This version of the TNS-100 Web UI manual applies to firmware versions v1.12.5 and later.  You can find the current firmware version of your device on the Dashboard page, within the System information widget.


Please refer to the TNS-100 Operating Manual for information about how to power your device and other useful information.


Table of contents


Interface settings

Network settings

VLAN settings

Port isolation settings

Services settings

System settings

Firmware upgrade

Config backup & restore

Reset to defaults

Reboot

Fetch troubleshooting file




Login & access

i  Note: The device's default fallback IP is 192.168.1.1, and the default username and password are root/admin.


  1. By default, DHCP client is enabled on the main local network bridge.  If your device cannot get an IP from an upstream DHCP server, it will fallback to 192.168.1.1.

  2. Access your device's local web UI in your web browser at the DHCP-assigned IP or the fallback IP mentioned in the previous step.

  3. Login using the default login credentials of username: root & password: admin. You will automatically be logged out of your session if you're inactive for more than 30 minutes.

!   Change the device's default user credentials after you log in for the first time.



Dashboard


The device dashboard shows the overall status of your device, including:

  • Ethernet port PoE out status, PoE out fuse failures, link status, and port MTU

  • Networking details, such as management IP address(es), management MTU, management VLAN Id, etc

  • Traffic graphs for ethernet interfaces

  • System information, including device name, system resources and temperatures, SFP module info, & firmware version


Firmware version notifier


The device will check for new firmwares once a day. When one is available, you'll see a link to download the firmware appear in the upper right corner of the System information widget:



If the device cannot contact https://tachyon-networks.com, you'll see a message like this:


If you don't see a firmware version message at all, your firmware may not support this feature, or the device encountered a system error.


PoE Faults


If your device encounters a PoE fault, you will see a red warning icon like the one below.  To reset the fault, turn PoE off an back on - and if that doesn't work, physically reconnect the cable. 



Interface Actions


  • Power Cycle PoE Out Ports

    Within the Interface Status table, you can also power cycle a PoE out port, but pressing the yellow "PoE Out" button for the port you'd like to power cycle:


Configuration


i  Only admin-level users have rights to access and change settings on the configuration pages of the web UI.


Help tips


Most configuration labels will show information about the setting when you mouse over the label (as of firmware 1.12.2).



Applying configuration changes


While you're configuring your device, feel free to make changes to one or more settings located on any of the configuration pages mentioned in the sections below.  



Once you're done, click the Save Now (1) button at the top of the page in order to write and apply the changes.  Please note that your device will become temporarily unreachable while networking and other system services are restarted.


If you wish to discard your changes, refresh the page, or click the Discard (3) button.   


If you wish to test your changes first, you can press the Test Changes (2) button, which will apply the current changes, and start a timer for 5 minutes.  



After 5 minutes is up, if you haven't confirmed your changes, the will automatically roll back to the previous settings.



Interface Settings



On this settings tab, you can change the following settings for each port on your TNS-100 device:


  • Enabled: Whether or not this port should be enabled. When an interface is disabled, it will still link but will be unable to pass traffic over the link. PoE out can still be enabled (if supported) when an interface is disabled.

  • PoE out: Enable PoE out on the specified port (if supported by that port)

  • Description: You can set a short description/note for each port (max of 32 characters) which will be shown on the dashboard, as well as in the SNMP output for the ports.

  • Additional Settings/Port MTU: This is the maximum transmission unit (MTU) of each port. This setting will apply to all interfaces. The minimum allowed value is 1280, the max is 9018, and it must be greater than or equal to the management interface, which is set under the Network settings tab. This setting does not change the size of the packets. If a packet that's larger than the MTU value tries to pass through the interface it will be dropped. The default value is 9018.

  • Additional Settings/Enable 1G SFP support:  If you do not have an SFP+ module, you will need to enable this setting in order to turn on 1G SFP support on the eth5 port.  Note: This setting will require a reboot to take affect, and 10G/SFP+ modules will no longer work once this is enabled.

  • Additional Settings/Enable STP:  You can enable STP (spanning tree protocol) on the main system bridge by turning this setting on.  Please note that STP is not compatible with VLANs.

Network Settings


These settings apply to the device's local/management network:

  • Management bridge MTU: The maximum transmission unit (MTU) set on the local management network. This value must be less than or equal to the port MTU set on the Interfaces page (otherwise the packets won't make it to/from the management bridge). The minimum allowed value is 1280, and the max is 9018. Default is 1500.

  • Management IPv4 mode: Options for IPv4 mode are Static or DHCP client.  DHCP Client is selected by default.
    • DHCP client: If you choose DHCP client, you'll have the option of setting a fallback IPv4 address and netmask. The default fallback IP is 192.168.1.1.

    • Static IP: If you choose Static IP as the IPv4 mode, you will need to manually set at least one IP (IPv4 or IPv6) for the device as shown below.



VLAN Settings


The settings in this section allow you to create access and trunk VLANS on your switch, on a per-port basis.   By default, no VLANs can passthrough the TNS-100 switch unless they're explicitly trunked.



