Page 1: User Manual
GTL-2881 28-Port Stackable Layer 3 Lite Managed Gigabit Switch, 2 x SFP+, 2 x SFP+ (Optional Modules) GTL-2882 28-Port Stackable Layer 3 Lite Managed Gigabit Fiber Switch, 2 x SFP+, 2 x SFP+ (Optional Modules) User Manual V1.0 Digital Data Communications Asia Co., Ltd.
Page 2 U se r M a n u a l GTL-2881 Layer Layer 3 Lite Stackable Gigabit Ethernet Switch with 24 10/100/1000BASE-T (RJ-45) Ports, 2 10-Gigabit SFP+ Ports, and Optional Module with 2 10-Gigabit SFP+ Ports GTL-2882 Layer Layer 3 Lite Stackable Gigabit Ethernet Fiber Switch...
Page 3: How To Use This Guide
How to Use This Guide This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Page 4 How to Use This Guide For information on how to install the switch, see the following guide: Installation Guide For all safety information and regulatory statements, see the following documents: Quick Start Guide Safety and Regulatory Information Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions.
Page 5: Table Of Contents
Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Key Features Description of Software Features IP Routing Equal-cost Multipath Load Balancing Address Resolution Protocol Operation, Administration, and Maintenance System Defaults Section II Web Configuration 2 Using the Web Interface Connecting to the Web Interface Navigating the Web Browser Interface...
Page 6 Contents Displaying Hardware/Software Versions Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File Setting the Start-Up File Showing System Files Automatic Operation Code Upgrade Setting the System Clock Setting the Time Manually Setting the SNTP Polling Interval...
Page 7 Contents Configuring Transceiver Thresholds Performing Cable Diagnostics Trunk Configuration Configuring a Static Trunk Configuring a Dynamic Trunk Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Configuring Load Balancing Saving Power Traffic Segmentation Enabling Traffic Segmentation...
Page 8 Contents Displaying the Dynamic Address Table Clearing the Dynamic Address Table Configuring MAC Address Mirroring Issuing MAC Address Traps 7 Spanning Tree Algorithm Overview Configuring Loopback Detection Configuring Global Settings for STA Displaying Global Settings for STA Configuring Interface Settings for STA Displaying Interface Settings for STA Configuring Multiple Spanning Trees Configuring Interface Settings for MSTP...
Page 9 Contents 11 VoIP Traffic Configuration Overview Configuring VoIP Traffic Configuring Telephony OUI Configuring VoIP Traffic Ports 12 Security Measures AAA (Authentication, Authorization and Accounting) Configuring Local/Remote Logon Authentication Configuring Remote Logon Authentication Servers Configuring AAA Accounting Configuring AAA Authorization Configuring User Accounts Web Authentication Configuring Global Settings for Web Authentication Configuring Interface Settings for Web Authentication...
Page 10 Contents Configuring a Standard IPv6 ACL Configuring an Extended IPv6 ACL Configuring a MAC ACL Configuring an ARP ACL Binding a Port to an Access Control List Configuring ACL Mirroring Showing ACL Hardware Counters ARP Inspection Configuring Global Settings for ARP Inspection Configuring VLAN Settings for ARP Inspection Configuring Interface Settings for ARP Inspection Displaying ARP Inspection Statistics...
Page 11 Contents 13 Basic Administration Protocols Configuring Event Logging System Log Configuration Remote Log Configuration Sending Simple Mail Transfer Protocol Alerts Link Layer Discovery Protocol Setting LLDP Timing Attributes Configuring LLDP Interface Attributes Configuring LLDP Interface Civic-Address Displaying LLDP Local Device Information Displaying LLDP Remote Device Information Displaying Device Statistics Simple Network Management Protocol...
Page 12 Contents Ethernet Ring Protection Switching ERPS Global Configuration ERPS Ring Configuration ERPS Forced and Manual Mode Operations Connectivity Fault Management Configuring Global Settings for CFM Configuring Interfaces for CFM Configuring CFM Maintenance Domains Configuring CFM Maintenance Associations Configuring Maintenance End Points Configuring Remote Maintenance End Points Transmitting Link Trace Messages Transmitting Loop Back Messages...
Page 13 Contents 14 Multicast Filtering Overview Layer 2 IGMP (Snooping and Query for IPv4) Configuring IGMP Snooping and Query Parameters Specifying Static Interfaces for a Multicast Router Assigning Interfaces to Multicast Services Setting IGMP Snooping Status per Interface Filtering IGMP Query Packets and Multicast Data Displaying Multicast Groups Discovered by IGMP Snooping Displaying IGMP Snooping Statistics Filtering and Throttling IGMP Groups...
Page 14 Contents Displaying MVR6 Receiver Groups Displaying MVR6 Statistics 15 IP Configuration Setting the Switch’s IP Address (IP Version 4) Setting the Switch’s IP Address (IP Version 6) Configuring the IPv6 Default Gateway Configuring IPv6 Interface Settings Configuring an IPv6 Address Showing IPv6 Addresses Showing the IPv6 Neighbor Cache Showing IPv6 Statistics...
Page 15 Contents Configuring IP Routing Interfaces Configuring Local and Remote Interfaces Using the Ping Function Using the Trace Route Function Address Resolution Protocol Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamic or Local ARP Entries Displaying ARP Statistics Configuring Static Routes Displaying the Routing Table 18 Unicast Routing Overview...
Page 16 Contents B Troubleshooting Problems Accessing the Management Interface Using System Logs C License Statement / GPL Code Statement Written Offer for GPL/LGPL Source Code The GNU General Public License How to Apply These Terms to Your New Programs Notification of Compliance Glossary Index –...
Page 17: Figures
Figures Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Configuring Automatic Code Upgrade...
Page 18 Figures Figure 30: Restarting the Switch (In) Figure 31: Restarting the Switch (At) Figure 32: Restarting the Switch (Regularly) Figure 33: Configuring Connections by Port List Figure 34: Configuring Connections by Port Range Figure 35: Displaying Port Information Figure 36: Configuring Local Port Mirroring Figure 37: Configuring Local Port Mirroring Figure 38: Displaying Local Port Mirror Sessions Figure 39: Configuring Remote Port Mirroring...
Page 19 Figures Figure 65: Enabling Traffic Segmentation Figure 66: Configuring Members for Traffic Segmentation Figure 67: Showing Traffic Segmentation Members Figure 68: Configuring VLAN Trunking Figure 69: Configuring VLAN Trunking Figure 70: VLAN Compliant and VLAN Non-compliant Devices Figure 71: Using GVRP Figure 72: Creating Static VLANs Figure 73: Modifying Settings for Static VLANs Figure 74: Showing Static VLANs...
Page 20 Figures Figure 100: Configuring MAC Address Learning Figure 101: Configuring Static MAC Addresses Figure 102: Displaying Static MAC Addresses Figure 103: Setting the Address Aging Time Figure 104: Displaying the Dynamic MAC Address Table Figure 105: Clearing Entries in the Dynamic MAC Address Table Figure 106: Mirroring Packets Based on the Source MAC Address Figure 107: Showing the Source MAC Addresses to Mirror Figure 108: Issuing MAC Address Traps (Global Configuration)
Page 21 Figures Figure 135: Configuring ATC Interface Attributes Figure 136: Setting the Default Port Priority Figure 137: Setting the Queue Mode (Strict) Figure 138: Setting the Queue Mode (WRR) Figure 139: Setting the Queue Mode (Strict and WRR) Figure 140: Mapping CoS Values to Egress Queues Figure 141: Showing CoS Values to Egress Queue Mapping Figure 142: Setting the Trust Mode Figure 143: Configuring DSCP to DSCP Internal Mapping...
Page 22 Figures Figure 170: Configuring AAA Accounting Service for Command Service Figure 171: Configuring AAA Accounting Service for Exec Service Figure 172: Displaying a Summary of Applied AAA Accounting Methods Figure 173: Displaying Statistics for AAA Accounting Sessions Figure 174: Configuring AAA Authorization Methods Figure 175: Showing AAA Authorization Methods Figure 176: Configuring AAA Authorization Methods for Exec Service Figure 177: Displaying the Applied AAA Authorization Method...
Page 23 Figures Figure 205: Configuring an Extended IPv6 ACL Figure 206: Configuring a MAC ACL Figure 207: Configuring a ARP ACL Figure 208: Binding a Port to an ACL Figure 209: Configuring ACL Mirroring Figure 210: Showing the VLANs to Mirror Figure 211: Showing ACL Statistics Figure 212: Configuring Global Settings for ARP Inspection Figure 213: Configuring VLAN Settings for ARP Inspection...
Page 24 Figures Figure 240: Showing Error Messages Logged to System Memory Figure 241: Configuring Settings for Remote Logging of Error Messages Figure 242: Configuring SMTP Alert Messages Figure 243: Configuring LLDP Timing Attributes Figure 244: Configuring LLDP Interface Attributes Figure 245: Configuring the Civic Address for an LLDP Interface Figure 246: Showing the Civic Address for an LLDP Interface Figure 247: Displaying Local Device Information for LLDP (General) Figure 248: Displaying Local Device Information for LLDP (Port)
Page 25 Figures Figure 275: Showing Trap Managers Figure 276: Creating SNMP Notification Logs Figure 277: Showing SNMP Notification Logs Figure 278: Showing SNMP Statistics Figure 279: Configuring an RMON Alarm Figure 280: Showing Configured RMON Alarms Figure 281: Configuring an RMON Event Figure 282: Showing Configured RMON Events Figure 283: Configuring an RMON History Sample Figure 284: Showing Configured RMON History Samples...
Page 26 Figures Figure 310: Configuring Detailed Settings for Maintenance Domains Figure 311: Creating Maintenance Associations Figure 312: Showing Maintenance Associations Figure 313: Configuring Detailed Settings for Maintenance Associations Figure 314: Configuring Maintenance End Points Figure 315: Showing Maintenance End Points Figure 316: Configuring Remote Maintenance End Points Figure 317: Showing Remote Maintenance End Points Figure 318: Transmitting Link Trace Messages Figure 319: Transmitting Loopback Messages...
Page 27 Figures Figure 345: Showing Current Interfaces Attached a Multicast Router Figure 346: Configuring IGMP Snooping on a VLAN Figure 347: Showing Interface Settings for IGMP Snooping Figure 348: Dropping IGMP Query or Multicast Data Packets Figure 349: Showing Multicast Groups Learned by IGMP Snooping Figure 350: Displaying IGMP Snooping Statistics –...
Page 28 Figures Figure 380: Displaying MVR Statistics – VLAN Figure 381: Displaying MVR Statistics – Port Figure 382: Configuring Global Settings for MVR6 Figure 383: Configuring Domain Settings for MVR6 Figure 384: Configuring an MVR6 Group Address Profile Figure 385: Displaying MVR6 Group Address Profiles Figure 386: Assigning an MVR6 Group Address Profile to a Domain Figure 387: Showing MVR6 Group Address Profiles Assigned to a Domain Figure 388: Configuring Interface Settings for MVR6...
Page 29 Figures Figure 415: Showing Entries in the DNS Cache Figure 416: Specifying a DHCP Client Identifier Figure 417: Layer 3 DHCP Relay Service Figure 418: Configuring DHCP Relay Service Figure 419: Configuring Global Settings for PPPoE Intermediate Agent Figure 420: Configuring Interface Settings for PPPoE Intermediate Agent Figure 421: Showing PPPoE Intermediate Agent Statistics Figure 422: Virtual Interfaces and Layer 3 Routing Figure 423: Pinging a Network Device...
Page 30 Figures Figure 450: Showing RIP Peer Information Figure 451: Resetting RIP Statistics – 30 –...
Page 31: Tables
Tables Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Switch Main Menu Table 5: Predefined Summer-Time Parameters Table 6: Port Statistics Table 7: LACP Port Counters Table 8: LACP Internal Configuration Information Table 9: LACP Remote Device Configuration Information Table 10: Traffic Segmentation Forwarding Table 11: Recommended STA Path Cost Range...
Page 32 Tables Table 30: Supported Notification Messages Table 31: ERPS Request/State Priority Table 32: Remote MEP Priority Levels Table 33: MEP Defect Descriptions Table 34: OAM Operation State Table 35: Remote Loopback Status Table 36: Show IPv6 Neighbors - display description Table 37: Show IPv6 Statistics - display description Table 38: Show MTU - display description Table 39: Options 60, 66 and 67 Statements...
Page 33: Section I
Section I Getting Started This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: ◆ "Introduction" on page 35 –...
Page 34 Section I | Getting Started – 34 –...
Page 35: Introduction
Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 36 Chapter 1 | Introduction Key Features (Continued) Table 1: Key Features Feature Description Address Table 16K MAC addresses in the forwarding table, 1K static MAC addresses; 1760 entries in the ARP cache, 256 static ARP entries; 256 static IP routes, 32 IP interfaces; 2K IPv4 entries in the host table;...
Page 37: Description Of Software Features
Chapter 1 | Introduction Description of Software Features Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network.
Page 38 Chapter 1 | Introduction Description of Software Features Port Configuration You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use full-duplex mode on ports whenever possible to double the throughput of switch connections.
Page 39 Chapter 1 | Introduction Description of Software Features IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses. Store-and-Forward The switch copies each frame into its memory before forwarding them to another Switching...
Page 40 Chapter 1 | Introduction Description of Software Features GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: ◆...
Page 41: Ip Routing
Chapter 1 | Introduction Description of Software Features allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. Ethernet Ring ERPS can be used to increase the availability and robustness of Ethernet rings, such as those used in Metropolitan Area Networks (MAN).
Page 42: Equal-Cost Multipath Load Balancing
Chapter 1 | Introduction Description of Software Features Equal-cost Multipath When multiple paths to the same destination and with the same path cost are found in the routing table, the Equal-cost Multipath (ECMP) algorithm first checks if Load Balancing the cost is lower than that of any other routing entries. If the cost is the lowest in the table, the switch will use up to eight paths having the lowest path cost to balance traffic forwarded to the destination.
Page 43: System Defaults
Chapter 1 | Introduction System Defaults Link Layer Discovery LLDP is used to discover basic information about neighboring devices within the local broadcast domain. LLDP is a Layer 2 protocol that advertises information Protocol about the sending device and collects information gathered from neighboring network nodes it discovers.
Page 44 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Authentication and Privileged Exec Level Username “admin” Security Measures Password “admin” Normal Exec Level Username “guest” Password “guest” Enable Privileged Exec from Password “super” Normal Exec Level RADIUS Authentication Disabled TACACS+ Authentication...
Page 45 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Congestion Control Rate Limiting Disabled Storm Control Broadcast: Enabled (64 kbits/sec) Multicast: Disabled Unknown Unicast: Disabled Auto Traffic Control Disabled Address Table Aging Time 300 seconds Spanning Tree Algorithm Status Enabled, RSTP...
Page 46 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Enabled Cache Timeout: 20 minutes Proxy: Disabled Unicast Routing Disabled OSPF Disabled Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled Querier: Disabled MLD Snooping (Layer 2 IPv6) Snooping: Enabled Querier: Disabled Multicast VLAN Registration...
Page 47: Web Configuration
Section II Web Configuration This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: ◆ "Using the Web Interface" on page 49 ◆ "Basic Management Tasks"...
Page 48 Section II | Web Configuration ◆ "Unicast Routing" on page 651 – 48 –...
Page 49: Using The Web Interface
Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent versions).
Page 50: Navigating The Web Browser Interface
Figure 1: Home Page Note: This manual covers the GTL-2881 Gigabit Ethernet switch and GTL-2882 Gigabit Ethernet Fiber switch. Other than the difference in port types, there are no – 50 –...
Page 51: Configuration Options
Note: You can open a connection to the vendor’s web site by clicking on the levelone logo. Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting.
Page 52: Main Menu
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 4: Switch Main Menu Menu Description...
Page 53 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Renumber Reset stack identification numbers Reset Restarts the switch immediately, at a specified time, after a specified delay, or at a periodic interval Interface Port General...
Page 54 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Actor Configures parameters for link aggregation group members on the local side Partner Configures parameters for link aggregation group members on the remote side Show Information Counters...
Page 55 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Dynamic VLAN Show VLAN Shows the VLANs this switch has joined through GVRP Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP Tunnel IEEE 802.1Q (QinQ) Tunneling Configure Global...
Page 56 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Mirror Mirrors traffic matching a specified source address from any port on the...
Page 57 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Interface Sets the storm control mode (broadcast or multicast), the traffic thresholds, the control response, to automatically release a response of rate limiting, or to send related SNMP trap messages Priority Default Priority...
Page 58 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure OUI Maps the OUI in the source MAC address of ingress packets to the VoIP device manufacturer Show Shows the OUI telephony list Configure Interface Configures VoIP traffic settings for ports, including the way in which a...
Page 59 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows authorized users Modify Modifies user attributes Web Authentication Allows authentication and access to the network when 802.1X or Network Access authentication are infeasible or impractical Configure Global Configures general protocol settings...
Page 60 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Rule Shows the time specified by a rule Configure ACL Show TCAM Shows utilization parameters for TCAM Adds an ACL based on IP or MAC address filtering Show Shows the name and type of configured ACLs Add Rule...
Page 61 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table Port Configuration Enables IP source guard and selects filter type per port Static Binding...
Page 62 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Remote Device Information Port/Trunk Displays information about a remote device connected to a port on this switch Port/Trunk Details Displays detailed information about a remote device connected to this switch Show Device Statistics...
Page 63 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows the configured notification logs Show Statistics Shows the status of SNMP communications RMON Remote Monitoring Configure Global Alarm Sets threshold bounds for a monitored variable Event...
Page 64 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Interface Configures administrative status on an interface Configure MD Configure Maintenance Domains Defines a portion of the network for which connectivity faults can be managed, identified by an MD index, maintenance level, and the MIP creation method Configure Details...
