Switch ports

Select to view the detailed information and connection status of the Nebula Device port in the past two hours, day, week or month.

Click this button to reload the data-related frames on this page.

Edit

Select the ports you want to configure and click this button to configure Nebula Device settings on the ports, such as link aggregation, PoE schedule, LLDP and STP.

Aggregate

Select more than one port and click this button to group the physical ports into one logical higher-capacity link.

Split

Select a trunk group and click this button to delete the trunk group. The ports in this group then are not aggregated.

A trunk group is one logical link containing multiple ports.

Tag

Click this button to create a new tag or delete an existing tag.

Reset

Click this button to reboot the PD (powered device) connected to the PoE port. Follow the prompt and click Confirm to reboot the PD connected to this port.

Search

Specify your desired filter criteria to filter the list of Nebula Device ports.

You can filter the search by selecting one or more Nebula Devices. Under Ports, you can search for multiple ports separated by a comma, or a range separated by a hyphen. For example: 1,2,4–6.

Switch ports

This shows the number of ports on the Nebula Device.

Export

Click this button to save the Nebula Device port list as a CSV or XML file to your computer.

CRC alert icon

This prompt appears if CRC errors are detected in the port(s). Go to Site-wide > Devices > Switches: Switch Details: Port Details for the details. See Switch Details for more information.

Switch / Port

This shows the Nebula Device name and port number.

If the port is added to a trunk group, this also shows whether it is configured as a static member of the trunk group (Static) or configured to join the trunk group through LACP (LACP). If the port is connected to an uplink gateway, it shows Uplink.

Click details to display the port details screen. See Switch Details.

Port name

This shows the descriptive name of the port.

#Port

This shows the port number.

LLDP

This shows whether Link Layer Discovery Protocol (LLDP) is supported on the port.

Received broadcast packets

This shows the number of good broadcast packets received.

Received bytes

This shows the number of bytes received on this port.

Received packets

This shows the number of received frames on this port.

Sent broadcast packets

This shows the number of good broadcast packets transmitted.

Sent bytes

This shows the number of bytes transmitted on this port.

Sent multicast packets

This shows the number of good multicast packets transmitted.

Received multicast packets

This shows the number of good multicast packets received.

Sent packets

This shows the number of transmitted frames on this port.

Total bytes

This shows the total number of bytes transmitted or received on this port.

Enabled

This shows whether the port is enabled or disabled.

Link

This shows the speed of the Ethernet connection on this port.

Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support.

Connection

This shows the connection status of the port.

When the port is in the STP blocking state, failed LACP negotiation state, or failed port authentication state, a blocked icon displays.

Move the cursor over a time slot to see the actual date and time when a port is connected or disconnected.

Auth. policy

This shows the name of authentication policy applied to the port.

Allowed VLAN

This shows the VLANs from which the traffic comes is allowed to be transmitted or received on the port.

PoE

This shows whether PoE is enabled on the port.

RSTP

This shows whether RSTP is enabled on the port.

Status

If STP/RSTP is enabled, this field displays the STP state of the port.

If STP/RSTP is disabled, this field displays FORWARDING if the link is up, otherwise, it displays Disabled.

Schedule

This shows the name of the PoE schedule applied to the port.

Type

This shows the port type (Trunk or Access).

PVID

This shows the port VLAN ID. It is a tag that adds to incoming untagged frames received on the port so that the frames are forwarded to the VLAN group that the tag defines.

Tag

This shows the user-specified tag that the Nebula Device adds to the outbound traffic on this port.

Storm Control

This shows whether traffic storm control is enabled or disabled on the port.

Broadcast Limit (pps)

This shows the maximum number of broadcast packets the Nebula Device accepts per second on this port.

Multicast Limit (pps)

This shows the maximum number of multicast packets the Nebula Device accepts per second on this port.

DLF Limit (pps)

This shows the maximum number of Destination Lookup Failure (DLF) packets the Nebula Device accepts per second on this port.

Loop Guard

This shows whether loop guard is enabled or disabled on the port.

Network Analytic Alert

An amber alert icon displays if the NCC generates alerts when an error or something abnormal is detected on the port for the IPTV network. Move the cursor over the alert icon to view the alert details.

