Page 1 Matrix E7 Series and SmartSwitch 6000 Series Modules (6H2xx, 6E2xx, 6H3xx, and 6G3xx) Local Management User’s Guide 9033528-05...
Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.
Page 4 BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT, CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between You, the end user, and Enterasys Networks, Inc. (“Enterasys”) that sets forth your rights and obligations with respect to the Enterasys software program (“Program”) in the package.
Page 5 UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Product (i) was developed solely at private expense; (ii) contains “restricted computer software” submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers.
Page 7: Table Of Contents
Figures ...xii Tables...xv ABOUT THIS GUIDE Using This Guide...xix Structure of This Guide ...xx Related Documents... xxii Document Conventions... xxii Typographical and Keystroke Conventions... xxiii INTRODUCTION Overview ... 1-1 1.1.1 1.1.2 Navigating Local Management Screens ... 1-3 Local Management Requirements ... 1-4 Local Management Screen Elements ...
Page 8 Module Selection Screen ... 3-9 3.4.1 Module Menu Screen ... 3-12 Overview of Security Methods ... 3-15 3.6.1 3.6.2 3.6.3 3.6.4 Security Menu Screen... 3-26 Passwords Screen ... 3-29 3.8.1 Radius Configuration Screen ... 3-31 3.9.1 3.9.2 3.10 Name Services Configuration Screen ... 3-35 3.11 System Authentication Configuration Screen...
Page 9 Configuring the Trap Table ... 5-24 Entering IP Addresses ... 5-28 Enable/Disable ACL... 5-29 Setting the Reset Peak Switch Utilization ... 5-31 Image File Download Using Runtime... 5-36 Configuration File Download Using TFTP... 5-37 Configuration File Upload Using TFTP ... 5-38...
Page 10 PORT CONFIGURATION MENU SCREENS Port Configuration Menu Screen... 6-2 Ethernet Interface Configuration Screen... 6-4 Ethernet Port Configuration Screen ... 6-8 6.3.1 6.3.2 HSIM/VHSIM Configuration Screen ... 6-13 Redirect Configuration Menu Screen ... 6-14 Port Redirect Configuration Screen ... 6-16 6.6.1 VLAN Redirect Configuration Screen...
Page 11 Deleting Line Items ... 8-34 Assigning Ports to a VID/Classification... 8-37 Setting Switch Port Priority Port-by-Port ... 9-6 Setting Switch Port Priority on All Ports ... 9-7 Assigning the Traffic Class to Port Priority... 9-11 Setting the Current Queueing Mode ... 9-15 Classification Precedence Rules ...
Page 12 Layer 3 Extensions Menu Screen ... 10-2 10.2 IGMP/VLAN Configuration Screen... 10-3 10.2.1 MODULE STATISTICS MENU SCREENS 11.1 Module Statistics Menu Screen... 11-2 11.2 Switch Statistics Screen... 11-4 11.3 Interface Statistics Screen ... 11-6 11.3.1 11.4 RMON Statistics Screen ... 11-10 11.4.1 11.5 Chassis Environmental Statistics Configuration Screen ...
Page 13 13.9 Summary of VLAN Local Management... 13-14 13.9.1 13.10 Quick VLAN Walkthrough ... 13-16 13.11 Examples ... 13-21 13.12 Example 1, Single Switch Operation... 13-22 13.12.1 13.12.2 13.13 Example 2, VLANs Across Multiple Switches ... 13-24 13.13.1 13.13.2 13.14 Example 3, Filtering Traffic According to a Layer 4 Classification Rule... 13-32 13.14.1...
Page 14: Figures
Figures Figure Example of a Local Management Screen ... 1-5 Management Terminal Connection... 2-2 Uninterruptible Power Supply (UPS) Connection ... 2-5 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 1 of 3) ... 3-2 802.1Q Switching Mode, Module, LM Screen Hierarchy (Page 2 of 3) ... 3-3 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 3 of 3) ...
Page 15 Figure Clear NVRAM Warning ... 5-17 SNMP Configuration Menu Screen ... 5-19 SNMP Community Names Configuration Screen... 5-21 SNMP Traps Configuration Screen ... 5-23 5-10 Access Control List Screen ... 5-26 5-11 System Resources Information Screen... 5-30 5-12 Flash Download Configuration Screen... 5-33 Port Configuration Menu Screen (in Agg Mode, HUNTGROUP) ...
Page 16 Example, Dynamic Egress Application ...12-37 13-1 Example of a VLAN ...13-3 13-2 View from Inside the Switch...13-9 13-3 Switch Management with Only Default VLAN...13-12 13-4 Switch Management with VLANs...13-13 13-5 802.1Q VLAN Screen Hierarchy...13-15 13-6 Walkthrough Stage One, Static VLAN Configuration Screen ...13-17 13-7 Walkthrough Stage Two, Port 3 Egress Setting ...13-18...
Page 17 Table Event Messages ... 1-6 Keyboard Conventions ... 1-8 VT Terminal Setup... 2-3 Main Menu Screen Menu Item Descriptions... 3-9 Module Selection Screen Field Descriptions ... 3-11 Module Menu Screen Menu Item Descriptions... 3-13 Authentication Terms and Abbreviations ... 3-19 MAC / 802.1X Precedence States ...
Page 18 Table Flash Download Configuration Screen Field Descriptions...5-34 Port Configuration Menu Screen Menu Item Descriptions ...6-3 Ethernet Interface Configuration Screen Field Descriptions ...6-5 Ethernet Port Configuration Screen Field Descriptions ...6-9 Redirect Configuration Menu Screen Field Menu Item Descriptions ...6-15 Port Redirect Configuration Screen Field Descriptions...6-18 VLAN Redirect Configuration Screen Field Descriptions ...6-22 802.3ad Main Menu Screen Menu Item Descriptions ...6-29 802.3ad Port Screen Field Descriptions ...6-30...
Page 19 Table 11-1 Module Statistics Menu Screen Menu Item Descriptions ... 11-3 11-2 Switch Statistics Screen Field Descriptions... 11-5 11-3 Interface Statistics Screen Field Descriptions ... 11-7 11-4 RMON Statistics Screen Field Descriptions ... 11-11 11-5 Chassis Environmental Statistics Configuration Screen Field Descriptions ... 11-15 12-1 Built-in Commands ...
Page 21: About This Guide
SmartSwitch 6C105 or Matrix E7 6C107 chassis. When a mix of 6H2xx, 6E2xx, 6H3xx, and 6G3xx modules are installed in the 6C107 chassis, you must follow the module installation rules provided in the Matrix E7 Chassis Overview and Setup Guide for proper operation.
Page 22: Structure Of This Guide
Access Control List (ACL) for additional security, access system resource information, download a new firmware image to the switch module, provide access to menu screens to configure ports, and configure the switch module for 802.1, 802.1Q VLAN, and layer 3 operations.
Page 23 IGMP (Internet Group Management Protocol, RFC 2236) on selected VLANs, or globally on all VLANs that are available. Chapter Module Statistics Menu screens to gather statistics about the switch, interfaces, RMON, and HSIM/VHSIM and, if the device is a repeater, repeater statistics. Chapter Network Tools This chapter also includes examples for each command.
Page 24: Related Documents
Related Documents RELATED DOCUMENTS The following Enterasys Networks documents may help to set up, control, and manage the switch module: • 6C105 SmartSwitch 6000 Overview and Setup Guide • Matrix E7 Chassis Overview and Setup Guide • SmartTrunk User’s Guide •...
Page 25: Typographical And Keystroke Conventions
TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type can denote either a user input or a highlighted screen selection. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key.
Page 27: Introduction
6H302-48 modules with a serial number starting with 3655. For the 4.x firmware track, 4.08.41 or higher must be used on 6H302-48 modules with a serial number starting with 3655. OVERVIEW Enterasys Networks Local Management is a management tool that allows a network manager to perform the following tasks: •...
Page 28 Configure the switch to operate as a Generic Attribute Registration Protocol (GARP) module to dynamically create VLANs across a switched network. • Configure the module to control the rate of network traffic entering and leaving the switch on a per port/priority basis. •...
Page 29: The Management Agent
Out-of-band network management passes data along a medium that is entirely separate from the common data carrier of the network, for example, a cable connection between a terminal and a switch module COM port. Enterasys Networks Local Management is an out-of-band network management system.
Page 30: Local Management Requirements
You can also access Local Management using a Telnet connection through one of the network ports of the switch module. NOTE: For details on how to connect a console to the switch module, the setup parameters for the console, or how to make a telnet connection, refer to...
Page 31: Example Of A Local Management Screen
Local Management Screen Elements Figure 1-1 Example of a Local Management Screen Introduction...
Page 32: Event Messages
Local Management Screen Elements Event Message Field This field briefly displays messages that indicate if a Local Management procedure was executed correctly or incorrectly, that changes were saved or not saved to Non-Volatile Random Access Memory (NVRAM), or that a user did not have access privileges to an application. Table 1-1 describes the most common event messages.
Page 33: Display Fields
Local Management Screen Elements Display Fields Display fields cannot be edited. These fields may display information that never changes, or information that may change as a result of Local Management operations, user selections, or network monitoring information. In the screens shown in this guide, the characters in the display fields are in plain type (not bold).
Page 34: Local Management Keyboard Conventions
Local Management Keyboard Conventions LOCAL MANAGEMENT KEYBOARD CONVENTIONS All key names appear as capital letters in this manual. and the key functions that are used. Table 1-2 Keyboard Conventions Function ENTER Key Used to enter data or commands. These keys perform the same Local Management function.
Page 35: Getting Help
GETTING HELP For additional support related to the module or this document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail support@enterasys.com ftp://ftp.enterasys.com Login anonymous Password your email address To send comments or suggestions concerning this document, contact the Technical Writing Department via the following email address: TechWriting@enterasys.com...
Page 37: Local Management Requirements
Monitoring an Uninterruptible Power Supply connection from the COM port to an American Power Conversion (APC) Uninterruptible Power Supply (UPS) device. This type of connection enables the switch module to monitor the power status in case of a power loss.
Page 38: Console Cable Connection
Use the Console Cable Kit provided with the chassis to attach the management terminal to the switch module COM port as shown in To connect the switch module to a PC or compatible device running the VT terminal emulation, proceed as follows: 1.
Page 39: Management Terminal Setup Parameters
2.1.2 Management Terminal Setup Parameters Table 2-1 lists the setup parameters for the local management terminal. Table 2-1 VT Terminal Setup Display Setup Menu Columns -> Controls -> Auto Wrap -> Scroll -> Text Cursor -> Cursor Style -> General Setup Menu Mode ->...
Page 40: Telnet Connections
COM port as shown in follows: 1. Connect the RJ45 connector at one end of the cable to the COM port on the switch module. 2. Plug the RJ45 connector at the other end of the cable into the RJ45-to-DB9 male (UPS) adapter (Enterasys Networks part number, 9372066).
Page 41: Uninterruptible Power Supply (Ups) Connection
Monitoring an Uninterruptible Power Supply Figure 2-2 Uninterruptible Power Supply (UPS) Connection Local Management Requirements...
Page 43: Accessing Local Management
Section 3.6. NAVIGATING LOCAL MANAGEMENT SCREENS The switch module Local Management application consists of a series of menu screens. Navigate through Local Management by selecting items from the menu screens. The hierarchy of the Local Management screens is shown in Figure 3-4.
Page 44: Q Switching Mode, Chassis, Lm Screen Hierarchy (Page 1 Of 3)
3-1, so the screen selection starts with the Password screen and skips to the Module Selection screen. If an additional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM is installed in a switch, an additional statistics screen selection (not shown in Module Statistics Menu screen.
Page 45: Q Switching Mode, Module, Lm Screen Hierarchy (Page 2 Of 3)
Priority Classification Configuration Configuration Configuration Configuration Rate Limiting Rate Limiting IGMP/VLAN IGMP/VLAN Configuration Configuration Switch Statistics Switch Statistics Interface Statistics Interface Statistics Passwords RMON Statistics RMON Statistics Chassis Environment Statistics Configuration Chassis Environment Statistics Configuration Radius Configuration Name Services Configuration...
Page 46: Selecting Local Management Menu Screen Items
Navigating Local Management Screens Figure 3-3 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 3 of 3) Security 3.1.1 Selecting Local Management Menu Screen Items Select items on a menu screen by performing the following steps: 1. Use the arrow keys to highlight a menu item. 2.
Page 47: Using The Next And Previous Commands
Using the RETURN Command To exit LM using the RETURN command, proceed as follows: 1. Use the arrow keys to highlight the RETURN command at the bottom of the Local Management screen. 2. Press ENTER. The previous screen in the Local Management hierarchy displays. NOTE: The user can also exit Local Management screens by pressing ESC twice.
Page 48: Password Screen
NOTE: You can set the same string as a Security password and SNMP Community Name. This will allow you to access and manage the switch whether you are starting a Local Management session via a Telnet connection or local COM port connection, or using a network SNMP management application.
Page 49: Local Management Chassis/Module Password Screen
Screen Example Figure 3-4 Local Management Chassis/Module Password Screen Enter the Password and press ENTER. The default super-user access password is “public” or press ENTER. NOTE: The password is one of the passwords configured in the Module Login Password screen. Access to certain Local Management capabilities depends on the degree of access accorded that password.
Page 50: Main Menu Screen
When to Use To access the two major sets of Local Management screens used to configure the chassis and the switch modules installed in the chassis. How to Access Enter a valid password in the Local Management Password screen as described in press ENTER.
Page 51: Module Selection Screen
NOTE: If the terminal is idle for several minutes the Local Management Password screen redisplays and the session ends. This idle time can be changed in the General Configuration screen in Menu Descriptions Table 3-1 Main Menu Screen Menu Item Descriptions Menu Item Screen Function CHASSIS...
Page 52: Module Selection Screen
Module Selection Screen How to Access Use the arrow keys to highlight the MODULES menu item in the Module Selection screen, and press ENTER. The Module Selection screen, Screen Example Figure 3-6 Module Selection Screen 3-10 Accessing Local Management Figure 3-6, displays.
Page 53: Selecting A Module
Display the type of interface module that is installed in each slot. (Read-Only) Serial # Display the serial number of the module. The serial number of the (Read-Only) device is necessary when calling Enterasys Networks concerning the module. Hardware Revision Display the hardware version of the module. (Read-only) 3.4.1...
Page 54: Module Menu Screen
Password > Main Menu > Module Selection > Module Menu For 6C107 chassis: Password > Module Selection > Module Menu When to Use To access the Local Management screens for the switch module selected in the Module Selection screen. How to Access Use the procedure described in...
Page 55: Module Menu Screen Menu Item Descriptions
Tree Configuration Menu screen, 802.1Q VLAN Configuration Menu screen, and the 802.1p Configuration Menu screen. These screens are used to set the basic switch operations, and provide access to screens to configure VLANs, and assign port priorities. For details about the screens, refer to: •...
Page 56 A different password can be set for each access policy. To prevent clearing the passwords, hardware switch 8 on the board of the device can be disabled using this screen. For an overview of the security available on this switch module, refer to...
Page 57: Overview Of Security Methods
Security screen described in • SNMP Community String – allows access to the switch module via a network SNMP management application. To access the switch module, you must enter an SNMP Community Name string. The level of management access is dependent on the SNMP Community Name and...
Page 58: Host Access Control Authentication (Haca)
For more information, refer to • MAC Authentication – provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices directly attached to switch module ports. For more information, refer to Section 3.6.1...
Page 59 All radius values, except the server IPs and shared secrets, are assigned reasonable default values when radius is installed on a new switch module. The defaults are as follows: • Client, disabled •...
Page 60 Overview of Security Methods When the Radius Client is active on the switch module, the user is presented with an authorization screen, prompting for a user login name and password when attempting to access the host IP address via the local console LM, Telnet to LM, or WebView application. The embedded Radius Client encrypts the information entered by the user and sends it to the Radius Server for validation.
Page 61: Port Based Network Access Control
When configured in conjunction with NetSight Policy Manager and Radius server(s), Enterasys Networks’ switch modules can dynamically administer user based policy that is specifically tailored to the end user’s needs.
Page 62: Security Overview
