COMMANDO IE2000 Series Managed Switches Config Guide

COMMANDO Soldier IE2000 Series Switches offers a state of art quality product that can serve on real time high-speed Performance with input power AC, covers larger physical distance upto 250 meters with copper cables as compared to other brands best switches. This series is having advance L2+ and basic L3 features, which are highly reliable, conformance to international open standards , durable, serviceable, aesthetics, perceived quality, enhanced performance with larger range with copper cables and usability leads to value to money. Easy Management via lots of options like Web-based Graphical User Interface (WEBUI) , Command Line interface (CLI) , RADIUS/TACACS+, LLDP/LLDP-MED, Time based PoE/PoE+ Scheduling, DHCP server as well as zero touch provisioning whichever is suitable to our esteem customers.

These are fixed-configuration, with flexible uplinks Gigabit Ethernet switches that provide enterprise-class access for campus and branch applications. Designed for the digital workplace, these are optimized for today’s mobile and IoT needs. These switches are powerful and flexible enough for users to deploy PoE/PoE+ standard supplies up to 30W of power per port ideal for applications using high power wireless access points, PTZ (Pan Tilt Zoom) IP Cameras, Surveillance cameras, VoIP telephony systems, kiosks, POS terminals, thin client, 802.11ac and 802.11ax access points, small cells, and connected LED lighting devices over longer distances up to 250 meters. It provides easy device rack and wall mounting on boarding, configuration, monitoring, and troubleshooting. These fully managed switches can provide advanced L2+ and basic Layer 3 features as well as supports IEEE 802.3af-compliant PoE (Power over Ethernet), 802.3at-compliant PoE+ (Power over Ethernet plus). Each switchport is capable to deliver 15.4 W PoE, 30 W PoE+ power on all ports along with automated power (ON/OFF) scheduling. All Switches are PoE/PoE+ capable to provide power across all access ports for wireless APs, security cameras, and other IoT devices. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure, and energy-efficient business operations with intelligent and automated services.

COMMANDO Soldier IE2000 Series Switches RJ-45 Auto sensing/Auto PoE/PoE+ 10/100/1000 ports with auto MDIX capabilities which also removes speed and duplex mismatches automatically as well as covers larger physical distance with copper pairs compared to other brands best switches . This series switches supports 8K MAC address tables , 4.1MB Packet Buffer memory , 10K bytes Jumbo Frames, Ipv4/IPv6 with 1024 static routing entries (MAC/IP/Port based), Port aggregation up to 8 ports, VLAN, Voice VLAN, Surveillance VLAN, GVRP, DHCP Server, DHCP Client, DHCP Snooping, DHCP Snooping option82, DHCP Relay, 802.1X authentication, centralized MAC authentication, Guest VLAN, RADIUS authentication, SSH 2.0, Port isolation, Port security, MAC address learning limit, IP Source guard, Dynamic ARP inspection, preventing man-in-the-middle attacks and ARP DoS attacks, IP/Port/MAC binding. Management is made easy via a web-based Graphical User Interface (WEB GUI) or industry-standard Command Line Interface (CLI), with administration traffic protected via SSL or SSH encryption. SNMP (v1/v2c/v3) and RMON support enables the switch to be polled for valuable status information and allows it to send traps when abnormal events occur.

COMMANDO Soldier IE2000 Series Switches with easy installation, configuration, monitoring, and troubleshooting and greatly reduces initial installation, configuration as well as administration costs. This series has improved HTTP base firmware upgrade as well as CLI based Updates which are freely available to all users without any cost or license fee for all times . These series switches support Flexible service control with various ACLs to flexibly control ports. It also supports port-based VLAN assignment, MAC address-based VLAN assignment, protocol-based VLAN assignment, and network segment-based VLAN assignment. These secure and flexible VLAN assignment modes are used in networks where users move frequently. It also supports GARP VLAN Registration Protocol (GVRP), which dynamically distributes, registers, and propagates VLAN attributes to ensure correct VLAN configuration and reduce network administrator workloads. This series switches supports SSH v1/v2/v3, RMON, and port-based traffic statistics.

COMMANDO Soldier IE2000 Series Switches are the ideal solution for the most advanced small and medium organizations looking for the best combination of features, performance, and value. These switches are purposely designed for converged networks where voice, video, data are all carried on a single network platform. This series comes with fan/fanless switches models along with Small form-factor, fanless as well fan design for silent operation. Perfect for noise sensitive environments. Fan based Switches have Temperature- and load-based fan-speed control combines accurate monitoring with minimized system acoustic noise. The Fan based switches also feature built-in smart fans that monitor and detect temperature changes, adjusting the fan speed for maximum efficiency. At lower temperatures, the fans run at a lower speed, reducing both the power consumption and noise output of the switch. These cost-effective switches, with a reasonable PoE/PoE+ power budget up to 450W along with PoE/PoE+ configurable scheduler to automated Power ON/OFF connected PoE/PoE+ devices as per scheduled timing.

