.

  • Broadcast Poll Timeout (Seconds) — Enter the maximum amount of time to wait for a poll to complete, between 1 - 30 seconds

  • Broadcast Delay Time (microseconds) — Enter the maximum amount of time the SNTP client needs to wait for a response from the server, bewteen 1000 -15000 microseconds.

  • Broadcast SNTP Server — Displays the SNTP server of broadcast.

  • Unicast Poll Retry — Enter the number of times to retry a request to an SNTP server after the first time-out before attempting to use the next configured server when configured in unicast mode.

  • Number of Servers Configured — Displays the number of SNTP servers configured on the Server Configuration tab.

Global Status

Use this page to view the SNTP server configuration of the switch.

Graphical user interface, text, application, email Description automatically generated

Server Configuration

Use this page to add SNTP servers and configure the priority of which server should be used first, and which should be used in case the servers with a higher priority cannot be contacted.

Use the Options () button to refresh the page, add, or select multiple servers to configure. Use the Action button to edit or delete an existing SNTP server.

Graphical user interface, application Description automatically generated

To add an SNTP server:

  1. Click Options (), then Add.

  2. Enter an SNTP Server Name or IP Address.

  3. Select an SNTP Server Type, meaning whether it’s an IPv4, IPv6, or DNS address.

  4. Enter a UDP Port the SNTP server to communicate on.

  5. Enter the Priority level that the SNTP server should be used. If it’s a fallback address in case the default SNTP server fails, enter 2.

  6. Enter the protocol Version number. The default is 4.

  7. Click Add, then Apply at the top of the page.

    Bubble chart Description automatically generated with low confidence

Server Status

Use this page to see the last updated time the switch has received from the configured SNTP server(s) and how many requests the switch has made to the server(s).

Graphical user interface, text, application, email Description automatically generated

Switching

IGMP Snooping

Configuration

Use this page to enable IGMP Snooping on the switch and view related counts.

Graphical user interface, text, application, chat or text message Description automatically generated

Configurable settings:

  • Enable — Enables/disables IGMP snooping on the switch.

  • Router Alert Check — Enable for the switch to inspect packets when they are being forwarded, even though the packet is not directly addressed to this switch.

Read-only fields:

  • Multicast Control Frame Count — The number of multicast frames the switch has processed.

  • VLANS Enabled for IGMP Snooping — The number of VLANs configured on the switch for IGMP snooping.

VLAN Status

Use this page to add VLANs to the IGMP configuration of the switch.

To configure a VLAN for IGMP snooping:

  1. Click Options (), then Add.

  2. Select a VLAN ID.

  3. Enable Fast Leave if the multicast streams are each more than half the available bandwidth of the switch port.

  4. The Max Response Code field displays the maximum time allowed before the switch sends a responding report. The default value is 100.

  5. Click Add, then Apply at the top of the page.
    Chart, bubble chart Description automatically generated with medium confidence

VLANs configured for IGMP Snooping appear at the bottom of the page.

Graphical user interface, text, application, email Description automatically generated

Multicast Router VLAN Configuration

Use this page to configure VLANs for multicast routing. When enabled, multicast routers learn which multicast groups are active by periodically checking with each member of the multicast group. Read Understanding Multicast & IGMP for more information about multicast groups.

To configure multicast routing:

  1. Use the Options () button to configure multiple ports or the Actions button to edit a single port.

  2. Select the VLAN ID(s) you want the port to act as the multicast router for, then click the right arrow to add them.

  3. Click Save, then Apply at the top of the page.
    Graphical user interface, application, Teams Description automatically generated

IGMP Snooping Querier

VLAN Configuration

Use this page to add VLANs that the switch should act as the IGMP querier for. To learn more about IGMP queriers, read Understanding Multicast & IGMP.

Caution: Only enable IGMP Snooping Querier on the switch where your IGMP topology starts, called the core IGMP switch. This IGMP querying switch asks each device on the network which multicast traffic they want.

