MapleLink / MapleLink Lite

ARP Inspection is a security feature that prevents Address Resolution Protocol (ARP) spoofing attacks. It verifies ARP packets against a trusted database to block malicious attempts to redirect network traffic. On Maple Systems network switches, ARP Inspection helps maintain network integrity by ensuring only valid ARP responses are forwarded.

Auto Provision is a service that allows the switch to automatically retrieve and apply configuration files from a remote server. This simplifies the configuration process by eliminating the need for manual setup. The switch connects to a specified TFTP, FTP, or HTTP server, downloads the configuration files, and applies them directly to the switch. This ensures consistent configuration across multiple devices. Auto Provision does not automatically upgrade firmware but is used for efficiently applying configuration settings.

Bandwidth refers to the maximum data transfer rate of a network connection, determining how much data can be transmitted per second. Bandwidth Control allows administrators to regulate network traffic by setting ingress (incoming) and egress (outgoing) limits per port. These limits are configured in multiples of 16 Kbps. Meaning the minimum bandwidth allocation per port is 16 Kbps, and it increases in increments of 16 Kbps as needed. Proper bandwidth management helps prevent congestion, optimize network performance, and ensure critical data gets prioritized.

A Binding Table is a data structure that maps IP addresses to specific MAC addresses and ports on a network switch. It is used to validate and control traffic flow ensuring that only devices with legitimate IP-MAC bindings can communicate on the network. In features like IP Source Guard, the Binding Table helps prevent unauthorized access. Additionally, it protects IP address spoofing by maintaining accurate records of valid devices connected to the switch.

In SNMP (Simple Network Management Protocol), a Community is a logical group used for authentication purposes. It functions as a password or access control mechanism that defines the level of access to network devices such as routers, switches, and servers. A Community enables SNMP-enabled devices to be managed remotely.

There are two primary types of Community Strings: Read-Only (RO) and Read-Write (RW). A Read-Only (RO) community allows users to retrieve information from the device. It prevents them from making any changes to the device’s configuration. A Read-Write (RW) community allows users to retrieve information and make modifications to the device’s configuration.

When an SNMP request is received, the device checks the Community String to determine if the requestor has the proper access rights. If the string matches, the device grants the appropriate access level; otherwise, access is denied, enhancing security.

A DHCP Relay forwards DHCP requests between clients and a DHCP Server on different networks or specified VLANs. Without it, clients can only receive IP addresses from servers in the same subnet. DHCP Relay allows a Maple Systems network switch to pass client requests to a remote DHCP Server over a different VLAN, enabling centralized IP address management across multiple subnets.

DHCP Snooping is a security feature that prevents unauthorized DHCP Servers from assigning IP addresses to clients. It monitors DHCP traffic and only allows responses from trusted servers on specified ports. On Maple Systems network switches, DHCP Snooping helps protect against rogue servers and DHCP spoofing attacks, ensuring clients receive valid network configurations.

A DIP Switch (Dual In-line Package Switch) is a small physical switch used to configure hardware settings on a device. On Maple Systems network switches, DIP Switches are primarily used to activate the relay alarm output. For example, in case of a main or redundant power loss. On certain models, DIP Switches can also be toggled to trigger the relay output alarm for specific port events, such as link failures. This feature provides a simple, hardware-based method for enabling critical network alerts without requiring software configuration.

Dual Homing is a redundancy method where a device connects to two separate network paths for reliability. If one connection fails, traffic switches to the other, ensuring continuous network access. On Maple Systems network switches, Dual Homing improves fault tolerance by providing backup connectivity, reducing downtime in case of link failure.

WTR (Wait-to-Restore) is a timer mechanism used in ERPS (Ethernet Ring Protection Switching). It prevents network instability after a failure has been resolved. ERPS is a protocol that ensures fast recovery in Ethernet ring networks by quickly switching traffic to an alternate path when a link failure occurs.

When a failed link in an ERPS ring is restored, the WTR timer delays the reactivation of the original path. This waiting period ensures that the link is stable before traffic is rerouted back to its primary path preventing unnecessary switching due to brief or intermittent link failures. The WTR timer value is configurable, allowing network administrators to set an appropriate delay based on network conditions.

A Filter Table in ARP Inspection is used to store valid ARP (Address Resolution Protocol) entries that have been verified to ensure legitimate traffic on the network. This table helps prevent ARP spoofing, as well as other malicious activities by allowing the switch to filter out any ARP requests or responses that do not match the expected entries in the table.

When ARP packets are received, the switch checks the Filter Table to ensure the source MAC address and IP address pair is valid. If the entry exists in the table and the packet matches, it is allowed to pass through. If the ARP packet does not match a valid entry, it is discarded. Protecting the network from potential ARP poisoning or man-in-the-middle attacks.

