Page 1: User Manual
DG-GS4528S Gigabit Ethernet Managed Layer 2 Switch User Manual V1.0 2010-11-16 As our product undergoes continuous development the specifications are subject to change without prior notice...
Page 2 DG-GS4528S User Manual COPYRIGHT Copyright © 2010 by SNSL. All rights reserved. No part of this publication may be repro- duced, transmitted, transcribed, stored in a retrieval system, or translated into any lan- guage or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of SNSL.
Page 3 ANUAL DG-GS4528S G IGABIT THERNET ANAGED AYER WITCH Layer 2 Switch with 24 10/100/1000BASE-T (RJ-45) Ports, and 4 Gigabit Combination Ports (RJ-45/SFP) DG-GS4528S E112010-CS-R01 149100000109A...
Page 5: About This Guide
BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Page 6 BOUT UIDE – 6 –...
Page 7: Table Of Contents
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features Configuration Backup and Restore Authentication Access Control Lists Port Configuration Rate Limiting Port Mirroring Port Trunking Storm Control Static Addresses IEEE 802.1D Bridge Store-and-Forward Switching Spanning Tree Algorithm Virtual LANs Traffic Prioritization...
Page 8 ONTENTS Configuration Options Required Connections Remote Connections Logging into the CLI Basic Configuration Setting Passwords Setting an IP Address Manual Configuration Dynamic Configuration Enabling SNMP Management Access Community Strings (for SNMP version 1 and 2c clients) Trap Receivers Configuring Access for SNMP Version 3 Clients Managing System Files Saving or Restoring Configuration Settings ECTION...
Page 9 ONTENTS Configuring SSH Configuring HTTPS Filtering IP Addresses for Management Access Using Simple Network Management Protocol Configuring SNMP System and Trap Settings Setting SNMPv3 Community Access Strings Configuring SNMPv3 Users Configuring SNMPv3 Groups Configuring SNMPv3 Views Configuring SNMPv3 Group Access Rights Configuring Port Limit Controls Configuring Authentication Through Network Access Servers Filtering Traffic with Access Control Lists...
Page 10 ONTENTS Configuring VLAN Settings for IGMP Snooping and Query Configuring IGMP Filtering MLD Snooping Configuring Global and Port-Related Settings for MLD Snooping Configuring VLAN Settings for MLD Snooping and Query Configuring MLD Filtering Multicast VLAN Registration Link Layer Discovery Protocol Configuring LLDP Timing and TLVs Configuring LLDP-MED TLVs Configuring the MAC Address Table...
Page 11 ONTENTS Displaying QoS Statistics Displaying Detailed Port Statistics Displaying Information About Security Settings Displaying Access Management Statistics Displaying Information About Switch Settings for Port Security Displaying Information About Learned MAC Addresses Displaying Port Status for Authentication Services Displaying Port Statistics for 802.1X or Remote Authentication Service Displaying ACL Status Displaying Statistics for DHCP Snooping Displaying DHCP Relay Statistics...
Page 12 ONTENTS ERFORMING ASIC IAGNOSTICS Pinging an IPv4 or IPv6 Address Running Cable Diagnostics ERFORMING YSTEM AINTENANCE Restarting the Switch Restoring Factory Defaults Upgrading Firmware Managing Configuration Files Saving Configuration Settings Restoring Configuration Settings ECTION OMMAND NTERFACE SING THE OMMAND NTERFACE Accessing the CLI Console Connection Telnet Connection...
Page 13 ONTENTS system log 10 IP C OMMANDS ip configuration ip dhcp ip setup ip ping ip dns ip dns_proxy ip ipv6 autoconfig ip ipv6 setup ip ipv6 ping6 ip ntp configuration ip ntp mode ip ntp server add ip ntp server ipv6 add ip ntp server delete 11 P OMMANDS...
Page 14 ONTENTS mac flush 13 VLAN C OMMANDS vlan configuration vlan aware vlan pvid vlan frametype vlan ingressfilter vlan stag vlan add vlan delete vlan lookup vlan status 14 PVLAN C OMMANDS pvlan configuration pvlan add pvlan delete pvlan lookup pvlan isolate 15 S ECURITY OMMANDS...
Page 15 ONTENTS security switch https mode security switch https redirect Management Access Commands security switch access configuration security switch access mode security switch access add security switch access ipv6 add security switch access delete security switch access lookup security switch access clear security switch access statistics SNMP Commands security switch snmp configuration...
Page 16 ONTENTS security switch snmp user changekey security switch snmp user lookup security switch snmp group add security switch snmp group delete security switch snmp group lookup security switch snmp view add security switch snmp view delete security switch snmp view lookup security switch snmp access add security switch snmp access delete security switch snmp access lookup...
Page 17 ONTENTS security network nas statistics ACL Commands security network acl configuration security network acl action security network acl policy security network acl rate security network acl add security network acl delete security network acl lookup security network acl clear security network acl status DHCP Relay Commands security network dhcp relay configuration security network dhcp relay mode...
Page 18 ONTENTS AAA Commands security aaa auth configuration security aaa auth timeout security aaa auth deadtime security aaa auth radius security aaa auth acct_radius security aaa auth tacacs+ security aaa statistics 16 STP C OMMANDS stp configuration stp version stp txhold stp maxhops stp maxage stp fwddelay...
Page 19 ONTENTS stp msti port priority 17 IGMP C OMMANDS igmp configuration igmp mode igmp leave proxy igmp state igmp querier igmp fastleave igmp throttling igmp filtering igmp router igmp flooding igmp groups igmp status 18 L GGREGATION OMMANDS aggr configuration aggr add aggr delete aggr lookup...
Page 20 ONTENTS lldp statistics lldp info lldp cdp_aware 21 LLDP-MED C OMMANDS lldpmed configuration lldpmed civic lldpmed ecs lldpmed policy delete lldpmed policy add lldpmed port policies lldpmed coordinates lldpmed datum lldpmed fast lldpmed info lldpmed debug_med_transmit_var 22 Q OMMANDS qos configuration qos default qos tagprio qos qcl port...
Page 21 ONTENTS mirror mode 24 C ONFIG OMMANDS config save config load 25 F IRMWARE OMMANDS firmware load firmware ipv6 load 26 UP OMMANDS upnp configuration upnp mode upnp ttl upnp advertising duration 27 MVR C OMMANDS mvr configuration mvr group mvr status mvr mode mvr port mode...
Page 22 ONTENTS 29 MLD S NOOPING OMMANDS mld configuration mld mode mld leave proxy mld proxy mld state mld querier mld fastleave mld throttling mld filtering mld router mld flooding mld groups mld status mld version ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features Standards Management Information Bases...
Page 23: Figures
IGURES Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Configuration Figure 4: IP Configuration Figure 5: IPv6 Configuration Figure 6: NTP Configuration Figure 7: Port Configuration Figure 8: Showing User Accounts Figure 9: Configuring User Accounts Figure 10: Configuring Privilege Levels Figure 11: Authentication Server Operation Figure 12: Authentication Method for Management Access...
Page 24 IGURES Figure 32: Configuring Global and Port Settings for ARP Inspection Figure 33: Configuring Static Bindings for ARP Inspection Figure 34: Authentication Configuration Figure 35: Static Trunk Configuration Figure 36: LACP Port Configuration Figure 37: STP Root Ports and Designated Ports Figure 38: MSTP Region, Internal Spanning Tree, Multiple Spanning Tree Figure 39: Common Internal Spanning Tree, Common Spanning Tree, Internal Spanning Tree137...
Page 25 IGURES Figure 68: UPnP Configuration Figure 69: System Information Figure 70: Displaying CPU Utilization Figure 71: System Log Information Figure 72: Detailed System Log Information Figure 73: Port State Overview Figure 74: Port Statistics Overview Figure 75: Queuing Counters Figure 76: Detailed Port Statistics Figure 77: Access Management Statistics Figure 78: Port Security Switch Status Figure 79: Port Security Port Status...
Page 26 IGURES Figure 104: Showing VLAN Port Status Figure 105: ICMP Ping Figure 106: VeriPHY Cable Diagnostics Figure 107: Restart Device Figure 108: Factory Defaults Figure 109: Software Upload Figure 110: Configuration Save Figure 111: Configuration Upload – 26 –...
Page 27: Tables
ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: HTTPS System Support Table 6: SNMP Security Models and Levels Table 7: Dynamic QoS Profiles Table 8: QCE Modification Buttons Table 9: Recommended STA Path Cost Range Table 10: Recommended STA Path Costs Table 11: Default STA Path Costs...
Page 28 ABLES Table 32: SNMP Commands Table 33: Port Security Status Commands Table 34: Port Security Limit Control Commands Table 35: NAS Commands Table 36: ACL Commands Table 37: DHCP Relay Commands Table 38: DHCP Snooping Commands Table 39: IP Source Guard Commands Table 40: ARP Inspection Commands Table 41: AAA Commands Table 42: STP Commands...
Page 29: Sectioni
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 31 ◆...
Page 30 | Getting Started ECTION – 30 –...
Page 31: Key Features
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
Page 32: Description Of Software Features
| Introduction HAPTER Description of Software Features Table 1: Key Features (Continued) Feature Description Spanning Tree Algorithm Supports Rapid Spanning Tree Protocol (RSTP), which includes STP backward compatible mode Virtual LANs Up to 256 using IEEE 802.1Q, port-based, private VLANs, and voice VLANs Traffic Prioritization Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/...
Page 33: Access Control Lists
| Introduction HAPTER Description of Software Features ACLs provide packet filtering for IP frames (based on protocol, TCP/UDP CCESS ONTROL port number or frame type) or layer 2 frames (based on any destination ISTS MAC address for unicast, broadcast or multicast, or based on VLAN ID or VLAN tag priority).
Page 34: Ieee 802.1D Bridge
| Introduction HAPTER Description of Software Features moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table. Static addresses can be used to provide network security by restricting access for a known host to a specific port.
Page 35: Virtual Lans
| Introduction HAPTER Description of Software Features The switch supports up to 256 VLANs. A Virtual LAN is a collection of IRTUAL network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 36: System Defaults
| Introduction HAPTER System Defaults supports Multicast VLAN Registration (MVR) which allows common multicast traffic, such as television channels, to be transmitted across a single network-wide multicast VLAN shared by hosts residing in other standard or private VLAN groups, while preserving security and data isolation for normal traffic.
Page 37 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default Rate Limiting Input and output limits Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Storm Protection Status Broadcast: disabled Multicast: disabled Unknown unicast: disabled Spanning Tree Algorithm Status Enabled, RSTP (Defaults: RSTP standard)
Page 38 | Introduction HAPTER System Defaults Table 2: System Defaults (Continued) Function Parameter Default System Log Status Disabled (console only) Messages Logged to Flash All levels Clock Synchronization Disabled – 38 –...
Page 39: Initial Switch Configuration
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. ONNECTING TO THE WITCH The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web- based interface.
Page 40: Required Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Configure the bandwidth of any port by limiting input or output rates ◆ Control port access through IEEE 802.1X security or static address ◆ filtering Filter packets using Access Control Lists (ACLs) ◆...
Page 41: Remote Connections
| Initial Switch Configuration HAPTER Connecting to the Switch Once you have set up the terminal correctly, the console login screen will be displayed. For a description of how to use the CLI, see "Using the Command Line Interface" on page 257.
Page 42: Basic Configuration
| Initial Switch Configuration HAPTER Basic Configuration Username: admin Password: Login in progress... Welcome to DigiSol Command Line Interface. Type 'help' or '?' to get help. Port Numbers: +-------------------------------------------------------------+ | +--+--+--+--+ +--+--+--+--+ +--+--+--+--+ +----+ +----+ | | | 1| 3| 5| 7| | 9|11|13|15| |17|19|21|23|...
Page 43: Manual Configuration
| Initial Switch Configuration HAPTER Basic Configuration Dynamic — The switch can send an IPv4 configuration request to ◆ DHCP address allocation servers on the network, or can automatically generate a unique IPv6 host address based on the local subnet address prefix received in router advertisement messages.
Page 44 | Initial Switch Configuration HAPTER Basic Configuration SSIGNING AN DDRESS This section describes how to configure a “global unicast” address by specifying the full IPv6 address (including network and host portions) and the length of the network prefix. An IPv6 address must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”...
Page 45: Dynamic Configuration
| Initial Switch Configuration HAPTER Basic Configuration YNAMIC ONFIGURATION BTAINING AN DDRESS If you enable the “IP DHCP” option, IP will be enabled but will not function until a DHCP reply has been received. Requests will be sent periodically in an effort to obtain IP configuration information.
Page 46: Enabling Snmp Management Access
| Initial Switch Configuration HAPTER Basic Configuration IPv6 Address : 2001:db8:2222:7272::72 IPv6 Prefix : 64 IPv6 Router : 2001:db8:2222:7272::254 IPv6 VLAN ID > The switch can be configured to accept management commands from SNMP NABLING Simple Network Management Protocol (SNMP) applications such as HP ANAGEMENT CCESS OpenView.
Page 47: Trap Receivers
| Initial Switch Configuration HAPTER Basic Configuration where “string” is the community access string. >snmp read community rd >snmp read community Read Community : rd > If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community strings.
Page 48: Configuring Access For Snmp Version 3 Clients
| Initial Switch Configuration HAPTER Basic Configuration SNMP V ONFIGURING CCESS FOR ERSION LIENTS To configure management access for SNMPv3 clients, you need to first create a user, assign the user to a group, create a view that defines the portions of MIB that the client can read or write, and then create an access entry with the group and view.
Page 49: Managing System Files
| Initial Switch Configuration HAPTER Managing System Files ANAGING YSTEM ILES The switch’s flash memory supports two types of system files that can be managed by the CLI program, web interface, or SNMP. The switch’s file system allows files to be uploaded or downloaded. The types of files are: Configuration —...
Page 50 | Initial Switch Configuration HAPTER Managing System Files – 50 –...
Page 51: Ection
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 53 ◆ "Configuring the Switch" on page 61 ◆...
Page 52 | Web Configuration ECTION – 52 –...
Page 53: Using The Web Interface
SING THE NTERFACE This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0, or more recent versions).
Page 54: Navigating The Web Browser Interface
| Using the Web Interface HAPTER Navigating the Web Browser Interface AVIGATING THE ROWSER NTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” and there is no password. When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
Page 55: Panel Display
| Using the Web Interface HAPTER Navigating the Web Browser Interface To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page.” Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings.”...
Page 56 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Auth Method Configures authentication method for management access via local database, RADIUS or TACACS+ Configures Secure Shell server HTTPS Configures secure HTTP settings Access Sets IP addresses of clients allowed management access via Management...
Page 57 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Aggregation Static Specifies ports to group into static trunks LACP Allows ports to dynamically join trunks Spanning Tree Bridge Settings Configures global bridge settings for STP, RSTP and MSTP; also configures edge port settings for BPDU filtering, BPDU guard, and port error recovery MSTI Mapping...
Page 58 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Configuration Configures global settings, including status, voice VLAN ID, VLAN aging time, and traffic priority; also configures port settings, including the way in which a port is added to the Voice VLAN, and blocking non-VoIP addresses Maps the OUI in the source MAC address of ingress packets to the VoIP device manufacturer...
Page 59 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Port Shows the entries authorized by port security services, including MAC address, VLAN ID, the service state, time added to table, age, and hold state Shows global and port settings for IEEE 802.1X Switch Shows port status for authentication services, including...
Page 60 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu (Continued) Menu Description Page Neighbors Displays LLDP information about a remote device connected to a port on this switch LLDP-MED Displays information about a remote device connected to a Neighbors port on this switch which is advertising LLDP-MED TLVs, including network connectivity device, endpoint device,...
Page 61: Configuring The Switch
ONFIGURING THE WITCH This chapter describes all of the basic configuration tasks. ONFIGURING YSTEM NFORMATION Use the System Information Configuration page to identify the system by configuring contact information, system name, and the location of the switch. ARAMETERS These parameters are displayed in the web interface: System Contact –...
Page 62: Setting An Ip Address
| Configuring the Switch HAPTER Setting an IP Address Figure 3: System Information Configuration IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
Page 63 | Configuring the Switch HAPTER Setting an IP Address ARAMETERS The following parameters are displayed on the IP page: IP Configuration DHCP Client – Specifies whether IP functionality is enabled via ◆ Dynamic Host Configuration Protocol (DHCP). If DHCP is enabled, IP will not function until a reply has been received from the server.
Page 64: Setting An Ipv6 Address
| Configuring the Switch HAPTER Setting an IP Address Figure 4: IP Configuration Use the IPv6 Configuration page to configure an IPv6 address for ETTING AN management access to the switch. DDRESS IPv6 includes two distinct address types - link-local unicast and global unicast.
Page 65 | Configuring the Switch HAPTER Setting an IP Address configure a link-local address by entering the full address with the network prefix FE80. To connect to a larger network with multiple subnets, you must ◆ configure a global unicast address. There are several alternatives to configuring this address type: The global unicast address can be automatically configured by ■...
Page 66: Configuring Ntp Service
| Configuring the Switch HAPTER Configuring NTP Service NTERFACE To configure an IPv6 address: Click Configuration, System, IPv6. Specify the IPv6 settings. The information shown below provides a example of how to manually configure an IPv6 address. Click Save. Figure 5: IPv6 Configuration NTP S ONFIGURING ERVICE...
Page 67: Configuring Port Connections
| Configuring the Switch HAPTER Configuring Port Connections Server – Sets the IPv4 or IPv6 address for up to five time servers. The ◆ switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence. The polling interval is fixed at 15 minutes.
Page 68 | Configuring the Switch HAPTER Configuring Port Connections Disabled - Disables the interface. You can disable an interface due ■ to abnormal behavior (e.g., excessive collisions), and then re- enable it after the problem has been resolved. You may also disable an interface for security reasons.
Page 69: Figure 7: Port Configuration
| Configuring the Switch HAPTER Configuring Port Connections Power Control – Adjusts the power provided to ports based on the ◆ length of the cable used to connect to other devices. Only sufficient power is used to maintain connection requirements. IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters.
Page 70: Configuring Security
| Configuring the Switch HAPTER Configuring Security ONFIGURING ECURITY You can configure this switch to authenticate users logging into the system for management access or to control client access to the data ports. Management Access Security – Management access to the switch can be controlled through local authentication of user names and passwords stored on the switch, or remote authentication of users via a RADIUS or TACACS+ server.
Page 71: Figure 8: Showing User Accounts
| Configuring the Switch HAPTER Configuring Security Privilege Level – Specifies the user level. (Options: 1 - 15) ◆ Access to specific functions are controlled through the Privilege Levels configuration page (see page 72). The default settings provide four access levels: 1 –...
Page 72: Configuring User Privilege Levels
| Configuring the Switch HAPTER Configuring Security Figure 9: Configuring User Accounts Use the Privilege Levels page to set the privilege level required to read or ONFIGURING configure specific software modules or system settings. RIVILEGE EVELS CLI R EFERENCES "Privilege Level Configuration" on page 313 ◆...
Page 73 | Configuring the Switch HAPTER Configuring Security The default settings provide four access levels: 1 – Read access of port status and statistics. ■ 5 – Read access of all system functions except for maintenance and ■ debugging 10 – read and write access of all system functions except for ■...
Page 74: Configuring The Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security Figure 10: Configuring Privilege Levels Use the Authentication Method Configuration page to specify the ONFIGURING authentication method for controlling management access through the UTHENTICATION console, Telnet, SSH or HTTP/HTTPS. Access can be based on the (local) ETHOD user name and password configured on the switch, or can be controlled ANAGEMENT...
Page 75: Figure 11: Authentication Server Operation
| Configuring the Switch HAPTER Configuring Security Figure 11: Authentication Server Operation console Telnet 1. Client attempts management access. 2. Switch contacts authentication server. RADIUS/ 3. Authentication server challenges client. 4. Client responds with proper password or key. TACACS+ 5. Authentication server approves access. server 6.