IPSG protected

This shows whether IP source guard protection is enabled on this port.

Received CRC packets

This shows the number of CRC (Cyclic Redundancy Check) errors received on the port.

Number of IGMP Group

This shows the number of IGMP groups the port has joined.

Management control

This shows if management control is enabled on this port. See Site-wide > Configure > Switches > Switch ports: Edit for more information.

Click this icon to display a greater or lesser number of configuration fields.

Switch ports

This shows the Nebula Device name and port number for the ports you are configuring in this screen.

Name

Enter a descriptive name for the ports.

Tags

Select or create a new tag for outgoing traffic on the ports.

Port enabled

Select to enable or disable the ports. A port must be enabled for data transmission to occur.

RSTP

Select to enable or disable RSTP on the ports.

STP guard

This field is available only when RSTP is enabled on the ports.

Select Root guard to prevent the Nebula Devices attached to the ports from becoming the root bridge.

Select BPDU guard to have the Nebula Device shut down the ports if there is any BPDU received on the ports.

Otherwise, select None.

LLDP

Select to enable or disable LLDP on the ports.

Link

Select the speed and the duplex mode of the Ethernet connection on the ports. Choices are 10M/Half Duplex, 10M/Full Duplex, 100M/Half Duplex, 100M/Full Duplex, 1000M/Full Duplex, Auto, 10M/AN, and 100M/AN (Gigabit connections only).

Extended range

Select to enable or disable extended range.

Extended range allows the port to transmit power and data at a distance of 250 meters.

Media type

You can insert either an SFP+ transceiver or an SFP+ Direct Attach Copper (DAC) cable into the 10 Gigabit interface of the Nebula Device.

Select the media type (SFP+or DAC 10G) of the SFP+ module that is attached to the 10 Gigabit interface.

Port Isolation

Select to enable or disable port isolation on the ports.

The ports with port isolation enabled cannot communicate with each other. They can communicate only with the CPU management port of the same Nebula Device and the Nebula Device’s other ports on which the isolation feature is not enabled.

IPSG protected

Select to enable or disable IP source guard protection on the port.

Auth. policy

This field is available only when you select Access in the Type field.

Select the authentication policy type and name of the pre-configured authentication policy that you want to apply to the ports. See Site-wide > Configure > Switches > Authentication for more information on authentication policy type. See Authentication for more information on configuring authentication policy.

Select Open if you do NOT want to enable port authentication on the ports.

Bandwidth Control

Select to enable or disable bandwidth control on the port.

Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the incoming traffic flow on the ports.

Specify the maximum bandwidth allowed in kilobits per second (Kbps) for the out-going traffic flow on the ports.

Loop guard

Select to enable or disable loop guard on the ports.

Storm Control

Select to enable or disable broadcast storm control on the ports.

Specifies the maximum number of broadcast packets the Nebula Device accepts per second on the ports.

Specifies the maximum number of multicast packets the Nebula Device accepts per second on the ports.

Specifies the maximum number of DLF packets the Nebula Device accepts per second on the ports.

Type

Set the type of the port.

Select Access to configure the port as an access port which can carry traffic for just one VLAN. Frames received on the port are tagged with the port VLAN ID.

Select Trunk to configure the port as a trunk port which can carry traffic for multiple VLANs over a link. A trunk port is always connected to a Nebula Device or router.

Management control

Select Enabled to configure the port as a management port. The default is Enabled. This allows the administrator to set the Nebula Device ports through which the device management VLAN traffic is allowed.

VLAN type

This field is available only when you select Access in the Type field.

None: This port is a regular access port and follows the device’s access port rules.

Vendor ID based VLAN: Apply the Vendor ID based VLAN settings from Switch > Configure > Switch settings to this port.

Voice VLAN: Apply the Voice VLAN settings from Site-wide > Configure > Switches > Switch settings to this port.

PVID

A PVID (Port VLAN ID or native VLAN) is a tag that adds to incoming untagged frames received on a port so that the frames are forwarded to the VLAN group that the tag defines.

Enter a number between 1and 4094 as the port VLAN ID.

Allowed VLANs

This field is available only when you select Trunk in the Type field.

