Ruijie Reyee RG-NBS Series Switches

ReyeeOS 2.248

Web-based Configuration Guide

Document Version: V1.0

Date: October 19, 2023
Copyright © 2023 Ruijie Networks
Copyright
Copyright © 2023 Ruijie Networks

All rights are reserved in this document and this statement.

Any reproduction, excerption, backup, modification, transmission, translation or commercial use of this document
or any portion of this document, in any form or by any means, without the prior written consent of Ruijie Networks
is prohibited.

Trademarks including , are owned by Ruijie Networks.

All other trademarks or registered trademarks mentioned in this document are owned by their respective owners.

Disclaimer
The products, services, or features you purchase are subject to commercial contracts and terms. Some or all of
the products, services or features described in this document may not be within the scope of your purchase or
use. Unless otherwise agreed in the contract, Ruijie Networks does not make any express or implied statement
or guarantee for the content of this document.

Due to product version upgrades or other reasons, the content of this document will be updated from time to
time. Ruijie Networks reserves the right to modify the content of the document without any notice or prompt.

This manual is for reference only. Ruijie Networks endeavors to ensure content accuracy and will not shoulder
any responsibility for losses and damages caused due to content omissions, inaccuracies or errors.
 Preface
Intended Audience
This document is intended for:

 Network engineers

 Technical support and servicing engineers

 Network administrators

Technical Support
 Official website of Ruijie Reyee: https://www.ruijienetworks.com/products/reyee

 Technical Support Website: https://ruijienetworks.com/support

 Case Portal: https://caseportal.ruijienetworks.com

 Community: https://community.ruijienetworks.com

 Technical Support Email: [email protected]

Conventions
1. GUI Symbols
Interface
Description Example
symbol

1. Button names
1. Click OK.
2. Window names, tab name, field name and
Boldface 2. Select Config Wizard.
menu items
3. Click the Download File link.
3. Link

> Multi-level menus items Select System > Time.

2. Signs
The signs used in this document are described as follows:

Warning

An alert that calls attention to important rules and information that if not understood or followed can result in
data loss or equipment damage.

Caution

An alert that calls attention to essential information that if not understood or followed can result in function
failure or performance degradation.

Note

An alert that contains additional or supplementary information that if not understood or followed will not lead to
serious consequences.

Specification

An alert that contains a description of product or version support.

I
3. Note
The manual offers configuration information (including model, description, port type, software interface) for
indicative purpose only. In case of any discrepancy or inconsistency between the manual and the actual version,
the actual version prevails.

II
Web-based Configuration Guide Login

1 Login
1.1 Configuration Environment Requirements
1.1.1 PC

 Google Chrome, Internet Explorer 9.0, 10.0, and 11.0, and some Chromium/Internet Explorer kernel-based
browsers (such as 360 Extreme Explorer) are supported. Exceptions such as garble characters or format
error may occur if an unsupported browser is used.

 1024 x 768 or a higher resolution is recommended. If other resolutions are used, the page fonts and formats
may not be aligned, the GUI is less artistic, or other exceptions may occur.

1.2 Logging in to the Web Interface

1.2.1 Connecting to the Device

Use a network cable to connect the switch port to the network port of the PC, and configure an IP address for
the PC that is on the same network segment as the default IP of the device to ensure that the PC can ping
through the switch. For example, set the IP address of the PC to 10.44.77.100.

Table 1-1 Default settings

Feature Default Value

Device IP Address 10.44.77.200

A username is not required when you log in for the

Password
first time. The default password is admin.

1.2.2 Logging in to the Web Interface

(1) Enter the IP address (10.44.77.254 by default) of the device in the address bar of the browser to open the
login page.

Note

If the static IP address of the device is changed, or the device dynamically obtains a new IP address, the new
IP address can be used to access the web management system of the device as long as the PC and the
device are on the same LAN, and their IP addresses are in the same network segment.

(2) Enter the password and click Log In to open the homepage of the web management system.

1
Web-based Configuration Guide Login

You can use the default password admin to log in to the device for the first time. For security purposes, you are
advised to change the default password as soon as possible after logging in, and to regularly update your
password thereafter.

If you forget the Device IP address or password, hold down the Reset button on the device panel for more than
5s when the device is connected to the power supply to restore factory settings. After restoration, you can use
the default IP address and password to log in.

Caution

Restoring factory settings will delete all configurations of the device. Therefore, exercise caution when
performing this operation.

1.2.3 Frequently-Used Controls on the Web Interface

2
Web-based Configuration Guide Login

Table 1-2 Frequently-Used Controls on the Web Interface

Control Description

Local Device: Allows you to configure all functions of the

local device.

Network: Allows you to configure common functions of all

wired and wireless Reyee products in batches in an ad hoc
network.

The navigation bar is arranged horizontally on the top when

the device acts as a slave device, and vertically on the left
when the device acts as a master device.

Click it to change the language.

Click it to log in to the MACC for remote O&M through the

URL or by scanning the QR code.

Click it to access the network setup wizard.

Click it to log out of the web management system.

Click Add or Batch Add to add one or more table entries in

the dialog box that appears. After adding the table entries, you
can view the added table entries on this page.

Click it to delete the selected table entries in batches.

Quickly locate the table entry you want to find through the
drop-down list or by entering a keyword.

Click them to edit, delete, or bind a table entry.

If the toggle switch is displayed in gray and the button is on

the left, the related function is disabled. If the toggle switch is
displayed in blue and the button is on the right, the related
function is enabled.

Update data on the current page.

Set the number of table entries displayed on a page. Click a

page number or specify the page number to go to the
corresponding page.

3
Web-based Configuration Guide Login

1.3 Quick Setup

1.3.1 Configuration Preparations

Connect the device to the power supply, and connect the device port to an uplink device with a network cable.

1.3.2 Procedure

1. Adding Device to Network

By default, users can perform batch settings and centralized management of all devices in the network.
Therefore, before starting configuration, you need to check and confirm the number of online devices and
network status in the network.

Note

Under normal circumstances, when multiple new devices are powered on and connected, they will be
automatically interconnected into a network, and the user only needs to confirm that the number of devices is
correct.

If there are other devices in the network that are not added to the current network, you can click Add to My
Network and enter the management password of the added device to manually add the corresponding device
to the network where the device is located, and then start the network-wide configuration.

2. Creating a Web Project

Click Start Setup to set the networking modes and management password of the device.
(1) Network Name: Identify the network where the device is located.

(2) Internet: Select the networking mode.

○ DHCP: An IP address is assigned to the device by the uplink DHCP server. By default, the device detects
whether the IP address can be dynamically obtained. If the IP address is obtained successfully, there is

4
Web-based Configuration Guide Login

no need to manually set the IP address.

○ Static IP: The user manually enter a specified IP address, subnet mask, gateway IP address, and DNS
address.

(3) Management Password: Set the password for logging in to the management page.

(4) Country/Region: Select the country or region where the device is located.

(5) Time Zone: Set the system time. The network time server is enabled to provide time services by default.
Please select your actual time zone.

Click Create Network & Connect to deliver related configuration for initialization and detect the network. After
completing the quick setup, the new device is connected to the Internet, and you can continue to bind the device
to the cloud account for remote management. For specific operations, please refer to the instructions on the page
to log in to Ruijie Cloud for configuration.

Note

● Click Exit in the upper right corner and follow prompts to perform operations. Then, the device can skip
quick setup to go to the web interface. To configure again after exiting or completing the quick configuration,
click the sign in the navigation bar at the top of the web page.
● After changing the management password, you need to re-visit the device management address and use
the new password to log in to the device.

1.3.3 Procedure for Configuring Hot Standby (VCS)

The VCS (Virtual Chassis System) is a feature that provides virtualization and clustering capabilities for switches.
VCS technology allows multiple physical switches to form a logically unified device, creating a virtual switch
stack. This stack is treated as a single entity with shared management and data planes.

Hot standby can improve data forwarding reliability when an NBS switch is used as the core switch. By stacking
two switches and automatically switching to the standby switch when the active switch fails, hot standby ensures
uninterrupted data forwarding in the event of a single point of failure.

Caution
Hot standby is supported only on NBS7006 and NBS7003 series switches.
Only two switches are supported to form a hot standby group.

5
Web-based Configuration Guide Login

When multiple switches are configured, select 10GE interfaces as hot standby interfaces to connect the
member switches.
Stacking: refers to physically connecting multiple switches with stack cables, allowing them to operate as a
single logical unit for data forwarding.

(1) Enter the default IP address 10.44.77.200 in the address bar of your browser to go to the web management
interface of the NBS switch. Click the Hot Standby tab (or click Configure in the red box below if the
switch is not yet configured).

(2) Click Start Setup.

(3) Connect both switches using a network cable on their 10GE interfaces. Then, choose Dual-Device Config,
and click Next.

6
Web-based Configuration Guide Login

(4) Select the active switch and click Next.

(5) Select the standby switch.
(6) Select the hot standby interfaces. You are advised to select two adjacent interfaces on a switch, and can
select up to four interfaces on each device for hot standby. These hot standby interfaces must be 10GE
interfaces. By default, the active switch has a priority of 200, while the standby switch has a priority of 100.
If the priority is changed, a switch with a higher priority will become the active switch.

(7) Then, click Next. Use a 10GE cable to connect the hot standby interfaces that you have selected. (The
following figure shows an example of connecting Interface 49 of Device 1 to Interface 49 of Device 2.)

7
Web-based Configuration Guide Login

(8) After the cables are connected, proceed as prompted, and wait for the device to reboot successfully.

Caution

To delete the hot standby configuration, ensure that the network cable connecting the hot standby interfaces is
disconnected. Failure to do so may result in a loop that can cause network disconnection.

1.4 Work Mode

The device supports two work modes: Standalone and Self-Organizing Network. It works in Self-Organizing
Network mode by default. The system presents different menu items based on the work mode. To modify the
work mode, see Switching the Work Mode.

Self-Organizing Network: After the self-organizing network discovery function is enabled, the device can be
discovered in the network and discover other devices in the network. Devices network with each other based on
the device status and synchronize global configuration. You can log in to the Web management page of the
device to check management information about all devices in the network. After self-organizing network
discovery is enabled, users can maintain and manage the current network more efficiently. You are advised to
keep this function enabled.

When the device is in self-organizing network mode, the Web page has two configuration modes: the network
mode and the local device mode. For more information, see Switching the Management Mode.

Standalone mode: If the self-organizing network discovery function is disabled, the device will not be
discovered in the network. After logging in to the Web page, you can configure and manage only the currently
logged in device. If only one device is configured or global configuration does not need to be synchronized to
the device, you can disable the self-organizing network discovery function.

8
Web-based Configuration Guide Login

1.5 Switching the Management Mode

In standalone mode, you can configure and manage only the current logged in device without self-organizing
network function. As shown in

In self-organizing network mode, the Web page has the network mode and the local device mode. Click the
Currently in Network mode in the navigation bar and select the desired mode from the drop-down list box.

 The network mode: Display the management information of all devices in the network and configure all
devices in the current network from the network-wide perspective. As shown in;

 The local device mode: Only configure the device that you log in to. As shown in.

Figure 1-1 The Web Interface in Standalone Mode

9
Web-based Configuration Guide Login

Figure 1-2 The Web Interface in Network Mode in Self-Organizing Mode

Figure 1-3 The Web Interface in Local Device Mode in Self-Organizing Mode

10
Web-based Configuration Guide Network management

2 Network management
2.1 Overviewing Network Information
In network mode, the Overview page displays the current network topology, uplink and downlink real-time traffic,
network connection status, and number of users and provides short-cut entries for configuring the network and
devices. Users can monitor and manage the network status of the entire network on the page.

2.2 Viewing Networking Information

Choose Network > Overview.

The networking topology contains information about online devices, connected port numbers, device SNs, and
uplink and downlink real-time traffic.

11
Web-based Configuration Guide Network management

 Click a traffic data item to view the real-time total traffic information.

 Click a device in the topology to view the running status and configuration of the device and configure device

functions. By default, the product model is used as the device name. Click to modify the device name
so that the description can distinguish devices from one another.

12
Web-based Configuration Guide Network management

 The update time is displayed in the lower-left corner of the topology view. Click Refresh to update the
topology to the latest state. It takes some time to update the topology data. Please wait patiently.

13
Web-based Configuration Guide Network management

2.3 Adding Networking Devices

2.3.1 Wired Connection

(1) When a new device connects to an existing device on the network, the system displays the message "A
device not in SON is discovered." and the number of such devices in orange under "Devices" on the upper-
left corner of the Overview page. You can click Manage to add this device to the current network.

(2) After the system switches to the Network List page, click Other Network. In the Other Network section,
select the device to be added to the network and click Add to My Network.

14
Web-based Configuration Guide Network management

(3) You do not need to enter the password if the device to add is newly delivered from factory. If the device has
a password, enter the configuring password of the device. Device addition fails if the password is incorrect.

2.3.2 AP Mesh
If the AP supports the AP Mesh (Reyee Mesh) function, you do not need to connect cables after powering on
the AP. The AP can be added to the current network in Reyee Mesh mode, establish a mesh networking with
other wireless devices, and automatically synchronize Wi-Fi configuration.

15
Web-based Configuration Guide Network management

Caution

To scan the AP, the Reyee Mesh function must be enabled on the current network. (For details, see 0.) The AP
should be powered on nearby. It may fail to be scanned in case of long distance or obstacle blocking.

(1) Place the powered new AP near an existing AP, where the new AP can receive Wi-Fi signals from the existing
AP. Log in to a device in the network. On the Overview page, click +AP in the upper-right corner of the
topology to scan nearby APs that do not belong to the current network and are not connected to a network
cable.

(2) Select the target AP to add it to the current network. You do not need to enter the password if the device to
add is new. If the device has a password, enter the management password of the device.

2.4 Managing Networking Devices

On the Overview page, click List in the upper-left corner of the topology or click Devices in the menu bar to
switch to the device list view. Then, you can view all the device information in the current networking. Users only
need to log in to one device in the network to configure and manage devices in the entire network.

16
Web-based Configuration Guide Network management

 Click the device SN to configure the specified device separately.

 Check offline devices and click Delete Offline Devices to remove them from the list and networking topology.

17
Web-based Configuration Guide Network management

2.5 Configuring the Service Network

The wireless and wired network configurations of the current network are displayed in the lower-left of the
Overview page. Click Setup to switch to the service network configuration page (or click Network > Network
Planning).

2.5.1 Configuring the Wired Network

(1) Click Add Wired VLAN to add wired network configuration, or select an existing wired VLAN and click Setup
to modify its configuration.

(2) Configure a VLAN for wired access, specify the address pool server for access clients in this VLAN, and
determine whether to create a new DHCP address pool. A switch or gateway device can be selected as the
address pool server. After setting the service parameters, click Next.

18
Web-based Configuration Guide Network management

(3) Select the switch to configure in the topology, select the switch ports added to this VLAN, and click Next.

(4) Confirm that the configuration items to be delivered are correct and then click Save. Wait a moment for the
configuration to take effect.

19
Web-based Configuration Guide Network management

2.5.2 Configuring the Wireless Network

(1) Click Add Wi-Fi VLAN to add wireless network configuration, or select an existing Wi-Fi VLAN and click
Setup to modify its configuration.

(2) Set the Wi-Fi name, Wi-Fi password, and applicable bands. Click Next.

20
Web-based Configuration Guide Network management

(3) Configure a VLAN for wireless access, specify the address pool server for access clients in this VLAN, and
determine whether to create a new DHCP address pool. A switch or gateway device can be selected as the
address pool server. After setting the service parameters, click Next.

(4) Confirm that the configuration items to be delivered are correct and then click Save. Wait a moment for the
configuration to take effect.

21
Web-based Configuration Guide Network management

2.6 Processing Alerts

Choose Network > Overview.

If a network exception occurs, alert message on this exception and the corresponding solution are displayed on
the Overview page. Click the alert message in the Alert Center section to view the faulty device, problem details,
and its solution. Troubleshoot and process the alert according to the solution.

22
Web-based Configuration Guide Network management

2.7 Viewing Online Clients

The Clients in the upper-left corner of the Overview page displays the total number of online clients in the
current network; moving the cursor to the number of users will display the number of current wired users, wireless
users in the 2.4GHz band, and wireless users in the 5GHz band.

Click to switch to the online clients page (or click Clients > Online Clients).

23
Web-based Configuration Guide Network management

Table 2-1 Description of Online Client Information

Field Description

Indicate the name and access type of the client. The access type can be wireless
Username/Type
or wired.

Indicate the SN of the device that the user accesses to. You can click it to view the
Access Location
access port during wired access.

IP/MAC The IP address and the MAC address of the client.

Current Rate Indicate the uplink and downlink data transmission rates of the client.

Wireless network information associated with wireless clients, including channel,

Wi-Fi
signal strength, online time, negotiation rate, etc.

2.8 Smart Device Network

Caution

Currently, the function is supported by RG-NBS6002 Series, RG-NBS7003 Series and RG-NBS7006 Series
devices.

2.8.1 Overview

The smart device network is used to quickly plan and set up an isolation network for smart clients, so as to
isolate the client network from the normal service network and other types of clients, and improve the stability of
the network. The smart device network supports rapid identification of various types of clients (such as cameras,
access control, background broadcasting, smart charging piles, etc.) and batch execution of isolation planning

24
Web-based Configuration Guide Network management

on clients. Compared with traditional client network planning and deployment steps, it eliminates the tedious
process, collects information and simplifies the steps to set up client isolation.

After setting up the smart device network, the page visually displays client information, and actively alerts
abnormality, which can effectively improve the efficiency of troubleshooting.

2.8.2 Procedure

Choose Network > Clients > Smart Device Network.

(1) Click Identify Client.

(2) Click +Client Subnet, enter the client type (which can be selected or customized in the drop-down box), the
network segment of the client, the planned number and the corresponding server IP address to identify the
client. Multi-type client network segments can be set. Click Identify Client after filling in.

(3) Display the identified client and client server information, including IP address, MAC address, SN number of
the connected switch and connection port. Click to view the detailed information. If the connection information
to the client server is not identified, you need to click Configure and fill in the relevant information manually.
After confirming that the client device information is correct, click Isolate Client.

25
Web-based Configuration Guide Network management

(4) Input the name of the VLAN, VLAN ID, gateway address, and subnet mask of the isolated client. Check the
target network segment and click Generate Config.

(5) After confirming the configuration, click Deliver Config. If you need to modify it, you can click Previous to
return to the setting page.

26
Web-based Configuration Guide Network management

(6) The page displays that the configuration has been delivered successfully, indicating that the settings have
been completed. Click the configuration item to view the configuration delivery details. After the configuration
is delivered, click View Details to switch to the page that displays monitoring information of the smart device
network; click Add Client to continue setting the client network segment.

(7) After completing the smart device network settings, you can view the client monitoring information on the
page, including client online status, connection information, device information, and online and offline time.

Select the client entry and click Delete Client to remove the specified client from the current network.

Click Batch Edit Hostnames to import a txt file containing client IP and client name (one line for each client,
each line contains an IP and a name, and the IP and the name are separated by the Tab key), and modify
the client names in batches.

Click Client Subnet to modify servers and isolate VLAN information, or add a new client network segment.

Click Delete Subnet to delete the corresponding smart device network configuration.

27
Web-based Configuration Guide Network management

28
Web-based Configuration Guide Basic Management

3 Basic Management
3.1 Overviewing Switch Information
3.1.1 Basic information about the Device

Choose Local Device > Home > Basic Info.

Basic information includes device name, device model, SN number, software version, management IP, MAC
address, networking status, system time, working mode, etc.

1. Setting the device name

Click the device name to modify the device name in order to distinguish between different devices.

29
Web-based Configuration Guide Basic Management

2. Switching the Work Mode

Click the current work mode to change the work mode.

3. Setting MGMT IP

Click current management IP address to jump to the management IP configuration page. For more information,
see 4.6 .

3.1.2 Hardware Monitor Information

Caution

Only RG-NBS6002 Series, RG-NBS7003 Series and RG-NBS7006 Series devices support displaying this type
of information.

Choose Local Device > Home > Smart Monitoring.

Display the current hardware operating status of the device, such as the device temperature and power supply
status, etc.

30
Web-based Configuration Guide Basic Management

3.1.3 Port Info

Choose Local Device > Home > Port Info.

 The port info page displays the details of all ports currently on the switch. Click Panel View to view the port
roles and statuses corresponding to port icons of different colors or shapes.

31
Web-based Configuration Guide Basic Management

 Move the cursor to the icon of a port (for example, Gi14) on the port panel, and more information about the
port will be displayed, including the port ID, port status, port rate, uplink and downlink traffic, transmission
rate, and optical/electrical attribute of the port.

 Traffic data is automatically updated every five minutes. You can click Refresh above the port panel to obtain
the latest port traffic and status information simultaneously.

32
Web-based Configuration Guide Basic Management

3.2 Port Flow Statistics

Choose Local Device > Monitor > Port Flow.

Display traffic statistics such as the rate of the device port, the number of sent and received packets, and the
number of error packets. The rate of the port is updated every five seconds. Other traffic statistics are updated
every five minutes.

Select a port and click Clear Selected, or click Clear All to clear statistics such as current port traffic and start
statistics collection again.

Note

Aggregate ports can be configured. Traffic of an aggregate port is the sum of traffic of all member ports.

3.3 MAC Address Management

3.3.1 Overview

A MAC address table records mappings of MAC addresses and interfaces to virtual local area networks (VLANs).

A device queries the MAC address table based on the destination MAC address in a received packet. If the
device finds an entry that is consistent with the destination MAC Address in the packet, the device forwards the
packet through the interface corresponding to the entry in unicast mode. If the device does not find such an
entry, it forwards the packet through all interfaces other than the receiving interface in broadcast mode.

33
Web-based Configuration Guide Basic Management

MAC address entries are classified into the following types:

 Static MAC address entries: Manually configured by the user. Packets whose destination MAC address
matches the one in such an entry are forwarded through the correct interface. This type of entries does not
age.

 Dynamic MAC address entries: Automatically generated by devices. Packets whose destination MAC
address matches the one in such an entry are forwarded through the correct interface. This type of entries
ages.

 Filtering MAC address entries: Manually configured by the user. Packets whose source or destination MAC
address matches the one in such an entry are discarded. This type of entries does not age.

Note

This section describes the management of static, dynamic, and filtering MAC address entries, without involving
multicast MAC address entries.

3.3.2 Displaying the MAC Address Table

Choose Local Device > Monitor > Clients > MAC List.

Displays the MAC address information of the device, including the static MAC address manually set by the user,
the filtering MAC address, and the dynamic MAC address automatically learned by the device.

Querying MAC address entries: Support querying MAC address entries based on MAC address, VLAN ID or
port. Select the search type, enter the search string, and click Search. MAC entries that meet the search criteria
are displayed in the list. Support fuzzy search.

34
Web-based Configuration Guide Basic Management

Note

The MAC address entry capacity depends on the product. For example, the MAC address entry capacity of the
device shown in the figure above is 32K.

3.3.3 Displaying Dynamic MAC Address

Choose Local Device > Monitor > Clients > Dynamic MAC.

After receiving the packet, the device will automatically generate dynamic MAC address entries based on the
source MAC address of the packet. The current page displays the dynamic MAC address entries learned by the
device. Click Refresh to obtain the latest dynamic MAC address entries.

Delete dynamic MAC address: Select the clear type (by MAC address, by VLAN, or by port), enter a string for
matching the dynamic MAC address entry, and click Clear. The device will clear MAC address entries that meet
the conditions.

3.3.4 Configuring Static MAC Binding

The switch forwards data based on the MAC address table. You can set a static MAC address entry to manually
bind the MAC address of a downlink network device with the port of the device. After a static address entry is
configured, when the device receives a packet destined to this address from the VLAN, it will forward the packet
to the specified port. For example, when 802.1x authentication is enabled on the port, you can configure static
MAC address binding to implement authentication exemption.

35
Web-based Configuration Guide Basic Management

1. Adding Static MAC Address Entries

Choose Local Device > Monitor > Clients > Static MAC.

Click Add, enter the MAC address and VLAN ID, select the port for packet forwarding, and click OK. After the
addition is successful, the MAC address table will update the entry data.

2. Deleting Static MAC Address Entries

Choose Local Device > Monitor > Clients > Static MAC.

Batch delete: In MAC List, select the MAC address entries to be deleted and click Delete Selected. In the
displayed dialog box, click OK.

Delete an entry: In MAC List, find the entry to be deleted, click Delete in the last Action column. In the displayed
dialog box, click OK.

36
Web-based Configuration Guide Basic Management

3.3.5 Configuring MAC Address Filtering

To prohibit a user from sending and receiving packets in certain scenarios, you can add the MAC address of the
user to a filtering MAC address entry. After the entry is configured, packets whose source or destination MAC
address matches the MAC address in the filtering MAC address entry are directly discarded. For example, if a
user initiates ARP attacks, the MAC address of the user can be configured as a to-be-filtered address to prevent
attacks.

1. Adding Filtering MAC Address

Choose Local Device > Monitor > Clients > MAC Filter.

Click Add. In the dialog box that appears, enter the MAC addresses and VLAN ID, and then click OK.

37
Web-based Configuration Guide Basic Management

2. MAC Filter

Choose Local Device > Monitor > Clients > MAC Filter.

Batch delete: In MAC List, select the MAC address entries to be deleted and click Delete Selected. In the
displayed dialog box, click OK.

Delete an entry: In MAC List, find the entry to be deleted, click Delete in the last Action column. In the displayed
dialog box, click OK.

3.3.6 Configuring MAC Address Aging Time

Set the aging time of dynamic MAC address entries learned by the device. Static MAC address entries and
filtering MAC address entries do not age.

The device deletes useless dynamic MAC address entries based on the aging time to save entry resources on
the device. An overly long aging time may lead to untimely deletion of useless entries, whereas an overly short
aging time may lead to deletion of some valid entries and repeated learning of MAC addresses by the device,
which increases the packet broadcast frequency. Therefore, you are advised to configure a proper aging time of
dynamic MAC address entries as required to save device resources without affecting network stability.

Choose Local Device > Monitor > Clients > Aging Time.

Enter valid aging time and click Save. The value range of the aging time is from 10 to 630, in seconds. The
value 0 specifies no aging.

3.4 Displaying ARP Information

Choose Local Device > Monitor > Clients > ARP List.

When two IP-based devices need to communicate with each other, the sender must know the IP address and
MAC address of the peer. With MAC addresses, an IP-based device can encapsulate link-layer frames and then
send data frames to the physical network. The process of obtaining MAC addresses based on IP addresses is
called address resolution.

38
Web-based Configuration Guide Basic Management

The Address Resolution Protocol (ARP) is used to resolve IP addresses into MAC addresses. ARP can obtain
the MAC Address associated with an IP address. ARP stores the mappings between IP addresses and MAC
addresses in the ARP cache of the device.

The device learns the IP address and MAC address of the network devices connected to its interfaces and
generates the corresponding ARP entries. The ARP List page displays ARP entries learned by the device. The
ARP list allows you search for specified ARP entries by IP or MAC address. Click Refresh to obtain the latest
ARP entries.

Note

For more ARP entry function introduction, see 7.6 .

3.5 VLAN
3.5.1 VLAN Overview

A virtual local area network (VLAN) is a logical network created on a physical network. A VLAN has the same
properties as a normal physical network except that it is not limited by its physical location. Each VLAN has an
independent broadcast domain. Different VLANs are L2-isolated. L2 unicast, broadcast, and multicast frames
are forwarded and spread within one VLAN and will not be transmitted to other VLANs.

When a port is defined as a member of a VLAN, all clients connected to the port are a part of the VLAN. A
network supports multiple VLANs. VLANs can make L3 communication with each other through L3 devices or
L3 interfaces.

VLAN division includes two functions: creating VLANs and setting port VLANs.

3.5.2 Creating a VLAN

Choose Local Device > VLAN > VLAN List.

The VLAN list contains all the existing VLAN information. You can modify or delete the existing VLAN, or create
a new VLAN.

39
Web-based Configuration Guide Basic Management

1. Adding a VLAN

Create multiple VLANs: Click Batch Add. In the displayed dialog box, enter VLAN ID range (separate multiple
VLAN ID ranges with commas (,)), and click OK. The VLANs added will be displayed in VLAN List.

Create a VLAN: Click Add. Enter the VLAN ID and description for the VLAN, and click OK. The VLAN added
will be displayed in VLAN List.

Note

● The range of a VLAN ID is from 1 to 4094.

● You can separate multiple VLANs to be added in batches with commas (,), and separate the start and
end VLAN IDs of a VLAN range with a hyphen (-).
● If no VLAN description is configured when the VLAN is added, the system automatically creates a VLAN
description in the specified format, for example, VLAN000XX. The VLAN descriptions of different VLANs
must be unique.

40
Web-based Configuration Guide Basic Management

● If the device supports L3 functions, VLANs, routed ports, and L3 aggregate ports (L3APs) share limited
hardware resources. If resources are insufficient, a message indicating resource insufficiency for VLAN
will be displayed.

2. VLAN Description Modifying

In VLAN List, Click Edit in the last Action column to modify the description information of the specified VLAN.

3. Deleting a VLAN

Batch delete VLANs: In VLAN List, select the VLAN entries to be deleted and click Delete Selected to delete
VLANs in a batch.

Delete a VLAN: In VLAN List, click Delete in the last Action column to delete the specified VLAN.

Note

The default VLAN (VLAN 1), management VLAN, native VLAN, and access VLAN cannot be deleted. For
these VLANs, the Delete button is unavailable in gray.

3.5.3 Configuring Port VLAN

1. Overview

Choose Local Device > VLAN > Port List.

41
Web-based Configuration Guide Basic Management

Port List displays the VLAN division of the current port. Create VLANs in VLAN List page (see 3.5.2 Creating
a VLAN) and then configure the port based on the VLANs.

You can configure the port mode and VLAN members for a port to determine VLANs that are allowed to pass
through the port and whether packets to be forwarded by the port carry the tag field.

Table 3-1 Port Modes Description

Port mode Function

One access port can belong to only one VLAN and allow only frames from this VLAN to pass
through. This VLAN is called an access VLAN.

Access VLAN has attributes of both Native VLAN and Permitted VLAN
Access port
The frames sent from the Access port do not carry tags. When the access port receives an
untagged frame from a peer device, the local device determines that the frame comes from the
Access VLAN and adds the access VLAN ID to the frame.

One trunk port supports one native VLAN and several allowed VLANs. Native VLAN frames
forwarded by a trunk port do not carry tags while allowed VLAN frames forwarded by the trunk
port carry tags.

Trunk port A trunk port belongs to all VLANs of the device by default, and can forward frames of all
VLANs. You can set the allowed VLAN range to limit VLAN frames that can be forwarded.

Note that the trunk ports on both ends of the link must be configured with the same Native
VLAN.

A hybrid port supports one native VLAN and several allowed VLANs. The allowed VLANs are
divided into Tag VLAN and Untagged VLAN. The frames forwarded by the hybrid port from a
Hybrid port Tag VLAN carry tags, and the frames forwarded by the hybrid port from an Untagged VLAN do
not carry tags. The frames forwarded by the hybrid port from Native VLAN must not carry tags,
therefore Native VLAN can only belong to Untagged VLAN List.

