Page 1: Management Guide
N 8.8 Gbps of aggregate switch bandwidth N LACP port trunking support N Port mirroring for non-intrusive analysis N Port security N Full support for IEEE 802.1Q VLANs with GVRP N IP Multicasting with IGMP Snooping N Manageable via console, Web, SNMP/RMON Management Guide SMC6624M...
Page 3 TigerStack II 10/100 Management Guide From SMC’s Tiger line of feature-rich workgroup LAN solutions 6 Hughes October 2001 Irvine, CA 92618 Pub. # 150000008200A R01 Phone: (949) 707-2400...
Page 4 Irvine, CA 92618 All rights reserved. Printed in Taiwan Trademarks: SMC is a registered trademark; and EZ Switch, TigerStack and TigerSwitch are trademarks of SMC Networks, Inc. Other product and company names are trademarks or registered trademarks of their respective holders.
Page 5 IMITED ARRANTY Limited Warranty Statement: SMC Networks, Inc. (“SMC”) warrants its products to be free from defects in workmanship and materials, under normal use and service, for the applicable warranty term. All SMC products carry a standard 90-day limited warranty from the date of purchase from SMC or its Authorized Reseller. SMC may, at its own discretion, repair or replace any product not operating as warranted with a similar or functionally equivalent product, during the applicable warranty term.
Page 6 * SMC will provide warranty service for one year following discontinuance from the active SMC price list. Under the limited lifetime warranty, internal and external power supplies, fans, and cables are covered by a standard one-year warranty from date of purchase. SMC Networks, Inc. 6 Hughes Irvine, CA 92618...
Page 7: Table Of Contents
Contents Contents 1 Selecting a Management Interface Understanding Management Interfaces ......1-1 Advantages of Using the Menu Interface ......1-2 Advantages of Using the CLI .
Page 8 Contents CLI Control and Editing ........3-15 4 Using the Web Browser Interface General Features .
Page 9 Contents How IP Addressing Affects Switch Operation ....5-8 DHCP/Bootp Operation ........5-9 Network Preparations for Configuring DHCP/Bootp .
Page 10 Port Trunking ..........6-9 SMC6624M Port Trunk Features and Operation ....6-10 Trunk Configuration Methods .
Page 11 Contents Reading Intrusion Alerts and Resetting Alert Flags ....7-20 Notice of Security Violations ......7-20 How the Intrusion Log Operates .
Page 12 Contents CLI: Configuring and Displaying Trap Receivers ....8-10 Using the CLI To List Current SNMP Trap Receivers ..8-10 Configuring Trap Receivers .
Page 13 Contents Status Messages ..........9-46 Port-Based Virtual LANs (Static VLANs) .
Page 14 Contents How IGMP Operates ........9-88 Role of the Switch .
Page 15 Contents Spanning Tree Protocol (STP) Information ....10-14 Menu Access to STP Data ....... 10-14 CLI Access to STP Data .
Page 16 Contents A Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) ..... . . A-1 Using TFTP To Download the OS File from a Server ... . . A-2 Menu: TFTP Download from a Server .
Page 17: Selecting A Management Interface
Advantages of using each interface Understanding Management Interfaces Management interfaces enable you to reconfigure the switch and to monitor switch status and performance. The SMC6624M switch offers the following interfaces: Menu interface—a menu-driven interface offering a subset of switch commands through the built-in VT-100/ANSI console—page 1-2 CLI—a command line interface offering the full set of switch commands...
Page 18: Advantages Of Using The Menu Interface
Selecting a Management Interface Advantages of Using the Menu Interface Advantages of Using the Menu Interface Figure 1-1. Example of the Console Interface Display Provides quick, easy management access to a menu-driven subset of switch configuration and performance features: • IP addressing •...
Page 19: Advantages Of Using The Cli
Selecting a Management Interface Advantages of Using the CLI Advantages of Using the CLI Operator Level SMC6624M> Manager Level SMC6624M# SMC6624M(config)# Global Configuration Level Context Configuration Levels (port, VLAN) SMC6624M(<context>)# Figure 1-2. Example of The Command Prompt Provides access to the complete set of the switch configuration, perfor- mance, and diagnostic features.
Page 20: Advantages Of Using The Web Browser Interface
Selecting a Management Interface Advantages of Using the Web Browser Interface Advantages of Using the Web Browser Interface Figure 1-3. Example of the Web Browser Interface Easy access to the switch from anywhere on the network Familiar browser interface--locations of window objects consistent with commonly used browsers, uses mouse clicking for navigation, no terminal setup Many features have all their fields in one screen so you can view all...
Page 21: Using The Menu Interface
Using the Menu Interface This chapter describes the following features: Overview of the Menu Interface (page 4-1) Starting and ending a Menu session (page 2-2) The Main Menu (page 2-6) Screen structure and navigation (page 2-8) Rebooting the switch (page 2-11) The menu interface operates through the switch console to provide you with a subset of switch commands in an easy-to-use menu format enabling you to: Perform a “quick configuration”...
Page 22: Starting And Ending A Menu Session
Using the Menu Interface Starting and Ending a Menu Session or Operator password. (If the switch has only a Manager password, then someone without a password can still gain read-only access.) For more information on passwords, see “Using Password Security” on page 7-2. Menu Interaction with Other Interfaces.
Page 23: How To Start A Menu Interface Session
Using the Menu Interface Starting and Ending a Menu Session How To Start a Menu Interface Session In its factory default configuration, the switch console starts with the CLI prompt. To use the menu interface with Manager privileges, go to the Manager level prompt and enter the menu command.
Page 24: How To End A Menu Session And Exit From The Console
Using the Menu Interface Starting and Ending a Menu Session Figure 2-1. The Main Menu with Manager Privileges For a description of Main Menu features, see “Main Menu Features” on page 2-6. N o t e To configure the switch to start with the menu interface instead of the CLI, go to the Manager level prompt, enter the command, and in the resulting setup...
Page 25 Using the Menu Interface Starting and Ending a Menu Session Asterisk indicates a configuration change that requires a reboot to activate. Figure 2-2. An Asterisk Indicates a Configuration Change Requiring a Reboot In the current session, if you have not made configuration changes that require a switch reboot to activate, return to the Main menu and press [0] (zero) to log out.
Page 26: Main Menu Features
Using the Menu Interface Main Menu Features Main Menu Features Figure 2-3. The Main Menu View with Manager Privileges The Main Menu gives you access to these Menu interface features: Status and Counters: Provides access to display screens showing switch information, port status and counters, port and VLAN address tables, and spanning tree information.
Page 27 Using the Menu Interface Main Menu Features Command Line (CLI): Selects the Command Line Interface at the same level (Manager or Operator) that you are accessing in the Menu interface. (See chapter 3, “Using the Command Line Interface (CLI).”) Reboot Switch: Performs a “warm” reboot of the switch, which clears most temporary error conditions, resets the network activity counters to zero, and resets the system up time to zero.
Page 28: Screen Structure And Navigation
Using the Menu Interface Screen Structure and Navigation Screen Structure and Navigation Menu interface screens include these three elements: Parameter fields and/or read-only information such as statistics Navigation and configuration actions, such as Save, Edit, and Cancel Help line to describe navigation options, individual parameters, and read- only data For example, in the following System Information screen: Screen title –...
Page 29 Using the Menu Interface Screen Structure and Navigation Table 4-1. How To Navigate in the Menu Interface Task: Actions: Execute an action Use either of the following methods: from the “Actions –>” • Use the arrow keys ( [<] ,or [>] ) to highlight the action you want list at the bottom of to execute, then press [Enter].
Page 30 Using the Menu Interface Screen Structure and Navigation To get Help on individual parameter descriptions. In most screens there is a Help option in the Actions line. Whenever any of the items in the Actions line is highlighted, press [H], and a separate help screen is displayed. For example: Pressing [H] or highlighting Help and pressing [Enter] displays Help for the...
Page 31: Rebooting The Switch
Using the Menu Interface Rebooting the Switch Rebooting the Switch Rebooting the switch from the menu interface Terminates all current sessions and performs a reset of the operating system Activates any configuration changes that require a reboot Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.) To Reboot the switch, use the Reboot Switch option in the Main Menu.
Page 32 Using the Menu Interface Rebooting the Switch Rebooting To Activate Configuration Changes. Configuration changes for most parameters become effective as soon as you save them. However, you must reboot the switch in order to implement a change in the Maximum .
Page 33: Menu Features List
Using the Menu Interface Menu Features List Menu Features List Status and Counters • General System Information • Switch Management Address Information • Port Status • Port Counters • Address Table • Port Address Table • Spanning Tree Information Switch Configuration •...
Page 34: Where To Go From Here
Using the Menu Interface Where To Go From Here Where To Go From Here This chapter provides an overview of the menu interface and how to use it. The following table indicates where to turn for detailed information on how to use the individual features available through the menu interface.
Page 35: Using The Command Line Interface (Cli)
Using the Command Line Interface (CLI) The CLI is a text-based command interface for configuring and monitoring the switch. The CLI gives you access to the switch’s full set of commands while providing the same password protection that is used in the web browser interface and the menu interface.
Page 36: Privilege Levels At Logon
Using the Command Line Interface (CLI) Using the CLI When you use the CLI to make a configuration change, the switch writes the change to the Running-Config file in volatile memory. This allows you to test your configuration changes before making them permanent. To make changes permanent, you must use the write memory command to save them to the Startup Config file in non-volatile memory.
Page 37: Privilege Level Operation
If no passwords are set when you log onto the CLI, you will enter at the Manager level. For example: SMC6624M# _ C a u t i o n SMC strongly recommends that you configure a Manager password. If a Man-...
Page 38: Manager Privileges
Global Configuration level prompt. For example, to select the context level for an existing VLAN with the VLAN ID of 10, you would enter the following command and see the indicated result: SMC6624M(config)# vlan 10 SMC6624M(vlan-10)#...
Page 39 Operator privilege level in the menu interface. Table 3-1. Privilege Level Hierarchy Privilege Level Example of Prompt and Permitted Operations Operator Privilege show <command> Operator Level SMC6624M> View status and configuration information. setup ping <argument> Perform connectivity tests. link-test <argument>...
Page 40: How To Move Between Levels
Global configuration level Global configuration SMC6624M(config)# vlan-10 level SMC6624M(vlan-10)# to a Context configuration level Context configuration SMC6624M(vlan-10)# interface ethernet 3 level SMC6624M(int-3)# to another Context configuration level Move from any level SMC6624M(int-3)# exit to the preceding level SMC6624M(config)# exit SMC6624M2# exit SMC6624M2>...
Page 41: Listing Commands And Command Options
Type “?” To List Available Commands. Typing the symbol lists the commands you can execute at the current privilege level. For example, typing ? at the Operator level produces this listing: SMC6624M> ? enable Enter the Manager Exec context exit...
Page 42 Using the Command Line Interface (CLI) Using the CLI Typing ? at the Manager level produces this listing: SMC6624M# ? boot Reboot the device configure Enter the Configuration context copy Copy datafiles to/from the switch Return to the Manager Exec context...
Page 43: Command Option Displays
CLI completes the current word (if you have typed enough of the word for the CLI to distinguish it from other possibilities), including hyphenated exten- sions. For example: SMC6624M(config)# port[Tab] SMC6624M(config)# port-security _ Pressing [Tab] after a completed command word lists the further options for that command. SMC6624M(config)# stack[Tab] commander <commander-str>...
Page 44: Displaying Cli "Help
SMC6624M(config)# trunk trk1 trunk 5-8 SMC6624M(config)# trunk trk1 trunk e 5-8 SMC6624M(config)# trunk trk1 lacp 5-8 SMC6624M(config)# trunk trk1 lacp e 5-8 Listing Command Options. You can use the CLI to remind you of the options available for a command by entering command keywords followed by .
Page 45 <command string> help Syntax: For example, to list the Help for the interface command in the Global Configuration privilege level: SMC6624M(config)# interface help Usage: interface ethernet <port-list> interface ethernet <port-list> commands Description: Enter the Interface Configuration Level, or execute one command on that level.
Page 46: Configuration Commands And The Context Configuration Modes
However, using a context mode enables you to execute context-specific commands faster, with shorter command strings. The SMC6624M offers interface (port or trunk group) and VLAN context configuration modes: Port or Trunk-Group Context . Includes port- or trunk-specific commands that apply only to the selected port(s) or trunk group, plus the global configuration, Manager, and Operator commands.
Page 47 Using the Command Line Interface (CLI) Using the CLI Lists the commands you can SMC6624M(eth-5-8)# ? use in the port or static trunk context, plus the Manager, SMC6624M(eth-5-8)# ? Operator, and context commands you can execute at this level. In the port context, the first block of commands in the "?"...
Page 48 VLAN ID of the selected VLAN. For example, if you had already configured a VLAN with an ID of 100 in the switch: Command executed at configura- SMC6624M(config)# vlan 100 tion level to enter VLAN 100 context.
Page 49: Cli Control And Editing
Using the Command Line Interface (CLI) CLI Control and Editing CLI Control and Editing Keystrokes Function [Ctrl] [A] Jumps to the first character of the command line. [Ctrl] [B] or [<] Moves the cursor back one character. [Ctrl] [C] Terminates a task and displays the command prompt. [Ctrl] [D] Deletes the character at the cursor.
Page 50 Using the Command Line Interface (CLI) CLI Control and Editing 3-16...
Page 51: Using The Web Browser Interface
Using the Web Browser Interface The web browser interface built into the switch lets you easily access the switch from a browser-based PC on your network. This lets you do the following: Optimize your network uptime by using the Alert Log and other diagnostic tools Make configuration changes to the switch Maintain security by configuring usernames and passwords...
Page 52: General Features
Using the Web Browser Interface General Features General Features The SMC6624M switch includes these web browser interface features: Switch Configuration: • Ports • VLANs and Primary VLAN • Port monitoring (mirroring) • System information • Enable/Disable Multicast Filtering (IGMP) and Spanning Tree •...
Page 53: Web Browser Interface Requirements
Using the Web Browser Interface Web Browser Interface Requirements Web Browser Interface Requirements You can use equipment meeting the following requirements to access the web browser interface on your intranet. Table 4-1. System Requirements for Accessing the Web Browser Interface Platform Entity and OS Version Minimum Recommended...
Page 54: Starting A Web Browser Interface Session With The Switch
Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Starting a Web Browser Interface Session with the Switch You can start a web browser session in the following ways: Using a standalone web browser on a network connection from a PC or UNIX workstation: •...
Page 55 Using the Web Browser Interface Starting a Web Browser Interface Session with the Switch Alert First-Time Install Alert Figure 4-1. Example of Status Overview Screen N o t e The above screen appears somewhat different if the switch is configured as a stack Commander.
Page 56: Tasks For Your First Web Browser Interface Session
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Tasks for Your First Web Browser Interface Session The first time you access the web browser interface, there are three tasks that you should perform: Review the “First Time Install” window Set Manager and Operator passwords Viewing the “First Time Install”...
Page 57: Creating User Names And Passwords In The Browser Interface
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session This window is the launching point for the basic configuration you need to perform to set web browser interface passwords to maintain security. To set web browser interface passwords, click on secure access to the device to display the Device Passwords screen, and then go to the next page.
Page 58: Using The Passwords
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session To set the passwords: Access the Device Passwords screen by one of the following methods: • If the Alert Log includes a “First Time Install” event entry, double click on this event, then, in the resulting display, click on the secure access to the device link.
Page 59: Using The User Names
Using the Web Browser Interface Tasks for Your First Web Browser Interface Session Entering the operator password gives you read and limited write capabil- ities. Using the User Names If you also set user names in the web browser interface screen, you must supply the correct user name for web browser interface access.