Specify the VLANs from which the traffic comes. You can then transmit or receive traffic on the ports. See Set Up Dynamic VLAN With RADIUS (for Nebula Switches only) for the steps in setting up dynamic VLAN with RADIUS. See Monitor Dynamic VLAN Using Event Logs (for Nebula Switches only) for more information on monitoring dynamic VLANs using event logs.

PoE Settings

PoE

Select Enabled to provide power to a PD connected to the ports.

PoE schedule

This field is available only when you enable PoE.

Select a pre-defined schedule (created using the Site-wide > Configure > Switches > PoE schedules screen) to control when the Nebula Device enables PoE to provide power on the ports.

If you enable PoE and select Unschedule, PoE is always enabled on the ports.

Click Edit to go to Site-wide > Configure > Switches > PoE schedules screen to create a new PoE schedule.

PoE priority

When the total power requested by the PDs exceeds the total PoE power budget on the Nebula Device, you can set the PD priority to allow the Nebula Device to provide power to ports with higher priority.

Select Low to set the Nebula Device to assign the remaining power to the port after all critical and medium priority ports are served.

Select Medium to set the Nebula Device to assign the remaining power to the port after all critical priority ports are served.

Select Critical to give the highest PD priority on the port.

Power up mode

Set how the Nebula Device provides power to a connected PD at power-up.

802.3at – the Nebula Device supports the IEEE 802.3at High Power over Ethernet standard and can supply power of up to 30W per Ethernet port. IEEE 802.3at is also known as PoE+ or PoE Plus. An IEEE 802.3at compatible device is referred to as Type 2. Power Class 4 (High Power) can only be used by Type 2 devices. If the connected PD requires a Class 4 current when it is turned on, it will be powered up in this mode.

802.3af – the Nebula Device follows the IEEE 802.3af Power over Ethernet standard to supply power to the connected PDs during power-up.

Legacy – the Nebula Device can provide power to the connected PDs that require high inrush currents at power-up. Inrush current is the maximum, instantaneous input current drawn by the PD when first turned on.

Pre-802.3at – the Nebula Device initially offers power on the port according to the IEEE 802.3af standard, and then switches to support the IEEE 802.3at standard within 75 milliseconds after a PD is connected to the port. Select this option if the Nebula Device is performing 2-event Layer-1 classification (PoE+ hardware classification) or the connected PD is NOT performing Layer 2 power classification using Link Layer Discovery Protocol (LLDP).

Force 802.3at – the Nebula Device provides PD Wide Range Detection (WRD) with power of up to 33 W on the port without performing PoE classification. Select this if the connected PD does not comply with any PoE standard.

802.3bt – the Nebula Device follows the IEEE 802.3bt standard to supply power of up to 60 W per Ethernet port to the connected PDs at power-up.

Pre-802.3bt – the Nebula Device offers power on the port according to the IEEE 802.3bt standard. Select this if the connected PD was manufactured before the IEEE 802.3bt standard was implemented on September 2018, but requires power between 33 W and 60 W. IEEE 802.3bt is also known as PoE++ or PoE Plus Plus.

Auto PD recovery

Select to enable or disable automatic PD recovery on the port.

Automatic PD recovery allows the Nebula Device to restart a Powered Device (PD) connected to the port by turning the device on and off again.

Select LLDP to have the Nebula Device passively monitor current status of the connected Powered Device (PD) by reading LLDP packets from the PD on the port.

Select Ping to have the Nebula Device ping the IP address of the connected Powered Device (PD) through the designated port to test whether the PD is reachable or not.

Set the action to take when the connected Powered Device (PD) has stopped responding.

Select Reboot-Alarm to have the Nebula Device send an SNMP trap and generate a log message, and then turn off the power of the connected PD and turn it back on again to restart the PD.

Select Alarm to have the Nebula Device send an SNMP trap and generate a log message.

Set the IPv4 address of the Powered Device (PD) connected to this port.

Specify the number of seconds the Nebula Device waits for a response before sending another ping request.

For example, the Nebula Device will try to detect the PD status by performing ping requests every 20 seconds.

Specify how many times the Nebula Device resends a ping request before considering the PD unreachable.