To add a VLAN to the switch’s IGMP snooping querier configuration:

  1. Click the Options button (), then Add.

  2. Select a VLAN ID.

  3. Select the IGMP Version to use when making inquiries.

  4. The Querier VLAN IP Address is typically left at the default address (0.0.0.0), but it can be changed.

  5. For the Query Interval, enter the amount of time (in seconds) that the IGMP snooping querier should wait between sending periodic IGMP queries. The default value is 125.

  6. The Query Expiry Interval is the amount of time (in seconds) that the device remains in non-querier mode after it has discovered that there is a multicast querier in the network. The default value is 255.

  7. Click Add, then Apply at the top of the page.
    A picture containing graphical user interface Description automatically generated

Configured VLANs are listed at the bottom of the page.

Graphical user interface, text, application, email Description automatically generated

VLAN Status

Use this page to view information about the IGMP snooping querier status for all VLANs that have the snooping querier enabled.

Spanning Tree Protocol

Switch

Use this page to configure global Spanning Tree Protocol (STP) settings for the switch.

STP is a Layer 2 protocol that decides the best path for LAN traffic when multiple options exist, preventing network loops while guaranteeing redundancy in case of link failure. For more information about STP, read Understanding Spanning Tree Protocol (STP) & Best Practices.

Graphical user interface, text, application Description automatically generated

Configurable settings include:

  • Enable — Enables STP on the switch.

  • Force Protocol Version — Choose the STP version for the switch to use.

    • IEEE 802.1w (RTSP)— Rapid Spanning Tree Protocol (RSTP) behaves like classic STP but can also configure and recognize full-duplex connectivity and ports that are connected to end stations, resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notifications.

    • IEEE 802.1s (MSTP) — Multiple Spanning Tree Protocol (MSTP) includes all the advantages of RSTP and supports multiple spanning tree instances to efficiently channel VLAN traffic over different interfaces. MSTP is compatible with both RSTP and STP.

  • Configuration Name — Typically left alone, you can enter the name of the MSTP region. Each switch that participates in the same MSTP region must share the same Configuration Name, Configuration Revision Level, and
    MST-to-VLAN mappings

  • Configuration Revision Level — This number must be the same on all switches participating in the MSTP region.

MST

Use the MST Configuration page to view and configure the Multiple Spanning Tree Instances (MSTIs) on the device.

Multiple Spanning Tree Protocol (MSTP) allows the creation of MSTIs based upon a VLAN or groups of VLANs. Configuring MSTIs creates an active topology with a better distribution of network traffic and an increase in available bandwidth when compared to classic STP MST Port.

You can enable Auto Calculate Port Path Cost so the path cost from the port to the root bridge is automatically determined by the speed of the interface. If disabled, it must be configured manually.

Graphical user interface, text Description automatically generated

To add an MST instance:

  1. Click the Options button (), then Add.

  2. Enter a number for the MST ID.

  3. Enter a Priority value. This value affects the likelihood that the bridge is selected as the root bridge. A lower value increases the probability that the bridge is selected as the root bridge. For more information, read Understanding Spanning Tree Protocol (STP) & Best Practices for more information.

  4. Enter the VLAN ID(s) to map to the MST instance in the Associated VLANs field.

  5. Click Add, then Apply at the top of the page.
    A picture containing graphical user interface Description automatically generated

MST instances appear in the table at the bottom of the page.

Table field descriptions:

  • MST ID — Identifies the MST instance.

  • Priority — The bridge priority for the spanning-tree instance. This value affects the likelihood that the bridge is selected as the root bridge. A lower value increases the probability that the bridge is selected as the root bridge.

  • Associated VLANs — The number of VLANs that are mapped to the MSTI. This number does not contain any information about the VLAN IDs that are mapped to the instance.

  • Bridge Identifier — A unique value that is automatically generated based on the bridge priority value of the MSTI and the base MAC address of the bridge. When electing the root bridge for an MST instance, if the bridge priorities for multiple bridges are equal, the bridge with the lowest MAC address is elected as the root bridge.

  • Designated Root — The bridge identifier of the root bridge for the MST instance. The identifier is made up of the bridge priority and the base MAC address.

