...
SwOS Lite is an operating system designed specifically for the administration of MikroTik GPEN21 products. GPEN21 support only SwOS Lite operating system.
GPEN21 series features
Features | Description |
---|---|
Forwarding |
|
Monitoring |
|
VLAN |
|
Security |
|
Quality of Service (QoS) |
|
Access Control List |
|
Info |
---|
1 The Host table limit does not affect forwarding because packets are sent from upstream to downstream ports and vice versa when the MAC learning limit is reached. |
...
Info |
---|
SwOS uses a simple algorithm to ensure TCP/IP communication - it just replies to the same IP and MAC address packet came from. This way there is no need for Default Gateway on the device itself. |
Property | Description |
---|---|
Address Acquisition | Specify which address acquisition method to use:
|
Static IP Address | IP address of the device in case of Address Acquisition is set as DHCP with fallback or static |
Identity | Name of the device (for Mikrotik Neighbor Discovery protocol) |
Allow From | IP address from which the device is accessible. Default value is '0.0.0.0/0' - any address |
Allow From Ports | List of device ports from which it is accessible |
Allow From VLAN | VLAN ID from which the service is accessible. Make sure to first configure VLANs and VLAN pages |
Watchdog | Enable or disable system Watchdog. It will reset the CPU of the device in case of a fault condition |
Mikrotik Discovery Protocol | Enable or disable Mikrotik Neighbor Discovery protocol |
Dark Mode | Disable or enable all LEDs on the device |
MAC Address | MAC address of the device (read-only) |
Serial Number | Serial number of the device (read-only) |
Board Name | MikroTik model name of the device (read-only) |
Uptime | Current device uptime (read-only) |
PoE Out Mode | Specifies PoE-Out state:
|
PoE Out Status | Shows current PoE-Out status on port (read-only) |
Password and Backup
Link
...
Link Tab allows you to configure each interface settings and monitor the link status.
Property | Description |
---|---|
Enabled | Enable or disable port |
Name | Editable port name |
Link Status | Current link status (read-only) |
Auto Negotiation | Enable or disable auto-negotiation |
Speed | Shows the negotiated speed, or allows manually changing the speed setting of the port (requires auto-negotiation to be disabled) |
Full Duplex | Shows the negotiated duplex, or allows manually changing the duplex mode of the port (requires auto-negotiation to be disabled) |
Hops | |
Last Hop | |
Length | |
Fault At | |
Cable Pairs | Shows four positions of the cable pairs with their status: O - open; S - short. |
Info |
---|
The device supports Jumbo frames up to 10222 bytes. Manually decreasing the MTU settings is not supported for SwOS Lite devices. |
...
Forwarding Tab provides advanced forwarding options among device ports, port locking, bandwidth limit, and broadcast storm control features.
Property | Description |
---|---|
Port Lock |
|
Uplink Port |
|
Broadcast Storm Control |
|
Bandwidth Limit |
|
Info |
---|
It is possible to limit ingress/egress traffic per port basis. The policer is used for ingress traffic, the shaper is used for egress traffic. The ingress policer controls the received traffic with packet drops. Everything that exceeds the defined limit will get dropped. This can affect the TCP congestion control mechanism on end hosts and achieved bandwidth can be actually less than defined. The egress shaper tries to queue packets that exceed the limit instead of dropping them. Eventually, it will also drop packets when the output queue gets full, however, it should allow utilizing the defined throughput better. |
...
VLAN configuration for device ports.
Property | Description |
---|---|
VLAN Mode (disabled | optional | strict; Default: optional) | VLAN filtering mode, these options are relevant to egress ports (except for strict mode).
|
VLAN Receive (any | only tagged | only untagged; Default: optional) | Received traffic filtering based on VLAN tag presence.
|
Default VLAN ID (integer: 1..4095; Default: 1) | The device will place received untagged packets in the "Default VLAN ID" VLAN. Only has an effect on untagged traffic, and when VLAN Receive is set to "any" or "only untagged". It does not apply for tagged traffic. This parameter is usually used to allocate access ports with specific VLAN. It is also used to untag egress traffic if the packet's VLAN ID matches Default VLAN ID. |
Force VLAN ID (integer: yes | no; Default: no) | Assigns the Default VLAN ID value to all ingress traffic (tagged and untagged). Has effect in all VLAN Modes. If the port receives tagged traffic and Default VLAN ID is set to 1, then with this parameter the egress traffic will be untagged. |
VLAN membership configuration for device ports.
Property | Description |
---|---|
VLAN ID (integer: 1..4094; Default: 0) | VLAN ID to which assign ports. |
Members (ports; Default: none) | Group of ports, which are allowed to forward traffic on the defined VLAN. |
VLAN Configuration Example
...
Note |
---|
Changing management VLAN can completely disable access to the device management if VLAN settings are not correctly configured. Save a configuration backup before changing this setting and use Reset in case management access is lost. |
...
Static entries will take over dynamic if dynamic entry with the same mac-address already exists. Also by adding a static entry you get access to more functionality.
Property | Description |
---|---|
Ports | Ports the packet should be forwarded to |
MAC | MAC address |
Port (read-only) | Ports the packet should be forwarded to |
MAC(read-only) | Learned MAC address |
SNMP
...
SwOS supports SNMP v1 and uses IF-MIB, SNMPv2-MIB, BRIDGE-MIB and MIKROTIK-MIB (only for health, PoE-out and SFP diagnostics).
...
- System information
- System uptime
- Port status
- Interface statistics
- Host table information
Property | Description |
---|---|
Enabled | Enable or disable SNMP service |
Community | SNMP community name |
Contact Info | Contact information for the NMS |
Location | Location information for the NMS |
ACL
...
An access control list (ACL) rule table is a very powerful tool allowing wire-speed packet filtering, forwarding, and VLAN tagging based on L2,L3, and L4 protocol header field conditions. Each rule contains a conditions part and an action part.
...
Conditions part parameters
Property | Description |
---|---|
From | A port that packet came in from |
MAC Src | Source MAC address and mask |
MAC Dst | Destination MAC address and mask |
Ethertype | Protocol encapsulated in the payload of an Ethernet Frame |
VLAN | VLAN header presence:
|
VLAN ID | VLAN tag ID |
Priority | Priority in VLAN tag |
IP Src (IP/netmask:port) | Source IPv4 address, netmask, and L4 port number |
IP Dst (IP/netmask:port) | Destination IPv4 address, netmask, and L4 port number |
Protocol (integer) | IP protocol |
DSCP | IP DSCP field |
Action part parameters
Property | Description |
---|---|
Drop | Drop packet |
Set VLAN ID | Changes the VLAN tag ID, if the VLAN tag is present |
Priority | Changes the VLAN tag priority bits, if the VLAN tag is present |
Reset and Reinstall
...
The GPEN21 has built-in backup SwOS firmware which can be loaded in case standard firmware breaks or an upgrade fails:
...