Page 1: Standalone Switches
SmartSwitch 2200 Series (2E253, 2H252, 2H253, and 2H258) Standalone Switches Local Management User’s Guide 9033650-04...
Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.
Page 4 CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program (including any accompanying documentation, hardware or media) (“Program”) in the...
Page 5 APPLICABLE LAW. This Agreement shall be interpreted and governed under the laws and in the state and federal courts of New Hampshire without regard to its conflicts of laws provisions. You accept the personal jurisdiction and venue of the New Hampshire courts. None of the 1980 United Nations Convention on Contracts for the International Sale of Goods, the United Nations Convention on the Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this Agreement.
Page 6 AUDIT RIGHTS. You hereby acknowledge that the intellectual property rights associated with the Program are of critical value to Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal business hours, Your books, records, accounts and hardware devices upon which the Program may be deployed to verify compliance with this Agreement, including the verification of the license fees due and paid Enterasys and the use, copying...
Page 7: Table Of Contents
Figures ...xii Tables...xv ABOUT THIS GUIDE Using This guide ... xvii Structure of This Guide ... xviii Related Documents...xx Document Conventions...xx Typographical and Keystroke Conventions...xxi INTRODUCTION Overview ... 1-1 1.1.1 1.1.2 Navigating Local Management Screens ... 1-3 Local Management Requirements ... 1-3 Local Management Screen Elements ...
Page 8 Device Menu Screen... 3-7 Overview of Security Methods ... 3-11 3.4.1 3.4.2 3.4.3 3.4.4 Security Menu Screen... 3-22 Passwords Screen ... 3-25 3.6.1 Radius Configuration Screen ... 3-27 3.7.1 3.7.2 Name Services Configuration Screen ... 3-31 System Authentication Configuration Screen... 3-33 3.10 EAP (Port) Configuration Screen ...
Page 9 SNMP Configuration Menu Screen ... 4-17 SNMP Community Names Configuration Screen ... 4-18 4.4.1 SNMP Traps Configuration Screen... 4-21 4.5.1 Access Control List Screen ... 4-23 4.6.1 4.6.2 System Resources Information Screen... 4-28 4.7.1 FLASH Download Configuration Screen... 4-30 4.8.1 4.8.2 4.8.3 PORT CONFIGURATION MENU SCREENS...
Page 10 802.1 CONFIGURATION MENU SCREENS 802.1 Configuration Menu Screen ... 6-2 Spanning Tree Configuration Menu Screen... 6-4 Spanning Tree Configuration Screen... 6-5 6.3.1 Spanning Tree Port Configuration Screen ... 6-9 6.4.1 6.4.2 PVST Port Configuration Screen ... 6-11 802.1Q VLAN CONFIGURATION MENU SCREENS Summary of VLAN Local Management...
Page 11 802.1p CONFIGURATION MENU SCREENS 802.1p Configuration Menu Screen ... 8-2 Port Priority Configuration Screen... 8-4 8.2.1 8.2.2 Traffic Class Information Screen... 8-7 Traffic Class Configuration Screen ... 8-10 8.4.1 Transmit Queues Configuration Screen... 8-12 8.5.1 Priority Classification Configuration Screen ... 8-16 8.6.1 8.6.2 8.6.3...
Page 12 NETWORK TOOLS SCREENS 11.1 Network Tools ... 11-1 11.2 Built-in Commands... 11-4 11.3 Example, Effects of Aging Time on Dynamic Egress... 11-39 11.4 Example, Using Dynamic Egress to Control Traffic ... 11-39 11.5 Special Commands ... 11-40 VLAN OPERATION AND NETWORK APPLICATIONS 12.1 Defining VLANs...
Page 13 12.14 Example 3, Filtering Traffic According to a Layer 4 Classification Rule... 12-32 12.14.1 12.15 Example 4, Securing Sensitive Information According to Subnet ... 12-33 12.15.1 12.16 Example 5, Using Dynamic Egress to Control Traffic ... 12-34 12.17 Example 6, Locking a MAC Address to a Port Using Classification Rules . 12-36 12.17.1 GENERIC ATTRIBUTE REGISTRATION PROTOCOL (GARP) Overview ...A-1...
Page 14: Figures
Figures Figure Example of a Local Management Screen ... 1-4 Management Terminal Connection... 2-2 Uninterruptible Power Supply (UPS) Connection ... 2-5 802.1Q Switching Mode, LM Screen Hierarchy ... 3-2 Local Management Password Screen ... 3-5 Device Menu Screen... 3-7 Security Menu Screen... 3-23 Module Login Passwords Screen ...
Page 15 Figure VLAN Redirect Configuration Screen... 5-20 802.3ad Main Menu Screen ... 5-26 802.3ad Port Screen ... 5-28 5-10 802.3ad Port Details Screen ... 5-30 5-11 802.3ad Port Statistics Screen ... 5-36 5-12 802.3ad Aggregator Screen ... 5-39 5-13 802.3ad Aggregator Details Screen ... 5-41 5-14 802.3ad System Screen ...
Page 16 Figure 12-3 Switch Management with Only Default VLAN...12-12 12-4 Switch Management with VLANs...12-13 12-5 802.1Q VLAN Screen Hierarchy...12-15 12-6 Walkthrough Stage One, Static VLAN Configuration Screen ...12-17 12-7 Walkthrough Stage Two, Port 3 Egress Setting ...12-18 12-8 Walkthrough Stage Three, Port 10 Egress Setting...12-19 12-9 Walkthrough Stage Four, VLAN Port Configuration ...12-20 12-10...
Page 17 Table Event Messages ... 5 Keyboard Conventions ... 6 VT Terminal Setup... 3 Device Menu Screen Menu Item Descriptions ... 8 Authentication Terms and Abbreviations ... 15 MAC / 802.1X Precedence States ... 19 Security Menu Screen Menu Item Descriptions ... 24 Module Login Passwords Screen Field Descriptions ...
Page 18 Table 5-11 802.3ad Aggregator Screen Field Descriptions ...40 5-12 802.3ad Aggregator Details Screen Field Descriptions ...42 5-13 802.3ad System Screen Field Descriptions ...44 5-14 Broadcast Suppression Configuration Screen Field Descriptions ...45 802.1 Configuration Menu Screen Menu Item Descriptions ...3 Spanning Tree Configuration Menu Screen...5 Spanning Tree Configuration Screen...6 Spanning Tree Port Configuration Screen ...10 PVST Port Configuration Screen Field Descriptions...12...
Page 19: About This Guide
2H258) Standalone Switches Local Management User’s Guide. This manual explains how to access and use the Enterasys Networks Local Management to manage the SmartSwitch devices. Local Management is a series of screens that enable the user to monitor and control the SmartSwitch device and its attached segments.
Page 20: Structure Of This Guide
STRUCTURE OF THIS GUIDE The guide is organized as follows: Chapter 1, Introduction, provides an overview of the tasks that may be accomplished using Local Management (LM), and an introduction to LM screen navigation, in-band and out-of-band network management, screen elements, and LM keyboard conventions. Chapter Local Management Local Management, the instructions to configure and connect a management terminal to the...
Page 21 Chapter 802.1p Configuration Menu transmit priority of each port, display the current traffic class mapping-to-priority of each port, set ports to either transmit frames according to selected priority transmit queues or percentage of port transmission capacity for each queue, assign transmit priorities according to protocol types, and configure a rate limit for a given port and list of priorities.
Page 22: Related Documents
RELATED DOCUMENTS The following Enterasys Networks documents may help to set up, control, and manage the SmartSwitch device: • Ethernet Technology Guide • Cabling Guide • SmartTrunk User’s Guide • WAN Series Local Management User’s Guide Documents associated with the optional HSIM and VHSIM interface modules, SmartSwitch device installation user’s guides, and the manuals listed above, can be obtained from the World...
Page 23: Typographical And Keystroke Conventions
TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type can denote either a user input or a highlighted screen selection. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key.
Page 25: Introduction
Refer to the Release Notes shipped with the SmartSwitch device to determine which features are supported. OVERVIEW Enterasys Networks’ Local Management is a management tool that allows a network manager to perform the following tasks: •...
Page 26: The Management Agent
Overview • Clear NVRAM. • Set 802.1Q VLAN memberships and port configurations. • Redirect frames according to port or VLAN and transmit them on a preselected destination port. • Create a separate Spanning Tree topology for each VLAN configured in the SmartSwitch device. •...
Page 27: In-Band Vs. Out-Of-Band
Out-of-band network management passes data along a medium that is entirely separate from the common data carrier of the network, for example, a cable connection between a dumb terminal and a SmartSwitch device COM port. The Enterasys Networks’ Local Management is an out-of-band network management system.
Page 28: Local Management Screen Elements
Local Management Screen Elements You can also access Local Management using a Telnet connection through one of the network ports of the SmartSwitch device. NOTE: For details on the setup parameters for the console, how to connect a console to the SmartSwitch, or how to make a telnet connection, refer to LOCAL MANAGEMENT SCREEN ELEMENTS There are six types of screens used in Local Management: password, menu, statistics, configuration, status, and warning screens.
Page 29: Event Messages
Event Message Field This field briefly displays messages that indicate if a Local Management procedure was executed correctly or incorrectly, that changes were saved or not saved to Non-Volatile Random Access Memory (NVRAM), or that a user did not have access privileges to an application. Table 1-1 describes the most common event messages.
Page 30: Local Management Keyboard Conventions
Local Management Keyboard Conventions Command Fields Command fields (located at the bottom of Local Management screens) are used to exit Local Management screens, save Local Management entries, or navigate to another display of the same screen. In the screens shown in this guide, the characters in this field are all upper case and in bold type.
Page 31: Getting Help
GETTING HELP For additional support related to this device or document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail support@enterasys.com ftp://ftp.enterasys.com/ Login anonymous Password your email address To send comments or suggestions concerning this document, contact the Enterasys Networks Technical Writing Department via the following email address: TechWriting@enterasys.com...
Page 33: Local Management Requirements
Local Management Requirements This chapter provides information concerning the following: • Management Terminal Setup terminal to the Enterasys Networks host device. • Telnet Connections (Section access Local Management. • Monitoring an Uninterruptible Power Supply connection from the COM port to an American Power Conversion (APC) Uninterruptible Power Supply (UPS) device.
Page 34: Console Cable Connection
Management Terminal Setup 2.1.1 Console Cable Connection Use the Console Cable Kit provided with the SmartSwitch device to attach the management terminal to the SmartSwitch device COM port as shown in To connect the SmartSwitch device to a PC or compatible device running the VT terminal emulation, proceed as follows: 1.
Page 35: Management Terminal Setup Parameters
2.1.2 Management Terminal Setup Parameters Table 2-1 lists the setup parameters for the local management terminal. Table 2-1 VT Terminal Setup Display Setup Menu Columns -> Controls -> Auto Wrap -> Scroll -> Text Cursor -> Cursor Style -> General Setup Menu Mode ->...
Page 36: Telnet Connections
2. Plug the RJ45 connector at the other end of the cable into the RJ45-to-DB9 male (UPS) adapter (Enterasys Networks part number, 9372066). 3. Connect the RJ45-to-DB9 male (UPS) adapter to the female DB9 port on the rear of the UPS device (refer to the particular UPS device’s user instructions for more specific information about...
Page 37: Uninterruptible Power Supply (Ups) Connection
Monitoring an Uninterruptible Power Supply Figure 2-2 Uninterruptible Power Supply (UPS) Connection Local Management Requirements...
Page 39: Accessing Local Management
This chapter provides information about the following: • Navigating through the Local Management screen hierarchy for 802.1Q Switching (Section 3.1). • Accessing the Password screen to enter a Local Management session • Accessing the Device Menu screen and its menu items to gain access to the Local Management screens including the security screens •...
Page 40: Q Switching Mode, Lm Screen Hierarchy
Navigating Local Management Screens Figure 3-1 802.1Q Switching Mode, LM Screen Hierarchy Device Configuration Menu General Configuration SNMP Configuration Menu System Resources Information Flash Download Configuration Port Configuration Menu 802.1 Configuration Menu Spanning Tree Configuration Menu 802.1Q VLAN Configuration Menu 802.1p Configuration Menu Password...
Page 41: Selecting Local Management Menu Screen Items
Security 3.1.1 Selecting Local Management Menu Screen Items Select items on a menu screen by performing the following steps: 1. Use the arrow keys to highlight a menu item. 2. Press ENTER. The selected menu item displays on the screen. 3.1.2 Exiting Local Management Screens There are two ways to exit the Local Management (LM) screens.
Page 42: Using The Next And Previous Commands
Password Screen 3. Exit from Local Management by repeating steps 1 and 2 until the Device Menu screen displays. 4. To end the LM session, use the arrow keys to highlight the RETURN command at the bottom of the Device Menu screen. 5.
Page 43: Local Management Password Screen
NOTE: You can set the same string as a Security password and SNMP Community Name. This will allow you to access and manage the switch whether you are starting Local Management session via a Telnet connection or local COM port connection, or by using a network SNMP management application.
Page 44 Password Screen Enter the Password and press ENTER. The default super-user access password is “public” or press ENTER. NOTE: If an invalid password is entered, the terminal beeps and the cursor returns to the beginning of the password entry field. Entering a valid password causes the associated access level to display at the bottom of the screen and the Device Menu screen to display.
Page 45: Device Menu Screen
DEVICE MENU SCREEN Screen Navigation Path Password > Device Menu When to Use To access the Local Management screens of the switch. How to Access Enter a valid password in the Local Management Password screen as described in press ENTER. The Device Menu screen, Screen Example Figure 3-3 Device Menu Screen NOTE: If the terminal is idle for several minutes, the Local Management Password...
Page 46: Device Menu Screen Menu Item Descriptions
Device Menu Screen Menu Descriptions Refer to Table 3-1 for a functional description of each menu item. Table 3-1 Device Menu Screen Menu Item Descriptions Menu Item Screen Function DEVICE Provides access to the Local Management screens that are used to CONFIGURATION configure the switch and also provides access to the Port Configuration MENU...
Page 47 Table 3-1 Device Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function NETWORK The Network Tools function resides on the switch and consists of TOOLS commands that allow the user to access and manage network devices, including the ability to Telnet to other devices. how to use the Network Tools utility.
Page 48 Device Menu Screen Table 3-1 Device Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function SECURITY The Radius Configuration screen enables you to configure the Radius (cont’d) client function on the switch to provide another restriction for access to the Local Management screens.
Page 49: Overview Of Security Methods
OVERVIEW OF SECURITY METHODS Six security methods are available to control which users are allowed access to the switch’s host to monitor and control the switch. • Login Security Password – used to access the Device Menu screen to start a Local Management session via a Telnet connection or local COM port connection.
Page 50: Host Access Control Authentication (Haca)
Overview of Security Methods 3.4.1 Host Access Control Authentication (HACA) To use HACA, the embedded Radius Client on the switch must be configured to communicate with the Radius Server, and the Radius Server must be configured with the password information. The software used for this application provides the ability to centralize the Authentication, Authorization, and Accounting (AAA) of the network resources.
Page 51 Only one password is allowed per access level. This enables the Radius Server to track the users accessing the switch host and how long they used the host application. All radius values, except the server IPs and shared secrets, are assigned reasonable default values when radius is installed on a new switch.
Page 52 Overview of Security Methods If the server returns an “access-accept” response (the user successfully authenticated), it must also return a Radius “FilterID” attribute containing an ASCII string with the following fields in the specified format: “Enterasys:version=V:mgmt=M:policy=N” Where: V is the version number (currently V=1) M is the access level for management, one of the following strings: “su”...
Page 53: Port Based Network Access Control