Management VLAN: The default management VLAN ID is set to 1 (native). You can change this value to another VLAN ID not already in use in order to manage the device from a non-native VLAN ID by checking the "Management" radio button next to the VLAN.  


Packets with this VLAN ID will also be allowed to passthrough the device when set to to Trunk, allowing you to use the same management VLAN on the TNS-100 as do you on the devices behind it.  As of firmware v1.12.5, you can set an access policy on the management VLAN as well.


By default, all ports are set to "Trunk" for the management VLAN (as of firmware v1.12.2).  There is the option to set the role to "None" if you don't wish to be able to access the local management network/UI from a specific ethernet port.

!   Warning: once management VLAN ID is changed from the default value of 1, you must have your management VLAN settings correctly configured or you will not be able to reach your device again without resetting to defaults.


Trunk and Access VLANs:


Each VLAN can play a different role when assigned to each port:


  1. Trunk: Packets with the specified VLAN ID are allowed to pass through the interface.

  2. Access: Packets without a VLAN tag coming into the port are tagged with the specified VLAN ID, and packets going out of this interface with the specified VLAN ID are stripped of that tag.

  3. None: The VLAN is not active on the specified port.

VLAN Name: Use this field to give your VLAN an optional name. The max length of the VLAN name is 32 characters.


VLAN Actions: 

  • To add a new VLAN, press the "Add" button.  The VLAN ID must be in the range of 2-4094, and cannot already be in use.  VLAN ID 1 is reserved for the management VLAN.  The maximum number of VLANs that you can create is currently set to 128.

  • To change the type of VLAN for a port, click on the icon in the table to toggle through Trunk, Access, and None.

  • To remove a VLAN, press the red "X" at the end of the VLAN row that you wish to delete.  You cannot remove the management VLAN.  You can remove all VLANs by clicking the menu next to the VLAN configuration header.

  • To trunk all VLANs or set all to access, press the 3 dot menu at the end of the VLAN row and click the corresponding menu item:



Port Isolation Settings


This feature is available in v1.12.1+ firmwares.


Traffic between ports can be isolated, or blocked, from the settings on this page.  By default, traffic is allowed to flow between all ports.



To block traffic from a source port (the first column) to another port, simply click on the gray circle icon button under the destination port, and change the policy to "Block":



Additional Actions


  • Block all ports: This action allows you to set the policy to "Block" for all destination ports for the given source port.

  • Allow all ports: This action allows you to set the policy to "Allow" (the default) for all destination ports for the given source port.


Services Settings


/SSH 


The settings in this section refer to the local SSH server running on the device.  Only the admin-level user accounts created under the Users configuration page have the ability to SSH into a TNS-100 device.


Enabled: Whether or not SSH access is enabled on this device.  Default is enabled.


Port: Port used by the SSH server.  Default is 22.  


/HTTP 


The settings in this section refer to the local webserver running on the device.


Port: HTTP port at which you can access the local web UI.  Default is 80.


HTTPS port: HTTPS port at which you can access the local web UI. Default is 443.

Note: the SSL certificate for the device's web server is a dynamically generated self-signed certificate.  Some modern web browsers (such as Chrome) no longer accept self-signed SSL certificates by default.  In order to view the HTTPS version of the web interface, you will need to use a browser that allows self-signed certificates, such as FireFox.



/NTP


Enable: Enable or disable the NTP (network time protocol) server.  This server is enabled by default.


Server addresses:  A list of NTP peers that the device should use when updating the local time.



/Device discovery


Enable: Enable or disable the device discovery service for this device. 


Discovery nearby devices:

Enable the LLDP (Link Layer Discovery Protocol) server in order to find nearby devices on the network.  Nearby devices can be found by using the Device discovery tool on the Tools page.


Broadcast device info:  

Allow this device to be discoverable over  LLDP (Link Layer Discovery Protocol), CDP (Cisco Discovery Protocol), and/or MNDP (Mikrotik Neighbor Discovery Protocol).



/SNMP


Enable: Enable the local SNMP server.   The SNMP server is disabled by default.  The private MIB for the TNS-100 can be found here


Protocol: Choose SNMP version: SNMPv2, SNMPv3, or dual SNMPv2 + SNMPV3.  


Community (SNMPv2 only): Input the community string for the SNMP server.  The default value is public.


User (SNMPv3 only):  SNMPv3 authentication username.  Length must be between 1 and 100 characters.


Password (SNMPv3 only): SNMPv3 SHA+AES authentication passphrase.  Length must be between 1 and 32 characters.


Here's an example demonstrating how to fetch the device's current 60GHz channel using SNMPv3 and snmpwalk:

> snmpwalk -v 3 -u <user> -A <password> -X <password> -a SHA -x AES -l authPriv <device ip> .1.3.6.1.4.1.4458.57344.2.2.1.4

SNMPv2-SMI::enterprises.4458.57344.2.2.1.4.2 = INTEGER: 1



/SNMP traps


Enable:  Enable or SNMP traps to be sent from this device.


User: The username that should be included when connecting to the server specified below.   If no username is required, just use a dummy value here such as "nonyabuisness".


Server address:  Hostname or IP of the SNMP trap receiver. 


