Ge Appliances Multilink Ml1200 Users Manual

MULTILINK ML1200 ml12man-a1

ML1200 to the manual 5eb3967d-8cac-4e67-80a1-d6c563dfa811

2015-01-23

: Ge-Appliances Ge-Appliances-Multilink-Ml1200-Users-Manual-257439 ge-appliances-multilink-ml1200-users-manual-257439 ge-appliances pdf

Open the PDF directly: View PDF .
Page Count: 344

Download
Open PDF In Browser	View PDF

Digital Energy
Multilin

MultiLink ML1200
Managed Field Switch
Instruction Manual
Firmware Revision 3.3x
Manual P/N: 1601-9095-A1
Manual Order Code: GEK-113538
Copyright © 2009 GE Multilin

Tel: (905) 294-6222 Fax: (905) 201-2098
Internet: http://www.GEmultilin.com

*1601-9095-A1*

ISO9001:2000
I

Canada L6E 1B3

215 Anderson Avenue, Markham, Ontario

T
GIS ERE

GE Multilin

U LT I L

GE Multilin's Quality
Management System is
registered to ISO9001:2000
QMI # 005094
UL # A3775

These instructions do not purport to cover all details or variations in equipment nor provide for every
possible contingency to be met in connection with installation, operation, or maintenance. Should further
information be desired or should particular problems arise which are not covered sufficiently for the
purchaser’s purpose, the matter should be referred to the General Electric Company.
To the extent required the products described herein meet applicable ANSI, IEEE, and NEMA standards; but
no such assurance is given with respect to local codes and ordinances because they vary greatly.
© 2009 GE Multilin Incorporated. All rights reserved.
GE Multilin Multilink ML1200 instruction manual for revision 3.3x.
Multilink ML1200 is a registered trademark of GE Multilin Inc.
NEBS is a trademark of Telcordia Technologies
The contents of this manual are the property of GE Multilin Inc. This documentation is furnished on license
and may not be reproduced in whole or in part without the permission of GE Multilin. The content of this
manual is for informational use only and is subject to change without notice.
Part numbers contained in this manual are subject to change without notice, and should therefore be
verified by GE Multilin before ordering.
Part number: 1601-9095-A1 (June 2009)
Federal Communications Commission
Radio Frequency Interference Statement
This equipment generates, uses and can radiate frequency energy and if not installed and used properly
in strict accordance with the manufacturer's instructions, may cause interference to radio
communication. It has been tested and found to comply with the limits for a Class A computing device in
accordance with the specifications in Subpart J of Part 15 of FCC rules, which are designed to provide
reasonable protection against such interference when operated in a commercial environment. Operation
of this equipment in a residential area is likely to cause interference, in which case the user, at their own
expense, will be required to take whatever measures may be required to correct the interference.
Canadian Emissions Statement
This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment
Regulations.
Electrical Safety requirements:
1.

This product is to be installed Only in Restricted Access Areas (Dedicated Equipment Rooms, Electrical
Closets, or the like).

48 V DC products shall be installed with a readily accessible disconnect device in the building
installation supply circuit to the product.

This product shall be provided with a maximum 10 A DC Listed fuse or circuit breaker in the supply
circuit when connected to a 48 V centralized DC source.

The external power supply for DC units shall be a Listed, Direct Plug In power unit, marked Class 2, or
Listed ITE Power Supply, marked LP, which has suitably rated output voltage (i.e. 24 V DC or 48 V DC)
and suitable rated output current.

Product does not contain user replaceable fuses. Any internal fuses can ONLY be replaced by GE
Multilin.

TOC

TABLE OF CONTENTS

Table of Contents
1: INTRODUCTION

GETTING STARTED ............................................................................................................................. 1-1
INSPECTING THE PACKAGE AND PRODUCT ........................................................................ 1-1
ORDER CODES ..................................................................................................................................... 1-2
SPECIFICATIONS ................................................................................................................................. 1-3
COMMAND LINE INTERFACE FIRMWARE ................................................................................. 1-7
CONSOLE CONNECTION ....................................................................................................... 1-7
CONSOLE SETUP .................................................................................................................... 1-7
CONSOLE SCREEN ................................................................................................................. 1-8
LOGGING IN FOR THE FIRST TIME ....................................................................................... 1-8
AUTOMATIC IP ADDRESS CONFIGURATION ....................................................................... 1-8
SETTING THE IP PARAMETERS USING CONSOLE PORT .................................................... 1-9
PRIVILEGE LEVELS .................................................................................................................. 1-11
USER MANAGEMENT ............................................................................................................. 1-12
HELP ........................................................................................................................................ 1-13
EXITING ................................................................................................................................... 1-14
ENERVISTA SECURE WEB MANAGEMENT ............................................................................... 1-15
LOGGING IN FOR THE FIRST TIME ....................................................................................... 1-15
PRIVILEGE LEVELS .................................................................................................................. 1-17
USER MANAGEMENT ............................................................................................................. 1-17
MODIFYING THE PRIVILEGE LEVEL ...................................................................................... 1-21
HELP ........................................................................................................................................ 1-22
EXITING ................................................................................................................................... 1-22
ML1200 FIRMWARE UPDATES ..................................................................................................... 1-24
UPDATING MULTILINK ML1200 FIRMWARE .................................................................... 1-24
SELECTING THE PROPER VERSION ...................................................................................... 1-24
UPDATING THROUGH THE COMMAND LINE ....................................................................... 1-24
UPDATING THROUGH THE ENERVISTA SECURE WEB MANAGEMENT SOFTWARE ........ 1-26

2: PRODUCT DESCRIPTION

OVERVIEW ............................................................................................................................................. 2-1
FOUR-PORT SFF FIBER MODULES (CC MODULE, CD MODULE), 100MB FIBER ......... 2-3
FOUR-PORT COPPER MODULE, C1 MODULE MDIX) ................................................... 2-4
POE (POWER PASS-THROUGH), C2 MODULE (MDIX), 10/100MB 4-PORT ............... 2-4
TWO-PORT FIBER MODULES, 2@ 100MB FIBER ........................................................... 2-5
TWO -PORT 10 MB MM FIBER ST MODULES ................................................................... 2-5
SFP GIGABIT (1000MBPS) PORT MODULES ..................................................................... 2-6
PACKET PRIORITIZATION, 802.1P QOS ............................................................................. 2-6
FRAME BUFFERING AND FLOW CONTROL ......................................................................... 2-7
MANAGED NETWORK FIRMWARE FOR MULTILINK ML1200-SERIES ........................... 2-7
FEATURES AND BENEFITS .............................................................................................................. 2-8
APPLICATIONS ..................................................................................................................................... 2-10

3: INSTALLATION

PREPARATION ...................................................................................................................................... 3-1
LOCATING MULTILINK ML1200 SWITCHES ...................................................................... 3-1
CONNECTING ETHERNET MEDIA ................................................................................................. 3-2
MECHANICAL INSTALLATION ....................................................................................................... 3-6
DIN-RAIL MOUNTING THE MULTILINK ML1200 ............................................................ 3-6
ELECTRICAL INSTALLATION ........................................................................................................... 3-8
POWERING THE MULTILINK ML1200 MANAGED FIELD SWITCH ................................ 3-8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

TOC–I

TABLE OF CONTENTS

ALARM CONTACTS FOR MONITORING INTERNAL POWER, AND SOFTWARE TRAPS ..... 3-8
ML1200 PORT MODULE (PM) INSTALLATION ................................................................. 3-9
CONNECTING A MANAGEMENT CONSOLE TERMINAL
TO MULTILINK ML1200 (SERIAL-RJ-45 CONSOLE PORT) ........ 3-10
4: OPERATION

FUNCTIONALITY ..................................................................................................................................4-1
SWITCHING FUNCTIONALITY ................................................................................................ 4-1
STATUS LEDS ........................................................................................................................4-2
AUTO-CROSS (MDIX) AND AUTO-NEGOTIATION, FOR RJ-45 PORTS ........................... 4-2
FLOW-CONTROL, IEEE 802.3X STANDARD ...................................................................... 4-3
POWER BUDGET CALCULATIONS FOR ML1200 PM’S WITH FIBER MEDIA ................. 4-4
MULTILINK ML1200 MANAGED FIELD SWITCH PORT MODULES ................................. 4-6
INSPECTING THE PACKAGE AND PRODUCT ........................................................................ 4-6
ML1200 MODULES ............................................................................................................. 4-6
BEFORE CALLING FOR ASSISTANCE .................................................................................... 4-13

5: IP ADDRESSING

IP ADDRESS AND SYSTEM INFORMATION ............................................................................... 5-1
OVERVIEW .............................................................................................................................. 5-1
IMPORTANCE OF AN IP ADDRESS ............................................................................................... 5-3
DHCP AND BOOTP ............................................................................................................... 5-3
BOOTP DATABASE .................................................................................................................. 5-3
CONFIGURING DHCP/BOOTP/MANUAL/AUTO ..............................................................5-3
USING TELNET ....................................................................................................................... 5-5
SETTING PARAMETERS .................................................................................................................... 5-8
SETTING SERIAL PORT PARAMETERS .................................................................................. 5-8
SYSTEM PARAMETERS ........................................................................................................... 5-8
DATE AND TIME ..................................................................................................................... 5-9
NETWORK TIME ..................................................................................................................... 5-10
SYSTEM CONFIGURATION .............................................................................................................. 5-14
SAVING AND LOADING – COMMAND LINE ........................................................................ 5-14
CONFIG FILE ........................................................................................................................... 5-14
DISPLAYING CONFIGURATION .............................................................................................. 5-17
SAVING CONFIGURATION ..................................................................................................... 5-20
SCRIPT FILE ............................................................................................................................ 5-22
SAVING AND LOADING – ENERVISTA SOFTWARE .............................................................5-23
HOST NAMES .........................................................................................................................5-25
ERASING CONFIGURATION ................................................................................................... 5-27
IPV6 .......................................................................................................................................................... 5-31
INTRODUCTION TO IPV6 ....................................................................................................... 5-31
WHAT’S CHANGED IN IPV6? ............................................................................................... 5-31
IPV6 ADDRESSING ................................................................................................................ 5-32
CONFIGURING IPV6 .............................................................................................................. 5-33
LIST OF COMMANDS IN THIS CHAPTER ................................................................................ 5-34

6: ACCESS
CONSIDERATIONS

SECURING ACCESS ............................................................................................................................ 6-1
DESCRIPTION .......................................................................................................................... 6-1
PASSWORDS ........................................................................................................................... 6-1
PORT SECURITY FEATURE ..................................................................................................... 6-2
CONFIGURING PORT SECURITY THROUGH THE COMMAND LINE INTERFACE ....... 6-3
COMMANDS ............................................................................................................................ 6-3
ALLOWING MAC ADDRESSES ............................................................................................. 6-4

TOC–II

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

TOC

TABLE OF CONTENTS

SECURITY LOGS ..................................................................................................................... 6-8
AUTHORIZED MANAGERS ..................................................................................................... 6-10
CONFIGURING PORT SECURITY WITH ENERVISTA SOFTWARE ..................................... 6-12
COMMANDS ............................................................................................................................ 6-12
LOGS ....................................................................................................................................... 6-15
AUTHORIZED MANAGERS ..................................................................................................... 6-16
7: ACCESS USING RADIUS

INTRODUCTION TO 802.1X ............................................................................................................ 7-1
DESCRIPTION .......................................................................................................................... 7-1
802.1X PROTOCOL ............................................................................................................... 7-1
CONFIGURING 802.1X THROUGH THE COMMAND LINE INTERFACE ......................... 7-4
COMMANDS ............................................................................................................................ 7-4
EXAMPLE ................................................................................................................................. 7-6
CONFIGURING 802.1X WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................ 7-9
COMMANDS ............................................................................................................................ 7-9

8: ACCESS USING
TACACS+

INTRODUCTION TO TACACS+ ....................................................................................................... 8-1
OVERVIEW .............................................................................................................................. 8-1
TACACS+ FLOW .................................................................................................................. 8-2
TACACS+ PACKET ............................................................................................................... 8-2
CONFIGURING TACACS+ THROUGH THE COMMAND LINE INTERFACE .................... 8-4
COMMANDS ............................................................................................................................ 8-4
EXAMPLE ................................................................................................................................. 8-4
CONFIGURING TACACS+ WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................ 8-6

9: PORT MIRRORING AND
SETUP

PORT MIRRORING .............................................................................................................................. 9-1
DESCRIPTION .......................................................................................................................... 9-1
PORT MIRRORING USING THE COMMAND LINE INTERFACE .......................................... 9-2
COMMANDS ............................................................................................................................ 9-2
PORT SETUP ......................................................................................................................................... 9-3
COMMANDS ............................................................................................................................ 9-3
FLOW CONTROL .................................................................................................................... 9-5
BACK PRESSURE .................................................................................................................... 9-5
BROADCAST STORMS ............................................................................................................ 9-7
LINK LOSS ALERT .................................................................................................................. 9-9
PORT MIRRORING USING ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................ 9-11
COMMANDS ............................................................................................................................ 9-11
PORT SETUP ........................................................................................................................... 9-12
BROADCAST STORMS ............................................................................................................ 9-15

10: VLAN

VLAN DESCRIPTION .......................................................................................................................... 10-1
OVERVIEW .............................................................................................................................. 10-1
TAG VLAN VS. PORT VLAN ............................................................................................... 10-3
CONFIGURING PORT VLANS THROUGH THE COMMAND LINE INTERFACE ............. 10-5
DESCRIPTION .......................................................................................................................... 10-5
COMMANDS ............................................................................................................................ 10-5
CONFIGURING PORT VLANS WITH ENERVISTA SECURE

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

TOC–III

TABLE OF CONTENTS

WEB MANAGEMENT SOFTWARE ............................................................10-7
DESCRIPTION .......................................................................................................................... 10-7
CONFIGURING TAG VLANS THROUGH THE COMMAND LINE INTERFACE ................ 10-12
DESCRIPTION .......................................................................................................................... 10-12
COMMANDS ............................................................................................................................ 10-12
EXAMPLE .................................................................................................................................10-13
CONFIGURING TAG VLANS WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................10-19
DESCRIPTION .......................................................................................................................... 10-19
11: VLAN REGISTRATION
OVER GARP

12: SPANNING TREE
PROTOCOL (STP)

13: RAPID SPANNING
TREE PROTOCOL

OVERVIEW ............................................................................................................................................. 13-1
DESCRIPTION .......................................................................................................................... 13-1
RSTP CONCEPTS ................................................................................................................... 13-1
TRANSITION FROM STP TO RSTP ....................................................................................... 13-2
CONFIGURING RSTP THROUGH THE COMMAND LINE INTERFACE ............................. 13-4
NORMAL RSTP ...................................................................................................................... 13-4
SMART RSTP (RING-ONLY MODE) THROUGH
THE COMMAND LINE INTERFACE (CLI) ........................................... 13-13
CONFIGURING STP/RSTP WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................13-15
NORMAL RSTP ...................................................................................................................... 13-15
SMART RSTP (RING-ONLY MODE) WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ..................................................... 13-19

14: QUALITY OF SERVICE

QOS OVERVIEW ..................................................................................................................................14-1
DESCRIPTION .......................................................................................................................... 14-1
QOS CONCEPTS ..................................................................................................................... 14-1
DIFFSERV AND QOS ............................................................................................................. 14-2
IP PRECEDENCE ..................................................................................................................... 14-2
CONFIGURING QOS THROUGH THE COMMAND LINE INTERFACE .............................. 14-4
COMMANDS ............................................................................................................................ 14-4
EXAMPLE .................................................................................................................................14-6
CONFIGURING QOS WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................14-9

TOC–IV

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

TOC

TABLE OF CONTENTS

DESCRIPTION .......................................................................................................................... 14-9
15: IGMP

OVERVIEW ............................................................................................................................................. 15-1
DESCRIPTION .......................................................................................................................... 15-1
IGMP CONCEPTS .................................................................................................................. 15-1
IP MULTICAST FILTERS ......................................................................................................... 15-4
RESERVED ADDRESSES EXCLUDED FROM IP MULTICAST (IGMP) FILTERING ............... 15-5
IGMP SUPPORT ..................................................................................................................... 15-5
CONFIGURING IGMP THROUGH THE COMMAND LINE INTERFACE ............................. 15-6
COMMANDS ............................................................................................................................ 15-6
EXAMPLE ................................................................................................................................. 15-8
CONFIGURING IGMP WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................ 15-11
EXAMPLE ................................................................................................................................. 15-11

16: SNMP

OVERVIEW ............................................................................................................................................. 16-1
DESCRIPTION .......................................................................................................................... 16-1
SNMP CONCEPTS ................................................................................................................. 16-1
TRAPS ...................................................................................................................................... 16-3
STANDARDS ............................................................................................................................ 16-3
CONFIGURING SNMP THROUGH THE COMMAND LINE INTERFACE ........................... 16-5
COMMANDS ............................................................................................................................ 16-5
EXAMPLE ................................................................................................................................. 16-6
CONFIGURING SNMP WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ............................................................ 16-11
EXAMPLE ................................................................................................................................. 16-11
CONFIGURING RMON ...................................................................................................................... 16-15
DESCRIPTION .......................................................................................................................... 16-15
COMMANDS ............................................................................................................................ 16-15

17: MISCELLANEOUS
COMMANDS

E-MAIL ..................................................................................................................................................... 17-1
DESCRIPTION .......................................................................................................................... 17-1
COMMANDS ............................................................................................................................ 17-2
EXAMPLE ................................................................................................................................. 17-3
STATISTICS ............................................................................................................................................ 17-5
VIEWING PORT STATISTICS WITH ENERVISTA SECURE
WEB MANAGEMENT SOFTWARE ..................................................... 17-5
SERIAL CONNECTIVITY ..................................................................................................................... 17-7
DESCRIPTION .......................................................................................................................... 17-7
HISTORY ................................................................................................................................................. 17-8
COMMANDS ............................................................................................................................ 17-8
PING ......................................................................................................................................................... 17-9
PING THROUGH THE COMMAND LINE INTERFACE ............................................................ 17-9
PING THROUGH ENERVISTA SECURE WEB MANAGEMENT SOFTWARE ......................... 17-9
PROMPT .................................................................................................................................................. 17-10
CHANGING THE COMMAND LINE PROMPT ........................................................................ 17-10
SYSTEM EVENTS ................................................................................................................................. 17-11
DESCRIPTION .......................................................................................................................... 17-11
COMMAND LINE INTERFACE EXAMPLE ............................................................................... 17-11
ENERVISTA EXAMPLE ............................................................................................................ 17-12
COMMAND REFERENCE .................................................................................................................. 17-14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

TOC–V

TABLE OF CONTENTS

MAIN COMMANDS ................................................................................................................. 17-14
CONFIGURATION COMMANDS .............................................................................................. 17-16
18: MODBUS PROTOCOL

MODBUS CONFIGURATION ........................................................................................................... 18-1
OVERVIEW .............................................................................................................................. 18-1
COMMAND LINE INTERFACE SETTINGS ............................................................................... 18-1
ENERVISTA SETTINGS ............................................................................................................ 18-3
MEMORY MAPPING ........................................................................................................................... 18-4
MODBUS MEMORY MAP ....................................................................................................... 18-4
FORMAT CODES ..................................................................................................................... 18-37

APPENDIX A

REVISION HISTORY ............................................................................................................................ A-1
CHANGE NOTES ..................................................................................................................... A-1
CHANGES TO THE MANUAL .................................................................................................. A-1
WARRANTY ........................................................................................................................................... A-2
GE MULTILIN WARRANTY STATEMENT .............................................................................. A-2

APPENDIX B: DC POWER
INPUT

SPECIFICATIONS FOR MULTILINK ML1200 SWITCHES, DC POWER
AT 24 V AND –48 V AND 125 V DC POWER INPUT ......................... B-2
-48 V DC, 24 V DC AND 125 V DC POWER, THEORY OF OPERATION ......................... B-3
APPLICATIONS FOR DC POWERED ETHERNET SWITCHES ............................................... B-4
ML1200, -48 V, 24 V, 125 V DC INSTALLATION ..................................................................... B-5
UL REQUIREMENTS FOR DC-POWERED UNITS ..................................................................... B-6
OPERATION ........................................................................................................................................... B-7

APPENDIX C: INTERNAL
DC DUAL-SOURCE
POWER INPUT OPTION

SPECIFICATIONS FOR MULTILINK ML1200 FIELD SWITCH .............................................. C-2
MULTILINK ML1200 WITH -48 V DC, 24 V DC
AND 125 V DC DUAL-SOURCE OPTION ............................................... C-3
DUAL-SOURCE OPTION THEORY OF OPERATION ................................................................ C-4
FEATURES AND BENEFITS OF THE DUAL-SOURCE DESIGN ............................................ C-5
INSTALLATION ..................................................................................................................................... C-6

TOC–VI

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 1: Introduction
Introduction

1.1

Getting Started
1.1.1

Inspecting the Package and Product
Examine the shipping container for obvious damage prior to installing this product; notify
the carrier of any damage that you believe occurred during shipment or delivery. Inspect
the contents of this package for any signs of damage and ensure that the items listed
below are included.
This package should contain:
• Multilink ML1200 Managed Field Switch, base unit (configured with user-selected
port module options installed)
• 1 Set of two metal vertical mounting brackets, with screws to the case
• 1 Installation and User Guide (this manual)
• 1 Product Registration Card
Remove the items from the shipping container. Be sure to keep the shipping container
should you need to re-ship the unit at a later date. To validate the product warranty,
please complete and return the enclosed Product Registration Card to GE Multilin as soon
as possible.
In the event there are items missing or damaged, contact the party from whom you
purchased the product. If the unit needs to be returned, please use the original shipping
container if possible. Refer to Section 6, Troubleshooting, for specific return procedures.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–1

INTRODUCTION

1.2

Order Codes
ML1200

ML1200
Module
ML1200
Power Supply

Modules

Only with ML1200-48 models

RoHS/Conformal Coating Option

1–2

CHAPTER 1: INTRODUCTION

*
|
250S
125S
48VS
24VS
12VS
125D
48VD
24VD
48PS
48PD

*
Slot A
|
|
|
|
|
|
|
|
|
|
|
|
C1
|
C2

- *
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
X
H
Z
Y

*
Base Unit
ML1200 250VDC Chassis
ML1200 125VDC Chassis
ML1200 48VDC Chassis
ML1200 24VDC Chassis
ML1200 12VDC Chassis
ML1200 125VDC Chassis - Dual Input PSU
ML1200 48VDC Chassis - Dual Input PSU
ML1200 24VDC Chassis - Dual Input PSU
ML1200 48VDC Chassis - PoE enabled
ML1200 48VDC Chassis - PoE enabled with Dual Input PSU
None
4 x 10/100 RJ-45
4 x 10/100 RJ-45
4 x 10/100 RJ-45 PoE-enabled ports (only with ML1200-48P models)
2 x10/100 RJ-45 + 2x 100Mbit MTRJ mm Fiber
2x 10/100 RJ-45 + 2x 100Mbit LC mm Fiber
2x 10/100 RJ-45 + 2x 100Mbit LC sm Fiber 15km
2x 10/100 RJ-45 + 1x 100Mbit SC mm Fiber
2x 10Mbit ST mm Fiber
2x 100Mbit ST mm Fiber
2x 100Mbit SC mm Fiber
2x 100Mbit SC sm Fiber 20km
2x 100Mbit SC sm Fiber 40km
4x 100Mbit MTRJ mm Fiber
4x 100Mbit LC mm Fiber
4x 100Mbit LC sm Fiber 15km
1x 100Mbit ST mm Fiber
1x 100Mbit SC mm Fiber
1x 100Mbit SC sm Fiber 20km
1x 100Mbit SC sm Fiber 40km
2x 100Mbit MTRJ mm Fiber
2x 100Mbit LC mm Fiber
2x 100Mbit LC sm Fiber 15km
2x 1000Mbit LC mm Fiber
2x 1000Mbit LC mm 2km Fiber
2x 1000Mbit LC sm Fiber 10km
2x 1000Mbit LC sm Fiber 25km
2x 1000Mbit LC sm Fiber 40km
2x 1000Mbit LC sm Fiber 70km
2x 1000Mbit RJ-45 Copper
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit SC mm Fiber
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit SC mm 2km Fiber
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit LC sm Fiber 10km
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit LC sm Fiber 25km
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit LC sm Fiber 40km
1x 1000Mbit RJ-45 Copper + 1x 1000Mbit LC sm Fiber 70km
1x 1000Mbit SC mm Fiber
1x 1000Mbit SC mm 2km Fiber
1x 1000Mbit LC sm Fiber 10km
1x 1000Mbit LC sm Fiber 25km
1x 1000Mbit LC sm Fiber 40km
1x 1000Mbit LC sm Fiber 70km
1x 1000Mbit RJ-45 Copper
None
Harsh Chemical Environment Conformal Coating
RoHS-compliant
RoHS-compliant with Harsh Chemical Environment Coating

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

1.3

INTRODUCTION

Specifications
PERFORMANCE

Filtering / Forwarding Rate:............................................................... Ethernet(10Mb):14,880 pps
Fast Ethernet(100Mb): 148,800 pps
Gigabit Ethernet (1000Mb): 1, 488,000
pps
Switching Processing Type: ............................................................... Store and Forward with IEEE 802.3x
full-duplex flow -control, non-blocking
Data Rate: ................................................................................................. 10Mbps,100Mbps and 1000Mbps
Address Table Capacity: ..................................................................... 4K node, self-learning with address
aging
Packet buffer size : ............................................................................... 240KB for 10/100 and 120KB for
1000Mb
Latency: ..................................................................................................... 5 μs + packet time (100 to 100Mbps)
15 μs + packet time (10 to 10 Mbps,
and 10 to 100Mbps)
Throughput with 12 10/100 and 2Glink max:........................... 4.76M pps (Transmit)
Back plane:................................................................................................ 2.66Gb/s per slot

NETWORK STANDARDS AND COMPLIANCE, HARDWARE
Ethernet V1.0/V2.0 IEEE 802.3: ........................................................ 10BASE-T,
IEEE 802.3u: .............................................................................................. 100Base-TX, 100BASE-FX
IEEE 802.3z: .............................................................................................. 1000BASE-X Ethernet (Autonegotiation)
IEEE 802.3ab: ........................................................................................... 1000BASE-X Ethernet
IEEE 802.1p: .............................................................................................. Priority protocol
IEEE 802.1d: .............................................................................................. Spanning tree protocol
IEEE 802.1w: ............................................................................................. Rapid Spanning tree protocol
IEEE 802.1q: .............................................................................................. VLAN Tagging
IEEE 802.3x: ............................................................................................... Flow Control
IEEE 802.3ad: ........................................................................................... Link Aggregation (Trunking)
IEEE 802.1x: .............................................................................................. Port based Network access control
IEEE 802.3af: ............................................................................................ Power over Ethernet

MAXIMUM 10 MBPS ETHERNET SEGMENT LENGTHS
Unshielded twisted pair ...................................................................... 100 m (328 ft)
Shielded twisted pair:........................................................................... 150 m (492 ft)
10BASE-FL multi-mode fiber optic:................................................ 2 km (6,562 ft)
10BASE-FL single-mode fiber optic:.............................................. 10 km (32,810 ft)

MAXIMUM STANDARD FAST ETHERNET SEGMENT LENGTHS:
10BASE-T (CAT 3, 4, 5 UTP): ................................................................ 100 m (328 ft)
100BASE-TX (CAT 5 UTP):..................................................................... 100 m (328 ft)
Shielded twisted pair:........................................................................... 150 m (492 ft)
100BASE-FX, half-duplex, multi-mode:........................................ 412 m (1350 ft)
100BASE-FX, full-duplex, multi-mode:.......................................... 2.0 km (6,562 ft)
100BASE-FX, half-duplex, single-mode: ...................................... 412 m (1350 ft)
100BASE-FX, full-duplex, single-mode:....................................... 20.0 km (66K ft)
100BASE-FX, full-duplex, Long Reach: ......................................... 40.0 km (132K ft)

MAXIMUM STANDARD GIGABIT ETHERNET SEGMENT LENGTHS:

1000BASE-T (CAT5e or higher is recommended):.................... 100 m (328 ft)
1000BASE-SX, full-duplex, multi-mode(62.5μm cable):........ 220m

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–3

INTRODUCTION

CHAPTER 1: INTRODUCTION

1000BASE-SX, full-duplex, multi-mode(50μm cable):............ 550m
1000BASE-LX, full-duplex, single-mode(62.5μm cable): ...... 5Km

FIBER MULTI-MODE CONNECTOR TYPES SUPPORTED:
Fiber Port, ST-type (twist-lock): ........................................................ Fiber multi-mode, 10Mb 10BASE-FL
Fiber Port, MTRJ-type (plug-in):........................................................ SFF Fiber multi-mode100BASE-FX
Fiber Port, SC-type (snap-in): ............................................................ Fiber optic multi-mode, 100BASE-FX
Fiber Port, ST-type (twist-lock): ........................................................ Fiber optic m.-mode, 100BASE-FX
Fiber Port, 1000BASE-FX, SFP modules

FIBER SINGLE-MODE CONNECTOR TYPES:
Fiber Port, SC-type:................................................................................ Fiber optic single-mode, 100BASE-FX
Fiber Port, LC-type:................................................................................ Fiber SFF single-mode, 100BASE-FX
Fiber Port, 1000BASE-FX, SFP modules

LEDS PER PORT (ONE SET AT THE PORT, ONE SET ON SWIVEL TOP ON RIGHT SIDE)
LK: ................................................................................................................. Steady ON when media link is
operational
ACT: .............................................................................................................. ON with receiver port activity
FDX/HDX: ................................................................................................... ON = Full-Duplex ModeOFF = HalfDuplex Mode
100/10: ....................................................................................................... ON = 100Mbps speedOFF = 10 Mbps

OPERATING ENVIRONMENT
Ambient Temperature: ........................................................................ -40° to 140° F (-40° to 60°C) for
UL60950 and Component Parts rating
-60° to 195° F (-50° to 85°C) for IEC
60068 Type Test short term rating
Storage Temperature: .......................................................................... -60°to 210°F (-50°to 100°C)
Ambient Relative Humidity: ............................................................... 5% to 95% (non-condensing)
Altitude: ....................................................................................................... -200 to 13,000 ft. (-60 to 4000m)
Conformal Coating (humidity protection) option: .................. Request quote

ALARM RELAY CONTACTS

One NC indicating internal power, one NC software controllable

PACKAGING
Enclosure: .................................................................................................. High strength extruded aluminum
Dimensions: ............................................................................................. 6.85 in. H x 7.5 in. W x 2.0 in. D
17.4 cm H x 19.1 cm W x 5.08 cm D
Cooling method: ..................................................................................... Convection, fully-enclosed ribbedsurface aluminum case used as a
sink, designed for vertical mounting,
no fans
Weight: ....................................................................................................... 3 lbs. (1.3 kg)

MANAGEMENT CONSOLE CONNECTOR

Serial DB15 or RJ-45, see details at sec. 3.7

DC POWER SUPPLY (INTERNAL, FLOATING GROUND DESIGN)
12VDC Power Input nominal (range 8 to 18VDC
24VDC Power Input nominal (range 18 to 36VDC)
-48VDC Power Input nominal (range 36 to 60VDC)
125VDC Power Input nominal (range 88 to 150VDC)
250VDC Power Input nominal (range 160 to 300VDC)
Std. Terminal Block : “ -, GND, + ”

1–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

POWER CONSUMPTION
35 watts worst case (for a fully loaded fiber model)
12 watts typical (for a small 4 port copper-only model)

DUAL DC POWER INPUT (OPTIONAL)

A Dual-Source option is available for the 12VDC, 24VDC, – 48VDC, and 125VDC models (not the
250VDC model). This provides for continuity of operation when either of the DC input sources is
interrupted. See Appendices B and C.
The Dual-Source Terminal Block is marked:.............................. “ –A, -B, +A, +B ”

ML1200 MOUNTING
Vertical mounting normal. Suitable for wall or DIN-Rail mounting (ML1200)

TYPE TESTS

TEST

REFERENCE STANDARD

TEST LEVEL

Electrostatic Discharge

EN61000-4-2

Level 4

RF immunity

EN61000-4-3

Level 3

Fast Transient Disturbance

EN61000-4-4

Level 3 & 4

Surge Immunity

EN61000-4-5

Level 4

Conducted RF Immunity

EN61000-4-6

Level 3

Power magnetic Immunity

IEC61000-4-8

Voltage Dip & interruption

IEC61000-4-11

Environmental (Cold)

DNV 2.4

Level 2
0,40,70% dips,250/300cycle
interrupts
-25 C

Environmental (Dry heat)

DNV 2.4

70C

Relative Humidity Cyclic
Radiated & Conducted
Emissions
Radiated & Conducted
Emissions
Safety

DNV 2.4

2 day

CISPR22/ IEC60255-25

Class A

FCC Part 15 Subpart B

Class A

EN60950-1

stanadard

Harmonics

EN61000-3-2

Flicker

EN61000-3-3

Ingress Protection

IEC60529

IP20A

Sinusoidal Vibration

DNV 2.4

1 to 4 G

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–5

INTRODUCTION

CHAPTER 1: INTRODUCTION

APPROVALS

CE Compliance

North America

Applicable Council Directive

According to

Low voltage directive

EN60950-1

EMC Directive

EN61000-6-2, EN61000-6-4

cULus

UL60950-1
C22.2 No. 60950-1

Manufactured under a registered ISO9001
quality program

ISO
WARRANTY

Three years, per UL 60950 temperature rating.
Made in USA

1–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

1.4

INTRODUCTION

Command Line Interface Firmware
1.4.1

Console Connection
The connection to the console is accessed through the DB-9 RS232 connector on the
switch marked as the console port. This command line interface (or CLI) provides access to
the switch commands. It can be accessed by attaching a VT100 compatible terminal or a
PC running terminal emulation firmware to the console port.
USB-to-serial adapters are also available for computers that do not support native serial
ports but have access to USB ports.
The interface through the console or the console management interface (or CMI) enables
you to reconfigure the switch and to monitor switch status and performance.
Once the switch is configured with an IP address, the command line interface (or CLI) is
also accessible using telnet as well as the serial port. Access to the switch can be either
through the console interface or remotely over the network. Simultaneous access (that is,
through the console port as well as through the network) to the MultiLink ML1200
Managed Field Switch switch is not permitted.
The Command Line Interface (CLI) enables local or remote unit installation and
maintenance. The MultiLink ML1200 Managed Field Switch provides a set of system
commands which allow effective monitoring, configuration and debugging of the devices
on the network.