  • Root Path Cost — The path cost to the designated root for this MST instance. Traffic from a connected device to the root bridge takes the least-cost path to the bridge. If the value is 0, the cost is automatically calculated based on port speed.

  • Root Port — The port on the bridge with the least-cost path to the designated root for the MST instance.

MST Port

Use this page to view and configure the Multiple Spanning Tree (MST) settings for each interface on the device.

You must configure an MST instance on the MST tab before configuring an interface.

To configure MST for an interface:

  1. Select an MST ID from the dropdown.

  2. Click the Options button (), Edit, then select the Interface(s) and click Edit Selected. If you only want to edit a single port, click the Action button next to it, then click Edit.

  3. Click to select the settings you want to modify, Port Priority or Port Path Cost, then click Save.

Graphical user interface, text, application Description automatically generated

The MST Port Summary table displays information about the currently selected MST ID.

Graphical user interface, text, application, email Description automatically generated

Table field descriptions:

  • Interface — The port number.

  • Name — The name given to the port. Configurable on Settings > Ports > General > Port Summary page.

  • Port Role — The role of the port within the MST is one of the following:

    • Root — A port on the non-root bridge that has the least-cost path to the root bridge.

    • Designated — A port that has the least-cost path to the root bridge on its segment.

    • Alternate — A blocked port that has an alternate path to the root bridge.

    • Backup — A blocked port that has a redundant path to the same network segment as another port on the bridge.

    • Master — The port on a bridge within an MST instance that links the MST instance to other STP regions.

    • Disabled — The port is administratively disabled and is not part of the spanning tree.

  • Port Forwarding State — How traffic is flowing through the port. States include:

    • Blocking — Blocks the flow of traffic. When a device is first connected to a port, it enters the blocking state.

    • Learning — The port is relaying information from a high-priority BPDU to the other ports on the switch.

    • Disabled — Disables the port.

    • Err-disabled — Allows STP to block the flow of traffic when it detects a loop, or forward traffic to a port if the connection changes.

  • Port Priority - The bridge priority for the spanning-tree instance. This value affects the likelihood that the bridge is selected as the root bridge. A lower value increases the probability that the bridge is selected as the root bridge.

  • Port Path Cost — The path cost from the interface to the MST regional root.

CST

Use the CST Configuration page to configure the Common Spanning Tree (CST) settings. The settings and information on this page define the device within the spanning tree topology that connects all STP/RSTP bridges and MSTP regions.

Configurable settings include:

  • Bridge Priority — This value affects the likelihood that the bridge is selected as the root bridge. A lower value increases the probability that the bridge is selected as the root bridge. For more information, read Understanding Spanning Tree Protocol (STP) & Best Practices for more information.

  • Bridge Max Age — The amount of time a bridge waits before implementing a topological change.

  • Bridge Forward Delay — The amount of time a bridge remains in a listening and learning state before forwarding packets.

  • Spanning Tree Maximum Hops — The maximum number of hops a Bridge Protocol Data Unit (BPDU) is allowed to traverse within the spanning tree region before it is discarded.

  • BPDU Guard — When enabled, this feature can disable edge ports that receive BPDU packets. This prevents a new device from entering the existing STP topology, so devices that were originally not a part of STP are not allowed to influence the STP topology.
    Pro Tip: Do not enable this feature unless there’s a specific use case for it.

  • Spanning Tree TX Hold Count — The maximum number of BPDUs that a bridge is allowed to send within a hello time window.

  • Auto Calculate Port Path Cost — The path cost from the port to the root bridge is automatically determined by the speed of the interface. If disabled, it must be configured manually.

The bottom of the page provides general CST information.

Table Description automatically generated

CST Port

Use the CST Port page to view and configure the Common Spanning Tree (CST) settings for each port on the switch.

Graphical user interface, text, application, email Description automatically generated

Table field descriptions:

  • Interface — The port number.

  • Name — The name given to the port. Configurable on Settings > Ports > General > Port Summary page.

  • Port Mode — The role of the port within the CST, which is one of the following:

    • Root — A port on the non-root bridge that has the least-cost path to the root bridge.

    • Designated — A port that has the least-cost path to the root bridge on its segment.