Page 76: Figure 12: Authentication Method For Management Access
| Configuring the Switch HAPTER Configuring Security This guide assumes that RADIUS and TACACS+ servers have already been configured to support AAA. The configuration of RADIUS and TACACS+ server software is beyond the scope of this guide. Refer to the documentation provided with the RADIUS and TACACS+ server software.
Page 77: Configuring Ssh
| Configuring the Switch HAPTER Configuring Security Use the SSH Configuration page to configure access to the Secure Shell ONFIGURING (SSH) management interface. SSH provides remote management access to this switch as a secure replacement for Telnet. When the client contacts the switch via the SSH protocol, the switch generates a public-key that the client uses along with a local user name and password for access authentication.
Page 78: Configuring Https
| Configuring the Switch HAPTER Configuring Security Figure 13: SSH Configuration Use the HTTPS Configuration page to enable the Secure Hypertext Transfer HTTPS ONFIGURING Protocol (HTTPS) over the Secure Socket Layer (SSL). HTTPS provides secure access (i.e., an encrypted connection) to the switch's web interface. CLI R EFERENCES ◆...
Page 79: Filtering Ip Addresses For Management Access
| Configuring the Switch HAPTER Configuring Security ARAMETERS The following parameters are displayed on the HTTPS Configuration page: Mode - Enables HTTPS service on the switch. (Default: Disabled) ◆ Automatic Redirect - Sets the HTTPS redirect mode operation. When ◆ enabled, management access to the HTTP web interface for the switch are automatically redirected to HTTPS.
Page 80: Figure 15: Access Management Configuration
| Configuring the Switch HAPTER Configuring Security HTTP/HTTPS – Filters IP addresses for access to the web interface ◆ over standard HTTP, or over HTTPS which uses the Secure Socket Layer (SSL) protocol to provide an encrypted connection. SNMP – Filters IP addresses for access through SNMP. ◆...
Page 81: Using Simple Network Management Protocol
| Configuring the Switch HAPTER Configuring Security Simple Network Management Protocol (SNMP) is a communication protocol SING IMPLE designed specifically for managing devices on a network. Equipment ETWORK commonly managed with SNMP includes switches, routers and host ANAGEMENT computers. SNMP is typically used to configure these devices for proper ROTOCOL operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Page 82: Configuring Snmp System And Trap Settings
| Configuring the Switch HAPTER Configuring Security Table 6: SNMP Security Models and Levels (Continued) Model Level Community String Group Read View Write View Security noAuth private default_rw_group default_view default_view Community string only NoPriv noAuth user defined user defined user defined user defined Community string only NoPriv...
Page 83 | Configuring the Switch HAPTER Configuring Security Write Community - The community used for read/write access to the ◆ SNMP agent. (Range: 0-255 characters, ASCII characters 33-126 only; Default: private) This parameter only applies to SNMPv1 and SNMPv2c. SNMPv3 uses the User-based Security Model (USM) for authentication and privacy.
Page 84 | Configuring the Switch HAPTER Configuring Security Trap Inform Mode - Enables or disables sending notifications as ◆ inform messages. Note that this option is only available for version 2c and 3 hosts. (Default: traps are used) The recipient of a trap message does not send a response to the switch. Traps are therefore not as reliable as inform messages, which include a request for acknowledgement of receipt.
Page 85: Figure 16: Snmp System Configuration
| Configuring the Switch HAPTER Configuring Security In the SNMP System Configuration table, set the Mode to Enabled to enable SNMP service on the switch, specify the SNMP version to use, change the community access strings if required, and set the engine ID if SNMP version 3 is used.
Page 86: Setting Snmpv3 Community Access Strings
| Configuring the Switch HAPTER Configuring Security SNMP ETTING OMMUNITY CCESS TRINGS Use the SNMPv3 Community Configuration page to set community access strings. All community strings used to authorize access by SNMP v1 and v2c clients should be listed in the SNMPv3 Communities Configuration table.
Page 87: Configuring Snmpv3 Users
| Configuring the Switch HAPTER Configuring Security SNMP ONFIGURING SERS Use the SNMPv3 User Configuration page to define a unique name and remote engine ID for each SNMPv3 user. Users must be configured with a specific security level, and the types of authentication and privacy protocols to use.
Page 88: Configuring Snmpv3 Groups
| Configuring the Switch HAPTER Configuring Security Authentication Password - A plain text string identifying the ◆ authentication pass phrase. (Range: 1-32 characters for MD5, 8-40 characters for SHA) Privacy Protocol - The encryption algorithm use for data privacy; only ◆...
Page 89: Figure 19: Snmpv3 Group Configuration
| Configuring the Switch HAPTER Configuring Security Security Name - The name of user connecting to the SNMP agent. ◆ (Range: 1-32 characters, ASCII characters 33-126 only) The options displayed for this parameter depend on the selected Security Model. For SNMP v1 and v2c, the switch displays the names configured on the SNMPv3 Communities Configuration menu (see page 86).
Page 90: Configuring Snmpv3 Views
| Configuring the Switch HAPTER Configuring Security SNMP ONFIGURING IEWS Use the SNMPv3 View Configuration page to define views which restrict user access to specified portions of the MIB tree. The predefined view “default_view” includes access to the entire MIB tree. CLI R EFERENCES "SNMP Commands"...
Page 91: Configuring Snmpv3 Group Access Rights
| Configuring the Switch HAPTER Configuring Security SNMP ONFIGURING ROUP CCESS IGHTS Use the SNMPv3 Access Configuration page to assign portions of the MIB tree to which each SNMPv3 group is granted access. You can assign more than one view to a group to specify access to different portions of the MIB tree.
Page 92: Configuring Port Limit Controls
| Configuring the Switch HAPTER Configuring Security Figure 21: SNMPv3 Access Configuration Use the Port Limit Control Configuration page to limit the number of users ONFIGURING accessing a given port. A user is identified by a MAC address and VLAN ID. IMIT ONTROLS If Limit Control is enabled on a port, the maximum number of users on the...
Page 93 | Configuring the Switch HAPTER Configuring Security Mode – Controls whether Limit Control is enabled on this port. Both ◆ this and the global Mode must be set to Enabled for Limit Control to be in effect. Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port.
Page 94: Configuring Authentication Through Network Access Servers
| Configuring the Switch HAPTER Configuring Security Re-open – If a port is shut down by this module, you may reopen it by ◆ clicking this button, which will only be enabled if this is the case. For other methods, refer to Shutdown in the Action section. Note, that clicking the Reopen button causes the page to be refreshed, so non-committed changes will be lost.
Page 95: Figure 23: Using Port Security
| Configuring the Switch HAPTER Configuring Security can use the same credentials for authentication from any point within the network. Figure 23: Using Port Security 802.1x client 1. Client attempts to access a switch port. 2. Switch sends client an identity request. RADIUS 3.
Page 96 | Configuring the Switch HAPTER Configuring Security RADIUS authentication must be enabled on the switch and the IP ◆ address of the RADIUS server specified. Backend RADIUS servers are configured on the Authentication Configuration page (see page 126). 802.1X / MAC-based authentication must be enabled globally for the ◆...
Page 97 | Configuring the Switch HAPTER Configuring Security Reauthentication Enabled - Sets clients to be re-authenticated after ◆ an interval specified by the Re-authentication Period. Re-authentication can be used to detect if a new device is plugged into a switch port. (Default: Disabled) For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed.
Page 98: Table 7: Dynamic Qos Profiles
| Configuring the Switch HAPTER Configuring Security RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature. The RADIUS-Assigned QoS Enabled checkbox provides a quick way to globally enable/disable RADIUS-server assigned QoS Class functionality. When checked, the individual port settings determine whether RADIUS-assigned QoS Class is enabled for that port.
Page 99 | Configuring the Switch HAPTER Configuring Security For example, if the attribute is “service-policy-in=p1;service-policy- in=p2”, then the switch applies only the DiffServ profile “p1.” Any unsupported profiles in the Filter-ID attribute are ignored. ■ For example, if the attribute is “map-ip-dscp=2:3;service-policy- in=p1,”...
Page 100 | Configuring the Switch HAPTER Configuring Security a supplicant is successfully authenticated. If present and valid, the port's Port VLAN ID will be changed to this VLAN ID, the port will be set to be a member of that VLAN ID, and the port will be forced into VLAN- unaware mode.
Page 101 | Configuring the Switch HAPTER Configuring Security VLAN. When unchecked, the ability to move to the Guest VLAN is disabled for all ports. When Guest VLAN is both globally enabled and enabled for a given port, the switch considers moving the port into the Guest VLAN according to the rules outlined below.
Page 102 | Configuring the Switch HAPTER Configuring Security switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the lifetime of the port. If enabled, the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the lifetime of the port.
Page 103 | Configuring the Switch HAPTER Configuring Security MAC-based Auth. - Enables MAC-based authentication on the port. ■ The switch does not transmit or accept EAPOL frames on the port. Flooded frames and broadcast traffic will be transmitted on the port, whether or not clients are authenticated on the port, whereas unicast traffic from an unsuccessfully authenticated client will be dropped.
Page 104 | Configuring the Switch HAPTER Configuring Security When port status changes to down, all MAC addresses are cleared ■ from the secure MAC address table. Static VLAN assignments are not restored. RADIUS-Assigned QoS Enabled - Enables or disables this feature for ◆...
Page 105: Filtering Traffic With Access Control Lists
| Configuring the Switch HAPTER Configuring Security Click Save. Figure 24: Port Security Configuration An Access Control List (ACL) is a sequential list of permit or deny ILTERING RAFFIC conditions that apply to IP addresses, MAC addresses, or other more WITH CCESS specific criteria.
Page 106: Figure 25: Acl Port Configuration
| Configuring the Switch HAPTER Configuring Security Port - Port Identifier. ◆ Policy ID - An ACL policy configured on the ACE Configuration page ◆ (page 110). (Range: 1-8; Default: 1, which is undefined) Action - Permits or denies a frame based on whether it matches a rule ◆...
Page 107: Configuring Rate Limiters
| Configuring the Switch HAPTER Configuring Security ONFIGURING IMITERS Use the ACL Rate Limiter Configuration page to define the rate limits applied to a port (as configured either through the ACL Ports Configuration menu (page 105) or the Access Control List Configuration menu (page 108).
Page 108: Configuring Access Control Lists
| Configuring the Switch HAPTER Configuring Security Figure 26: ACL Rate Limiter Configuration ONFIGURING CCESS ONTROL ISTS Use the Access Control List Configuration page to define filtering rules for an ACL policy, for a specific port, or for all ports. Rules applied to a port take effect immediately, while those defined for a policy must be mapped to one or more ports using the ACL Ports Configuration menu (page...
Page 109: Table 8: Qce Modification Buttons
| Configuring the Switch HAPTER Configuring Security Ethernet type (based on Ethernet type value, MAC address, VLAN ■ ID, VLAN priority) ARP (based on ARP/RARP type, request/reply, sender/target IP, ■ hardware address matches ARP/RARP MAC address, ARP/RARP hardware address length matches protocol address length, matches this entry when ARP/RARP hardware address is equal to Ethernet, matches this entry when ARP/RARP protocol address space setting is equal to IP (0x800)
Page 110 | Configuring the Switch HAPTER Configuring Security ACE C ONFIGURATION Ingress Port and Frame Type Ingress Port - Any port, port identifier, or policy. (Options: Any port, ◆ Port 1-28, Policy 1-8; Default: Any) Frame Type - The type of frame to match. (Options: Any, Ethernet, ◆...
Page 111 | Configuring the Switch HAPTER Configuring Security RARP opcode set to ARP, RARP - frame must have ARP/RARP opcode set to RARP, Other - frame has unknown ARP/RARP opcode flag; Default: Any) Request/Reply - Specifies whether the packet is an ARP request, ■...
Page 112 | Configuring the Switch HAPTER Configuring Security RARP frames where the PRO is equal to IP (0x800) must match this entry; Default: Any) IPv4: ◆ MAC Parameters DMAC Filter - The type of destination MAC address. (Options: Any, ■ MC - multicast, BC - broadcast, UC - unicast; Default: Any) IP Parameters IP Protocol Filter - Specifies the IP protocol to filter for this rule.
Page 113 | Configuring the Switch HAPTER Configuring Security TCP SYN - Specifies the TCP “Synchronize sequence numbers” ■ (SYN) value for this rule. (Options: Any - any value is allowed, 0 - TCP frames where the SYN field is set must not match this entry, 1 - TCP frames where the SYN field is set must match this entry;...
Page 114 | Configuring the Switch HAPTER Configuring Security DIP Filter - Specifies the destination IP filter for this rule. ■ (Options: Any - no destination IP filter is specified, Host - specifies the destination IP address in the DIP Address field, Network - specifies the destination IP address and destination IP mask in the DIP Address and DIP Mask fields;...
Page 115: Configuring Dhcp Snooping
| Configuring the Switch HAPTER Configuring Security Click Save. Figure 27: Access Control List Configuration Use the DHCP Snooping Configuration page to filter IP traffic on insecure DHCP ONFIGURING ports for which the source address cannot be identified via DHCP snooping. NOOPING The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or...
Page 116 | Configuring the Switch HAPTER Configuring Security or fire wall. When DHCP snooping is enabled globally and enabled on a VLAN interface, DHCP messages received on an untrusted interface from a device not listed in the DHCP snooping table will be dropped. Table entries are only learned for trusted interfaces.
Page 117: Figure 28: Dhcp Snooping Configuration
| Configuring the Switch HAPTER Configuring Security DHCP server, any packets received from untrusted ports are dropped. ARAMETERS These parameters are displayed in the web interface: Snooping Mode – Enables DHCP snooping globally. When DHCP ◆ snooping is enabled, DHCP request messages will be forwarded to trusted ports, and reply packets only allowed from trusted ports.
Page 118: Configuring Dhcp Relay And Option 82 Information
| Configuring the Switch HAPTER Configuring Security Use the DHCP Relay Configuration page to configure DHCP relay service for DHCP ONFIGURING attached host devices. If a subnet does not include a DHCP server, you can ELAY AND PTION relay DHCP client requests to a DHCP server on another subnet. NFORMATION When DHCP relay is enabled and the switch sees a DHCP request broadcast, it inserts its own IP address into the request (so that the DHCP...
Page 119: Configuring Ip Source Guard
| Configuring the Switch HAPTER Configuring Security Drop - Drops the packet when it receives a DHCP message that ■ already contains relay information. NTERFACE To configure DHCP Relay: Click Configuration, Security, Network, DHCP, Relay. Enable the DHCP relay function, specify the DHCP server’s IP address, enable Option 82 information mode, and set the policy by which to handle relay information found in client packets.
Page 120 | Configuring the Switch HAPTER Configuring Security OMMAND SAGE When IP Source Guard is enabled globally and on a port, the switch ◆ checks the VLAN ID, source IP address, and port number against all entries in the DHCP Snooping binding table and IP Source Guard Static Table.
Page 121: Configuring Static Bindings For Ip Source Guard
| Configuring the Switch HAPTER Configuring Security Max Dynamic Clients – Specifies the maximum number of dynamic ◆ clients that can be learned on given ports. This value can be 0, 1, 2 or unlimited. If the port mode is enabled and the maximum number of dynamic clients is equal 0, the switch will only forward IP packets that are matched in static entries for a given port.
Page 122 | Configuring the Switch HAPTER Configuring Security Static bindings are processed as follows: ◆ If there is no entry with the same VLAN ID and IP address, a new ■ entry is added to the static IP source guard binding table. If there is an entry with the same VLAN ID and IP address, and the ■...
Page 123: Configuring Arp Inspection
| Configuring the Switch HAPTER Configuring Security Figure 31: Configuring Static Bindings for IP Source Guard ARP Inspection is a security feature that validates the MAC Address ONFIGURING bindings for Address Resolution Protocol packets. It provides protection NSPECTION against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the-middle”...
Page 124: Configuring Global And Port Settings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security Disabling and then re-enabling global ARP Inspection will not affect ■ the ARP Inspection configuration of any ports. When ARP Inspection is disabled globally, it is still possible to ■ configure ARP Inspection for individual ports. These configuration changes will only become active after ARP Inspection is enabled globally again.
Page 125: Configuring Static Bindings For Arp Inspection
| Configuring the Switch HAPTER Configuring Security Figure 32: Configuring Global and Port Settings for ARP Inspection ARP I ONFIGURING TATIC INDINGS FOR NSPECTION Use the Static ARP Inspection Table to bind a static address to a port. Table entries include a port identifier, VLAN identifier, source MAC address in ARP request packets, and source IP address in ARP request packets.
Page 126: Specifying Authentication Servers
| Configuring the Switch HAPTER Configuring Security Enter the required bindings for a given port. Click Save. Figure 33: Configuring Static Bindings for ARP Inspection Use the Authentication Server Configuration page to control management PECIFYING access based on a list of user names and passwords configured on a UTHENTICATION RADIUS or TACACS+ remote access authentication server, and to ERVERS...
Page 127 | Configuring the Switch HAPTER Configuring Security RADIUS/TACACS+ Server Configuration Enabled – Enables the server specified in this entry. ◆ IP Address – IP address or IP alias of authentication server. ◆ Port – Network (UDP) port of authentication server used for ◆...
Page 128: Creating Trunk Groups
| Configuring the Switch HAPTER Creating Trunk Groups Figure 34: Authentication Configuration REATING RUNK ROUPS You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches.
Page 129: Configuring Static Trunks
| Configuring the Switch HAPTER Creating Trunk Groups LACP, as long as they are not already configured as part of a static trunk. If ports on another device are also configured to use LACP, the switch and the other device will negotiate a trunk between them. If an LACP trunk consists of more than eight ports, all other ports will be placed in standby mode.
Page 130 | Configuring the Switch HAPTER Creating Trunk Groups To avoid creating a loop in the network, be sure you add a static trunk ◆ via the configuration interface before connecting the ports, and also disconnect the ports before removing a static trunk via the configuration interface.
Page 131 | Configuring the Switch HAPTER Creating Trunk Groups to-server trunk links where the destination IP address is the same for all traffic. (One of the defaults.) TCP/UDP Port Number – All traffic with the same source and ■ destination TCP/UDP port number is output on the same link in a trunk.
Page 132: Configuring Lacp
| Configuring the Switch HAPTER Creating Trunk Groups Figure 35: Static Trunk Configuration Use the LACP Port Configuration page to enable LACP on selected ports, LACP ONFIGURING configure the administrative key, and the protocol initiation mode. CLI R EFERENCES "LACP Commands" on page 435 ◆...
Page 133 | Configuring the Switch HAPTER Creating Trunk Groups All ports on both ends of an LACP trunk must be configured for full ◆ duplex, either by forced mode or auto-negotiation. Trunks dynamically established through LACP will be shown on the ◆...
Page 134: Figure 36: Lacp Port Configuration
| Configuring the Switch HAPTER Creating Trunk Groups Click Save. Figure 36: LACP Port Configuration – 134 –...
Page 135: Configuring The Spanning Tree Algorithm
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm ONFIGURING THE PANNING LGORITHM The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link...
Page 136: Figure 38: Mstp Region, Internal Spanning Tree, Multiple Spanning Tree
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm start learning, predefining an alternate route that can be used when a node or port fails, and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occurs. MSTP –...
Page 137: Configuring Global Settings For Sta
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Figure 39: Common Internal Spanning Tree, Common Spanning Tree, Internal Spanning Tree Region 1 Region 1 CIST Region 4 Region 4 Region 2 Region 3 Region 2 Region 3 MSTP connects all bridges and LAN segments with a single Common and Internal Spanning Tree (CIST).
Page 138 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm connected to an 802.1D bridge and starts using only 802.1D BPDUs. RSTP Mode – If RSTP is using 802.1D BPDUs on a port and receives ■ an RSTP BPDU after the migration delay expires, RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port.
Page 139 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Maximum: 30 Default: 15 Max Age – The maximum time (in seconds) a device can wait without ◆ receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
Page 140: Configuring Multiple Spanning Trees