1.4.2

Console Setup
Connect the console port on the switch to the serial port on the computer using the serial
cable listed above. The settings for the HyperTerminal firmware emulating a VT100 are
shown below. Make sure the serial parameters are set as shown (or bps = 38400, data bits
= 8, parity = none, stop bits = 1, flow control = none).

FIGURE 1–1: Serial Settings in HyperTerminal

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–7

INTRODUCTION

1.4.3

CHAPTER 1: INTRODUCTION

Console Screen
Once the console cable is connected to the PC and the firmware configured, ML1200 legal
disclaimers and other text scrolls by on the screen.
The line interface prompt appears displaying the switch model number (e.g. ML1200>)
The switch has three modes of operation: operator (least privilege), manager, and
configuration. The prompts for the switches change as the switch changes modes from
operator to manager to configuration. The prompts are shown below with a brief
description.
• ML1200>
Operator Level - for running operations queries
• ML1200#
Manager Level - for setting and reviewing commands
• ML1200##
Configuration Level - for changing the switch parameter values
For additional information on default users, user levels and more, refer to section 1.4.8 User Management.

1.4.4

Logging In for the First Time
For the first time, use the default user name and passwords assigned by GE. They are:
• Username: manager
Password: manager
• Username: operator
Password: operator
We recommend you login as manager for the first time to set up the IP address as well as
change user passwords or create new users.

1.4.5

Automatic IP Address Configuration
The ML1200 is operational immediately after it is powered up. The advanced management
and configuration capabilities of the ML1200 allows you to easily configure, manage, and
secure your devices and network.
Before starting, ensure you have the following items:
• RJ45 Ethernet cable
• PC with an Ethernet port
• Microsoft Internet Explorer 6.0 or higher
• Macromedia Flash Player 5.0 or higher (available from http://
www.macromedia.com/shockwave/download/
download.cgi?P1_Prod_Version=ShockwaveFlash)
Ensure both firmware components are installed before proceeding.
The ML1200 can search the network for commonly used services that can issue an IP
address. If the switch is connected to a network, the ML1200 uses the following process to
find an IP address.

1–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

If the ML1200 is not connected to a network, then proceed to Step 3 below. or use the
default IP address.

Note

Step 1:
The ML1200 will scan the network for a DHCP server. If the server responds, the ML1200
will acquire and set the assigned IP address. To manage the switch, determine the
assigned IP address and enter as follows in Internet Explorer:
https://
Ensure that https is entered, not http, and that there is connectivity (that is, you can ping
the switch).
Step 2:
If there is no response from a DCHP server, the ML1200 will query for a BOOTP server. If the
server responds, the ML1200 will acquire and set the assigned IP address. To manage the
switch, determine the assigned IP address and enter as follows in Internet Explorer:
https://
Ensure that https is entered, not http, and that there is connectivity (that is, you can ping
the switch).
Step 3:
If there is no response from either a DCHP or BOOTP server, or if the switch is not
connected to a network, the switch will assign itself an IP address. The ML1200 will check
to see if IP address 192.168.1.2, with a network mask of 255.255.255.0, is free. If so, it will
assume these values. If this IP address is assigned to another device, the ML1200 will
repeat steps 1 through 3 to find a DCHP or BOOTP server or wait for the 192.168.1.2
address to become free.
Once connected, the browser will display a login prompt. The default login is:
• Username: manager
Password: manager

1.4.6
Note

Setting the IP Parameters Using Console Port
To configure the Switch’s IP using EnerVista UR Setup software, refer to chapter 2 of this
manual,
To setup the switch, the IP address and other relevant TCP/IP parameters have to be
specified.
The IP address on the MultiLink ML1200 Managed Field Switch is set to 192.168.1.2 from
the factory. The switch is fully operational as a Layer 2 switch as a default. Setting a
default IP address can potentially cause duplicate IP address problem if multiple switches
are powered on and installed on the network. To manage the switch, an IP address has to
be programmed.
Before starting, please ensure that the IP address assigned to the switch is known or
contact your system/network administrator to get the IP address information. Follow the
steps listed below to configure the switch.
Z Ensure the power is off.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–9

INTRODUCTION

CHAPTER 1: INTRODUCTION

Z Follow the steps described above for connecting the console cable
and setting the console firmware.
Z Power on the switch.
Z Once the login prompt appears, login as manager using default
password (manager).
Z Configure the IP address, network mask and default gateway as per
the IP addressing scheme for your network.
Z Set the manager password (this step is recommended; refer to the
following section).
Z Save the settings (without saving, the changes made will be lost).
Z Power off the switch (or a firmware reboot as discussed below).
Z Power on the switch - login with the new login name and password.
Z From the PC (or from the switch) ping the IP address specified for the
switch to ensure connectivity.
Z From the switch ping the default gateway specified (ensure you are
connected to the network to check for connectivity) to ensure
network connectivity.
Syntax:
ipconfig [ip=] [mask=] [dgw=]
An example is shown below.
ML1200# ipconfig ip=3.94.247.41 mask=255.255.252.0
dgw=3.94.244.41
ML1200# save
Note

This manual assumes the reader is familiar with IP addressing schemes as well as how net
mask is used and how default gateways and routers are used in a network.
Reboot gives an opportunity to save the configuration prior to shutdown. For a reboot,
simply type in the command reboot . Note that even though the passwords are not
changed, they can be changed later.
ML1200# reboot
Proceed on rebooting the switch? ['Y' or 'N'] Y
Do you wish to save current configuration? ['Y' or 'N'] Y

ML1200#

The ML1200 forces an answer by prompting with a “Y” or a “N” to prevent accidental
keystroke errors and loss of work.
The parameters can be viewed at any time by using the show command. The show
command will be covered in more detail later in various sections throughout the
document.
The example below illustrates the basic setup parameters. You can use show setup or
show sysconfig commands to view setup parameters.

1–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

ML1200# show setup
Version: ML1200 build 2.1.0 Nov 12 2007 11:10:13
MAC Address: 00:20:06:27:0a:e0
IP Address: 3.94.247.41
Subnet Mask: 255.255.252.0
Gateway Address: 3.94.244.1
CLI Mode: Manager
System Name: ML1200
System Description: 6 Port Modular Ethernet Switch
System Contact: multilin.tech@ge.com
System Location: Markham, Ontario
System ObjectId: 1.3.6.1.4.1.13248.12.7

ML1200# show sysconfig
System Name: ML1200
System Contact: multilin.tech@ge.com
System Location: Markham, Ontario
Boot Mode: manual
Inactivity Timeout(min): 120
Address Age Interval(min): 300
Inbound Telnet Enabled: Yes
Web Agent Enabled: Yes
Time Zone: GMT-05hours:00minutes
Day Light Time Rule: Canada
System UpTime: 0 Days 0 Hours 45 Mins 55 Secs

ML1200#

Some of the parameters in the MultiLink ML1200 Managed Field Switch are shown above.
The list of parameters below indicates some of the key parameters on the switch and the
recommendations for changing them (or optionally keeping them the same).

1.4.7

Privilege Levels
Two privilege levels are available - manager and operator. Operator is at privilege level 1
and the manager is at privilege level 2 (the privilege increases with the levels). For example,
to set up a user for basic monitoring capabilities use lower number or operator level
privilege (level 1).
The Manager level provides all operator level privileges plus the ability to perform systemlevel actions and configuration commands. To select this level, enter the enable command at the Operator level prompt and enter the Manager password, when
prompted.
enable
For example, switching from an operator-level to manager-level, using the enable
command is shown below.
ML1200> enable manager
Password: *******

ML1200#

Note the prompt changes with the new privilege level.
Operator privileges allow views of the current configurations but do not allow changes to
the configuration. A “>” character delimits the operator-level prompt.
Manager privileges allow configuration changes. The changes can be done at the
manager prompt or for global configuration as well as specific configuration. A “#”
character delimits any manager prompt.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–11

INTRODUCTION

1.4.8

CHAPTER 1: INTRODUCTION

User Management
A maximum of five users can be added per switch. Users can be added, deleted or
changed from a manager level account. There can be more than one manager account,
subject to the maximum number of users on the switch being restricted to five.
To add a user, use the add command as shown below. The user name has to be a unique
name. The password is recommended to be at least 8 characters long with a mix of upper
case, lower case, numbers and special characters.
add user= level=
The following example adds a user “peter” with manager-level privilege:
ML1200# user
ML1200(user)## add user=peter level=2
Enter User Password:******
Confirm New Password:******

ML1200(user)##

To delete a user, use the delete command as shown below.
delete user=
The following example deletes the user “peter”:
ML1200(user)## delete user=peter
Confirm User Deletion(Y/N): Y
User successfully deleted

ML1200(user)##

The syntax to modify a password is shown below:
passwd user=
The following example changes the password for user “peter”.
ML1200(user)## passwd user=peter
Enter New Password:******
Confirm New Password :******
Password has been modified successfully

ML1200(user)##

The syntax to modify the privilege level for a specific user is shown below:
chlevel user= level=
The following example modifies the privilege level of user “peter” to Operator privileges.
ML1200(user)## chlevel user=peter level=1
Access Permission Modified

ML1200(user)##

The syntax to set the access privileges for telnet and Web services is shown below:
useraccess user= service=
The following example sets the access privileges for telnet and Web services.
ML1200(user)## useraccess user=peter service=telnet disable
Telnet Access Disabled.

1–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

1.4.9

INTRODUCTION

Help
Typing the help command lists the commands you can execute at the current privilege
level. For example, typing help at the Operator level shows the following:
ML1200> help
logout
terminal

ping
telnet

set
walkmib

Contextless Commands:
!
enable
show
alarm

?
exit
whoami

clear
help

ML1200>

Help for any command that is available at the current context level can be viewed by
typing help followed by enough of the command string to identify the command. The
following syntax applies:
help
For example, to list the help for the set time command
ML1200# help set time
set time

: Sets the device Time

Usage
set time hour=<0-23> min=<0-59> sec=<0-59> [zone=GMT[+/-]hh:mm]

ML1200#

The options for a specific command can be displayed by typing the command and
pressing enter. The following syntax applies:
command
For example, the options for the show command are:
ML1200# show
Usage
show active-stp
show active-snmp
show active-vlan
show address-table
show age
show alarm
show arp
show auth
show backpressure
show bootmode
--more--

Other ways to display help, specifically, with reference to a command or a set of
commands, use the TAB key. The following syntax applies:

For example, following the syntax listed above, the key will list the available
commands in the particular privilege level:
ML1200>

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–13

INTRODUCTION

CHAPTER 1: INTRODUCTION

?
alarm
clear
enable
exit
help
logout
ping
set
show
telnet
terminal
walkmib
whoami

ML1200>

The following example lists commands starting with a specific string:
ML1200> s
set
show

ML1200>

In the following example, the key completes the command:
ML1200> se
password
timeout
vlan

ML1200> set

1.4.10 Exiting
To exit from the CLI interface and terminate the console session use the logout
command. This command prompts to ensure that the logout was not mistakenly typed.
The following syntax applies:
logout
The following example illustrates logging out from a session:
ML1200> logout
Logging out from the current session [’Y’ or ’N’] Y
Connection to the host lost

1–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

1.5

INTRODUCTION

EnerVista Secure Web Management
1.5.1

Logging in for the First Time
Enter the following URL in the web browser to login to the EnerVista Secure Web
Management software.
https://

Note

Make sure you use HTTPS (secure HTTP) and not HTTP in the URL.
In the example shown in the previous section, the URL is:
https://3.94.247.41

If your site uses name services, you can use a name instead of the IP address. Please make
sure that the name is resolved to the IP address assigned to the switch.
The secure site will issue the certificate check shown below.

FIGURE 1–2: Security certificate

Once you click Yes on the security certificate, the browser will prompt you to login.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–15

INTRODUCTION

CHAPTER 1: INTRODUCTION

FIGURE 1–3: Login screen

For the first time,
Z Login with the name manager and password manager.
Z Click on Login.
After a successful login, the welcome screen is shown. Note the different information
provided on the screen and different areas. The menus are used to configure settings on
the switch. Users can click on a specific port to open the port configuration view.

1–16

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

FIGURE 1–4: Welcome screen

1.5.2

Privilege Levels
• Operator privilege users: operator privileges allow views of the current
configurations but do not allow changes to the configuration.
• Manager privilege users: manager privileges allow configuration changes. The
changes can be done at the manager prompt or for global configuration as well as
specific configuration.

1.5.3

User Management
A maximum of five users can be added per switch. Users can be added, deleted or
changed from a manager level account. There can be more than one manager account,
subject to the maximum number of users on the switch being restricted to five.
Z Select the Administration > User Mgmt > User Accounts menu
item.
Z To add a user, use the add button.
The username must be a unique name. The password is recommended to be at least 8
characters long with a mix of upper case, lower case, numbers and special characters.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–17

INTRODUCTION

CHAPTER 1: INTRODUCTION

In the following example below, the user peter was added with manager privilege after
clicking the add button.

1–18

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

After successfully adding a user, the added user is displayed in the list of users as shown
below.

Z To delete a user, click on the delete icon (

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

)as shown below.

1–19

INTRODUCTION

CHAPTER 1: INTRODUCTION

The firmware will prompt to verify the delete command.

Z To modify the password, view the users as described above and click
on the edit icon (
).

1–20

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

After clicking on the edit icon, the screen opens up for modifying the password.

In this example, the user ID peter was selected for modification. The password for peter
will be modified after the new password is entered.

1.5.4

Modifying the Privilege Level
Privilege levels cannot be changed from the EnerVista Secure Web Management (SWM)
firmware. This can only be done through the CLI interface, or alternately, by deleting the
user and adding the same user with the proper privilege level.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–21

INTRODUCTION

1.5.5

CHAPTER 1: INTRODUCTION

Help
Help for the EnerVista Secure Web Management software can be obtained by clicking on
the Help icon as shown below.

1.5.6

Exiting
Z To exit or logout, click on the logout button.

1–22

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

Z Confirm the logout by selecting OK in the pop-up window.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–23

INTRODUCTION

CHAPTER 1: INTRODUCTION

1.6

ML1200 Firmware Updates

1.6.1

Updating Multilink ML1200 Firmware
This section describes the process for upgrading firmware on a ML1200 Switch Module.
There are several ways of updating Firmware on a Multilink ML1200: Serial using the
Multilink ML1200’s Console port, tftp or through ftp.

1.6.2

Selecting the Proper Version
The latest version of the firmware is available as a download from the GE Multilin web site.
To determine the version of firmware currently installed on your Switch, proceed as
follows:
Z Using the EnerVista web interface, log into the Switch using the
procedure described earlier. The firmware version installed on the
switch will appear on the lower left corner of the screen.

Version #

1.6.3

Updating through the Command Line
Use the following procedure to install firmware to the ML1200 via the serial port.
Z Download the MultiLink Switch Software from the GE Multilin web
site.
Z Use the null-modem cable to connect to the ML1200 serial port.
Z Login at the manager level with the proper password.

1–24

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

Z Save the existing configuration (refer to section 5.4.4 - Saving
Configuration for details).
Z Enter the following command:
ML1200# xmodem get type=app
Do you wish to upgrade the image? [Y or N] Y
Please start XModem file transfer now.

Refer to “Saving Configuration” on page 20 for details on the xmodem command.
Once the upgrade is started, the terminal emulation firmware will ask for the installation
file location.
Z Indicate the file location to begin the file transfer.
Z Make sure the Xmodem protocol is also selected in this file location
dialog window.

In some operating systems it maybe necessary to select the transfer option.
In this case,
Z Return to the HyperTerminal window used in step 5.
Z Select the Transfer > Send File menu item.
Z As shown below, enter the location of the new firmware file.
Z Select the Xmodem protocol.

Z Select the Send button and to begin the file transfer.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–25

INTRODUCTION

CHAPTER 1: INTRODUCTION

Z Once the file transfer is completed reboot the switch with the
reboot command or by cycling power.
Z Login to the switch and use the show version command to verify
and upload the configuration file (if necessary).

1.6.4

Updating through the EnerVista Secure Web Management software
Use the following procedure to install the EnerVista Secure Web Management software.
Z Download the latest MultiLink ML1200 Managed Field Switch
firmware from the GE Multilin web site.
Z Save this file on FTP or TFTP. Ensure the FTP or TFTP path is
configured. If using FTP, record the FTP login name and password.
Z Select the switch to upgrade. Ensure you have system administration
privileges available on the switch.
Z Open an EnerVista Secure Web Management software session with
the switch by typing in the following URL:
https://
If using FTP, save the configuration before proceeding. GE Multilin recommends a two-step
update: first save the configuration to the ftp server, then load the new image and restart
the switch (refer to section 5.4.4 - Saving Configuration for details on saving the
configuration).
Z Load the new firmware as shown below.

As the file is being loaded, the firmware will display the transfer in progress window.

1–26

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 1: INTRODUCTION

INTRODUCTION

Z Reboot the switch when the transfer is complete.
After reboot, the firmware is ready for use.
Z If using TFTP, save the configuration before proceeding.
GE Multilin recommends a two-step update:
• first save the configuration to the TFTP server,
• then load the new image and restart the switch (refer to section
5.4.4 - Saving Configuration for details on saving the
configuration).
Z Load the new firmware as shown below.

As the file is being loaded, the firmware will display the transfer in progress window.

Z Reboot the switch when the transfer is complete.
After reboot, the firmware is ready for use.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

1–27

INTRODUCTION

1–28

CHAPTER 1: INTRODUCTION

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 2: Product Description
Product Description

2.1

Overview
Multilink ML1200 Managed Field Switches provide maximum configurability in their class.
The fiber-rich ML1200 can be configured with up to 12 100Mb fiber ports and two Gigabit
ports. For 10/100 copper, regular or PoE-equipped 10/100 RJ-45 or 10/100/1000 copper
ports may be configured to a maximum or 12 at 10/100 and 2 Gig ports. Multilink ML1200
comes with the best-of-breed managed networks software featuring GUI ease of use,
Secure Web Management, SNMPv2,v3 management, 802.1p QoS Prioritization, Tag-based
VLANs, IGMP Snooping and IGMP-L2 multicast management, port security, RADIUS and
TACACS+ support, and a choice of redundancy options including RSTP and GE Multilin’s
rapid-ring-recovery Ring-Only Mode.
Multilink ML1200s are ideal for building a switched, hardened Ethernet network
infrastructure, connecting edge devices such as PLCs and IEDs with upstream switches or
routers. Designed for use in industrial applications such as factory floors and control
cabinets, industrial video surveillance systems with PoE, power utility substations, tariffed
carrier field facilities, or transportation and oil and gas, the rugged Multilink ML1200
handles stressful workloads (mixes of bursty data traffic and priority streaming traffic) as
well as harsh environmental conditions.
Advanced thermal design techniques with ribbed –surface Aluminum cases for maximum
heat dissipation and a sealed case design enables the unit to operate in harsh Industrial
grade environments efficiently. Heavy duty Ethernet Switch jobs are readily
accommodated with an extended temperature rating of -40˚C to 60˚C by the UL
Component Parts method, or -50˚C to 85˚C by the IEC 60068 Type-Test method. With
options such as several popular DC power input types (optional AC power) and DIN-Rail
mounting, the hardened Multilink ML1200 is a “multi-purpose” Industrial Ethernet Switch.
The ML1200 managed switches also provide PoE options via power –inside PoE modules
on one of A, B or C slots and allows the users to select a wide option of combo PoE modules
to support 802.3af pd devices. See details for PoE modules in sec 5.2.10. The Power
Sourcing Equipment (PSE) is fully compatible with Powered Devices (PD)(e.g wireless access

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–1

PRODUCT DESCRIPTION

CHAPTER 2: PRODUCT DESCRIPTION

points, IP phones) that comply with the IEEE 802.3af PoE standard. The PoE switch ports
have an auto-sensing algorithm, so that they provide power only to 802.3af, PoE end
devices. PoE is managed by a multi-stage handshake to protect equipment from
damage and to manage power budgets .The PoE ports will discontinue supplying power
when the PoE powered devices are disconnected. This feature supports the 802.3af PoE
PSE standard for over-current protection, under-current detection, and fault protection.

High performance features include non-blocking unicast traffic speed on all ports and
802.1p QoS Traffic Prioritization. Multilink ML1200 switches are “plug-and-play” and are
designed for use in connecting edge devices such as PLCs, IEDs and PoE video cameras
with upstream switches and routers where a mix of bursty data traffic and priority
streaming traffic for video surveillance and cell-tower applications are present. Multilink
ML1200 Field Switches are provided with LAN management software including SNMP, Tagand Port-based VLANs, IGMP-L2 and IGMP Snooping, and Port Security with control via GUI
and command line interface (CLI). For high availability LANs using ring topologies,
Spanning Tree Protocol, RSTP, Link-Loss-Alert and Ring-Only Mode are available.
Multilink ML1200 Managed Field Switches have heavy-duty aluminum cases and are
readily available with standard Industrial grade 24VDC power. Alternative internal DC
power options are available. DC power input types may be 24V, 48V, 125V, and dual source
DC input is optional on all ML1200’s. (AC power is available via an external power supply
unit, see Section 3.4 for details).
Alarm Relay contacts provided on each Multilink ML1200 Switch monitor the hardware and
software through traps, providing a record of any losses of power signals and other userdefined software events. See Section 3.5 for details.
The wide selections of Quad port (queen size) modules are key to the flexibility and
adaptability of Multilink ML1200s. Some of the popular 4 ports modules are described
below. For a list of all the modules and options, see Section 1.2
Note

2–2

The ML1200 modules can only be configured at the factory.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 2: PRODUCT DESCRIPTION

2.1.1

PRODUCT DESCRIPTION

Four-port SFF fiber modules (CC Module, CD Module), 100Mb fiber

In a four-port SFF (Small Form Factor) fiber port module, all of the fiber ports are of the
same speed (100Mb), mode, and connector type. Small Form Factor (SFF) Fiber Ports come
in multi-mode forms MT-RJ or LC-type connectors, and single-mode form LC-type
connectors.
The 100Mb fiber four-port modules for the Multilink ML1200’s normally are set (factory
default) to operate in full-duplex mode for best fiber distance and performance. The user
may select full- or half-duplex mode per-port through set port command. The set-up of
the software gives the user flexibility to adapt to any FDX or HDX type of Fast Ethernet
devices).
There are three LED’s per fiber port. The Link (LK) LED indicates “ready for operation” on
that port when lit. The F/H LED indicates operation in full-duplex mode when ON (halfduplex when OFF). The blinking ACT LED indicates receiving Activity on the port. A fiber
cable must be connected into a SFF port and the Link (LK) indicator for that port must be
ON (indicating there is a powered-up device at the other end of the cable) in order for a LK
LED to provide valid indications of operating conditions on that port.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–3

PRODUCT DESCRIPTION

2.1.2

CHAPTER 2: PRODUCT DESCRIPTION

Four-Port Copper Module, C1 Module MDIX)

The ML1200’s 4-port Copper module, the C1 Module, provides four 10/100Mb switched RJ45 ports. The 10/100Mb switched ports normally (as a default setting) are independently Nway auto-negotiating and auto-crossover (MDIX) for operation at 10 or 100Mb speed in
full- or half-duplex mode. (i.e., each independently selects a mode and speed to match the
device at the other end of the twisted pair cable).
(See Section 5 for auto-negotiation and MDIX details).
On the C1 module, there are four LEDs for each port, two integrated into the connector,
and two below the connector. The LK (Link) LED indicates “ready for operation” on that port
when lit. The blinking ACT (Activity) LED indicates receiving Activity on that port when lit.
The 10/100 LED indicates operation at 100Mb speed when ON and at 10 Mb speed when
OFF (when auto-negotiation is not disabled). The FDX/HDX LED is ON to indicate full-duplex
operation and OFF to indicate the half-duplex mode. A twisted pair cable must be
connected into an RJ-45 port and the Link (LK) indicator for that port must be ON
(indicating there is a powered-up device at the other end of the cable) in order for a LK LED
to provide valid indications of operating conditions on that port.
Using the ML1200 management software, the user may disable auto-negotiation and fix
the desired operation of each RJ-45 port. The user may select 10Mb or 100Mb speed and
full- or half-duplex mode per-port as per user requirements.

2.1.3

PoE (power pass-through), C2 Module (MDIX), 10/100Mb 4-port
The PoE (Power-over-Ethernet) RJ-45 ports are similar to regular RJ-45 ports, except they
have the capability of providing power on each port to power up the PD devices, per the
IEEE802.3af PoE standard. The power-pass-through PoE modules are dependent upon the
-48VDC input power to supply the PD power for these RJ-45 (10/100) ports. Each port
supplies up to 15watts to power the PoE PD devices. A maximum of 8 PoE ports can be
configured in the A and B slots of a ML1200 switch with -48vdc power input. The PoE
modules are also available with mix–n-match fiber modules configured in other ML1200
slots. Please check the ordering information for all the various PoE module options.

2–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 2: PRODUCT DESCRIPTION

PRODUCT DESCRIPTION

The LEDs on C2 PoE modules are slightly different compared to regular (non-PoE) RJ-45
modules as shown in the figure below. When the PoE port is in use, the PoE LED is ON when
connected properly to an 803.af compliant PD device on that port. When non-PoE devices
are connected, the PoE LED is OFF. The operation of Ethernet data traffic is not affected by
PoE.

LINK and ACTIVITY LEDS are combined on the PoE modules into one LED that is marked as
LINK/ACT, as shown in the diagram.

2.1.4

Two-Port Fiber Modules, 2@ 100Mb fiber
The two-port modules are available as two 100Mb fiber ports. ST or SC connector styles
are available utilizing multi-mode or single-mode fiber optics. These fiber modules may be
factory configured with a choice of them in slots B, C, and D only.
The fiber port’s LEDs indicate status the same as the SFF fiber modules. Color-coding on
the panel of the module shows which LEDs belong to which port.

2.1.5

Two -Port 10 Mb mm Fiber ST Modules
The 2-port @10Mb ST fiber modules behave the same as the 2@100Mb ST fiber modules
except for the 10Mb speed.
The default setup on the 10Mb fiber module is half-duplex, which allows the Multilink
ML1200 Switch to connect to any 10Mb hub or media converter or almost any other device
with a 10Mb fiber Ethernet port. The default setting of the 100Mb fiber module is full
duplex. User mode-control per port through the “port settings” is the same as the other
ML1200 modules.
The fiber ports support fiber cabling distances according to the 10BASE-FL and 100BASEFX standards, i.e., 2km distance for multi-mode fiber. (Single-mode for greater distances
may be available as a special order, request quote).

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–5

PRODUCT DESCRIPTION

2.1.6

CHAPTER 2: PRODUCT DESCRIPTION

SFP Gigabit (1000Mbps) port modules
The Gigabit port options for the modular slot come in a few different configurations of
Fiber SFP’s or RJ-45’s. The Multilink ML1200 offers only SFPs (Small Form Pluggable) for
Gigabit speed. There are multiple choices of SFP Gigabit transceiver types to combine with
RJ-45’s for the modular slot. Up to two Gigabit ports (max.) can be configured in the
modular slot C only. An example of a two Gb module is the HI Module (SFP fiber). An
example of a single Gigabit module is the HK Module (10/100/1000Mb RJ-45 ports). A
combo option of Gigabit copper and SFP fiber (HA Module) is shown below in the figure
below.

The ML1200 Modules provide an SFP opening for insertion of industry-standard SFP
transceivers to provide Gigabit (Gb) media flexibility. Gigabit SFP modules are available in
both multi-mode (550m) and single-mode (10, 25, 40, 70) km fiber options as well as a
Gigabit copper option.
There are three LEDs mounted on each Gigabit port module. The Gigabit fiber has LEDs
that indicate F/H (Full/Half duplex), LK (Link status) and ACT (receiving activity) on that port
when lit. The copper Gigabit ports come with speeds indicating (10/100/1000Mb) LEDs
also.
The operation of the Gigabit SFP and 10/100/1000 RJ-45 ports is as described for those
port types above.

2.1.7

Packet Prioritization, 802.1p QOS
Quality of Service means providing consistent predictable data delivery to users from
datagram paths that go all across a network. As a LAN device, the Multilink ML1200 can
do its part to prevent any QOS degradation while it is handling Ethernet traffic through its
ports and buffers.
The Multilink ML1200 switching hardware supports the IEEE 802.1p standard and fulfills its
role in support of QOS, giving packet processing priority to priority tagged packets
according to the 802.1p standard. In addition to hardware support for QOS, the MNS
software (R2) supports two priority queues that can be shared across the eight levels of
defined packet priorities for application-specific priority control by the user through
software configuration settings.

2–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 2: PRODUCT DESCRIPTION

2.1.8

PRODUCT DESCRIPTION

Frame Buffering and Flow Control
Multilink ML1200’s are store-and-forward switches. Each frame (or packet) is loaded into
the Switch’s memory and inspected before forwarding can occur. This technique ensures
that all forwarded frames are of a valid length and have the correct CRC, i.e., are good
packets. This eliminates the propagation of bad packets, enabling all of the available
bandwidth to be used for valid information. While other switching technologies (such as
"cut-through" or "express") impose minimal frame latency, they will also permit bad frames
to propagate out to the Ethernet segments connected. The "cut-through" technique
permits collision fragment frames (which are a result of late collisions) to be forwarded
which add to the network traffic. Since there is no way to filter frames with a bad CRC (the
entire frame must be present in order for CRC to be calculated), the result of indiscriminate
cut-through forwarding is greater traffic congestion, especially at peak activity. Since
collisions and bad packets are more likely when traffic is heavy, the result of store-andforward operation is that more bandwidth is available for good packets when the traffic
load is greatest.
When the Multilink ML1200 Switch detects that its free buffer queue space is low, the
Switch sends industry standard (full-duplex only) PAUSE packets out to the devices sending
it packets to cause “flow control”. This tells the sending devices to temporarily stop sending
traffic, which allows the traffic to catch-up without dropping packets. Then, normal packet
buffering and processing resumes. This flow-control sequence occurs in a small fraction of
a second and is transparent to an observer.
Another feature implemented in the Multilink ML1200 Switches is a collision-based flowcontrol mechanism (when operating at half-duplex only). When the Switch detects that its
free buffer queue space is low, the Switch prevents more frames from entering by forcing a
collision signal on all receiving half-duplex ports in order to stop incoming traffic.

2.1.9

Managed Network Firmware for Multilink ML1200-Series
Multilink ML1200 comes with Version 3.3 management firmware, which allows the user to
configure the Multilink ML1200 as a Managed Switch and implements security, and other
software-enabled, features.

Note

Multilink ML1200 managed switch will work with Version 3.3 firmware or higher only; using
any other firmware version will not support the hardware).

