Page 1 GEL-2670 24 GE + 2 GE SFP L2 Managed Switch User Manual Ver. 1.0...
Page 3 ANAGEMENT U I D E GEL-2670 L2 M ANAGED WITCH Layer 2 Gigabit Ethernet Switch with 24 10/100/1000BASE-T Ports (RJ-45) and 2 Gigabit SFP Ports E012013-KS-R01...
Page 5: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 6 BOUT UIDE – 6 –...
Page 7: Table Of Contents
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features System Defaults NITIAL WITCH ONFIGURATION ECTION ECTION ONFIGURATION SING THE NTERFACE Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu ONFIGURING THE WITCH Configuring System Information...
Page 8 ONTENTS Configuring the Time Zone and Daylight Savings Time Configuring Remote Log Messages Configuring Power Reduction Reducing Power to Idle Queue Circuits Configuring Port Connections Configuring Security Configuring User Accounts Configuring User Privilege Levels Configuring The Authentication Method For Management Access Configuring SSH Configuring HTTPS Filtering IP Addresses for Management Access...
Page 9 ONTENTS Configuring Global and Port-Related Settings for IGMP Snooping Configuring VLAN Settings for IGMP Snooping and Query Configuring IGMP Filtering MLD Snooping Configuring Global and Port-Related Settings for MLD Snooping Configuring VLAN Settings for MLD Snooping and Query Configuring MLD Filtering Link Layer Discovery Protocol Configuring LLDP Timing and TLVs Configuring LLDP-MED TLVs...
Page 10 ONTENTS Configuring Local Port Mirroring Configuring Remote Port Mirroring Configuring UPnP Configuring sFlow ONITORING THE WITCH Displaying Basic Information About the System Displaying System Information Displaying CPU Utilization Displaying Log Messages Displaying Log Details Displaying Information About Ports Displaying Port Status On the Front Panel Displaying an Overview of Port Statistics Displaying QoS Statistics Displaying QCL Status...
Page 11 ONTENTS Displaying an Overview of LACP Groups Displaying LACP Port Status Displaying LACP Port Statistics Displaying Information on Loop Protection Displaying Information on the Spanning Tree Displaying Bridge Status for STA Displaying Port Status for STA Displaying Port Statistics for STA Displaying MVR Information Displaying MVR Statistics Displaying MVR Group Information...
Page 12 ONTENTS Upgrading Firmware Activating the Alternate Image Managing Configuration Files Saving Configuration Settings Restoring Configuration Settings ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features Standards Management Information Bases ROUBLESHOOTING Problems Accessing the Management Interface Using System Logs ICENSE NFORMATION The GNU General Public License LOSSARY NDEX –...
Page 13: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP Configuration Figure 5: IPv6 Configuration Figure 6: NTP Configuration Figure 7: Time Zone and Daylight Savings Time Configuration Figure 8: Configuring Settings for Remote Logging of Error Messages Figure 9: Configuring EEE Power Reduction Figure 10: Port Configuration Figure 11: Showing User Accounts...
Page 14 IGURES Figure 32: ACL Port Configuration Figure 33: ACL Rate Limiter Configuration Figure 34: Access Control List Configuration Figure 35: DHCP Snooping Configuration Figure 36: DHCP Relay Configuration Figure 37: Configuring Global and Port-based Settings for IP Source Guard Figure 38: Configuring Static Bindings for IP Source Guard Figure 39: Configuring Global and Port Settings for ARP Inspection Figure 40: Configuring Static Bindings for ARP Inspection Figure 41: Authentication Configuration...
Page 15 IGURES Figure 68: Port Isolation Configuration Figure 69: Configuring MAC-Based VLANs Figure 70: Configuring Protocol VLANs Figure 71: Assigning Ports to Protocol VLANs Figure 72: Assigning Ports to an IP Subnet-based VLAN Figure 73: Configuring Global and Port Settings for a Voice VLAN Figure 74: Configuring an OUI Telephony List Figure 75: Configuring Ingress Port QoS Classification Figure 76: Configuring Ingress Port Tag Classification...
Page 16 IGURES Figure 104: Detailed Port Statistics Figure 105: Access Management Statistics Figure 106: Port Security Switch Status Figure 107: Port Security Port Status Figure 108: Network Access Server Switch Status Figure 109: NAS Statistics for Specified Port Figure 110: ACL Status Figure 111: DHCP Snooping Statistics Figure 112: DHCP Relay Statistics Figure 113: Dynamic ARP Inspection Table...
Page 17 IGURES Figure 140: LLDP Neighbor EEE Information Figure 141: LLDP Port Statistics Figure 142: MAC Address Table Figure 143: Showing VLAN Members Figure 144: Showing VLAN Port Status Figure 145: Showing MAC-based VLAN Membership Status Figure 146: Showing sFlow Statistics Figure 147: ICMP Ping Figure 148: ICMP Ping Results Figure 149: ICMP V6 Ping...
Page 18 IGURES – 18 –...
Page 19: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: HTTPS System Support Table 6: SNMP Security Models and Levels Table 7: Dynamic QoS Profiles Table 8: QCE Modification Buttons Table 9: Recommended STA Path Cost Range Table 10: Recommended STA Path Costs Table 11: Default STA Path Costs...
Page 20 ABLES – 20 –...
Page 21: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 23 ◆...
Page 22 | Getting Started ECTION – 22 –...
Page 23: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 24: Description Of Software Features
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Spanning Tree Algorithm Supports standard STP, Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Trees (MSTP) Virtual LANs Up to 4K using IEEE 802.1Q, port-based, protocol-based, private VLANs, and voice VLANs, and QinQ tunnel Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/...
Page 25 | Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
Page 26 | Introduction HAPTER Description of Software Features be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port. The switch supports IEEE 802.1D transparent bridging. The address table IEEE 802.1D B RIDGE facilitates data switching by learning addresses, and then filtering or...
Page 27 | Introduction HAPTER Description of Software Features The switch supports up to 4096 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 28: System Defaults
| Introduction HAPTER System Defaults Differentiated Services (DiffServ) provides policy-based management UALITY OF ERVICE mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, DSCP values, or VLAN lists.
Page 29 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default SNMP SNMP Agent Disabled Community Strings “public” (read only) “private” (read/write) Traps Global: disabled Authentication traps: enabled Link-up-down events: enabled SNMP V3 View: default_view Group: default_rw_group Port Configuration Admin Status Enabled Auto-negotiation...
Page 30 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default IP Settings Management. VLAN VLAN 1 IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Default Gateway 0.0.0.0 DHCP Client: Disabled Snooping: Disabled Proxy service: Disabled Multicast Filtering IGMP Snooping Snooping: Disabled Querier: Disabled MLD Snooping...
Page 31: Initial Switch Configuration
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. To make use of the management features of your switch, you must first configure it with an IP address that is compatible with the network in which it is being installed.
Page 32 | Initial Switch Configuration HAPTER logging out. To change the password, click Security and then Users. Select “admin” from the User Configuration list, fill in the Password fields, and then click Save. – 32 –...
Page 33: Ection
ECTION ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 35 ◆ "Configuring the Switch" on page 47 ◆...
Page 34 | Web Configuration ECTION – 34 –...
Page 35: Using The Web Interface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Mozilla Firefox 2.0.0.0, or more recent versions).
Page 36: Configuration Options
| Using the Web Interface HAPTER Navigating the Web Browser Interface Configurable parameters have a dialog box or a drop-down list. Once a ONFIGURATION configuration change has been made on a page, be sure to click on the PTIONS Save button to confirm the new setting. The following table summarizes the web page configuration buttons.
Page 37 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Ports Configures port connection settings Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Spanning Tree Bridge Settings Configures global bridge settings for STP, RSTP and MSTP;...
Page 38 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page HTTPS Configures secure HTTP settings Access Sets IP addresses of clients allowed management access via Management HTTP/HTTPS, and SNMP, and Telnet/SSH SNMP Simple Network Management Protocol System...
Page 39 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configures RADIUS authentication server, RADIUS accounting server, and TACACS+ authentication server settings Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Loop Protection...
Page 40 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page PVLAN Configures PVLAN groups Membership Port Isolation Prevents communications between designated ports within the same private VLAN VLAN Control List MAC-based VLAN Maps traffic with specified source MAC address to a VLAN Protocol-based VLAN...
Page 41: Access Management
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Sets source and target ports for local or remote mirroring Mirroring & RSPAN UPnP Enables UPNP and defines timeout values sFlow Samples traffic flows, and forwards data to designated collector Monitor...
Page 42 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Relay Displays server and client statistics for packets affected by Statistics the relay information policy ARP Inspection Displays entries in the ARP inspection table, sorted first by port, then VLAN ID, MAC address, and finally IP address IP Source Guard Displays entries in the IP Source Guard table, sorted first by port, then VLAN ID, MAC address, and finally IP address...
Page 43 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page IPv4 SFM Displays IGMP Source-Filtered Multicast information Information including group, filtering mode (include or exclude), source address, and type (allow or deny) MLD Snooping Multicast Listener Discovery Snooping Status...
Page 44 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configuration Displays information about the active and alternate (backup) firmware images in the switch, and allows you to revert to the alternate image Save Saves or views the switch’s current configuration in XML format.
Page 45 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configuration Save Saves configuration settings to a file on the management station Upload Restores configuration settings from a file on the management station The Basic Configuration menu is a subset of Advanced Configuration.
Page 46 | Using the Web Interface HAPTER Navigating the Web Browser Interface – 46 –...
Page 47: Configuring The Switch
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION Use the System Information Configuration page to identify the system by configuring contact information, system name, and the location of the switch. Basic/Advanced Configuration, System, Information ARAMETERS These parameters are displayed: System Contact –...
Page 48: Setting An Ip Address
| Configuring the Switch HAPTER Setting an IP Address IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
Page 49: Setting An Ipv6 Address
| Configuring the Switch HAPTER Setting an IP Address IP Router – IP address of the gateway router between the switch and ◆ management stations that exist on other network segments. VLAN ID – ID of the configured VLAN. By default, all ports on the ◆...
Page 50 | Configuring the Switch HAPTER Setting an IP Address IPv6 includes two distinct address types - link-local unicast and global unicast. A link-local address makes the switch accessible over IPv6 for all devices attached to the same local subnet. Management traffic using this kind of address cannot be passed by any router outside of the subnet.
Page 51: Figure 5: Ipv6 Configuration
| Configuring the Switch HAPTER Setting an IP Address Address – Manually configures a global unicast address by specifying ◆ the full address and network prefix length (in the Prefix field). (Default: ::192.168.2.10) ◆ Prefix – Defines the prefix length as a decimal value indicating how many contiguous bits (starting at the left) of the address comprise the prefix;...