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Port Error Recovery Timeout – The time that has to pass before a ◆ port in the error-disabled state can be enabled. (Range: 30-86400 seconds or 24 hours) NTERFACE To configure global settings for STA: Click Configuration, Spanning Tree, Bridge Settings.
Page 141 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm fails, and allowing for faster convergence of a new topology for the failed instance. By default all VLANs are assigned to the Common Internal Spanning Tree (CIST, or MST Instance 0) that connects all bridges and LANs within the MST region.
Page 142: Configuring Spanning Tree Bridge Priorities
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To add VLAN groups to an MSTP instance: Click Configuration, Spanning Tree, MSTI Mapping. Enter the VLAN group to add to the instance in the VLANs Mapped column. Note that the specified member does not have to be a configured VLAN.
Page 143: Configuring Stp/Rstp/Cist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Priority – The priority of a spanning tree instance. (Range: 0-240 in ◆ steps of 16; Options: 0, 16, 32, 48, 64, 80, 96, 112, 128, 144, 160, 176, 192, 208, 224, 240; Default: 128) Bridge priority is used in selecting the root device, root port, and designated port.
Page 144: Table 9: Recommended Sta Path Cost Range
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm CLI R EFERENCES "STP Commands" on page 399 ◆ ARAMETERS The following parameters are displayed on the CIST Port Configuration page: ◆ Port – Port identifier. (Range: 1-28) This field is not applicable to static trunks or dynamic trunks created through LACP.
Page 145: Table 11: Default Sta Path Costs
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm Table 11: Default STA Path Costs Port Type Link Type IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,000,000 Trunk 500,000 Fast Ethernet Half Duplex 200,000 Full Duplex 100,000 Trunk 50,000 Gigabit Ethernet Full Duplex...
Page 146 | Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm incorrectly learned station location information. TCN messages can be restricted by a network administrator to prevent bridges external to a core region of the network from causing address flushing in that region, possibly because those bridges are not under the full control of the administrator or the physical link state for the attached LANs transitions frequently.
Page 147: Configuring Mist Interfaces
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm NTERFACE To configure settings for STP/RSTP/CIST interfaces: Click Configuration, Spanning Tree, CIST Ports. Modify the required attributes. Click Save. Figure 43: STP/RSTP/CIST Port Configuration Use the MIST Ports Configuration page to configure STA attributes for MIST ONFIGURING interfaces in a specific MSTI, including path cost, and port priority.
Page 148: Figure 44: Msti Port Configuration
| Configuring the Switch HAPTER Configuring the Spanning Tree Algorithm By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown in Table Table 10 Table Priority –...
Page 149: Igmp Snooping
| Configuring the Switch HAPTER IGMP Snooping IGMP S NOOPING Multicasting is used to support real-time applications such as videoconferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 150 | Configuring the Switch HAPTER IGMP Snooping ARAMETERS The following parameters are displayed on the IGMP Snooping Configuration page: Global Configuration Snooping Enabled - When enabled, the switch will monitor network ◆ traffic to determine which hosts want to receive multicast traffic. (Default: Enabled) This switch can passively snoop on IGMP Query and Report packets transferred between IP multicast routers/switches and IP multicast host...
Page 151 | Configuring the Switch HAPTER IGMP Snooping Fast Leave - Immediately deletes a member port of a multicast service ◆ if a leave packet is received at that port. (Default: Disabled) The switch can be configured to immediately delete a member port of a multicast service if a leave packet is received at that port and the Fast Leave function is enabled.
Page 152: Configuring Vlan Settings For Igmp Snooping And Query
| Configuring the Switch HAPTER IGMP Snooping NTERFACE To configure global and port-related settings for IGMP Snooping: Click Configuration, IGMP Snooping, Basic Configuration. Adjust the IGMP settings as required. Click Save. Figure 45: Configuring Global and Port-related Settings for IGMP Snooping Use the IGMP Snooping VLAN Configuration page to configure IGMP VLAN ONFIGURING...
Page 153: Configuring Igmp Filtering
| Configuring the Switch HAPTER IGMP Snooping IGMP Querier - When enabled, the switch can serve as the Querier ◆ (on the selected interface), which is responsible for asking hosts if they want to receive multicast traffic. (Default: Disabled) A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic.
Page 154: Mld Snooping
| Configuring the Switch HAPTER MLD Snooping checked against the these groups. If a requested multicast group is denied, the IGMP join report is dropped. NTERFACE To configure IGMP Snooping Port Group Filtering: Click Configuration, IGMP Snooping, Port Group Filtering. Click Add New Filtering Group to display a new entry in the table.
Page 155: Configuring Global And Port-Related Settings For Mld Snooping
| Configuring the Switch HAPTER MLD Snooping Use the MLD Snooping Configuration page to configure global and port- ONFIGURING LOBAL related settings which control the forwarding of multicast traffic. Based on ELATED the MLD query and report messages, the switch forwards traffic only to the ETTINGS FOR ports that request multicast traffic.
Page 156 | Configuring the Switch HAPTER MLD Snooping router port, the switch will generate and send a group-specific (GS) query to the member port which received the leave message, and then start the last member query timer for that port. When the conditions in the preceding item all apply, except that the receiving port is a router port, then the switch will not send a GS-query, but will immediately start the last member query timer for that port.
Page 157: Figure 48: Configuring Global And Port-Related Settings For Mld Snooping
| Configuring the Switch HAPTER MLD Snooping Fast Leave does not apply to a port if the switch has learned that a multicast router is attached to it. Fast Leave can improve bandwidth usage for a network which frequently experiences many MLD host add and leave requests. Throttling - Limits the number of multicast groups to which a port can ◆...
Page 158: Configuring Vlan Settings For Mld Snooping And Query
| Configuring the Switch HAPTER MLD Snooping Use the MLD Snooping VLAN Configuration page to configure MLD snooping VLAN ONFIGURING and query for a VLAN interface ETTINGS FOR NOOPING AND UERY CLI R EFERENCES "MLD Snooping Commands" on page 497 ◆...
Page 159: Configuring Mld Filtering
| Configuring the Switch HAPTER MLD Snooping Figure 49: Configuring VLAN Settings for MLD Snooping and Query Use the MLD Snooping Port Group Filtering Configuration page to filter ONFIGURING specific multicast traffic. In certain switch applications, the administrator ILTERING may want to control the multicast services that are available to end users; for example, an IP/TV service based on a specific subscription plan.
Page 160: Multicast Vlan Registration
| Configuring the Switch HAPTER Multicast VLAN Registration Figure 50: MLD Snooping Port Group Filtering Configuration VLAN R ULTICAST EGISTRATION Use the MVR Configuration page to enable MVR globally on the switch, select the VLAN that will serve as the sole channel for common multicast streams supported by the service provider, and to configure each interface that participates in the MVR protocol as a source port or receiver port.
Page 161: Figure 51: Mvr Concept
| Configuring the Switch HAPTER Multicast VLAN Registration Figure 51: MVR Concept Multicast Router Satellite Services Service Network Multicast Server Layer 2 Switch Source Port Receiver Ports Set-top Box Set-top Box CLI R EFERENCES "MVR Commands" on page 483 ◆ OMMAND SAGE General Configuration Guidelines for MVR:...
Page 162 | Configuring the Switch HAPTER Multicast VLAN Registration MVR VLAN – Identifier of the VLAN that serves as the channel for ◆ streaming multicast services using MVR. MVR source ports should be configured as members of the MVR VLAN, but MVR receiver ports should not be manually configured as members of this VLAN.
Page 163: Link Layer Discovery Protocol
| Configuring the Switch HAPTER Link Layer Discovery Protocol Figure 52: Configuring MVR AYER ISCOVERY ROTOCOL Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
Page 164 | Configuring the Switch HAPTER Link Layer Discovery Protocol Tx Hold – Configures the time-to-live (TTL) value sent in LLDP ◆ advertisements as shown in the formula below. (Range: 2-10; Default: 3) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner.
Page 165 | Configuring the Switch HAPTER Link Layer Discovery Protocol If all ports have CDP awareness disabled, the switch forwards CDP frames received from neighbor devices. If at least one port has CDP awareness enabled, all CDP frames are terminated by the switch. When CDP awareness for a port is disabled, the CDP information is not removed immediately, but will be removed when the hold time is exceeded.
Page 166: Configuring Lldp-Med Tlvs
| Configuring the Switch HAPTER Link Layer Discovery Protocol Specify the information to include in the TLV field of advertised messages. Click Save. Figure 53: LLDP Configuration Use the LLDP-MED Configuration page to set the device information which LLDP- ONFIGURING is advertised for end-point devices.
Page 167 | Configuring the Switch HAPTER Link Layer Discovery Protocol the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy. With this in mind LLDP-MED defines an LLDP-MED Fast Start interaction between the protocol and the application layers on top of the protocol, in order to achieve these related properties.
Page 168 | Configuring the Switch HAPTER Link Layer Discovery Protocol Map Datum – The Map Datum used for the coordinates given in this ◆ Option. WGS84: (Geographical 3D) - World Geodesic System 1984, CRS ■ Code 4327, Prime Meridian Name: Greenwich. NAD83/NAVD88: North American Datum 1983, CRS Code 4269, ■...
Page 169 | Configuring the Switch HAPTER Link Layer Discovery Protocol Postal community name - Postal community name. ■ (Example: Leonia) P.O. Box - Post office box (P.O. BOX). (Example: 12345) ■ Additional code - Additional code. (Example: 1320300003) ■ Emergency Call Service – Emergency Call Service (e.g. 911 and ◆...
Page 170 | Configuring the Switch HAPTER Link Layer Discovery Protocol therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN. Policy ID – ID for the policy. This is auto generated and will be ■...
Page 171 | Configuring the Switch HAPTER Link Layer Discovery Protocol Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802.1Q-2003. In this case, both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance.
Page 172: Configuring The Mac Address Table
| Configuring the Switch HAPTER Configuring the MAC Address Table Figure 54: LLDP-MED Configuration MAC A ONFIGURING THE DDRESS ABLE Use the MAC Address Table Configuration page to configure dynamic address learning or to assign static addresses to specific ports. Switches store the addresses for all known devices.
Page 173 | Configuring the Switch HAPTER Configuring the MAC Address Table Aging Time - The time after which a learned entry is discarded. ◆ (Range: 10-1000000 seconds; Default: 300 seconds) MAC Table Learning Auto - Learning is done automatically as soon as a frame with an ◆...
Page 174: Ieee 802.1Q Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Figure 55: MAC Address Table Configuration IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.
Page 175: Assigning Ports To Vlans
| Configuring the Switch HAPTER IEEE 802.1Q VLANs Up to 256 VLANs based on the IEEE 802.1Q standard ◆ Distributed VLAN learning across multiple switches using explicit or ◆ implicit tagging Port overlapping, allowing a port to participate in multiple VLANs ◆...
Page 176: Configuring Vlan Attributes For Port Members
| Configuring the Switch HAPTER IEEE 802.1Q VLANs NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLANs, VLAN Membership. Change the ports assigned to the default VLAN (VLAN 1) if required. To configure a new VLAN, click Add New VLAN, enter the VLAN ID, and then mark the ports to be assigned to the new group.
Page 177 | Configuring the Switch HAPTER IEEE 802.1Q VLANs Ingress Filtering - Determines how to process frames tagged for ◆ VLANs for which the ingress port is not a member. (Default: Disabled) Ingress filtering only affects tagged frames. ■ If ingress filtering is enabled and a port receives frames tagged for ■...
Page 178: Configuring Private Vlans
| Configuring the Switch HAPTER Configuring Private VLANs PVID for untagged ingress frames. Note that this mode is normally used for ports connected to VLAN-aware switches. When forwarding a frame from this switch along a path that contains any VLAN-aware devices, the switch should include VLAN tags. When forwarding a frame from this switch along a path that does not contain any VLAN-aware devices (including the destination host), the switch should first strip off the VLAN tag before forwarding the frame.
Page 179: Figure 58: Private Vlan Membership Configuration
| Configuring the Switch HAPTER Configuring Private VLANs are designated as uplink ports, and can communicate with any downlink ports within the same private VLAN to which it has been assigned, and to any other ports within the 802.1Q VLANs to which it has been assigned. One example of how private VLANs can be used is in servicing multi-tenant dwellings.
Page 180: Using Port Isolation
| Configuring the Switch HAPTER Using Port Isolation SING SOLATION Use the Port Isolation Configuration page to prevent communications between customer ports within the same private VLAN. Ports within a private VLAN (PVLAN) are isolated from other ports which are not in the same PVLAN. Port Isolation can be used to prevent communications between ports within the same PVLAN.
Page 181: Managing Voip Traffic
| Configuring the Switch HAPTER Managing VoIP Traffic IP T ANAGING RAFFIC When IP telephony is deployed in an enterprise network, it is recommended to isolate the Voice over IP (VoIP) network traffic from other data traffic. Traffic isolation can provide higher voice quality by preventing excessive packet delays, packet loss, and jitter.
Page 182 | Configuring the Switch HAPTER Managing VoIP Traffic Aging Time – The time after which a port is removed from the Voice ◆ VLAN when VoIP traffic is no longer received on the port. (Range: 10- 10,000,000 seconds; Default: 86400 seconds) Traffic Class –...
Page 183: Configuring Telephony Oui
| Configuring the Switch HAPTER Managing VoIP Traffic This option only works when the detection mode is set to “Auto.” LLDP should also be enabled before setting the discovery protocol to "LLDP" or "Both." Note that changing the discovery protocol to "OUI" or "LLDP" will restart auto detection process.
Page 184: Figure 61: Configuring An Oui Telephony List
| Configuring the Switch HAPTER Managing VoIP Traffic CLI R EFERENCES "Voice VLAN Commands" on page 489 ◆ ARAMETERS These parameters are displayed in the web interface: Telephony OUI – Specifies a globally unique identifier assigned to a ◆ vendor by IEEE to identify VoIP equipment. The OUI must be 6 characters long and the input format “xx-xx-xx”...
Page 185: Quality Of Service
| Configuring the Switch HAPTER Quality of Service UALITY OF ERVICE All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets in the same class. Class information can be assigned by end hosts, or switches or routers along the path.
Page 186 | Configuring the Switch HAPTER Quality of Service QCL # - A Quality Control List which classifies ingress frames based on ◆ criteria including Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS, or VLAN priority tag (see page 189). Traffic matching the first entry in the QCL is assigned to the traffic class (output queue) defined by that entry.
Page 187: Configuring Dscp Remarking
| Configuring the Switch HAPTER Quality of Service Figure 62: Port QoS Configuration Use the DSCP Remarking Configuration page to remark ingress packets DSCP ONFIGURING with a DSCP priority compatible with the policies used by the autonomous EMARKING system containing this switch. The Differentiated Services Code Point should be set at network boundaries, or by trusted hosts within those boundaries, to ensure a consistent service policy for different types of traffic.
Page 188: Figure 63: Dscp Remarking Configuration
| Configuring the Switch HAPTER Quality of Service Best Effort - This is the common, best-effort forwarding behavior ■ standardized in RFC1812. When no other suitable criteria are available to classify a packet, it is assumed that it belongs to this service aggregate.
Page 189: Configuring Qos Control Lists
| Configuring the Switch HAPTER Quality of Service Use the QoS Control List Configuration page to configure Quality of Service ONFIGURING policies for handling ingress packets based on Ethernet type, VLAN ID, ONTROL ISTS TCP/UDP port, DSCP, ToS, or VLAN priority tag. Each list may consist of up to 24 entries, and can be mapped to a specific port using the Port QoS Configuration menu (page...
Page 190: Table 13: Mapping Cos Values To Egress Queues
| Configuring the Switch HAPTER Quality of Service QCE Configuration QCE Type - Specifies which frame field the Quality Control Entry (QCE) ◆ processes to determine the QoS class of the frame. The supported types are listed below: Ethernet Type - This option can only be used to filter Ethernet II ■...
Page 191: Configuring Rate Limiting
| Configuring the Switch HAPTER Quality of Service Figure 64: QoS Control List Configuration Use the Rate Limit Configuration page to control the maximum rate for ONFIGURING traffic transmitted or received on an interface. Rate limiting can be IMITING configured on interfaces at the edge of a network to form part of the customer service package by limiting traffic into or out of the switch.
Page 192: Figure 65: Rate Limit Configuration
| Configuring the Switch HAPTER Quality of Service Policer Unit - Sets the unit of measure for the port policer. ◆ (Options: kbps, Mbps; Default: kbps) Egress Limits Shaper Enabled - Enables or disables egress rate limiting. ◆ (Default: Disabled) ◆...
Page 193: Configuring Storm Control
| Configuring the Switch HAPTER Quality of Service Use the Storm Control Configuration page to set limits on broadcast, ONFIGURING TORM multicast and unknown unicast traffic to control traffic storms which may ONTROL occur when a network device is malfunctioning, the network is not properly configured, or application programs are not well designed or properly configured.
Page 194: Configuring Port Mirroring
| Configuring the Switch HAPTER Configuring Port Mirroring Figure 66: Storm Control Configuration ONFIGURING IRRORING Use the Mirror Configuration page to mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and Source Single...
Page 195: Configuring Upnp
| Configuring the Switch HAPTER Configuring UPnP Figure 67: Mirror Configuration ONFIGURING Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and office networks. UPnP achieves this by issuing UPnP device control protocols designed upon open, Internet-based communication standards.
Page 196: Figure 68: Upnp Configuration
UPnP under Windows XP, open My Network Places in the Explore file manager. An entry for “DG-GS4528S” will appear in the list of discovered devices. Double-click on this entry to access the switch's web management interface.
Page 197: Monitoring The Switch
ONITORING THE WITCH This chapter describes how to monitor all of the basic functions, configure or view system logs, and how to view traffic status or the address table. ISPLAYING ASIC NFORMATION BOUT THE YSTEM You can use the Monitor/System menu to display a basic description of the switch, log messages, or statistics on traffic used in managing the switch.
Page 198: Displaying Cpu Utilization
| Monitoring the Switch HAPTER Displaying Basic Information About the System Software Date – Release date of the switch software. ◆ NTERFACE To view System Information in the web interface, click Monitor, System, Information. Figure 69: System Information Use the CPU Load page to display information on CPU utilization. ISPLAYING TILIZATION The load is averaged over the last 100ms, 1sec and 10 seconds intervals.
Page 199: Displaying Log Messages
| Monitoring the Switch HAPTER Displaying Basic Information About the System Figure 70: Displaying CPU Utilization Use the System Log Information page to scroll through the logged system ISPLAYING and event messages. ESSAGES ARAMETERS These parameters are displayed in the web interface: Display Filter Level –...
Page 200: Displaying Log Details
| Monitoring the Switch HAPTER Displaying Basic Information About the System Use Auto-refresh to automatically refresh the page at regular intervals, Refresh to update system log entries starting from the current entry ID, or Clear to flush all system log entries. Use the arrow buttons to scroll through the log messages.
Page 201: Displaying Information About Ports
| Monitoring the Switch HAPTER Displaying Information About Ports ISPLAYING NFORMATION BOUT ORTS You can use the Monitor/Port menu to display a graphic image of the front panel which indicates the connection status of each port, basic statistics on the traffic crossing each port, the number of packets processed by each service queue, or detailed statistics on port traffic.
Page 202: Displaying Qos Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display a summary of port statistics, click Monitor, Ports, Traffic Overview. Figure 74: Port Statistics Overview Use the Queuing Counters page to display the number of packets ISPLAYING processed by each service queue. TATISTICS ARAMETERS These parameters are displayed in the web interface:...
Page 203: Displaying Detailed Port Statistics
| Monitoring the Switch HAPTER Displaying Information About Ports NTERFACE To display the queue counters, click Monitor, Ports, QoS Statistics. Figure 75: Queuing Counters Use the Detailed Port Statistics page to display detailed statistics on ISPLAYING ETAILED network traffic. This information can be used to identify potential problems TATISTICS with the switch (such as a faulty port or unusually heavy loading).