    • Alternate — A blocked port that has an alternate path to the root bridge.

    • Backup — A blocked port that has a redundant path to the same network segment as another port on the bridge.

    • Master — The port on a bridge within an MST instance that links the MST instance to other STP regions.

    • Disabled — The port is administratively disabled and is not part of the spanning.

  • Port Forwarding State — How traffic is flowing through the port. States include:

    • Blocking — Blocks the flow of traffic. When a device is first connected to a port, it enters the blocking state.

    • Learning — The port is relaying information from a high-priority BPDU to the other ports on the switch.

    • Disabled — Disables the port.

    • Err-disabled — Allows STP to block the flow of traffic when it detects a loop, or forward traffic to a port if the connection changes.

  • Port Priority — The port’s location in the network topology and how well it’s situated to pass traffic.

  • Port Path Cost — The path cost from the interface to the CST regional root.

  • Action — Whether the port is permitting or denying traffic.

Click the Action button to edit a port’s priority.

Statistics

Use this page to view how many BPDUS have been transmitted and received on individual ports. Click the Options () button, then Refresh to get the latest statistics.

Graphical user interface, application Description automatically generated

Multicast Forwarding Database

Summary

Use this page for a summary of the multicast data collected by the switch. Click Options (), then Refresh to get the latest information.

Graphical user interface, application Description automatically generated

IGMP Snooping

Use this table to gather information about the IGMP snooping traffic collected by the switch.

Click Options (), then Refresh to get the latest information or click Clear to reset the table.

Graphical user interface, text, application, email Description automatically generated

Note: Not all multicast traffic is handled by IGMP snooping. Read Understanding Spanning Tree Protocol (STP) & Best Practices for more information.

Group Address

Use this table to see the multicast group addresses the switch has recorded. Click Options (), then Refresh to get the latest information.

Graphical user interface, text, application, email Description automatically generated

Statistics

Use this page to view multicast statistics the switch has gathered.

Graphical user interface, text, application, email Description automatically generated

Neighbors

LLDP

Global

Use this page to configure global Link Layer Discovery Protocol (LLDP) settings for the switch. LLDP is a generic protocol used to advertise the device’s capabilities to other devices on the network.

Graphical user interface, application Description automatically generated

Configurable settings include:

  • Transmit Interval (Seconds) — The number of seconds between LLDP transmissions.

  • Transmit Hold Multiplier — Multiply the value entered with the Transmit interval to determine the Time to Live (TTL) value that the switch advertises.

The TTL value is the number of network hops that a packet can take before it’s discarded by the router.

  • Re-Initialization Delay (Seconds) — The number of seconds to wait before attempting to reinitialize LLDP on a port after the port’s LLDP operating mode changes.

  • Notification Interval (Seconds) — The minimum number of seconds to wait between transmissions of SNMP trap notifications on the switch.

Interface Summary

Use this page to configure LLDP settings on individual ports.

Graphical user interface, table Description automatically generated

To configure LLDP on a port(s):

  1. Click the Options () button to edit multiple ports, or the Action button to edit an individual port.

  2. For Port ID Subtype, select if you’d like LLDP to advertise the port’s MAC address or the Interface Name.

  3. Enable or disable if the port can Transmit or Receive LLDP advertisements.

  4. Toggle Notification Enable on to let the port send LDDP notifications.

  5. Select a Notification Type. When Notification Enable is on, MIS is the only option.

  1. Enable Transmit Management Information so other remote management devices on the network can locate the switch.

  2. Select Optional TLV(s) for the switch to advertise.

  3. Click Save, then Apply at the top of the page.

Graphical user interface, text, application, chat or text message Description automatically generated

Local Devices

Use this page to gather LLDP information about the switchports.

Click the Actions button to get more information about the port.

Remote Devices

Use this page to view LLDP information collected by the device connected to the switch’s port.

Graphical user interface, text, application, chat or text message Description automatically generated

Click the Actions button to get more information about the connected device.

Graphical user interface, table Description automatically generated

Statistics

Use this page to view LLDP counts. Click Options (), then Refresh to get the most up-to-date information. Click Clear to reset the table.