Page 60: Support/Mgmt Url Feature
Using the Web Browser Interface Support/Mgmt URL Feature Support/Mgmt URL Feature The Support/Mgmt URL window enables you to change the World Wide Web Universal Resource Locator (URL) for a support information site for your switch. 1. Click Here 2. Click Here 4.
Page 61: Status Reporting Features
Using the Web Browser Interface Status Reporting Features Status Reporting Features Browser elements covered in this section include: The Overview window (below) Port utilization and status (page ) The Alert log (page ) The Status bar (page ) The Overview Window The Overview Window is the home screen for any entry into the web browser interface.The following figure identifies the various parts of the screen.
Page 62: The Port Utilization And Status Displays
Using the Web Browser Interface Status Reporting Features The Port Utilization and Status Displays The Port Utilization and Status displays show an overview of the status of the switch and the amount of network activity on each port. The following figure shows a sample reading of the Port Utilization and Port Status.
Page 63 Using the Web Browser Interface Status Reporting Features Maximum Activity Indicator: As the bars in the graph area change height to reflect the level of network activity on the corresponding port, they leave an outline to identify the maximum activity level that has been observed on the port.
Page 64: Port Status
Using the Web Browser Interface Status Reporting Features Port Status Port Status Indicators Legend Figure 4-10. The Port Status Indicators and Legend The Port Status indicators show a symbol for each port that indicates the general status of the port. There are four possible statuses: Port Connected –...
Page 65: The Alert Log
Using the Web Browser Interface Status Reporting Features The Alert Log The web browser interface Alert Log, shown in the lower half of the screen, shows a list of network occurrences, or alerts, that were detected by the switch. Typical alerts are Broadcast Storm, indicating an excessive number of broadcasts received on a port, and Problem Cable, indicating a faulty cable.
Page 66: Alert Types
Using the Web Browser Interface Status Reporting Features Alert Types The following table lists the types of alerts that can be generated. Table 4-2. Alert Strings and Descriptions Alert String Alert Description First Time Install Important installation information for your switch. Too many undersized/ A device connected to this port is transmitting packets shorter than 64 bytes or longer than giant packets...
Page 67: Viewing Detail Views Of Alert Log Entries
Using the Web Browser Interface Status Reporting Features N o t e When troubleshooting the sources of alerts, it may be helpful to check the switch’s Port Status and Port Counter windows and the Event Log in the console interface. Viewing Detail Views of Alert Log Entries By double clicking on Alert Entries, the web browser interface displays a Detail View or separate window detailing information about the events.
Page 68 Using the Web Browser Interface Status Reporting Features Table 4-3. Status Indicator Key Color Switch Status Status Indicator Shape Blue Normal Activity; "First time installation" information available in the Alert log. Green Normal Activity Yellow Warning Critical System Name. The name you have configured for the switch by using Identity screen, system name command, or the switch console System Information screen.
Page 69: Configuring Ip Addressing, Time Synchronization, Interface Access, And System Information
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information This chapter describes the switch configuration features available in the menu interface, CLI and web browser interface. For help on how to use these interfaces, refer to: Chapter 2, “Using the Menu Interface” Chapter 3, “Using the Command Line Interface (CLI)”...
Page 70: Ip Configuration
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information IP Configuration IP Configuration IP Configuration Features Feature Default Menu IP Address and Subnet Mask DHCP/Bootp page 5-4 page 5-6 page 5-8 Default Gateway Address none page 5-4 page 5-6 page 5-8 Packet Time-To-Live (TTL) 64 seconds...
Page 71: Just Want A Quick Start
Switch Setup screen to quickly configure IP addressing. To do so, do one of the following: Enter setup at the CLI Manager level prompt. SMC6624M# setup Select 8. Run Setup in the Main Menu of the menu interface. For more on using the Switch Setup screen, see the Installation Guide you received with the switch.
Page 72: Ip Addressing In A Stacking Environment
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information IP Configuration The switch searches for the default gateway device through the primary VLAN. By default, the DEFAULT_VLAN is the switch’s primary VLAN. However, you can use the CLI to select a different primary VLAN if more than one VLAN exists on the switch.
Page 73 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information IP Configuration To Configure IP Addressing. From the Main Menu, Select. 2. Switch Configuration ... 5. IP Configuration N o t e If multiple VLANs are configured, a screen showing all VLANs appears instead of the following screen.
Page 74: Cli: Configuring Ip Address, Gateway, And Time-To-Live (Ttl)
Timep configuration. Syntax: show ip For example, in the factory-default configuration (no IP addressing assigned), the switch’s IP addressing appears as: SMC6624M# show ip The Default IP Configuration on Internet (IP) Service the SMC6624M...
Page 75 This example configures IP addressing on the default VLAN with the subnet mask specified in mask bits. SMC6624M(config)# vlan 1 ip address 10.28.227.103/255.255.255.0 This example configures the same IP addressing as the preceding example, but specifies the subnet mask by mask length.
Page 76: Web: Configuring Ip Addressing
Syntax: ip default-gateway <ip-address> For example: SMC6624M(config)# ip default-gateway 11.28.227.115 You can execute this command only from the global configuration level. Configure Time-To-Live (TTL). This command sets the time that a packet outbound from the switch can exist on the network. The default setting is 64 seconds.
Page 77: Dhcp/Bootp Operation
N o t e The SMC6624M switch is compatible with both DHCP and Bootp servers. The DHCP/Bootp Process. Whenever the IP Config parameter in the switch or in an individual VLAN in the switch is configured to DHCP/Bootp (the...
Page 78 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information IP Configuration DHCP/Bootp requests are automatically broadcast on the local network. (The switch sends one type of request to which either a DHCP or Bootp server can respond.) When a DHCP or Bootp server receives the request, it replies with a previously configured IP address and subnet mask for the switch.
Page 79 If you have multiple switches that will be using Bootp to get their IP configuration, you should use a unique symbolic name for each switch. is the “hardware type”. For the SMC6624M, set this to ether (for Ethernet). This tag must precede the ha tag.
Page 80: Network Preparations For Configuring Dhcp/Bootp
Bootp report format. For the SMC6624M, set this parameter to rfc1048. N o t e The above Bootp table entry is a sample that will work for the SMC6624M when the appropriate addresses and file names are used. Network Preparations for Configuring DHCP/Bootp In its default configuration, the switch is configured for DHCP/Bootp opera- tion.
Page 81: Globally Assigned Ip Network Addresses
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information IP Configuration Globally Assigned IP Network Addresses If you intend to connect your network to other networks that use globally administered IP addresses, SMC strongly recommends that you use IP addresses that have a network address assigned to you.
Page 82: Time Synchronization Protocol Options
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Time Synchronization Protocol Options TimeP Time Synchronization You can either manually assign the switch to use a TimeP server or use DHCP to assign the TimeP server. In either case, the switch can get its time synchro- nization updates from only one, designated Timep server.
Page 83: Overview: Selecting A Time Synchronization Protocol Or Turning Off Time Protocol Operation
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Overview: Selecting a Time Synchronization Protocol or Turning Off Time Protocol Operation General Steps for Running a Time Protocol on the Switch: Select the time synchronization protocol: SNTP or TimeP (the default). Enable the protocol.
Page 84: Sntp: Viewing, Selecting, And Configuring
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options SNTP: Viewing, Selecting, and Configuring SNTP Features Feature Default Menu view the SNTP time synchronization configuration page 5-17 page 5-19 — select SNTP as the time synchronization method timep page 5-17 pages 5-20 ff.
Page 85: Menu: Viewing And Configuring Sntp
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Menu: Viewing and Configuring SNTP To View, Enable, and Modify SNTP Time Protocol: From the Main Menu, select: 2. Switch Configuration... 1. System Information Time Protocol Selection Parameter –...
Page 86 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Use the Space bar to select the Unicast mode, then do the following: • Press [>] to move the cursor to the Server Address field. ii. Enter the IP address of the SNTP server you want the switch to use for time synchronization.
Page 87: Cli: Viewing And Configuring Sntp
For example, if you configured the switch with SNTP as the time synchroni- zation method, then enabled SNTP in broadcast mode with the default poll interval, show sntp lists the following: SMC6624M# show sntp SNTP Configuration Time Sync Mode: Sntp...
Page 88 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options SMC6624M# show sntp Even though, in this example, TimeP is the current time synchronous method, the SNTP Configuration switch maintains the SNTP configuration. Time Sync Mode: Timep...
Page 89 3. Enable SNTP for Broadcast mode. 4. View the SNTP configuration again to verify the configuration. The commands and output would appear as follows: SMC6624M(config)# show sntp show sntp displays the SNTP configuration and also shows that TimeP is the currently active time synchronization mode.
Page 90 10.28.227.141 with the default server version (3) and default poll interval (720 seconds): Selects SNTP. SMC6624M(config)# timesync sntp Activates SNTP in Unicast SMC6624M(config)# sntp unicast mode. SMC6624M(config)# sntp server 10.28.227.141 Specifies the SNTP server and accepts the current SNTP server version (default: 3) SMC6624M(config)# show sntp SNTP Configuration...
Page 91 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options SMC6624M(config)# no sntp server 10.28.227.141 SMC6624M(config)# sntp server 10.28.227.141 4 Deletes unicast SNTP server entry. SMC6624M(config)# show sntp Re-enters the unicast server with a non- SNTP Configuration default protocol version.
Page 92 10.28.227.141 and a server version of 3 (the default), no sntp changes the SNTP configuration as shown below, and disables time synchronization on the switch. SMC6624M(config)# no sntp SMC6624M(config)# show sntp SNTP Configuration Even though the Time Sync Mode is set to...
Page 93: Timep: Viewing, Selecting, And Configuring
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options TimeP: Viewing, Selecting, and Configuring Timep Features Feature Default Menu view the Timep time synchronization configuration page 5-25 page 5-27 — select Timep as the time syncronization method TIMEP page 5-24 pages 5-28 ff.
Page 94 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Time Protocol Selection Parameter – TIMEP (the default) – SNTP – None Figure 5-11. The System Information Screen (Default Values) ). The cursor moves to the System Name field. Press [E] (for Edit Use [v] to move the cursor to the Time Sync Method field.
Page 95: Cli: Viewing And Configuring Timep
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options iii. Press [>] to move the cursor to the Poll Interval field, then go to step 6. In the Poll Interval field, enter the time in minutes that you want for a TimeP Poll Interval.
Page 96 For example, if you configure the switch with TimeP as the time synchroniza- tion method, then enable TimeP in DHCP mode with the default poll interval, lists the following: show timep SMC6624M(config)# show timep Timep Configuration Time Sync Mode: Timep TimeP Mode : DHCP...
Page 97 Timep Configuration Time Sync Mode: Sntp TimeP Mode : Disabled SMC6624M(config)# timesync timep SMC6624M(config)# ip timep dhcp SMC6624M(config)# show timep show timep again displays the TimeP configuration and shows that TimeP is Timep Configuration now the currently active time synchronization mode.
Page 98 TimeP server address of 10.28.227.141 and the default poll interval (720 minutes, assuming the TimeP poll interval is already set to the default): Selects TimeP. SMC6624M(config)# timesync timep SMC6624M(config)# ip timep manual 10.28.227.141 Activates TimeP in Manual mode. SMC6624M(config)# timesync timep SMC6624M(config)# ip timep manual 10.28.227.141...
Page 99 For example, if the switch is running TimeP in DHCP mode, no ip timep changes the TimeP configuration as shown below, and disables time synchronization on the switch. SMC6624M(config)# no ip timep SMC6624M(config)# show timep Timep Configuration Even though the Time Sync Mode is set to Timep,...
Page 100: Sntp Unicast Time Polling With Multiple Sntp Servers
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options SNTP Unicast Time Polling with Multiple SNTP Servers When running SNTP unicast time polling as the time synchronization method, the switch requests a time update from the server you configured with either the Server Address parameter in the menu interface, or the primary server in a list of up to three SNTP servers configured using the CLI.
Page 101: Adding And Deleting Sntp Server Addresses
(See “Address Prioritization” on page 5-32.) no sntp server <ip-addr> Syntax: For example, to delete the primary address in the above example (and automatically convert the secondary address to primary): SMC6624M(config)# no sntp server 10.28.227.141 5-33...
Page 102: Menu Interface Operation With Multiple Sntp Server Addresses Configured
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Time Synchronization Protocol Options Menu Interface Operation with Multiple SNTP Server Addresses Configured When you use the Menu interface to configure an SNTP server IP address, the new address writes over the current primary address, if one is configured. If there are multiple addresses configured, the switch re-orders the addresses according to the criteria described under “Address Prioritization”...
Page 103: Interface Access: Console/Serial Link, Web, And Inbound Telnet
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access: Console/Serial Link, Web, and Inbound Telnet Interface Access Features Feature Default Menu Inactivity Time 0 Minutes page 5-36 page 5-38 —...
Page 104: Menu: Modifying The Interface Access
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet Menu: Modifying the Interface Access The menu interface enables you to modify these parameters: Inactivity Timeout Inbound Telnet Enabled Web Agent Enabled To Access the Interface Access Parameters: From the Main Menu, Select...
Page 105: Cli: Modifying The Interface Access
Listing the Current Console/Serial Link Configuration. This com- mand lists the current interface access parameter settings. show console Syntax: This example shows the switch’s default console/serial configuration. SMC6624M# show console Console/Serial Link Interface Access Enable/Disable Inbound Telnet Enabled : Yes...
Page 106 Reconfigure Web Browser Access. In the default configuration, web browser access is enabled. Syntax:[no] web-management To disable web browser access: SMC6624M(config)# no web-management To re-enable web browser access: SMC6624M(config)# web-management Reconfigure the Console/Serial Link Settings. You can reconfigure one or more console parameters with one console command.
Page 107 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information Interface Access: Console/Serial Link, Web, and Inbound Telnet SMC6624M(config)# console terminal vt100 baud 19200 flow-control none inactivity -timer 10 events critical Command will take effect after saving configuration and reboot.
Page 108: System Information
Daylight Time Rule: Specifies the daylight savings time rule to apply for your location. The default is None. (For more on this topic, see appendix D, “Daylight Savings Time on the SMC6624M.”) Time: Used in the CLI to specify the time of day, the date, and other system parameters.
Page 109: Menu: Viewing And Configuring System Information
Configuring IP Addressing, Time Synchronization, Interface Access, and System Information System Information Menu: Viewing and Configuring System Information To access the system information parameters: From the Main Menu, Select... 3. Switch Configuration... 1. System Information System Information Figure 5-23. The System Information Configuration Screen (Default Values) N o t e To help simplify administration, it is recommended that you configure System Name to a character string that is meaningful within your system.
Page 110: Cli: Viewing And Configuring System Information
Note that no blank spaces are allowed in the variables for these commands. For example, to name the switch “Blue” with “Ext-3002” as the system contact, and “North-Data-Room” as the location: SMC6624M(config)# hostname Blue Blue(config)# snmp-server contact Ext-3002 location North-Data-Room Blue(config)# show system-information...
Page 111 <none | alaska | continental-us-and-canada | middle-europe-and-portugal | southern-hemisphere | western-europe | user-defined> For example, this command configures the time zone and daylight time rule for Vancouver, British Columbia in Canada (time zone 8 = 480 minutes): SMC6624M(config)# time timezone 480 daylight-time-rule continental-us-and-canada 5-43...