Page 52: Configuring Ntp Service
| Configuring the Switch HAPTER Configuring NTP Service NTP S ONFIGURING ERVICE Use the NTP Configuration page to specify the Network Time Protocol (NTP) servers to query for the current time. NTP allows the switch to set its internal clock based on periodic updates from an NTP time server. Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.
Page 53: Configuring The Time Zone And Daylight Savings Time
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time ONFIGURING THE ONE AND AYLIGHT AVINGS Use the Time Zone and Daylight Savings Time page to set the time zone and Daylight Savings Time. Time Zone – NTP/SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 54 | Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time Non-Recurring – Sets the start, end, and offset times of summer ■ time for the switch on a one-time basis. From – Start time for summer-time. ■ To –...
Page 55: Figure 7: Time Zone And Daylight Savings Time Configuration
| Configuring the Switch HAPTER Configuring the Time Zone and Daylight Savings Time Figure 7: Time Zone and Daylight Savings Time Configuration – 55 –...
Page 56: Configuring Remote Log Messages
| Configuring the Switch HAPTER Configuring Remote Log Messages ONFIGURING EMOTE ESSAGES Use the System Log Configuration page to send log messages to syslog servers or other management stations. You can also limit the event messages sent to specified types. Basic/Advanced Configuration, System, Log OMMAND SAGE...
Page 57: Configuring Power Reduction
| Configuring the Switch HAPTER Configuring Power Reduction ONFIGURING OWER EDUCTION The switch provides a power saving method that can power down the circuitry for port queues when not in use. Use the EEE Configuration page to configure Energy Efficient Ethernet EDUCING OWER TO (EEE) for specified queues, and to specify urgent queues which are to...
Page 58: Configuring Port Connections
| Configuring the Switch HAPTER Configuring Port Connections If required, also specify urgent queues which will be powered up once data is queued and the default wakeup time has passed. Click Save. Figure 9: Configuring EEE Power Reduction ONFIGURING ONNECTIONS Use the Port Configuration page to configure the connection parameters for each port.
Page 59 | Configuring the Switch HAPTER Configuring Port Connections ARAMETERS These parameters are displayed: Link – Indicates if the link is up or down. ◆ Speed – Sets the port speed and duplex mode using auto-negotiation ◆ or manual selection. The following options are supported: Disabled - Disables the interface.
Page 60 | Configuring the Switch HAPTER Configuring Port Connections Excessive Collision Mode – Sets the response to take when excessive ◆ transmit collisions are detected on a port. Discard - Discards a frame after 16 collisions (default). ■ Restart - Restarts the backoff algorithm after 16 collisions. ■...
Page 61: Configuring Security
| Configuring the Switch HAPTER Configuring Security Figure 10: Port Configuration ONFIGURING ECURITY You can configure this switch to authenticate users logging into the system for management access or to control client access to the data ports. Management Access Security (Switch menu) – Management access to the switch can be controlled through local authentication of user names and passwords stored on the switch, or remote authentication of users via a RADIUS or TACACS+ server.
Page 62: Configuring User Accounts
| Configuring the Switch HAPTER Configuring Security bindings for ARP packets, providing protection against ARP traffic with invalid MAC to IP address bindings, which forms the basis for “man-in-the- middle” attacks. Use the User Configuration page to control management access to the ONFIGURING switch based on manually configured user names and passwords.
Page 63: Configuring User Privilege Levels
| Configuring the Switch HAPTER Configuring Security 10 – read and write access of all system functions except for ■ maintenance and debugging 15 – read and write access of all system functions including ■ maintenance and debugging. NTERFACE To show user accounts: Click Advanced Configuration, Security, Switch, Users.
Page 64 | Configuring the Switch HAPTER Configuring Security Group Name – The name identifying a privilege group. In most cases, ◆ a privilege group consists of a single module (e.g., LACP, RSTP or QoS), but a few groups contains more than one module. The following describes the groups which contain multiple modules or access to various system settings: System: Contact, Name, Location, Timezone, Log.
Page 65: Configuring The Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security Figure 13: Configuring Privilege Levels Use the Authentication Method Configuration page to specify the ONFIGURING authentication method for controlling management access through the UTHENTICATION console, Telnet, SSH or HTTP/HTTPS. Access can be based on the (local) ETHOD user name and password configured on the switch, or can be controlled ANAGEMENT...
Page 66: Figure 14: Authentication Server Operation
| Configuring the Switch HAPTER Configuring Security Figure 14: Authentication Server Operation 1. Client attempts management access. 2. Switch contacts authentication server RADIUS/ 3. Authentication server challenges client. 4. Client responds with proper password or key TACACS+ 5. Authentication server approves access. server 6.
Page 67: Configuring Ssh
| Configuring the Switch HAPTER Configuring Security This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS and TACACS+ server software.
Page 68: Configuring Https
| Configuring the Switch HAPTER Configuring Security Advanced Configuration, Security, Switch, SSH SAGE UIDELINES You need to install an SSH client on the management station to access ◆ the switch for management via the SSH protocol. The switch supports both SSH Version 1.5 and 2.0 clients. SSH service on this switch only supports password authentication.
Page 69: Table 5: Https System Support
| Configuring the Switch HAPTER Configuring Security SAGE UIDELINES If you enable HTTPS, you must indicate this in the URL that you specify ◆ in your browser: https://device[:port-number] When you start HTTPS, the connection is established in this way: ◆ The client authenticates the server using the server's digital ■...
Page 70: Filtering Ip Addresses For Management Access
| Configuring the Switch HAPTER Configuring Security Figure 17: HTTPS Configuration Use the Access Management Configuration page to create a list of up to 16 ILTERING IP addresses or IP address groups that are allowed management access to DDRESSES FOR the switch through the web interface, or SNMP, or Telnet.
Page 71: Using Simple Network Management Protocol
| Configuring the Switch HAPTER Configuring Security Mark the protocols to restrict based on the specified address range. The following example shows how to restrict management access for all protocols to a specific address range. Click Save. Figure 18: Access Management Configuration Simple Network Management Protocol (SNMP) is a communication protocol SING IMPLE...
Page 72: Table 6: Snmp Security Models And Levels
| Configuring the Switch HAPTER Configuring Security MIB objects) and default groups defined for security models v1 and v2c. The following table shows the security models and levels available and the system default settings. Table 6: SNMP Security Models and Levels Model Level Community String...
Page 73 | Configuring the Switch HAPTER Configuring Security Version - Specifies the SNMP version to use. (Options: SNMP v1, ◆ SNMP v2c, SNMP v3; Default: SNMP v2c) Read Community - The community used for read-only access to the ◆ SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only; Default: public) This parameter only applies to SNMPv1 and SNMPv2c.
Page 74 | Configuring the Switch HAPTER Configuring Security 8 colon-separated 16-bit hexadecimal values. One double colon may be used to indicate the appropriate number of zeros required to fill the undefined fields. ◆ Trap Authentication Failure - Issues a notification message to specified IP trap managers whenever authentication of an SNMP request fails.
Page 75 | Configuring the Switch HAPTER Configuring Security To select a name from this field, first enter an SNMPv3 user with the same Trap Security Engine ID in the SNMPv3 Users Configuration menu (see "Configuring SNMPv3 Users" on page 77). NTERFACE To configure SNMP system and trap settings: Click Advanced Configuration, Security, Switch, SNMP, System.
Page 76: Figure 19: Snmp System Configuration
| Configuring the Switch HAPTER Configuring Security Figure 19: SNMP System Configuration SNMP ETTING OMMUNITY CCESS TRINGS Use the SNMPv3 Community Configuration page to set community access strings. All community strings used to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table.
Page 77: Users
| Configuring the Switch HAPTER Configuring Security Source IP - Specifies the source address of an SNMP client. ◆ Source Mask - Specifies the address mask for the SNMP client. ◆ NTERFACE To configure SNMP community access strings: Click Advanced Configuration, Security, Switch, SNMP, Communities. Set the IP address and mask for the default community strings.
Page 78 | Configuring the Switch HAPTER Configuring Security To send inform messages to an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides. The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host.
Page 79: Groups
| Configuring the Switch HAPTER Configuring Security Figure 21: SNMPv3 User Configuration SNMP ONFIGURING ROUPS Use the SNMPv3 Group Configuration page to configure SNMPv3 groups. An SNMPv3 group defines the access policy for assigned users, restricting them to specific read and write views as defined on the SNMPv3 Access Configuration page (page 81).
Page 80: Views
| Configuring the Switch HAPTER Configuring Security Enter a group name. Note that the views assigned to a group must be specified on the SNMP Accesses Configuration menu (see page 81). Click Save. Figure 22: SNMPv3 Group Configuration SNMP ONFIGURING IEWS Use the SNMPv3 View Configuration page to define views which restrict user access to specified portions of the MIB tree.
Page 81: Access
| Configuring the Switch HAPTER Configuring Security Figure 23: SNMPv3 View Configuration SNMP ONFIGURING ROUP CCESS IGHTS Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted access. You can assign more than one view to a group to specify access to different portions of the MIB tree.
Page 82: Remote Monitoring
| Configuring the Switch HAPTER Configuring Security Figure 24: SNMPv3 Access Configuration Remote Monitoring allows a remote device to collect information or EMOTE ONITORING respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
Page 83: Figure 25: Rmon Statistics Configuration
| Configuring the Switch HAPTER Configuring Security Data Source – Port identifier. ◆ NTERFACE To enable regular sampling of statistics on a port: Click Advanced Configuration, Security, Switch, RMON, Statistics. Click Add New Entry. Enter the index identifier and port number. Click Save.
Page 84: Figure 26: Rmon History Configuration
| Configuring the Switch HAPTER Configuring Security Buckets - The number of buckets requested for this entry. ◆ (Range: 1-3600; Default: 50) ◆ Buckets Granted - The number of buckets granted. NTERFACE To periodically sample statistics on a port: Click Advanced Configuration, Security, Switch, RMON, History. Click Add New Entry.
Page 85 | Configuring the Switch HAPTER Configuring Security Possible variables (ifEntry.n, where n = 10-21) include: InOctets, InUcastPkts, InNUcastPkts, InDiscards, InErrors, InUnknownProtos, OutOctets, OutUcastPkts, OutNUcastPkts, OutDiscards, OutErrors, and OutQLen. Sample Type – Tests for absolute or relative changes in the specified ◆...
Page 86: Figure 27: Rmon Alarm Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure an RMON alarm: Click Advanced Configuration, Security, Switch, RMON, Alarm. Click Add New Entry. Enter an index number, the polling interval, the MIB object to be polled (etherStatsEntry.n.n), the sample type, the alarm startup type, the thresholds, and the event to trigger.
Page 87: Configuring Port Limit Controls