This document is a WEB GUI guide for demonstration of web pages on COMMANDO IE2000 series Switches. The Switch acts as a web server to accept http connection request and replies web pages so that user can get configuration or change configuration to switch by web access.

The COMMANDO SoldierOS IP Base switches Management is made easy via a web-based Graphical User Interface (WEBUI) access via HTTP/HTTPS or industry-standard Command Line Interface (CLI) via Console/Telnet with administration traffic protected via , SNMP v1/v2C/v3, SSH v1/v2, RMON v1/v2 which enables the switch to be polled for valuable status information and allows it to send traps when abnormal events occur.

Simplified Configuration and Management

Zero-Touch Provisioning (ZTP) simplifies installation of the switch.

Easy to manage via Console/web-Based Management (WEBUI)/Telnet/SSH/ HTTPS.

Remote Manageability

Remote management is the process that allows the administrators to take full control of all operations using a remote. This remote management via WEBUI /Telnet/ SSH/ HTTPS will reduce time and money spent on management and maintenance and physical presence of Network Engineer.

Management by CLI - Console, Telnet (RFC854) up to 3 sessions

Management by Web GUI - HTTP, HTTPS for management Based on Remote Configuration and maintenance Using Telnet.

In this CLI guide we will understand Management by Command Line Interface(CLI) through console port, telnet management mode.

Accessing the Switch via console port How to Login COMMANDO Series IE2000 via console port?

The console interface is used by connecting the Switch to a VT100–compatible terminal or a computer running an ordinary terminal emulator program (e.g., the HyperTerminal program included with the Windows operating system) using an RS–232C serial cable. Your terminal parameters will need to be set to:

• VT–100 compatible

• 115200 baud

• 8 data bits

• No parity

• One stop bit

• No flow control

Users may also access the same functions over a Telnet interface. Once you have set an IP address for your Switch, you can use a Telnet program (in VT–100 compatible terminal mode) to access and control the Switch. All of the screens are identical, whether accessed from the console port or from a Telnet interface.

Step 1 : Connect the Switch console port with PC/Laptop via console cable.

Fig 1. Connection of console port with PC/Laptop via console cable.

Step 2 ：The communication parameters configuration of the Putty Terminal with console is shown below Baud rate (Speed): 115200

Fig-2. Putty configuration in PC for console port access

Step 3 : Click on “Open”. You will get following window.

With the console port properly connected to a management computer, the following screen should be visible.

Fig 3. COMMANDO Series IE2000 Switch CLI access via console port

How to Login COMMANDO Series IE2000 WEB GUI and Enable Telnet?

Before Accessing Command Line Interface via telnet you have to login to WEB GUI of COMMANDO IE2000 Switch. Connect one Ethernet port to your system with RJ45 LAN cable.

Fig 4. COMMANDO Series IE2000 Switch port connected with PC via RJ45 LAN cable.

In PC following LAN setting required.

• Open Network and sharing center.
• Click change Adapter settings.
• Double click on Local Area Connection.
• Click Properties.
• Double click on Internet Protocol Version 4(TCP/IPv4) option and set default IP as shown below.

IP Address: : 192.168.0.(2-254)

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.0.1

Fig 5. Local Area Connection properties for Web Interface

Now Open any web browser type http://192.168.0.1 and hit “Enter” following window will appear.

Use following login details to enter in WEB GUI mode,

Username: admin

Password: ********

(Note:- Password is mentioned on backside of device)

Enter the login button. COMMANDO IE2000 series switch starting Page appears .

Fig-6. COMMANDO IE2000 Switch WEB GUI Administrator Login Page

Fig-7. COMMANDO IE2000 Switch WEB GUI starting Page

Following steps are required to access CLI via telnet lines.

Management>>Management Access>>Management Service

Click on Management

Click on Management Access

Click on Management Services

Telnet Click on

“Apply” and “Save” the configuration.

This is required stage before accessing COMMANDO IE2000 Switch Command Line Interface (CLI) to enable “Telnet”. By default “Telnet” service is disabled by default so you have to enable it manually.

Management >>Management Access>>Management Service is very important page to enable and disable Telnet ,SSH ,HTTP, HTTPS ,SNMP and Set Session Timeout (By default 10min), Password Retry Count (By default 3) , Silent Time (To block all further login attempts until the timer expires By default is 0 second) .