Page 65 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Continuity Check Error Displays CFM continuity check errors logged on this device Operation, Administration, and Maintenance Interface Enables OAM on specified port, sets the mode to active or passive, and enables the reporting of critical events or errored frame events Counters Displays statistics on OAM PDUs...
Page 66 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Routing Table Show Information Shows all routing entries, including local, static and dynamic routes IPv6 Configuration Configure Global Sets an IPv6 default gateway for traffic with no known next hop Configure Interface Configures IPv6 interface address using auto-configuration or link-local address, and sets related protocol settings...
Page 67 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Snooping Configure Global Enables DHCP snooping globally, MAC-address verification, information option; and sets the information policy Configure VLAN Enables DHCP snooping on a VLAN Configure Interface Sets the trust mode for an interface Show Information...
Page 68 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Add Multicast Group Range Assigns multicast groups to selected profile Show Multicast Group Range Shows multicast groups assigned to a profile Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action Statistics...
Page 69 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Static Group Member Statically assigns MVR multicast streams to an interface Show Shows MVR multicast streams assigned to an interface Show Member Shows the multicast groups assigned to an MVR VLAN, the source address of the multicast services, and the interfaces with active...
Page 70 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Routing Protocol General Configure Enables or disables RIP, sets the global RIP attributes and timer values Clear Route Clears the specified route type or network interface from the routing table Network Sets the network interfaces that will use RIP...
Page 71: Basic Management Tasks
Basic Management Tasks This chapter describes the following topics: ◆ Displaying System Information – Provides basic system description, including contact information. ◆ Displaying Hardware/Software Versions – Shows the hardware version, power status, and firmware versions ◆ Configuring Support for Jumbo Frames –...
Page 72: Displaying System Information
Chapter 3 | Basic Management Tasks Displaying System Information Displaying System Information Use the System > General page to identify the system by displaying information such as the device name, location and contact information. Parameters These parameters are displayed: ◆ System Description –...
Page 73: Displaying Hardware/Software Versions
Chapter 3 | Basic Management Tasks Displaying Hardware/Software Versions Displaying Hardware/Software Versions Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Parameters The following parameters are displayed: Main Board Information ◆...
Page 74: Configuring Support For Jumbo Frames
Chapter 3 | Basic Management Tasks Configuring Support for Jumbo Frames Web Interface To view hardware and software version information. Click System, then Switch. Figure 4: General Switch Information Configuring Support for Jumbo Frames Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit Ethernet ports or trunks.
Page 75: Displaying Bridge Extension Capabilities
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities Web Interface To configure support for jumbo frames: Click System, then Capability. Enable or disable support for jumbo frames. Click Apply. Figure 5: Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Use the System >...
Page 76: Figure 6: Displaying Bridge Extension Configuration
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities ◆ Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration”...
Page 77: Managing System Files
Chapter 3 | Basic Management Tasks Managing System Files Managing System Files This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. Copying Files via FTP/ Use the System > File (Copy) page to upload/download firmware or configuration TFTP or HTTP settings using FTP, TFTP or HTTP.
Page 78 Chapter 3 | Basic Management Tasks Managing System Files ◆ File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the switch or 127 characters for files on the server.
Page 79: Saving The Running Configuration To A Local File
Chapter 3 | Basic Management Tasks Managing System Files Figure 7: Copy Firmware If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Saving the Running Use the System >...
Page 80: Setting The Start-Up File
Chapter 3 | Basic Management Tasks Managing System Files Select the current startup file on the switch to overwrite or specify a new file name. Then click Apply. Figure 8: Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System >...
Page 81: Showing System Files
Chapter 3 | Basic Management Tasks Managing System Files Showing System Files Use the System > File (Show) page to show the files in the system directory, or to delete a file. Note: Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be deleted.
Page 82 Chapter 3 | Basic Management Tasks Managing System Files ◆ The path to the directory must also be defined. If the file is stored in the root directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp:// 192.168.0.1/).
Page 83 Chapter 3 | Basic Management Tasks Managing System Files ◆ The switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image. Parameters The following parameters are displayed: ◆ Automatic Opcode Upgrade – Enables the switch to search for an upgraded operation code file during the switch bootup process.
Page 84 Chapter 3 | Basic Management Tasks Managing System Files Examples The following examples demonstrate the URL syntax for a TFTP server at IP address 192.168.0.1 with the operation code image stored in various locations: tftp://192.168.0.1/ ■ The image file is in the TFTP root directory. tftp://192.168.0.1/switch-opcode/ ■...
Page 85: Setting The System Clock
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 11: Configuring Automatic Code Upgrade If a new image is found at the specified location, the following type of messages will be displayed during bootup. Automatic Upgrade is looking for a new image New image detected: current version 1.5.2.15;...
Page 86: Setting The Time Manually
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the Time Use the System > Time (Configure General - Manual) page to set the system time on the switch manually without using SNTP. Manually Parameters The following parameters are displayed: ◆...
Page 87: Setting The Sntp Polling Interval
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the SNTP Use the System > Time (Configure General - SNTP) page to set the polling interval at which the switch will query the specified time servers. Polling Interval Parameters The following parameters are displayed: ◆...
Page 88: Configuring Time Servers
Chapter 3 | Basic Management Tasks Setting the System Clock You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients.
Page 89: Figure 15: Specifying Sntp Time Servers
Chapter 3 | Basic Management Tasks Setting the System Clock Parameters The following parameters are displayed: ◆ SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.
Page 90: Figure 16: Adding An Ntp Time Server
Chapter 3 | Basic Management Tasks Setting the System Clock ◆ Authentication Key – Specifies the number of the key in the NTP Authentication Key List to use for authentication with the configured server. NTP authentication is optional. If enabled on the System > Time (Configure General) page, you must also configure at least one key on the System >...
Page 91: Figure 18: Adding An Ntp Authentication Key
Chapter 3 | Basic Management Tasks Setting the System Clock Specifying NTP Authentication Keys Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list. Parameters The following parameters are displayed: ◆...
Page 92: Setting The Time Zone
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 19: Showing the NTP Authentication Key List Setting the Time Zone Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 93: Configuring Summer Time
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 20: Setting the Time Zone Configuring Use the Summer Time page to set the system clock forward during the summer Summer Time months (also known as daylight savings time). In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less.
Page 94: Table 5: Predefined Summer-Time Parameters
Chapter 3 | Basic Management Tasks Setting the System Clock Table 5: Predefined Summer-Time Parameters Region Start Time, Day, Week, & Month End Time, Day, Week, & Month Rel. Offset Australia 00:00:00, Sunday, Week 5 of October 23:59:59, Sunday, Week 5 of March 60 min Europe 00:00:00, Sunday, Week 5 of March...
Page 95: Configuring The Console Port
Chapter 3 | Basic Management Tasks Configuring the Console Port Figure 21: Configuring Summer Time Configuring the Console Port Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port.
Page 96: Figure 22: Console Port Settings
Chapter 3 | Basic Management Tasks Configuring the Console Port per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits) ◆ Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2;...
Page 97: Configuring Telnet Settings
Chapter 3 | Basic Management Tasks Configuring Telnet Settings Configuring Telnet Settings Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password.
Page 98: Displaying Cpu Utilization
Chapter 3 | Basic Management Tasks Displaying CPU Utilization authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch. Web Interface To configure parameters for the console port: Click System, then Telnet.
Page 99: Displaying Memory Utilization
Chapter 3 | Basic Management Tasks Displaying Memory Utilization Figure 24: Displaying CPU Utilization Displaying Memory Utilization Use the System > Memory Status page to display memory utilization parameters. Parameters The following parameters are displayed: ◆ Free Size – The amount of memory currently free for use. ◆...
Page 100: Stacking
Chapter 3 | Basic Management Tasks Stacking Stacking This section describes the basic functions which enable a properly connected set of switches to function as a single logical entity for management purposes. For information on how to physically connect units into a stack, see the Hardware Installation Guide.
Page 101: Enabling Stacking Ports
Chapter 3 | Basic Management Tasks Stacking Click Apply. Figure 26: Setting the Stack Master Enabling Use the System > Stacking (Configure Stacking Button) page to enable stacking on the front panel 10G ports. Stacking Ports Command Usage ◆ The stacking ports must be enabled on all stack members. ◆...
Page 102: Renumbering The Stack
Chapter 3 | Basic Management Tasks Stacking Figure 27: Enabling Stacking on 10G Ports Renumbering If the units are no longer numbered sequentially after several topology changes or failures, use the System > Stacking (Renumber) page to reset the unit numbers. Just the Stack remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master.
Page 103: Resetting The System
Chapter 3 | Basic Management Tasks Resetting the System Resetting the System Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval. Command Usage ◆ This command resets the entire system. ◆...
Page 104 Chapter 3 | Basic Management Tasks Resetting the System YYYY - The year at which to reload. (Range: 1970-2037) ■ HH - The hour at which to reload. (Range: 00-23) ■ MM - The minute at which to reload. (Range: 00-59) ■...
Page 105: Figure 29: Restarting The Switch (Immediately)
Chapter 3 | Basic Management Tasks Resetting the System Figure 29: Restarting the Switch (Immediately) Figure 30: Restarting the Switch (In) – 105 –...
Page 106: Figure 31: Restarting The Switch (At)
Chapter 3 | Basic Management Tasks Resetting the System Figure 31: Restarting the Switch (At) Figure 32: Restarting the Switch (Regularly) – 106 –...
Page 107: Interface Configuration
Interface Configuration This chapter describes the following topics: ◆ Port Configuration – Configures connection settings, including auto- negotiation, or manual setting of speed, duplex mode, and flow control. ◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local switch.
Page 108: Port Configuration
Chapter 4 | Interface Configuration Port Configuration Port Configuration This section describes how to configure port connections, mirror traffic from one port to another, and run cable diagnostics. Configuring by Use the Interface > Port > General (Configure by Port List) page to enable/disable Port List an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 109 Chapter 4 | Interface Configuration Port Configuration ◆ Media Type – Configures the forced transceiver mode for SFP/SFP+ ports, or forced/preferred port type for RJ-45/SFP combination ports. None - Forced transceiver mode is not used for SFP/SFP+ ports. (This is the ■...
Page 110: Figure 33: Configuring Connections By Port List
Chapter 4 | Interface Configuration Port Configuration Default: Autonegotiation enabled on Gigabit and 10 Gigabit ports; Advertised capabilities for 1000BASE-T – 10half, 10full, 100half, 100full, 1000full 1000BASE-SX/LX/ZX (SFP SFP+) – 1000full 10GBASE-SR/LR/ER (SFP+) – 10Gfull ◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., with auto-negotiation disabled) ◆...
Page 111: Configuring By Port Range
Chapter 4 | Interface Configuration Port Configuration Configuring by Use the Interface > Port > General (Configure by Port Range) page to enable/ disable an interface, set auto-negotiation and the interface capabilities to Port Range advertise, or manually fix the speed, duplex mode, and flow control. For more information on command usage and a description of the parameters, refer to “Configuring by Port List”...
Page 112: Configuring Local Port Mirroring
Chapter 4 | Interface Configuration Port Configuration ◆ Admin – Shows if the port is enabled or disabled. ◆ Oper Status – Indicates if the link is Up or Down. ◆ Media Type – Shows the forced transceiver mode for SFP/SFP+ ports, or forced/preferred port type for RJ-45/SFP combination ports used in the GTL- 2882.
Page 113 Chapter 4 | Interface Configuration Port Configuration (remote port mirroring as described in “Configuring Remote Port Mirroring” on page 114). ◆ Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port. ◆...
Page 114: Configuring Remote Port Mirroring
Chapter 4 | Interface Configuration Port Configuration Figure 37: Configuring Local Port Mirroring To display the configured mirror sessions: Click Interface, Port, Mirror. Select Show from the Action List. Figure 38: Displaying Local Port Mirror Sessions Configuring Use the Interface > RSPAN page to mirror traffic from remote switches for analysis Remote Port Mirroring at a destination port on the local switch.
Page 115: Figure 39: Configuring Remote Port Mirroring
Chapter 4 | Interface Configuration Port Configuration Figure 39: Configuring Remote Port Mirroring Intermediate Switch Intermediate Switch RPSAN VLAN Uplink Port Uplink Port Destination Switch Source Switch Source Port Uplink Port Uplink Port Destination Port Tagged or untagged traffic Ingress or egress traffic from the RSPAN VLAN is is mirrored onto the RSPAN analyzed at this port.
Page 116 Chapter 4 | Interface Configuration Port Configuration ◆ RSPAN Limitations The following limitations apply to the use of RSPAN on this switch: RSPAN Ports – Only ports can be configured as an RSPAN source, ■ destination, or uplink; static and dynamic trunks are not allowed. A port can only be configured as one type of RSPAN interface –...
Page 117 Chapter 4 | Interface Configuration Port Configuration Intermediate - Specifies this device as an intermediate switch, ■ transparently passing mirrored traffic from one or more sources to one or more destinations. Destination - Specifies this device as a switch configured with a ■...
Page 118: Figure 40: Configuring Remote Port Mirroring (Source)
Chapter 4 | Interface Configuration Port Configuration Figure 40: Configuring Remote Port Mirroring (Source) Figure 41: Configuring Remote Port Mirroring (Intermediate) Figure 42: Configuring Remote Port Mirroring (Destination) – 118 –...
Page 119: Showing Port Or Trunk Statistics
Chapter 4 | Interface Configuration Port Configuration Showing Port or Trunk Use the Interface > Port/Trunk > Statistics or Chart page to display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as Statistics well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
Page 120 Chapter 4 | Interface Configuration Port Configuration (Continued) Table 6: Port Statistics Parameter Description Transmitted Broadcast The total number of packets that higher-level protocols requested be Packets transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent. Received Unknown Packets The number of packets received via the interface which were discarded because of an unknown or unsupported protocol.
Page 121 Chapter 4 | Interface Configuration Port Configuration (Continued) Table 6: Port Statistics Parameter Description Broadcast Packets The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Packets The total number of good packets received that were directed to this multicast address.
Page 122: Figure 43: Showing Port Statistics (Table)
Chapter 4 | Interface Configuration Port Configuration Figure 43: Showing Port Statistics (Table) To show a chart of port statistics: Click Interface, Port, Chart. Select the statistics mode to display (Interface, Etherlike, RMON or All). If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list.
Page 123: Displaying Transceiver Data
Chapter 4 | Interface Configuration Port Configuration Figure 44: Showing Port Statistics (Chart) Displaying Use the Interface > Port > Transceiver page to display identifying information, and operational for optical transceivers which support Digital Diagnostic Monitoring Transceiver Data (DDM). Parameters These parameters are displayed: ◆...
Page 124: Configuring Transceiver Thresholds
DDM. Parameters These parameters are displayed: ◆ Port – Port number. (GTL-2881: SFP+ ports 25-28; GTL-2882: SFP ports 1-28) ◆ General – Information on connector type and vendor-related parameters. – 124 –...
Page 125 Chapter 4 | Interface Configuration Port Configuration ◆ DDM Information – Information on temperature, supply voltage, laser bias current, laser power, and received optical power. The switch can display diagnostic information for SFP modules which support the SFF-8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers.
Page 126: Performing Cable Diagnostics
Chapter 4 | Interface Configuration Port Configuration will not be generated until the sampled value has risen above the low threshold and reaches the high threshold. Threshold events are triggered as described above to avoid a hysteresis ■ effect which would continuously trigger event messages if the power level were to fluctuate just above and below either the high threshold or the low threshold.
Page 127 Chapter 4 | Interface Configuration Port Configuration Command Usage ◆ Cable diagnostics are performed using Digital Signal Processing (DSP) test methods. DSP analyses the cable by sending a pulsed signal into the cable, and then examining the reflection of that pulse. ◆...
Page 128: Trunk Configuration
Chapter 4 | Interface Configuration Trunk Configuration Web Interface To test the cable attached to a port: Click Interface, Port, Cable Test. Click Test for any port to start the cable test. Figure 47: Performing Cable Tests Trunk Configuration This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link.
Page 129: Configuring A Static Trunk
Chapter 4 | Interface Configuration Trunk Configuration Command Usage Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the web interface or CLI to specify the trunk on the devices at both ends.
Page 130: Figure 49: Creating Static Trunks
Chapter 4 | Interface Configuration Trunk Configuration Command Usage ◆ When configuring static trunks, you may not be able to link switches of different types, depending on the vendor’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. ◆...
Page 131: Figure 50: Adding Static Trunks Members
Chapter 4 | Interface Configuration Trunk Configuration To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list. Select a trunk identifier. Set the unit and port for an additional trunk member. Click Apply.
Page 132: Configuring A Dynamic Trunk
Chapter 4 | Interface Configuration Trunk Configuration To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 52: Showing Information for Static Trunks Configuring a Use the Interface > Trunk > Dynamic pages to set the administrative key for an Dynamic Trunk aggregation group, enable LACP on a port, configure protocol parameters for local and partner ports, or to set Ethernet connection parameters.
Page 133 Chapter 4 | Interface Configuration Trunk Configuration ◆ Ports are only allowed to join the same Link Aggregation Group (LAG) if (1) the LACP port system priority matches, (2) the LACP port admin key matches, and (3) the LAG admin key matches (if configured). However, if the LAG admin key is set, then the port admin key must be set to the same value for a port to be allowed to join that group.
Page 134 Chapter 4 | Interface Configuration Trunk Configuration When a dynamic port-channel is torn down, the configured timeout value will be retained. When the dynamic port-channel is constructed again, that timeout value will be used. Configure Aggregation Port - General ◆ Port –...
Page 135: Figure 54: Configuring The Lacp Aggregator Admin Key
Chapter 4 | Interface Configuration Trunk Configuration Note: Configuring LACP settings for a port only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with that port. Note: Configuring the port partner sets the remote side of an aggregate link;...
Page 136: Figure 55: Enabling Lacp On A Port
Chapter 4 | Interface Configuration Trunk Configuration Figure 55: Enabling LACP on a Port To configure LACP parameters for group members: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click Actor or Partner. Configure the required settings.