Note

Whether the hybrid mode function is supported depends on the product version.

42
Web-based Configuration Guide Basic Management

2. Procedure

Choose Local Device > VLAN > Port List.

Configure port VLANs in a batch: Click Batch Edit, select the port to be configured on the port panel, and select
the port mode. If the port mode is Access port, you need to select Access VLAN; if the port mode is Trunk port,
you need to select Native VLAN and enter the allowed VLAN ID range; if the port mode is Hybrid port, you need
to select Native VLAN and enter the allowed VLAN range and Untagged VLAN range. Click OK to complete the
batch configuration.

Note

In Hybrid mode, the allowed VLANs include Tag VLAN and Untagged VLAN, and the Untagged VLAN range
must include Native VLAN.

Configure one port: In Port List, click Edit in the last Action column of a specified port, configure the port mode
and corresponding VLAN, and click OK.

Note

● VLAN ID range is from 1 to 4094, among which VLAN 1 is the default VLAN that cannot be deleted.
● When hardware resources are insufficient, the system displays a VLAN creation failure message.

43
Web-based Configuration Guide Basic Management

● Improper configuration of VLANs on a port (especially uplink port) may cause the failure to log in to the
web interface. Therefore, exercise caution when configuring VLANs.

3.5.4 Batch Switch Configuration

1. Overview

You can batch create VLANs, configure port attributes, and divide port VLANs for switches in the network.

2. Procedure

Choose Network > Batch Config.

(1) The page displays all switches in the current network. Select the switches to configure, and then select the
desired ports in the device port view that appears below. If there are a large number of devices in the current
network, select a product model from the drop-down list box to filter the devices. After the desired devices
and ports are selected, click Next.

(2) Click Add VLAN to create a VLAN for the selected devices in a batch. If you want to create multiple VLANs,
click Batch Add and enter the VLAN ID range, such as 3-5,100. After setting the VLANs, click Next.

44
Web-based Configuration Guide Basic Management

(3) Configure port attributes for the ports selected in Step 1 in a batch. Select a port type. If you set Type to
Access Port, you need to configure VLAN ID. If you set Type to Trunk Port, you need to configure Native
VLAN and Permitted VLAN. After setting the port attributes, click Override to deliver the batch
configurations to the target devices.

45
Web-based Configuration Guide Basic Management

3.5.5 Verifying Configuration

View the VLAN and port information of switches to check whether the batch configurations are successfully
delivered.

3.6 Viewing Optical Transceiver Info

>Choose Local Device > Monitoring > Optical Transceiver Info.

The Optical Transceiver Info page displays the basic information of an optical transceiver, including the port
to which it is connected, DDM, temperature, voltage, current, Tx power, local Rx power, and so on. You can
query the information of an optical transceiver by entering the port to which it is connected in the search box.

The data on this page is automatically updated every 5 seconds. You can also click Refresh to refresh the
optical transceiver information.

46
Web-based Configuration Guide Port Management

4 Port Management
4.1 Overview
Ports are important components for data exchange on network devices. The port management module allows
you to configure basic settings for ports, and configure port aggregation, switched port analyzer (SPAN), port
rate limiting, management IP address, etc.

Table 4-1 Description of Port Type

Port Type Note Remarks

A switch port consists of a single physical port on the device

and provides only the L2 switching function. Switch ports are Described in this
Switch Port
used to manage physical port and their associated L2 section
protocols.

An Interface binds multiple physical members to form a

logical link. For L2 switching, an aggregate port is like a
high-bandwidth switch port. It can combine the bandwidths
of multiple ports to expand link bandwidth. In addition, for
Described in this
L2 aggregate port frames sent through an L2 aggregate port, load balancing is
section
performed on member ports of the L2 aggregate port. If one
member link of the aggregate port fails, the L2 aggregate
port automatically transfers traffic on this link to other
available member links, improving connection reliability.

A switch virtual interface (SVI) serves as the management

interface of the device, through which the device can be
managed. You can also create an SVI as a gateway For related
SVI Port
interface, which is equivalent to the virtual interface of configuration, see 6.1
corresponding VLAN and can be used for inter-VLAN routing
on L3 devices.

On L3 devices, you can configure a single physical port as a

routed port and use it as the gateway interface of L3
For related
Routed Port switching. Route interfaces do not have L2 switching
configuration, see 6.1
functions and have no corresponding relationship with
VLANs, but only serve as access interfaces.

47
Web-based Configuration Guide Port Management

Port Type Note Remarks

An L3 aggregate port is a logical aggregate port group

composed of multiple physical member ports, just like an L2
aggregate port. The ports to be aggregated must be L3 ports
of the same type. An aggregate port serves as the gateway
interface of L3 switching. It treats multiple physical links in
the same aggregate group as one logical link. It is an
important way to expand link bandwidth. Multiple physical For related
L3 Aggregate Port
links are combined into one logical link, expanding the configuration, see 6.1
bandwidth of a link. Frames sent over the L3 AP are
balanced among the L3 AP member ports. If one member
link fails, the L3 AP automatically transfers the traffic on the
faulty link to other member links, improving reliability of
connections.

L3 aggregate ports do not support the L2 switching function.

4.2 Port Configuration

Port configuration includes common attributes such as basic settings and physical settings of the port. Users
can adjust the port rate, set port switch, duplex mode, flow control mode, energy efficient Ethernet switch, port
media type and MTU, etc.

4.2.1 Basic Settings

Choose Local Device > Ports > Basic Settings > Basic Settings.

Support setting whether to enable the port, the speed and duplex mode of the port, and the flow control mode,
and display the current actual status of each port.

48
Web-based Configuration Guide Port Management

Batch configure: Click Batch Edit, select the port to be configured In the displayed dialog box, select the port
switch, rate, work mode, and flow control mode, and click OK to deliver the configuration. In batch configuration,
optional configuration items are a common collection of selected ports (that is, attributes supported the selected
ports).

49
Web-based Configuration Guide Port Management

Configure one port: In Port List, select a port entry and click Edit in the Action column. In the displayed dialog
box, select port status, rate, work mode, and flow control mode, and click OK.

Table 4-2 Description of Basic Port Configuration Parameters

Parameter Description Default Value

If a port is closed, no frame will be received and sent on this

Status port, and the corresponding data processing function will be Enable
lost, but the PoE power supply function of the port will not be

50
Web-based Configuration Guide Port Management

Parameter Description Default Value

affected.

Set the rate at which the Ethernet physical interface works.

Set to Auto means that the port rate is determined by the
Rate Auto
auto-negotiation between the local and peer devices. The
negotiated rate can be any rate within the port capability.

Full duplex: realize that the port can receive packets

while sending.

Half duplex: control that the port can receive or

Work Mode send packets at a time. Auto

Auto: the duplex mode of the port is determined

through auto negotiation between the local port

and peer port

After flow control is enabled, the port will process the

Flow Control received flow control frames, and send the flow control Disable
frames when congestion occurs on the port.

Note

The rate of a GE port can be set to 1000M, 100M, or auto. The rate of a 10G port can be set to 10G, 1000M,
or auto.

4.2.2 Physical Settings

Choose Local Device > Ports > Basic Settings > Physical Settings.

Support to enable the energy-efficient Ethernet (EEE) function of the port, and set the media type and MTU of
the port.

51
Web-based Configuration Guide Port Management

Batch configure: Click Batch Edit. In the displayed dialog box, select the port to be configured, configure the
EEE switch, MTU, enter the port description, and click OK.

Note

Copper ports and SFP ports cannot be both configured during batch configuration.

Configure one port: Click Edit in the Action column of the list. In the displayed configuration box, configure the
EEE switch, port mode, enter the port description, and click OK.

52
Web-based Configuration Guide Port Management

Table 4-3 Description of Physical Configuration Parameters

Parameter Description Default Value

It is short for energy-efficient Ethernet, which is based on the

standard IEEE 802.3az protocol. When enabled, EEE saves
EEE energy by making the interface enter LPI (Low Power Idle) Disable
mode when the Ethernet connection is idle.

Value: Disable/Enable

The port attribute indicates whether the port is a copper port or

an SFP port.
Depending on the port
Attribute Copper port: copper mode (cannot be changed);
attribute
SFP port: fiber mode (cannot be changed);

Only combo ports support mode change.

Description You can add a description to label the functions of a port. NA

MTU (Maximum Transmission Unit) is used to notify the peer

of the acceptable maximum size of a data service unit. It
MTU indicates the size of the payload acceptable to the sender. You 1500
can configure the MTU of a port to limit the length of a frame
that can be received or forwarded through this port.

Note

● Different ports support different attributes and configuration items.

● Only the SFP combo ports support port mode switching.
● SFP ports do not support enabling EEE.

53
Web-based Configuration Guide Port Management

4.3 Aggregate Ports

4.3.1 Aggregate Port Overview

An aggregate port (AP) is a logical link formed by binding multiple physical links. It is used to expand link
bandwidth, thereby improving connection reliability.

The AP function supports load balancing and therefore, evenly distributes traffic to member links. The AP
implements link backup. When a member link of an AP is disconnected, the system automatically distributes
traffic of this link to other available member links. Broadcast or multicast packets received by one member link
of an AP are not forwarded to other member links.

 If a single interface that connects two devices supports the maximum rate of 1000 Mbps (assume that
interfaces of both devices support the rate of 1000 Mbps), when the service traffic on the link exceeds 1000
Mbps, the excess traffic will be discarded. Link aggregation can solve this problem. For example, use n
network cables to connect the two devices and bind the interfaces together. In this way, the interfaces are
logically bound to support the maximum traffic of 1000 Mbps × n.

 If two devices are connected through a single cable, when the link between the two interfaces is disconnected,
services carried on this link are interrupted. After multiple interconnected interfaces are bound, as long as
there is one link available, services carried on these interfaces will not be interrupted.

4.3.2 Overview

1. Static AP Address

In static AP mode, you can manually add a physical interface to an aggregate port. An aggregate port in static
AP mode is called a static aggregate port and the member ports are called member ports of the static aggregate
port. Static AP can be easily implemented. You can aggregate multiple physical links by running commands to
add specified physical interfaces to an AP. Once a member interface is added to an AP, it can send and receive
data and balance traffic in the AP.

2. Dynamic Aggregation

Dynamic aggregation mode is a special port aggregation function developed for the WAN port of RG-MR series
gateway devices. The maximum bandwidth of the WAN port of the MR device can support 2000M, but after the
intranet port is connected to the switch, a single port can only support a maximum bandwidth of 1000M. In order
to prevent the downlink bandwidth from being wasted, it is necessary to find a way to increase the maximum
bandwidth of the port between the MR device and the switch, and the dynamic aggregation function emerged
to meet the need.

After connecting the two fixed AG (aggregation) member ports on the MR gateway device to any two ports on
the switch, through packet exchange, the two ports on the switch can be automatically aggregated, thereby
doubling the bandwidth. The aggregate port automatically generated in this way on the switch is called a dynamic
aggregate port, and the corresponding two ports are the member ports of the aggregate port.

Note

Dynamic aggregate ports do not support manual creation and can be deleted after they are automatically
generated by the device, but member ports cannot be modified.

54
Web-based Configuration Guide Port Management

3. Load Balancing

An AP, based on packet characteristics such as the source MAC address, destination MAC address, source IP
address, destination IP address, L4 source port ID, and L4 destination port ID of packets received by an inbound
interface, differentiates packet flows according to one or several combined algorithms. It sends the same packet
flow through the same member link, and evenly distributes different packet flows among member links. For
example, in load balancing mode based on source MAC addresses, packets are distributed to different member
links of an AP based on their source MAC addresses. Packets with different source MAC addresses are
distributed to different member links; packets with a same source MAC address are forwarded along a same
member link.

Currently, the AP supports the traffic balancing modes based on the following:

 Source MAC address or destination MAC address

 Source MAC address + destination MAC address

 Source IP address or destination IP address

 Source IP address + destination IP address

 Source port

 L4 source port or L4 destination port

 L4 source port + L4 destination port

4. LACP
Link Aggregation Control Protocol (LACP) is a standardized protocol for dynamically aggregating multiple
physical links into a single logical link to enhance network bandwidth and reliability. LACP defines the negotiation
process and parameters of link aggregation, which enables the exchange of link aggregation information and
the negotiation of link aggregation parameters among network devices and ensures the reliability and stability
of the link aggregation. LACP supports dynamic addition and deletion of links, achieving dynamic link adjustment
and optimization.

In LACP, two roles are defined: the actor and the partner. The actor sends a link aggregation request, while the
partner responds to the request and joins the link aggregation group.

4.3.3 Aggregate Port Configuration

Choose Local Device > Ports > Aggregate Ports > Aggregate Port Settings.

1. Adding a Static Aggregate Port

Enter an aggregate port ID, select member ports (ports that are already a member of an aggregate port cannot
be selected), toggle on LACP, and click Save. You can enable LACP to dynamically aggregate links to enhance
network reliability and flexibility. The port panel displays a successfully added aggregate port.

Note

● An aggregate port contains a maximum of eight member ports.

● The attributes of aggregate ports must be the same, and copper ports and SFP ports cannot be
aggregated.
● Dynamic aggregate ports do not support manual creation.
● The LACP state cannot be modified once a static aggregate port is created.

55
Web-based Configuration Guide Port Management

2. Modifying Member Ports of a Static Aggregate Port

Click an added static aggregate port. Member ports of the aggregate port will become selected. Click a port to
deselect it; or select other ports to join the current aggregate port. Click Save to modify the member ports of the
aggregate port.

Note

Dynamic aggregation ports do not support to modify member ports.

56
Web-based Configuration Guide Port Management

3. Deleting an Aggregate Port

Move the cursor over an aggregate port icon and click upper-right, or select the aggregate port to be deleted,
and click Delete Selected to delete the selected aggregate port. After deleted, the corresponding ports become
available on the port panel to set a new aggregate port.

Caution

After an aggregate port is deleted, its member ports are restored to the default settings and are disabled.

4.3.4 Configuring a Load Balancing Mode

Choose Local Device > Ports > Aggregate Port > Global Settings.

Select Load Balance Algorithm and click Save. The Device distributes incoming packets among member links
by using the specified load balancing algorithm. The packet flow with the consistent feature is transmitted by
one member link, whereas different packet flows are evenly distributed to various links.

4.3.5 Configuring LACP Settings

1. LACP System Priority
>>>Choose Local Device > Ports > Aggregate Port > LACP Settings > Global Settings.

In LACP, the device with a higher system priority becomes the actor in the link aggregation group and controls
the working state and parameters of the link aggregation group. The value of system priority ranges from 1 to
65535, and the default value is 32768. The lower the value of system priority, the higher the device priority.
When two devices have the same system priority, their MAC addresses are compared, and the device with the
smaller MAC address becomes the actor in the link aggregation group.

57
Web-based Configuration Guide Port Management

2. LACP Port List

>>>Choose Local Device > Ports > Aggregate Port > LACP Settings > LACP Port List. The LACP Port List
page shows the port ID, priority, mode, and timeout mode of each LACP-enabled port. You can view the member
port details of the corresponding link aggregation group by selecting an aggregate port.

You can select a specific port and click Edit, or select multiple ports and click Batch Edit to modify the port
priority, mode, and timeout mode in the pop-up window. Then, click OK to confirm and apply the changes.

Table 4-2 Description of LACP Port List Configuration Parameters

Default
Parameter Description
Value

Priority is used to determine which port is the master, with the highest-
priority port being selected as the active port. The priority value ranges
from 1 to 65535, and a lower priority value indicates a higher priority. If
Priority 1
multiple ports have the same priority, their priority ranking is determined
by evaluating their port IDs, and the port with the lower port ID will be
given a higher priority.

58
Web-based Configuration Guide Port Management

Default
Parameter Description
Value

Mode refers to the method by which two devices within a link aggregation
group negotiate their operating mode.

Active: In active mode, the device assumes the role of the actor
Mode Active
and sends requests to establish link aggregation.

Passive: In passive mode, the device assumes the role of the

partner and waits for the peer device to send a request.

The purpose of the timeout mode is to determine the timeout period and
mechanism for LACP link aggregation. When no LACP frames are
received from the peer device within the specified timeout duration, it is
assumed that the peer device has experienced a failure. As a result, the
failure detection and recovery mechanism of the link aggregation is
triggered.

Long: In long timeout mode, the timeout duration is set to 90

Timeout Long
seconds. This mode enhances the reliability and stability of link
aggregation, but it can potentially lead to delayed detection of
faults.

Short: In short timeout mode, the timeout duration is set to 3

seconds. This mode enhances the response speed of link
aggregation and ensures timely fault detection, but it may
impose additional network load and resource consumption.

3. Viewing LACP State

>>Choose Local Device > Ports > Aggregate Port > LACP Details.

You can select an LACP-enabled aggregate port and click Search to view the LACP-enabled member ports and
the aggregate port information on this page.

59
Web-based Configuration Guide Port Management

4.4 Port Mirroring

4.4.1 Overview

The switched port analyzer (SPAN) function is a function that copies packets of a specified port to another port
that is connected to a network monitoring device, After port mirroring is set, the packets on the source port will
be copied and forwarded to the destination port, and a packet analyzer is usually connected to the destination
port to analyze the packet status of the source port, so as to monitor all incoming and outgoing packets on
source ports.

As shown, by configuring port mirroring on Device A, the device copies the packets on Port 1 to Port 10. Although
the network analysis device connected to Port 10 is not directly connected to Port 1, it can receive packets
through Port 1. Therefore, the aim to monitor the data flow transmitted by Port 1 is realized.

Figure 4-1 Port Mirroring Principles Figure

Device A

Network Analyzer
Port 1 Port 10

The SPAN function not only realizes the data traffic analysis of suspicious network nodes or device ports, but
also does not affect the data forwarding of the monitored device. It is mainly used in network monitoring and
troubleshooting scenarios.

4.4.2 Procedure

Choose Local Device > Ports > Port Mirroring.

Click Edit, select the source port, destination port, monitor direction, and whether to receive packets from non-
source ports, and click OK. A maximum of four SPAN entries can be configured.

To delete the port mirroring configuration, click Delete in the corresponding Action column.

Caution

● You can select multiple source traffic monitoring ports but only one destination port. Moreover, the source
traffic monitoring ports cannot contain the destination port.
● An aggregate port cannot be used as the destination port.
● A maximum of four SPAN entries can be configured. SPAN cannot be configured for ports that have been
used for SPAN.

60
Web-based Configuration Guide Port Management

61
Web-based Configuration Guide Port Management

Table 4-4 Description of Port Mirroring Parameters

Default
Parameter Description
Value

A source port is also called a monitored port. Data flows on the source
port are monitored for network analysis or troubleshooting.
Src Port N/A
Support selecting multiple source ports and mirroring multiple ports to one
destination port

The destination port is also called the monitoring port, that is, the port
Dest Port connected to the monitoring device, and forwards the received packets N/A
from the source port to the monitoring device.

The type of packets (data flow direction) to be monitored by a source port.

Both: All packets passing through the port, including incoming

and outgoing packets

Monitor Direction Incoming: All packets received by a source port are copied to Both

the destination port

Outgoing: All packets transmitted by a source port are copied to

the destination port

It is applied to the destination port and indicates whether a destination

port forwards other packets while monitoring packets.

Receive Pkt from Enabled: While monitoring the packets of the source port, the
Enable
Non-Src Ports
packets of other non-source ports are normally forwarded

Disabled: Only monitor source port packets

4.5 Rate Limiting

Choose Local Device > Ports > Rate Limiting.

The Rate Limiting module allows you to configure traffic limits for ports, including rate limits for inbound and
outbound direction of ports.

62
Web-based Configuration Guide Port Management

1. Rate Limiting Configuration

Click Batch Edit. In the displayed dialog box, select ports and enter the rate limits, and click OK. You must
configure at least the ingress rate or egress rate. After the configuration is completed, it will be displayed in the
list of port rate limiting rules.

Table 4-5 Description of Rate Limiting Parameters

Parameter Description Default Value

Max Rate at which packets are sent from a port to a switch, in

Rx Rate Not limited
kbps.

Max Rate at which packets are sent out of a switch through a

Tx Rate Not limited
port, in kbps.

2. Changing Rate Limits of a Single Port

In the port list for which the rate limit has been set, click Edit on the corresponding port entry, enter the ingress
rate and egress rate in the displayed dialog box, and click OK.

63
Web-based Configuration Guide Port Management

3. Deleting Rate Limiting

Batch configure: Select multiple records in Port List, click Delete Selected and click OK in the confirmation
dialog box.

Configure one port: In Port List, click Delete on the corresponding port entry, and click OK in the confirmation
dialog box.

Note

● When configuring rate limits for a port, you must configure at least the ingress rate or egress rate.
● When the ingress rate or egress rate is not set, the port rate is not limited.

4.6 MGMT IP Configuration

Choose Local Device > Ports > MGMT IP.

The MGMT IP page allows you to configure the management IP address for the device. Users can configure
and manage the device by accessing the management IP.

64
Web-based Configuration Guide Port Management

The device can be networked in two modes:

 DHCP: Uses a temporary IP address dynamically assigned by the upstream DHCP server for Internet access.

 Static IP: Uses a static IP address manually configured by users for Internet access.

If you select DHCP, the device obtains parameters from the DHCP Server. If Static IP is selected, you need to
enter the management VLAN, IP address, subnet mask, default gateway IP address, and address of a DNS
server. Click Save to make the configuration take effect.

Note

● If the management VLAN is null or not specified, VLAN 1 takes effect by default.
● The management VLAN must be selected from existing VLANs. If no VLAN is created, go to the VLAN
list to add a VLAN (for details, see 3.5.2 ).
● You are advised to bind a configured management VLAN to an uplink port. Otherwise, you may fail to
access the web interface.

4.7 Configuring the Management IPv6 Address

Configure the IPv6 address used to log in to the device management page.

Choose Local Device > Ports > MGMT IP > MGMT IPv6.

Configure the management IPv6 address so that you can log in to the device management page using the IPv6
address of the device.

The device supports the following Internet connection types:

 Null: The IPv6 function is disabled on the current port.

 DHCP: The device dynamically obtains an IPv6 address from the upstream device.

 Static IP: You need to manually configure the IPv6 address, length, gateway address, and DNS server.

65
Web-based Configuration Guide Port Management

Click Save.

66
Web-based Configuration Guide Port Management

4.8 Out-of-Band IP Configuration

Caution

Only the RG-NBS6002 Series, RG-NBS7003 Series and RG-NBS7006 Series support this function.

Choose Local Device > Ports > Out-of-Band IP.

Set the MGMT management port IP of the chassis to centrally manage the modules in multiple slots of the
device.

67
Web-based Configuration Guide Port Management

Note

No IP address is configured for the MGMT port by default. Currently, only a static IP address can be
configured for the MGMT port but DHCP is not supported.

4.9 PoE Configuration

Caution

Only PoE switches (The device models are marked with -P) support this function.

Choose Local Device > Ports > PoE.

68
Web-based Configuration Guide Port Management

The device supplies power to PoE powered devices through ports. Users can view the current power supply
status, and set the system power supply and port power supply policies respectively to achieve flexible power
distribution.

4.9.1 PoE Global Settings

Choose Local Device > Ports > PoE > PoE Settings.

PoE Transmit Power Mode refers to the way that a device allocates power to a connected PD (Powered Device).
It supports Auto mode and Energy-saving mode.

In Auto mode, the system allocates power based on the classes of PDs detected on ports. The device allocates
power to PD devices of Class 0~4 based on a fixed value: Class 0 is 15.4W, Class 1 is 4W, Class 2 is 7W, Class
3 is 15.4W, Class 4 Type 1 is 15.4W, and Class 4 Type 2 is 30W. In this mode, if the port is connected to a
device of Class 3, even if the actual power consumption is only 11W, the PoE power supply device will allocate
power to the port based on the power of 15.4W.

In energy-saving mode, the PoE device dynamically adjusts allocated power based on actual consumption of
PDs. In this mode, in order to prevent the power supply of the port from fluctuating due to the fluctuation of the
actual power consumption of the PD when the power is fully loaded, you can set the Reserved Transmit Power,
and the reserved power will not be used for power supply, so as to ensure that the total power consumed by the
current system does not exceed the limit of the PoE device. The size of the reserved power is expressed as a
percentage of the total PoE power. The value ranges from 0 to 50.

69
Web-based Configuration Guide Port Management

4.9.2 Power Supply Configuration of Ports

Choose Local Device > Ports > PoE > Port List.

Click Edit in the port entry or click Batch Edit to set the PoE power supply function of the port.

70
Web-based Configuration Guide Port Management

Table 4-6 Description of Parameters for Power Supply Configuration of Ports

Parameter Description Default Value

PoE Whether to enable the power supply function on the ports Enable

By default, the device only supplies power to PDs that

comply with the standard IEEE 802.3af and 802.3at
protocols. In practical applications, there may be PDs that
Non-Standard Disable
do not conform to the standard. After the non-standard
mode is enabled, the device port can supply power to some
non-standard PD devices.

The power supply priority of the port is divided into three

levels: High, Medium, and Low

In auto and energy-saving modes, ports with high priorities

are powered first. When the system power of the PoE
Priority Low
device is insufficient, ports with low priorities are powered
off first.

Ports with the same priority are sorted by the port number. A
smaller port number indicates a higher priority.

The maximum power that the port can transmit, ranging

Max Transmit Power Not limit
from 0 to 30, in watts (W). A blank value indicates no limit

4.9.3 Displaying Global PoE Information

Choose Local Device > Ports > PoE > PoE Overview.

Displays the global power supply information of the PoE function, including the total system power, used power,
reserved power, remaining available power, peak maximum power, and the number of ports currently powered.

4.9.4 Displaying the Port PoE Information

Choose Local Device > PoE > Port List.

The Port List displays the PoE configuration and status information of each port. Click to expand the detailed
information.

When the PD device connected to the port needs to be restarted, for example, when the AP connected to the
port is abnormal, you can click Repower to make the port power off briefly and then power on again to restart
the device connected to the power supply port.

71
Web-based Configuration Guide Port Management

Table 4-7 Description of Port Power Supply Info

Field Description

Port Device Port ID

PoE Status Whether to enable the PoE function on the ports.

Transmit Power Status Whether the port supplies power for PDs currently.

The power supply priority of the port is divided into three levels: High, Medium,
Priority
and Low.

Current Transmit Power Indicates the power output by the current port, in watts (W).

Non-Standard Indicates whether the non-standard compatibility mode is enabled.

Work Status Current work status of PoE ports.

Current Indicates the present current of the port in milliamps (mA).

Voltage Indicates the present current of the port in volts (V).

Indicates the current average power of the port, namely, the sampling average
Avg Transmit Power
of current power after the port is powered on, in watts (W).

Max Transmit Power The maximum output power of the port in watts (W).

PD Requested Transmit The power requested by the PD to the PSE (Power Sourcing Equipment,
Power power supply equipment), in watts (W).

PSE Allocated Transmit

Indicates the power allocated to a PD by PSE in watts (W).
Power

Information of PD type obtained through LLDP classification are divided into

PD Type
Type 1 and Type 2.

The classification level of the PD connected to the port is divided into Class
PD Class
0~4, based on the IEEE 802.3af/802.3at standard.

72
Web-based Configuration Guide L2 Multicast

5 L2 Multicast
5.1 Multicast Overview
IP transmission methods are categorized into unicast, multicast, and broadcast. In IP multicast, an IP packet is
sent from a source and forwarded to a specific group of receivers. Compared with unicast and broadcast, IP
multicast saves bandwidth and reduces network loads. Therefore, IP multicast is applied to different network
services that have high requirements for real timeliness, for example, Internet TV, distance education, live
broadcast and multimedia conference.

5.2 Multicast Global Settings

Choose Local Device > Multicast > Global Settings.

Global Settings allow you to specify the version of the IGMP protocol, whether to enable report packet
suppression, and the behavior for processing unknown multicast packets.

73
Web-based Configuration Guide L2 Multicast

Table 5-1 Description of Configuration Parameters of Global Multicast

Parameter Description Default Value

The Internet Group Management Protocol (IGMP) is a TCP/IP

protocol that manages members in an IPv4 multicast group
and runs on the multicast devices and hosts residing on the
stub of the multicast network, creating and maintaining
membership of the multicast group between the hosts and
Version IGMPv2
connected multicast devices. There are three versions of
IGMP: IGMPv1, IGMPv2, and IGMPv3.

This parameter is used to set the highest version of IGMP

packets that can be processed by Layer 2 multicast, and can
be set to IGMPv2 or IGMPv3.

After this function is enabled, to reduce the number of packets

in the network, save network bandwidth and ensure the
IGMP Report performance of the IGMP multicast device, the switch forwards
Disable
Suppression only one report packet to the multicast router if multiple
downlink clients connected to the switch simultaneously send
the report packet to demand the same multicast group.

When both the global and VLAN multicast functions are

Unknown
enabled, the processing method for receiving unknown Discard
Multicast Pkt
multicast packets can be set to Discard or Flood.

5.3 IGMP Snooping

5.3.1 Overview

The Internet Group Management Protocol (IGMP) snooping is an IP multicast snooping mechanism running on
a VLAN to manage and control the forwarding of IP multicast traffic within the VLAN. It implements the L2
multicast function.

Generally, multicast packets need to pass through L2 switches, especially in some local area networks (LANs).
When the Layer 2 switching device does not run IGMP Snooping, the IP multicast packets are broadcast in the
VLAN; when the Layer 2 switching device runs IGMP Snooping, the Layer 2 device can snoop the IGMP protocol
packets of the user host and the upstream PIM multicast device. In this way, a Layer 2 multicast entry is
established, and IP multicast packets are controlled to be sent only to group member receivers, preventing
multicast data from being broadcast on the Layer 2 network.

74
Web-based Configuration Guide L2 Multicast

5.3.2 Enabling Global IGMP Snooping

Choose Local Device > Multicast > IGMP Snooping.

Turn on IGMP Snooping and click Save.

5.3.3 Configuring Protocol Packet Processing Parameters

By controlling protocol packet processing, an L2 multicast device can establish static or dynamic multicast
forwarding entries. In addition, the device can adjust parameters to refresh dynamic multicast forwarding entries
and IGMP snooping membership quickly.

Choose Local Device > Multicast > IGMP Snooping.

The IGMP Snooping function is implemented based on VLANs. Therefore, each VLAN corresponds to an IGMP
Snooping setting entry. There are as many IGMP Snooping entries as VLANs on the device.

Click Edit in the VLAN entry. In the displayed dialog box enable/disable the VLAN multicast function, dynamic
learning function, fast leave function and static route connection port, and set the router aging time and the host
aging time, and click OK.

75
Web-based Configuration Guide L2 Multicast

Table 5-2 Description of VLAN Configuration Parameters of IGMP Snooping

Parameter Description Default Value

Whether to enable or disable the VLAN multicast function. The

multicast function of a VLAN takes effect only when both the
Multicast Status Disable
global IGMP snooping and VLAN multicast functions are
enabled.

The device running IGMP Snooping identifies the ports in the

VLAN as router ports or member ports. The router port is the
port on the Layer 2 multicast device that is connected to the
Layer 3 multicast device, and the member port is the host port
Dynamic Learning Enable
connected to the group on the Layer 2 multicast device.

By snooping IGMP packets, the L2 multicast device can

automatically discover and maintain dynamic multicast router
ports.