The Filter Table is typically populated dynamically. It can also be manually configured to specify trusted ARP entries for known devices in the network.

Firmware is a type of software that is embedded into hardware devices to control and manage their operations. Unlike regular software that can be easily updated or removed, firmware is typically stored in non-volatile memory, such as ROM or flash memory, and is essential for the device to function. It provides low-level control over the hardware and allows the device to communicate with other systems or applications.

Firmware can be found in a variety of devices, including routers, switches, computers, and embedded systems. It is responsible for initializing the hardware during startup and providing the necessary instructions for its operation. In many cases, firmware updates are released to fix bugs, add new features, or improve performance.

IGMP (Internet Group Management Protocol) is a network protocol used to manage multicast group membership on IPv4 networks. It allows devices to join or leave multicast groups, ensuring that multicast traffic is only sent to devices that need it. On Maple Systems network switches, IGMP helps optimize network performance by preventing unnecessary multicast traffic from overwhelming network bandwidth. This is especially useful for applications like video streaming, industrial automation, and real-time data distribution.

IGMP Snooping is a feature that enhances IGMP by allowing switches to monitor and control multicast traffic at the data link layer. Instead of forwarding multicast traffic to all ports, IGMP Snooping ensures that multicast data is only sent to the ports with registered group members. This reduces network congestion and improves efficiency by preventing unnecessary multicast flooding. On Maple Systems switches, enabling IGMP Snooping helps maintain optimal network performance, especially in environments with high multicast traffic.

An IP Address (Internet Protocol Address) is a unique identifier assigned to each device on a network. Thus, allowing it to communicate with other devices. It serves as both the address and the location of the device. Similar to how a street address works for mail delivery. There are two main types of IP addresses: IPv4 and IPv6.

IPv4 is the most commonly used version and consists of four sets of numbers (octets) separated by periods, such as 192.168.1.1. It supports about 4.3 billion unique addresses, but due to the increasing number of devices, IPv4 addresses are becoming exhausted.

IPv6 was introduced to solve this issue by providing a much larger address space. It uses eight groups of four hexadecimal digits separated by colons, like 2001:0db8:85a3:0000:0000:8a2e:0370:7334. This allows for a virtually unlimited number of addresses ensuring that future devices can be connected to the internet without running out of address space.

IP DiffServ (Differentiated Services) is a network architecture designed to manage traffic and prioritize packets for improved Quality of Service (QoS). It classifies and marks packets using the DSCP (Differentiated Services Code Point) tag, thus determines the level of priority given to network traffic. DiffServ enables more efficient handling of high-priority traffic, ensuring better performance for critical applications. For more details on how packets are tagged and classified, see the What is a DSCP Tag? help topic.

IP Source Guard is a security feature that prevents IP address spoofing by binding IP addresses to specific ports and MAC addresses. It ensures that only devices with valid IP-MAC bindings can communicate on the network. When enabled on Maple Systems network switches, IP Source Guard helps protect against unauthorized devices from accessing the network, enhancing overall security by blocking invalid IP traffic.

A Jumbo Frame is an Ethernet frame with a Maximum Transmission Unit (MTU) larger than the standard 1500-byte size, typically supporting 9000 bytes or more. This larger MTU reduces the overhead for data transmission, improving network efficiency. Jumbo Frames are often used in high-performance networks to increase throughput, reduce CPU load, and optimize large data transfers. It is especially beneficial in environments like SCADA systems that handle large data sets.

Example Scenario: Enhancing HMI and PLC communication performance:
Jumbo Frames are used to enhance communication between an HMI, PLC, and a managed switch. The HMI transmits large sets of data, such as real-time sensor readings and historical logs, to the PLC for processing. By using Jumbo Frames with a larger MTU (up to 9000 bytes), the system reduces the overhead from multiple smaller frames. The managed switch handles these larger frames, improving network efficiency and reducing latency in data transfers. This setup is ideal for high-performance networks that handle large amounts of data.

Link Aggregation combines multiple physical network links into one logical connection, increasing bandwidth and providing redundancy. By using IEEE 802.1ad (QinQ), Link Aggregation encapsulates multiple VLANs within another VLAN, enhancing scalability and performance. This standard improves traffic distribution, reliability, and load balancing across multiple links. Link Aggregation is commonly used in enterprise and data center networks to ensure high availability and prevent failure points.

Example Scenario: Link Aggregation in a SCADA System:
In a SCADA system used at an industrial facility, there are multiple sensors and remote I/O devices connected to a central SCADA server. These devices are responsible for monitoring various aspects of the plant’s operations, such as temperature, pressure, flow rates, and more. The SCADA system requires constant data collection and real-time processing to ensure operations are running smoothly.