Page 137: Figure 57: Showing Members Of A Dynamic Trunk
Chapter 4 | Interface Configuration Trunk Configuration Select a Trunk. Figure 57: Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Configure from the Action list. Modify the required interface settings.
Page 138: Displaying Lacp Port Counters
Chapter 4 | Interface Configuration Trunk Configuration To show connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Show from the Action list. Figure 59: Showing Connection Parameters for Dynamic Trunks Displaying LACP Use the Interface >...
Page 139: Displaying Lacp Settings And Status For The Local Side
Chapter 4 | Interface Configuration Trunk Configuration Select a group member from the Port list. Figure 60: Displaying LACP Port Counters Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Settings and Status Information - Internal) page to display the configuration settings and operational state for the local side of a link aggregation.
Page 140: Figure 61: Displaying Lacp Port Internal Information
Chapter 4 | Interface Configuration Trunk Configuration (Continued) Table 8: LACP Internal Configuration Information Parameter Description ◆ Aggregation – The system considers this link to be aggregatable; i.e., a potential candidate for aggregation. ◆ Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate.
Page 141: Displaying Lacp Settings And Status For The Remote Side
Chapter 4 | Interface Configuration Trunk Configuration Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Information - Neighbors) page to display the configuration settings and Settings and Status operational state for the remote side of a link aggregation. for the Remote Side Parameters These parameters are displayed:...
Page 142: Configuring Load Balancing
Chapter 4 | Interface Configuration Trunk Configuration Figure 62: Displaying LACP Port Remote Information Configuring Use the Interface > Trunk > Load Balance page to set the load-distribution method Load Balancing used among ports in aggregated links. Command Usage ◆ This command applies to all static and dynamic trunks on the switch.
Page 143: Figure 63: Configuring Load Balancing
Chapter 4 | Interface Configuration Trunk Configuration Source and Destination MAC Address: All traffic with the same source ■ and destination MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is received from and destined for many different hosts.
Page 144: Saving Power
Chapter 4 | Interface Configuration Saving Power Saving Power Use the Interface > Green Ethernet page to enable power savings mode on the selected port. Command Usage ◆ IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters. Enabling power saving mode can reduce power used for cable lengths of 60 meters or less, with more significant reduction for cables of 20 meters or less, and continue to ensure signal integrity.
Page 145: Figure 64: Enabling Power Savings
Chapter 4 | Interface Configuration Saving Power ◆ Power Saving Status – Adjusts the power provided to ports based on the length of the cable used to connect to other devices. Only sufficient power is used to maintain connection requirements. (Default: Enabled on Gigabit Ethernet RJ-45 ports) Web Interface To enable power savings:...
Page 146: Traffic Segmentation
Chapter 4 | Interface Configuration Traffic Segmentation Traffic Segmentation If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic for individual clients. Data traffic on downlink ports is only forwarded to, and from, uplink ports.
Page 147: Configuring Uplink And Downlink Ports
Chapter 4 | Interface Configuration Traffic Segmentation Figure 65: Enabling Traffic Segmentation Configuring Uplink Use the Interface > Traffic Segmentation (Configure Session) page to assign the downlink and uplink ports to use in the segmented group. Ports designated as and Downlink Ports downlink ports can not communicate with any other ports on the switch except for the uplink ports.
Page 148: Figure 66: Configuring Members For Traffic Segmentation
Chapter 4 | Interface Configuration Traffic Segmentation ◆ If a downlink port is not configured for the session, the assigned uplink ports will operate as normal ports. Parameters These parameters are displayed: ◆ Session ID – Traffic segmentation session. (Range: 1-4) ◆...
Page 149: Vlan Trunking
Chapter 4 | Interface Configuration VLAN Trunking To show the members of the traffic segmentation group: Click Interface, Traffic Segmentation. Select Configure Session from the Step list. Select Show from the Action list. Figure 67: Showing Traffic Segmentation Members VLAN Trunking Use the Interface >...
Page 150 Chapter 4 | Interface Configuration VLAN Trunking and E automatically allow frames with VLAN group tags 1 and 2 (groups that are unknown to those switches) to pass through their VLAN trunking ports. ◆ VLAN trunking is mutually exclusive with the “access” switchport mode (see “Adding Static Members to VLANs”...
Page 151: Figure 69: Configuring Vlan Trunking
Chapter 4 | Interface Configuration VLAN Trunking Figure 69: Configuring VLAN Trunking – 151 –...
Page 152 Chapter 4 | Interface Configuration VLAN Trunking – 152 –...
Page 153: Vlan Configuration
VLAN Configuration This chapter includes the following topics: ◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs. ◆ IEEE 802.1Q Tunneling – Configures QinQ tunneling to maintain customer- specific VLAN and Layer 2 protocol configurations across a service provider network, even when different customers use the same internal VLAN IDs.
Page 154 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs groups (such as e-mail), or multicast groups (used for multimedia applications such as video conferencing). VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Page 155: Figure 70: Vlan Compliant And Vlan Non-Compliant Devices
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 70: VLAN Compliant and VLAN Non-compliant Devices tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged frames frames VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways.
Page 156: Configuring Vlan Groups
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs. Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs”...
Page 157 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Parameters These parameters are displayed: ◆ VLAN ID – ID of VLAN or range of VLANs (1-4094). VLAN 1 is the default untagged VLAN. VLAN 4093 is dedicated for Switch Clustering. Configuring this VLAN for other purposes may cause problems in the Clustering operation.
Page 158: Figure 72: Creating Static Vlans
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Mark the Status field to configure the VLAN as operational. Specify whether the VLANs are to be used for remote port mirroring. Click Apply. Figure 72: Creating Static VLANs To modify the configuration settings for VLAN groups: Click VLAN, Static.
Page 159: Adding Static Members To Vlans
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To show the configuration settings for VLAN groups: Click VLAN, Static. Select Show from the Action list. Figure 74: Showing Static VLANs Adding Static Use the VLAN > Static (Edit Member by VLAN, Edit Member by Interface, or Edit Members to VLANs Member by Interface Range) pages to configure port members for the selected VLAN index, interface, or a range of interfaces.
Page 160 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged ■ or untagged frames. 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a ■...
Page 161 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs None: Interface is not a member of the VLAN. Packets associated with this ■ VLAN will not be transmitted by the interface. Note: VLAN 1 is the default untagged VLAN containing all ports on the switch using Hybrid mode.
Page 162: Figure 75: Configuring Static Members By Vlan Index
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 75: Configuring Static Members by VLAN Index To configure static members by interface: Click VLAN, Static. Select Edit Member by Interface from the Action list. Select a port or trunk configure. Modify the settings for any interface as required.
Page 163: Configuring Dynamic Vlan Registration
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To configure static members by interface range: Click VLAN, Static. Select Edit Member by Interface Range from the Action list. Set the Interface type to display as Port or Trunk. Enter an interface range. Modify the VLAN parameters as required.
Page 164 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Configure Interface ◆ Interface – Displays a list of ports or trunks. ◆ Port – Port Identifier. (Range: 1-28) ◆ Trunk – Trunk Identifier. (Range: 1-16) ◆ GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect (using the Configure General page).
Page 165: Figure 78: Configuring Global Status Of Gvrp
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Web Interface To configure GVRP on the switch: Click VLAN, Dynamic. Select Configure General from the Step list. Enable or disable GVRP. Click Apply. Figure 78: Configuring Global Status of GVRP To configure GVRP status and timers on a port or trunk: Click VLAN, Dynamic.
Page 166: Ieee 802.1Q Tunneling
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling To show the dynamic VLAN joined by this switch: Click VLAN, Dynamic. Select Show Dynamic VLAN from the Step list. Select Show VLAN from the Action list. Figure 80: Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN: Click VLAN, Dynamic.
Page 167: Figure 82: Qinq Operational Concept
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling A service provider’s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported. VLAN ranges required by different customers in the same service-provider network might easily overlap, and traffic passing through the infrastructure might be mixed.
Page 168 Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the incoming packet has, it is treated as tagged packet. The ingress process does source and destination lookups.
Page 169 Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling If the ether-type of an incoming packet (single or double tagged) is not equal to the TPID of the uplink port, the VLAN tag is determined to be a Customer VLAN (CVLAN) tag. The uplink port’s PVID VLAN native tag is added to the packet.
Page 170: Enabling Qinq Tunneling On The Switch
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ There are some inherent incompatibilities between Layer 2 and Layer 3 switching: Tunnel ports do not support IP Access Control Lists. ■ Layer 3 Quality of Service (QoS) and other QoS features containing Layer 3 ■...
Page 171: Figure 83: Enabling Qinq Tunneling
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ Ethernet Type – The Tag Protocol Identifier (TPID) specifies the ethertype of incoming packets on a tunnel port. (Range: hexadecimal 0800-FFFF; Default: 8100) Use this field to set a custom 802.1Q ethertype value for the 802.1Q Tunnel TPID.
Page 172: Creating Cvlan To Spvlan Mapping Entries
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Creating Use the VLAN > Tunnel (Configure Service) page to create a CVLAN to SPVLAN mapping entry. CVLAN to SPVLAN Mapping Entries Command Usage ◆ The inner VLAN tag of a customer packet entering the edge router of a service provider’s network is mapped to an outer tag indicating the service provider VLAN that will carry this traffic across the 802.1Q tunnel.
Page 173: Adding An Interface To A Qinq Tunnel
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Figure 84: Configuring CVLAN to SPVLAN Mapping Entries To show the mapping table: Click VLAN, Tunnel. Select Configure Service from the Step list. Select Show from the Action list. Select an interface from the Port list. Figure 85: Showing CVLAN to SPVLAN Mapping Entries The preceding example sets the SVID to 99 in the outer tag for egress packets exiting port 1 when the packet’s CVID is 2.
Page 174: Figure 86: Adding An Interface To A Qinq Tunnel
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ Then use the Configure Interface page to set the access interface on the edge switch to Access mode, and set the uplink interface on the switch attached to the service provider network to Uplink mode. Parameters These parameters are displayed: ◆...
Page 175: Protocol Vlans
Chapter 5 | VLAN Configuration Protocol VLANs Protocol VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 176: Figure 87: Configuring Protocol Vlans
Chapter 5 | VLAN Configuration Protocol VLANs Note: Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN (VLAN 1) that has been configured with the switch's administrative IP. IP Protocol Ethernet traffic must not be mapped to another VLAN or you will lose administrative network connectivity to the switch.
Page 177: Mapping Protocol Groups To Interfaces
Chapter 5 | VLAN Configuration Protocol VLANs Figure 88: Displaying Protocol VLANs Mapping Protocol Use the VLAN > Protocol (Configure Interface - Add) page to map a protocol group to a VLAN for each interface that will participate in the group. Groups to Interfaces Command Usage ◆...
Page 178: Figure 89: Assigning Interfaces To Protocol Vlans
Chapter 5 | VLAN Configuration Protocol VLANs ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority) Web Interface To map a protocol group to a VLAN for a port or trunk: Click VLAN, Protocol.
Page 179: Configuring Ip Subnet Vlans
Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs Figure 90: Showing the Interface to Protocol Group Mapping Configuring IP Subnet VLANs Use the VLAN > IP Subnet page to configure IP subnet-based VLANs. When using port-based classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port.
Page 180: Figure 91: Configuring Ip Subnet Vlans
Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs ◆ VLAN – VLAN to which matching IP subnet traffic is forwarded. (Range: 1-4094) ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority; Default: 0) Web Interface To map an IP subnet to a VLAN: Click VLAN, IP Subnet.
Page 181: Configuring Mac-Based Vlans
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs Figure 92: Showing IP Subnet VLANs Configuring MAC-based VLANs Use the VLAN > MAC-Based page to configure VLAN based on MAC addresses. The MAC-based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC addresses.
Page 182: Figure 93: Configuring Mac-Based Vlans
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs So the mask in hexadecimal for this example could be: ff-fx-xx-xx-xx-xx/ff-c0-00-00-00-00/ff-e0-00-00-00-00 ◆ VLAN – VLAN to which ingress traffic matching the specified source MAC address is forwarded. (Range: 1-4094) ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority;...
Page 183: Configuring Vlan Mirroring
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring Figure 94: Showing MAC-Based VLANs Configuring VLAN Mirroring Use the VLAN > Mirror (Add) page to mirror traffic from one or more source VLANs to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source VLAN(s) in a completely unobtrusive manner.
Page 184: Figure 95: Configuring Vlan Mirroring
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring Parameters These parameters are displayed: ◆ Source VLAN – A VLAN whose traffic will be monitored. (Range: 1-4094) ◆ Target Port – The destination port that receives the mirrored traffic from the source VLAN.
Page 185: Configuring Vlan Translation
Chapter 5 | VLAN Configuration Configuring VLAN Translation Configuring VLAN Translation Use the VLAN > Translation (Add) page to map VLAN IDs between the customer and service provider for networks that do not support IEEE 802.1Q tunneling. Command Usage ◆ QinQ tunneling uses double tagging to preserve the customer’s VLAN tags on traffic crossing the service provider’s network.
Page 186: Figure 98: Configuring Vlan Translation
Chapter 5 | VLAN Configuration Configuring VLAN Translation Web Interface To configure VLAN translation: Click VLAN, Translation. Select Add from the Action list. Select a port, and enter the original and new VLAN IDs. Click Apply. Figure 98: Configuring VLAN Translation To show the mapping entries for VLANs translation: Click VLAN, Translation.
Page 187: Address Table Settings
Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 188: Figure 100: Configuring Mac Address Learning
Chapter 6 | Address Table Settings Configuring MAC Address Learning ◆ Also note that MAC address learning cannot be disabled if any of the following conditions exist: 802.1X Port Authentication has been globally enabled on the switch (see ■ “Configuring 802.1X Global Settings” on page 344).
Page 189: Setting Static Addresses
Chapter 6 | Address Table Settings Setting Static Addresses Setting Static Addresses Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved.
Page 190: Figure 101: Configuring Static Mac Addresses
Chapter 6 | Address Table Settings Setting Static Addresses Web Interface To configure a static MAC address: Click MAC Address, Static. Select Add from the Action list. Specify the VLAN, the port or trunk to which the address will be assigned, the MAC address, and the time to retain this entry.
Page 191: Changing The Aging Time
Chapter 6 | Address Table Settings Changing the Aging Time Changing the Aging Time Use the MAC Address > Dynamic (Configure Aging) page to set the aging time for entries in the dynamic address table. The aging time is used to age out dynamically learned forwarding information.
Page 192: Figure 104: Displaying The Dynamic Mac Address Table
Chapter 6 | Address Table Settings Displaying the Dynamic Address Table Parameters These parameters are displayed: ◆ Sort Key - You can sort the information displayed based on MAC address, VLAN or interface (port or trunk). ◆ MAC Address – Physical address associated with this interface. ◆...
Page 193: Clearing The Dynamic Address Table
Chapter 6 | Address Table Settings Clearing the Dynamic Address Table Clearing the Dynamic Address Table Use the MAC Address > Dynamic (Clear Dynamic MAC) page to remove any learned entries from the forwarding database. Parameters These parameters are displayed: ◆...
Page 194: Configuring Mac Address Mirroring
Chapter 6 | Address Table Settings Configuring MAC Address Mirroring Configuring MAC Address Mirroring Use the MAC Address > Mirror (Add) page to mirror traffic matching a specified source address from any port on the switch to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
Page 195: Issuing Mac Address Traps
Chapter 6 | Address Table Settings Issuing MAC Address Traps Figure 106: Mirroring Packets Based on the Source MAC Address To show the MAC addresses to be mirrored: Click MAC Address, Mirror. Select Show from the Action list. Figure 107: Showing the Source MAC Addresses to Mirror Issuing MAC Address Traps Use the MAC Address >...
Page 196: Figure 108: Issuing Mac Address Traps (Global Configuration)
Chapter 6 | Address Table Settings Issuing MAC Address Traps MAC authentication traps must be enabled at the global level for this attribute to take effect. Web Interface To enable MAC address traps at the global level: Click MAC Address, MAC Notification. Select Configure Global from the Step list.
Page 197: Spanning Tree Algorithm
Spanning Tree Algorithm This chapter describes the following basic topics: ◆ Loopback Detection – Configures detection and response to loopback BPDUs. ◆ Global Settings for STA – Configures global bridge settings for STP, RSTP and MSTP. ◆ Interface Settings for STA –...
Page 198: Figure 110: Stp Root Ports And Designated Ports
Chapter 7 | Spanning Tree Algorithm Overview Figure 110: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 199: Configuring Loopback Detection
Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest – see “Configuring Multiple Spanning Trees” on page 214).
Page 200 Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection Note: Loopback detection will not be active if Spanning Tree is disabled on the switch. Note: When configured for manual release mode, then a link down/up event will not release the port from the discarding state. Parameters These parameters are displayed: ◆...
Page 201: Configuring Global Settings For Sta
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Figure 113: Configuring Port Loopback Detection Configuring Global Settings for STA Use the Spanning Tree > STA (Configure Global - Configure) page to configure global settings for the spanning tree that apply to the entire switch. Command Usage ◆...
Page 202 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance. To allow multiple spanning trees to operate over the network, you must ■...
Page 203 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA ◆ Cisco Prestandard Status – Configures spanning tree operation to be compatible with Cisco prestandard versions. (Default: Disabled) Cisco prestandard versions prior to Cisco IOS Release 12.2(25)SEC do not fully follow the IEEE standard, causing some state machine procedures to function incorrectly.
Page 204 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. Default: 15 ■...
Page 205: Figure 114: Configuring Global Settings For Sta (Stp)
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Click Apply Figure 114: Configuring Global Settings for STA (STP) Figure 115: Configuring Global Settings for STA (RSTP) – 205 –...
Page 206: Displaying Global Settings For Sta
Chapter 7 | Spanning Tree Algorithm Displaying Global Settings for STA Figure 116: Configuring Global Settings for STA (MSTP) Displaying Global Settings for STA Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch. Parameters The parameters displayed are described in the preceding section, except for the following items:...