Page 204 | Monitoring the Switch HAPTER Displaying Information About Ports Unicast – The number of received and transmitted unicast packets ■ (good and bad). Multicast – The number of received and transmitted multicast ■ packets (good and bad). Broadcast – The number of received and transmitted broadcast ■...
Page 205: Displaying Information About Security Settings
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display the detailed port statistics, click Monitor, Ports, Detailed Statistics. Figure 76: Detailed Port Statistics ISPLAYING NFORMATION BOUT ECURITY ETTINGS You can use the Monitor/Security menu to display statistics on management traffic, security controls for client access to the data ports, and the status of remote authentication access servers.
Page 206: Displaying Information About Switch Settings For Port Security
| Monitoring the Switch HAPTER Displaying Information About Security Settings ARAMETERS These parameters are displayed in the web interface: Interface – Network protocols used to manage the switch. ◆ (Protocols: HTTP, HTTPS, SNMP, TELNET, SSH) ◆ Receive Packets – The number of management packets received. Allow Packets –...
Page 207 | Monitoring the Switch HAPTER Displaying Information About Security Settings CLI R EFERENCES "security network psec switch" on page 348 ◆ ARAMETERS These parameters are displayed in the web interface: User Module Legend User Module Name – The full name of a module that may request Port ◆...
Page 208: Displaying Information About Learned Mac Addresses
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display information about switch-level settings for the Port Security module, click Monitor, Security, Network, Port Security, Switch. Figure 78: Port Security Switch Status Use the Port Security Port Status page to show the entries authorized by ISPLAYING port security services, including MAC address, VLAN ID, time added to NFORMATION...
Page 209: Displaying Port Status For Authentication Services
| Monitoring the Switch HAPTER Displaying Information About Security Settings periodically check that this MAC address is still forwarding traffic. If the age period (measured in seconds) expires and no frames have been seen, the MAC address will be removed from the MAC table. Otherwise a new age period will begin.
Page 210: Figure 80: Network Access Server Switch Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings QoS Class – The QoS class that NAS has assigned to this port. This ◆ field is blank if the has not been assigned by NAS. Refer to “RADIUS- Assigned QoS Enabled” for a description of this attribute (see page 94).
Page 211 | Monitoring the Switch HAPTER Displaying Information About Security Settings Port State – The current state of the port. Refer to NAS Port State for ◆ a description of the individual states (see page 94). QoS Class – The QoS class assigned by the RADIUS server. The field is ◆...
Page 212 | Monitoring the Switch HAPTER Displaying Information About Security Settings backend server counters for the currently selected client, or dashes if no client is selected or available. A client can be selected from the list of authorized/unauthorized clients below the two counter tables. Access Challenges –...
Page 213 | Monitoring the Switch HAPTER Displaying Information About Security Settings MAC-based: Not applicable. ■ Identity – ◆ 802.1X-based: The user name (supplicant identity) carried in the ■ most recently received Response Identity EAPOL frame. MAC-based: Not applicable. ■ Selected Counters This table is visible when the port is one of the following administrative states: Multi 802.1X or MAC-based Auth.
Page 214: Displaying Acl Status
| Monitoring the Switch HAPTER Displaying Information About Security Settings NTERFACE To display port Statistics for 802.1X or Remote Authentication Service: Click Monitor, Security, Network, NAS, Port. Select a port from the scroll-down list. Figure 81: NAS Statistics for Specified Port Use the ACL Status page to show the status for different security modules ISPLAYING which use ACL filtering, including ingress port, frame type, and forwarding...
Page 215: Displaying Statistics For Dhcp Snooping
| Monitoring the Switch HAPTER Displaying Information About Security Settings IPv4/ICMP: ACE will match IPv4 frames with ICMP protocol. ■ IPv4/UDP: ACE will match IPv4 frames with UDP protocol. ■ IPv4/TCP: ACE will match IPv4 frames with TCP protocol. ■ IPv4/Other: ACE will match IPv4 frames, which are not ICMP/UDP ■...
Page 216 | Monitoring the Switch HAPTER Displaying Information About Security Settings ARAMETERS These parameters are displayed in the web interface: Rx/Tx Discover – The number of discover (option 53 with value 1) ◆ packets received and transmitted. ◆ Rx/Tx Offer – The number of offer (option 53 with value 2) packets received and transmitted.
Page 217: Displaying Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying Information About Security Settings Figure 83: DHCP Snooping Statistics Use the DHCP Relay Statistics page to display statistics for the DHCP relay DHCP ISPLAYING service supported by this switch and DHCP relay clients. ELAY TATISTICS CLI R EFERENCES...
Page 218: Figure 84: Dhcp Relay Statistics
| Monitoring the Switch HAPTER Displaying Information About Security Settings Receive Bad Circuit ID – The number of packets with a Circuit ID ◆ option that did not match a known circuit ID. Receive Bad Remote ID – The number of packets with a Remote ID ◆...
Page 219: Displaying Mac Address Bindings For Arp Packets
| Monitoring the Switch HAPTER Displaying Information About Security Settings Open the Dynamic ARP Inspection Table to display address entries sorted ISPLAYING first by port, then VLAN ID, MAC address, and finally IP address. DDRESS INDINGS ARP P ACKETS Each page shows up to 999 entries from the Dynamic ARP Inspection table, default being 20, selected through the “entries per page”...
Page 220: Displaying Information On Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers ISPLAYING NFORMATION ON UTHENTICATION ERVERS Use the Monitor/Authentication pages to display information on RADIUS authentication and accounting servers, including the IP address and statistics for each server. Use the RADIUS Overview page to display a list of configured ISPLAYING A IST OF authentication and accounting servers.
Page 221: Displaying Statistics For Configured Authentication Servers
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers NTERFACE To display a list of configured authentication and accounting servers, click Monitor, Authentication, RADIUS Overview. Figure 87: RADIUS Overview Use the RADIUS Details page to display statistics for configured ISPLAYING authentication and accounting servers.
Page 222 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Bad Authenticators – The number of RADIUS Access-Response ■ packets containing invalid authenticators or Message Authenticator attributes received from this server. Unknown Types – The number of RADIUS packets of unknown ■...
Page 223 | Monitoring the Switch HAPTER Displaying Information on Authentication Servers Round-Trip Time – The time interval (measured in milliseconds) ■ between the most recent Access-Reply/Access-Challenge and the Access-Request that matched it from the RADIUS authentication server. The granularity of this measurement is 100 ms. A value of 0 ms indicates that there hasn't been round-trip communication with the server yet.
Page 224: Figure 88: Radius Details
| Monitoring the Switch HAPTER Displaying Information on Authentication Servers Not Ready – The server is enabled, but IP communication is not ■ yet up and running. Ready – The server is enabled, IP communication is up and ■ running, and the RADIUS module is ready to accept accounting attempts.
Page 225: Displaying Information On Lacp
| Monitoring the Switch HAPTER Displaying Information on LACP LACP ISPLAYING NFORMATION ON Use the monitor pages for LACP to display information on LACP configuration settings, the functional status of participating ports, and statistics on LACP control packets. Use the LACP System Status page to display an overview of LACP groups. ISPLAYING AN LACP VERVIEW OF...
Page 226: Displaying Lacp Port Status
| Monitoring the Switch HAPTER Displaying Information on LACP Use the LACP Port Status page to display information on the LACP groups LACP ISPLAYING active on each port. TATUS CLI R EFERENCES "lacp status" on page 439 ◆ ARAMETERS These parameters are displayed in the web interface: ◆...
Page 227: Displaying Lacp Port Statistics
| Monitoring the Switch HAPTER Displaying Information on LACP Use the LACP Port Statistics page to display statistics on LACP control LACP ISPLAYING packets crossing on each port. TATISTICS CLI R EFERENCES "lacp statistics" on page 439 ◆ ARAMETERS These parameters are displayed in the web interface: ◆...
Page 228: Displaying Information On The Spanning Tree
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree ISPLAYING NFORMATION ON THE PANNING Use the monitor pages for Spanning Tree to display information on spanning tree bridge status, the functional status of participating ports, and statistics on spanning tree protocol packets. Use the Bridge Status page to display STA information on the global bridge ISPLAYING RIDGE...
Page 229 | Monitoring the Switch HAPTER Displaying Information on the Spanning Tree Regional Root – The Bridge ID of the currently elected regional root ◆ bridge, inside the MSTP region of this bridge. (This parameter only applies to the CIST instance.) Internal Root Cost –...
Page 230: Displaying Port Status For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree NTERFACE To display information on spanning tree bridge and port status, click Monitor, Spanning Tree, Bridge Status. Figure 92: Spanning Tree Bridge Status Use the Port Status page to display the STA functional status of ISPLAYING participating ports.
Page 231: Displaying Port Statistics For Sta
| Monitoring the Switch HAPTER Displaying Information on the Spanning Tree CIST Role – Roles are assigned according to whether the port is part of ◆ the active topology connecting the bridge to the root bridge (i.e., root port), connecting a LAN through the bridge to the root bridge (i.e., designated port);...
Page 232: Showing Igmp Snooping Information
| Monitoring the Switch HAPTER Showing IGMP Snooping Information MSTP – The number of MSTP Configuration BPDU's received/ ◆ transmitted on a port. RSTP – The number of RSTP Configuration BPDU's received/ ◆ transmitted on a port. STP – The number of legacy STP Configuration BPDU's received/ ◆...
Page 233: Figure 95: Igmp Snooping Status
| Monitoring the Switch HAPTER Showing IGMP Snooping Information Querier Transmitted – The number of transmitted Querier messages. ◆ Querier Received – The number of received Querier messages. ◆ V1 Reports Received – The number of received IGMP Version 1 ◆...
Page 234: Showing Mld Snooping Information
| Monitoring the Switch HAPTER Showing MLD Snooping Information MLD S HOWING NOOPING NFORMATION Use the MLD Snooping Status page to display MLD querier status and snooping statistics for each VLAN, and the ports connected to an upstream multicast router/switch. Use the MLD Snooping Group Information page to display the port members of each service group.
Page 235: Displaying Mvr Information
| Monitoring the Switch HAPTER Displaying MVR Information NTERFACE To display information for MLD snooping, click Monitor, MLD Snooping, Status. Figure 96: MLD Snooping Status To display information for active MLD groups, click Monitor, MLD Snooping, Groups Information. Figure 97: MLD Snooping Group Information MVR I ISPLAYING NFORMATION...
Page 236: Figure 98: Mvr Status
| Monitoring the Switch HAPTER Displaying MVR Information ARAMETERS These parameters are displayed in the web interface: Statistics VLAN ID – Identifier of the VLAN that serves as the channel for ◆ streaming multicast services using MVR. V1 Reports Received – The number of IGMP V1 reports received. ◆...
Page 237: Displaying Lldp Information
| Monitoring the Switch HAPTER Displaying LLDP Information LLDP I ISPLAYING NFORMATION Use the monitor pages for LLDP to display information advertised by LLDP neighbors and statistics on LLDP control frames. Use the LLDP Neighbor Information page to display information about LLDP ISPLAYING devices connected directly to the switch’s ports which are advertising...
Page 238: Displaying Lldp-Med Neighbor Information
| Monitoring the Switch HAPTER Displaying LLDP Information Management Address – The IPv4 address of the remote device. If no ◆ management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement. NTERFACE To display information about LLDP neighbors, click Monitor, LLDP, Neighbors.
Page 239 | Monitoring the Switch HAPTER Displaying LLDP Information applicable to Generic Endpoints (Class I), and any LLDP-MED Endpoint Device claiming compliance as a Communication Device (Class III) will also support all aspects of TIA-1057 applicable to both Media Endpoints (Class II) and Generic Endpoints (Class I). LLDP-MED Generic Endpoint (Class I) –...
Page 240: Figure 100: Lldp-Med Neighbor Information
| Monitoring the Switch HAPTER Displaying LLDP Information Application Type – The primary function of the application(s) defined ◆ for this network policy, and advertised by an Endpoint or Network Connectivity Device. The possible application types are described under "Configuring LLDP-MED TLVs" on page 166.
Page 241: Displaying Lldp Port Statistics
| Monitoring the Switch HAPTER Displaying LLDP Information Use the LLDP Port Statistics page to display statistics on LLDP global LLDP ISPLAYING counters and control frames. TATISTICS CLI R EFERENCES "lldp statistics" on page 445 ◆ ARAMETERS These parameters are displayed in the web interface: Global Counters Neighbor entries were last changed at –...
Page 242: Displaying The Mac Address Table
| Monitoring the Switch HAPTER Displaying the MAC Address Table Org. Discarded – The number of organizational TLVs discarded. ◆ Age-Outs – Each LLDP frame contains information about how long the ◆ LLDP information is valid (age-out time). If no new LLDP frame is received within the age-out time, the LLDP information is removed, and the Age-Out counter is incremented.
Page 243: Displaying Information About Vlans
| Monitoring the Switch HAPTER Displaying Information About VLANs VLAN – The VLAN containing this entry. ◆ MAC Address – Physical address associated with this interface. ◆ Port Members – The ports associated with this entry. ◆ NTERFACE To display the address table, click Monitor, MAC Address Table. Figure 102: MAC Address Table VLAN ISPLAYING...
Page 244: Vlan Port Status
| Monitoring the Switch HAPTER Displaying Information About VLANs MVR: Eliminates the need to duplicate multicast traffic for ■ subscribers in each VLAN. Multicast traffic for all channels is sent only on a single (multicast) VLAN. Voice VLAN: A VLAN configured specially for voice traffic typically ■...
Page 245 | Monitoring the Switch HAPTER Displaying Information About VLANs description of the software modules that use VLAN management services. Port – Port Identifier. ◆ PVID – The native VLAN assigned to untagged frames entering this ◆ port. VLAN Aware - Configures whether or not a port processes the ◆...
Page 246: Figure 104: Showing Vlan Port Status
| Monitoring the Switch HAPTER Displaying Information About VLANs Figure 104: Showing VLAN Port Status – 246 –...
Page 247: Performing Basic Diagnostics
ERFORMING ASIC IAGNOSTICS This chapter describes how to test network connectivity using Ping for IPv4 or IPv6, and how to test network cables. INGING AN DDRESS The Ping page is used to send ICMP echo request packets to another node on the network to determine if it can be reached.
Page 248: Running Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics Figure 105: ICMP Ping UNNING ABLE IAGNOSTICS The VeriPHY page is used to perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open, etc.) and report the cable length.
Page 249: Figure 106: Veriphy Cable Diagnostics
| Performing Basic Diagnostics HAPTER Running Cable Diagnostics diagnostics results in the cable status table. Note that VeriPHY is only accurate for cables 7 - 140 meters long. Ports will be linked down while running VeriPHY. Therefore, running VeriPHY on a management port will cause the switch to stop responding until testing is completed.
Page 250 | Performing Basic Diagnostics HAPTER Running Cable Diagnostics – 250 –...
Page 251: Performing System Maintenance
ERFORMING YSTEM AINTENANCE This chapter describes how to perform basic maintenance tasks including upgrading software, restoring or saving configuration settings, and resetting the switch. ESTARTING THE WITCH Use the Restart Device page to restart the switch. CLI R EFERENCES "system reboot" on page 268 ◆...
Page 252: Restoring Factory Defaults
| Performing System Maintenance HAPTER Restoring Factory Defaults ESTORING ACTORY EFAULTS Use the Factory Defaults page to restore the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults. CLI R EFERENCES ◆...
Page 253: Managing Configuration Files
| Performing System Maintenance HAPTER Managing Configuration Files After the software image is uploaded, a page announces that the firmware update has been initiated. After about a minute, the firmware is updated and the switch is rebooted. While the firmware is being updated, Web access appears to be AUTION defunct.
Page 254: Restoring Configuration Settings
| Performing System Maintenance HAPTER Managing Configuration Files Figure 110: Configuration Save Use the Configuration Upload page to restore previously saved ESTORING configuration settings to the switch from a file on your local management ONFIGURATION station. ETTINGS CLI R EFERENCES "config load"...
Page 255: Command Line Interface
ECTION OMMAND NTERFACE This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: "Using the Command Line Interface" on page 257 ◆ "System Commands" on page 265 ◆...
Page 256 | Command Line Interface ECTION "UPnP Commands" on page 479 ◆ "MVR Commands" on page 483 ◆ "Voice VLAN Commands" on page 489 ◆ "MLD Snooping Commands" on page 497 ◆ – 256 –...
Page 257: Using The Command Line Interface
After connecting to the system through the console port, the login screen displays: Username: admin Password: Login in progress... Welcome to DigiSol Command Line Interface. Type 'help' or '?' to get help. Port Numbers: +-------------------------------------------------------------+ | +--+--+--+--+ +--+--+--+--+ +--+--+--+--+ +----+...
Page 258: Telnet Connection
When finished, exit the session with the “logout” command. After entering the Telnet command, the login screen displays: Username: admin Password: Login in progress... Welcome to DigiSol Command Line Interface. Type 'help' or '?' to get help. Port Numbers: +-------------------------------------------------------------+ | +--+--+--+--+ +--+--+--+--+ +--+--+--+--+...
Page 259: Entering Commands
| Using the Command Line Interface HAPTER Entering Commands You can open up to four sessions to the device via Telnet. When SSH is enabled, Telnet can't be used. NTERING OMMANDS This section describes how to enter CLI commands. A CLI command is a series of keywords and arguments. Keywords identify EYWORDS AND a command, and arguments specify configuration parameters.
Page 260: Showing Commands
| Using the Command Line Interface HAPTER Entering Commands HOWING OMMANDS If you enter a “?” at the command prompt, the system will display the first level of keywords or command groups. You can also display a list of valid keywords for a specific command.
Page 261: Partial Keyword Lookup
| Using the Command Line Interface HAPTER Entering Commands System Log [<log_id>] [all|info|warning|error] [clear] > If you terminate a partial keyword with a question mark, alternatives that ARTIAL EYWORD match the initial letters are provided. (Remember to leave a space between OOKUP the command and question mark.) For example “m ?”...
Page 262: Command Line Processing
| Using the Command Line Interface HAPTER Entering Commands Commands are not case sensitive. You can abbreviate commands and OMMAND parameters as long as they contain enough letters to differentiate them ROCESSING from any other currently available commands or parameters. You can use the Tab key to complete partial commands, or enter a partial command followed by the “?”...
Page 263: Cli Command Groups
| Using the Command Line Interface HAPTER CLI Command Groups CLI C OMMAND ROUPS The system commands can be broken down into the functional groups shown below Table 16: Command Group Index Command Group Description Page System Configures general system settings, including descriptive information, rebooting the system, setting the time zone, showing the CPU loading, and configuring the log levels to display...
Page 264 | Using the Command Line Interface HAPTER CLI Command Groups – 264 –...
Page 265: System Commands
System>configuration System Contact System Name System Location : Timezone Offset : 0 MAC Address : 00-17-7c-0a-ef-6c System Time : 1970-01-01 03:59:40 +0000 System Uptime : 03:59:40 Software Version: DG-GS4528S (standalone) V1.1.0.3 Software Date : 2010-07-20 17:42:15 -0400 – 265 –...
Page 266: System Name
| System Commands HAPTER Previous Restart: Cold System> This command displays or sets the name assigned to the switch system. system name YNTAX system name [name] name - The name of this switch. (Maximum length: 255 characters) EFAULT ETTING None OMMAND SAGE No blank spaces are permitted as part of the name string.
Page 267: System Location
| System Commands HAPTER This command displays or sets the system location. system location YNTAX system location [location] location - String that describes the system location. (Maximum length: 255 characters) EFAULT ETTING None OMMAND SAGE No blank spaces are permitted as part of the location string. XAMPLE System>location WC5 System>...
Page 268: System Reboot
| System Commands HAPTER This command restarts the system. system reboot YNTAX system reboot OMMAND SAGE When the system is restarted, it will always run the Power-On Self- Test. It will also retain all configuration information stored in non-volatile memory. XAMPLE This example shows how to reset the switch: System>reboot...
Page 269: System Log
| System Commands HAPTER OMMAND SAGE The load is averaged over the last 100ms, 1sec and 10 seconds intervals. The last 120 samples are graphed. The load is displayed as the running average over 100ms, 1s and 10s (in percent, where zero indicates that the CPU is idle). XAMPLE System>load Load average(100ms, 1s, 10s):...