| Configuring the Switch HAPTER Configuring Security Community – A password-like community string sent with the trap ◆ operation to SNMP v1 and v2c hosts. Although the community string can be set on this configuration page, it is recommended that it be defined on the SNMP trap configuration page (see "Setting SNMPv3 Community Access Strings"...
Page 88 | Configuring the Switch HAPTER Configuring Security With aging enabled, a timer is started once the end-host gets secured. When the timer expires, the switch starts looking for frames from the end-host, and if such frames are not seen within the next Aging Period, the end-host is assumed to be disconnected, and the corresponding resources are freed on the switch.
Page 89 | Configuring the Switch HAPTER Configuring Security Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, ■ both the “Trap” and the “Shutdown” actions described above will be taken. State – This column shows the current state of the port as seen from ◆...
Page 90: Configuring Authentication Through Network Access Servers
| Configuring the Switch HAPTER Configuring Security Figure 29: Port Limit Control Configuration Network switches can provide open and easy access to network resources ONFIGURING by simply attaching a client PC. Although this automatic configuration and UTHENTICATION access is a desirable feature, it also allows unauthorized personnel to easily HROUGH ETWORK intrude and possibly gain access to sensitive network data.
Page 91: Figure 30: Using Port Security
| Configuring the Switch HAPTER Configuring Security Figure 30: Using Port Security 802.1x client 1. Client attempts to access a switch port. 2. Switch sends client an identity request. RADIUS 3. Client sends back identity information. 4. Switch forwards this to authentication server. server 5.
Page 92 | Configuring the Switch HAPTER Configuring Security 802.1X / MAC-based authentication must be enabled globally for the ◆ switch. The Admin State for each switch port that requires client authentication ◆ must be set to 802.1X or MAC-based. When using 802.1X authentication: ◆...
Page 93 | Configuring the Switch HAPTER Configuring Security between the switch and the client, and therefore does not imply that a client is still present on a port (see Age Period below). Reauthentication Period - Sets the time period after which a ◆...
Page 94: Table 7: Dynamic Qos Profiles
| Configuring the Switch HAPTER Configuring Security whether RADIUS-assigned QoS Class is enabled for that port. When unchecked, RADIUS-server assigned QoS Class is disabled for all ports. When RADIUS-Assigned QoS is both globally enabled and enabled for a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated.
Page 95 | Configuring the Switch HAPTER Configuring Security For example, if the attribute is “map-ip-dscp=2:3;service-policy- in=p1,” then the switch ignores the “map-ip-dscp” profile. When authentication is successful, the dynamic QoS information ■ may not be passed from the RADIUS server due to one of the following conditions (authentication result remains unchanged): The Filter-ID attribute cannot be found to carry the user profile.
Page 96 | Configuring the Switch HAPTER Configuring Security If (re-)authentication fails or the RADIUS Access-Accept packet no longer carries a VLAN ID or it's invalid, or the supplicant is otherwise no longer present on the port, the port's VLAN ID is immediately reverted to the original VLAN ID (which may be changed by the administrator in the meanwhile without affecting the RADIUS-assigned setting).
Page 97 | Configuring the Switch HAPTER Configuring Security For trouble-shooting VLAN assignments, use the Monitor > VLANs > VLAN Membership and VLAN Port pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. Guest VLAN Operation When a Guest VLAN enabled port's link comes up, the switch starts transmitting EAPOL Request Identity frames.
Page 98 | Configuring the Switch HAPTER Configuring Security Admin State - If NAS is globally enabled, this selection controls the ◆ port's authentication mode. The following modes are available: Force Authorized - The switch sends one EAPOL Success frame ■ when the port link comes up. This forces the port to grant access to all clients, either dot1x-aware or otherwise.
Page 99 | Configuring the Switch HAPTER Configuring Security password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is converted to a string on the following form “xx-xx-xx-xx-xx-xx”, that is, a dash (-) is used as separator between the lower-cased hexadecimal digits.
Page 100 | Configuring the Switch HAPTER Configuring Security Guest VLAN Enabled - Enables or disables this feature for a given ◆ port. Refer to the description of this feature under the System Configure section. Port State - The current state of the port: ◆...
Page 101: Filtering Traffic With Access Control Lists
| Configuring the Switch HAPTER Configuring Security Figure 31: Network Access Server Configuration An Access Control List (ACL) is a sequential list of permit or deny ILTERING RAFFIC conditions that apply to IP addresses, MAC addresses, or other more WITH CCESS specific criteria.
Page 102 | Configuring the Switch HAPTER Configuring Security ARAMETERS These parameters are displayed: Port - Port Identifier. ◆ Policy ID - An ACL policy configured on the ACE Configuration page ◆ (page 106). (Range: 1-8; Default: 1, which is undefined) Action - Permits or denies a frame based on whether it matches a rule ◆...
Page 103: Figure 32: Acl Port Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure ACL policies and responses for a port: Click Advanced Configuration, Security, Network, ACL, Ports. Assign an ACL policy configured on the ACE Configuration page, specify the responses to invoke when a matching frame is seen, including the filter mode, copying matching frames to another port, logging matching frames, or shutting down the port.
Page 104: Access Control
| Configuring the Switch HAPTER Configuring Security Unit - Unit of measure. (Options: pps or kbps; Default: pps) ◆ NTERFACE To configure rate limits which can be applied to a port: Click Advanced Configuration, Security, Network, ACL, Rate Limiters. For any of the rate limiters, select the maximum ingress rate that will be supported on a port once a match has been found in an assigned ACL.
Page 105: List
| Configuring the Switch HAPTER Configuring Security The maximum number of ACL rules that can be configured on the ◆ switch is 128. The maximum number of ACL rules that can be bound to a port is 10. ◆ ACLs provide frame filtering based on any of the following criteria: ◆...
Page 106: Table 8: Qce Modification Buttons
| Configuring the Switch HAPTER Configuring Security The following buttons are used to edit or move the ACL entry (ACE): Table 8: QCE Modification Buttons Button Description Inserts a new ACE before the current row. Edits the ACE. Moves the ACE up the list. Moves the ACE down the list.
Page 107 | Configuring the Switch HAPTER Configuring Security A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX). ◆ ARP: MAC Parameters SMAC Filter - The type of source MAC address. (Options: Any, ■...
Page 108 | Configuring the Switch HAPTER Configuring Security protocol address length (PLN) settings. (Options: Any - any value is allowed, 0 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must not match this entry, 1 - ARP/RARP frames where the HLN is equal to Ethernet (0x06) and the (PLN) is equal to IPv4 (0x04) must match this entry;...
Page 109 | Configuring the Switch HAPTER Configuring Security TCP Parameters Source Port Filter - Specifies the TCP source filter for this rule. ■ (Options: Any, Specific (0-65535), Range (0-65535); Default: Any) Dest. Port Filter - Specifies the TCP destination filter for this ■...
Page 110 | Configuring the Switch HAPTER Configuring Security Any - any value is allowed, Yes - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must match this entry, No - IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not match this entry;...
Page 111 | Configuring the Switch HAPTER Configuring Security VLAN Parameters 802.1Q Tagged - Specifies whether or not frames should be 802.1Q ◆ tagged. (Options: Any, Disabled, Enabled; Default: Any) VLAN ID Filter - Specifies the VLAN to filter for this rule. ◆...
Page 112: Configuring Dhcp Snooping
| Configuring the Switch HAPTER Configuring Security Figure 34: Access Control List Configuration Use the DHCP Snooping Configuration page to filter IP traffic on insecure DHCP ONFIGURING ports for which the source address cannot be identified via DHCP snooping. NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 113 | Configuring the Switch HAPTER Configuring Security Network traffic may be disrupted when malicious DHCP messages are ◆ received from an outside source. DHCP snooping is used to filter DHCP messages received on a non-secure interface from outside the network or fire wall.
Page 114: Figure 35: Dhcp Snooping Configuration
| Configuring the Switch HAPTER Configuring Security receives an ACK message from a DHCP server. Also, when the switch sends out DHCP client packets for itself, no filtering takes place. However, when the switch receives any messages from a DHCP server, any packets received from untrusted ports are dropped.
Page 115: Configuring Dhcp Relay And Option 82 Information
| Configuring the Switch HAPTER Configuring Security Use the DHCP Relay Configuration page to configure DHCP relay service for DHCP ONFIGURING attached host devices. If a subnet does not include a DHCP server, you can ELAY AND PTION relay DHCP client requests to a DHCP server on another subnet. NFORMATION When DHCP relay is enabled and the switch sees a DHCP request broadcast, it inserts its own IP address into the request (so that the DHCP...
Page 116: Configuring Ip Source Guard
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure DHCP Relay: Click Advanced Configuration, Security, Network, DHCP, Relay. Enable the DHCP relay function, specify the DHCP server’s IP address, enable Option 82 information mode, and set the policy by which to handle relay information found in client packets.
Page 117 | Configuring the Switch HAPTER Configuring Security When enabled, traffic is filtered based upon dynamic entries learned via ◆ DHCP snooping (see "Configuring DHCP Snooping"), or static addresses configured in the source guard binding table. ◆ If IP source guard is enabled, an inbound packet’s IP address will be checked against the binding table.
Page 118: Figure 37: Configuring Global And Port-Based Settings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security dynamic clients is equal 0, the switch will only forward IP packets that are matched in static entries for a given port. (Default: Unlimited) NTERFACE To set the IP Source Guard filter for ports: Click Advanced Configuration, Security, Network, IP Source Guard, Configuration.
Page 119: Figure 38: Configuring Static Bindings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security If there is an entry with the same VLAN ID and MAC address, and ■ the type of entry is static IP source guard binding, then the new entry will replace the old one. If there is an entry with the same VLAN ID and MAC address, and ■...
Page 120: Configuring Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP Inspection is a security feature that validates the MAC Address ONFIGURING bindings for Address Resolution Protocol packets. It provides protection NSPECTION against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the-middle” attacks. This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded to the appropriate destination.
Page 121: Figure 39: Configuring Global And Port Settings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP I ONFIGURING LOBAL AND ETTINGS FOR NSPECTION Use the ARP Inspection Configuration page to enable ARP inspection globally for the switch and for any ports on which it is required. Advanced Configuration, Security, Network, ARP Inspection, Configuration ARAMETERS These parameters are displayed: Global Configuration...
Page 122: Figure 40: Configuring Static Bindings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security ARP I ONFIGURING TATIC INDINGS FOR NSPECTION Use the Static ARP Inspection Table to bind a static address to a port. Table entries include a port identifier, VLAN identifier, source MAC address in ARP request packets, and source IP address in ARP request packets.
Page 123: Specifying Authentication Servers