When configured in conjunction with NetSight Policy Manager and Radius server(s), Enterasys Networks’ switchs can dynamically administer user based policy that is specifically tailored to the end user’s needs.
Page 54: Security Overview
Term Authentication Server Supplicant 3.4.2.2 802.1X Security Overview The Enterasys Networks’ SmartSwitch 2200 Series modules support the following 802.1X and EAP security and authentication features to: • Authenticate hosts that are connected to dedicated switch ports. • Authenticate based on single-user hosts. (If a host is a time-shared Unix or VMS system, successful authentication by any user will allow all users access to the network.)
Page 55: Mac Authentication Overview
3.4.3 MAC Authentication Overview This section discusses a method for a user to gain access to the network by validating the MAC address of their connected device. Network management statically provisions MAC addresses in a central radius server. Those pre-configured MAC addresses are allowed access to the network through the usual RADIUS validation process.
Page 56: Authentication
Overview of Security Methods Authentication This section defines the precedence rules to determine which authentication method, 802.1X (EAP) or MAC Authentication has control over an interface. Setting the 802.1X and MAC port authentication is described in When both methods are enabled, 802.1X takes precedence over MAC Authentication when a user is authenticated using the 802.1X method.
Page 57: Mac / 802.1X Precedence States
Table 3-3 MAC / 802.1X Precedence States 802.1X Port Port Authen- Control Control ticated? Force Don’t Don’t Authorized Care Care Force Don’t Don’t Authorized Care Care Auto Enabled Auto Enabled Auto Enabled Auto Enabled Auto Enabled Autho- Default rized Policy Policy Exists? Exists?
Page 58 Overview of Security Methods Table 3-3 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Control Control Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Force Enabled Unauthoriz ation Force Enabled Unauthoriz ation Force Enabled Unauthoriz ation Force Enabled Unauthoriz ation...
Page 59: Mac Authentication Control
Table 3-3 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Authen- Control Control ticated? Force Enabled Unauthoriz ation Force Disabled Don’t Unauthoriz Care ation 3.4.4 MAC Authentication Control This global variable can be set to enabled or disabled. If set to enabled, then a.
Page 60: Security Menu Screen
Security Menu Screen SECURITY MENU SCREEN Screen Navigation Path Password > Device Menu > Security When to Use To access the Passwords, Radius Configuration, Name Services Configuration, System Authentication Configuration, EAP Configuration, EAP Statistics Menu, MAC Port Configuration, and MAC Supplicant Configuration screens. •...
Page 61: Security Menu Screen
Security Menu Screen Screen Example Figure 3-4 Security Menu Screen Menu Descriptions Refer to Table 3-4 for a functional description of each menu item. Accessing Local Management 3-23...
Page 62: Security Menu Screen Menu Item Descriptions
Security Menu Screen Table 3-4 Security Menu Screen Menu Item Descriptions Menu Item PASSWORDS RADIUS CONFIGURATION NAME SERVICES CONFIGURATION SYSTEM AUTHENTICATION CONFIGURATION CONFIGURATION EAP STATISTICS MENU MAC PORT CONFIGURATION MAC SUPPLICANT CONFIGURATION 3-24 Accessing Local Management Screen Function Used to set the Locally Administered Passwords (super user, read-write, and read-only) to access the device according to an access policy.
Page 63: Passwords Screen
Passwords Screen PASSWORDS SCREEN When to Use To provide additional security by using login passwords associated to an access policy. This screen allows the use of passwords to provide three levels of Local Management access (super-user, read-write and read-only) via serial console or telnet connection. This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords.
Page 64: Module Login Passwords Screen Field Descriptions
Passwords Screen Field Descriptions Refer to Table 3-5 for a functional description of each screen field. Table 3-5 Module Login Passwords Screen Field Descriptions Use this field… To… Password Enter the password used to access the device according to an access (Modifiable) policy.
Page 65: Setting The Module Login Password
3.6.1 Setting the Module Login Password Setting the Module Login Password provides additional security by assigning each switch its own password and allows you to disable the function of switch S8 so that the password cannot be cleared. To assign the password and disable switch S8, proceed as follows: 1.
Page 66: Radius Configuration Screen
Radius Configuration Screen How to Access Use the arrow keys to highlight the RADIUS CONFIGURATION menu item on the Security Menu screen and press ENTER. The Radius Configuration screen, Screen Example Figure 3-6 Radius Configuration Screen Field Descriptions Refer to Table 3-6 for a functional description of each screen field.
Page 67 Table 3-6 Radius Configuration Screen Field Descriptions (Continued) Use this field… To… Last Resort Accept, Challenge, and Reject, which do the following: Action/Local (Selectable) For more details, refer to To set local and remote servers, refer to Last Resort Accept, Challenge, and Reject, which do the following: Action/Remote (Toggle) For more details, refer to...
Page 68: Setting The Last Resort Authentication
Radius Configuration Screen 3.7.1 Setting the Last Resort Authentication The Radius client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server.
Page 69: Name Services Configuration Screen
Name Services Configuration Screen NAME SERVICES CONFIGURATION SCREEN When to Use Use this screen when enabling Port-based Web authentication. This screen can also be used to configure the global Secure Harbour name and IP address. The user can Enable/Disable Name Services and associate the switch name with the Secure Harbour IP address.
Page 70: Name Services Configuration Screen Field Descriptions
Name Services Configuration Screen Field Descriptions Refer to Table 3-7 for a functional description of each screen field. Table 3-7 Name Services Configuration Screen Field Descriptions Use this field… To… Switch Name Create a textual name to bind to the IP address. (Modifiable) Secure Harbour IP See the IP address used to access services.
Page 71: System Authentication Configuration Screen
System Authentication Configuration Screen SYSTEM AUTHENTICATION CONFIGURATION SCREEN When to Use To enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports. How to Access Use the arrow keys to highlight the SYSTEM AUTHENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER.
Page 72: System Authentication Configuration Screen Field Descriptions
System Authentication Configuration Screen Field Descriptions Refer to Table 3-8 for a functional description of each screen field. Table 3-8 System Authentication Configuration Screen Field Descriptions Use this field… To… System Enable or disable an authentication type for the device, or turn off the Authentication port authentication function on all ports.
Page 73: Eap (Port) Configuration Screen
EAP (Port) Configuration Screen 3.10 EAP (PORT) CONFIGURATION SCREEN When to Use To configure authentication settings for each port. How to Access Use the arrow keys to highlight the EAP CONFIGURATION menu item on the Security Menu screen and press ENTER. The EAP Port Configuration screen, Figure 3-9, displays.
Page 74: Eap Port Configuration Screen Field Descriptions
EAP (Port) Configuration Screen Field Descriptions Refer to Table 3-9 for a functional description of each screen field. Table 3-9 EAP Port Configuration Screen Field Descriptions Use this field… To… Port See the port number of all ports known to the device. Up to 10 ports (Read-Only) can be displayed as a time.
Page 75 Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Authentication State • aborting: The port enters this state from authenticating when any (Cont’d) • held: After any login failure, this state is entered where the port •...
Page 76 EAP (Port) Configuration Screen Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Backend State • idle: The port is currently not involved in any authentication, but is (Cont’d) • initialize: The port is initializing the relevant backend variables and Port Control Set the port control mode enabling network access for each port.
Page 77 Table 3-9 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port Control • Forced Authenticated Mode: The Forced Authenticated Mode is (Cont’d) • Forced Unauthenticated Mode: When a port is set to the Forced Initialize Port Set to TRUE to initialize all state machines for this port. After (Single Setting) initialization, authentication can proceed normally on this port according to its control settings.
Page 78: Eap Statistics Menu Screen
EAP Statistics Menu Screen 3.11 EAP STATISTICS MENU SCREEN Screen Navigation Path Password > Device Menu > Security Menu > EAP Statistics Menu When to Use To access the EAP Session Statistics, EAP Authenticator Statistics, and EAP Diagnostic Statistics screens. How to Access Use the arrow keys to highlight the EAP STATISTICS menu item on the Security Menu screen and press ENTER.
Page 79: Eap Statistics Menu Screen Descriptions
Menu Descriptions Refer to Table 3-10 for a functional description of each menu item. Table 3-10 EAP Statistics Menu Screen Descriptions Menu Item EAP SESSION STATISTICS AUTHENTICATOR STATISTICS EAP DIAGNOSTIC STATISTICS Screen Function Used to review and clear EAP session statistics for each port. For details, refer to Section 3.11.1.
Page 80: Eap Session Statistics Screen
EAP Statistics Menu Screen 3.11.1 EAP Session Statistics Screen When to Use To review and clear EAP session statistics for each port. How to Access Use the arrow keys to highlight the EAP SESSION STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.
Page 81 Table 3-11 EAP Session Statistics Screen Field Descriptions Use this field… To… SessionID See the unique ASCII string identifier for a particular session. (Read-Only) SessionOctetsRx See counts of user data octets received on the port during a particular (Read-Only) session. SessionOctetsTx See counts of octets of transmitted on the port during a particular (Read-Only)
Page 82: Eap Authenticator Statistics Screen
EAP Statistics Menu Screen Table 3-11 EAP Session Statistics Screen Field Descriptions (Continued) Use this field… To… Session User Name See the user name associated with the PAE (Point of Access Entity). (Read-Only) Port Number Select the port number to display the associated EAP Session Statistics. (Selectable) To select a port number, use the arrow keys to highlight the Port Number field.
Page 83: Eap Authenticator Statistics Screen Field Descriptions
Screen Example Figure 3-12 EAP Authenticator Statistics Screen Field Descriptions Refer to Table 3-12 for a functional description of each screen field. Table 3-12 EAP Authenticator Statistics Screen Field Descriptions Use this field… To… Total Frames Rx See counts of all EAP frames received by the authenticator. (Read-Only) Total Frames Tx See counts of all EAP frames transmitted by the authenticator.
Page 84 EAP Statistics Menu Screen Table 3-12 EAP Authenticator Statistics Screen Field Descriptions (Continued) Use this field… To… Response Id Frames See counts of EAP response identification type frames received by the authenticator. (Read-Only) Response Frames See counts of EAP response type frames received by the authenticator. (Read-Only) Request Id Frames See counts of EAP request identification type frames transmitted by the...
Page 85: Eap Diagnostic Statistics Screen
EAP Statistics Menu Screen 3.11.3 EAP Diagnostic Statistics Screen When to Use To view port counters useful for EAP troubleshooting, including logoffs and timeouts while authenticating, and to view authorization failure messages from the authentication server. The counters on this screen refresh automatically. How to Access Use the arrow keys to highlight the EAP DIAGNOSTIC STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.
Page 86: Eap Diagnostic Statistics Screen Field Descriptions
EAP Statistics Menu Screen Field Descriptions Refer to Table 3-13 for a functional description of each screen field. Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions Use this field… To… Enters Connecting See counts of transitions to connecting state from any other state. (Read-Only) Logoffs Connecting See counts of transitions from connecting to disconnected state after an...
Page 87 Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Reauths See counts of transitions from authenticated to connecting state due to Authenticated a reauthentication request. (Read-Only) Starts See counts of transitions from authenticated to connecting state due to Authenticated a start from the supplicant (end-user requesting authentication).
Page 88: Mac Port Configuration Screen
MAC Port Configuration Screen Table 3-13 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Port Number Select the port number to display the associated EAP Diagnostic (Selectable) Statistics. To select a port number, use the arrow keys to highlight the Port Number field.
Page 89: Mac Port Configuration Screen Field Descriptions
Screen Example Figure 3-14 MAC Port Configuration Screen Field Descriptions Refer to Table 3-7 for a functional description of each screen field. Table 3-14 MAC Port Configuration Screen Field Descriptions Use this field… To… Port # See the port numbers of all ports known to the device. Up to 9 ports can (Read-Only) be displayed at a time.
Page 90: Mac Supplicant Configuration Screen
MAC Supplicant Configuration Screen Table 3-14 MAC Port Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Port Initialize the authentication status of the port. When this field is set to (Single Setting) TRUE, the current authentication session is terminated, the port returns to its initial authentication status, and the field returns to FALSE.
Page 91: Mac Supplicant Configuration Screen Field Descriptions
Screen Example Figure 3-15 MAC Supplicant Configuration Screen Field Descriptions Refer to Table 3-15 for a functional description of each screen field. Table 3-15 MAC Supplicant Configuration Screen Field Descriptions Use this field… To… Port See the port numbers of all ports known to the device. Up to 10 ports (Read-Only) can be displayed at a time.
Page 92 MAC Supplicant Configuration Screen Table 3-15 MAC Supplicant Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Supplicant Terminate the current session with a supplicant. When set to TRUE, (Single Setting) the current session is terminated. It always displays a value of FALSE. Reauthenticate Sup- Force a revalidation of the MAC credential for the supplicant.
Page 93: Device Configuration Menu Screens
Device Configuration Menu Screens This chapter describes the Device Configuration Menu screen and the following screens that can be selected: • General Configuration screen • SNMP Configuration Menu screen • SNMP Community Names Configuration screen • SNMP Traps Configuration screen •...
Page 94: Device Configuration Menu Screen
Device Configuration Menu Screen DEVICE CONFIGURATION MENU SCREEN Screen Navigation Path Password > Device Menu > Device Configuration Menu When to Use To access a series of Local Management screens used to establish an Access Control List for SNMP to provide additional security, configure and monitor operating parameters, modify SNMP community names, set SNMP traps, configure switch parameters and configure the device ports.
Page 95: Device Configuration Menu Screen Menu Item Descriptions
Menu Descriptions Refer to Table 4-1 for a functional description of each menu item. Table 4-1 Device Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function GENERAL Used to monitor and configure the device operating parameters. For CONFIGURATION details, refer to SNMP Used to access the SNMP Community Names Configuration, SNMP CONFIGURATION...
Page 96: General Configuration Screen
General Configuration Screen GENERAL CONFIGURATION SCREEN When to Use To set the system date and time, IP address and subnet mask, the default gateway, and the TFTP gateway IP address. This screen can also be used to clear the NVRAM, set the screen refresh time, the screen lockout time, the IP fragmentation, the COM port configuration, and monitor the total time (uptime) that the device has been running.
Page 97: General Configuration Screen Field Descriptions
Field Descriptions Refer to Table 4-2 for a functional description of each screen field. Table 4-2 General Configuration Screen Field Descriptions Use this field… To… MAC Address See the base physical address of the device. (Read-Only) IP Address See the IP address for the device. To set the IP address, refer to (Modifiable) Section Address Discovery.
Page 98 General Configuration Screen Table 4-2 General Configuration Screen Field Descriptions (Continued) Use this field… To… Device Time Enter a new device time. To enter a new time, refer to (Modifiable) Screen Refresh Enter a new device time. This setting determines how frequently (in Time seconds) information is updated on the screen.