Page 270 | System Commands HAPTER – 270 –...
Page 271: Ip Commands
IP C OMMANDS This section describes commands used to configure IP settings, including IPv4 or IPv6 addresses, DHCP, DNS, DNS proxy, as well as SNTP. Table 18: IP Commands Command Function ip configuration Displays all settings for IPv4 and IPv6 and related functions ip dhcp Displays or sets the DHCP client mode ip setup...
Page 272: Ip Dhcp
| IP Commands HAPTER IP Address : 192.168.2.10 IP Mask : 255.255.255.0 IP Router : 0.0.0.0 DNS Server : 0.0.0.0 VLAN ID DNS Proxy : Disabled IPv6 AUTOCONFIG mode : Disabled IPv6 Link-Local Address: fe80::201:c1ff:fe00:e1 IPv6 Address : ::192.168.1.1 IPv6 Prefix : 96 IPv6 Router : ::...
Page 273: Ip Setup
| IP Commands HAPTER If DHCP is enabled, the system will immediately start broadcasting ◆ service requests. Requests will be broadcast periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, default gateway, and subnet mask). If the switch does not receive a response from a DHCP server, it will default to the IP address 192.168.2.10 and subnet mask 255.255.255.0.
Page 274 | IP Commands HAPTER OMMAND SAGE Only one VLAN interface can be assigned an IP address (the default is VLAN 1). This defines the management VLAN, the only VLAN through which you can gain management access to the switch. If you assign an IP address to any other VLAN, the new IP address overrides the original IP address and this becomes the new management VLAN.
Page 275: Ip Ping
| IP Commands HAPTER This command sends ICMP echo request packets to another node on the ip ping network. YNTAX ip ping ip-addr [packet-size] ip-addr - IP address or IP alias of the host. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods. packet-size - The payload size of the ICMP packet.
Page 276: Ip Dns
| IP Commands HAPTER This command displays or sets a DNS server to which client requests for ip dns mapping host names to IP addresses are forwarded. YNTAX ip dns [ip-addr] ip-addr - IP address of domain-name server. An IPv4 address consists of 4 numbers, 0 to 255, separated by periods.
Page 277: Ip Ipv6 Autoconfig
| IP Commands HAPTER This command displays or sets stateless autoconfiguration of IPv6 ip ipv6 autoconfig addresses on an interface and IPv6 functionality on the interface. YNTAX ip ipv6 autoconfig [enable | disable] enable - Enables IPv6 autoconfiguration mode. disable - Disables IPv6 autoconfiguration mode. EFAULT ETTING Disabled...
Page 278: Ip Ipv6 Setup
| IP Commands HAPTER This command displays or sets the switch's IPv6 address and gateway for ip ipv6 setup the specified VLAN. YNTAX ip ipv6 setup [ipv6-addr] [ipv6-prefix] [ipv6-gateway] [vlan-id] ipv6-addr - The full IPv6 address of the switch including the network prefix and host address bits.
Page 279: Ip Ipv6 Ping6
| IP Commands HAPTER IPv6 AUTOCONFIG mode : Enabled IPv6 Link-Local Address: fe80::2e1:ff:fe00:0 IPv6 Address : 2001:db8:2222:7272::72 IPv6 Prefix : 96 IPv6 Router : fe80::269:3ef9:fe19:6780 IPv6 VLAN ID IP/IPv6> This command sends ICMP echo request packets to another node on the ip ipv6 ping6 network.
Page 280: Ip Ntp Configuration
| IP Commands HAPTER XAMPLE IP/IPv6>ping6 ::192.168.1.19 PING6 server ::192.168.1.19 recvfrom: Operation timed out recvfrom: Operation timed out recvfrom: Operation timed out recvfrom: Operation timed out recvfrom: Operation timed out Sent 5 packets, received 0 OK, 0 bad IP/IPv6> This command displays the NTP operation mode and the IP address for any ip ntp configuration configured time servers.
Page 281: Ip Ntp Server Add
| IP Commands HAPTER enables the system log to record meaningful dates and times for event entries. If the clock is not set, the switch will only record the time from the factory default set at the last bootup. XAMPLE This example enables NTP client requests.
Page 282: Ip Ntp Server Delete
| IP Commands HAPTER EFAULT ETTING None OMMAND SAGE The switch attempts to periodically update the time from the specified servers. The switch will poll the time servers in the order specified until a response is received. The polling interval is fixed at 15 minutes. XAMPLE IP/NTP/Server>ipv6 add 2 fe80::215:c5ff:fe03:4dc7 IP/NTP/Server>...
Page 283: Port Commands
OMMANDS This section describes commands used to configure connection parameters for ports, power saving mode, and cable testing. Table 19: Port Commands Command Function port configuration Displays configuration settings port mode Displays or sets port speed and duplex mode port flow control Displays or sets flow control mode port state Displays or sets administrative state to enabled or disabled...
Page 284 | Port Commands HAPTER Table 20: Port Configuration (Continued) Field Description MaxFrame Maximum frame size Power Power saving mode (Enabled or Disabled) Excessive Response to take when excessive transmit collisions are detected on a port (Discard frame or Restart backoff algorithm) Link Link status (connection speed/duplex mode or down) XAMPLE...
Page 285: Port Mode
| Port Commands HAPTER This command displays or sets port speed and duplex mode of a port. port mode YNTAX port mode [port-list] [10hdx | 10fdx | 100hdx | 100fdx | 1000fdx | auto] port-list - A specific port or a range of ports. (Range: 1-28, or all) 10hdx - Supports 10 Mbps half-duplex operation 10fdx - Supports 10 Mbps full-duplex operation 100hdx - Supports 100 Mbps half-duplex operation...
Page 286: Port State
| Port Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE Flow control can eliminate frame loss by “blocking” traffic from end ◆ stations or segments connected directly to the switch when its buffers fill. When enabled, back pressure is used for half-duplex operation and IEEE 802.3-2005 (formally IEEE 802.3x) for full-duplex operation.
Page 287: Port Maxframe
| Port Commands HAPTER XAMPLE Port>state 5 disable Port> This command displays or sets the maximum frame size allowed for a port. port maxframe YNTAX port maxframe [port-list] [max-frame] port-list - A specific port or a range of ports. (Range: 1-28, or all) max-frame - The maximum transfer unit for traffic crossing a port.
Page 288: Port Excessive
| Port Commands HAPTER XAMPLE This example indicates that power usage for port 5 is 41% of normal. Port>power 5 enable Port>power 5 Port Power Usage ---- -------- ----- Enabled 41 % Port> This command displays or sets the response to take when excessive port excessive transmit collisions are detected on a port.
Page 289: Port Statistics
| Port Commands HAPTER This command displays port statistics. port statistics YNTAX port statistics [port-list] [clear] [statistic] port-list - A specific port or a range of ports. (Range: 1-28, or all) clear - Clears port statistics statistic - Specifies the statistics to display. packets - The number of packets received and transmitted.
Page 290: Port Veriphy
| Port Commands HAPTER Rx High: Tx High: Rx Drops: Tx Drops: Rx CRC/Alignment: Tx Late/Exc. Coll.: Rx Undersize: Rx Oversize: Rx Fragments: Rx Jabbers: Rx Filtered: Port> This command performs cable diagnostics to diagnose any cable faults port veriphy (short, open, etc.) and report the cable length.
Page 291 | Port Commands HAPTER Open Open Short Short Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Open Port> – 291 –...
Page 292 | Port Commands HAPTER – 292 –...
Page 293: Mac Commands
MAC C OMMANDS This section describes commands used to configure the MAC address table, including learning mode, aging time, and setting static addresses. Table 21: MAC Commands Command Function mac configuration Displays MAC address table configuration for specified ports mac add Adds a static MAC address to the specified port and VLAN mac delete Deletes a MAC address entry from the specified VLAN...
Page 294: Mac Add
| MAC Commands HAPTER This command adds a static MAC address to the specified port and VLAN. mac add YNTAX mac add mac-address port-list [vlan-id] mac-address - Physical address of a device mapped to a port. port-list - A specific port or a range of ports. (Range: 1-28, all, or none) vlan-id - VLAN identifier.
Page 295: Mac Lookup
| MAC Commands HAPTER This command searches for the specified MAC address in the specified mac lookup VLAN. YNTAX mac lookup mac-address [vlan-id] mac-address - Physical address of a device mapped to a port. vlan-id - VLAN identifier. (Range: 1-4095) XAMPLE MAC>lookup 00-17-7c-0a-e3-15 Type...
Page 296: Mac Dump
| MAC Commands HAPTER EFAULT ETTING Auto OMMAND SAGE Make sure that the link used for managing the switch is added to the Static MAC Table before changing to secure learning mode. Otherwise the management link will be lost, and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.
Page 297: Mac Statistics
| MAC Commands HAPTER This command displays statistics on the type and number of MAC mac statistics addresses associated with specified ports. YNTAX mac statistics [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) EFAULT ETTING Displays statistics for all ports.
Page 298 | MAC Commands HAPTER – 298 –...
Page 299: Vlan Commands
VLAN C OMMANDS This section describes commands used to configure standard IEEE 802.1Q VLANs port members and port attributes. Table 22: VLAN Commands Command Function vlan configuration Displays VLAN attributes for specified ports and list of ports assigned to each VLAN vlan aware Displays or sets whether or not a port processes the VLAN ID in ingress frames...
Page 300: Vlan Aware
| VLAN Commands HAPTER This command displays or sets whether or not a port processes the VLAN vlan aware ID in ingress frames. YNTAX vlan aware [enable | disable] enable - Each frame is assigned to the VLAN indicated in the VLAN tag, and the tag is removed.
Page 301: Vlan Pvid
| VLAN Commands HAPTER This command displays or sets the VLAN ID assigned to untagged frames vlan pvid received on specified ports. YNTAX vlan pvid [port-list] [vlan-id | none] port-list - A specific port or range of ports. (Range: 1-28, or all) vlan-id - VLAN identifier.
Page 302: Vlan Ingressfilter
| VLAN Commands HAPTER XAMPLE VLAN>frametype 9 tagged VLAN> This command displays or sets ingress filtering for specified ports, which vlan ingressfilter when enabled, discards frames tagged for VLANs for which it is not a member. YNTAX vlan ingressfilter [port-list] [enable | disable] port-list - A specific port or range of ports.
Page 303: Vlan Add
| VLAN Commands HAPTER OMMAND SAGE IEEE 802.1ad outlines the operation of Queue-in-Queue tagging which allows a service provider to use a Virtual Bridged Local Area Network to provide separate VLAN instances to multiple independent customers over the same medium using double tagged frames. When the service tag is enabled, the port will change the EtherType (also called the Tag Protocol Identifier or TPID) of all frames received to indicate that double-tagged frames are being forwarded across the...
Page 304: Vlan Lookup
| VLAN Commands HAPTER XAMPLE VLAN>delete 2 VLAN> This command displays port members for specified VLAN. vlan lookup YNTAX vlan lookup [vlan-id] vlan-id - VLAN identifier. (Range: 1-4095) XAMPLE VLAN>lookup 2 Ports ---- ----- VLAN> This command displays information about the VLAN attributes assigned to vlan status a port.
Page 305 | VLAN Commands HAPTER significantly improves network resource utilization while maintaining a loop-free environment. all: Shows information for all user modules. conflicts: Shows information for all user modules where a conflict exists. EFAULT ETTING Display information about all ports and all user modules. OMMAND SAGE The “conflicts”...
Page 306 | VLAN Commands HAPTER – 306 –...
Page 307: Pvlan Commands
PVLAN C OMMANDS This section describes commands used to configure private VLANs (PVLAN) and isolated ports, providing port-based security and isolation between ports within the assigned VLAN. Table 23: PVLAN Commands Command Function pvlan configuration Displays PVLAN member ports, and whether or not port isolation is enabled pvlan add Add specified ports to a PVLAN...
Page 308: Pvlan Add
| PVLAN Commands HAPTER This command add specified ports to a PVLAN. pvlan add YNTAX pvlan add pvlan-id [port-list] pvlan-id - PVLAN identifier. (Range: 1-4095) port-list - A specific port or a range of ports. (Range: 1-28, or all) EFAULT ETTING Adds all ports.
Page 309: Pvlan Lookup
| PVLAN Commands HAPTER This command displays the specified PVLANs and port members. pvlan lookup YNTAX vlan lookup [pvlan-id] pvlan-id - PVLAN identifier. (Range: 1-4095) XAMPLE PVLAN>lookup 2 PVLAN ID Ports -------- ----- 6-10 PVLAN> This command displays or sets port isolation between ports within the pvlan isolate same PVLAN.
Page 310 | PVLAN Commands HAPTER – 310 –...
Page 311: Security Commands
ECURITY OMMANDS You can configure this switch to authenticate users logging into the system for management access or to control client access to the data ports. Table 24: Security Commands Command Function Switch User Management Configures user names, passwords, and access levels Privilege Level Configures privilege level for specific functions Protocol Authentication...
Page 312: User Configuration
| Security Commands HAPTER User Configuration ONFIGURATION This section describes the commands used to control management access to the switch based on manually configured user names and passwords. Table 25: User Access Commands Command Function security switch users Displays the users authorized management access to the switch configuration security switch users add Creates a user account, including user name, password, and...
Page 313: Security Switch Users Delete
| Security Commands HAPTER Privilege Level Configuration EFAULT ETTING There is one default user account which is assigned the user name “admin” and has no password. The privilege level for this account is 15. XAMPLE This example shows how to set the access level and password for a user. Security/Switch/Users>add steve polo 15 Security/Switch/Users>...
Page 314: Security Switch Privilege Level Group
| Security Commands HAPTER Privilege Level Configuration SRO – status/statistics read-only SRW – status/statistics read-only XAMPLE Security/Switch/Privilege/Level>configuration Privilege Level Configuration: ============================== Privilege Current Level: 15 Group Name Priviliege Level CRO CRW SRO SRW -------------------------------- --- --- --- --- Aggregation Debug Diagnostics IGMP_Snooping LACP...
Page 315 | Security Commands HAPTER Privilege Level Configuration sro - Status/statistics read-only access. (Range: 1-15) srw - Status/statistics read-only access. Write access to this category includes functions such as clearing statistics. (Range: 1-15) EFAULT ETTING The default settings provide four access levels: ◆...
Page 316: Security Switch Privilege Level Current
| Security Commands HAPTER Protocol Authentication Commands This command shows the privilege level of the user accessing the current security switch management interface. privilege level current XAMPLE Security/Switch/Privilege/Level>current Privilege Current Level: 15 Security/Switch/Privilege/Level> ROTOCOL UTHENTICATION OMMANDS This section describes how to set the methods used for each management access protocol.
Page 317: Security Switch Auth Method
| Security Commands HAPTER Protocol Authentication Commands This command displays or sets the authentication methods used for each security switch auth management access protocol. method YNTAX security switch auth method [console | telnet | ssh | web] [none | local | radius | tacacs+] [enable | disable] console - Settings for console port.
Page 318: Ssh Commands
| Security Commands HAPTER SSH Commands SSH C OMMANDS This section describes commands used to enable or disable management access via secure shell (SSH). Table 28: SSH Commands Command Function security switch ssh Displays SSH configuration settings configuration security switch ssh mode Displays or sets SSH operational mode security switch ssh Displays HTTPS configuration settings...
Page 319: Https Commands
| Security Commands HAPTER HTTPS Commands enabled management station clients, and ensures that data traveling over the network arrives unaltered. You need to install an SSH client on the management station to access ◆ the switch for management via the SSH protocol. The switch supports both SSH Version 1.5 and 2.0 clients.
Page 320: Security Switch Https Configuration
| Security Commands HAPTER HTTPS Commands This command displays HTTPS configuration settings. security switch https configuration YNTAX security switch https configuration XAMPLE Security/Switch/HTTPS>configuration HTTPS Configuration: ==================== HTTPS Mode : Disabled HTTPS Redirect Mode : Disabled Security/Switch/HTTPS> This command displays or sets HTTPS operational mode. security switch https mode YNTAX...
Page 321: Security Switch Https Redirect
| Security Commands HAPTER HTTPS Commands The following web browsers and operating systems currently support ◆ HTTPS: Table 30: HTTPS System Support Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Windows Vista Netscape 6.2 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Windows Vista, Solaris...
Page 322: Management Access Commands
| Security Commands HAPTER Management Access Commands ANAGEMENT CCESS OMMANDS This section describes commands used to filter management access to the switch through specified IP addresses. Table 31: Management Access Commands Command Function security switch access Displays the access mode and the number of authorized configuration addresses security switch access...
Page 323: Security Switch Access Mode
| Security Commands HAPTER Management Access Commands This command shows or sets the management access mode. security switch access mode YNTAX security switch system access mode [enable | disable] enable - Enables access management. disable - Disables access management. EFAULT ETTING Disabled XAMPLE...
Page 324: Security Switch Access Ipv6 Add
| Security Commands HAPTER Management Access Commands XAMPLE Security/Switch/Access>add 1 192.168.0.4 192.168.0.4 telnet Security/Switch/Access> This command adds IPv6 addresses that are allowed management access security switch to the switch through various protocols. access ipv6 add YNTAX security switch access ipv6 add access-id start-ip-addr end-ip-addr [web | snmp | telnet] access-id - Entry index.
Page 325: Security Switch Access Delete
| Security Commands HAPTER Management Access Commands This command deletes an access management entry. security switch access delete YNTAX security switch access delete access-id access-id - Entry index. (Range: 1-16) XAMPLE Security/Switch/Access>delete 1 Security/Switch/Access> This command displays specified access management entry. security switch access lookup YNTAX...
Page 326: Security Switch Access Statistics
| Security Commands HAPTER SNMP Commands This command displays or clears access management statistics. security switch access statistics YNTAX security switch access statistics [clear] clear - Clears all access management statistics. XAMPLE Security/Switch/Access>statistics Access Management Statistics: ----------------------------- HTTP Receive: Allow: Discard: HTTPS Receive:...
Page 327 | Security Commands HAPTER SNMP Commands Table 32: SNMP Commands (Continued) Command Function security switch snmp trap Displays or sets the community string for SNMP traps community security switch snmp trap Displays or sets the SNMP trap destination’s IPv4 address destination security switch snmp trap Displays or sets the SNMP trap destination’s IPv6 address...
Page 328: Security Switch Snmp Configuration
| Security Commands HAPTER SNMP Commands Table 32: SNMP Commands (Continued) Command Function security switch snmp view Displays SNMPv3 view entries lookup security switch snmp Adds or modifies an SNMPv3 access entry access add security switch snmp Deletes an SNMPv3 access entry access delete security switch snmp Displays SNMPv3 access entries...
Page 329: Security Switch Snmp Mode
| Security Commands HAPTER SNMP Commands SNMPv3 Users Table: Idx Engine ID User Name Level Auth Priv --- --------- -------------------------------- -------------- ---- ---- Local default_user NoAuth, NoPriv None None Number of entries: 1 SNMPv3 Groups Table; Idx Model Security Name Group Name --- ----- -------------------------------- ----------------------------- public...
Page 330: Security Switch Snmp Version
| Security Commands HAPTER SNMP Commands This command displays or sets the SNMP protocol version. security switch snmp version YNTAX security switch snmp version [1 | 2c | 3] 1 - SNMP version 1. 2c - SNMP version 2c. 3 - SNMP version 3. EFAULT ETTING Displays current SNMP version.
Page 331: Security Switch Snmp Write Community
| Security Commands HAPTER SNMP Commands This command displays or sets the community string for SNMP read/write security switch access. snmp write community YNTAX security switch snmp write community [community] community - The community used for read/write access to the SNMP agent.
Page 332: Security Switch Snmp Trap Version
| Security Commands HAPTER SNMP Commands This command displays or sets the SNMP trap protocol version. security switch snmp trap version YNTAX security switch snmp trap version [1 | 2c | 3] 1 - SNMP version 1. 2c - SNMP version 2c. 3 - SNMP version 3.
Page 333: Security Switch Snmp Trap Ipv6 Destination
| Security Commands HAPTER SNMP Commands EFAULT ETTING Displays trap destination. XAMPLE Security/Switch/SNMP/Trap>destination 192.168l.2.19 Security/Switch/SNMP/Trap> This command displays or sets the SNMP trap destination's IPv6 address. security switch snmp trap ipv6 destination YNTAX security switch snmp trap ipv6 destination [ipv6-address] ipv6-address - IPv6 address of the management station to receive notification messages.
Page 334: Security Switch Snmp Trap Link-Up
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP/Trap>authentication failure enable Security/Switch/SNMP/Trap> This command displays or sets the port link-up and link-down trap mode. security switch snmp trap link-up YNTAX security switch snmp trap link-up [enable | disable] enable - Enables sending link-up and link-down traps. disable - Disables sending link-up and link-down traps.
Page 335: Security Switch Snmp Trap Inform Timeout