List of current multicast router ports includes dynamically

Router Port learned routed ports (if Dynamic Learning function is enabled) NA
and statically configured routed ports.

76
Web-based Configuration Guide L2 Multicast

Parameter Description Default Value

After it is enabled, when the port receives the Leave packets,

it will immediately delete the port from the multicast group
without waiting for the aging timeout. After that, when the
device receives the corresponding specific group query
Fast Leave packets and multicast data packets, the device will no longer Disable
forward it to the port.

This function is applicable when only one host is connected to

one port of the device, and is generally enabled on the access
switch directly connected to the endpoint.

Router Aging Time Aging time of dynamically learned multicast router ports
300 seconds
(Sec) ranges from 30 to 3600, in seconds.

Host Aging Time Aging time of dynamically learned member ports of a multicast
260 seconds
(Sec) group, in seconds.

In the displayed dialog box, select a port and set it as the

Select Port static router port. When a port is configured as a static router NA
port, the port will not age out

5.4 Configuring MVR

5.4.1 Overview

IGMP snooping can forward multicast traffic only in the same VLAN. If multicast traffic needs to be forwarded to
different VLANs, the multicast source must send multicast traffic to different VLANs. In order to save upstream
bandwidth and reduce the burden of multicast sources, multicast VLAN register (MVR) comes into being. MVR
can copy multicast traffic received from an MVR VLAN to the VLAN to which the user belongs and forward the
traffic.

77
Web-based Configuration Guide L2 Multicast

5.4.2 Configuring Global MVR Parameters

Choose Local Device > L2 Multicast > MVR.

Click to enable the MVR, select the MVR VLAN, set the multicast group supported by the VLAN, and click Save.
Multiple multicast groups can be specified by entering the start and end multicast IP addresses.

Table 5-3 Description of Configuring Global MVR Parameters

Parameter Description Default Value

MVR Enables/Disables MVR globally Disable

Multicast VLAN VLAN of a multicast source 1

Learned or configured start multicast IP address of an MVR

Start IP Address NA
multicast group.

Learned or configured end multicast IP address of an MVR

End IP Address NA
multicast group.

5.4.3 Configuring the MVR Ports

Choose Local Device > L2 Multicast > MVR.

Batch configure: Click Batch Edit, select the port role, the port to be set, and whether to enable the Fast Leave
function on the port, and click OK.

78
Web-based Configuration Guide L2 Multicast

Configure one port: Click the drop-down list box to select the MVR role type of the port. Click the switch in the
Fast Leave column to set whether the port enables the fast leave function.

Table 5-4 Description of MVR Configuration Parameters of Ports

Parameter Description Default Value

NONE: Indicates that the MVR function is disabled.

SOURCE: Indicates the source port that receives multicast

Role NONE
data streams.

RECEIVER: Indicates the receiver port connected to a client.

Configures the fast leave function for a port. After the function
Fast Leave is enabled, if the port receives the leave packet, it is directly Disable
deleted from the multicast group.

Note

● If a source port or a receiver port is configured, the source port must belong to the MVR VLAN and the
receiver port must not belong to the MVR VLAN.

79
Web-based Configuration Guide L2 Multicast

● The fast leave function takes effect only on the receiver port.

5.5 Configuring Multicast Group

Choose Local Device > L2 Multicast > Multicast Group.

A multicast group consists of the destination ports, to which multicast packets are to be sent. Multicast packets
are sent to all ports in the multicast group.

You can view the Multicast List on the current page. The search box in the upper-right corner supports
searching for multicast group entries based on VLAN IDs or multicast addresses.

Click Add to create a multicast group.

Table 5-5 Description of Multicast Group Configuration Parameters

Parameter Description Default Value

VLAN ID VLAN, to which received multicast traffic belongs NA

80
Web-based Configuration Guide L2 Multicast

Parameter Description Default Value

Multicast IP
On-demand multicast IP address NA
Address

If the VLAN ID is a multicast VLAN and the multicast address

is within the multicast IP address range of the MVR, the
Protocol NA
protocol is MVR. In other cases, the protocol is IGMP
snooping.

Multicast group generation mode can be statically configured

or dynamically learned.

In normal cases, a port can join a multicast group only after the
port receives an IGMP Report packet from the multicast, that
Type NA
is, dynamically learned mode.

If you manually add a port to a group, the port can be statically

added to the group and exchanges multicast group information
with the PIM router without IGMP packet exchange.

Forwarding Port List of ports that forward multicast traffic NA

Note

Static multicast groups cannot learn other dynamic forwarding ports.

5.6 Configuring a Port Filter

Choose Local Device > L2 Multicast > IGMP Filter.

Generally, the device running ports can join any multicast group. A port filter can configure a range of multicast
groups that permit or deny user access, you can customize the multicast service scope for users to guarantee
the interest of operators and prevent invalid multicast traffic.

There are 2 steps to configure the port filter: configure the profile and set a limit to the range of the port group
address.

81
Web-based Configuration Guide L2 Multicast

5.6.1 Configuring Profile

Choose Local Device > L2 Multicast > IGMP Filter > Profile List.

Click Add to create a Profile. A profile is used to define a range of multicast groups that permit or deny user
access for reference by other functions.

Table 5-6 Description of Profile Configuration Parameters

Parameter Description Default Value

Profile ID Profile ID NA

82
Web-based Configuration Guide L2 Multicast

Parameter Description Default Value

DENY: Forbids demanding multicast IP addresses in a

specified range.
Behavior NA
PERMIT: Only allows demanding multicast IP addresses in a
specified range.

Start Multicast IP address of the range of multicast group

Start IP Address NA
addresses

End Multicast IP address of the range of multicast group

End IP Address NA
addresses

5.6.2 Configuring a Range of Multicast Groups for a Profile

Choose Local Device > L2 Multicast > IGMP Filter > Filter List.

The port filter can cite a profile to define the range of multicast group addresses that can be or cannot be
demanded by users on a port.

Click Batch Edit, or click Edit of a single port entry. In the displayed dialog box, select profile ID and enter the
maximum number of multicast groups allowed by a port and click OK.

83
Web-based Configuration Guide L2 Multicast

Table 5-7 Description of Port Filter Configuration Parameters

Parameter Description Default Value

Profile that takes effect on a port. If it is not set, no profile rule

Profile ID NA
is bound to the port.

Maximum number of multicast groups that a port can join.

If too much multicast traffic is requested concurrently, the

Max Multicast
multicast device will be severely burdened. Therefore, 256
Groups
configuring the maximum number of multicast groups allowed
for the port can guarantee the bandwidth.

5.7 Setting an IGMP Querier

5.7.1 Overview

In a three-layer multicast network, the L3 multicast device serves as the querier and runs IGMP to maintain
group membership. L2 multicast devices only need to listen to IGMP packets to establish and maintain
forwarding entries and implement L2 multicasting. When a multicast source and user host are in the same L2
network, the query function is unavailable because the L2 device does not support IGMP. To resolve this problem,
you can configure the IGMP snooping querier function on the L2 device so that the L2 device sends IGMP Query
packets to user hosts on behalf of the L3 multicast device, and listens to and maintains IGMP Report packets
responded by user hosts to establish L2 multicast forwarding entries.

84
Web-based Configuration Guide L2 Multicast

5.7.2 Procedure

Choose Local Device > L2 Multicast > Querier.

One querier is set for each VLAN. The number of queriers is the same as that of device VLANs.

In Querier List, click Edit in the last Action column. In the displayed dialog box, select whether to enable the
querier, set the querier version, querier source IP address, and packet query interval, and click OK.

Table 5-8 Description of Querier Configuration Parameters

Parameter Description Default Value

Querier Status Whether to enable or disable the VLAN querier function. Disable

IGMP Protocol version of query packets sent by the querier. It can

Version IGMPv2
be set to IGMPv2 or IGMPv3.

Src IP Address Source IP address carried in query packets sent by the querier. NA

85
Web-based Configuration Guide L2 Multicast

Parameter Description Default Value

Query Interval Packet transmission interval, of which the value range is from 30 to
60 seconds
(Sec) 18000, in seconds.

Note

● The querier version cannot be higher than the global IGMP version. When the global IGMP version is
lowered, the querier version is lowered accordingly.
● If no querier source IP is configured, the device management IP is used as the source IP address of the
querier.

86
Web-based Configuration Guide L3 Multicast

6 L3 Multicast
6.1 Overview
Layer 3 multicast is a communication method that uses multicast addressing at the network layer for sending
data. Multicast enables a sender to send packets to a group of receivers simultaneously, which reduces the
network bandwidth consumption and lowers the network load. Layer 3 multicast is extensively used in
applications such as video conferencing, streaming media, VoIP, and others.

In Layer 3 multicast, each multicast group address corresponds to a specific multicast group, and the members
of a multicast group share the same multicast group address. The sender sends data packets to the multicast
group address, and routers on the network forward the packets to all members of the multicast group based on
the multicast group address and the routing protocols used.

6.2 Multicast Routing Table

>Choose Local Device > L3 Multicast > Multicast Routing Table.

The Multicast Routing Table page displays the information of the Layer 3 multicast routing table, including the
source IP address, multicast group address, incoming interface, outgoing interface, and time to live (TTL). You
can search the routing information based on either the source IP address or the multicast group address. You
can click Refresh to view the up-to-date multicast routing table information.

Table 6-1 Description of Multicast Routing Table Parameters

Parameter Description Default Value

Source IP
IP address of the source device sending the multicast packet. N/A
Address

A special IP address that identifies a multicast group. In the routing

Multicast Group
table, the multicast group address is the IP address of the N/A
Address
destination multicast group.

Incoming
Interface receiving the multicast packets N/A
Interface

When the router receives a multicast packet, it forwards the

Outgoing
multicast packet to the appropriate outgoing interface according to N/A
Interface
the value in the Outgoing Interface field in the routing table.

87
Web-based Configuration Guide L3 Multicast

Parameter Description Default Value

The TTL value is the duration for which a routing table entry
TTL remains valid. Once this time expires, the routing table entry is N/A
considered expired and is no longer utilized.

6.3 Configuring PIM

6.3.1 Overview
Protocol Independent Multicast (PIM) is a protocol-independent intra-domain multicast routing protocol. PIM
allows multicast communication to be implemented using various unicast routing protocols, including static
routing, RIP, OSPF, and others. Through the implementation of the PIM protocol, routers can exchange multicast
routing information, which enables the establishment and maintenance of multicast trees, thus efficiently
delivering multicast data packets from the source to the receivers within the multicast group.

The PIM protocol features two widely used modes:

 PIM Dense Mode (PIM-DM)

This mode is applicable to small-scale networks or scenarios with dense multicast traffic. In PIM-DM,
multicast packets are transmitted along all available paths, which results in higher network bandwidth and
resource consumption.

 PIM Sparse Mode (PIM-SM)

This mode is applicable to large-scale networks or scenarios with sparse multicast traffic. In PIM-SM, routers
only forward multicast packets along the required paths, effectively reducing the utilization of network
bandwidth.

6.3.2 Enabling PIM

>>Choose Local Device > L3 Multicast > PIM > PIM-enabled Interface List.

Click Add. A pop-up window is displayed. On the pop-up window, select the interface on which PIM is to be
enabled, and click OK. Multicast packet forwarding can be implemented on the selected interface. The PMI
mode is PIM-SM by default.

88
Web-based Configuration Guide L3 Multicast

6.3.3 Viewing PIM Neighbor Table

In the PIM protocol, routers discover neighboring routers and establish neighbor relationships through the
exchange of Hello messages. Once a neighbor relationship is established between two PIM-enabled routers,
they can exchange multicast information, including multicast group memberships and multicast forwarding states.
By continuously updating and maintaining the PIM neighbor table, PIM-enabled routers are able to efficiently
forward and process multicast packets based on the neighbor information, thereby achieving effective multicast
communication.

>>Choose Local Device > L3 Multicast > PIM > PIM Neighbor Table.

The PIM Neighbor Table page displays information about PIM neighbors, such as interface, PIM neighbor, TTL,
and aging time. You can search for PIM neighbor table information by entering either the interface or the PIM
neighbor in the search box. You can click Refresh to view the up-to-date PIM neighbor table information.

Table 6-2 Description of PIM Neighbor Table Parameters

Parameter Description Default Value

Interface Interface connecting the neighbor router to the local router. N/A

PIM Neighbor IP address of the neighbor router. N/A

The TTL value indicates the duration in which Hello messages sent
by neighboring routers remain valid. If the local router does not
TTL N/A
receive any new Hello messages from a neighbor within the TTL
time, it will consider the neighboring router as inactive or expired.

If a neighboring router becomes inactive or ceases to send Hello

Aging Time messages, the respective entry in the PIM Neighbor Table will be 105 seconds
deleted after the specified aging time is exceeded.

6.4 Configuring RP
6.4.1 Overview
The Rendezvous Point (RP) is a crucial concept in the PIM protocol. In multicast communication, when a sender
sends a multicast data packet, it needs to identify a specific point as the rendezvous point, from which multiple
receivers can receive the multicast packet. The RP is the rendezvous point router in the multicast tree. An RP
can be manually configured or dynamically elected through the BSR (Bootstrap Router) mechanism.

Note
An RP can provide services for multiple or all multicast groups. However, only one RP can forward multicast
traffic for a multicast group at a time.

89
Web-based Configuration Guide L3 Multicast

6.4.2 Configuring a Static RP

>>Choose Local Device > L3 Multicast > RP > Static RP.

Click Add. On the pop-up window that is displayed, enter the multicast group range covered by the RP and the
RP address, then click OK.

6.4.3 Configuring a Candidate RP

On a PIM network, a Candidate RP refers to a router that is eligible to become an RP. You can configure several
PIM-enabled routers in the PIM domain as Candidate RPs, so that a suitable RP is eventually elected. This
process aims to enhance the efficiency and reliability of multicast communication.

>>Choose Local Device > L3 Multicast > RP > Candidate RP.

Toggle on Local routing device as candidate RP: to designate the local device as the candidate RP. Enter the
priority, advertisement interval, source IP address, and the designated multicast group. Then, click Save.

90
Web-based Configuration Guide L3 Multicast

Table 4-3 Description of Candidate RP Configuration Parameters

Parameter Description Default Value

The priority determines which candidate RP will become the RP

during the election process. The priority value ranges from 0 to 255,
Priority where a smaller value indicates a higher priority. A candidate RP 192
with a higher priority has a greater chance of being elected as the
RP.

A candidate RP announces its presence and availability by sending

PIM messages. The advertisement interval determines the
Advertisement frequency at which a candidate RP sends these messages. A
60 seconds
Interval shorter advertisement interval can notify other routers about the
presence of candidate RP more quickly, but it will also increase the
network load.

Source IP The source IP address of the PIM messages sent by the candidate
N/A
Address RP, which can be either an interface or an IP address.

The PIM messages sent by the candidate RP must contain a

multicast group address, which falls within the range of 224.0.0.0/4
to 239.255.255.255/32. Candidate RPs typically send multiple
Designated
messages, each specifying a different multicast group address, in N/A
multicast group
order to notify other routers that they can become the RP for these
multicast groups. You can click Add to configure multiple multicast
group addresses.

6.5 Configuring BSR

6.5.1 Overview
In PIM-SM mode, RP needs to be manually configured, which is a tedious task for large-scale networks. The
BSR (Bootstrap Router) mechanism can automatically select the RP, simplifying the RP configuration process.
BSR serves as the management core of the PIM-SM domain, responsible for collecting and advertising RP
information within the domain. BSR is elected by candidate BSRs.

Note
A PIM-SM domain can have only one BSR, but can have multiple candidate BSRs.

6.5.2 Configuring BSR

>>Choose Local Device > L3 Multicast > BSR > Local Routing Device as Candidate BSR.

Toggle on Local routing device as candidate BSR: to designate the local device as the candidate BSR. Enter
the priority and the source IP address. Then, click Save.

91
Web-based Configuration Guide L3 Multicast

Table 4-4 Description of Candidate BSR Configuration Parameters

Parameter Description Default Value

Higher-priority candidate BSRs have a greater chance of being

Priority elected as the BSR. The priority value ranges from 0 to 255, where 192
a smaller value indicates a higher priority.

Source IP The source IP address of the PIM messages sent by the candidate
N/A
Address BSR, which can be either an interface or an IP address.

6.5.3 Viewing BSR Routing Info

>>Choose Local Device > L3 Multicast > BSR > BSR Routing Info.

The BSR Routing Info page displays BSR routing information, including BSR address, priority, status, online
duration and aging time. You can click Refresh to view the up-to-date BSR routing information.

6.6 Configuring IGMP

6.6.1 Overview
Internet Group Management Protocol (IGMP) is used to enable multicast communication on IPv4 networks.
IGMP is responsible for managing the membership of multicast groups and facilitating communication between
hosts and multicast routers. With IGMP, hosts can join or leave a specific multicast group and advertise its
membership to multicast routers. Multicast routers use IGMP to determine which hosts are members of a
multicast group, enabling efficient forwarding of multicast traffic.

6.6.2 Enabling IGMP

>>Choose Local Device > L3 Multicast > IGMP > IGMP-enabled Interface List.

The IGMP-enabled Interface List page displays basic information of IGMP-enabled interfaces, including the
interface and the IGMP version.

92
Web-based Configuration Guide L3 Multicast

Add: Click Add. The Select Interfaces pop-up window is displayed. On the pop-up window, select an interface
on which IGMP will be enabled. Then, Click OK. IGMP is enabled on the corresponding VLAN.

Batch edit: Select the interfaces, and click Batch Edit. On the pop-up window that is displayed, select the IGMP
version, then click OK.

IGMPv3 has improved functionality and flexibility compared to IGMPv2. It supports more multicast group
management features, provides finer control over membership and query methods, and introduces security
mechanisms. With these enhancements, IGMPv3 can be applied in scenarios that require a higher level of
multicast management and security.

Batch delete: Select the interfaces, and click Batch Delete. IGMP is disabled on the selected interfaces.

6.6.3 Viewing IGMP Multicast Group

>>Choose Local Device > L3 Multicast > IGMP > IGMP Multicast Group.

The IGMP Multicast Group page displays information about IGMP multicast groups, including the number of
multicast groups, source IP addresses, TTL, and aging time. You can click to expand a multicast group to view
the detailed IP addresses associated with the multicast group on that interface.

You can search IGMP multicast group information by entering the interface in the search box. You can click
Refresh to view the up-to-date IGMP multicast group information.

93
Web-based Configuration Guide L3 Management

7 L3 Management
Caution

This section is applicable only to NBS Series Switches that support L3 functions. Products that do not support
L3 functions such as RG-NBS3100 Series Switches, RG-NBS3200 Series Switches, do not support the
functions mentioned in this section.

7.1 Setting an L3 Interface

Choose Local Device > L3 Interfaces > L3 Interfaces.

The port list displays various types of L3 interfaces on the device, including SVIs, Routed Ports, and L3
Aggregate Ports.

Click Add L3 Interfaces to set a new L3 Interface.

94
Web-based Configuration Guide L3 Management

Table 6-1 Description of Configuration Parameters of L3 Interfaces

Parameter Description

The type of a created L3 interface. It can be an SVI, routed port, or L3 aggregate port. For details,
Port Type
see Table 4-1

Networking Specifies DHCP or static mode for a port to obtain the IP address.

VLAN Specifies the VLAN, to which an SVI belongs.

When Networking is set to Static IP, you need to manually enter the IP address and subnet
IP/Mask
mask.

Select Port Select the device port to be configured.

Aggregate Specifies the aggregate port ID, for example, Ag1, when an L3 aggregate port is created.

Select whether to enable the DHCP service on the L3 interface.

Disabled: Indicates that the DHCP service is disabled. No IP address can be assigned to clients
connected to the interface.

DHCP Server: Indicates that the device functions as the DHCP server to assign IP addresses to
downlink devices connected to the interface. You need to set the start IP address of an address
DHCP Mode pool, number of IP addresses that can be assigned, and address lease; for more information, see
6.2.

DHCP Relay: Indicates that the device serves as a DHCP relay, obtains IP addresses from an
external server, and assigns the IP addresses to downlink devices. The interface IP address and
DHCP server IP address need to be configured. The interface IP address must be in the same
network segment as the address pool of the DHCP server.

95
Web-based Configuration Guide L3 Management

Parameter Description

Excluded IP When the device acts as a DHCP server, set the IP address in the address pool that is not used
Address (Range) for assignment

Note

● VLAN 1 is the default SVI of the device. It can be neither modified nor deleted.
● The management VLAN is only displayed on the L3 Interfaces page but cannot be modified. To modify it,
choose Ports > MGMT IP. For details, see 4.6 .
● The DHCP relay and DHCP server functions of an L3 interface are mutually exclusive and cannot be
configured at the same time.
● Member ports of an L3 interface must be routed ports.

7.2 Configuring the IPv6 Address for the L3 Interface

IPv6 is a suite of standard protocols for the network layer of the Internet. IPv6 solves the following problems of
IPv4:

 Address depletion:

NAT must be enabled on the gateway to convert multiple private network addresses into a public network address.
This results in an extra delay caused by address translation, and may interrupt the connection between devices
inside and outside the gateway. In addition, you need to add a mapping to enable access to the intranet devices
from the Internet.

 Design defect:

IP addresses cannot be formed using network topology mapping, and a large-scale routing table is needed.

 Lack of built-in authentication and confidentiality:

IPv4 itself does not require encryption. It is difficult to trace the source after address translation. As the number
of addresses in a network segment is limited, it is easy for attackers to scan all hosts in the LAN. IPv6 integrates
IPsec by default. End-to-end connections can be established without address translation, and it is easy to trace
the source. IPv6 has a huge address space. A 64-bit prefix address supports 64 host bits, which increases the
difficulty and cost of scanning and therefore prevents attacks.

Choose Local Device > L3 Interfaces > IPv6 Config.

96
Web-based Configuration Guide L3 Management

Caution
● Add an IPv4 L3 interface first. Then, select the interface on the IPv6 L3 interface configuration page, and
click Edit.
● If the IPv4 address of an interface is set to DHCP and no IPv4 address is obtained, the IPv6 address of
this interface will not take effect.

 If an upstream DHCPv6 server is available, select Auto Obtained IP and specify the MTU. The default MTU
is 1500. You are advised to retain the default value. Then, click OK.

97
Web-based Configuration Guide L3 Management

 If no upstream DHCPv6 server is available to assign the IP address, configure the IPv6 information as follows:

98
Web-based Configuration Guide L3 Management

Table 6-2 IPv6 Address Configuration Parameters of the L3 Interface

Parameter Description

Obtain an IPv6 address If no upstream DHCPv6 server is available, do not select Auto Obtained IP.
via DHCPv6 Instead, manually add the IPv6 address.

Configure the IPv6 address and prefix length. You can click Add to add multiple
IPv6 addresses.

If the primary IP address is empty, the configured secondary IP address is

IPv6 Address/Prefix invalid.

Length For manual configuration, the prefix length ranges from 1 to 128.

For auto configuration, the prefix length ranges from 1 to 64.

If the IPv6 prefix length of the L3 interface is between 48 and 64, this address
can be assigned.

MTU Configure the MTU. The default MTU is 1500.

99
Web-based Configuration Guide L3 Management

Parameter Description

Click Advanced Settings to configure the link local address, subnet prefix
Advanced Settings
name, subnet prefix length, and subnet ID.

The link local address is used to number hosts on a single network link. The first
Link-local Address
10 bits of link address in binary notation must be '1111111010'.

Subnet Prefix Name It identifies a specified link (subnet).

It indicates the length (in bits) of the subnet prefix in the address. The value
Subnet Prefix Length ranges from 48 to 64 (The subnet prefix length must be greater than the length
of the prefix assigned by the server).

Configure the subnet ID of the interface in hexadecimal notation. The number of

Subnet ID available subnet IDs is (2N - 1), where N is equal to (Subnet prefix length of the
interface - Length of the prefix assigned by the server).

7.3 Configuring the DHCP Service

After the DHCP server function is enabled on the L3 interface, the device can assign IP addresses to downlink
devices connected to the port.

7.3.1 Enable DHCP Services

Choose Local Device > L3 Interfaces > L3 Interfaces.

Click Edit on the designated port, or click Add L3 Interface to add a Layer 3 interface, select DHCP mode for
local allocation, and enter the starting IP of the address pool, the number of allocated IPs, the excluded IP
address range, and the address lease time.

100
Web-based Configuration Guide L3 Management

Table 6-3 Description of DHCP Server Configuration Parameters

Parameter Description

DHCP Mode To choose DHCP server

The DHCP server assigns the Start IP address automatically, which is the
Start IP address of the DHCP address pool. A client obtains an IP address
Start
from the address pool. If all the addresses in the address pool are used up,
no IP address can be obtained from the address pool.

IP Count The number of IP addresses in the address pool

IP addresses in the address pool that are not used for allocation, support
Excluded IP Address (Range) inputting a single IP address or IP network segment, and add up to 20
address segments.

The lease of the address, in minutes. Lease Time(Min): When a downlink

client is connected, the leased IP address is automatically renewed. If a
leased IP address is not renewed due to client disconnection or network
Lease Time(Min)
instability, the IP address will be reclaimed after the lease term expires.
After the downlink client connection is restored, the client can request an
IP address again

101
Web-based Configuration Guide L3 Management

7.3.2 Viewing the DHCP Client

Choose Local Device > L3 Interfaces > DHCP Clients.

View the addresses automatically allocated to downlink clients after the L3 Interfaces enable DHCP services.
You can find the client information based on the MAC address, IP address, or username.

Find the target client and click Convert to Static IP in the Status column, or select desired clients and click
Batch Convert. The dynamic address allocation relationship is added to the static address allocation list, so
that the host can obtain the bound IP address for each connection. For details on how to view the static address
allocation list, see 7.3.3 .

7.3.3 Configuring Static IP Addresses Allocation

Choose Local Device > L3 Interfaces > Static IP Addresses.

Displays the client entries which are converted into static addresses in the client list as well as manually added
static address entries. The upper-right search box supports searching for corresponding entries based on the
assigned IP address or the Device MAC Address

Click Add. In the displayed static IP address binding dialog box, enter the MAC address and IP address of the
client to be bound, and click OK. After a static IP address is bound, the bound IP address will be obtained each
time the corresponding downlink client connects to the network.

102
Web-based Configuration Guide L3 Management

To delete a static address, select the static entry to be deleted in Static IP Address List, and click Delete
Selected; or click Delete in the last Action column of the corresponding entry.

7.3.4 Configuring the DHCP Server Options

Choose Local Device > L3 Interfaces > DHCP Option.

The configuration delivered to the downlink devices is optional and takes effect globally when the L3 interface
serves as the DHCP server.

Table 6-4 Description of the DHCP Server Options Configuration Parameters

Parameter Description

DNS server address provided by an ISP. Multiple IP addresses can be entered and
DNS Server
separated by spaces.

When the AC (wireless controller) and the AP are not in the same LAN, the AP
Option 43
cannot discover the AC through broadcast after obtaining an IP address from the

103
Web-based Configuration Guide L3 Management

Parameter Description

DHCP server. To enable the AP to discover the AC, you need to configure Option 43
carried in the DHCP response packet on the DHCP server.

Enter the IP address of the AC. Similar to Option 43, when the AC and AP are not in
Option 138 the same LAN, you can configure Option 138 to enable the AP to obtain the IPv4
address of the AC.

Enter the IP address of the TFTP server. Enter the IP address of the TFTP server to
Option 150 specify the TFTP server address assigned to the client. Multiple IP addresses can
be entered and separated by spaces.

Note

DHCP options are optional configuration when the device functions as an L3 DHCP server. The configuration
takes effect globally and does not need to be configured by default. If no DNS server address is specified, the
DNS address assigned to a downlink port is the gateway IP address by default.

7.4 Configuring the DHCPv6 Server

Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is a protocol that allows the DHCP server to pass
configuration information (such as the IPv6 network address) to IPv6 nodes.

Compared with other IPv6 address assignment methods (such as manual configuration and stateless address
autoconfiguration), DHCPv6 provides the functions of address assignment, Prefix Delegation (PD), and
configuration parameter assignment.

 DHCPv6 is both a stateful address autoconfiguration protocol and a stateless address configuration protocol.
It supports flexible addition and reuse of network addresses, and can record the assigned addresses, thus
enhancing network management.

 The configuration parameter assignment function of DHCPv6 can solve the problem that parameters cannot
be obtained under the stateless address autoconfiguration protocol, and provide the host with configuration
information, such as the DNS server address and domain name.

Choose Local Device > L3 Interfaces > IPv6 Config.

(1) Click Add, select a L3 interface and IP address assignment method, and enter the address lease term and
DNS server address. The address lease term is 30 minutes by default. You are advised to retain the default
value. Then, click OK.

104
Web-based Configuration Guide L3 Management

105
Web-based Configuration Guide L3 Management

Table 6-5 IPv6 Address Configuration Parameters of the L3 Interface

Parameter Description

L3 Interfaces Select the L3 interface for which the DHCPv6 server needs to be added.

If this parameter is set to Auto, both DHCPv6 and SLAAC are used to assign
IPv6 Assignment
IPv6 addresses.

The default value is 30 minutes. The value ranges from 30 to 2880 minutes.
Lease Time When the device stays online and the network is normal, this parameter is
periodically updated (reset to 0).

DNS Server Enter the DNS server address.

7.4.1 Viewing DHCPv6 Clients

View the information of the client that obtains the IPv6 address from the device, including the host name, IPv6

address, remaining lease term, DHCPv6 Unique Identifier (DUID), and status. Click to bind the
IP addresses and hosts in batches, so that the IP addresses obtained by the hosts from the switch remain
unchanged.

Note
Each server or client has only one DUID for identification.

106
Web-based Configuration Guide L3 Management

7.4.2 Configuring the Static DHCPv6 Address

Configure the IPv6 address statically bound to the DUID of a client so that the client can obtain the specified
address each time.

Choose Local Device > L3 Interfaces > IPv6 Config > Static DHCPv6.

Click Add, and enter the IPv6 address and DUID. You are advised to bind the IPv6 address and DUID in the
client list. You can run the ipconfig/all command on the Command Prompt in Windows to view the DUID.

107
Web-based Configuration Guide L3 Management

You can view the DHCPv6 client information on this page.

108
Web-based Configuration Guide L3 Management

7.5 Configuring the IPv6 Neighbor List

In IPv6, Neighbor Discovery Protocol (NDP) is an important basic protocol. NDP replaces the ARP and ICMP
route discovery protocols of IPv4, and supports the following functions: address resolution, neighbor status
tracking, duplicate address detection, router discovery, and redirection.

Choose Local Device > L3 Interfaces > IPv6 Config > IPv6 Neighbor List.

Click Add and manually add the interface, IPv6 address and MAC address of the neighbor.

Click Bind Selected to bind the IPv6 address and MAC address in the list to prevent ND attacks.

You can also modify, delete, batch delete, or search neighbors (by IP address or MAC address).

109
Web-based Configuration Guide L3 Management

110
Web-based Configuration Guide L3 Management

7.6 Configuring a Static ARP Entry

Choose Local Device > L3 Interfaces > ARP List.

The device learns the IP address and MAC address of the network devices connected to its interfaces and
generates the corresponding ARP entries. Supports binding ARP mappings or manually specifying the IP
address and MAC address mapping to prevent devices from learning wrong ARP entries and improve network
security.