Page 207: Configuring Interface Settings For Sta
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA root port, then this switch has been accepted as the root device of the Spanning Tree network. ◆ Root Path Cost – The path cost from the root port on this switch to the root device.
Page 208: Table 11: Recommended Sta Path Cost Range
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Parameters These parameters are displayed: ◆ Interface – Displays a list of ports or trunks. ◆ Spanning Tree – Enables/disables STA on this interface. (Default: Enabled) ◆ BPDU Flooding - Enables/disables the flooding of BPDUs to other ports when global spanning tree is disabled (page 201) or when spanning tree is disabled...
Page 209: Figure 118: Determining The Root Port
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Table 12: Default STA Path Costs Port Type Short Path Cost Long Path Cost (IEEE 802.1D-1998) (IEEE 802.1D-2004) Ethernet 65,535 1,000,000 Fast Ethernet 65,535 100,000 Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000...
Page 210 Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device.
Page 211: Figure 119: Configuring Interface Settings For Sta
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA ◆ BPDU Filter – BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes. By default, STA sends BPDUs to all ports regardless of whether administrative edge is enabled on a port.
Page 212: Displaying Interface Settings For Sta
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA Displaying Interface Settings for STA Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. Parameters These parameters are displayed: ◆...
Page 213: Figure 120: Sta Port Roles
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA ◆ Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include this port. ◆ Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
Page 214: Configuring Multiple Spanning Trees
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Web Interface To display interface settings for STA: Click Spanning Tree, STA. Select Configure Interface from the Step list. Select Show Information from the Action list. Figure 121: Displaying Interface Settings for STA Configuring Multiple Spanning Trees Use the Spanning Tree >...
Page 215 Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Enter the spanning tree priority for the selected MST instance on the Spanning Tree > MSTP (Configure Global - Add) page. Add the VLANs that will share this MSTI on the Spanning Tree > MSTP (Configure Global - Add Member) page.
Page 216: Figure 122: Creating An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Figure 122: Creating an MST Instance To show the MSTP instances: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Show from the Action list. Figure 123: Displaying MST Instances –...
Page 217: Figure 124: Modifying The Priority For An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To modify the priority for an MST instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Modify from the Action list. Modify the priority for an MSTP Instance. Click Apply.
Page 218: Figure 126: Adding A Vlan To An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add Member from the Action list. Select an MST instance from the MST ID list. Enter the VLAN group to add to the instance in the VLAN ID field.
Page 219: Configuring Interface Settings For Mstp
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Configuring Interface Settings for MSTP Use the Spanning Tree > MSTP (Configure Interface - Configure) page to configure the STA interface settings for an MST instance. Parameters These parameters are displayed: ◆...
Page 220: Figure 128: Configuring Mstp Interface Settings
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Web Interface To configure MSTP parameters for a port or trunk: Click Spanning Tree, MSTP. Select Configure Interface from the Step list. Select Configure from the Action list. Enter the priority and path cost for an interface Click Apply.
Page 221: Congestion Control
Congestion Control The switch can set the maximum upload or download data transfer rate for any port. It can also control traffic storms by setting a maximum threshold for broadcast traffic or multicast traffic. It can also set bounding thresholds for broadcast and multicast storms which can be used to automatically trigger rate limits or to shut down a port.
Page 222: Storm Control
Chapter 8 | Congestion Control Storm Control Web Interface To configure rate limits: Click Traffic, Rate Limit. Set the interface type to Port or Trunk. Enable the Rate Limit Status for the required interface. Set the rate limit for required interfaces. Click Apply.
Page 223 Chapter 8 | Congestion Control Storm Control control responses. However, only one of these control types can be applied to a port. Enabling hardware-level storm control on a port will disable automatic storm control on that port. ◆ Rate limits set by the storm control function are also used by automatic storm control when the control response is set to rate control on the Auto Traffic Control (Configure Interface) page.
Page 224: Automatic Traffic Control
Chapter 8 | Congestion Control Automatic Traffic Control Figure 131: Configuring Storm Control Automatic Traffic Control Use the Traffic > Auto Traffic Control pages to configure bounding thresholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port.
Page 225: Setting The Atc Timers
Chapter 8 | Congestion Control Automatic Traffic Control ◆ Alarm Clear Threshold – The lower threshold beneath which a control response can be automatically terminated after the release timer expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Trap and logs it. ◆...
Page 226: Figure 134: Configuring Atc Timers
Chapter 8 | Congestion Control Automatic Traffic Control be triggered (as configured under the Action field) or a trap message sent (as configured under the Trap Storm Fire field). ◆ The release timer only applies to a Rate Control response set in the Action field of the ATC (Interface Configuration) page.
Page 227: Configuring Atc Thresholds And Responses
Chapter 8 | Congestion Control Automatic Traffic Control Configuring ATC Use the Traffic > Auto Traffic Control (Configure Interface) page to set the storm control mode (broadcast or multicast), the traffic thresholds, the control response, Thresholds and to automatically release a response of rate limiting, or to send related SNMP trap Responses messages.
Page 228 Chapter 8 | Congestion Control Automatic Traffic Control ◆ Alarm Clear Threshold – The lower threshold for ingress traffic beneath which a control response for rate limiting will be released after the Release Timer expires, if so configured by the Auto Release Control attribute. (Range: 1-255 kilo-packets per second;...
Page 229: Figure 135: Configuring Atc Interface Attributes
Chapter 8 | Congestion Control Automatic Traffic Control Figure 135: Configuring ATC Interface Attributes – 229 –...
Page 230 Chapter 8 | Congestion Control Automatic Traffic Control – 230 –...
Page 231: Class Of Service
Class of Service Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high- priority queue will be transmitted before those in the lower-priority queues.
Page 232: Selecting The Queue Mode
Chapter 9 | Class of Service Layer 2 Queue Settings ◆ If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission. Parameters These parameters are displayed: ◆ Interface –...
Page 233 Chapter 9 | Class of Service Layer 2 Queue Settings the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur with strict priority queuing. ◆ If Strict and WRR mode is selected, a combination of strict service is used for the high priority queues and weighted service for the remaining queues.
Page 234: Figure 137: Setting The Queue Mode (Strict)
Chapter 9 | Class of Service Layer 2 Queue Settings Web Interface To configure the queue mode: Click Traffic, Priority, Queue. Set the queue mode. If the weighted queue mode is selected, the queue weight can be modified if required. If the queue mode that uses a combination of strict and weighted queueing is selected, the queues which are serviced first must be specified by enabling strict mode parameter in the table.
Page 235: Mapping Cos Values To Egress Queues
Chapter 9 | Class of Service Layer 2 Queue Settings Figure 139: Setting the Queue Mode (Strict and WRR) Mapping CoS Values Use the Traffic > Priority > PHB to Queue page to specify the hardware output to Egress Queues queues to use based on the internal per-hop behavior value.
Page 236: Table 14: Cos Priority Levels
Chapter 9 | Class of Service Layer 2 Queue Settings The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in Table 14. However, priority levels can be mapped to the switch’s output queues in any way that benefits application traffic for the network. Table 14: CoS Priority Levels Priority Level Traffic Type...
Page 237: Figure 140: Mapping Cos Values To Egress Queues
Chapter 9 | Class of Service Layer 2 Queue Settings Select a port. Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes.
Page 238: Layer 3/4 Priority Settings
Chapter 9 | Class of Service Layer 3/4 Priority Settings Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.
Page 239: Mapping Ingress Dscp Values To Internal Dscp Values
Chapter 9 | Class of Service Layer 3/4 Priority Settings Parameters These parameters are displayed: ◆ Port – Port identifier. (Range: 1-28) ◆ Trust Mode CoS – Maps layer 3/4 priorities using Class of Service values. (This is the ■ default setting.) DSCP –...
Page 240: Table 16: Default Mapping Of Dscp Values To Internal Phb/Drop Values
Chapter 9 | Class of Service Layer 3/4 Priority Settings DSCP mutation map will not be accepted by the switch, unless the trust mode has been set to DSCP. ◆ Two QoS domains can have different DSCP definitions, so the DSCP-to-PHB/ Drop Precedence mutation map can be used to modify one set of DSCP values to match the definition of another domain.
Page 241: Figure 143: Configuring Dscp To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map DSCP values to internal PHB/drop precedence: Click Traffic, Priority, DSCP to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any DSCP value. Click Apply.
Page 242: Mapping Cos Priorities To Internal Dscp Values
Chapter 9 | Class of Service Layer 3/4 Priority Settings Mapping Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in incoming packets to per-hop behavior and drop precedence values for priority processing. CoS Priorities to Internal DSCP Values Command Usage ◆...
Page 243: Figure 145: Configuring Cos To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map CoS/CFI values to internal PHB/drop precedence: Click Traffic, Priority, CoS to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any of the CoS/CFI combinations. Click Apply.
Page 244: Figure 146: Showing Cos To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings To show the CoS/CFI to internal PHB/drop precedence map: Click Traffic, Priority, CoS to DSCP. Select Show from the Action list. Select a port. Figure 146: Showing CoS to DSCP Internal Mapping –...
Page 245: Quality Of Service
Quality of Service This chapter describes the following tasks required to apply QoS policies: ◆ Class Map – Creates a map which identifies a specific class of traffic. ◆ Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic.
Page 246: Configuring A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Command Usage To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic.
Page 247 Chapter 10 | Quality of Service Configuring a Class Map Match Any – Match any condition within a class map. ■ ◆ Description – A brief description of a class map. (Range: 1-64 characters) Add Rule ◆ Class Name – Name of the class map. ◆...
Page 248: Figure 147: Configuring A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Figure 147: Configuring a Class Map To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 148: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.
Page 249: Figure 149: Adding Rules To A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Figure 149: Adding Rules to a Class Map To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 150: Showing the Rules for a Class Map –...
Page 250: Creating Qos Policies
Chapter 10 | Quality of Service Creating QoS Policies Creating QoS Policies Use the Traffic > DiffServ (Configure Policy) page to create a policy map that can be attached to multiple interfaces. A policy map is used to group one or more class map statements (page 246), modify service tagging, and enforce bandwidth...
Page 251 Chapter 10 | Quality of Service Creating QoS Policies ◆ The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.
Page 252 Chapter 10 | Quality of Service Creating QoS Policies (BP). Action may taken for traffic conforming to the maximum throughput, exceeding the maximum throughput, or exceeding the peak burst size. ◆ The PHB label is composed of five bits, three bits for per-hop behavior, and two bits for the color scheme used to control queue congestion.
Page 253 Chapter 10 | Quality of Service Creating QoS Policies Command Usage ◆ A policy map can contain 512 class statements that can be applied to the same interface (page 259). Up to 32 policy maps can be configured for ingress ports. ◆...
Page 254 Chapter 10 | Quality of Service Creating QoS Policies Flow (Police Flow) – Defines the committed information rate (CIR, or ■ maximum throughput), committed burst size (BC, or burst rate), and the action to take for conforming and non-conforming traffic. Policing is based on a token bucket, where bucket depth (that is, the maximum burst before the bucket overflows) is specified by the “burst”...
Page 255 Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Committed burst in bytes. ■ (Range: 64-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Excess Burst Size (BE) – Burst in excess of committed burst size. ■...
Page 256 Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Committed burst in bytes. ■ (Range: 64-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Peak Information Rate (PIR) – Rate in kilobits per second. ■...
Page 257: Figure 151: Configuring A Policy Map
Chapter 10 | Quality of Service Creating QoS Policies Web Interface To configure a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add from the Action list. Enter a policy name. Enter a description. Click Add. Figure 151: Configuring a Policy Map To show the configured policy maps: Click Traffic, DiffServ.
Page 258: Figure 153: Adding Rules To A Policy Map
Chapter 10 | Quality of Service Creating QoS Policies To edit the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add Rule from the Action list. Select the name of a policy map. Set the CoS or per-hop behavior for matching packets to specify the quality of service to be assigned to the matching traffic class.
Page 259: Attaching A Policy Map To A Port
Chapter 10 | Quality of Service Attaching a Policy Map to a Port To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 154: Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic >...
Page 260: Figure 155: Attaching A Policy Map To A Port
Chapter 10 | Quality of Service Attaching a Policy Map to a Port Check the box under the Ingress or Egress field to enable a policy map for a port. Select a policy map from the scroll-down box. Click Apply. Figure 155: Attaching a Policy Map to a Port –...
Page 261: Voip Traffic Configuration
VoIP Traffic Configuration This chapter covers the following topics: ◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the aging time for attached ports. ◆ Telephony OUI List – Configures the list of phones to be treated as VOIP devices based on the specified Organization Unit Identifier (OUI).
Page 262: Configuring Voip Traffic
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Configuring VoIP Traffic Use the Traffic > VoIP (Configure Global) page to configure the switch for VoIP traffic. First enable automatic detection of VoIP devices attached to the switch ports, then set the Voice VLAN ID for the network. The Voice VLAN aging time can also be set to remove a port from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 263: Configuring Telephony Oui
Chapter 11 | VoIP Traffic Configuration Configuring Telephony OUI Figure 156: Configuring a Voice VLAN Configuring Telephony OUI VoIP devices attached to the switch can be identified by the vendor’s Organizational Unique Identifier (OUI) in the source MAC address of received packets.
Page 264: Configuring Voip Traffic Ports
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Enter a description for the devices. Click Apply. Figure 157: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: Click Traffic, VoIP. Select Configure OUI from the Step list. Select Show from the Action list.
Page 265 Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Parameters These parameters are displayed: ◆ Mode – Specifies if the port will be added to the Voice VLAN when VoIP traffic is detected. (Default: None) None – The Voice VLAN feature is disabled on the port. The port will not ■...
Page 266: Figure 159: Configuring Port Settings For A Voice Vlan
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports When VoIP Mode is set to Auto, the Remaining Age will be displayed. Otherwise, if the VoIP Mode is Disabled or set to Manual, the remaining age will display “NA. ” Web Interface To configure VoIP traffic settings for a port: Click Traffic, VoIP.
Page 267: Security Measures
Security Measures You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports. This switch provides secure network management access using the following options: ◆...
Page 268: Aaa (Authentication, Authorization And Accounting)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) ◆ IPv6 Source Guard – Filters IPv6 traffic on insecure ports for which the source address cannot be identified via ND snooping, DHCPv6 snooping, nor static source bindings. ◆ DHCP Snooping –...
Page 269: Configuring Local/Remote Logon Authentication
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure AAA on the switch, you need to follow this general process: Configure RADIUS and TACACS+ server access parameters. See “Configuring Local/Remote Logon Authentication” on page 269. Define RADIUS and TACACS+ server groups to support the accounting and authorization of services.
Page 270: Configuring Remote Logon Authentication Servers
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) TACACS – User authentication is performed using a TACACS+ server only. ■ [authentication sequence] – User authentication is performed by up to ■ three authentication methods in the indicated sequence. Web Interface To configure the method(s) of controlling management access: Click Security, AAA, System Authentication.
Page 271 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. Command Usage ◆ If a remote authentication server is used, you must specify the message exchange parameters for the remote authentication protocol.
Page 272 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Authentication Key – Encryption key used to authenticate logon access ■ for client. Enclose any string containing blank spaces in double quotes. (Maximum length: 48 characters) Confirm Authentication Key – Re-type the string entered in the previous ■...
Page 273: Figure 162: Configuring Remote Authentication Server (Radius)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Web Interface To configure the parameters for RADIUS or TACACS+ authentication: Click Security, AAA, Server. Select Configure Server from the Step list. Select RADIUS or TACACS+ server type. Select Global to specify the parameters that apply globally to all specified servers, or select a specific Server Index to specify the parameters that apply to a specific server.
Page 274: Figure 163: Configuring Remote Authentication Server (Tacacs+)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 163: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Add from the Action list.
Page 275: Configuring Aaa Accounting
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 165: Showing AAA Server Groups Configuring Use the Security >...
Page 276 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Exec – Administrative accounting for local console, Telnet, or SSH ■ connections. ◆ Privilege Level – The CLI privilege levels (0-15). This parameter only applies to Command accounting. ◆ Method Name – Specifies an accounting method for service requests. The “default”...
Page 277: Figure 166: Configuring Global Settings For Aaa Accounting
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) VTY Method Name – Specifies a user defined method name to apply to ■ Telnet and SSH connections. Show Information – Summary ◆ Accounting Type - Displays the accounting service. ◆...
Page 278: Figure 167: Configuring Aaa Accounting Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure the accounting method applied to various service types and the assigned server group: Click Security, AAA, Accounting. Select Configure Method from the Step list. Select Add from the Action list. Select the accounting type (802.1X, Command, Exec).
Page 279: Figure 168: Showing Aaa Accounting Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 168: Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces, console commands entered at specific privilege levels, and local console, Telnet, or SSH connections: Click Security, AAA, Accounting. Select Configure Service from the Step list.
Page 280: Figure 170: Configuring Aaa Accounting Service For Command Service
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 170: Configuring AAA Accounting Service for Command Service Figure 171: Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types: Click Security, AAA, Accounting.
Page 281: Configuring Aaa Authorization
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 172: Displaying a Summary of Applied AAA Accounting Methods To display basic accounting information and statistics recorded for user sessions: Click Security, AAA, Accounting. Select Show Information from the Step list. Click Statistics.
Page 282 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Parameters These parameters are displayed: Configure Method ◆ Authorization Type – Specifies the service as Exec, indicating administrative authorization for local console, Telnet, or SSH connections. ◆ Method Name – Specifies an authorization method for service requests. The “default”...
Page 283: Figure 174: Configuring Aaa Authorization Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Specify the name of the authorization method and server group name. Click Apply. Figure 174: Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group: Click Security, AAA, Authorization.