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–7

PRODUCT DESCRIPTION

2.2

CHAPTER 2: PRODUCT DESCRIPTION

Features and Benefits
• Managed switching for high performance Ethernet LANs.
Multilink ML1200 Switches provide unicast non-blocking (all ports can run at full
speed at once) performance with standard Managed Network Software included.
They are typically used in LAN traffic centers with up to 12 100Mb +2 Gigabit ports
for backbone connections, where managed network services are desired.
• Switching services includes 802.1p QoS packet prioritization.
The Multilink ML1200 switching hardware supports QoS, giving packet processing
priority to priority tagged packets according to the IEEE 802.1p standard. For portand application-specific priorities of data, the QoS software may be configured.
• Features Fiber-Built-In.
Multilink ML1200 Managed Field Switches are designed to naturally include fiber
ports, and support mixes of multi-mode, single-mode; 10Mb, 100Mb and 1000Mb
speed; full-and half-duplex; classic Small Form Factor (SFF) and GBIC fiber
connectors. RJ-45 10/100 ports can also be configured in the mix of port types.
• Ring-Only Mode for reliable high availability using ring topology.
Ring-Only Mode feature provides reliable fast recovery of a fault in a ring topology.
• Relay Contacts for monitoring internal power and user-defined software
events.
Two Alarm Relay contacts monitor basic operations. One is for hardware, and will
signal loss of power internally. The other is software controllable and will signal
user-defined software events such as a security violation or an RSTP Topology
Change condition.
• Vertical mounting for efficient convection cooling, no fans, extended temp.
Mounting brackets for vertical mounting are included. DIN-Rail mounting
hardware is optional. Ethernet signal and power cables attach at the bottom. Two
sets of status LEDs are included, one set viewable at the port connector and one
set viewable from the front.
• Standard AC power input, -48VDC or 24VDC or 125VDC input is optional.
Standard AC power input comes with an IEC plug and is auto-ranging for
worldwide use. For special applications, models with –48VDC or 24VDC or 125VDC
are available. Dual Source DC input can also be selected and configured on the DC
power input models.
• Heavy-duty design for Industrial Ethernet and extended temperature
operation.
Fiber ports take more power than copper ports, but the Multilink ML1200 design
provides for this with heavy-duty components. The ambient temperature dualrating is 60`C per UL methods, and 95°C per type test methods.
• Management Software included.
ML1200 firmware includes SNMP Switch Management with secure access control,
RMON, CLI, Port Security; Port Mirroring; secured Radius and TACACs+, Telnet, TFTP,
FTP support, Spanning Tree Protocol, Link-Loss-Learn, Ring-Only Mode multi-level

2–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 2: PRODUCT DESCRIPTION

PRODUCT DESCRIPTION

QoS, Port- and tag-based VLANs, GVRP, IGMP Snooping, SNMPc GUI support; Event
Log; SNTP client for time-of-day; BootP and DHCP client for IP configuring, and
password security and Secured Web interface.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–9

PRODUCT DESCRIPTION

2.3

CHAPTER 2: PRODUCT DESCRIPTION

Applications
Multilink ML1200 Field Switches offer high performance, modularity and availability. They
provide the flexibility of 100Mbps fiber and copper ports as well as single or dual Gigabit
(1000Mb) ports, with industry-standard LAN management software. Multilink ML1200
Switches are easily used in a variety of applications including client/server computing,
secure VLAN- performance upgrades to departmental networks, and stream traffic for
VOIP and audio/video applications. They can also be used in a very diversified
combination of mixed media in Industrial floor applications. The performance
characteristics of the ML1200 Switches enable them to inter-connect a series of subnets
(one subnet per ML1200 Switch port) in a LAN traffic center. The subnet connections may
be via fiber or twisted pair cabling, 100Mbps or 10 Mbps speed, and full-or half-duplex.
The mixed-media modular capability is ideal for industrial applications where existing
Ethernet LAN network cabling must be accommodated. The fiber-built-in media capability
is ideal for integrating future-proof fiber cabling into the LAN structure.
Example 1 : Multilink ML1200 Switch for a Industrial Application
Equipped with lots of useful features including hardened enclosures, a wide spread of DC
power supply options, and extended temperature ratings qualifies the Multilink ML1200
Managed switch for any Industrial factory-floor, traffic control, transportation system, or
power utility application. The several operated features qualifies this managed switch to
operate and perform securely and reliably in all critical applications. The addition of RingOnly Mode and the Link-Loss-Learn software features allow this Managed switch to provide
a very secure highly available redundant network capability in any ring topology network.
The Managed ML1200’s modularity along with the management software features
remarkably handle industrial environments (i.e. where the factory floors are networked
with Ethernet based mixed-media LANs equipped with PLCs, computers for taking
readings and data from Machines, Client/ Server databases, etc. and sending these
important data to the central office data warehouses) very securely and reliably. The DINRail Mounting options on the Multilink ML1200 allow the factory floor’s industrial user to
mount the ML1200 securely anywhere on their Network setup.
The option of setting the ports at 10 or 100Mb on copper and 10 or 100Mb on fiber media
provide widespread options to the users to mix and match their legacy and advance
network needs. The modularity of the ML1200 Managed Field Switches make them an
attractive choice for use in applications with LAN connections to an organization’s multiple
site offices and factory- floors. The different locations can be easily connected together
with the Fiber ports supported by the Multilink ML1200 Switch. A main NT-server in a
secure area protected from earthquake or fire hazards can be connected to the full duplex
Gigabit Fiber port.

2–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 2: PRODUCT DESCRIPTION

PRODUCT DESCRIPTION

Extended temperature ratings and a variety of options for AC/DC power supplies qualify
this managed ML1200 switch for use in non-temperature controlled networks and many
other temperature sensitive critical Industrial applications where above normal room
temperatures occur while the network is in operation. Full-duplex future proof fiber media
can easily connect long distance subnets and provide a stable secure network to all
applications. The SNMP management capability of the Multilink ML1200 Switch helps
create a database of all the network subnets to easily manage the network.
Example 2:
A managed network is needed to provide a redundant ring topology for maximum
redundancy. In a network where any faulty cable, cable disconnection or power failure
can bring the whole thing down, a ring switch can be reconfigured and up and running in
milliseconds. The ring topology of the network consists of high speed LAN segments
supported by 100Mbps full-duplex future-proof fiber media to provide a secure long
distance LAN connection. The entire network is sharing a higher bandwidth Gigabitenabled data-mining server for the vital database located in a separate secured building.
The copper ports are required for multiple subnets inside the power plant to check the
status of other Ethernet units. The entire spread network will be manageable to provide
easy, detectable, uninterrupted support through a viewable SNMP monitor.
The Multilink ML1200 Managed Field Switch equipped with a mix of copper and fiber ports
provides an economical and seamless solution to many requirements. The userconfigurable Multilink ML1200 provides an extra boost to the network requirements by
providing copper/fiber media along with the higher bandwidth support of 10/100 and
1000Mb. The user can utilize the SNMP feature equipped with VLAN, RMON, STP and other
standard managed LAN features to provide a secure and stable network.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

2–11

PRODUCT DESCRIPTION

CHAPTER 2: PRODUCT DESCRIPTION

The ML1200 Managed Fiber with the Ring-Only Mode feature easily fulfill the redundant
requirement with a secure and fast reconfiguration time for cable breakup when set up in
a ring topology. The Gigabit port option boosts the bandwidth for high speed to support
the peak traffic and minimize congestion.
Example 3:
In another application in an industrial environment, a 12 port Nebs compliant, -24VDC
managed switch is required to meet the fiber and copper connections to cover the wider
area of video CCTV. The switch must be SNMP enabled and managed to easily monitor the
whole setup.
The Multilink managed field switch easily qualifies for this requirement with the various
features and modularity it has. Loaded with management software, the field switch
provides a very effective and economical solution for the video -vignette environment.
The security features (e.g. port-security, VLANs, SNMPv3, secure telnet, etc.) also boost the
Multilink managed switches to provide a very effective and reliable solution. The
modularity feature to support both copper and fiber at either 10/100/1000Mb speeds
easily meets the various speeds of legacy and future broadband requirements.
In a fast growing secure video environment, the ML1200 is a reliable and secure solution.
The modular design of the Multilink ML1200s, provide a wide range of copper/fiber options
to meet requirements. The Gigabit uplink for storage or broadband uplink allows the
telecom user a very effective solution to store their sensitive data securely.

2–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 3: Installation
Installation

3.1

Preparation
Before installing the equipment, it is necessary to take the following precautions:

3.1.1

If the equipment is mounted in an enclosed or multiple rack assembly, the
steady-state long-term environmental temperature around the equipment
must be less than or equal to 600C.

If the equipment is mounted in an enclosed or multiple rack assembly,
adequate airflow must be maintained for proper and safe operation.

If the equipment is mounted in an enclosed or multiple rack system,
placement of the equipment must not overload or load unevenly the rack
system.

If the equipment is mounted in an enclosed or multiple rack assembly, verify
the equipment’s power requirements to prevent overloading of the building/s
electrical circuits.

If the equipment is mounted in an enclosed or multiple rack assembly verify
that the equipment has a reliable and uncompromised earthing path.

Locating Multilink ML1200 Switches
For vertical panel mounting and wall mounting, see Section 3.3.
For vertical DIN-Rail mounting, see Section 3.3.1.
For DC power input data, see Appendix B. For Dual Source, see Appendix C
The rugged metal case of the Multilink ML1200 will normally protect it from accidental
damage in a lab or workplace setting. Maintain an open view of the front to visually
monitor the status LEDs. Keep an open area around the unit so that cooling can occur
from convection while the unit is in operation. The ML1200 has no fans, so it is silent when
in operation. Internal electronics use the case as a heat sink, so the unit may normally be
quite warm to the touch.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

3–1

INSTALLATION

3.2

CHAPTER 3: INSTALLATION

Connecting Ethernet Media
The Multilink ML1200 Switches are specifically designed to support all standard Ethernet
media types within a single Switch unit. This is accomplished by using a family of different
Fiber Connectors which can be individually selected and configured per-slot. See Section
2.2 for a description of the PMs.
The various media types supported along with the corresponding IEEE 802.3, 802.3D,
802.3u, 802.3AB and 802.3z standards and connector types are as follows:
IEEE Standard

Media Type

Max. Distance

Fiber Connector

Fiber:
100BASE-FX
100BASE-FX

mm Fiber

2.0km (6,562 ft)

sm Fiber

18.0km (95K ft)

mm Fiber

2.0km (6,562 ft)

sm Fiber

18.0km (95K ft)

small form factor

mm Fiber

2.0km (6,562 ft)

MTRJ, MLC

small form factor

sm Fiber

15 km

SLC

twisted pair

100m (328 ft)

RJ-45

Copper:
10BASE-T
100BASE-TX

twisted pair

100m (328 ft)

RJ-45

1000BASE-TX

twisted pair

100m (328 ft)

RJ-45

mm = multi-mode, sm = single-mode
3.2.0.1 Connecting Fiber Optic ST-type, “twist-lock”
The following procedure applies to installations using a PM with ST-type fiber connectors.
This procedure applies to ports using a ML1200 module, MST-type port.

Note

Before connecting the fiber optic cable, remove the protective dust caps from
the tips of the connectors on the PM. Save these dust caps for future use.

Wipe clean the ends of the dual connectors with a soft cloth or lint-free lens
tissue dampened in alcohol. Make certain the connectors are clean before
connecting.

One strand of the duplex fiber optic cable is coded using color bands at regular intervals;
you must use the color-coded strand on the associated ports at each end of the fiber optic
segment.
3.

Connect the Transmit (TX) port (light colored post) on the Multilink PM to the
Receive (RX) port of the remote device. Begin with the color-coded strand of
the cable for this first TX-to-RX connection.

Connect the Receive (RX) port (dark colored post on the PM) to the Transmit
(TX) port of the remote device. Use the non-color coded fiber strand for this.

The LINK LED on the front of the PM will illuminate when a proper connection has been
established at both ends (and when power is ON in the unit). If LINK is not lit after cable
connection, the normal cause is improper cable polarity. Swap the fiber cables at the PM
connector to remedy this situation.

3–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 3: INSTALLATION

INSTALLATION

3.2.0.2 Connecting Fiber Optic SC-type, "Snap-In"
The following procedure applies to installations using a PM with SC-type fiber connectors,
i.e., using C9 Module, CA Module single-mode:
When connecting fiber media to SC connectors, simply snap on the two square
male connectors into the SC female jacks of the PM, until it clicks and secures.
3.2.0.3 Connecting Single-Mode Fiber Optic
When using single-mode fiber cable, be sure to use single-mode fiber port connectors.
Single-mode fiber cable has a smaller diameter than multi-mode fiber cable (9/125
microns for single-mode, 50/125 or 62.5/125 microns for multi-mode where xx/xx are the
diameters of the core and the core plus the cladding respectively). Single-mode fiber
allows full bandwidth at longer distances, and may be used to connect 10 Mb nodes up to
10 Km apart, or 18Km with the ML1200.
The same procedures as for multi-mode fiber, applies to single-mode fiber connectors.
3.2.0.4 Connecting Twisted Pair (CAT3, CAT5, Unshielded or Shielded)
The RJ-45 ports of the Multilink ML1200 can be connected to the following two media
types: 100BASE-TX and 10BASE-T. CAT 5 cables should be used when making 100BASE-TX
connections. When the ports are used as 10BASE-T ports, CAT 3 may be used. In either
case, the maximum distance for unshielded twisted pair cabling is 100 meters (328 ft).
Media

Note

IEEE Standard

Connector

Twisted Pair (CAT 3, 4, 5)

10BASE-T

RJ-45

Twisted Pair (CAT 5)

100BASE-TX

RJ-45

It is recommended that high quality CAT. 5 cable be used whenever possible in order to
provide flexibility in a mixed-speed network, since 10/100 copper switched ports are autosensing for either 10 and 100Mb/s.
The following procedure describes how to connect a 10BASE-T or 100BASE-TX twisted pair
segment to the RJ-45 port. The procedure is the same for both unshielded and shielded
twisted pair cables.

Note

Using standard twisted pair media, insert either end of the cable with an RJ45 plug into the RJ-45 connector of the port. Note that, even though the
connector is shielded, either unshielded or shielded cables and wiring may be
used.

Connect the other end of the cable to the corresponding device

Use the LINK LED to ensure proper connectivity by noting that the LED will be
illuminated when the unit is powered and proper connection is established

For Power Substations: In support of the IEEE 1613 Class 2 standard, GE Multilin advises
that, for substation applications, the RJ-45 ports are intended for connectivity to other
communication equipment such as routers or telecommunication multiplexers installed in
close proximity (i.e., less than 2 meters or 6.5ft) to the ML1200. It is not recommended to
use these ports in substation applications to interface to field devices across distances
which could produce kigh (greater than 2500V ) levels of ground potential rise (GPR) during
line-to-ground fault conditions. The ML1200 passes the 1613specifications for zero packet
loss with fiber ports & with RJ-45 ports used as indicated here.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

3–3

INSTALLATION

CHAPTER 3: INSTALLATION

3.2.0.5 Connecting Twisted Pair (CAT5e or better, Unshielded or Shielded)
The RJ-45 Gigabit ports of the Multilink ML1200 can be connected to the media types,
1000BASE-T or CAT 5E or better 100-ohm UTP or shielded twisted pair (STP) balanced cable.
The CAT 5E or better 100-ohm UTP or shielded twisted pair (STP) balanced cable is
recommended to use when making 1000BASE-TX connections. In either case, the max
distance for unshielded twisted pair cabling is 100 meters (328 ft).
Media

IEEE Standard

Connector

Twisted Pair (CAT 5e)

1000BASE-T

RJ-45

The following procedure describes how to connect a 1000BASE-T twisted pair segment to
the RJ-45 port. The procedure is the same for both unshielded and shielded twisted pair
cables.
1.

1000BASE-T connections require that all four pairs or wires be connected.
Insert either end of the cable with an RJ-45 plug into the RJ-45 connector of
the port. Note that, even though the connector is shielded, either unshielded
or shielded cables and wiring may be used.

Connect the other end of the cable to the corresponding device

Use the LINK LED to ensure proper connectivity by noting that the LED will be
illuminated when the unit is powered and proper connection is established

3.2.0.6 Gigabit SFP (Small Form-factor Pluggable) Optical Transceivers
The small form-factor pluggable (SFP) is a compact optical transceiver used in optical
communications for both telecommunication and data communications applications. Due
to its compact, hot pluggable characteristics, SFPs are becoming a very popular choice for
various applications. The small-chassis Multilink ML1200 is designed for industry-standard
Gb-SFPs and Gb-SFPCU (copper) for user selection of the SFP gigabit media type as
desired.
All SFPs used in Multilink ML1200s are compliant with the industry standard Multi-Source
Agreement (MSA) ensuring compatibility with a wide range of networking kit.
Note

Note

It is highly recommended to remove the fiber cable first before removing the SFP
transceiver for any reason. Not removing the fiber cable first can damage the fiber cable,
cable connector or optical interfaces. It is advised not to remove and insert a SFP
transceiver frequently as this may shorten its useful life.
Always use an ESD wrist strap while handling the SFP transceivers since the SFP modules
are static sensitive devices.
The copper 1000BASE-T SFP transceiver port supports 1000Mb only. It is recommended to
use a straight-through RJ-45(4-twisted pair) connection while connecting to any Server/
workstation. While connecting with any Switch/repeater or other device, it is
recommended to use Crossover RJ-45 (4-twisted pair) category 5 or higher cabling. The
maximum length supported on copper 1000BASE-T is 100mts (328 ft.).
The various SFPs transceivers supported by the GE Multilin ML1200’s C slot are:

3–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 3: INSTALLATION

INSTALLATION

Module Model#

Gigabit

Gb Modules, fixed ports--SFP
H1 - H6 Module

2 SFP

H7 Module

2 CU

H8 - HD Module

1SFP, 1CU

HE - HJ Module

1 SFP

HK Module

1 CU

3.2.0.7 Connecting Fiber Optic Cable to SFP Transceivers

Note

Before connecting the fiber optic cable, remove the protective dust caps from
the tips of the connectors on the PM. Save these dust caps for future use.

Wipe clean the ends of the dual connectors with a soft cloth or lint-free lens
tissue dampened in alcohol. Make certain the connectors are clean before
connecting.

One strand of the duplex fiber optic cable is coded using color bands at regular intervals;
you must use the color-coded strand on the associated ports at each end of the fiber optic
segment.
3.

Find the Transmit (TX) and Receive (RX) markings on the SFP transceiver to
verify the top side of it. Some of the transceiver marks arrow sign for up.

Position the SFP transceiver correctly before insertion, and then insert the SFP
transceiver carefully, until the transceiver connector snap into the place in the
socket connector.

Connect the Transmit (TX) port on the Multilink PM to the Receive (RX) port of
the remote device. Connect the Receive (RX) port on the PM to the Transmit
(TX) port of the remote device.

The LINK LED on the front of the PM will illuminate and turn Green, when a proper
connection has been established at both ends (and when power is ON in the unit). If LINK is
not lit or OFF after cable connection, the normal cause is improper cable polarity. Swap
the fiber cables at the PM connector and also check the connectivity on the target device
to remedy this situation.
Reconfigure or reboot both the device if required.
If connected properly, you can check via software for verification of the validity of SFP
Gigabit ports.
Make sure Version 3.3 or higher firmware is loaded on the ML1200 switches to support the
SFP transceivers.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

3–5

INSTALLATION

3.3

CHAPTER 3: INSTALLATION

Mechanical Installation
3.3.1

DIN-Rail Mounting the Multilink ML1200
The Multilink ML1200 is designed for use in a “factory floor” industrial environment. It is
available with optional DIN-Rail brackets to mount it securely in a metal factory floor
enclosure, maintained vertically for proper convection cooling of the unit. The Multilink
ML1200 requires one DIN-Rail mounting clip or latch for secure mounting. These may be
ordered as Model # DIN-RAIL-ML1200. See a ML1200 viewed from the side, at the left, with
model DIN-RAIL-ML1200 in place on the unit.
The Din Rail Latching clips are mounted on the upper side corners of the ML1200 unit. Two
threaded holes are provided on the sides of ML1200 for DIN-Rail mounting purposes. See
side view at the left. The required two screws are included with the DIN-Rail brackets, and
are no.10-32 X 3/8 PHIL. PAN w/star washer. The two heavy-duty Din-Rail latches are
designed as if that they can be manually accessed from the top when the ML1200 is
installed on a DIN Rail.
To install the ML1200 with the DIN-Rail brackets and latches attached to it, hold the
ML1200 in the side vertical position with the bottom out, and with the top moved in toward
the DIN-Rail. Position the latches over the top of the DIN-Rail. Then, snap the latches into
holding position by moving the bottom of the ML1200 inwards to a vertical position. The
DIN-Rail latches and brackets are heavy duty, and will hold the ML1200 securely in
position, even with cabling attached to the unit.
To release the ML1200 from the DIN-Rail mounting, press the top of the two DIN-Rail
latches down simultaneously to release the ML1200 so that it can be dismounted by
pulling the bottom out. Once the bottom of the ML1200 is rotated out, the DIN-Rail latch is
not engaged and the ML1200 can be moved up and out, free of the DIN-Rail mounting.
If the Multilink ML1200 is to be mounted on a DIN-Rail track, for proper convection cooling
of the unit there must be air space in the rear, as the ML1200 unit is held out from the rear
of the panel by the mounting brackets. The ML1200 design uses the case for cooling
(patent pending), and needs to be mounted vertically with air flow space around it in the
front, rear, and sides.
The DIN-Rail mounting brackets and latches are optional and need to be ordered as
separate items, e.g Model # DIN-RAIL-ML1200
3.3.1.1 Mounting Dimensions for ML1200 with metal brackets
Each Multilink ML1200 is supplied with metal mounting brackets and screws to mount the
unit securely on a panel or wall. It is recommended to mount the ML1200 vertically, as
shown below, for proper cooling and long-life reliability. It is also advisable to mount the
unit with space for air movement around the top and the sides, typically a minimum of 1
inch.
Note that the metal brackets supplied hold the back of the ML1200 unit out from the panel
or wall behind it, creating a rear space of about ¼ inch or 1cm. This allows air circulation
and cooling of the rear part of the case.

3–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 3: INSTALLATION

INSTALLATION

For best cooling of the ML1200, attach the metal brackets to metal (rather than wood or
plastic). Attaching to metal helps conduct heat away from the ML1200 through the metal
brackets and into the metal support structure.
Since the ML1200 has special internal thermal techniques (patent pending) to move the
heat generated by the electronic components inside into the case, the case may be quite
warm to the touch during normal operation.

The unit is mounted using the brackets as shown in the illustration above. The spacing for
the mounting screws into the supporting wall or panel is a rectangle 21.74 x 11.91 cm (8.56
x 4.69 inches) center-to-center.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

3–7

INSTALLATION

3.4

CHAPTER 3: INSTALLATION

Electrical Installation
3.4.1

Powering the Multilink ML1200 Managed Field Switch
The DC internal power supply supports installation environments where the DC voltage is
from 18 to 150 volts depending on the model selected. The power consumption will range
from about 20 up to 35 watts, depending on the port quantity and types in the
configuration.. When connecting the Ethernet cabling, there is no need to power down the
unit. Individual cable segments can be connected or disconnected without concern for
power-related problems or damage to the unit.
Power input options are available to suit the ML1200 Switches to special high-availability
communications and/or heavy industrial-grade applications, including:
• -48VDC, 24VDC and 125VDC with single DC input,
• -48VDC, 24VDC and 125VDC with dual-source DC input
External AC power supplies are optional, see Section 1.2, Ordering Information.
See the Appendices of this manual for more details. Use an RFQ for other variations.

3.4.2

Alarm Contacts for monitoring internal power, and Software Traps
The Alarm Contacts feature, standard on Multilink ML1200’s, provides two Form C Normally
Closed (NC) contacts to which the user can attach two sets of status monitoring wires at
the green terminal block. When this option is present, the terminal block for Alarm
Contacts is part of the Power Input panel in the ML1200 case. The DC power input
connection is in the same panel.
The first NC Alarm Contact (top position, switch vertically mounted) is a “Software Alarm”,
operated by user settings in the management software. The user can disable the Software
Alarm feature with a software configuration command if desired. When the Software
Alarm is enabled, the Form C Normally Closed (NC) contact is held close during normal
software operation. A user-defined software malfunction, such as an SNMP Trap or a
Software Security violation or an Ring-Only Mode Fault, causes the contact to open and
thus triggers an alarm in the user’s monitoring system
The second NC Alarm Contact is held closed when there is power on the main board inside
of the Switch. This provides a “Hardware Alarm” because the NC contacts will open when
internal power is lost, either from an external power down condition or by the failure of the
power supply inside of the Multilink Switch.
Useful information about Alarm contacts:

3–8

There are four terminal blocks (1,2,3,4) provided next to the DC power supply.

The top two pins (1,2) are software operated.

The bottom two pins (3,4) are hardware operated.

These are both NC (normally closed) relays.

The switch’s software operation needs to be enabled and set to get the Alarm
traps. For detailed information about the Software Alarm and software control
of SNMP alarm traps, please refer to chapter 5 of this manual.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 3: INSTALLATION

INSTALLATION

The Alarm Contacts are on the front left area (next to the DC power source) of the Multilink
ML1200 unit and are green in color as shown in the picture.

3.4.3

ML1200 Port Module (PM) Installation
Multilink ML1200 Switches are normally received from the factory with all required Port
Modules installed.

Note

There may be situations where the PMs need to be added or replaced. Any change in
configuration of the modules can be done only via factory installation. There is no field
upgrade option for ML1200 port modules. Please contact Tech Support for changing
modules.
The ML1200 port modules are not compatible with or inter-changeable with the other
Multilink Family Switches’ PMs, which use larger (typically 8-port) modules.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

3–9

INSTALLATION

3.4.4

CHAPTER 3: INSTALLATION

Connecting a Management Console Terminal to Multilink ML1200 (Serial-RJ-45
Console Port)
The serial console port on the Multilink ML1200 is different from other Multilink family
switches. The Serial RJ-45 port, as shown in the picture, requires an 8-pin RJ-45 male
connector to have the proper communication. (Note - the serial RJ-45 console port on the
Multilink ML1200 is compatible with Cisco-type RJ-45 console port cables).
The Serial port pin-out for the RJ-45 console port used on Multilink ML1200 is shown below.

Table 3–1: Pinout information for above connector
Pin

Note

Name

Description

Direction

RTX

Request to Send

OUT

TXD

Transceiver Data

OUT

GND

Ground

GND

Ground

RXD

Receive Data

CTS

Clear to Send

The console RJ-45-Serial cable may be ordered from the Factory, using the model number
and description here:
CONSOLE-CBLQD- Console attachment cable serial null-modem cable with one side RJ-45
for the ML1200 and a male DB-9 Female connector on the other end.
CONSOLE-CBLQU- Console attachment cable serial null-modem cable Combo with one
serial- RJ-45 for the ML1200 side and a USB cable connector option on the other end (e.g
computer).

Note

3–10

For Power Substations: In support of the IEEE 1613 Class 2 standard, GE Multilin advises
that, for substation applications, the serial RJ-45console ports are intended for temporary
connectivity to other equipment such as PCs. Since the console port connection is
temporary, it is excluded from IEEE 1613 packet-loss testing per the 1613 standarddefined test procedure.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 4: Operation
Operation

This chapter describes the functions and operation of the Multilink ML1200 Switch.

4.1

Functionality
4.1.1

Switching Functionality
A Multilink ML1200 provides switched connectivity at Ethernet wire-speed among all of its
ports. The Multilink ML1200 supports10/100Mbs for copper media and 10 or 100Mb
separate traffic domains for fiber ports to maximize bandwidth utilization and network
performance. All ports can communicate to all other ports in a Multilink ML1200, but local
traffic on a port will not consume any of the bandwidth on any other port.
The Multilink ML1200 units are plug-and-play devices. There is no software configuring
necessary to be done for basic operation at installation or for maintenance. The only
hardware configuration settings are user options for an UP-LINK Switch (resides inside the
unit) on the ML1200-RJ-45. There is an optional Half / Full duplex mode and 10Mbps or
100Mbps selection for the switched ports which must be configured through management
software per unit as per the requirement. The internal functions of both are described
below.
4.1.1.1 Filtering and Forwarding
Each time a packet arrives on one of the switched ports, the decision is taken to either filter
or to forward the packet. Packets whose source and destination addresses are on the
same port segment will be filtered, constraining them to that one port and relieving the
rest of the network from having to process them. A packet whose destination address is on
another port segment will be forwarded to the appropriate port, and will not be sent to the
other ports where it is not needed. Traffic needed for maintaining the un-interrupted
operation of the network (such as occasional multi-cast packets) is forwarded to all ports.
The Multilink ML1200 Switches operate in the store-and-forward switching mode, which
eliminates bad packets and enables peak performance to be achieved when there is
heavy traffic on the network.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–1

OPERATION

CHAPTER 4: OPERATION

4.1.1.2 Address Learning
All Multilink ML1200 units have address table capacities of 4K node addresses suitable for
use in larger networks. They are self-learning, so as nodes are added, removed or moved
from one segment to another, the ML1200 Switch automatically keeps up with node
locations.
An address-aging algorithm causes least-used addresses to fall out in favor for frequentlyused addresses. To reset the address buffer, cycle power down-and-up.

4.1.2

Status LEDs
For Multilink ML1200 models (/ML1200) :
PWR: Power LED, ON when external power is applied to the unit.
LK: Steady ON, Link status for 10 Mbps and 100Mbps operation.
ACT: ON with port activity for 10 Mbps and 100Mbps operation.
F/H: Full / Half duplex LED, ON when the port is running full duplex, OFF for half duplex.
100/10: Speed LED, ON when the speed is 100Mbps , OFF when the

4.1.3

speed is 10 Mbps

Auto-Cross (MDIX) and Auto-negotiation, for RJ-45 ports
The RJ-45 ports independently support auto-cross (MDI or MDIX) in auto-negotiation mode
and will work properly with all the other connected devices with RJ-45 ports whether they
support Auto-negotiation (e.g 10Mb Hub, media converter) or fixed mode at 10Mb or
100Mb Half/Full Duplex(managed switch) or not. No cross-over cable is required while
using the ML1200’s copper port to other devices. Operation is according to the IEEE 802.3u
standard.
The Managed ML1200’s Fast Ethernet copper ports can be set for either fixed 100Mb
speed or for 10/100 F/H N-way auto-negotiation per the IEEE802.3u standard. The
selection is made via MNS software. The factory default setting is for auto-negotiation. At
10Mb or 100Mb-fixed speed, the user may select half- or full-duplex mode by
management Software for each RJ-45 port separately.
One frequently-used application for the Managed Multilink ML1200 Switch copper ports is
to connect one of them using a fiber media converter to another Switch in the network
backbone, or to some other remote 100Mb device. In this case, it is desirable to operate
the fiber link at 100Mb speed, and at either half- or full duplex mode depending on the
capabilities of the remote device. Standard commercially available Fast Ethernet media
converters mostly do not support auto-negotiation properly, and require that the switched
port to which they are connected be at the 100Mb fixed speed. Attachments to a 10/100
auto-negotiation port typically will not work properly. The ML1200 Switch’s RJ-45 ports
handle this situation by configuring the ports as per desired through MNS software port
settings and can check the port status of each port after the change.
When Multilink ML1200 RJ-45 copper ports are set for auto-negotiation and are connected
to another auto-negotiating device, there are 4 different speed and F/H modes possible
depending on what the other device supports. These are: (1) 100Mb full-duplex, (2) 100Mb
half-duplex, (3) 10 Mb full-duplex and (4) 10 Mb half-duplex.

4–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

OPERATION

The auto-negotiation logic will attempt to operate in descending order and will normally
arrive at the highest order mode that both devices can support at that time. (Since autonegotiation is potentially an externally controlled process, the original “highest order
mode” result can change at any time depending on network changes that may occur). If
the device at the other end is not an auto-negotiating device, the ML1200’s RJ-45 ports will
try to detect its idle signal to determine 10 or 100 speed, and will default to half-duplex at
that speed per the IEEE standard.
General information:
Auto-negotiation per-port for 802.3u-compliant switches occurs when:
•

the devices at both ends of the cable are capable of operation at either
10Mb or 100Mb speed and/or in full- or half-duplex mode, and can send/
receive auto-negotiation pulses, and . . .

•

the second of the two connected devices is powered up*, i.e., when LINK
is established for a port, or

•

the LINK is re-established on a port after being lost temporarily.

Some NIC cards only auto-negotiate when the computer system that they are in is
powered. These are exceptions to the “negotiate at LINK – enabled” rule above, but may
be occasionally encountered.

Note

When operating in 100Mb half-duplex mode, cable distances and hop-counts may be
limited within that collision domain. The Path Delay Value (PDV) bit-times must account for
all devices and cable lengths within that domain. For Multilink ML1200 Fast Ethernet
switched ports operating at 100Mb half-duplex, the bit time delay is 50BT.

4.1.4

Flow-control, IEEE 802.3x standard
Multilink ML1200 Switches incorporate a flow-control mechanism for Full-Duplex mode.
The purpose of flow-control is to reduce the risk of data loss if a long burst of activity
causes the switch to save frames until its buffer memory is full. This is most likely to occur
when data is moving from a 100Mb port to a 10 Mb port and the 10Mb port is unable to
keep up. It can also occur when multiple 100Mb ports are attempting to transmit to one
100Mb port, and in other protracted heavy traffic situations.
Multilink ML1200 Switches implement the 802.3x flow control (non-blocking) on Full-Duplex
ports, which provides for a “PAUSE” packet to be transmitted to the sender when the
packet buffer is nearly filled and there is danger of lost packets. The transmitting device is
commanded to stop transmitting into the ML1200 Switch port for sufficient time to let the
Switch reduce the buffer space used. When the available free-buffer queue increases, the
Switch will send a “RESUME" packet to tell the transmitter to start sending the packets. Of
course, the transmitting device must also support the 802.3x flow control standard in order
to communicate properly during normal operation.