Specify the number of seconds the Nebula Device waits before monitoring the PD status again after it restarts the PD on the port.

Specify how many times the Nebula Device attempts to restart the PD on the port.

The PD Reboot Count resets if any of the following conditions are true:

Specify the number of seconds the Nebula Device waits before supplying power to the connected PD again after it restarts the PD on the port.

IPTV Setting

Overwrite advanced IGMP setting

Select ON to overwrite the port’s advanced IGMP settings (configured in the Site-wide > Configure > Switches > Advanced IGMP screen) with the settings you configure in the fields below. Otherwise, select OFF.

Leave Mode

Select Immediate Leave to remove this port from the multicast tree immediately when an IGMP leave message is received on this port. Select this option if there is only one host connected to this port.

Select Normal Leave or Fast Leave and enter an IGMP normal/fast leave timeout value to have the Nebula Device wait for an IGMP report before the leave timeout when an IGMP leave message is received on this port. You need to specify how many milliseconds the Nebula Device waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host.

In Normal Leave mode, when the Nebula Device receives an IGMP leave message from a host on a port, it forwards the message to the multicast router. The multicast router then sends out an IGMP Group-Specific Query (GSQ) message to determine whether other hosts connected to the port should remain in the specific multicast group. The Nebula Device forwards the query message to all hosts connected to the port and waits for IGMP reports from hosts to update the forwarding table.

In Fast Leave mode, right after receiving an IGMP leave message from a host on a port, the Nebula Device itself sends out an IGMP Group-Specific Query (GSQ) message to determine whether other hosts connected to the port should remain in the specific multicast group. This helps speed up the leave process.

Maximum Group

Select Enable and enter the maximum number of multicast groups this port is allowed to join. Once a port is registered in the specified number of multicast groups, any new IGMP join report received on this port will replace the earliest group entry in the multicast forwarding table.

Otherwise, select Disable to turn off multicast group limits.

IGMP filtering profile

An IGMP filtering profile specifies a range of multicast groups that clients connected to the Nebula Device are able to join.

Select the name of the IGMP filtering profile to use for this port. Otherwise, select No Select to remove restrictions and allow the port to join any multicast group.

Fixed router port

Select Auto to have the Nebula Device use the port as an IGMP query port if the port receives IGMP query packets. The Nebula Device forwards IGMP join or leave packets to an IGMP query port.

Select Fixed to have the Nebula Device always use the port as an IGMP query port. This helps prevent IGMP network topology changes when query packet losses occur in the network.

Management rules

The NCC automatically creates rules to allow traffic from/to the Nebula Control Center IP addresses in the list.

Customization rules

Click the icon of a rule and drag the rule up or down to change the order.

Enabled

Select the check box to turn on the rule. Otherwise, clear the check box to turn off the rule.

Policy

Select to allow or deny traffic that matches the filtering criteria in the rule.

Protocol

Select the type of IP protocol used to transport the traffic to which the rule is applied.

Source MAC

Enter the source MAC address of the packets that you want to filter.

Source IP

Enter the source IP address of the packets that you want to filter.

Source port

Enter the source port numbers that defines the traffic type.

Destination MAC

Enter the destination MAC address of the packets that you want to filter.

Destination IP

Enter the destination IP address of the packets that you want to filter.

Destination port

Enter the destination port numbers that defines the traffic type.

VLAN

Enter the ID number of the VLAN group to which the matched traffic belongs.

Description

Enter a descriptive name for the rule.

Delete

Click the delete icon to remove the rule.

Add

Click this button to create a new rule.

IP interface

Switch

This shows the name of the Nebula Device.

Name

This shows the name of the interface (network) on the Nebula Device.

IP address

This shows the IP address of the interface (network).

Subnet mask

This shows the subnet mask of the interface (network).

Click this icon to modify the interface.

Click this icon to delete the interface.

VLAN ID

This shows the ID number of the VLAN with which the interface (network) is associated.

+ Add

Click this button to create a new interface on a Nebula Device in the site.

Static route

Switch

This shows the name of the Nebula Device.

Name

This shows the name of the static route.

Destination

This shows the destination IP address.

Subnet mask

This shows the IP subnet mask.