Page 112: Web: Configuring System Parameters
[hh:mm[:ss]] [mm/dd/ [yy]yy] Syntax: For example, to set the switch to 3:45 p.m. on October 1, 2000: SMC6624M(config)# time 15:45 10/01/00 N o t e Executing reload or boot resets the time and date to their default startup values.
Page 113: Optimizing Port Usage Through Traffic Control And Port Trunking
Optimizing Port Usage Through Traffic Control and Port Trunking Overview This chapter includes: Configuring ports, including mode (speed and duplex), flow control, and broadcast control parameters (page 6-1) Creating and modifying a dynamic LACP or static port trunk group (page 6-9) Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch.
Page 114: Viewing Port Status And Configuring Port Parameters
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Table 6-1. Status and Parameters for Each Port Type Status or Description Parameter Intrusion Alert Yes: The switch has detected an attempt by an unauthorized device to communicate through the (read-only) indicated port.
Page 115 Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Status or Description Parameter 100/1000Base-T ports: • Auto (default): Senses speed and negotiates with the port at the other end of the link for port operation (MDI-X or MDI).
Page 116: Menu: Viewing Port Status And Configuring Port Parameters
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Menu: Viewing Port Status and Configuring Port Parameters From the menu interface, you can configure and view all port parameter settings and view all port status indicators. Using the Menu To View Port Status.
Page 117: Cli: Viewing Port Status And Configuring Port Parameters
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Figure 6-27. Example of Port/Trunk Settings with a Trunk Group Configured Press [E] (for Edit). The cursor moves to the Enabled field for the first port. Refer to the online help provided with this screen for further information on configuration options for these features.
Page 118 Syntax: show interface config The next two figures list examples of the output of the above two commands for the same port configuration on the SMC6624M. SMC6624M> show interfaces Status and Counters - Port Status | Intrusion Flow...
Page 119 For example, to configure ports 1 through 4 and port 7 for 100Mbps full-duplex with a broadcast limit of 20%, you would enter these commands: SMC6624M(config)# int e 1-4,7 speed-duplex 100-full SMC6624M(config)# int e 1-4,7 broadcast-limit 20 Similarly, to configure a single port with the settings in the above command, you could either enter the same commands with only the one port identified, or go to the context level for that port and then enter the commands.
Page 120: Web: Viewing Port Status And Configuring Port Parameters
Optimizing Port Usage Through Traffic Control and Port Trunking Viewing Port Status and Configuring Port Parameters Web: Viewing Port Status and Configuring Port Parameters In the web browser interface: Click on the Configuration tab. Click on [Port Configuration]. Select the ports you want to modify and click on [Modify Selected Ports]. After you make the desired changes, click on [Apply Settings].
Page 121: Port Trunking
Up to 4000 Mbps 3 Ports Up to 60 Mbps Up to 600 Mbps n/a* 4 Ports Up to 80 Mbps Up to 800 Mbps n/a* The SMC6624M offers a maximum of two gigabit links if optional gigabit modules are installed.
Page 122: Smc6624M Port Trunk Features And Operation
LACP (IEEE 802.3ad—page 6-23) Trunk (non-protocol—page 6-26) The SMC6624M switch supports one trunk group of up to four ports. (Using the Link Aggregation Control Protocol—LACP—option, you can include standby trunked ports in addition to the maximum of four actively trunking ports.)
Page 123: Trunk Configuration Methods
LACP option to Active on the ports you want to use for the trunk. For example, the following command sets ports 1-4 to LACP active: SMC6624M(config) int e 1-4 lacp active Note that the above example works if the ports are not already operating in a trunk.
Page 124 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Table 6-4. Trunk Configuration Protocols Protocol Trunking Options LACP Provides dynamic and static LACP trunking options. (802.3ad) • Dynamic LACP — Use the switch-negotiated dynamic LACP trunk when: – The port on the other end of the trunk link is configured for Active or Passive LACP. –...
Page 125 Media: All ports on both ends of a trunk group must have the same media type and mode (speed and duplex). The switch blocks any trunked links that do not conform to this rule. (For the SMC6624M, SMC recommends leaving the port Mode...
Page 126 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Spanning Tree Protocol (STP): STP operates as a global setting on the switch (one instance of STP per switch). However, you can adjust STP parameters on a per-port basis. A static trunk of any type appears in the STP configuration display, and you can configure STP parameters for a static trunk in the same way that you would configure STP parameters on a non-trunked port.
Page 127: Menu: Viewing And Configuring A Static Trunk Group
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking Menu: Viewing and Configuring a Static Trunk Group I m p o r t a n t Configure port trunking before you connect the trunked links to another switch, routing switch, or server. Otherwise, a broadcast storm could occur. (If you need to connect the ports before configuring them for trunking, you can temporarily disable the ports until the trunk is configured.
Page 128 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking switch automatically adjusts Broadcast Limit settings to be the same for all ports in a trunk.) To verify these settings, see “Viewing Port Status and Configuring Port Parameters” on page 6-1. •...
Page 129: Check The Event Log (Page 11-10) To Verify That The Trunked Ports Are Operating Properly
Omitting the <port-list> parameter results in a static trunk data listing for all LAN ports in the switch. This example uses a port list to specify only the switch ports an administrator wants to view: SMC6624M# show trunk 5-8 Load Balancing Port Type | Group Type...
Page 130 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking The show trunk command in this example does not include a port list. As a result, the listing shows static trunk group information for all switch ports. SMC6624M# show trunk Load Balancing Port Type | Group Type...
Page 131: Using The Cli To Configure A Static Or Dynamic Trunk Group
See “Using the CLI To Configure Ports” on page 6-6.) On the SMC6624M, you can configure one port trunk group having up to four links (with additional standby links if you’re using LACP). Options include:...
Page 132 N o t e The following examples show how to create different types of trunk groups. However, the SMC6624M allows only one trunk group at any time. Configuring a Static Trunk or Static LACP Trunk Group. Syntax: trunk trk1 <trunk | lacp> <port-list>...
Page 133 For port interface commands, the command line accepts only one parameter at a time (instead of combining several in one command). This example uses ports 5 and 6 to enable a dynamic LACP trunk group. SMC6624M(config)# interface 5-6 lacp active 6-21...
Page 134: Web: Viewing Existing Port Trunk Groups
1 from the dynamic trunk and return it to passive LACP, you would do the following: SMC6624M >(config)# no interface 1 lacp SMC6624M >(config)# interface 1 lacp passive Note that in the above example, if the port on the other end of the link is configured for active LACP or static LACP, the trunked link will be re- established almost immediately.
Page 135: Trunk Group Operation Using Lacp
Included in listing. Not included. Port/Trunk Settings screen in menu interface Included in listing. Not included In most cases, trunks configured for LACP on the SMC6624M operate as described in table 6-6: Table 6-6. LACP Trunk Types LACP Port Trunk...
Page 136: Default Port Operation
The following table describes the elements of per-port LACP operation. To display this data for a particular switch, execute the following command in the CLI: SMC6624M > show lacp Table 6-7. LACP Port Status Data...
Page 137: Lacp Notes And Restrictions
LACP Partner Yes: LACP is enabled on both ends of the link. No: LACP is enabled on the SMC6624M, but is not enabled, or LACP has not been detected on the opposite device. LACP Status Success: LACP is enabled on the port, detects and synchronizes with a device on the other end of the link, and can move traffic across the link.
Page 138: Trunk Group Operation Using The "Trunk" Option
Use the Trunk option when you are trying to establish a trunk group between the SMC6624M and another device, but the other device’s trunking operation fails to interoperate properly with LACP trunking configured on the SMC6624M.
Page 139: How The Switch Lists Trunk Data
Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking How the Switch Lists Trunk Data Static Trunk Group: Appears in the menu interface and the output from the CLI show trunk and show interfaces commands. Dynamic LACP Trunk Group: Appears in the output from the CLI show lacp command.
Page 140 Optimizing Port Usage Through Traffic Control and Port Trunking Port Trunking management software available from SMC to quickly and easily identify the sources of heavy traffic (top talkers) and make adjustments to improve performance. Broadcasts, multicasts, and floods from different source addresses are dis- tributed evenly across the links.
Page 141: Using Passwords, Port Security, And Authorized Ip Managers To Protect Against Unauthorized Access
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Manager and Operator passwords (page 7-2): Control access and privileges for the command line and menu interfaces (through either the console port or Telnet) and the web browser interface through the net- work.
Page 142: Using Password Security
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Using Password Security Password Features Feature Default Menu Set a Password no passwords set page 7-3 page 7-5 page 7-6 Set User Names no user names set — —...
Page 143: Menu: Setting Manager And Operator Passwords
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security If you set a Manager password, you may also want to configure the Inactivity Time parameter (see page 5-35). This causes the console session to end after the specified period of inactivity, thus giving you added security against unauthorized console access.
Page 144 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Figure 7-1. The Set Password Screen To set a new password: Select Set Manager Password or Set Operator Password. You will then be prompted with Enter new password. b.
Page 145: Cli: Setting Manager And Operator Passwords
Syntax: password <manager | operator> no password • Password entries SMC6624M(config)# password manager appear as asterisks. New password: ***** Please retype new password: ***** • You must type each SMC6624M(config)# password operator...
Page 146: Web: Configuring User Names And Passwords
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security Web: Configuring User Names and Passwords In the web browser interface you can enter both user names and passwords. Because user names do not apply in the menu interface and the CLI, they affect only your access to the switch through the web browser interface.
Page 147: Configuring And Monitoring Port Security
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Configuring and Monitoring Port Security Feature Default Menu Displaying Current Port Security n/a — page 7-14 page 7-20 Configuring Port Security disabled —...
Page 148: Blocking Unauthorized Traffic
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Intrusion Log entries in either the menu interface, CLI, or web browser interface For any port, you can configure the following: Authorized (MAC) Addresses: Specify up to eight devices (MAC addresses) that are allowed to send inbound traffic through the port.
Page 149: Trunk Group Exclusion
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Physical Topology Logical Topology for Access to Switch A Switch A Switch A Port Security Port Security Configured Configured PC 1 PC 1 MAC Address MAC Address Authorized by Switch A...
Page 150: Recommended Port Security Procedures
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security b. Which devices (MAC addresses) are authorized on each port (up to 8 per port)? For each port, what security actions do you want? (The switch automatically blocks intruders detected on that port from transmit- ting to the network.) You can configure the switch to (1) send intru- sion alarms to an SNMP management station and to (2) optionally...
Page 151: Cli: Port Security Command Options And Operation
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security CLI: Port Security Command Options and Operation Port Security Commands Used in This Section show port-security page 7-14: “CLI: Displaying Current Port Security Settings” port-security page 7-15: “CLI: Configuring Port Security”...
Page 152 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Table 7-1. Port Security Parameters Parameter Description Port List <[ethernet] port-list> Identifies the port or ports on which to apply a port security command. Learn learn-mode <static | continuous>...
Page 153 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Parameter Description Assigned/Authorized Address: If you manually assign a MAC address (using the port-security <port- number> address-list <mac-addr> command) and then you execute a write memory command, the assigned MAC address remains in memory until you do one of the following: •...
Page 154: Cli: Displaying Current Port Security Settings
[<port number>-<port number]. . .[,<port number>] Without port parameters, displays Operating Control settings show port-security for all ports on a switch. For example: SMC6624M(config)# show port-security Port Security Port Learn Mode | Action ---- ---------- + ------------------------ Static...
Page 155: Cli: Configuring Port Security
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security SMC6624M(config)# show port-security 3 Port Security Port : 3 Learn Mode : Static Address Limit : 1 Action : Send Alarm Authorized Addresses...
Page 156 MAC address of 0c0090-123456 as the authorized device instead of allowing the port to automatically assign the first device it detects as an authorized device. SMC6624M(config)# port-security 1 learn-mode static mac- address 0c0090-123456 action send-disable This example configures port 5 to:...
Page 157 With the above configuration for port 1, the following command adds the 0c0090-456456 MAC address as the second authorized address. SMC6624M(config)# port-security 1 mac-address 0c0090- 456456 After executing the above command, the security configuration for port 1 would be:...
Page 158 1 that raises the address limit to 2 and specifies the additional device’s MAC address. For example: SMC6624M(config)# port-security 1 mac-address 0c0090- 456456 address-limit 2 Removing a Device From the “Authorized” List for a Port. This com- mand option removes unwanted devices (MAC addresses) from the Autho- rized Addresses list.
Page 159 The following command serves this purpose by removing 0c0090-123456 and reducing the Address Limit to 1: SMC6624M(config) # port-security 1 address-limit 1 SMC6624M(config) # no port-security 1 mac-address 0c0090- 123456 The above command sequence results in the following configuration for port 1:...
Page 160: Web: Displaying And Configuring Port Security Features
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Web: Displaying and Configuring Port Security Features Click on the Security tab. Click on [Port Security]. Select the settings you want and, if you are using the Static Learn Mode, add or edit the Authorized Addresses field.
Page 161: How The Intrusion Log Operates
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security How the Intrusion Log Operates When the switch detects an intrusion attempt on a port, it enters a record of this event in the Intrusion Log. No further intrusion attempts on that port will appear in the Log until you acknowledge the earlier intrusion event by reset- ting the alert flag.
Page 162: Menu: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Menu: Checking for Intrusions, Listing Intrusion Alerts, and Resetting Alert Flags The menu interface indicates per-port intrusions in the Port Status screen, and provides details and the reset function in the Intrusion Log screen.
Page 163: Cli: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security The above example shows two intrusions for port 3 and one intrusion for port 1. In this case, only the most recent intrusion at port 3 has not been acknowledged (reset).
Page 164 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Syntax: List Intrusion Alert status. show interface List Intrusion Log content. show intrusion-log Clear Intrusion flags on all ports. clear intrusion-log port-security <port-number> clear-intrusion-flag Clear Intrusion flag on a specific port.
Page 165: Using The Event Log To Find Intrusion Alerts
(port 1 in this example). (Executing show intrusion-log again will result in the same display as above.) SMC6624M(config)# port-security 1 clear-intrusion- flag SMC6624M(config)# show interface Intrusion Alert on port 1 is now cleared. Figure 7-11. Example of Port Status Screen After Alert Flags Reset...
Page 166: Web: Checking For Intrusions, Listing Intrusion Alerts, And Resetting Alert Flags
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Log Command Log Listing with SMC6624M(config)# log security with Security Violation Keys: W=Warning I=Information “security” for Detected M=Major D=Debug Search String ----...
Page 167 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Configuring and Monitoring Port Security Enter your PC or workstation MAC address in the port’s Authorized Addresses list. Enter your PC or workstation’s IP address in the switch’s IP Authorized Managers list.
Page 168: Using Ip Authorized Managers