Note

When in Half-Duplex mode, the ML1200 Switch implements a back-pressure algorithm on
10/100 Mb ports for flow control. That is, the switch prevents frames from entering the
device by forcing a collision indication on the half-duplex ports that are receiving. This
temporary “collision” delay allows the available buffer space to improve as the switch
catches up with the traffic flow.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–3

OPERATION

4.1.5

CHAPTER 4: OPERATION

Power Budget Calculations for ML1200 PM’s with Fiber Media
Receiver Sensitivity and Transmitter Power are the parameters necessary to compute the
power budget. To calculate the power budget of different fiber media installations using
Multilink products, the following equations should be used:
OPB (Optical Power Budget) = PT(min) - PR(min)
where PT = Transmitter Output Power, and PR = Receiver Sensitivity
Worst case OPB = OPB - 1dB(for LED aging) - 1dB(for insertion loss)
Worst case distance = {Worst case OPB, in dB} / [Cable Loss, in dB/Km]
where the “Cable Loss” for 62.5/125 and 50/125μm (M.m) is 2.8 dB/km,
and the “Cable Loss” for 100/140 (Multi-mode) is 3.3 dB/km,
and the “Cable Loss” for 9/125 (Single-mode) is 0.5 dB/km
and the “Cable Loss” for 9/125 (Single-mode) is 0.4 dB/km (LX25)
and the “Cable Loss” for 9/125 (Single-mode) is 0.25 dB/km (ZX40)

and the “Cable Loss” for 9/125 (Single-mode) is 0.2 dB/km (ZX70)
The following data has been collected from component manufacturer’s (Agilent’s and
Lucent’s) web sites and catalogs to provide guidance to network designers and installers.

Fiber Port
Module

4–4

Speed, Std.

Mode

Std. km Wavelength Cable Size/μm X’mitr R’cvr Worst Worst* typical typical*
fdx
nm
Output Sens. OPB, distance OPB, distance
PR
dB
Km
dB
Km
(hdx)
PT
fdx
fdx
dB
dB

10Mb
FL

Multi-Mode 2
(2)

850

62.5/125
100/140
50/125

-15.0
-9.5
-19.5

-31
-31
-31

14
5
19.5 5.9
19.5 3.4

17
6
23.5 7
13.5 4.8

C8, C9

100Mb
FX

Multi-mode 2
(0.4)

1300

62.5/125
50/125

-20
-23.5

-31
-31

9.0
5.5

3.0
2.0

14
12

100Mb
FX

Single-mode 18+
(0.4)

1300

9/125

-15

-31

17.5 35

100Mb
FX

Single-mode 40
(0.4)

1300

9/125

-5

-34

32.5 65

100Mb
FX

Multi-mode 2
(0.4)

1300

62.5/125
50/125

-20
-23.5

-31
-31

9.0
5.5

3.0
2.0

15.8 5.5
12.2 4.0

100Mb
FX

Multi-mode 2
(0.4)

1300

62.5/125

-19

-31

5.7

100Mb
FX

Single-Mode 15+
(0.4)

1310

9/125

-15

-28

H3, HG

1000 Mb FX Single-Mode 10
(Gigabit)

1310

9/125

-10.0

-22

5
4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

Note

OPERATION

H4, HH

1000 Mb FX Single-Mode 25
(Gigabit)

1310

9/125

-3.0

-21

H5, HI

1000 Mb FX Single-Mode 40
(Gigabit)

1550

9/125

-5.0

-22

H6, HJ

1000 Mb FX Single-Mode 70
(Gigabit)

1550

9/125

-2.0

-22

100

* The use of either multi-mode or single-mode fiber to operate at 100Mbps speed over
long distances (i.e., in excess of approx. 400 meters) can be achieved only if the following
factors are both applied:
• The 100Mb fiber segment must operate in full-duplex (FDX) mode, i.e. the fullduplex (factory default) setting for 100Mbps fiber ports must be used, and
• The worst-case OPB of the fiber link must be greater than the fiber cable’s passive
Attenuation.
(Attenuation = Cable loss + LED aging loss + Insertion loss + safety factor)

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–5

OPERATION

4.2

CHAPTER 4: OPERATION

Multilink ML1200 Managed Field Switch Port Modules
This chapter describes each Port Module (PM), including appearance, functionality, and
status displays.

4.2.1

Inspecting the Package and Product
This section applies only to Port Modules shipped as separate items, i.e., ML1200 PMs that
are not factory installed.
Examine the shipping container for obvious damage prior to installing a ML1200 PM; notify
the carrier of any damage you believe occurred during shipment. Inspect the contents of
this package for any signs of damage and ensure that the items listed below are included.
The package should contain:
• 1 or more ML1200 Port Moduless
• Installation instructions with illustrations
Observing proper ESD grounding procedures, remove the ML1200 PM(s) from the shipping
container. Be sure to keep the shipping container should you need to ship any of the PMs
separately at a later date. In the event there are items missing or damaged, contact your
supplier. If you need to return the unit, use the original shipping container if possible. Refer
to Chapter 5 for specific return procedures.

4.2.2

ML1200 Modules
An important feature of the Multilink ML1200 is the use of Port Modules for flexible mixedmedia connectivity to RJ-45 copper and various fiber media. The first four ports (1,2,3 & 4)
of the Multilink ML1200 Switches are fixed RJ-45 copper ports with dual-speed 10/
100Mbps auto-negotiating capability. Additionally the switch can accept up to three Port
Modules to provide the user with up to 12 additional ports (16 total) providing a wide
selection of Ethernet copper and fiber media connections with 10, 100 and 1000Mbps
capability and up to 70km.

Note

The ML1200 Port modules are not identical to the port modules used in other Multilink
products such as the ML2400 and ML1600. For information about other Multilink
products, please see the applicable manual. For a list of ML1200 Port Modules, refer to
Section 2.1.
Each ML1200 Port Module (PM) is individually described in the sections that follow.
For the fiber modules in slot D, the operational description is the same as the
corresponding fiber modules configured in slots B and C described below.
4.2.2.1 C8 Module, 2@100Mb multi-mode FX-ST “twist lock” Combo Module
The C8 Module is two port ST fiber module at 100MB. The module is equipped with dualmode ST-type connectors and dual speed copper ports. The ST-connector functions as a
fiber optic transceiver to support 100BASE-FX network segments. When installed in a

4–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

OPERATION

Multilink ML1200 Managed Switch, the copper port supports the standard distance 100m
on each port and the fiber port supports fiber optic cable distances up the IEEE-standard
100Mbps distance limits, i.e., typically 2km at full-duplex and 412m at half-duplex.

Each port has an Activity (ACT) LED indicating packets being received. A Link (LK) LED
indicates proper connectivity with the remote device when lit, and FDX/HDX LED to
indicate full-duplex mode when lit (half-duplex when off).
4.2.2.2 C7 Module, 2@10Mb multi-mode FX-ST “twist lock” Module
The C7 Module is a two port Fiber module that looks similar to the 100MbFiber module with
the exception of 10Mb speed at the ST fiber module. The ST-connector functions as a fiber
optic transceiver to support 10BASE-FX network segments. When installed in a Multilink
ML1200 Managed Switch, the fiber port supports fiber optic cable distances up the IEEEstandard 10Mbps distance limits, i.e., typically 2km at full-duplex and half-duplex.

Each port has an Activity (ACT) LED indicating packets being received, a Link (LK) LED that
indicates proper connectivity with the remote device when lit, and an FDX/HDX LED to
indicate full-duplex mode when lit (or half-duplex when off).
4.2.2.3 C9 Module, 2@100Mb multi-mode FX-SC “snap-in” Fiber connector
The C9 Module is two port module equipped with 2 multi-mode 100Mbps fiber optic
transceivers. This is similar to the C8 Module. It has the same LEDs indicating port activity
(ACT), Link (LK), and FDX / HDX and 10/100 operation, as well as the same face-plate
lettering. The difference is that the C9 Module is equipped with SC-type "snap-in" fiber port
connector instead of an ST-type.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–7

OPERATION

CHAPTER 4: OPERATION

4.2.2.4 CB Module, 2 Ports @100Mbps single-mode FX-SC-type, Sgl.M
The CB Module is also a Fiber module equipped with 2 Single-mode (Long Reach) SC-type
connectors. It provides a long reach Fiber function in one module to the ML1200 Switches,
supporting 100Mb single-mode (Long-Reach) fiber network segments.

The CB Module, when installed in a Multilink ML1200 Switch, supports single-mode fiber
cable lengths of as much as 40+ Km (see Power Budget, Section 4.5). Each port has an
Activity (ACT) LED indicating packets being received, a Link (LK) LED indicating proper
connectivity with the remote device when lit, and a FDX/HDX LED indicating full-duplex
mode when lit (or half-duplex when off).
4.2.2.5 C6 Module “COMBO” 2@ 10/100Mbps RJ-45 Ports and 1@100Mbps Multi-mode
FX-SC-type, “snap-in” connector
The C6 Module is also a Combo module equipped with 2 dual speed copper ports and 1
Multi-mode SC-type connector. It provides an advantage through combining copper and
Fiber functions in one module that supports two copper and one multi-mode fiber network
segments.

The C6 Module, when installed in a Multilink ML1200-Field Switch, operates on copper at
100m distances. The Fiber is multi-mode and cable lengths can be as much as 2 Km (see
Power Budget, Section 4.5)

4–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

OPERATION

Each port has an Activity (ACT) LED indicating packets being received, a Link (LK) LED that
indicates proper connectivity with the remote device when lit, and a FDX/HDX LED to
indicate full-duplex mode when lit (or half-duplex when off). The 10/100 LED indicates
100Mbps speed when lit and at 10Mbps speed when off.
4.2.2.6 CC Module, 4 @100Mb multi-mode FX , MTRJ Small-Form-factor
The CC Module is a multi-mode fiber optic 4-port module equipped with a small-formfactor MTRJ-type connector. It looks almost like an RJ-45 port, but it is black in color. The
MT-RJ’s small compact size connector and ease of connection make it a good choice for
100Mbps “fiber-to-the-desktop” Ethernet connectivity. When installed in a Multilink
ML1200 Switch, it supports fiber optic cable distances up the IEEE-standard 100Mbps
distance limits, i.e., typically 2km at full-duplex or half-duplex.

The functionality of this 100BASE-FX multi-mode 4-port module is essentially the same as
the ST and SC-types. It has the same LEDs per port indicating port activity (ACT), Link (LK),
and FDX or HDX operation.
4.2.2.7 C3 Module, “COMBO” 2@ 10/100Mbps RJ-45 and 2@100Mb multi-mode FX ,
MTRJ Small-FF
The C3 Module is a combo module with copper and fiber (Small Form Factor) MTRJ type
ports. The small size of MTRJ connectors provides an advantage of placing more ports on
one module. The C3 Module is equipped with Two 10/100 RJ-45 ports and Two MTRJ fiber
ports.
When installed in a Multilink ML1200 Switch, it supports the standard distances as per the
media. Each port has an Activity (ACT) LED indicating packets being received, a Link (LK)
LED that indicates proper connectivity with the remote device when lit, and a FDX/HDX LED
to indicate full-duplex mode when lit (or half-duplex when off). The 10/100 LED indicates
100Mbps speed when lit and at 10Mbps speed when off.
4.2.2.8 CD Module, 4 ports @ 100Mbps multi-mode LC connector SFF
The CD Module is a Four-port multi-mode fiber LC connector “small-form-factor” used
primarily in 100Mbps fiber-to-the-desktop links. When installed in a Multilink ML1200
Switch, it supports fiber optic cable distances up to the IEEE-standard 100Mbps distance
limits, i.e., typically 2km at full-duplex and 412m at half-duplex.
The compact size of the LC Connector reduces the size of wiring panels in wiring closets
while providing the advantage of “future-proof” fiber optic technology.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–9

OPERATION

CHAPTER 4: OPERATION

The cable end is a “plug-in” connector with both fiber strands terminated in one housing
that cannot be improperly inserted. Each port has an Activity (ACT) LED indicating packets
being received, a Link (LK) LED indicating proper connectivity with the remote device when
lit, and a FDX/HDX LED indicating full-duplex mode when lit (or half-duplex when off).
4.2.2.9 C4 Module, Combo 2@ 100Mbps multi-mode -LC small-form factor and 2@ 10/
100 Mbps RJ-45 Connector
The C4 Module module is a combo module with a combination of copper and mm Fiber
(Small Form Factor) LC-type ports. The small size of LC connectors allows more ports on
one module. The C4 Module is equipped with two 10/100 RJ-45 ports and two LC multimode fiber ports.

When installed in a Multilink ML1200 Switch, it supports the standard distances as per the
media. Each port has an Activity (ACT) LED indicating packets being received, a Link (LK)
LED that indicates proper connectivity with the remote device when lit, and a FDX/HDX LED
to indicate full-duplex mode when lit (or half-duplex when off). The 10/100 LED indicates
100Mbps speed when lit and at 10Mbps speed when off.
4.2.2.10 C1 Module (Twisted Pair), 10/100Mb, 4-Port
The C1 module supports Ethernet twisted pair segments of any standard length. It is
equipped with a Four-port RJ-45 connector, and offers 10/100 full / half-duplex autonegotiating capability on each port. The RJ-45 connector is shielded to minimize emissions
and will allow both unshielded twisted pair (UTP) and shielded twisted pair (STP) cable
connections.

4–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

OPERATION

Each port has an Activity (ACT) LED indicating packets being received, a Link (LK) LED that
indicates proper connectivity with the remote device when lit, a FDX/HDX LED to indicate
full-duplex mode when lit (or half-duplex when off), and a “10/100” LED indicating 100Mb
when lit (or 10 Mbps when off).
Note

Note

The 10/100 RJ-45 ports are supported with Auto-negotiation and Auto-crossover (MDIX),
which allow the RJ-45 ports to automatically Link with any RJ-45 device and eliminate the
use of cross-over cable.
For Power Substations: In support of the IEEE 1613 Class 2 standard, GE Multilin advises
that, for substation applications, the RJ-45 ports are intended for connectivity to other
communication equipment such as routers or telecommunication multiplexers installed in
close proximity (i.e., less than 2 meters or 6.5ft) to the ML1200. It is not recommended to
use these ports in substation applications to interface to field devices across distances
which could produce kigh (greater than 2500V ) levels of ground potential rise (GPR) during
line-to-ground fault conditions. The ML1200 passes the 1613specifications for zero packet
loss with fiber ports & with RJ-45 ports used as indicated here.
4.2.2.11 PoE power-pass-through, Base unit Model ML1200-48P, 10/100Mb 4-port
The LEDs on PoE ports are slightly different compared to regular (non-PoE) RJ-45 modules..
When the PoE port is in use, the PoE LED is ON when connected properly to a 803.af
compliant PD device on that port. When non-PoE devices are connected, the PoE LED is
OFF. Operation of Ethernet data traffic is not affected by PoE.
LINK and ACTIVITY LEDS are combined on the PoE modules into one LED that is marked as
LINK/ACT.
PoE LEDs Summary
• For PoE devices, each RJ-45 PoE port supports only 802.3af complaint devices. The
PoE LED is ON when the attached PD is drawing power from the port.
• For non-PoE devices connected, the PoE port will act as a normal RJ-45 port and
the PoE LED is OFF. No power is being sent out from the port.
• The PoE ports in Multilink with 48VDC power input act as a pass-through, so the
48VDC power source must be strong enough to provide power to the Multilink
switch and to all the 4 RJ-45 ports with PD devices connected (up to 15 watts per
PoE port).

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–11

OPERATION

CHAPTER 4: OPERATION

• In the case where the 48VDC power in not internally connected and no power is
coming to the PoE ports for some reason, all the PoE port LEDs are ON
simultaneously to indicate a trouble condition. The ports will still operate properly
for data traffic.
4.2.2.12 SFPs, Gigabit (1000Mbps) port modules
The Multilink ML1200 offers a Gigabit option with multiple choices of copper 10/100/
1000Mbps or Gigabit SFP Fiber modules for the modular slot. While up to two Gigabit
modules (maxm.) can be configured in the modular slot C only.

The ML1200 Modules provide a GBIC opening for insertion of industry-standard SFPs to
provide Gigabit (Gb) media flexibility. SFP fiber Transceivers are available with both multimode (550m) at 850nm and single-mode at 1330nm (10, 25, 40, 70)km fiber options, and
for Gigabit copper as well, with new models appearing often.
The 1000Mb Gigabit SFP fiber-port modules on the Multilink ML1200 are normally set
(factory default) to operate at AUTO mode for best fiber distance and performance. Only
two Gigabit ports can be configured on a Mangum ML1200 managed switch in slot D.
There are three LEDs provided on each SFP Gigabit port module. The SFP Gigabit fiber has
LEDs that indicate LK (Link status) and ACT (receiving activity) when lit and F/H (on for Full
and OFF for half duplex) for that port.
The copper Gigabit port supports 10/100/1000Mb speeds. The three LED’s show the speed
the connection has achieved. It is set as AUTO by default. All other LEDs are the same as
the SFP fiber.
4.2.2.13 Troubleshooting
All Multilink Ethernet products are designed to provide reliability and consistently high
performance in all network environments. The installation of a Multilink ML1200 Switch is
a straightforward procedure (see INSTALLATION, Section 3.0). The operation is also
straightforward and is discussed in Section 4.
Should problems develop during installation or operation, this section is intended to help
locate, identify and correct these types of problems. Please follow the suggestions listed
below prior to contacting your supplier. However, if you are unsure of the procedures

4–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 4: OPERATION

OPERATION

described in this section or if the Multilink ML1200 Switch is not performing as expected, do
not attempt to repair the unit; instead contact your supplier for assistance or contact GE
Multilin Customer Support.

4.2.3

Before Calling for Assistance
1.

If difficulty is encountered when installing or operating the unit, refer back to
the Installation Section of the applicable chapter of this manual. Also check
to make sure that the various components of the network are interoperable.

Check the cables and connectors to ensure that they have been properly
connected and the cables/wires have not been crimped or in some way
impaired during installation. (About 90% of network downtime can be
attributed to wiring and connector problems.)

Make sure that DC power is properly attached to each Multilink ML1200
Switch unit. Use the PWR LEDs to verify each unit is receiving power.

If the problem is isolated to a network device other than the Multilink ML1200
Switch product, it is recommended that the problem device be replaced with a
known good device. Verify whether or not the problem is corrected. If not, go
to Step 5 below. If the problem is corrected, the Multilink ML1200 Switch and
its associated cables are functioning properly.

If the problem continues after completing Step 4 above, contact your supplier
of the Multilink ML1200 Switch unit or if unknown, contact GE Multilin for
assistance.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

4–13

OPERATION

4–14

CHAPTER 4: OPERATION

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 5: IP Addressing
IP Addressing

5.1

IP Address and System Information
5.1.1

Overview
It is assumed that the user has familiarity with IP addresses, classes of IP addresses and
related netmask schemas (for example, class A, B, and C addressing).
Without an IP address, the switch operates as a standalone Layer 2 switch. Without an IP
address, you cannot:
• Use the web interface to manage the switch
• Use telnet to access the CLI
• Use any SNMP Network Management software to manage the switch
• Use NTP protocol or an NTP server to synchronize the time on the switch
• Use TFTP or FTP to download the configurations or upload software updates
• Run ping tests to test connectivity
To set the IP address, please refer to section 1.5.6: Setting the IP Parameters. Once the IP
address is set, the CLI can be accessed via telnet as well as the console interface. From
now on, all commands discussed are accessible from the command line interface,
irrespective of access methods (i.e. serial port or in band using telnet).
To verify the IP address settings using the command line interface, the show ipconfig
command can be used as follows:
ML1200> show ipconfig
IP Address:
3.94.247.41
Subnet Mask:
255.255.252.0
Default Gateway: 3.94.244.1

ML1200>

To verify the IP address using the EnerVista Secure Web Management software,
Z Select the Administration > System menu item to view.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–1

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

Z Edit the IP address information.

Besides manually assigning IP addresses, there are other means to assign an IP address
automatically. The two most common procedures are using DHCP and bootp.

5–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

5.2

IP ADDRESSING

Importance of an IP Address
5.2.1

DHCP and bootp
DHCP is commonly used for setting up addresses for computers, users and other user
devices on the network. bootp is the older cousin of DHCP and is used for setting up IP
addresses of networking devices such as switches, routers, VoIP phones and more. Both of
them can work independent of each other. Both of them are widely used in the industry. It's
best to check with your network administrator as to what protocol to use and what the
related parameters are. DHCP and bootp require respective services on the network. DHCP
and bootp can automatically assign an IP address. It is assumed that the reader knows
how to setup the necessary bootp parameters (usually specified on Linux/UNIX systems in
the /etc/boopttab directory).

5.2.2

bootp Database
Bootp keeps a record of systems supported in a database - a simple text file. On most
systems, the bootp service is not started as a default and has to be enabled. A sample
entry by which the bootp software will look up the database and update the IP address
and subnet mask of the switch would be as follows:
ML1200:\
ht=ether:\
ha=002006250065:\
ip=3.94.247.41:\
sm=255.255.252.0:\
gw=3.94.244.1:\
hn:\
vm=rfc1048

where:
•

ML1200 is a user-defined symbolic name for the switch.

• ht is the hardware type. For the MultiLink family of switches, set this to ether (for
Ethernet). This tag must precede the ha tag.
• ha is the hardware address. Use the switch's 12-digit MAC address.
• ip is the IP address to be assigned to the switch.
• sm is the subnet mask of the subnet in which the switch is installed.
Each switch should have a unique name and MAC address specified in the bootptab table
entry

5.2.3

Configuring DHCP/bootp/Manual/AUTO
By default, the switch is configured for auto IP configuration. DHCP/bootp/manual can be
enabled with the command line interface by using the set bootmode command with the
following syntax:
set bootmode= bootimg=
bootcfg=

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–3

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

The bootimg argument is only valid with the bootp type. This option allows the switch to
load the image file from the bootp server. This is useful when a new switch is placed on a
network and the IT policies are set to load a specific image which is supported and tested
by IT personnel.
Likewise, the bootcfg argument is valid only with the bootp type. This option allows the
switch to load the configuration file from the bootp server. This is useful when a new
switch is put on a network and the specific configurations are loaded from a centralized
bootp server
The following example changes the boot mode of the switch:
ML1200# set bootmode type=bootp bootimg=enable bootcfg=disable
Network application image download is enabled.
Network application config download is disabled.
Save Configuration and Restart System

ML1200#

Alternatively, the DHCP/bootp/manual can be enabled through the EnerVista Secure Web
Management software as shown below.
Z Select the Administration > System menu item.
Z Click Edit.

Z Alternatively, select items in the Administration > Set menu to
individually modify the boot mode, date and time, log size, etc.

5–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Z After the changes are completed for each section, click OK to
register the changes.
Note that if the IP address is changed, the http session has to be restarted with the new IP
address.

5.2.4

Using Telnet
The telnet client is enabled on the ML1200. The ML1200 supports five simultaneous
sessions on a switch: four telnet sessions and one console session. This allows many users
to view, discuss, or edit changes to the ML1200. This is also useful when two remote users
want to view the switch settings. The telnet client can be disabled through the command
line interface by using the telnet disable command with the following syntax:
telnet
Telnet can also be disabled for specific users with the useraccess command. Refer to
section 1.5.8: User Management, for details.
Multiple telnet sessions started from the CLI interface or the command line are serviced by
the ML1200 in a round-robin fashion (that is, one session after another). If one telnet
session started from an ML1200 is downloading a file, the other windows will not be
serviced until the file transfer is completed.
The following example changes the telnet access. In this case, the enable command was
repeated without any effect to the switch.
ML1200# configure access
ML1200(access)## telnet enable
Access to Telnet already enabled

ML1200(access)## exit
ML1200#

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–5

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

The show console command can show the status of the telnet client as well as other
console parameters. The following example reviews the console parameters with the show
console command. Note that telnet is enabled.
ML1200# show console
Console/Serial Link
Inbound Telnet Enabled: Yes
Outbound Telnet Enabled: Yes
Web Console Enabled: Yes
SNMP Enabled: Yes
Terminal Type: VT100
Screen Refresh Interval (sec): 3
Baud Rate: 38400
Flow Control: None
Session Inactivity Time (min): 10

ML1200#

Users can telnet to a remote host from the MultiLink family of switches using the following
syntax.
telnet [port=]
The default port for telnet is 23.
To start a telnet session through the EnerVista Secure Web Management software,
Z Select the Administration > Telnet menu item.

The default port for telnet is 23.
The ML1200 will time out an idle telnet session. It may be useful to see who is currently
connected to the switch. It may also be useful for a person to remotely terminate a telnet
session. To facilitate this, the ML1200 supports the following two commands:
show session
kill session id=

5–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

For example:
ML1200# user
ML1200(user)## useraccess user=peter service=telnet enable
Telnet Access Enabled.
ML1200(user)## exit
ML1200# show session
Current Sessions:
SL#
1
2
3

Sessn Id
1
2
3

Connection
163.10.10.14
163.11.11.1
163.12.12.16

User Name
manager
peter
operator

User Mode
Manager
Manager
Operator

ML1200# kill session id=3
Session Terminated
ML1200#

In the above example, the user with username “peter” is given telnet access. Then multiple
users telnet into the switch. This is shown using the show session command. The user
operator session is then terminated using the kill session command.
Note

A maximum of four simultaneous telnet sessions are allowed at any time on the switch.
The commands in these telnet windows are executed in a round robin fashion; that is, if
one window takes a long time to finish a command, the other windows may encounter a
delay before the command is completed. For example, if one window is executing a file
download, the other windows will not be able to execute the command before the file
transfer is completed. As well, if a outbound telnet session is started from the switch
(through a telnet window) then other windows will not be able to execute a command until
the telnet session is completed.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–7

IP ADDRESSING

5.3

CHAPTER 5: IP ADDRESSING

Setting Parameters
5.3.1

Setting Serial Port Parameters
To be compliant with IT or other policies the console parameters can be changed from the
CLI interface. This is best done by setting the IP address and then telnet over to the switch.
Once connected using telnet, the serial parameters can be changed. If you are using the
serial port, remember to set the VT-100 emulation software properties to match the new
settings.
The serial port parameters are modified using the set serial command with the
following syntax:
set serial [baud=] [data=<5|6|7|8>] [parity=]
[stop=<1|1.5|2>] [flowctrl=]

Where = standard supported baud rates.
Changing these parameters through the serial port will cause loss of connectivity. The
terminal software parameters (e.g. HyperTerminal) will also have to be changed to match
the new settings.

Note

To see the current settings of the serial port, use the show serial command to query the
serial port settings as illustrated below.
ML1200# show serial
Baud Rate: 38400
Data: 8
Parity: No Parity
Stop: 1
Flow Control: None

5.3.2

System Parameters
The system parameters can be queried and changed. To query the system parameters,
two commands are frequently used: show sysconfig and show setup. Usage for both
commands is illustrated below.
The following example lists system parameters using the show setup command. Most
parameters here cannot be changed.
ML1200# show setup
Version: ML1200 build 3.3.0 March 19 2009 14:22:43
MAC Address: 00:20:06:27:0a:e0
IP Address: 3.94.247.41
Subnet Mask: 255.255.252.0
Gateway Address: 3.94.244.1
CLI Mode: Manager
System Name: ML1200
System Description: 12 Port Modular Ethernet Switch
System Contact: multilin.tech@ge.com
System Location: Markham, Ontario
System ObjectId: 1.3.6.1.4.1.13248.12.7

ML1200#

The following example lists system parameters using the show sysconfig command.
Most parameters here can be changed.

5–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

ML1200#

System variables can be changed. Below is a list of system variables which GE
recommends changing.
• System Name: Using a unique name helps you to identify individual devices in a
network.
• System Contact and System Information: This is helpful for identifying the
administrator responsible for the switch and for identifying the locations of
individual switches.
To set these variables, change the mode to be SNMP configuration mode from the
manager mode using the following syntax
snmp
setvar [sysname|syscontact|syslocation] =
The following command sequence sets the system name, system location and system
contact information.
ML1200# snmp
ML1200(snmp)## setvar ?
setvar: Configures system name, contact or
location
Usage: setvar
[sysname|syscontact|syslocation]=

ML1200(snmp)## setvar syslocation=Fremont
System variable(s) set successfully

ML1200(snmp)## exit
ML1200#

5.3.3

Date and Time
It may be necessary to set the day, time or the time zone manually. This can be done by
using the set command with the necessary date and time options with the following
syntax:
set timezone GMT=[+ or -] hour=<0-14>
min=<0-59>
set date year=<2001-2035> month=<1-12> day=<1-31>
[format=]
set time hour=<0-23> min=<0-59> sec=<0-59> [zone=GMT[+/-]hh:mm]

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–9

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

To set the time to be 08:10 am in the -5 hours from GMT (Eastern Standard Time) and to set
the date as 11 May 2005, the following sequence of commands are used.
ML1200# set time hour=8 min=10 sec=0 zone=GMT-5:00
Success in setting device time

ML1200# show time
Time: 8:10:04

ML1200# show timezone
Timezone: GMT-05hours:00minutes

ML1200# set date year=2005 month=5 day=11
Success in setting device date

ML1200# show date
System Date: Wednesday 15-11-2005 (in mm
-dd-yyyy format)

ML1200#

The syntax for other date and time commands are:
set timeformat format=<12|24>
set daylight country=
The following command sequence sets the daylight location:
ML1200# set daylight country=Canada
Success in setting daylight savings to the
given location/country Canada

ML1200# show daylight
Daylight savings location name: Canada

ML1200#

The date and time can only be set through the command line interface software.

5.3.4

Network Time
Many networks synchronize the time using a network time server. The network time server
provides time to the different machines using the Simple Network Time Protocol (SNTP). To
specify the SNTP server, one has to
1.

Set the IP parameters on the switch

Define the SNTP parameters

To set the SNTP parameter with the command line software, enter the SNTP configuration
mode from the manager. The setsntp, sync, and sntp commands can then be used to
setup the time synchronization automatically from the SNTP server. Note it is not sufficient
to setup the SNTP variables. Make sure to setup the synchronization frequency as well as
enable SNTP. The syntax for the above commands is shown below.
setsntp server = timeout = <1-10>
retry = <1-3>
sync [hour=<0-24>] [min=<0-59>] (default = 24
hours)
sntp [enable|disable]

5–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

To set the SNTP server to be 3.94.210.5 (with a time out of 3 seconds and a number of
retries set to 3 times); allowing the synchronization to be ever 5 hours, the following
sequence of commands are used
ML1200# sntp
ML1200(sntp)## setsntp server=3.94.210.5 timeout=3 retry=3
SNTP server is added to SNTP server
database

ML1200(sntp)## sync hour=5
ML1200(sntp)## sntp enable
SNTP is already enabled.

ML1200(sntp)## exit
ML1200(sntp)#

SNTP parameters can be configured through the EnerVista Secure Web Management
software with the Configuration > SNTP menu item. The SNTP menu allows the time zone
(hours from GMT) to be defined along with other appropriate parameters on setting the
time and synchronizing clocks on network devices.

The edit button allows editing of the SNTP parameters as shown below. Adding or deleting
SNTP servers is accomplished by using the add and delete buttons. Clicking the edit button
allows the specific SNTP parameter settings to be modified.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–11

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

After the proper SNTP values are entered, click OK to register the changes, or click Cancel
to back out from the changes made.
To add an SNTP server, click the add button on the Configuration > SNTP menu. The menu
prompts you to add IP address of an SNTP server, the time out in seconds and the number
of retries, before the time synchronization effort is aborted. The Sync Now button allows
synchronization as soon as the server information is added.
Note

5–12

If your site has internet access, there are several SNTP servers available online. A quick
search will yield information about these servers. You can use the IP address of these
servers; however, please ensure the server can be reached by using the ping command.
The ping command can also be launched from the EnerVista software.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

The Time Out value is in seconds. Note the time server can be a NTP server available on
the Internet. Ensure the IP parameters are configured for the switch and the device can be
pinged by the switch. Once the server is added, it is listed with the other SNTP servers.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–13

IP ADDRESSING

5.4

CHAPTER 5: IP ADDRESSING

System Configuration
5.4.1

Saving and Loading – Command Line
Place the Switch offline while transferring Setting Files to the Switch.
When transferring Settings Files from one Switch to another, the IP address of the
originating Switch will also be transferred. The user must therefore reset the IP address on
the receiving Switch before connecting to the network.

Note

Configuration changes are automatically registered but not saved; that is, the effect of the
change is immediate. However, if power fails, the changes are not restored unless they
saved using the save command. It is also a good practice to save the configuration on
another network server using the tftp or ftp protocols. Once the configuration is saved, it
can be loaded to restore the settings. At this time, the saved configuration parameters are
not in a human readable format. The commands for saving and loading configurations on
the network are:
saveconf mode=
file=
loadconf mode=
file=
Ensure the machine specified by the IP address has the necessary services running. For
serial connections, x-modem or other alternative methods can be used. In most situations,
the filename must be a unique, since overwriting files is not permitted by most ftp and tftp
servers (or services). Only alphanumeric characters are allowed in the filename.
The following example illustrated how to save the configuration on a tftp server
ML1200# saveconf mode=tftp 3.94.240.9 file=ml1200set
Do you wish to upload the configuration?
['Y' or 'N'] Y

The saveconf and loadconf commands are often used to update software. Before the
software is updated, it is advised to save the configurations. The re-loading of the
configuration is not usually necessary; however, in certain situations it maybe needed and
it is advised to save configurations before a software update. The loadconf command
requires a reboot for the new configuration to be active. Without a reboot the older
configuration is used by the MultiLink family of switches.
The saveconf and loadconf commands are often used to update software to the
ML1200. These commands will be deprecated in the version 2.x and above, and replaced
with the ftp, tftp, or xmodem commands. It is advised to begin using these commands
instead of saveconf and loadconf.