| Configuring the Switch HAPTER Configuring Security Use the Authentication Server Configuration page to control management PECIFYING access based on a list of user names and passwords configured on a UTHENTICATION RADIUS or TACACS+ remote access authentication server, and to ERVERS authenticate client access for IEEE 802.1X port authentication (see page...
Page 124: Figure 41: Authentication Configuration
| Configuring the Switch HAPTER Configuring Security NTERFACE To configure authentication for management access in the web interface: Click Advanced Configuration, Security, AAA. Configure the authentication method for management client types, the common server timing parameters, and address, UDP port, and secret key for each required RADIUS or TACACS+ server.
Page 125: Creating Trunk Groups
| Configuring the Switch HAPTER Creating Trunk Groups REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
Page 126: Configuring Static Trunks
| Configuring the Switch HAPTER Creating Trunk Groups Use the Aggregation Mode Configuration page to configure the aggregation ONFIGURING TATIC mode and members of each static trunk group. RUNKS Basic/Advanced Configuration, Aggregation, Static SAGE UIDELINES When configuring static trunks, you may not be able to link switches of ◆...
Page 127 | Configuring the Switch HAPTER Creating Trunk Groups Destination MAC Address – All traffic with the same destination ■ MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is destined for many different hosts.
Page 128: Configuring Lacp
| Configuring the Switch HAPTER Creating Trunk Groups Figure 42: Static Trunk Configuration Use the LACP Port Configuration page to enable LACP on selected ports, LACP ONFIGURING configure the administrative key, and the protocol initiation mode. Basic/Advanced Configuration, Aggregation, LACP SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before...
Page 129 | Configuring the Switch HAPTER Creating Trunk Groups Trunks dynamically established through LACP will be shown on the ◆ LACP System Status page (page 257) and LACP Port Status (page 257) pages under the Monitor menu. ◆ Ports assigned to a common link aggregation group (LAG) must meet the following criteria: Ports must have the same LACP Admin Key.
Page 130: Configuring Loop Protection
| Configuring the Switch HAPTER Configuring Loop Protection Figure 43: LACP Port Configuration ONFIGURING ROTECTION Use the Loop Protection page to detect general loopback conditions caused by hardware problems or faulty protocol settings. When enabled, a control frame is transmitted on the participating ports, and the switch monitors inbound traffic to see if the frame is looped back.
Page 131 | Configuring the Switch HAPTER Configuring Loop Protection Loopback detection must be enabled both globally and on an interface ◆ for loopback detection to take effect. ARAMETERS These parameters are displayed: Global Configuration Enable Loop Protection – Enables loopback detection globally on the ◆...
Page 132: Configuring The Spanning Tree Algorithm
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 44: Loop Protection Configuration ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Page 133: Figure 45: Stp Root Ports And Designated Ports
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 45: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 134: Configuring Global Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Level and Configuration Digest – see "Configuring Multiple Spanning Trees" on page 138). An MST Region may contain multiple MSTP Instances. An Internal Spanning Tree (IST) is used to connect all the MSTP switches within an MST region.
Page 135 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Rapid Spanning Tree Protocol ◆ RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: STP Mode –...
Page 136 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm priority, the device with the lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.) Default: 128 ■ Range: 0-240, in steps of 16 ■...
Page 137: Figure 48: Sta Bridge Configuration
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm administrative edge is enabled on a port. BDPU filtering is configured on a per-port basis. (Default: Disabled) Edge Port BPDU Guard – This feature protects edge ports from ◆ receiving BPDUs. It prevents loops by shutting down an edge port when a BPDU is received instead of putting it into the spanning tree discarding state.
Page 138: Configuring Multiple Spanning Trees
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Use the MSTI Mapping page to add VLAN groups to an MSTP instance ONFIGURING (MSTI), or to designate the name and revision of the VLAN-to-MSTI ULTIPLE PANNING mapping used on this switch. REES Basic/Advanced Configuration, Spanning Tree, MSTI Mapping OMMAND...
Page 139: Figure 49: Adding A Vlan To An Mst Instance
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm MSTI Mapping MSTI – Instance identifier to configure. The CIST is not available for ◆ explicit mapping, as it will receive the VLANs not explicitly mapped. (Range: 1-7) VLANs Mapped – VLANs to assign to this MST instance. The VLANs ◆...
Page 140: Configuring Spanning Tree Bridge Priorities
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Use the MSTI Priorities page to configure the bridge priority for the CIST ONFIGURING and any configured MSTI. Remember that RSTP looks upon each MST PANNING Instance as a single bridge node. RIDGE RIORITIES Basic/Advanced Configuration, Spanning Tree, MSTI Properties...
Page 141: Configuring Stp/Rstp/Cist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Use the CIST Ports Configuration page to configure STA attributes for ONFIGURING interfaces when the spanning tree mode is set to STP or RSTP, or for STP/RSTP/CIST interfaces in the CIST. STA interface attributes include path cost, port NTERFACES priority, edge port (for fast forwarding), automatic detection of an edge port, and point-to-point link type.
Page 142: Table 10: Recommended Sta Path Costs
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Table 10: Recommended STA Path Costs Port Type Link Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,999,999 Trunk 1,000,000 Fast Ethernet Half Duplex 200,000 Full Duplex 100,000 Trunk 50,000...
Page 143 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm tree priority. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, this can cause a lack of spanning tree connectivity. It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology, possibly because those bridges are not under the full control of the administrator.
Page 144: Configuring Msti Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To configure settings for STP/RSTP/CIST interfaces: Click Configuration, Spanning Tree, CIST Ports. Modify the required attributes. Click Save. Figure 51: STP/RSTP/CIST Port Configuration Use the MSTI Ports Configuration page to configure STA attributes for MSTI ONFIGURING interfaces in a specific MSTI, including path cost, and port priority.
Page 145: Multicast Vlan Registration
| Configuring the Switch HAPTER Multicast VLAN Registration By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown in Table Table 10 Table Priority – Defines the priority used for this port in the Spanning Tree ◆...
Page 146: Configuring General Mvr Settings
| Configuring the Switch HAPTER Multicast VLAN Registration MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong. Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN, users in different IEEE 802.1Q or private VLANs cannot exchange any information (except through upper-level routing services).
Page 147 | Configuring the Switch HAPTER Multicast VLAN Registration hosts can issue multicast leave messages. Immediate leave therefore cannot be used for IGMP version 1 clients. ARAMETERS These parameters are displayed: MVR Configuration MVR Mode – When MVR is enabled on the switch, any multicast data ◆...
Page 148 | Configuring the Switch HAPTER Multicast VLAN Registration Inactive (I) – The designated port does not participate in MVR ■ operations. (This is the default.) Source (S) – Configures uplink ports to receive and send multicast ■ data as source ports. Subscribers cannot be directly connect to source ports.
Page 149: Configuring Mvr Channel Settings
| Configuring the Switch HAPTER Multicast VLAN Registration Click “Add New MVR VLAN,” enter MVR VLAN ID, set the operating mode to control whether or not membership reports are sent from source ports, specify whether or not control frames are tagged with the MVR ID, set the priority and last member query interval.
Page 150: Configuring Mvr Channel Settings
| Configuring the Switch HAPTER Multicast VLAN Registration multicast groups must be statically assigned using this configuration page. The IPv4 address range from 224.0.0.0 to 239.255.255.255 is used for ◆ multicast streams. MVR group addresses cannot fall within the reserved IP multicast address range of 224.0.0.x.
Page 151: Igmp Snooping
| Configuring the Switch HAPTER IGMP Snooping IGMP S NOOPING Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 152 | Configuring the Switch HAPTER IGMP Snooping ARAMETERS These parameters are displayed: Global Configuration ◆ Snooping Enabled - When enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic. (Default: Enabled) This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers/switches and IP multicast host groups to identify the IP multicast group members.
Page 153 | Configuring the Switch HAPTER IGMP Snooping from an upstream multicast router to hosts downstream from this device. When proxy reporting is disabled, all IGMP reports received by the switch are forwarded natively to the upstream multicast routers. Port Related Configuration Port –...
Page 154: Configuring Vlan Settings For Igmp Snooping And Query
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure global and port-related settings for IGMP Snooping: Click Configuration, IPMC, IGMP Snooping, Basic Configuration. Adjust the IGMP settings as required. Click Save. Figure 56: Configuring Global and Port-related Settings for IGMP Snooping Use the IGMP Snooping VLAN Configuration page to configure IGMP VLAN ONFIGURING...
Page 155 | Configuring the Switch HAPTER IGMP Snooping A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/ switch on the LAN performing IP multicasting, one of these devices is elected “querier”...
Page 156: Configuring Igmp Filtering
| Configuring the Switch HAPTER IGMP Snooping URI - The Unsolicited Report Interval specifies how often the upstream ◆ interface should transmit unsolicited IGMP reports when report suppression/proxy reporting is enabled. (Range: 0-31744 seconds, Default: 1 second) NTERFACE To configure VLAN settings for IGMP snooping and query: Click Configuration, IPMC, IGMP Snooping, VLAN Configuration.
Page 157: Mld Snooping
| Configuring the Switch HAPTER MLD Snooping Enter the IP address of the multicast service to be filtered. Click Save. Figure 58: IGMP Snooping Port Group Filtering Configuration MLD S NOOPING Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4.
Page 158 | Configuring the Switch HAPTER MLD Snooping ARAMETERS These parameters are displayed: Global Configuration ◆ Snooping Enabled - When enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic. (Default: Disabled) This switch can passively snoop on MLD Listener Query and Report packets transferred between IP multicast routers/switches and IP multicast host groups to identify the IP multicast group members.
Page 159 | Configuring the Switch HAPTER MLD Snooping Port Related Configuration Port – Port identifier. ◆ Router Port - Sets a port to function as a router port, which leads ◆ towards a Layer 3 multicast device or MLD querier. (Default: Disabled) If MLD snooping cannot locate the MLD querier, you can manually designate a port which is connected to a known MLD querier (i.e., a multicast router/switch).
Page 160: Configuring Vlan Settings For Mld Snooping And Query
| Configuring the Switch HAPTER MLD Snooping Figure 59: Configuring Global and Port-related Settings for MLD Snooping Use the MLD Snooping VLAN Configuration page to configure MLD snooping VLAN ONFIGURING and query for a VLAN interface ETTINGS FOR NOOPING AND UERY Advanced Configuration, IPMC, MLD Snooping, VLAN Configuration ARAMETERS...
Page 161 | Configuring the Switch HAPTER MLD Snooping members. It then propagates the service requests on to any upstream multicast router/switch to ensure that it will continue to receive the multicast service. An IPv6 address must be configured on the VLAN interface from which the querier will act if elected.