LLDP-MED

Global

LLDP-MED is an extension of LLDP. MED stands for Media Endpoint Device and is typically used for voice over IP (VoIP).

LLDP and LLDP-MED cannot operate simultaneously. If a device receives LLDP packets it cannot send LLDP-MED packets until it receives LLDP-MED packets. Likewise, for LLDP.

Use this page to enter a value for the Fast Start Repeat Count. This is the number of LLDP-MED Protocol Data Units (PDUs) that can be transmitted.

Click Apply to save changes.

Graphical user interface, text, application, email Description automatically generated

Interface Summary

Use this page to configure LLDP-MED settings on individual ports.

Graphical user interface, application, email Description automatically generated

To configure LLDP-MED on a port(s):

  1. Click the Options () button to edit multiple ports, or the Action button to edit an individual port.

  2. Enable or disable LLDP-MED on the port.

  3. Select optional Transmit TLVs to advertise.

  4. Click Save, then Apply at the top of the page.

    Chart, bubble chart Description automatically generated

     

Local Devices

Use this page to gather LLDP-MED information about the switchports.

Graphical user interface, text, application, email Description automatically generated

Click the Actions button to get more information about the port.

Graphical user interface, application Description automatically generated

Remote Devices

Use this page to view LLDP-MED information collected by the device connected to the switch’s port.

Graphical user interface, text, application Description automatically generated

Click the Actions button to get more information about the port.

Graphical user interface, application, email, website Description automatically generated

Graphical user interface, text, application Description automatically generated

MAC Address Table

Use the page to see which MAC addresses the switch has recorded traffic from on a port(s) and which VLAN they’re a member of. Use the Options () button to refresh the page, or to select how many rows to display.

Pro Tip: Use the Filter By field to search for MAC addresses.

Table Description automatically generated

ARP Table

Summary

The ARP table displays MAC and IP address of devices that have communicated with the switch.

Use the Options () button to refresh the page or clear the table. Use the Action button to delete an individual entry.

Table fields include:

  • IP Address — The IP address of the device.

  • MAC Address — The MAC address of the device.

  • Interface — The VLAN ID associated with the device.

  • Type – The type of IP address the device is broadcasting. Dynamic or static. Devices with MAC reservations appear as dynamic.

  • Age – How long the switch has seen the connection to the device. (Days:Hours:Minutes:Seconds)

Configuration

Use this page to configure the ARP Table’s settings.

Graphical user interface, text, application Description automatically generated

Configurable settings include:

  • Age Time (Seconds) — The amount of time that a dynamic ARP entry remains in the ARP table before aging out.

  • Retries — The number of attempts the switch will send an ARP request if an ARP response isn’t received. This number includes the initial ARP request.

  • Dynamic Renew — Enable to allow the switch to automatically renew dynamic ARP entries when they age out.

Routing

Router

Configuration

Use this page to act configure the switch as a layer 3 device by routing packets between interfaces configured for IP routing.

Configurable options include:

  • Enable — Enables the routing feature globally on the switch.

  • ICMP Echo Replies — Enable to allow the device to send ICMP Echo Reply messages in response to ICMP Echo Request (ping) messages it receives.

  • ICMP Redirects — Enable to allow the device to send ICMP Redirect messages to hosts. An ICMP Redirect message notifies a host when a better route to a particular destination is available on the network segment.

  • Forward Net Directed Broadcasts — A network-directed broadcast is a broadcast directed to a specific subnet. Enable this feature to forward network-directed broadcasts. If disabled, network-directed broadcasts are dropped.

  • ICMP Rate Limit Interval — Enter the maximum burst interval for ICMP error messages transmitted by the switch. The rate limit for ICMP error messages is configured as a token bucket. The ICMP Rate Limit Interval specifies how often the token bucket is initialized with tokens of the size configured in the ICMP Rate Limit Burst Size field.

  • ICMP Rate Limit Burst Size — Enter the number of ICMP error messages that can be sent during the burst interval configured in the ICMP Rate Limit Interval field.