 To bind a dynamic ARP entry to a static entry: Select the ARP mapping entry dynamically obtained in the
ARP List, and click Bind to complete the binding.

 To manually configure a static ARP entry: Click Add, enter the IP address and MAC address to be bound,
and click OK.

111
Web-based Configuration Guide Configuring Route

To remove the binding between a static IP address and a MAC address, click Delete in the Action column.

8 Configuring Route
8.1 Configuring Static Routes
Choose Local Device > L3 Interfaces > Static Routing.

Static routes are manually configured by the user. When a data packet matches a static route, the packet will
be forwarded according to the specified forwarding mode.

Caution

Static routes cannot automatically adapt to changes of the network topology. When the network topology
changes, you need to reconfigure the static routes.

Click Add. In the dialog box that appears, enter the destination address, subnet mask, outbound interface, and
next-hop IP address to create a static route.

112
Web-based Configuration Guide Configuring Route

Table 8-1 Description of Static Routes Configuration Parameters

Parameter Description

Specify the destination network to which the data packet

Dest IP Address is to be sent. The device matches the data packet based
on the destination address and subnet mask.

Specify the subnet mask of the destination network. The

Subnet Mask device matches the data packet based on the destination
address and subnet mask.

Outbound Interface Specify the interface that forwards the data packet.

Specify the IP address of the next hop in the route for the
Next Hop
data packet

After a static route is created, you can find the relevant route configuration and reachability status in the static
route list. The Reachable parameter specifies whether the next hop is reachable, based on which you can
determine whether the route takes effect. If the value is No, check whether the outbound interface in the current
route can ping the next-hop address.

113
Web-based Configuration Guide Configuring Route

To delete or modify a static route, in Static Route List, you can click Delete or Edit in the last Action column;
or select the static route entry to be deleted, click Delete Selected to delete multiple static route entries.

8.2 Configuring the IPv6 Static Route

Choose Local Device > Routing > Static Routing_v6.

You need to manually configure an IPv6 static route. When the packet matches the static route, the packet will
be forwarded according to the specified forwarding method.

Caution

The static route cannot automatically adapt to changes in the network topology. When the network topology
changes, you need to manually reconfigure the static route.

Click Add, and enter the destination IPv6 address, length, outbound interface, and next-hop IP address to create
a static route.

114
Web-based Configuration Guide Configuring Route

Table 8-2 IPv6 Static Route Configuration Parameters

Parameter Description

Destination network of the packet. The destination

IPv6 Address/Prefix Length address of the packet is matched according to the IPv6
address and prefix length.

Outbound Interface Interface that forwards the packet.

IP address of the next routing node to which the packet

Next Hop
is sent.

8.3 Configuring RIP

Routing Information Protocol (RIP) is applicable to small and medium-sized networks and is a dynamic routing
protocol that is easy to configure. RIP measures the network distance based on the number of hops and selects
a route based on the distance. RIP uses UDP port 520 to exchange the routing information.

8.3.1 Configuring RIP Basic Functions

Choose Local Device > Routing > RIP Settings.

Click Add and configure the network segment and interface.

115
Web-based Configuration Guide Configuring Route

116
Web-based Configuration Guide Configuring Route

Table 8-3 RIP Configuration Parameters

Parameter Description

Network Segment: Enable RIP in the specified network

segment. The IP addresses of this network segment are
added to the RIP routing table. The device and its RIP-
enabled neighbor devices learn the routing table from
Type each other.

Port: Enable RIP on the specified port. All the IP

addresses of this port are added to the RIP routing
table. The device and its RIP-enabled neighbor devices
learn the routing table from each other.

Enter the network segment, for example, 10.1.0.0/24,

when Type is set to Network Segment.
Network Segment
RIP will be enabled on all interfaces of the device
covered by this network segment.

Select a VLAN interface or physical port when Type is

Port
set to Port.

No Authentication: The protocol packets are not

Auth Mode
authenticated.

117
Web-based Configuration Guide Configuring Route

Encrypted Text: The protocol packets are

authenticated, and the authentication key is transmitted
with the protocol packets in the form of encrypted text.

Plain Text: The protocol packets are authenticated, and

the authentication key is transmitted with the protocol
packets in the form of plain text.

Enter the authentication key to authenticate protocol

Auth Key packets when Auth Mode is set to Encrypted Text or
Plain Text.

8.3.2 Configuring the RIP Port

Choose Local Device > Routing > RIP Settings > Port Settings.

Table 8-4 Configuration Parameters in the Port List

Parameter Description

Port Name Name of the port where RIP is enabled.

Rx Status RIP version of packets currently received.

Tx Status RIP version of packets currently transmitted.

After the port learns the route, the route overhead is

set to 16 (indicating that the route is unreachable),
Poison Reverse
and the route is sent back to the neighbor from the
original port to avoid a loop.

118
Web-based Configuration Guide Configuring Route

When a neighbor does not support multicast,

broadcast packets can be sent.
v2 Broadcast Packet
You are advised to disable RIPv2 broadcast packets
to improve network performance.

No Authentication: The protocol packets are not

authenticated.

Encrypted Text: The protocol packets are

authenticated, and the authentication key is
Auth Mode transmitted with the protocol packets in the form of
encrypted text.

Plain Text: The protocol packets are authenticated,

and the authentication key is transmitted with the
protocol packets in the form of plain text.

Enter the authentication key to authenticate protocol

Auth Key packets when Auth Mode is set to Encrypted Text
or Plain Text.

Action Click Edit to modify RIP settings of the port.

8.3.3 Configuring the RIP Global Configuration

Choose Local Device > Routing > RIP Settings > Advanced, click Edit, and configure RIP global configuration
parameters.

119
Web-based Configuration Guide Configuring Route

120
Web-based Configuration Guide Configuring Route

121
Web-based Configuration Guide Configuring Route

Table 8-5 RIP Global Configuration Parameters

Parameter Description

Default: Select RIPv2 for sending packets and

RIPv1/v2 for receiving packets.
RIP Version
V1: Select RIPv1 for sending and receiving packets.

V2: Select RIPv2 for sending and receiving packets.

After route advertisement is enabled, the current

Route Advertisement device generates a default route and sends it to the
neighbor.

Redistribute routes of other protocols to the RIP

Administrative Distance domain so that RIP can interwork with other routing
domains.

RIP update cycle. The routing information is updated

Update Timer
every 30 seconds by default.

If no update is received before a route becomes

Invalid Timer
invalid, the route is considered unreachable. The

122
Web-based Configuration Guide Configuring Route

Parameter Description

default value is 180 seconds.

If no update is received before the flush timer of an

invalid route expires, the route is completely deleted
Flush Timer
from the RIP routing table. The default value is 120
seconds.

8.3.4 Configuring the RIP Route Redistribution List

Redistribute routes of other protocols to the RIP domain so that RIP can interwork with other routing domains.

Choose Local Device > Routing > RIP Settings > Advanced, click Add, and select the type and administrative
distance.

123
Web-based Configuration Guide Configuring Route

Table 8-6 RIP Route Redistribution Parameters

Parameter Description

Direct Routing

Type OSPF Routing

Static Routing

A smaller administrative distance indicates a higher

Administrative Distance priority. The default value is 0. The value ranges from
0 to 16.

Select the instance ID of OSPF that needs to be

Instance ID redistributed. OSPFv2 needs to be enabled on the
local device.

8.3.5 Configuring the Passive Interface

If an interface is configured as a passive interface, it will suppress RIP update packets. If the connected peer
device does not run RIP, you are advised to enable the passive interface.

Choose Local Device > Routing > RIP Settings > Advanced, click Add, and select a passive interface.

124
Web-based Configuration Guide Configuring Route

125
Web-based Configuration Guide Configuring Route

8.3.6 Configuring the Neighbor Route

When the router cannot process broadcast packets, another router can be designated as the neighbor to
establish a RIP direct link.

Choose Local Device > Routing > RIP Settings > Advanced, click Add, and enter the IP address of the
neighbor router.

126
Web-based Configuration Guide Configuring Route

127
Web-based Configuration Guide Configuring Route

8.4 Configuring RIPng

8.4.1 Configuring RIPng Basic Functions

RIP Next Generation (RIPng) provides the routing function for IPv6 networks.

RIPng uses UDP port 512 to exchange the routing information.

Choose Local Device > Routing > RIPng Settings.

Click Add, set Type to Network Segment or Port, and specify the network segment or port accordingly.

128
Web-based Configuration Guide Configuring Route

RIPng (Routing Information Protocol next generation) is a unicast routing protocol applied to IPv6 networks.

Network Segment/Port List

Enable RIPng in the specified network segment or on the specified port.

129
Web-based Configuration Guide Configuring Route

If the address length is between 48 and 64, the address will be used as a prefix.

Alternatively, enable RIPng on a specified port:

130
Web-based Configuration Guide Configuring Route

Table 8-7 RIPng Configuration Parameters

Parameter Description

Network Segment: Enable RIP in the specified network

segment. The IP addresses of this network segment are
added to the RIP routing table, and the device and its
RIP-enabled neighbor devices learn the routing table
Type from each other.

Port: Enable RIP on the specified port. All the IP

addresses of this port are added to the RIP routing
table, and the device and its RIP-enabled neighbor
devices learn the routing table from each other.

Enter the IPv6 address and prefix length when Type is

set to Network Segment.
Network Segment
RIPng will be enabled on all interfaces of the device
covered by this network segment.

Select a VLAN interface or physical port when Type is

Port
set to Port.

8.4.2 Configuring the RIPng Port

RIPng poison reverse: After the port learns the route, the route overhead is set to 16 (indicating that the route is
unreachable), and the route is sent back to the neighbor from the original port to avoid a loop.

Choose Local Device > Routing > RIPng Settings > Port Settings, click Edit, and enable IPv6 poison reverse.

131
Web-based Configuration Guide Configuring Route

8.4.3 Configuring the RIPng Global Configuration

Choose Local Device > Routing > RIPng Settings > Advanced, and click Edit Config.

132
Web-based Configuration Guide Configuring Route

133
Web-based Configuration Guide Configuring Route

Table 8-8 RIPng Global Configuration Parameters

Parameter Description

After route advertisement is enabled, the current

Route Advertisement device generates a default route and sends it to the
neighbor.

Redistribute routes of other protocols to the RIP

Administrative Distance domain so that RIP can interwork with other routing
domains.

RIP update cycle. The routing information is updated

Update Timer
every 30 seconds by default.

If no update is received before a route becomes

Invalid Timer
invalid, the route is considered unreachable. The

134
Web-based Configuration Guide Configuring Route

Parameter Description

default value is 180 seconds.

If no update is received before the flush timer of an

invalid route expires, the route is completely deleted
Flush Timer
from the RIP routing table. The default value is 120
seconds.

8.4.4 Configuring the RIPng Route Redistribution List

Redistribute routes of other protocols to the RIPng domain to interwork with other routing domains.

Choose Local Device > Routing > RIPng Settings > Advanced, and click + Add.

135
Web-based Configuration Guide Configuring Route

Table 8-9 RIP Route Redistribution Parameters

Parameter Description

Direct Routing

Type OSPF Routing

Static Routing

Administrative Distance Value range: 0-16. The default value is 0.

8.4.5 Configuring the RIPng Passive Interface

If an interface is configured as a passive interface, it will suppress RIPng update packets. If the connected peer
device does not run RIP, you are advised to enable the passive interface.

Choose Local Device > Routing > RIPng Settings > Advanced, click Add, and enter the IP address of the
neighbor router.

136
Web-based Configuration Guide Configuring Route

8.4.6 Configuring the IPv6 Aggregate Route

Choose Local Device > Routing > RIP Settings > Advanced, click Add, and enter the IPv6 address and prefix
length (value range: 0–128).

137
Web-based Configuration Guide Configuring Route

8.5 OSPFv2
Open Shortest Path First (OSPF) can be applied to large-scale networks. IPv4 uses OSPFv2, and IPv6 uses
OSPFv3.

OSPF is a typical link-state routing protocol, which can solve the problems of slow route update, inaccurate
measurement, and poor scalability in large networks. It is suitable for networks of various sizes, and even a
network with up to thousands of devices.

8.5.1 Configuring OSPFv2 Basic Parameters

Choose Local Device > Routing > OSPFv2, click Start Setup, and then configure an instance and an interface
respectively.

138
Web-based Configuration Guide Configuring Route

(1) Configure an instance.

139
Web-based Configuration Guide Configuring Route

Table 8-10 Instance Configuration Parameters

Parameter Description

Create an OSPF instance based on the service type.

Instance ID The instance only takes effect locally, and does not
affect packet exchange with other devices.

It identifies a router in an OSPF domain.

Caution
Router ID
Router IDs within the same domain must be
unique. The same configuration may cause
neighbor discovery failures.

Advertise Default Route Generate a default route and send it to the neighbor.

140
Web-based Configuration Guide Configuring Route

Parameter Description

After this function is enabled, you need to enter the

metric and select a type. The default metric is 1.

Type 1: The metrics displayed on different routers

vary.

Type 2: The metrics displayed on all routers are the

same.

Redistribute routes of other protocols to the OSPF

domain to interwork with other routing domains.

If Static Route Redistribution is selected, enter the

metric, which is 20 by default.
Import External Route
If Direct Route Redistribution is selected, enter the
metric, which is 20 by default.

If RIP Redistribution is selected, enter the metric,

which is 20 by default.

Details Expand the detailed configuration.

141
Web-based Configuration Guide Configuring Route

Table 8-11 Parameters in the Instance Detailed Configuration

Parameter Description

It is used for protocol selection. By default, the intra-

Distance
area, inter-area, and external distances are all 110.

Frequent network changes and route flapping may

occupy too much network bandwidth and device
LSA resources. The LSA generation and reception delays
are specified in OSPF by default.

The default value is 1000 ms.

When the link state database (LSDB) changes, OSPF

SPF Calculation
recalculates the shortest path, and sets the interval to

142
Web-based Configuration Guide Configuring Route

Parameter Description

prevent frequent network changes from occupying a

large number of resources

Waiting Interval: When the state changes, the timer

is triggered. The delay is calculated for the first time
after the timer expires. The default value is 0 ms.

Min Interval: As the number of changes increases,

the time of each interval will increase according to the
algorithm, and the default value is 50 ms.

Max Interval: When the calculated interval reaches

the maximum interval, the subsequent interval is
always equal to the maximum interval. If the time
from the last calculation exceeds the maximum
interval and the LSDB is not updated, the timer is
disabled.

Graceful Restart (GR) can avoid route flapping

caused by traffic interruption and active/standby
board switchover, thus ensuring the stability of key
services.

Graceful Restart Helper: The Graceful Restart

Helper function is enabled when this switch is turned
on.
Graceful Restart
LSA Check: LSA packets outside the domain are
checked when this switch is turned on.

Max Wait Time: Timing starts after the device

receives the GR packet from the peer device. If the
peer device does not complete GR within Max Wait
Time, the device exits the GR Helper mode. The
default value is 1800 seconds.

(2) Configure an interface.

143
Web-based Configuration Guide Configuring Route

Table 8-12 Interface Configuration Parameters

Parameter Description

Interface Select the OSPF-enabled L3 interface.

Area Configure the area ID. Value range: 0-4294967295

If Stub Area is enabled, you need to configure the

area type and inter-area route isolation.

Stub area: Routers at the edge of the area do not

advertise routes outside the area, and the routing
table in the area is small.
Stub Area
Not-So-Stubby Area (NSSA): A few external routes
can be imported.

Inter-area route isolation: After this function is

enabled, inter-area routes will not be imported to this
area.

Details Expand the detailed configuration.

144
Web-based Configuration Guide Configuring Route

Table 8-13 Parameters in the Interface Detailed Configuration

Parameter Description

Priority It is 1 by default.

Broadcast

Unicast
Network Type
Multicast

Non-Broadcast Multiple Access

145
Web-based Configuration Guide Configuring Route

Parameter Description

Interval for periodic transmission, which is used to

Hello Packets discover and maintain OSPF neighbor relationship.
The default value is 10 seconds.

Time after which the neighbor becomes invalid. The

Dead Interval
default value is 40 seconds.

LSA transmission delay of the interface. The default

LSA Transmission Delay
value is 1 second.

Time after which LSA is retransmitted after LSA is

LSA Retransmission Interval
lost. The default value is 5 seconds.

No Auth: The protocol packets are not authenticated.

It is the default value.

Plain Text: The protocol packets are authenticated,

and the authentication key is transmitted with the
Interface Auth
protocol packets in the form of plain text.

MD5: The protocol packets are authenticated, and

the authentication key is MD5 encrypted and then
transmitted with the protocol packets.

Ignore MTU Check Enabled by default.

(2) Complete the configuration.

After completing the configuration, you can choose Local Device > Routing > OSPFv2 and view the instance
list.

146
Web-based Configuration Guide Configuring Route

8.5.2 Adding an OSPFv2 Interface

Choose Local Device > Routing > OSPFv2, click More in the Action column, and select V2 Interface.

147
Web-based Configuration Guide Configuring Route

148
Web-based Configuration Guide Configuring Route

8.5.3 Redistributing OSPFv2 Instance Routes

Choose Local Device > Routing > OSPFv2, click More in the Action column, and select V2 Instance Route
Redistribution.

149
Web-based Configuration Guide Configuring Route

8.5.4 Managing OSPFv2 Stub Areas

Choose Local Device > Routing > OSPFv2, click More in the Action column, and select V2 Stub Area
Management.

150
Web-based Configuration Guide Configuring Route

8.5.5 Managing OSPFv2 Neighbors

Choose Local Device > Routing > OSPFv2, click More in the Action column, and select V2 Neighbor
Management.

151
Web-based Configuration Guide Configuring Route

8.5.6 Viewing OSPFv2 Neighbor Information

Choose Local Device > Routing > OSPFv2, and click Neighbor Info in the Action column.

152
Web-based Configuration Guide Configuring Route

8.6 OSPFv3
Open Shortest Path First (OSPF) can be applied to large-scale networks. IPv4 uses OSPFv2, and IPv6 uses
OSPFv3.

8.6.1 Configuring OSPFv3 Basic Parameters

Choose Local Device > Routing > OSPFv3, click Start Setup, and then configure an instance and an interface
respectively.

153
Web-based Configuration Guide Configuring Route

1. Configure an instance.

OSPF

OSPF is a typical link-state routing protocol. To satisfy users’ increasing requirements for network reliability and
heterogeneity on a large network, OSPF solves the problems such as slow convergence, unscientific metric
values, and poor scalability.

Highlights

Achieves fast convergence.

Minimizes routing overhead.

Reduces routing update traffic through area partition.

Applies to various networks with up to thousands of switches.

154
Web-based Configuration Guide Configuring Route

Table 8-14 Instance Configuration Parameters

Parameter Description

Create an OSPF instance based on the service type.

Instance ID The instance only takes effect locally, and does not
affect packet exchange with other devices.

It identifies a router in an OSPF domain.

Caution
Router ID Router IDs within the same domain must be
unique. The same configuration may cause
neighbor discovery failures.

Generate a default route and send it to the neighbor.

Advertise Default Route
After this function is enabled, you need to enter the

155
Web-based Configuration Guide Configuring Route

Parameter Description

metric and select a type. The default metric is 1.

Type 1: The metrics displayed on different routers

vary.

Type 2: The metrics displayed on all routers are the

same.

Redistribute routes of other protocols to the OSPF

domain to interwork with other routing domains.

If Static Route Redistribution is selected, enter the

metric, which is 20 by default.
Import External Route
If Direct Route Redistribution is selected, enter the
metric, which is 20 by default.

If RIP Redistribution is selected, enter the metric,

which is 20 by default.

Details Expand the detailed configuration.

156
Web-based Configuration Guide Configuring Route

157
Web-based Configuration Guide Configuring Route

Table 8-15 Parameters in the Instance Detailed Configuration

Parameter Description

It is used for protocol selection. By default, the intra-

Distance
area, inter-area, and external distances are all 110.

Frequent network changes and route flapping may

occupy too much network bandwidth and device
LSA resources. The LSA generation and reception delays
are specified in OSPF by default.

The default value is 1000 ms.

When the link state database (LSDB) changes, OSPF

SPF Calculation recalculates the shortest path, and sets the interval to
prevent frequent network changes from occupying a

158
Web-based Configuration Guide Configuring Route

Parameter Description

large number of resources

Waiting Interval: When the state changes, the timer

is triggered. The delay is calculated for the first time
after the timer expires. The default value is 0 ms.

Min Interval: As the number of changes increases,

the time of each interval will increase according to the
algorithm, and the default value is 50 ms.

Max Interval: When the calculated interval reaches

the maximum interval, the subsequent interval is
always equal to the maximum interval. If the time
from the last calculation exceeds the maximum
interval and the LSDB is not updated, the timer is
disabled.

Graceful Restart (GR) can avoid route flapping

caused by traffic interruption and active/standby
board switchover, thus ensuring the stability of key
services.

Graceful Restart Helper: The Graceful Restart

Helper function is enabled when this switch is turned
on.
Graceful Restart
LSA Check: LSA packets outside the domain are
checked when this switch is turned on.

Max Wait Time: Timing starts after the device

receives the GR packet from the peer device. If the
peer device does not complete GR within Max Wait
Time, the device exits the GR Helper mode. The
default value is 1800 seconds.

159
Web-based Configuration Guide Configuring Route

2. Configure an interface.

Table 8-16 Interface Configuration Parameters

Parameter Description

Interface Select the OSPF-enabled L3 interface.

Area Configure the area ID. Value range: 0-4294967295

If Stub Area is enabled, you need to configure the

area type and inter-area route isolation.

Stub area: Routers at the edge of the area do not

Stub Area
advertise routes outside the area, and the routing
table in the area is small.

Not-So-Stubby Area (NSSA): A few external routes

160
Web-based Configuration Guide Configuring Route

Parameter Description

can be imported.

Details Expand the detailed configuration.

161
Web-based Configuration Guide Configuring Route

162
Web-based Configuration Guide Configuring Route

Table 8-17 Parameters in the Interface Detailed Configuration

Parameter Description

Priority It is 1 by default.

Broadcast

Unicast
Network Type
Multicast

Non-Broadcast Multiple Access

Interval for periodic transmission, which is used to

Hello Packets discover and maintain OSPF neighbor relationship.
The default value is 10 seconds.

Dead Interval Time after which the neighbor becomes invalid. The

163
Web-based Configuration Guide Configuring Route

Parameter Description

default value is 40 seconds.

LSA transmission delay of the interface. The default

LSA Transmission Delay
value is 1 second.

Time after which LSA is retransmitted after LSA is

LSA Retransmission Interval
lost. The default value is 5 seconds.

No Auth: The protocol packets are not authenticated.

It is the default value.

Plain Text: The protocol packets are authenticated,

and the authentication key is transmitted with the
Interface Auth
protocol packets in the form of plain text.

MD5: The protocol packets are authenticated, and

the authentication key is MD5 encrypted and then
transmitted with the protocol packets.

Ignore MTU Check Enabled by default.

164
Web-based Configuration Guide Configuring Route

3. Complete the configuration.

After completing the configuration, you can choose Local Device > Routing > OSPFv3 and view the instance
list.

8.6.2 Adding an OSPFv3 Interface

Choose Local Device > Routing > OSPFv3, click More in the Action column, and select V3 Interface.

165
Web-based Configuration Guide Configuring Route

166
Web-based Configuration Guide Configuring Route

8.6.3 Managing OSPFv3 Stub Areas

Choose Local Device > Routing > OSPFv3, click More in the Action column, and select V3 Stub Area
Management.

167
Web-based Configuration Guide Configuring Route

8.6.4 Viewing OSPFv3 Neighbor Information

Choose Local Device > Routing > OSPFv3, and click Neighbor Info in the Action column.

168
Web-based Configuration Guide Configuring Route

169
Web-based Configuration Guide Configuring Route

8.7 Routing Table Info

170
Web-based Configuration Guide Firewall Management

9 Firewall Management
After a firewall is added to the network, you can manage and configure the firewall on the Web management
system.

9.1 Viewing Firewall Information

You can view the basic information and license of the firewall on the Web management system.

Choose Network > Firewall.

(1) If the password of the firewall is inconsistent with that of the gateway, please enter the management
password of the firewall and click OK.

(2) The basic information, capacity, and security service license of the firewall are displayed on the Web
management system.

Click Manage Firewall to go to the Web management interface of the firewall. Configure the security policy and
license activation for the firewall. For details, see the Web-based configuration guide of the firewall.

171
Web-based Configuration Guide Firewall Management

9.2 Configuring Firewall Port

If the firewall is set to transparent mode, the Firewall Port Config page appears. You can select the WAN port
connected to the gateway or the LAN port connected to the switch and enable Security Guard.

172
Web-based Configuration Guide Security

10 Security
10.1 DHCP Snooping
10.1.1 Overview

The Dynamic Host Configuration Protocol (DHCP) snooping function allows a device to snoop DHCP packets
exchanged between clients and a server to record and monitor the IP address usage and filter out invalid DHCP
packets, including request packets from the clients and response packets from the server. DHCP snooping
records generated user data entries to serve security applications such as IP Source Guard.

10.1.2 Standalone Device Configuration

Choose Local Device > Security > DHCP Snooping.

Turn on the DHCP snooping function, select the port to be set as trusted ports on the port panel and click Save.
After DHCP Snooping is enabled, request packets from DHCP clients are forwarded only to trusted ports; for
response packets from DHCP servers, only those from trusted ports are forwarded.

Note

Generally, the uplink port connected to the DHCP server is configured as a trusted port.

Option 82 is used to enhance the DHCP server security and optimize the IP address assignment policy. Option
82 information will be carried in the DHCP request packet when Option 82 is turned on.

10.1.3 Batch Configuring Network Switches

Choose Network > DHCP Snooping.

Enabling DHCP Snooping on network switches can ensure that users can only obtain network configuration
parameters from the DHCP server within the control range, and avoid a host on the original network obtaining
an IP address assigned by an unauthorized router, so as to guarantee the stability of the network.

173
Web-based Configuration Guide Security

(1) Click Enable to access the DHCP Snooping Config page.

(2) In the networking topology, you can select the access switches on which you want to enable DHCP Snooping
in either recommended or custom mode. If you select the recommended mode, all switches in the network
are selected automatically. If you select the custom mode, you can manually select the desired switches.
Click Deliver Config. DHCP Snooping is enabled on the selected switches.

174
Web-based Configuration Guide Security

(3) After the configuration is delivered, if you need to modify the effective range of the anti-private connection
function, click Configure to reselect the switch that enables the anti-private connection in the topology. After
the configuration is delivered, if you want to modify the effective range of the DHCP Snooping function, click
Configure to select desired switches in the topology again. Turn off DHCP Snooping to disable DHCP
Snooping on all switches with one click.

175
Web-based Configuration Guide Security

10.2 Storm Control

10.2.1 Overview

When a local area network (LAN) has excess broadcast, multicast, or unknown unicast data flows, the network
speed will slow down and packet transmission will have an increased timeout probability. This is called LAN
storm, which may be caused by topology protocol execution errors or incorrect network configuration.

Users can perform storm control separately for the broadcast, multicast, and unknown unicast data flows. When
the rate of broadcast, multicast, or unknown unicast data flows received over a device port exceeds the specified
range, the device transmits only packets in the specified range and discards packets beyond the range until the
packet rate falls within the range. This prevents flooded data from entering the LAN and causing a storm.

10.2.2 Procedure

Choose Local Device > Security > Storm Control.

Click Batch Edit. In the displayed dialog box, select configuration types and ports, enter the rate limits of
broadcast, unknown multicast, and unknown unicast, and click OK. To modify or delete the rate limit rules after
completing the configuration, you can click Edit or Delete in the Action column.

There are two configuration types:

 Storm control based on packets per second: If the rate of data flows received over a device port exceeds the
configured packets-per-second threshold, excess data flows are discarded until the rate falls within the
threshold.

 Storm control based on kilobytes per second: If the rate of data flows received over a device port exceeds

176
Web-based Configuration Guide Security

the configured kilobytes-per-second threshold, excess data flows are discarded until the rate falls within the
threshold.

10.3 ACL
10.3.1 Overview

An access control list (ACL) is commonly referred to as packet filter in some documents. An ACL defines a series
of permit or deny rules and applies these rules to device interfaces to control packets sent to and from the
interfaces, so as to enhance security of the network device.

You can add ACLs based on MAC addresses or IP addresses and bind ACLs to ports.

10.3.2 Creating ACL Rules

Choose Local Device > Security > ACL > ACL List.

(1) Click Add to set the ACL control type, enter an ACL name, and click OK.

177
Web-based Configuration Guide Security

Based on MAC address: To control the L2 packets entering/leaving the port, and deny or permit specific L2
packets destined to a network.

Based on IP address: To control the Ipv4 packets entering/leaving a port, and deny or permit specific Ipv4
packets destined to a network.

(2) Click Details in the Action column of the ACL entry, set the filtering rules in the pop-up sidebar, and click
Save to add rules for the ACL. Multiple rules can be added.

The rules include two actions of Allow or Block, and the matching rules of packets. The sequence of a Rule
in an ACL determines the matching priority of the Rule in the ACL. When processing packets, the network
device matches packets with ACEs based on the Rule sequence numbers. Click Move in the rule list to
adjust the matching order.

178
Web-based Configuration Guide Security

Table 9-1 Description of ACL Rule Configuration Parameters

Parameter Description

Configuring ACL Rules Action

ACL Block: If packets match this rule, the packets are denied.

Allow: If packets match this rule, the packets are permitted.

Match IP protocol number The value ranges from 0 to 255. Check All to
IP Protocol Number
match all IP protocols.

Match the source IP address of the packet. Check All to match all source IP
Src IP Address
addresses.

Match the destination IP address of the packet. Check All to match all
Dest IP Address
destination IP addresses

Match Ethernet protocol type. The value range is 0x600~0xFFFF. Check All to
EtherType Value
match all protocol type numbers.

Match the MAC address of the source host. Check All to match all source
Src Mac
MAC addresses

Match the MAC address of the destination host. Check All to match all
Dest MAC
destination MAC addresses

Note

● ACLs cannot have the same name. Only the name of a created ACL can be edited.
● An ACL applied by a port cannot be edited or deleted. To edit, unbind the ACL from the port first.
● There is one default ACL rule that denies all packets hidden at the end of an ACL.

179
Web-based Configuration Guide Security

10.3.3 Applying ACL Rules

Choose Local Device > Security > ACL > ACL List.

Click Batch Add or Edit in the Action column, select the desired MAC ACL and IP ACL for ports, and click OK.

Note

Currently, ACLs can be applied only in the inbound direction of ports, that is, to filter incoming packets.

After an ACL is applied to a port, you can click Unbind in the Action column, or check the port entry and click
Delete Selected to unbind the ACL from the port.

180
Web-based Configuration Guide Security

10.4 Port Protection

Choose Local Device > Security > Port Protection.

In some scenarios, it is required that communication be disabled between some ports on the device. For this
purpose, you can configure some ports as protected ports. Ports that enable port protection (protected ports)
cannot communicate with each other, users on different ports are L2-isolated. The protected ports can
communicate with non-protected ports.

Port protection is disabled by default, which can be enabled by clicking to batch enable port protection for
multiple ports, you can click Batch Edit to enable port protection, select desired port and click OK.