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Using IP Authorized Managers Authorized IP Manager Features Feature Default Menu Listing (Showing) Authorized page 7-31 page 7-32 page 7-34 Managers Configuring Authorized IP None page 7-31 page 7-32...
Page 169: Access Levels
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Access Levels For each authorized manager address, you can configure either of these access levels: Manager: Enables full access to all web browser and console interface screens for viewing, configuration, and all other operations available in these interfaces.
Page 170: Overview Of Ip Mask Operation
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Overview of IP Mask Operation The default IP Mask is 255.255.255.255 and allows switch access only to a station having an IP address that is identical to the Authorized Manager IP parameter value.
Page 171: Menu: Viewing And Configuring Ip Authorized Managers
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Menu: Viewing and Configuring IP Authorized Managers From the console Main Menu, select: 2. Switch Configuration . . . 7. IP Authorized Managers 1.
Page 172: Cli: Viewing And Configuring Authorized Ip Managers
<operator | manager> Listing the Switch’s Current Authorized IP Manager(s) Use the show ip authorized-managers command to list IP stations authorized to access the switch. For example: SMC6624M(config)# show ip authorized-managers IP Managers Authorized Manager IP IP Mask Access Level ---------------------- ---------------------- ---------------------- 10.28.227.101...
Page 173: Configuring Ip Authorized Managers For The Switch
10.28.227.101 mask 255.255.255.0 manager Similarly, the next command authorizes manager-level access for any station having an IP address of 10.28.227.101 through 103: SMC6624M (config)# ip authorized-managers 10.28.227.101 mask 255.255.255.252 manager If you omit the mask when adding a new authorized manager, the switch automatically uses 255.255.255.255 for the mask.
Page 174: Web: Configuring Ip Authorized Managers
10.28.227.101 To Delete an Authorized Manager Entry. This command uses the IP address of the authorized manager you want to delete: SMC6624M(config)# no ip authorized-managers 10.28.227.101 Web: Configuring IP Authorized Managers In the web browser interface you can configure IP Authorized Managers as described below.
Page 175: Configuring Multiple Stations Per Authorized Manager
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Table 7-2. Analysis of IP Mask for Single-Station Entries Manager-Level or Operator-Level Device Access Octet Octet Octet Octet IP Mask The “255” in each octet of the mask specifies that only the exact value in that octet of the corresponding IP address is allowed.
Page 176 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Table 7-3. Analysis of IP Mask for Multiple-Station Entries Manager-Level or Operator-Level Device Access Octet Octet Octet Octet IP Mask The “255” in the first three octets of the mask specify that only the exact value in the octet of the corresponding IP address is allowed.
Page 177: Additional Examples For Authorizing Multiple Stations
Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Additional Examples for Authorizing Multiple Stations Entries for Authorized Results Manager List IP Mask 255 255 0 This combination specifies an authorized IP address of 10.33.xxx.1. It could be applied, for example, to a subnetted network where each subnet is defined by the Authorized 248 1...
Page 178 Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers 7-38...
Page 179: Configuring For Network Management Applications
For more on EliteView, see the SMC website at http://www.smc.com This chapter includes: An overview of SNMP management for the switch Configuring the SMC6624M switch for: • SNMP management • SNMP Communities •...
Page 180: Snmp Management Features
Statistics for message and packet buffers, tcp, telnet, and timep (netswtst.mib) • Port counters, forwarding table, and CPU statistics (stat.mib) • TFTP download (downld.mib) • Integrated Communications Facility Authentication Manager and SNMP communities (icf.mib) • SMC6624M switch configuration (config.mib) • SMC VLAN configuration information (vlan.mib) supporting smcVlanGeneralGroup...
Page 181: Configuring For Snmp Access To The Switch
Configuring for Network Management Applications Configuring for SNMP Access to the Switch The switch SNMP agent also uses certain variables that are included in an SMC proprietary MIB file you can add to the SNMP database in your network management tool. Configuring for SNMP Access to the Switch SNMP access requires an IP address and subnet mask configured on the...
Page 182 Configuring for Network Management Applications Configuring for SNMP Access to the Switch C a u t i o n Deleting the community named “public” disables many network management functions (such as auto-discovery, traffic monitoring, SNMP trap generation, and threshold setting). If security for network management is a concern, it is recommended that you change the write access for the “public”...
Page 183: Snmp Communities
Configuring for Network Management Applications SNMP Communities SNMP Communities SNMP Community Features Feature Default Menu show community name page 8-5 page 8-7 — configure identity information none — page 8-8 configure community names public page 8-5 page 8-8 — " "...
Page 184 Configuring for Network Management Applications SNMP Communities Note: This screen gives an overview of the SNMP communities that are currently Add and Edit options are configured. All fields in used to modify the SNMP this screen are read- options. See figure 8-2. only.
Page 185: Cli: Viewing And Configuring Community Names
8-9). show snmp-server [<community-string>] Syntax: This example lists the data for all communities in a switch; that is, both the default “public” community name and another community named “red-team.” SMC6624M(config)# show snmp-server Default Community and SNMP Communities Settings Community Name...
Page 186: Configuring Identity Information
For example, to configure the switch with “Site-LAN-Ext.449” and a location of “Level-2-North,” you would execute the following command: SMC6624M(config)# snmp-server contact Site-LANExt.449 location Level-2-North Configuring Community Names and Values If you enter a community name without an operator or manager designation, the switch automatically assigns the community to Operator for the MIB view.
Page 187: Trap Receivers And Authentication Traps
N o t e Fixed or “Well-Known” Traps: The SMC6624M switch automatically sends fixed traps (such as “coldStart,” “warmStart,” “linkDown,” and “linkUp”) to trap receivers using a public community name. These traps cannot be redi- rected to other communities.
Page 188: Cli: Configuring And Displaying Trap Receivers
In the next example, the show snmp-server command shows that the switch has been previously configured to send SNMP traps to management stations belonging to the “public,” “red-team,” and “blue-team” communities. SMC6624M(config)# show snmp-server Example of Community SNMP Communities Name Data (See page 8-5.)
Page 189: Configuring Trap Receivers
<community-str> <ip-address> [<none | all | non-info | critical | debug>] For example, to configure a trap receiver in a community named “red-team” with an IP address of 10.28.227.130 to receive only “critical” log messages: SMC6624M(config)# snmp-server trap-receiver red-team 10.28.227.130 critical N o t e If you do not specify the event level ([<none | all | non-info | critical | debug>])
Page 190: Advanced Management: Rmon Support
Configuring for Network Management Applications Advanced Management: RMON Support Advanced Management: RMON Support The switch supports RMON (Remote Monitoring) on all connected network segments. This allows for troubleshooting and optimizing your network. RMON The following RMON groups are supported: Ethernet Statistics (except the numbers of packets of different frame sizes) Alarm History (of the supported Ethernet statistics) Event...
Page 191: Configuring Advanced Features
Configuring Advanced Features This chapter describes the following features and how to configure them with the switch’s built-in interfaces: Stack Management (Page 9-2): Use your network to stack switches without the need for any specialized cabling. Port-Based VLANs — Page 9-47: GVRP —...
Page 192: Stack Management
9-12 page 9-44 Stack Management (termed stacking) enables you to use a single IP address and standard network cabling to manage a group of up to 16 SMC6624M switches in the same IP subnet (broadcast domain). Using stacking, you can:...
Page 193 Eliminate any specialized cables for stacking connectivity and remove the distance barriers that typically limit your topology options when using other stacking technologies. Add SMC6624M switches to your network without having to first perform IP addressing tasks.
Page 194: Components Of Stack Management
Configuring Advanced Features Stack Management Components of Stack Management Table 9-1. Stacking Definitions Stack Consists of a Commander switch and any Member switches belonging to that Commander’s stack. Commander A switch that has been manually configured as the controlling device for a stack. When this occurs, the switch’s stacking configuration appears as Commander.
Page 195: Operating Rules For Stacking
Configuring Advanced Features Stack Management Use the Commander’s console or web Wiring Closet "A" browser interface to access the user Member Switch 1 Candidate Switch interface on any Member switch in IP Address: None Assigned IP Address: None Assigned the same stack. Network Backbone Manager Password: leader Manager Password: francois...
Page 196: Specific Rules
Configuring Advanced Features Stack Management If multiple VLANs are configured, stacking uses only the primary VLAN on any switch. In the factory-default configuration, the DEFAULT_VLAN is the primary VLAN. (See “Stacking Operation with Multiple VLANs Configured” on page 9-44 and “Which VLAN Is Primary?”...
Page 197: Overview Of Configuring And Bringing Up A Stack
Configuring Advanced Features Stack Management IP Addressing and Number Allowed Passwords SNMP Communities Stack Name Per Stack Member IP Addr: Optional. Up to 15 Members When the switch joins the Belongs to the same SNMP Configuring an IP per stack. stack, it automatically communities as the address allows access...
Page 198 Configuring Advanced Features Stack Management Options for Configuring a Commander and Candidates. Depending on how Commander and Candidate switches are configured, Candidates can join a stack either automatically or by a Commander manually adding (“pulling”) them into the stack. In the default configuration, a Candidate joins only when manually pulled by a Commander.
Page 199 Configuring Advanced Features Stack Management Table 9-3. Stacking Configuration Guide Join Method Commander Candidate (IP Addressing Required) (IP Addressing Optional) Auto Grab Auto Join Passwords Automatically add Candidate to Stack Yes (default) No (default) (Causes the first 15 eligible, discovered switches in the subnet to automatically join a stack.) Manually add Candidate to Stack...
Page 200: General Steps For Creating A Stack
Configuring Advanced Features Stack Management General Steps for Creating a Stack This section describes the general stack creation process. For the detailed configuration processes, see pages 9-12 through 9-36 for the menu interface and pages 9-29 through 9-41 for the CLI. Determine the naming conventions for the stack.
Page 201 Configuring Advanced Features Stack Management For automatically or manually pulling Candidate switches into a stack, you can leave such switches in their default stacking configuration. If you need to access Candidate switches through your network before they join the stack, assign IP addresses to these devices. Otherwise, IP addressing is optional for Candidates and Members.
Page 202: Using The Menu Interface To View Stack Status And Configure
Configuring Advanced Features Stack Management Using the Menu Interface To View Stack Status and Configure Stacking Using the Menu Interface To View and Configure a Commander Switch Configure an IP address and subnet mask on the Commander switch. (See “IP Configuration” on page 5-2.) Display the Stacking Menu by selecting in the Main Menu.
Page 203 Configuring Advanced Features Stack Management Figure 9-6. The Default Stack Configuration Screen Move the cursor to the Stack State field by pressing [E] (for Edit ). Then use the Space bar to select the option. Commander Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen.
Page 204: Switch
Configuring Advanced Features Stack Management No (the default) prevents automatic joining of Candidates that • have their set to Auto Join • Yes enables the Commander to automatically take a Candidate into the stack as a Member if the Candidate has Auto Join set to the default Candidate setting) and does not have a previously...
Page 205 Configuring Advanced Features Stack Management Table 9-4.Candidate Configuration Options in the Menu Interface Parameter Default Setting Other Settings Stack State Candidate Commander, Member, or Disabled Auto Join Transmission Interval 60 Seconds Range: 1 to 300 seconds Using the Menu To “Push” a Switch Into a Stack, Modify the Switch’s Configuration, or Disable Stacking on the Switch.
Page 206: Using The Commander To Manage The Stack
Configuring Advanced Features Stack Management Do one of the following: • To disable stacking on the Candidate, use the Space bar to select Disabled option, then go to step 5. Note: Using the menu interface to disable stacking on a Candidate removes the Candidate from all stacking menus.
Page 207 Configuring Advanced Features Stack Management Using the Commander’s Menu To Manually Add a Candidate to a Stack. In the default configuration, you must manually add stack Members from the Candidate pool. Reasons for a switch remaining a Candidate instead of becoming a Member include any of the following: Auto Grab in the Commander is set to (the default).
Page 208 Configuring Advanced Features Stack Management The Commander automatically selects an available switch number (SN). You have the option of assigning any other available number. Candidate List Figure 9-10. Example of Candidate List in Stack Management Screen Either accept the displayed switch number or enter another available number.
Page 209 Configuring Advanced Features Stack Management For status descriptions, see the table on page 9-46. New Member added in Figure 9-11. Example of Stack Management Screen After New Member Added Using the Commander’s Menu To Move a Member From One Stack to Another.
Page 210 Configuring Advanced Features Stack Management For status descriptions, see the table on page 46. This column lists the MAC Addresses for switches Using the MAC addresses for these discovered (in the local Members, you can move them between subnet) that are configured stacks in the same subnet.
Page 211 Configuring Advanced Features Stack Management Do one of the following: • If the stack containing the Member you are moving has a Manager password, press the downarrow key to select the Candidate Password field, then type the password. • If the stack containing the Member you want to move does not have a password, go to step 9.
Page 212 Configuring Advanced Features Stack Management 4. Stack Management You will then see the Stack Management screen: For status descriptions, see the table on page 9-46. Stack Member List Figure 9-13. Example of Stack Management Screen with Stack Members Listed Use the downarrow key to select the Member you want to remove from the stack.
Page 213: Using The Commander To Access Member Switches For Configuration Changes And Monitoring Traffic
Configuring Advanced Features Stack Management Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic After a Candidate becomes a stack Member, you can use that stack’s Commander to access the Member’s console interface for the same configu- ration and monitoring that you would do through a Telnet or direct-connect access.
Page 214: Converting A Commander Or Member To A Member Of Another Stack
Configuring Advanced Features Stack Management Main Menu for stack Member named "Coral Sea" (SN = 1 from figure 9-16) Figure 9-17. The eXecute Command Displays the Console Main Menu for the Selected Stack Member You can now make configuration changes and/or view status data for the selected Member in the same way that you would if you were directly connected or telnetted into the switch.
Page 215: Monitoring Stack Status
Configuring Advanced Features Stack Management Press [B] (for Back) to return to the Stacking Menu. To display Stack Configuration menu for the switch you are moving, select 3. Stack Configuration Press [E] (for Edit) to select the Stack State parameter. Use the Space bar to select Member, then press [v] to move to the Com- mander MAC Address field.
Page 216 Configuring Advanced Features Stack Management Using Any Stacked Switch To View the Status for All Switches with Stacking Enabled. This procedure displays the general status of all switches in the IP subnet (broadcast domain) that have stacking enabled. Go to the console Main Menu for any switch configured for stacking and select: 9.
Page 217 Configuring Advanced Features Stack Management Figure 9-19. Example of the Commander’s Stacking Status Screen Viewing Member Status. This procedure displays the Member’s stacking information plus the Commander’s status, IP address, and MAC address. To display the status for a Member: Go to the console Main Menu of the Commander switch and select 9.
Page 218 Configuring Advanced Features Stack Management Figure 9-20. Example of a Member’s Stacking Status Screen Viewing Candidate Status. This procedure displays the Candidate’s stacking configuration. To display the status for a Candidate: Use Telnet (if the Candidate has a valid IP address for your network) or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9.
Page 219: Using The Cli To View Stack Status And Configure Stacking
Configuring Advanced Features Stack Management Using the CLI To View Stack Status and Configure Stacking The CLI enables you to do all of the stacking tasks available through the menu interface.) Table 9-6. CLI Commands for Configuring Stacking on a Switch CLI Command Operation show stack...