Page 284: Configuring User Accounts
Chapter 12 | Security Measures Configuring User Accounts Figure 176: Configuring AAA Authorization Methods for Exec Service To display a the configured authorization method and assigned server groups for The Exec service type: Click Security, AAA, Authorization. Select Show Information from the Step list. Figure 177: Displaying the Applied AAA Authorization Method Configuring User Accounts Use the Security >...
Page 285 Chapter 12 | Security Measures Configuring User Accounts ◆ Access Level – Specifies command access privileges. (Range: 0-15) Level 0, 8 and 15 are designed for users (guest), managers (network maintenance), and administrators (top-level access). The other levels can be used to configured specialized access profiles.
Page 286: Web Authentication
Chapter 12 | Security Measures Web Authentication Specify a user name, select the user's access level, then enter a password if required and confirm it. Click Apply. Figure 178: Configuring User Accounts To show user accounts: Click Security, User Accounts. Select Show from the Action list.
Page 287: Configuring Global Settings For Web Authentication
Chapter 12 | Security Measures Web Authentication Note: RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See “Configuring Local/Remote Logon Authentication” on page 269.) Note: Web authentication cannot be configured on trunk ports. Configuring Use the Security >...
Page 288: Configuring Interface Settings For Web Authentication
Chapter 12 | Security Measures Web Authentication Figure 180: Configuring Global Settings for Web Authentication Configuring Use the Security > Web Authentication (Configure Interface) page to enable web Interface Settings for authentication on a port, and display information for any connected hosts. Web Authentication Parameters These parameters are displayed:...
Page 289: Network Access (Mac Address Authentication)
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 181: Configuring Interface Settings for Web Authentication Network Access (MAC Address Authentication) Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations. This is often true for devices such as network printers, IP phones, and some wireless access points.
Page 290: Table 18: Dynamic Qos Profiles
Chapter 12 | Security Measures Network Access (MAC Address Authentication) maximum number of secure MAC addresses supported for the switch system is 1024. ◆ Configured static MAC addresses are added to the secure address table when seen on a switch port. Static addresses are treated as authenticated without sending a request to a RADIUS server.
Page 291: Configuring Global Settings For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) For example, if the attribute is “service-policy-in=p1;service-policy-in=p2”, then the switch applies only the DiffServ profile “p1. ” ◆ Any unsupported profiles in the Filter-ID attribute are ignored. For example, if the attribute is “map-ip-dscp=2:3;service-policy-in=p1, ” then the switch ignores the “map-ip-dscp”...
Page 292: Configuring Network Access For Ports
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Authenticated MAC addresses are stored as dynamic entries in the switch’s secure MAC address table and are removed when the aging time expires. The maximum number of secure MAC addresses supported for the switch system is 1024.
Page 293 Chapter 12 | Security Measures Network Access (MAC Address Authentication) Intrusion – Sets the port response to a host MAC authentication failure to ■ either block access to the port or to pass traffic through. (Options: Block, Pass; Default: Block) Max MAC Count –...
Page 294: Configuring Port Link Detection
Chapter 12 | Security Measures Network Access (MAC Address Authentication) ◆ MAC Filter ID – Allows a MAC Filter to be assigned to the port. MAC addresses or MAC address ranges present in a selected MAC Filter are exempt from authentication on the specified port (as described under "Configuring a MAC Address...
Page 295: Configuring A Mac Address Filter
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Link up and down – All link up and link down events will trigger the port ■ action. ◆ Action – The switch can respond in three ways to a link up or down trigger event.
Page 296: Figure 185: Configuring A Mac Address Filter For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) ◆ There is no limitation on the number of entries used in a filter table. Parameters These parameters are displayed: ◆ Filter ID – Adds a filter rule for the specified filter. (Range: 1-64) ◆...
Page 297: Displaying Secure Mac Address Information
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 186: Showing the MAC Address Filter Table for Network Access Displaying Secure Use the Security > Network Access (Show Information) page to display the authenticated MAC addresses stored in the secure MAC address table. Information MAC Address on the secure MAC entries can be displayed and selected entries can be removed Information...
Page 298: Figure 187: Showing Addresses Authenticated For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Web Interface To display the authenticated MAC addresses stored in the secure MAC address table: Click Security, Network Access. Select Show Information from the Step list. Use the sort key to display addresses based MAC address, interface, or attribute. Restrict the displayed addresses by entering a specific address in the MAC Address field, specifying a port in the Interface field, or setting the address type to static or dynamic in the Attribute field.
Page 299: Configuring Https
Chapter 12 | Security Measures Configuring HTTPS Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Configuring Global Use the Security >...
Page 300: Replacing The Default Secure-Site Certificate
Chapter 12 | Security Measures Configuring HTTPS Parameters These parameters are displayed: ◆ HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) ◆ HTTPS Port – Specifies the TCP port number used for HTTPS connection to the switch’s web interface.
Page 301 Chapter 12 | Security Measures Configuring HTTPS When you have obtained these, place them on your TFTP server and transfer them to the switch to replace the default (unrecognized) certificate with an authorized one. Note: The switch must be reset for the new certificate to be activated. To reset the switch, see “Resetting the System”...
Page 302: Configuring The Secure Shell
Chapter 12 | Security Measures Configuring the Secure Shell Figure 189: Downloading the Secure-Site Certificate Configuring the Secure Shell The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments.
Page 303 Chapter 12 | Security Measures Configuring the Secure Shell To use the SSH server, complete these steps: Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Page 304: Configuring The Ssh Server
Chapter 12 | Security Measures Configuring the Secure Shell Public Key Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it.
Page 305: Figure 190: Configuring The Ssh Server
Chapter 12 | Security Measures Configuring the Secure Shell Parameters These parameters are displayed: ◆ SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) ◆ Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Page 306: Generating The Host Key Pair
Chapter 12 | Security Measures Configuring the Secure Shell Generating the Use the Security > SSH (Configure Host Key - Generate) page to generate a host public/private key pair used to provide secure communications between an SSH Host Key Pair client and the switch.
Page 307: Importing User Public Keys
Chapter 12 | Security Measures Configuring the Secure Shell To display or clear the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Show from the Action list. Select the option to save the host key from memory to flash by clicking Save, or select the host-key type to clear and click Clear.
Page 308: Figure 193: Copying The Ssh User's Public Key
Chapter 12 | Security Measures Configuring the Secure Shell The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. ◆ TFTP Server IP Address – The IP address of the TFTP server that contains the public key file you wish to import.
Page 309: Access Control Lists
Chapter 12 | Security Measures Access Control Lists Figure 194: Showing the SSH User’s Public Key Access Control Lists Access Control Lists (ACL) provide packet filtering for IPv4/IPv6 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, DSCP traffic class, or next header type), or any frames (based on MAC address or Ethernet type).
Page 310: Setting A Time Range
Chapter 12 | Security Measures Access Control Lists possible depends on too many factors to be precisely determined. It depends on the amount of hardware resources reserved at runtime for this purpose. Auto ACE Compression is a software feature used to compress all the ACEs of an ACL to utilize hardware resources more efficiency.
Page 311: Figure 195: Setting The Name Of A Time Range
Chapter 12 | Security Measures Access Control Lists Parameters These parameters are displayed: ◆ Time-Range Name – Name of a time range. (Range: 1-16 characters) Add Rule ◆ Time-Range – Name of a time range. ◆ Mode Absolute – Specifies a specific time or time range. ■...
Page 312: Figure 196: Showing A List Of Time Ranges
Chapter 12 | Security Measures Access Control Lists Select Show from the Action list. Figure 196: Showing a List of Time Ranges To configure a rule for a time range: Click Security, ACL. Select Configure Time Range from the Step list. Select Add Rule from the Action list.
Page 313: Showing Tcam Utilization
Chapter 12 | Security Measures Access Control Lists Select Show Rule from the Action list. Figure 198: Showing the Rules Configured for a Time Range Showing Use the Security > ACL (Configure ACL - Show TCAM) page to show utilization TCAM Utilization parameters for TCAM (Ternary Content Addressable Memory), including the number policy control entries in use, the number of free entries, and the overall...
Page 314: Setting The Acl Name And Type
Chapter 12 | Security Measures Access Control Lists Web Interface To show information on TCAM utilization: Click Security, ACL. Select Configure ACL from the Step list. Select Show TCAM from the Action list. Figure 199: Showing TCAM Utilization Setting the Use the Security >...
Page 315: Figure 200: Creating An Acl
Chapter 12 | Security Measures Access Control Lists Web Interface To configure the name and type of an ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add from the Action list. Fill in the ACL Name field, and select the ACL type. Click Apply.
Page 316: Configuring A Standard Ipv4 Acl
Chapter 12 | Security Measures Access Control Lists Configuring a Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to configure a Standard IPv4 ACL. Standard IPv4 ACL Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...
Page 317: Configuring An Extended Ipv4 Acl
Chapter 12 | Security Measures Access Control Lists Figure 202: Configuring a Standard IPv4 ACL Configuring an Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to configure an Extended IPv4 ACL. Extended IPv4 ACL Parameters These parameters are displayed: ◆...
Page 318 Chapter 12 | Security Measures Access Control Lists ◆ Service Type – Packet priority settings based on the following criteria: Precedence – IP precedence level. (Range: 0-7) ■ ■ DSCP – DSCP priority level. (Range: 0-63) ◆ Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header.
Page 319: Configuring A Standard Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists If you select “Host, ” enter a specific address. If you select “IP, ” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or control code.
Page 320: Figure 204: Configuring A Standard Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists the address to indicate the appropriate number of zeros required to fill the undefined fields. ◆ Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address).
Page 321: Configuring An Extended Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page to configure an Extended IPv6 ACL. Extended IPv6 ACL Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...
Page 322: Figure 205: Configuring An Extended Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists ◆ Time Range – Name of a time range. Web Interface To add rules to an Extended IPv6 ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select IPv6 Extended from the Type list.
Page 323: Configuring A Mac Acl
Chapter 12 | Security Measures Access Control Lists Configuring a Use the Security > ACL (Configure ACL - Add Rule - MAC) page to configure a MAC ACL based on hardware addresses, packet format, and Ethernet type. MAC ACL Parameters These parameters are displayed: ◆...
Page 324: Figure 206: Configuring A Mac Acl
Chapter 12 | Security Measures Access Control Lists Web Interface To add rules to a MAC ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select MAC from the Type list. Select the name of an ACL from the Name list.
Page 325: Configuring An Arp Acl
Chapter 12 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - ARP) page to configure ACLs based on ARP message addresses. ARP Inspection can then use these ACLs to filter ARP ACL suspicious traffic (see “Configuring Global Settings for ARP Inspection”...
Page 326: Binding A Port To An Access Control List
Chapter 12 | Security Measures Access Control Lists Select the name of an ACL from the Name list. Specify the action (i.e., Permit or Deny). Select the packet type (Request, Response, All). Select the address type (Any, Host, or IP). If you select “Host, ”...
Page 327: Configuring Acl Mirroring
Chapter 12 | Security Measures Access Control Lists ◆ Counter – Enables counter for ACL statistics. Web Interface To bind an ACL to a port: Click Security, ACL. Select Configure Interface from the Step list. Select Configure from the Action list. Select IP, MAC or IPv6 from the Type options.
Page 328: Figure 209: Configuring Acl Mirroring
Chapter 12 | Security Measures Access Control Lists Command Usage ACL-based mirroring is only used for ingress traffic. To mirror an ACL, follow these steps: Create an ACL as described in the preceding sections. Add one or more mirrored ports to ACL as described under “Binding a Port to an Access Control List”...
Page 329: Showing Acl Hardware Counters
Chapter 12 | Security Measures Access Control Lists Select a port. Figure 210: Showing the VLANs to Mirror Showing ACL Use the Security > ACL > Configure Interface (Show Hardware Counters) page to Hardware Counters show statistics for ACL hardware counters. Parameters These parameters are displayed: ◆...
Page 330: Arp Inspection
Chapter 12 | Security Measures ARP Inspection Select a port. Select ingress or egress traffic. Figure 211: Showing ACL Statistics ARP Inspection ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the- middle”...
Page 331: Configuring Global Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection When ARP Inspection is enabled globally, all ARP request and reply packets ■ on inspection-enabled VLANs are redirected to the CPU and their switching behavior handled by the ARP Inspection engine. If ARP Inspection is disabled globally, then it becomes inactive for all ■...
Page 332 Chapter 12 | Security Measures ARP Inspection ARP Inspection Logging ◆ By default, logging is active for ARP Inspection, and cannot be disabled. ◆ The administrator can configure the log facility rate. ◆ When the switch drops a packet, it places an entry in the log buffer, then generates a system message on a rate-controlled basis.
Page 333: Configuring Vlan Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection Web Interface To configure global settings for ARP Inspection: Click Security, ARP Inspection. Select Configure General from the Step list. Enable ARP inspection globally, enable any of the address validation options, and adjust any of the logging parameters if required. Click Apply.
Page 334: Figure 213: Configuring Vlan Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection ◆ If Static is not specified, ARP packets are first validated against the selected ACL; if no ACL rules match the packets, then the DHCP snooping bindings database determines their validity. Parameters These parameters are displayed: ◆...
Page 335: Configuring Interface Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection Configuring Use the Security > ARP Inspection (Configure Interface) page to specify the ports that require ARP inspection, and to adjust the packet inspection rate. Interface Settings for ARP Inspection Parameters These parameters are displayed: ◆...
Page 336: Displaying Arp Inspection Statistics
Chapter 12 | Security Measures ARP Inspection Displaying Use the Security > ARP Inspection (Show Information - Show Statistics) page to display statistics about the number of ARP packets processed, or dropped for ARP Inspection various reasons. Statistics Parameters These parameters are displayed: Table 20: ARP Inspection Statistics Parameter Description...
Page 337: Displaying The Arp Inspection Log
Chapter 12 | Security Measures ARP Inspection Figure 215: Displaying Statistics for ARP Inspection Displaying the Use the Security > ARP Inspection (Show Information - Show Log) page to show ARP Inspection Log information about entries stored in the log, including the associated VLAN, port, and address components.
Page 338: Filtering Ip Addresses For Management Access
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Figure 216: Displaying the ARP Inspection Log Filtering IP Addresses for Management Access Use the Security > IP Filter page to create a list of up to 15 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet.
Page 339: Figure 217: Creating An Ip Address Filter For Management Access
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Telnet – Configures IP address(es) for the Telnet group. ■ All – Configures IP address(es) for all groups. ■ ◆ Start IP Address – A single IP address, or the starting address of a range. ◆...
Page 340: Configuring Port Security
Chapter 12 | Security Measures Configuring Port Security To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 218: Showing IP Addresses Authorized for Management Access Configuring Port Security Use the Security >...
Page 341 Chapter 12 | Security Measures Configuring Port Security ◆ When the port security state is changed from enabled to disabled, all dynamically learned entries are cleared from the address table. ◆ If port security is enabled, and the maximum number of allowed addresses are set to a non-zero value, any device not in the address table that attempts to use the port will be prevented from accessing the switch.
Page 342: Configuring 802.1X Port Authentication
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Current MAC Count – The number of MAC addresses currently associated with this interface. ◆ MAC Filter – Shows if MAC address filtering has been set under Security > Network Access (Configure MAC Filter) as described on page 295.
Page 343: Figure 220: Configuring Port Authentication
Chapter 12 | Security Measures Configuring 802.1X Port Authentication This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights. When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., Authenticator) responds with an EAPOL identity request.
Page 344: Configuring 802.1X Global Settings
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) ◆ The RADIUS server and client also have to support the same EAP authentication type –...
Page 345: Configuring Port Authenticator Settings For 802.1X
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Default – Sets all configurable 802.1X global and port settings to their default values. Web Interface To configure global settings for 802.1X: Click Security, Port Authentication. Select Configure Global from the Step list. Enable 802.1X globally for the switch, and configure EAPOL Pass Through if required.
Page 346 Chapter 12 | Security Measures Configuring 802.1X Port Authentication parameters for those ports which must authenticate clients through the remote authenticator (see “Configuring Port Supplicant Settings for 802.1X” on page 350). ◆ This switch can be configured to serve as the authenticator on selected ports by setting the Control Mode to Auto on this configuration page, and as a supplicant on other ports by the setting the control mode to Force-Authorized on this page and enabling the PAE supplicant on the Supplicant configuration...
Page 347 Chapter 12 | Security Measures Configuring 802.1X Port Authentication In this mode, each host connected to a port needs to pass authentication. The number of hosts allowed access to a port operating in this mode is limited only by the available space in the secure address table (i.e., up to 1024 addresses).
Page 348 Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Intrusion Action – Sets the port’s response to a failed authentication. Block Traffic – Blocks all non-EAP traffic on the port. (This is the default ■ setting.) Guest VLAN – All traffic for the port is assigned to a guest VLAN. The guest ■...
Page 349: Figure 222: Configuring Interface Settings For 802.1X Port Authenticator
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Web Interface To configure port authenticator settings for 802.1X: Click Security, Port Authentication. Select Configure Interface from the Step list. Click Authenticator. Modify the authentication settings for each port as required. Click Apply Figure 222: Configuring Interface Settings for 802.1X Port Authenticator –...
Page 350: Configuring Port Supplicant Settings For 802.1X
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Configuring Use the Security > Port Authentication (Configure Interface – Supplicant) page to configure 802.1X port settings for supplicant requests issued from a port to an Port Supplicant authenticator on another device. When 802.1X is enabled and the control mode is Settings for 802.1X set to Force-Authorized (see “Configuring Port Authenticator Settings for 802.1X”...
Page 351: Figure 223: Configuring Interface Settings For 802.1X Port Supplicant
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Maximum Start – The maximum number of times that a port supplicant will send an EAP start frame to the client before assuming that the client is 802.1X unaware. (Range: 1-65535; Default: 3) ◆...
Page 352: Displaying 802.1X Statistics
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Displaying Use the Security > Port Authentication (Show Statistics) page to display statistics for dot1x protocol exchanges for any port. 802.1X Statistics Parameters These parameters are displayed: Table 22: 802.1X Statistics Parameter Description Authenticator...