10.5 IP-MAC Binding

10.5.1 Overview

After IP-MAC binding is configured on a port, to improve security, the device checks whether the source IP
addresses and source MAC addresses of IP packets are those configured for the device, filters out IP packets
not matching the binding, and strictly control the validity of input sources.

181
Web-based Configuration Guide Security

10.5.2 Procedure

Choose Local Device > Security > IP-MAC Binding.

1. Adding an IP-MAC Binding Entry

Click Add, select the desired port, enter the IP address and MAC address to be bound, and click OK. At least
one of the IP address and MAC address needs to be entered. To modify the binding, you can click Edit in the
Action column.

Caution

IP-MAC Binding take effects prior to ACL, but it has the same privilege with IP Source Guard. The packet
matching either configuration will be allowed to pass through.

2. Searching Binding Entries

The search box in the upper-right corner supports finding binding entries based on IP addresses, MAC
addresses or ports. Select the search type, enter the search string, and click Search. Entries that meet the
search criteria are displayed in the list.

182
Web-based Configuration Guide Security

3. Deleting an IP-MAC Binding Entry

Batch Configure: In IP-MAC Binding List, select an entry to be deleted and click Delete Selected. In the
displayed dialog box, click OK.

Delete one binding entry: click Delete in the last Action column of the entry in the list. In the displayed dialog
box, click OK.

10.6 IP Source Guard

10.6.1 Overview

After the IP Source Guard function is enabled, the device checks IP packets from DHCP non-trusted ports. You
can configure the device to check only the IP field or IP+MAC field to filter out IP packets not matching the
binding list. It can prevent users from setting private IP addresses and forging IP packets.

Caution

IP Source Guard should be enabled together with DHCP snooping. Otherwise, IP packet forwarding may be
affected. To configure DHCP Snooping function, see 7.1 for details.

10.6.2 Viewing Binding List

Choose Local Device > Security > IP Source Guard > Binding List.

The binding list is the basis for IP Source Guard. Currently, data in Binding List is sourced from dynamic
learning results of DHCP snooping binding database. When IP Source Guard is enabled, data of the DHCP
Snooping binding database is synchronized to the binding list of IP Source Guard. In this case, IP packets are
filtered strictly through IP Source Guard on devices with DHCP Snooping enabled.

Click Refresh to obtain the latest data in Binding List.

183
Web-based Configuration Guide Security

The search box in the upper-right corner supports finding the specified entry in Binding List based on IP
addresses, MAC addresses, VLANs or ports. Click the drop-down list box to select the search type, enter the
search string, and click Search.

10.6.3 Enabling Port IP Source Guard

Choose Local Device > Security > IP Source Guard > Basic Settings.

In Port List, click Edit in the Action column. Select Enabled and select the match rule, and click OK.

There are two match rules:

 IP address: The source IP addresses of all IP packets passing through the port are checked. Packets are
allowed to pass through the port only when the source IP addresses of these packets match those in the
binding list.

 IP address+ MAC address: The source IP addresses and MAC addresses of IP packets passing through the
port are checked. Packets are allowed to pass through the port only when both the L2 source MAC addresses
and L3 source IP addresses of these packets match an entry in the binding list.

Caution

● IP Source Guard is not supported to be enabled on a DHCP Snooping trusted port.

● Only on an L2 interface is IP Source Guard supported to be enabled.

184
Web-based Configuration Guide Security

10.6.4 Configuring Exceptional VLAN Addresses

Choose Local Device > Security > IP Source Guard > Excluded VLAN.

When IP Source Guard is enabled on an interface, it is effective to all the virtual local area networks (VLANs)
under the interface by default. Users can specify excluded VLANs, within which IP packets are not checked or
filtered, that is, such IP packets are not controlled by IP Source Guard.

Click Edit, enter the Excluded VLAN ID and the desired port, and click OK.

Caution

Excluded VLANs can be specified on a port only after IP Source Guard is enabled on the port. Specified
excluded VLANs will be deleted automatically when IP Source Guard is disabled on the port.

185
Web-based Configuration Guide Security

10.7 Configure 802.1x authentication

10.7.1 Function introduction

IEEE802.1x (Port-Based Network Access Control) is a port-based network access control standard that provides
secure access services for LANs.

IEEE 802 LAN, as long as users can connect to network devices, they can directly access network resources
without authentication and authorization. This uncontrolled behavior will bring security risks to the network. The
IEEE 802.1x protocol was proposed to solve the security problem of 802 LAN.

802.1x supports Authentication, Authorization, and Accounting three security applications, referred to as AAA.

 Authentication: Authentication, used to determine whether users can obtain access rights and restrict illegal
users;
 Authorization: Authorization, which services authorized users can use, and control the rights of legitimate
users;
 Accounting: Accounting, recording the use of network resources by users, and providing a basis for
charging.
802.1x can be deployed in a network that controls access users to implement authentication and authorization
services for access users.

802.1x system is a typical Client/Server structure, including three entities: client, access device and
authentication server. A typical architecture diagram is shown in the figure.

186
Web-based Configuration Guide Security

 The client is generally a user terminal device, and the user can initiate 802.1X authentication by starting the
client software. The client must support the Extensible Authentication Protocol over LANs (EAPoL).
 AP or switching device) that supports the 802.1x protocol. It provides a port for the client to access the
LAN. The port can be a physical port or a logical port.
 The authentication server is used to implement user authentication, authorization, and accounting, and it is
usually a RADIUS server.

instruction

RG- NBS switching devices only support the authentication function.

10.7.2 Configuration 802.1x

Choose Local Device > Security > 802.1x Authentication > Auth Config

Toggle on Global 802.1x, the system prompts to confirm whether to enable it, click Configure.

Click Advanced Settings to configure parameters such as Guest VLAN.

187
Web-based Configuration Guide Security

parameter Description

If the server disconnection is detected, all users will be allowed to access

Server Escape
the Internet

Require clients to re-authenticate at certain intervals to ensure network

Re-authentication
security

Guest VLAN Provide a VLAN for unauthenticated clients to restrict their access

EAP-Request Packet Define the number of times the EAP request message will be
Retransmission Count retransmitted when no response is received, value range: 1- 10 times

During the authentication process, the idle time between the client and
Quiet Period the server does not exchange authentication messages, value range: 0-
65535 seconds

The time limit for the server to wait for the response from the client.
Client Packet
Exceeding this time will be regarded as an authentication failure. Value
Timeout Duration
range: 1-65535 seconds

The time limit for the client to wait for the server to respond, exceeding
Client Packet
this time will be considered as an authentication failure, value range: 1-
Timeout Duration
65535 seconds

Define the time interval between sending EAP request messages to

EAP-Request Packet Interval control the rate of the authentication process, value range: 1-65535
seconds

(1) add server

Before configuration, please confirm:

 The Radius server is fully built and configured as follows.

○ Add username and password for client login.
○ Close the firewall, otherwise the authentication message may be intercepted, resulting in authentication
failure.
○ A trusted IP on the Radius server.
 The network connection between the authentication device and the Radius server.
 IP addresses of the Radius server and the authentication device have been obtained.

188
Web-based Configuration Guide Security

Reference without
parameter Description
translation

Server group
Server group name
name

Server IP server address Radius server address.

The port number used for accessing user

Auth Port authentication port
authentication on the Radius server.

Accounting
The port number used to access the
billing port
accounting process on the Radius server.
Port

Shared
shared password Radius server shared key.
Password

The system supports adding up to 5 Radius

Match Order matching order servers. The higher the matching order value
is, the higher the priority is.

(3) Set up the server and click Save.

189
Web-based Configuration Guide Security

Parameter Description

Configure the interval for the device to send request packets

Packet Retransmission Interval
before confirming that there is no response from RADIUS

Configure the number of times the device sends request

Packet Retransmission Count packets before confirming that there is no response from
RADIUS

If this function is enabled, you need to set "Server Detection

Period", "Server Detection Times" and "Server Detection
Server Detection
Username". It is used to determine the status of the server,
so as to decide whether to enable functions such as escape.

Configure the MAC address format of RADIUS attribute No.

31 (Calling-Stationg-ID).

The following formats are supported:

MAC Address Format
Dotted hexadecimal format, such as 00d0.f8aa.bbcc

IETF format, such as 00-D0-F8-AA-BB-CC

No format (default), e.g. 00d0f8aabbcc

(4) Configure the effective interface, click interface configuration, click modify or batch configuration after a
single interface, and edit the authentication parameters of the interface.

190
Web-based Configuration Guide Security

parameter Description

802.1x Authentication When enabled, the selected interface will enable 8.02.1x authentication.

disable: Turn off the authentication method, which has the same effect as
turning off the 802.1x authentication switch

force-auth: Mandatory authentication, the client can directly access the

Internet without a password

Auth Method force-unauth: force no authentication, the client cannot authenticate and
cannot access the Internet

auto: automatic authentication, the device needs to be authenticated, and

can access the Internet after passing the authentication

It is recommended to select the auto authentication method.

multi-auth: Supports multiple devices using the same port for

authentication, but each device needs to be authenticated independently

multi-host: Multiple devices are allowed to share the same port. As long as
Auth Mode one user passes the authentication, subsequent users can access the
Internet

single-host: Each port only allows one device to be authenticated, and can
access the Internet after successful authentication

When enabled, devices that fail authentication will be dynamically assigned

Guest Vlan to the specified Guest VLAN

191
Web-based Configuration Guide Security

parameter Description

Notice

You need to create a VLAN ID first and apply it to the interface, then in
Security Management > 802.1x Authentication > Advanced settings in the
authentication configuration enable Guest VLAN and enter the ID

Limit the number of users under the interface

Product Difference Description

User Count Limit per Port
The value range of NBS3100 series switches is 1-256, and other switches
are 1-1000

10.7.3 View the list of wired authentication users

8.02.1x function is configured on the entire network and a terminal is authenticated and connected to the network,
you can view the list of authenticated users.

Choose Local Device > Security Management > 802.1x Authentication to obtain specific user information.

Click <Refresh> to get the latest user list information.

If you want to disconnect a certain user from the network, you can select the user and click <Offline> in the
"Operation" column; you can also select multiple users and click <Batch Offline>.

10.8 Anti-ARP Spoofing

10.8.1 Overview

Gateway-targeted ARP spoofing prevention is used to check whether the source IP address of an ARP packet
through an access port is set to the gateway IP address. If yes, the packet will be discarded to prevent hosts
from receiving wrong ARP response packets. If not, the packet will not be handled. In this way, only the uplink
devices can send ARP packets, and the ARP response packets sent from other clients which pass for the
gateway are filtered out.

10.8.2 Procedure

Choose Local Device > Security > IP Source Guard > Excluded VLAN.

1. Enabling Anti-ARP Spoofing

Click Add, select the desired port and enter the gateway IP, click OK.

192
Web-based Configuration Guide Security

Note

Generally, the anti-ARP spoofing function is enabled on the downlink ports of the device.

2. Disabling Anti-ARP Spoofing

Batch disable: Select an entry to be deleted in the list and click Delete Selected.

Disable one port: click Delete in the last Action column of the corresponding entry.

193
Web-based Configuration Guide Advanced Configuration

11 Advanced Configuration
11.1 STP
STP (Spanning Tree Protocol) is an L2 management protocol that eliminates L2 loops by selectively blocking
redundant links in the network. It also provides the link backup function.

11.1.1 STP Global Settings

Choose Local Device > Advanced > STP > STP.

(1) Click to enable the STP function, and click OK in the displayed box. The STP function is disabled by default.

Caution

Enabling the STP or changing the STP mode will initiate a new session. Do not refresh the page during the
configuration.

(2) Configure the STP global parameters, and click Save.

194
Web-based Configuration Guide Advanced Configuration

Table 10-1 Description of STP Global Configuration Parameters

Default
Parameter Description
Value

Whether to enable the STP function. It takes effect globally. STP attributes
STP Disable
can be configured only after STP is enabled.

Bridge priority. The device compares the bridge priority first during root
Priority 32768
bridge selection. A smaller value indicates a higher priority.

The maximum expiration time of BPDUs The packets expiring will be

discarded. If a non-root bridge fails to receive a BPDU from the root bridge
Max Age 20 seconds
before the aging time expires, the root bridge or the link to the root bridge is
deemed as faulty

Recovery Time Network recovery time when redundant links occur on the network. 30 seconds

Hello Time Interval for sending two adjacent BPDUs 2 seconds

The interval at which the port status changes, that is, the interval for the
Forward Delay 15 seconds
port to change from Listening to Learning, or from Learning to Forwarding.

The versions of Spanning Tree Protocol. Currently the device supports STP
STP Mode RSTP
(Spanning Tree Protocol) and RSTP (Rapid Spanning Tree Protocol).

11.1.2 Applying STP to a Port

Choose Local Device > Advanced >STP > STP.

Configure the STP properties for a port Click Batch Edit to select ports and configure STP parameters, or click
Edit in the Action column in Port List to configure designated ports.

195
Web-based Configuration Guide Advanced Configuration

Table 10-2 Description of STP Configuration Parameters of Ports

Default
Parameter Description
Value

Root: A port with the shortest path to the root

Alternate: A backup port of a root port. Once the root port fails, the

alternate port becomes the root port immediately.

Role Designated (designated ports): A port that connects a root bridge or NA

an upstream bridge to a downstream device.

Disable (blocked ports): Ports that have no effect in the spanning

tree.

196
Web-based Configuration Guide Advanced Configuration

Default
Parameter Description
Value

Disable: The port is closed manually or due to a fault, does not

participate in spanning tree and does not forward data, and can be

turned into a blocking state after initialization or opening.

Blocking: A port in the blocking state cannot forward data packets

or learn addresses, but can send or receive configuration BPDUs and

send them to the CPU.

Listening: If a port can become the root port or designated port, the

port will enter the listening state. Listening: A port in the listening
Status NA
state does not forward data or learn addresses, but can receive and

send configuration BPDUs.

Learning: A port in the learning state cannot forward data, but starts

to learn addresses, and can receive, process, and send configuration

BPDUs.

Forwarding: Once a port enters the state, it can forward any data,

learn addresses, and receive, process, and send configuration

BPDUs.

The priority of the port is used to elect the port role, and the port with high
Priority 128
priority is preferentially selected to enter the forwarding state

Configure the link type, the options include: Shared, Point-to-Point and Auto.
Link Status In auto mode, the interface type is determined based on the duplex mode. For
Auto
Config Status full-duplex ports, the interface type is point-to-point, and for half-duplex ports,
the interface type is shared.

Link Status
Actual link type: Shared, Point-to-Point NA
Actual Status

Whether to enable the BPDU guard function. After the function is enabled, if
Port Fast is enabled on a port or the port is automatically identified as an
edge port connected to an endpoint, but the port receives BPDUs, the port will
BPDU Guard Disable
be disabled and enters the Error-disabled state. This indicates that an
unauthorized user may add a network device to the network, resulting in
network topology change.

197
Web-based Configuration Guide Advanced Configuration

Default
Parameter Description
Value

Whether to enable the Port Fast function. After Port Fast is enabled on a port,
the port will neither receive nor send BPDUs. In this case, the host directly
connected to the port cannot receive BPDU.s. If a port, on which Port Fast is
Port Fast Disable
enabled exits the Port Fast state automatically when it receives BPDUs, the
BPDU filter feature is automatically disabled.

Generally, the port connected to a PC is enabled with Port Fast.

Note

● It is recommended to enable Port Fast on the port connected to a PC.

● A port switches to the forwarding state after STP is enabled more than 30 seconds. Therefore transient
disconnection may occur and packets cannot be forwarded.

11.2 LLDP
11.2.1 Overview

LLDP (Link Layer Discovery Protocol) is defined by IEEE 802.1AB. LLDP can discover devices and detect
topology changes. With LLDP, the web interface can learn the topological connection status, for example, ports
of the device that are connected to other devices, port rates at both ends of a link, and duplex mode matching
status. An administrator can locate and troubleshoot faults quickly based on the preceding information.

11.2.2 LLDP Global Settings

Choose Local Device > Advanced >LLDP > LLDP Settings.

(1) Click to enable the LLDP function, and click OK in the displayed box. The STP function is enabled by default.
When the LLDP is enabled, this step can be skipped.

(2) Configure the global LLDP parameters and click Save.

198
Web-based Configuration Guide Advanced Configuration

Table 10-3 Description of LLDP Global Configuration Parameters

Parameter Description Default Value

LLDP Indicates whether the LLDP function is enabled. Enable

TTL multiplier of LLDP

In LLDP packets, TTL TLV indicates the TTL of local information on a

neighbor. The value of TTL TLV is calculated using the following
Hold Multiplier 4
formula: TTL TLV = TTL multiplier × Packet transmission interval + 1.
The TTL TLV value can be modified by configuring the TTL multiplier
and LLDP packet transmission interval.

Transmission interval of LLDP packets, in seconds

The value of TTL TLV is calculated using the following formula: TTL
Transmit
TLV = TTL multiplier × Packet transmission interval + 1. The TTL TLV 30 seconds
Interval
value can be modified by configuring the TTL multiplier and LLDP
packet transmission interval.

Number of packets that are transmitted rapidly

When a new neighbor is discovered, or the LLDP working mode is

changed, the device will start the fast transmission mechanism in
order to let the neighboring devices learn the information of the
Fast Count device as soon as possible. The fast transmission mechanism 3
shortens the LLDP packet transmission interval to 1s, sends a certain
number of LLDP packets continuously, and then restores the normal
transmission interval. You can configure the number of LLDP packets
that can be transmitted rapidly for the fast transmission mechanism.

Port initialization delay, in seconds You can configure an initialization

Reinitialization
delay to prevent frequent initialization of the state machine caused by 2 seconds
Delay
frequent changes of the port work mode.

199
Web-based Configuration Guide Advanced Configuration

Parameter Description Default Value

Delay for sending LLDP packets, in seconds.

When local information of a device changes, the device immediately

transmits LLDP packets to its neighbors. You can configure a
transmission delay to prevent frequent transmission of LLDP packets
caused by frequent changes of local information.
Forward Delay 2 seconds
If the delay is set to a very small value, frequent change of the local
information will cause frequent transmission of LLDP packets. If the
delay is set to a very large value, no LLDP packet may be transmitted
even if local information is changed. Set an appropriate delay
according to actual conditions.

11.2.3 Applying LLDP to a Port

Choose Local Device > Advanced > LLDP > LLDP Management.

In Port List, Click Edit in the Action column, or click Batch Edit, select the desired port, configure the LLDP
working mode on the port and whether to enable LLDP-MED, and click OK.

Send LLDPDU: After Send LLDPDU is enabled on a port, the port can send LLDPDUs.

Receive LLDPDU: After Receive LLDPDU is enabled on a port, the port can receive LLDPDUs.

LLDPMED: After LLDPMED is enabled, the device is capable of discovering neighbors when its peer endpoint
supports LLDP-MED (the Link Layer Discovery Protocol-Media Endpoint Discovery).

200
Web-based Configuration Guide Advanced Configuration

11.2.4 Displaying LLDP information

Choose Local Device > Advanced > LLDP > LLDP Info.

To display LLDP information, including the LLDP information of the local device and the neighbor devices of
each port. Click the port name to display details about port neighbors.

You can check the topology connection through LLDP information, or use LLDP to detect errors. For example,
if two switch devices are directly connected in the network topology. When an administrator configures the VLAN,
port rate, duplex mode, an error will be prompted if the configurations do not match those on the connected
neighbor.

201
Web-based Configuration Guide Advanced Configuration

11.3 RLDP
11.3.1 Overview

The Rapid Link Detection Protocol (RLDP) is an Ethernet link failure detection protocol, which is used to rapidly
detect unidirectional link failures, bidirectional link failures, and downlink loop failures. When a failure is found,
RLDP automatically shuts down relevant ports or asks users to manually shut down the ports according to the
configured failure handling methods, to avoid wrong forwarding of traffic or Ethernet L2 loops.

Supports enabling the RLDP function of the access switches in the network in a batch. By default, the switch
ports will be automatically shut down when a loop occurs. You can also set a single switch to configure whether
loop detection is enabled on each port and the handling methods after a link fault is detected

11.3.2 Standalone Device Configuration

1. RLDP Global Settings

Choose Local Device > Advanced > RLDP > RLDP Settings.

(1) Enable the RLDP function and click OK in the displayed dialog box. The RLDP function is disabled by default.

(2) Configure RLDP global parameters and click Save.

202
Web-based Configuration Guide Advanced Configuration

Table 10-4 Description of RLDP Global Configuration Parameters

Default
Parameter Description
Value

RLDP Indicates whether the RLDP function is enabled. Disable

Hello Interval Interval for RLDP to send detection packets, in seconds 3 seconds

After it is enabled, a port automatically recovers to the initialized state

Errdisable Recovery Disable
after a loop occurs.

Errdisable Recovery The interval at which the failed ports recover to the initialized state 30
Interval regularly and link detection is restarted, in seconds. seconds

2. Applying RLDP to a Port

Choose Local Device > Advanced > RLDP > RLDP Management.

In Port List, click Edit in the Action column or click Batch Edit, select the desired port, configure whether to
enable loop detection on the port and the handling method after a fault is detected, and click OK.

There are three methods to handle port failures:

 Warning: Only the relevant information is prompted to indicate the failed port and the failure type.

 Block: After alerting the fault, set the faulty port not to forward the received packets

 Shutdown port: After alerting the fault, shutdown the port.

Caution

● When RLDP is applied to an aggregate port, the Action can only be set to Warning and Shutdown.
● When performing RLDP detection on an aggregate port, if detection packets are received on the same
device, even if the VLANs of the port sending the packets and the port receiving them are different, it will
not be judged as a loop failure.

203
Web-based Configuration Guide Advanced Configuration

3. Displaying RLDP information

Choose Local Device > Advanced > RLDP > RLDP Info.

You can view the detection status, failure handling methods, and ports that connect the neighbor device to the
local device. You can click Reset to restore the faulty RLDP status triggered by a port to the normal state.

204
Web-based Configuration Guide Advanced Configuration

11.3.3 Batch Configuring Network Switches

Choose Network > RLDP.
(1) Click Enable to access the RLDP Config page.

(2) In the networking topology, you can select the access switches on which you want to enable RLDP in either
recommended or custom mode. If you select the recommended mode, all access switches in the network
are selected automatically. If you select the custom mode, you can manually select the desired access
switches. Click Deliver Config. RLDP is enabled on the selected switches.

205
Web-based Configuration Guide Advanced Configuration

(3) After the configuration is delivered, if you want to modify the effective range of the RLDP function, click
Configure to select desired switches in the topology again. Turn off RLDP to disable RLDP on all the
switches with one click.

206
Web-based Configuration Guide Advanced Configuration

11.4 Configuring the Local DNS

The local DNS server is optional. The device obtains the DNS server address from the connected uplink device
by default.

Choose Local Device > Advanced > Local DNS.

Enter the DNS server address used by the local device. If multiple addresses exist, separate them with spaces.
Click Save. After configuring the local DNS, the device first use the DNS of the management IP address for
parsing domain names. If the device fail to parse domain names, then use this DNS address instead.

207
Web-based Configuration Guide Advanced Configuration

11.5 Voice VLAN

Caution

The Voice VLAN function is supported by RG-NBS3100 Series, RG-NBS3200 Series, RG-NBS5100 Series
and RG-NBS5200 Series Switches.

11.5.1 Overview

A voice virtual local area network (VLAN) is a VLAN dedicated to voice traffic of users. By creating a voice VLAN
and adding ports connected to voice devices to the voice VLAN, you can have voice data transmitted in the
voice VLAN and deliver specified policy of the quality of service (QoS) for voice streams, to improve the
transmission priority of voice traffic and ensure the call quality.

11.5.2 Voice VLAN Global Configuration

Choose Local Device > Advanced > Voice VLAN > Global Settings.

Turn on the voice VLAN function, configure global parameters, and click Save.

Table 10-5 Description of VLAN Global Configuration Parameters

Parameter Description Default Value

Voice VLAN Whether to enable the Voice VLAN function Disable

VLAN VLAN ID as Voice VLAN NA

Aging time of voice VLAN, in minutes. In automatic mode, after the

MAC address in a voice packet ages, if the port does not receive any
Max Age 1440 minutes
more voice packets within the aging time, the device removes this
port from the voice VLAN

208
Web-based Configuration Guide Advanced Configuration

Parameter Description Default Value

The L2 Priority of voice stream packets in a Voice VLAN. The value

range is from 0 to 7. A greater value indicates a higher priority.
CoS Priority 6
You can modify the priority of the voice traffic to improve the call
quality.

11.5.3 Configuring a Voice VLAN OUI

Choose Local Device > Advanced > Voice VLAN > OUI.

The source MAC address of a voice packet contains the organizationally unique identifier (OUI) of the voice
device manufacturer. After the voice VLAN OUI is configured, the device compares the voice VLAN OUI with
the source MAC address in a received packet to identify voice data packets, and sends them to the voice VLAN
for transmission.

Note

After the voice VLAN function is enabled on a port, when the port receives LLDP packets sent by IP phones, it
can identify the device capability fields in the packets, and identify the devices with the capability of Telephone
as voice devices. It also extracts the source MAC address of a protocol packet and processes it as the MAC
address of the voice device. In this way, the OUI can be added automatically.

Click Add. In the displayed dialog box, enter an MAC address and OUI, and click OK.

209
Web-based Configuration Guide Advanced Configuration

11.5.4 Configuring the Voice VLAN Function on a Port

Choose Local Device > Advanced > Voice VLAN > Port Settings.

Click Edit in the port entry or click Batch Edit on the upper -right corner. In the displayed dialog box, select
whether to enable the voice VLAN function on the port, voice VLAN mode to be applied, and whether to enable
the security mode, and Click OK.

210
Web-based Configuration Guide Advanced Configuration

Table 10-6 Description of the Voice VLAN Configuration Parameters on a Port

Parameter Description Default Value

Based on different ways the Voice VLAN function is enabled on the

port, the Voice VLAN Mode can be Auto Mode or Manual Mode:

Auto Mode: In this mode, the device checks whether the

permit VLANs of a port contain the voice VLAN after the

voice VLAN function is enabled on the port. If yes, the device

deletes the voice VLAN from the permit VLANs of the port

until the port receives a voice packet containing a specified

OUI. Then, the device automatically adds the voice VLAN to

Voice VLAN Mode Auto Mode
the port's permit VLANs. If the port does not receive a voice

packet containing the specified OUI within the global aging

time, the device removes the Voice VLAN from the permit

VLANs of the port.

Manual Mode: If the permit VLANs of a port contains the

voice VLAN, voice packets can be transmitted in the voice

VLAN.

When the security mode is enabled, only voice traffic can be

transmitted in the voice VLAN. The device checks the source MAC
address in each packet. When the source MAC address in the packet
matches the voice VLAN OUI, the packet can be transmitted in the
Security Mode Enable
voice VLAN. Otherwise, the device discards the packet.

When the security mode is disabled, the source MAC addresses of

packets are not checked and all packets can be transmitted in the
voice VLAN.

Caution

● The voice VLAN mode of the port can be set as the auto mode only when the VLAN mode of the port is
Trunk mode. When the voice VLAN mode of the port work in the auto mode, the port exits the voice
VLAN first and is automatically added to the voice VLAN only after receiving voice data.
● After the voice VLAN function is enabled on a port, do not switch the L2 mode (trunk or access mode) of
the port to ensure normal operation of the function. If you need to switch the L2 mode of the port, disable
the voice VLAN function on the port first.
● It is not recommended that both voice data and service data be transmitted over the voice VLAN. If you
want to transmit both voice data and service data over the voice VLAN, disable the voice VLAN function
in security mode.

211
Web-based Configuration Guide Advanced Configuration

● The voice VLAN function is unavailable on L3 ports or aggregate ports.

11.6 Configuring Smart Hot Standby (VCS)

Smart hot standby enables multiple switches to act as a hot standby device for each other, ensuring
uninterrupted data forwarding in the event of a single point failure.

Note
Smart Hot Standby is supported only on NBS5000, NBS6000, and NBS7000 series switches.

11.6.1 Configuring Hot Standby

View or modify selected hot standby interfaces, device IDs and priorities. The switch with a higher priority is
elected as the active switch in a hot standby group.

Caution
The devices in a hot standby group must have unique device IDs and priorities configured.

Choose Local Device > Advanced > Smart Hot Standby.

11.6.2 Configuring DAD Interfaces

After selecting the DAD interfaces of both the active and standby switches, connect these DAD interfaces with
a network cable to prevent network failures caused by dual active devices.

212
Web-based Configuration Guide Diagnostics

11.6.3 Active/Standby Switchover

Active/Standby Switchover allow manual switching between the active and standby supervisor engines. Clicking
the Switch button will restart the supervisor engine. Please exercise caution.

12 Diagnostics
12.1 Info Center
Choose Local Device > Diagnostics > Info Center.

213
Web-based Configuration Guide Diagnostics

In Info Center, you can view port traffic, VLAN information, routing information, client list, ARP list, MAC address,
DHCP snooping, IP-MAC binding, IP Source Guard, and CPP statistics of the device and relevant configurations.

12.1.1 Port Info

Choose Local Device > Diagnostics > Info Center > Port Info.

Port Info displays the status and configuration information of the port. Click the port icon to view the detailed
information of the port.

Note

● To configure the flow control of the port or the optical/electrical attribute of a combo port, see 4.2.
● To configure the L2 mode of the port and the VLAN to which it belongs, see 3.5.3.

12.1.2 VLAN Info

Choose Local Device > Diagnostics > Info Center > VLAN Info.

Display SVI port and routed port information, including the port information included in the VLAN, the port IP
address, and whether the DHCP address pool is enabled.

214
Web-based Configuration Guide Diagnostics

Note

● To configure VLAN, see 3.5 .

● To configure SVI ports and routed ports, see 6.1.

12.1.3 Routing Info

Caution

If the device does not support L3 functions (such as RG-NBS3100 Series and RG-NBS3200 Series Switches),
this type of information is not displayed.

Choose Local Device > Diagnostics > Info Center > Routing Info.

Displays the routing information on the device. The search box in the upper-right corner supports finding route
entries based on IP addresses.

Note

To set up static routes, see 6.3.

12.1.4 DHCP Clients

Caution

If the device does not support L3 functions (such as RG-NBS3100 Series and RG-NBS3200 Series Switches),
this type of information is not displayed.

Choose Local Device > Diagnostics > Info Center > DHCP Clients.

Displays the IP address information assigned to endpoints by the device as a DHCP server.

Note

To configure DHCP server related functions, see 6.2.

215
Web-based Configuration Guide Diagnostics

12.1.5 ARP List

Choose Local Device > Diagnostics > Info Center > ARP List.

Displays ARP information on the device, including dynamically learned and statically configured ARP mapping
entries.

Note

To bind dynamic ARP or manually configure static ARP, see 6.4.

12.1.6 MAC Address

Choose Local Device > Diagnostics > Info Center > MAC.

Displays the MAC address information of the device, including the static MAC address manually configured by
the user, the filtering MAC address, and the dynamic MAC address automatically learned by the device.

Note

To configure and manage the MAC address, see 3.3.

216
Web-based Configuration Guide Diagnostics

12.1.7 DHCP Snooping

Choose Local Device > Diagnostics > Info Center > DHCP Snooping.