Fig-8. COMMANDO IE2000 Switch Management Access service.

Users access CLI through TELNET

Following are the steps to access CLI via telnet.

Step 1 : Connect the LAN port of PC/Laptop with any Ethernet port of the switch by LAN cable.

Step 2 ：

The communication parameters configuration of the Putty Terminal with TELNET is shown below：

IP Address: 192.168.0.1

Port: 23

Fig 9. Putty configuration in PC for Telnet access

Step 3: Click on “Open”. You will get following window.

Username: admin

Password: ********

(Note:- Password is mentioned on backside of device)

Fig. 10. COMMANDO Series IE2000 Switch CLI access via telnet

1.1 Web browse based graphical user interface (WEB GUI ) Introduction

COMMANDO IE2000 Series SoldierOS had a web browser based graphical user interface (WEB GUI ). This is inbuilt in each COMMANDO IE2000 series switches. You can use either the CLI via Console/Telnet or WEB GUI for managing IE2000 Series Switches. COMMANDO Networks recommend that you use this WEB GUI which can configure almost everything as you needed in simple and user-friendly manner. This WEB GUI is a state of art having world class features with which you can configure basic, advance and special feature very easily. After setting the Proper PC LAN parameter given above and in Web browser giving IP address 192.168.0.1 you will get the login page.

Fig 1.1 Default Login page of IE2000 Series Switches

Fig 1.2 Username and Password page of IE2000 Series Switches

Note:- With IE2000 Web based Graphical User Interface ( WEB GUI )

1. You can change default IP 192.168.0.1 to any desired IP address.

2. You can change Factory set username--> admin and password-->*******.

3. Factory set default Password is written on the Backside of device.

After you login the web page successfully, you will see the System information page which provides you real time status of Switch. This page shows very important System information of this IE2000 device which can help in troubleshooting network issues. The upper frame is the front panel frame, which shows the connection situation of each port. If a port is connected and link is up and working properly then the corresponding port on the front panel will be green.

Fig 1.3 System Information page of IE2000 Series Switches

1.2 Main Menu Description in WEB GUI

The left-side panel shows the configuration the configuration web pages tabs. All configuration web pages are hidden by the group head label. To expand the group head label, click the down arrow sign on the left side of main WEB page . Then this down arrow key can expand group head label to get specific Web pages for Switch to configure as per requirement of users.

In IE2000 Series Switches SoldierOS comes with PoE+ as Well as Non PoE models. COMMAMDO SoldierOS has 15 Group heads for IE2000 PoE based switches and 14 Group heads for Non PoE switches. Lots of functions and protocols can be easily configured by WEB GUI and very handy and easy to troubleshoot any networking issue.

Fig 1.4 WEB Pages for IE2000 Series Switches.

Quick Start Device Configuration

To simplify IE2000 Series device configuration through quick navigation, the Getting Started page provides links to the most commonly used pages.

Table 1.1 IE2000 Series Switches SoldierOS Web Software Frameworks.

1.3 Save, Logout, Reboot, Debug Buttons

1.3.1 Save

By clicking Save button will copy running-config to startup-config to save the current running configuration to the startup configuration file in Switch Memory. This means that if power failure or device OFF/ON configuration will not be lost and remained as per saved configuration.

Fig 1.3.1 Save button

Fig 1.3.2 Applying Save button

1.3.2 Logout

Loging out means to end access to a COMMANDO Switch on a WEB GUI . Logging out informs the COMMANDO Switch that the current user wishes to end the login session.

Fig 1.3.3 Logout button on WEB GUI

Fig 1.3.4 Applying Logout button on WEB GUI

1.3.3 Reboot

Reboot means boot again. COMMANDO Switch is force by this command to power OFF and immediately Power-On. This command forcefully restarting the Switch again.

Fig 1.3.5 Reboot button on WEB GUI

Fig 1.3.6 Applying Reboot button on WEB GUI

1.3.4 Debug

Debug is used to find and resolve bugs or defects. Debugging is the process of troubleshooting for detecting and removing of existing and potential issue in network.

Fig 1.3.6 Debug message button on WEB GUI

Fig 1.3.7 View Debug message on WEB GUI

MAC ACL: MAC ACLs are used to filter traffic on a specific source MAC address or range of MAC addresses.

MAC ACE: When a frame is received on a port, the switch processes the frame through the first ACL. If the frame matches an ACE filter of the first ACL, the ACE action takes place. If the frame matches none of the ACE filters, the next ACL is processed.