5.4.2

Config file
Multilink software can now use the ftp or tftp (or xmodem if using the CLI) to upload and
download information to a server running the proper services. One useful capability
provided in Multilink software is export of the CLI commands used to configure the switch.
To do this, use Config Upload/Download.

5–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Using Config Download, examination of the contents of the saved file would appear as
shown below:

################################################################
# Copyright (c) 2001-2005 GE Multilin, Inc All rights reserved.
# RESTRICTED RIGHTS
# --------------------------------# Use, duplication or disclosure is subject to U.S. Government
# restrictions as set forth in Sub-division (b)(3)(ii) of the
# rights in Technical Data and Computer Software clause at
# 52.227-7013.
#
# This file is provided as a sample template to create a backup
# of GE MultiLink switches. As such, this script
# provides insights into the configuration of GE MultiLink
# switches settings. GE Multilin, Inc. recommends that modifications of this
# file and the commands should be verified by the User in a
# test environment prior to use in a "live" production network.
# All modifications are made at the User's own risk and are
# subject to the limitations of the GE MultiLink software End User
# License Agreement (EULA). Incorrect usage may result in
# network shutdown. GE Multilin, Inc. is not liable for incidental or
# consequential damages due to improper use.
################################################################
***This is a Machine Generated File.
***Only the SYSTEM config block is editable.
***Editing any other block will result in error while loading.
##########################################################
# Hardware Configuration - This area shows the type of
#
#
hardware and modules installed.
#
##########################################################
[HARDWARE]
type=ML1200
slotB=8 Port TP Module
##########################################################
# System Manager - This area configures System related
#
# information.
#
##########################################################

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–15

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

[SYSTEM]
***Edit below this line only***

system_name=ML1200
system_contact=support@gemultilin.com
system_location= Markham, Ontario
boot_mode=manual
system_ip=192.168.5.5
system_subnet=0.0.0.0
system_gateway=0.0.0.0
idle_timeout=10
telnet_access=enable
snmp_access=enable

web_access=enable

***Edit above this line only***
##########################################################
# User Accounts - This area configures user accounts for #
#

accessing this system.

##########################################################
...
FIGURE 5–1: Contents of a config file

Note

5–16

A config file allows only certain portions of the file to be edited by a user. Changing
any other part of the file will result in the system not allowing the file to be loaded, as
the CRC computed and stored in the file would not be matched. Should you want to
edit, edit the System portion of the file only. GE Multilin, Inc. recommends editing the
“script” file (see below)

File names cannot have special characters such as *#!@$^&* space and control
characters.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

5.4.3

IP ADDRESSING

Displaying configuration
Using SWM, the need to display specific CLI commands for configuring capabilities is not
needed. The menus are modular and are alphabetically sorted to display each necessary
component in a logical manner. This section is repeated from the CLI manual, should the
need arise to view the necessary commands. The best way to view these commands is to
telnet to the switch using the Telnet menu from the Administration menu.
To display the configuration or to view specific modules configured, the ‘show config’
command is used as described below.
Syntax show config [module=]
Where module-name can be:
Name

Areas affected

system

IP Configuration, Boot mode, Users settings (e.g. login
names, passwords)

event

Event Log and Alarm settings

port

Port settings, Broadcast Protection and QoS settings

bridge

Age time setting

stp

STP, RSTP and LLL settings

Port Security settings

mirror

Port Mirror settings

sntp

SNTP settings

llan

VLAN settings

gvrp

GVRP settings

snmp

SNMP settings

web

Web and SSL/TLS settings

tacacs

TACACS+ settings

auth

802.1x Settings

igmp

IGMP Settings

smtp

SMTP settings

If the module name is not specified the whole configuration is displayed.
ML1200# show config
[HARDWARE]
type= ML1200
slotB=8 Port TP Module
##########################################################

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–17

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

# System Manager - This area configures System related
#

information.

##########################################################
[SYSTEM]
***Edit below this line only****
system_name=Main
system_contact=someone@joe.com
system_location= Markham, Ontario
boot_mode=manual
system_ip=192.168.1.15
system_subnet=0.0.0.0
system_gateway=192.168.1.11
idle_timeout=10
telnet_access=enable
snmp_access=enable
web_access=enable

--more—
...

FIGURE 5–2: ’show config’ command output

5–18

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

ML1200# show config module=snmp
[HARDWARE]
type= ML1200
slotB=8 Port TP Module
##########################################################
# Network Management - This area configures the SNMPv3
#

agent.

#
#

##########################################################
[SNMP]
engineid=LE_v3Engine
defreadcomm=public
defwritecomm=private
deftrapcomm=public
authtrap=disable
com2sec_count=0
group_count=0
view_count=1
view1_name=all
view1_type=included
view1_subtree=.1
view1_mask=ff

--more—
...
FIGURE 5–3: Displaying specific modules using the ‘show config’ command

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–19

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

ML1200# show config module=snmp,system
[HARDWARE]
type= ML1200
slotB=8 Port TP Module
##########################################################
# System Manager - This area configures System related
#

information.

--more—
...
FIGURE 5–4: Displaying configuration for different modules.
Note – multiple modules can be specified on the command line

5.4.4

Saving Configuration
It is advisable to save the configuration before updating the software, as it may be
necessary in certain situations. The loadconf command requires a reboot to activate the
new configuration. Without a reboot, the ML1200 used the previous configuration. When
reboot is selected, the user is prompted as follows:
Reboot? ['Y' or 'N']

Select “Y”. The ML1200 will prompt:
Save Current Configuration?

Select “N”.

5–20

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Additional capabilities have been added to save and load configurations. The commands
are:
ftp type= host=
ip= file= user= pass=
tftp type= host=
ip= file=
xmodem type=
The arguments are describe below:
type:

Specifies whether a log file or host file is uploaded or downloaded. This can also
perform the task of exporting a configuration file or uploading a new image to
the switch

host , ip, file, user, pass: These parameters are associated with ftp/tftp server

communications.
The user can save the configuration in old (v2 format) and new (v3 format). The v3 format
must be used to utilize the ASCII and CLI Script capability.
save [format=v2|v3]
Note

With release 1.7 and higher, the configuration can be saved in the older format (binary
object) or in a new format as an ASCII file. The new format is recommended by GE Multilin.
Use the old format only if there are multiple MultiLink switches on the network running
different versions of software. GE Multilin recommends upgrading all switches to the most
current software release.
To ease the process of uploading and executing a series of commands, the ML1200 can
create a host (equivalent to creating a host table on many systems). The command for
creating a host is:
host name= ip= user=
pass=
The show host command displays the host table entries
ML1200# access
ML1200(access)## host add name=server ip=192.168.5.2
Host added successfully
ML1200(access)## show host
No Host Name IP Address
User Password
=========================================
1
server
192.168.5.2 -******
2
----3
----4
----5
----6
----7
----8
----9
----10 ----ML1200(access)##

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–21

IP ADDRESSING

5.4.5

CHAPTER 5: IP ADDRESSING

Script File
Script file is a file containing a set of CLI commands which are used to configure the
switch. CLI commands are repeated in the file for clarity, providing guidance to the user
editing the file as to what commands can be used for modifying variables used by MNS.
The script file does not have a check sum at the end and is used for configuring a large
number of switches easily. As with any configuration file that is uploaded, GE Multilin, Inc.
recommends that modifications of this file and the commands should be verified by the
user in a test environment prior to use in a "live" production network.
The script file will look familiar to people familiar with the CLI commands as all the
commands saved in the script file are described in the CLI User Guide. A sample of the
script file is shown below.
###############################################################
#
# Copyright (c) 2001-2005 GE Multilin, Inc All rights reserved.
# RESTRICTED RIGHTS
# --------------------------------# Use, duplication or disclosure is subject to U.S. Government
# restrictions as set forth in Sub-division (b)(3)(ii) of the
# rights in Technical Data and Computer Software clause at
# 52.227-7013.
#
# This file is provided as a sample template to create a backup
# of GE MultiLink switches configurations. As such,
# this script provides insights into the configuration of GE MultiLink switch's settings.
# GE Multilin, Inc. recommends that modifications of this
# file and the commands should be verified by the User in a
# test environment prior to use in a "live" production network.
# All modifications are made at the User's own risk and are
# subject to the limitations of the GE MultiLink MNS End User
# License Agreement (EULA). Incorrect usage may result in
# network shutdown. GE Multilin, Inc. is not liable for incidental or
# consequential damages due to improper use.
###############################################################
#
##########################################################
# System Manager - This area configures System related
#
#
information.
#
##########################################################
set bootmode type=manual
ipconfig ip=192.168.5.5 mask=0.0.0.0 dgw=0.0.0.0
set timeout=10
access
telnet enable
snmp enable
web=enable
exit
##########################################################
# User Accounts - This area configures user accounts for
#
#
accessing this system.
#
##########################################################
user
add user=manager level=2
passwd user=manager
manager

5–22

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

In the above example, note that all the commands are CLI commands. This script provides
an insight into the configuration of GE MultiLink switches settings. GE Multilin, Inc.
recommends that modifications of this file and the commands should be verified by the
User in a test environment prior to use in a "live" production network
To ease the process of uploading the script files, use the Script Upload/Download
capability described above.

5.4.6
Note

Saving and Loading – EnerVista Software
Place the Switch offline while transferring Setting Files to the Switch.
When transferring Settings Files from one Switch to another, the IP address of the
originating Switch will also be transferred. The user must therefore reset the IP address on
the receiving Switch before connecting to the network.
After configuration changes are made, all the changes are automatically saved. It is a
good practice to save the configuration on another server on the network using the tftp
or ftp protocols. Once the configuration is saved, the saved configuration can be reloaded
to restore the settings. At this time, the saved or loaded configuration parameters are not
in a human readable format.
The following figure illustrates the FTP window, which can be used to save the
configuration, as well as up load new images or reload a saved configuration.

Ensure the machine specified by the IP address has the necessary services running on it.
For serial connections, x-modem or other alternative methods can be used. Generally, the
filename name must be a unique filename, as over-writing files is not permitted by most
FTP and TFTP servers (or services).
The following figure illustrates saving the configuration on a TFTP server. Note that the
menu is similar to the FTP screen described earlier.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–23

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

This process can also be used to update new software to the managed MultiLink switches.
Before the software is updated, it is advised to save the configurations. Reloading of the
configuration is not usually necessary, but in certain situations it may be needed, and it is
recommended that you save configurations before a software update. Make sure to
reboot the switch after a new configuration is loaded.
The file transfer operations allowed are:
1.

Image Download (or Image Upload): Copy the ML1200 image from switch to
the server (or from the server to the switch). The “Image Upload” option is
commonly used to upgrade the ML1200 image on the switch.

Config Download (or Config Upload): Save the configuration of the switch on
the server (or load the saved configuration from the server to the switch). This
option is used to save a backup of the ML1200 configuration or restore the
configuration (in case of a disaster.)

Script Download (or Script Upload): Save the necessary CLI commands used
for configuration of the switch (or upload the necessary CLI commands
needed to configure the switch). This option is used to ease the repetitive task
of configuring multiple commands or reviewing all the commands needed to
configure the ML1200.

Host Download (or Host Upload): Save the host information. The hosts are
created by the Configuration - Access - Host commands

Log Upload - Save the log file on the ftp/tftp server

To save any changes,
Z Click on the save (
) icon.
The software will ask again if the changes need to be saved or
ignored.

5–24

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Z If the changes need to be ignored, click on Cancel and reboot the
switch.
Z If the changes need to be saved, click on OK.
The following figures illustrate saving changes made after adding an SNTP server. This is
done by clicking on the Save icon to save current configuration

5.4.7

Host Names
Instead of typing in IP addresses of commonly reached hosts, the ML1200 allows hosts to
be created with the necessary host names, IP addresses, user names, and passwords.
Z Use the Configuration > Access > Host menu to create host entries
as shown below.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–25

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

Z To add a host, click the Add button.
Z Fill in all the fields below to create the necessary host entries.

5–26

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Z To delete or edit the entries, use the delete or edit icons next to each
entry shown above.

5.4.8

Erasing Configuration
Kill Config option using SWM
To erase the configuration and reset the configurations to factory defaults, you can use
the kill config option from Administration tab by selecting kill config.

Note

User also has the option to save one module from defaulting back to factory defaults by
checking the module box before issuing kill Config command.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–27

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

In the example below “system” module box has been checked. In this case after kill Config
command is issued by pressing the OK button, the Switch will perform a factory dump
restoring all the Switch settings back to factory defaults except for the “System” settings
which will be retained.

When the OK button is pressed the Switch will issue the following warning messages; and
reboot the switch for it to revert back to the factory default settings with the exceptions of
modules opted not to be defaulted.

5–28

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Here is a list of the modules and related settings that can be selected not to default back to
factory default settings.
Name

Areas affected

System

IP Configuration, Boot mode

User

Users settings (e.g. login names, passwords)

Port

Port settings, Broadcast Protection and QoS
settings

STP/RSTP

STP, RSTP settings

Port-Security

Port Security settings

Port-Mirror

Port Mirror settings

VLAN

Port/Tag VLAN settings

ACCESS

IP-Access and Host Table settings

IGMP

IGMP Settings

LACP

LACP settings

Kill Config option using CLI
This command is a “hidden command”; that is, the on-line help and other help functions
normally do not display this command. The syntax for this command is:
kill Config
or
kill config save=module command
The kill Config command will default all the Switch settings back to factory defaults, while
the kill config save=module will default all with the exception of module selected.
Available modules are: system, user, acces, port, vlan, ps, mirror, lacp, slp, and igmp.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–29

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

It is recommended to save the configuration (using saveconf command discussed above)
before using the kill config command. The following two examples illustrate how to erase
all the Switch’s configuration using the kill config command and the second example
illustrates how to erase all the Switch’s configuration with the exception of ‘system’
configuration.
ML1200# kill config
Do you want to erase the configuration?
['Y' or 'N'] Y
Successfully erased configuration...Please reboot.

ML1200# kill config save=system
Do you want to erase the configuration?
['Y' or 'N'] Y
Successfully erased configuration...Please reboot.

Once the configuration is erased, please reboot the switch for the changes to take effect.

5–30

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

5.5

IP ADDRESSING

IPv6
This section explains how to access the GE MultiLink switches using IPv6 instead of IPv4
addressing. IPv6 provides a much larger address space and its use is often required.

Assumptions
It is assumed here that the user is familiar with IP addressing schemes and has other
supplemental material on IPv6, configuration, routing, setup and other items related to
IPv6. This user guide does not discuss these details.

5.5.1

Introduction to IPv6
IPv6 is short for "Internet Protocol Version 6". IPv6 is the "next generation" protocol or IPng
and was recommended to the IETF to replace the current version Internet Protocol, IP
Version 4 ("IPv4"). IPv6 was recommended by the IPv6 (or IPng) Area Directors of the
Internet Engineering Task Force at the Toronto IETF meeting on July 25, 1994 in RFC 1752:
The Recommendation for the IP Next Generation Protocol. The recommendation in
question, was approved by the Internet Engineering Steering Group and a proposed
standard was created on November 17, 1994. The core set of IPv6 protocols was created
as an IETF draft standard on August 10, 1998.
IPv6 is a new version of IP, designed to be an evolutionary step from IPv4. It is a natural
increment to IPv4. It can be installed as a normal software upgrade in internet devices and
is interoperable with the current IPv4. Its deployment strategy is designed to have no
dependencies. IPv6 is designed to run well on high performance networks (e.g. Gigabit
Ethernet, OC-12, ATM, etc.) and at the same time still be efficient on low bandwidth
networks (e.g. wireless). In addition, it provides a platform for the new level of internet
functionality that will be required in the near future.
IPv6 includes a transition mechanism designed to allow users to adopt and deploy it in a
highly diffuse fashion, and to provide direct interoperability between IPv4 and IPv6 hosts.
The transition to a new version of the Internet Protocol is normally incremental, with few or
no critical interdependencies. Most of today's internet uses IPv4, which is now nearly
twenty years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning
to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which
are needed by all new machines added to the Internet.
IPv6 fixes a number of problems in IPv4, such as the limited number of available IPv4
addresses. It also adds many improvements to IPv4 in areas such as routing and network
auto configuration. IPv6 is expected to gradually replace IPv4, with the two coexisting for a
number of years during the transition period.

5.5.2

What’s changed in IPV6?
The changes from IPv4 to IPv6 fall primarily into the following categories:
• Expanded Routing and Addressing Capabilities – IPv6 increases the IP address size
from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much
greater number of addressable nodes, and simpler auto-configuration of

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–31

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

addresses. The scalability of multicast routing is improved by adding a "scope"
field to multicast addresses.
• A new type of address called an "anycast address" is defined, that identifies sets of
nodes where a packet sent to an anycast address is delivered to one of these
nodes. The use of anycast addresses in the IPv6 source route allows nodes to
control the path along which their traffic flows.
• Header Format Simplification - Some IPv4 header fields have been dropped or
made optional, to reduce the common-case processing cost of packet handling
and to keep the bandwidth cost of the IPv6 header as low as possible despite the
increased size of the addresses. Even though the IPv6 addresses are four times
longer than the IPv4 addresses, the IPv6 header is only twice the size of the IPv4
header.
• Improved Support for Options - Changes in the way IP header options are encoded
allow more efficient forwarding, less stringent limits on the length of options, and
greater flexibility for introducing new options in the future.
• Quality-of-Service Capabilities - A new capability is added to enable the labeling of
packets belonging to particular traffic "flows" for which the sender requests
special handling, such as non-default quality of service or "real- time" service.
• Authentication and Privacy Capabilities - IPv6 includes the definition of extensions
which provide support for authentication, data integrity, and confidentiality. This is
included as a basic element of IPv6 and will be included in all implementations.

5.5.3

IPv6 Addressing
IPv6 addresses are 128-bits long and are identifiers for individual interfaces and sets of
interfaces. IPv6 addresses of all types are assigned to interfaces, not nodes. Since each
interface belongs to a single node, any of that node's interface’s unicast addresses may be
used as an identifier for the node. A single interface may be assigned multiple IPv6
addresses of any type.
There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast
addresses identify a single interface. Anycast addresses identify a set of interfaces such
that a packet sent to an anycast address will be delivered to one member of the set.
Multicast addresses identify a group of interfaces, such that a packet sent to a multicast
address is delivered to all the interfaces in the group. There are no broadcast addresses in
IPv6. This function has been replaced by multicast addresses.
IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs.
32). This is 4 Billion x 4 Billion x 4 Billion (296) times the size of the IPv4 address space (232).
This works out to be:
340,282,366,920,938,463,463,374,607,431,768,211,456
This is an extremely large address space. In a theoretical sense this is approximately
665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet
Earth (assuming the earth surface is 511,263,971,197,990 square meters). In the most
pessimistic estimate this would provide 1,564 addresses for each square meter of the
surface of Earth. The optimistic estimate would allow for 3,911,873,538,269,506,102
addresses for each square meter of the surface Earth. Approximately fifteen percent of
the address space is initially allocated. The remaining 85% is reserved for future use.

5–32

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 5: IP ADDRESSING

IP ADDRESSING

Details of the addressing are covered by numerous articles on the WWW as well as other
literature, and are not covered here.

5.5.4

Configuring IPv6
The commands used for IPv6 are the same as those used for IPv4. Some of the commands
will be discussed in more details later. The only exception is the ‘ping’ command where
there is a special command for IPv6. That commands is ‘ping6’ and the syntax is as
Syntax ping6 - pings an IPv6 station.
There is also a special command to ping the status of IPv6. That command is
Syntax show ipv6 - displays the IPv6 information.
To configure IPv6, the following sequence of commands can be used:
ML1200# ipconfig ?
ipconfig : Configures the system IP address, subnet mask and gateway
Usage
ipconfig [ip=] [mask=] [dgw=]

ML1200# ipconfig ip=fe80::220:6ff:fe25:ed80 mask=ffff:ffff:ffff:ffff::
Action Parameter Missing. "add" assumed.
IPv6 Parameters Set.
ML1200# show ipv6

IPv6 Address : fe80::220:6ff:fe25:ed80 mask : ffff:ffff:ffff:ffff::

ML1200# show ipconfig
IP Address : 192.168.5.5
Subnet Mask: 255.255.255.0
Gateway Address: 192.168.5.1
IPv6 Address: fe80::220:6ff:fe25:ed80 mask : ffff:ffff:ffff:ffff::
IPv6 Gateway: ::
ML1200#
FIGURE 5–5: Configuring IPv6

In addition to the commands listed above, the commands which support IPv6 addressing
are
Syntax ftp - ftp to an IPv6 station
Example – ftp fe80::220:6ff:fe25:ed80

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

5–33

IP ADDRESSING

CHAPTER 5: IP ADDRESSING

Syntax telnet - telnet to an IPv6 station
Example – telnet fe80::220:6ff:fe25:ed80
Besides, if the end station supports IPv6 addressing (as most Linux and Windows systems
do), one can access the switch using the IPv6 addressing as shown in the example below
http://fe80::220:6ff:fe25:ed80

5.5.5

List of commands in this chapter
Syntax ipconfig [ip=] [mask=] [dgw=] [add|del]
– configure an IPv6 address. The add/delete option can be used to add or delete IPv4/IPv6
addresses.
Syntax show ipconfig – display the IP configuration information – including IPv6 address
Syntax ping6 - pings an IPv6 station
Syntax show ipv6 - displays the IPv6 information
Syntax ftp - ftp to an IPv6 station
Syntax telnet - telnet to an IPv6 station.

5–34

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 6: Access Considerations
Access Considerations

6.1

Securing Access
6.1.1

Description
This section explains how the access to the MultiLink ML1200 Managed Field Switch can be
secured. Further security considerations are also covered such as securing access by IP
address or MAC address.
It is assumed here that the user is familiar with issues concerning security as well as
securing access for users and computers on a network. Secure access on a network can
be provided by authenticating against an allowed MAC address as well as IP address.

Note

6.1.2

Passwords
The MultiLink ML1200 Managed Field Switch has a factory default password for the
manager as well as the operator account. Passwords can be changed from the user ID by
using the set password command.
For example:
ML1200# set password
Enter Current Password: *******
Enter New Password:*******
Confirm New Password:*******
Password has been modified successfully

ML1200#

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–1

ACCESS CONSIDERATIONS

6.1.3

CHAPTER 6: ACCESS CONSIDERATIONS

Port Security Feature
The port security feature can be used to block computers from accessing the network by
requiring the port to validate the MAC address against a known list of MAC addresses. This
port security feature is provided on an Ethernet, or Fast Ethernet, port. In case of a security
violation, the port can be configured to go into the disable mode or drop mode. The disable
mode disables the port, not allowing any traffic to pass through. The drop mode allows the
port to remain enabled during a security violation and drop only packets that are coming
in from insecure hosts. This is useful when there are other network devices connected to
the MultiLink ML1200 Managed Field Switch. If there is an insecure access on the
secondary device, the MultiLink ML1200 Managed Field Switch allows the authorized users
to continue to access the network; the unauthorized packets are dropped preventing
access to the network.

Note

6–2

Network security hinges on the ability to allow or deny access to network resources. This
aspect of secure network services involves allowing or disallowing traffic based on
information contained in packets, such as the IP address or MAC address. Planning for
access is a key architecture and design consideration. For example, which ports are
configured for port security? Normally rooms with public access (e.g. lobby, conference
rooms, etc.) should be configured with port security. Once that is decided, the next few
decisions are: Who are the authorized and unauthorized users? What action should be
taken against authorized as well as unauthorized users? How are the users identified as
authorized or unauthorized?

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

6.2

ACCESS CONSIDERATIONS

Configuring Port Security through the Command Line Interface
6.2.1

Commands
To configure port security, login as a level 2 user or as a manager. Once logged in, get to
the port-security configuration level to setup and configure port security with the following
command syntax:
configure port-security
port-security
For example, using the configure port-security command:
ML1200# configure port-security
ML1200(port-security)##

Alternately, the port-security command can also be used to enter the port-security
configuration mode:
ML1200# port-security
ML1200#(port-security)##

From the port security configuration mode, the switch can be configured to:
1.

Auto-learn the MAC addresses.

Specify individual MAC addresses to allow access to the network.

Validate or change the settings.

The command syntax for the above actions are:
allow mac=
port=
learn port=
show port-security
action port=

signal port=

ps
remove mac=
port=
signal port=

Where the following hold:
• allow mac - configures the switch to setup allowed MAC addresses on specific
ports
• learn port - configures the switch to learn the MAC addresses associated with
specific port or a group of ports
• show port-security - shows the information on port security programmed or
learnt
• action port - specifies the designated action to take in case of a non
authorized access
• ps - port security - allows port security to be enable or disabled

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–3

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

• remove mac - removes specific or all MAC addresses from port security lookup
• signal port= - observe list of specified ports and notify if
there is a security breach on the list of port specified. The signal can be a log entry,
a trap to the trap receiver specified as part of the SNMP commands (where is that
specified) or both
There is a limitation of 200 MAC addresses per port and 500 MAC addresses per switch for
port security.

Note

All commands listed above must be executed under the port security configuration mode.

Note

Let's look at a few examples. The following command allows specific MAC addresses on a
specified port. No spaces are allowed between specified MAC addresses.
ML1200(port-security)## allow
mac=00:c1:00:7f:ec:00,00:60:b0:88:9e:00 port=18

The following command sequence sets the port security to learn the MAC addresses. Note
that a maximum of 200 MAC addresses can be learned per port, to a maximum of 500 per
switch. Also, the action on the port must be set to none before the port learns the MAC
address information.
ML1200(port-security)## action port=1, 2 none
ML1200(port-security)## learn port=1, 2 enable

The following command sequence enables and disables port security
ML1200(port-security)## ps enable
Port Security is already enabled

ML1200(port-security)## ps disable
Port Security Disabled

ML1200 ps enable
Port Security Enabled

6.2.2

Allowing MAC Addresses
The Port Security feature has to be used with the combination of commands shown below
in order for it to be implemented successfully.
To configure a port to allow only a certain MAC address (single or a list of max 200 MAC
addresses per port and 500 MAC addresses per ML1200, as per manuals) we have to:
1.

Verify that the port is in default port security status.

Use the following commands:
#port-security
(port-security)##ps enable
(port-security)##allow mac= port=
(port-security)##action port=drop

Note

6–4

All the above commands have to be configured in this sequence, otherwise the port will
remain insecure.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

To deny a mac address, use the following:
#port-security
(port-security)##ps enable
(port-security)##deny mac= port=
(port-security)##action port=drop

Example 6-1 views port security settings on a switch. Learning is enabled on port 1. This
port has 6 stations connected to it with the MAC addresses as shown. Other ports have
learning disabled and the MAC addresses are not configured on those ports.

Example 6-1: Viewing the port security settings
ML1200# show port-security
PORT
---1

2
3
4
5
6

STATE
----ENABLE

ENABLE
ENABLE
ENABLE
ENABLE
ENABLE

SIGNAL
-----LOG

NONE
NONE
NONE
NONE
NONE

ACTION
-----NONE

NONE
NONE
NONE
NONE
NONE

LEARN
----ENABLE

DISABLE
DISABLE
DISABLE
DISABLE
DISABLE

COUNT
----6

0
0
0
0
0

MAC ADDRESS
----------00:e0:29:2a:f1:bd
00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
Not Configured
Not Configured
Not Configured
Not Configured
Not Configured

ML1200(port-security)##
Example 6-2: Enabling learning on a port
ML1200(port-security)## learn port=3 enable
Port Learning Enabled on selected port(s)

ML1200(port-security)## show port-security
PORT
---1

2
3
4
5
6

STATE
----ENABLE

ENABLE
ENABLE
ENABLE
ENABLE
ENABLE

SIGNAL
-----LOG

NONE
NONE
NONE
NONE
NONE

ACTION
-----NONE

NONE
NONE
NONE
NONE
NONE

LEARN
----ENABLE

DISABLE
ENABLE
DISABLE
DISABLE
DISABLE

COUNT
----6

0
0
0
0
0

ML1200(port-security)##

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–5

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

Example 6-2 shows how to enable learning on a port. After the learning is enabled, the
port security can be queried to find the status of MAC addresses learnt. If there were
machines connected to this port, the MAC address would be shown on port 3 as they are
shown on port 1.
Example 6-3 shows how to allow specific MAC address on specific ports. After the MAC
address is specified, the port or specific ports or a range of ports can be queried as shown.
Example 6-4 shows how to remove a MAC address from port security
To set logging on a port, use the following command sequence:
ML1200(port-security)## signal port=3 logandtrap
Port security Signal type set to Log and
Trap on selected port(s)

The examples provided illustrate the necessary commands to setup port security. The
recommended steps to setup security are:
Z Set the ML1200 software to allow port security commands (use the
port-security command).
Z Enable port security (use the enable ps command).
Z Enable learning on the required ports (for example, use the learn
port=3 enable command for port 3).
Z Verify learning is enables and MAC addresses are being learnt on
required ports (use the show port-security port=3 command).
Z Save the port-security configuration (use the save command).
Example 6-3: Allowing specific MAC addresses on specific ports
ML1200(port-security)## allow mac=00:c1:00:7f:ec:00 port=1,3,5
Specified MAC address(es) allowed on selected port(s)

ML1200(port-security)## show port-security port=1,3,5
PORT
---1

3
5

STATE
----ENABLE

ENABLE
ENABLE

SIGNAL
-----LOG

NONE
NONE

ACTION
-----NONE

NONE
NONE

LEARN
----ENABLE

ENABLE
DISABLE

COUNT
----6

0
0

MAC ADDRESS
----------00:e0:29:2a:f1:bd
00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
00:c1:00:7f:ec:00
00:c1:00:7f:ec:00
00:c1:00:7f:ec:00

Example 6-4: Removing MAC addresses from specific ports
ML1200(port-security)## remove mac=00:c1:00:7f:ec:00 port=3
Specified MAC address(es) removedfrom selected
port(s)

ML1200(port-security)## show port-security port=3
PORT STATE
---- ----3
ENABLE

SIGNAL ACTION LEARN
------ ------ ----NONE
NONE
ENABLE

COUNT MAC ADDRESS
----- ----------0
Not Configured

ML1200(port-security)##

6–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

Z Disable learning on required ports (for example, use the learn
port=3,5 disable command).
Z (Optional step) Add any specific MAC addresses, if needed, to allow
designated devices to access the network (use the add
mac=00:c1:00:7f:ec:00 port=3,5 command).
Z Disable access to the network for unauthorized devices (Use action
port=3 depending on whether the port should
be disabled or the packed dropped. Follow that with a show portsecurity command to verify the setting).
Z (Optional step) Set the notification to notify the management station
on security breach attempts (use the command signal port to
make a log entry or send a trap).

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–7

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

Example 6-5 illustrates these steps for setting up port security on a specific port:
Once port security is setup, it is important to manage the log and review the log often. If
the signals are sent to the trap receiver, the traps should also be reviewed for intrusion and
other infractions.

6.2.3

Security Logs
All events occurring on the MultiLink ML1200 Managed Field Switch are logged. The events
can be informational (e.g. login, STP synchronization etc.), debugging logs (for debugging
network and other values), critical (critical events), activity (traffic activity) and fatal events
Example 6-5: Configuring port security
ML1200# port-security
ML1200(port-security)## ps enable
Port Security is already enabled

ML1200(port-security)## learn port=3 enable
Port Learning Enabled on selected port(s)

ML1200(port-security)## show port-security
PORT
---1

2
3
4
5
6

STATE
----ENABLE

ENABLE
ENABLE
ENABLE
ENABLE
ENABLE

SIGNAL
-----LOG

NONE
NONE
NONE
NONE
NONE

ACTION
-----NONE

NONE
NONE
NONE
NONE
NONE

LEARN
----ENABLE

DISABLE
ENABLE
DISABLE
DISABLE
DISABLE

COUNT
----6

0
0
0
0
0

MAC ADDRESS
----------00:e0:29:2a:f1:bd
00:01:03:e2:27:89
00:07:50:ef:31:40
00:e0:29:22:15:85
00:03:47:ca:ac:45
00:30:48:70:71:23
Not Configured
00:c1:00:7f:ec:00
Not Configured
Not Configured
Not Configured

ML1200(port-security)## save
Saving current configuration
Configuration saved

ML1200(port-security)## learn port=3 disable
Port Learning Disabled on selected port(s)

ML1200(port-security)## action port=3 drop
Port security Action type set to Drop on selected
port(s)

ML1200(port-security)## show port-security port=3
PORT STATE
---- ----3
ENABLE

SIGNAL ACTION LEARN
------ ------ ----NONE
DROP
ENABLE

COUNT MAC ADDRESS
----- ----------0
00:c1:00:7f:ec:00

ML1200(port-security)## signal port=3 logandtrap
Port security Signal type set to Log and Trap on
selected port(s)

ML1200(port-security)## exit
ML1200#

6–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

(such as unexpected behavior). The specific types of logs can be viewed and cleared. The
show log command displays the log information and the clear log command clears
the log entries. The syntax for these commands is shown below:
show log [1..5|informational|debug|fatal |critical|activity]
clear log [informational|debug|activity |critical|fatal]
The set logsize command set the number of lines to be collected in the log before the
oldest record is re-written. The syntax for this command is:
set logsize size=<1-1000>
Example 6-6 illustrates the show log and clear log commands. The show log
command indicates the type of log activity in the S column. I indicates informational
entries and A indicates activities which are a result of port-security setup. Notice the
clear log informational command clears the informational entries only.
The log shows the most recent intrusion at the top of the listing. If the log is filled when the
switch detects a new intrusion, the oldest entry is dropped off the listing.
As discussed in the prior section, any port can be set to monitor security as well as make a
log on the intrusions that take place. The logs for the intrusions are stored on the switch.
When the switch detects an intrusion on a port, it sets an “alert flag” for that port and
makes the intrusion information available.
The default log size is 50 rows. To change the log size, use the set logsize command.