Page 220 Configuring Advanced Features Stack Management CLI Command Operation [no] stack member Commander: Adds a Candidate to stack membership. “No” form removes a Member from stack membership. To easily determine the MAC address of a <switch-num> Candidate, use the show stack candidates command. To determine the MAC mac-address <mac-addr>...
Page 221: Using The Cli To View Stack Status
Syntax: show stack [candidates | view | all] Viewing the Status of an Individual Switch. The following example illustrates how to use the CLI in an SMC6624M to display the stack status for that switch. In this case, the switch is in the default stacking configuration.
Page 222 Viewing the Status of all Stack-Enabled Switches Discovered in the IP Subnet. The next example lists all the stack-configured switches discovered in the IP subnet. Because the SMC6624M on which the show stack all command was executed is a candidate, it is included in the “Others” category.
Page 223: Using The Cli To Configure A Commander Switch
This example creates a Commander switch with a stack name of Big_Waters (Note that if stacking was previously disabled on the switch, this command also enables stacking.) SMC6624M(config)# stack commander Big_Waters As the following show stack display shows, the Commander switch is now ready to add members to the stack.
Page 224 Syntax: no stack stack commander <stack name> Suppose, for example, that an SMC6624M named “Bering Sea” is a Member of a stack named “Big_Waters”. To use the switch’s CLI to convert it from a stack Member to the Commander of a new stack named “Lakes”, you would use the...
Page 225: Adding To A Stack Or Moving Switches Between Stacks
Configuring Advanced Features Stack Management The output from this command tells you the MAC address of the current stack Commander. Removes the Member from the “Big_Waters” stack. Converts the former Member to the Com- mander of the new “Lakes” stack. Figure 9-27.
Page 226 Commander switch.) The MAC address of the discovered Candidate you are adding to the stack. To see this data, use the show stack candidates listing . For example: SMC6624M(config)# show stack view Stack Members SN MAC Address System Name...
Page 227 Manager password and you wanted to make it a stack Member with an , you would execute the following command: SMC6624M(config)# stack member 2 mac-address 0060b0- dfla00 The show stack view command then lists the Member added by the above...
Page 228 “push” the Candidate into the desired stack. 1. Telnet to the Candidate named “North Sea”. 2. Use show stack all to display the Commander’s MAC address. SMC6624M# telnet 10.2.13.104 North Sea# show stack all MAC Address for Stack Commander...
Page 229 Using a Member CLI To “Push” the Member into Another Stack. You can use the Member’s CLI to “push” an SMC6624M stack Member into a destination stack if you know the MAC address of the destination Commander.
Page 230: Using The Cli To Remove A Member From A Stack
“Big_Waters”, you would execute the following commands in the CLI of the switch: Eliminates the “Test” stack and converts the Commander to a Candidate. SMC6624M(config)# no stack name Test SMC6624M(config)# show stack all Helps you to identify the MAC address of the Commander for the “Big_Waters” stack.
Page 231 Use show stack view to list the stack Members. For example, suppose that you wanted to use the Commander to remove the “North Sea” Member from the following stack: SMC6624M(config)# show stack view Stack Members SN MAC Address System Name...
Page 232: Using The Cli To Access Member Switches For Configuration Changes And Traffic Monitoring
“Big_Waters”. Do do so you would go to the CLI for the “Big_Waters” Commander and execute show stack view to find the switch number for the “North Sea” switch: SMC6624M(config)# show stack view Stack Members The switch number (SN) for the “North...
Page 233: Snmp Community Operation In A Stack
Configuring Advanced Features Stack Management SNMP Community Operation in a Stack Community Membership In the default stacking configuration, when a Candidate joins a stack, it automatically becomes a Member of any SNMP community to which the Commander belongs, even though any community names configured in the Commander are not propagated to the Member’s SNMP Communities listing.
Page 234: Using The Cli To Disable Or Re-Enable Stacking
<MIB variable> 10.31.29.100 blue@sw2 Using the CLI To Disable or Re-Enable Stacking In the default configuration, stacking is enabled on the SMC6624M. You can use the CLI to disable stacking on the switch at any time. Disabling stacking has the following effects:...
Page 235: Web: Viewing And Configuring Stacking
The web browser interface for a Commander appears as shown above. The interface for Members and Candidates appears the same as for a non-stacking SMC6624M switch. To view or configure stacking on the web browser interface: Click on the Configuration tab.
Page 236: Status Messages
Configuring Advanced Features Stack Management Click on [Apply Changes] to save any configuration changes for the individual switch. If the switch is a Commander, use the [Stack Closeup] and [Stack Man- agement] buttons for viewing and using stack features. Status Messages Stacking screens and listings display these status messages: Message Condition...
Page 237: Port-Based Virtual Lans (Static Vlans)
LAN segments according to their need for common resources. By default, the SMC6624M switch is 802.1Q VLAN enabled and allows up to 30 port-based VLANs (default: 8). For information on GVRP, see “GVRP” on page 9-73.
Page 238 VLAN_2 Figure 9-39. Example of Routing Between VLANs via an External Router Overlapping (Tagged) VLANs. A port on the SMC6624M switch can be a member of more than one VLAN if the device to which it is connected complies with the 802.1Q VLAN standard. For example, a port connected to a central server using a network interface card (NIC) that complies with the 802.1Q...
Page 239 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) SMC6624M Figure 9-40. Example of Overlapping VLANs Using the Same Server Similarly, using 802.1Q-compliant switches, you can connect multiple VLANs through a single switch-to-switch link. Switch 6624M 6624M 2524 Figure 9-41. Example of Connecting Multiple VLANs Through the Same Link Introducing Tagged VLAN Technology into Networks Running Legacy (Untagged) VLANs.
Page 240: Overview Of Using Vlans
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Switch 2524 Switch 6624M 6624M Non- Switch 2524 802.1Q 2512 Tagged VLAN Link Untagged VLAN Links Non-802.1Q- compliant switch Figure 9-42. Example of Tagged and Untagged VLAN Technology in the Same Network For more information on VLANs, refer to: “Overview of Using VLANs”...
Page 241: Per-Port Static Vlan Configuration Options
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) DHCP or Bootp on different VLANs do not result in conflicting configuration values for the switch. The primary VLAN is the VLAN the switch uses to run and manage these features and data. In the factory-default configuration, the switch designates the default VLAN (DEFAULT_VLAN) as the primary VLAN.
Page 242 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Example of Per-Port VLAN Configuration Example of Per-Port with GVRP Disabled VLAN Configuration (the default) with GVRP Enabled Enabling GVRP causes “No” to display as “Auto”. Figure 9-43. Comparing Per-Port VLAN Options With and Without GVRP Table 9-7.
Page 243: General Steps For Using Vlans
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) General Steps for Using VLANs Plan your VLAN strategy and create a map of the logical topology that will result from configuring VLANs. Include consideration for the interaction between VLANs and other features such as Spanning Tree Protocol, load balancing, and IGMP.
Page 244: Menu: Configuring Vlan Parameters
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Menu: Configuring VLAN Parameters In the factory default state, VLAN support is enabled. Also, all ports on the switch belong to the default VLAN (DEFAULT_VLAN) and are in the same broadcast/multicast domain. (The default VLAN is also the default primary VLAN—see “Which VLAN Is Primary?”...
Page 245 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) To select another primary VLAN, select the Primary VLAN field and use the space bar to select from the existing options. To enable or disable dynamic VLANs, select the GVRP Enabled field and use the Space bar to toggle between options.
Page 246: Adding Or Editing Vlan Names
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Adding or Editing VLAN Names Use this procedure to add a new VLAN or to edit the name of an existing VLAN. From the Main Menu select: 2. Switch Configuration 8. VLAN Menu . . . 2.
Page 247: Adding Or Changing A Vlan Port Assignment
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Example of a New VLAN and ID Figure 9-47. Example of VLAN Names Screen with a New VLAN Added Repeat steps 2 through 5 to add more VLANs. Remember that you can add VLANs until you reach the number specified in the Maximum VLANs to support field on the VLAN Support screen (see figure 9-44on page 9-54).
Page 248 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Default: In this example, the “VLAN-22” has been defined, but no ports have yet been assigned to it. (“No” means the port is not assigned to that VLAN.) Using GVRP? If you plan on using GVRP, any ports you don’t want to join should be changed...
Page 249: Cli: Configuring Vlan Parameters
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Ports 4 and 5 are assigned to both VLANs. Ports 6 and 7 are assigned only to VLAN-22. All other ports are assigned only to the Default VLAN. Figure 9-49. Example of VLAN Assignments for Specific Ports For information on VLAN tags (“Untagged”...
Page 250 VLAN. (In the default configuration, GVRP is disabled. (See “GVRP” on page 9-73.) show vlan Syntax: SMC6624M(config)# show vlan Status and Counters - VLAN Information VLAN support : Yes When GVRP is disabled...
Page 251 VID to identify and display the data for a specific static or dynamic VLAN. Syntax: show vlan <vlan-id> SMC6624M(config)# show vlan 22 Status and Counters - VLAN Information - Ports - VLAN 22 802.1Q VLAN ID : 22 Name...
Page 252 (to save the new value to the startup-config file) and then reboot the switch. max-vlans <1 .. 30> Syntax: For example, to reconfigure the switch to allow 10 VLANs: SMC6624M(config)# max-vlans 10 Note that you can Command will take effect after saving configuration and reboot. execute these SMC6624M(config)# write memory...
Page 253 <vlan-name> Places you in the context level for that static VLAN. For example, to create a new static VLAN with a VID of 100: SMC6624M(config)# vlan 100 Creating the new VLAN. 100: VLAN added. SMC6624M(vlan-100)# show vlan Showing the result.
Page 254 For example, suppose a dynamic VLAN with a VID of 125 exists on the switch. The following command converts the VLAN to a static VLAN. SMC6624M(config)# static-vlan 125 Configuring Static VLAN Name and Per-Port Settings. The vlan <vlan- id> command, used in conjunction with the options listed below, enables you to change the name of an existing static VLAN and change the per-port VLAN membership settings as show below.
Page 255: Web: Viewing And Configuring Vlan Parameters
Similarly, to change the tagged ports in the above examples to No (or Auto, if GVRP is enabled), you could use either of the following commands. At the config level, use: SMC6624M(config)# no vlan 100 tagged 1-5 - or - At the VLAN 100 context level, use:...
Page 256: Vlan Tagging Information
(VLAN ID, or VID) assigned to a VLAN at the time that you configure the VLAN name in the switch. In the SMC6624M switch the tag can be any number from 1 to 4095 that is not already assigned to a VLAN. When you subsequently assign a port to a given VLAN, you must implement the VLAN tag (VID) if the port will carry traffic for more than one VLAN.
Page 257 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Blue White Blue White VLAN VLAN Server Server Red VLAN: Untagged VLAN Green VLAN: Tagged Switch Switch "X" "Y" Server Green Green Green VLAN VLAN VLAN Server Ports 1-6: Untagged Ports 1-4: Untagged Port 7: Red VLAN Untagged Port 5: Red VLAN Untagged Green VLAN Tagged...
Page 258 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) N o t e Each 802.1Q-compliant VLAN must have its own unique VID number, and that VLAN must be given the same VID in every device in which it is configured. That is, if the Red VLAN has a VID of 10 in switch X, then 10 must also be used for the Red VID in switch Y.
Page 259 Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) Server Server Red VLAN: Untagged Red VLAN: Untagged Green VLAN: Tagged Green VLAN: Tagged Red VLAN: Untagged Green VLAN: Tagged Green VLAN only Switch Switch Server "X" "Y" Green Green VLAN VLAN VLAN VLAN Figure 9-56.
Page 260: Effect Of Vlans On Other Switch Features
Effect of VLANs on Other Switch Features Spanning Tree Protocol Operation with VLANs Because the SMC6624M switch follows the 802.1Q VLAN recommendation to use single-instance spanning tree, STP operates across all ports on the switch (regardless of VLAN assignments) instead of on a per-VLAN basis. This means that if redundant physical links exist between the switch and another 802.1Q...
Page 261: Vlan Mac Addresses
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN MAC Addresses The switch has one unique MAC address for each of its VLAN interfaces. You can send an 802.2 test packet to this MAC address to verify connectivity to the switch.
Page 262: Vlan Restrictions
Configuring Advanced Features Port-Based Virtual LANs (Static VLANs) VLAN Restrictions A port must be a member of at least one VLAN. In the factory default configuration, all ports are assigned to the default VLAN (DEFAULT_VLAN; VID = 1). A port can be assigned to several VLANs, but only one of those assign- ments can be untagged.
Page 263: Gvrp
GVRP uses “GVRP Bridge Protocol Data Units” (“GVRP BPDUs”) to “adver- tise” static VLANs. In this manual, a GVRP BPDU is termed an advertisement. GVRP enables the SMC6624M to dynamically create 802.1Q-compliant VLANs on links with other devices running GVRP. This enables the switch to automat- ically create VLAN links between GVRP-aware devices.
Page 264: General Operation
Configuring Advanced Features GVRP General Operation A GVRP-enabled port with a Tagged or Untagged static VLAN sends advertise- ments (BPDUs, or Bridge Protocol Data Units) advertising the VLAN (actually, its VID). Another GVRP-aware port receiving the advertisements over a link can dynamically join the advertised VLAN.
Page 265 Configuring Advanced Features GVRP Note that if a static VLAN is configured on at least one port of a switch, and that port has established a link with another device, then all other ports of that switch will send advertisements for that VLAN. For example, in the following figure, Tagged VLAN ports on switch “A”...
Page 266: Per-Port Options For Handling Gvrp "Unknown Vlans
Configuring Advanced Features GVRP If the switch already has a static VLAN assignment with the same VID as in the advertisement, and the port is configured to Auto for that VLAN, then the port will dynamically join the VLAN and begin moving that VLAN’s traffic.
Page 267 The CLI show gvrp command and the menu interface VLAN Support screen show a switch’s current GVRP configuration, including the Unknown VLAN settings. SMC6624M# show gvrp GVRP support Maximum VLANs to support : 8 Primary VLAN : DEFAULT_VLAN GVRP Enabled...
Page 268: Per-Port Options For Dynamic Vlan Advertising And Joining
VLAN on this port. Each port of an SMC6624M switch must be a Tagged or Untagged member of at least one VLAN. Thus, any port configured for GVRP to Learn or Block will generate and forward advertisements for the static VLAN(s) for which it has been configured as Tagged or Untagged .
Page 269: Gvrp And Vlan Access Control
Configuring Advanced Features GVRP As the above table indicates, when you enable GVRP, a port that has a Tagged or Untagged static VLAN has the option for both generating advertisements and dynamically joining other VLANs. N o t e In table 9-9, above, the Unknown VLAN parameters are configured on a per- interface basis using the CLI.
Page 270: Planning For Gvrp Operation
Configuring Advanced Features GVRP Planning for GVRP Operation These steps outline the procedure for setting up dynamic VLANs for a seg- ment. Determine the VLAN topology you want for each segment (broadcast domain) on your network. Determine the VLANs that must be static and the VLANs that can be dynamically propagated.
Page 271 Configuring Advanced Features GVRP 2. Switch Configuration . . . 8. VLAN Menu . . . 1. VLAN Support Figure 9-60. The VLAN Support Screen (Default Configuration) Do the following to enable GVRP and display the Unknown VLAN fields: Press [E] (for Edit). b.
Page 272: Cli: Viewing And Configuring Gvrp
VLANs and the current Primary VLAN. (For more on the last two parameters, see “Port-Based Virtual LANs (Static VLANs)” on page 9-47.) show gvrp Syntax: SMC6624M# show gvrp GVRP support Maximum VLANs to support : 8 Primary VLAN : DEFAULT_VLAN GVRP Enabled : No Figure 9-62.
Page 273 SMC6624M(config)# show gvrp GVRP support Maximum VLANs to support : 8 Primary VLAN : DEFAULT_VLAN GVRP Enabled : Yes Port Type | Unknown VLAN ---- --------- + ------------ 10/100TX | Learn 10/100TX | Learn SMC6624M (config)# interface 1-2 unknown-vlans block 9-83...
Page 274 Configuring Advanced Features GVRP Displaying the Static and Dynamic VLANs Active on the Switch. The show vlans command lists all VLANs present in the switch. show vlans Syntax: For example, in the following illustration, switch “B” has one static VLAN (the default VLAN), with GVRP enabled and port 1 configured to Learn for Unknown VLANs.
Page 275: Web: Viewing And Configuring Gvrp
Syntax: static <dynamic-vlan-id> For example, to convert dynamic VLAN 333 (from the previous example) to a static VLAN: SMC6624M(config)# static 333 Web: Viewing and Configuring GVRP To view, enable, disable, or reconfigure GVRP: Click on the Configuration tab. Click on [VLAN Configuration] and do the following: •...