Authenticators reside in edge switches. They shuffle messages and tell the switch when to grant or deny access, but do not validate logins. User validation is the job of authentication servers. This separation of functions allows network managers to put authentication servers on central servers.
Page 63: Mac Authentication Overview
If the string exists and it refers to a currently configured policy in this switch, then the port receives this new policy. If authenticated, but the authorized policy is invalid or non-existent, then the port forwards the frame normally according to the port default policy, if one exists.
Page 64: Concurrent Operation Of 802.1X And Mac Authentication
If a switch port is configured to enable both 802.1X and MAC Authentication, then it is possible for the switch to receive a start or a response 802.1X frame while a MAC Authentication is in progress. If this situation, the switch immediately aborts MAC Authentication. The 802.1X authentication then proceeds to completion.
Page 65: Mac / 802.1X Precedence States
Table 3-5 MAC / 802.1X Precedence States 802.1X Port Port Authen- Control Control ticated? Force Don’t Don’t Authorized Care Care Force Don’t Don’t Authorized Care Care Auto Enabled Auto Enabled Auto Enabled Auto Enabled Auto Enabled Autho- Default rized Policy Policy Exists? Exists?
Page 66 Overview of Security Methods Table 3-5 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Control Control Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Force Enabled Unauthori- zation Force Enabled Unauthori- zation Force Enabled Unauthori- zation Force Enabled Unauthori- zation...
Page 67: Mac Authentication Control
Table 3-5 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Authen- Control Control ticated? Force Enabled Unauthori- zation Force Disabled Don’t Unauthori- Care zation 3.6.4 MAC Authentication Control This global variable can be set to enabled or disabled. If set to enabled, then a.
Page 68: Security Menu Screen
Security Menu Screen SECURITY MENU SCREEN Screen Navigation Path For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Security Menu For 6C107 chassis: Password > Module Selection > Module Menu > Security Menu When to Use To access the Passwords, Radius Configuration, Name Services Configuration, System Authentication Configuration, EAP Configuration, EAP Statistics Menu, MAC Port Configuration, and MAC Supplicant Configuration screens.
Page 69: Security Menu Screen Menu Item Descriptions
For details, refer to Section Used to configure the Radius Client Parameters on the switch, primary server, and secondary server. For details, refer to Used to set parameters for personalized Web authentication, including the URL and IP of the Secure Harbour web page.
Page 70 Security Menu Screen Table 3-6 Security Menu Screen Menu Item Descriptions (Continued) Menu Item SYSTEM AUTHENTICATION CONFIGURATION CONFIGURATION EAP STATISTICS MAC PORT CONFIGURATION MAC SUPPLICANT CONFIGURATION 3-28 Accessing Local Management Screen Function Used to enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports.
Page 71: Passwords Screen
Local Management access (super-user, read-write and read-only) via serial console or telnet connection. This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords. How to Access Use the arrow keys to highlight the PASSWORDS menu item on the Security Menu screen and press ENTER.
Page 72: Module Login Passwords Screen Field Descriptions
Switch 8 Enable or disable the function of hardware switch S8 on the main (Toggle) board of the device. When set to ENABLED, S8 can be used to clear the password. When set to DISABLED, S8 cannot be used to clear the password.
Page 73: Setting The Module Login Password
Access Policy. 2. Press ENTER. 3. To disable the function of switch S8 so the passwords cannot be cleared, use the arrow keys to highlight the Switch 8 field. 4. Press the SPACE bar to select DISABLED.
Page 74: Radius Configuration Screen
Radius Configuration Screen How to Access Use the arrow keys to highlight the RADIUS CONFIGURATION menu item on the Security Menu screen and press ENTER. The Radius Configuration screen, Screen Example Figure 3-10 Radius Configuration Screen Field Descriptions Refer to Table 3-8 for a functional description of each screen field.
Page 75 Table 3-8 Radius Configuration Screen Field Descriptions (Continued) Use this field… To… Last Resort Accept, Challenge, and Reject, which do the following: Action/Local (Selectable) For more details, refer to To set local and remote servers, refer to Last Resort Accept, Challenge, and Reject, which do the following: Action/Remote (Selectable) For more details, refer to...
Page 76: Setting The Last Resort Authentication
Radius Configuration Screen 3.9.1 Setting the Last Resort Authentication The Radius client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server.
Page 77: Name Services Configuration Screen
Use this screen when enabling Port-based Web authentication. This screen can also be used to configure the global Secure Harbour name and IP address. The user can Enable/Disable Name Services and associate the switch name with the Secure Harbour IP address. How to Access Use the arrow keys to highlight the NAME SERVICES CONFIGURATION menu item on the Security Menu screen and press ENTER.
Page 78: Name Services Configuration Screen Field Descriptions
(Toggle) 3-36 Accessing Local Management NOTE: The switch Name and the Secure Harbour IP must be globally unique within your network and the end switch must contain the identical information. NOTE: The Switch Name and the Secure Harbour IP must be globally unique within your network and the end switch must contain the identical information.
Page 79: System Authentication Configuration Screen
System Authentication Configuration Screen 3.11 SYSTEM AUTHENTICATION CONFIGURATION SCREEN When to Use To enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports. How to Access Use the arrow keys to highlight the SYSTEM AUTHENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER.
Page 80: System Authentication Configuration Screen Field Descriptions
MAC authentication limits access to the network by validating the MAC address of their connected devices. EAP MAC enables using both MAC and EAP authentication methods concurrently for security. NONE turns off all port authentication in the switch. The default is NONE.
Page 81: Eap (Port) Configuration Screen
EAP (Port) Configuration Screen 3.12 EAP (PORT) CONFIGURATION SCREEN When to Use To configure authentication settings for each port. How to Access Use the arrow keys to highlight the EAP CONFIGURATION menu item on the Security Menu screen and press ENTER. The EAP Port Configuration screen, Figure 3-13, displays.
Page 82: Eap Port Configuration Screen Field Descriptions
EAP (Port) Configuration Screen Field Descriptions Refer to Table 3-11 for a functional description of each screen field. Table 3-11 EAP Port Configuration Screen Field Descriptions Use this field… To… Port See the port number of all ports known to the device. Up to 10 ports (Read-Only) can be displayed as a time.
Page 83 See the current backend state of each port. (Read-Only) The backend state machine controls the protocol interaction between the authenticator (the switch) and the authentication server (typically a radius server). These following seven states are the possible internal states for the authenticator.
Page 84 If a policy string is returned that has no definition in the switch, then this is an illegal configuration and the port is not authenticated. Therefore frame forwarding in this case follows the rules outlined...
Page 85 Table 3-11 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port Control • Forced Authenticated Mode: The Forced Authenticated Mode is (Cont’d) • Forced Unauthenticated Mode: When a port is set to the Forced Initialized Port Set to TRUE to initialize all state machines for this port. After (Single Setting) initialization, authentication can proceed normally on this port according to its control settings.
Page 86: Eap Statistics Menu Screen
EAP Statistics Menu Screen 3.13 EAP STATISTICS MENU SCREEN Screen Navigation Path For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Security Menu > EAP Statistics Menu For 6C107 chassis: Password > Module Selection > Module Menu > Security Menu > EAP Statistics Menu When to Use To access the EAP Session Statistics, EAP Authenticator Statistics, and EAP Diagnostic Statistics screens.
Page 87: Eap Statistics Menu Screen Descriptions
Menu Descriptions Refer to Table 3-12 for a functional description of each menu item. Table 3-12 EAP Statistics Menu Screen Descriptions Menu Item EAP SESSION STATISTICS AUTHENTICATOR STATISTICS EAP DIAGNOSTIC STATISTICS Screen Function Used to review and clear EAP session statistics for each port. For details, refer to Section 3.13.1.
Page 88: Eap Session Statistics Screen
EAP Statistics Menu Screen 3.13.1 EAP Session Statistics Screen When to Use To review and clear EAP session statistics for each port. How to Access Use the arrow keys to highlight the EAP SESSION STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.
Page 89: Eap Session Statistics Screen Field Descriptions
Table 3-13 EAP Session Statistics Screen Field Descriptions Use this field… To… SessionID See the unique ASCII string identifier for a particular session. (Read-Only) SessionOctetsRx See counts of user data octets received on the port during a particular (Read-Only) session. SessionOctetsTx See counts of octets of transmitted on the port during a particular (Read-Only)
Page 90: Eap Authenticator Statistics Screen
EAP Statistics Menu Screen Table 3-13 EAP Session Statistics Screen Field Descriptions (Continued) Use this field… To… Session User Name See the user name associated with the PAE (Point of Access Entity). (Read-Only) Port Number Select the port number to display the associated EAP Session Statistics. (Selectable) To select a port number, use the arrow keys to highlight the Port Number field.
Page 91: Eap Authenticator Statistics Screen Field Descriptions
Screen Example Figure 3-16 EAP Authenticator Statistics Screen Field Descriptions Refer to Table 3-14 for a functional description of each screen field. Table 3-14 EAP Authenticator Statistics Screen Field Descriptions Use this field… To… Total Frames Rx See counts of all EAP frames received by the authenticator. (Read-Only) Total Frames Tx See counts of all EAP frames transmitted by the authenticator.
Page 92 EAP Statistics Menu Screen Table 3-14 EAP Authenticator Statistics Screen Field Descriptions (Continued) Use this field… To… Response Id Frames See counts of EAP response identification type frames received by the authenticator. (Read-Only) Response Frames See counts of EAP response type frames received by the authenticator. (Read-Only) Request Id Frames See counts of EAP request identification type frames transmitted by the...
Page 93: Eap Diagnostic Statistics Screen
EAP Statistics Menu Screen 3.13.3 EAP Diagnostic Statistics Screen When to Use To view port counters useful for EAP troubleshooting, including logoffs and timeouts while authenticating, and to view authorization failure messages from the authentication server. The counters on this screen refresh automatically. How to Access Use the arrow keys to highlight the EAP DIAGNOSTIC STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.
Page 94: Eap Diagnostic Statistics Screen Field Descriptions
EAP Statistics Menu Screen Field Descriptions Refer to Table 3-15 for a functional description of each screen field. Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions Use this field… To… Enters Connecting See counts of transitions to connecting state from any other state. (Read-Only) Logoffs Connecting See counts of transitions from connecting to disconnected state after an...
Page 95 Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Reauths See counts of transitions from authenticated to connecting state due to a Authenticated reauthentication request. (Read-Only) Starts See counts of transitions from authenticated to connecting state due to a Authenticated start from the supplicant (end-user requesting authentication).
Page 96: Mac Port Configuration Screen
MAC Port Configuration Screen Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… CLEAR Set the octets and frame counters to zero for a particular port. To clear COUNTERS the counters, use the arrow keys to highlight CLEAR COUNTERS and (Command) press ENTER.
Page 97: Mac Port Configuration Screen Field Descriptions
Screen Example Figure 3-18 MAC Port Configuration Screen Field Descriptions Refer to Table 3-16 for a functional description of each screen field. Table 3-16 MAC Port Configuration Screen Field Descriptions Use this field… To… Port # See the port numbers of all ports known to the device. Up to 9 ports can (Read-Only) be displayed at a time.
Page 98: Mac Supplicant Configuration Screen
MAC Supplicant Configuration Screen Table 3-16 MAC Port Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Port Initialize the authentication status of the port. When this field is set to (Single Setting) TRUE, the current authentication session is terminated, the port returns to its initial authentication status, and the field returns to FALSE.
Page 99: Mac Supplicant Configuration Screen Field Descriptions
Screen Example Figure 3-19 MAC Supplicant Configuration Screen Field Descriptions Refer to Table 3-17 for a functional description of each screen field. Table 3-17 MAC Supplicant Configuration Screen Field Descriptions Use this field… To… Port See the port numbers of all ports known to the device. Up to 10 ports (Read-Only) can be displayed at a time.
Page 100 It always displays a value of FALSE. Reauthenticate Force a revalidation of the MAC credential for the supplicant. When set Supplicant to TRUE, the switch forces the revalidation. It always displays a value (Single Setting) of FALSE. 3-58...
Page 101: Chassis Menu Screens
Redirect Configuration Menu screen and its menu items to access other screens to configure the chassis to redirect traffic from a source switch port to a destination switch port, or redirect traffic from a VLAN to a particular switch port...
Page 102: Chassis Menu Screen
Chassis Menu Screen CHASSIS MENU SCREEN When to Use To access the Local Management screens that allow you to configure and monitor operating parameters, modify SNMP community names, set SNMP traps, monitor the chassis environmental status, and to perform port redirect functions. How to Access Use the arrow keys to highlight the CHASSIS menu item on the Main Menu screen and press ENTER.
Page 103: Chassis Menu Screen Menu Item Descriptions
Menu Descriptions Refer to Table 4-1 for a functional description of each menu item. Table 4-1 Chassis Menu Screen Menu Item Descriptions Menu Item Screen Function CHASSIS Allows the user to configure operating parameters for the chassis. For CONFIGURATION details, refer to SNMP Used to access the SNMP Community Names Configuration screen CONFIGURATION...
Page 104: Chassis Configuration Screen
Chassis Configuration Screen CHASSIS CONFIGURATION SCREEN When to Use To set the chassis date and time, IP address and Subnet Mask, the operational mode of all modules installed in the chassis, view the chassis uptime, screen refresh time and lockout time, and view the chassis uptime.
Page 105: Chassis Configuration Screen Field Descriptions
Field Descriptions Refer to Table 4-2 for a functional description of each screen field. Table 4-2 Chassis Configuration Screen Field Descriptions Use this field… To… MAC Address Display the base physical address of the chassis. (Read-Only) IP Address Set the IP address for the chassis. If an IP address is assigned to the (Modifiable) chassis, all the interface modules installed in the chassis can be managed via this IP address, eliminating the need to assign an IP...
Page 106: Setting The Ip Address
Chassis Configuration Screen Table 4-2 Chassis Configuration Screen Field Descriptions (Continued) Use this field… To… Screen Lockout Set the maximum number of minutes that the Local Management Time application displays a module’s screen while awaiting input or action (Modifiable) from a user. For example, if the number 5 is entered in this field, the user has up to five minutes to respond to each of the specified module’s Local Management screens.
Page 107: Setting The Subnet Mask
4.2.2 Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the 6C105 is located on a separate subnet, the subnet mask for the 6C105 chassis must be changed from its default. To change the subnet mask from its default, perform the following steps: 1.
Page 108: Setting The Chassis Time
Chassis Configuration Screen 4.2.4 Setting the Chassis Time To set the chassis clock, perform the following steps: 1. Use the arrow keys to highlight the Chassis Time field. 2. Enter the time in this 24-hour format: HH:MM:SS NOTE: When entering the time in the system time field, separators between hours, minutes, and seconds do not need to be added as long as each entry uses two numeric characters.
Page 109: Setting The Screen Lockout Time
4.2.6 Setting the Screen Lockout Time The screen lockout time can be set from 1 to 30 minutes with a default of 15 minutes. To set a new lockout time, perform the following steps: 1. Use the arrow keys to highlight the Screen Lockout Time field. 2.
Page 110: Snmp Configuration Menu Screen
SNMP Configuration Menu Screen SNMP CONFIGURATION MENU SCREEN When to Use To access the SNMP Community Names Configuration screen and the SNMP Traps Configuration screen. These screens are used to modify SNMP community names and set SNMP traps. How to Access Use the arrow keys to highlight the SNMP CONFIGURATION MENU item on the Chassis Menu screen and press ENTER.