IPv4 ACL: An ACL contains the hosts that are permitted or denied access to the network device. The IPv4-based ACL is a list of source IPv4 addresses that use Layer 3 information to permit or deny access to traffic. IPv4 ACLs restrict IP-related traffic based on the configured IP filters.

IPv4 ACE: An Access Control List (ACL) is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action on IPV4 packets (permit or deny). Each ace has a sequence number to define the order, list of match criteria.

IPv6 ACL: IPv6 ACLs support the same options as IPv4 ACLs including source, destination IP , source and destination ports. You can enable only IPv4 traffic in your network by blocking IPv6 traffic.

IPv6 ACE: An Access Control List (ACL) is a list of one or more Access Control Entries (ACEs), where each ACE consists of a matching criteria and an action on IPv6 Packets (permit or deny). Each ace has a sequence number to define the order, list of match criteria.

ACL Binding:

This page shows configuration of MAC, IPv4 & IPV6 Access List. An Access Control List (ACL) is an ordered list of classification filters and actions. Each single classification rule, together with its action, is called an Access Control Element (ACE). Each ACE is made up of filters that distinguish traffic groups and associated actions.

A single ACL may contain one or more ACEs, which are matched against the contents of incoming frames. Either a DENY or PERMIT action is applied to frames whose contents match the filter.

13.1 MAC ACL

MAC-based ACLs are used to filter traffic based on Layer 2 fields. MAC-based ACLs check all frames for a match. This page allow user to add or delete ACL rule. A rule cannot be deleted if under binding.

To view and configure MAC ACL , click ACL >> MAC ACL.

Fig 13.1.1 Default MAC ACL Table page

13.1.2 MAC ACL Table after creating COMMANDO page

13.2 MAC ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To view and configure MAC ACE, click ACL >> MAC ACE

Fig 13.2.1 Default MAC ACE page

Fig 13.2.2 Add MAC ACE page

Fig 13.2.3 MAC ACE Table page

13.3 IPv4 ACL

IPv4-based ACLs are used to check IPv4 packets, while other types of frames, such as ARPs, are not checked.This page allow user to add or delete IPv4 ACL rule. A rule cannot be deleted if under binding.

To view and configure IPv4 ACL , click ACL >> IPv4 ACL

Fig 13.3.1 Default ACL Table page

Fig 13.3.2 Edit IPv4 ACL Name page

Fig 13.3.3 IPv4 ACL Table after creating COMMANDO1 ACL page

13.4 IPv4 ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To display IPv4 ACE page, click ACL >> IPv4 ACE

Fig 13.4.1 Default IPv4 ACE Table page

Fig 13.4.2 Add IPv4 ACE page

Fig 13.4.3 IPv4 ACE Table page

13.5 IPv6 ACL

The IPv6-Based ACL page displays and enables the creation of IPv6 ACLs, which check pure IPv6-based traffic. IPv6 ACLs do not check IPv6-over-IPv4 or ARP packets. This page allow user to add or delete Ipv6 ACL rule. A rule cannot be deleted if

under binding.

To view and configure IPv6 ACL page, click ACL >> IPv6 ACL

Fig 13.5.1 Default IPv6 ACL Table page

Fig 13.5.2 IPv6 ACL Table after changing page

13.6 IPv6 ACE

This page allow user to add, edit or delete ACE rule. An ACE rule cannot be edited or

deleted if ACL under binding. New ACE cannot be added if ACL under binding.

To view and configure IPv6 ACE page, click ACL >> IPv6 ACE

Fig 13.6.1 Default IPv6 ACE Table page

Fig 13.6.2 Add IPv6 ACE page

Fig 13.6.3 IPv6 ACE table after adding ACE page

13.7 ACL Binding

When an ACL is bound to an interface (port, LAG or VLAN), its ACE rules are applied to packets arriving at that interface. Packets that do not match any of the ACEs in the ACL are matched to a default rule, whose action is to drop unmatched packets.

Although each interface can be bound to only one ACL, multiple interfaces can be bound to the same ACL by grouping them into a policy-map and binding that policy-map to the interface.

After an ACL is bound to an interface, it cannot be edited, modified, or deleted until it is removed from all the ports to which it is bound or in use. This page allow user to bind or unbind ACL rule to or from interface. IPv4 and Ipv6 ACL cannot be bound to the same port simultaneously.

To view and configure ACL Binding page, click ACL >> ACL Binding

Fig 13.7.1 ACL Binding Table page

Fig 13.7.2 Selecting port for ACL Binding page

Fig 13.7.3 Add ACL Binding page

Fig 13.7.4 ACL Binding Table after Enableing GE1 port page