Page 276 Configuring Advanced Features GVRP By receiving advertisements from other devices running GVRP, the switch learns of static VLANs on those other devices and dynamically (automat- ically) creates tagged VLANs on the links to the advertising devices. Similarly, the switch advertises its static VLANs to other GVRP-aware devices.
Page 277: Multimedia Traffic Control With Ip Multicast (Igmp)
LAN. This device tracks which ports are connected to devices (IGMP clients) that belong to specific multicast groups, and triggers updates of this information. With IGMP enabled, the SMC6624M switch uses data from the Querier to determine whether to forward or block multicast traffic on specific ports.
Page 278: How Igmp Operates
MIB. Refer to “Changing the Querier Configuration Setting” on page 9-99.) N o t e IGMP configuration on the SMC6624M operates at the VLAN context level. If you are not using VLANs, then configure IGMP in VLAN 1 (the default VLAN) context.
Page 279: Role Of The Switch
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) from the hosts on the network. (If you need to disable the querier feature, you can do so through the CLI, using the IGMP configuration MIB. See “Configuring the Querier Function” on page 9-99.) Report: A message sent by a host to the querier to indicate that the host wants to be or is a member of a given group indicated in the report message.
Page 280 Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Multicast Data Stream Router PC X Router Video Server Router IGMP is NOT Router Running Here Switch 1 IGMP IS Switch 2 Running Here PC 1 Video PC 3 PC 4 Client PC 2 Video...
Page 281: Ip Multicast Filters
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Switch 1 IGMP is NOT Running Here IGMP IS Running Here Switch 3 Multicast Data Stream Switch 2 IGMP IS Running Here Switch 4 PC 2 PC 1 PC 6 PC 5 Figure 9-66.
Page 282: Number Of Ip Multicast Addresses Allowed
If the IGMP group subsequently deactivates, the static filter resumes control over traffic to the multicast address formerly controlled by IGMP. (Note that the SMC6624M does not have traffic/security filters.) Well-Known or Reserved Multicast Addresses Excluded from IP Multicast (IGMP) Filtering .
Page 283: Igmp Operating Features
IGMP Operation With or Without IP Addressing IGMP operation on the SMC6624M switch does not require an IP address and subnet mask for each VLAN running IGMP. You can configure IGMP on VLANs that do not have IP addressing. The benefit of IGMP without IP addressing is a reduction in the number of IP addresses you have to use and configure.
Page 284: Fast-Leave Igmp
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) on IGMP without IP addressing is that the switch cannot become Querier on any VLANs for which it has no IP address—so the network administrator must ensure that another IGMP device will act as Querier and that an additional IGMP device is available as a backup Querier.
Page 285 When client “3A” running IGMP is ready to leave the multicast group, it transmits a Leave Group message. Because the SMC6624M switch knows that there is only one end node on port 3, it removes the client from its IGMP table and halts multicast traffic (for that group) to port 3.
Page 286: Cli: Configuring And Displaying Igmp
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Note that Fast-Leave operation does not distinguish between end nodes on the same port that belong to different VLANs. Thus, for example, even if all of the devices on port 7 in figure 9-67 belong to different VLANs, Fast-Leave does not operate on port 7.
Page 287 Figure 9-68. Example Listing of IGMP Configuration for All VLANs in the Switch The following version of the show ip igmp command includes the VLAN ID (vid) designation, and combines the above data with the IGMP per-port configura- tion: SMC6624M# show ip igmp 1 config IGMP Configuration for the Selected IGMP Service...
Page 288 Depending on the privilege level, you could use one of the following com- mands to configure IGMP on VLAN 1 with the above settings: SMC6624M (config)# vlan 1 ip igmp auto 1-7 forward 8 blocked 9-12 SMC6624M (vlan-1)# ip igmp auto 1-7 forward 8 blocked 9-12 The following command displays the VLAN and per-port configuration result- ing from the above commands.
Page 289 [no] vlan <vid> ip igmp querier Syntax: Default: For example, to disable the Querier function on VLAN 1 in an SMC6624M switch: SMC6624M(config)# no vlan 1 ip igmp querier Disables the querier function on VLAN 1.
Page 290 N o t e A Querier is required for proper IGMP operation. For this reason, if you disable the Querier function on an SMC6624M switch, ensure that there is an IGMP Querier (and, preferably, a backup Querier) available on the same VLAN.
Page 291: Web: Enabling Or Disabling Igmp
Configuring Advanced Features Multimedia Traffic Control with IP Multicast (IGMP) Table 9-12.Configuration Options for Forced Fast-Leave Feature Default Settings Function Forced Fast- 2 (disabled) 1 (enabled) Uses the setmib command to enable or disable Forced Fast-Leave on Leave state individual ports. When enabled on a port, Forced Fast-Leave operates only if 2 (disabled) the switch detects multiple end nodes (and at least one IGMP client) on that port.
Page 292: Spanning Tree Protocol (Stp)
This topic is covered in more detail under “How STP Operates” on page 9-108. As recommended in the IEEE 802.1Q VLAN standard, the SMC6624M uses single-instance STP; a single spanning tree is created to make sure there are no network loops associated with any of the connections to the switch, regardless of whether VLANs are configured on the switch.
Page 293: Menu: Configuring Stp
Configuring Advanced Features Spanning Tree Protocol (STP) STP Fast Mode for Overcoming Server Access Failures. If an end node is configured to automatically access a server, the duration of the STP startup sequence can result in a “server access failure”. On ports where this is a problem, configuring STP Fast Mode can eliminate the failure.
Page 294 Configuring Advanced Features Spanning Tree Protocol (STP) Read-Only Fields Figure 9-70. Example of the STP Configuration Screen If the remaining STP parameter settings are adequate for your network, go to step 8. Use [Tab] or the arrow keys to select the next parameter you want to change, then type in the new value or press the Space Bar to select a value.
Page 295: Cli: Configuring Stp
Syntax: Default: See figure 9-71, below. In the default configuration, STP appears as shown here: SMC6624M> show spanning-tree config Spanning Tree Operation Spanning Tree Enabled : NO STP Priority : 32768 Hello Time : 2 Max Age : 20...
Page 296 STP operates. For more on STP, see the IEEE 802.1D standard. SMC6624M(config)# spanning tre e Enables STP on the switch. Reconfiguring General STP Operation on the Switch. This command...
Page 297 For example, to enable STP with a maximum-age of 30 seconds and a hello- time of 3 seconds: SMC6624M(config)# spanning tree maximum-age 30 hello-time Reconfiguring Per-Port STP Operation on the Switch. This command enables STP (if not already enabled) and configures the following per-port parameters: Table 9-14.Per-Port STP Parameters...
Page 298: Web: Enabling Or Disabling Stp
, and fast mode: configures ports 5 and 6 to a path cost of , a priority of SMC6624M(config)# spanning-tree ethernet 5-6 path-cost 15 priority 100 mode fast Web: Enabling or Disabling STP In the web browser interface you can enable or disable STP on the switch. To configure other STP features, telnet to the switch console and use the CLI.
Page 299: Stp Fast Mode
STP state, the server access will fail. To provide support for this end node behavior, the SMC6624M offers a configuration mode, called “Fast Mode”, that causes the switch port to skip the standard STP start-up sequence and put the port directly into the “Forwarding”...
Page 300: Stp Operation With 802.1Q Vlans
VLANs. This means that if redundant physical links exist in separate VLANs, spanning tree will block all but one of those links. However, if you need to use STP on the SMC6624M in a VLAN environment with redundant physical links, you can prevent blocked redun- dant links by using a port trunk.
Page 301 Configuring Advanced Features Spanning Tree Protocol (STP) Problem: Solution: STP enabled with 2 STP enabled with separate (non-trunked) one trunked link. links blocks a VLAN link. Nodes 1 and 2 can communicate Nodes 1 and 2 cannot because STP sees the trunk as a communicate because single link and 802.1Q (tagged) VLANs STP is blocking the link.
Page 302 Configuring Advanced Features Spanning Tree Protocol (STP) 9-112...
Page 303: Monitoring And Analyzing Switch Operation
Monitoring and Analyzing Switch Operation The SMC6624M switch has several built-in tools for monitoring, analyzing, and troubleshooting switch and network operation: Status: Includes options for displaying general switch information, man- agement address data, port status, MAC addresses detected on each port, and STP, IGMP, and VLAN data.
Page 304: Status And Counters Data
Monitoring and Analyzing Switch Operation Status and Counters Data Status and Counters Data This section describes the status and counters screens available through the switch console interface and/or the web browser interface. N o t e You can access all console screens from the web browser interface via Telnet to the console.
Page 305: Menu Access To Status And Counters
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access To Status and Counters Beginning at the Main Menu, display the Status and Counters menu by select- ing: 1. Status and Counters Figure 10-1. The Status and Counters Menu Each of the above menu items accesses the read-only screens described on the following pages.
Page 306: General System Information
Monitoring and Analyzing Switch Operation Status and Counters Data General System Information Menu Access From the console Main Menu, select: 1. Status and Counters 1. General System Information Figure 10-2. Example of General Switch Information This screen dynamically indicates how individual switch resources are being used.
Page 307: Switch Management Address Information
Monitoring and Analyzing Switch Operation Status and Counters Data Switch Management Address Information Menu Access From the Main Menu, select: 1 Status and Counters . . . 2. Switch Management Address Information Figure 10-3. Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch.
Page 308: Port Status
Monitoring and Analyzing Switch Operation Status and Counters Data Port Status The web browser interface and the console interface show the same port status data. Menu: Displaying Port Status From the Main Menu, select: 1. Status and Counters . . .3. Port Status Figure 10-4.
Page 309: Viewing Port And Trunk Group Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing Port and Trunk Group Statistics Feature Default Menu viewing port and trunk statistics page 10-8 page 10-9 page 10-9 for all ports viewing a detailed summary for a page 10-8 page 10-9 page 10-9 particular port or trunk...
Page 310: Menu Access To Port And Trunk Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to Port and Trunk Statistics To access this screen from the Main Menu, select: 1. Status and Counters . . . 4. Port Counters Figure 10-5. Example of Port Counters on the Menu Interface To view details about the traffic on a particular port, use the [v] key to highlight that port number, then select Show Details.
Page 311: Cli Access To Port And Trunk Group Statistics
Monitoring and Analyzing Switch Operation Status and Counters Data CLI Access To Port and Trunk Group Statistics To Display the Port Counter Summary Report. This command provides an overview of port activity for all ports on the switch. show statistics Syntax: To Display a Detailed Traffic Summary for a Specific Port.
Page 312: Viewing The Switch's Mac Address Tables
Monitoring and Analyzing Switch Operation Status and Counters Data Viewing the Switch’s MAC Address Tables Feature Default Menu viewing MAC addresses on all page 10-11 page 10-13 — ports viewing MAC addresses on a page 10-12 page 10-13 — specific port viewing MAC addresses on a —...
Page 313: Menu Access To The Mac Address Views And Searches
Monitoring and Analyzing Switch Operation Status and Counters Data Menu Access to the MAC Address Views and Searches Switch-Level MAC-Address Viewing and Searching. This feature lets you determine which switch port is being used to communicate with a specific device on the network. The listing includes: The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned...
Page 314 Monitoring and Analyzing Switch Operation Status and Counters Data Type the MAC address you want to locate and press [Enter]. The address and port number are highlighted if found. If the switch does not find the address, it leaves the MAC address listing empty. Located MAC Address and Corresponding...
Page 315: Cli Access For Mac Address Views And Searches
VLAN. For example: SMC6624M> show mac-address vlan 100 N o t e The SMC6624M switch has a Single Forwarding Database architecture. This means the switch has only a single MAC address table, and not a separate MAC address table per VLAN.
Page 316: Spanning Tree Protocol (Stp) Information
Monitoring and Analyzing Switch Operation Status and Counters Data Spanning Tree Protocol (STP) Information Menu Access to STP Data From the Main Menu, select: 1. Status and Counters . . . 7. Spanning Tree Information STP must be enabled on the switch to display the following data: Figure 10-10.Example of Spanning Tree Information Use this screen to determine current switch-level STP parameter settings and statistics.
Page 317: Cli Access To Stp Data
Monitoring and Analyzing Switch Operation Status and Counters Data Figure 10-11.Example of STP Port Information CLI Access to STP Data This option lists the STP configuration, root data, and per-port data (cost, priority, state, and designated bridge). show spanning-tree Syntax: SMC6624M> show spanning-tree 10-15...
Page 318: Internet Group Management Protocol (Igmp) Status
For example, suppose that show ip igmp listed an IGMP group address of 224.0.1.22. You could get additional data on that group by executing the following: SMC6624M> show ip igmp group 224.0.1.22 IGMP ports for group 224.0.1.22 Port Type Access...
Page 319: Vlan Information
The next three figures show how you could list data on the above VLANs. Listing the VLAN ID (VID) and Status for ALL VLANs in the Switch. SMC6624M# show vlan Status and Counters - VLAN Information VLAN support : Yes...
Page 320 Monitoring and Analyzing Switch Operation Status and Counters Data Listing the VLAN ID (VID) and Status for Specific Ports. SMC6624M# show vlan port 1-2 Status and Counters - VLAN Information - for ports 1,2 Because ports 1 and 802.1Q VLAN ID Name...
Page 321: Web Browser Interface Status Information
Monitoring and Analyzing Switch Operation Status and Counters Data Web Browser Interface Status Information The “home” screen for the web browser interface is the Status Overview screen, as shown below. As the title implies, it provides an overview of the status of the switch, including summary graphs indicating the network utili- zation on each of the switch ports, symbolic port status indicators, and the Alert Log, which informs you of any problems that may have occurred on the...
Page 322: Port Monitoring Features
Monitoring and Analyzing Switch Operation Port Monitoring Features Port Monitoring Features Port Monitoring Features Feature Default Menu display monitoring disabled page 10-21 page 10-23 page 10-25 configuration configure the monitor port(s) ports: none page 10-21 page 10-24 page 10-25 or VLAN VLANs: DEFAULT_VLAN selecting or removing ports none selected...
Page 323: Menu: Configuring Port Monitoring
Monitoring and Analyzing Switch Operation Port Monitoring Features Menu: Configuring Port Monitoring This procedure describes configuring the switch for monitoring when moni- toring is disabled. (If monitoring has already been enabled, the screens will appear differently than shown in this procedure.) From the Console Main Menu, Select: 2.
Page 324 Monitoring and Analyzing Switch Operation Port Monitoring Features Move the cursor to the Monitoring Port parameter. Figure 10-17. How To Select a Monitoring Port Use the Space bar to select the port to use for monitoring, then press the downarrow key to select the Monitor parameter. (The default setting is Ports, which you will use if you want to monitor one or more individual ports on the switch.) Do one of the following:...
Page 325: Cli: Configuring Port Monitoring
Monitoring and Analyzing Switch Operation Port Monitoring Features iv. Press [Enter], then press [S] (for Save) to save your changes and exit from the screen. Note: This screen appears instead of the one in figure 10-17 if the Monitor parameter is set to VLAN Example of a VLAN Monitoring Parameter...
Page 326 Monitoring and Analyzing Switch Operation Port Monitoring Features SMC6624M> show mirror-port Network Monitoring Port Port receiving monitored traffic. Mirror Port: 12 Monitoring sources ------------------ Monitored Ports Figure 10-19.Example of Monitored Port Listing Configuring the Monitor Port. This command assigns or removes a mon- itoring port, and must be executed from the global configuration level.
Page 327: Web: Configuring Port Monitoring
VLAN as monitoring SMC6624M(vlan-1)# monitor sources. Figure 10-20.Examples of Selecting Ports and VLANs as Monitoring Sources SMC6624M(config)# no int e 1,2 monitor From the global config level, removes SMC6624M(config)# no vlan 1 monitor ports or VLAN as monitoring sources.
Page 328 Monitoring and Analyzing Switch Operation Port Monitoring Features 10-26...
Page 329: Troubleshooting
Troubleshooting This chapter addresses performance-related network problems that can be caused by topology, switch configuration, and the effects of other devices or their configurations on switch operation. (For switch-specific information on hardware problems indicated by LED behavior, cabling requirements, and other potential hardware-related problems, refer to the installation guide you received with the switch.) This chapter includes:...