Page 111: Snmp Configuration Menu Screen Menu Item Descriptions
Menu Descriptions Refer to Table 4-3 for a functional description of each menu item. Table 4-3 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP Used to enter new, change, or review the community names used as COMMUNITY access passwords for module management operation.
Page 112: Snmp Community Names Configuration Screen
SNMP Community Names Configuration Screen SNMP COMMUNITY NAMES CONFIGURATION SCREEN When to Use To set the Local Management community names. Community names act as passwords to Local/Remote Management and provide security access to the chassis. Access to the chassis is controlled by enacting any of three different levels of security authorization (read-only, read-write, and super-user).
Page 113: Establishing Community Names
Field Descriptions Refer to Table 4-4 for a functional description of each screen field. Table 4-4 SNMP Community Names Configuration Screen Field Descriptions Use this field… To… Community Name Enter the user-defined name used to access chassis management. Any (Modifiable) community name assigned here acts as a password to Local Management.
Page 114: Snmp Traps Configuration Screen
SNMP Traps Configuration Screen To establish community names, proceed as follows: 1. Use the arrow keys to highlight the Community Name field adjacent to the selected access level. 2. Enter the password in the field (maximum 31 characters). 3. Press ENTER. 4.
Page 115: Snmp Traps Configuration Screen Field Descriptions
Screen Example Figure 4-5 SNMP Traps Configuration Screen Field Descriptions Refer to Table 4-5 for a functional description of each screen field. Table 4-5 SNMP Traps Configuration Screen Field Descriptions Use this field… To… Trap Destination Set the IP address of the workstation to receive trap alarms. Up to eight (Modifiable) different destinations can be defined.
Page 116: Configuring The Trap Table
Chassis Environmental Information Screen 4.5.1 Configuring the Trap Table To configure the Trap table, proceed as follows: 1. Using the arrow keys, highlight the appropriate Trap Destination field. 2. Enter the IP Address of the workstation that is to receive traps. IP address entries must follow the DDN format (nnn.nnn.nnn.nnn).
Page 117: Chassis Environmental Information Screen Field Descriptions
Screen Example Figure 4-6 Chassis Environmental Information Screen Field Descriptions Refer to Table 4-6 for a functional description of each screen field. Table 4-6 Chassis Environmental Information Screen Field Descriptions Use this field… To… Chassis Power Display the current redundancy status of the chassis power supplies. Redundancy This field will read either “Available”...
Page 118: Redirect Configuration Menu Screen (Chassis)
Redirect Configuration Menu Screen (Chassis) REDIRECT CONFIGURATION MENU SCREEN (CHASSIS) When to Use To access the Port Redirect Configuration and VLAN Redirect Configuration screens at the chassis level. Any combination, up to 128, of port and/or VLAN redirect instances can be configured per installed module, giving a maximum of 640 instances for a chassis with 5 modules.
Page 119: Port Redirect Configuration Screen
VLAN REDIRECT Used to configure the device to direct traffic from a VLAN to a CONFIGURATION particular switch port. This screen will not display if the chassis has no modules in 802.1Q mode. For details, refer to PORT REDIRECT CONFIGURATION SCREEN...
Page 120: Port Redirect Configuration Screen Field Descriptions
Port Redirect Configuration Screen Screen Example Figure 4-8 Port Redirect Configuration Screen Field Descriptions Refer to Table 4-8 for a functional description of each screen field. Table 4-8 Port Redirect Configuration Screen Field Descriptions Use this field… To… Source Module See which modules are currently set as source modules.
Page 121 Table 4-8 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Frame Format See the current frame format setting: NORMAL, TAGGED, or (Read-Only) UNTAGGED. The default is NORMAL. • • • Redirect Errors See whether the corresponding source ports are configured ON to send (Read-Only) frames with errors to the destination ports, or OFF to drop all frames with errors and only forward traffic without errored frames to the...
Page 122: Changing Source And Destination Ports
Port Redirect Configuration Screen Table 4-8 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Redirect Errors Set each source port to either ON, to send errored frames to its (Toggle) destination port, or OFF to drop errored frames, and send only valid traffic to its destination port.
Page 123: Vlan Redirect Configuration Screen
14. Use the SPACE bar to select either the ADD or DELETE option. Press ENTER. This adds or deletes the selections for the Source Port, Destination Port, Frame Format, and Redirect Errors made in steps 1 through 12 and also updates the screen. TIP: If more than one port is being redirected, repeat steps 1 through 14 for each additional setting.
Page 124: Vlan Redirect Configuration Screen Field Descriptions
VLAN Redirect Configuration Screen How to Access Use the arrow keys to highlight the VLAN REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The VLAN Redirect Configuration screen, Figure 4-9, displays. Screen Example Figure 4-9 VLAN Redirect Configuration Screen Field Descriptions Refer to Table 4-9...
Page 125 VLAN [n] and Destination Port [n] fields. RECEIVED – Frames are redirected in the format that they were received by the switch module. TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification of the receiving port.
Page 126: Changing Source Vlan And Destination Ports
VLAN Redirect Configuration Screen 4.9.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format and Redirect Errors functions, proceed as follows: 1. Use the arrow keys to highlight the Src VLAN ID field near the bottom of the screen. 2.
Page 127: Module Configuration Menu Screens
Module Configuration Menu Screens The chapter describes the Module Configuration Menu screen and the following screens that can be selected: • General Configuration screen • SNMP Configuration Menu screen • SNMP Community Names Configuration screen • SNMP Traps Configuration screen •...
Page 128: Module Configuration Menu Screen
To access a series of Local Management screens used to establish an Access Control List for SNMP to provide additional security, configure and monitor operating parameters, modify SNMP community names, set SNMP traps, configure switch parameters and configure the switch module ports.
Page 129: Module Configuration Menu Screen Menu Item Descriptions
CPU (switch) utilization and the peak switch utilization. For details, refer to FLASH Used to force the switch module to download a new image file from a DOWNLOAD TFTP server to its FLASH memory. For details, refer to...
Page 130: General Configuration Screen
General Configuration Screen GENERAL CONFIGURATION SCREEN When to Use To set the system date and time, IP address and subnet mask, the default gateway, the TFTP and gateway IP address. This screen can also be used to clear the NVRAM, set the screen refresh time, the screen lockout time, the IP fragmentation, the COM port configuration, and monitor the total time (uptime) that the module has been running.
Page 131: General Configuration Screen Field Descriptions
MAC Address See the base physical address of the switch module. (Read-Only) IP Address See the IP address for the switch module. To set the IP address, refer to (Modifiable) Section Address Discovery. Runtime IP Address Discovery enables the switch module to...
Page 132 DISTRIBUTED management mode to access the Local Management of each switch module. In STANDALONE management mode, the switch can be configured with its own IP address and operate as an independent switch within the chassis. Module Configuration Menu Screens Section 5.2.8.
Page 133 Enable or disable IP Fragmentation. The default setting for this field is (Toggle) ENABLED. If the switch module is to be bridged to an FDDI ring using an HSIM-F6, IP Fragmentation should be enabled. If IP Fragmentation is disabled, all FDDI frames that exceed the maximum Ethernet frame...
Page 134: Setting The Ip Address
NOTE: If the 6C105 or 6C107 chassis has been assigned an IP address, it is not necessary to assign an IP address to the switch module. All installed modules have the same IP address as the chassis. If a separate IP address for the switch module is needed, proceed as follows.
Page 135: Configuration Warning Screen, Ip Address
Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the switch module is located on a separate subnet, the subnet mask for the switch module may need to be changed from its default value.
Page 136: Setting The Default Gateway
If the SNMP management station is on a different IP subnet than the module, a default gateway must be specified. When an SNMP Trap is generated, the switch module sends out an ARP request to the default gateway, which responds with its MAC address. The switch module then sends the trap using the IP address from the Trap Table and the MAC address of the default gateway.
Page 137: Setting The Tftp Gateway Ip Address
Setting the TFTP Gateway IP Address If the network TFTP server is located on a different IP subnet than the switch module, a Gateway IP address should be specified. To set the TFTP Gateway IP address, perform the following steps: 1.
Page 138: Setting The Module Name
All installed modules recognize the chassis date. The switch module is year 2000 compliant so that the Module Date field can be set beyond the year 1999. To set the system date, perform the following steps: 1.
Page 139: Setting The Module Time
Setting the Module Time NOTE: If the 6C105 or 6C107 chassis has been assigned a chassis time, it is not necessary to assign a module time to the switch module. All installed modules recognize the chassis time. To set the switch module time, perform the following steps: 1.
Page 140: Setting The Screen Lockout Time
5.2.10 Configuring the COM Port Upon power up, the COM port is configured to the default settings of ENABLED and LM. CAUTION: Before altering the COM port settings, ensure that the switch module or chassis is set with a valid IP address. (Refer to port configuration section before changing the settings of the COM port.
Page 141: Com Port Warning
ENABLED for the LM or UPS application. Selecting DISABLED prevents a connection via the COM port thus providing additional module security. CAUTION: If the COM port is reconfigured without a valid IP address set on the switch module or chassis, the message shown in Do not continue unless the outcome of the action is fully understood.
Page 142: Changing The Com Port Application
Ensure that the switch module has a valid IP address before saving changes to the COM port application. If the switch module does not have a valid IP address and the changes are saved, refer to your switch module hardware/user’s guide for instructions on clearing NVRAM to reestablish COM port communications.
Page 143: Enabling/Disabling Ip Fragmentation
5.2.12 Enabling/Disabling IP Fragmentation To enable or disable IP Fragmentation, proceed as follows: CAUTION: If the switch module is being bridged to an FDDI ring (for example, via an optional HSIM-F6), IP Fragmentation should be enabled. If it is disabled, all FDDI frames that exceed the maximum Ethernet frame size are discarded.
Page 144: Snmp Configuration Menu Screen
SNMP Configuration Menu Screen SNMP CONFIGURATION MENU SCREEN Screen Navigation Paths For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > SNMP Configuration Menu For 6C107 chassis: Password > Module Selection > Module Menu > Module Configuration Menu > SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration, SNMP Traps Configuration,...
Page 145: Snmp Configuration Menu Screen Menu Item Descriptions
Screen Example Figure 5-7 SNMP Configuration Menu Screen Menu Descriptions Refer to Table 5-4 for a functional description of each menu item. Table 5-4 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP Used to enter new, change, or review the community names used as COMMUNITY access passwords for module management operation.
Page 146: Snmp Community Names Configuration Screen
6C105 chassis screens by assigning different community names to the switch module(s). When this is done, the CHASSIS menu item of the Main Menu screen will not display, and access will be limited to the screens specific to the switch module attached to the terminal.
Page 147: Snmp Community Names Configuration Screen Field Descriptions
To… Community Name Display the user-defined name through which a user accesses the (Modifiable) switch module SNMP Management. Any community name assigned here acts as a password to Local Management. SNMP Community Names Configuration Screen Module Configuration Menu Screens 5-21...
Page 148: Establishing Community Names
MIB objects, excluding security protected fields for Super-User access only. This community name gives the user read-write access to the switch module MIB objects and allows the user to change all modifiable parameters including community names, IP addresses, traps, and SNMP...
Page 149: Snmp Traps Configuration Screen
SNMP TRAPS CONFIGURATION SCREEN When to Use To assign SNMP traps to eight different IP addresses. Since the switch module is an SNMP compliant module, it can send messages to multiple Network Management Stations to alert users of status changes.
Page 150: Configuring The Trap Table
4. Use the arrow keys to highlight the Trap Community Name field. Enter the community name. 5. Press ENTER. 6. Use the arrow keys to highlight the Enable Traps field. Press the SPACE bar to choose either YES (send alarms from the switch module to the workstation), or NO (prevent alarms from being sent). 5-24...
Page 151: Access Control List Screen
You can limit user access to the switch module according to their IP addresses. Up to 16 single IP addresses and/or range of addresses can be configured. To manage an ACL enabled switch module, the management station must be a member of the ACL and authenticated according to traditional SNMP rules.
Page 152: Access Control List Screen
Access Control List Screen Screen Example Figure 5-10 Access Control List Screen Field Descriptions Refer to Table 5-7 for a functional description of each screen field. 5-26 Module Configuration Menu Screens...
Page 153: Access Control List Screen Field Descriptions
The limited access applies to all IP access including, but not limited to, SLIP/PPP connections, Telnet, Ping, SNMP and HTTP. When locally connected to the COM port of the host switch module), ACL does not restrict access to local management.
Page 154: Entering Ip Addresses
Access Control List Screen 5.6.1 Entering IP Addresses To enter a single or range of IP addresses into the ACL, proceed as follows: Entering Single Addresses 1. Use the arrow keys to highlight one of the place holders (0.0.0.0) under IP Addresses. 2.
Page 155: Enable/Disable Acl
4. Repeat steps 1 through 3 if more than one range of addresses is being entered. Up to 16 ranges of IP addresses, including any single IP Addresses entered. If an invalid format is used to enter an IP address, one of the following messages may display in the Event Message Line: •...
Page 156: System Resources Information Screen
SYSTEM RESOURCES INFORMATION SCREEN When to Use To monitor the current switch utilization and the peak switch utilization. This screen provides information concerning the processor used in the switch module and the amount of FLASH memory, DRAM, and NVRAM that is installed and how much of that memory is available.
Page 157: Setting The Reset Peak Switch Utilization
5.7.1 Setting the Reset Peak Switch Utilization To set the Reset Peak Switch Utilization field to YES or NO, proceed as follows: 1. Use the arrow keys to highlight the Reset Peak Switch Utilization field. 2. Press the SPACE bar to select YES or NO.
Page 158: Flash Download Configuration Screen
There are restrictions on the version of firmware required for 6H302-48 modules with a serial number starting with 3655xxxxxx. The serial number is visible on the top ejector tab of the switch, or by querying the PIC MIB. For firmware in the 5.x track, version 5.03.05 or higher must be used on 6H302-48 modules with a serial number starting with 3655.
Page 159: Flash Download Configuration Screen
NOTE: Configuration files cannot be downloaded or uploaded directly from one switch module to another. How to Access Use the arrow keys to highlight the FLASH DOWNLOAD CONFIGURATION menu item on the Module Configuration Menu screen, and press ENTER. The Flash Download Configuration...
Page 160: Flash Download Configuration Screen Field Descriptions
Runtime. DOWNLOAD CONFIG – Used to download a configuration file from a TFTP server to a switch module. The configuration file must be one that was uploaded to the TFTP server from a switch module of the same model with the same optional hardware, and running firmware revision 3.10.7 or higher.
Page 161 Table 5-9 Flash Download Configuration Screen Field Descriptions (Continued) Use this field… To… Reboot After Set the switch module so it will either reboot or not reboot after Download completing the download of an image. This field toggles between YES (Toggle) and NO, when the Download Method field is set to RUNTIME.
Page 162: Image File Download Using Runtime
2. Use the SPACE bar to select either YES or NO. Select YES if you want the module to reboot after the download is completed. Select NO if you want the switch module to store the new image in FLASH memory until the module is reset or during the next power-up.
Page 163: Configuration File Download Using Tftp