Next hop IP

This shows the IP address of the next-hop gateway or the interface through which the traffic is routed. The gateway is a router or Nebula Device on the same segment as your Security Appliance's interfaces. It helps forward packets to their destinations.

Click this icon to modify the static route.

Click this icon to delete the static route.

+ Add

Click this button to create a new static route on a Nebula Device in the site.

Switch

Select a Nebula Device in the site on which to create the interface.

Name

Enter a name of the interface (network) on the Nebula Device.

IP address

Inter the IP address of the interface (network).

Subnet mask

Enter the subnet mask of the interface (network).

VLAN

Enter the ID number of the VLAN with which the interface (network) is associated.

Close

Click Close to exit this screen without saving.

Create

Click Create to save your changes and create the interface.

Switch

Select a Nebula Device in the site on which to create the interface.

Name

Enter a descriptive name for this route.

Destination

Specifies the IP network address of the final destination.

Subnet mask

Enter the IP subnet mask.

Next hop IP

Enter the IP address of the next-hop gateway.

Close

Click Close to exit this screen without saving.

Create

Click Create to save your changes and create the static route.

Model list

Click this to view a list of Zyxel Nebula Device models that support ONVIF discovery.

ONVIF discovery

Enable this to allow ONVIF-compatible Nebula Devices in the site to send ONVIF packets to discover or scan for ONVIF-compatible IP-based security devices.

ONVIF VLAN ID

Enter the ID number of the VLAN to run ONVIF. You can enter multiple VLAN IDs separated by a comma (,). For example, enter “1,2” for VLAN IDs 1 and 2.

Switch name

Select the Nebula Device that you want to enable ONVIF discovery on.

Port list

Enter the port numbers to allow discovery of ONVIF-compatible devices. You can enter multiple ports separated by comma (,) or hyphen (-) without spaces. For example, enter “3-5” for ports 3, 4, and 5. Enter “3,5,7” for ports 3, 5, and 7.

Description

Enter a descriptive name for this Nebula Device.

Model

This shows the Nebula Device model.

Click this icon to delete the ONVIF configuration for the Nebula Device.

+ Add

Click this to configure ONVIF discovery on another Nebula Device in the site.

IGMP snooping

Select ON to enable and configure IGMP snooping settings on all Nebula Devices in the site. Select OFF to disable it.

IGMP-snooping VLAN

Select Auto-detect to have the Nebula Device learn multicast group membership information of any VLANs automatically.

Select User Assigned VLANs and enter the VLAN IDs to have the Nebula Device only learn multicast group membership information of the VLANs that you specify.

Click Model List to view a list of Zyxel Nebula Device models that do not support this feature.

Unknown multicast drop

Specify the action to perform when the Nebula Device receives an unknown multicast frame. Select ON to discard the frames. Select OFF to send the frames to all ports.

Click Model List to view a list of Zyxel Nebula Device models that do and do not support this feature.

Drop on VLAN

This allows you to define the VLANs in which unknown multicast packets can be dropped.

IGMP filtering profiles

An IGMP filtering profile specifies a range of multicast groups that clients connected to the Nebula Device are able to join.

You can set the Nebula Device to filter the multicast group join reports on a per-port basis by configuring an IGMP filtering profile and associating a port to the profile.

Click the edit icon to change the profile settings. See Add/Edit IGMP Filtering Profiles.

Click the remove icon to delete the profile.

+Add

Click this button to create a new profile. See Add/Edit IGMP Filtering Profiles.

IPTV topology setup

The following three buttons are available only when there are multiple Nebula Devices in the site and your administrator account has full access to this screen.

IGMP snooping

Select the Nebula Devices you want to configure and click this button to turn on or off IGMP snooping on the selected Nebula Devices.

Role

Select the Nebula Devices you want to configure and click this button to change the IGMP role of the selected Nebula Devices.

Port settings

Select the Nebula Devices you want to configure and click this button to open the Port settings screen, where you can change IGMP leave mode and IGMP filtering profile for the ports on the selected Nebula Devices. See IGMP Port Settings.

IGMP topology tips

Click this to view information about configuring your network and device roles to optimize IPTV performance.

The following list shows you the IGMP settings for each Nebula Device in the site.