Page 353: Figure 224: Showing Statistics For 802.1X Port Authenticator
Chapter 12 | Security Measures Configuring 802.1X Port Authentication (Continued) Table 22: 802.1X Statistics Parameter Description Rx EAP LenError The number of EAPOL frames that have been received by this Supplicant in which the Packet Body Length field is invalid. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Supplicant.
Page 354: Dos Protection
Chapter 12 | Security Measures DoS Protection To display port supplicant statistics for 802.1X: Click Security, Port Authentication. Select Show Statistics from the Step list. Click Supplicant. Figure 225: Showing Statistics for 802.1X Port Supplicant DoS Protection Use the Security > DoS Protection page to protect against denial-of-service (DoS) attacks.
Page 355 Chapter 12 | Security Measures DoS Protection ◆ Smurf Attack – Attacks in which a perpetrator generates a large amount of spoofed ICMP Echo Request traffic to the broadcast destination IP address (255.255.255.255), all of which uses a spoofed source address of the intended victim.
Page 356: Figure 226: Protecting Against Dos Attacks
Chapter 12 | Security Measures DoS Protection ◆ UDP Flooding Attack Rate – Maximum allowed rate. (Range: 64-2000 kbits/ second; Default: 1000 kbits/second) ◆ WinNuke Attack – Attacks in which affected the Microsoft Windows 3.1x/95/ NT operating systems. In this type of attack, the perpetrator sends the string of OOB out-of-band (OOB) packets contained a TCP URG flag to the target computer on TCP port 139 (NetBIOS), casing it to lock up and display a “Blue Screen of Death.
Page 357: Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard IPv4 Source Guard IPv4 Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping”...
Page 358 Chapter 12 | Security Measures IPv4 Source Guard If DHCP snooping is enabled, IP source guard will check the VLAN ID, source ■ IP address, port number, and source MAC address (for the SIP-MAC option). If a matching entry is found in the binding table and the entry type is static IP source guard binding, or dynamic DHCP snooping binding, the packet will be forwarded.
Page 359: Configuring Static Bindings For Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard Figure 227: Setting the Filter Type for IPv4 Source Guard Configuring Use the Security > IP Source Guard > Static Binding (Configure ACL Table and Configure MAC Table) pages to bind a static address to a port. Table entries include Static Bindings a MAC address, IP address, lease time, entry type (Static, Dynamic), VLAN identifier, for IPv4 Source Guard...
Page 360 Chapter 12 | Security Measures IPv4 Source Guard A valid static IP source guard entry will be added to the binding table in ■ MAC mode if one of the following conditions are true: If there is no binding entry with the same IP address and MAC address, ■...
Page 361: Figure 228: Configuring Static Bindings For Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard Web Interface To configure static bindings for IP Source Guard: Click Security, IP Source Guard, Static Binding. Select Configure ACL Table or Configure MAC Table from the Step list. Select Add from the Action list. Enter the required bindings for each port.
Page 362: Displaying Information For Dynamic Ipv4 Source Guard Bindings
Chapter 12 | Security Measures IPv4 Source Guard Displaying Use the Security > IP Source Guard > Dynamic Binding page to display the source- guard binding table for a selected interface. Information for Dynamic IPv4 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Page 363: Ipv6 Source Guard
Chapter 12 | Security Measures IPv6 Source Guard Figure 230: Showing the IPv4 Source Guard Binding Table IPv6 Source Guard IPv6 Source Guard is a security feature that filters IPv6 traffic on non-routed, Layer 2 network interfaces based on manually configured entries in the IPv6 Source Guard table, or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled (refer to the DHCPv6 Snooping commands in the CLI Reference Guide).
Page 364 Chapter 12 | Security Measures IPv6 Source Guard ◆ Table entries include a MAC address, IPv6 global unicast address, entry type (Static-IPv6-SG-Binding, Dynamic-ND-Binding, Dynamic-DHCPv6-Binding), VLAN identifier, and port identifier. ◆ Static addresses entered in the source guard binding table (using the Static Binding page) are automatically configured with an infinite lease time.
Page 365: Configuring Static Bindings For Ipv6 Source Guard
Chapter 12 | Security Measures IPv6 Source Guard Guide), and static entries set by IPv6 Source Guard (see “Configuring Static Bindings for IPv6 Source Guard” on page 365). IPv6 source guard maximum bindings must be set to a value higher than ■...
Page 366 Chapter 12 | Security Measures IPv6 Source Guard ◆ Static addresses entered in the source guard binding table are automatically configured with an infinite lease time. ◆ When source guard is enabled, traffic is filtered based upon dynamic entries learned via ND snooping, DHCPv6 snooping, or static addresses configured in the source guard binding table.
Page 367: Figure 232: Configuring Static Bindings For Ipv6 Source Guard
Chapter 12 | Security Measures IPv6 Source Guard ◆ Type – Shows the entry type: DHCP – Dynamic DHCPv6 binding, stateful address. ■ ■ ND – Dynamic Neighbor Discovery binding, stateless address. ■ STA – Static IPv6 Source Guard binding. Web Interface To configure static bindings for IPv6 Source Guard: Click Security, IPv6 Source Guard, Static Configuration.
Page 368: Displaying Information For Dynamic Ipv6 Source Guard Bindings
Chapter 12 | Security Measures IPv6 Source Guard Displaying Use the Security > IPv6 Source Guard > Dynamic Binding page to display the source-guard binding table for a selected interface. Information for Dynamic IPv6 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Page 369: Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping Figure 234: Showing the IPv6 Source Guard Binding Table DHCP Snooping The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 370 Chapter 12 | Security Measures DHCP Snooping ◆ Filtering rules are implemented as follows: If the global DHCP snooping is disabled, all DHCP packets are forwarded. ■ If DHCP snooping is enabled globally, and also enabled on the VLAN where ■...
Page 371: Dhcp Snooping Global Configuration
Chapter 12 | Security Measures DHCP Snooping DHCP Snooping Option 82 ◆ DHCP provides a relay mechanism for sending information about its DHCP clients or the relay agent itself to the DHCP server. Also known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 372 Chapter 12 | Security Measures DHCP Snooping packet is not same as the client's hardware address in the DHCP packet, the packet is dropped. (Default: Enabled) ◆ DHCP Snooping Rate Limit – Sets the maximum number of DHCP packets that can be trapped by the switch for DHCP snooping. (Range: 1-2048 packets/ second) Information ◆...
Page 373: Dhcp Snooping Vlan Configuration
Chapter 12 | Security Measures DHCP Snooping Select the required options for the general DHCP snooping process and for the DHCP snooping information option. Click Apply Figure 235: Configuring Global Settings for DHCP Snooping DHCP Snooping Use the IP Service > DHCP > Snooping (Configure VLAN) page to enable or disable DHCP snooping on specific VLANs.
Page 374: Configuring Ports For Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping Web Interface To configure global settings for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Configure VLAN from the Step list. Enable DHCP Snooping on any existing VLAN. Click Apply Figure 236: Configuring DHCP Snooping on a VLAN Configuring Ports Use the IP Service >...
Page 375: Displaying Dhcp Snooping Binding Information
Chapter 12 | Security Measures DHCP Snooping Value – An arbitrary string inserted into the circuit identifier field. ■ (Range: 1-32 characters) Web Interface To configure global settings for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Configure Interface from the Step list. Set any ports within the local network or firewall to trusted.
Page 376: Figure 238: Displaying The Binding Table For Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping ◆ VLAN – VLAN to which this entry is bound. ◆ Interface – Port or trunk to which this entry is bound. ◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be used to store the currently learned dynamic DHCP snooping entries to flash memory.
Page 377: Basic Administration Protocols
Basic Administration Protocols This chapter describes basic administration tasks including: ◆ Event Logging – Sets conditions for logging event messages to system memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
Page 378: Configuring Event Logging
Chapter 13 | Basic Administration Protocols Configuring Event Logging Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
Page 379: Figure 239: Configuring Settings For System Memory Logs
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Level must be equal to or less than the RAM Level.
Page 380: Remote Log Configuration
Chapter 13 | Basic Administration Protocols Configuring Event Logging memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory. Figure 240: Showing Error Messages Logged to System Memory Remote Log Use the Administration > Log > Remote page to send log messages to syslog servers or other management stations.
Page 381: Sending Simple Mail Transfer Protocol Alerts
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Port - Specifies the UDP port number used by the remote server. (Range: 1-65535) Web Interface To configure the logging of error messages to remote servers: Click Administration, Log, Remote. Enable remote logging, specify the facility type to use for the syslog messages.
Page 382: Figure 242: Configuring Smtp Alert Messages
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Email Destination Address – Specifies the email recipients of alert messages. You can specify up to five recipients. ◆ Server IP Address – Specifies a list of up to three recipient SMTP servers. IPv4 or IPv6 addresses may be specified.
Page 383: Link Layer Discovery Protocol
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
Page 384 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol increase the probability that multiple, rather than single changes, are reported in each transmission. This attribute must comply with the rule: (4 * Delay Interval) ≤ Transmission Interval ◆ Reinitialization Delay – Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down.
Page 385: Configuring Lldp Interface Attributes
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 243: Configuring LLDP Timing Attributes Configuring LLDP Use the Administration > LLDP (Configure Interface - Configure General) page to Interface Attributes specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
Page 386 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Basic Optional TLVs – Configures basic information included in the TLV field of advertised messages. Management Address – The management address protocol packet ■ includes the IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 387 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol VLAN ID – The port’s default VLAN identifier (PVID) indicates the VLAN with ■ which untagged or priority-tagged frames are associated (see “IEEE 802.1Q VLANs” on page 153). (Default: Enabled) VLAN Name –...
Page 388: Figure 244: Configuring Lldp Interface Attributes
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Country – The two-letter ISO 3166 country code in capital ASCII letters. ■ (Example: DK, DE or US) Device entry refers to – The type of device to which the location applies: ■...
Page 389: Configuring Lldp Interface Civic-Address
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Configuring Use the Administration > LLDP (Configure Interface – Add CA-Type) page to specify the physical location of the device attached to an interface. LLDP Interface Civic-Address Command Usage ◆ Use the Civic Address type (CA-Type) to advertise the physical location of the device attached to an interface, including items such as the city, street number, building and room information.
Page 390: Figure 245: Configuring The Civic Address For An Lldp Interface
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Select an interface from the Port or Trunk list. Specify a CA-Type and CA-Value pair. Click Apply. Figure 245: Configuring the Civic Address for an LLDP Interface To show the physical location of the attached device: Click Administration, LLDP.
Page 391: Displaying Lldp Local Device Information
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Displaying LLDP Use the Administration > LLDP (Show Local Device Information) page to display information about the switch, such as its MAC address, chassis ID, management IP Local Device address, and port information. Information Parameters These parameters are displayed:...
Page 392: Table 27: Port Id Subtype
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 26: System Capabilities ID Basis Reference Telephone IETF RFC 2011 DOCSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 ◆ System Capabilities Enabled – The primary function(s) of the system which are currently enabled.
Page 393: Figure 247: Displaying Local Device Information For Lldp (General)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 27: Port ID Subtype ID Basis Reference Agent circuit ID agent circuit ID (IETF RFC 3046) Locally assigned locally assigned ◆ Port/Trunk ID – A string that contains the specific identifier for the local interface based on interface subtype used by this switch.
Page 394: Displaying Lldp Remote Device Information
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 248: Displaying Local Device Information for LLDP (Port) Figure 249: Displaying Local Device Information for LLDP (Port Details) Displaying LLDP Use the Administration > LLDP (Show Remote Device Information) page to display Remote Device information about devices connected directly to the switch’s ports which are advertising information through LLDP, or to display detailed information about an...
Page 395 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details ◆ Port – Port identifier on local switch. ◆ Remote Index – Index of remote device attached to this port. ◆ Local Port – The local port to which a remote LLDP-capable device is attached. ◆...
Page 396: Table 28: Remote Port Auto-Negotiation Advertised Capability
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol supports port-based protocol VLANs, and whether the port-based protocol VLANs are enabled on the given port associated with the remote system. ◆ Remote VLAN Name List – VLAN names associated with a port. ◆...
Page 397 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Remote Port MAU Type – An integer value that indicates the operational MAU type of the sending device. This object contains the integer value derived from the list position of the corresponding dot3MauType as listed in IETF RFC 3636 and is equal to the last number in the respective dot3MauType OID.
Page 398 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – LLDP-MED Capability ◆ Device Class – Any of the following categories of endpoint devices: Class 1 – The most basic class of endpoint devices. ■ Class 2 – Endpoint devices that supports media stream capabilities. ■...
Page 399 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Layer 2 Priority – The Layer 2 priority to be used for the specified application type. This field may specify one of eight priority levels (0-7), where a value of 0 represents use of the default priority.
Page 400 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol PD – Unknown, PSE, Local, PSE and Local ■ PSE – Unknown, Primary Power Source, Backup Power Source - Power ■ conservation mode ◆ Power Value – The total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.
Page 401: Figure 250: Displaying Remote Device Information For Lldp (Port)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 250: Displaying Remote Device Information for LLDP (Port) – 401 –...
Page 402: Figure 251: Displaying Remote Device Information For Lldp (Port Details)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 251: Displaying Remote Device Information for LLDP (Port Details) – 402 –...
Page 403: Displaying Device Statistics
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Additional information displayed by an end-point device which advertises LLDP- MED TLVs is shown in the following figure. Figure 252: Displaying Remote Device Information for LLDP (End Node) Displaying Use the Administration > LLDP (Show Device Statistics) page to display statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages Device Statistics transmitted or received on all local interfaces.
Page 404 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Neighbor Entries Dropped Count – The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources. ◆ Neighbor Entries Age-out Count – The number of times that a neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired.
Page 405: Simple Network Management Protocol
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 253: Displaying LLDP Device Statistics (General) Figure 254: Displaying LLDP Device Statistics (Port) Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 406: Table 29: Snmpv3 Security Models And Levels
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using network management software.
Page 407: Configuring Global Settings For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Command Usage Configuring SNMPv1/2c Management Access To configure SNMPv1 or v2c management access to the switch, follow these steps: Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages.
Page 408: Setting The Local Engine Id
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Link-up and Link-down Traps – Issues a notification message whenever a port link is established or broken. (Default: Enabled) Web Interface To configure global settings for SNMP: Click Administration, SNMP. Select Configure Global from the Step list.
Page 409: Specifying A Remote Engine Id
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Engine Boots – The number of times that the engine has (re-)initialized since the SNMP Engine ID was last configured. Web Interface To configure the local SNMP engine ID: Click Administration, SNMP.
Page 410: Figure 257: Configuring A Remote Engine Id For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Remote IP Host – The IPv4 or IPv6 address of a remote management station which is using the specified engine ID. Web Interface To configure a remote SNMP engine ID: Click Administration, SNMP.
Page 411: Setting Snmpv3 Views
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Setting SNMPv3 Views Use the Administration > SNMP (Configure View) page to configure SNMPv3 views which are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview”...
Page 412: Figure 259: Creating An Snmp View
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 259: Creating an SNMP View To show the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Show View from the Action list. Figure 260: Showing SNMP Views To add an object identifier to an existing SNMP view of the switch’s MIB database: Click Administration, SNMP.
Page 413: Configuring Snmpv3 Groups
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 261: Adding an OID Subtree to an SNMP View To show the OID branches configured for the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Show OID Subtree from the Action list.
Page 414 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Security Level – The following security levels are only used for the groups assigned to the SNMP security model: noAuthNoPriv – There is no authentication or encryption used in SNMP ■...
Page 415 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Table 30: Supported Notification Messages Model Level Group RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its...
Page 416 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 30: Supported Notification Messages Model Level Group Private Traps swPowerStatusChangeTrap 1.3.6.1.4.1.22426 .10.1.24.2.1.0.1 This trap is sent when the power state changes. swPortSecurityTrap 1.3.6.1.4.1.22426.10.11.24.2.1.0.36 This trap is sent when the port is being intruded. This trap will only be sent when the portSecActionTrap is enabled.
Page 417 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 30: Supported Notification Messages Model Level Group swCpuUtiFallingNotification 1.3.6.1.4.1.22426.10.11.24.2.1.0.108 This notification indicates that the CPU utilization has fallen from cpuUtiRisingThreshold to cpuUtiFallingThreshold. swMemoryUtiRisingThreshold 1.3.6.1.4.1.22426.10.11.24.2.1.0.109 This notification indicates that the memory Notification utilization has risen from memoryUtiFallingThreshold to...
Page 418: Figure 263: Creating An Snmp Group
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Web Interface To configure an SNMP group: Click Administration, SNMP. Select Configure Group from the Step list. Select Add from the Action list. Enter a group name, assign a security model and level, and then select read, write, and notify views.
Page 419: Setting Community Access Strings
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Setting Community Use the Administration > SNMP (Configure User - Add Community) page to configure up to five community strings authorized for management access by Access Strings clients using SNMP v1 and v2c. For security reasons, you should consider removing the default strings.
Page 420: Configuring Local Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol To show the community access strings: Click Administration, SNMP. Select Configure User from the Step list. Select Show Community from the Action list. Figure 266: Showing Community Access Strings Configuring Use the Administration >...
Page 421 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required.
Page 422: Figure 267: Configuring Local Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 267: Configuring Local SNMPv3 Users To show local SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Local User from the Action list. Figure 268: Showing Local SNMPv3 Users To change a local SNMPv3 local user group: Click Administration, SNMP.
Page 423: Configuring Remote Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Click Apply. Figure 269: Changing a Local SNMPv3 User Group Configuring Use the Administration > SNMP (Configure User - Add SNMPv3 Remote User) page to identify the source of SNMPv3 inform messages sent from the local switch. Each Remote SNMPv3 Users SNMPv3 user is defined by a unique name.
Page 424 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required.
Page 425: Figure 270: Configuring Remote Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 270: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Remote User from the Action list. Figure 271: Showing Remote SNMPv3 Users –...