5.8.2 Configuration File Download Using TFTP To download a configuration file from a TFTP server to the switch module, proceed as follows: 1. Use the arrow keys to highlight the Download Method field. 2. Use the SPACE bar to select DOWNLOAD CONFIG.
Page 164: Configuration File Upload Using Tftp
NO (and cannot be changed). 3. Use the arrow keys to highlight the TFTP Gateway IP Addr field. 4. Set the IP address of the target TFTP server which is to receive a copy of the switch module configurable settings.
Page 165: Port Configuration Menu Screens
Port Configuration Menu Screens This chapter describes the Port Configuration Menu screen and the following screens that can be selected: • Ethernet Interface Configuration screen • Ethernet Port Configuration screen • HSIM/VHSIM Configuration screen • Redirect Configuration Menu screen • Port Redirect Configuration screen •...
Page 166: Port Configuration Menu Screen
Port Configuration Menu Screen PORT CONFIGURATION MENU SCREEN When to Use To select screens to perform port configuration tasks on the switch module. How to Access Use the arrow keys to highlight the PORT CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER.
Page 167: Port Configuration Menu Screen (In Agg Mode, Ieee8023Ad)
INTERFACE Ethernet port, and provide access to the Ethernet Port Configuration CONFIGURATION screen, which allows the configuration of the switch module Ethernet ports. For details, refer to HSIM/VHSIM Provides access to the HSIM or VHSIM setup screen, depending on the CONFIGURATION one installed in the switch module.
Page 168: Ethernet Interface Configuration Screen
Ethernet Port Configuration screen, which allows configuration of the Ethernet port. In normal operation, all front panel ports of the switch module automatically establish a link with the device at the other end of the segment without requiring user setup. However, the Ethernet Interface Configuration screen can be used to access the Ethernet Port Configuration screen to select a port and display its characteristics.
Page 169: Ethernet Interface Configuration Screen Field Descriptions
See the type of interface using the name of the physical port type. For (Read-Only) the Ethernet 10/100 Mbps ports in the switch module, FE-100TX will be displayed. If a Fast Ethernet port is installed via an optional HSIM, the interface displayed may be FE-100TX or FE100-FX. If a Gigabit port is installed via an optional VHSIM, the interface displayed may be GE-1000SX, GE-1000LX, or GE-1000CX.
Page 170 Port Configuration Menu Screens NOTE: In normal operation, the front panel ports of the switch module automatically establish a link with the device at the other end of the segment without requiring user setup. However, Local Management provides the user with the option of manually configuring that port.
Page 171 Table 6-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… HDX FC See the current half duplex flow control setting. Half duplex flow (Read-Only) control, also known as back pressure, is a collision based flow control mechanism used in half duplex configurations. The port will display On, Off, or NA.
Page 172: Ethernet Port Configuration Screen
Ethernet Port Configuration Screen ETHERNET PORT CONFIGURATION SCREEN When to Use To change the operating mode of a specific Ethernet interface, such as the speed, duplex, auto-negotiation, advertised ability, and the flow control settings. Configuring optional Fast Ethernet or Gigabit Ethernet ports is also done on this screen. How to Access Use the arrow keys to highlight the desired Ethernet port on the Ethernet Interface Configuration screen and press ENTER.
Page 173: Ethernet Port Configuration Screen Field Descriptions
Field Descriptions Refer to Table 6-3 for a functional description of each screen field. Table 6-3 Ethernet Port Configuration Screen Field Descriptions Use this field… To… Interface See the Interface number. (Read-Only) Physical Port See the number of the physical port on the interface. (Read-Only) Default Speed See the current operational speed in Mbps.
Page 174 Ethernet Port Configuration Screen Table 6-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Advertised Ability Select the port “advertised” mode of operation. In normal operation, (Selectable) with all capabilities enabled, the port “advertises” that it has the ability to operate in any mode.
Page 175 Table 6-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Full Duplex Flow Set the flow control feature on each port for a specific mode. The Control choices are as follows: (Selectable) Symmetric – the port operates in Symmetric mode, causing the port to interpret received PAUSE frames and allow the port to transmit PAUSE frames when necessary at any speed connection.
Page 176: Selecting Field Settings
Ethernet Port Configuration Screen 6.3.1 Selecting Field Settings All selectable or toggle fields other than Advertised Ability can be changed by following this procedure: 1. Use the arrow keys to highlight the field to be changed. 2. Use the SPACE bar or BACKSPACE key to step or toggle through the selections. 3.
Page 177: Hsim/Vhsim Configuration Screen
To configure an optional HSIM or VHSIM. NOTE: The HSIM/VHSIM Configuration menu item can only be selected when a non-Ethernet HSIM or VHSIM is installed in the switch module. The applicable setup screen for that interface displays. This only applies to HSIMs and VHSIMs that can support WAN, FDDI or ATM.
Page 178: Redirect Configuration Menu Screen
Redirect Configuration Menu Screen REDIRECT CONFIGURATION MENU SCREEN For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > Port Configuration Menu > Redirect Configuration Menu For 6C107 chassis: Password > Module Selection > Module Menu > Module Configuration Menu > Port Configuration Menu >...
Page 179: Redirect Configuration Menu Screen Field Menu Item Descriptions
Used to redirect traffic from a source switch port to a destination CONFIGURATION switch port. For details, refer to VLAN REDIRECT Used to configure the switch module to direct traffic from a VLAN to a CONFIGURATION particular switch port. For details, refer to Redirect Configuration Menu Screen Section 6.6.
Page 180: Port Redirect Configuration Screen
To redirect frames from one source port to many destination ports or many source ports to one destination port on a switch module in a 6C105 chassis. Frames received on a source port can be redirected and transmitted in the frame format in which they are received (normal), or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).
Page 181: Port Redirect Configuration Screen
• You can redirect frames between any Ethernet 6X2XX series module ports and any other Ethernet ports. • The VLAN tag in the frame, as it is being mirrored, is maintained and forwarded to the destination mirrored port. • You can add a new port redirect entry to a destination port that is already saved and active. However, this will cause a Local Management warning to appear at the top left corner of the screen.
Page 182: Port Redirect Configuration Screen Field Descriptions
Port Redirect Configuration Screen Table 6-5 Port Redirect Configuration Screen Field Descriptions Use this field… To… Source Port See which ports are currently set as source ports. (Read-Only) Destination Port See which ports are currently set as destination ports. (Read-Only) Frame Format See the current frame format setting: NORMAL, TAGGED, or (Read-Only)
Page 183: Changing Source And Destination Ports
Table 6-5 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Redirect Errors Set each source port to either ON, to send errored frames to its (Toggle) destination port, or OFF to drop errored frames and send only valid traffic to its destination port.
Page 184: Vlan Redirect Configuration Screen
To redirect frames in a 6C105 chassis from one or more source VLANs to one destination port on the switch module. Frames received on a source VLAN can be redirected and transmitted in the frame format in which they are received (normal), or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).
Page 185: Vlan Redirect Configuration Screen
The VLAN redirect function is very useful for troubleshooting purposes. It allows all inbound and outbound traffic from one or more source VLANs to be sent to a destination VLAN where all current traffic from the source VLANs can be examined using analyzers, RMON probes, or IDS sensors.
Page 186: Vlan Redirect Configuration Screen Field Descriptions
Port Configuration Menu Screens RECEIVED – Frames are redirected in the format that they were received by the switch module. TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification of the receiving port.
Page 187: Changing Source Vlan And Destination Ports
6.7.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format, proceed as follows: 1. Use the arrow keys to highlight the Source VLAN field near the bottom of the screen. 2.
Page 188: Link Aggregation Screen (802.3Ad Main Menu Screen)
In normal usage (and typical implementations) there is no need to modify any of these parameters. The default values will result in the maximum number of aggregations possible. If the switch is placed in a configuration with its peers not running the protocol, no aggregations will be formed and the switch will function normally (that is, will block redundant paths).
Page 189 Spanning Tree When multiple links are connected from one switch to another, it is necessary that only one link be allowed to switch network traffic. Due to the functionality of a switch, if multiple links were active, a packet would end up “looping” around in those links indefinitely. This problem is well documented and is the reason that bridges implement the Spanning Tree Protocol (STP).
Page 190 Link Aggregation Screen (802.3ad Main Menu Screen) The STP is able to calculate which ports on a switch can be allowed to forward traffic to eliminate the possibility of looping in a network. So, if multiple links were attached between two switches, only one would be used.
Page 191 Most switch vendors provide a way to group these ports together manually. For example, the user could configure Ports 1, 2 and 3 in a trunk on switch X and connect to ports 4, 5 and 6 that are in a trunk on switch Y.
Page 192: Ad Main Menu Screen
Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-8 802.3ad Main Menu Screen Menu Descriptions Refer to Table 6-7 for a functional description of each menu item. 6-28 Port Configuration Menu Screens...
Page 193: Ad Port Screen
Table 6-7 802.3ad Main Menu Screen Menu Item Descriptions Menu Item Screen Function PORT Used to access the 802.3ad Port screen, described in view port instances and to access the 802.3ad Port Details screen, described in Section AGGREGATOR Used to access the 802.3ad Aggregator screen to display a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator.
Page 194: Ad Port Screen Field Descriptions
Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-9 802.3ad Port Screen Field Descriptions Refer to Table 6-8 for a functional description of each screen field. Table 6-8 802.3ad Port Screen Field Descriptions Use this field… To… Port View the port number, which correlates to the port numbers in other (Read-Only) screens.
Page 195: Ad Port Details Screen
Link Aggregation Screen (802.3ad Main Menu Screen) Figure 6-9 shows the four columns of information: The Port Instance; the Aggregator that the Port is attached to; the operational key of the Port, and the state of the port’s MUX state machine. Viewing and Editing 802.3ad Port Parameters To view the 802.3ad related port parameters of any port displayed on the screen, proceed as follows:...
Page 196: Ad Port Details Screen Field Descriptions
Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-10 802.3ad Port Details Screen Field Descriptions Refer to Table 6-9 for a functional description of each screen field. Table 6-9 802.3ad Port Details Screen Field Descriptions Use this field… Port Instance (Read-Only) ActorSystemPriority...
Page 197 See the current operation key for this port. Only ports with matching operation keys may aggregate. See ActorPort on the partner switch that we are currently attached to. Set a default value to use for the PartnerOperSysPriority when no protocol partner is available.
Page 198 Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) 6-34 Port Configuration Menu Screens To… See the current (operational) value of the port’s Actor_State. The hex value is displayed as well as the individual bit fields.
Page 199 Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) (Continued) PartnerAdminKey (Modifiable) PartnerAdminState (hex) (Modifiable) PartnerOperKey (Read-Only) PartnerOperState (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen) To… bit 5 Distributing, 1 indicates that this port is Distributing. “Distributing”...
Page 200: Displaying Port Statistics
Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… SelectedAggID (Read-Only) AttachedAggID (Read-Only) LAGID (Read-Only) STATS (Command) Viewing and Editing 802.3ad Port Parameters To change a parameter, proceed as follows: 1.
Page 201: Ad Port Statistics Screen
Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.1.2 802.3ad Port Statistics Screen When to Use To view all the port-related LACP parameters about a port instance shown in the 802.3ad Port Details screen described back in Section 6.8.1.1. How to Access Use the arrow keys to highlight the STATS command in the 802.3ad Port Details screen and press ENTER.
Page 202: Ad Port Statistics Screen Field Descriptions
Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-10 802.3ad Port Statistics Screen Field Descriptions Use this field… Port Instance (Read-Only) LACPDUsRx (Read-Only) IllegalRx (Read-Only) MarkerPDUsRx (Read-Only) LACPDUsTx (Read-Only) MarkerResponsePDUsRx (Read-Only) MarkerPDUsTx (Read-Only) UnknownRx (Read-Only) MarkerResponsePDUsTx (Read-Only) RxState (Read-Only) 6-38 Port Configuration Menu Screens To…...
Page 203 Table 6-10 802.3ad Port Statistics Screen Field Descriptions (Continued) Use this field… LastRxTime(delta) (Read-Only) ActorChurnState (Read-Only) PartnerChurnState (Read-Only) ActorChurnCount (Read-Only) PartnerChurnCount (Read-Only) AsyncTransCount (Read-Only) PsyncTransCount (Read-Only) ActorChangeCount (Read-Only) PartnerChangeCount (Read-Only) MuxState (Read-Only) MuxReason (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen) To…...
Page 204: Ad Aggregator Screen
Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.2 802.3ad Aggregator Screen When to Use To see a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator.
Page 205: Ad Aggregator Screen Field Descriptions
Table 6-11 802.3ad Aggregator Screen Field Descriptions Use this field… To… AggInst See dot3adAggIndex, a unique number that identifies this aggregator. (Read-Only) OperKey See dot3adAggActorOperKey, the associated operational key value. (Read-Only) SysPri See dot3adAggActorSystemPriority, the priority value associated with (Read-Only) this aggregator.
Page 206: Ad Aggregator Details Screen
Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.2.1 802.3ad Aggregator Details Screen When to Use To see the current parameter details of the Aggregator Instance selected on the 802.3ad Aggregator screen described in Section How to Access Use the arrow keys to highlight the line containing the Aggregator of interest on the 802.3ad Aggregator screen and press ENTER.
Page 207: Ad Aggregator Details Screen Field Descriptions
Table 6-12 802.3ad Aggregator Details Screen Field Descriptions Use this field… To… Aggregator See the instance of the aggregator being viewed. The instance is a numerical value used to uniquely identify an aggregator in a system Instance and matches the aggregator’s logical port number. Actor System See the System associated with the aggregator.
Page 208: Ad System Screen
Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.3 802.3ad System Screen When to Use To see basic system-level information, such as System Identifier, Number of Ports and Number of Aggregators. How to Access Use the arrow keys to highlight the SYSTEM menu item in 802.3ad Main Menu screen and press ENTER.
Page 209: Ad System Screen Field Descriptions
To… System Identifier See the uniquely identified system-to-protocol partner. (Read-Only) Number of Ports See the number of ports that are participating in 802.3ad on this switch. (Read-Only) Number of See the number of aggregators that exist on this switch. Aggregators (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen)
Page 210: Broadcast Suppression Configuration Screen
Broadcast Suppression Configuration Screen BROADCAST SUPPRESSION CONFIGURATION SCREEN NOTE: Broadcast frames received above the threshold setting are dropped. When to Use To set a limit for the receive broadcast frames that are switched out to the other ports. How to Access Use the arrow keys to highlight the BROADCAST SUPPRESSION CONFIGURATION menu item on the Port Configuration Menu screen and press ENTER.
Page 211: Setting The Threshold
Field Descriptions Refer to Table 6-14 for a functional description of each screen field. Table 6-14 Broadcast Suppression Configuration Screen Field Descriptions Use this field… To… PORT # Identify the number of the port. (Read-Only) Total RX See the total number of broadcast frames received. (Read-Only) Peak Rate See the highest number of broadcast frames received in a one-second...
Page 212: Setting The Reset Peak
Broadcast Suppression Configuration Screen 6.9.2 Setting the Reset Peak To set the Reset Peak field to YES or NO, proceed as follows: 1. Use the arrow keys to highlight the Reset Peak field for the selected port. 2. Press the SPACE bar to select YES or NO. 3.