Page 99 (Toggle) consisting of a group of ports to increase the bandwidth between switches. You can select either the Enterasys Networks’ SmartTrunking (Huntgroup) or the IEEE 802.3ad protocol. This field toggles between HUNTGROUP and IEEE8023ad. The default is HUNTGROUP. For more information, refer to Section 4.2.11.
Page 100: Setting The Ip Address
General Configuration Screen 4.2.1 Setting the IP Address To set the IP address, perform the following steps: 1. Use the arrow keys to highlight the IP Address field. 2. Enter the IP address into this field using Dotted Decimal Notation (DDN) format. For example: nnn.nnn.nnn.nnn 3.
Page 101: Setting The Subnet Mask
4.2.2 Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the device is located on a separate subnet, the subnet mask for the device may need to be changed from its default value. To change the subnet mask from its default, perform the following steps: 1.
Page 102: Setting The Default Gateway
General Configuration Screen 4.2.3 Setting the Default Gateway If the SNMP management station is located on a different IP subnet than the device, a default gateway must be specified. When an SNMP Trap is generated, the device sends out an ARP request to the default gateway, which responds with its MAC address.
Page 103: Setting The Module Name
4.2.5 Setting the Module Name To set the module name, perform the following steps: 1. Use the arrow keys to highlight the Module Name field. 2. Enter the name of your system (maximum of 19 characters). 3. Press ENTER to set the name in the input field. 4.
Page 104: Setting The Device Time
General Configuration Screen 4.2.7 Setting the Device Time To set the device time, perform the following steps: 1. Use the arrow keys to highlight the Device Time field. 2. Enter the time in this 24-hour format: HH:MM:SS NOTE: When entering the time in the system time field, separators between hours, minutes, and seconds are not needed as long as each entry uses two numeric characters.
Page 105: Configuring The Com Port
If the time entered is within the 1 to 30 minutes range, the message “SAVED OK” displays at the top of the screen. If the entry is not valid, Local Management does not alter the current setting, but it does refresh the Screen Lockout Time field with the previous value. 4.2.10 Configuring the COM Port Upon power up, the COM port is configured to the default settings of ENABLED and LM.
Page 106: Changing The Com Port Application
General Configuration Screen Figure 4-5 COM Port Warning 3. Use the arrow keys to highlight YES. Press ENTER. 4. If the port was ENABLED, the message “SAVED OK” appears, and the edits are saved. If the port was DISABLED, use the arrow keys to highlight SAVE at the bottom of the screen, then press ENTER.
Page 107: Clearing Nvram
Table 4-3 COM Port Application Settings Setting 3. Press ENTER to accept the application. CAUTION: When the COM port is configured to perform the UPS application, all future Local Management connections must be made by establishing a Telnet connection to the device.
Page 108: Enabling/Disabling Ip Fragmentation
General Configuration Screen Figure 4-6 Clear NVRAM Warning 5. To clear the NVRAM, use the arrow keys to select YES and press ENTER. The message “CLEARING NVRAM. REBOOT IN PROGRESS...” displays. The device clears NVRAM and reboots. All user-entered parameters default to factory default settings. 4.2.12 Enabling/Disabling IP Fragmentation To enable or disable IP Fragmentation, proceed as follows: CAUTION: If the device is being bridged to an FDDI ring (for example, via an optional...
Page 109: Snmp Configuration Menu Screen
SNMP Configuration Menu Screen SNMP CONFIGURATION MENU SCREEN Screen Navigation Path Password > Device Menu > Device Configuration Menu > SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration, SNMP Traps Configuration, and Access Control List screens. These screens are used to modify SNMP community names, set SNMP traps, and establish an Access Control List to provide additional security.
Page 110: Snmp Community Names Configuration Screen
SNMP Community Names Configuration Screen Menu Descriptions Refer to Table 4-4 for a functional description of each menu item. Table 4-4 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP Used to enter new, change, or review the community names used as COMMUNITY access passwords for device management operation.
Page 111: Snmp Community Names Configuration Screen Field Descriptions
Screen Example Figure 4-8 SNMP Community Names Configuration Screen NOTE: As typical in secure network environments, the community name fields are masked from view with asterisk (*). Field Descriptions Refer to Table 4-5 for a functional description of each screen field. Table 4-5 SNMP Community Names Configuration Screen Field Descriptions Use this field…...
Page 112: Establishing Community Names
SNMP Community Names Configuration Screen Table 4-5 SNMP Community Names Configuration Screen Field Descriptions (Continued) Use this field… To… Access Policy Indicate the access accorded each community name. The available (Read-Only) access levels are as follows: read-only read-write super-user 4.4.1 Establishing Community Names The password used to access Local Management at the Password Screen must have super-user access to view and edit the SNMP Community Names Configuration screen.
Page 113: Snmp Traps Configuration Screen
SNMP Traps Configuration Screen SNMP TRAPS CONFIGURATION SCREEN When to Use To assign SNMP traps to eight different IP addresses. Since the device is an SNMP compliant device, it can send messages to multiple Network Management Stations to alert users of status changes.
Page 114: Configuring The Trap Table
SNMP Traps Configuration Screen Table 4-6 SNMP Traps Configuration Screen Field Descriptions Use this field… To… Trap Destination Display/enter the IP address of the workstation to receive trap alarms. (Modifiable) Up to eight different destinations can be defined. Trap Community Display/enter the Trap Community Name included in the trap message Name along with the IP address of the Network Management Station to...
Page 115: Access Control List Screen
ACCESS CONTROL LIST SCREEN When to Use To view, enable, or disable the Access Control List (ACL) and configure address filtering to provide additional security. This enables you to limiting user to the device according to their IP address. Up to 16 single IP addresses and/or range of addresses can be configured. To manage an ACL enabled device, the management station must be a member of the ACL and authenticated according to traditional SNMP rules.
Page 116: Access Control List Screen Field Descriptions
Access Control List Screen Field Descriptions Refer to Table 4-7 for a functional description of each screen field. Table 4-7 Access Control List Screen Field Descriptions Use this field… To… Access Control Lists Enable or disable ACL to restrict SNMP/IP access to a limited number (Toggle) of IP addresses.
Page 117: Entering Ip Addresses
Table 4-7 Access Control List Screen Field Descriptions (Continued) Use this field… To… Mask Enter a mask value to establish an IP address range based on the IP (Modifiable) address in the associated IP address field. For example, in the screen example in and 255.255.0.0 sets the switch module to allow access to all users with addresses starting with 182.15.x.x (x = I don’t care.) Address ranges...
Page 118 Access Control List Screen The designated devices associated with the IP addresses in the ACL will now be the only ones to have remote access to Local Management. Access to Local Management using the COM port is not affected. Entering Ranges of Addresses 1.
Page 119: Enable/Disable Acl
The designated devices associated with the range of IP addresses in the ACL will now have remote access to Local Management. Access to Local Management using the COM port is not affected. 4.6.2 Enable/Disable ACL To just enable or disable ACL, proceed as follows: 1.
Page 120: System Resources Information Screen
System Resources Information Screen SYSTEM RESOURCES INFORMATION SCREEN When to Use To monitor the current switch utilization and the peak switch utilization. This screen provides information concerning the processor used in the device and the amount of FLASH memory, DRAM, and NVRAM that is installed and how much of that memory is available. How to Access Use the arrow keys to highlight the SYSTEM RESOURCES INFORMATION menu item on the Device Configuration Menu screen, and press ENTER.
Page 121: Setting The Reset Peak Switch Utilization
Field Descriptions Refer to Table 4-8 for a functional description of each screen field. Table 4-8 System Resources Information Screen Field Descriptions Use this field… To… CPU Type See which microprocessor is used in the device. (Read-Only) Flash Memory See the amount of FLASH memory that is installed in the device and Installed how much is currently available.
Page 122: Flash Download Configuration Screen
FLASH Download Configuration Screen FLASH DOWNLOAD CONFIGURATION SCREEN When to Use To perform the following: • Download a new firmware image file from a TFTP server to the device, • Download a configuration file from a TFTP server to the device, or •...
Page 123: Flash Download Configuration Screen
FLASH Download Configuration Screen How to Access Use the arrow keys to highlight the FLASH DOWNLOAD CONFIGURATION menu item on the Device Configuration Menu screen, and press ENTER. The Flash Download Configuration screen, Figure 4-12, displays. Screen Example Figure 4-12 Flash Download Configuration Screen nnn.nnn.nnn.nnn Device Configuration Menu Screens 4-31...
Page 124: Flash Download Configuration Screen Field Descriptions
FLASH Download Configuration Screen Field Descriptions Refer to Table 4-9 for a functional description of each screen field. Table 4-9 Flash Download Configuration Screen Field Descriptions Use this field… To… Download Method Select a method (RUNTIME, DOWNLOAD CONFIG, or UPLOAD (Selectable) CONFIG) to download (receive) an image file from a TFTP server, or upload (transmit) or download a configuration file to/from a TFTP...
Page 125 Table 4-9 Flash Download Configuration Screen Field Descriptions (Continued) Use this field… To… Reboot After Set the device so it will either reboot or not reboot after completing the Download download of an image. This field toggles between YES and NO, when (Toggle) the Download Method field is set to RUNTIME.
Page 126: Image File Download Using Runtime
FLASH Download Configuration Screen 4.8.1 Image File Download Using Runtime To download a firmware image file to the device using Runtime, proceed as follows: 1. Use the arrow keys to highlight the Reboot After Download field. 2. Use the SPACE bar to select either YES or NO. Select YES if you want the device to reboot after the download is completed.
Page 127: Configuration File Upload Using Tftp
3. Use the arrow keys to highlight the TFTP Gateway IP Addr field. 4. Set the IP address of the TFTP gateway (this defaults to the same IP address as that set in the TFTP Gateway IP Addr field on the General Configuration screen). 5.
Page 128 FLASH Download Configuration Screen 9. Use the arrow keys to highlight EXECUTE at the bottom of the screen and press ENTER. The message “UPLOAD CONFIGURATION IN PROGRESS” displays in the event message line at the top of the screen and the device configuration file is uploaded to the TFTP server. NOTE: The uploading of Passwords can be disabled in the case of sensitive environments.
Page 129: Port Configuration Menu Screens
Port Configuration Menu Screens This chapter describes the Port Configuration Menu screen and the following screens that can be selected: • Ethernet Interface Configuration screen • Ethernet Port Configuration screen • HSIM/VHSIM Configuration screen • Redirect Configuration Menu screen • Port Redirect Configuration screen •...
Page 130: Port Configuration Menu Screen
Port Configuration Menu Screen PORT CONFIGURATION MENU SCREEN When to Use To select screens to perform port configuration tasks on the switch device. How to Access Use the arrow keys to highlight the PORT CONFIGURATION MENU item on the Device Configuration Menu screen and press ENTER.
Page 131: Port Configuration Menu Screen (In Agg Mode, Ieee8023Ad)
Figure 5-2 Port Configuration Menu Screen (in Agg Mode, IEEE8023ad) Menu Descriptions Refer to Table 5-1 for a functional description of each menu item. Table 5-1 Port Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function ETHERNET Used to display the link status and current operating mode of each INTERFACE Ethernet port, and provide access to the Ethernet Port Configuration CONFIGURATION...
Page 132: Ethernet Interface Configuration Screen
Ethernet Interface Configuration Screen Table 5-1 Port Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function SMARTTRUNK Used to logically group interfaces together to permit aggregation of CONFIGURATION multiple links. This menu item appears when the Agg Mode field is set to “HUNTGROUP”...
Page 133: Ethernet Interface Configuration Screen Field Descriptions
Screen Example Figure 5-3 Ethernet Interface Configuration Screen Field Descriptions Refer to Table 5-2 for a functional description of each screen field. Table 5-2 Ethernet Interface Configuration Screen Field Descriptions Use this field… To… Intf See the interface number. (Read-Only) Port See the number of the physical port on the interface.
Page 134 Ethernet Interface Configuration Screen Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… Link See whether or not there is a physical connection from the port to (Read-Only) another device. One of the following values is displayed: Link –...
Page 135: Ethernet Port Configuration Screen
Table 5-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… HDX FC See the current half duplex flow control setting. Half duplex flow (Read-Only) control, also known as back pressure, is a collision based flow control mechanism used in half duplex configurations. The port will display On, Off, or NA.
Page 136: Ethernet Port Configuration Screen Field Descriptions
Ethernet Port Configuration Screen How to Access Use the arrow keys to highlight the desired Ethernet port from the Ethernet Interface Configuration screen and press ENTER. The Ethernet Port Configuration screen, selected port. Screen Example Figure 5-4 Ethernet Port Configuration Screen Field Descriptions Refer to Table 5-3...
Page 137 Table 5-3 Ethernet Port Configuration Screen Field Descriptions Use this field… To… Interface See the Interface number. (Read-Only) Physical Port See the number of the physical port on the interface. (Read-Only) Default Speed See the current operational speed in Mbps. Display options are 10, 100, (Selectable) and 1000.
Page 138 Ethernet Port Configuration Screen Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Advertised Ability Select the port advertised mode of operation. In normal operation, with (Selectable) all capabilities enabled, the port “advertises” that it has the ability to operate in any mode.
Page 139 Table 5-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Full Duplex Flow Set the flow control feature on each port for a specific mode. The Control choices are as follows: (Selectable) Symmetric – the port operates in Symmetric mode, causing the port to interpret received PAUSE frames and allow the port to transmit PAUSE frames when necessary at any speed connection.
Page 140: Selecting Field Settings
Ethernet Port Configuration Screen 5.3.1 Selecting Field Settings All selectable or toggle fields other than Advertised Ability can be changed by following this procedure: 1. Use the arrow keys to highlight the field to be changed. 2. Use the SPACE bar or BACKSPACE key to step or toggle through the selections. 3.
Page 141: Hsim/Vhsim Configuration Screen
HSIM/VHSIM CONFIGURATION SCREEN When to Use To configure an optional HSIM or VHSIM. NOTE: The HSIM/VHSIM Configuration menu item can only be selected when a non-Ethernet HSIM or VHSIM is installed in the switch device. The applicable setup screen for that interface displays. This only applies to HSIMs and VHSIMs that can support WAN, FDDI or ATM.
Page 142: Redirect Configuration Menu Screen Menu Item Descriptions
Redirect Configuration Menu Screen Screen Example Figure 5-5 Redirect Configuration Menu Screen Menu Descriptions Refer to Table 5-4 for a functional description of each menu item. Table 5-4 Redirect Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function PORT REDIRECT Used to redirect traffic in the switch from one source port to many CONFIGURATION destination ports, or from many source ports to one destination port.
Page 143: Port Redirect Configuration Screen
PORT REDIRECT CONFIGURATION SCREEN When to Use To redirect frames in the switch device from one source port to one or more destination ports or from one or more source ports to one destination port. Frames received on the source port can be redirected and transmitted in the frame format in which they are received (normal) or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).