Page 330: Troubleshooting Approaches
Troubleshooting Troubleshooting Approaches Troubleshooting Approaches Use these approaches to diagnose switch problems: Check the switch LEDs for indications of proper switch operation: • Each switch port has a Link LED that should light whenever an active network device is connected to the port. •...
Page 331: Browser Or Console Access Problems
Troubleshooting Browser or Console Access Problems Browser or Console Access Problems Cannot access the web browser interface: Access may be disabled by the Web Agent Enabled parameter in the switch console. Check the setting on this parameter by selecting: 2. Switch Configuration . . . 1.
Page 332 Troubleshooting Browser or Console Access Problems Cannot Telnet into the switch console from a station on the network: Telnet access may be disabled by the Inbound Telnet Enabled parameter in the System Information screen of the menu interface: 2. Switch Configuration 1.
Page 333: Unusual Network Activity
Troubleshooting Unusual Network Activity Unusual Network Activity Network activity that exceeds accepted norms may indicate a hardware problem with one or more of the network components, possibly including the switch. Unusual network activity is usually indicated by the LEDs on the front of the switch or measured with the switch console interface or with a network management tool such as EliteView.
Page 334: Igmp-Related Problems
Troubleshooting Unusual Network Activity IP addresses that will expire after a limited duration. One solution is to configure “reservations” in the DHCP server for specific IP addresses to be assigned to devices having specific MAC addresses. For more information, refer to the documentation for the DHCP server. One indication of a duplicate IP address in a DHCP network is this Event Log message: ip: Invalid ARP source: IP address on IP address...
Page 335: Problems Related To Spanning-Tree Protocol (Stp)
STP Blocks a Link in a VLAN Even Though There Are No Redundant Links in that VLAN. In 802.1Q-compliant switches such as the SMC6624M, STP blocks redundant physical links even if they are in separate VLANs. A solution is to use only one, multiple-VLAN (tagged) link between the devices.
Page 336: Vlan-Related Problems
Troubleshooting Unusual Network Activity VLAN-Related Problems Monitor Port. When using the monitor port in a multiple VLAN environ- ment, it can be useful to know how broadcast, multicast, and unicast traffic is tagged. The following table describes the tagging to expect. Within Same Within Same Outside of...
Page 337 Troubleshooting Unusual Network Activity If VLAN_1 (VID=1) is configured as “Untagged” on port 3 on switch “X”, then it must also be configured as “Untagged” on port 7 on switch “Y”. Make sure that the VLAN ID (VID) is the same on both switches. Similarly, if VLAN_2 (VID=2) is configured as “Tagged on the link port on switch “A”, then it must also be configured as “Tagged”...
Page 338: Using The Event Log To Identify Problem Sources
Troubleshooting Using the Event Log To Identify Problem Sources Using the Event Log To Identify Problem Sources The Event Log records operating events as single-line entries listed in chrono- logical order, and serves as a tool for isolating problems. Each Event Log entry is composed of five fields: Severity Date...
Page 339: Menu: Entering And Navigating In The Event Log
Troubleshooting Using the Event Log To Identify Problem Sources Table 11-1. Event Log System Modules Module Event Description Module Event Description addrMgr Address table Console management chassis switch hardware ports Change in port status; static trunks bootp bootp addressing snmp SNMP communications console Console interface...
Page 340: Cli
SMC6624M> show logging Lists recorded log messages since last reboot. SMC6624M> show logging -a Lists all recorded log messages. SMC6624M> show logging -a system Lists all log messages having “system” in the text or module name. SMC6624M> show logging system Lists all log messages since the last reboot that have “system”...
Page 341: Diagnostic Tools
Troubleshooting Diagnostic Tools Diagnostic Tools Diagnostic Features Feature Default Menu PingTest — page 11-15 page 11-14 Link Test — page 11-15 page 11-14 Display Config File — page 11-17 page 11-17 Admin. and Troubleshooting — page 11-18 — Commands Factory-Default Config page 11-20 —...
Page 342: Web: Executing Ping Or Link Tests
Troubleshooting Diagnostic Tools Web: Executing Ping or Link Tests 1. Click here. 2. Click here. 3. Select Ping Test (the default) or Link Test 4. For a Ping test, enter the IP address of the target device. For a Link test, enter the MAC address of the target device.
Page 343: Cli: Ping Or Link Tests
Ping with 10.2.13.14 is alive, iteration 2, time = 10 ms Repetitions 10.2.13.14 is alive, iteration 3, time = 10 ms SMC6624M> ping 10.2.13.14 repetitions 3 timeout 2 Ping with 10.2.13.14 is alive, iteration 1, time = 35 ms Repetitions 10.2.13.14 is alive, iteration 2, time = 10 ms...
Page 344 SMC6624M# link 0030c1-7fcc40 repetitions 3 timeout 1 Repetitions and 802.2 TEST packets sent: 3, responses received: 3 Timeout SMC6624M# link 0030c1-7fcc40 repetitions 3 timeout 1 vlan 1 Link Test Over a 802.2 TEST packets sent: 3, responses received: 3 Specific VLAN...
Page 345: Displaying The Configuration File
Troubleshooting Diagnostic Tools Displaying the Configuration File The complete switch configuration is contained in a file that you can browse from either the web browser interface or the CLI. It may be useful in some troubleshooting scenarios to view the switch configuration. CLI: Viewing the Configuration File Using the CLI, you can display either the running configuration or the startup configuration.
Page 346: Cli Administrative And Troubleshooting Commands
Troubleshooting Diagnostic Tools CLI Administrative and Troubleshooting Commands These commands provide information or perform actions that you may find helpful in troubleshooting operating problems with the switch. N o t e For more on the CLI, refer to chapter 3, “Using the Command Line Reference (CLI).”...
Page 347: Restoring The Factory-Default Configuration
Troubleshooting Restoring the Factory-Default Configuration Restoring the Factory-Default Configuration As part of your troubleshooting process, it may become necessary to return the switch configuration to the factory default settings. This process momen- tarily interrupts the switch operation, clears any passwords, clears the console event log, resets the network counters to zero, performs a complete self test, and reboots the switch into its factory default configuration including deleting an IP address.
Page 348: Clear/Reset: Resetting To The Factory-Default Configuration
Troubleshooting Restoring the Factory-Default Configuration Clear/Reset: Resetting to the Factory-Default Configuration To execute the factory default reset, perform these steps: Using pointed objects, simultaneously press both the Reset and Clear buttons on the front of the switch. Continue to press the Clear button while releasing the Reset button. When the Self Test LED begins to flash, release the Clear button.
Page 349: A Transferring An Operating System Or Startup
Transferring an Operating System or Startup Configuration File You can download new switch software (operating system—OS) and upload or download switch configuration files. These features are useful for acquiring periodic switch software upgrades and for storing or retrieving a switch configuration.
Page 350: Downloading An Operating System (Os
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Using TFTP To Download the OS File from a Server This procedure assumes that: An OS file for the switch has been stored on a TFTP server accessible to the switch.
Page 351: Menu: Tftp Download From A Server
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Menu: TFTP Download from a Server In the console Main Menu, select Download OS to display this screen: Figure A-1. Example of the Download OS Screen (Default Values) Press [E] (for Edit).
Page 352: Cli: Tftp Download From A Server
Logon Default setting last configured in the menu’s Switch Setup screen. Switch-to-Switch Download If you have two or more SMC6624M switches networked together, you can download the OS software from one switch to another by using the Download OS feature in the switch console interface.
Page 353: Cli: Switch-To-Switch Download
CLI: Switch-To-Switch Download Syntax: copy tftp flash <ip-addr> flash For example, to download an OS file from an SMC6624M with an IP address of 10.28.227.103: SMC6624M# copy tftp flash 10.28.227.103 flash Device will be rebooted, do you want to continue [y/n]? y...
Page 354: Using Xmodem To Download The Os File From A Pc
Transferring an Operating System or Startup Configuration File Downloading an Operating System (OS) Using Xmodem to Download the OS File From a PC This procedure assumes that: The switch is connected via the Console RS-232 port on a PC operating as a terminal.
Page 355 For example, to download an OS file named F_02_07.swi from a PC: Execute the following command in the CLI: SMC6624M(config)# copy xmodem flash pc Device will be rebooted, do you want to continue [y/n]? y Press ‘Enter’ and start XMODEM on your host...
Page 356: Troubleshooting Tftp Downloads
To find more information on the cause of a download failure, examine the messages in the switch’s Event Log by executing this CLI command: SMC6624M# show log tftp (For more on the Event Log, see “Using the Event Log To Identify Problem Sources”...
Page 357: Transferring Switch Configurations
(See appendix C, “Switch Memory and Configuration” for information on the startup-config file.) For example, to download a configuration file named sw6624 in the configs directory on drive “d” in a remote host having an IP address of 13.28.227.105: SMC6624M# copy tftp startup-config 13.28.227.105 d:\con- figs\sw6624...
Page 358 For example, to upload the current startup configuration to a file named sw6624 in the configs directory on drive “d” in a remote host having an IP address of 13.28.227.105: SMC6624M# copy startup-config tftp 13.28.227.105 d:\con- figs\sw6624 Xmodem: Copying a Configuration from the Switch to a Serially Connected PC or Unix Workstation.
Page 359 For example, to copy a configuration file from a PC serially connected to the switch: Execute the following command: SMC6624M# copy xmodem startup-config pc Device will be rebooted, do you want to continue [y/n]? y Press ‘Enter’ and start XMODEM on your host...
Page 360 Transferring an Operating System or Startup Configuration File Transferring Switch Configurations A-12...
Page 361: B Mac Address Management
MAC Address Management The switch assigns MAC addresses in these areas: For management functions: • One Base MAC address assigned to the default VLAN (VID = 1) • Additional MAC address(es) corresponding to additional VLANs you configure in the switch For internal switch operations: One MAC address per port (See “CLI: Viewing the Port and VLAN MAC Addresses”...
Page 362: Menu: Viewing The Switch's Mac Addresses
The Base MAC address is used by the first (default) VLAN in the switch. This is usually the VLAN named “DEFAULT_VLAN” unless the name has been changed (by using the VLAN Names screen). On the SMC6624M, the VID (VLAN identification number) for the default VLAN is always “1”, and cannot be changed.
Page 363: Cli: Viewing The Port And Vlan Mac Addresses
Manager level of the CLI. Type the following command to display the MAC address for each port on the switch: SMC6624M# walkmib ifPhysAddress (The above command is not case-sensitive.) The following figure is an example of the display: SMC6624M# walkmib ifPhysAddress ifPhysAddress.1 = 00 01 e7 c0 41 21...
Page 364 MAC Address Management Determining MAC Addresses...
Page 365: C Switch Memory And Configuration
Switch Memory and Configuration This appendix describes the following: How switch memory manages configuration changes How the CLI implements configuration changes How the menu interface and web browser interface implement configu- ration changes Overview of Configuration File Management The switch maintains two configuration files, the running-config file and the startup-config file.
Page 366 For example, suppose you use the following command to disable port 5: SMC6624M(config)# interface ethernet 5 disable The above command disables port 5 in the running-config file, but not in the startup-config file.
Page 367: Using The Cli To Implement Configuration Changes
Switch Memory and Configuration Using the CLI To Implement Configuration Changes Storing and Retrieving Configuration Files. You can store or retrieve a backup copy of the startup-config file on another device. For more informa- tion, see appendix A, “Transferring an Operating System or Startup-Config File.”...
Page 368 SMC6624M(config)# interface e 5 speed-duplex auto-10 After you are satisfied that the link is operating properly, you can save the change to the switch’s permanent configuration (the startup-config file) by...
Page 369 For example: Disables port 1 in the running configuration, which causes port 1 to block all traffic. SMC6624M(config)# interface e 1 disable SMC6624M(config)# boot Device will be rebooted, do you want to continue [y/n]? y Press [Y] to continue the rebooting process.
Page 370: Using The Menu And Web Browser Interfaces To Implement Configuration Changes
Syntax: erase startup-config For example: SMC6624M(config)# erase startup-config Configuration will be deleted and device rebooted, continue [y/n]? Press [Y] to replace the current configuration with the factory default config- uration and reboot the switch. Press [N] to retain the current configuration and prevent a reboot.
Page 371 Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes N o t e The only exception to this operation are two VLAN-related parameter changes that require a reboot—described under “Rebooting To Activate Configuration Changes” on page C-8. Using in the Menu Interface Save...
Page 372: Rebooting From The Menu Interface
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Rebooting from the Menu Interface Terminates the current session and performs a reset of the operating system Activates any configuration changes that require a reboot Resets statistical counters to zero (Note that statistical counters can be reset to zero without rebooting the switch.
Page 373: Using The Web Browser Interface To Implement Configuration
Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes If configuration changes requiring a reboot have been made, the switch displays an asterisk (*) next to the menu item in which the change has been made.
Page 374 Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes C-10...
Page 375: Daylight Savings Time
Daylight Savings Time The SMC6624M switch provides a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. In addition to the value “none” (no time changes), there are five pre-defined settings, named: Alaska Canada and Continental US...
Page 376 Daylight Savings Time Figure D-1. Menu Interface with “User-Defined” Daylight Time Rule Option Before configuring a “User defined” Daylight Time Rule, it is important to understand how the switch treats the entries. The switch knows which dates are Sundays, and uses an algorithm to determine on which date to change the system clock, given the configured “Beginning day”...
Page 377: Index
Index Numerics auto See GVRP 802.1Q VLAN standard … 9-102 auto negotiation … 6-3 802.3u auto negotiation standard … 6-2 auto port setting … 9-93 Auto-10 … 6-10, 6-13 auto-discovery … 8-4 auto-negotiation … 6-2 access manager … 8-5 operator … 8-5 access levels, authorized IP managers …...
Page 378 copying … A-9 default trunk type … 6-16 download … A-1 Device Passwords Window … 4-7 factory default … 5-1, 9-54, 9-59, 9-103, C-6 DHCP … 5-9 IP … 5-2 address problems … 11-5 network monitoring … 10-20 effect of no reply … 11-5 permanent …...
Page 379 flow control, terminal … 5-35 VLAN behavior … 9-51 forbid VLAN, dynamic adds … 9-57 See GVRP format, date … 11-10 format, time … 11-10 Help … 2-10 forwarding port, IGMP … 9-93 Help line, about … 2-8 Help line, location on screens … 2-8 GARP See GVRP ICANN …...
Page 380 invalid input … 3-12 restrictions … 6-25 standby link … 6-23 authorized IP managers … 7-28 status, terms … 6-24 CLI access … 5-6 STP … 6-25 configuration … 5-2 VLANs … 6-25 DHCP/Bootp … 5-2 learning bridge … 5-1 duplicate address …...
Page 381 module, speed change … 6-3 delete … 2-6, 4-9, 7-4 Monitor parameter … 10-22 deleting with the Clear button … 7-5 monitoring a VLAN … 10-23 if you lose the password … 4-9, 7-5 monitoring traffic … 10-20 incorrect … 7-3 monitoring, traffic …...
Page 382 configuring … 7-9 power interruption, effect on event log … 11-10 configuring in browser interface … 7-20, 7-26 primary VLAN event log … 7-25 See VLAN intrusion alert … 6-2 prior to … 7-23, 7-25, 7-27 notice of security violations … 7-20 priority …...
Page 383 RS-232 … 1-2 standard MIB … 8-2 starting a console session … 2-3 static VLAN, convert to … 9-73 statistical sampling … 8-1 security … 4-9, 5-35 statistics … 2-6, 10-2 authorized IP managers … 7-28 statistics, clear counters … 2-11, C-8 per port …...
Page 384 traffic monitoring … 8-1, 8-4 traffic, monitoring … 10-20 value, inconsistent … 7-17 traffic, port … 10-7 version, OS … A-4–A-6 trap authentication … 8-9 See VLAN authentication trap … 8-11 virtual stacking CLI access … 8-10 transmission interval range … 9-15–9-16 event levels …...
Page 385 stacking, primary VLAN … 9-51 standalone … 4-4 static … 9-47, 9-51, 9-54, 9-59 status bar … 4-17 support enable/disable … 2-7 status indicators … 4-18 switch capacity … 9-47 status overview screen … 4-5 tagged … 9-48 system requirements … 4-3–4-4 tagging …...
Page 386 10 – Index...
Page 388 (65) 238 6556; Fax (65) 238 6466 Korea: 82-2-553-0860; Fax 82-2-553-7202 Japan: 81-45-224-2332; Fax 81-45-224-2331 Australia: 61-2-9416-0437; Fax 61-2-9416-0474 India: 91-22-8204437; Fax 91-22-8204443 Model Numbers: SMC6624M 6 Hughes Publication Number: 150000008200A Irvine, CA 92618 Revision Number: F2.07 E102001-R01 Phone: (949) 707-2400...