Page 213: Configuration Menu Screens
802.1 Configuration Menu Screens This chapter discusses the Enterasys Networks Rapid Reconvergence Spanning Tree implementation as well as the implementation of IEEE 802.3AD. The following screens are discussed: • 802.1 Configuration Menu screen • 802.3ad Configuration screens • Spanning Tree Configuration Menu screen •...
Page 214: Configuration Menu Screen
802.1 Configuration Menu Screen 802.1 CONFIGURATION MENU SCREEN When to Use To access the Spanning Tree Configuration Menu, 802.1Q VLAN Configuration Menu, or 802.1p Configuration Menu screen. How to Access Use the arrow keys to highlight the 802.1 CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER.
Page 215: Configuration Menu Screen Menu Item Descriptions
Used to select the screens for configuring and managing VLANs. CONFIGURATION Details about VLANs, how to configure them, and examples showing MENU how to configure the switch for VLANs to solve a given problem are described in Configuration screens, refer to 802.1p...
Page 216: Spanning Tree Configuration Menu Screen
Spanning Tree Configuration Menu Screen SPANNING TREE CONFIGURATION MENU SCREEN CAUTION: These screens should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. For 6C105 chassis: Password >...
Page 217: Spanning Tree Configuration Menu Screen Menu Item Descriptions
Screen Function SPANNING TREE Used to create a Per VLAN Spanning Tree (PVST) instance for each CONFIGURATION VLAN currently configured on the switch. For details about the Spanning Tree Port Configuration screen, refer to Section SPANNING TREE Used to enable or disable Spanning Tree on a per port, per VLAN PORT basis.
Page 218: Spanning Tree Configuration Screen
Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. When to Use To create a separate Spanning Tree topology for each VLAN configured in the switch module. Also provides access to the PVST Configuration screen. How to Access Use the arrow keys to highlight the SPANNING TREE CONFIGURATION menu item on the Spanning Tree Configuration Menu screen, and press ENTER.
Page 219: Spanning Tree Configuration Screen Field Descriptions
Screen Example Figure 7-3 Spanning Tree Configuration Screen Field Descriptions Refer to Table 7-3 for a functional description of each screen field. Table 7-3 Spanning Tree Configuration Screen Field Descriptions Use this field… To… VLAN See a list of the VLAN or Spanning Tree Instances. This field also –...
Page 220 Spanning Tree Configuration Screen Table 7-3 Spanning Tree Configuration Screen Field Descriptions (Continued) Use this field… To… AgeTime Enter the age time (10 to 1million seconds) for the associated VLAN. (Modifiable) This is the amount of time that the entry remains in the bridge forwarding table.
Page 221: Configuring A Vlan Spanning Tree
11.Use the arrow keys to highlight the SAVE command and press ENTER to save all your settings at once. 12.If you want to add all the VLANs configured on the switch to the screen with a default age time of 300 seconds, use the arrow keys to highlight the ADD ALL CONFIGURED VLAN command and press ENTER.
Page 222: Spanning Tree Port Configuration Screen
When to Use To view the switch address of the selected STP VLAN ID, its VLAN age time, the total number of ports, and the current MAC Address of a switch residing of each port.
Page 223: Spanning Tree Port Configuration Screen Field Descriptions
(Read-Only) selected in the STP VLAN ID field. MAC Address See the Mac address of the switch residing off each port.The first MAC (Read-Only) Address is always associated with the VLAN ID selected in the STP VLAN ID field. The default is the MAC Address of the Default VLAN.
Page 224: Enabling/Disabling The Default Spanning Tree Ports
PVST Port Configuration Screen 7.4.1 Enabling/Disabling the Default Spanning Tree Ports CAUTION: The Spanning Tree configuration should be done only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. Ports associated with the Default STP VLAN can be enabled or disabled, as follows: 1.
Page 225: Pvst Port Configuration Screen Field Descriptions
Screen Example Figure 7-5 PVST Port Configuration Screen Field Descriptions Refer to Table 7-5 for a functional description of each screen. Table 7-5 PVST Port Configuration Screen Field Descriptions Use this field… Port # (Read-Only) Corresponding ifindex (Read-Only) Corresponding idDescr (Read-Only) Port Designated Root (Read-Only) Port Designated...
Page 226 PVST Port Configuration Screen Table 7-5 PVST Port Configuration Screen Field Descriptions (Continued) Use this field… Port Priority (Modifiable) Port Designated Cost (Read-Only) Port State (Read-Only) Port Designated Port (Read-Only) Port Enable (Read-Only) Port Forward Transmissions (Read-Only) Port Path Cost (Modifiable) STP Vlan ID (Read-Only)
Page 227: Q Vlan Configuration Menu Screens
802.1Q VLAN Configuration Menu Screens NOTE: It is strongly recommended that you read of VLANs and the associated terminology; how to use the VLAN Configuration screens to create VLANs; examples of how to configure VLANs in switches to solve a problem; and details on how frames are handled as they travel through the network.
Page 228: Summary Of Vlan Local Management
VLANs and to assign ports to those VLANs. The VLAN Configuration screens are a standard part of the Local Management hierarchy when the switch is configured to operate in 802.1Q Mode. The hierarchy of the Local Management screens pertaining to 802.1Q VLAN configuration is shown in Figure 8-1 802.1Q VLAN Screen Hierarchy...
Page 229: Q Vlan Configuration Menu Screen
The VLAN Local Management menu items listed on the 802.1Q VLAN Configuration Menu allow such VLANs to be configured on a network at the switched port of the switch module. Each port mode of operation can also be configured to handle untagged frames (Hybrid Mode), tagged frames (1Q Trunk Mode), or frames of a legacy 802.1D switch fabric (1D Trunk Mode).
Page 230: Q Vlan Configuration Menu Screen Menu Item Descriptions
Screen Function Used to view, add, name, enable, or disable static VLANs within the switch module, and also display the Filter Database ID (FDB ID) associated with each VLAN. This screen also allows you to access the Static VLAN Egress Configuration screen.
Page 231 Table 8-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function CURRENT VLAN Displays a list of the current VLANs along with their VLAN IDs, CONFIGURATION FDB IDs, VLAN Type, and if they have ports on the egress list. Each VLAN ID on the list may be highlighted to access the Current VLAN Egress Configuration screen.
Page 232: Static Vlan Configuration Screen
Static VLAN Configuration Screen STATIC VLAN CONFIGURATION SCREEN When to Use To create, modify, and/or delete one or more Static VLANs and associated VLAN names. This screen also provides access to the Static VLAN Egress Configuration screen to modify the port list of a VLAN selected from this screen, as described in NOTE: Static VLANs are those VLANs that you create manually using this screen and can only be deleted using this screen.
Page 233: Static Vlan Configuration Screen Field Descriptions
VLAN, and is not required for (Modifiable) VLAN operation. Add the new VLAN to the switch module. If this is successful, the (Command) screen refreshes and the new VLAN is added to the list in the screen.
Page 234: Creating A Static Vlan
2. Enter the VLAN ID using a unique number between 2 and 4094. The VLAN IDs of 0, 1, and 4095 may not be used for user-defined VLANs. NOTE: Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the switch assumes that the Administrator intends to modify the existing VLAN.
Page 235: Renaming A Static Vlan
8.3.3 Renaming a Static VLAN To change the name of an existing VLAN, proceed as follows: 1. Use the arrow keys to highlight the VLAN ID field near the bottom of the screen. 2. Type the VLAN ID number of the VLAN to be changed. Press ENTER. 3.
Page 236: Paging Through The Vlan List
• TAGGED – sets the port to transmit frames with a tag header to associate the frame with the VLAN. This setting is usually to configure a port as a trunk port to another switch. • NO – sets the port so it does not transmit frames (tagged or untagged) of the VLAN.
Page 237: Static Vlan Egress Configuration Screen
Screen Example Figure 8-4 Static VLAN Egress Configuration Screen Field Descriptions Refer to Table 8-3 for a functional description of each screen field. Table 8-3 Static VLAN Egress Configuration Screen Field Descriptions Use this field… To… VLAN ID See the VLAN ID of the VLAN selected in the Static VLAN (Read-Only) Configuration screen.
Page 238: Setting Egress Types On Ports
Static VLAN Egress Configuration Screen Table 8-3 Static VLAN Egress Configuration Screen Field Descriptions (Continued) Use this field… To… Egress Select the type of VLAN frame transmission (egress) for each port. (Selectable) You can select UNTAGGED, TAGGED, or NO, using the SPACE bar. UNTAGGED –...
Page 239: Displaying The Next Group Of Ports
3. To change the egress type on more than one port, repeat the first two steps for each port. 4. After the changes are complete, use the arrow keys to highlight the SAVE command at the bottom of the screen. 5.
Page 240: Current Vlan Configuration Screen
To see the current VLANs and the associated FDB ID, VLAN type, and if the ports are on the egress list. The egress list is how the switch keeps track of all VLANs that it will recognize. How to Access Use the arrow keys to highlight the CURRENT VLAN CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen, and press ENTER.
Page 241: Current Vlan Configuration Screen Field Descriptions
Table 8-4 Current VLAN Configuration Screen Field Descriptions Use this field… To… VLAN ID See a list of the VLANs currently recognized by the switch. (Read-Only) FDB ID See the Filter Database ID (FDB ID) of the associated VLAN. (Read-Only) VLAN Type See the VLAN Type of the associated VLAN (Static or Dynamic).
Page 242: Current Vlan Egress Configuration Screen
Current VLAN Egress Configuration Screen CURRENT VLAN EGRESS CONFIGURATION SCREEN When to Use To see the egress settings of all ports associated with the VLAN ID selected from the Current VLAN Configuration screen. How to Access Use the arrow keys to highlight the line item with the VLAN ID of interest on the Current VLAN Configuration screen and press ENTER.
Page 243: Vlan Port Configuration Screen
• the ingress filtering on the port, which can be enabled or disabled to filter out (drop) frames that are not on the switch egress list, or • the GARP VLAN Registration Protocol (GVRP) status, which can be enabled or disabled.
Page 244: Vlan Port Configuration Screen
VLAN Port Configuration Screen How to Access Use the arrow keys to highlight the VLAN PORT CONFIGURATION menu item on the 802.1Q Configuration Menu screen and press ENTER. The VLAN Port Configuration screen, displays. Screen Example Figure 8-7 VLAN Port Configuration Screen 8-18 802.1Q VLAN Configuration Menu Screens Figure...
Page 245: Vlan Port Configuration Screen Field Descriptions
Enable or Disable the GVRP Status. GVRP and PVST are not (Toggle) interoperable. When ENABLED, GVRP is turned on for the entire switch. When DISABLED, the VLANs are not learned on a given port. Port See a list of the switch ports.
Page 246: Changing The Port Mode
• HYBRID – This is the default mode for all ports on the switch. The initial Port VLAN List includes the PVID with a frame format of untagged. Any other VLANs desired for the Port VLAN List need to be manually configured.
Page 247: Configuring The Vlan Ports
8.7.2 Configuring the VLAN Ports To configure a VLAN port, proceed as follows: NOTE: In the following steps, you only need to step to the fields that you are going to change. 1. Use the arrow keys to highlight the PVID field. 2.
Page 248: Vlan Classification Configuration Screen
When a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented. Instead, the frame is processed by the switch module according to the information contained in the 802.1Q frame tag. When the frame is transmitted, it is sent to the ports associated...
Page 249: Vlan Classification Configuration Screen Field Descriptions
NOTE: Besides the VID selected, the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section when there are multiple classifications configured in the switch module. 8.8.3. 802.1Q VLAN Configuration Menu Screens Section 8.8.3.
Page 250: Classification List
VLAN Classification Configuration Screen Table 8-7 VLAN Classification Configuration Screen Field Descriptions (Continued) Use this field … To … DEL ALL/DEL Delete all or one or more marked Classification Rule entries on the MARKED screen. The DEL ALL command is the default and it is used to (Command) simultaneously delete all the configured Classification Rules.
Page 251 Table 8-8 Classification List (Continued) Classification 802.3 SAP> Same IP TOS IP Protocol Type IPX COS IPX Packet Type Src IP Address VLAN Classification Configuration Screen Subclassification and Options SSAP/DSAP (802.3): - IP - IPX - IPX RAW - BANYAN - SNA - CUSTOM >...
Page 252 VLAN Classification Configuration Screen Table 8-8 Classification List (Continued) Classification Dest IP Address Bil IP Address Src IPX Network Dest IPX Network Bil IPX Network Src UDP Port 8-26 802.1Q VLAN Configuration Menu Screens Subclassification and Options IP Address: 000.000.000.000 IP Address: 000.000.000.000 IPX Network Num:...
Page 253 Table 8-8 Classification List (Continued) Classification Dest UDP Port Bil UDP Port Src TCP Port Dest TCP Port Bil TCP Port VLAN Classification Configuration Screen Subclassification and Options IP UDP Port: Same selection as for Src UDP Port Classification IP UDP Port: Same selection as for Src UDP Port Classification TCP Port:...
Page 254 VLAN Classification Configuration Screen Table 8-8 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments Src UDP Range Dest UDP Range 8-28 802.1Q VLAN Configuration Menu Screens Subclassification and Options IPX Socket:...
Page 255: Classification Precedence Rules
When there are multiple classifications assigned to a switch module, the switch module must determine which classification takes precedence according to the Classification Precedence Rules. The order of precedence is predefined in the switch module and cannot be changed.
Page 256: Classification Precedence
VLAN Classification Configuration Screen NOTE: In Table 8-9 – Highest precedence is 1a. – Lowest precedence is 6. – Exact Match indicates a match of an explicitly defined address. – Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
Page 257 Table 8-9 Classification Precedence (Continued) Classification Type Destination IPX Network Number IP Fragments Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range UDP Dest Port UDP Dest Port Range TCP Source Port...
Page 258: Displaying The Current Classification Rule Assignments
UDP port number of 55 will be assigned to the Blue VLAN because a Layer 3 IP Address rule takes precedence over a Layer 4 rule. The key thing to remember is that the switch modules will classify frames based on one of the classification options.
Page 259: Assigning A Classification To A Vid
8.8.3 Assigning a Classification to a VID NOTE: It is strongly recommended that you read concerning classification before configuring the switch module. Incorrect configuration will affect network operation. To assign a Classification to a VID, proceed as follows: 1. Use the arrow keys to highlight the VID (VLAN identification) field.
Page 260: Deleting Line Items
VLAN Classification Configuration Screen 8.8.4 Deleting Line Items All, or one or more, line items can be deleted as follows: Deleting All Classification Rules To delete all the Classification Rules in the top half of the screen, use the arrow keys to highlight the DEL ALL command field and press ENTER.
Page 261: Protocol Port Configuration Screen
Add or remove ports from being associated with the Classification Rule. • Add ports to the VLAN Forwarding List of the switch module. NOTE: The ports can only be added to the VLAN Forwarding List of an existing VLAN. If the VLAN does not exist, it must be created before the ports can be assigned to the VLAN Forwarding List.
Page 262: Protocol Port Configuration Screen Field Descriptions
Protocol Port Configuration Screen Screen Example Figure 8-9 Protocol Port Configuration Screen Field Descriptions Refer to Table 8-10 for a functional description of each screen field. Table 8-10 Protocol Port Configuration Screen Field Descriptions Use this field … To … Classification Rule See the VID, Classification, and Definition of the line selected in the Field...
Page 263: Assigning Ports To A Vid/Classification
TO VLAN FORWARDING field toggles between NO and YES with (Toggle) NO as the default setting. YES adds all the ports set to YES to the VLAN Forwarding list of the switch module. 8.9.1 Assigning Ports to a VID/Classification The following procedures describe how to •...
Page 264 Protocol Port Configuration Screen Assigning One or More Ports Individually 1. Use the arrow keys to highlight the Classify field adjacent to the Port number. 2. Press the SPACE bar to toggle the Classify field to YES or NO. YES assigns the port to the VID/Classification shown in the Classification Rule field.
Page 265: Configuration Menu Screens
802.1p Configuration Menu Screens This chapter describes the 802.1p Configuration Menu screen and the following screens that may be selected from its menu: • Port Priority Configuration screen • Traffic Class Information screen • Traffic Class Configuration screen • Transmit Queues Configuration screen •...
Page 266: Configuration Menu Screen