  • Static Route Preference — The default distance (preference) for static routes. Lower route-distance values are preferred when determining the best route. This value is used when using the CLI to configure a static route and no preference is specified. Changing the Static Route Preference does not update the preference of existing static routes.

  • Global Default Gateway — The gateway IP address that the switch uses. If the destination IP address in a packet does not match any routes in the routing table, the packet is sent to the default gateway. The gateway specified in this field is preferable to a default gateway learned from a DHCP server.

Interface Configuration

Use this page to enable and configure routing on specific interfaces. Each interface is disabled by default.

Use the Options () button to add a VLAN, or the Action button in an interface row to configure routing features.

Each row has a toggle to quickly enable or disable the interface.

A screenshot of a computer Description automatically generated with medium confidence

Configurable options include:

  • Type — The type of interface being configured.

  • Interface — The type of interface being configured. VLAN or Interface (port).

  • Routing Mode — Enable to use the routing feature on the interface.

  • Enable — Enables the port to forward traffic.

  • IP Address Configuration Method — Select the method that the interfaces obtain an IP Address. Options include:

    • None — The interface does not receive an IP address.

    • Manual — Select this option to use the fields below to configure the interface’s IP address and subnet mask.

    • DHCP —The interface automatically obtains an IP address from the DHCP server.

  • IP Address — Only available when the interface IP Address Configuration Method is set to Manual.

  • Subnet Mask — Only available when the interface IP Address Configuration Method is set to Manual.

  • Bandwidth — Configure the bandwidth on the interface. This setting communicates the speed of the interface to higher-level protocols.

  • Encapsulation Type — The link layer encapsulation type for packets transmitted from the interface. Ethernet is the only option.

  • Destination Unreachables — When enabled, the interface is allowed to send ICMP Destination Unreachable message to a host if the intended destination cannot be reached. If this option is clear, the interface does not send ICMP Destination Unreachable messages.

  • ICMP Redirects — When enabled, the interface is allowed to send ICMP Redirect messages to notify a host when a better route to a particular destination is available on the network segment. ICMP Redirects must be enabled both globally, and on the interface, to work.

IP Routing

Route Table

Use this table to view routes on the switch. Use the Options () button to refresh the page.

A screenshot of a computer Description automatically generated with medium confidence

Configured Routes

Use this page to view and configure routes on the switch. Click the Options () button to add a new route.

A screenshot of a computer Description automatically generated with low confidence

Configurable settings include:

  • Route Type — Select one of the following routes to configure:

    • Default — The route the device uses to send a packet if the routing table does not contain a longer matching prefix for the packet's destination. The routing table can contain only one default route.

    • Static — A manually added route.

    • Static Reject — A route where packets that match the route are discarded instead of forwarded. The device might send an ICMP Destination Unreachable message.

  • Network Address — Enter the IP route prefix for the destination network. This IP address must contain only the network portion of the address and not the host bits. When adding a default route, this field must be 0.0.0.0.

  • Subnet Mask — Enter the IP subnet mask (also known as the network mask or netmask) associated with the network address. The subnet mask defines which portion of an IP address belongs to the network prefix, and which portion belongs to the host identifier. When adding a default route, this field must be 0.0.0.0.

  • Next Hop IP Address — Enter the outgoing router IP address to use when forwarding traffic to the next router (if any) in the path toward the destination. The next router is always an adjacent neighbor or the IP address of the local interface for a directly attached network. When adding a static reject route, this field must be 0.0.0.0 because the packets are dropped rather than forwarded.

  • Preference — Enter a preference value for the route. A lower preference value is a more preferred route. When the routing table has more than one route to the same network, the device selects the route with the lowest route preference.

IP Route Summary

This page displays a summary of the IP routes and route table counters the switch has collected.

A screenshot of a computer Description automatically generated with medium confidence

QoS

ACL Rules

Summary

Use this page to configure Access Command List (ACL) Rules. Access Control Lists (ACLS) make sure that only authorized users have access to specific resources and block unwanted attempts by filtering packets based on rules. ACLs are used to control traffic flow, restrict the contents of routing updates, decide which types of traffic to block or forward, and provide network security.