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP/Trap/Inform>mode enable Security/Switch/SNMP/Trap/Inform> This command displays or sets the SNMP trap inform timeout. security switch snmp trap inform timeout YNTAX security switch snmp trap inform timeout [timeout] timeout - The number of seconds to wait for an acknowledgment before re-sending an inform message.
Page 336: Security Switch Snmp Trap Probe Security Engine Id
| Security Commands HAPTER SNMP Commands This command displays or sets the SNMP trap security engine ID probe security switch mode. snmp trap probe security engine id YNTAX security switch snmp trap probe security engine id [enable | disable] enable - Enable SNMP trap security engine ID probe mode, whereby the switch uses the engine ID of the SNMP trap probe in trap and inform messages.
Page 337: Security Switch Snmp Trap Security Name
| Security Commands HAPTER SNMP Commands This command displays or sets the SNMP trap security name. security switch snmp trap security name YNTAX security switch snmp trap security name [security-name] security-name - Specifies the SNMP trap security name. SNMPv3 traps and informs use USM for authentication and privacy. A unique security name is needed when SNMPv3 traps or informs are enabled.
Page 338: Security Switch Snmp Community Add
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP>engine id 800007e5017f000005 Changing Engine ID will clear all original local users Security/Switch/SNMP> This command adds or modifies an SNMPv3 community entry. security switch snmp community YNTAX security switch snmp community add community [ip-address] [address-mask] community - Specifies the community strings which allow access to the SNMP agent.
Page 339: Security/Switch/Snmp/Community>Delete 4
| Security Commands HAPTER SNMP Commands This command deletes an SNMPv3 community entry. security switch snmp community delete YNTAX security switch snmp community delete index index - Index to SNMP community table. (Range: 1-64) EFAULT ETTING None XAMPLE Security/Switch/SNMP/Community>lookup Idx Community Source IP Source Mask --- -------------------------------- --------------- ---------------...
Page 340: Security Switch Snmp User Add
| Security Commands HAPTER SNMP Commands This command adds an SNMPv3 user entry. security switch snmp user add YNTAX security switch snmp user add engine-id user-name [md5 | sha] [auth-password] [des] [priv-password] engine-id - The engine identifier for the SNMP agent on the remote device where the user resides.
Page 341: Security Switch Snmp User Delete
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP/User>add 800007e5017f000009 steve sha elephant des hippopotams Security/Switch/SNMP/User> This command deletes an SNMPv3 user entry. security switch snmp user delete YNTAX security switch snmp user delete index index - Index to SNMPv3 user table. (Range: 1-64) EFAULT ETTING None...
Page 342: Security Switch Snmp User Lookup
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP/User>changekey 800007e5017f000007 william dogtails cattails Security/Switch/SNMP/User> This command displays SNMPv3 user entries. security switch snmp user lookup YNTAX security switch snmp user lookup [index] index - Index to SNMPv3 user table. (Range: 1-64) EFAULT ETTING Displays all entries.
Page 343: Security Switch Snmp Group Delete
| Security Commands HAPTER SNMP Commands OMMAND SAGE An SNMPv3 group sets the access policy for its assigned users, ◆ restricting them to specific read and write views as defined by the security switch snmp access add command (page 346). You can use the pre-defined default groups, or create a new group and the views authorized for that group.
Page 344: Security Switch Snmp View Add
| Security Commands HAPTER SNMP Commands XAMPLE Security/Switch/SNMP/Group>lookup Idx Model Security Name Group Name --- ----- -------------------------------- ----------------------------- public default_ro_group private default_rw_group public default_ro_group private default_rw_group default_user default_rw_group steve Number of entries: 6 Security/Switch/SNMP/Group> This command adds or modifies an SNMPv3 view entry. security switch snmp view add YNTAX...
Page 345: Security Switch Snmp View Delete
| Security Commands HAPTER SNMP Commands This command deletes an SNMPv3 view entry. security switch snmp view delete YNTAX security switch snmp view delete index index - Index to SNMPv3 view table. (Range: 1-64) EFAULT ETTING None XAMPLE Security/Switch/SNMP/View>lookup Idx View Name View Type OID Subtree --- -------------------------------- --------- ------------------------- default_view...
Page 346: Security Switch Snmp Access Add
| Security Commands HAPTER SNMP Commands This command adds or modifies an SNMPv3 access entry. security switch snmp access add YNTAX security switch snmp access add group-name security-model security-level [read-view-name] [write-view-name] group-name - The name of the SNMP group. (Range: 1-32 characters, ASCII characters 33-126 only) security-model - The user security model.
Page 347: Security Switch Snmp Access Lookup
| Security Commands HAPTER Port Security Status XAMPLE Security/Switch/SNMP/Access>lookup Idx Group Name Model Level --- -------------------------------- ----- -------------- default_ro_group NoAuth, NoPriv default_rw_group NoAuth, NoPriv r&d Auth, Priv Number of entries: 3 Security/Switch/SNMP/Access>delete 3 Security/Switch/SNMP/Access> This command displays SNMPv3 access entries. security switch snmp access lookup...
Page 348: Security Network Psec Switch
| Security Commands HAPTER Port Security Status Table 33: Port Security Status Commands Command Function security network psec Shows information about MAC address learning for each port, switch including the software module requesting port security services, the service state, and the current number of learned addresses security network psec Shows the entries authorized by port security services, including port...
Page 349: Port Security Limit Control
| Security Commands HAPTER Port Security Limit Control EFAULT ETTING All ports OMMAND SAGE For a description of the information displayed by this command, see "Displaying Information About Learned MAC Addresses" on page 208. XAMPLE Security/Network/Psec>port 1 Port 1: ------- MAC Address State Added...
Page 350: Security Network Limit Configuration
| Security Commands HAPTER Port Security Limit Control This command shows information about port security limit controls, security network including the per port setting, the maximum allowed number of MAC limit configuration addresses, and the response for a security breach. YNTAX security network limit configuration [port-list] port-list - A specific port or a range of ports.
Page 351: Security Network Limit Aging
| Security Commands HAPTER Port Security Limit Control This command enables or disables aging of learned MAC addresses. security network limit aging YNTAX security network limit aging [enable | disable] enable - Enables address aging. disable - Disables address aging. EFAULT ETTING Disabled...
Page 352: Security Network Limit Port
| Security Commands HAPTER Port Security Limit Control This command enables or disables limit control for a port or range of ports. security network limit port YNTAX security network limit port [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28 or all) enable - Enables limit control for the specified ports.
Page 353: Security Network Limit Action
| Security Commands HAPTER Port Security Limit Control XAMPLE Security/Network/Limit>limit 2 10 Security/Network/Limit> This command configures the response to take when the maximum security network number of addresses is reached. limit action YNTAX security network limit action [port-list] [none | trap | shut | trap_shut] port-list - A specific port or a range of ports.
Page 354: Security Network Limit Reopen
| Security Commands HAPTER Network Access Server Commands This command re-enables a port which has been shut down by port security network security limit controls limit reopen YNTAX security network limit reopen [port-list] port-list - A specific port or a range of ports. (Range: 1-28 or all) EFAULT ETTING All ports...
Page 355: Security Network Nas Configuration
| Security Commands HAPTER Network Access Server Commands Table 35: NAS Commands (Continued) Command Function security network nas Sets a port’s authentication mode state security network nas Sets clients to be re-authenticated after an interval specified by reauthentication the re-authentication period security network nas Sets the time after which a connected client must be re- reauthperiod...
Page 356: Security Network Nas Mode
| Security Commands HAPTER Network Access Server Commands Reauth. : Disabled Reauth. Period : 3600 EAPOL Timeout : 30 Age Period : 300 Hold Time : 10 RADIUS QoS : Disabled RADIUS VLAN : Disabled Guest VLAN : Disabled Guest VLAN ID Max.
Page 357 | Security Commands HAPTER Network Access Server Commands authorized - The switch sends one EAPOL Success frame when the port link comes up. This forces the port to grant access to all clients, either dot1x-aware or otherwise. (This is the default setting.) unauthorized - The switch will send one EAPOL Failure frame when the port link comes up.
Page 358 | Security Commands HAPTER Network Access Server Commands module. Only then will frames from the client be forwarded on the switch. There are no EAPOL frames involved in this authentication, and therefore, MAC-based Authentication has nothing to do with the 802.1X standard.
Page 359: Security Network Nas Reauthentication
| Security Commands HAPTER Network Access Server Commands This command sets clients to be re-authenticated after an interval specified security network by the re-authentication period. nas reauthentication YNTAX security network nas reauthentication [enable | disable] enable - Enables client re-authentication after the specified re- authentication period.
Page 360: Security Network Nas Eapoltimeout
| Security Commands HAPTER Network Access Server Commands This command sets the time the switch waits for a supplicant response security network during an authentication session before retransmitting a Request Identify nas eapoltimeout EAPOL packet. YNTAX security network nas eapoltimeout [eapol-timeout] eapol-timeout - The time the switch waits for a supplicant response during an authentication session before retransmitting a Request Identify EAPOL packet.
Page 361: Security Network Nas Holdtime
| Security Commands HAPTER Network Access Server Commands XAMPLE Security/Network/NAS>agetime 100000 Security/Network/NAS> This command sets the time after an EAP Failure indication or RADIUS security network timeout that a client is not allowed access to the network. nas holdtime YNTAX security network nas holdtime [hold-time] hold-time - The time after an EAP Failure indication or RADIUS timeout that a client is not allowed access.
Page 362: Security Network Nas Radius_Vlan
| Security Commands HAPTER Network Access Server Commands EFAULT ETTING Disabled OMMAND SAGE The RADIUS server must be configured to transmit special RADIUS ◆ attributes to take advantage of this feature. ◆ When globally enabled, the individual port settings determine whether RADIUS-assigned QoS Class is enabled for that port.
Page 363 | Security Commands HAPTER Network Access Server Commands EFAULT ETTING Disabled OMMAND SAGE The RADIUS server must be configured to transmit special RADIUS ◆ attributes to take advantage of this feature. ◆ When globally enabled, the individual port settings determine whether RADIUS-assigned VLAN is enabled for that port.
Page 364: Security Network Nas Guest_Vlan
| Security Commands HAPTER Network Access Server Commands This command uses information supplied a RADIUS server to set the guest security network VLAN on which 802.1X-unaware clients are placed after a network nas guest_vlan administrator-defined timeout. YNTAX security network nas guest_vlan [global] [enable | disable] [vid] [reauth-max] [allow-if-eapol-seen] security network nas guest_vlan [port-list] [enable | disable] [vid]...
Page 365: Security Network Nas Authenticate
| Security Commands HAPTER Network Access Server Commands outlined in the Parameters section under "Configuring Authentication Through Network Access Servers" on page This option is only available for EAPOL-based modes, i.e. Port-based ◆ 802.1X, Single 802.1X, and Multi 802.1X. XAMPLE Security/Network/NAS>guest_vlan global enable 2 5 enable Security/Network/NAS>guest_vlan 2 enable Security/Network/NAS>...
Page 366: Security Network Nas Statistics
| Security Commands HAPTER Network Access Server Commands This command displays authentication statistics for the selected port – security network either for 802.1X protocol or for the remote authentication server nas statistics depending on the authentication method. YNTAX security network nas statistics [port-list] [clear | eapol | radius] port-list - Applies this command to a specific port or a range of ports.
Page 367: Acl Commands
| Security Commands HAPTER ACL Commands ACL C OMMANDS This section describes commands used to configure access control lists, including policies, responses, and rate limiters. Table 36: ACL Commands Command Function security network acl Displays ACL configuration settings, including policy, response, configuration rate limiters, port copy, logging, and shutdown security network acl...
Page 368: Security Network Acl Action
| Security Commands HAPTER ACL Commands Security/Network/ACL> This command displays or sets the default action for specified ports, security network acl including permit/deny, rate limiters, port copy, logging, and shutdown. action YNTAX security network acl statusacl action [port-list] [permit | deny] [rate-limiter] [port-copy] [logging] [shutdown] port-list - A specific port or range of ports.
Page 369: Security Network Acl Policy
| Security Commands HAPTER ACL Commands XAMPLE Security/Network/ACL>action 9 permit 1 15 log shut Security/Network/ACL> This command displays or sets the policy assigned to specified ports. security network acl policy YNTAX security network acl policy [port-list] [policy] port-list - A specific port or range of ports. (Range: 1-28, or all) policy - An ACL policy configured with the security network acl add command, containing one or more ACEs.
Page 370: Security Network Acl Add
| Security Commands HAPTER ACL Commands This command adds or modifies an access control entry. security network acl YNTAX security network acl add [ace-id] [ace-id-next] [switch | (port port) | (policy policy)] [vlan-id] [tag-priority] [dmac-type] [(etype [ethernet-type] [smac] [dmac]) | (arp [sip] [dip] [smac] [arp-opcode] [arp-flags]) | (ip [sip] [dip] [protocol] [ip-flags]) | (icmp [sip] [dip] [icmp-type] [icmp-code] [ip-flags]) |...
Page 371 | Security Commands HAPTER ACL Commands ARP/RARP opcode set to ARP, rarp - frame must have ARP/ RARP opcode set to RARP, other - frame has unknown ARP/ RARP opcode flag; Default: any) arp-flags - One of the following ARP flags: request - Frame must have ARP Request or RARP Request opcode flag set.
Page 372 | Security Commands HAPTER ACL Commands udp - One of the following UDP parameters: sip - Source IP address (a.b.c.d/n) or any. dip - Destination IP address (a.b.c.d/n) or any. sport - Source UDP port/range (0-65535) or any. dport - Destination UDP port/range (0-65535) or any. ip-flags - One of the IP flags listed under the ip parameter.
Page 373: Security Network Acl Delete
| Security Commands HAPTER ACL Commands OMMAND SAGE Rules within an ACL are checked in the configured order, from top to bottom. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.
Page 374: Security Network Acl Clear
| Security Commands HAPTER ACL Commands Tag Priority: Any Security/Network/ACL> This command clears all ACL counters displayed in the ACL lookup table security network acl (see the security network acl lookup command, page 373). clear YNTAX security network acl clear XAMPLE Security/Network/ACL>clear Security/Network/ACL>...
Page 375: Dhcp Relay Commands
| Security Commands HAPTER DHCP Relay Commands XAMPLE Security/Network/ACL>status User ---- S: Static I: IP Source Guard A: ARP Inspection U: UPnP D: DHCP User ID Port Frame Action Rate L. Port C. CPU CPU Once Counter Conflict ---- -- -------- ----- ------ -------- -------- --- -------- ------- -------- Permit Disabled Disabled No...
Page 376: Security Network Dhcp Relay Mode
| Security Commands HAPTER DHCP Relay Commands DHCP Relay Information Policy : replace Security/Network/DHCP/Relay> This command displays or sets DHCP relay operational mode. security network dhcp relay mode YNTAX security network dhcp relay mode [enable | disable] enable - Enables the DHCP relay function. disable - Disables the DHCP relay function.
Page 377: Security Network Dhcp Relay Information Mode
| Security Commands HAPTER DHCP Relay Commands XAMPLE Security/Network/DHCP/Relay>server 192.168.1.25 Security/Network/DHCP/Relay> This command displays or sets the DHCP Relay Option 82 mode. security network dhcp relay information mode YNTAX security network dhcp relay information mode [enable | disable] enable - Enables DHCP Relay Option 82 support. Note that DHCP relay mode must also be enabled with the security network dhcp relay mode...
Page 378: Security Network Dhcp Relay Information Policy
| Security Commands HAPTER DHCP Relay Commands This command displays or sets the DHCP relay policy for DHCP client security network packets that include Option 82 information. dhcp relay information policy YNTAX security network dhcp relay information policy [replace | keep | drop] replace - Overwrites the DHCP client packet information with the switch's relay information.
Page 379: Dhcp Snooping Commands
| Security Commands HAPTER DHCP Snooping Commands Security/Network/DHCP/Relay> DHCP S NOOPING OMMANDS This section describes the commands used to filter IP traffic on insecure ports for which the source address cannot be identified via DHCP snooping. The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 380: Security Network Dhcp Snooping Mode
| Security Commands HAPTER DHCP Snooping Commands trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted Security/Network/DHCP/Snooping> This command enables or disables DHCP snooping globally on the switch. security network dhcp snooping mode...
Page 381: Security Network Dhcp Snooping Port Mode
| Security Commands HAPTER DHCP Snooping Commands This command sets the trust mode for a port or range of ports. security network dhcp snooping port mode YNTAX security network dhcp snooping port mode [port-list] [trusted | untrusted] port-list - A specific port or a range of ports. (Range: 1-28 or all) trusted - Sets a port as a trusted source of DHCP messages.
Page 382: Ip Source Guard Commands
| Security Commands HAPTER IP Source Guard Commands Rx Lease Active: Tx Lease Active: Security/Network/DHCP/Snooping> IP S OURCE UARD OMMANDS This section describes the commands used to filter IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see "DHCP Snooping Commands"...
Page 383: Security Network Ip Source Guard Mode
| Security Commands HAPTER IP Source Guard Commands Port Port Mode Dynamic Entry Limit ---- ----------- --------------------- Disabled unlimited Enabled Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled...
Page 384: Security Network Ip Source Guard Port Mode
| Security Commands HAPTER IP Source Guard Commands XAMPLE Security/Network/IP/Source/Guard>mode enable Security/Network/IP/Source/Guard> This command enables or disables IP source guard for a port or range of security network ip ports. source guard port mode YNTAX security network ip source guard port mode [port-list] [enable | disable] port-list - A specific port or a range of ports.
Page 385: Security Network Ip Source Guard Entry
| Security Commands HAPTER IP Source Guard Commands XAMPLE Security/Network/IP/Source/Guard>limit 2 2 Security/Network/IP/Source/Guard> This command binds a static address to a port. security network ip source guard entry YNTAX security network ip source guard entry [port-list] {add | delete} vid allowed-ip ip-mask port-list - A specific port or a range of ports.
Page 386: Security Network Ip Source Guard Status
| Security Commands HAPTER ARP Inspection Commands XAMPLE Security/Network/IP/Source/Guard>entry 1 add 1 192.168.0.0 255.255.255.0 Security/Network/IP/Source/Guard> This command displays static and dynamic entries in the IP Source Guard security network ip table sorted first by port, then VLAN ID, MAC address, and finally IP source guard status address.
Page 387: Security Network Arp Inspection Configuration
| Security Commands HAPTER ARP Inspection Commands Table 40: ARP Inspection Commands Command Function security network arp Shows the administrative setting for the switch and all ports; also inspection configuration displays entries in the ARP inspection table security network arp Enables or disables Dynamic ARP Inspection globally on the switch inspection mode security network arp...
Page 388: Security Network Arp Inspection Mode
| Security Commands HAPTER ARP Inspection Commands Disabled Disabled Disabled Disabled ARP Inspection Entry Table: Type Port VLAN MAC Address IP Address ------- ---- ---- ----------------- ------------- Static 90-e6-ba-cb-cd-d7 192.168.0.9 Security/Network/ARP/Inspection> This command enables or disables Dynamic ARP Inspection globally on the security network arp switch.
Page 389: Security Network Arp Inspection Entry
| Security Commands HAPTER ARP Inspection Commands This command adds or deletes a static entry in the ARP Inspection table. security network arp inspection entry YNTAX security network arp inspection entry [port-list] {add | delete} vid allowed-mac allowed-ip port-list - A specific port or a range of ports. (Range: 1-28 or all) add - Adds a static entry to the ARP Inspection table.
Page 390: Aaa Commands
| Security Commands HAPTER AAA Commands Type Port VLAN MAC Address IP Address ------- ---- ---- ----------------- ------------- Static 90-e6-ba-cb-cd-d7 192.168.0.9 Security/Network/ARP/Inspection> AAA C OMMANDS This section describes commands used to controls management access through RADIUS or TACACS+ authentication servers. Table 41: AAA Commands Command Function...
Page 391: Security Aaa Auth Timeout
| Security Commands HAPTER AAA Commands RADIUS Authentication Server Configuration: =========================================== Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- Disabled 1812 Disabled 1812 Disabled 1812 Disabled 1812 Disabled 1812 RADIUS Accounting Server Configuration: ======================================= Server Mode IP Address Secret Port ------...