To improve network performance, Link Aggregation (LAG) is implemented between the SCADA server and the network switch. The SCADA server is equipped with two network ports that are configured for Link Aggregation, while the switch also has Link Aggregation enabled on the corresponding ports.

MAC Management is a feature that allows administrators to manage and configure MAC addresses on a network switch. It provides several capabilities for controlling how MAC addresses are handled within the switch.

With MAC Management, you can set Static MAC Addresses. Ensuring that specific devices always use the same MAC address on a particular port. This can be useful for devices that need consistent network access. You can also view the MAC Table, which lists the MAC addresses learned by the switch and the associated ports. Helping with network troubleshooting and monitoring.

Additionally, MAC Management includes the ability to apply a MAC Age Time (ranging from 20 to 500 seconds, or set to 0 to disable aging). This setting determines how long the switch will retain a MAC address entry in its table before it is removed. Shorter aging times can help the table stay up to date, while longer times reduce the need for frequent updates.

A MAC VLAN is a feature that allows network administrators to filter traffic based on the MAC (Media Access Control) address of devices. This feature enables the network switch to apply VLAN configurations based on specific portions of the source MAC address, providing granular control over traffic segmentation.

For example, if you configure a MAC VLAN with the address 00:01:02. The switch will filter traffic using only the first three bytes of the source MAC address. A configuration with 00:01:02:03:04 will filter based on the first five bytes. While 00:01:02:03:04:05 will filter using all six bytes of the source MAC address. This allows for precise traffic management ensuring that only traffic from specific devices or groups of devices are allowed into particular VLANs.

In addition, MAC VLAN also supports Port Priority, which enables administrators to assign priority to specific MAC addresses or VLANs. This ensures that higher-priority traffic, such as real-time applications, is processed first, helping to optimize network performance and minimize delays.

A Management Host is a designated device or system authorized to access and configure a network switch. It typically refers to a computer or server used for administrative tasks such as monitoring network activity, adjusting settings, and applying security policies. On Maple Systems network switches, a Management Host can be restricted by IP address ensuring that only approved devices can access the switch’s management interface. This enhances security by preventing unauthorized access and limiting control to specific network administrators.

This feature allows up to 10 different management hosts. The default is none, any host can manage the Switch via GUI or CLI solutions.

LLDP Neighbors refers to devices on the network that support LLDP (Link Layer Discovery Protocol) and are directly connected to a network switch. LLDP is a vendor-neutral protocol. It allows network devices to advertise information about themselves, such as their device type, capabilities, and management addresses.

On Maple Systems network switches, LLDP Neighbors helps administrators discover and visualize devices in the network topology. By viewing the LLDP Neighbor Table, you can identify connected devices, troubleshoot connectivity issues, and ensure proper network configuration. LLDP neighbors provide key details such as the port number, device ID, and system name of the neighboring devices. LLDP neighbors will also be visible on the Topology Map feature.

Port Priority is a traffic management feature that controls the importance of data sent through specific ports on a network switch. It ensures that higher-priority traffic is processed first, reducing delays for critical applications. On Maple Systems network switches, Port Priority assigns priority levels to ports, helping to manage congestion and optimize network performance. This feature is useful for prioritizing time-sensitive data such as voice, video, or industrial control signals over less critical traffic.

Port Priority can be assigned per port, on a 0-7 scale system. With 0 being assigned as critical priority, and 7 being low priority.

Ring Settings configure a network redundancy mechanism that ensures continuous operation in case of a link failure. This feature is commonly used in industrial networks to create a ring topology where switches are connected in a loop to provide fault tolerance. If a link in the ring fails, the network automatically reroutes traffic through an alternate path, minimizing downtime.

The Ring Settings will store the ERPS Configuration, ERPS Instance, STP, and STP Port tabs.

RMON (Remote Monitoring) is a network management protocol that provides in-depth traffic analysis and port statistics on network switches. It enhances traditional SNMP (Simple Network Management Protocol) by enabling switches to collect and store traffic data, reducing the need for continuous polling from an external management system.

On Maple Systems network switches, RMON allows administrators to view detailed port statistics, including whether a port is active or inactive, as well as inbound and outbound traffic metrics. RMON provides visibility into data such as total octets, broadcast packets, unicast packets, multicast packets, and non-unicast packets. Additionally, RMON tracks network health indicators such as discarded packets, error packets, CRC alignment errors, and collisions, helping to identify network issues like excessive retransmissions or malformed packets.

RMON also categorizes packet sizes, displaying statistics for packets of 64 octets, 65-127 octets, 128-255 octets, 256-511 octets, 512-1023 octets, and 1024-1518 octets. This data helps administrators analyze traffic patterns, detect congestion, and optimize network performance.