802.1p Configuration Menu Screen 802.1p CONFIGURATION MENU SCREEN When to Use To select the screens used for setting port priority, priority classifications, or configuring rate limiting. How to Access Use the arrow keys to highlight the 802.1p CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER.
Page 267: P Configuration Menu Screen Menu Item Descriptions
Menu Descriptions Refer to Table 9-1 for a functional description of each menu item. Table 9-1 802.1p Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function PORT PRIORITY Used to view or change the port default transmit priority (0 through 7) CONFIGURATION of each port for frames that are received (ingress) without priority information in their tag header.
Page 268: Port Priority Configuration Screen
A frame with priority information in its tag header is transmitted according to that priority. NOTE: The priority is only changed while the switch module is processing the frame. Frames received by the switch module with a 1p priority value are transmitted with that same value.
Page 269: Port Priority Configuration Screen
Port Priority Configuration Screen Screen Example Figure 9-2 Port Priority Configuration Screen 802.1p Configuration Menu Screens...
Page 270: Setting Switch Port Priority Port-By-Port
(Read-Only) (Toggle) 9.2.1 Setting Switch Port Priority Port-by-Port To set the default port priority on a particular port, proceed as follows: 1. Use the arrow keys to highlight the Set field. 2. Press the SPACE bar to step to the INDIVIDUAL setting.
Page 271: Setting Switch Port Priority On All Ports
Then you can apply the new settings to either the selected port or to all the ports. NOTE: The priority is only changed while the switch module is processing the frame. Frames received by the switch module with a 1p priority value are transmitted with that same value. Traffic Class Information Screen...
Page 272: Traffic Class Information Screen
Traffic Class Information Screen Priority-to-Traffic Class Mapping is used to assign 802.1p priority values to a Traffic Class (0 through 3 with 0 being the lowest level Traffic Class) for each frame priority. For example, if the Traffic Class is set to 3 for those frames with a priority 7, then those frames would be transmitted before any frames contained in Traffic Classes 2 through 0.
Page 273: Traffic Class Information Screen Field Descriptions
Port View up to 12 port numbers along with their Traffic Class-to-priority (Read-Only) settings. If the number of ports on the switch module exceed 12, one or more screens may be viewed using the NEXT and PREVIOUS commands. The port fields can also be used to access its Traffic Class Configuration screen, where the current Traffic Class-to-priority settings may be changed and applied to that port only or to all ports.
Page 274: Traffic Class Configuration Screen
Traffic Class Configuration Screen TRAFFIC CLASS CONFIGURATION SCREEN When to Use To change the Traffic Class setting of one or more priorities on each port. The new Traffic Class settings may be applied only to the port selected or to all ports, simultaneously. How to Access Use the arrow keys to highlight the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen.
Page 275: Assigning The Traffic Class To Port Priority
Field Descriptions Refer to Table 9-4 for a functional description of each screen field. Table 9-4 Traffic Class Configuration Screen Field Descriptions Use this field… To… Priority See the list of eight priority levels (0 through 7) that can be associated (Read-Only) with the Traffic Class settings.
Page 276: Transmit Queues Configuration Screen
Transmit Queues Configuration Screen 3. If more than one Traffic Class setting is to be changed, repeat steps 1 and 2 until all of the changes in the Traffic Class settings have been made. 4. To save and apply the settings to only the port shown on the screen, proceed to step 5. To save the Traffic Class selections and apply them to all front panel Ethernet ports, proceed to step 6.
Page 277: Transmit Queues Configuration Screen
Transmit Queues Configuration Screen How to Access Use the arrow keys to highlight the TRANSMIT QUEUES CONFIGURATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Transmit Queues Configuration screen, Figure 9-5, displays. Screen Example Figure 9-5 Transmit Queues Configuration Screen 802.1p Configuration Menu Screens 9-13...
Page 278: Transmit Queues Configuration Screen Field Descriptions
Transmit Queues Configuration Screen Field Descriptions Refer to Table 9-5 for a functional description of each screen field. Table 9-5 Transmit Queues Configuration Screen Field Descriptions Use this field … To… Current Queueing Toggle between the STRICT 802.1 and WEIGHTED mode. The default Mode setting is STRICT 802.1.
Page 279: Setting The Current Queueing Mode
9.5.1 Setting the Current Queueing Mode To set the current queueing mode for a particular port, proceed as follows: 1. Use the arrow keys to highlight the Port field. 2. Press the SPACE bar to step to the appropriate port number. The port type displays to the right of the Port number field.
Page 280: Priority Classification Configuration Screen
Write over an existing TOS value. When a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented. Instead, the frame is processed by the switch module according to the information contained in the 802.1Q frame tag.
Page 281: Priority Classification Configuration Screen Field Descriptions
Screen Example Figure 9-6 Priority Classification Configuration Screen Field Descriptions Refer to Table 9-6 for a functional description of each screen field. Table 9-6 Priority Classification Configuration Screen Field Descriptions Use this field … To… Display the Priority Identifiers (PIDs) currently associated with –...
Page 282 NOTE: Besides the PID selected, the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section when there are multiple classifications configured in the switch module. Table 9-7. 9.6.1. These rules come into effect Section 9.6.4.
Page 283: Classification List
Table 9-7 provides a list of the classifications that can be selected in the Classification field and the associated subclassifications. Table 9-7 Classification List Classification Ethernet II Type> 802.3 SAP> New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same...
Page 284 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification IP TOS New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> IP Protocol Type New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same IPX COS IPX Packet Type 9-20...
Page 285 Table 9-7 Classification List (Continued) Classification Src IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Dest IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...
Page 286 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification Src UDP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest UDP Port Same selections as for Src UDP Port Bil UDP Port...
Page 287 Table 9-7 Classification List (Continued) Classification Src TCP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest TCP Port Same selections as for Src TCP Port Bil TCP Port Same selections as for...
Page 288 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 9-24 802.1p Configuration Menu Screens Subclassification and...
Page 289 Table 9-7 Classification List (Continued) Classification IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Dest UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...
Page 290: Classification Precedence Rules
Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the switch, as these rules can have a significant impact on the network operation. When there are multiple classifications assigned to a switch, the switch must determine which classification takes precedence according to the Classification Precedence Rules.
Page 291: Classification Precedence
Table 9-8 Classification Precedence Classification Type Layer 2 Source MAC Address Best Match Destination MAC Address Best Match EtherType IP TOS IP Type IPX COS IPX Type Layer 3 Source IP Address Exact Match Source IP Address Best Match Destination IP Address Exact Match Destination IP Address Best Match Source IPX Network Number Destination IPX Network Number...
Page 292 Priority Classification Configuration Screen Table 9-8 Classification Precedence (Continued) Classification Type Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range UDP Dest Port UDP Dest Port Range TCP Source Port TCP Source Port Range...
Page 293: About The Ip Tos Rewrite Feature
Figure 9-7 Datagram, Layer 2 and Layer 3 This IP TOS Rewrite feature enables a Network Administrator to assign Layer 3 TOS characteristics to incoming frames and set the switch to rewrite the 8-bit TOS value in the Layer 3 information portion of incoming frames.
Page 294: Displaying The Current Pid/Classification Assignments
Priority Classification Configuration Screen The IP TOS Rewrite feature enables you to configure the switch to: • Insert a user-defined 8-bit value into the layer-3 TOS field. • Write over an existing TOS value. This is useful when the Network Administrator wants to enforce a specific priority policy in the network.
Page 295: Deleting Pid/Classification/Description Line Items
4. Press the SPACE bar to step to the appropriate Classification. subclassification associated with each Classification (examples of classifications: Ethernet II Type, 802.3 SAP, IP TOS, IP Protocol Type, etc.). 5. Use the arrow keys to highlight the subclassification field to the immediate right of the Classification field.
Page 296: Protocol Port Configuration Screen
Protocol Port Configuration Screen 3. If more than one line item is to be deleted, repeat NOTE: To remove a mark, perform highlighted will remove the mark. If all marks are removed, the DEL MARKED command is changed back to DEL ALL 4.
Page 297: Protocol Port Configuration Screen
Screen Example Figure 9-8 Protocol Port Configuration Screen Field Descriptions Refer to Table 9-9 for a functional description of each screen field. Table 9-9 Protocol Port Configuration Screen Field Descriptions Use this field… To… Classification Rule See the Classification Rule (Priority, Classification, and Definition) of (Read-Only) the line selected in the Priority Classification Configuration screen.
Page 298: Assigning Ports To A Pid/Classification
Protocol Port Configuration Screen Table 9-9 Protocol Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port See the number of each port. (Read-Only) Classify See which ports are set to the PID/Classification indicated in the (Toggle) Classification Rule field (see between YES and NO, which determines whether or not the associated port is set to the Classification Rule.
Page 299: Example, Prioritizing Traffic According To Classification Rule
Solving the Problem In this example, switches S1 and S2 have already been configured and are operating. The following covers only the additional steps needed to configure each switch to establish the priority for each server. NOTE: For optimal operation of the prioritizing function, the connection between S1 and S2 is set for 802.1Q tagging.
Page 300 • Data Mask: 255.255.255.255 2. Assign all ports on the switch module to use this classification setting. 3. To set the Mail Server (IP 123.123.30.7) to the lowest priority (0), the following settings will be made using the Priority Classification Configuration screen: •...
Page 301: Rate Limiting Configuration Screen
SmartTrunk segments. When to Use To limit the rate of traffic entering and leaving the switch module on a per port/priority basis. Up to three inbound rules and three outbound rules can be programmed per port to control traffic according to the priority entries. The rules also contain the programmed traffic rate. The allowable range for the rate limit is 1 Kbps to 1 Gbps.
Page 302: Rate Limiting Configuration Screen Field Descriptions
Rate Limiting Configuration Screen Screen Example Figure 9-10 Rate Limiting Configuration Screen Field Descriptions Refer to Table 9-10 for a functional description of each screen field. Table 9-10 Rate Limiting Configuration Screen Field Descriptions Use this field… To… Port # See the number of each configured port.
Page 303 Table 9-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Traffic Rate See the maximum traffic rate set for each port entry. There can be up to (Read-Only) six entries (three for Inbound and three for Outbound traffic) for the same port.
Page 304 Inbound configures the rate limit to drop frames when the traffic rate (kbps) received by the switch port exceeds the setting in the Max Rate: kbps field for a particular entry. If there are two or three priority port entries set to Inbound, each entry functions independently.
Page 305: Configuring A Port
Table 9-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Rate: kbps Enter the maximum transmission rate for this entry. The maximum (Modifiable) transmission rate includes all frames associated with the priorities selected in the Priority List field. The default high setting is 100 Kbps maximum interface speed.
Page 306 Rate Limiting Configuration Screen 3. Use the arrow keys to highlight the field below the Priority List field, near the bottom of the screen. 4. Select the priority setting(s) for the port as follows: a. Use the SPACE bar to step to a priority setting: ALL, 0, 1, 2, 3, 4, 5, 6, or 7. b.
Page 307: Changing/Deleting Port Line Items
9.8.2 Changing/Deleting Port Line Items All, or one or more, line items containing the configured port and its priority, maximum rate, and associated dropped frames can be changed/replaced or deleted as follows: Changing One or More Line Items To change the configuration values in a line item, that line item must be deleted and replaced with a new entry with the correct configuration values.
Page 308: More About Rate Limiting
Assume that a network was built using a 6C105 chassis in each closet and interconnected with Enterasys Networks switch routers using Gigabit Ethernet links. Also, assume that 100 users are attached to each 6C105 chassis through 100 Mbps Ethernet ports. If each user attempted to transfer data out of the wiring closet at the maximum possible rate, there could be up to 10 Gbps (100 users x 100 Mbps) of traffic attempting to leave the chassis over a single gigabit link.
Page 309 Rate Limiting Configuration Screen To solve this problem, the Rate Limiting feature can be configured on each port to provide each user with 5 Mbps of high priority bandwidth into the fabric. Now the maximum possible amount of traffic attempting to leave the chassis at high priority is 5 x 100 = 500 Mbps. The gigabit link has ample capacity to carry this load out of the chassis.
Page 311: Layer 3 Extensions Menu Screens
Layer 3 Extensions Menu Screens This chapter describes the Layer 3 Extensions Menu screen and the IGMP/VLAN Configuration screen (Section 10.2). Screen Navigation Paths For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > Layer 3 Extensions Menu For 6C107 chassis: Password >...
Page 312: Layer 3 Extensions Menu Screen
Layer 3 Extensions Menu Screen 10.1 LAYER 3 EXTENSIONS MENU SCREEN When to Use To access the IGMP/VLAN Configuration screen. How to Access Use the arrow keys to highlight the LAYER 3 EXTENSIONS MENU item on the Module Configuration Menu screen and press ENTER. The Layer 3 Extensions Menu screen, displays.
Page 313: Layer 3 Extensions Menu Screen Menu Item Descriptions
IGMP is enabled or disabled by VLAN, not port by port. NOTE: Certain versions of firmware will not allow the switch to be a querier. Please check your release notes for further information. Refer to RFC 2236, Section 8, for more information on IGMP.
Page 314 IGMP/VLAN Configuration Screen The following multicast routing protocols are transparently supported and are used only to detect the location of routers (See the Release Notes for any changes or additions to this list): • DVMRP (Distance Vector Multicast Routing Protocol, RFC 1075) •...
Page 315: Igmp/Vlan Configuration Screen Field Descriptions
ALL is chosen as the option under VLAN ID. The field will initially display an asterisk (*). Query Interval See or change the query interval time. If the switch is the querier, the (Modifiable) value in the Query Interval field indicates how often IGMP Host-Query frames are transmitted on the VLAN selected in the VLAN ID field.
Page 316 The interval is in tenths of seconds. This value is not used if the switch is not the querier. The field will initially display an asterisk (*). Switch Query IP...
Page 317: Igmp/Vlan Configuration Procedure
Table 10-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN ID See the Identifying number of the VLANs available to be modified. If (Selectable) there are no VLANs available, NONE is displayed in this field and asterisks (*) will display in the Configuration, Statistics, and IGMP State fields.
Page 318 RFC 2236 concerning switches, and routers. 5. Use the arrow keys to highlight the remaining fields: Query Interval, Query Response Time, Interface Robustness, Last Member Query Interval, and Switch Query IP. Enter the desired numbers in each field. 6. Use the arrow keys to highlight the SAVE command and press the ENTER key to save the information in all the fields that were changed.
Page 319: Module Statistics Menu Screens
An HSIM or VHSIM Statistics screen may be selected from the Module Statistics Menu screen when an optional HSIM or VHSIM is installed in the switch module. For a description of the screen and how to use it, refer to the user’s guide for that HSIM or VHSIM.
Page 320: Module Statistics Menu Screen