Page 162: Configuring Mld Filtering
| Configuring the Switch HAPTER MLD Snooping This attribute will take effect only if MLD snooping proxy reporting is enabled (see page 157). URI - The Unsolicited Report Interval specifies how often the upstream ◆ interface should transmit unsolicited MLD reports when report suppression/proxy reporting is enabled.
Page 163: Link Layer Discovery Protocol
| Configuring the Switch HAPTER Link Layer Discovery Protocol Click Add New Filtering Group to display a new entry in the table. Select the port to which the filter will be applied. Enter the IP address of the multicast service to be filtered. Click Save.
Page 164 | Configuring the Switch HAPTER Link Layer Discovery Protocol Tx Hold – Configures the time-to-live (TTL) value sent in LLDP ◆ advertisements as shown in the formula below. (Range: 2-10; Default: 3) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner.
Page 165 | Configuring the Switch HAPTER Link Layer Discovery Protocol If all ports have CDP awareness disabled, the switch forwards CDP frames received from neighbor devices. If at least one port has CDP awareness enabled, all CDP frames are terminated by the switch. When CDP awareness for a port is disabled, the CDP information is not removed immediately, but will be removed when the hold time is exceeded.
Page 166: Configuring Lldp-Med Tlvs
| Configuring the Switch HAPTER Link Layer Discovery Protocol Specify the information to include in the TLV field of advertised messages. Click Save. Figure 62: LLDP Configuration Use the LLDP-MED Configuration page to set the device information which LLDP- ONFIGURING is advertised for end-point devices.
Page 167 | Configuring the Switch HAPTER Link Layer Discovery Protocol particular endpoint types (for example only advertise the voice network policy to permitted voice-capable devices), both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy.
Page 168 | Configuring the Switch HAPTER Link Layer Discovery Protocol Map Datum – The Map Datum used for the coordinates given in this ◆ Option. WGS84: (Geographical 3D) - World Geodesic System 1984, CRS ■ Code 4327, Prime Meridian Name: Greenwich. NAD83/NAVD88: North American Datum 1983, CRS Code 4269, ■...
Page 169 | Configuring the Switch HAPTER Link Layer Discovery Protocol Postal community name - Postal community name. ■ (Example: Leonia) P.O. Box - Post office box (P.O. BOX). (Example: 12345) ■ Additional code - Additional code. (Example: 1320300003) ■ Emergency Call Service – Emergency Call Service (e.g. 911 and ◆...
Page 170 | Configuring the Switch HAPTER Link Layer Discovery Protocol Policy ID – ID for the policy. This is auto generated and will be ■ used when selecting the polices that will be mapped to the specific ports. Application Type – Intended use of the application types: ■...
Page 171 | Configuring the Switch HAPTER Link Layer Discovery Protocol Tagged indicates that the device is using the IEEE 802.1Q tagged frame format, and that both the VLAN ID and the Layer 2 priority values are being used, as well as the DSCP value. The tagged format includes an additional field, known as the tag header.
Page 172: Configuring The Mac Address Table
| Configuring the Switch HAPTER Configuring the MAC Address Table Figure 63: LLDP-MED Configuration MAC A ONFIGURING THE DDRESS ABLE Use the MAC Address Table Configuration page to configure dynamic address learning or to assign static addresses to specific ports. Switches store the addresses for all known devices.
Page 173 | Configuring the Switch HAPTER Configuring the MAC Address Table Aging Time - The time after which a learned entry is discarded. ◆ (Range: 10-1000000 seconds; Default: 300 seconds) MAC Table Learning Auto - Learning is done automatically as soon as a frame with an ◆...
Page 174: Ieee 802.1Q Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Figure 64: MAC Address Table Configuration IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.
Page 175: Assigning Ports To Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Distributed VLAN learning across multiple switches using explicit or ◆ implicit tagging ◆ Port overlapping, allowing a port to participate in multiple VLANs ◆ End stations can belong to multiple VLANs Passing traffic between VLAN-aware and VLAN-unaware devices ◆...
Page 176: Configuring Vlan Attributes For Port Members
| Configuring the Switch HAPTER IEEE 802.1Q VLANs NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLANs, VLAN Membership. Change the ports assigned to the default VLAN (VLAN 1) if required. To configure a new VLAN, click Add New VLAN, enter the VLAN ID, and then mark the ports to be assigned to the new group.
Page 177 | Configuring the Switch HAPTER IEEE 802.1Q VLANs Port Type – Configures how a port processes the VLAN ID in ingress ◆ frames. (Default: Unaware) C-port – For customer ports, each frame is assigned to the VLAN ■ indicated in the VLAN tag, and the tag is removed. S-port –...
Page 178 | Configuring the Switch HAPTER IEEE 802.1Q VLANs are classified to the Port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID, a VLAN tag with the classified VLAN ID is inserted in the frame. When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags.
Page 179: Configuring Private Vlans
| Configuring the Switch HAPTER Configuring Private VLANs Figure 66: VLAN Port Configuration VLAN ONFIGURING RIVATE Use the Private VLAN Membership Configuration page to assign port members to private VLANs. Private VLANs provide port-based security and isolation between ports within the assigned VLAN. Data traffic on ports assigned to a private VLAN can only be forwarded to, and from, uplink ports (that is, ports configured as members of both a standard IEEE 802.1Q VLAN and the private VLAN).
Page 180: Figure 67: Private Vlan Membership Configuration
| Configuring the Switch HAPTER Configuring Private VLANs One example of how private VLANs can be used is in servicing multi-tenant dwellings. If all of the tenants are assigned to a private VLAN, then no traffic can pass directly between the tenants on the local switch. Communication with the outside world is restricted to the uplink ports which may connect to one or more service providers (such as Internet, IPTV, or VOIP).
Page 181: Using Port Isolation
| Configuring the Switch HAPTER Using Port Isolation SING SOLATION Use the Port Isolation Configuration page to prevent communications between customer ports within the same private VLAN. Ports within a private VLAN (PVLAN) are isolated from other ports which are not in the same PVLAN. Port Isolation can be used to prevent communications between ports within the same PVLAN.
Page 182 | Configuring the Switch HAPTER Configuring MAC-based VLANs OMMAND SAGE Source MAC addresses can be mapped to only one VLAN ID. ◆ Configured MAC addresses cannot be broadcast or multicast addresses. ◆ When MAC-based and protocol-based VLANs are both enabled, priority ◆...
Page 183: Protocol Vlans
| Configuring the Switch HAPTER Protocol VLANs VLAN ROTOCOL The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 184: Figure 70: Configuring Protocol Vlans
| Configuring the Switch HAPTER Protocol VLANs LLC – Includes the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) values. (Range: 0x00-0xff; Default: 0xff) SNAP – Includes OUI (Organizationally Unique Identifier) and PID (Protocol ID) values: OUI – A value in the format of xx-xx-xx where each pair (xx) in the ■...
Page 185: Mapping Protocol Groups To Ports
| Configuring the Switch HAPTER Protocol VLANs Use the Group Name to VLAN Mapping Table to map a protocol group to a APPING ROTOCOL VLAN for each interface that will participate in the group. ROUPS TO ORTS Advanced Configuration, VCL, Protocol-based VLANs, Group to VLAN OMMAND SAGE When creating a protocol-based VLAN, only assign interfaces using this...
Page 186: Configuring Ip Subnet-Based Vlans
| Configuring the Switch HAPTER Configuring IP Subnet-based VLANs Figure 71: Assigning Ports to Protocol VLANs IP S VLAN ONFIGURING UBNET BASED Use the IP Subnet-based VLAN Membership Configuration page to map untagged ingress frames to a specified VLAN if the source address is found in the IP subnet-to-VLAN mapping table.
Page 187: Managing Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic ARAMETERS These parameters are displayed: VCE ID – Index of the entry. (Range: 0-256, where 0 auto-generates ◆ the index number for an entry) ◆ IP Address – The IP address for a subnet. Valid IP addresses consist of four decimal numbers, 0 to 255, separated by periods.
Page 188: Configuring Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic The switch allows you to specify a Voice VLAN for the network and set a service priority for the VoIP traffic. VoIP traffic can be detected on switch ports by using the source MAC address of packets, or by using LLDP (IEEE 802.1ab) to discover connected VoIP devices.
Page 189 | Configuring the Switch HAPTER Managing VoIP Traffic Port Configuration Mode – Specifies if the port will be added to the Voice VLAN. ◆ (Default: Disabled) Disabled – The Voice VLAN feature is disabled on the port. The port ■ will not detect VoIP traffic or be added to the Voice VLAN.
Page 190: Configuring Telephony Oui
| Configuring the Switch HAPTER Managing VoIP Traffic Click Save. Figure 73: Configuring Global and Port Settings for a Voice VLAN Use the Voice VLAN OUI Table to identify VoIP devices attached to the ONFIGURING switch. VoIP devices can be identified by the manufacturer’s Organizational ELEPHONY Unique Identifier (OUI) in the source MAC address of received packets.
Page 191: Quality Of Service
| Configuring the Switch HAPTER Quality of Service Click “Add new entry.” Enter a MAC address that specifies the OUI for VoIP devices in the network, and enter a description for the devices. Click Save. Figure 74: Configuring an OUI Telephony List UALITY OF ERVICE All switches or routers that access the Internet rely on class information to...
Page 192: Configuring Port Classification
| Configuring the Switch HAPTER Quality of Service Use the QoS Ingress Port Classification page to set the basic QoS ONFIGURING parameters for a port, including the default traffic class, DP level (IEEE LASSIFICATION 802.1p), user priority, drop eligible indicator, classification mode for tagged frames, and DSCP-based QoS classification.
Page 193: Figure 75: Configuring Ingress Port Qos Classification
| Configuring the Switch HAPTER Quality of Service QoS class – Controls the mapping of classified (PCP, DEI) to QoS class ◆ values when Tag Classification is Enabled. (Range: 0-7; Default: 0) DP level – Controls the mapping of classified (PCP, DEI) to DP level ◆...
Page 194: Configuring Port Policiers
| Configuring the Switch HAPTER Quality of Service Set the tag classification mode to Disabled to use the default QoS class and DP level for tagged frames, or to Enabled to use the mapped versions of PCP and DEI for tagged frames. Click Save.
Page 195: Figure 77: Configuring Ingress Port Policing
| Configuring the Switch HAPTER Quality of Service Enabled – Enables or disables port policing on a port. ◆ Rate – Controls the maximum rate for frames entering the ingress ◆ queue for a port. (Range: 100-1,000,000 kbps/fps, 1-3.300 Mbps/kfps; Default: 500 for all units of measure) Unit –...
Page 196: Configuring Egress Port Scheduler
| Configuring the Switch HAPTER Quality of Service Use the QoS Egress Port Schedulers page to show an overview of the QoS ONFIGURING GRESS Egress Port Schedulers, including the queue mode and weight. Click on any CHEDULER of the entries in the Port field to configure egress queue mode, queue shaper (rate and access to excess bandwidth), and port shaper.
Page 197: Figure 78: Displaying Egress Port Schedulers
| Configuring the Switch HAPTER Quality of Service Weight – A weight assigned to each of the queues (and thereby to ■ the corresponding traffic priorities). This weight sets the frequency at which each queue is polled for service, and subsequently affects the response time for software applications assigned a specific priority value.
Page 198: Configuring Egress Port Shaper
| Configuring the Switch HAPTER Quality of Service To configure the scheduler mode, the egress queue mode, queue shaper, and port shaper used by egress ports: Click Advanced Configuration, QoS, Port Scheduler. Click on any of the entries in the Port field. Set the scheduler mode, the queue shaper, queue scheduler (when the scheduler mode is set to Weighted), and the port shaper.