Page 392: Security Aaa Auth Deadtime
| Security Commands HAPTER AAA Commands This command displays or sets the time after which the switch considers security aaa auth an authentication server to be dead if it does not reply. deadtime YNTAX security aaa auth deadtime [dead-time] dead-time - The time after which the switch considers an authentication server to be dead if it does not reply.
Page 393 | Security Commands HAPTER AAA Commands OMMAND SAGE By default, management access is always checked against the ◆ authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication method and the corresponding parameters for the remote authentication protocol.
Page 394: Security Aaa Auth Acct_Radius
| Security Commands HAPTER AAA Commands This command displays or sets RADIUS accounting server settings. security aaa auth acct_radius YNTAX security aaa auth acct_radius [server-index] [enable | disable] [ip-addr] [secret] [server-port] server-index - Allows you to specify up to five servers. These servers are queried in sequence until a server responds or the retransmit period expires.
Page 395: Security Aaa Auth Tacacs
| Security Commands HAPTER AAA Commands This command displays or sets TACACS+ authentication server settings. security aaa auth tacacs+ YNTAX security aaa auth tacacs+ [server-index] [enable | disable] [ip-addr] [secret] [server-port] server-index - Allows you to specify up to five servers. These servers are queried in sequence until a server responds or the retransmit period expires.
Page 396: Security Aaa Statistics
| Security Commands HAPTER AAA Commands XAMPLE Security/AAA>tacacs+ 1 enable 192.168.0.39 “no problem” Security/AAA>tacacs+ TACACS+ Authentication Server Configuration: ============================================ Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- Enabled 192.168.0.39 ********** Disabled Disabled Disabled Disabled Security/AAA> This command displays statistics for configured authentication and security aaa accounting servers.
Page 397 | Security Commands HAPTER AAA Commands Rx Unknown Types: Rx Packets Dropped: State: Disabled Round-Trip Time: 0 ms Server #2 (0.0.0.0:1813) RADIUS Accounting Statistics: Rx Responses: Tx Requests: Rx Malformed Responses: Tx Retransmissions: Rx Bad Authenticators: Tx Pending Requests: Rx Unknown Types: Tx Timeouts: Rx Packets Dropped: State:...
Page 398 | Security Commands HAPTER AAA Commands Server #5 (0.0.0.0:1813) RADIUS Accounting Statistics: Rx Responses: Tx Requests: Rx Malformed Responses: Tx Retransmissions: Rx Bad Authenticators: Tx Pending Requests: Rx Unknown Types: Tx Timeouts: Rx Packets Dropped: State: Disabled Round-Trip Time: 0 ms Security/AAA>...
Page 399: Stp Commands
STP C OMMANDS This section describes commands used to configure the Rapid Spanning Tree Protocol. Table 42: STP Commands Command Function Bridge Commands stp configuration Displays the STP bridge configuration stp version Displays or sets the STP bridge protocol version stp txhold Displays or sets the STP bridge transmit hold count stp maxhops...
Page 400: Stp Configuration
| STP Commands HAPTER Table 42: STP Commands (Continued) Command Function stp port mcheck Performs STP protocol migration check for specified ports MSTI Port Commands stp msti port Displays the STP CIST/MSTI port configuration configuration stp msti port cost Displays or sets CIST/MSTI path cost for specified interfaces stp msti port priority Displays or sets CIST/MSTI priority for specified interfaces This command displays STP bridge configuration.
Page 401: Stp Txhold
| STP Commands HAPTER STP Mode – If the switch receives an 802.1D BPDU (i.e., STP BPDU) ■ after a port’s migration delay timer expires, the switch assumes it is connected to an 802.1D bridge and starts using only 802.1D BPDUs.
Page 402: Stp Maxhops
| STP Commands HAPTER This command displays or sets the maximum number of hops allowed in an stp maxhops MST region before a BPDU is discarded. YNTAX stp maxhops [max-hops] max-hops - The maximum number of hops allowed in an MST region before a BPDU is discarded.
Page 403: Stp Fwddelay
| STP Commands HAPTER XAMPLE STP>maxage 28 STP> This command displays or sets the CIST/MSTI bridge forward delay. stp fwddelay YNTAX stp fwddelay [forward-delay] forward-delay - The maximum time this device will wait before changing states (i.e., discarding to learning to forwarding). (Range: 4-30 seconds) Minimum: The higher of 4 or [(Max.
Page 404: Stp Bpdufilter
| STP Commands HAPTER switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances. XAMPLE STP>cname r&d 1 STP> This command displays or sets BPDU filtering for all edge ports. stp bpdufilter YNTAX stp bpdufilter [enable | disable]...
Page 405: Stp Recovery
| STP Commands HAPTER EFAULT ETTING Disabled OMMAND SAGE This feature protects edge ports from receiving BPDUs. It prevents ◆ loops by shutting down an edge port when a BPDU is received instead of putting it into the spanning tree discarding state. In a valid configuration, configured edge ports should not receive BPDUs.
Page 406: Stp Status
| STP Commands HAPTER This command displays the STP operational status for the bridge, specified stp status ports, and any link aggregation groups. YNTAX stp status [msti] [port-list] port-list - A specific port or a range of ports. (Range: 1-28, or all) msti - STP bridge instance number.
Page 407: Stp Msti Map
| STP Commands HAPTER OMMAND SAGE Bridge priority is used in selecting the root device, root port, and ◆ designated port. The device with the highest priority becomes the STA root device. However, if all devices have the same priority, the device with the lowest MAC address will then become the root device.
Page 408: Stp Port Configuration
| STP Commands HAPTER EFAULT ETTING None OMMAND SAGE Use this command to group VLANs into spanning tree instances. MSTP ◆ generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 409: Stp Port Mode
| STP Commands HAPTER MSTI Port Path Cost Priority ---- ---- ---------- -------- CIST Auto STP> This command displays or sets the STA administrative mode for specified stp port mode interfaces. YNTAX rstp mode [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, all for all ports, or 0 for all link aggregation groups) enable - Enables STA.
Page 410: Stp Port Autoedge
| STP Commands HAPTER this feature should only be enabled for ports connected to an end-node device. XAMPLE STP>port edge 19 enable STP> This command displays or sets automatic edge port detection for specified stp port autoedge ports. YNTAX stp port autoedge [port-list] [enable | disable] port-list - A specific port or a range of ports.
Page 411: Stp Port Restrictedrole
| STP Commands HAPTER OMMAND SAGE The link type attached to an interface can be set to automatically detect ◆ the link type, or manually configured as point-to-point or shared medium. Transition to the forwarding state is faster for point-to-point links than for shared media.
Page 412: Stp Port Restrictedtcn
| STP Commands HAPTER This command displays or sets the MSTP port restricted TCN. stp port restrictedtcn YNTAX stp port restrictedtcn [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Enables MSTP port restricted TCN. disable - Disables MSTP port restricted TCN.
Page 413: Stp Port Bpdutransparency
| STP Commands HAPTER provides a secure response to invalid configurations because an administrator must manually enable the port. If enabled, the port will disable itself upon receiving valid BPDU's. ◆ Contrary to the similar bridge setting, the port Edge status does not affect this setting.
Page 414: Stp Port Statistics
| STP Commands HAPTER This command displays STP statistics on protocol messages for any stp port statistics specified ports and link aggregation groups. YNTAX stp port statistics [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE This example displays STP statistics for port 1 and LAG1.
Page 415: Stp Msti Port Configuration
| STP Commands HAPTER This command displays the STP CIST/MSTI port configuration. stp msti port configuration YNTAX stp msti port configuration [msti] [port-list] msti - STP bridge instance number. (Range: 0-7, where 0 is the CIST, and 1-7 are MST instances) port-list - A specific port or range of ports.
Page 416: Table 43: Recommended Sta Path Cost Range
| STP Commands HAPTER Table 43: Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet 50-600 200,000-20,000,000 Fast Ethernet 10-60 20,000-2,000,000 Gigabit Ethernet 3-10 2,000-200,000 Table 44: Recommended STA Path Costs Port Type Link Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet Half Duplex...
Page 417: Stp Msti Port Priority
| STP Commands HAPTER This command displays or sets the CIST/MSTI priority for specified stp msti port priority interfaces. YNTAX stp msti port priority [msti] [port-list] [priority] msti - STP bridge instance number. (Range: 0-7, where 0 is the CIST, and 1-7 are MST instances) port-list - A specific port or a range of ports.
Page 418 | STP Commands HAPTER – 418 –...
Page 419: Igmp Commands
IGMP C OMMANDS This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 420: Table 47: Igmp Configuration
| IGMP Commands HAPTER OMMAND SAGE The fields shown by this command are described below: Table 47: IGMP Configuration Field Description Global Settings IGMP Mode Shows if IGMP snooping is enabled or disabled IGMP Leave Proxy Shows if leave messages are suppressed unless received from the last member port in the group Flooding Shows if unregistered multicast traffic is flooded into attached VLANs...
Page 421: Igmp Mode
| IGMP Commands HAPTER This command displays or sets the IGMP snooping mode for the switch. igmp mode YNTAX igmp mode [enable | disable] enable - Enables IGMP snooping globally for the switch. When IGMP snooping is enabled, the switch will monitor network traffic to determine which hosts want to receive multicast traffic.
Page 422: Igmp State
| IGMP Commands HAPTER which received the leave message, and then start the last member query timer for that port. When the conditions in the preceding item all apply, except that the ◆ receiving port is a router port, then the switch will not send a GS-query, but will immediately start the last member query timer for that port.
Page 423: Igmp Querier
| IGMP Commands HAPTER This command displays or sets the IGMP querier mode for the specified igmp querier VLAN. YNTAX igmp querier [vlan-id] [enable | disable] vlan-id - VLAN identifier. (Range: 1-4095) enable - Enables the switch to serve as querier on this VLAN. When enabled, the switch can serve as the querier if selected in the bidding process with other competing multicast switches/routers, and if selected will be responsible for asking hosts if they want to...
Page 424: Igmp Throttling
| IGMP Commands HAPTER Leave function is enabled. This allows the switch to remove a port from the multicast forwarding table without first having to send an IGMP group-specific (GS) query to that interface. If Fast Leave is not used, a multicast router (or querier) will send a ◆...
Page 425: Igmp Filtering
| IGMP Commands HAPTER This command displays or sets IGMP group filtering for specified ports. igmp filtering YNTAX igmp filtering [port-list] [add | del] [group-address] port-list - A specific port or a range of ports. (Range: 1-28, or all) add - Adds a new IGMP group filtering entry. del - Deletes a IGMP group filtering entry.
Page 426: Igmp Flooding
| IGMP Commands HAPTER XAMPLE IGMP>router 9 enable IGMP> This command displays or sets flooding of unregistered IGMP services. igmp flooding YNTAX igmp flooding [enable | disable] enable - Floods unregistered multicast traffic into the attached VLAN. disable - Disables IGMP flooding. EFAULT ETTING Disabled...
Page 427: Igmp Status
| IGMP Commands HAPTER This command displays IGMP querier status and protocol statistics. igmp status YNTAX igmp status [vlan-id] vlan-id - VLAN identifier. (Range: 1-4095) EFAULT ETTING Displays status for all VLANs. OMMAND SAGE For a description of the information displayed by this command, see "Showing IGMP Snooping Information"...
Page 428 | IGMP Commands HAPTER – 428 –...
Page 429: Link Aggregation Commands
GGREGATION OMMANDS This section describes commands used to configures static port aggregation, including member assignment, and load balancing methods. Table 48: Link Aggregation Commands Command Function aggr configuration Displays configuration settings for all link aggregation groups aggr add Adds or modifies member ports for a link aggregation group aggr delete Deletes a link aggregation group aggr lookup...
Page 430: Aggr Configuration
| Link Aggregation Commands HAPTER When configuring static trunks on switches of different types, they ■ must be compatible with the Cisco EtherChannel standard. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 431: Aggr Delete
| Link Aggregation Commands HAPTER OMMAND SAGE To avoid creating a loop in the network, be sure you add a static trunk via the configuration interface before connecting the ports. XAMPLE Aggr>add 4-8 1 Aggr>configuration Aggregation Mode: SMAC : Enabled DMAC : Disabled : Enabled...
Page 432: Aggr Mode
| Link Aggregation Commands HAPTER XAMPLE Aggr>lookup 2 Aggr ID Name Type Configured Ports Aggregated Ports ------- ------ ------ ---------------- ---------------- LLAG2 Static 9,10 None Aggr> This command selects the load-balance method to apply to all link aggr mode aggregation groups on the switch. If more than one option is selected, each factor is used in the hash algorithm to determine the port member within the trunk to which a frame will be assigned.
Page 433 | Link Aggregation Commands HAPTER OMMAND SAGE When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent. To maintain the frame sequence of various traffic flows between devices in the network, the switch also needs to ensure that frames in each “conversation”...
Page 434 | Link Aggregation Commands HAPTER – 434 –...
Page 435: Lacp Commands
LACP C OMMANDS This section describes commands used to configures the Link Aggregation Control Protocol. Table 49: LACP Commands Command Function lacp configuration Displays LACP configuration settings for specified ports lacp mode Displays or sets LACP mode for specified ports lacp key Displays or sets the LACP administration key for specified ports lacp role...
Page 436 | LACP Commands HAPTER The ports at both ends of a connection must be configured as trunk ■ ports. The ports at both ends of a trunk must be configured in an identical ■ manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 437: Lacp Configuration
| LACP Commands HAPTER This command displays the LACP configuration settings for specified ports. lacp configuration YNTAX lacp configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE In the following example, Key refers to the LACP administration key, and Role to the protocol initiation mode.
Page 438: Lacp Key
| LACP Commands HAPTER XAMPLE LACP>mode 4-7 enable LACP>mode 1-10 Port Mode ---- -------- Disabled Disabled Disabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled LACP> This command displays or sets the LACP administration key for specified lacp key ports. YNTAX lacp key [port-list] [key] port-list - A specific port or a range of ports.
Page 439: Lacp Status
| LACP Commands HAPTER EFAULT ETTING Active XAMPLE LACP>role 11-15 passive LACP> This command displays the operational status for specified ports. lacp status YNTAX lacp status [port-list] port-list - A specific port or a range of ports. (Range: 1-28, or all) XAMPLE LACP>status 1-10 Aggr ID...
Page 440 | LACP Commands HAPTER XAMPLE This example shows the number of LACP frames received and transmitted, as well as the number of unknown or illegal LACP frames that have been discarded. LACP>statistics 4-5 Port Rx Frames Tx Frames Rx Unknown Rx Illegal ---- ----------...
Page 441: Lldp Commands
LLDP C OMMANDS Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details such as device identification, capabilities and configuration settings.
Page 442: Lldp Mode
| LLDP Commands HAPTER XAMPLE LLDP>configuration 1 Interval : 30 Hold Tx Delay Reinit Delay: 2 Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness ---- ---- ---------- ----------- ------------ ----------- --------- ------------- Disabled Enabled Enabled Enabled Enabled...
Page 443: Lldp Interval
| LLDP Commands HAPTER identification of the system's hardware type, software operating system, and networking software. sys_capa - The system capabilities identifies the primary function(s) of the system and whether or not these primary functions are enabled. The information advertised by this TLV is described in IEEE 802.1AB.
Page 444: Lldp Hold
| LLDP Commands HAPTER EFAULT ETTING 30 seconds XAMPLE LLDP>interval 60 LLDP> This command displays or sets the TTL value sent in LLDP advertisements. lldp hold YNTAX lldp hold [hold] hold - The time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below.
Page 445: Lldp Reinit
| LLDP Commands HAPTER OMMAND SAGE The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects, and to increase the probability that multiple, rather than single changes, are reported in each transmission.
Page 446: Lldp Info
| LLDP Commands HAPTER OMMAND SAGE For a description of the information displayed by this command, see "Displaying LLDP Port Statistics" on page 241. XAMPLE LLDP>statistics 4 LLDP global counters Neighbor entries was last changed at 1970-01-01 05:52:43 +0000 (5314 sec. ago). Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dropped...
Page 447: Lldp Cdp_Aware
| LLDP Commands HAPTER This command displays or configures whether or not discovery information lldp cdp_aware from received CDP frames is added to the LLDP neighbor table. YNTAX lldp cdp_aware [port-list] [enable | disable] port-list - A specific port or range of ports. (Range: 1-28, or all) enable - Enables decoding of Cisco Discovery Protocol frames.
Page 448 | LLDP Commands HAPTER – 448 –...
Page 449: Lldp-Med Commands
LLDP-MED C OMMANDS LLDP-MED (Link Layer Discovery Protocol - Media Endpoint Discovery) is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy, power, inventory, and device location details.
Page 450: Lldpmed Civic
| LLDP-MED Commands HAPTER XAMPLE LLDPMED>configuration 1 LLDP-MED Configuration: ======================= Fast Start Repeat Count Location Coordinates : Latitude - 0.0000 North Longitude - 0.0000 East Altitude - 0.0000 meter(s) Map datum - WGS84 Civic Address Location Port Policies none LLDP> This command shows or sets the LLDP-MED civic address location.
Page 451: Lldpmed Ecs
| LLDP-MED Commands HAPTER name - Name (residence and office occupant). (Example: Flemming Jahn) zip_code - Postal/zip code. (Example: 2791) building - Building (structure). (Example: Low Library) apartment - Unit (Apartment, suite). (Example: Apt 42) floor - Floor. (Example: 4) room_number - Room number.
Page 452: Lldpmed Policy Delete
| LLDP-MED Commands HAPTER XAMPLE LLDPMED>ecs 911 LLDPMED> This command deletes the selected policy. lldpmed policy delete YNTAX lldpmed policy delete [policy-list] policy-list - List of policies to delete. XAMPLE LLDPMED>policy delete 1 LLDPMED> This command adds a policy to the list of polices. lldpmed policy add YNTAX lldpmed policy add [voice | voice-signaling | guest-voice |...
Page 453 | LLDP-MED Commands HAPTER 'untagged’ VLAN (see Tagged flag below), then the L2 priority field is ignored and only the DSCP value has relevance. video-conferencing - Interactive telecommunication technologies which allow two or more locations to interact via two-way video and audio transmissions.
Page 454: Lldpmed Port Policies
| LLDP-MED Commands HAPTER Policies are only intended for use with applications that have specific “real-time” network policy requirements, such as interactive voice and/ or video services. The network policy attributes advertised are: Layer 2 VLAN ID (IEEE 802.1Q-2003) ■ Layer 2 priority value (IEEE 802.1D-2004) ■...
Page 455: Lldpmed Coordinates
| LLDP-MED Commands HAPTER This command shows or sets the LLDP-MED location for this device. lldpmed coordinates YNTAX lldpmed coordinates [latitude] [north | south] [coordinate-value] lldpmed coordinates [longitude] [east | west] [coordinate-value] lldpmed coordinates [altitude] [meters | floor] [coordinate-value] latitude - Normalized to within 0-90 degrees with a maximum of 4 digits.
Page 456: Lldpmed Datum
| LLDP-MED Commands HAPTER This command shows or sets LLDP-MED coordinates map datum. lldpmed datum YNTAX lldpmed datum [wgs84 | nad83_navd88 | nad83_mllw] wgs84 - (Geographical 3D) World Geodesic System 1984, CRS Code 4327, Prime Meridian Name: Greenwich. nad83_navd88 - North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich;...
Page 457: Lldpmed Info
| LLDP-MED Commands HAPTER Device will only transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED Endpoint Device is detected, will an LLDP-MED capable Network Connectivity Device start to advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated port. The LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second, when a new LLDP- MED neighbor has been detected in order share LLDP-MED information as fast as possible to new neighbors.
Page 458: Lldpmed Debug_Med_Transmit_Var
| LLDP-MED Commands HAPTER XAMPLE LLDPMED>info Local port : Port 7 Device Type : Network Connectivity Capabilites : LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PSE Application Type : Voice Policy : Defined : Tagged VLAN ID : 50 Priority DSCP...
Page 459: O S Commands
OMMANDS This section describes commands used to configure quality of service parameters, including the default port queue, the default tag assigned to untagged frames, input rate limiting, output shaping, queue mode, queue weight, quality control lists, storm control, DSCP remarking, and DSCP queue mapping.
Page 460: Qos Configuration
| QoS Commands HAPTER This command displays QoS configuration settings, including storm control, qos configuration default priority queue, default tag priority, quality control list, rate limiting, queuing mode and queue weights. YNTAX qos configuration [port-list] port-list - A specific port or range of ports. (Range: 1-28, or all) XAMPLE QoS>configuration 1-10 Traffic Classes: 4...
Page 461: Qos Tagprio
| QoS Commands HAPTER This command displays or sets the default tag priority (used when adding a qos tagprio tag to untagged frames) for specified ports. YNTAX qos tagprio [port-list] [tag-priority] port-list - A specific port or range of ports. (Range: 1-28, or all) tag-priority - The default priority used when adding a tag to untagged frames.