Protocol: Choose the trap version: SNMPv2 or SNMPv3


Community (SNMPv2 only): Community string for SNMPv2.


Password (SNMPv3 only): Password used for SNMPv3.



Once enabled, traps will be pushed to your trap server, like shown in the iReasoning MIB browser example screenshot below:




Notes:

  • The MIB that contains the Tachyon trap definitions can be found in the TNS-100 Private MIB article.

  • Because of the nature of SNMP traps, some events might be lost before they reach your trap server.  For example, client association traps are sent at association time, which could occur before the upstream data path is completely initialized, causing the trap message to be dropped.

/Ping watchdog


This service pings the specified IP address at the given interval and reboots the device after receiving a certain number of failures in a row. This service is disabled by default.


Enable:  Enable the ping watchdog service.  


Ping interval: How long the service should wait, in seconds, between attempts to ping the provided IP.


Startup delay: The length of time in seconds that the service should wait until it attempts the first ping.


Failure count: The maximum allowed number of failures allowed (in a row) before the device will be rebooted.


IP address to ping: The IP address that the service will attempt to ping.


/Remote syslog


Enable: Enable or disable the remote syslog service.


Protocol:  Remote syslog server protocol: TCP or UDP


Server address:   IP address or hostname of the remote syslog server.


Port: Port at which the remote syslog server is running. 



System Settings


/Device information


Device name: The name of this device.  This field is used to populate the system name field used in the device discovery tool.


Device location: The physical location of this device. This field is used to populate the system location field used in the device discovery tool.  This is a free form field 


Country:  Select the country where this device will be used.   The country field is used to set local regulatory rules.


Hostname: The system hostname of your device. Must be a valid hostname format - it must only contain alphanumeric characters, periods and dashes, and must start or end in an alphanumeric character.


/Time settings


Enable advanced timezones: Select this box to enable timezones that have DST support enabled. 


Time zone: The timezone that should be used for this device's time.


Date/time: Use the date and time fields to manually set the device's local date and time.  If NTP is enabled, you will not be able to manually set the date and time.




/Other settings


Physical reset button: Enable or disable the physical reset button.


!   Warning: It is not recommended that you disable the device's physical reset button. Misconfigurations could make the device become unreachable.


Users


The System Authentication page gives you control over access to your device via the web UI, SSH & the RESTful API. 


There are two methods available for system authentication:


  1. Local user list: This is the default authentication method and will authenticate API, web UI, and SSH users according credentials configured in the user list. (Read more below about user roles).

  2. RADIUS auth: This method allows web UI users only to be authenticated against an external RADIUS server. The system activity log will indicate the authentication method used when a login attempt is made.  Some notes about this method:
    • API and SSH users are still authenticated against the local user list.

    • All users authenticated over RADIUS will have their role set to admin.

    • If the configured RADIUS server is unavailable, or if the shared secret is mis-configured, then the local users list will be used as a fallback.


There are currently two roles for a user when using the local user list authentication option:


  1. Admin: Full access to all settings in the Web UI and all RESTful API routes.

  2. Read-only: Limited access to the Dashboard page of the web UI only, and API routes that don't affect operation of the device, such as fetching device stats.



Compatibility note: RADIUS support was added in firmware v1.12.5.


Password requirements

Passwords must be between 5 and 32 characters long, cannot contain spaces, and can contain the following special characters:

! @ # $ % ^ & * ( ) _ - + ? > < , . / ~


System and device actions


You can find the system actions by clicking the gear icon located on the top right side of the page:



/Upgrade firmware


Select this option to upgrade or downgrade your device's firmware.


If after an upgrade attempt your device is running a previous version of firmware, it's possible that it failed to boot using the new firmware, and fell back to the previously working bootbank.  


In this case, please contact support to verify you have a valid firmware image.  If there was a power interruption or flicker during the upgrade, it's safe to retry the firmware upgrade assuming the device's input power is stable.


If you're downgrading your device's firmware, make sure to select the "Reset config after device update" option:



!   Warning:  Do not unplug or reboot your device while firmware upgrade is in progress!



/Config backup & restore


Backup or restore the device's configuration settings.  


/Reboot


Reboot your device immediately.



/Reset device 


Reset your device to factory defaults.   You may want to reset your device if downgrading to an older firmware.



/Fetch troubleshooting file


Fetch an archive of log files, configuration files, stats, and other information useful in troubleshooting any issues with the Tachyon support team. 



Tools 


/Ping 


Perform a basic ping IPv4 or IPv6 operation from the device.



/Traceroute


Perform a basic traceroute operation from the device.




/View log


Search and view the device's dmesg output.   Output from logread can be read from the console or via one of the remote syslog options.



/Device discovery


Use the device discovery tool to find other devices on your network. 


!   Note:  You must have Device Discovery enabled under the Configuration >> Services >> Device discovery settings page in order for your device(s) to be discoverable.



System name and description can be set under your device's system settings located at Configuration >> System >> Device information:




Activity


Recent events, such as user login, DHCP events, PoE reset events, etc can be found under the Activity page, or by clicking the calendar icon in the top right nav area.  Activity events match up to the SNMP traps pushed to the(optional) trap server.