Displays the current configuration of the DHCP snooping function and the user information dynamically learned
by the trust port.

Note

To modify DHCP Snooping related configuration, see 7.1.

12.1.8 IP-MAC Binding

Choose Local Device > Diagnostics > Info Center > IP-MAC Binding.

Displays the configured IP-MAC binding entries. The device checks whether the source IP addresses and source
MAC addresses of IP packets match those configured for the device and filters out IP packets not matching the
binding.

Note

To add or modify the IP-MAC binding, see 7.5.

217
Web-based Configuration Guide Diagnostics

12.1.9 IP Source Guard

Choose Local Device > Diagnostics > Info Center > Source Guard.

Displays the binding list of the IP Source Guard function. The IP Source Guard function will check the IP packets
from non-DHCP trusted ports according to the list, and filter out the IP packets that are not in the binding list.

Note

To configure IP Source Guard function, see 7.6.

12.1.10 CPP Info

Choose Local Device > Diagnostics > Info Center > CPP.

Displays the current total CPU bandwidth and statistics of various packet types, including the bandwidth, current
rate, and total number of packets.

218
Web-based Configuration Guide Diagnostics

12.2 Network Tools

The Network Tools page provides three tools to detect the network status: Ping, Traceroute, and DNS Lookup.

12.2.1 Ping

Choose Local Device > Diagnostics > Network Tools.

The Ping command is used to detect the network connectivity.

Select Ping as the diagnosis mode, enter the destination IP address or website address, configure the ping
count and packet size, and click Start to test the network connectivity between the device and the IP address
or website. If "Ping failed" is displayed, the device is not reachable to the IP address or website.

219
Web-based Configuration Guide Diagnostics

12.2.2 Traceroute

Choose Local Device > Diagnostics > Network Tools.

The Traceroute function is used to identify the network path from one device to another. On a simple network,
the network path may pass through only one routing node or none at all. On a complex network, packets may
pass through dozens of routing nodes before reaching their destination. The traceroute function can be used to
judge the transmission path of data packets during communication.

Select Traceroute as the diagnosis mode, enter a destination IP address or the maximum TTL value used by the
URL and traceroute, and click Start.

220
Web-based Configuration Guide Diagnostics

12.2.3 DNS Lookup

Choose Local Device > Diagnostics > Network Tools.

DNS Lookup is used to query the information of network domain name or diagnose DNS server problems. If the
device can ping through the IP address of the Internet from your web page but the browser cannot open the web
page, you can use the DNS lookup function to check whether domain name resolution is normal.

Select DNS Lookup as the diagnosis mode, enter a destination IP address or URL, and click Start.

221
Web-based Configuration Guide Diagnostics

12.3 Fault Collection

Choose Local Device > Diagnostics > Fault Collection.

When an unknown fault occurs on the device, you can collect fault information by one click on this page. Click
Start. The configuration files of the device will be packed into a compressed file. Download the compressed file
locally and provide it to R&D personnel for fault locating.

12.4 Cable Diagnostics

Choose Local Device > Diagnostics > Cable Diagnostics.

The cable diagnostics function can detect the approximate length of a cable connected to a port and whether
the cable is faulty.

Select the port to be detected on the port panel and click Start. The detection results will be displayed below.

222
Web-based Configuration Guide Diagnostics

Caution

● The SPF port does not support the function.

● If a detected port contains an uplink port, the network may be intermittently disconnected. Exercise
caution when performing this operation.

12.5 System Logs

Choose Local Device > Diagnostics > System Logs.

System logs record device operations, operation time, and operation modules. System logs are used by
administrators to monitor the running status of the device, analyze network status, and locate faults. You can
search for specified logs by fault type, faulty module, and keyword in fault information.

12.6 Alerts
Choose Local Device > Diagnostics > Alerts.

Note

Choose Network > Alerts to view the alert information of other devices in the network.

223
Web-based Configuration Guide Diagnostics

Displays possible problems on the network environment to facilitate fault prevention and troubleshooting. You
can view the alert occurrence time, port, alert impact, and handling suggestions, and rectify device faults
according to handling suggestions.

All types of alerts are concerned by default. You can click Unfollow to unfollow this type of alert. The system
will no longer display this type of alert. To enable the notification function of a type of alert again, follow the alert
type on the Removed Alert page.

Caution

After unfollowing an alert, the system will not issue an alert prompt for this type of fault, and users cannot find
and deal with the fault in time. Exercise caution when performing this operation.

Table 11-1 Alert Types and Product Support

Alert Type Description Support Description

It is applicable only to devices that

support L3 functions.
The device acts as a DHCP server, and the
Addresses in the Products that do not support L3
number of allocated addresses is about to
DHCP address pool functions such as RG-NBS3100
reach the maximum number of addresses
are to be exhausted. Series, RG-NBS3200 Series
that can be allocated in the address pool.
Switches do not support this type of
alert.

The IP address of the

local device conflicts The IP address of the local device conflicts
NA
with that of another with that of another client on the LAN.
device.

An IP address conflict
Among the devices connected to the current
occurs on downlink
device on the LAN, an IP address conflict NA
devices connected to
occurs on one or more devices.
the device.

The number of L2 MAC address entries is

The MAC address
about to reach the hardware capacity limit of NA
table is full of entries.
the product.

224
Web-based Configuration Guide Diagnostics

Alert Type Description Support Description

The ARP table is full of The number of ARP entries on the network
NA
ARP entries. exceeds the ARP capacity of the device.

It is applicable only to NBS Series

Switches that support the PoE
The PoE process is The PoE service of the device fails and no
function.
not running. power can be supplied.
(The device models are marked
with "-P".)

It is applicable only to NBS Series

The total PoE power of the device is Switches that support the PoE
The total PoE power is
overloaded, and the new connected PD function.
overloaded.
cannot be powered properly. (The device models are marked
with "-P".)

The device has a loop

A network loop occurs on the LAN. NA
alarm.

225
Web-based Configuration Guide System Configuration

13 System Configuration
13.1 Setting the System Time
Choose System > System Time.

You can view the current system time. If the time is incorrect, check and select the local time zone. If the time
zone is correct but time is still incorrect, click Edit to manually set the time. In addition, the device supports
Network Time Protocol (NTP) servers. By default, multiple servers serve as the backup of each other. You can
add or delete the local server as required.

Click Current Time when modifying the time, and the system time of the currently logged-in device will be
automatically filled in.

226
Web-based Configuration Guide System Configuration

13.2 Setting the Web Login Password

Choose System > Login > Login Password.

Enter the old password and new password. After saving the configuration, use the new password to log in.

Caution

When self-organizing network discovery is enabled, the login password of all devices in the network will be
changed synchronously.

13.3 Setting the Session Timeout Duration

Choose System > Login > Session Timeout.
If you do not log out after login, the web interface allows you to continue the access without authentication on
the current browser within one hour by default. After one hour, the web interface automatically refreshes the
page and you need to relog in before continuing your operations. You can change the session timeout duration.

227
Web-based Configuration Guide System Configuration

13.4 Configuring SNMP

13.4.1 Overview

SNMP (Simple Network Management Protocol) is a protocol used for managing network devices. It is based on
the client/server model and can remotely monitor and control network devices.

SNMP consists of a management station and agents, with the management station communicating with agents
through the SNMP protocol to obtain information such as device status, configuration information, performance
data, etc., while also being able to configure and manage devices.

SNMP can be used to manage various network devices including routers, switches, servers, firewalls, etc. Users
can use the SNMP configuration interface for user management and third-party software to monitor and control
devices.

13.4.2 Global Configuration

1. Overview

The purpose of global configuration is to enable SNMP services and implement basic configurations such as
SNMP protocol version (v1/v2c/v3), local port settings, device location settings, contact information settings.

SNMPv1: v1 is the earliest version of SNMP with poor security that only supports simple community string
authentication. The v1 version has some defects such as plaintext transmission of community strings which
makes it vulnerable to attacks; therefore it is not recommended for use in modern networks.

SNMPv2c: v2c is an improved version over v1 that supports richer functionality and more complex data types
while enhancing security measures compared to its predecessor. The v2c version provides better security
features than v1 along with greater flexibility allowing users to configure according to their specific needs.

SNMPv3: This latest version of the SNMP protocol includes additional security mechanisms like message
authentication encryption compared to its predecessors - V1 & V2C - resulting in significant improvements in
terms of access control & overall safety measures implemented by this standard.

2. Configuration Steps

[Network-wide Management-Page Wizard] System > SNMP>Global Config

(1) Enable SNMP services.

228
Web-based Configuration Guide System Configuration

When first opened, the system prompts to enable SNMPv3 by default. Click OK.
(1) Set global configuration parameters for SNMP service.

Table 13-1 Global Configuration Description Table

Parameter Description

SNMP Service Whether the SNMP service is enabled or not.

SNMP protocol version number includes v1 version, v2c version, and v3

SNMP Protocol Version
version.

229
Web-based Configuration Guide System Configuration

Parameter Description

Local Port [1, 65535]

Cannot contain Chinese characters, full-width characters,

Device Location
question marks and spaces. Character length: 1-64.

Cannot contain Chinese characters, full-width characters,

Contact Information
question marks and spaces. Character length: 1-64.

(1) Click Save.

After enabling the SNMP service takes effect, click Save to make basic configurations such as
SNMP protocol version number take effect.

13.4.3 View/Group/Community/Client Access Control

1. View/Group/Community/Client Access Control

MIB (Management Information Base) can be regarded as a database of different status information and
performance data of network devices containing a large number of OID (Object Identifiers), which are used to
identify different status information and performance data of network devices in SNMP.

The role of views in SNMP is to limit the node range that management systems can access in MIBs so as to
improve network management security and reliability. Views are an indispensable part of SNMP management
that needs to be configured and customized according to specific management requirements.

Views can define multiple subtrees according to requirements limiting the MIB nodes that management systems
can only access within these subtrees while unauthorized MIB nodes cannot be accessed by unauthenticated
system administrators thus protecting network device security. At the same time views also optimize network
management efficiency improving response speed for managing systems.

Configuration Steps:

[Network-wide Management - Page Wizard] System > SNMP > View/Group/Community/Client Access Control >
View List

(1) Click Add to create a view.

(2) Configure the basic information of the view.

230
Web-based Configuration Guide System Configuration

Table 13-2 Description of View Configuration Parameters

Parameter Description

The name used to identify the view.

View Name The length is 1 to 32 characters, and cannot contain Chinese
and full-width characters.

Define the range of OIDs included in the view, which can be

OIDs
a single OID or a subtree of OIDs

Divided into inclusion rules and exclusion rules

Add Included Rule or Excluded Rule Include rules allow access only to OIDs within the OID range.
Click <Add Inclusion Rule> to set up this type of view.

Exclusion rules allow access to all OIDs except the OID

range. Click <Add Exclusion Rule> to set up this type of view.

Note
For the created view, add at least one OID rule, otherwise a warning message will appear.

231
Web-based Configuration Guide System Configuration

(1) Click OK.

2. v1 /v2c user configuration
 Introduction
 When the SNMP protocol version is set to v1/v2c, user configuration needs to be completed.

Note

Select the SNMP protocol version, click Save, and the corresponding configuration options will appear on the
view/group/group/user access control interface.

 Configuration Steps
Choose Network-Wide > System > SNMP > View/Group/Community/Client Access Control.

(1) In the "SNMP v1/v2c Community Name List" area, click Add.

(2) Create v1/v2c users.

232
Web-based Configuration Guide System Configuration

Table 13-3 v1 / v2c user information description table

Parameter Description

at least 8 characters

Contains three types of uppercase letters, lowercase letters, numbers,

Community Name and special characters

Does not contain admin/public/private

Do not contain question marks, spaces and Chinese

Access rights of the community name (read-only, read-write) Read &

Access Mode Write

Read-Only

The options in the drop-down box are configured views (default views all,
MIB View
none)

Caution
Among v1/v2c users, the community name cannot be repeated.
Click <Add View> to add a view.

3. v3 group configuration
 Introduction
SNMPv3 introduces the concept of grouping for better security and access control. A group is a group of SNMP
users with the same security policy and access control settings. Using SNMPv3, multiple groups can be
configured, each group can have its own security policy and access control settings, and each group can also
have one or more users.

 Prerequisites
When the SNMP protocol version is set to v3, the v3 group configuration needs to be completed.

Note
Select the SNMP protocol version, click Save, and the corresponding configuration options will appear on the
view/group/group/user access control interface.

 Configuration Steps

233
Web-based Configuration Guide System Configuration

[Entire Network Management - Page Wizard] Setting > SNMP > View/Group/Group/User Access Control.

(1) Click Add in the "SNMP v3 Group List" area to create a v3 group.

(2) Set v 3 groups of related parameters.

234
Web-based Configuration Guide System Configuration

Table 13-4 V3 group configuration parameters

parameter Description

Rule group name

1-32 characters, a single Chinese accounted for three characters

Group Name
Cannot contain Chinese, full-width characters, question marks and
spaces

The minimum security level of the rule group (Auth & Security, Auth &
Security Level Open, and Allowlist & Security, indicating authentication with encryption,
authentication without encryption, no authentication encryption).

The options in the drop-down box are configured views (default views all,
Read-Only View
none).

The options in the drop-down box are configured views (default views all,
Read & Write View
none).

The options in the drop-down box are configured views (default views all,
Notification View
none).

Note
Groups limit the minimum security level, read and write permissions and scope of users in the group.
The group name cannot be repeated. If you need to add a view, click < Add View >.
(3) Click OK.
4. v 3 user configuration
 Introduction
 Prerequisites
When the SNMP protocol version is set to v3, the v3 group configuration needs to be completed.

235
Web-based Configuration Guide System Configuration

Note
Select the SNMP protocol version, click Save, and the corresponding configuration options will appear on the
view/group/group/user access control interface.

 Configuration Steps
[Entire Network Management - Page Wizard] Setting > SNMP > View/Group/Group/User Access Control >.

(1) In the "SNMP v3 Client List" area, click Add to create a v3 user.

(2) Set v3 user related parameters.

236
Web-based Configuration Guide System Configuration

Table 13-5 v3 user configuration parameters

Parameter Description

Username

at least 8 characters

Contains three types of uppercase letters, lowercase letters, numbers,

Username
and special characters

admin/public/private, question marks, spaces and Chinese characters

are not allowed.

Group Name User's group

User security level (authentication and encryption, authentication without

Security Level
encryption, no authentication and encryption)

Authentication protocols include:

MD5/SHA/SHA224/SHA256/SHA384/SHA512

Authentication password: 8~31 characters in length, cannot contain

Chinese characters, full-width characters, question marks, and spaces,
Auth Protocol, Auth Password
and must contain at least 3 types of uppercase and lowercase letters,
numbers, or special characters.

Note: This parameter needs to be set when the "Security Level" is

"authentication and encryption" or "authentication without encryption".

Encryption Protocol, Encrypted Encryption protocols include: DES/AES/AES192/AES256

Password Encrypted password: the length is 8 to 31 characters, and cannot contain

237
Web-based Configuration Guide System Configuration

Parameter Description

Chinese, full-width characters, question marks and spaces

Contain at least 3 types of uppercase and lowercase letters, numbers, or

special characters.

Note: When the "Security Level" is "Authentication and Encryption", this

parameter needs to be set.

Caution
The security level of the v3 user must be greater than or equal to the security level of this group.
There are three security levels. For authentication and encryption, you need to configure the authentication
protocol, authentication password, encryption protocol, and encryption password. For authentication
without encryption, you only need to configure the authentication protocol and encryption protocol. Without
authentication and encryption, no configuration is required.

13.4.4 Typical Configuration Examples of SNMP Service

1. v2c version SNMP service configuration

 Application
The user only needs to monitor the information of the device, and does not need to set and send it. The data
information of nodes such as 1.3.6.1.2.1.1 is monitored through the third-party software using the v2c version.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

Table 13-6 User Requirements Description Form

Parameter Description

view range Inclusion rule: OID is.1.3.6.1.2.1.1, custom view named "system"

v2c version The custom community name is "public", and the default port
use version number
number is 161

Read and write permissions Read permission

 Configuration Steps
(1) On the global configuration interface, select the v2c version, and leave other settings as default. After the
operation is complete, click Save.

238
Web-based Configuration Guide System Configuration

(1) On the view/group/group/user access control interface, click Add in the view list, fill in the view name and O
ID in the pop-up window and click <Add inclusion rule>, and click OK after the operation is complete.

239
Web-based Configuration Guide System Configuration

(2) view /group/group/user access control interface, click Add in the SNMP v1/v2c community name list, fill in
the community name, access mode and view in the pop-up window, and click OK after the operation is
completed.

240
Web-based Configuration Guide System Configuration

2. v 3 version SNMP service configuration

 Application Scenarios
Users need to monitor and control the equipment, and use the v3 version of the third-party software to monitor
and send data to the public node (1.3.6.1.2.1) node. The security level of the v3 version adopts authentication
and encryption.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

Table 13-7 User Requirements Description Form

Parameter Description

Inclusion rule: OID is.1.3.6.1.2.1 and custom view is named

view range
"public_view"

Group name: group

Security level: authenticated and encrypted

group configuration Readable view select "public_view"

Writable view select "public_view"

Notification view select "none"

Username: v3_user

Group name: group

v3 user configuration Security level: authenticated and encrypted

Authentication protocol / authentication password: MD5/Ruijie123

Encryption protocol / encryption password: AES/ Ruijie123

use version number v3 version, default port 161

 Configuration steps
(2) Select the v3 version on the global configuration interface, change the port to 161, and set other settings to
default. After the operation is complete, click Save.

241
Web-based Configuration Guide System Configuration

(1) On the view/group/group/user access control interface, click Add in the view list, fill in the view name and
OID in the pop-up window, click Add Inclusion Rule, and click OK after the operation is complete.

242
Web-based Configuration Guide System Configuration

(2) Click Add in the SNMP v3 group list, fill in the group name and security level in the pop-up window, the
user has read and write permissions, select "public _view" for the readable view and read and write view,
and set the notification view to none, click OK.

243
Web-based Configuration Guide System Configuration

(3) Click Add in the SNMP v3 user list, fill in the user name and group name in the pop-up window, the user
security level adopts authentication and encryption mode, fill in the corresponding authentication protocol,
authentication password, encryption protocol, and encryption password, and click OK.

244
Web-based Configuration Guide System Configuration

13.4.5 trap service configuration

trap is a notification mechanism of SNMP (Simple Network Management Protocol) protocol, which is used to
report the status and events of network devices to managers, including device status reports, fault reports,
performance reports, configuration reports and security management. Trap can provide real-time network
monitoring and fault diagnosis to help administrators find and solve network problems in time.

1. trap open settings

Enable the trap service and select the effective trap protocol version, including v1, v2c, and v3.

[Entire Network Management - Page Wizard] Setting > SNMP > trap setting

(1) Enable the trap service switch.

When the first open is turned on, the system pops up a prompt message. Click OK.

245
Web-based Configuration Guide System Configuration

(2) Set the trap version.

The trap protocol version number includes v1 version, v2c version, and v3 version.

(3) Click OK.

After the trap service is enabled, you need to click Save, and the configuration of the trap protocol version
number will take effect.

2. trap v1/v2c user configuration

 Introduction
A trap is a notification mechanism used to send an alert to administrators when important events or failures
occur on a device or service. Trap v1/v2c are two versions of SNMP protocol, used for network management
and monitoring.

trap v1 is the first version in the SNMP protocol, which supports basic alarm notification functions. trap v2c is
the second version in the SNMP protocol, which supports more alarm notification options and more advanced
security.

By using trap v1/v2c, the administrator can know the problems in the network in time and take corresponding
measures.

 Prerequisites
When the trap service version selects v1 or v2c, a trap v1v2c user needs to be created.

 Configuration Steps
[Entire Network Management - Page Wizard] Setting > SNMP > trap setting

(1) Click Add in the Trap v1v2c User list to create a trap v1v2c user.

(2) Configure trap v1v2c user-related parameters.

246
Web-based Configuration Guide System Configuration

Table 13-8 t rap v1/v2c user information description table

Parameter Description

destination ip Trap peer device IP, support IPv4 / IPv6 address

version number Trap version number, including v1|v2c

The port number trap peer device port [1, 65535]

The community name of the trap user

at least 8 characters

Contains three types of uppercase letters, lowercase letters, numbers,

Group Name/User Name
and special characters

Does not contain admin/public/private

Do not contain question marks, spaces and Chinese

Note

IP address of trap v1/v2c /v3 users cannot be repeated.

Trap v1/v2c user names cannot be repeated.
(3) Click OK.
3. trap v 3 user configuration
 Introduction

247
Web-based Configuration Guide System Configuration

Trap v3 is a network management mechanism based on SNMP protocol, which is used to send alarm
notifications to management personnel. Unlike previous versions, trap v3 provides more secure and flexible
configuration options, including authentication and encryption.

Trap v3 can be customized to choose the conditions and methods to send alerts, as well as who receives alerts
and how to be notified. This enables administrators to understand the status of network devices more accurately
and take timely measures to ensure network security and reliability.

 Prerequisites
When v3 is selected as the trap service version, a trap v3 user needs to be created.

 Configuration Steps
[Entire Network Management - Page Wizard] Setting > SNMP > trap setting

(1) Click Add in the "trap v3 user" list to create a trap v3 user.

(2) Configure parameters related to t rap v3 users.

Table 13-9 trap v3 user information description table

Parameter Description

target host ip trap peer device IP, support IPv4/IPv6 address

The port number trap peer device port [1, 65535]

username of the trap v3 user

at least 8 characters
username
Contains three types of uppercase letters, lowercase letters, numbers,
and special characters

248
Web-based Configuration Guide System Configuration

Parameter Description

Does not contain admin/public/private

Do not contain question marks, spaces and Chinese

Trap user security level, including three levels of authentication and

Security Level encryption, authentication and encryption, and authentication and no
encryption

Authentication protocols include:

MD5/SHA/SHA224/SHA256/SHA384/SHA512

Authentication password: 8~ 31 characters in length, cannot contain

Authentication protocol, Chinese characters, full-width characters, question marks, and spaces,
authentication password and must contain at least 3 types of uppercase and lowercase letters,
numbers, or special characters.

Note: This parameter needs to be set when the "Security Level" is

"authentication and encryption" or "authentication without encryption".

Encryption protocols include: DES/AES/AES192/AES256

Encrypted password: the length is 8~ 31 characters, and cannot contain

Chinese, full-width characters, question marks and spaces
encryption protocol, encryption
format, containing at least 3 types of uppercase and lowercase letters,
password
numbers, or special characters.

Note: When the "Security Level" is "Authentication and Encryption", this

parameter needs to be set.

Note
IP of t rap v1/v2c/v3 users cannot be repeated.

13.4.6 Typical configuration examples of the trap service

1. v2c version trap configuration

 Application Scenarios
When the user is monitoring the device, if the device is suddenly interrupted or abnormal, the third-party
monitoring software cannot detect and deal with the abnormal situation in time, so configure the device with the
destination ip 1 92.1 68.110.85 and port number 1 66, so that the device sends a trap of the v2c version in case
of an exception.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

Table 13-10 User Requirements Description Form

Parameter Description

IP and port number The target host IP is"192.168.110.85", and the port number is"166".

249
Web-based Configuration Guide System Configuration

Parameter Description

use version number Select v2 version

Group Name / User Name Trap_public

 Configuration Steps
(3) Select the v2c version on the trap setting interface, click Save,

(1) Click Add in the"trap v1 / v2c user list".

(2) Fill in the target host IP, version number, port number, user name and other information, and click OK after
the configuration is complete.

250
Web-based Configuration Guide System Configuration

2. V3 version trap configuration

 Application Scenarios
When the user is monitoring the device, if the device is suddenly interrupted or abnormal, the third-party
monitoring software cannot detect and deal with the abnormal situation in time, so configure the device with the
destination ip 1 92. 1 68.110.87 and the port number 1 67, and use the more secure v3 version to send traps.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

Table 13-11 User Requirements Description Form

Parameter Description

IP and port number The target host IP is"192.168.110.87", and the port number is"167".

Use version number, username Select the v3 version, the user name is"trapv3_public"

Authentication Protocol /
Encryption Protocol Authentication protocol / authentication password: MD5/Ruijie123

Encryption Protocol / Encryption Encryption protocol / encryption password: AES/ Ruijie123

Cipher

 Configuration Steps
(4) Select the v3 version on the trap setting interface, and click Save.

251
Web-based Configuration Guide System Configuration

(1) Click Add in the trap v3 user list.

(2) Fill in the target host IP, port number, user name and other information, and click OK after the configuration
is complete.

13.5 Configure 802.1x authentication

13.5.1 Function introduction

IEEE802.1x (Port-Based Network Access Control) is a port-based network access control standard that provides
secure access services for LANs.

IEEE 802 LAN, as long as users can connect to network devices, they can directly access network resources
without authentication and authorization. This uncontrolled behavior will bring security risks to the network. The
IEEE 802.1x protocol was proposed to solve the security problem of 802 LAN.

802.1x supports Authentication, Authorization, and Accounting three security applications, referred to as AAA.

 Authentication: Authentication, used to determine whether users can obtain access rights and restrict illegal
users;
 Authorization: Authorization, which services authorized users can use, and control the rights of legitimate
users;
 Accounting: Accounting, recording the use of network resources by users, and providing a basis for
charging.

252
Web-based Configuration Guide System Configuration

802.1x can be deployed in a network that controls access users to implement authentication and authorization
services for access users.

802.1x system is a typical Client/Server structure, including three entities: client, access device and
authentication server. A typical architecture diagram is shown in the figure.

 The client is generally a user terminal device, and the user can initiate 802.1X authentication by starting the
client software. The client must support the Extensible Authentication Protocol over LANs (EAPoL).
 AP or switching device) that supports the 802.1x protocol. It provides a port for the client to access the
LAN. The port can be a physical port or a logical port.
 The authentication server is used to implement user authentication, authorization, and accounting, and it is
usually a RADIUS server.
Note
RG- NBS switching devices only support the authentication function.

13.5.2 Configuration 802.1x

Choose Local Device > Security > 802.1x Authentication > Auth _ Config

(1) Click the"Global 802.1x"switch, the system prompts to confirm whether to enable it, click <Configure>.

Click Advanced Settings to configure parameters such as Guest VLAN.

253
Web-based Configuration Guide System Configuration

Parameter Description

If the server disconnection is detected, all users will be allowed to access

Server Escape
the Internet

Require clients to re-authenticate at certain intervals to ensure network

Re-authentication
security

Guest VLAN Provide a VLAN for unauthenticated clients to restrict their access

EAP-Request Packet Define the number of times the EAP request message will be
Retransmission Count retransmitted when no response is received, value range: 1- 10 times

During the authentication process, the idle time between the client and
Quiet Period the server does not exchange authentication messages, value range: 0-
65535 seconds

The time limit for the server to wait for the response from the client,
Client Packet
exceeding this time will be considered as an authentication failure, value
Timeout Duration
range: 1-65535 seconds

The time limit for the client to wait for the server to respond, exceeding
Client Packet
this time will be considered as an authentication failure, value range: 1-
Timeout Duration
65535 seconds

Define the time interval between sending EAP request messages to

EAP-Request Packet Interval control the rate of the authentication process, value range: 1-65535
seconds

(2) Add a server

Before configuration, please confirm:

254
Web-based Configuration Guide System Configuration

 The Radius server is fully built and configured as follows.

○ Add username and password for client login.
○ Close the firewall, otherwise the authentication message may be intercepted, resulting in authentication
failure.
○ A trusted IP on the Radius server.
 The network connection between the authentication device and the Radius server.
 IP addresses of the Radius server and the authentication device have been obtained.

Parameter Description

Server IP Radius server address.

The port number used for accessing user authentication on the Radius
Auth Port
server.

The port number used to access the accounting process on the Radius
Accounting Port
server.

Shared Password Radius server shared key.

The system supports adding up to 5 Radius servers. The higher the

Match Order
matching order value is, the higher the priority is.

(1) Set up the server and click Save.

255
Web-based Configuration Guide System Configuration

Parameter Description

Configure the interval for the device to send request packets

Packet Retransmission Interval
before confirming that there is no response from RADIUS

Configure the number of times the device sends request

Packet Retransmission Count packets before confirming that there is no response from
RADIUS

If this function is enabled, you need to set "Server Detection

Period", "Server Detection Times" and "Server Detection
Server Detection
Username". It is used to determine the status of the server,
so as to decide whether to enable functions such as escape.

The MAC address format of RADIUS attribute No. 31

(Calling- Stationg -ID).

MAC Address Format The following formats are supported:

Dotted hexadecimal format, such as 00d0.f8aa.bbcc

IETF format, such as 00-D0-F8-AA-BB-CC

No format (default), e.g. 00d0f8aabbcc

(5) Configure the effective interface, click interface configuration, click modify or batch configuration after a
single interface, and edit the authentication parameters of the interface.

256
Web-based Configuration Guide System Configuration

Parameter Description

802.1x Authentication When enabled, the selected interface will enable 8.02.1x authentication.

disable: Turn off the authentication method, which has the same effect as
turning off the 802.1x authentication switch

force- auth: Mandatory authentication, the client can directly access the
Internet without a password

Auth Method force- unauth: Force no authentication, the client cannot be authenticated,
nor can it access the Internet

auto: automatic authentication, the device needs to be authenticated, and

can access the Internet after passing the authentication

It is recommended to select the auto authentication method.

multi- auth: supports multiple devices using the same port for
authentication, but each device needs to be authenticated independently

multi-host: Multiple devices are allowed to share the same port. As long as
Auth Mode one user passes the authentication, subsequent users can access the
Internet

single-host: Each port only allows one device to be authenticated, and can
access the Internet after successful authentication

When enabled, devices that fail authentication will be dynamically assigned

to the specified Guest VLAN

Guest Vlan
Notice

You need to create a VLAN ID first and apply it to the interface, then in
Security Management > 802.1x Authentication > Advanced settings in the

257
Web-based Configuration Guide System Configuration

Parameter Description

authentication configuration enable Guest VLAN and enter the ID

Limit the number of users under the interface

Product Difference Description

User Count Limit per Port
The value range of NBS3100 series switches is 1-256, and other switches
are 1-1000

13.5.3 View the list of wired authentication users

8.02.1x function is configured on the entire network and a terminal is authenticated and connected to the network,
you can view the list of authenticated users.

Choose Local Device > Security Management > 802.1x Authentication to obtain specific user information.

Click <Refresh> to get the latest user list information.

If you want to disconnect a certain user from the network, you can select the user and click <Offline> in the
Operation column; you can also select multiple users and click <Batch Offline>.

13.6 Anti-ARP Spoofing

13.6.1 Overview

Gateway-targeted ARP spoofing prevention is used to check whether the source IP address of an ARP packet
through an access port is set to the gateway IP address. If yes, the packet will be discarded to prevent hosts
from receiving wrong ARP response packets. If not, the packet will not be handled. In this way, only the uplink
devices can send ARP packets, and the ARP response packets sent from other clients which pass for the
gateway are filtered out.

13.6.2 Procedure

Choose Local Device > Security > IP Source Guard > Excluded VLAN.

1. Enabling Anti-ARP Spoofing

Click Add, select the desired port and enter the gateway IP, click OK.