Page 462: Qos Qcl Add
| QoS Commands HAPTER XAMPLE QoS>QCL>port 9 1 QoS>QCL> This command adds or modifies a QoS control entry. qos qcl add YNTAX qos qcl add [qcl-id] [qce-id] [qce-id-next] {etype ethernet-type | vid vlan-id | port udp-tcp-port | dscp dscp | tos tos-list | tag-prio tag-priority-list} class qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is...
Page 463: Qos Qcl Delete
| QoS Commands HAPTER EFAULT ETTING QCL: 1 QCE: 1 OMMAND SAGE The braces used in the syntax of this command indicate that one of the ◆ classification criteria must be specified. The class parameter must also be specified in each command. The other parameters are optional. Once a QCL is mapped to a port using the qos qcl port (see...
Page 464: Qos Qcl Lookup
| QoS Commands HAPTER This command displays the specified QoS control list or control entry. qos qcl lookup YNTAX qos qcl lookup [qcl-id] [qce-id] qcl-id - A Quality Control List containing one or more classification criteria used to determine the traffic class to which a frame is assigned.
Page 465: Qos Weight
| QoS Commands HAPTER This command displays or sets the egress queue weight for specified ports. qos weight YNTAX qos weight [port-list] [class] [weight] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer. (Range: low/normal/medium/high or 1/2/3/4) weight - The weight assigned to the specified egress queue, and thereby to the corresponding traffic priorities.
Page 466: Qos Shaper
| QoS Commands HAPTER OMMAND SAGE Rate limiting controls the maximum rate for traffic transmitted or received on an interface. Rate limiting can be configured on interfaces at the edge of a network to form part of the customer service package by limiting traffic into or out of the switch.
Page 467: Qos Storm Unicast
| QoS Commands HAPTER This command displays or sets unknown unicast storm rate limits for the qos storm unicast switch. YNTAX qos storm unicast [enable | disable] [packet-rate] enable - Enables unknown unicast storm control. disable - Disables unknown unicast storm control. packet-rate - The threshold above which packets are dropped.
Page 468: Qos Storm Broadcast
| QoS Commands HAPTER Due to an ASIC limitation, the enforced rate limits are slightly less than ◆ the listed options. For example: 1 Kpps translates into an enforced threshold of 1002.1 pps. XAMPLE QoS>Storm>multicast enable 2k QoS>Storm> This command displays or sets broadcast storm rate limits for the switch. qos storm broadcast YNTAX...
Page 469: Qos Dscp Queue Mapping
| QoS Commands HAPTER EFAULT ETTING Disabled XAMPLE QoS>DSCP>remarking 9 enable QoS>DSCP> This command displays or sets the DSCP value used for DSCP remarking qos dscp queue for specified ports. mapping YNTAX qos dscp queue mapping [port-list] [class] [dscp] port-list - A specific port or range of ports. (Range: 1-28, or all) class - Output queue buffer.
Page 470 | QoS Commands HAPTER – 470 –...
Page 471: Mirror Commands
IRROR OMMANDS This section describes commands used to mirror data to another port for analysis without affecting the data passing through or the performance of the monitored port. Table 54: Mirror Commands Command Function mirror configuration Displays the port mirroring configuration mirror port Displays or sets the destination port to which data is mirrored mirror mode...
Page 472: Mirror Port
| Mirror Commands HAPTER This command displays or sets the destination port to which data is mirror port mirrored. YNTAX mirror port [port | disable] port - The destination port that will mirror the traffic from the source port. All mirror sessions must share the same destination port.
Page 473: Config Commands
ONFIG OMMANDS This section describes commands used to saves or restore configuration settings. Table 55: Configuration Commands Command Function config save Saves configuration settings to a TFTP server config load Loads configuration settings from a TFTP server This command saves the switch’s current configuration settings to a file on config save a TFTP server.
Page 474 | Config Commands HAPTER This command loads configuration settings from a TFTP server to the config load switch. YNTAX config load tftp-server file-name [check] tftp-server - TFTP server’s IP address. Valid IP addresses consist of four numbers, 0 to 255, separated by periods. file-name - The name of a previously saved configuration file.
Page 475: Firmware Commands
IRMWARE OMMANDS This section describes commands used to upgrade firmware via a TFTP server. Table 56: Firmware Commands Command Function firmware load Loads new firmware from an IPv4 TFTP server firmware ipv6 load Loads new firmware from an IPv6 TFTP server This command loads new firmware from a TFTP server using an IPv4 firmware load address.
Page 476 | Firmware Commands HAPTER Waiting for firmware update to complete Transferred image to switch 1 All switches confirmed reception, programming Starting flash update - do not power off device! Erasing image... Programming image..Erase from 0x807e0000-0x807effff: ..Program from 0x01ff0000-0x02000000 to 0x807e0000: ..
Page 477: Firmware Ipv6 Load
| Firmware Commands HAPTER This command loads new firmware from an IPv6 TFTP server. firmware ipv6 load YNTAX firmware ipv6 load ipv6-tftp-server file-name ipv6-tftp-server - TFTP server’s IPv6 address. All IPv6 addresses must be formatted according to RFC 2373 “IPv6 Addressing Architecture,”...
Page 478 | Firmware Commands HAPTER – 478 –...
Page 479: Up N P Commands
OMMANDS This section describes commands used to configure Universal Plug and Play (UPnP) protocol settings. Table 57: UPnP Commands Command Function upnp configuration Displays UPnP configuration settings upnp mode Displays or sets UPnP operational mode upnp ttl Displays or sets the TTL value for UPnP messages upnp advertising duration Displays or sets the advertising duration of UPnP messages This command displays UPnP configuration settings.
Page 480: Upnp Ttl
| UPnP Commands HAPTER OMMAND SAGE The first step in UPnP networking is discovery. When a device is added to the network, the UPnP discovery protocol allows that device to broadcast its services to control points on the network. Similarly, when a control point is added to the network, the UPnP discovery protocol allows that control point to search for UPnP enabled devices on the network.
Page 481: Upnp Advertising Duration
| UPnP Commands HAPTER XAMPLE UPnP>ttl 255 UPnP> This command displays or sets the advertising duration of UPnP messages. upnp advertising duration YNTAX upnp advertising duration [duration] duration - The duration, carried in Simple Service Discover Protocol (SSDP) packets, which informs a control point or control points how often it or they should receive a SSDP advertisement message from this switch.
Page 482 | UPnP Commands HAPTER – 482 –...
Page 483: Mvr Commands
MVR C OMMANDS This section describes commands used to enable Multicast VLAN Registration (MVR) globally on the switch, select the VLAN that will serve as the sole channel for common multicast streams supported by the service provider, and to configure each interface that participates in the MVR protocol as a source port or receiver port.
Page 484: Mvr Configuration
| MVR Commands HAPTER This command displays switch and port-related MVR configuration settings. mvr configuration YNTAX mvr configuration XAMPLE MVR>configuration MVR Configuration: ================== MVR Mode: Disabled Multicast VLAN ID: 100 Port Port Mode Port Type Immediate Leave ---- ----------- ----------- --------------- Disabled Receive...
Page 485: Mvr Group
| MVR Commands HAPTER This command displays the MVR groups active on the switch. mvr group YNTAX mvr group XAMPLE MVR>group Group Ports ---- --------------- ----- 239.255.255.250 MVR> This command displays statistics for IGMP protocol messages used by MVR. mvr status YNTAX mvr status XAMPLE...
Page 486: Mvr Port Mode
| MVR Commands HAPTER This command displays or sets the MVR operational mode for specified mvr port mode ports. YNTAX mvr port mode [port-list] [enable | disable] port-list - A specific port or a range of ports. (Range: 1-28, or all) enable - Enables MVR operational mode for specified ports.
Page 487: Mvr Port Type
| MVR Commands HAPTER This command displays or sets MVR port type as a source or receiver. mvr port type YNTAX mvr port type [port-list] [source | receiver] port-list - A specific port or a range of ports. (Range: 1-28, or all) source –...
Page 488 | MVR Commands HAPTER XAMPLE MVR>immediate leave 2 enable MVR> – 488 –...
Page 489: Oice Vvlan Commands
VLAN C OICE OMMANDS This section describes commands used to configure the switch for VoIP traffic by isolating the traffic on a dedicated VLAN, and setting the priority used by each port to process this traffic. VoIP traffic can be detected on switch ports by using the source MAC address of packets to discover connected VoIP devices.
Page 490: Voice Vlan Commands
| Voice VLAN Commands HAPTER XAMPLE Voice/VLAN>configuration Voice VLAN Configuration: ========================= Voice VLAN Mode : Disabled Voice VLAN VLAN ID : 1000 Voice VLAN Age Time(seconds) : 86400 Voice VLAN Traffic Class : High Voice VLAN OUI Table: ===================== Telephony OUI Description ------------- ----------- 00-01-E3 Siemens AG phones...
Page 491: Voice Vlan Discovery Protocol
| Voice VLAN Commands HAPTER This command displays or sets the method used to detect VoIP traffic on a voice vlan discovery port. protocol YNTAX voice vlan discovery protocol [port-list] [oui | lldp | both] port-list - A specific port or a range of ports. (Range: 1-28, or all) oui - Traffic from VoIP devices is detected by the Organizationally Unique Identifier (OUI) of the source MAC address.
Page 492: Voice Vlan Id
| Voice VLAN Commands HAPTER OMMAND SAGE MSTP must be disabled (with the stp version command) before the Voice VLAN is enabled. This prevents the spanning tree’s ingress filter from dropping VoIP traffic tagged for the Voice VLAN. XAMPLE Voice/VLAN>mode enable Voice/VLAN>...
Page 493: Voice Vlan Traffic Class
| Voice VLAN Commands HAPTER XAMPLE Voice/VLAN>agetime 100000 Voice/VLAN> This command displays or sets the priority for traffic carried by the Voice voice vlan traffic VLAN. class YNTAX voice vlan traffic class [class] class - The service priority used for traffic on the Voice VLAN. The priority of any received VoIP packet is overwritten with the new priority when the Voice VLAN feature is active on a port.
Page 494: Voice Vlan Oui Delete
| Voice VLAN Commands HAPTER This command deletes an entry from the Voice VLAN OUI table. voice vlan oui delete YNTAX voice vlan oui delete oui-addr oui-addr - A globally unique identifier assigned to a vendor by IEEE to identify VoIP equipment. The OUI must be 6 characters long and the input format “xx-xx-xx”...
Page 495: Voice Vlan Port Mode
| Voice VLAN Commands HAPTER This command displays or sets the Voice VLAN membership mode for voice vlan port specified ports. mode YNTAX voice vlan port mode [port-list] [disable | auto | force] port-list - A specific port or a range of ports. (Range: 1-28, or all) disable - The Voice VLAN feature is disabled on the port.
Page 496 | Voice VLAN Commands HAPTER – 496 –...
Page 497: Mld Snooping Commands
MLD S NOOPING OMMANDS Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4. That is, MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is forwarded only to ports with users that want to receive it. This reduces the flooding of IPv6 multicast packets in the specified VLANs.
Page 498: Mld Configuration
| MLD Snooping Commands HAPTER This command displays MLD snooping settings for the switch, all VLANs, mld configuration specified ports, and filtered groups. YNTAX mld configuration [port-list] port-list - A specific port or a range of ports. (Range: 1-28, or all) EFAULT ETTING All ports...
Page 499: Mld Mode
| MLD Snooping Commands HAPTER MLD Proxy: Disabled Flooding : Enabled State Querier ---- -------- -------- Enabled Disabled Port Router Dynamic Router Fast Leave Group Throttling Number ---- -------- -------------- ---------- ----------------------- Disabled Disabled Unlimited Disabled Disabled Unlimited Disabled Disabled Unlimited Port Filtering Groups...
Page 500: Mld Leave Proxy
| MLD Snooping Commands HAPTER This command displays or sets MLD leave proxy for the switch. mld leave proxy YNTAX mld leave proxy [enable | disable] enable - Enables MLD leave proxy. If enabled, the switch suppresses leave messages unless received from the last member port in the group.
Page 501: Mld State
| MLD Snooping Commands HAPTER OMMAND SAGE When MLD proxy is enabled, the switch exchanges MLD messages with ◆ the router on its upstream interface, and performs the host portion of the MLD task on the upstream interface as follows: When queried, it sends multicast listener reports to the group.
Page 502: Mld Querier
| MLD Snooping Commands HAPTER This command displays or sets the MLD querier mode for the specified mld querier VLAN. YNTAX mld querier [vlan-id] [enable | disable] vlan-id - VLAN identifier. (Range: 1-4095) enable - Enables the switch to serve as querier on this VLAN. When enabled, the switch can serve as the querier if selected in the bidding process with other competing multicast switches/routers, and if selected will be responsible for asking hosts if they want to...
Page 503: Mld Throttling
| MLD Snooping Commands HAPTER that port and the Fast Leave function is enabled. This allows the switch to remove a port from the multicast forwarding table without first having to send an MLD group-specific (GS) query to that interface. If Fast Leave is not used, a multicast router (or querier) will send a ◆...
Page 504: Mld Filtering
| MLD Snooping Commands HAPTER This command displays or sets MLD group filtering for specified ports. mld filtering YNTAX mld filtering [port-list] [add | del] [group-address] port-list - A specific port or a range of ports. (Range: 1-28, or all) add - Adds a new MLD group filtering entry.
Page 505: Mld Flooding
| MLD Snooping Commands HAPTER XAMPLE MLD>router 9 enable MLD> This command displays or sets flooding of unregistered MLD services. mld flooding YNTAX mld flooding [enable | disable] enable - Floods unregistered multicast traffic into the attached VLAN. disable - Disables MLD flooding. EFAULT ETTING Disabled...
Page 506: Mld Status
| MLD Snooping Commands HAPTER This command displays MLD querier status and protocol statistics. mld status YNTAX mld status [vlan-id] vlan-id - VLAN identifier. (Range: 1-4095) EFAULT ETTING Displays status for all VLANs. OMMAND SAGE For a description of the information displayed by this command, see "Showing MLD Snooping Information"...
Page 507: Ection
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 509 ◆ "Troubleshooting" on page 513 ◆ "License Information" on page 515 ◆ – 507 –...
Page 508 | Appendices ECTION – 508 –...
Page 509: Specifications
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, TACACS+, AAA, Port Authentication (802.1X), HTTPS, SSH, ANAGEMENT Port Security, IP Filter UTHENTICATION Access Control Lists (128 rules per system), Port Authentication (802.1X), ENERAL ECURITY Port Security, DHCP Snooping, IP Source Guard, ARP Inspection EASURES 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex ONFIGURATION...
Page 510: Management Features
| Software Specifications PPENDIX Management Features Supports four levels of priority LASS OF ERVICE Strict or Weighted Round Robin queueing Queue mode and CoS configured by Ethernet type, VLAN ID, TCP/UDP port, DSCP, ToS bit, VLAN tag priority, or port Layer 3/4 priority mapping: IP DSCP remarking DiffServ supports DSCP remarking, ingress traffic policing, and egress UALITY OF...
Page 511: Standards
| Software Specifications PPENDIX Standards TANDARDS IEEE 802.1AB Link Layer Discovery Protocol ANSI/TIA-1057 LLDP for Media Endpoint Discovery - LLDP-MED IEEE-802.1ad Provider Bridge IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol Multiple Spanning Tree Protocol IEEE 802.1p Priority tags IEEE 802.1Q-2005 VLAN IEEE 802.1X Port Authentication...
Page 512 | Software Specifications PPENDIX Management Information Bases Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB using SMI v2 (RFC 2863) Interfaces Evolution MIB (RFC 2863) IP MIB (RFC 2011) IP Multicasting related MIBs IPV6-MIB (RFC 2065)
Page 513: Problems Accessing The Management Interface
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 62: Troubleshooting Chart Symptom Action Cannot connect using ◆ Be sure the switch is powered up. Telnet, web browser, or ◆ Check network cabling between the management station and SNMP software the switch. ◆...
Page 514: B Troubleshooting
| Troubleshooting PPENDIX Using System Logs SING YSTEM If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 515: Information
ICENSE NFORMATION This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
Page 516: License Information
| License Information PPENDIX The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The “Program”, below, refers to any such program or work, and a “work based on the Program”...
Page 517 | License Information PPENDIX The GNU General Public License a). Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b).
Page 518 | License Information PPENDIX The GNU General Public License This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 519: Glossary
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol. BOOTP i used to provide bootup information for network BOOTP devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 520 LOSSARY Differentiated Services Code Point Service. DSCP uses a six-bit tag to DSCP provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
Page 521 LOSSARY VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. IEEE 802.1Q It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. An IEEE standard for providing quality of service (QoS) in Ethernet IEEE 802.1 networks.
Page 522 LOSSARY A process whereby this switch can pass multicast traffic along to IP M ULTICAST ILTERING participating hosts. The Type of Service (ToS) octet in the IPv4 header includes three IP P RECEDENCE precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 523 LOSSARY Multicast VLAN Registration is a method of using a single network-wide multicast VLAN to transmit common services, such as such as television channels or video-on-demand, across a service-provider’s network. MVR simplifies the configuration of multicast services by using a common VLAN for distribution, while still preserving security and data isolation for subscribers residing in both the MVR VLAN and other standard or private VLAN groups.
Page 524 LOSSARY Remote Monitoring. RMON provides comprehensive network monitoring RMON capabilities. It eliminates the polling required in standard SNMP, and can set alarms on a variety of traffic conditions, including specific error types. Rapid Spanning Tree Protocol. RSTP reduces the convergence time for RSTP network topology changes to about 10% of that required by the older IEEE 802.1D STP standard.
Page 525 LOSSARY User Datagram Protocol. UD provides a datagram mode for packet- switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets – connection-less datagrams that may be discarded before reaching their targets.
Page 526 LOSSARY – 526 –...
Page 527: Command
OMMAND lacp mode lacp role aggr add lacp statistics aggr configuration 430 lacp status aggr delete lldp cdp_aware aggr lookup 431 lldp configuration 441 aggr mode lldp delay lldp hold lldp info lldp interval config load 474 lldp mode 442 config save lldp optional_tlv 442 lldp reinit 445...
Page 528 OMMAND LIST mld state security network acl action mld status security network acl add mld throttling security network acl clear mld version security network acl configuration 367 mvr configuration 484 security network acl delete 373 mvr group security network acl lookup mvr immediate leave 487 security network acl policy mvr mode...
Page 529 OMMAND security network nas authenticate 365 security switch snmp trap inform mode security network nas configuration 355 security network nas eapoltimeout 360 security switch snmp trap inform retry security network nas guest_vlan times security network nas holdtime security switch snmp trap inform security network nas mode timeout security network nas radius_qos...
Page 530 OMMAND LIST stp txhold 401 vlan aware stp version vlan configuration 299 system configuration 265 vlan delete 303 system contact vlan frametype system load 268 vlan ingressfilter system location vlan lookup 304 system log 269 vlan pvid system name vlan stag system reboot 268 vlan status system restore default 268...
Page 531: Index
NDEX Domain Name Service See DNS downloading software 252 acceptable frame type 177 using HTTP 252 Access Control List See ACL using TFTP 252 ACL 105 downoading software 252 binding to a port 105 dynamic addresses, displaying 173 address table 172 aging time 173 ARP inspection 123 edge port, STA 145...
Page 532 NDEX throttling 151 TACACS+ client 74 ingress filtering 177 TACACS+ server 74 IP address, setting 62 IP source guard, configuring static entries 121 IPv4 address DHCP 63 main menu 55 dynamic configuration 45 management access, filtering IP addresses 79 manual configuration 43 Management Information Bases (MIBs) 511 setting 42 maximum frame size 68...
Page 533 NDEX statistics 201 trap manager 83 port priority SNMPv3 configuring 186 engine identifier, local 83 default ingress 185 engine identifier, remote 87 STA 145 groups 88 ports user configuration 87 autonegotiation 68 views 90 broadcast storm threshold 193 software capabilities 68 displaying version 197 configuring 67 downloading 252...
Page 534 NDEX trap destination 83 ingress filtering 177 – trap manager 47 interface configuration 176 troubleshooting 513 VLANs 299 trunk adding static members 175 configuration 129 creating 175 LACP 132 description 174 static 129 displaying basic information 304 Type Length Value displaying port members 176 See also LLDP-MED TLV private 178...

Digisol DG-GS4528S User Manual

About this Guide

Contents

Figures

Tables

Sectioni

Getting Started

1 Introduction

2 Initial Switch Configuration

Ection

Web Configuration

3 Using the Web Interface

4 Configuring the Switch

5 Monitoring the Switch

6 Performing Basic Diagnostics

7 Performing System Maintenance

8 Using Thecommandlineinterface

Quick Links

User Manual

Troubleshooting

Related Manuals for Digisol DG-GS4528S

Summary of Contents for Digisol DG-GS4528S