Page 426: Specifying Trap Managers
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Specifying Use the Administration > SNMP (Configure Trap) page to specify the host devices to be sent traps and the types of traps to send. Traps indicating status changes are Trap Managers issued by the switch to the specified trap managers.
Page 427 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Community String – Specifies a valid community string for the new trap manager entry. (Range: 1-32 characters, case sensitive) Although you can set this string in the Configure Trap – Add page, we recommend defining it in the Configure User –...
Page 428 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Inform – Notifications are sent as inform messages. Note that this option is ■ only available for version 2c and 3 hosts. (Default: traps are used) Timeout – The number of seconds to wait for an acknowledgment ■...
Page 429: Figure 272: Configuring Trap Managers (Snmpv1)
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Click Apply Figure 272: Configuring Trap Managers (SNMPv1) Figure 273: Configuring Trap Managers (SNMPv2c) Figure 274: Configuring Trap Managers (SNMPv3) – 429 –...
Page 430: Creating Snmp Notification Logs
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol To show configured trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Show from the Action list. Figure 275: Showing Trap Managers Creating SNMP Use the Administration > SNMP (Configure Notify Filter - Add) page to create an Notification Logs SNMP notification log.
Page 431: Figure 276: Creating Snmp Notification Logs
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ When a trap host is created using the Administration > SNMP (Configure Trap – Add) page described on page 426, a default notify filter will be created. Parameters These parameters are displayed: ◆...
Page 432: Showing Snmp Statistics
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 277: Showing SNMP Notification Logs Showing Use the Administration > SNMP (Show Statistics) page to show counters for SNMP input and output protocol data units. SNMP Statistics Parameters The following counters are displayed: ◆...
Page 433: Figure 278: Showing Snmp Statistics
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ SNMP packets output – The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service. ◆ Too big errors – The total number of SNMP PDUs which were generated by the SNMP protocol entity and for which the value of the error-status field is “tooBig.
Page 434: Remote Monitoring
Chapter 13 | Basic Administration Protocols Remote Monitoring Remote Monitoring Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
Page 435 Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Sample Type – Tests for absolute or relative changes in the specified variable. Absolute – The variable is compared directly to the thresholds at the end ■ of the sampling period. Delta –...
Page 436: Figure 279: Configuring An Rmon Alarm
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 279: Configuring an RMON Alarm To show configured RMON alarms: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Alarm. Figure 280: Showing Configured RMON Alarms –...
Page 437: Configuring Rmon Events
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Global - Add - Event) page to set the action to take when an alarm is triggered. The response can include logging the Events alarm or sending a message to a trap manager.
Page 438: Figure 281: Configuring An Rmon Event
Chapter 13 | Basic Administration Protocols Remote Monitoring Web Interface To configure an RMON event: Click Administration, RMON. Select Configure Global from the Step list. Select Add from the Action list. Click Event. Enter an index number, the type of event to initiate, the community string to send with trap messages, the name of the person who created this event, and a brief description of the event.
Page 439: Configuring Rmon History Samples
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 282: Showing Configured RMON Events Configuring RMON Use the Administration > RMON (Configure Interface - Add - History) page to collect History Samples statistics on a physical interface to monitor network utilization, packet types, and errors.
Page 440: Figure 283: Configuring An Rmon History Sample
Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 seconds) ◆ Buckets - The number of buckets requested for this entry. (Range: 1-65536; Default: 50) The number of buckets granted are displayed on the Show page. ◆...
Page 441: Figure 284: Showing Configured Rmon History Samples
Chapter 13 | Basic Administration Protocols Remote Monitoring Select a port from the list. Click History. Figure 284: Showing Configured RMON History Samples To show collected RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list.
Page 442: Configuring Rmon Statistical Samples
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Interface - Add - Statistics) page to collect statistics on a port, which can subsequently be used to monitor the network Statistical Samples for common errors and overall traffic rates. Command Usage ◆...
Page 443: Figure 286: Configuring An Rmon Statistical Sample
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 286: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click Statistics.
Page 444: Switch Clustering
Chapter 13 | Basic Administration Protocols Switch Clustering Figure 288: Showing Collected RMON Statistical Samples Switch Clustering Switch clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 445: Configuring General Settings For Clusters
Chapter 13 | Basic Administration Protocols Switch Clustering ◆ The cluster VLAN 4093 is not configured by default. Before using clustering, take the following actions to set up this VLAN: Create VLAN 4093 (see “Configuring VLAN Groups” on page 156). Add the participating ports to this VLAN (see “Adding Static Members to VLANs”...
Page 446: Cluster Member Configuration
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure a switch cluster: Click Administration, Cluster. Select Configure Global from the Step list. Set the required attributes for a Commander or a managed candidate. Click Apply Figure 289: Configuring a Switch Cluster Cluster Member Use the Administration >...
Page 447: Figure 290: Configuring A Cluster Members
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure cluster members: Click Administration, Cluster. Select Configure Member from the Step list. Select Add from the Action list. Select one of the cluster candidates discovered by this switch, or enter the MAC address of a candidate.
Page 448: Managing Cluster Members
Chapter 13 | Basic Administration Protocols Switch Clustering To show cluster candidates: Click Administration, Cluster. Select Configure Member from the Step list. Select Show Candidate from the Action list. Figure 292: Showing Cluster Candidates Managing Cluster Use the Administration > Cluster (Show Member) page to manage another switch in the cluster.
Page 449: Ethernet Ring Protection Switching
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 293: Managing a Cluster Member Ethernet Ring Protection Switching Note: Information in this section is based on ITU-T G.8032/Y.1344. The ITU G.8032 recommendation specifies a protection switching mechanism and protocol for Ethernet layer network rings.
Page 450: Figure 294: Erps Ring Components
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching In Idle state, the physical topology has all nodes connected in a ring. The logical topology guarantees that all nodes are connected without a loop by blocking the RPL. Each link is monitored by its two adjacent nodes using Connectivity Fault Management (CFM) protocol messages.
Page 451 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ Each Major Ring or Sub-Ring must have its own RPL. Figure 295 on page 452 (Normal Condition) depicts an example of a multi-ring/ ladder network. If the network is in normal operating condition, the RPL owner node of each ring blocks the transmission and reception of traffic over the RPL for that ring.
Page 452: Figure 295: Ring Interconnection Architecture (Multi-Ring/Ladder Network)
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 295: Ring Interconnection Architecture (Multi-ring/Ladder Network) Normal Condition Signal Fail Condition RPL Owner RPL Owner Node Node for ERP1 for ERP1 ring node B ring node A ring node B ring node A ERP1 ERP1...
Page 453: Erps Global Configuration
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Enable ERPS (Configure Global): Before enabling a ring as described in the next step, first globally enable ERPS on the switch. If ERPS has not yet been enabled or has been disabled, no ERPS rings will work. Enable an ERPS ring (Configure Domain –...
Page 454: Erps Ring Configuration
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Web Interface To globally enable ERPS on the switch: Click Administration, ERPS. Select Configure Global from the Step list. Mark the ERPS Status check box. Click Apply. Figure 296: Setting ERPS Global Status ERPS Ring Use the Administration >...
Page 455 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ ID – ERPS ring identifier used in R-APS messages. ◆ Admin Status – Shows whether ERPS is enabled on the switch. ◆ Ver – Shows the ERPS version. ◆ MEG Level –...
Page 456 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ MEP – The CFM MEP used to monitor the status on this link. ◆ RPL – Shows if this node is connected to the RPL. Configure Details ◆ Domain Name – Name of a configured ERPS ring. (Range: 1-12 characters) Service Instances within each ring are based on a unique maintenance association for the specific users, distinguished by the ring name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 457 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The version number is automatically set to “1” when a ring node, supporting only the functionalities of G.8032v1, exists on the same ring with other nodes that support G.8032v2. When ring nodes running G.8032v1 and G.8032v2 co-exist on a ring, the ring ID of each node is configured as “1”.
Page 458 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching protection state is enabled with the Forced Switch or Manual Switch commands on the Configure Operation page). The east and west connections to the ring must be specified for all ring ■...
Page 459 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching this ring node unblocks its ring ports. Otherwise, the block remains unchanged. As a result, there is only one link with one end blocked. The ring nodes stop transmitting R-APS (NR) messages when they accept an R-APS (NR, RB –...
Page 460 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching removes any existing local operator commands, and triggers reversion if the ring is in revertive behavior mode. The ring node where the Forced Switch was cleared continuously transmits the R-APS (NR) message on both ring ports, informing other nodes that no request is present at this ring node.
Page 461 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching the ring port which was blocked as result of an operator command. Recovery for Manual Switching – A Manual Switch command is ■ removed by issuing the Clear command (Configure Operation page) at the same ring node where the Manual Switch is in effect.
Page 462 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Recovery with non-revertive mode is handled as follows: ■ The RPL Owner Node, upon reception of an R-APS (NR) message and in the absence of any other higher priority request does not perform any action. Then, after the operator issues the Clear command (Configure Operation page) at the RPL Owner Node, this ring node blocks the ring port attached to the RPL, transmits an R-APS (NR, RB)
Page 463: Figure 297: Sub-Ring With Virtual Channel
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching A sub-ring may be attached to a primary ring with or without a virtual ■ channel. A virtual channel is used to connect two interconnection points on the sub-ring, tunneling R-APS control messages across an arbitrary Ethernet network topology.
Page 464: Figure 298: Sub-Ring Without Virtual Channel
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching No R-APS messages are inserted or extracted by other rings or sub- rings at the interconnection nodes where a sub-ring is attached. Hence there is no need for either additional bandwidth or for different VIDs/Ring IDs for the ring interconnection.
Page 465: Figure 299: Non-Erps Device Protection
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The RPL owner node detects a failed link when it receives R-APS (SF - signal ■ fault) messages from nodes adjacent to the failed link. The owner then enters protection state by unblocking the RPL. However, using this standard recovery procedure may cause a non-EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the link between the non-ERPS...
Page 466 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching will be checked. If one does exist, that defect will be reported to the protection switching mechanism. The reported defect need not be the same one that started the timer. ◆...
Page 467 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ West/East – Connects to next ring node to the west/east. Each node must be connected to two neighbors on the ring. For convenience, the ports connected are referred to as east and west ports. Alternatively, the closest neighbor to the east should be the next node in the ring in a clockwise direction, and the closest neighbor to the west should be the next node in the ring in a counter-clockwise direction.
Page 468: Figure 300: Creating An Erps Ring
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Web Interface To create an ERPS ring: Click Administration, ERPS. Select Configure Domain from the Step list. Select Add from the Action list. Enter a name and optional identifier for the ring. Click Apply.
Page 469: Figure 301: Creating An Erps Ring
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 301: Creating an ERPS Ring To show the configured ERPS rings: Click Administration, ERPS. Select Configure Domain from the Step list. Select Show from the Action list. Figure 302: Showing Configured ERPS Rings –...
Page 470: Erps Forced And Manual Mode Operations
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ERPS Forced and Use the Administration > ERPS (Configure Operation) page to block a ring port using Forced Switch or Manual Switch commands. Manual Mode Operations Parameters These parameters are displayed: ◆...
Page 471: Table 31: Erps Request/State Priority
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching command. As such, two or more forced switches are allowed in the ring, which may inadvertently cause the segmentation of an ring. It is the responsibility of the operator to prevent this effect if it is undesirable.
Page 472 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Manual Switch – Blocks specified ring port, in the absence of a failure or an ■ FS command. (Options: West or East) A ring with no request has a logical topology with the traffic channel ■...
Page 473 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching An ring node with a local manual switch command that receives an R-APS message or a local request of higher priority than R-APS (MS) clear its manual switch request. The ring node then processes the new higher priority request.
Page 474: Connectivity Fault Management
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 303: Blocking an ERPS Ring Port Connectivity Fault Management Connectivity Fault Management (CFM) is an OAM protocol that includes proactive connectivity monitoring using continuity check messages, fault verification through loop back messages, and fault isolation by examining end-to-end connections between provider edge devices or between customer edge devices.
Page 475: Figure 304: Single Cfm Maintenance Domain
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ A Maintenance Level allows maintenance domains to be nested in a hierarchical fashion, providing access to the specific network portions required by each operator. Domains at lower levels may be either hidden or exposed to operators managing domains at a higher level, allowing either course or fine fault resolution.
Page 476: Figure 305: Multiple Cfm Maintenance Domains
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 305: Multiple CFM Maintenance Domains Customer MA Operator 1 MA Operator 2 MA Provider MA Note that the Service Instances within each domain shown above are based on a unique maintenance association for the specific users, distinguished by the domain name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 477 Chapter 13 | Basic Administration Protocols Connectivity Fault Management the configured time period, and fault alarms are enabled, a corresponding trap will be sent. No further fault alarms are sent until the fault notification generator has been reset by the passage of a configured time period without detecting any further faults.
Page 478: Configuring Global Settings For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Global Use the Administration > CFM (Configure Global) page to configure global settings for CFM, such as enabling the CFM process on the switch, setting the start-up delay Settings for CFM for cross-check operations, configuring parameters for the link trace cache, and enabling traps for events discovered by continuity check messages or cross-check messages.
Page 479 Chapter 13 | Basic Administration Protocols Connectivity Fault Management name, MA name, MEPID, sequence number, and TTL value (see "Displaying Fault Notification Settings"). ◆ Link Trace Cache Hold Time – The hold time for CFM link trace cache entries. (Range: 1-65535 minutes; Default: 100 minutes) Before setting the aging time for cache entries, the cache must first be enabled in the Link Trace Cache attribute field.
Page 480: Figure 306: Configuring Global Settings For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management A MEP Missing trap is sent if cross-checking is enabled , and no CCM is received for a remote MEP configured in the static list ◆ Cross Check MEP Unknown – Sends a trap if an unconfigured MEP comes up. A MEP Unknown trap is sent if cross-checking is enabled , and a CCM is received from a remote MEP that is not configured in the static list...
Page 481: Configuring Interfaces For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Interfaces CFM processes are enabled by default for all physical interfaces, both ports and trunks. You can use the Administration > CFM (Configure Interface) page to change for CFM these settings. Command Usage ◆...
Page 482 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Command Usage Configuring General Settings ◆ Where domains are nested, an upper-level hierarchical domain must have a higher maintenance level than the ones it encompasses. The higher to lower level domain types commonly include entities such as customer, service provider, and operator.
Page 483: Table 32: Remote Mep Priority Levels
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Fault Notification ◆ A fault alarm can generate an SNMP notification. It is issued when the MEP fault notification generator state machine detects that the configured time period (MEP Fault Notify Alarm Time) has passed with one or more defects indicated, and fault alarms are enabled at or above the specified priority level (MEP Fault Notify Lowest Priority).
Page 484 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MD Name – Maintenance domain name. (Range: 1-43 alphanumeric characters) ◆ MD Level – Authorized maintenance level for this domain. (Range: 0-7) ◆ MIP Creation Type – Specifies the CFM protocol’s creation method for maintenance intermediate points (MIPs) in this domain: Default –...
Page 485: Figure 308: Configuring Maintenance Domains
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Specify the manner in which MIPs can be created within each domain. Click Apply. Figure 308: Configuring Maintenance Domains To show the configured maintenance domains: Click Administration, CFM. Select Configure MD from the Step list. Select Show from the Action list.
Page 486: Configuring Cfm Maintenance Associations
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 310: Configuring Detailed Settings for Maintenance Domains Configuring CFM Use the Administration > CFM (Configure MA) pages to create and configure the Maintenance Maintenance Associations (MA) which define a unique CFM service instance. Each MA can be identified by its parent MD, the MD’s maintenance level, the VLAN Associations assigned to the MA, and the set of maintenance end points (MEPs) assigned to it.
Page 487 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA, a connectivity failure is registered. ◆ If a maintenance point receives a CCM with an invalid MEPID or MA level or an MA level lower than its own, a failure is registered which indicates a configuration error or cross-connect error (i.e., overlapping MAs).
Page 488 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Name Format – Specifies the name format for the maintenance association as IEEE 802.1ag character based, or ITU-T SG13/SG15 Y.1731 defined ICC-based format. Character String – IEEE 802.1ag defined character string format. This is an ■...
Page 489: Figure 311: Creating Maintenance Associations
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from the MD Index list. Specify the MAs assigned to each domain, the VLAN through which CFM messages are passed, and the manner in which MIPs can be created within each MA.
Page 490: Configuring Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from MD Index and MA Index. Specify the CCM interval, enable the transmission of connectivity check and cross check messages, and configure the required AIS parameters. Click Apply Figure 313: Configuring Detailed Settings for Maintenance Associations Configuring Use the Administration >...
Page 491: Figure 314: Configuring Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Maintenance end point identifier. (Range: 1-8191) ◆ MEP Direction – Up indicates that the MEP faces inward toward the switch cross-connect matrix, and transmits CFM messages towards, and receives them from, the direction of the internal bridge relay mechanism.
Page 492: Configuring Remote Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select Show from the Action list. Select an entry from MD Index and MA Index. Figure 315: Showing Maintenance End Points Configuring Use the Administration > CFM (Configure Remote MEP – Add) page to specify remote maintenance end points (MEPs) set on other CFM-enabled devices within a Remote Maintenance common MA.
Page 493: Figure 316: Configuring Remote Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Identifier for a maintenance end point which exists on another CFM- enabled device within the same MA.
Page 494: Transmitting Link Trace Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 317: Showing Remote Maintenance End Points Transmitting Link Use the Administration > CFM (Transmit Link Trace) page to transmit link trace Trace Messages messages (LTMs). These messages can isolate connectivity faults by tracing the path through a network to the designated target node (i.e., a remote maintenance end point).
Page 495 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ Source MEP ID – The identifier of a source MEP that will send the link trace message.