Example 6-6: Security log commands
ML1200# show log
S
I
I
I
I
I
I
I
I
I
I
I
I
I
A
A
A

Date
---12-07-2004
12-07-2004
12-08-2004
12-09-2004
12-09-2004
12-09-2004
12-09-2004
12-09-2004
12-10-2004
12-11-2004
12-11-2004
12-12-2004
12-12-2004
12-17-2004
12-17-2004
12-17-2004

Time
---9:01:34 A.M
5:54:23 P.M
6:09:00 P.M
1:48:56 P.M
1:49:23 P.M
4:26:26 P.M
4:26:34 P.M
6:23:37 P.M
6:38:13 P.M
10:16:24 A.M
6:52:49 P.M
12:40:35 P.M
12:40:42 P.M
12:05:52 P.M
12:07:04 P.M
12:07:16 P.M

Log Description
--------------CLI:manager console login
SNTP:Date and Time updated from SNTP server
SNTP:Date and Time updated from SNTP server
TELNET:Telnet Session Started
CLI:manager console login
TELNET:Telnet Session Started
CLI:manager console login
SNTP:Date and Time updated from SNTP server
SNTP:Date and Time updated from SNTP server
TELNET:Telnet Session Started
SNTP:Date and Time updated from SNTP server
TELNET:Telnet Session Started
CLI:manager console login
PS:INTRUDER 00:e0:29:6c:a4: fd@port11, packet dropped
PS:INTRUDER 00:50:0f:02:33: b6@port15, packet dropped
PS:INTRUDER 00:e0:29:2a:f0: 3a@port15, packet dropped

ML1200# clear log informational
Clear Logged Events? ['Y' or 'N']

ML1200# show log
S
A
A
A

Date
---12-17-2004
12-17-2004
12-17-2004

Time
---12:05:52 P.M
12:07:04 P.M
12:07:16 P.M

Log Description
--------------PS:INTRUDER 00:e0:29:6c:a4: fd@port3, packet dropped
PS:INTRUDER 00:50:0f:02:33: b6@port5, packet dropped
PS:INTRUDER 00:e0:29:2a:f0: 3a@port5, packet dropped

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–9

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by ML1200 software. The event log lists the most recently detected security violation
attempts. This provides a chronological entry of all intrusions attempted on a specific port.
The event log records events as single-line entries listed in chronological order, and serves
as a tool for isolating problems. Each event log entry is composed of four fields
• Severity - the level of severity (see below).
• Date - date the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch.
• Time - time the event occurred on. See Date and Time on page 5–9 for information
on setting the date and time on the switch
• Log Description - description of event as detected by the switch
Severity has one of the following values, and depending on the severity type, is assigned a
severity level.
• I (information, severity level 1) indicates routine events.
• A (activity, severity level 2) indicates the activity on the switch.
• D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information
• C (critical, severity level 4) indicates that a severe switch error has occurred.
• F (fatal, severity level 5) indicates that a service has behaved unexpectedly.

6.2.4

Authorized Managers
Just as port security allows and disallows specific MAC addresses from accessing a
network, the ML1200 software can allow or block specific IP addresses or a range of IP
addresses to access the switch. The access command allows access to configuration
mode:
access
The allow ip command allows specified services for specified IP addresses. IP addresses
can be individual stations, a group of stations or subnets. The range is determined by the IP
address and netmask settings.
allow ip= mask= service=
The deny ip command denies access to a specific IP address(es) or a subnet. IP
addresses can be individual stations, a group of stations or subnets. The range is
determined by the IP address and netmask settings.
deny ip= mask= service=
The remove ip command removes specific IP address(es) or subnet by eliminating
specified entry from the authorized manager list.
remove ip= mask=
The removeall command removes all authorized managers.
removeall
The show ip-access command displays a list of authorized managers
show ip-access

6–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

Note

ACCESS CONSIDERATIONS

It is assumed here that the user is familiar with IP addressing schemes (e.g. class A, B, C,
etc.), subnet masking and masking issues such as how many stations are allowed for a
given subnet mask.
In Example 6-7, any computer on 3.94.245.10 network is allowed (note how the subnet
mask indicates this). Also, a specific station with IP address 3.94.245.25 is allowed (again
note how the subnet mask is used). An older station with IP address 3.94.245.15 is
removed.

Example 6-7: Allowing/blocking specific IP addresses
ML1200# access
ML1200(access)## allow ip=3.94.245.10 mask=255.255.255.0 service=t
Service(s) allowed for specified address

ML1200(access)## allow ip=3.94.245.25 mask=255.255.255.255 service
Service(s) allowed for specified address

ML1200(access)## remove ip=3.94.245.15 mask=255.255.255.255
Access entry removed

ML1200(access)## exit
ML1200# show ip-access
============================================================
IP Address
| Mask
| Telnet | Web
| SNMP |
============================================================
3.94.245.10
255.255.255.0
ALLOWED
DENIED
DENIED
3.94.245.25
255.255.255.255
ALLOWED
DENIED
DENIED

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–11

ACCESS CONSIDERATIONS

6.3

CHAPTER 6: ACCESS CONSIDERATIONS

Configuring Port Security with EnerVista Software
6.3.1

Commands
After enabling the EnerVista Secure Web Management software,
Z Select the Configuration > Port > Security menu item to configure
port security as shown below.

From the menu shown above, each individual port can be configured for the proper action
on the port, auto learn MAC addresses and specify individual MAC addresses.
Z To edit each port, click on the edit icon (

Z To enable or disable port security, use the Status drop down menu
as shown below.

6–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

Note that the screen also provides an overview of each port on the switch. Each port can
be individually configured for the proper port security action.
Each individual port can be configured by clicking on the edit icon (
screen is shown, the following actions can be taken for each port:

). Once the edit

The port can be specified to create a log entry or send a trap, do both or do
nothing. This is done through the Signal Status drop down menu.

The port can be specified to drop the connection, disable the port or do
nothing. This is indicated by the Action Status drop down menu.

The port can be put in the learn mode or the learning can be disabled. This is
indicated by the Learn Status drop down menu.

Additionally, MAC addresses can be added or deleted from the table of allowed MAC
addresses.
Z To delete a MAC address, click on the delete icon (

Z To add a MAC address, click on the Add button and fill in the MAC
address in the MAC address window.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–13

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

There is a limitation of 200 MAC addresses per port and 500 MAC addresses per switch for
port security.
After clicking on the Add button, the following screen appears, allowing the entry of a
specific MAC address

Once port security is setup, it is important to manage the log and review it often. If the
signals are sent to the trap receiver, the traps should also be reviewed for intrusion and
other infractions.

6–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

6.3.2

ACCESS CONSIDERATIONS

Logs
All events occurring on the Managed MultiLink ML1200 Managed Field Switch are logged.
The events can be informational (e.g. login, STP synchronization etc.), debugging logs (for
debugging network and other values), critical (critical events), activity (traffic activity) and
fatal events (such as unexpected behavior). The specific types of logs can be viewed and
cleared. To view the logs in the EnerVista Secure Web Management software, select the
Configuration > Logs menu item.

Note the different types of logs. Specific logs may be viewed by using the drop down menu
in the top right corner
As discussed in the previous section, any port can be set to monitor security as well as
make a log on the intrusions that take place. The logs for the intrusions are stored on the
switch. When the switch detects an intrusion on a port, it sets an “alert flag” for that port
and makes the intrusion information available.
Note

The default log size is 50 rows. To change the log size, select the Configuration > Statistics
> Log Statistics menu item.
When the switch detects an intrusion attempt on a port, it records the date and time
stamp, the MAC address, the port on which the access was attempted and the action
taken by the MultiLink ML1200 Managed Field Switch. The event log lists the most recently
detected security violation attempts. This provides a chronological entry of all intrusions
attempted on a specific port.
The event log records events as single-line entries listed in chronological order, and serves
as a tool for isolating problems. Each event log entry is composed of four fields
• Severity - the level of severity (see below).
• Date - date the event occurred on. See Date and Time on page 5–8 for information
on setting the date and time on the switch.
• Time - time the event occurred on. See Date and Time on page 5–8 for information
on setting the date and time on the switch
• Log Description - description of event as detected by the switch

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–15

ACCESS CONSIDERATIONS

CHAPTER 6: ACCESS CONSIDERATIONS

Severity has one of the following values, and depending on the severity type, is assigned a
severity level.
• I (information, severity level 1) indicates routine events.
• A (activity, severity level 2) indicates the activity on the switch.
• D (debug, severity level 3) is reserved for GE Multilin internal diagnostic information
• C (critical, severity level 4) indicates that a severe switch error has occurred.
• F (fatal, severity level 5) indicates that a service has behaved unexpectedly.

6.3.3

Authorized Managers
Just as port security allows and disallows specific MAC addresses from accessing a
network, the EnerVista Secure Web Management software can allow or block specific IP
addresses or a range of IP addresses to access the switch.
Z Access this functionality via the Configuration > Access > IP Access
menu item.

The window above show the authorized access list for managing the switch. Note specific
services can be authorized. Also note that individual stations or a group of stations with IP
addresses can be authorized.
Note

6–16

It is assumed that users are familiar with IP addressing schemes (e.g. class A, B, C etc.),
subnet masking and masking issues such as how many stations are allowed for a given
subnet mask.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 6: ACCESS CONSIDERATIONS

ACCESS CONSIDERATIONS

In the following example, any computer on 10.10.10.0 sub network is allowed (note how
the subnet mask is used to indicate that). Also, a specific station with IP address
192.168.15.25 is allowed (again note how the subnet mask is used to allow only one
specific station in the network) and an older station with IP address 192.168.15.15 is
removed.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

6–17

ACCESS CONSIDERATIONS

6–18

CHAPTER 6: ACCESS CONSIDERATIONS

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 7: Access Using RADIUS
Access Using RADIUS

7.1

Introduction to 802.1x
7.1.1

Description
The TACACS+ protocol is the latest generation of TACACS. TACACS is a simple UDP (User
Datagram Protocol) based access control protocol originally developed by BBN for the
MILNET (Military Network). Later the enhancements were called TACACS+. TACACS+ is a TCP
(Transmission Control Protocol) based access control protocol. TCP offers a connectionoriented transport, while UDP offers best-effort delivery making the access authentication
reliable.
Remote Authentication Dial-In User Service or RADIUS is a server that has been
traditionally used by many Internet Service Providers (ISP) as well as Enterprises to
authenticate dial in users. Today, many businesses use the RADIUS server for
authenticating users connecting into a network. For example, if a user connects PC into
the network, whether the PC should be allowed access or not provides the same issues as
to whether or not a dial in user should be allowed access into the network or not. A user
has to provide a user name and password for authenticated access. A RADIUS server is
well suited for controlling access into a network by managing the users who can access
the network on a RADIUS server. Interacting with the server and taking corrective action(s)
is not possible on all switches. This capability is provided on the MultiLink ML1200
Managed Field Switch.
RADIUS servers and its uses are also described by one or more RFCs.

7.1.2

802.1x Protocol
There are three major components of 802.1x: - Supplicant, Authenticator and
Authentication Server (RADIUS Server). In the figure below, the PC acts as the supplicant.
The supplicant is an entity being authenticated and desiring access to the services. The
switch is the authenticator. The authenticator enforces authentication before allowing

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–1

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

access to services that are accessible via that port. The authenticator is responsible for
communication with the supplicant and for submitting the information received from the
supplicant to a suitable authentication server. This allows the verification of user
credentials to determine the consequent port authorization state. It is important to note
that the authenticator's functionality is independent of the actual authentication method.
It effectively acts as a pass-through for the authentication exchange.

FIGURE 7–1: 802.1x network components

The RADIUS server is the authentication server. The authentication server provides a
standard way of providing Authentication, Authorization, and Accounting services to a
network. Extensible Authentication Protocol (EAP) is an authentication framework which
supports multiple authentication methods. EAP typically runs directly over data link layers
such as PPP or IEEE 802, without requiring IP. EAP over LAN (EAPOL) encapsulates EAP
packets onto 802 frames with a few extensions to handle 802 characteristics. EAP over
RADIUS encapsulates EAP packets onto RADIUS packets for relaying to RADIUS
authentication servers.
The details of the 802.1x authentication are as follows.

7–2

The supplicant (host) is initially blocked from accessing the network. The
supplicant wanting to access these services starts with an EAPOL-Start frame.

The authenticator (MultiLink ML1200 Managed Field Switch), upon receiving an
EAPOL-start frame, sends a response with an EAP-Request/Identity frame
back to the supplicant. This will inform the supplicant to provide its identity.

The supplicant then sends back its own identification using an EAP-Response/
Identity frame to the authenticator (MultiLink ML1200 Managed Field Switch).
The authenticator then relays this to the authentication server by
encapsulating the EAP frame on a RADIUS-Access-Request packet.

The RADIUS server will then send the authenticator a RADIUS-AccessChallenge packet.

The authenticator (MultiLink ML1200 Managed Field Switch) will relay this
challenge to the supplicant using an EAP-Request frame. This will request the
supplicant to pass its credentials for authentication.

The supplicant will send its credentials using an EAP-Response packet.

The authenticator will relay using a RADIUS-Access-Request packet.

If the supplicant's credentials are valid, RADIUS-Access-Accept packet is sent
to the authenticator.

The authenticator will then relay this on as an EAP-Success and provides
access to the network.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

10. If the supplicant does not have the necessary credentials, a RADIUS-AccessDeny packet is relayed to the supplicant as an EAP-Failure frame. The access
to the network continues to be blocked.

FIGURE 7–2: 802.1x authentication details

The ML1200 software implements the 802.1x authenticator. It fully conforms to the
standards as described in IEEE 802.1x, implementing all the state machines needed for
port-based authentication. The ML1200 software authenticator supports both EAPOL and
EAP over RADIUS to communicate to a standard 802.1x supplicant and RADIUS
authentication server.
The ML1200 software authenticator has the following characteristics:
• Allows control on ports using STP-based hardware functions. EAPOL frames are
Spanning Tree Protocol (STP) link Bridge PDUs (BPDU) with its own bridge multicast
address.
• Relays MD5 challenge (although not limited to) authentication protocol to RADIUS
server
• Limits the authentication of a single host per port
• The MultiLink ML1200 Managed Field Switch provides the IEEE 802.1x MIB for SNMP
management

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–3

ACCESS USING RADIUS

7.2

CHAPTER 7: ACCESS USING RADIUS

Configuring 802.1x through the Command Line Interface
7.2.1

Commands
On enabling 802.1x ports, make sure the port which connects to the RADIUS servers needs
to be manually authenticated. To authenticate the port, use the setport command. The
CLI commands to configure and perform authentication with a RADIUS server are
described below.
The auth command enters the configuration mode to configure the 802.1x parameters.
auth
The show auth command displays the 802.1x configuration or port status.
show auth
The authserver command define the RADIUS server. Use the UDP socket number if the
RADIUS authentication is on a port other than 1812.
authserver [ip=] [udp=] [secret=]
The auth enable and auth disable commands enable or disable the 802.1x
authenticator function on the MultiLink ML1200 Managed Field Switch.
auth
The setport command configures the port characteristics for an 802.1x network.
setport port= [status=]
[control=] [initialize=]
The backend port command configure the parameters for EAP over RADIUS.
backend port=
[supptimeout=<1-240>]
[servertimeout=<1-240] [maxreq=<1-10>]
The port argument is mandatory and represents the port(s) to be configured. The
supptimeout argument is optional and represents the timeout in seconds the

authenticator waits for the supplicant to respond back. The default value is 30 seconds
and values can range from 1 to 240 seconds. The servertimeout argument is optional
and represents the timeout in seconds the authenticator waits for the back-end RADIUS
server to respond. The default value is 30 seconds and can range from 1 to 240 seconds.
The maxreq argument is optional and represents the maximum number of times the
authenticator will retransmit an EAP request packet to the Supplicant before it times out
the authentication session. Its default value is 2 and can be set to any integer value from 1
to 10.
The portaccess command sets port access parameters for authenticating PCs or
supplicants.
portaccess port=
[quiet=<0-65535>] [maxreauth=<0-10>] [transmit=<1-65535>]
The port argument is mandatory and identifies the ports to be configured. The quiet
argument is optional and represents the quiet period – the amount of time, in seconds, the
supplicant is held after an authentication failure before the authenticator retries the
supplicant for connection. The default value is 60 seconds and values can range from 0 to
65535 seconds. The maxreauth argument is optional and represents the number of reauthentication attempts permitted before the port is unauthorized. The default value is 2

7–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

and integer values can range from 0 to 10. The transmit argument is optional and
represents the transmit period. This is the time in seconds the authenticator waits to
transmit another request for identification from the supplicant. The default value is 30 and
values range from 1 to 65535 seconds
The reauth command determines how the authenticator (MultiLink ML1200 Managed
Field Switch) performs the re-authentication with the supplicant or PC.
reauth port= [status=]
[period=<10-86400>]
The port argument is mandatory and sets the ports to be configured. The status argument
is optional and enables/disables re-authentication. The period argument is optional and
represents the re-authentication period. This is the time in seconds the authenticator waits
before a re-authentication process will be performed again to the supplicant. The default
value is 3600 seconds (1 hour), and values range from 10 to 86400 seconds.
The show-stats command displays 802.1x related statistics.
show-stats port=
The trigger-reauth command manually initiates a re-authentication of supplicant.
trigger-reauth port=

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–5

ACCESS USING RADIUS

7.2.2

CHAPTER 7: ACCESS USING RADIUS

Example
Example 7-1 demonstrates how to secure the network using port access. Ensure there is
no 802.1x or RADIUS server defined. Only one RADIUS server can be defined for the entire
network.
The RADIUS server is on port 2. This port is
authenticated manually. If the RADIUS server is
several hops away, it may be necessary to
authenticate the interconnection ports. Make sure
the setport port=2 status=enable
control=forceauth initialize=assert command
is executed before the auth enable command.

Example 7-1: Setting port control parameters
802.1X Authenticator Configuration
==================================
Status: Disabled
RADIUS Authentication Server
==================================
IP Address:
0.0.0.0
UDP Port:
1812
Shared Secret:

ML1200# auth
ML1200(auth)## setport port=2 status=enable control=forceauth initialize=assert
Successfully set port control parameter(s)

ML1200(auth)## auth disable
802.1X Authenticator is disabled.

ML1200(auth)## authserver ip=3.204.240.1 secret=secret

The auth disable command is not
necessary. However, it is shown for
completeness in case a RADIUS
server was defined with a previously
set authentication scheme.

Successfully set RADIUS Authentication Server parameter(s)

ML1200(auth)## auth enable
802.1X Authenticator is enabled.

ML1200(auth)## show auth ports
Port Status
Control
Initialize
Current State
======================================================
1
Enabled
Auto
Deasserted
Authorized
2
Enabled
ForcedAuth Asserted
Unauthorized
3
Enabled
Auto
Deasserted
Authorized
4
Enabled
Auto
Deasserted
Unauthorized
5
Enabled
Auto
Deasserted
Unauthorized
6
Enabled
Auto
Deasserted
Unauthorized
-- Port not available

The RADIUS server is
connected on port #2

ML1200(auth)## show auth config
802.1X Authenticator Configuration
==================================
Status: Enabled
RADIUS Authentication Server
==================================
IP Address:
3.204.240.1
UDP Port:
1812
Shared Secret:
secret

(continued on following page)

7–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

Setting port control parameters (continued)
ML1200(auth)## backend port=2 supptimeout=45 servertimeout=60 maxreq=5
Successfully set backend server authentication
parameter(s)

ML1200(auth)## show-port backend

This command sets timeout
characteristics and the number of
requests before access is denied.

Port

Supp Timeout Server Timeout Max Request
(sec.)
(sec.)
===============================================
1
30
30
2
2
45
60
5
3
30
30
2
4
30
30
2
5
30
30
2
6
30
30
2

The authenticator waits for the supplicant
to respond back for 45 seconds; the
authenticator waits for 60 seconds for the
back-end RADIUS server to respond back
and the authenticator will retransmit an
EAP request packet 5 times to the
Supplicant before it times out the
ML1200(auth)## portaccess port=2 quiet=120 maxreauth=7 transmit=120
authentication session.
Successfully set port access parameter(s)

ML1200(auth)## show-port access
Port

Quiet Period Max Reauth Tx Period
(sec.)
(sec.)
=========================================
1
60
2
30
2
120
7
120
3
60
2
30
4
60
2
30
5
60
2
30
6
60
2
30
(continued on following page)

The time the supplicant is held after an
authentication failure before the authenticator
retries the supplicant for connection is changed to
120 seconds, the number of re-authentication
attempts permitted before the port becomes
Unauthorized is set to 7, and the time the
authenticator waits to transmit another request
for identification from the supplicant is changed
to 120 seconds. These values can be changed on
all ports depending on devices being
authenticated.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–7

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

Setting port control parameters (continued)
ML1200(auth)## reauth port=1 status=enable period=300
Successfully set re-authentication parameter(s)

ML1200(auth)## shoW-port reauth
Port Reauth Status Reauth Period (sec.)
=========================================
1
Enabled
300
2
Enabled
3600
3
Enabled
3600
4
Enabled
3600
5
Enabled
3600
6
Enabled
3600

This command forces the
authentication period on port #1
every 5 minutes; all other ports are
force authenticated every hour as
indicated by the show-port reauth
command below.

ML1200(auth)## show-stats port=3
Port 3 Authentication Counters
authEntersConnecting
authEapLogoffsWhileConnecting
authEntersAuthenticating
authAuthSuccessesWhileAuthenticating
authAuthTimeoutsWhileAuthenticating
authAuthFailWhileAuthenticating
authAuthReauthsWhileAuthenticating
authAuthEapStartsWhileAuthenticating
authAuthEapLogoffWhileAuthenticating
authAuthReauthsWhileAuthenticated
authAuthEapStartsWhileAuthenticated
authAuthEapLogoffWhileAuthenticated
backendResponses
backendAccessChallenges
backendOtherRequestsToSupplicant
backendNonNakResponsesFromSupplicant
backendAuthSuccesses
backendAuthFails

:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:
:

3
0
3
2
0
0
0
1
0
0
0
0
5
2
0
2
2
0

ML1200(auth)## trigger-reauth port=3
Successfully triggered re-authentication

ML1200(auth)##

7–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

7.3

ACCESS USING RADIUS

Configuring 802.1x with EnerVista Secure Web Management software
7.3.1

Commands
To access the 802.1x configuration window, select the Configuration > Radius > Server
menu item.
First, select the server. Do not enable RADIUS capabilities until you have ensured that the
ports are configured properly. After the ports are configured, enable RADIUS. Also ensure
that the port connected to the RADIUS server, or the network where the RADIUS server is
connected to, is not an authenticated port.
The following window shows the configuration of a RADIUS Server. Initially, the RADIUS
Services are disabled and the server IP address is set to 0.0.0.0. Edit the server IP and
secret to add a RADIUS server.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–9

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

The following figure illustrates the editing of information for the RADIUS server. Note the
UDP port number can be left blank and the default port 1812 is used.

After configuring the server information, specific port information is configured.
Z Select the Configuration > Radius > Port > Set menu item to
configure the RADIUS characteristics of each port.
Z To edit the port settings, click on the edit icon (

7–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

Ensure that the port which has the RADIUS server is force authorized and asserted. For
other ports (user ports), it is best to leave the Control on auto and Initialize on de-asserted.

To change the port access characteristics when authenticating with a RADIUS server,
Z Select the Configuration > Radius > Port > Access menu item.

The Quiet Period column represents the time, in seconds, the supplicant is held after an
authentication failure before the authenticator retries the supplicant for connection. The
value ranges from 0 to 65535 seconds, with a default of 60.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–11

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

The Max Reauth column shows the permitted reauthentication attempts before the port
becomes unauthorized. Values are integers ranging from 0 to 10, with a default of 2.
The Tx Period column represents the transmit period. This is the time (in seconds) the
authenticator waits to transmit another request for identification from the supplicant. The
values range from 1 to 65535 seconds, with a default of 30.
The backend or communication characteristics between the ML1200 and the RADIUS
Server are defined through the Configuration > Radius > Port > Access > Backend menu
item.

The Supp Timeout column represents the timeout the authenticator waits for the
supplicant to respond. The values range from 1 to 240 seconds, with a default of 30.
The Server Timeout column represents the timeout the authenticator waits for the
backend RADIUS server to respond. The values range from 1 to 240 seconds, with a default
of 30.
The Max Request column represents the maximum times the authenticator retransmits an
EAP request packet to the supplicant before it times out. Values are integers ranging from
1 to 10, with a default of 2.

7–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 7: ACCESS USING RADIUS

ACCESS USING RADIUS

The port authentication characteristics define how the authenticator (ML1200 switch) does
the re-authentication with the supplicant or PC. These are defined through the
Configuration > Radius > Port > Access > Reauth menu item.

The Reauth Period represents the time the authenticator waits before a re-authentication
process will be done again to the supplicant. Values range from 10 to 86400 seconds, with
a default of 3600 (1 hour).
The Configuration > Radius > Port > Stats menu item illustrates the radius statistics for
each port.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

7–13

ACCESS USING RADIUS

CHAPTER 7: ACCESS USING RADIUS

After all the port characteristics are enabled,
Z Do not forget to save the configuration using the save (
) icon and
enabling RADIUS from the Configuration > Radius > Server menu.

7–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 8: Access using TACACS+
Access using TACACS+

8.1

Introduction to TACACS+
8.1.1

Overview
The TACACS+ protocol (short for Terminal Access Controller Access Control System)
provides access control for routers, network access servers and other networked
computing devices via one or more centralized servers. TACACS+ provides separate
authentication, authorization and accounting services.
TACACS allows a client to accept a username and password and send a query to a TACACS
authentication server, sometimes called a TACACS daemon (server) or simply TACACSD. This
server was normally a program running on a host. The host would determine whether to
accept or deny the request and sent a response back.
The TACACS+ protocol is the latest generation of TACACS. TACACS is a simple UDP based
access control protocol originally developed by BBN for the MILNET (Military Network).
XTACACS is now replaced by TACACS+. TACACS+ is a TCP based access control protocol.
TCP offers a reliable connection-oriented transport, while UDP offers best-effort delivery.
TACACS+ improves on TACACS and XTACACS by separating the functions of authentication,
authorization and accounting and by encrypting all traffic between the Network Access
Server (NAS) and the TACACS+ clients or services or daemon. It allows for arbitrary length
and content authentication exchanges, which allows any authentication mechanism to be
utilized with TACACS+ clients. The protocol allows the TACACS+ client to request very finegrained access control by responding to each component of a request.
The MultiLink ML1200 Managed Field Switch implements a TACACS+ client.
1.

TACACS+ servers and daemons use TCP port 49 for listening to client requests.
Clients connect to this port to send authentication and authorization packets.

There can be more than one TACACS+ server on the network. The MultiLink
Switch Software supports a maximum of five TACACS+ servers.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

8–1

ACCESS USING TACACS+

8.1.2

CHAPTER 8: ACCESS USING TACACS+

TACACS+ Flow
TACACS works in conjunction with the local user list on the ML1200 software (operating
system). The process of authentication as well as authorization is shown in the flow chart
below.

Start

Is User Manager?

Yes

User in Local
User List?

Yes
No

Logout

TACACS+ Enabled?

Yes
Authentication
failure
Logout

Authorized as
Operator or
Authorization failure
Login as Operator

Yes
Connection failure

Connect to
TACACS server to
authenticate

Additional
Additional
Servers?
Servers?

Authenticated

No
Logout

TACACS+
authorization
Authorized as
Manager
Login as Manager
754716A1.CDR

FIGURE 8–1: TACACS Authorization Flowchart

The above flow diagram shows the tight integration of TACACS+ authentication with the
local user-based authentication. There are two stages a user goes through in TACACS+. The
first stage is authentication where the user is verified against the network user database.
The second stage is authorization, where it is determined whether the user has operator
access or manager privileges.

8.1.3

TACACS+ Packet
Packet encryption is a supported and is a configurable option for the ML1200 software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and
are not readable by protocol capture and sniffing devices such as EtherReal or others.
Packet data is hashed and shared using MD5 and secret string defined between the
MultiLink ML1200 Managed Field Switch and the TACACS+ server.

8–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 8: ACCESS USING TACACS+

ACCESS USING TACACS+

4
Major
Version

4
Minor
Version

32 bits wide
8
8
Packet type Sequence
number
Session ID
Length

8 bits
Flags

754717A1.CDR

FIGURE 8–2: TACACS packet format

The portions of the TACACS packet are defined as follows:
• Major Version: The major TACACS+ version number.
• Minor version: The minor TACACS+ version number. This is intended to allow
revisions to the TACACS+ protocol while maintaining backwards compatibility.
• Packet type: Possible values are:
• TAC_PLUS_AUTHEN:= 0x01 (authentication)
TAC_PLUS_AUTHOR:= 0x02 (authorization)
TAC_PLUS_ACCT:= 0x03 (accounting)
• Sequence number: The sequence number of the current packet for the current
session.
• Flags: This field contains various flags in the form of bitmaps. The flag values
signify whether the packet is encrypted.
• Session ID: The ID for this TACACS+ session.
• Length: The total length of the TACACS+ packet body (not including the header).

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

8–3

ACCESS USING TACACS+

8.2

CHAPTER 8: ACCESS USING TACACS+

Configuring TACACS+ through the Command Line Interface
8.2.1

Commands
There are several commands to configure TACACS+.
The show tacplus command displays the status of TACACS or servers configured as
TACACS+ servers:
show tacplus
The tacplus enable and tacplus disable commands enable or disable TACACS
authentication:
tacplus
The tacserver command creates a list of up to five TACACS+ servers:
tacserver id=
[ip=] [port=] [encrypt=] [key=]
The argument is mandatory and specifies whether to add or delete a
TACACS+ server. The id argument is mandatory and sets the order to poll the TACACS+
servers for authentication. The ip argument is mandatory for adding and defines the IP
address of the TACACS+ server. The port argument is mandatory for deleting and defines
the TCP port number on which the server is listening. The encrypt argument enables or
disables packet encryption and is mandatory for deleting. The key argument requires the
secret shared key string must be supplied when encryption is enabled.

8.2.2

Example
Example 8-1 below, illustrates how to configure TACACS+.

8–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 8: ACCESS USING TACACS+

ACCESS USING TACACS+

Example 8-1: Configuring TACACS+:
ML1200# show tacplus servers
ID TACACS+ Server Port Encrypt
Key
=======================================
1
10.21.1.170
1
Enabled
secret
2
----3
----4
----5
-----

ML1200# user
ML1200(user)## show tacplus status
TACACS+ Status: Disabled

ML1200(user)## tacplus enable
TACACS+ Tunneling is enabled.

ML1200(user)## tacserver add id=2 ip=10.21.1.123 encrypt=enable ke
TACACS+ server is added.

ML1200(user)## show tacplus servers
ID TACACS+ Server Port Encrypt
Key
=======================================
1
10.21.1.170
1
Enabled
secret
2
10.21.1.123
1
Enabled
some
3
----4
----5
-----

ML1200(user)## tacserver delete id=2
TACACS+ server is deleted.

ML1200(user)## show tacplus servers
ID TACACS+ Server Port Encrypt
Key
=======================================
1
10.21.1.170
1
Enabled
secret
2
----3
----4
----5
-----

ML1200(user)## tacplus disable
TACACS+ is disabled.

ML1200(user)##

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

8–5

ACCESS USING TACACS+

8.3

CHAPTER 8: ACCESS USING TACACS+

Configuring TACACS+ with EnerVista Secure Web Management software
Z To access the TACACS servers, select the Administration > User
Mgmt > TACACS+ menu item.
By default, no TACACS servers are defined.

Z To add a server, click on the Add button as shown below.

Note that the TCP port field can be left blank – port 49 is used as a default port. Up to five
TACACS+ servers can be defined.