Page 144: Port Redirect Configuration Screen Field Descriptions
Port Redirect Configuration Screen How to Access Use the arrow keys to highlight the PORT REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The Port Redirect Configuration screen, Figure 5-6, displays. Figure 5-6 Port Redirect Configuration Screen Field Descriptions Refer to Table 5-5...
Page 145 Table 5-5 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Frame Format See the current frame format setting: NORMAL, TAGGED, or (Read-Only) UNTAGGED. The default is NORMAL. NORMAL – Frames are redirected in the format that they were received or transmitted on the source port.
Page 146: Changing Source And Destination Ports
Port Redirect Configuration Screen 5.6.1 Changing Source and Destination Ports To add or delete source port and destination port entries and set the Frame Format and Redirect Errors functions, proceed as follows: 1. Use the arrow keys to highlight the Source Port field near the bottom of the screen. 2.
Page 147: Vlan Redirect Configuration Screen
11.Use the arrow keys to highlight SAVE at the bottom of the screen. Press ENTER. The message “SAVED OK” displays. This saves the new settings and updates the Source Port and Destination Port read-only fields. VLAN REDIRECT CONFIGURATION SCREEN When to Use To select a source VLAN ID and a destination port.
Page 148: Vlan Redirect Configuration Screen
VLAN Redirect Configuration Screen How to Access Use the arrow keys to highlight the VLAN REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The VLAN Redirect Configuration screen, Figure 5-7, displays. Screen Example Figure 5-7 VLAN Redirect Configuration Screen 5-20 Port Configuration Menu Screens...
Page 149: Vlan Redirect Configuration Screen Field Descriptions
Field Descriptions Refer to Table 5-6 for a functional description of each screen field. Table 5-6 VLAN Redirect Configuration Screen Field Descriptions Use this field… To… Source VLAN See the VLAN ID of the VLANs that are currently set as source (Read-Only) VLANs.
Page 150: Changing Source Vlan And Destination Ports
VLAN Redirect Configuration Screen 5.7.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format, proceed as follows: 1. Use the arrow keys to highlight the Source VLAN field near the bottom of the screen. 2.
Page 151: Link Aggregation Menu Screen (802.3Ad Main Menu Screen)
LINK AGGREGATION MENU SCREEN (802.3ad MAIN MENU SCREEN) Screen Navigation Path Password > Device Menu > Device Configuration Menu > Port Configuration Menu > Link Aggregation Menu CAUTION: These screens should be used only by personnel who are knowledgeable about Spanning Tree and Link Aggregation and fully understand the ramifications of modifications beyond defaults.
Page 152 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Ports that are attached to an aggregator will enter a Spanning Tree state of AGGREGATING on the Spanning tree screens, just as they do when manually placed in a trunk. In this implementation, the concept of an aggregator is for a non-aggregated port to attach to, although this aggregator doesn’t exist in any real sense.
Page 153: How To Access
Ports 1, 2 and 3 in a trunk on switch X and connect to ports 4, 5 and 6 that are in a trunk on switch Y. By interconnecting the switches together, the effective bandwidth can be aggregated to the sum of the parts. The Enterasys Networks’ implementation is called SmartTrunking.
Page 154: Ad Main Menu Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) Screen Example Figure 5-8 802.3ad Main Menu Screen 5-26 Port Configuration Menu Screens...
Page 155: Ad Port Screen
Menu Descriptions Refer to Table 5-7 for a functional description of each menu item. Table 5-7 802.3ad Main Menu Screen Menu Item Descriptions Menu Item Screen Function PORT Used to access the 802.3ad Port screen, described in view port instances and to access the 802.3ad Port Details screen, described in Section AGGREGATOR...
Page 156: Ad Port Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) How to Access Use the arrow keys to highlight the PORT menu item in the Link Aggregation Menu (802.3ad Main Menu) screen, described in Figure 5-9, displays. Screen Example Figure 5-9 802.3ad Port Screen Field Descriptions Refer to Table 5-8...
Page 157 Table 5-8 802.3ad Port Screen Field Descriptions Use this field… To… Port View the port number, which correlates to the port numbers in other (Read-Only) screens. Aggregator View the instance of the aggregator and the attached port. If the (Read-Only) aggregator instance matches the port instance then the port is not aggregating with any other port.
Page 158: Ad Port Details Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.1.1 802.3ad Port Details Screen When to Use To view and configure all the port-related LACP parameters of any port instance shown in the 802.3ad Port screen described back in How to Access Use the arrow keys to highlight the line with the port of interest to display the details about that port and press ENTER.
Page 159: Field Descriptions
Field Descriptions Refer to Table 5-9 for a functional description of each screen field. Table 5-9 802.3ad Port Details Screen Field Descriptions Use this field… Port Instance (Read-Only) ActorSystemPriority (Modifiable) ActorPort (Read-Only) ActorSystemID (Read-Only) ActorPortPriority (Modifiable) ActorAdminKey (Read-Only) PartnerAdminPort (Modifiable) ActorOperKey (Read-Only) PartnerOperPort...
Page 160 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… PartnerAdminSysID (Modifiable) ActorAdminState (hex) (Modifiable) PartnerOperSysID (Read-Only) 5-32 Port Configuration Menu Screens To… Set a default value to use for PartnerAdminSysID when no protocol partner is available.
Page 161 Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) Link Aggregation Menu Screen (802.3ad Main Menu Screen) To… The current (operational) value of the port’s Actor_State. The hex value is displayed as well as the individual bit fields.
Page 162 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) (Continued) PartnerAdminKey (Modifiable) PartnerAdminState (hex) (Modifiable) PartnerOperKey (Read-Only) PartnerOperState (Read-Only) SelectedAggID (Read-Only) AttachedAggID (Read-Only) 5-34 Port Configuration Menu Screens To…...
Page 163: Displaying Port Statistics
Table 5-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… LAGID (Read-Only) STATS (Command) Viewing and Editing 802.3ad Port Parameters To change a parameter, proceed as follows: 1. Use the arrow keys to highlight the parameter field to be modified and type in the new value. Press ENTER.
Page 164: Ad Port Statistics Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.1.2 802.3ad Port Statistics Screen When to Use To view all the port-related LACP parameters about a port instance shown in the 802.3ad Port Details screen described back in How to Access Use the arrow keys to highlight the STATS command in the 802.3ad Port Details screen and press ENTER.
Page 165 Table 5-10 802.3ad Port Statistics Screen Field Descriptions Use this field… Port Instance (Read-Only) LACPDUsRx (Read-Only) IllegalRx (Read-Only) MarkerPDUsRx (Read-Only) LACPDUsTx (Read-Only) MarkerResponsePDUsRx (Read-Only) MarkerPDUsTx (Read-Only) UnknownR (Read-Only) MarkerResponsePDUsTx (Read-Only) RxState (Read-Only) Link Aggregation Menu Screen (802.3ad Main Menu Screen) To…...
Page 166 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-10 802.3ad Port Statistics Screen Field Descriptions (Continued) Use this field… LastRxTime(delta) (Read-Only) ActorChurnState (Read-Only) PartnerChurnState (Read-Only) ActorChurnCount (Read-Only) PartnerChurnCount (Read-Only) AsyncTransCount (Read-Only) PsyncTransCount (Read-Only) ActorChangeCount (Read-Only) PartnerChangeCount (Read-Only) MuxState (Read-Only) MuxReason (Read-Only) 5-38...
Page 167: Ad Aggregator Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.2 802.3ad Aggregator Screen When to Use To see a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator.
Page 168 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-11 802.3ad Aggregator Screen Field Descriptions Use this field… To… AggInst See dot3adAggIndex, a unique number that identifies this aggregator. (Read-Only) OperKey See dot3adAggActorOperKey, the associatedoperational key value. (Read-Only) SysPri See dot3adAggActorSystemPriority, the priority value associated with (Read-Only) this aggregator.
Page 169: Ad Aggregator Details Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.2.1 802.3ad Aggregator Details Screen When to Use To see the current parameter details of the Aggregator Instance selected on the 802.3ad Aggregator screen described in Section 5.8.2. How to Access Use the arrow keys to highlight the line containing the Aggregator of interest on the 802.3ad Aggregator screen and press ENTER.
Page 170 Link Aggregation Menu Screen (802.3ad Main Menu Screen) Table 5-12 802.3ad Aggregator Details Screen Field Descriptions Use this field… To… Aggregator See the instance of the aggregator being viewed. The instance is a numerical value used to uniquely identify an aggregator in a system Instance and matches the aggregator’s logical port number.
Page 171: Ad System Screen
Link Aggregation Menu Screen (802.3ad Main Menu Screen) 5.8.3 802.3ad System Screen When to Use To see basic system-level information, such as System Identifier, Number of Ports and Number of Aggregators. How to Access Use the arrow keys to highlight the SYSTEM menu item in 802.3ad Main Menu screen and press ENTER.
Page 172: Broadcast Suppression Configuration Screen
Broadcast Suppression Configuration Screen Table 5-13 802.3ad System Screen Field Descriptions Use this field… To… System Identifier See the uniquely identified system-to-protocol partner. (Read-Only) Number of Ports See the number of ports that are participating in 802.3ad on this switch. (Read-Only) Number of See the number of aggregators that exist on this switch.
Page 173: Broadcast Suppression Configuration Screen Field Descriptions
Screen Example Figure 5-15 Broadcast Suppression Configuration Screen Field Descriptions Refer to Table 5-14 for a functional description of each screen field. Table 5-14 Broadcast Suppression Configuration Screen Field Descriptions Use this field… To… PORT # Identify the number of the port. (Read-Only) Total RX See the total number of broadcast frames received.
Page 174: Setting The Threshold
Broadcast Suppression Configuration Screen Table 5-14 Broadcast Suppression Configuration Screen Field Descriptions (Continued) Use this field… To… Peak Rate See the highest number of broadcast frames received in a one-second (Read-Only) interval. Time Since Peak See the time since peak rate was achieved. (Read-Only) Threshold Set the desired limit of receive broadcast frames that will be forwarded...
Page 175: Configuration Menu Screens
802.1 Configuration Menu Screens This chapter discusses the Enterasys Networks Rapid Reconvergence Spanning Tree implementation as well as the implementation of IEEE 802.3ad. The following screens are discussed: • 802.1 Configuration Menu screen • 802.3ad Configuration screens • Spanning Tree Configuration Menu screen •...
Page 176: Configuration Menu Screen
802.1 Configuration Menu Screen 802.1 CONFIGURATION MENU SCREEN When to Use To access the Spanning Tree Configuration Menu, 802.1Q VLAN Configuration Menu, or 802.1p Configuration Menu screen. How to Access Use the arrow keys to highlight the 802.1 CONFIGURATION MENU item on the Device Configuration Menu screen and press ENTER.
Page 177: Configuration Menu Screen Menu Item Descriptions
Menu Descriptions Refer to Table 6-1 for a functional description of each menu item. Table 6-1 802.1 Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SPANNING TREE Used to select the Spanning Tree Configuration and Spanning Tree CONFIGURATION Port Configuration screens.
Page 178: Spanning Tree Configuration Menu Screen
Spanning Tree Configuration Menu Screen SPANNING TREE CONFIGURATION MENU SCREEN CAUTION: These screens should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. Screen Navigation Path Password >...
Page 179: Spanning Tree Configuration Screen
Menu Descriptions Refer to Table 6-2 for a functional description of each menu item. Table 6-2 Spanning Tree Configuration Menu Screen Menu Item Screen Function SPANNING TREE Used to create a Per VLAN Spanning Tree (PVST) instance for each CONFIGURATION VLAN currently configured on the switch.
Page 180: Spanning Tree Configuration Screen
Spanning Tree Configuration Screen Screen Example Figure 6-3 Spanning Tree Configuration Screen Field Descriptions Refer to Table 6-3 for a functional description of each screen field. Table 6-3 Spanning Tree Configuration Screen Use this field… To… VLAN See a list of the VLAN or Spanning Tree Instances. This field also –...
Page 181 Table 6-3 Spanning Tree Configuration Screen Use this field… To… Current STP Mode Select the current STP mode using the SPACE bar. You can select one (Selectable) of the following: IEEE, PVSTP, NONE, and DEC. The default setting is IEEE. It is recommended that all switches in the network be configured for the same STP mode setting.
Page 182: Configuring A Vlan Spanning Tree
Spanning Tree Configuration Screen 6.3.1 Configuring a VLAN Spanning Tree To configure a VLAN Spanning Tree, proceed as follows: 1. Use the arrow keys to highlight the Current STP Mode field near the bottom of the screen. 2. Use the SPACE bar to select one of the following: IEEE, PVSTP, NONE, and DEC. The default setting is IEEE.
Page 183: Spanning Tree Port Configuration Screen
SPANNING TREE PORT CONFIGURATION SCREEN CAUTION: This screen should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. When to Use To view the switch address of the selected STP VLAN ID, its VLAN age time, the total number of ports, and the current MAC Address of a switch residing of each port.
Page 184 Spanning Tree Port Configuration Screen Field Descriptions Refer to Table 6-4 for a functional description of each screen field. Table 6-4 Spanning Tree Port Configuration Screen Use this field… To… Port # See the port numbers of each link associated with the STP VLAN ID (Read-Only) selected in the STP VLAN ID field.
Page 185: Enabling/Disabling The Default Spanning Tree Ports
6.4.1 Enabling/Disabling the Default Spanning Tree Ports CAUTION: The Spanning Tree configuration should be done only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. Ports associated with the Default STP VLAN can be enabled or disabled, as follows: 1.
Page 186: Pvst Port Configuration Screen
PVST Port Configuration Screen Screen Example Figure 6-5 PVST Port Configuration Screen Field Descriptions Refer to Table 6-5 for a functional description of each screen. Table 6-5 PVST Port Configuration Screen Field Descriptions Use this field… Port # (Read-Only) Corresponding ifindex (Read-Only) Corresponding idDescr (Read-Only)
Page 187 Table 6-5 PVST Port Configuration Screen Field Descriptions Use this field… Port Priority (Modifiable) Port Designated Cost (Read-Only) Port State (Read-Only) Port Designated Port (Read-Only) Port Enable (Read-Only) Port Forward Transmissions (Read-Only) Port Path Cost (Modifiable) STP Vlan ID (Read-Only) To…...
Page 189: Q Vlan Configuration Menu Screens
802.1Q VLAN Configuration Menu Screens NOTE: It is strongly recommended that you read of VLANs and the associated terminology; how to use the VLAN Configuration screens to create VLANs; examples of how to configure VLANs in switches to solve a problem; and details on how frames are handled as they travel through the network.
Page 190: Summary Of Vlan Local Management
Summary of VLAN Local Management SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. The VLAN configuration screens are a standard part of the Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
Page 191: Q Vlan Configuration Menu Screen
To configure the switch for VLAN operation, proceed as follows: • Access Local Management as described in • Perform all required initial setup operations. • Navigate to the 802.1Q VLAN Configuration Menu screen to begin the VLAN configuration process for the switch. 802.1Q VLAN CONFIGURATION MENU SCREEN When to Use To select screens to assign switched network ports to static VLANs, define new VLANs, and...
Page 192: Q Vlan Configuration Menu Screen
802.1Q VLAN Configuration Menu Screen How to Access Use the arrow keys to highlight the 802.1Q VLAN CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER. The 802.1Q VLAN Configuration Menu screen, Figure 7-2, displays. Screen Example Figure 7-2 802.1Q VLAN Configuration Menu Screen 802.1Q VLAN Configuration Menu Screens...
Page 193: Menu Descriptions