Statistics concerning frame traffic through each switch port. • MIB II statistics for each switched interface. • Statistics gathered by the embedded RMON agent on the switch. • Statistics on any optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM installed in the module.
Page 321: Module Statistics Menu Screen Menu Item Descriptions
Screen Function SWITCH Lists the number of frames received, transmitted, filtered, and STATISTICS forwarded by each switch port. For details, refer to INTERFACE Provides the MIB-II statistics for each switched interface, on an STATISTICS interface-by-interface basis. For details, refer to...
Page 322: Switch Statistics Screen
To obtain switch statistics about the number of frames received, transmitted, filtered, and forwarded by each switch port. How to Access Use the arrow keys to highlight the SWITCH STATISTICS menu item on the Module Statistics Menu screen and press ENTER. The Switch Statistics screen, 11-4...
Page 323: Switch Statistics Screen Field Descriptions
Field Descriptions Refer to Table 11-2 for a functional description of each screen field. Table 11-2 Switch Statistics Screen Field Descriptions Use this field… To… Port # Identify the port number. The total number of ports is dependent on the...
Page 324: Interface Statistics Screen
11.3 INTERFACE STATISTICS SCREEN When to Use To obtain the MIB-II statistics of all the switch interfaces with the exception of an installed HSIM or VHSIM. NOTE: Enterasys Networks HSIMs that support FDDI or WAN gather their own statistics, and may be viewed via the Local Management screens of the applicable HSIM.
Page 325: Interface Statistics Screen Field Descriptions
Interface See the Interface number for which statistics are currently being (Read-Only) displayed. represents Port 1 of the switch module. To view other interface statistics, refer to Name See the type of interface for which statistics are being displayed. (Read-Only)
Page 326 (Read-Only) though the frames contained no errors. This field may increment because the switch module was receiving frames during initialization and was not ready to forward them, or the switch was being overutilized. InErrors See the total number of inbound frames that have been discarded (Read-Only) because they contained errors.
Page 327: Displaying Interface Statistics
Table 11-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… Address See the MAC address of the interface that is currently being displayed. (Read-Only) Last Change See the last time that the interface was reset. (Read-Only) Admin Status See the current status of the interface.
Page 328: Rmon Statistics Screen
When to Use To obtain RMON statistics for each interface, on an interface-by-interface basis. NOTE: The RMON Statistics screen provides statistics for all the switch module front panel Ethernet Interfaces, and any Ethernet HSIM/VHSIM installed in the switch module. How to Access Use the arrow keys to highlight the RMON STATISTICS field on the Module Statistics Menu screen and press ENTER.
Page 329: Rmon Statistics Screen Field Descriptions
RMON Index See the current Ethernet interface for which statistics are being shown. (Read-Only) The switch module has an embedded RMON agent that gathers statistics for each interface on the switch module. Data Source See the source of the statistics data that is currently being displayed on (Read-Only) the screen.
Page 330 RMON Statistics Screen Table 11-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… Undersized Pkts See the number of frames received containing less than the minimum (Read-Only) Ethernet frame size of 64 bytes, not including the preamble, but have a valid CRC.
Page 331: Displaying Rmon Statistics
Table 11-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… 512 – 1023 Octets See the total number of frames, including bad frames, received that (Read-Only) were between 512 and 1023 bytes in length (excluding framing bits, but including FCS bytes). 1024 –...
Page 332: Chassis Environmental Statistics Configuration Screen
Chassis Environmental Statistics Configuration Screen 11.5 CHASSIS ENVIRONMENTAL STATISTICS CONFIGURATION SCREEN When to Use To obtain Chassis statistics for fan and power supplies. How to Access Use the arrow keys to highlight the Chassis Environmental Statistics Configuration screen on the Module Statistics menu screen and press ENTER. The Chassis Environmental Statistics Configuration screen Figure 11-5 Screen Example...
Page 333: Chassis Environmental Statistics Configuration Screen Field Descriptions
Field Descriptions Refer to Table 11-5 for a functional description of each screen field. Table 11-5 Chassis Environmental Statistics Configuration Screen Field Descriptions Use this field… To… Chassis Power Determine whether there is power redundancy available. Redundancy Chassis Power #1 Determine the status of the redundant power supply.
Page 335: Network Tools Screens
This chapter describes the Network Tools Help screen and how to use it and the Network Tools commands to access and manage network devices. An example of each command is also included. Screen Navigation Paths Password > Main Menu > Module Selection > Module Menu > Network Tools 12.1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set.
Page 336: Network Tools Help Screen
Screen Example Figure 12-1 Network Tools Help Screen The Network Tools functions are performed using a series of commands. Entering commands in Network Tools involves typing the command to be executed at the Network Tools prompt, adding any desired or required extensions, and pressing ENTER. There are two categories of commands in the command set: Built-in and Special, which are described below and detailed in •...
Page 337: Built-In Commands
Refer to Table 12-1 for a list of the commands. Table 12-1 Built-in Commands alias bridge gigabit_port_mode loopback_detect MAC_lock disable MAC_lock trap MAC_lock trap disable enable passiveStp ping reset sat_size show mac soft_reset stpPointToPointMAC stpStandby telnet traceroute vrrpPort 1. The atm_stp_state command only displays when an HSIM or VHSIM is installed that supports ATM, such as the HSIM-A6DP or VHSIM2-A6DP.
Page 338: Built-In Commands
The commands are presented in the following format: command Description: Briefly describes the command and its uses. Syntax: Shows the required command format. It indicates where arguments, if any, must be specified. Options: Lists any additional fields in the appropriate format that may be added to the command.
Page 339 alias (Continued) Example: -> alias disable 1-4 Snooping is disabled on port 1. Snooping is disabled on port 2. Snooping is disabled on port 3. Snooping is disabled on port 4. -> alias status 1 Snooping is disabled on port 1. ->...
Page 340 Super-user access is required to delete an entry or add a static route. Each ARP cache entry lists the network interface that the switch module is connected to, the device’s network address or IP address, the device’s physical address or MAC address, and the media type of connection to the device.
Page 341 arp_learn Description: Used to set (normal or limited) how the ARP cache entry will be affected under different conditions as described in Options below. The command can also be used to display its current setting. Syntax: arp_learn [normal | limited | status] Options: normal –...
Page 342 Description: Allows management of the Discovery Protocol (CDP) on this module. The user may enable, disable, or see the current status of CDP. Syntax: cdp [enable/disable/status] Options: None Example: -> cdp status CDP is Enabled -> cdp disable -> cdp status CDP is Disabled ->...
Page 343 The VID of the VLAN to be acted on. The VLAN must be one that has been configured in the switch before it can be selected. The maximum VID value that can be entered is 4095. NOTE: Devices that do not source frames regularly (such as printers), may not operate properly with dynamic egress enabled.
Page 344 dynamic_egress (Continued) Example: -> dynamic_egress status 1 Dynamic Egress Disabled for VLAN ID 0x0001 -> dynamic_egress enable 1 Dynamic Egress Enabled for VLAN ID 0x0001 -> dynamic_egress disable 1 Dynamic Egress Disabled for VLAN ID 0x0001 Description: Enables and disables groups of events or all events concerning logging functions.
Page 345 ev (Continued) Options: ENABLE – Enables Group or events or all DISABLE – Disables Group or events or all Commands to Control Logging Functions: ev STARt [Logging] [Trapping] – begin logging events/traps ev STOp [Logging] [Trapping] – stop logging events/traps ev Clear –...
Page 346 -> gigabit_port_mode active This will reset board and cause loss of persistent objects except IP Address and Subnet: Are you *SURE* ? 12-12 Network Tools Screens NOTE: This field is displayed only when the switch module supports an installed Gigabit Ethernet VHSIM.
Page 347 lg_frame_admin Description: Enables the changing of large frame support on a per port basis. This enables the user to determine if large frames can be forwarded out a particular port. Syntax: lg_frame_admin [ set ] [ LARGE | FRAG_IF_POSS | SMALL | AUTO ] [ PORT | ALL_BPLANE | ALL_FDDI ] lg_frame_admin [ status ] [ port # ] Options:...
Page 348 link_trap Description: Allows link traps to be enabled or disabled when specifying a single port, or simultaneously when specifying “all” or no ports. When one or all ports are specified to enable, disable, or find their status, their current condition is displayed.
Page 349 When the first source MAC address is received on a port, it is “locked” to that port preventing all other MAC addresses from being learned on that port. After the receipt of the first MAC, the switch fabric discards all subsequent frames not containing the configured source MAC address. The only frames that are forwarded on a “locked”...
Page 350 MAC_lock status Description: Displays a list of all ports on the module and their MAC locking status (locked or unlocked), MAC locked to a port, and MAC lock trap (enabled or disabled). Syntax: MAC_lock status Options: None Example: -> MAC_lock status PorT MAC_lock trap disable Description:...
Page 351 Enables the sending of MAC violation traps by either individual port or on all ports of the module. If the MAC lock trap is enabled on a port, the switch sends a trap when the port receives a frame containing a source MAC address that is different from the currently locked MAC address.
Page 352 netstat Description: Provides a display of general network statistics for the managed device. The netstat command must be used with one of the following two display options. Syntax: netstat [option] Options: -i – Displays status and capability information for each interface. -r –...
Page 353 passiveStp Description: Allows management of PassiveStp on this device. The user may enable/disable or see the current status of PassiveStp. Passive Mode Spanning tree allows ports on leaf bridges to transition very quickly and not invoke a global network re-span through requesting root elections by: •...
Page 354 radius Description: Used to enable, disable, and configure the radius function. RADIUS authentication is only used when the client has been properly configured and enabled. When the RADIUS Client is not enabled, the legacy password authentication will run as before. For more about Radius Client, refer to Section Syntax: radius...
Page 355 radius (Continued) Options: radius Shows Radius help radius status Shows all Radius client settings radius [enable | disable] Enables or disables the Radius Client radius prim_ip <server ip> Shows <sets> the primary Radius server’s IP, in decimal-dotted format radius sec_ip <server ip> Shows <sets>...
Page 356 radius (Continued) Options: radius prim_secret (Cont’d) Sets the primary Radius server’s shared secret. radius sec_secret Sets the secondary Radius server’s shared secret. Example: -> radius client RADIUS Configuration Cli Command Format : radius status clear timeout last_resort retry enable disable prim_secret prim_ip prim_auth_port...
Page 357 radius (Continued) Example: (Cont’d) -> radius sec_secret Enter Secret (max 32): *** Confirm Secret: *** ERROR : secret minimum length is 6 -> radius sec_secret Enter Secret (max 32): ******* Confirm Secret: ******* Warning: rfc2865 recommends min length of 16 ->...
Page 358 rate_limit_mode Description: Allows configuration of the exit-rate limit range to either the default high_range (100 Kbps to 1 Gbps) or the low range (50 Kbps to 400 Mbps). Status for this command will return the current mode. This mode is stored in non-volatile memory and is retained by normal resetting.
Page 359 Enables or disables the generation of topology traps on inter switch links. Only inter switch link ports that transition to forwarding or blocking cause the switch to issue a topology trap. By default, this feature is disabled and will allow the generation of topology traps.
Page 360 show Description: Displays information concerning various components of the device. Protocols currently supported are IP, IPX, DECnet, and AppleTalk. Components of those protocols that are currently supported are ARP caches, route tables, FIB tables, server tables, and interface tables. The number of valid entries in the table will be outputted at the end of the table display.
Page 361: Show Mac
show mac Description: The show mac command displays all MAC addresses for the device. Syntax: show mac <fid> [fdbId] <address> [mac] <port> [portNumber] Options: fid – Show MAC addresses for the filter database identifier (fdbId). address – Show the address (mac) if it is known by the device. port –...
Page 362 soft_reset Description: Restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. Syntax: soft_reset Options: None Example: ->soft_reset RESET: Are you *SURE* ? ->...
Page 363 stpForceVersion Description: Puts Spanning Tree into STP compatibility mode (0) or the default RSTP mode (2). Syntax: stpForceVersion [ 0 | 2 | status ] Options: stpForceVersion 0 – Indicates STP compatibility. Enable stpForceVersion 0 only if the user does not want to “run 802.1w,” which does not allow transmission of RSTP BPDUs.
Page 364 stpPointToPointMAC Description: Allows you to set the value of stpPointToPointMAC to TRUE, FALSE or AUTO. Syntax: stpPointToPointMAC [ status ] [ value ] stpPointToPointMAC [ value ] [ vlan id ] [ port range ] Where 'value' is 'true', 'false' or 'auto'. Options: None Example:...
Page 365: Path Cost Parameter Values
set spantree legacypathcost Description: Enables or disables the use of 802.1D or 802.1t Path Cost bridging values on the device. The default is legacy 802.1D standard Path Cost values. Table 12-2 Table 12-2 Path Cost Parameter Values Link Speed 10 Mb/s 100 Mb/s 1 Gb/s 10 Gb/s...
Page 366 set spantree legacypathcost (Continued) Example: To set the device to use the 802.1D legacy path costs, enter: -> stpLegacyPathCost enable To set the device to use the 802.1t path costs (default setting), enter: -> stpLegacyPathCost disable To determine if the device is currently operating using 802.1t or 802.1D path costs values, enter: ->...
Page 367 stpRealTimeMsgAge Description: Sets the BPDU MESSAGE AGE time mechanism to either IEEE or REAL TIME. Syntax: stpRealTimeMsgAge [ enable | disable | status ] Options: enable – Enables the BPDU MESSAGE AGE time mechanism. disable – Disables BPDU MESSAGE AGE time mechanism. status –...
Page 368 telnet Description: Allows the user to communicate with another host (that supports Telnet connections) using the Telnet protocol. The user must specify the remote host using its IP address. The [IP address] field is mandatory. If no Port number is specified, telnet will attempt to contact the host at the default port.
Page 369 timed_soft_reset Description: Allows configuration of a timed_soft_reset in number of seconds. Status for this command will return the time until a reset will occur and whether or not a non-volatile reset will occur when the reset happens. The reset_nv and dont_reset_nv commands tell the timed reset if non-volatile memory should be reset or not.
Page 370 -> vrrpPort set 1 VRRP Port is set to 1. 12-36 Network Tools Screens NOTE: This command is only valid when the switch supports the installed HSIM or VHSIM. NOTE: Setting the VRRP Port(s) to 0 will disable this application.
Page 371: Example, Effects Of Aging Time On Dynamic Egress
In this example, assume that a rule set on Port 1 of the switch module classifies all IP frames to a Red VLAN. Once Port 1 receives a frame from a user device, the frame is classified to the Red VLAN and added to the dynamic Port VLAN List of Port 1.
Page 372: Special Commands
Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with Filter Database Identifier (FDB ID) 0001 as the Port VLAN Identifier (PVID) on all ports. The following additional steps are required to configure the switch to solve this problem.
Page 373: Vlan Operation And Network Applications
VLAN Operation and Network Applications NOTE: It is recommended to read this chapter to gain an understanding of VLANs before configuring the switch. This chapter provides the following information: • Definition of VLANs (Section • Types of VLANs (Section •...
Page 374: Defining Vlans
Defining VLANs 13.1 DEFINING VLANs A Virtual Local Area Network is a group of devices that function as a single Local Area Network segment (broadcast domain). The devices that make up a particular VLAN may be widely separated, both by geography and location in the network. The creation of VLANs allows users located in separate areas or connected to separate ports to belong to a single VLAN group.
Page 375: Example Of A Vlan
SmartSwitch A, cross the high speed link to SmartSwitch B, and then propagated out all switch ports on SmartSwitch B. The SmartSwitches treat each port as being equivalent to any other port, and have no understanding of the departmental memberships of each workstation.