Page 199: Configuring Port Remarking Mode
| Configuring the Switch HAPTER Quality of Service ARAMETERS These parameters are displayed: Displaying QoS Egress Port Schedulers Port – Port identifier. ◆ Shapers – Shows the queue shaper rate and port shaper rate. ◆ Configuring QoS Egress Port Scheduler, Queue Scheduler and Port Shapers This configuration page can be access from the Port Scheduler or Port Shaper page.
Page 200 | Configuring the Switch HAPTER Quality of Service Advanced Configuration, QoS, Port Tag Remarking ARAMETERS These parameters are displayed: Displaying Port Remarking Mode Port – Port identifier. ◆ ◆ Mode – Shows the tag remarking mode used by this port: Classified –...
Page 201: Figure 81: Displaying Port Tag Remarking Mode
| Configuring the Switch HAPTER Quality of Service Figure 81: Displaying Port Tag Remarking Mode To configure the tag remarking mode: Click Configuration, QoS, Port Tag Remarking. Click on any of the entries in the Port field. Set the tag remarking mode and any parameters associated with the selected mode.
Page 202: Configuring Port Dscp Translation And Rewriting
| Configuring the Switch HAPTER Quality of Service Figure 82: Configuring Port Tag Remarking Mode Use the QoS Port DSCP Configuration page to configure ingress translation ONFIGURING and classification settings and egress re-writing of DSCP values. DSCP T RANSLATION EWRITING Advanced Configuration, QoS, Port DSCP ARAMETERS These parameters are displayed:...
Page 203 | Configuring the Switch HAPTER Quality of Service Ingress Translate – Enables ingress translation of DSCP values based ◆ on the specified classification method. Ingress Classify – Specifies the classification method: ◆ Disable – No Ingress DSCP Classification is performed. ■...
Page 204: Configuring Dscp-Based Qos Ingress Classification
| Configuring the Switch HAPTER Quality of Service Use the DSCP-Based QoS Ingress Classification page to configure DSCP- DSCP- ONFIGURING based QoS ingress classification settings. BASED NGRESS LASSIFICATION Advanced Configuration, QoS, DSCP-Based QoS ARAMETERS These parameters are displayed: ◆ DSCP – DSCP value in ingress packets. (Range: 0-63) Trust –...
Page 205: Configuring Dscp Translation
| Configuring the Switch HAPTER Quality of Service Figure 84: Configuring DSCP-based QoS Ingress Classification ..Use the DSCP Translation page to configure DSCP translation for ingress DSCP ONFIGURING traffic or DSCP re-mapping for egress traffic. RANSLATION Advanced Configuration, QoS, DSCP Translation ARAMETERS...
Page 206: Configuring Dscp Classification
| Configuring the Switch HAPTER Quality of Service NTERFACE To configure DSCP translation or re-mapping: Click Advanced Configuration, QoS, DSCP Translation. Set the required ingress translation and egress re-mapping parameters. Click Save. Figure 85: Configuring DSCP Translation and Re-mapping . . . Use the DSCP Classification page to map DSCP values to a QoS class and DSCP ONFIGURING...
Page 207: Configuring Qos Control Lists
| Configuring the Switch HAPTER Quality of Service NTERFACE To map DSCP values to a QoS class and drop precedence level: Click Advanced Configuration, QoS, DSCP Classification. Map key DSCP values to a corresponding QoS class and drop precedence level. Click Save.
Page 208: Table 12: Qce Modification Buttons
| Configuring the Switch HAPTER Quality of Service Frame Type – Indicates the type of frame to look for in incoming ◆ frames. Possible frame types are: Any, Ethernet, LLC, SNAP, IPv4, IPv6. SMAC - The OUI field of the source MAC address, i.e. the first three ◆...
Page 209 | Configuring the Switch HAPTER Quality of Service SMAC – The OUI field of the source MAC address. Enter the first three ◆ octets (bytes) of the MAC address, or Any. DMAC Type – The type of destination MAC address. (Options: Any, BC ◆...
Page 210 | Configuring the Switch HAPTER Quality of Service and 255. When the mask is converted to a 32-bit binary string and read from left to right, all bits following the first zero must also be zero IP Fragment – Indicates whether or not fragmented packets ■...
Page 211: Configuring Storm Control
| Configuring the Switch HAPTER Quality of Service Click Save. Figure 87: QoS Control List Configuration Use the Storm Control Configuration page to set limits on broadcast, ONFIGURING TORM multicast and unknown unicast traffic to control traffic storms which may ONTROL occur when a network device is malfunctioning, the network is not properly configured, or application programs are not well designed or properly...
Page 212: Figure 88: Storm Control Configuration
| Configuring the Switch HAPTER Quality of Service ARAMETERS These parameters are displayed: Frame Type - Specifies broadcast, multicast or unknown unicast ◆ traffic. ◆ Enable - Enables or disables storm control. (Default: Disabled) Rate (pps) - The threshold above which packets are dropped. This limit ◆...
Page 213: Configuring Local Port Mirroring
| Configuring the Switch HAPTER Configuring Local Port Mirroring ONFIGURING OCAL IRRORING Use the Mirroring & RSPAN Configuration page to mirror traffic from any local source port to a target port on the same switch for real-time analysis. You can then attach a logic analyzer or Source Single port(s)
Page 214: Configuring Remote Port Mirroring
| Configuring the Switch HAPTER Configuring Remote Port Mirroring NTERFACE To configure local port mirroring: Click Basic/Advanced Configuration, Mirroring & RSPAN. Set the Mode to Enabled, and the Type to Mirror. Set the type of traffic to mirror on the Source ports to be monitored. Select to the Destination port to which all mirrored traffic will be sent.
Page 215: Figure 90: Configuring Remote Port Mirroring
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Figure 90: Configuring Remote Port Mirroring Intermediate Switch Intermediate Switch RPSAN VLAN Uplink Port Uplink Port Destination Switch Source Switch Source Port Uplink Port Uplink Port Destination Port Ingress or egress traffic Tagged or untagged traffic is mirrored onto the RSPAN from the RSPAN VLAN is...
Page 216 | Configuring the Switch HAPTER Configuring Remote Port Mirroring session is allowed, either local or remote. Also, note that the source port and destination port cannot be configured on the same switch. MAC address learning is not supported on RSPAN uplink ports ■...
Page 217: Figure 91: Mirror Configuration (Source)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring Intermediate – Uplink ports to intermediate switches. ◆ MAC Table learning must be disabled on intermediate ports. ◆ Destination Port – Specifies the destination port to monitor the traffic mirrored from source ports. A destination port can be configured on more than one switch for the same session.
Page 218: Figure 92: Mirror Configuration (Intermediate)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring To configure remote port mirroring for an RSPAN intermediate switch: Click Basic/Advanced Configuration, Mirroring & RSPAN. Set the Mode to Enabled, and the Type to Intermediate. Select the intermediate ports through which all mirrored traffic will be forwarded to other switches.
Page 219: Figure 93: Mirror Configuration (Destination)
| Configuring the Switch HAPTER Configuring Remote Port Mirroring To configure remote port mirroring for an RSPAN destination switch: Click Basic/Advanced Configuration, Mirroring & RSPAN. Set the Mode to Enabled, and the Type to destination. Select the intermediate ports to add to the RSPAN VLAN, which will then pass traffic on to the destination ports.
Page 220: Configuring Upnp
Using UPnP under Windows XP - To access or manage the switch with the aid of UPnP under Windows XP, open My Network Places in the Explore file manager. An entry for “GEL-2670” will appear in the list of discovered devices. Double-click on this entry to access the switch's web management interface.
Page 221: Configuring Sflow
| Configuring the Switch HAPTER Configuring sFlow control points how often it or they should receive a SSDP advertisement message from this switch. Due to the unreliable nature of UDP, the switch sends SSDP messages periodically at the interval one-half of the advertising duration minus 30 seconds.
Page 222 | Configuring the Switch HAPTER Configuring sFlow Identification and tracing of unauthorized network activity ◆ Usage accounting ◆ Trending and capacity planning ◆ Advanced Configuration, UPnP ARAMETERS These parameters are displayed: Receiver Configuration Owner – sFlow can be configured in two ways: Through local ◆...
Page 223 | Configuring the Switch HAPTER Configuring sFlow Max. Datagram Size – Maximum size of the sFlow datagram payload. ◆ This should be set to a value that avoids fragmentation of the sFlow datagrams. (Range: 200-1468 bytes; Default: 1400 bytes) Port Configuration Port –...
Page 224: Figure 95: Sflow Configuration
| Configuring the Switch HAPTER Configuring sFlow Figure 95: sFlow Configuration – 224 –...
Page 225: Monitoring The Switch
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
Page 226: Displaying Cpu Utilization
| Monitoring the Switch HAPTER Displaying Basic Information About the System Software Software Version – Version number of runtime code. ◆ ◆ Software Date – Release date of the switch software. Code Revision – Version control identifier of the switch software. ◆...
Page 227: Displaying Log Messages
| Monitoring the Switch HAPTER Displaying Basic Information About the System NTERFACE To display CPU utilization: Click System, then CPU Load. Figure 97: CPU Load Use the System Log Information page to scroll through the logged system ISPLAYING and event messages. ESSAGES Monitor, System, Log ARAMETERS...
Page 228: Figure 98: System Log Information
| Monitoring the Switch HAPTER Displaying Basic Information About the System Table Headings ID – Error ID. ◆ ◆ Level – Error level as described above. Time – The time of the system log entry. ◆ Message – The message text of the system log entry. ◆...
Page 229: Displaying Log Details
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Detailed Log page to view the full text of specific log messages. ISPLAYING ETAILS Monitor, System, Detailed Log NTERFACE To display the text of a specific log message, click Monitor, System, Detailed Log.
Page 230: Displaying An Overview Of Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Port Statistics Overview page to display a summary of basic ISPLAYING AN information on the traffic crossing each port. VERVIEW OF TATISTICS Monitor, Ports, Traffic Overview ARAMETERS These parameters are displayed: ◆...
Page 231: Displaying Qos Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Queuing Counters page to display the number of packets ISPLAYING processed by each service queue. TATISTICS Monitor, Ports, QoS Statistics ARAMETERS These parameters are displayed: ◆ Port – Port identifier. Q# Receive/Transmit –...
Page 232: Figure 103: Qos Control List Status
| Monitoring the Switch HAPTER Displaying Information About Ports ARAMETERS These parameters are displayed: User – Indicates the user (static entry, software module, or conflicting ◆ entry) of this QCE. The information displayed in this field depends on the option selected in the drop-down list at the top of this page (Combined, Static, Voice VLAN, Conflict).
Page 233: Displaying Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports Use the Detailed Port Statistics page to display detailed statistics on ISPLAYING ETAILED network traffic. This information can be used to identify potential problems TATISTICS with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot, and are shown as counts per second.
Page 234 | Monitoring the Switch HAPTER Displaying Information About Ports Rx Fragments – The total number of frames received that were ■ less than 64 octets in length (excluding framing bits, but including FCS octets) and had either an FCS or alignment error. Rx Jabber –...
Page 235: Figure 104: Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 104: Detailed Port Statistics – 235 –...
Page 236: Displaying Information About Security Settings
| Monitoring the Switch HAPTER Displaying Information About Security Settings ISPLAYING NFORMATION BOUT ECURITY ETTINGS You can use the Monitor/Security menu to display statistics on management traffic, security controls for client access to the data ports, and the status of remote authentication access servers. Use the Access Management Statistics page to view statistics on traffic ISPLAYING CCESS...