Switch Name

This shows the name of the Nebula Device in the site.

IGMP snooping

Click this to enable IGMP snooping on the Nebula Device. See Advanced IGMP for more information on IGMP snooping.

IGMP report proxy

Click this to enable IGMP report proxy on the Nebula Device. An IGMP report is generated when monitoring multicast address or membership query.

It is highly recommended to disable this in the following conditions:

Role

This shows whether the Nebula Device is acting as an IGMP snooping querier, aggregation Nebula Device or access Nebula Device in the IPTV network.

Port settings

Click Advanced setup to open the Port settings screen, where you can change IGMP leave mode and IGMP filtering profile for the ports on the Nebula Device. See IGMP Port Settings.

The following fields display when the IGMP role of a Nebula Device is set to Querier.

VLAN

Enter the ID number of the VLAN on which the Nebula Device learns the multicast group membership.

Querier IP Interface

Enter the IP address of the Nebula Device interface in IGMP querier mode.

The Nebula Device acts as an IGMP querier in that network/VLAN to periodically send out IGMP query packets with the interface IP address and update its multicast forwarding table.

Mask

Enter the subnet mask of the Nebula Device interface in IGMP querier mode.

Click the remove icon to delete the rule.

Add

Click this button to create a new rule.

Profile name

Enter a descriptive name for this profile for identification purposes.

 

This shows the index number of the rule.

Start IP address

Enter the starting multicast IP address for a range of multicast IP addresses that you want to belong to the IGMP filter profile.

End IP address

Enter the ending multicast IP address for a range of IP addresses that you want to belong to the IGMP filter profile.

If you want to add a single multicast IP address, enter it in both the Start IP Address and End IP Address fields.

Click the remove icon to delete the rule.

+Add

Click this button to create a new rule in this profile.

Close

Click this button to exit this screen without saving.

Save & Back

Click this button to save your changes and close the screen.

Switch name

This shows the name of the Nebula Devices that you select to configure.

Role

This shows whether the Nebula Devices you selected is an IGMP snooping querier, aggregation Nebula Device or access Nebula Device in the IPTV network.

Leave mode

Select Immediate Leave to set the Nebula Device to remove this port from the multicast tree immediately when an IGMP leave message is received on this port. Select this option if there is only one host connected to this port.

Select Normal Leave or Fast Leave and enter an IGMP normal/fast leave timeout value to have the Nebula Device wait for an IGMP report before the leave timeout when an IGMP leave message is received on this port. You need to specify how many milliseconds the Nebula Device waits for an IGMP report before removing an IGMP snooping membership entry when an IGMP leave message is received on this port from a host.

In Normal Leave mode, when the Nebula Device receives an IGMP leave message from a host on a port, it forwards the message to the multicast router. The multicast router then sends out an IGMP Group-Specific Query (GSQ) message to determine whether other hosts connected to the port should remain in the specific multicast group. The Nebula Device forwards the query message to all hosts connected to the port and waits for IGMP reports from hosts to update the forwarding table.

In Fast Leave mode, right after receiving an IGMP leave message from a host on a port, the Nebula Device itself sends out an IGMP Group-Specific Query (GSQ) message to determine whether other hosts connected to the port should remain in the specific multicast group. This helps speed up the leave process.

Maximum group

Select Enable and enter the maximum number of multicast groups this port is allowed to join. Once a port is registered in the specified number of multicast groups, any new IGMP join report received on this port will replace the earliest group entry in the multicast forwarding table.

Otherwise, select Disable to turn off multicast group limits.

IGMP filtering profile

An IGMP filtering profile specifies a range of multicast groups that clients connected to the Nebula Device are able to join.

Select the name of the IGMP filtering profile to use for this port. Otherwise, select No Select to remove restrictions and allow the port to join any multicast group.

Reset

Click this button to return the screen to its last-saved settings.

Close

Click this button to exit this screen without saving.

Save

Click this button to save your changes and close the screen.

Authentication Server

Server type

Select External radius server to have both IEEE 802.1x (WPA-Enterprise) authentication and MAC-based authentication. The Nebula Device sends a request message to a RADIUS server in order to authenticate clients. The administrator must enter the IP address of the RADIUS server. The default port is 1812.