Note

Generally, the anti-ARP spoofing function is enabled on the downlink ports of the device.

258
Web-based Configuration Guide System Configuration

2. Disabling Anti-ARP Spoofing

Batch disable: Select an entry to be deleted in the list and click Delete Selected.

Disable one port: click Delete in the last Action column of the corresponding entry.

259
Web-based Configuration Guide Advanced Configuration

14 Advanced Configuration
14.1 STP
STP (Spanning Tree Protocol) is an L2 management protocol that eliminates L2 loops by selectively blocking
redundant links in the network. It also provides the link backup function.

14.1.1 STP Global Settings

Choose Local Device > Advanced > STP > STP.

(1) Click to enable the STP function, and click OK in the displayed box. The STP function is disabled by default.

Caution

Enabling the STP or changing the STP mode will initiate a new session. Do not refresh the page during the
configuration.

(2) Configure the STP global parameters, and click Save.

260
Web-based Configuration Guide Advanced Configuration

Table 10-7 Description of STP Global Configuration Parameters

Default
Parameter Description
Value

Whether to enable the STP function. It takes effect globally. STP attributes
STP Disable
can be configured only after STP is enabled.

Bridge priority. The device compares the bridge priority first during root
priority 32768
bridge selection. A smaller value indicates a higher priority.

The maximum expiration time of BPDUs The packets expiring will be

discarded. If a non-root bridge fails to receive a BPDU from the root bridge
Max Age 20 seconds
before the aging time expires, the root bridge or the link to the root bridge is
deemed as faulty

Recovery Time Network recovery time when redundant links occur on the network. 30 seconds

hello time Interval for sending two adjacent BPDUs 2 seconds

The interval at which the port status changes, that is, the interval for the
Forward Delay 15 seconds
port to change from Listening to Learning, or from Learning to Forwarding.

The versions of Spanning Tree Protocol. Currently the device supports STP
STP Mode RSTP
(Spanning Tree Protocol) and RSTP (Rapid Spanning Tree Protocol).

14.1.2 Applying STP to a Port

Choose Local Device > Advanced > STP > STP.

Configure the STP properties for a port Click Batch Edit to select ports and configure STP parameters,
or click Edit in the Action column in Port List to configure designated ports.

261
Web-based Configuration Guide Advanced Configuration

Table 10-8 Description of STP Configuration Parameters of Ports

Default
Parameter Description
Value

Root: A port with the shortest path to the root

Alternate: A backup port of a root port. Once the root port fails, the

alternate port becomes the root port immediately.

Role Designated (designated ports): A port that connects a root bridge or NA

an upstream bridge to a downstream device.

Disable (blocked ports): Ports that have no effect in the spanning

tree.

262
Web-based Configuration Guide Advanced Configuration

Default
Parameter Description
Value

Disable: The port is closed manually or due to a fault, does not

participate in spanning tree and does not forward data, and can be

turned into a blocking state after initialization or opening.

Blocking: A port in the blocking state cannot forward data packets

or learn addresses, but can send or receive configuration BPDUs and

send them to the CPU.

Listening: If a port can become the root port or designated port, the

port will enter the listening state. Listening: A port in the listening
Status NA
state does not forward data or learn addresses, but can receive and

send configuration BPDUs.

Learning: A port in the learning state cannot forward data, but starts

to learn addresses, and can receive, process, and send configuration

BPDUs.

Forwarding: Once a port enters the state, it can forward any data,

learn addresses, and receive, process, and send configuration

BPDUs.

The priority of the port is used to elect the port role, and the port with high
priority 128
priority is preferentially selected to enter the forwarding state

Configure the link type, the options include: Shared, Point-to-Point and Auto.
Link Status In auto mode, the interface type is determined based on the duplex mode. For
Auto
Config Status full-duplex ports, the interface type is point-to-point, and for half-duplex ports,
the interface type is shared.

Link Status
Actual link type: Shared, Point-to-Point NA
Actual Status

Whether to enable the BPDU guard function. After the function is enabled, if
Port Fast is enabled on a port or the port is automatically identified as an
edge port connected to an endpoint, but the port receives BPDUs, the port will
BPDU Guard Disable
be disabled and enters the Error-disabled state. This indicates that an
unauthorized user may add a network device to the network, resulting in
network topology change.

263
Web-based Configuration Guide Advanced Configuration

Default
Parameter Description
Value

Whether to enable the Port Fast function. After Port Fast is enabled on a port,
the port will neither receive nor send BPDUs. In this case, the host directly
connected to the port cannot receive BPDU.s. If a port, on which Port Fast is
Port Fast Disable
enabled exits the Port Fast state automatically when it receives BPDUs, the
BPDU filter feature is automatically disabled.

Generally, the port connected to a PC is enabled with Port Fast.

Note

● It is recommended to enable Port Fast on the port connected to a PC.

● A port switches to the forwarding state after STP is enabled more than 30 seconds. Therefore transient
disconnection may occur and packets cannot be forwarded.

14.2 LLDP
14.2.1 Overview

LLDP (LINK Layer Discovery Protocol) is defined by ieee 802.1ab. LLDP Can Discover Devices and Detect
Topology CHANGES. With LLDP, The web interface M Can Learn The Topology Connection Status, for Example,
Ports of the Device that are connected to other devices, port rates at both ends of a link, and duplex mode
matching status. An administrator can locate and troubleshoot faults quickly based on the preceding information.

14.2.2 LLDP Global Settings

Choose Local Device > Advanced > LLDP > LLDP Settings.

(1) Click to enable the LLDP function, and click OK in the displayed box. The STP function is enabled by default.
When the LLDP is enabled, this step can be skipped.

(2) Configure the global LLDP parameters and click Save.

264
Web-based Configuration Guide Advanced Configuration

Table 10-9 Description of LLDP Global Configuration Parameters

Parameter Description Default Value

LLDP Indicates whether the LLDP function is enabled. enable

TTL multiplier of LLDP

In LLDP packets, TTL TLV indicates the TTL of local information on a

neighbor. The value of TTL TLV is calculated using the following
Hold Multiplier 4
formula: TTL TLV = TTL multiplier × Packet transmission interval + 1.
The TTL TLV value can be modified by configuring the TTL multiplier
and LLDP packet transmission interval.

Transmission interval of LLDP packets, in seconds

The value of TTL TLV is calculated using the following formula: TTL
Transmit
TLV = TTL multiplier × Packet transmission interval + 1. The TTL TLV 30 seconds
Interval
value can be modified by configuring the TTL multiplier and LLDP
packet transmission interval.

Number of packets that are transmitted rapidly

When a new neighbor is discovered, or the LLDP working mode is

changed, the device will start the fast transmission mechanism in
order to let the neighboring devices learn the information of the
Fast Count device as soon as possible. The fast transmission mechanism 3
shortens the LLDP packet transmission interval to 1s, sends a certain
number of LLDP packets continuously, and then restores the normal
transmission interval. You can configure the number of LLDP packets
that can be transmitted rapidly for the fast transmission mechanism.

Port initialization delay, in seconds You can configure an initialization

Reinitialization
delay to prevent frequent initialization of the state machine caused by 2 seconds
Delay
frequent changes of the port work mode.

265
Web-based Configuration Guide Advanced Configuration

Parameter Description Default Value

Delay for sending LLDP packets, in seconds.

When local information of a device changes, the device immediately

transmits LLDP packets to its neighbors. You can configure a
transmission delay to prevent frequent transmission of LLDP packets
caused by frequent changes of local information.
Forward Delay 2 seconds
If the delay is set to a very small value, frequent change of the local
information will cause frequent transmission of LLDP packets. If the
delay is set to a very large value, no LLDP packet may be transmitted
even if local information is changed. Set an appropriate delay
according to actual conditions.

14.2.3 Applying LLDP to a Port

Choose Local Device > Advanced > LLDP > LLDP Management.

In Port List, Click Edit in the Action column, or click Batch Edit, select the desired port, configure the LLDP
working mode on the port and whether to enable LLDP-MED, and click OK.

Send LLDPDU: After Send LLDPDU is enabled on a port, the port can send LLDPDUs.

Receive LLDPDU: After Receive LLDPDU is enabled on a port, the port can receive LLDPDUs.

LLDPMED: After LLDPMED is enabled, the device is capable of discovering neighbors when its peer endpoint
supports LLDP-MED (the Link Layer Discovery Protocol-Media Endpoint Discovery).

266
Web-based Configuration Guide Advanced Configuration

14.2.4 Displaying LLDP information

Choose Local Device > Advanced > LLDP > LLDP Info.

To display LLDP information, including the LLDP information of the local device and the neighbor devices of
each port. Click the port name to display details about port neighbors.

You can check the topology connection through LLDP information, or use LLDP to detect errors. For example,
if two switch devices are directly connected in the network topology. When an administrator configures the VLAN,
port rate, duplex mode, an error will be prompted ted If the configurations do not match those on the connected
neighbor.

267
Web-based Configuration Guide Advanced Configuration

14.3 RLDP
14.3.1 Overview

The Rapid Link Detection Protocol (RLDP) is an Ethernet link failure detection protocol, which is used to rapidly
detect unidirectional link failures, bidirectional link failures, and downlink loop failures. When a failure is found,
RLDP automatically shuts down relevant ports or ask users to manually shut down the ports according to the
configured failure handling methods, to avoid wrong forwarding of traffic or Ethernet L2 loops.

Supports enabling the RLDP function of the access switches in the network in a batch. By default, the switch
ports will be automatically shut down when a loop occurs. You can also set a single switch to configure whether
loop detection is enabled on each port and The handling methods after a link fault is detected

268
Web-based Configuration Guide Advanced Configuration

14.3.2 Standalone Device Configuration

1. RLDP Global Settings

Choose Local Device > Advanced > RLDP > RLDP Settings.

(1) Enable the RLDP function and click OK in the displayed dialog box. The RLDP function is disabled by default.

(2) Configure RLDP global parameters and click Save.

Table 14-1 Description of RLDP Global Configuration Parameters

Default
Parameter Description
Value

RLDP Indicates whether the RLDP function is enabled. Disable

Hello Interval Interval for RLDP to send detection packets, in seconds 3 seconds

After it is enabled, a port automatically recovers to the initialized state

Errdisable Recovery Disable
after a loop occurs.

Errdisable Recovery The interval at which the failed ports recover to the initialized state 30
Interval regularly and link detection is restarted, in seconds. seconds

2. Applying RLDP to a Port

Choose Local Device > Advanced > RLDP > RLDP Management.

In Port List, click Edit in the Action column or click Batch Edit, select the desired port, configure whether to
enable loop detection on the port and the handling method after a fault is detected, and click OK.

There are three methods to handle port failures:

 Warning: Only the relevant information is prompted to indicate the failed port and the failure type.

269
Web-based Configuration Guide Advanced Configuration

 Block: After alerting the fault, set the faulty port not to forward the received packets

 Shutdown port: After alerting the fault, shut down the port.

Caution

● When RLDP is applied to an aggregate port, the Action can only be set to Warning and Shutdown.
● When performing RLDP detection on an aggregate port, if detection packets are received on the same
device, even if the VLANs of the port sending the packets and the port receiving them are different, it will
not be judged as a loop failure.

3. Displaying RLDP information

Choose Local Device > Advanced > RLDP > RLDP Info.

You can view the detection status, failure handling methods, and ports that connect the neighbor device to the
local device. You can click Reset to restore the faulty RLDP status triggered by a port to the normal state.

270
Web-based Configuration Guide Advanced Configuration

14.3.3 Batch Configuring Network Switches

Choose Network > RLDP.
(1) Click Enable to access the RLDP Config page.

(2) In the networking topology, you can select the access switches on which you want to enable RLDP in either
recommended or custom mode. If you select the recommended mode, all access switches in the network
are selected automatically. If you select the custom mode, you can manually select the desired access
switches. Click Deliver Config. RLDP is enabled on the selected switches.

271
Web-based Configuration Guide Advanced Configuration

(3) After the configuration is delivered, if you want to modify the effective range of the RLDP function, click
Configure to select desired switches in the topology again. Turn off RLDP to disable RLDP on all the switches
with one click.

272
Web-based Configuration Guide Advanced Configuration

14.4 Configuring the Local DNS

The local DNS server is optional. The device obtains the DNS server address from the connected
uplink device by default.

Choose Local Device > Advanced > Local DNS.

Enter the DNS server address used by the local device. If multiple addresses exist, separate them
with spaces. Click Save. After configuring the local DNS, the device first use the DNS of the
management IP address for resolving domain names. If the device fail To parse domain names, then
use this DNS address instead.

273
Web-based Configuration Guide Advanced Configuration

14.5 Voice VLAN

Caution

The Voice VLAN function is supported by RG-NBS3100 Series, RG-NBS3200 Series, RG-NBS5100 Series
and RG-NBS5200 Series Switches.

14.5.1 Overview

A voice virtual local area network (VLAN) is a VLAN dedicated to voice traffic of users. By creating a voice VLAN
and adding ports connected to voice devices to the voice VLAN, you can have voice data transmitted in the
voice VLAN and deliver specified policy of the quality of service (QoS) for voice streams, to improve the
transmission priority of voice traffic and ensure the call quality.

14.5.2 Voice VLAN Global Configuration

Choose Local Device > Advanced > Voice VLAN > Global Settings.

Turn on the voice VLAN function, configure global parameters, and click Save.

Table 10-10 Description of VLAN Global Configuration Parameters

Parameter Description Default Value

Voice VLAN Whether to enable the Voice VLAN function Disable

VLAN VLAN ID as Voice VLAN NA

Aging time of voice VLAN, in minutes. In automatic mode, after the

MAC address in a voice packet ages, if the port does not receive any
Max Age 1440 minutes
more voice packets within the aging time, the device removes this
port from the voice VLAN

274
Web-based Configuration Guide Advanced Configuration

Parameter Description Default Value

The L2 Priority of voice stream packets in a Voice VLAN. The value

range is from 0 to 7. A greater value indicates a higher priority.
CoS Priority 6
You can modify the priority of the voice traffic to improve the call
quality.

14.5.3 Configuring a Voice VLAN OUI

Choose Local Device > Advanced > Voice VLAN > OUI.

The source MAC address of a voice packet contains the organizationally unique identifier (OUI) of the voice
device manufacturer. After the voice VLAN OUI is configured, the device compares the voice VLAN OUI with
the source MAC address in a received packet to identify voice data packets, and send them to the voice VLAN
for transmission.

note

After the voice VLAN function is enabled on a port, when the port receives LLDP packets sent by IP phones, it
can identify the device capability fields in the packets, and identify the devices with the capability of Telephone
as voice devices. It also extracts the source MAC address of a protocol packet and processes it as the MAC
address of the voice device. In this way, the OUI can be added automatically.

Click Add. In the displayed dialog box, enter an MAC address and OUI, and click OK.

275
Web-based Configuration Guide Advanced Configuration

14.5.4 Configuring the Voice VLAN Function on a Port

Choose Local Device > Advanced > Voice VLAN > Port Settings.

Click Edit in the port entry or click Batch Edit on the upper -right corner. In the displayed dialog box, select
whether to enable the voice VLAN function on the port, voice VLAN mode to be applied, and whether to enable
the security mode, and Click OK.

276
Web-based Configuration Guide Advanced Configuration

Table 10-11 Description of the Voice VLAN Configuration Parameters on a Port

Parameter Description Default Value

Based on different ways the Voice VLAN function is enabled on the

port, the Voice VLAN Mode can be Auto Mode or Manual Mode:

Auto Mode: In this mode, the device checks whether the

permit VLANs of a port contain the voice VLAN after the

voice VLAN function is enabled on the port. If yes, the device

deletes the voice VLAN from the permit VLANs of the port

until the port receives a voice packet containing a specified

OUI. Then, the device automatically adds the voice VLAN to

Voice VLAN Mode Auto Mode
the port's permit VLANs. If the port does not receive a voice

packet containing the specified OUI within the global aging

time, the device removes the Voice VLAN from the permit

VLANs of the port.

Manual Mode: If the permit VLANs of a port contains the

voice VLAN, voice packets can be transmitted in the voice

VLAN.

When the security mode is enabled, only voice traffic can be

transmitted in the voice VLAN. The device checks the source MAC
address in each packet. When the source MAC address in the packet
matches the voice VLAN OUI, the packet can be transmitted in the
Security Mode enable
voice VLAN. Otherwise, the device discards the packet.

When the security mode is disabled, the source MAC addresses of

packets are not checked and all packets can be transmitted in the
voice VLAN.

Caution

● The voice VLAN mode of the port can be set as the auto mode only when the VLAN mode of the port is
Trunk mode. When the voice VLAN mode of the port work in the auto mode, the port exits the voice
VLAN first and is automatically added to the voice VLAN only after receiving voice data.
● After the voice VLAN function is enabled on a port, do not switch the L2 mode (trunk or access mode) of
the port to ensure normal operation of the function. If you need to switch the L2 mode of the port, disable
the voice VLAN function on the port first.
● It is not recommended that both voice data and service data be transmitted over the voice VLAN. If you
want to transmit both voice data and service data over the voice VLAN, disable the voice VLAN function
in security mode.

277
Web-based Configuration Guide Advanced Configuration

● The voice VLAN function is unavailable on L3 ports or aggregate ports.

14.6 Configuring Smart Hot Standby (VCS)

Smart hot standby enables multiple switches to act as a hot standby device for each other, ensuring
uninterrupted data forwarding in the event of a single point failure.

14.6.1 Configuring Hot Standby

View or modify selected hot standby interfaces, device IDs and priorities. The switch with a higher priority is
selected as the active switch in a hot standby group.

Caution
The devices in a hot standby group must have unique device IDs and priorities configured.

Choose Local Device > Advanced > Smart Hot Standby.

14.6.2 Configuring DAD Interfaces

After selecting the DAD interfaces of both the active and standby switches, connect these DAD
interfaces with a network cable to prevent network failures caused by dual active devices.

278
Web-based Configuration Guide Diagnostics

14.6.3 Active/Standby Switchover

Active/Standby Switchover allow manual switching between the active and standby supervisor
engines. Clicking the Switch button will restart the supervisor engine. Please exercise caution.

15 Diagnostics
15.1 Info Center
Choose Local Device > Diagnostics > Info Center.

279
Web-based Configuration Guide Diagnostics

In Info Center, you can view port traffic, VLAN information, routing information, client list, ARP list, MAC address,
DHCP snooping, IP-MAC binding, IP Source Guard, and CPP statistics of the device and relevant configurations.

15.1.1 Port Info

Choose Local Device > Diagnostics > Info Center > Port Info.

Port Info displays the status and configuration information of the port. Click the port icon to view the detailed
information of the port.

Note

● To configure the flow control of the port or the optical/electrical attribute of a combo port, see 4.2 .
● To configure the L2 mode of the port and the VLAN to which it belongs, see 3.5.3 .

15.1.2 VLAN Info

Choose Local Device > Diagnostics > Info Center > VLAN Info.

280
Web-based Configuration Guide Diagnostics

Display SVI port and routed port information, including the port information included in the VLAN, the port IP
address, and whether the DHCP address pool is enabled.

Note

● To configure VLAN, see 3.5 .

● To configure SVI ports and routed ports, see 6.1 .

15.1.3 Routing Info

Caution

If the device does not support L3 functions (such as RG-NBS3100 Series and RG-NBS3200 Series Switches),
this type of information is not displayed.

Choose Local Device > Diagnostics > Info Center > Routing Info.

Displays the routing information on the device. The search box in the upper-right corner supports finding route
entries based on IP addresses.

Note

To set up static routes, see 6.3 .

15.1.4 DHCP Clients

Caution

If the device does not support L3 functions (such as RG-NBS3100 Series and RG-NBS3200 Series Switches),
this type of information is not displayed.

Choose Local Device > Diagnostics > Info Center > DHCP Clients.

Displays the IP address information assigned to endpoints by the device as a DHCP server.

281
Web-based Configuration Guide Diagnostics

Note

To configure DHCP server related functions, see 6.2 .

15.1.5 ARP List

Choose Local Device > Diagnostics > Info Center > ARP List.

Displays ARP information on the device, including dynamically learned and statically configured ARP mapping
entries.

Note

To bind dynamic ARP or manually configure static ARP, see 6.4 .

15.1.6 MAC Address

Choose Local Device > Diagnostics > Info Center > MAC.

Displays the MAC address information of the device, including the static MAC address manually configured by
the user, the filtering MAC address, and the dynamic MAC address automatically learned by the device.

Note

To configure and manage the MAC address, see 3.3.

282
Web-based Configuration Guide Diagnostics

15.1.7 DHCP Snooping

Choose Local Device > Diagnostics > Info Center > DHCP Snooping.

Displays the current configuration of the DHCP snooping function and the user information dynamically learned
by the trust port.

note

To modify DHCP Snooping related configuration, see 7.1 .

15.1.8 IP-MAC Binding

Choose Local Device > Diagnostics > Info Center > IP-MAC Binding.

Displays the configured IP-MAC binding entries. The device checks whether the source IP addresses and source
MAC addresses of IP packets match those configured for the device and filters out IP packets not matching the
binding.

Note

To add or modify the IP-MAC binding, see 7.5 .

283
Web-based Configuration Guide Diagnostics

15.1.9 IP Source Guard

Choose Local Device > Diagnostics > Info Center > Source Guard.

Displays the binding list of the IP Source Guard function. The IP Source Guard function will check the IP packets
from non-DHCP trusted ports according to the list, and filter out the IP packets that are not in the binding list.

Note

To configure IP Source Guard function, see 7.6 .

15.1.10 CPP Info

Choose Local Device > Diagnostics > Info Center > CPP.

Displays the current total CPU bandwidth and statistics of various packet types, including the bandwidth, current
rate, and total number of packets.

284
Web-based Configuration Guide Diagnostics

15.2 Network Tools

The Network Tools page provides three tools to detect the network status: Ping, Traceroute, and DNS Lookup.

15.2.1 Ping

Choose Local Device > Diagnostics > Network Tools.

The Ping command is used to detect the network connectivity.

Select Ping as the diagnosis mode, enter the destination IP address or website address, configure the ping
count and packet size, and click Start to test the network connectivity between the device and the IP address
or website. If"Ping failed"is displayed, The device is not reachable to the IP address or website.

285
Web-based Configuration Guide Diagnostics

15.2.2 Traceroute

Choose Local Device > Diagnostics > Network Tools.

The Traceroute function is used to identify the network path from one device to another. On a simple network,
the network path may pass through only one routing node or none at all. On a complex network, packets may
pass through dozens of routing nodes before reaching their destination. The traceroute function can be used to
judge the transmission path of data packets during communication.

Select Traceroute as the diagnosis mode, enter a destination IP address or the maximum TTL value used by the
URL and traceroute, and click Start.

286
Web-based Configuration Guide Diagnostics

15.2.3 DNS Lookup

Choose Local Device > Diagnostics > Network Tools.

DNS Lookup is used to query the information of network domain name or diagnose DNS server problems. If the
device can ping through the IP address of the Internet from your web page but the browser cannot open the web
page, you can use the DNS lookup function to check whether domain name resolution is normal.

Select DNS Lookup as the diagnosis mode, enter a destination IP address or URL, and click Start.

287
Web-based Configuration Guide Diagnostics

15.3 Fault Collection

Choose Local Device > Diagnostics > Fault Collection.

When an unknown fault occurs on the device, you can collect fault information by one click on this page. Click
Start. The configuration files of the device will be packed into a compressed file. Download the compressed file
locally and provide it to R&D personnel for fault locating.

15.4 Cable Diagnostics

Choose Local Device > Diagnostics > Cable Diagnostics.

The cable diagnostics function can detect the approximate length of a cable connected to a port and whether
the cable is faulty.

Select the port to be detected on the port panel and click Start. The detection results will be displayed below.

288
Web-based Configuration Guide Diagnostics

Caution

● The SPF port does not support the function.

● If a detected port contains an uplink port, the network may be intermittently disconnected. Exercise
caution when performing this operation.

15.5 System Logs

Choose Local Device > Diagnostics > System Logs.

System logs record device operations, operation time, and operation modules. System logs are used by
administrators to monitor the running status of the device, analyze network status, and locate faults. You can
search for specified logs by fault type, faulty module, and keyword in fault information.

15.6 Alerts
Choose Local Device > Diagnostics > Alerts.

Note

Choose Network > Alerts to view the alert information of other devices in the network.

289
Web-based Configuration Guide Diagnostics

Displays possible problems on the network environment to facilitate fault prevention and troubleshooting. You
can view the alert occurrence time, port, alert impact, and handling suggestions, and rectify device faults
according to handling suggestions.

All types of alerts are concerned by default. You can click Unfollow to unfollow this type of alert. The system
will no longer display this type of alert. To enable the notification function of a type of alert again, follow the alert
type on the Removed Alert page.

Caution

After unfollowing an alert, the system will not issue an alert prompt for this type of fault, and users cannot find
and deal with the fault in time. Exercise caution when performing this operation.

Table 11-2 Alert Types and Product Support

Alert Type Description Support Description

It is applicable only to devices that

support L3 functions.
The device acts as a DHCP server, and the
Addresses in the Products that do not support L3
number of allocated addresses is about to
DHCP address pool functions such as RG-NBS3100
reach the maximum number of addresses
are to be exhausted. Series, RG-NBS3200 Series
that can be allocated in the address pool.
Switches do not support this type of
alert.

The IP address of the

local device conflicts The IP address of the local device conflicts
NA
with that of another with that of another client on the LAN.
device.

An IP address conflict
Among the devices connected to the current
occurs on downlink
device on the LAN, an IP address conflict NA
devices connected to
occurs on one or more devices.
the device.

The number of L2 MAC address entries is

The MAC address
about to reach the hardware capacity limit of NA
table is full of entries.
the product.

290
Web-based Configuration Guide Diagnostics

Alert Type Description Support Description

The ARP table is full of The number of ARP entries on the network
NA
ARP entries. exceeds the ARP capacity of the device.

It is applicable only to NBS Series

Switches that support the PoE
The PoE process is The PoE service of the device fails and no
function.
not running. power can be supplied.
(The device models are marked
with"-P".)

It is applicable only to NBS Series

The total PoE power of the device is Switches that support the PoE
The total PoE power is
overloaded, and the new connected PD function.
overloaded.
cannot be powered properly. (The device models are marked
with"-P".)

The device has a loop

A network loop occurs on the LAN. NA
alarm.

291
Web-based Configuration Guide System Configuration

16 System Configuration
16.1 Setting the System Time
Choose System > System Time.

You can view the current system time. If the time is incorrect, check and select the local time zone. If the time
zone is correct but time is still incorrect, click Edit to manually set the time. In addition, the device supports
Network Time Protocol (NTP) servers. By default, multiple servers serve as the backup of each other. You can
add or delete the local server as required.

Click Current Time when modifying the time, and the system time of the currently logged-in device will be
automatically filled in.

292
Web-based Configuration Guide System Configuration

16.2 Setting the Web Login Password

Choose System > Login > Login Password.

Enter the old password and new password. After saving the configuration, use the new password to log in.

Caution

When self-organizing network discovery is enabled, the login password of all devices in the network will be
changed synchronously.

16.3 Setting the Session Timeout Duration

Choose System > Login > Session Timeout.
If you do not log out after login, the web interface allows you to continue the access without authentication on
the current browser within one hour by default. After one hour, the web interface automatically refreshes the
page and you need to relog in before continuing your operations. You can change the session timeout duration.

293
Web-based Configuration Guide System Configuration

16.4 Configuring SNMP

16.4.1 Overview

The Simple Network Management Protocol (SNMP) is a protocol for managing network devices. Based on the
client/server model, it can achieve remote monitoring and control of network devices.

SNMP uses a manager and agent architecture. The manager communicates with agents through the SNMP
protocol to retrieve information such as device status, configuration details, and performance data. It can also
be used to configure and manage devices.

SNMP can be used to manage various network devices, including routers, switches, servers, firewalls, etc. You
can achieve user management through the SNMP configuration interface and monitor and control devices
through the third-party software.

16.4.2 Global Configuration

1. Overview

The purpose of global configuration is to enable the SNMP service and make the SNMP protocol version
(v1/v2c/v3) take effect, so as to achieve basic configuration of local port, device location, and contact information.

SNMP v1: As the earliest version of SNMP, SNMP v1 has poor security, and only supports simple community
string authentication. SNMP v1 has certain flaws, such as plaintext transmission of community strings and
vulnerability to attacks. Therefore, SNMP v1 is not recommended for modern networks.

SNMP v2c: As an improved version of SNMP v1, SNMP v2c supports richer functions and more complex data
types, with enhanced security. SNMP v2c performs better than SNMP v1 in terms of security and functionality,
and is more flexible. It can be configured according to different needs.

SNMP v3: As the newest version, SNMP v3 supports security mechanisms such as message authentication and
encryption compared to SNMP v1 and SNMP v2c. SNMP v3 has achieved significant improvements in security
and access control.

2. Configuration Steps

Choose Network-wide > System > SNMP > Global Config

(1) Enable the SNMP service.

294
Web-based Configuration Guide System Configuration

When it is enabled for the first time, SNMP v3 is enabled by default. Click OK.
(2) Set SNMP service global configuration parameters.

Table 16-1 Global Configuration Parameters

Parameter Description

SNMP Server Indicates whether SNMP service is enabled.

SNMP Version Indicates the SNMP protocol version, including v1, v2c, and v3 versions.

295
Web-based Configuration Guide System Configuration

Parameter Description

Local Port The port range is 1 to 65535.

1-64 characters. Chinese characters, full-width characters, question

Device Location
marks, and spaces are not allowed.

1-64 characters. Chinese characters, full-width characters, question

Contact Info
marks, and spaces are not allowed.

(3) Click Save.

After the SNMP service is enabled, click Save to make basic configurations such as the SNMP protocol version
number take effect.

16.4.3 View/Group/Community/Client Access Control

1. View/Group/Community/Client Access Control

Management Information Base (MIB) can be regarded as a database storing the status information and
performance data of network devices. It contains a large number of object identifiers (OIDs) to identify the status
information and performance data of these network devices.

Views in SNMP can limit the range of MIB nodes that the management system can access, thereby improving
the security and reliability of network management. Views are an indispensable part of SNMP and need to be
configured or customized according to specific management requirements.

A view can have multiple subtrees. The management system can only access MIB nodes in these subtrees, and
cannot access other unauthorized MIB nodes. This can prevent unauthorized system administrators from
accessing sensitive MIB nodes, thereby protecting the security of network devices. Moreover, views can also
improve the efficiency of network management and speed up the response from the management system.

 Configuration Steps

Choose Network-wide > System > SNMP > View/Group/Community/Client Access Control

(1) Click Add under the View List to add a view.

(2) Configure basic information of a view.

296
Web-based Configuration Guide System Configuration

Table 16-2 View Configuration Parameters

Parameter Description

Indicates the name of the view.

View Name
1-32 characters. Chinese or full width characters are not allowed.

Indicates the range of OIDs included in the view, which can be a

OID
single OID or a subtree of OIDs.

There are two types of rules: included and excluded rules.

The included rule only allows access to OIDs within the

OID range. Click Add Included Rule to set this type of
Type view.

Excluded rules allow access to all OIDs except those in the

OID range. Click Add Excluded Rule to configure this type
of view.