This manual is also suitable for:

6624fmst 6624glsc 6624gssc 6624gt 6624m 6624s

SMC Networks SMC6624M Management Manual

1 Selecting a Management Interface

Understanding Management Interfaces

Advantages of Using the Menu Interface

Advantages of Using the CLI

Advantages of Using the Web Browser Interface

2 Using the Menu Interface

Starting and Ending a Menu Session

Main Menu Features

Screen Structure and Navigation

Rebooting the Switch

Menu Features List

Where to Go from here

3 Using the Command Line Interface (CLI)

Accessing the CLI

Using the CLI

CLI Control and Editing

4 Using the Web Browser Interface

General Features

Web Browser Interface Requirements

Starting a Web Browser Interface Session with the Switch

Tasks for Your First Web Browser Interface Session

Support/Mgmt URL Feature

Status Reporting Features

5 Configuring IP Addressing, Time Synchronization, Interface Access, and System Information

IP Configuration

Time Synchronization Protocol Options

Interface Access: Console/Serial Link, Web, and Inbound Telnet

System Information

6 Optimizing Port Usage through Traffic Control and Port Trunking

Overview

Viewing Port Status and Configuring Port Parameters

Port Trunking

7 Using Passwords, Port Security, and Authorized IP Managers to Protect against Unauthorized Access

Using Password Security

Configuring and Monitoring Port Security

Using IP Authorized Managers

8 Configuring for Network Management Applications

SNMP Management Features

Configuring for SNMP Access to the Switch

SNMP Communities

Trap Receivers and Authentication Traps

Advanced Management: RMON Support

9 Configuring Advanced Features

Stack Management

Port-Based Virtual Lans (Static Vlans)

Gvrp

Multimedia Traffic Control with IP Multicast (IGMP)

10 Monitoring and Analyzing Switch Operation

11 Troubleshooting

Quick Links

Management Guide

Troubleshooting

Related Manuals for SMC Networks SMC6624M

Summary of Contents for SMC Networks SMC6624M