Select Nebula cloud authentication to have MAC-based authentication only. The Nebula Device sends HTTPS message to NCAS (Nebula Cloud Authentication Server) to authenticate clients. The default port is 443. See Set Up MAC Authentication With NCAS (for Nebula Switches only) for the steps in setting up MAC authentication with NCAS.

Blocked clients do not appear in the Nebula Device MAC address table. The Nebula Device re-authenticates blocked clients when:

The following fields appear when you select External radius server as the Server type.

Click the icon of a rule and drag the rule up or down to change the order.

Host

Enter the IP address of the external RADIUS server.

Port

Enter the port of the RADIUS server for authentication (default 1812).

Secret

Enter a password (up to 32 alphanumeric characters) as the key to be shared between the external RADIUS server and the Nebula Device.

Click the remove icon to delete the entry.

Add

Click this button to create a new RADIUS server entry.

Authentication policy

You apply the policy to a port in Site-wide > Configure > Switches > Switch ports: Edit (a selected port).

Password for MAC-Base Auth

Enter the password the Nebula Device sends along with the MAC address of a client for authentication with the RADIUS server. You can enter up to 32 printable ASCII characters.

Name

Enter a descriptive name for the policy.

Auth. type

Select MAC-Base if you want to validate access to the ports based on the MAC address and password of the client.

Select 802.1X if you want to validate access to the ports based on the user name and password provided by the client.

Guest VLAN

A guest VLAN is a pre-configured VLAN on the Nebula Device that allows non-authenticated users to access limited network resources through the Nebula Device.

Enter the number that identifies the guest VLAN.

Port security

Click On to enable port security on the ports. Otherwise, select Off to disable port security on the ports.

MAC limitation

This field is configurable only when you enable port security.

Specify the maximum number of MAC addresses that may be learned on a port.

Auth. ports

This shows the number of the Nebula Device ports to which this policy is applied.

Click the remove icon to delete the profile.

Add

Click this button to create a new policy.

Name

Enter a descriptive name for this schedule for identification purposes.

Schedule templates

Select a pre-defined schedule template or select Custom schedule and manually configure the day and time at which PoE is enabled.

Day

This shows the day of the week.

Availability

Click On to enable PoE at the specified time on this day. Otherwise, select Off to turn PoE off on the day and at the specified time.

Specify the hour and minute when the schedule begins and ends each day.

Close

Click this button to exit this screen without saving.

Add

Click this button to save your changes and close the screen.

Auto configuration recovery

Auto configuration recovery

When On, connectivity check to NCC is done 5 minutes after any configuration change. If an NCC connection problem is detected, the Nebula Device will return to its last saved custom default configuration. The Nebula Device will be locked by NCC and the banner N Switches are currently protected by Auto Configuration Recovery will be displayed.

Otherwise, the latest configuration will be saved as the new custom default configuration.

VLAN configuration

Management VLAN

Enter the VLAN identification number associated with the Nebula Device IP address. This is the VLAN ID of the CPU and is used for management only. The default is "1". All ports, by default, are fixed members of this "management VLAN" in order to manage the device from any port. If a port is not a member of this VLAN, then users on that port cannot access the device. To access the Nebula Device make sure the port that you are connected to is a member of Management VLAN.

Before changing the management VLAN for an uplink port, check the following to avoid disconnection with NCC:

STP configuration

Rapid spanning tree protocol (RSTP)

Select On to enable RSTP on the Nebula Device. Otherwise, select Off.

STP bridge priority

Bridge priority is used in determining the root Nebula Device, root port and designated port. The Nebula Device with the highest priority (lowest numeric value) becomes the STP root Nebula Device. If all Nebula Devices have the same priority, the Nebula Device with the lowest MAC address will then become the root Nebula Device.

The lower the numeric value you assign, the higher the priority for this bridge.

Click Set the bridge priority for another switch to create a new entry. Select the Nebula Devices for which you want to configure the bridge priority, and select a value from the drop-down list box.

Quality of service

Quality of service

Enter a VLAN ID and select the priority level that the Nebula Device assigns to frames belonging to this VLAN. Enter a descriptive name for the QoS (Quality of Service).