297
Web-based Configuration Guide System Configuration

Note

At least one OID rule must be configured for a view. Otherwise, an alarm message will appear.

(3) Click OK.

2. Configuring v1/v2c Users

 Overview
When the SNMP version is set to v1/v2c, user configuration is required.

Note
Select the SNMP protocol version, and click Save. The corresponding configuration options will appear on the
View/Group/Community/User Access Control page.

 Configuration Steps
Choose Network-wide > System > SNMP > View/Group/Community/Client Access Control

(1) Click Add in the SNMP v1/v2c Community Name List pane.

(2) Add a v1/v2c user.

298
Web-based Configuration Guide System Configuration

Table 16-3 v1/v2c User Configuration Parameters

Parameter Description

At least 8 characters.

It must contain at least three character categories, including uppercase

Community Name and lowercase letters, digits, and special characters.

Admin, public or private community names are not allowed.

Question marks, spaces, and Chinese characters are not allowed.

Indicates the access permission (read-only or read & write) for the
Access Mode
community name.

The options under the drop-down box are configured views (default: all,
MIB View
none).

Note
Community names cannot be the same among v1/v2c users.
Click Add View to add a view.

3. Configuring v3 Groups

 Overview
SNMP v3 introduces the concept of grouping to achieve better security and access control. A group is a group
of SNMP users with the same security policies and access control settings. With SNMP v3, multiple groups can
be configured, each with its own security policies and access control settings. Each group can have one or more
users.

 Prerequisites
When the SNMP version is set to v3, the v3 group configuration is required.

Note
Select the SNMP protocol version, and click Save. The corresponding configuration options will appear on the
View/Group/Community/User Access Control page.

299
Web-based Configuration Guide System Configuration

 Configuration Steps
Choose Network-wide > System > SNMP > View/Group/Community/Client Access Control

(1) Click Add in the SNMP v3 Group List pane to create a group.

(2) Configure v3 group parameters.

300
Web-based Configuration Guide System Configuration

Table 16-4 v3 Group Configuration Parameters

Parameter Description

Indicates the name of the group.

1-32 characters.
Group Name
Chinese characters, full-width characters, question marks, and spaces are
not allowed.

Indicates the minimum security level (authentication and encryption,

Security Level authentication but no encryption, no authentication and encryption) of the
group.

The options under the drop-down box are configured views (default: all,
Read-Only View
none).

The options under the drop-down box are configured views (default: all,
Read & Write View
none).

The options under the drop-down box are configured views (default: all,
Notify View
none).

Note
A group defines the minimum security level, read and write permissions, and scope for users within the
group.
The group name must be unique. To add a view, click Add View.
(3) Click OK.

4. Configuring v3 Users

 Prerequisites

301
Web-based Configuration Guide System Configuration

When the SNMP version is set to v3, the v3 group configuration is required.

Note
Select the SNMP protocol version, and click Save. The corresponding configuration options will appear on the
View/Group/Community/User Access Control page.

 Configuration Steps
Choose Network-wide > System > SNMP > View/Group/Community/Client Access Control

(4) Click Add in the SNMP v3 Client List pane to add a v3 user.

(5) Configure v3 user parameters.

302
Web-based Configuration Guide System Configuration

Table 16-5 v3 User Configuration Parameters

Parameter Description

Username

At least 8 characters.

It must contain at least three character categories, including uppercase

Username
and lowercase letters, digits, and special characters.

Admin, public or private community names are not allowed.

Question marks, spaces, and Chinese characters are not allowed.

Group Name Indicates the group to which the user belongs.

Indicates the security level (authentication and encryption, authentication

Security Level
but no encryption, and no authentication and encryption) of the user.

Authentication protocols supported:

MD5/SHA/SHA224/SHA256/SHA384/SHA512.

Authentication password: 8-31 characters. Chinese characters, full-width

characters, question marks, and spaces are not allowed. It must contain
Auth Protocol, Auth Password
at least three character categories, including uppercase and lowercase
letters, digits, and special characters.

Note: This parameter is mandatory when the security level is

authentication and encryption, or authentication but no encryption.

Encryption Protocol, Encryption Encryption protocols supported: DES/AES/AES192/AES256.

303
Web-based Configuration Guide System Configuration

Parameter Description

Password Encryption password: 8-31 characters. Chinese characters, full-width

characters, question marks, and spaces are not allowed.

It must contain at least three character categories, including uppercase

and lowercase letters, digits, and special characters.

Note: This parameter is mandatory when the security level is

authentication and encryption.

Note
The security level of v3 users must be greater than or equal to that of the group.
There are three security levels, among which authentication and encryption requires the configuration of
authentication protocol, authentication password, encryption protocol, and encryption password.
Authentication but no encryption only requires the configuration of authentication protocol and encryption
protocol, while no authentication and encryption does not require any configuration.

16.4.4 SNMP Service Typical Configuration Examples

1. Configuring SNMP v2c

 Application Scenario
You only need to monitor the device information, but do not need to set and deliver it. A third-party software can
be used to monitor the data of nodes like 1.3.6.1.2.1.1 if v2c version is configured.

 Configuration Specification
According to the user’s application scenario, the requirements are shown in the following table:

Table 16-6 User Requirement Specification

Item Description

Included rule: the OID is .1.3.6.1.2.1.1, and the custom view name is
View range
“system”.

For SNMP v2c, the custom community name is “public”, and the default
Version
port number is 161.

Read & write permission Read-only permission.

 Configuration Steps
(5) In the global configuration interface, select v2c and set other settings as default. Then, click Save.

304
Web-based Configuration Guide System Configuration

(2) Add a view on the View/Group/Community/Client Access Control interface.

a Click Add in the View List pane.

b Enter the view name and OID in the pop-up window, and click Add Included Rule.
c Click OK.

305
Web-based Configuration Guide System Configuration

(4) view /group/group/user access control interface, click Add in the SNMP v1/v2c community name list, fill in
the community name, access mode and view in the pop-up window, and click OK after the operation is
completed.

306
Web-based Configuration Guide System Configuration

2. v 3 version SNMP service configuration

 Application Scenario

You need to monitor and control devices, and use the third-party software to monitor and deliver device
information to public nodes (1.3.6.1.2.1). The security level of v3 is authentication and encryption.

 Configuration Specification
According to the user’s application scenario, the requirements are shown in the following table:

Table 16-7 User Requirements Description Form

Item Description

Included rule: the OID is .1.3.6.1.2.1, and the custom view name is
View range
“public_view”.

Group name: group

Security level: authentication and encryption

Group configuration Select public_view for a read-only view.

Select public_view for a read & write view.

Select none for a notify view.

User name: v3_user

Group name: group

Configuring v3 Users Security level: authentication and encryption

Authentication protocol/password: MD5/Ruijie123

Encryption protocol/password: AES/Ruijie123

Version For SNMP v3, the default port number is 161.

 Configuration Steps
(6) On the global configuration interface, select v3, and change the port number to 161. Set other settings to
defaults. Then, click Save.

307
Web-based Configuration Guide System Configuration

(2) Add a view on the View/Group/Community/Client Access Control interface.

a Click Add in the View List pane.

b Enter the view name and OID in the pop-up window, and click Add Included Rule.
c Click OK.

308
Web-based Configuration Guide System Configuration

(5) Click Add in the SNMP v3 group list, fill in the group name and security level in the pop-up window, the user
has read and write permissions, select"public _view"for the readable view and read and write view, and set
the notification view to none. After the operation is complete, click OK.

309
Web-based Configuration Guide System Configuration

(6) Click Add in the SNMP v3 user list, fill in the user name and group name in the pop-up window, the user
security level adopts authentication and encryption mode, fill in the corresponding authentication protocol,
authentication password, encryption protocol, and encryption password, and click OK.

310
Web-based Configuration Guide System Configuration

16.4.5 trap service configuration

Trap is a notification mechanism of the SNMP (Simple Network Management Protocol) protocol, which is used
to report the status and events of network devices to managers, including device status reports, fault reports,
performance reports, configuration reports and security management. Trap can provide real-time network
monitoring and fault diagnosis to help administrators find and solve network problems in time.

1. trap open settings

Enable the trap service and select the effective trap protocol version, including v1, v2c, and v3.

[Entire Network Management - Page Wizard] Setting > SNMP > trap setting

(1) Enable the trap service switch.

When the first open is turned on, the system pops up a prompt message. Click OK.

311
Web-based Configuration Guide System Configuration

(3) Set the trap version.

The trap protocol version number includes v1 version, v2c version, and v3 version.

(4) Click OK.

After the trap service is enabled, you need to click Save, and the configuration of the trap protocol version
number will take effect.

2. trap v1/v2c user configuration

 Introduction
A trap is a notification mechanism used to send an alert to administrators when important events or failures
occur on a device or service. Trap v1/v2c are two versions of SNMP protocol, used for network management
and monitoring.

Trap v1 is the first version in the SNMP protocol, which supports basic alarm notification functions. trap v2c is
the second version in the SNMP protocol, which supports more alarm notification options and more advanced
security.

By using trap v1/v2c, the administrator can know the problems in the network in time and take corresponding
measures.

 Prerequisites
When the trap service version selects v1 or v2c, a trap v1v2c user needs to be created.

 Configuration Steps
Choose Network-wide > Settings > SNMP > Trap Settings.

(1) Click Add in the Trap v1v2c User list to create a trap v1v2c user.

(2) Configure trap v1v2c user-related parameters.

312
Web-based Configuration Guide System Configuration

Table 16-8 t rap v1/v2c user information description table

Parameter Description

Dest Host IP IP address of the trap peer device. An IPv4 or IPv6 address is supported.

Version Number Trap version, including v1 and v2c.

Port ID The port range of the trap peer device is 1 to 65535.

Community name of the trap user.

At least 8 characters.

It must contain at least three character categories, including uppercase

Community name/User name
and lowercase letters, digits, and special characters.

Admin, public or private community names are not allowed.

Question marks, spaces, and Chinese characters are not allowed.

Note

The destination host IP address of trap v1/ v1/v2c users cannot be the same.
Community names of trap v1/ v1/v2c users cannot be the same.
(3) Click OK.

3. trap v 3 user configuration

 Introduction

313
Web-based Configuration Guide System Configuration

Trap v3 is a network management mechanism based on SNMP protocol, which is used to send alarm
notifications to management personnel. Unlike previous versions, trap v3 provides more secure and flexible
configuration options, including authentication and encryption.

Trap v3 can be customized to choose the conditions and methods to send alerts, as well as who receives alerts
and how to be notified. This enables administrators to understand the status of network devices more accurately
and take timely measures to ensure network security and reliability.

 Prerequisites
When v3 is selected as the trap service version, a trap v3 user needs to be created.

 Configuration Steps
Choose Network-wide > Settings > SNMP > Trap Settings.

(1) Click Add in the "trap v3 user" list to create a trap v3 user.

(2) Configure parameters related to t rap v3 users.

Table 16-9 trap v3 user information description table

Parameter Description

Dest Host IP IP address of the trap peer device. An IPv4 or IPv6 address is supported.

Port ID The port range of the trap peer device is 1 to 65535.

Name of the trap v3 user.

Username At least 8 characters.

It must contain at least three character categories, including uppercase

314
Web-based Configuration Guide System Configuration

Parameter Description

and lowercase letters, digits, and special characters.

Admin, public or private community names are not allowed.

Question marks, spaces, and Chinese characters are not allowed.

Indicates the security level of the trap v3 user. The security levels include
Security Level authentication and encryption, authentication but no encryption, and no
authentication and encryption.

Authentication protocols supported:

MD5/SHA/SHA224/SHA256/SHA384/SHA512.

Authentication password: 8-31 characters. Chinese characters, full-width

characters, question marks, and spaces are not allowed. It must contain
Auth Protocol, Auth Password
at least three character categories, including uppercase and lowercase
letters, digits, and special characters.

Note: This parameter is mandatory when the security level is

authentication and encryption, or authentication but no encryption.

Encryption protocols supported: DES/AES/AES192/AES256.

Encryption password: 8-31 characters. Chinese characters, full-width

characters, question marks, and spaces are not allowed.
Encryption Protocol, Encryption
It must contain at least three character categories, including uppercase
Password
and lowercase letters, digits, and special characters.

Note: This parameter is mandatory when the security level is

authentication and encryption.

Note
IP of t rap v1/v2c/v3 users cannot be repeated.

16.4.6 Typical configuration examples of the trap service

1. v2c version trap configuration

 Application Scenarios
When the user is monitoring the device, if the device is suddenly interrupted or abnormal, the third-party
monitoring software cannot detect and deal with the abnormal situation in time, so configure the device with the
destination ip 1 92.1 68.110.85 and port number 1 66, so that the device sends a trap of the v2c version in case
of an exception.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

315
Web-based Configuration Guide System Configuration

Table 16-10 User Requirements Description Form

Item Description

IP address and port number The destination host IP is 192.168.110.85, and the port number is 166.

Version Select the v2 version.

Community name/User name Trap_user

 Configuration Steps
(7) Select the v2c version on the trap setting interface, click Save,

(2) Click Add in the"trap v1 / v2c user list".

(3) Fill in the target host IP, version number, port number, user name and other information, and click OK after
the configuration is complete.

316
Web-based Configuration Guide System Configuration

2. V3 version trap configuration

 Application Scenarios
When the user is monitoring the device, if the device is suddenly interrupted or abnormal, the third-party
monitoring software cannot detect and deal with the abnormal situation in time, and the device with the
destination ip of 1 92.1 68.110.87 and the port number of 1 67 is configured, and use the more secure v3 version
to send traps.

 Configuration Specification
According to the analysis of the user's usage scenario, the requirements are shown in the table:

Table 16-11 User Requirements Description Form

Item Description

IP address and port number The destination host IP is 192.168.110.87, and the port number is 167.

Version and user name Select the v3 version and trapv3_user for the user name.

Authentication
protocol/authentication password Authentication protocol/password: MD5/Ruijie123

Encryption protocol/encryption Encryption protocol/password: AES/Ruijie123

password

 Configuration Steps
(8) Select the v3 version on the trap setting interface, and click Save.

317
Web-based Configuration Guide System Configuration

(2) Click Add in the trap v3 user list.

(3) Fill in the target host IP, port number, user name and other information, and click OK after the configuration
is complete.

16.5 Configuration Backup and Import

Choose System > Management > Backup & Import.

Configure backup: Click Backup to generate the backup configuration and download it locally.

Configure import: Click Browse, select a backup configuration file locally, and click Import to apply the
configuration specified by the file to the device After importing the configuration, the device will restart.

318
Web-based Configuration Guide System Configuration

16.6 Reset
16.6.1 Resetting the Device

Choose Local Device > System > Management > Reset.

Click Reset, and click OK to restore factory settings.

Caution

Resetting the device will clear current settings and reboot the device. If a useful configuration exists in the
current system, you can export the current configuration (see 10.4) before restoring the factory settings.
Exercise caution when performing this operation.

16.6.2 Resetting the Devices in the Network

Choose Network > System > Management > Reset.

Select All Devices and choose whether to Unbind Account, click Reset All Devices and all devices in the
current network will be restored to their factory settings.

319
Web-based Configuration Guide System Configuration

Caution

Resetting the network will clear current settings of all devices in the network and reboot the devices. Exercise
caution when performing this operation.

16.7 Rebooting the Device

16.7.1 Rebooting the Device

Choose Self-Organizing Mode > Network > System > Management > Reset.

Choose Standalone Mode > System > Reboot.

Select Local and click All Devices. The device will restart. Do not refresh the page or close the browser during
the reboot. After the device is successfully rebooted and the Web service becomes available, the device
automatically jumps to the login page.

16.7.2 Rebooting the Devices in the Network

Choose Network > System > Reboot > Reboot.

Select All Devices, and click Reboot All Device to reboot all devices in the current network.

320
Web-based Configuration Guide System Configuration

Caution

It will take some time for the network to reboot, please be patient. The network operation will affect the entire
network. Therefore, exercise caution when performing this operation.

16.7.3 Rebooting Specified Devices in the Network

Choose Network > System > Reboot > Reboot.

Click Specified Devices, select desired devices from the Available Devices list, and click Add to add devices
to the Selected Devices list on the right. Click Reboot. Specified devices in the Selected Devices list will be
rebooted.

16.8 Configuring Scheduled Reboot

Confirm that the system time is accurate. For details about how to configure the system time, see 13.1 . To
avoid network interruption caused by device reboot at wrong time.

Choose Self-Organizing Mode > Network > System> Scheduled Reboot.

321
Web-based Configuration Guide System Configuration

Choose Standalone Mode > System > Scheduled Reboot.

Click Enable, and select the date and time of scheduled reboot every week. Click Save. When the system time
matches the scheduled reboot time, the device will restart.

Caution

Once enable scheduled reboot in the network mode, all devices in the network will reboot when the system
time matches to the timed time. Therefore, exercise caution when performing this operation.

16.9 Upgrade
Caution

● It is recommended to backup the configuration before software upgrade.

● Version upgrade will restart the device. Do not refresh or close the browser during the upgrade process.

16.9.1 Online Upgrade

Choose Local Device > System > Upgrade > Online Upgrade.

The current page displays the current system version and allows you to detect whether a later version is available.
If a new version is available, click Upgrade Now to perform online upgrade. If the network environment does
not support online upgrade, click Download File to download the upgrade installation package locally and then
perform local upgrade.

Note

● Online upgrade will retain the current configuration.

● Do not refresh the page or close the browser during the upgrade process. After successful upgrade, you
will be redirected to the login page automatically.

322
Web-based Configuration Guide System Configuration

16.9.2 Local Upgrade

Choose Local Device > System > Upgrade > Local Upgrade.

Displays the device model and current software version. You can choose whether to keep the configuration
upgrade or not. Click Browse to select the local software installation package, click Upload to upload the
installation package and upgrade.

16.10 LED
Choose Network > Network > LED.

Click the button to control the LED status of the downlink AP. Click Save to deliver the configuration and make
it take effect.

323
Web-based Configuration Guide System Configuration

16.11 Switching the System Language

Click in the upper-right corner of the Web page.

Click a required language to switch the system language.

324
Web-based Configuration Guide Wi-Fi Network Setup

17 Wi-Fi Network Setup

Note

● To manage other devices in the self-organizing network, enable the self-organizing network discovery
function. (See Switching the Work Mode)The wireless settings are synchronized to all wireless devices in
the network by default. You can configure groups to limit the device scope under wireless management.
For details, see 17.1 .
● The device itself does not support transmitting wireless Wi-Fi signals, and the wireless settings need to
be synchronized to the wireless devices in the network to take effect.

17.1 Configuring AP Groups

17.1.1 Overview

After self-organizing network discovery is enabled, the device can function as the master AP/AC to batch
configure and manage its downlink APs by group. Before you configure the APs, divide them to different groups.

Note

If you specify groups when configuring the wireless network, the configuration takes effect on wireless devices
in the specified groups.

17.1.2 Procedure

Choose Network > Devices > AP.

(1) View the information of all APs in the current network, including the basic information, RF information, and
model. Click the SN of an AP to configure the AP separately.

(2) Click Expand. Information of all the current groups is displayed to the left of the list. Click to create a

group. You can create a maximum of eight groups. Select the target group and click to modify the group

name or click to delete the group. You cannot modify the name of the default group or delete the default
group.

325
Web-based Configuration Guide Wi-Fi Network Setup

(3) Click a group name in the left. All APs in the group are displayed. One AP can belong to only one group. By
default, all APs belong to the default group. Select a record in the device list and click Change Group to
migrate the selected device to the specified group. After a device is moved to the specified group, the device
will use the configuration for the new group. Click Delete Offline Devices to remove offline devices from the
list.

17.2 Configuring Wi-Fi

Choose Network > Wi-Fi > Wi-Fi Settings.

Enter the Wi-Fi name and Wi-Fi password, select the frequency band used by the Wi-Fi signal, and click Save.

Click Advanced Settings to configure more Wi-Fi parameters.

326
Web-based Configuration Guide Wi-Fi Network Setup

Caution

Modification will cause restart of the wireless configuration, resulting in logout of connected clients. Exercise
caution when performing this operation.

Table 13-1 Wireless Network Configuration

Parameter Description

SSID Enter the name displayed when a wireless client searches for a wireless network.

If the SSID does not contain Chinese, this item will be hidden. If the SSID contains
SSID Encoding
Chinese, this item will be displayed. You can select UTF-8 or GBK.

Set the band used by the Wi-Fi signal. The options are 2.4 GHz and 5 GHz. The 5
GHz band provides faster network transmission rate and less interference than the
2.4 GHz band, but is inferior to the 2.4 GHz band in terms of signal coverage range
Band
and wall penetration performance. Select a proper band based on actual needs. The
default value is 2.4G + 5G, indicating that the device provides signals at both 2.4 GHz
and 5 GHz bands.

327
Web-based Configuration Guide Wi-Fi Network Setup

Parameter Description

Select an encryption mode for the wireless network connection. The options are as
follows:

Open: The device can associate with Wi-Fi without a password.

Security
WPA-PSK/WPA2-PSK: Wi-Fi Protected Access (WPA) or WPA2 is used for
encryption.

WPA_WPA2-PSK (recommended): WPA2-PSK or WPA-PSK is used for encryption.

Specify the password for connection to the wireless network. The password is a string
Wi-Fi Password
of 8 to 16 characters.

Specify the time periods during which Wi-Fi is enabled. After you set this parameter,
Wireless Schedule
users cannot connect to Wi-Fi in other periods.

VLAN Set the VLAN to which the Wi-Fi signal belongs.

Enabling the hide SSID function can prevent unauthorized user access to Wi-Fi,
improving security. However, mobile phones or computers cannot find the Wi-Fi name
Hide SSID after this function is enabled. You must manually enter the correct name and
password to connect to Wi-Fi. Record the current Wi-Fi name before you enable this
function.

After you enable this parameter, clients associated with the Wi-Fi are isolated from
Client Isolation one other, and end users connected to the same AP (in the same network segment)
cannot access each other. This improves security.

After this function is enabled, 5G-capable clients select 5G Wi-Fi preferentially. You
Band Steering
can enable this function only when Band is set to 2.4G + 5G.

After this function is enabled, the device sends game packets preferentially, providing
XPress
more stable wireless network for games.

After this function is enabled, clients keep their IP addresses unchanged when
Layer-3 Roaming associating with the same Wi-Fi. This function improves the roaming experience of
users in the cross-VLAN scenario.

After this function is enabled, wireless users can have faster network access speed
and optimized network access experience.
Wi-Fi6 This function is valid only on APs and routers supporting 802.11ax. Clients must also
support 802.11ax to experience high-speed network access empowered by Wi-Fi 6. If
clients do not support Wi-Fi 6, disable this function.

17.3 Configuring Guest Wi-Fi

Choose Network > Wi-Fi > Guest Wi-Fi.

328
Web-based Configuration Guide Wi-Fi Network Setup

Guest Wi-Fi is a wireless network provided for guests, and is disabled by default. Client Isolation is enabled for
guest Wi-Fi by default, and it cannot be disabled. In this case, users associating with guest Wi-Fi are mutually
isolated, and they can only access the Internet through Wi-Fi. This improves network access security. You can
configure a wireless schedule for the guest network. After the specified schedule expires, the guest network will
become unreachable.

Turn on the guest Wi-Fi and set the guest Wi-Fi name and password. Click Expand to configure the wireless
schedule of the guest Wi-Fi and more Wi-Fi parameters. (For details, see 17.2 .) Click Save. Guests can
access the Internet through Wi-Fi after entering the Wi-Fi name and password.

329
Web-based Configuration Guide Wi-Fi Network Setup

17.4 Adding a Wi-Fi

Choose Network > Wi-Fi > Wi-Fi List.

Click Add, enter the Wi-Fi name and password, and click OK to create a Wi-Fi. Click Expand to configure more
Wi-Fi parameters. For details, see 17.2 . After a Wi-Fi is added, clients can find this Wi-Fi, and the Wi-Fi
information is displayed in the Wi-Fi list.

17.5 Healthy Mode

Choose Network > Wi-Fi > Healthy Mode.

Turn on healthy mode and select a wireless schedule for the mode.

After the healthy mode is enabled, the RF transmit power and Wi-Fi coverage range of the wireless device are
reduced in the schedule. This may lead to weak signals and network freezing. You are advised to disable healthy
mode or set the wireless schedule to the idle periods.

330
Web-based Configuration Guide Wi-Fi Network Setup

17.6 RF Settings
Choose Network > Network > Radio Frequency.

The wireless device can detect the surrounding wireless environment upon power-on and select proper
configuration. However, network freezing caused by wireless environment changes cannot be prevented. You
can analyze the wireless environment around the APs and routers and manually select proper parameters.

Caution

Modification will cause restart of the wireless configuration, resulting in logout of connected clients. Exercise
caution when performing this operation.

331
Web-based Configuration Guide Wi-Fi Network Setup

Table 13-2 RF Configuration

Parameter Description

The Wi-Fi channels stipulated by each country may be different. To

Country/Region ensure that clients can find the Wi-Fi signal, select the country or region
where the device is located.

A lower bandwidth indicates more stable network, and a higher

bandwidth indicates easier interference. In case of severe interference,
select a relatively low bandwidth to prevent network freezing to certain
2.4G/5G Channel Width extent. The 2.4 GHz band supports the 20 MHz and 40 MHz bandwidths.
The 5 GHz band supports the 20 MHz, 40 MHz, and 80 MHz bandwidths.

By default, the value is Auto, indicating that the bandwidth is selected

automatically based on the environment.

If a large number of users access the AP or router, the wireless network

performance of the AP or router may be degraded, affecting users'
Internet access experience. After you set this parameter, new user
Client Count Limit access is prohibited when the number of access users reaches the
specified value. If the clients require high bandwidth, you can adjust this
parameter to a smaller value. You are advised to keep the default value
unless otherwise specified.

When multiple Wi-Fi signals are available, you can set this parameter to
optimize the wireless signal quality to some extent. When a client is far
away from the wireless device, the Wi-Fi connection is disconnected
when the wireless signal strength of the end user is lower than the kick-
Kick-off Threshold off threshold. In this case, the client has to select a nearer wireless
signal.

The client is prone to be kicked off if the kick-off threshold is high. To

ensure that the client can normally access the Internet, you are advised
to set this parameter to Disable or a value smaller than -75 dBm.

Note

● Wireless channels available for your selection are determined by the country code. Select the country
code based on the country or region of your device.
● Channel, transmit power, and roaming sensitivity cannot be set globally, and the devices should be
configured separately.

17.7 Configuring Wi-Fi Blacklist or Whitelist

17.7.1 Overview

You can configure the global or SSID-based blacklist and whitelist. The MAC address supports full match and
OUI match.

332
Web-based Configuration Guide Wi-Fi Network Setup

Wi-Fi blacklist: Clients in the Wi-Fi blacklist are prevented from accessing the Internet. Clients that are not added
to the Wi-Fi blacklist are free to access the Internet.

Wi-Fi whitelist: Only clients in the Wi-Fi whitelist can access the Internet. Clients that are not added to the Wi-Fi
whitelist are prevented from accessing the Internet.

Caution

If the whitelist is empty, the whitelist does not take effect. In this case, all clients are allowed to access the
Internet.

17.7.2 Configuring a Global Blacklist/Whitelist

Choose Clients > Blacklist/Whitelist > Global Blacklist/Whitelist.

Select the blacklist or whitelist mode and click Add to configure a blacklist or whitelist client. In the Add window,
enter the MAC address and remark of the target client and click OK. If a client is already associated with the
access point, its MAC address will pop up automatically. Click the MAC address directly for automatic input. All
clients in the blacklist will be forced offline and not allowed to access the Wi-Fi network. The global blacklist and
whitelist settings take effect on all Wi-Fi networks of the access point.

If you click Delete in black list mode, the corresponding client can reconnect to Wi-Fi; if you click Delete in
whitelist mode and the whitelist list is not empty after deletion, the corresponding client will be disconnected and
prohibited from connecting to Wi-Fi.

333
Web-based Configuration Guide Wi-Fi Network Setup

17.7.3 Configuring an SSID-based Blacklist/Whitelist

Choose Clients > Blacklist/Whitelist > SSID-Based Blacklist/Whitelist.

Select a target Wi-Fi network from the left column, select the blacklist or whitelist mode, and click Add to
configure a blacklist or whitelist client. The SSID-based blacklist and whitelist will restrict the client access to the
specified Wi-Fi.

17.8 Wireless Network Optimization with One Click

Choose Network > WIO.

On the Network Optimization tab, select I have read the notes and click Network Optimization to perform
automatic wireless network optimization in the networking environment. You can configure scheduled
optimization to optimize the network at the specified time. You are advised to set the scheduled optimization
time to daybreak or the idle periods.

Caution

Clients may be kicked offline during optimization and the configuration cannot be rolled back after optimization
starts. Exercise caution when performing this operation.

334
Web-based Configuration Guide Wi-Fi Network Setup

After optimization starts, please wait patiently until optimization is complete. After optimization ends, click Cancel
Optimization to restore optimized RF parameters to default values.

Click View Details or the Optimization Record tab to view the latest optimization record details.

335
Web-based Configuration Guide Wi-Fi Network Setup

17.9 Enabling the Reyee Mesh Function

Choose Network > Reyee Mesh.

After the Reyee Mesh function is enabled, the devices that support EasyLink can be paired to form a mesh
network. Devices can automatically search for new routers around them and pair with each other via the Mesh
button, or log in to the router management page to search and select a new router for pairing.

17.10 Configuring the AP Ports

Caution

The configuration takes effect only on APs having wired LAN ports.

Choose Network > LAN Ports.

Choose Network > LAN Ports.

Enter the VLAN ID and click Save to configure the VLAN, to which the AP wired ports belong. If the VLAN ID is
null, the wired ports and WAN port belong to the same VLAN.

In self-organizing network mode, the AP wired port configuration applies to all APs having wired LAN ports on
the current network. The configuration applied to APs in LAN Port Settings takes effect preferentially. Click Add
to add the AP wired port configuration. For APs, to which no configuration is applied in LAN Port Settings, the
default configuration of the AP wired ports will take effect on them.

336
Web-based Configuration Guide Wi-Fi Network Setup

337
Web-based Configuration Guide FAQs

18 FAQs
18.1 Failing to log in to the Web Interface
(1) Confirm that the network cable is correctly connected to the port of the device, and the corresponding
indicator is flashing or steady on.

(2) Before accessing the Web management system, it is recommended to set the PC to use a static IP address
and set the IP of the computer to be in the same network segment as the IP of the device (the default IP of
the device is 10.44.77.200 and the subnet mask is 255.255.255.0) For example, set the IP address of the
computer to10.44.77.100 and the subnet mask to 255.255.255.0.

(3) Run the ping command to check the connectivity between the PC and the device.

(4) If you still cannot log in to the Device Management page after the preceding steps, restore the device to
factory settings.

18.2 Password Lost and Restoration of Factory Settings

If you forget the password, hold down the Reset button on the device panel for more than 5s when the device
is powered on, release the button after the system indicator blinks, and the device will be restored to factory
settings The device reboot can use the default management IP (10.44.77.200) to log into the device Web and
select whether to restore the backup configuration according to the prompt message.

Select Reset Backup: The configuration will be restored to a backup status and only the login password will be
restored to the default password

Select Delete Backup: To restore factory settings, that is, passwords and configurations will be deleted.

338