8–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 8: ACCESS USING TACACS+

ACCESS USING TACACS+

After the configuration is completed,
Z Save the settings.
Z Enable the TACACS+ services by using the Status drop down menu..

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

8–7

ACCESS USING TACACS+

8–8

CHAPTER 8: ACCESS USING TACACS+

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 9: Port Mirroring and
Setup
Port Mirroring and Setup

9.1

Port Mirroring
9.1.1

Description
This section explains how individual characteristics of a port on a MultiLink ML1200
Managed Field Switch is configured. For monitoring a specific port, the traffic on a port
can be mirrored on another port and viewed by protocol analyzers. Other setup includes
automatically setting up broadcast storm prevention thresholds.
An Ethernet switch sends traffic from one port to another port. Unlike a switch, a hub or a
shared network device, the traffic is “broadcast” on each and every port. Capturing traffic
for protocol analysis or intrusion analysis can be impossible on a switch unless all the
traffic from a specific port is “reflected” on another port, typically a monitoring port. The
MultiLink ML1200 Managed Field Switch can be instructed to repeat the traffic from one
port onto another port. This process - when traffic from one port is reflecting to another
port - is called port mirroring. The monitoring port is also called a “sniffing” port. Port
monitoring becomes critical for trouble shooting as well as for intrusion detection.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–1

PORT MIRRORING AND SETUP

9.2

CHAPTER 9: PORT MIRRORING AND SETUP

Port Mirroring using the Command Line Interface
9.2.1

Commands
Monitoring a specific port can be done by port mirroring. Mirroring traffic from one port to
another port allows analysis of the traffic on that port.
The show port-mirror command displays the status of port mirroring:
show port-mirror
The port-mirror command enters the port mirror configuration mode.
port-mirror
The setport monitor command configures a port mirror.
setport monitor= sniffer=
The prtmr command enables and disables port mirroring.
prtmr
The sequence below illustrates how port 1 is mirrored on port 2. Any traffic on port 1 is also
sent on port 2.
ML1200# show port-mirror
Sniffer Port: 0
Monitor Port: 0
Mirroring State: disabled

ML1200# port-mirror
ML1200(port-mirror)## setport monitor=1 sniffer=2
Port 1 set as Monitor Port
Port 2 set as Sniffer Port

ML1200(port-mirror)## prtmr enable
Port Mirroring Enabled

ML1200(port-mirror)## exit
ML1200# show port-mirror
Sniffer Port: 2
Monitor Port: 1
Mirroring State: enabled

ML1200#

Once port monitoring is completed, GE strongly recommends that the port mirroring be
disabled using the prtmr disable command for security reasons.

9–2

Only one port can be set to port mirror at a time.

Both the ports (monitored port and mirrored port) have to belong to the same
VLAN

The mirrored port shows both incoming as well as outgoing traffic

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

9.3

PORT MIRRORING AND SETUP

Port Setup
9.3.1

Commands
Each port on the MultiLink ML1200 Managed Field Switch can be setup specific port
characteristics. The commands for setting the port characteristics are shown below.
The device command enters the device configuration mode:
device
The setport command configures the port characteristics:
setport port= [name=] [speed=<10|100>] [duplex=]
[auto=] [flow=] [bp=]
[status=] [lla=]
The arguments for the setport command are defined as follows:
• The device argument sets up the MultiLink ML1200 Managed Field Switch in the
device configuration mode.
• The name argument assigns a specific name to the port. This name is a designated
name for the port and can be a server name, user name or any other name.
• The speed argument sets the speed to be 10 or 100 Mbps. This works only with 10/
100 ports; the value is ignored and no error shown for 10 Mbps ports.
• The flow argument sets up flow control on the port.
• The bp argument enables back pressure signaling for traffic congestion
management.
• The status argument enabled/disables port operation
The show port command displays information about a specific port number.
show port[=]

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–3

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

In Example 9-1, ports 3 and 4 are given specific names. Ports 1 and 5 are active, as shown
by the link status. Port 5 is set to 100 Mbps, and all other ports are set to 10 Mbps. All ports
are set to auto sensing (speed).
The port speed and duplex (data transfer operation) settings are summarized below.
The speed setting defaults to auto and senses speed and negotiates with the port at the
other end of the link for data transfer operation (half-duplex or full-duplex). The “auto”
speed detection uses the IEEE 802.3u auto negotiation standard for 100Base-T networks. If
the other device does not comply with the 802.3u standard, then the port configuration on
the switch must be manually set to match the port configuration on the other device.
Possible port setting combinations for copper ports are:
• 10HDx: 10 Mbps, half-duplex
• 10FDx: 10 Mbps, full-duplex
• 100HDx: 100 Mbps, half-duplex
• 100FDx: 100 Mbps, full-duplex
Possible port settings for 100FX (fiber) ports are:
• 100FDx (default): 100 Mbps, full-duplex
• 100HDx: 100 Mbps, half-duplex
Note

To change the port speed on a transceiver port, it is required to reboot the switch.

Example 9-1: Port setup
ML1200# device
ML1200(device)## setport port=3 name=JohnDoe
ML1200(device)## setport port=4 name=JaneDoe
ML1200(device)## show port
Keys: E
H
M
LI
F

=
=
=
=
=

Enable
Half Duplex
Multiple VLAN's
Listening
Forwarding

D
F
NA
LE
B

=
=
=
=
=

Disable
Full Duplex
Not Applicable
Learning
Blocking

Port Name
Control Dplx Media Link Speed Part Auto VlanID GVRP STP
------------------------------------------------------------------------------1
A1
E
H
10Tx
UP
10
No
E
1
2
A2
E
H
10Tx
DOWN 10
No
E
1
3
JohnDoe E
H
10Tx
DOWN 10
No
E
1
4
JaneDoe E
H
10Tx
DOWN 10
No
E
1
5
A5
E
F
100Tx UP
100
No
E
1
6
A6
E
H
10Tx
DOWN 10
No
E
1
7
A7
E
H
10Tx
DOWN 10
No
E
1
-

ML1200(device)## exit
ML1200#

9–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

9.3.2

PORT MIRRORING AND SETUP

Flow Control
The flow setting is disabled by default. In this case, the port will not generate flow control
packets and drops received flow control packets. If the flow setting is enabled, the port
uses 802.3x Link Layer Flow Control, generates flow control packets, and processes
received flow control packets.
With the port speed set to auto (the default) and flow control set to enabled; the switch
negotiates flow control on the indicated port. If the port speed is not set to auto, or if flow
control is disabled on the port, then flow control is not used.

Note

Use the flowcontrol command to set flow control:
flowcontrol xonlimit= xofflimit=
where xonlimit can be from 3 to 127 (default value is 4) and xofflimit ranges from 3 to
127 (default value is 6).

9.3.3

Back Pressure
The backpressure command disables/enables back pressure based flow control
mechanisms. The default state is disabled. When enabled, the port uses 802.3 Layer 2 back
off algorithms. Back pressure based congestion control is possible only on half-duplex, 10Mbps Ethernet ports. Other technologies are not supported on the MultiLink ML1200
Managed Field Switch.
backpressure rxthreshold=
where the rxthreshold value can be from 4 to 30 (default is 28).
Back pressure and flow control are used in networks where all devices and switches can
participate in the flow control and back pressure recognition. In most networks, these
techniques are not used as not all devices can participate in the flow control methods and
notifications. Alternately, QoS and other techniques are widely used today.
In the example below, the MultiLink ML1200 Managed Field Switch is set up with flow
control and back pressure.
Example 9-2: Back pressure and flow control
ML1200# device
ML1200(device)## show flowcontrol
XOnLimit : 4
XOffLimit : 6

ML1200(device)## flowcontrol xonlimit=10 xofflimit=15
XOn Limit set successfully
XOff Limit set successfully

ML1200(device)## show flowcontrol
XOnLimit : 10
XOffLimit : 15

ML1200(device)## show backpressure
Rx Buffer Threshold : 28

(continued on next page)

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–5

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

Back pressure and flow control (continued)
ML1200(device)## backpressure rxthreshold=30
Rx Buffer Threshold set successfully

ML1200(device)## show backpressure
Rx Buffer Threshold : 30

ML1200(device)## show port
Keys:

E
H
M
LI
F

=
=
=
=
=

Enable
Half Duplex
Multiple VLAN's
Listening
Forwarding

D
F
NA
LE
B

=
=
=
=
=

Disable
Full Duplex
Not Applicable
Learning
Blocking

Port Name
Control Dplx Media Link Speed Part Auto VlanID GVRP STP
------------------------------------------------------------------------------1
B1
E
H
10Tx
UP
10
No
E
1
2
B2
E
H
10Tx
DOWN 10
No
E
1
3
JohnDoe E
H
10Tx
DOWN 10
No
E
1
4
JaneDoe E
H
10Tx
DOWN 10
No
E
1
5
B5
E
F
100Tx UP
100
No
E
1
6
B6
E
H
10Tx
DOWN 10
No
E
1
-

ML1200(device)## show port=11
Configuration details of port 11
-------------------------------------------------Port Name
: JohnDoe
Port Link State
: DOWN
Port Type
: TP Port
Port Admin State
: Enable
Port VLAN ID
: 1
Port Speed
: 10Mbps
Port Duplex Mode
: half-duplex
Port Auto-negotiation State
: Enable
Port STP State
: NO STP
Port GVRP State
: No GVRP
Port Priority Type
: None
Port Security
: Enable
Port Flow Control
: Disable
Port Back Pressure
: Disable
Port Link Loss Alert
: Enabled

ML1200(device)## setport port=11 flow=enable bp=enable
(continued on next page)

9–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

PORT MIRRORING AND SETUP

Back pressure and flow control (continued)
ML1200(device)## show port
Keys:

E
H
M
LI
F

=
=
=
=
=

Enable
Half Duplex
Multiple VLAN's
Listening
Forwarding

D
F
NA
LE
B

=
=
=
=
=

Disable
Full Duplex
Not Applicable
Learning
Blocking

ML1200(device)## show port=11
Configuration details of port 11
-------------------------------------------------Port Name
: JohnDoe
Port Link State
: DOWN
Port Type
: TP Port
Port Admin State
: Enable
Port VLAN ID
: 1
Port Speed
: 10Mbps
Port Duplex Mode
: half-duplex
Port Auto-negotiation State
: Enable
Port STP State
: NO STP
Port GVRP State
: No GVRP
Port Priority Type
: None
Port Security
: Enable
Port Flow Control
: Enable
Port Back Pressure
: Enable
Port Link Loss Alert
: Enabled

9.3.4

Note that the flow control and back pressure is
shown as enabled for the specific port. The global
show port command does not provide this detail.
The back pressure and flow control parameters
are global – i.e., the same for all ports.

Broadcast Storms
One of the best features of the MultiLink ML1200 Managed Field Switch is its ability to keep
broadcast storms from spreading throughout a network. Network storms (or broadcast
storms) are characterized by an excessive number of broadcast packets being sent over
the network. These storms can occur if network equipment is configured incorrectly.
Storms can reduce network performance and cause bridges, routers, workstations, servers
and PCs to slow down or even crash.
The MultiLink ML1200 Managed Field Switch is capable of detecting and limiting storms on
each port. A network administrator can also set the maximum rate of broadcast packets
(frames) that are permitted from a particular interface. If the maximum number is
exceeded, a storm condition is declared. Once it is determined that a storm is occurring on
an interface, any additional broadcast packets received on that interface will be dropped
until the storm is determined to be over. The storm is determined to be over when a onesecond period elapses with no broadcast packets received.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–7

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

The braoadcast-protect command enables or disables the broadcast storm
protection capabilities.
broadcast-protect
The rate-threshold command set the rate limit in frames per second.
rate-threshold port= rate=
The show broadcast-protect command displays the broadcast storm protection
settings
show broadcast-protect
In Example 9-3, the broadcast protection is turned on. The threshold for port 11 is then set
to a lower value of 3500 broadcast frames/second.

9–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

PORT MIRRORING AND SETUP

Example 9-3: Preventing broadcast storms
ML1200# device
ML1200(device)## show broadcast-protect
======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
1
Disabled
19531
0
NO
2
Disabled
19531
0
NO
3
Disabled
19531
0
NO
4
Disabled
19531
0
NO
5
Disabled
19531
0
NO
6
Disabled
19531
0
NO

ML1200(device)## broadcast-protect enable
Broadcast Storm Protection enabled

ML1200(device)## show broadcast-protect
======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
1
Enabled
19531
0
NO
2
Enabled
19531
0
NO
3
Enabled
19531
0
NO
4
Enabled
19531
0
NO
5
Enabled
19531
0
NO
6
Enabled
19531
0
NO

ML1200(device)## rate-threshold port=11 rate=3500
Broadcast Rate Threshold set

ML1200(device)## show broadcast-protect
======================================================================
PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE
======================================================================
1
Enabled
19531
0
NO
2
Enabled
19531
0
NO
3
Enabled
3500
0
NO
4
Enabled
19531
0
NO
5
Enabled
19531
0
NO
6
Enabled
19531
0
NO

9.3.5

Link Loss Alert
The GE Multilin Universal Relay (UR) family and the F650 family of relays have redundant
Ethernet ports that allow for automatic switching to their secondary ports when they
detect the primary path is broken. The MultiLink ML1200 Managed Field Switch can
compensate for situations where only the switch receiver fiber cable is broken. Upon
detection of the broken receiver link, the ML1200 will cease sending link pulses through the
relay’s receive fiber cable, thereby allowing the relay to switch to its secondary path.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–9

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

It is recommended to enable the Link Loss Alert (LLA) feature on ports that are connected
to end devices. LLA should be disabled for switch ports connected in a ring.
The Link Loss Alert feature is disabled by default on 100 MB Fiber Optic ports. It can be
enabled and disabled via the lla parameter in the setport command as follows:
setport port= [lla=]

The following example illustrates how to enable the link loss alert feature.

Example 9-4: Link loss alert
ML1200# device
ML1200(device)## setport port=3 lla=disable
ML1200(device)## show port=3
Configuration details of port 3
-------------------------------------------------Port Name
: JohnDoe
Port Link State
: DOWN
Port Type
: TP Port
Port Admin State
: Enable
Port VLAN ID
: 1
Port Speed
: 100Mbps
Port Duplex Mode
: half-duplex
Port Auto-negotiation State
: Enable
Port STP State
: NO STP
Port GVRP State
: No GVRP
Port Priority Type
: None
Port Security
: Enable
Port Flow Control
: Enable
Port Back Pressure
: Enable
Port Link Loss Alert
: Disable

ML1200(device)## setport port=3 lla=enable
Link Loss Alert enabled

ML1200(device)## show port=3
Configuration details of port 3
-------------------------------------------------Port Name
: JohnDoe
Port Link State
: DOWN
Port Type
: TP Port
Port Admin State
: Enable
Port VLAN ID
: 1
Port Speed
: 100Mbps
Port Duplex Mode
: half-duplex
Port Auto-negotiation State
: Enable
Port STP State
: NO STP
Port GVRP State
: No GVRP
Port Priority Type
: None
Port Security
: Enable
Port Flow Control
: Enable
Port Back Pressure
: Enable
Port Link Loss Alert
: Enable

9–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

9.4

PORT MIRRORING AND SETUP

Port Mirroring using EnerVista Secure Web Management software
9.4.1

Commands
Monitoring a specific port can be done by port mirroring. Mirroring traffic from one port to
another port allows analysis of the traffic on that port.
To enable port mirroring as well as setting up the ports to be “sniffed”,
Z Select the Configuration > Port > Mirroring menu item.

Z Set the sniffer port and the port on which the traffic is reflected.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–11

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

Z Make sure the Mirror Status is also set to enabled for mirroring:

For security reasons, GE Multilin recommends that the port mirroring be disabled using the
Edit button and setting the Mirror Status to off once port monitoring is completed.
Note that:

9.4.2

Only one port can be set to port mirror at a time.

Both the ports (monitored port and mirrored port) have to belong to the same
VLAN.

The mirrored port shows both incoming as well as outgoing traffic.

Port Setup
With the ML1200, the specific characteristics of each port can be individually
programmed.

9–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

PORT MIRRORING AND SETUP

Z Select a specific port by using the edit icon in the Configuration >
Port > Settings menu.

Z Click the edit icon to open the following window.

In these windows:
• Port Number represents the port number on the switch.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–13

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

• Port Name assigns a specific name to the port. This name is a designated name
for the port and can be a server name, user name or any other name.
• Admin Status indicates whether the port can be administered remotely.
• Link indicates the link status. In the figure above the link is down, implying either
there is no connection or the system connected to the port is turned off.
• Auto-Neg sets auto negotiation for 100 Mbps and Gigabit copper ports. There is no
no auto negotiation for fiber ports as their speeds are fixed.
• The Port Speed sets the speed to be 10 or 100 Mbps. This settings works only with
10/100 ports; it is ignored for 10 Mbps ports.
• The Duplex setting selects full duplex or half duplex capabilities for 10/100 Mbps
ports.
• The Back Pressure displays the state of the back pressure setting on the port. This
value can be edited in this window.
• The Flow Control displays the state of the flow control setting on the port. This
value can be edited in this window.
• Priority displays the priority set for the port. This value cannot be edited in this
window.
• The VLAN ID displays the VLAN set for the port. This value cannot be edited in this
window.
• The STP State displays the STP settings for the port. This value cannot be edited in
this window.
• The Tagged State displays the Tag settings on the port. This value cannot be
edited in this window.
• The GVRP State displays the GVRP settings on the port. This value cannot be edited
in this window.
• The LLA indicates the state of the Link Loss Alert feature.
The “Auto” (default) value for the Port Speed senses the speed and negotiates with the port
at the other end of the link for data transfer operation (half-duplex or full-duplex). The
“Auto” value uses the IEEE 802.3u auto negotiation standard for 100Base-T networks. If the
other device does not comply with the 802.3u standard, then the port configuration on the
switch must be manually set to match the port configuration on the other device.
Possible port setting combinations for copper ports are:
• 10HDx: 10 Mbps, half-duplex
• 10FDx: 10 Mbps, full-duplex
• 100HDx: 100 Mbps, half-duplex
• 100FDx: 100 Mbps, full-duplex
Possible port settings for 100FX (fiber) ports are:
• 100FDx (default): 100 Mbps, full-duplex
• 100HDx: 100 Mbps, half-duplex
To change the port speed on a transceiver port, the switch must be rebooted

9–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 9: PORT MIRRORING AND SETUP

9.4.3

PORT MIRRORING AND SETUP

Broadcast Storms
One of the best features of the MultiLink ML1200 Managed Field Switch is its ability to keep
broadcast storms from spreading throughout a network. Network storms (or broadcast
storms) are characterized by an excessive number of broadcast packets being sent over
the network. These storms can occur if network equipment is configured incorrectly or the
network software is not properly functioning or badly designed programs (including some
network games) are used. Storms can reduce network performance and cause bridges,
routers, workstations, servers and PCs to slow down or even crash.
The ML1200 is capable of detecting and limiting storms on each port. A network
administrator can also set the maximum rate of broadcast packets (frames) that are
permitted from a particular interface. If the maximum number is exceeded, a storm
condition is declared. Once it is determined that a storm is occurring on an interface, any
additional broadcast packets received on that interface will be dropped until the storm is
determined to be over. The storm is determined to be over when a one-second period
elapses with no broadcast packets received.
Broadcast storm protection can be configured through the Configuration > Port >
Broadcast Storm menu.

Z To edit the threshold level, click on the edit icon as seen below.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

9–15

PORT MIRRORING AND SETUP

CHAPTER 9: PORT MIRRORING AND SETUP

See details in Broadcast Storms on page 9–7 to determine the threshold level.

Z After changes are made, do not forget to save the changes using
the save icon (
).
If the switch is rebooted before the changes are made, the changes
will be lost.

9–16

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 10: VLAN
VLAN

10.1 VLAN Description
10.1.1 Overview
Short for virtual LAN (VLAN), a VLAN creates separate broadcast domains or network
segments that can span multiple MultiLink ML1200 Managed Field Switchs. A VLAN is a
group of ports designated by the switch as belonging to the same broadcast domain. The
IEEE 802.1Q specification establishes a standard method for inserting VLAN membership
information into Ethernet frames.
VLANs provide the capability of having two (or more) Ethernet segments co-exist on
common hardware. The reason for creating multiple segments in Ethernet is to isolate
broadcast domains. VLANs can isolate groups of users, or divide up traffic for security,
bandwidth management, etc. VLANs are widely used today and are here to stay. VLANs
need not be in one physical location. They can be spread across geography or topology.
VLAN membership information can be propagated across multiple MultiLink ML1200
Managed Field Switchs.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–1

VLAN

CHAPTER 10: VLAN

The following figure illustrates a VLAN as two separate broadcast domains. The top part of
the figure shows two “traditional” Ethernet segments. Up to 32 VLANs can be defined per
switch.
SEGMENT 1

SEGMENT 2

CONSOLE

POWER

VLAN 1

VLAN 2

FIGURE 10–1: VLAN as two separate broadcast domains

A group of network users (ports) assigned to a VLAN form a broadcast domain. Packets are
forwarded only between ports that are designated for the same VLAN. Cross-domain
broadcast traffic in the switch is eliminated and bandwidth is saved by not allowing
packets to flood out on all ports. For many reasons a port may be configured to belong to
multiple VLANs.
As shown below, ports can belong to multiple VLANs. In this figure, a simplistic view is
presented where some ports belong to VLANs 1, 2 and other ports belong to VLANs 2,3.
Ports can belong to VLANs 1, 2 and 3. This is not shown in the figure.
SEGMENT 1

SEGMENT 2

SEGMENT 3

CONSOLE

POWER

VLAN 1

VLAN 2

VLAN 3

FIGURE 10–2: Ports assigned to multiple VLANs

By default, on the MultiLink ML1200 Managed Field Switch, VLAN support is enabled and all
ports on the switch belong to the default VLAN (DEFAULT-VLAN). This places all ports on the
switch into one physical broadcast domain.

10–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

If VLANs are entirely separate segments or traffic domains - how can the VLANs route
traffic (or “talk”) to each other? This can be done using routing technologies (e.g., a router
or a L3-switch). The routing function can be done internally to a L3-switch. One advantage
of an L3 switch is that the switch can also support multiple VLANs. The L3 switch can thus
route traffic across multiple VLANs easily and provides a cost effective solution if there are
many VLANs defined.
As shown below, routing between different VLANs is performed using a router or a Layer 3
switch (L3-switch)
SEGMENT 2

SEGMENT 1
ROUTER

ROUTER or L3 SWITCH

CONSOLE

POWER

VLAN 1

VLAN 2
FIGURE 10–3: VLAN routing

The Multilink ML1200 supports up to 32 VLANs per switch

10.1.2 Tag VLAN vs. Port VLAN
What is the difference between tag and port VLAN? In a nutshell - port VLAN sets a specific
port or group of ports to belong to a VLAN. Port VLANs do not look for VLAN identifier (VID)
information nor does it manipulate the VID information. It thus works “transparently” and
propagates the VLAN information along.
In the tag VLAN, an identifier called the VLAN identifier (VID) is either inserted or
manipulated. This manipulated VLAN tag allows VLAN information to be propagated
across devices or switches, allowing VLAN information to span multiple switches.
As described earlier, VLAN is an administratively configured LAN or broadcast domain.
Instead of going to the wiring closet to move a cable to a different LAN segment, the same
task can be accomplished remotely by configuring a port on an 802.1Q-compliant switch
to belong to a different VLAN. The ability to move end stations to different broadcast
domains by setting membership profiles for each port on centrally managed switches is
one of the main advantages of 802.1Q VLANs.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–3

VLAN

CHAPTER 10: VLAN

802.1Q VLANs aren't limited to one switch. VLANs can span many switches. Sharing VLANs
between switches is achieved by inserting a tag with a VLAN identifier (VID) into each
frame. A VID must be assigned for each VLAN. By assigning the same VID to VLANs on
many switches, one or more VLAN (broadcast domain) can be extended across a large
network.
802.1Q-compliant switch ports, such as those on the MultiLink ML1200 Managed Field
Switch, can be configured to transmit tagged or untagged frames. A tag field containing
VLAN information can be inserted into an Ethernet frame. If a port has an 802.1Qcompliant device attached (such as another switch), these tagged frames can carry VLAN
membership information between switches, thus letting a VLAN span multiple switches.
Normally connections between switches can carry multiple VLAN information and this is
called port trunking or 802.1Q trunks.
There is one important caveat: administrators must ensure ports with non-802.1Qcompliant devices attached are configured to transmit untagged frames. Many network
interface cards such as those for PCs printers and other “dumb” switches are not 802.1Qcompliant. If they receive a tagged frame, they will not understand the VLAN tag and will
drop the frame. In situations like these, its best to use port based VLANs for connecting to
these devices.
Sometimes a port may want to listen to broadcasts across different VLANs or propagate
the VLAN information on to other ports. This port must thus belong to multiple VLANs so
that the broadcast information reaches the port accurately. If the port also wants to send
broadcast traffic, the proper leave (sending out of information) and join rules (receiving
information) have to be configured on the MultiLink ML1200 Managed Field Switch.
It is recommended to use IEEE 802.1q tagged based VLANs over port based VLANs
because of there multi-vendor interoperability and capability of carrying the isolated
tagged VLAN information when more than one switch is involved.

10–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

10.2 Configuring Port VLANs through the Command Line Interface
10.2.1 Description
Port VLANs are rarely used, and are not recommended, in networks which use VLANs
across multiple switches. Port VLANs are used when VLANs are setup up on a single switch
and connectivity between the system on different VLANs is needed however the
broadcasts and multicasts are isolated to the specific VLAN.
GE recommends using the set-port command for setting the port based VLAN as well.
The port-based VLAN feature supports a maximum of 1 VLAN per port. Any pre-existing
VLAN tags on traffic coming into the switch on a port-based VLAN port will be removed.
General steps for using port VLANs are

Note

Plan your VLAN strategy and create a map of the logical topology that will
result from configuring VLANs. Include consideration for the interaction
between VLANs.

Configure at least one VLAN in addition to the default VLAN

Assign the desired ports to the VLANs

Decide on trunking strategy - how will the VLAN information be propagated
from one switch to another and also what VLAN information will be
propagated across

(Layer 3 consideration) check to see if the routing between the VLANs is
“working” by pinging stations on different VLANs

You can rename the default VLAN, but you cannot change its VID (1) or delete it from the
switch
Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULTVLAN
Changing the number of VLANs supported on the switch requires the SAVE command to
save the new VLAN information

10.2.2 Commands
The following commands are used for VLANs. To define the VLAN type:
set vlan type=
To configure a VLAN:
configure vlan type=port
vlan type=port
To add VLANs:
add id= [name=] port=
To start VLANs:

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–5

VLAN

CHAPTER 10: VLAN

start vlan=
To save VLAN configuration:
save
To edit VLANs:
edit id= [name=] port=
To display the VLAN information:
show vlan type= []
The following command sequence shows how to configure VLANs on a MultiLink ML1200
Managed Field Switch.
ML1200# vlan type=port
ML1200(port-vlan)## add id=2 name=test port=1-7
ML1200(port-vlan)## start vlan=all
ML1200(port-vlan)## save
Saving current configuration...
Configuration saved

To move Management Control on any VLAN:
add id= [name=] port=
[Forbid=][]
To enable or disable Management Control on any VLAN:
edit id=[name=][port=[]

10–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

10.3 Configuring Port VLANs with EnerVista Secure Web Management
software
10.3.1 Description
Port VLANs are rarely used, and are not recommended, in networks which use VLANs
across multiple switches. Port VLANs are used when VLANs are setup up on a single switch
and connectivity between the systems on different VLANs is needed; however, the
broadcasts and multicasts are isolated to the specific VLAN.
Either port VLANs or Tag VLAN can be active at any given time on a switch. Only the default
VLAN (VLAN ID = 1) is active as a Tag VLAN as well as a port VLAN.
General steps for using port VLANs are

Note

Plan your VLAN strategy and create a map of the logical topology that will
result from configuring VLANs. Include consideration for the interaction
between VLANs.

Configure at least one VLAN in addition to the default VLAN.

Assign the desired ports to the VLANs

Decide on trunking strategy – how will the VLAN information be propagated
from one switch to another and also what VLAN information will be
propagated across.

Layer 3 consideration – check to see if the routing between the VLANs is
“working” by pinging stations on different VLANs

You can rename the default VLAN, but you cannot change its VID =1 or delete it from the
switch.
Any ports not specifically assigned to another VLAN will remain assigned to the DEFAULTVLAN (VID=1).
Changing the number of VLANs supported on the switch requires the changes to be saved
for future use. To eliminate the changes, reboot the switch without saving the changes.

For VLAN configuration use Configuration > VLAN menu items as shown below. The Port
VLANs are active by default.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–7

VLAN

CHAPTER 10: VLAN

The currently assigned Port VLANs are displayed as follows:
Z Select the Configuration > VLAN > Port-Based menu item.

10–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

As discussed above, ports 1, 2, 3, 5, 6, 7, and 8 still belong to default VLAN. We will now add
another VLAN with VID=40 and VLAN name = Support.

Z Add the ports.
Z Define the VLAN.
Z Click OK..

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–9

VLAN

CHAPTER 10: VLAN

After adding the VLAN, the VLAN is not active. Activating the VLAN has to be done
manually.
Z To activate the VLAN, click on the Status button.
Z Select VLAN ID.
Z Select VLAN Status: Start .

A specific VLAN can be activated or all VLANs can be activated (or disabled).
Z Click OK to activate VLAN..

10–10

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

After activation, note that ports 1 to 3 belong to the new VLAN. The VLAN membership of
the ports assigned to VLAN 40 now indicates that they are only members of VLAN 40. The
default VLAN membership has been terminated on VLAN activation.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–11

VLAN

CHAPTER 10: VLAN

10.4 Configuring Tag VLANs through the Command Line Interface
10.4.1 Description
The VLAN information needs to be propagated on to other switches when multiple
switches are connected on a network. In these situations it is best to use tag-based VLANs.

10.4.2 Commands
The set-port command for setting Tag VLANs has the following parameters. The
default id parameter sets the default VLAN id (termed PVID in previous versions). The
default VLAN id is the VLAN id assigned to the untagged packets received on that port. For
the MultiLink ML1200 Managed Field Switch, the default VLAN id is 1
set-port port=
default id=
The filter parameter enables or disables the VLAN filtering function. When enabled, the
switch will drop the packets coming in through a port if the port is not a member of the
VLAN. For example, if port 1 is a member of VLANs 10, 20 and 30, if a packet with VLAN id
40 arrives at port 1 it will be dropped.
set-port port=
filter status=
The tagging id and status parameters define whether the outgoing packets from a port
will be tagged or untagged. This definition is on a per VLAN basis. For example, the
command set-port port=1 tagging id=10 status=tagged will instruct the
switch to tag all packets going out of port 1 to belong to VLAN 10.
set-port port=
tagging id= status=
The join id parameter adds the specified port(s) to the specified VLAN id. This parameter
works with active or pending VLANs.
set-port port=
join id=
The leave id parameter releases a specific port from a VLAN. For example if port 1
belongs to VLAN 10, 20, 30, 40 the command set-port port=1 leave id=40 makes port 1
belong to VLAN 10, 20, 30, dropping VLAN 40.
set-port port=
leave id=
The show-port command lists all parameters related to tag VLAN for the list of ports. If
the port parameter is omitted, it will display all ports.
show-port [port=]
To move Management Control on any VLAN:
add id= [name=] port=
[Forbid=][]
To enable or disable Management Control on any VLAN:
edit id=[name=][port=[]

10–12

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

10.4.3 Example
In the following example, we start with Port VLAN and convert to TAG VLAN. We define
ports 3 through 5 to belong to VLANs 10, 20 and 30 and the rest of the ports belong to the
default VLAN (in this case, VLAN 1). Filtering is enabled on ports 3 to 5. The VLAN setup is
done before devices are plugged into ports 3 to 5 as a result the status of the ports show
the port status as DOWN.
1.

A word of caution - when Tag VLAN filtering is enabled, there can be serious
connectivity repercussions - the only way to recover from that it is to reload
the switch without saving the configuration or by modifying the configuration
from the console (serial) port.

There can be either Tag VLAN or Port VLAN. Both VLANs cannot co-exit at the
same time.

There can only be one default VLAN for the switch. The default is set to VLAN 1
and can be changed to another VLAN. A word of caution on changing the
default VLAN as well - there can be repercussions on management as well as
multicast and other issues.

Tag VLAN support VLAN ids from 1 to 4096. VLAN ids more than 2048 are
reserved for specific purposes and it is recommended they not be used.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–13

VLAN

CHAPTER 10: VLAN

Example 10-1: Converting Port VLAN to Tag VLAN
ML1200#vlan type=port
ML1200(port-vlan)##show vlan type=port
VLAN ID: 1
Name : Default VLAN
Status : Active
========================
PORT |
STATUS
========================
5 |
DOWN
6 |
DOWN
7 |
UP
VLAN ID: 10
Name : engineering
Status : Active
========================
PORT |
STATUS
========================
1 |
DOWN
VLAN ID: 20
Name : sales
Status : Active
========================
PORT |
STATUS
========================
2 |
DOWN
VLAN ID: 30
Name : marketing
Status : Active
========================
PORT |
STATUS
========================
3 |
DOWN
VLAN ID: 40
Name : Support
Status : Active
========================
PORT |
STATUS
========================
4 |
UP
ML1200(port-vlan)##stop vlan=all

To switch to Tag VLAN, the port VLAN has to be disabled or
stopped. Only one type of VLAN can co-exist at the same
time. Exit out of Port VLAN configuration mode and set the
VLAN type to be Tag VLAN.