Page 237: Displaying Information About Switch Settings For Port Security
| Monitoring the Switch HAPTER Displaying Information About Security Settings Use the Port Security Switch Status page to show information about MAC ISPLAYING address learning for each port, including the software module requesting NFORMATION BOUT port security services, the service state, the current number of learned WITCH ETTINGS FOR addresses, and the maximum number of secure addresses allowed.
Page 238: Figure 106: Port Security Switch Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings Limit Reached: The Port Security service is enabled by at least the ■ Limit Control user module, and that module has indicated that the limit is reached and no more MAC addresses should be taken in. Shutdown: The Port Security service is enabled by at least the Limit ■...
Page 239: Displaying Information About Learned Mac Addresses
| Monitoring the Switch HAPTER Displaying Information About Security Settings Use the Port Security Port Status page to show the entries authorized by ISPLAYING port security services, including MAC address, VLAN ID, time added to NFORMATION BOUT table, age, and hold state. EARNED DDRESSES Monitor, Security, Network, Port Security, Port...
Page 240: Displaying Port Status For Authentication Services
| Monitoring the Switch HAPTER Displaying Information About Security Settings Use the Network Access Server Switch Status page to show the port status ISPLAYING for authentication services, including 802.1X security state, last source TATUS FOR address used for authentication, and last ID. UTHENTICATION ERVICES Monitor, Security, Network, NAS, Switch...
Page 241: Displaying Port State For 802.1X / Remote Authentication Service
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display port status for authentication services, click Monitor, Security, Network, NAS, Switch. Figure 108: Network Access Server Switch Status Use the NAS Statistics Port selection page to display the authentication ISPLAYING status for the selected port –...
Page 242: Displaying Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 109: NAS Statistics for Specified Port Use the ACL Status page to show the status for different security modules ISPLAYING which use ACL filtering, including ingress port, frame type, and forwarding TATUS action.
Page 243: Displaying Statistics For Dhcp Snooping
| Monitoring the Switch HAPTER Displaying Information About Security Settings Rate Limiter – Indicates the rate limiter number implemented by the ◆ ACE. The allowed range is 1 to 15. Port Redirect – Indicates the port redirect operation implemented by ◆...
Page 244 | Monitoring the Switch HAPTER Displaying Information About Security Settings Rx/Tx Decline – The number of decline (option 53 with value 4) ◆ packets received and transmitted. Rx/Tx ACK – The number of ACK (option 53 with value 5) packets ◆...
Page 245: Displaying Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 111: DHCP Snooping Statistics Use the DHCP Relay Statistics page to display statistics for the DHCP relay DHCP ISPLAYING service supported by this switch and DHCP relay clients. ELAY TATISTICS Monitor, Security, Network, DHCP, Relay Statistics ARAMETERS...
Page 246: Displaying Mac Address Bindings For Arp Packets
| Monitoring the Switch HAPTER Displaying Information About Security Settings Receive Bad Circuit ID – The number of packets with a Circuit ID ◆ option that did not match a known circuit ID. Receive Bad Remote ID – The number of packets with a Remote ID ◆...
Page 247: Displaying Entries In The Ip Source Guard Table
| Monitoring the Switch HAPTER Displaying Information About Security Settings Monitor, Security, Network, ARP Inspection NTERFACE To display the Dynamic ARP Inspection Table, click Monitor, Security, Network, ARP Inspection. Figure 113: Dynamic ARP Inspection Table Open the Dynamic IP Source Guard Table to display entries sorted first by ISPLAYING NTRIES port, then VLAN ID, MAC address, and finally IP address.
Page 248: Displaying Information On Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. Use the RADIUS Overview page to display a list of configured ISPLAYING A IST OF authentication and accounting servers.
Page 249: Displaying Statistics For Configured Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers NTERFACE To display a list of configured authentication and accounting servers, click Monitor, Security, AAA, RADIUS Overview. Figure 115: RADIUS Overview Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers.
Page 250 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Unknown Types – The number of RADIUS packets of unknown ■ type that were received from this server on the authentication port. Packets Dropped – The number of RADIUS packets that were ■...
Page 251 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Access-Request that matched it from the RADIUS authentication server. The granularity of this measurement is 100 ms. A value of 0 ms indicates that there hasn't been round-trip communication with the server yet.
Page 252: Figure 116: Radius Details
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Not Ready – The server is enabled, but IP communication is not ■ yet up and running. Ready – The server is enabled, IP communication is up and ■ running, and the RADIUS module is ready to accept accounting attempts.
Page 253: Displaying Information On Rmon
| Monitoring the Switch HAPTER Displaying Information on RMON RMON ISPLAYING NFORMATION ON Use the monitor pages for RMON to display information on RMON statistics, alarms and event responses. Use the RMON Statistics Status Overview page to view a broad range of RMON ISPLAYING interface statistics, including a total count of different frame types and...
Page 254: Displaying Rmon Historical Samples
| Monitoring the Switch HAPTER Displaying Information on RMON 64 Bytes – The total number of packets (including bad packets) ◆ received that were 64 octets in length. x ~ y – The total number of packets (including bad packets) received ◆...
Page 255: Displaying Rmon Alarm Settings
| Monitoring the Switch HAPTER Displaying Information on RMON NTERFACE To display RMON historical samples, click Monitor, Security, Switch, RMON, History. Figure 118: RMON History Overview Use the RMON Alarm Overview page to display configured alarm settings. RMON ISPLAYING LARM ETTINGS Monitor, Security, Switch, RMON, Alarm ARAMETERS...
Page 256: Displaying Rmon Event Settings
| Monitoring the Switch HAPTER Displaying Information on RMON Falling Index – The index of the event to use if an alarm is triggered ◆ by monitored variables crossing below the falling threshold. NTERFACE To display RMON alarm settings, click Monitor, Security, Switch, RMON, Alarm.
Page 257: Displaying Information On Lacp
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. Use the LACP System Status page to display an overview of LACP groups. ISPLAYING AN LACP VERVIEW OF...
Page 258: Displaying Lacp Port Statistics
| Monitoring the Switch HAPTER Displaying Information on LACP LACP – Shows LACP status: ◆ Yes – LACP is enabled and the port link is up. ■ No – LACP is not enabled or the port link is down. ■ Backup –...
Page 259: Displaying Information On Loop Protection
| Monitoring the Switch HAPTER Displaying Information on Loop Protection NTERFACE To display LACP statistics for local ports this switch, click Monitor, LACP, Port Statistics. Figure 123: LACP Port Statistics ISPLAYING NFORMATION ON ROTECTION Use the Loop Protection Status page to display information on loopback conditions.
Page 260: Displaying Information On The Spanning Tree
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree NTERFACE To display loop protection status, click Monitor, Loop Protection. Figure 124: Loop Protection Status ISPLAYING NFORMATION ON THE PANNING Use the monitor pages for Spanning Tree to display information on spanning tree bridge status, the functional status of participating ports, and statistics on spanning tree protocol packets.
Page 261 | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Topology Flag – The current state of the Topology Change Notification ◆ flag (TCN) for this bridge instance. Topology Change Last – Time since the Spanning Tree was last ◆...
Page 262: Figure 125: Spanning Tree Bridge Status
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Edge – The current RSTP port (operational) Edge Flag. An Edge Port is ◆ a switch port to which no bridges are attached. The flag may be automatically computed or explicitly configured. Each Edge Port transitions directly to the Forwarding Port State, since there is no possibility of it participating in a loop.
Page 263: Displaying Port Status For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Use the Port Status page to display the STA functional status of ISPLAYING participating ports. TATUS FOR Monitor, Spanning Tree, Port Status ARAMETERS These parameters are displayed: ◆ Port – Port Identifier. CIST Role –...
Page 264: Displaying Mvr Information
| Monitoring the Switch HAPTER Displaying MVR Information ARAMETERS These parameters are displayed: Port – Port Identifier. ◆ MSTP – The number of MSTP Configuration BPDU's received/ ◆ transmitted on a port. RSTP – The number of RSTP Configuration BPDU's received/ ◆...
Page 265: Displaying Mvr Group Information
| Monitoring the Switch HAPTER Displaying MVR Information ARAMETERS These parameters are displayed: VLAN ID – Identifier of the VLAN that serves as the channel for ◆ streaming multicast services using MVR. ◆ IGMP/MLD Queries Received – Number of received queries for IGMP and MLD, respectively.
Page 266: Displaying Mvr Sfm Information
| Monitoring the Switch HAPTER Displaying MVR Information V3 Reports Received – The number of IGMP V3 reports received. ◆ V2 Leaves Received – The number of IGMP V2 leaves received. ◆ Multicast Groups VLAN ID – Identifier of the VLAN that serves as the channel for ◆...
Page 267: Showing Igmp Snooping Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information Hardware Filter/Switch – Indicates whether the data plane destined ◆ to the specific group address from the source IPv4 address can be handled by the chip or not. NTERFACE To display MVR Source-Filtered Multicast Information, click Monitor, MVR, MVR SFM Information.
Page 268: Showing Igmp Snooping Group Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information V1 Reports Received – The number of received IGMP Version 1 ◆ reports. V2 Reports Received – The number of received IGMP Version 2 ◆ reports. V3 Reports Received – The number of received IGMP Version 3 ◆...
Page 269: Showing Ipv4 Sfm Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information Port Members – The ports assigned to the listed VLAN which ◆ propagate a specific multicast service. NTERFACE To display the port members of each service group, click Monitor, IGMP Snooping, Group Information. Figure 133: IGMP Snooping Group Information Use the IGMP SFM Information page to display IGMP Source-Filtered 4 SFM...
Page 270: Showing Mld Snooping Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information NTERFACE To display IGMP Source-Filtered Multicast information, click Monitor, IGMP Snooping, IGMP SFM Information. Figure 134: IPv4 SFM Information MLD S HOWING NOOPING NFORMATION Use the MLD Snooping pages to display MLD snooping statistics, port members of each service group, and information on source-specific groups.
Page 271: Showing Mld Snooping Group Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information V2 Reports Received – The number of received MLD Version 2 ◆ reports. V1 Leaves Received – The number of received MLD Version 1 leave ◆ reports. Router Port Port – Port Identifier. ◆...
Page 272: Showing Ipv6 Sfm Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information NTERFACE To display the port members of each service group, click Monitor, MLD Snooping, Group Information. Figure 136: MLD Snooping Group Information Use the MLD SFM Information page to display MLD Source-Filtered 6 SFM HOWING Multicast information including group, filtering mode (include or exclude),...
Page 273: Displaying Lldp Information