Menu Descriptions Refer to Table 7-1 for a functional description of each menu item. Table 7-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function STATIC VLAN Used to view, add, name, enable, or disable static VLANs within the CONFIGURATION SmartSwitch device, and also display the Filter Database ID (FDB ID) associated with each VLAN.
Page 194: Static Vlan Configuration Screen
Static VLAN Configuration Screen Table 7-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item VLAN CLASSIFICATION CONFIGURATION STATIC VLAN CONFIGURATION SCREEN When to Use To create, modify, and/or delete one or more Static VLANs and associated VLAN names. This screen also provides access to the Static VLAN Egress Configuration screen to modify the port list of a VLAN selected from this screen, as described in NOTE: Static VLANs are those VLANs that you create manually using this screen and...
Page 195: Static Vlan Configuration Screen Field Descriptions
Screen Example Figure 7-3 Static VLAN Configuration Screen Field Descriptions Refer to Table 7-2 for a functional description of each screen field. Refer to Section 7.3.5 for the application of these fields. Table 7-2 Static VLAN Configuration Screen Field Descriptions Use this field…...
Page 196: Creating A Static Vlan
Static VLAN Configuration Screen Table 7-2 Static VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN Name See the VLAN Name of the associated VLAN ID. If a name has not – top of screen been assigned to a VLAN, no name is displayed in the VLAN Name (Read-Only) field.
Page 197: Displaying The Current Static Vlan Port Egress List
4. Use the arrow keys to highlight the VLAN Name field. 5. Type a name of up to 32 ASCII characters in the VLAN Name field and is not required for VLAN operation. 6. Press ENTER. 7. Use the arrow keys to highlight the ADD field near the bottom of the screen. 8.
Page 198: Deleting A Static Vlan
Static VLAN Configuration Screen 7.3.4 Deleting a Static VLAN To delete a VLAN from the VLAN list, proceed as follows: 1. Use the arrow keys to highlight the line containing the information. The following message is displayed at the top of the screen: “Hit <RETURN>...
Page 199: Static Vlan Egress Configuration Screen
STATIC VLAN EGRESS CONFIGURATION SCREEN When to Use To set the type of egress (tag status) for each or all ports associated with a VLAN selected from the Static VLAN Configuration screen. The ports can be set using the following selections: •...
Page 200: Static Vlan Egress Configuration Screen Field Descriptions
Static VLAN Egress Configuration Screen Field Descriptions Refer to Table 7-3 for a functional description of each screen field. Table 7-3 Static VLAN Egress Configuration Screen Field Descriptions Use this field… To… VLAN ID See the VLAN ID of the VLAN selected in the Static VLAN (Read-Only) Configuration screen.
Page 201: Setting Egress Types On Ports
7.4.1 Setting Egress Types on Ports The following procedures describe how to assign the egress type to one or more ports, or set one egress type to all ports simultaneously. Setting the Egress Type on One or More Ports Individually 1.
Page 202: Displaying The Next Group Of Ports
Current VLAN Configuration Screen 7.4.2 Displaying the Next Group of Ports Up to 32 ports can be displayed on the screen. If there are more than 32 ports associated with the VLAN, additional screens will contain the additional list of ports. NOTE: The NEXT and PREVIOUS fields will only display if there are further egress lists to page through.
Page 203: Current Vlan Configuration Screen
Screen Example Figure 7-5 Current VLAN Configuration Screen Field Descriptions Refer to Table 7-4 for a functional description of each screen field. NOTE: These fields are read-only fields, however, highlighting a line using the arrow keys and pressing ENTER causes the Current VLAN Egress Configuration screen to display.
Page 204: Current Vlan Egress Configuration Screen
Current VLAN Egress Configuration Screen Table 7-4 Current VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Ports On Egress See if the ports associated with each VLAN are on the egress list. (Read-Only) CURRENT VLAN EGRESS CONFIGURATION SCREEN When to Use To see the egress settings of all ports associated with the VLAN ID selected from the Current VLAN Configuration screen.
Page 205: Vlan Port Configuration Screen
Field Descriptions Refer to Table 7-5 for a functional description of each screen field. Table 7-5 Current VLAN Egress Configuration Screen Field Descriptions Use this field… To… Port See a list of the ports associated with the VLAN ID shown in the line (Read-Only) above the Port and Egress lists.
Page 206: Vlan Port Configuration Screen Field Descriptions
VLAN Port Configuration Screen Screen Example Figure 7-7 VLAN Port Configuration Screen Field Descriptions Refer to Table 7-6 for a functional description of each screen field. Table 7-6 VLAN Port Configuration Screen Field Descriptions Use this field… To… Policy PVID See the active override to a port as a result of an application policy.
Page 207 Table 7-6 VLAN Port Configuration Screen Field Descriptions (Continued) Use this field… To… Global GVRP State Enable or Disable the GVRP Status. GVRP and PVST are not (Toggle) interoperable. When ENABLED, GVRP is turned on for the entire switch. When DISABLED, the VLANs are not learned on a given port. Port See a list of the switch ports.
Page 208: Changing The Port Mode
VLAN Port Configuration Screen 7.7.1 Changing the Port Mode To change the operational mode of a port, proceed as follows. 1. Use the arrow keys to highlight the Port Mode field for the port you wish to change. 2. Use the SPACE bar or BACKSPACE key to step through the available selections. A port may be configured for any of the following modes: •...
Page 209: Vlan Classification Configuration Screen
5. Use the arrow keys to highlight the port’s Acceptable Frame Types field. 6. Press the SPACE bar to toggle the field to the correct setting: ADMIT ALL FRAMES or ADMIT TAGGED FRAMES ONLY. 7. Use the arrow keys to highlight the port’s Ingress Filtering field. 8.
Page 210: Vlan Classification Configuration Screen Field Descriptions
VLAN Classification Configuration Screen How to Access Use the arrow keys to highlight the VLAN CLASSIFICATION CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen and press ENTER. The VLAN Classification Configuration screen, Figure Screen Example Figure 7-8 VLAN Classification Configuration Screen Field Descriptions Refer to Table 7-7...
Page 211 Table 7-7 VLAN Classification Configuration Screen Field Descriptions (Continued) To … Use this field … Classification See the classification associated with the VLAN in the VID column. – top of screen This field may be selected after the screen is saved to call up the (Selectable) Protocol Port Configuration screen.
Page 212: Classification List
VLAN Classification Configuration Screen Table 7-8 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. Table 7-8 Classification List Classification Ethernet II Type> 802.3 SAP> Same IP TOS 7-24 802.1Q VLAN Configuration Menu Screens Subclassification and Options Ethernet II Type:...
Page 213 Table 7-8 Classification List (Continued) Classification IP Protocol Type IPX COS IPX Packet Type Src IP Address Dest IP Address Bil IP Address Src IPX Network VLAN Classification Configuration Screen Subclassification and Options IP Protocol Type: - UDP - ICMP - IGMP - OSPF - CUSTOM >...
Page 214 VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Dest IPX Network Bil IPX Network Src UDP Port Dest UDP Port Bil UDP Port 7-26 802.1Q VLAN Configuration Menu Screens Subclassification and Options IPX Network Num: 0x00000000 IPX Network Num: 0x00000000 IP UDP Port: - FTP Data...
Page 215 Table 7-8 Classification List (Continued) Classification Src TCP Port Dest TCP Port Bil TCP Port VLAN Classification Configuration Screen Subclassification and Options TCP Port: - FTP Data - FTP - BOOTP Server - BOOTP Client - RIP - Telnet - TFTP - HTTP - DNS - SMTP...
Page 216 VLAN Classification Configuration Screen Table 7-8 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments Src UDP Range Dest UDP Range Bil UDP Range 7-28 802.1Q VLAN Configuration Menu Screens Subclassification and Options...
Page 217: Classification Precedence Rules
Table 7-8 Classification List (Continued) Classification Src TCP Range Dest TCP Range Bil TCP Range 1. Bold type indicates a user entry. 2. Any fragmented IP frame received is Classified to the priority identification (PID) and forwarded out the ports configured in the Protocol Port Configuration screen. 3.
Page 218 VLAN Classification Configuration Screen Table 7-9 Classification Precedence Classification Type Layer 2 Source MAC Address Best Match Destination MAC Address Best Match EtherType Layer 3 IP TOS IP Type IPX COS IPX Type Source IP Address Exact Match Source IP Address Best Match Destination IP Address Exact Match Destination IP Address Best Match Source IPX Network Number...
Page 219 Table 7-9 Classification Precedence (Continued) Classification Type Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range UDP Dest Port UDP Dest Port Range TCP Source Port TCP Source Port Range TCP Dest Port...
Page 220: Displaying The Current Classification Rule Assignments
VLAN Classification Configuration Screen The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving VLANs: • All frames with a UDP Port Source number of 55 (Layer 4, precedence level 4a) are assigned to the Red VLAN.
Page 221: Assigning A Classification To A Vid
7.8.3 Assigning a Classification to a VID NOTE: It is strongly recommended that you read concerning classification before configuring the SmartSwitch device. Incorrect configuration will affect network operation. To assign a Classification to a VID, proceed as follows: 1. Use the arrow keys to highlight the VID (VLAN identification) field. 2.
Page 222: Deleting Line Items
Protocol Port Configuration Screen 7.8.4 Deleting Line Items All, or one or more, line items can be deleted as follows: Deleting All Classification Rules To delete all the Classification Rules in the top half of the screen, use the arrow keys to highlight the DEL ALL command field and press ENTER.
Page 223: Protocol Port Configuration Screen
• Add ports to the VLAN Forwarding List of the SmartSwitch device. NOTE: The ports can only be added to the VLAN Forwarding List of an existing VLAN. If the VLAN does not exist, it must be created before the ports can be assigned to the VLAN Forwarding List.
Page 224: Protocol Port Configuration Screen Field Descriptions
Protocol Port Configuration Screen Field Descriptions Refer to Table 7-10 for a functional description of each screen field. Table 7-10 Protocol Port Configuration Screen Field Descriptions To … Use this field … Classification Rule See the VID, Classification, and Definition of the line selected in the Field VLAN Classification Configuration screen.
Page 225: Assigning Ports To A Vid/Classification
Table 7-10 Protocol Port Configuration Screen Field Descriptions (Continued) To … Use this field … SET PORTS TO Add the VLAN and classification shown in the Classification Rule VLAN field to the Port VLAN List of all ports set to YES. The SET PORTS FORWARDING TO VLAN FORWARDING field toggles between NO and YES with (Toggle)
Page 226 Protocol Port Configuration Screen Assigning VID/Classification to Port VLAN Lists 1. Use the arrow keys to highlight the SET PORTS TO VLAN FORWARDING command field. 2. Press the SPACE bar to toggle the SET PORTS TO VLAN FORWARDING command field to YES or NO.
Page 227: Configuration Menu Screens
802.1p Configuration Menu Screens This chapter describes the 802.1p Configuration Menu screen and the following screens that may be selected from its menu: • Port Priority Configuration screen • Traffic Class Information screen • Traffic Class Configuration screen • Transmit Queues Configuration screen •...
Page 228: Configuration Menu Screen
802.1p Configuration Menu Screen 802.1p CONFIGURATION MENU SCREEN When to Use To select the screens used for setting port priority, priority classifications, or configuring rate limiting. How to Access Use the arrow keys to highlight the 802.1p CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER.
Page 229 Menu Descriptions Refer to Table 8-1 for a functional description of each menu item. Table 8-1 802.1p Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function PORT PRIORITY Used to view or change the port default transmit priority (0 through 7) CONFIGURATION of each port for frames that are received (ingress) without priority information in their tag header.
Page 230: Port Priority Configuration Screen
Port Priority Configuration Screen PORT PRIORITY CONFIGURATION SCREEN When to Use To set the priority (0 through 7) on each port. A port receiving a frame without priority information in its tag header is assigned a priority according to the priority setting on the port. For example, if the priority of a port is set to 5, the frames received through that port without a priority indicated in their tag header are classified as a priority 5.
Page 231: Port Priority Configuration Screen Field Descriptions
Port Priority Configuration Screen Screen Example Figure 8-2 Port Priority Configuration Screen Field Descriptions Refer to Table 8-2 for a functional description of each screen field. 802.1p Configuration Menu Screens...
Page 232: Setting Switch Port Priority Port-By-Port
Port Priority Configuration Screen Table 8-2 Port Priority Configuration Screen Field Descriptions Use this field… Port # (Read-Only) Priority (Selectable) Policy Override (Read-Only) (Toggle) 8.2.1 Setting Switch Port Priority Port-by-Port To set the default port priority on a particular port, proceed as follows: 1.
Page 233: Setting Switch Port Priority On All Ports
8.2.2 Setting Switch Port Priority on All Ports To set the port priority on all ports simultaneously, proceed as follows: 1. Use the arrow keys to highlight the Set field. 2. Press the SPACE bar to step to the ALL PORTS setting. A Priority field displays to the right of the Set field.
Page 234: Traffic Class Information Screen
Traffic Class Information Screen How to Access Use the arrow keys to highlight the TRAFFIC CLASS INFORMATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Traffic Class Information screen, Figure 8-3, displays. Screen Example Figure 8-3 Traffic Class Information Screen 802.1p Configuration Menu Screens...
Page 235: Traffic Class Information Screen Field Descriptions
Field Descriptions Refer to Table 8-3 for a functional description of each screen field. Table 8-3 Traffic Class Information Screen Field Descriptions Use this field… To… Priority View eight priority levels of a port that can be associated with Traffic (Read-Only) Class settings.
Page 236: Traffic Class Configuration Screen
Traffic Class Configuration Screen TRAFFIC CLASS CONFIGURATION SCREEN When to Use To change the Traffic Class setting of one or more priorities on each port. The new Traffic Class settings may be applied only to the port selected or to all ports, simultaneously. How to Access Use the arrow keys to highlight the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen.
Page 237: Traffic Class Configuration Screen Field Descriptions
Field Descriptions Refer to Table 8-4 for a functional description of each screen field. Table 8-4 Traffic Class Configuration Screen Field Descriptions Use this field… To… Priority See the list of eight priority levels (0 through 7) that can be associated (Read-Only) with the Traffic Class settings.
Page 238: Transmit Queues Configuration Screen
Transmit Queues Configuration Screen 4. To save and apply the settings to only the port shown on the screen, proceed to step 5. To save the Traffic Class selections and apply them to all front panel Ethernet ports, proceed to step 6. 5.
Page 239: Transmit Queues Configuration Screen
Transmit Queues Configuration Screen How to Access Use the arrow keys to highlight the TRANSMIT QUEUES CONFIGURATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Transmit Queues Configuration screen, Figure 8-5, displays. Screen Example Figure 8-5 Transmit Queues Configuration Screen 802.1p Configuration Menu Screens 8-13...
Page 240: Transmit Queues Configuration Screen Field Descriptions
Transmit Queues Configuration Screen Field Descriptions Refer to Table 8-5 for a functional description of each screen field. Table 8-5 Transmit Queues Configuration Screen Field Descriptions Use this field … To… Current Queueing Toggle between the STRICT 802.1 and WEIGHTED mode. The Mode default setting is STRICT 802.1.
Page 241: Setting The Current Queueing Mode
8.5.1 Setting the Current Queueing Mode To set the current queueing mode for a particular port, proceed as follows: 1. Use the arrow keys to highlight the Port field. 2. Press the SPACE bar to step to the appropriate port number. The port type displays to the right of the Port number field.
Page 242: Priority Classification Configuration Screen