To add an ACL rule:

  1. Click Options (), then Add.

  2. Select an ACL Type:

    • IPv4 Standard - Match criteria is based on the source address of IPv4 packets.

    • IPv4 Extended - Match criteria can be based on the source and destination addresses, source and destination Layer 4 ports, and protocol type of IPv4 packets. The ACL identifier can be an alphanumeric name instead of a number, known as IPv4 Named in other switches.

  1. Enter a number for the ACL ID.

  2. Click Add, then Apply at the top of the page.
    Chart, bubble chart Description automatically generated

Interfaces

Use this page to add an ACL rule to a port(s).

To add an ACL rule to a port:

  1. Click Options (), then Add.

  2. Select the Interface (port) to apply the ACL rule to.

  3. Select Inbound as the Direction, if the packets should be checked against the ACL rules when the port(s) receives it. Do not select Inbound if the packets should be checked when the packets are exiting the port(s).

  4. Select the ACL Identifier of the ACL rule to apply to the port(s).

  5. Click Add, then Apply at the top of the page.

Chart, bubble chart Description automatically generated

ACL Configuration

IPv4 Standard

Use this page to configure IPv4 Standard ACLs. Click the Options () button to edit multiple ACLs or the Actions button to edit a single ACL.

Graphical user interface, application Description automatically generated

Configurable settings include:

  • Perform Action — The action to take when a packet or frame matches the criteria in the rule:

    • Permit — The packet or frame is forwarded.

    • Deny — The packet or frame is dropped.

    • Redirect — Redirect to interface.

    • Copy-to-cpu - Configures the copying of protocol control packets to control plane CPU.

    • Drop Copy-to-cpu - Copies TCP protocol control packets to control plane CPU without switching packets.

  • Redirect — The port(s) the ACL redirects to.

  • Source IP Address — The source port IP address in the packet and source IP mask (in the second field) to compare to the IP address in a packet header or string 'ANY' (default).

  • Source IP Mask — An IP Mask for the source or string 'ANY' (default).

  • Destination IP Address — The destination port IP address in the packet and destination IP mask (in the second field) to compare to the IP address in a packet header or string 'ANY' (default).

  • Destination IP Mask — An IP Mask for the destination or string 'ANY' (default).

  • Remark — Use remarks as a keyword to make ACLs easier to understand in network scans. Accepts alpha-numeric and special characters (-, _, and space). The remark can be up to 100 characters and is case-sensitive.

IPv4 Extended

Use this page to configure IPv4 Extended ACLs. Click the Options () button to edit multiple ACLs or the Actions button to edit a single ACL.

Graphical user interface, text, application, email, Teams Description automatically generated

Configurable settings include:

  • Perform Action — The action to take when a packet or frame matches the criteria in the rule:

    • Permit — The packet or frame is forwarded.

    • Deny — The packet or frame is dropped.

    • Redirect — Redirect to interface.

    • Copy-to-cpu - Configures the copying of protocol control packets to control plane CPU.

    • Drop Copy-to-cpu - Copies TCP protocol control packets to control plane CPU without switching packets.

  • Redirect — The port(s) the ACL redirects to.

  • Source IP Address — The source port IP address in the packet and source IP mask (in the second field) to compare to the IP address in a packet header or string 'ANY' (default).

  • Source IP Mask — An IP Mask for the source or string 'ANY' (default).

  • Destination IP Address — The destination port IP address in the packet and destination IP mask (in the second field) to compare to the IP address in a packet header or string 'ANY' (default).

  • Protocol — The IANA-assigned protocol to match within the IP packet.

  • IGMP Type — The IP ACL rule to match on the specified IGMP type. This option is available only if the protocol is IGMP.

  • ICMP Type — The IP ACL rule to match on the specified ICMP type. This option is available only if the protocol is ICMP.

  • ICMP Code — The IP ACL rule to match on the specified ICMP code. This option is available only if the protocol is ICMP.

  • TCP Flags — The IP ACL rule to match on the TCP flags. This option is available only if the protocol is TCP.

  • IP TOS — Matches on the Type of Service (TOS) in the IP header.