| Monitoring the Switch HAPTER Displaying LLDP Information NTERFACE To display MLD Source-Filtered Multicast information, click Monitor, MLD Snooping, IPv6 SFM Information. Figure 137: IPv6 SFM Information LLDP I ISPLAYING NFORMATION Use the monitor pages for LLDP to display information advertised by LLDP neighbors and statistics on LLDP control frames.
Page 274: Displaying Lldp-Med Neighbor Information
| Monitoring the Switch HAPTER Displaying LLDP Information Table 13: System Capabilities (Continued) ID Basis Reference Bridge IETF RFC 2674 WLAN Access Point IEEE 802.11 MIB Router IETF RFC 1812 Telephone IETF RFC 2011 DOCSIS cable IETF RFC 2669 and IETF RFC 2670 device Station only IETF RFC 2011...
Page 275 | Monitoring the Switch HAPTER Displaying LLDP Information LAN Switch/Router ■ IEEE 802.1 Bridge ■ IEEE 802.3 Repeater (included for historical reasons) ■ IEEE 802.11 Wireless Access Point ■ Any device that supports the IEEE 802.1AB and MED extensions ■ defined by TIA-1057 and can relay IEEE 802 frames via any method.
Page 276 | Monitoring the Switch HAPTER Displaying LLDP Information Discovery services defined in this class include provision of location identifier (including ECS / E911 information), embedded L2 switch support, inventory management ◆ Capabilities – The neighbor unit's LLDP-MED capabilities: LLDP-MED capabilities ■...
Page 277: Displaying Lldp Neighbor Eee Information
| Monitoring the Switch HAPTER Displaying LLDP Information Auto-negotiation Capabilities – Shows the link partners MAC/PHY ◆ capabilities. MAU Type – The operational MAU type of the sending device. ◆ NTERFACE To display information about LLDP-MED neighbors, click Monitor, LLDP, LLDP-MED Neighbors.
Page 278: Displaying Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information The respective echo values shall be defined as the local link partner’s reflection (echo) of the remote link partner’s respective values. When a local link partner receives its echoed values from the remote link partner it can determine whether or not the remote link partner has received, registered and processed its most recent values.
Page 279: Figure 141: Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information Total Neighbors Entries Dropped – The number of times which the ◆ remote database on this switch dropped an LLDPDU because the entry table was full. ◆ Total Neighbors Entries Aged Out – The number of times that a neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired.
Page 280: Displaying The Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table MAC A ISPLAYING THE DDRESS ABLE Use the MAC Address Table to display dynamic and static address entries associated with the CPU and each port. Monitor, MAC Address Table ARAMETERS These parameters are displayed: ◆...
Page 281: Displaying Information About Vlans
| Monitoring the Switch HAPTER Displaying Information About VLANs VLAN ISPLAYING NFORMATION BOUT Use the monitor pages for VLANs to display information about the port members of VLANs, and the VLAN attributes assigned to each port. Use the VLAN Membership Status page to display the current port VLAN M EMBERSHIP members for all VLANs configured by a selected software module.
Page 282: Vlan Port Status
| Monitoring the Switch HAPTER Displaying Information About VLANs Figure 143: Showing VLAN Members Use the VLAN Port Status page to show the VLAN attributes of port VLAN P TATUS members for all VLANs configured by a selected software module, including PVID, VLAN aware, ingress filtering, frame type, egress filtering, and UVID.
Page 283: Displaying Information About Mac-Based Vlans
| Monitoring the Switch HAPTER Displaying Information About MAC-based VLANs UVID – Shows the untagged VLAN ID. A port's UVID determines the ◆ packet's behavior at the egress side. If the VID of Ethernet frames leaving a port match the UVID, these frames will be sent untagged. ◆...
Page 284: Displaying Information About Flow Sampling
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling Combined: Includes all entries. ■ MAC Address – A source MAC address which is mapped to a specific ◆ VLAN. VLAN ID – VLAN to which ingress traffic matching the specified source ◆...
Page 285 | Monitoring the Switch HAPTER Displaying Information About Flow Sampling IP Address/Hostname – The IP address or host name of the sFlow ◆ receiver. Timeout – The number of seconds remaining before sampling stops ◆ and the current sFlow owner is released. Tx Successes –...
Page 286: Figure 146: Showing Sflow Statistics
| Monitoring the Switch HAPTER Displaying Information About Flow Sampling NTERFACE To display information on sampled traffic, click Monitor, sFlow. Figure 146: Showing sFlow Statistics – 286 –...
Page 287: Performing Basic Diagnostics
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
Page 288 | Performing Basic Diagnostics HAPTER Pinging an IPv4 or IPv6 Address After you press Start, the sequence number and round-trip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. Figure 147: ICMP Ping Figure 148: ICMP Ping Results Figure 149: ICMP V6 Ping...
Page 289: Performing System Maintenance
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESTARTING THE WITCH Use the Restart Device page to restart the switch. Maintenance, Restart Device NTERFACE To restart the switch Click Maintenance, Restart Device.
Page 290: Restoring Factory Defaults
PGRADING IRMWARE Use the Software Upload page to upgrade the switch’s system firmware by specifying a file provided by LevelOne. You can download firmware files for your switch from the Support section of the LevelOne web site. Maintenance, Software Upload...
Page 291: Activating The Alternate Image
| Performing System Maintenance HAPTER Activating the Alternate Image While the firmware is being updated, Web access appears to be AUTION defunct. The front LED flashes Green/Off at a frequency of 10 Hz while the firmware update is in progress. Do not reset or power off the device at this time or the switch may fail to function afterwards.
Page 292: Managing Configuration Files
| Performing System Maintenance HAPTER Managing Configuration Files ANAGING ONFIGURATION ILES Use the Maintenance Configuration pages to save the current configuration to a file on your computer, or to restore previously saved configuration settings to the switch. Use the Configuration Save page to save the current configuration settings AVING to a file on your local management station.
Page 293: Figure 156: Configuration Upload
| Performing System Maintenance HAPTER Managing Configuration Files Figure 156: Configuration Upload – 293 –...
Page 294 | Performing System Maintenance HAPTER Managing Configuration Files – 294 –...
Page 295: Ection
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 297 ◆ "Troubleshooting" on page 301 ◆ "License Information" on page 303 ◆ – 295 –...
Page 296 | Appendices ECTION – 296 –...
Page 297: Specifications
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, AAA, Port Authentication (802.1X), HTTPS, SSH, ANAGEMENT Port Security, IP Filter, DHCP Snooping UTHENTICATION Access Control Lists (128 rules per system), Port Authentication (802.1X), LIENT CCESS MAC Authentication, Port Security, DHCP Snooping, IP Source Guard, ARP ONTROL Inspection 100BASE-TX: 10/100 Mbps, half/full duplex...
Page 298: Management Features
| Software Specifications PPENDIX Management Features Up to 128 groups; port-based, protocol-based, tagged (802.1Q), VLAN S UPPORT private VLANs, voice VLANs, MAC-based VLANs, and IP subnet-based VLANs Supports four levels of priority LASS OF ERVICE Strict, Weighted Round Robin Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress...
Page 299: Standards
| Software Specifications PPENDIX Standards Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) RMON TANDARDS ANSI/TIA-1057 LLDP for Media Endpoint Discovery - LLDP-MED IEEE 802.1AB Link Layer Discovery Protocol IEEE-802.1ad Provider Bridge IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol...
Page 300: Management Information Bases
| Software Specifications PPENDIX Management Information Bases ANAGEMENT NFORMATION ASES Bridge MIB (RFC 4188) DHCP Option for Civic Addresses Configuration Information (RFC 4776) Differentiated Services MIB (RFC 3289) DNS Resolver MIB (RFC 1612) Entity MIB version 3 (RFC 4133) Ether-like MIB (RFC 3635) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096)
Page 301: B Troubleshooting
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 14: Troubleshooting Chart Symptom Action Cannot connect using a ◆ Be sure the switch is powered up. web browser, or SNMP ◆ Check network cabling between the management station and software the switch. ◆...
Page 302: Using System Logs
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 303: Information
ICENSE NFORMATION This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
Page 304: License Information
| License Information PPENDIX The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
Page 305 | License Information PPENDIX The GNU General Public License Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 306 | License Information PPENDIX The GNU General Public License If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 307: Glossary
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 308 LOSSARY Differentiated Services provides quality of service on large networks by employing a well-defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 309 LOSSARY Generic Multicast Registration Protocol. GMRP allows network devices to GMRP register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Specifies a general method for the operation of MAC bridges, including the IEEE 802.1D Spanning Tree Protocol.
Page 310 LOSSARY On each subnetwork, one IGMP-capable device will act as the querier — IGMP Q UERY that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
Page 311 LOSSARY MD5 Message-Digest is an algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, meaning that it takes a message and converts it into a fixed string of digits, also called a message digest.
Page 312 LOSSARY Defines a network link aggregation and trunking method which specifies RUNK how to create a single high-speed logical link that combines several lower- speed physical links. Private VLANs provide port-based security and isolation between ports VLAN RIVATE within the assigned VLAN. Data traffic on downlink ports can only be forwarded to, and from, uplink ports.
Page 313 LOSSARY Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops.
Page 314 LOSSARY – 314 –...
Page 315: Index
NDEX classification, QoS 206 rewriting, port 202 acceptable frame type 177 translation, port 202 Access Control List See ACL translation, QoS 205 ACL 101 dynamic addresses, displaying 173 binding to a port 101 address table 172 aging time 173 address, management access 31 edge port, STA 142 ARP inspection 120 EEE, LLDP neighbor information 277...
Page 316 NDEX snooping, fast leave 153 RADIUS client 123 throttling 153 RADIUS server 123 ingress classification, QoS 204 settings 123 ingress filtering 177 TACACS+ client 65 ingress port tag classification, QoS 192 TACACS+ server 65 ingress rate limiting 194 loopback detection IP address, setting 48 non-STA 130 IP source guard, configuring static entries 118...
Page 317 NDEX statistics, displaying 264 DSCP classification 206 using immediate leave 148 DSCP rewriting 202 DSCP translation 202 egress port scheduler 196 ingress classification 204 ingress port classification 192 NTP, specifying servers 52 ingress port tag classification 192 port classification 192 port policier 194 port remarking 199 passwords 31...
Page 318 NDEX SSH 67 configuring 67 unknown unicast storm, threshold 212 server, configuring 67 upgrading software 290 STA 132 UPnP BPDU shutdown 143 advertisements 220 edge port 142 configuration 220 global settings, displaying 134 enabling advertisements 220 interface settings 141 user link type 143 account 62 path cost 141...
Page 320 Level 1 GEL-2670 E012013-KS-R01...

LevelOne GEL-2670 User Manual

Table of Contents

About this Guide

Contents

Figures

Tables

Sectioni

Getting Started

1 Introduction

2 Initial Switch Configuration

Ection

Web Configuration

3 Using the Web Interface

Table of Contents

4 Configuring the Switch

5 Monitoring the Switch

6 Performing Basic Diagnostics

7 Performing System Maintenance

Ection

Appendices

Specifications

B Troubleshooting

Information

Glossary

Index

Quick Links

Chapters

Related Manuals for LevelOne GEL-2670

Summary of Contents for LevelOne GEL-2670