Page 376: Types Of Vlans
FDB ID cannot communicate with the members of another FDB ID. To set up a VLAN, all the network switch devices that are assigned to the VLAN must support the IEEE 802.1Q specification for VLANs. Before you attempt to implement a VLAN strategy, ensure that the switches under consideration support the IEEE 802.1Q specification.
Page 377: Vlan Terms
13.4 VLAN TERMS To fully understand the operation and configuration of port based VLANs, it is essential to understand the definitions of several key terms. Table 13-1 VLAN Terms and Definitions VLAN Term VLAN ID VLAN Name Egress Ingress Filtering Database Identifier (FDB ID) Tag Header (VLAN Tag) Tagged Frame...
Page 378 The port will drop all incoming frames that do not have a VLAN tag. This is a reference to a connection from a switch that passes only untagged traffic. By default, a port designated to pass only untagged frames has all VLANs on its Port VLAN List and is configured to transmit all frames as untagged frames.
Page 379: Vlan Operation
The 802.1Q VLAN operation is slightly different than the operation of traditional switched networking systems. These differences are due to the importance of keeping track of each frame and its VLAN association as it passes from switch to switch or from port to port within a switch. 13.5.2 VLAN Components Before describing the operation of an 802.1Q VLAN, it is important to understand the basic...
Page 380: Configuration Process
Before a VLAN can operate, steps must be performed to configure the switch to establish and configure a VLAN. Enterasys Networks VLAN-aware switches default to operate in the 802.1Q VLAN mode. However, further configuration is necessary to establish multiple logical networks.
Page 381: Vlan Switch Operation
These VLAN tags are added to data frames by the switch as the frames are transmitted out certain ports, and are later used to make forwarding decisions by the switch and other VLAN-aware switches. In the absence of a VLAN tag header, the classification of a frame into a particular VLAN depends upon the configuration of the switch port that received the frame.
Page 382: Receiving Frames From Vlan Ports
The switch receives a frame from Port 1 and examines the frame. The switch notices that this frame does not currently have a VLAN tag. The switch recognizes that Port 1 is a member of VLAN A and classifies the frame as such. In this fashion, all untagged frames entering a VLAN switch assume membership in a VLAN.
Page 383: Known Unicasts
When the switch is powered up, the switch uses its default settings to switch frames like an 802.1Q switch. In this default configuration, all ports are a member of the default VLAN (VLAN 1) including the virtual Host Data Port of the switch, so any port can be used to manage the device as shown in Figure 13-3.
Page 384: Switch With Vlans
Figure 13-3 Switch Management with Only Default VLAN 13.8.3 Switch with VLANs If the switch is to be configured for multiple VLANs, it may be desirable to configure a management-only VLAN. This allows a management station connected to the management VLAN to manage all ports on the switch and make management secure by preventing management via ports assigned to other VLANs.
Page 385: Switch Management With Vlans
VLAN” (or other suitable name) and its VLAN ID. In this example, the VLAN ID is set to 2. An FDB ID is automatically assigned by the switch, so that the Management VLAN has its filtering database to make the VLAN secure. In this example, the FDB ID is 2 and no other VLAN is assigned to this FDB ID.
Page 386: Summary Of Vlan Local Management
No matter how many switches are connected, a management station connected to any port on the same Management VLAN can be used to remotely manage any Enterasys Networks 802.1Q switch in the network as long as the Host Data Port of all the switches are members of the same Management VLAN.
Page 387: Preparing For Vlan Configuration
It may also be helpful to sketch out a diagram of your VLAN strategy. The examples provided starting with Section 13.11 provides a quick walkthrough on how to use the screens to configure the switch for VLANs. may be useful for a depiction of the planning process. VLAN Operation and Network Applications...
Page 388: Quick Vlan Walkthrough
Quick VLAN Walkthrough 13.10 QUICK VLAN WALKTHROUGH The procedures below provide a short tutorial walkthrough that presents each of the steps necessary to configure a new Static VLAN. These steps include the following: • Assigning a VLAN ID and VLAN Name •...
Page 389: Walkthrough Stage One, Static Vlan Configuration Screen
2. Use the arrow keys to highlight the Egress field of Port 3. NOTE: For the purposes of this walkthrough, Port 3 will be configured. As this port will connect to a single workstation, and is not to be used for switch-to-switch communications, the Egress will be set to UNTAGGED.
Page 390: Walkthrough Stage Two, Port 3 Egress Setting
Now that Port 3 belongs to VLAN 2, we will designate one port as a trunk port for a connection to another VLAN-aware switch. This trunk port will carry tagged frames from all VLANs, allowing VLAN frames to maintain their VLAN ID across multiple switches.
Page 391: Walkthrough Stage Three, Port 10 Egress Setting
NOTE: Since Port 3 will connect to a single workstation, and is not to be used for switch-to-switch communications, the acceptable frame types allowed through this port will be all frame types (tagged and untagged). Since Port 3 will not receive VLAN frames from the work station, it is not necessary to filter frames.
Page 392 NOTE: Since Port 10 will be used for switch-to-switch communications, the PVID is left set on the default VLAN value of 1. This associates Port 10 with all VLANs on the switch. Since Port 10 will be used as a trunk port, only tagged frames will be allowed through the port.
Page 393: Examples
This effectively completes the configuration of a single VLAN, assigning it to a port, and configuring the switch to forward the frames received on that port to a trunk port. The trunk port in turn forward the frames as tagged to another switch.
Page 394: Example 1, Single Switch Operation
Figure 13-10 Example 1, Single Switch Operation 13.12.1 Solving the Problem To set up this switch, users will be assigned to two new VLANs, red stations to the Red VLAN, and blue stations to the Blue VLAN. The information below describes how the switch is configured to create these two VLANs and how users are assigned to them.
Page 395: Switch Configured For Vlans
Figure 13-11 Switch Configured for VLANs The switch will now classify each frame received as belonging to either the Red or Blue VLANs. Traffic from one VLAN will not be forwarded to the members of the other VLAN, and all frames transmitted by the switch will be normal, untagged Ethernet frames.
Page 396: Frame Handling
R1. 1. Station R1 transmits the broadcast frame. The switch receives this frame on Port 1. As the frame is received, the switch classifies it. The frame is untagged, so the switch classifies it as belonging to the VLAN that Port 1 is assigned to, the Red VLAN.
Page 397: Example 2, Vlans Across Multiple Switches
Example 2, VLANs Across Multiple Switches Figure 13-12 Example 2, VLANs Across Multiple Switches VLAN Operation and Network Applications 13-25...
Page 398: Solving The Problem
Example 2, VLANs Across Multiple Switches 13.13.1 Solving the Problem To solve the problem in this example, the users are assigned to VLANs using Switch 4 and Switch 2 as shown in Figure 13-12. Redco users are assigned to the Red VLAN and Blue Industries users to the Blue VLAN.
Page 399 By default the port remains as a member of the Default VLAN. With the original classification information inserted in the frame Tag Header, the receiving switch will maintain the original frame classification. GVRP is enabled on this port and will support dynamic VLANs created by GVRP.
Page 400 Ingress Filtering: ENABLED GVRP Status: DISABLED This causes the switch to classify all untagged frames received as belonging to the VLAN specified by each port PVID and to replace the previous PVID information in the port VLAN List with the new PVID information. This makes Port 1 part of the Blue VLAN, Port 3 part of the Red VLAN, and both are set to the VLAN frame format of untagged.
Page 401: Frame Handling
Switch 4 updates its Source Address Table in FDB ID 2 if it didn’t already have a dynamic entry for MAC address “Y” in FDB ID 2. Because Switch 4 received the frame on Port 1, it does not forward the frame out that port, but does forward the frame to Port 4.
Page 402: Transmitting To Switch 4
Figure 13-14 Transmitting to Switch 4 3. When Switch 2 receives the tagged frame on its Port 2, it checks the frame’s VLAN Tag Header and determines that the frame is classified as belonging to the Red VLAN, and that the frame is a broadcast frame.
Page 403: Transmitting To Bridge 4
MAC address, VLAN, and receive port. 5. The frame from the File Server is received on Switch 2, and forwarded to Switch 1 as a tagged frame classified as belonging to the Red VLAN. Switch 1 removes the tag and forwards the frame to Bridge 1, which in turn forwards the frame out of the port attached to User A.
Page 404: Example 3, Filtering Traffic According To A Layer 4 Classification Rule
Layer 4 classification rule that will classify each RIP broadcast frame received on Port 25 of each switch to the Null VLAN. Since the Null VLAN is not associated with any ports, the frame will be dropped and not transmitted out any port.
Page 405: Example 4, Securing Sensitive Information According To Subnet
2. The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows: •...
Page 406: Solving The Problem
To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem. Switch 1...
Page 407: Example 7, Dynamic Egress Application
Figure 13-18 Example 7, Dynamic Egress Application Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with FDB ID 0001 as the PVID on all ports. The following additional steps are required to configure the switch to solve this problem.
Page 408: Example 6, Locking A Mac Address To A Port Using Classification Rules
The following example illustrates how to add security by “locking” an individual MAC address to a port on the switch module (S1). This would typically be done to ensure that only a particular device can gain access to the network from a specific port. Traffic received by the switch from any MAC address other than the one assigned to the “locked”...
Page 409 • The Static VLAN Egress Configuration screen to set Ports 1 and 2 to transmit only untagged frames and add them to the VLAN Egress list of the switch. • The Static VLAN Egress Configuration screen to remove all ports from the Default VLAN List.
Page 410 Example 6, Locking a MAC Address to a Port Using Classification Rules 3. Remove all ports from the Default VLAN Egress List as follows: • The Default VLAN is selected from the Static VLAN Configuration screen to display the Static VLAN Egress Configuration screen. The following is set using the Static VLAN Egress Configuration screen: SET ALL PORTS: NO This configuration setting will cause the untagged frames sent to the Default VLAN from Ports...
Page 411: Generic Attribute Registration Protocol (Garp)
The purpose of GVRP is to dynamically create VLANs across a switched network. When a VLAN is declared, the information is transmitted out GVRP configured ports on the switch in a GARP formatted frame using the GVRP multicast MAC address. A switch that receives this frame, examines the frame, and extracts the VLAN IDs.
Page 412: How It Works
A-1, Switch 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Switch 1 and Switch 2. These two switches register this in the Port VLAN Lists of the ports (Switch 1, port 1 and Switch 2, port 1) that received the frames with the information.
Page 413: About Igmp
Internet Group Management Protocol (IGMP) is a multicast protocol used by routers. This protocol is supported by Enterasys Networks SmartSwitches when operating in the 802.1Q mode to “snoop” the IGMP frames. The multicast information is gleaned from the IGMP frame and a filter is created to send the stream of data only to those end stations that will receive it.
Page 414: B.2 Supported Features And Functions
Ports that receive queries are marked as upstream ports. It is assumed a router exists somewhere off this port, and responses are sent here. If the switch detects a router protocol on a port, that port is also marked as a router port. This keeps the switch from blocking traffic to other routers.
Page 415: B.3 Detecting Multicast Routers
The router(s) sends multicast routing protocol frames that get flooded throughout the network. By snooping on these protocol, the switch will mark ports as connected to a router. The port is put in a “forward all” mode where all multicast frames will be flooded. This allows all types of IP multicast traffic (including IGMP streams) to go to the router.
Page 417 Numerics 1D Connection 13-6 1D Trunk 8-20 1Q Connection 13-6 1Q Trunk 8-20 802.1 Configuration Menu screen 802.1p Configuration Menu screen 802.1Q switching mode hierarchy of 802.1Q VLAN Configuration Menu screen 802.3ad Aggregator Details screen screen fields Admin Key 6-43 Aggregator Instance 6-43 Collector Max Delay...
Page 418 MuxReason 6-39 MuxState 6-39 PartnerChangeCount 6-39 PartnerChurnCount 6-39 PartnerChurnState 6-39 Port Instance 6-38 PsyncTransCount 6-39 RxState 6-38 UnknownRx 6-38 802.3ad System screen 6-44 screen fields Number of Aggregators 6-45 Number of Ports 6-45 System Identifier 6-45 Acceptable Frame Type setting of 8-21 Access Control List screen 5-25...
Page 419 Configuration VLAN Spanning Tree VLAN Spanning Tree ports Configuration Process 13-8 Confining Network Traffic According to Priority and VLAN 9-35 Controlling Traffic example of 12-37 Current VLAN Configuration screen screen fields FDB ID 8-15 Ports on Egress 8-15 VLAN ID 8-15 VLAN Type 8-15...
Page 420 SessionFramesRx 3-47 SessionFramesTx 3-47 SessionID 3-47 SessionOctetsRx 3-47 SessionOctetsTx 3-47 EAP Statistics Menu screen 3-44 Egress Types on Ports setting of 8-12 Ethernet Interface Configuration screen screen fields Config Duplex FDX FC HDX FC Intf Link Port Port Type Speed Ethernet Port Configuration screen screen fields Advertised Ability...
Page 421 Querier Address 10-6 Querier Expire Time 10-6 Querier Uptime 10-6 Query Interval 10-5 Query Response Time 10-5 Switch Query IP VLAN ID Ingress Filtering enabling or disabling of port Input field Interface Statistics screen InOctets interface name 8-21 screen fields...
Page 422 13-6 Local Management clearing counters exiting from navigating the screens paging to next or previous screen requirements screen elements See also managing the switch Local Management screens selection of MAC Port Configuration screen screen fields Authentication State 3-55 Force Reauth...
Page 423 12-10 gigabit_port_mode 12-12 lg_frame_admin 12-13 link_trap 12-14 loopback_detect 12-14 netstat 12-18 non_bridge_if_num 12-18 passiveStp 12-19 ping 12-19 radius 12-20 rate_limit_mode 12-24 reset 12-24 sat_size 12-25 show 12-26, 12-31 show mac 12-27 soft_reset 12-28 stpEdgePort 12-28 stpForceVersion 12-29 stpPointToPointMAC 12-30 stpPort 12-32 stpRealTimeMsgAge 12-33...
Page 424 Port Redirect Configuration screen (module) Port Security setup example 13-36 Port VLAN list 13-6 Ports setting Egress types on 8-12 PREVIOUS command how to use Primary and Secondary Servers function of 3-16 Priority and VLAN isolating network according to Priority Classification Configuration screen screen fields 9-18 CLASSIFICATION...
Page 425 Port Type 9-39 Priority List 9-40 Priority List (top of screen) Redirect Configuration Menu screen xxii Related manuals Remote Management See also managing the switch Reset Peak Switch Utilization setting of 5-31 RMON Statistics screen 11-10 65 – 127 11-12 fragments...
Page 426 SNMP Configuration Menu screen SNMP Traps Configuration screen 10-2 Spanning Tree Configuration Menu screen Static VLAN Configuration screen Static VLAN Egress Configuration screen Switch Statistics screen System Resources Information screen Traffic Class Configuration screen 11-2 Traffic Class Information screen Transmit Queues Configuration screen...
Page 427 Port # System Authentication System Resources Information screen screen fields 12-38 CPU Type Current Switch Utilization DRAM Installed FLASH Memory Installed NVRAM Installed Peak Switch Utilization Reset Peak Switch Utilization 8-12 8-11 8-11 8-12 8-11 8-11 13-7 9-15 3-20 13-8...
Page 428 13-5 Tag Header 13-5 Tagged frame 13-5, 13-10 Telnet connections TFTP Gateway IP Addr 5-35 TFTP gateway IP addr Traffic Class Configuration screen screen fields Priority 9-11 SAVE 9-11 SAVE TO ALL PORTS Traffic Class 9-11 Traffic Class Information screen screen fields Port Priority...
Page 429 Src VLAN ID [n] (Selectable) Status (Toggle) 4-25 VLAN Spanning Tree configuring a VLAN Spanning Tree Ports configuration of 7-12 viewing status of 7-12 VLAN Switch Operation description of 13-9 Weighted Queueing Mode setting of 9-15 4-25 4-25 4-25 4-25...

This manual is also suitable for:

6g3xx 6h2xx 6h3xx Smartswitch 6000 Smartswitch 6h202-24 Smartswitch 6h252-17 ... Show all

Enterasys 6E2xx Local Management User’s Manual

About this Guide

Introduction

Local Management Requirements

Accessing Local Management

Chassis Menu Screens

Module Configuration Menu Screens

Port Configuration Menu Screens

Configuration Menu Screens

Q Vlan Configuration Menu Screens

Configuration Menu Screens

Quick Links

Related Manuals for Enterasys 6E2xx

Summary of Contents for Enterasys 6E2xx