KTI Networks KS-2601 User Manual
Page 12
8
4. Port
Mirror
This switch operates in store-and-forward algorithm so it is not possible to
monitor network traffic from another connection port. But the port mirror
function could copy packets from some monitored port to another port for
network monitor. This switch also provides DA/SA filtering function for
monitoring the traffic to/from some user.
5. QoS
For Quality of Service request in a network, packets could be classified to
different forwarding priorities. For real-time network traffic (like video, audio), it
needs higher priority than normal network traffic. With the definition of packet
priority, it could have 8 priority levels (from 0 to 7). This switch supports four
priority level queues on each port. It could be configured for port-based or
802.1P tagged based. User can define the mapping (0 – 7) to the four priority
queues.
6. Static Mac ID in ARL table
The switch can learn the Mac address from user’s packets and keep these Mac
address in the ARL table for store-and-forward table lookup operation. But
these Mac addresses will be deleted from ARL table after some time when
users do not send any packets to the switch. This operation is called aging
and the time is called aging time. It is 5 minutes normally (it could be changed
by users.) If users want to keep a Mac address always in ARL table for some
port, they can assign the Mac address to ARL table. These Mac ID are called
Static Mac address. This switch supports static Mac address assignment.
The static Mac address assignment will also limit the Mac address could be
used or rejected on the assigned port only with the port security configuration
function. For example, assigning “00-00-01-11-22-33” to Port 5 will always
keep this Mac ID alive on Port 5 but also limit this Mac address could work on
Port 5 only or rejected from Port 5 - depending on the setting of its port security
mode.
Note: About Static Mac Address Filter-in (port binding) function
There is a “Mac Security Configuration” function for port security mode. If it is
set to Accept mode, only these static Mac addresses can access network
through the assigned port. The other Mac addresses will be forbidden for
network access through that port. This function can be used for port binding
security application. Please refer to Section 6.2 / 6.3 for the details of the Mac
address filter-in operation of the switch.
7. IEEE 802.1x Port Security Function
If the 802.1x function is enabled, the switch will act as an authenticator for
users accessing network through the switch. It will need a RADIUS server for
the authentication function. Users will be asked for username and password
before network access. If the RADIUS server authenticates it, the switch will
enable the port for network access. This function is very useful for network
security application to prevent illegal users access network through the switch.
This switch supports MD5, TLS and PEAP authentication types.