Priority Classification Configuration Screen PRIORITY CLASSIFICATION CONFIGURATION SCREEN When to Use To perform the following functions: • Display the current Priority, Classification, and Description entries of each classification rule. • Assign priorities according to Classification Rules. • Add/delete a priority and associated protocol entry. •...
Page 243: Priority Classification Configuration Screen Field Descriptions
Screen Example Figure 8-6 Priority Classification Configuration Screen Field Descriptions Refer to Table 8-6 for a functional description of each screen field. Table 8-6 Priority Classification Configuration Screen Field Descriptions Use this field … To… Display the Priority Identifiers (PIDs) currently associated with –...
Page 244 Priority Classification Configuration Screen Table 8-6 Priority Classification Configuration Screen Field Descriptions (Continued) Use this field … To… Enter the priority value that will be associated with the classification – bottom of screen selected in the Classification field. A PID from 0 to 7 may be typed (Modifiable) into the field, where 0 is the lowest priority and 7 is the highest priority.
Page 245: Classification List
Table 8-7 provides a list of the Classifications that can be selected in the Classification field and the associated subclassifications. Table 8-7 Classification List Classification Ethernet II Type> 802.3 SAP> New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same...
Page 246 Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification IP Protocol Type New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same IPX COS IPX Packet Type Src IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...
Page 247 Table 8-7 Classification List (Continued) Classification Dest IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Src IPX Network Dest IPX Network Bil IPX Network Priority Classification Configuration Screen Subclassification and Options...
Page 248 Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Src UDP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest UDP Port Same selections as for Src UDP Port Bil UDP Port...
Page 249 Table 8-7 Classification List (Continued) Classification Src TCP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest TCP Port Same selections as for Src TCP Port Bil TCP Port Same selections as for...
Page 250 Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 8-24 802.1p Configuration Menu Screens Subclassification and...
Page 251 Table 8-7 Classification List (Continued) Classification IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Dest UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...
Page 252: Classification Precedence Rules
Priority Classification Configuration Screen Table 8-7 Classification List (Continued) Classification Dest TCP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil TCP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 1. Bold type indicates a user entry. 2.
Page 253 Table 8-8 lists the ISO Layer, associated classification and precedence levels. NOTE: In Table 8-8 Highest precedence is 1a. Lowest precedence is 6. Exact Match indicates a match of an explicitly defined address. Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
Page 254 Priority Classification Configuration Screen Table 8-8 Classification Precedence (Continued) Classification Type Layer 3 (Continued) Source IPX Network Number Destination IPX Network Number IP Fragments Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range...
Page 255: About The Ip Tos Rewrite Function
The following example shows how the precedence concept can be applied: Example A network administrator has defined the following two classifications involving priorities: • All frames with an IP TOS value of AA (Layer 3, precedence level 5a) are assigned to priority 7. •...
Page 256: Displaying The Current Pid/Classification Assignments
Priority Classification Configuration Screen The IP TOS Rewrite parameters are set using the Priority Classification screen. The screen enables you to configure the new IP TOS field for any IP frame classification. A selection field is displayed for all supported classification rules. The default value is “NO CHANGE”. You can optionally specify TOS=PID, whereby the precedence sub-field in the TOS field to match the value of the priority in the classification rule.
Page 257: Deleting Pid/Classification/Description Line Items
6. Press the SPACE bar to step to the appropriate protocol. In some cases, there is only one selection and a value needs to be entered. This is indicated by bold zeros. possible selections associated with each subclassification (examples: IPX, AppleTalk, NetBIOS, Banyan Vines, 000.000.000.000, 0x00000000, etc.).
Page 258: Protocol Port Configuration Screen
Protocol Port Configuration Screen 4. After the lines are marked, use the arrow keys to highlight the DEL MARKED command field. 5. Press ENTER. The marked line items are deleted and the DEL MARKED command is changed back to DEL ALL. PROTOCOL PORT CONFIGURATION SCREEN When to Use To display the ports associated with the line item (Classification Rule) selected in the Priority...
Page 259: Protocol Port Configuration Screen Field Descriptions
Field Descriptions Refer to Table 8-9 for a functional description of each screen field. Table 8-9 Protocol Port Configuration Screen Field Descriptions Use this field… To… Classification Rule See the Classification Rule (Priority, Classification, and Definition) of (Read-Only) the line selected in the Priority Classification Configuration screen. For example, in 0x0800 (DOD IP) –...
Page 260: Assigning Ports To A Pid/Classification
Protocol Port Configuration Screen 8.7.1 Assigning Ports to a PID/Classification To assign one or more ports, or all ports simultaneously, to a PID/Classification (Classification Rule), proceed as follows: Assigning One or More Ports Individually 1. Use the arrow keys to highlight the Classify field adjacent to the Port number. 2.
Page 261: Solving The Problem
Example This example illustrates how to prioritize network traffic using classification rules. In this example, illustrated in SAP server and Mail server, so that the SAP Server has the highest priority, and the Mail Server, the lowest priority. Figure 8-9 Prioritizing Network Traffic According to Classification Rule 8.7.2 Solving the Problem In this example, switches S1 and S2 have already been configured and are operating.
Page 262 Protocol Port Configuration Screen Switch 1 The following settings are done using the Priority Classification Configuration screen to assign the classification to the priority. Then the Protocol Port Configuration screen is used to assign the ports to the appropriate priority and classification. NOTE: In the two settings below, the subnet mask is set to 255.255.255.255.
Page 263: Rate Limiting Configuration Screen
RATE LIMITING CONFIGURATION SCREEN NOTE: The Inbound Rate Limiting function is not supported on ports connected to SmartTrunk segments. When to Use To limit the rate of traffic entering and leaving the SmartSwitch device on a per port/priority basis. Up to three inbound rules and three outbound rules can be programmed per port to control traffic according to the priority entries.
Page 264: Rate Limiting Configuration Screen Field Descriptions
Rate Limiting Configuration Screen Screen Example Figure 8-10 Rate Limiting Configuration Screen Field Descriptions Refer to Table 8-10 for a functional description of each screen field. Table 8-10 Rate Limiting Configuration Screen Field Descriptions Use this field… To… Port # See the number of each configured port.
Page 265 Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Traffic Rate See the maximum traffic rate set for each port entry. There can be up to (Read-Only) four entries (two for Inbound and two for Outbound traffic) for the same port.
Page 266 Rate Limiting Configuration Screen Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Priority List Assign one or more priorities to the port being configured. The settings – bottom of screen available are 0, 1, 2, 3, 4, 5, 6, 7, or ALL. When the Priority List is (Selectable) highlighted, the SPACE bar is used to step to the priority, which must be marked with an asterisk (*) using the M key.
Page 267: Configuring A Port
Table 8-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Rate: kbps Enter the maximum transmission rate for this entry. The maximum (Modifiable) transmission rate includes all frames associated with the priorities selected in the Priority List field. The default is the high setting of 100 Kbps maximum interface speed.
Page 268 Rate Limiting Configuration Screen 2. To enter a Port Type, proceed as follows: a. Use the arrow keys to highlight the Port field (near the bottom of the screen) and press the SPACE bar. Port Number changes to Port Type and the field below it changes to [all 10Mbps enet].
Page 269: Changing/Deleting Port Line Items
11.If Inbound or Outbound rate limiting entries are to be configured on other ports on the device, repeat steps 1 through entries may be configured per port with a limit of three for Inbound and three for Outbound. (For example, two inbound/two outbound, one inbound/two outbound, two inbound/one outbound and one inbound/one outbound.) 12.After configuring the entry(ies) on the ports, enable the screen function for all the configured ports by highlighting DISABLED in the Feature field and pressing ENTER.
Page 270: More About Rate Limiting
Rate Limiting Configuration Screen 8.8.3 More About Rate Limiting Rate Limiting enables Service Providers in Multi-Dwelling-Unit (MDU) and similar environments to offer varied bandwidth to customers using low cost Ethernet connections. Another solution for the enterprise, is to provide high priority bandwidth on the network for guaranteed service level agreements.
Page 271 Rate Limiting Configuration Screen To solve this problem, the Rate Limiting feature can be configured on each port to provide each user with 5 Mbps of high priority bandwidth into the fabric. Now the maximum possible amount of traffic attempting to leave the chassis at high priority is 5 x 100 = 500 Mbps. The gigabit link has ample capacity to carry this load out of the chassis.
Page 273: Layer 3 Extensions Menu Screens
Layer 3 Extensions Menu Screens This chapter describes the Layer 3 Extensions Menu screen and the IGMP/VLAN Configuration screen (Section 9.2). Screen Navigation Path Password > Device Menu > Device Configuration Menu > Layer 3 Extensions Menu LAYER 3 EXTENSIONS MENU SCREEN When to Use To access the IGMP/VLAN Configuration screen.
Page 274: Layer 3 Extensions Menu Screen Menu Item Descriptions
Layer 3 Extensions Menu Screen Screen Example Figure 9-1 Layer 3 Extensions Menu Screen Menu Descriptions Refer to Table 9-1 for a functional description of each menu item (at this time there is only one menu item). Table 9-1 Layer 3 Extensions Menu Screen Menu Item Descriptions Menu Item Screen Function IGMP/VLAN...
Page 275: Igmp/Vlan Configuration Screen
IGMP/VLAN CONFIGURATION SCREEN When to Use The IGMP/VLAN Configuration screen, Group Management Protocol, RFC 2236) on selected VLANs, or globally on all VLANs that are available. IGMP Snooping provides a solution for handling multicast streams in layer 3 routers. IGMP is for hosts on multi-access networks to inform locally attached switches of their Multicast group membership information.
Page 276: Igmp/Vlan Configuration Screen Field Descriptions
IGMP/VLAN Configuration Screen Screen Example Figure 9-2 IGMP/VLAN Configuration Screen Field Descriptions Table 9-2 describes each field of the IGMP/VLAN Configuration screen. Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions Use this field… To… IGMP Version See the current configured IGMP version running on the VLAN (Toggle) selected in the VLAN ID field (version 1 or 2).
Page 277 Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Query Interval See or change the query interval time. If the switch is the querier, the (Modifiable) value in the Query Interval field indicates how often IGMP Host-Query frames are transmitted on the VLAN selected in the VLAN ID field.
Page 278 IGMP/VLAN Configuration Screen Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… Switch Query IP Enter the IP address that the switch will use to source IGMP query (Modifiable) frames when the switch is the designated querier on the VLAN. The IP address must be a valid address associated with the VLAN.
Page 279: Igmp/Vlan Configuration Procedure
Table 9-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN ID Enter the Identifying number of the VLAN to be modified. If there are (Modifiable) no VLANs configured for IGMP, NONE is displayed in this field and asterisks (*) will display in the Configuration, Statistics, and IGMP State fields.
Page 280 configuration of the chosen VLAN. (DELETE will remove the IGMP configuration of the VLAN.) 4. Use the arrow keys to highlight the IGMP Version field. Then use the SPACE bar to select the proper IGMP version for the VLAN shown in the VLAN ID field. NOTE: When configuring IGMP, it is advisable to follow the IGMP configuration rules in RFC 2236 concerning switches, and routers.
Page 281: Device Statistics Menu Screens
This chapter describes how to use the Device Statistics Menu screen and the following screens that may be selected from its menu: • Switch Statistics screen • Interface Statistics screen • RMON Statistics screen • An HSIM or VHSIM Statistics screen may be selected from the Device Statistics Menu screen when an optional HSIM or VHSIM is installed in the SmartSwitch device.
Page 282: Device Statistics Menu Screen Menu Item Descriptions
Device Statistics Menu Screen How to Access Use the arrow keys to highlight the DEVICE STATISTICS menu item on the Device Menu and press ENTER. The Device Statistics Menu screen, Screen Example Figure 10-1 Device Statistics Menu Screen Menu Descriptions Refer to Table 10-1 for a functional description of each menu item.
Page 283: Switch Statistics Screen
Table 10-1 Device Statistics Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function RMON Displays all the statistics gathered by the embedded RMON agent built STATISTICS into the SmartSwitch device. For details, refer to HSIM/VHSIM Displays the statistics screen when an optional Fast Ethernet or Gigabit STATISTICS Ethernet HSIM or VHSIM is installed in the device.
Page 284: Switch Statistics Screen Field Descriptions
Switch Statistics Screen Screen Example Figure 10-2 Switch Statistics Screen Field Descriptions Refer to Table 10-2 for a functional description of each screen field. Table 10-2 Switch Statistics Screen Field Descriptions Use this field… To… Port # Identify the port number. The total number of ports is dependent on the (Read-Only) number of fixed10/100-Mbps front panel ports and the optional HSIM or VHSIM installed.
Page 285: Interface Statistics Screen
To obtain the MIB-II statistics of all the switch interfaces with the exception of an installed HSIM or VHSIM. NOTE: Enterasys Networks’ HSIMs that support FDDI or WAN gather their own statistics, and may be viewed via the Local Management screens of the applicable HSIM.
Page 286: Interface Statistics Screen Field Descriptions
Interface Statistics Screen Screen Example Figure 10-3 Interface Statistics Screen Field Descriptions Refer to Table 10-3 for a functional description of each screen field. Table 10-3 Interface Statistics Screen Field Descriptions Use this field… To… Interface See the Interface number for which statistics are currently being (Read-Only) displayed.
Page 287 Table 10-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… InUnicast See the total number of frames that have been received that were sent to (Read-Only) a single address. InNonUnicast See the total number of frames that have been received that were (Read-Only) delivered to a broadcast or multicast address.
Page 288: Displaying Interface Statistics
Interface Statistics Screen Table 10-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… Last Change See the last time that the interface was reset. (Read-Only) Admin Status See the current status of the interface. If this field displays “Testing”, (Read-Only) no frames may be passed on this interface.
Page 289: Rmon Statistics Screen
10.4 RMON STATISTICS SCREEN When to Use To obtain RMON statistics for each interface, on an interface-by-interface basis. NOTE: The RMON Statistics screen provides statistics for all front panel Ethernet Interfaces, and any Ethernet HSIM/VHSIM installed in the SmartSwitch device. How to Access Use the arrow keys to highlight the RMON STATISTICS field on the Device Statistics Menu screen and press ENTER.
Page 290 RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions Use this field… To… RMON Index See the current Ethernet interface for which statistics are being shown. (Read-Only) The SmartSwitch device has an embedded RMON agent that gathers statistics for each interface on the device. Data Source See the source of the statistics data that is currently being displayed on (Read-Only)