All active VLAN's stopped.
ML1200(port-vlan)##exit
ML1200#set vlan type=tag
VLAN set to Tag-based.
ML1200#show active-vlan
Tag VLAN is currently active.
ML1200#show vlan type=tag

(Continued on next page)

10–14

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

Note that ports 3 to 5 are “DOWN” - the
VLAN configuration is preferably done
before devices are plugged in to avoid
connectivity repercussions.

ML1200#vlan type=tag
ML1200(tag-vlan)##add id=10 name=mkt port=3-5
Tag based vlan Added Successfully.
Vlan id

:10

Vlan name

: engineering

Ports

:3-5

ML1200(tag-vlan)##edit id=10 name=engineering port=3-5
Tag based vlan edited Successfully.
Vlan id

: 10

Vlan name

: engineering

Ports

: 3-5

ML1200(tag-vlan)##add id=20 name=sales port=3-5

Tag based vlan Added Successfully.
Vlan id

:20

Vlan name

: sales

Ports

:3-5

Intentionally executed to
show the effect of adding a
duplicate VLAN.

ML1200(tag-vlan)##add id=20 name=marketing port=3-5
ERROR: Duplicate Vlan Id
ML1200(tag-vlan)##add id=30 name=marketing port=3-5
Tag based vlan Added Successfully.
Vlan id

:30

Vlan name

: marketing

Ports

:3-5

ML1200(tag-vlan)##show vlan type=tag

(continued on next page)

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–15

VLAN

CHAPTER 10: VLAN

Note that the VLANs are not started as yet.
Adding the VLAN does not start it by
default.

(continued on next page)

10–16

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

Enable filtering on the ports required. The
software will prompt to ensure that
connectivity is not disrupted.

VLANs are now active. However, as the
packet traverses VLANs, the packet should
be tagged. This is enabled next.

Port tagging enabled
ML1200(tag-vlan)##set-port port=3-5 tagging id=20 status=tagged
Port tagging enabled
ML1200(tag-vlan)##set-port port=3-5 tagging id=30 status=tagged
Port tagging enabled
ML1200(tag-vlan)##show vlan type=tag
VLAN ID: 1
Name : Default VLAN
Status : Active

(continued on next page)

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–17

VLAN

CHAPTER 10: VLAN

10–18

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

10.5 Configuring Tag VLANs with EnerVista Secure Web Management software
10.5.1 Description
When multiple switches are on a network, the VLAN information needs to be propagated
on to other switches. In such situations, it is best to use tag based VLANs.
On the ML1200, the port VLAN type is set to none. To use Tag VLANs, first enable Tag
VLANs.
In the following example, we assign various ports as VLANs 10, 20 and 30 and the
remaining ports to the default VLAN (that is, VLAN 1).
The VLAN setup occurs before devices are connected to the ports. As such, the port status
is shown as DOWN.
There can be serious connectivity repercussions when Tag VLAN filtering is enabled. The
only way to recover from this it is to reload the switch without saving the configuration or
by modifying the configuration from the console (serial) port.
The ML1200 can be configured for either Tag VLAN or Port VLAN. Both VLANs cannot coexit at the same time. There can only be one default VLAN for the switch. The default is set
to VLAN 1 and can be changed to another VLAN.
There can be repercussions on management as well as multicast and other issues when
changing the default VLAN.
Tag VLAN supports VLAN IDs from 1 to 4096. VLAN IDs greater than 2048 are reserved for
specific purposes. As such, it is recommended they not be used.
To use the Tag VLAN, first
Z Set the VLAN type to Tag in the Configuration > VLAN > Set Type
menu.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–19

VLAN

CHAPTER 10: VLAN

The next step is to define the VLANs needed. To do that,
Z Click On Configuration >vlan >tag-based Menu.
Z Click on the Add button..

Z Now add the necessary VLANs.
In the example below, add the VLANs in the following manner
• VLAN 1, All ports - default VLAN
• VLAN 10, Engineering VLAN - ports 2, 3, 4
• VLAN 20, Support VLAN - ports 4, 5 (note that port 4 belongs to
VLAN 10, 20)

10–20

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

• VLAN 30, Marketing VLAN - ports 5, 6 (note that port 5 belongs to
VLAN 20, 30)

Z After adding the ports and defining the VLAN, click OK.
Z Click on Port Settings in the Configuration >VLAN >Tag-Based
menu and enable the tagging for each port..

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–21

VLAN

CHAPTER 10: VLAN

Z Repeat the last two steps for each of the ports and each of the
VLANs (click on port settings and enable the tag on the port.)
After all the ports are tagged, the tagged column should change to
“Yes” for all VLANs
To check the status of the tagging,
Z Select the Configuration > VLAN > Tag-Based > Tagging menu.
.

10–22

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 10: VLAN

VLAN

To activate the VLAN,
Z Click on the Status button under the Configuration >VLAN >TagBased > Settings menu.
Z Click OK.

Tagged VLANs can be viewed from the Configuration > VLAN > Tag-Based > Tagging
menu.
To add or delete specific ports from a VLAN,
Z Click on Join & Leave button from the Configuration > VLAN >. TagBased > Settings menu and specify the action.
In the example below, we will take port 2 and assign it to leave VLAN
10. After the action is completed, note that port 2 will belong to VLAN
1 only.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

10–23

VLAN

CHAPTER 10: VLAN

To enable the filter capability for each port, use the Configuration >VLAN >Tag-Based >
Settings menu as shown below.

Use the Configuration >VLAN >Tag-Based > Filter menu to view the filter information for
the ports.

10–24

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 11: VLAN Registration
over GARP
VLAN Registration over GARP

11.1 Overview
11.1.1 Description
The Generic Attribute Registration Protocol (GARP) and VLAN registration over GARP is
called GVRP. GVRP is defined in the IEEE 802.1q and GARP in the IEEE 802.1p standards. To
utilize the capabilities of GVRP, GE Multilin recommends that the user become familiar with
the concepts and capabilities of IEEE 802.1q.

11.1.2 GVRP Concepts
GVRP makes it easy to propagate VLAN information across multiple switches. Without
GVRP, a network administrator has to go to each individual switch and enable the
necessary VLAN information or block specific VLANs so that the network integrity is
maintained. With GVRP, this process can be automated.
It is critical that all switches share a common VLAN. This VLAN typically is the default VLAN
(VID=1) on most switches and other devices. GVRP uses “GVRP Bridge Protocol Data Units”
(“GVRP BPDUs”) to “advertise” static VLANs. We refer to GVRP BPDU is as an
“advertisement”.
GVRP enables the MultiLink ML1200 Managed Field Switch to dynamically create 802.1qcompliant VLANs on links with other devices running GVRP. This enables the switch to
automatically create VLAN links between GVRP-aware devices. A GVRP link can include
intermediate devices that are not GVRP-aware. This operation reduces the chances for
errors in VLAN configuration by automatically providing VLAN ID (VID) consistency across
the network. GVRP can thus be used to propagate VLANs to other GVRP-aware devices
instead of manually having to set up VLANs across the network. After the switch creates a
dynamic VLAN, GVRP can also be used to dynamically enable port membership in static
VLANs configured on a switch.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

11–1

VLAN REGISTRATION OVER GARP

Note

CHAPTER 11: VLAN REGISTRATION OVER GARP

There must be one common VLAN (that is, one common VID) connecting all of the GVRPaware devices in the network to carry GVRP packets. GE Multilin recommends the default
VLAN (DEFAULT_VLAN; VID = 1), which is automatically enabled and configured as
untagged on every port of the MultiLink ML1200 Managed Field Switch. That is, on ports
used as GVRP links, leave the default VLAN set to untagged and configure other static
VLANs on the ports as either “Tagged or Forbid” (“Forbid” is discussed later in this chapter).

11.1.3 GVRP Operations
A GVRP-enabled port with a tagged or untagged static VLAN sends advertisements
(BPDUs, or Bridge Protocol Data Units) advertising the VLAN identification (VID) Another
GVRP-aware port receiving the advertisements over a link can dynamically join the
advertised VLAN. All dynamic VLANs operate as Tagged VLANs. Also, a GVRP-enabled port
can forward an advertisement for a VLAN it learned about from other ports on the same
switch. However, the forwarding port will not itself join that VLAN until an advertisement for
that VLAN is received on that specific port.

Switch 1
GVRP On

Switch 2
GVRP On

Switch 3
GVRP On

Static VLAN
configured end
device (NIC or
switch) with
GVRP on
6
754721A1.CDR

FIGURE 11–1: GVRP operation

Switch 1 with static VLANs (VID= 1, 2, and 3). Port 2 is a member of VIDs 1, 2, and 3.
1.

Port 2 advertises VIDs 1, 2, and 3.

On Switch 2 - Port 1 receives advertisement of VIDs 1, 2, and 3 AND becomes a
member of VIDs 1, 2, and 3.

As discussed above, a GVRP enabled port can forward advertisement for a
VLAN it learnt about. So port 3 advertises VIDs 1, 2, and 3, but port 3 is NOT a
member of VIDs 1, 2, and 3 at this point, nor will it join the VLAN until and
advertisement is received.

On Switch 3, port 4 receives advertisement of VIDs 1, 2, and 3 and becomes a
member of VIDs 1, 2, and 3.

Port 5 advertises VIDs 1, 2,and 3, but port 5 is NOT a member of VIDs 1, 2, and
3 at this point.

Port 6 on the end device is statically configured to be a member of VID 3. Port
6 advertises VID 3.

Port 5 receives advertisement.

Port 4 advertises VID 3.

Port 3 receives advertisement of VID 3 AND becomes a member of VID 3. (Still
not a member of VIDs 1 and 2 as it did not receive any advertisements for VID
1 or 2).

10. Port 1 advertises VID 3 of VID 3 AND becomes a member of VID 3. (Port 1 is still
not a member of VIDs 1 and 2).

11–2

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 11: VLAN REGISTRATION OVER GARP

VLAN REGISTRATION OVER GARP

11. Port 2 receives advertisement of VID 3. (Port 2 was already statically
configured for VIDs 1, 2, 3).
Note

If a static VLAN is configured on at least one port of a switch, and that port has established
a link with another device, then all other ports of that switch will send advertisements for
that VLAN.
In the following figure, tagged VLAN ports on switch “A” and switch “C” advertise VLANs 22
and 33 to ports on other GVRP-enabled switches that can dynamically join the VLANs. A
port can learn of a dynamic VLAN through devices that are not aware of GVRP (Switch “B”).

Switch A
GVRP On
Tagged
VLAN 22

Switch B
No GVRP
Tagged
VLAN 22

Switch C
GVRP On
Tagged
VLAN 22
Tagged
VLAN 33

Switch D
GVRP On
Dynamic
VLAN 33
Dynamic
VLAN 22

Switch C
Port 5 dynamically joined VLAN 22
Ports 11, 12 belong to Tagged VLAN 33

Switch E
GVRP On
Dynamic
VLAN 33

Dynamic
VLAN 22

3
7

Switch E
Port 2 dynamically joined VLAN 33
Ports 7 dynamically joined VLAN 33

Switch D
Port 3 dynamically joined VLAN 33
Ports 6 dynamically joined VLAN 33

754722A1.CDR

FIGURE 11–2: VLAN assignment in GVRP enabled switches

An “unknown VLAN” is a VLAN that the switch learns of by GVRP. For example, suppose that
port 1 on switch “A” is connected to port 5 on switch “C”. Because switch “A” has VLAN 22
statically configured, while switch “C” does not have this VLAN statically configured, VLAN
22 is handled as an “Unknown VLAN” on port 5 in switch “C”. Conversely, if VLAN 22 was
statically configured on switch C, but port 5 was not a member, port 5 would become a
member when advertisements for VLAN 22 were received from switch “A”. GVRP provides a
per-port join-request option which can be configured.
VLANs must be disabled in GVRP-unaware devices to allow tagged packets to pass
through. A GVRP-aware port receiving advertisements has these options:
• If there is no static VLAN with the advertised VID on the receiving port, then
dynamically create a VLAN with the same VID as in the advertisement, and allow
that VLAN's traffic
• If the switch already has a static VLAN with the same VID as in the advertisement,
and the port is configured to learn for that VLAN, then the port will dynamically join
the VLAN and allow that VLAN's traffic.
• Ignore the advertisement for that VID and drop all GVRP traffic with that VID
• Don't participate in that VLAN
• A port belonging to a tagged or untagged static VLAN has these configurable
options:

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

11–3

VLAN REGISTRATION OVER GARP

CHAPTER 11: VLAN REGISTRATION OVER GARP

• Send VLAN advertisements, and also receive advertisements for VLANs on other
ports and dynamically join those VLANs
• Send VLAN advertisements, but ignore advertisements received from other ports
• Avoid GVRP participation by not sending advertisements and dropping any
advertisements received from other devices
Table 11–1: Port settings for GVRP operations
Unknown
VLAN mode

Operations

Learn

Enables the port to dynamically join any VLAN
for which it receives and advertisement, and
allows the port to forward the advertisement it
receives.

Block

Prevents the port from dynamically joining a
VLAN that is not statically configured on the
switch. The port will still forward advertisements
that were received by the switch on other ports.
Block should typically be used on ports in
insecure networks where there is exposure to
attack - such as ports where intruders can
connect.

Disable

Causes the port to ignore and drop all the
advertisements it receives from any source.

The show-vlan command displays a switch's current GVRP configuration, including the
unknown VLANs.
show-vlan
A port must be enabled and configured to learn for it to be assigned to the dynamic VLAN.
To send advertisements, one or more tagged or untagged static VLANs must be configured
on one (or more) switches with GVRP enabled. The ML1200 software allows a dynamic
VLAN to be converted to a static VLAN with the static command.
static vlan=
Note

The show vlan type=tag command will display VID in case the VID is not known.
Example 11-1 illustrates how to convert a dynamic VLAN into a static VLAN.
As the following table indicates, a port that has a tagged or untagged static VLAN has the
option for both generating advertisements and dynamically joining other VLANs.

11–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 11: VLAN REGISTRATION OVER GARP

VLAN REGISTRATION OVER GARP

Table 11–2: GVRP options
Per-port “unknown
VLAN” (GVRP)
configuration

Per-port static VLAN options
Tagged or untagged

Auto

Forbid

Learn

Generate advertisements.
Forward advertisements for
other VLANs. Receive
advertisements and
dynamically join any
advertised VLAN

Receive advertisements
and dynamically join
any advertised VLAN
that has the same VID
as the static VLAN

Do not allow the port to
become a member of
this VLAN

Block

Generate advertisements.
Forward advertisements
received from other ports to
other VLANs. Do not
dynamically join any
advertised VLAN

Receive advertisements
and dynamically join
any advertised VLAN
that has the same VID

Do not allow the VLAN
on this port

Disable

Ignore GVRP and drop all GVRP
advertisements

Ignore GVRP and drop
all GVRP
advertisements

Do not allow the VLAN
on this port

The unknown VLAN parameters are configured on a per interface basis using the CLI. The
tagged, untagged, Auto, and Forbid options are configured in the VLAN context. Since
dynamic VLANs operate as tagged VLANs, and it is possible that a tagged port on one
device may not communicate with an untagged port on another device, GE Multilin
recommends that you use tagged VLANs for the static VLANs.
A dynamic VLAN continues to exist on a port for as long as the port continues to receive
advertisements of that VLAN from another device connected to that port or until you:
• Convert the VLAN to a static VLAN
• Reconfigure the port to Block or Disable
• Disable GVRP
• Reboot the switch

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

11–5

VLAN REGISTRATION OVER GARP

CHAPTER 11: VLAN REGISTRATION OVER GARP

The time-to-live for dynamic VLANs is 10 seconds. That is, if a port has not received an
advertisement for an existing dynamic VLAN during the last 10 seconds, the port removes
itself from that dynamic VLAN.

11–6

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 11: VLAN REGISTRATION OVER GARP

VLAN REGISTRATION OVER GARP

11.2 Configuring GVRP through the Command Line Interface
11.2.1 Commands
The commands used for configuring GVRP are shown below.
The gvrp command enables or disables GVRP.
gvrp
The show gvrp command displays whether GVRP is disabled, along with the current
settings for the maximum number of VLANs and the current primary VLAN.
show gvrp
The set-ports command set the state of the port to learn, block or disable for GVRP.
Note the default state is disable.
set-ports port= state=
The set-forbid command sets the forbid GVRP capability on the ports specified.
set-forbid vlan=
forbid=
The show-forbid command displays the ports with GVRP forbid capabilities.
show-forbid
The following example illustrates how to configure GVRP using the commands shown in
this section.

11.2.2 GVRP Operation Notes
A dynamic VLAN must be converted to a static VLAN before it can have an IP address.
After converting a dynamic VLAN to a static VLAN use the “save” command to save the
changes made - on a reboot the changes can be lost without the save command.
Within the same broadcast domain, a dynamic VLAN can pass through a device that is not
GVRP-aware. This is because a hub or a switch that is not GVRP-aware will flood the GVRP
(multicast) advertisement packets out all ports.
GVRP assigns dynamic VLANs as tagged VLANs. To configure the VLAN as untagged, first
convert the tagged VLAN to a static VLAN.
Rebooting a switch on which a dynamic VLAN deletes that VLAN. However, the dynamic
VLAN re-appears after the reboot if GVRP is enabled and the switch again receives
advertisements for that VLAN through a port configured to add dynamic VLANs.
By receiving advertisements from other devices running GVRP, the switch learns of static
VLANs from those devices and dynamically (automatically) creates tagged VLANs on the
links to the advertising devices. Similarly, the switch advertises its static VLANs to other
GVRP-aware devices.
A GVRP-enabled switch does not advertise any GVRP-learned VLANs out of the port(s) on
which it originally learned of those VLANs.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

11–7

VLAN REGISTRATION OVER GARP

CHAPTER 11: VLAN REGISTRATION OVER GARP

Example 11-2: Configuring GVRP
ML1200# gvrp
ML1200(gvrp)# show gvrp
GVRP Status :

Enabled

ML1200(gvrp)## gvrp disable
GVRP is now disabled

ML1200(gvrp)## gvrp enable
GVRP enabled

ML1200(gvrp)## set-forbid vlan=2 forbid=3-5
ML1200(gvrp)## show-forbid
============================================
VLAN ID | FORBIDDEN PORTS
============================================
1
| None
2
| 3, 4, 5

ML1200(gvrp)##

11–8

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 11: VLAN REGISTRATION OVER GARP

VLAN REGISTRATION OVER GARP

11.3 Configuring GVRP with EnerVista Secure Web Management software
11.3.1 Example
To configure GVRP,
Z Select the Configuration > VLAN > GVRP menu item.

From the GVRP menu screen, GVRP can be enabled or disabled using the drop down menu.
Each specific port can be put in the Learn, Disable or Enable state as shown in Table 11–2:
GVRP options on page 11–5.
The unknown VLAN parameters are configured on a per interface basis using the CLI. The
tagged, untagged, Auto, and Forbid options are configured in the VLAN context. Since
dynamic VLANs operate as tagged VLANs, and it is possible that a tagged port on one
device may not communicate with an untagged port on another device, GE Multilin
recommends that you use tagged VLANs for the static VLANs.
A dynamic VLAN continues to exist on a port for as long as the port continues to receive
advertisements of that VLAN from another device connected to that port or until you:
• Convert the VLAN to a static VLAN
• Reconfigure the port to Block or Disable
• Disable GVRP
• Save the configuration
• Reboot the switch
The time-to-live for dynamic VLANs is 10 seconds. That is, if a port has not received an
advertisement for an existing dynamic VLAN during the last 10 seconds, the port removes
itself from that dynamic VLAN.
Refer to GVRP Operation Notes on page 11–7 for additional information on using GVRP.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

11–9

VLAN REGISTRATION OVER GARP

11–10

CHAPTER 11: VLAN REGISTRATION OVER GARP

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Digital Energy
Multilin

Multilink ML1200
Managed Field Switch
Chapter 12: Spanning Tree
Protocol (STP)
Spanning Tree Protocol (STP)

12.1 Overview
12.1.1 Description
The Spanning Tree Protocol was designed to avoid loops in an Ethernet network. An
Ethernet network using switches can have redundant paths, which may cause loops. To
prevent loops, the MultiLink Switch Software uses the spanning tree protocol (STP).
Controlling the span in which traffic traverses is necessary as a manager of the software. It
is also necessary to specify the parameters of STP. STP is available as the IEEE 802.1d
protocol and is a standard of the IEEE.

12.1.2 Features and Operation
The switch uses the IEEE 802.1d Spanning Tree Protocol (STP). When STP is enabled, it
ensures that only one path at a time is active between any two nodes on the network. In
networks where more than one physical path exists between two nodes, STP ensures only
a single path is active by blocking all redundant paths. Enabling STP is necessary to avoid
loops and duplicate messages. This duplication leads to a “broadcast storm” or other
erratic behavior that can bring down the network.
As recommended in the IEEE 802.1Q VLAN standard, the MultiLink ML1200 Managed Field
Switch uses single-instance STP. This means a single spanning tree is created to make sure
there are no network loops associated with any of the connections to the switch. This
works regardless of whether VLANs are configured on the switch. Thus, these switches do
not distinguish between VLANs when identifying redundant physical links.
The switch automatically senses port identity and type, and automatically defines port
cost and priority for each type. The software allows a manager to adjust the cost, priority,
the mode for each port as well as the global STP parameter values for the switch.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

12–1

SPANNING TREE PROTOCOL (STP)

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

While allowing only one active path through a network at any time, STP retains any
redundant physical path to serve as a backup (blocked) path in case the existing active
path fails. Thus, if an active path fails, STP automatically activates (unblocks) an available
backup to serve as the new active path for as long as the original active path is down.
The table below lists the default values of the STP variables. Refer to the following section
for detailed explanation on the variables. By default, STP is disabled. To use STP, it has to be
manually enabled.
Table 12–1: STP default values
Variable or attribute
STP capabilities

12–2

Default value
Disabled

Reconfiguring general operation priority

32768

Bridge maximum age

20 seconds

Hello time

2 seconds

Forward delay

15 seconds

Reconfiguring per-port STP path cost

Priority

32768

Mode

Normal

Monitoring of STP

Not available

Root Port

Not set

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

SPANNING TREE PROTOCOL (STP)

12.2 Configuring STP
The show stp command lists the switch's full STP configuration, including general
settings and port settings, regardless of whether STP is enabled or disabled (default).
show stp
Example 12-1 illustrates the show stp command with the config parameter.
The variables listed in this example are defined as follows
• Spanning Tree Enabled (Global): Indicates whether STP is enabled or disabled
globally; that is, if the values is YES, all ports have STP enabled. Otherwise, all ports
have STP disabled.
• Spanning Tree Enabled (Ports): Indicates which ports have STP enabled. In the
example, ports 9 through 16 have STP enabled, but STP functionality is not
enabled. As such, STP will not perform on these ports.
• Bridge Priority: Specifies the switch (bridge) priority value. This value is used along
with the switch MAC address to determine which switch in the network is the root
device. Lower values indicate higher priority, and values range from 0 to 65535
with a default value of 32768.
• Bridge Forward Delay: Indicates the duration the switch waits from listening to
learning states and from learning to forwarding states. The value ranges from 4 to
30 seconds, with a default of 15.
• Bridge Hello Time: When the switch is the root device, this is the time between
messages being transmitted. The value is from 1 to 10 seconds, with a default of 2.
• Bridge Max Age: This is the maximum time a message with STP information is
allowed by the switch before the switch discards the information and updates the
address table. Value range from 6 to 40 seconds with default value of 20.
• Root Port: Indicates the port number elected as the root port of the switch. A root
port of "0" indicates STP is disabled.
• Root Path Cost: A path cost is assigned to individual ports for the switch to
determine which ports are the forwarding points. A higher cost indicates more
loops, a lower cost indicates fewer loops. More loops equal more traffic and a tree
which requires a long time to converge - resulting in a slower system.
• Designated Root: Displays the MAC address of the bridge in the network elected or
designated as the root bridge. When STP is not enabled, the switch designates
itself as the root switch.
• Designated Root Priority: Shows the designated root bridge's priority. The default
value is 32768.
• Root Bridge Forward Delay: Indicates the designated root bridge forward delay.
This is the time the switch waits before switching from the listening to the

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

12–3

SPANNING TREE PROTOCOL (STP)

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

forwarding state. The default is 15 seconds, with a range of 4 to 30 seconds.
• Root Bridge Hello Time: Indicates the designated root bridge's hello time. Hello
information is transmitted every 2 seconds.
• Root Bridge Max Age: Indicates the designated root bridge maximum age, after
which it discards the information as being old and receives new updates.
These variables can be changed using the “priority”, “cost”, “port” and “timers” commands
described later in this chapter.
Example 12-2 illustrates the show stp command with the ports parameter. The variables
listed in this example are defined as follows:
• Port#: indicates the port number. Value ranges from 01 to max number of ports in
the switch
• Type: indicates the type of port - TP indicates Twisted Pair
Example 12-1: Viewing STP configuration
ML1200#show stp config

RSTP CONFIGURATION
----------------Rapid STP/STP Enabled(Global) : NO
RSTP/STP Enabled Ports

: 1,2,3,4,5,6,7

Protocol

: Normal RSTP

Bridge ID

: 80:00:00:00:00:00:00:00

Bridge Priority

: 32768

Bridge Forward Delay

: 15

Bridge Hello Time

: 02

Bridge Max Age

: 20

Root Port

: 0

Root Path Cost

: 0

Designated Root

: 80:00:00:00:00:00:00:00

Designated Root Priority

: 32768

Example 12-2: Viewing STP ports
ML1200#show stp ports

STP Port Configuration

------------------------------------------------------------------------------Port#

Type

Priority

Path Cost

State

Des. Bridge

Des. Port

-------------------------------------------------------------------------------

12–4

TP(10/100)

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:01

TP(10/100)

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:02

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:03

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:04

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

SPANNING TREE PROTOCOL (STP)

• Priority: STP uses this to determine which ports are used for forwarding. Lower the
number means higher priority. Value ranges from 0 to 255. Default is 128
• Path Cost: This is the assigned port cost value used for the switch to determine the
forwarding points. Values range from 1 to 65535
• State: indicates the STP state of individual ports. Values can be Listening, Learning,
Forwarding, Blocking and Disabled.
• Des. Bridge: This is the port's designated root bridge
• Des. Port: This is the port's designated root port
To enable or disable STP, enter the STP configuration mode via the stp command and use
the stp enable or stp disable command.
To stp command enters STP configuration mode:
stp
The enable and disable parameters start (enable) or stop (disable) STP.
stp
The stp and rstp parameters set the spanning tree protocol to be IEEE 802.1d or 802.1w
(Rapid Spanning Tree Protocol).
set stp type=
The show active-stp command display which version of STP is currently active.
show active-stp
Note

Note

Incorrect STP settings can adversely affect network performance. GE recommends starting
with the default STP settings. Changing the settings requires a detailed understanding of
STP. For more information on STP, please refer to the IEEE 802.1d standard.
It is always a good idea to check which mode of STP is active. If the proper mode is not
active, the configuration command stp will not be understood. To set the proper mode,
use the set stp command.

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

12–5

SPANNING TREE PROTOCOL (STP)

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

Example 12-3 shows how to enable STP using the above commands.
The priority command specifies the port or switch level priority. When a port(s) are
specified the priority is associated with ports and their value is 0 to 255. If no ports are
specified, then the switch (bridge) priority is specified and its value is 0 to 65535. This value
is used along with the switch MAC address to determine which switch in the network is the
root device. Lower values mean higher priority. The default value is 32768.
Example 12-3: Enabling STP
ML1200#show active-stp

Current Active Mode: RSTP.
RSTP is Disabled.

ML1200#stp

ERROR: Invalid Command

ML1200#set stp type=stp

STP Mode set to STP.

ML1200#stp
ML1200(stp)##stp enable
Successfully set the STP status

ML1200(stp)##show stp config

STP CONFIGURATION
-----------------

12–6

Spanning Tree Enabled(Global) :

YES

Spanning Tree Enabled(Ports)

YES, 1,2,3,4,5,6,7

Protocol

Normal STP

Bridge ID

80:00:00:20:06:2b:e1:54

Bridge Priority

32768

Bridge Forward Delay

Bridge Hello Time

Bridge Max Age

Root Port

Root Path Cost

Designated Root

80:00:00:20:06:2b:e1:54

Designated Root Priority

32768

Root Bridge Forward Delay

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

SPANNING TREE PROTOCOL (STP)

priority [port=]
value=<0-255 | 0-65535>
The cost command is port specific. A path cost is assigned to individual ports for the
switch to determine which ports are the forwarding points. A higher cost means the link is
“more expensive” to use and falls in the passive mode compared to the link with a lower
cost. Value ranges from 0 to 65535, with a default value of 32768.
cost port=
value=<0-65535>
The port command assigns ports to STP. If you are unsure, let the software make the
decisions. The status parameter enables or disables a port from participating in STP
discovery. Its best to only allow trunk ports to participate in STP. End stations need not
participate in STP process.
port port=
status=
The timers command changes the STP forward delay, hello timer and aging timer values.
The forward-delay parameter indicates the time duration the switch will wait from
listening to learning states and from learning to forwarding states. The value ranges from
4 to 30 seconds with a default value of 15. When the switch is the root device, the hello
parameter represents the time between messages being transmitted. The value is from 1
to 10 seconds with a default value is 2. The age parameter is the maximum time a
message with STP information is allowed by the switch before the switch discards the
information and updates the address table again. Value ranges from 6 to 40 seconds with
default value of 20.
timers forward-delay=<4-30> hello=<1-10> age=<6-40>

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

12–7

SPANNING TREE PROTOCOL (STP)

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

Example 12-4: Configuring STP parameters
ML1200(stp)##show stp config

STP CONFIGURATION
----------------Spanning Tree Enabled(Global) :

Spanning Tree Enabled(Ports)

YES, 1,2,3,4,5,6,7

Protocol

Normal STP

Bridge ID

80:00:00:20:06:2b:e1:54

Bridge Priority

32768

Bridge Forward Delay

Bridge Hello Time

Bridge Max Age

Root Port

Root Path Cost

Designated Root

80:00:00:20:06:2b:e1:54

Designated Root Priority

32768

Root Bridge Forward Delay

Root Bridge Hello Time

Root Bridge Max Age

ML1200(stp)##show stp ports

STP Port Configuration

------------------------------------------------------------------------------Port#

Type

Priority

Path Cost

State

Des. Bridge

Des. Port

------------------------------------------------------------------------------01

12–8

TP(10/100)

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:01

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

SPANNING TREE PROTOCOL (STP)

Configuring STP parameters (continued)
ML1200(stp)##show stp ports

STP Port Configuration

------------------------------------------------------------------------------Port#

Type

Priority

Path Cost

State

Des. Bridge

Des. Port

------------------------------------------------------------------------------01

TP(10/100)

128

100

TP(10/100)

128

Forwarding

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:03

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:04

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54

80:05

100MB Fiber

128

100

Disabled

80:00:00:20:06:2b:e1:54
80:06
now participate in STP.

TP(10/100)

128

100

Disabled

80:00:00:20:06:2b:e1:54

Forwarding

80:00:00:20:06:2b:e1:54
80:00:00:20:06:2b:e1:54

80:01
80:02

Ports that have connected devices
80:07

ML1200(stp)##priority value=15535
Successfully set the bridge priority

ML1200(stp)##show stp config

STP CONFIGURATION
----------------Spanning Tree Enabled(Global) :

YES

Spanning Tree Enabled(Ports)

YES, 1,2,3,4,5,6,7

Protocol

Normal STP

Bridge ID

3c:af:00:20:06:2b:e1:54

Bridge Priority

15535

Bridge Forward Delay

Bridge Hello Time

Bridge Max Age

Root Port

Root Path Cost

Designated Root

3c:af:00:20:06:2b:e1:54

Designated Root Priority

15535

Root Bridge Forward Delay

Root Bridge Hello Time

Root Bridge Max Age

STP is now enabled. Note the default
values for the discussed variables.

ML1200(stp)##priority port=2 value=20

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

12–9

SPANNING TREE PROTOCOL (STP)

CHAPTER 12: SPANNING TREE PROTOCOL (STP)

Configuring STP parameters (continued)
ML1200(stp)##cost port=2 value=20
Setting cost for STP...Successfully set the path cost for port 2

ML1200(stp)##show stp ports

STP Port Configuration

------------------------------------------------------------------------------Port#

Type

Priority

Path Cost

State

Des. Bridge

Des. Port

------------------------------------------------------------------------------01

TP(10/100)

128

100

Forwarding

80:00:00:20:06:2b:e1:54

80:01

TP(10/100)

Forwarding

80:00:00:20:06:2b:e1:54