Click Add to create a new entry.

Port mirroring

Port mirroring

Click Add to create a new entry.

Select the Nebula Device for which you want to configure port mirroring, specify the destination port you copy the traffic to in order to examine it in more detail without interfering with the traffic flow on the original ports, and also enter the source port on which you mirror the traffic.

Err-disable recovery

Err-disable recovery

Enter the number of seconds (from 30 to 86400) to wait to activate a port or allow specific packets on a port, after the loop guard / BPDU guard error was gone.

The loop guard feature shuts down a port if it detects that packets sent out on that port loop back to the Nebula Device.

The BPDU guard feature allows you to prevent any new STP-aware (Spanning Tree Protocol) switch from connecting to an existing network and causing STP topology changes in the network. If there is any BPDU detected on the ports on which BPDU guard is enabled, the Nebula Device disables the ports automatically.

Voice VLAN

Voice VLAN

Select On to enable the Voice VLAN feature on the Nebula Device. Otherwise, select Off.

It groups the voice traffic with defined priority into an assigned VLAN which enables the separation of voice and data traffic coming into the Nebula Device port.

Voice VLAN ID

Enter a VLAN ID number.

Priority

Select the priority level of the Voice VLAN from 1 to 6.

Assign VLAN by

Select how the Nebula Device assigns ports connected to VoIP devices to the Voice VLAN.

OUI (Organizationally Unique Identifier): The Nebula Device assigns a port connected to a VoIP device to the Voice VLAN if the connected device’s OUI matches any OUI in the list.

LLDP-MED: The Nebula Device assigns a port connected to a VoIP device to the voice VLAN if the connected device is identified as a VoIP device using the LLDP-MED protocol.

OUI

This field appears when you select OUI in the Assign VLAN by field.

Click Add OUI on this network to add an OUI and a description for the OUI.

An Organizationally Unique Identifier identifies a manufacturer. Typically, a device’s OUI is the first three octets of the device’s MAC address.

For example, if you have an IP phone from Company A with MAC address 00:0a:95:9d:68:16, you can enter OUI 00:0a:95 to match all devices from Company A.

DSCP

This field appears when you select LLDP-MED in the Assign VLAN by field.

Enter the Differentiated Services Code Point (DSCP) value for traffic on the voice VLAN. The value is defined from 0 through 63, and 0 is the default.

Vendor ID based VLAN

Vendor ID based VLAN

Select On to enable the Vendor ID based VLAN feature on the Nebula Device. Otherwise, select Off.

Click the Add Vendor-ID on this network button to define the vendor MAC address OUI, assign to which VLAN, and set the priority. Enter a descriptive name for the Vendor ID based VLAN. Enter up to 64 characters for this field including special characters inside the square quotes [~!@#$%^&*()_+{}|:”<>–=[]\;’,/ ].

Access management

Access management

Select On to enable the access management feature on the Nebula Device. Otherwise, select Off.

Allow IP range

Click the Add allow IP range button to set the connected devices’ starting and ending IP addresses that will be allowed to access the Nebula Devices through telnet, SSH, HTTP, HTTPS, and FTP.

DHCP Server Guard

DHCP Server Guard

Select On to enable the DHCP server guard feature on the Nebula Device in order to prevent illegal DHCP servers. Only the first DHCP server that assigned the Nebula Device IP address is allowed to assign IP addresses to devices in this management VLAN.

Otherwise, select Off to disable it.

IP source guard

IP source guard

Select On to enable IP source guard protection. IP source guard uses a binding table to distinguish between authorized and unauthorized DHCP and ARP packets in your network. When the client does not exist in the binding table, the client is unauthorized and traffic will be blocked.

To successfully access the network:

Protected switch

This shows the Nebula Device(s).

Allowed client list

This allows the administrator to define a set of clients. Click Add client to define the IPv4 address, MAC address, and VLAN of the static client. A previous entry will be overwritten when you enter a duplicate MAC address and VLAN ID.

Click Actions > Edit to modify the static client entry. Then click Update. The MAC address and VLAN ID will appear in red when you enter a duplicate entry.

Click Actions > Delete to remove the static client entry.

Click Save to activate the settings.