Page 291 Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… Oversized Pkts See the number of frames received whose size exceeded 1518 data (Read-Only) bytes, not including preamble, but have a valid CRC. Fragments See the number of received frames that are not the minimum number of (Read-Only) bytes in length or received frames that had a bad or missing Frame Check Sequence (FCS), were less than 64 bytes in length (excluding...
Page 292: Displaying Rmon Statistics
RMON Statistics Screen Table 10-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… 1024 – 1518 Octets See the total number of frames, including bad frames, received that (Read-Only) were between 1024 and 1518 bytes in length (excluding framing bits, but including FCS bytes).
Page 293: Network Tools Screens
This chapter describes the Network Tools Help screen and how to use it and the Network Tools commands to access and manage network devices. An example of each command is also included. Screen Navigation Paths Password > Device Menu > Network Tools 11.1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set.
Page 294: Built-In Commands
Screen ExampleNetwork Tools Help Screen The Network Tools functions are performed using a series of commands. Entering commands in Network Tools involves typing the command to be executed at the Network Tools prompt, adding any desired or required extensions, and pressing ENTER. There are two categories of commands in the command set: Built-in and Special, which are described below and detailed in •...
Page 295 Refer to Table 11-1 for a list of the commands. Table 11-1 Built-In Commands alias bridge gigabit_port_mode link_trap loopback_detect non_bridge_if_num passiveStp radius rate_limit_mode show soft_reset stpLegacyPathCost stpPointToPointMAC suppress_topology_ telnet traps traceroute vrrpPort 1. The atm_stp_state command only displays when an HSIM or VHSIM is installed that supports ATM, such as the HSIM-A6DP or VHSIM2-A6DP.
Page 296: Built-In Commands
command Description: Briefly describes the command and its uses. Syntax: Shows the required command format. It indicates where arguments, if any, must be specified. Options: Lists any additional fields in the appropriate format that may be added to the command. Example: Shows an example of the command.
Page 297 alias (Continued) Examples: -> alias disable 1-4 Snooping is disabled on port 1. Snooping is disabled on port 2. Snooping is disabled on port 3. Snooping is disabled on port 4. -> alias status 1 Snooping is disabled on port 1. ->...
Page 298 Description: Provides access to the ARP (Address Resolution Protocol) cache, enabling you to view cache data, delete entries, or add a static route. Super-user access is required to delete an entry or add a static route. Each ARP cache entry lists the network interface that the switch module is connected to, the device’s network address or IP address, the device’s physical address or MAC address, and the media type of connection to the device.
Page 299 arp_learn Description: Sets how the ARP cache entry will be affected under different conditions as described in the options below, and displays current ARP cache settings. Syntax: arp_learn [normal | limited | status] Options: normal – Changes the ARP cache entry for a given IP Address, if the source address (SA) in the entry does not match that of any received IP Packet.
Page 300 Description: Enables, disables or displays the status of the CDP Discovery Protocol. Syntax: cdp [enable/disable/status] Options: enable — Enables CDP discovery protocol on the device. disable — Disables CDP discovery prototol on the device. status — Displays the status of the CDP discovery protocol. Examples: ->...
Page 301 dynamic_egress Description: Enables, disables or displays the status of the dynamic_egress control function. The command requires a corresponding VLAN Identifier (VID). The dynamic_egress control function allows or disallows VLANs to be dynamically added to the dynamic Port VLAN Lists of a port. The default is that no dynamic Port VLAN Lists will be modified.
Page 302 dynamic_egress (Continued) Examples: -> dynamic_egress status 1 Dynamic Egress Disabled for VLAN ID 0x0001 -> dynamic_egress enable 1 Dynamic Egress Enabled for VLAN ID 0x0001 -> dynamic_egress disable 1 Dynamic Egress Disabled for VLAN ID 0x0001 Description: Enables or disables groups of events or all events concerning logging functions.
Page 303 ev (Continued) Options: ENABLE – Enables Group or events or all DISABLE – Disables Group or events or all Commands to Control Logging Functions: ev STARt [Logging] [Trapping] – begin logging events/traps ev STOp [Logging] [Trapping] – stop logging events/traps ev Clear –...
Page 304 gigabit_port_mode Description: Configures or displays the status of Gigabit Ethernet ports. Changing the mode will cause a reset and loss of all data in NVRAM with the exception of the IP Address and Subnet IP Address. Syntax: gigabit_port_mode [active | redundant | status] Options: active –...
Page 305 lg_frame_admin Description: Enables large frame support on a per port basis. allowing the user to determine if large frames can be forwarded out a particular port. Syntax: lg_frame_admin [ set ] [ LARGE | FRAG_IF_POSS | SMALL | AUTO ] [ PORT | ALL_BPLANE | ALL_FDDI ] lg_frame_admin [ status ] [ port # ] Options:...
Page 306 link_trap Description: Enables, disables, or displays the status of link traps on one or all ports. Syntax: link_trap [enable/disable/status] <PORT/all> Options: enable — Enables a link trap. disable — Disables a link trap. status — Displays link trap status. PORT/ all — Specifies a port or all ports. Examples: ->...
Page 307 loopback_detect (Continued) Examples: -> loopback_detect enable -> loopback_detect disable -> loopback_detect state Loopback_detect is disabled. maclock Description: Configures the MAC locking feature per port. When enabled, either a static MAC is locked to the port, or the first MAC seen on the port is locked to that port.
Page 308 maclock (Continued) Syntax: maclock set enable [ port# | all | global ] (Continued) Enables MAC locking globally or on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only one end station address is allowed to participate in frame relay.
Page 309 maclock (Continued) Options: port# | all — Applies MAC locking parameters to a specific ports or to all ports on the device. global — Applies MAC locking parameters globally. firstarrival — Displays MAC locking information about first arrival end stations connected to the device. static —...
Page 310 maclock (Continued) Examples: -> maclock set enable global (Continued) MAC locking is globally enabled. -> maclock set disable global MAC locking is globally disabled. -> maclock set 00:a0:c9:0d:32:11 3 create MAC_locking for MAC 00:A0:C9:0D:32:11 created on Port 3. -> maclock set firstarrival 3 6 MAC-Locking Dynamic entry changed to 6 on port 3.
Page 311 netstat (Continued) Example: -> netstat -i Interface + DescriptionMTU #1 (ethernet - csmacd) 1514 10000000 up #2 (ethernet - csmacd) 1514 10000000 up #3 (ethernet - csmacd) 1514 10000000 up #4 (ethernet - csmacd) 1514 10000000 up -> netstat -r Destination # Default Route # 134.141.0.0...
Page 312 passiveStp Description: Enables, disables, or displays the status of Passive Mode Spanning Tree on the device. Passive Mode Spanning tree allows ports on leaf bridges to transition very quickly and not invoke a global network re-span through requesting root elections by: •...
Page 313 policy Description: Displays the policy table and configures policy-port mappings. Syntax: policy show profile <profile_index> Displays the policy table, including policy index, policy name, policy status (enable/disable), and PVID and priority override information policy show port <port_number_or_range_or_all> Displays the policy status of one or more ports, including default policy, current policy, authentication type (Static, PWA, EAP and MAC), authentication status (Auth/NoAuth/NA) and authentication information (authenticated MAC or UserName).
Page 314 policy (Continued) Examples: (Contiued) -> policy show port 1-4 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ Guest Guest <none> Guest <none> -> policy set port 1-2 1 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ Default Default -> policy clear profile port 1-2 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ <none>...
Page 315 radius Description: Enables, disables, and configures RADIUS authentication, which can only be used when the client has been properly configured and enabled. When the RADIUS Client is not enabled, the legacy password authentication will run as before. For more about Radius Client, refer to Syntax: radius radius status...
Page 316 radius (Continued) Options: radius — Shows RADIUS help. radius status — Shows all RADIUS client settings. radius [enable | disable] — Enables or disables the RADIUS Client. radius prim_ip <server ip> — Shows <sets> the primary RADIUS server’s IP, in decimal-dotted format. radius sec_ip <server ip>...
Page 317 radius (Continued) Options: radius prim_secret — Sets the primary RADIUS server’s shared secret. (Cont’d) radius sec_secret — Sets the secondary RADIUS server’s shared secret. Examples: -> radius client RADIUS Configuration Cli Command Format : radius status clear timeout last_resort retry enable disable prim_secret...
Page 318 radius (Continued) Examples: (Cont’d) -> radius sec_secret Enter Secret (max 32): *** Confirm Secret: *** ERROR : secret minimum length is 6 -> radius sec_secret Enter Secret (max 32): ******* Confirm Secret: ******* Warning: rfc2865 recommends min length of 16 ->...
Page 319 rate_limit_mode (Continued) Examples: -> rate_limit_mode status Rate Limit Mode is: High Range (100Kbps - 1 Gbps). -> rate_limit_mode low_range This will reset board : Are you *SURE* ? -> rate_limit_mode high_range This will reset board : Are you *SURE* ? reset Description: Initiates a hardware reset of the device.
Page 320 sat_size Description: Displays the current setting or sets the size of the Source Address Table (Forwarding Database) on the device to either 8000 or 16000 entries. The default is 8000 entries. When set to 16000, 400 Layer 2/3/4 VLAN Classification and Priority Assignment entries will be supported. The default is 1000 Layer 2/3/4 VLAN Classification and Priority Assignment entries.
Page 321 show (Continued) Options: PROTOCOL — Specifies a protocol for which information will be displayed. TABLE — Specifies a type of table to display. fid – Show MAC addresses for the filter database identifier (fdbId). address – Show the address (mac) if it is known by the device. port –...
Page 322 soft_reset Description: Restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. Syntax: soft_reset Options: None Example: ->soft_reset RESET: Are you *SURE* ? ->...
Page 323 stpForceVersion Description: Puts Spanning Tree into STP compatibility mode (0) or the default RSTP mode (2). Syntax: stpForceVersion [ 0 | 2 | status ] Options: stpForceVersion 0 – Indicates STP compatibility. Enable stpForceVersion 0 only if the user does not want to “run 802.1w,” which does not allow transmission of RSTP BPDUs.
Page 324: Path Cost Parameter Values
stpLegacyPathCost Description: Enables or disables the use of 802.1D or 802.1t Path Cost bridging values on the device. The default is legacy 802.1D standard Path Cost values. Table 11-2 Table 11-2 Path Cost Parameter Values Link Speed 10 Mb/s 100 Mb/s 1 Gb/s 10 Gb/s Bridges conforming to IEEE Std 802.1D, 1998 Edition, i.e., that support only 16-bit...
Page 325 stpLegacyPathCost (Continued) Examples: To set the device to use the 802.1D legacy path costs, enter: -> stpLegacyPathCost enable To set the device to use the 802.1t path costs (default setting), enter: -> stpLegacyPathCost disable To determine if the device is currently operating using 802.1t or 802.1D path costs values, enter: ->...
Page 326 stpPort Description: Enables, disables, or displays which physical ports are enabled as Spanning Tree ports. This command does not apply to virtual interfaces such as ATM. To enable, disable, or view the status of ATM ports, use the atm_stp_state command. Syntax: stpPort [status] stpPort [enable] [port#]...
Page 327 stpRealTimeMsgAge (Continued) Example: stpRealTimeMsgAge disable disabled suppress_topology_traps Description: Enables or disables the generation of topology traps on inter switch links. Only inter switch link ports that transition to forwarding or blocking cause the switch to issue a topology trap. By default, this feature is disabled and will allow the generation of topology traps.
Page 328 timed_soft_reset Description: Configures a soft reset in number of seconds, or displays when a soft reset will occur. The reset_nv and dont_reset_nv commands tell the timed reset if non-volatile memory should be reset or not. If reset non_volatile is chosen, ip will be retained.
Page 329 timed_reset (Continued) Options: status — Displays the current timed reset setting. t (seconds) — Specifies the number of seconds until the device will be reset. reset_nv — Resets non-volatile memory. dont_reset_nv — Does not reset non-volatile memory. Examples: -> timed_reset status timed_reset 10 ->...
Page 330 vrrpPort Description: Enables, disables, or displays the status of Virtual Router Redundancy Protocol (VRRP) on front panel Ethernet or Fast Ethernet ports. When the link on a VRRP Port goes down or up, the database is purged. Then a notification is sent out to all LAN emulation clients (LECs) connected to the local HSIM/VHSIM to clear their LEARP cache.
Page 331: Example, Effects Of Aging Time On Dynamic Egress
Example, Effects of Aging Time on Dynamic Egress 11.3 EXAMPLE, EFFECTS OF AGING TIME ON DYNAMIC EGRESS This section provides an example of how aging time affects the dynamic recognition of frames from a user device on a port. In this example, assume that a rule set on Port 1 of the switch module classifies all IP frames to a Red VLAN.
Page 332: Special Commands
Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with Filter Database Identifier (FDB ID) 0001 as the Port VLAN Identifier (PVID) on all ports. The following additional steps are required to configure the switch to solve this problem. 1.
Page 333: Vlan Operation And Network Applications
VLAN Operation and Network Applications NOTE: It is recommended to read this chapter to gain an understanding of VLANs before configuring the switch. This chapter provides the following information: • Definition of VLANs (Section • Types of VLANs (Section • Benefits and Restrictions •...
Page 334: Defining Vlans
Defining VLANs 12.1 DEFINING VLANs A Virtual Local Area Network is a group of devices that function as a single Local Area Network segment (broadcast domain). The devices that make up a particular VLAN may be widely separated, both by geography and location in the network. The creation of VLANs allows users located in separate areas or connected to separate ports to belong to a single VLAN group.
Page 335: Types Of Vlans
Types of VLANs In this example, the Sales and Finance workstations have been placed on two separate VLANs. In a plain Ethernet environment, the entire network is a broadcast domain, and the SmartSwitches follow the IEEE 802.1D bridging specification to send data between stations. A broadcast or multicast transmission from a Sales workstation in Building One would propagate to all the switch ports on SmartSwitch A, cross the high speed link to SmartSwitch B, and then propagated out all switch ports on SmartSwitch B.
Page 336: Benefits And Restrictions
Benefits and Restrictions 12.3 BENEFITS AND RESTRICTIONS The primary benefit of the 802.1Q VLAN technology is that it provides localization of traffic. This function also offers improvements in security and performance to stations assigned to a VLAN. While the localization of traffic to VLANs can improve security and performance, it imposes some restrictions on network devices that participate in the VLAN.
Page 337 Table 12-1 VLAN Terms and Definitions (Continued) VLAN Term Filtering Database Identifier (FDB ID) Tag Header (VLAN Tag) Tagged Frame Untagged Frame Default VLAN Forwarding List Port VLAN List Filtering Database Definition Addressing information that the device learns about a VLAN is stored in the filtering database assigned to that VLAN.
Page 338 VLAN Terms Table 12-1 VLAN Terms and Definitions (Continued) VLAN Term 1Q Connection (previously referred to as a 1Q Trunk) 1D Connection Per VLAN Spanning Tree Protocol (PVSTP) Quick Convergence STP (QCSTP) Generic Attribute Registration Protocol (GARP) GARP VLAN Registration Protocol (GVRP) GARP Multicast Registration Protocol...
Page 339: Vlan Operation
Before a VLAN can operate, steps must be performed to configure the switch to establish and configure a VLAN. Enterasys Networks VLAN-aware SmartSwitches default to operate in the 802.1Q VLAN mode. However, further configuration is necessary to establish multiple logical networks.
Page 340: Defining A Vlan
VLAN Switch Operation 12.6.1 Defining a VLAN A VLAN must exist and have a unique identity before any ports or rules can be assigned to it. The Administrator defines a VLAN by assigning it a unique identification number (the VLAN ID), a filter database association, and an optional name.
Page 341: View From Inside The Switch
Figure 12-2 depicts the inside of a switch with six ports, numbered one through six. The switch has been configured to associate VLAN A and B with Filtering Database Identifier (FDB ID) 2, VLAN C and D with FDB ID 3, and VLAN E with FDB ID 4. Port 6 has been classified to serve as a VLAN trunk connection (will only transmit and receive tagged frames).
Page 342: Receiving Frames From Vlan Ports
VLAN Switch Operation 12.7.1 Receiving Frames from VLAN Ports When a switch is placed in 802.1Q Operational Mode, every frame received by the switch must belong, or be assigned, to a VLAN. Untagged Frames The switch receives a frame from Port 1 and examines the frame. The switch notices that this frame does not currently have a VLAN tag.
Page 343: Known Unicasts
VLAN Configuration 12.7.2.2 Known Unicasts When a VLAN switch receives a frame with a known MAC address as its destination address, the action taken by the switch to determine how the frame is transmitted depends on the VLAN, the VLAN associated FDB ID, and if the port identified to send the frame is enabled to do so. When a frame is received it is classified into a VLAN.
Page 344: Switch Without Vlans
VLAN Configuration 12.8.2 Switch Without VLANs When the switch is powered up, the switch uses its default settings to switch frames like an 802.1Q switch. In this default configuration, all ports are a member of the default VLAN (VLAN 1) including the virtual Host Data Port of the switch, so any port can be used to manage the device as shown in Figure...
Page 345: Switch Management With Vlans
Figure 12-4 Switch Management with VLANs To set up the switch shown in following process: 1. Use the Static VLAN Configuration screen to define a new VLAN named “Management VLAN” (or other suitable name) and its VLAN ID. In this example, the VLAN ID is set to 2. An FDB ID is automatically assigned by the switch, so that the Management VLAN has its filtering database to make the VLAN secure.
Page 346 No matter how many switches are connected, a management station connected to any port on the same Management VLAN can be used to remotely manage any Enterasys Networks 802.1Q switch in the network as long as the Host Data Port of all the switches are members of the same Management VLAN.
Page 347: Summary Of Vlan Local Management
12.9 SUMMARY OF VLAN LOCAL MANAGEMENT The VLAN configuration process is an extension of normal Local Management operations. A series of Local Management screens provides access to the functions and commands necessary to add, change, or delete VLANs and to assign ports to those VLANs. A switch supporting 802.1Q VLANs provides the VLAN Configuration screens as a standard part of its Local Management hierarchy when the switch is configured to operate in 802.1Q Mode.
Page 348: Quick Vlan Walkthrough
Quick VLAN Walkthrough 12.10 QUICK VLAN WALKTHROUGH The procedures below provide a short tutorial walkthrough that presents each of the steps necessary to configure a new Static VLAN. These steps include the following: • Assigning a VLAN ID and VLAN Name •...
Page 349: Walkthrough Stage One, Static Vlan Configuration Screen
Figure 12-6 Walkthrough Stage One, Static VLAN Configuration Screen Assigning Ports to the VLAN Egress list 1. Use the arrow keys to highlight the line in the list that has VLAN ID 2. As shown in the Static VLAN Egress Configuration screen displays showing all ports. It is now time to assign a port to this new VLAN.
Page 350: Walkthrough Stage Two, Port 3 Egress Setting
Quick VLAN Walkthrough Figure 12-7 Walkthrough Stage Two, Port 3 Egress Setting Now that Port 3 belongs to VLAN 2, we will designate one port as a trunk port for a connection to another VLAN-aware switch. This trunk port will carry tagged frames from all VLANs, allowing VLAN frames to maintain their VLAN ID across multiple switches.
Page 351: Walkthrough Stage Three, Port 10 Egress Setting
Figure 12-8 Walkthrough Stage Three, Port 10 Egress Setting Configuring the Port Parameters Now that the TEST VLAN and the trunk connection are set up, we can proceed to set the port parameters for ports 3 and 10, as follows: 1.
Page 352: Walkthrough Stage Four, Vlan Port Configuration
Quick VLAN Walkthrough 7. Leave the GVRP STATUS field for Port 3 in the default setting of ENABLED. This sets Port 10 as a GVRP port to receive registrations of dynamically created VLANs. 8. Leave the PVID field for Port 10 set in the default setting of 1. NOTE: Since Port 10 will be used for switch-to-switch communications, the PVID is left set on the default VLAN value of 1.
Page 353: Examples
This effectively completes the configuration of a single VLAN, assigning it to a port, and configuring the switch to forward the frames received on that port to a trunk port. The trunk port in turn forwards the frames as tagged to another switch. You can now use the VLAN Classification Configuration and Port Protocol Configuration screens to transmit frames according to classification rules and associated ports, as described in 12.11 EXAMPLES...
Page 354: Solving The Problem
Example 1, Single Switch Operation 12.12.1 Solving the Problem To set up this switch, users will be assigned to two new VLANs, red stations to the Red VLAN, and blue stations to the Blue VLAN. The information below describes how the switch is configured to create these two VLANs and how users are assigned to them.
Page 355: Frame Handling
Figure 12-11 Switch Configured for VLANs The switch will now classify each frame received as belonging to either the Red or Blue VLANs. Traffic from one VLAN will not be forwarded to the members of the other VLAN, and all frames transmitted by the switch will be normal, untagged Ethernet frames.
Page 356: Example 2, Vlans Across Multiple Switches
Example 2, VLANs Across Multiple Switches 5. The switch adds the source MAC address and VLAN for station R2 to its Source Address Table in FDB ID 2, and checks the Source Address Table for the destination MAC address given in the frame.
Page 357: Example 2, Vlans Across Multiple Switches
Example 2, VLANs Across Multiple Switches Figure 12-12 Example 2, VLANs Across Multiple Switches VLAN Operation and Network Applications 12-25...
Page 358: Solving The Problem
Example 2, VLANs Across Multiple Switches 12.13.1 Solving the Problem To solve the problem in this example, the users are assigned to VLANs using Switch 4 and Switch 2 as shown in Figure 12-12. Redco users are assigned to the Red VLAN and Blue Industries users to the Blue VLAN.
Page 359 4. Port 4 is configured as a trunk port by setting the Egress type for both VLAN ID 2, Port 4 and VLAN ID 3, Port 4 to TAGGED using the Static VLAN Egress Configuration screen. This means that these ports will only transmit tagged VLAN frames. •...
Page 360 Example 2, VLANs Across Multiple Switches • Port 3 is set as follows: PVID: 2 Acceptable Frame Types: ADMIT ALL FRAMES Ingress Filtering: ENABLED GVRP Status: DISABLED This causes the switch to classify all untagged frames received as belonging to the VLAN specified by each port PVID and to replace the previous PVID information in the port VLAN List with the new PVID information.
Page 361: Frame Handling
12.13.2 Frame Handling The following describes how, when User A attempts to log on to the File Server on Bridge 4, the frames from User A are classified on Switch 4 and traverse the network. In this example, the MAC address of User A is “Y”...
Page 362: Transmitting To Switch 4
Example 2, VLANs Across Multiple Switches Figure 12-14 Transmitting to Switch 4 3. When Switch 2 receives the tagged frame on its Port 2, it checks the frame’s VLAN Tag Header and determines that the frame is classified as belonging to the Red VLAN, and that the frame is a broadcast frame.
Page 363: Transmitting To Bridge 4
Figure 12-15 Transmitting to Bridge 4 4. The File Server responds with a unicast frame to User A. All switches between the File Server and User A have an entry in their respective Source Address Tables identifying which port to use for forwarding the frame to User A, MAC address “Y”...
Page 364: Example 3, Filtering Traffic According To A Layer 4 Classification Rule
Example 3, Filtering Traffic According to a Layer 4 Classification Rule 12.14 EXAMPLE 3, FILTERING TRAFFIC ACCORDING TO A LAYER 4 CLASSIFICATION RULE This example illustrates how to filter out broadcast transmissions at Layer 4 from other parts of a network.
Page 365: Example 4, Securing Sensitive Information According To Subnet
2. The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows: •...
Page 366: Solving The Problem
Example 5, Using Dynamic Egress to Control Traffic 12.15.1 Solving the Problem In this example, Switch 1 (S1) has already been configured and is operating. To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem.
Page 367: Example 5, Dynamic Egress Application
Figure 12-18 Example 5, Dynamic Egress Application Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with FDB ID 0001 as the PVID on all ports. The following additional steps are required to configure the switch to solve this problem. 1.
Page 368: Example 6, Locking A Mac Address To A Port Using Classification Rules
Example 6, Locking a MAC Address to a Port Using Classification Rules In this example, the AppleTalk traffic is routed only to AppleTalk users (ports 1, 2, 5, and 6), while IP traffic is allowed to be seen by IP users (ports 3, 4, and 7) and by IP/AppleTalk users (ports 1, 2, 5, and 6).
Page 369 Example 6, Locking a MAC Address to a Port Using Classification Rules The objective here is to configure S1 so that when it receives a frame on Port 1 from MAC address 00.00.00.00.00.0A, the frame is classified into the Red VLAN. When S1 receives a frame on Port 1 from a MAC address other than 00.00.00.00.00.0A, the frame is associated with the Default VLAN.
Page 370 Example 6, Locking a MAC Address to a Port Using Classification Rules 2. Assign Port 1 and 2 to the Red VLAN and set the ports to handle untagged frames as follows: • The Red VLAN is selected from the Static VLAN Configuration screen to display the Static VLAN Egress Configuration screen.
Page 371 Example 6, Locking a MAC Address to a Port Using Classification Rules 5. Enter the following settings on the Protocol Port Configuration screen to assign two src MAC address classification rules to Port 1 and add the classification to the Port VLAN List of Port 1: •...
Page 373: Generic Attribute Registration Protocol (Garp)
Generic Attribute Registration Protocol This appendix describes the switch operation when its ports are operating under the Generic Attribute Registration Protocol (GARP) application – GARP VLAN Registration Protocol (GVRP). NOTE: There is a global setting for GVRP that is enabled by default. Access to these settings is only available through a MIB.
Page 374: How It Works
How It Works HOW IT WORKS Figure A-1, Switch 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Switch 1 and Switch 2. These two switches register this in the Port VLAN Lists of the ports (Switch 1, port 1 and Switch 2, port 1) that received the frames with the information.
Page 375: About Igmp
This appendix provides information about the following: • IGMP Overview (Section • Supported Features and Functions • Detecting Multicast Routers IGMP OVERVIEW Internet Group Management Protocol (IGMP) is a multicast protocol used by routers. This protocol is supported by Enterasys Network SmartSwitches when operating in the 802.1Q mode to “snoop”...
Page 376: Supported Features And Functions
SUPPORTED FEATURES AND FUNCTIONS The following lists the features and functions supported when using IGMP: • Runs only when the switch is operating in the 802.1Q mode. • Supports multiple multicast and non-multicast routers on the same VLAN. • Supports stand alone multicast servers only if a router is present on the network. •...
Page 377: Detecting Multicast Routers
DETECTING MULTICAST ROUTERS The location of a router needs to be known in order to forward IGMP report frames back to the router. The router(s) send multicast routing protocol frames which get flooded throughout the network. By snooping on these protocol, the switch will mark ports as connected to a router. The port is put in a “forward all”...
Page 379 Numerics 1D Connection 12-6 1D Trunk 7-20 1Q Connection 12-6 1Q Trunk 7-20 802.1 Configuration Menu screen 802.1p Configuration Menu screen 802.1Q switching mode hierarchy of 802.1Q VLAN Configuration Menu screen 802.3ad Aggregator Details screen screen fields Admin Key 5-42 Aggregator Instance 5-42 Collector Max Delay...
Page 380 MuxReason 5-38 MuxState 5-38 PartnerChangeCount 5-38 PartnerChurnCount 5-38 PartnerChurnState 5-38 Port Instance 5-37 PsyncTransCount 5-38 RxState 5-37 UnknownR 5-37 802.3ad System screen 5-43 screen fields Number of Aggregators 5-44 Number of Ports 5-44 System Identifier 5-44 Acceptable Frame Type setting of 7-21 Access Control List screen 4-23...
Page 381 3-15 EAP (Port) Configuration screen screen fields Authentication State 3-36 Backend State 3-37 Force Reauth 3-39 Initialized Port 3-39 Maximum Requirements Port 3-36 Port Control 3-38 EAP Authenticator Statistics screen screen fields CLEAR COUNTERS 3-46 Frame Source 3-46 Frame Version 3-46 Invalid Frames Rx 3-46...
Page 382 Examples 12-21 Extensible Authentication Protocol FID. See Filtering Database ID Fields command display event message input selection types Filtering Database 12-5 Filtering Database ID 12-5 Filtering Network Traffic According to a Layer 4 Classification Rule 12-32 Flash Download Configuration screen screen fields Download File Name 4-33...
Page 383 Interface Robustness Last Member Query Interval Multicast Pool Size Querier Address Querier Expire Time Querier Uptime Query Interval Query Response Time Switch Query IP VLAN ID Ingress Filtering enabling or disabling of port Input field Interface Statistics screen 10-5 screen fields Address 10-7 Admin Status...
Page 384 when not configured with VLANs Module Login Passwords screen (Security) Access Policy 3-26 Password 3-26 Restrict NVRAM Passwords from Upload/ Download 3-26 Switch 8 3-26 Module Time Moving the cursor Name Services Configuration screen Names Services Configuration screen screen fields Name Services 3-32 Secure Harbour IP...
Page 385 screen fields Port Port Redirect Configuration screen screen fields Destination Port 5-16 Destination Port [n] 5-17 Frame Format (Read-Only) Frame Format (Selectable) Redirect Errors 5-17 Redirect Errors (Toggle) Source Port 5-16 Source Port [n] 5-17 Status 5-17 Port Security setup example 12-36 Port VLAN list 12-5...
Page 386 example of 8-44 more about 8-44 Rate Limiting Configuration screen screen fields 8-41 DEL ALL/DEL MARKED Direction 8-39–8-40 Dropped Events 8-39 Feature 8-39 Kbps 8-41 Max Traffic Rate 8-39 Port 8-38 Port Number 8-39 Port Type 8-39 Priority List 8-38, 8-40 Redirect Configuration Menu screen Related manuals...
Page 387 EAP Session Statistics screen EAP Statistics Menu screen 3-40 Ethernet Interface Configuration screen Ethernet Port Configuration screen exiting from FLASH Download Configuration screen General Configuration screen hierarchy of HSIM/VHSIM Configuration screen IGMP/VLAN Configuration screen Interface Statistics screen 10-5 Layer 3 Extensions Menu screen Link Aggregation Menu screen.
Page 388 trap table configuration 4-22 Spanning Tree Configuration Menu screen Spanning Tree Configuration screen screen fields ADD ALL CONFIGURED VLAN Age Time Current STP Mode Operation Priority VLAN VLAN (Modifiable) Spanning Tree Port Configuration screen screen fields Age Time 6-10 MAC Address 6-10 Number of Ports 6-10...
Page 389 Traffic Class 8-11 Traffic Class Information screen screen fields Port Priority Traffic Class to Port Priority assignment of 8-11 Transmit Queues Configuration screen screen fields Current Queueing Mode Number of Queues 8-14 Port 8-14 SET ALL PORTS 8-14 Weights Q0, Q1, Q2, Q3 Trap table configuration 4-22 Traps...

This manual is also suitable for:

Smartswitch 2200 series 2h258 Smartswitch 2200 series 2h252 Smartswitch 2200 series 2h253 Smartswitch 2e253 Smartswitch 2h252 Smartswitch 2h253 ... Show all

Enterasys SmartSwitch 2200 Series 2E253 User Manual

About this Guide

Introduction

Local Management Requirements

Accessing Local Management

Device Configuration Menu Screens

Port Configuration Menu Screens

Configuration Menu Screens

Q Vlan Configuration Menu Screens

Configuration Menu Screens

Layer 3 Extensions Menu Screens

Device Statistics Menu Screens

Rate Limiting Configuration Screen (Section 8.8)

Network Tools Screens

Vlan Operation and Network Applications

Generic Attribute Registration Protocol (Garp)

About Igmp

Quick Links

Standalone Switches

Related Manuals for Enterasys SmartSwitch 2200 Series 2E253

Summary of Contents for Enterasys SmartSwitch 2200 Series 2E253