Page 496: Transmitting Loop Back Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 318: Transmitting Link Trace Messages Transmitting Loop Use the Administration > CFM (Transmit Loopback) page to transmit Loopback Messages (LBMs). These messages can be used to isolate or verify connectivity Back Messages faults by submitting a request to a target node (i.e., a remote MEP or MIP) to echo the message back to the source.
Page 497: Figure 319: Transmitting Loopback Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Target MEP ID – The identifier of a remote MEP that is the target of a loopback ■ message. (Range: 1-8191) MAC Address – MAC address of a remote MEP that is the target of a ■...
Page 498: Transmitting Delay-Measure Requests
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Transmitting Use the Administration > CFM (Transmit Delay Measure) page to send periodic delay-measure requests to a specified MEP within a maintenance association. Delay-Measure Requests Command Usage ◆ Delay measurement can be used to measure frame delay and frame delay variation between MEPs.
Page 499: Figure 320: Transmitting Delay-Measure Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Packet Size – The size of the delay-measure message. (Range: 64-1518 bytes; Default: 64 bytes) ◆ Interval – The transmission delay between delay-measure messages. (Range: 1-5 seconds; Default: 1 second) ◆...
Page 500: Displaying Local Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MEPs Use the Administration > CFM > Show Information (Show Local MEP) page to show information for the MEPs configured on this device. Parameters These parameters are displayed: ◆ MEP ID –...
Page 501: Displaying Details For Local Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details Use the Administration > CFM > Show Information (Show Local MEP Details) page to show detailed CFM information about a local MEP in the continuity check for Local MEPs database.
Page 502: Figure 322: Showing Detailed Information On Local Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Suppressing Alarms – Shows if the specified MEP is currently suppressing sending frames containing AIS information following the detection of defect conditions. Web Interface To show detailed information for the MEPs configured on this device: Click Administration, CFM.
Page 503: Displaying Local Mips
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MIPs Use the Administration > CFM > Show Information (Show Local MIP) page to show the MIPs on this device discovered by the CFM protocol. (For a description of MIPs, refer to the Command Usage section under "Configuring CFM Maintenance Domains".)
Page 504: Displaying Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Use the Administration > CFM > Show Information (Show Remote MEP) page to show MEPs located on other devices which have been discovered through Remote MEPs continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Page 505: Displaying Details For Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details for Use the Administration > CFM > Show Information (Show Remote MEP Details) page to show detailed information for MEPs located on other devices which have Remote MEPs been discovered through continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Page 506: Figure 325: Showing Detailed Information On Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Down – The interface cannot pass packets. ■ Testing – The interface is in some test mode. ■ ■ Unknown – The interface status cannot be determined for some reason. ■ Dormant –...
Page 507: Displaying The Link Trace Cache
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying the Use the Administration > CFM > Show Information (Show Link Trace Cache) page to show information about link trace operations launched from this device. Link Trace Cache Parameters These parameters are displayed: ◆...
Page 508: Displaying Fault Notification Settings
Chapter 13 | Basic Administration Protocols Connectivity Fault Management HIT – Target located on this device. ■ Web Interface To show information about link trace operations launched from this device: Click Administration, CFM. Select Show Information from the Step list. Select Show Link Trace Cache from the Action list.
Page 509: Displaying Continuity Check Errors
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Web Interface To show configuration settings for the fault notification generator: Click Administration, CFM. Select Show Information from the Step list. Select Show Fault Notification Generator from the Action list. Figure 327: Showing Settings for the Fault Notification Generator Displaying Use the Administration >...
Page 510: Oam Configuration
Chapter 13 | Basic Administration Protocols OAM Configuration EXCESS_LEV – The number of different MD levels at which MIPs are to be ■ created on this port exceeds the bridge's capabilities. OVERLAP_LEV – A MEP is created for one VID at one maintenance level, but ■...
Page 511: Table 34: Oam Operation State
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Admin Status – Enables or disables OAM functions. (Default: Disabled) ◆ Operation State – Shows the operational state between the local and remote OAM devices. This value is always “disabled” if OAM is disabled on the local interface.
Page 512 Chapter 13 | Basic Administration Protocols OAM Configuration Critical Event – If a critical event occurs, the local OAM entity indicates this ■ to its peer by setting the appropriate flag in the next OAMPDU to be sent and stores this information in its OAM event log. (Default: Enabled) Critical events include various failures, such as abnormal voltage fluctuations, out-of-range temperature detected, fan failure, CRC error in flash memory, insufficient memory, or other hardware faults.
Page 513: Displaying Statistics For Oam Messages
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 329: Enabling OAM for Local Ports Displaying Statistics Use the Administration > OAM > Counters page to display statistics for the various for OAM Messages types of OAM messages passed across each port. Parameters These parameters are displayed: ◆...
Page 514: Displaying The Oam Event Log
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display statistics for OAM messages: Click Administration, OAM, Counters. Figure 330: Displaying Statistics for OAM Messages Displaying the Use the Administration > OAM > Event Log page to display link events for the OAM Event Log selected port.
Page 515: Displaying The Status Of Remote Interfaces
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 331: Displaying the OAM Event Log Displaying the Status Use the Administration > OAM > Remote Interface page to display information about attached OAM-enabled devices. of Remote Interfaces Parameters These parameters are displayed: ◆...
Page 516: Configuring A Remote Loopback Test
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display information about attached OAM-enabled devices: Click Administration, OAM, Remote Interface. Figure 332: Displaying Status of Remote Interfaces Configuring a Remote Use the Administration > OAM > Remote Loopback (Remote Loopback Test) page Loopback Test to initiate a loop back test to the peer device attached to the selected port.
Page 517: Table 35: Remote Loopback Status
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Loopback Status – Shows if loopback testing is currently running. Loopback Test Parameters ◆ Packet Number – Number of packets to send. (Range: 1-99999999; Default: 10000) ◆ Packet Size – Size of packets to send. (Range: 64-1518 bytes; Default: 64 bytes) ◆...
Page 518: Displaying Results Of Remote Loopback Testing
Chapter 13 | Basic Administration Protocols OAM Configuration Select the port on which to initiate remote loop back testing, enable the Loop Back Mode attribute, and click Apply. Set the number of packets to send and the packet size, and then click Test. Figure 333: Running a Remote Loop Back Test Displaying Results of Use the Administration >...
Page 519: Udld Configuration
Chapter 13 | Basic Administration Protocols UDLD Configuration Figure 334: Displaying the Results of Remote Loop Back Testing UDLD Configuration The switch can be configured to detect general loopback conditions caused by hardware problems or faulty protocol settings. When enabled, a control frame is transmitted on the participating ports, and the switch monitors inbound traffic to see if the frame is looped back.
Page 520: Configuring Udld Protocol Intervals
Chapter 13 | Basic Administration Protocols UDLD Configuration Configuring UDLD Use the Administration > UDLD > Configure Global page to configure the UniDirectional Link Detection message probe interval, detection interval, and Protocol Intervals recovery interval. Parameters These parameters are displayed: ◆...
Page 521: Configuring Udld Interface Settings
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To configure the UDLD message probe interval, detection interval, and recovery interval: Click Administration, UDLD, Configure Global. Select Configure Global from the Step list. Configure the message and detection intervals. Enable automatic recovery if required, and set the recovery interval.
Page 522 Chapter 13 | Basic Administration Protocols UDLD Configuration ends without the proper echo information being received, the link is considered to be unidirectional. ◆ Aggressive Mode – Reduces the shut-down delay after loss of bidirectional connectivity is detected. (Default: Disabled) UDLD can function in two modes: normal mode and aggressive mode.
Page 523: Displaying Udld Neighbor Information
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To enable UDLD and aggressive mode: Click Administration, UDLD, Configure Interface. Enable UDLD and aggressive mode on the required ports. Click Apply. Figure 336: Configuring UDLD Interface Settings Displaying Use the Administration > UDLD (Show Information) page to show UDLD neighbor UDLD Neighbor information, including neighbor state, expiration time, and protocol intervals.
Page 524: Figure 337: Displaying Udld Neighbor Information
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To display UDLD neighbor information: Click Administration, UDLD, Show Information. Select an interface from the Port list. Figure 337: Displaying UDLD Neighbor Information – 524 –...
Page 525: Multicast Filtering
Multicast Filtering This chapter describes how to configure the following multicast services: ◆ IGMP Snooping – Configures snooping and query parameters. ◆ Filtering and Throttling – Filters specified multicast service, or throttles the maximum of multicast groups allowed on an interface. ◆...
Page 526: Layer 2 Igmp (Snooping And Query For Ipv4)
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 338: Multicast Filtering Concept Unicast Flow Multicast Flow This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGMP Snooping can be used to passively monitor or “snoop” on exchanges between attached hosts and an IGMP-enabled device, most commonly a multicast router.
Page 527 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) switches in the local network segment, IGMP Snooping is the only service required to support multicast filtering. When using IGMPv3 snooping, service requests from IGMP Version 1, 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports.
Page 528: Configuring Igmp Snooping And Query Parameters
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a multicast service to specific interfaces on the switch (page 534).
Page 529 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Note: Multicast routers use this information from IGMP snooping and query reports, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. Parameters These parameters are displayed: ◆...
Page 530 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) By default, the switch immediately enters into “multicast flooding mode” when a spanning tree topology change occurs. In this mode, multicast traffic will be flooded to all VLAN ports. If many ports have subscribed to different multicast groups, flooding may cause excessive packet loss on the link between the switch and the end host.
Page 531 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ Forwarding Priority – Assigns a CoS priority to all multicast traffic. (Range: 0-7, where 7 is the highest priority; Default: Disabled) This parameter can be used to set a high priority for low-latency multicast traffic such as a video-conference, or to set a low priority for normal multicast traffic not sensitive to latency.
Page 532: Specifying Static Interfaces For A Multicast Router
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 339: Configuring General Settings for IGMP Snooping Specifying Static Use the Multicast > IGMP Snooping > Multicast Router (Add Static Multicast Router) Interfaces for a page to statically attach an interface to a multicast router/switch. Multicast Router Depending on network connections, IGMP snooping may not always be able to locate the IGMP querier.
Page 533: Figure 340: Configuring A Static Interface For A Multicast Router
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Show Static Multicast Router ◆ VLAN – Selects the VLAN for which to display any configured static multicast routers. ◆ Interface – Shows the interface to which the specified static multicast routers are attached.
Page 534: Assigning Interfaces To Multicast Services
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 341: Showing Static Interfaces Attached a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol (such as PIM) to support IP multicasting across the Internet.
Page 535: Figure 343: Assigning An Interface To A Multicast Service
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group. Command Usage ◆ Static multicast addresses are never aged out. ◆...
Page 536: Figure 344: Showing Static Interfaces Assigned To A Multicast Service
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) To show the static interfaces assigned to a multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information. Figure 344: Showing Static Interfaces Assigned to a Multicast Service To show the all interfaces attached to a multicast router: Click Multicast, IGMP Snooping, Multicast Router.
Page 537: Setting Igmp Snooping Status Per Interface
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Setting IGMP Use the Multicast > IGMP Snooping > Interface (Configure VLAN) page to configure IGMP snooping attributes for a VLAN. To configure snooping globally, refer to Snooping Status “Configuring IGMP Snooping and Query Parameters”...
Page 538 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ Multicast Router Termination – These messages are sent when a router stops IP multicast routing functions on an interface. Termination messages are sent by multicast routers when: Multicast forwarding is disabled on an interface.
Page 539 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) If immediate leave is not used, a multicast router (or querier) will send a group- specific query message when an IGMPv2 group leave message is received. The router/querier stops forwarding traffic for that group only if no host replies to the query within the specified time out period.
Page 540 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) When IGMP Proxy Reporting is enabled, the source address is based on the following criteria: If a proxy query address is configured, the switch will use that address as ■...
Page 541 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) This attribute will take effect only if IGMP snooping proxy reporting is enabled (page 528) or IGMP querier is enabled (page 528). ◆ Last Member Query Count – The number of IGMP proxy group-specific or group-and-source-specific query messages that are sent out before the system assumes there are no more local members.
Page 542: Figure 346: Configuring Igmp Snooping On A Vlan
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 346: Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping: Click Multicast, IGMP Snooping, Interface. Select Show VLAN Information from the Action list. Figure 347: Showing Interface Settings for IGMP Snooping –...
Page 543: Filtering Igmp Query Packets And Multicast Data
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Filtering IGMP Query Use the Multicast > IGMP Snooping > Interface (Configure Interface) page to configure an interface to drop IGMP query packets or multicast data packets. Packets and Multicast Data Parameters...
Page 544: Displaying Multicast Groups Discovered By Igmp Snooping
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Displaying Multicast Use the Multicast > IGMP Snooping > Forwarding Entry page to display the forwarding entries learned through IGMP Snooping. Groups Discovered by IGMP Snooping Command Usage To display information about multicast groups, IGMP Snooping must first be enabled on the switch (see page...
Page 545: Displaying Igmp Snooping Statistics
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Displaying IGMP Use the Multicast > IGMP Snooping > Statistics pages to display IGMP snooping protocol-related statistics for the specified interface. Snooping Statistics Parameters These parameters are displayed: ◆...
Page 546 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ V3 Warning Count – The number of times the query version received (Version 3) does not match the version configured for this interface. VLAN, Port, and Trunk Statistics Input Statistics ◆...
Page 547: Figure 350: Displaying Igmp Snooping Statistics - Query
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 350: Displaying IGMP Snooping Statistics – Query To display IGMP snooping protocol-related statistics for a VLAN: Click Multicast, IGMP Snooping, Statistics. Select Show VLAN Statistics from the Action list. Select a VLAN.
Page 548: Figure 351: Displaying Igmp Snooping Statistics - Vlan
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 351: Displaying IGMP Snooping Statistics – VLAN To display IGMP snooping protocol-related statistics for a port: Click Multicast, IGMP Snooping, Statistics. Select Show Port Statistics from the Action list. Select a Port.
Page 549: Filtering And Throttling Igmp Groups
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Filtering and Throttling IGMP Groups In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan.
Page 550: Configuring Igmp Filter Profiles
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Figure 353: Enabling IGMP Filtering and Throttling Configuring IGMP Use the Multicast > IGMP Snooping > Filter (Configure Profile – Add) page to create Filter Profiles an IGMP profile and set its access mode. Then use the (Add Multicast Group Range) page to configure the multicast groups to filter.
Page 551: Figure 354: Creating An Igmp Filtering Profile
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Web Interface To create an IGMP filter profile and set its access mode: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Add from the Action list. Enter the number for a profile, and set its access mode.
Page 552: Configuring Igmp Filtering And Throttling For Interfaces
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Select the profile to configure, and add a multicast group address or range of addresses. Click Apply. Figure 356: Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an IGMP filter profile: Click Multicast, IGMP Snooping, Filter.
Page 553 Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. Parameters These parameters are displayed: ◆ Interface – Port or trunk identifier. An IGMP profile or throttling setting can be applied to a port or trunk.
Page 554: Mld Snooping (Snooping And Query For Ipv6)
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 358: Configuring IGMP Filtering and Throttling Interface Settings MLD Snooping (Snooping and Query for IPv6) Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4. That is, MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is forwarded only to ports with users that want to receive it.
Page 555 Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) An IPv6 address must be configured on the VLAN interface from which the querier will act if elected. When serving as the querier, the switch uses this IPv6 address as the query source address.
Page 556: Setting Immediate Leave Status For Mld Snooping Per Interface
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Click Apply. Figure 359: Configuring General Settings for MLD Snooping Setting Immediate Use the Multicast > MLD Snooping > Interface page to configure Immediate Leave status for a VLAN. Leave Status for MLD Snooping Parameters...
Page 557: Specifying Static Interfaces For An Ipv6 Multicast Router
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 360: Configuring Immediate Leave for MLD Snooping Specifying Static Use the Multicast > MLD Snooping > Multicast Router (Add Static Multicast Router) Interfaces for an page to statically attach an interface to an IPv6 multicast router/switch. IPv6 Multicast Router Depending on your network connections, MLD snooping may not always be able to locate the MLD querier.
Page 558: Figure 361: Configuring A Static Interface For An Ipv6 Multicast Router
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 361: Configuring a Static Interface for an IPv6 Multicast Router To show the static interfaces attached to a multicast router: Click Multicast, MLD Snooping, Multicast Router. Select Show Static Multicast Router from the Action list. Select the VLAN for which to display this information.
Page 559: Assigning Interfaces To Ipv6 Multicast Services
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Assigning Interfaces Use the Multicast > MLD Snooping > MLD Member (Add Static Member) page to statically assign an IPv6 multicast service to an interface. to IPv6 Multicast Services Multicast filtering can be dynamically configured using MLD snooping and query messages (see...
Page 560: Figure 364: Assigning An Interface To An Ipv6 Multicast Service
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 364: Assigning an Interface to an IPv6 Multicast Service To show the static interfaces assigned to an IPv6 multicast service: Click Multicast, MLD Snooping, MLD Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information.
Page 561: Showing Mld Snooping Groups And Source List
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 366: Showing Current Interfaces Assigned to an IPv6 Multicast Service Showing MLD Use the Multicast > MLD Snooping > Group Information page to display known Snooping Groups multicast groups, member ports, the means by which each group was learned, and the corresponding source list.
Page 562: Multicast Vlan Registration For Ipv4
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display known MLD multicast groups: Click Multicast, MLD Snooping, Group Information. Select the port or trunk, and then select a multicast service assigned to that interface. Figure 367: Showing IPv6 Multicast Services and Corresponding Sources Multicast VLAN Registration for IPv4 Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as...
Page 563: Figure 368: Mvr Concept
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 368: MVR Concept Multicast Router Satellite Services Service Network Multicast Server Source Layer 2 Switch Port Receiver Ports Set-top Box Set-top Box Command Usage ◆ General Configuration Guidelines for MVR: Enable MVR for a domain on the switch, and select the MVR VLAN (see “Configuring MVR Domain Settings”...
Page 564: Configuring Mvr Global Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Global) page to configure proxy switching and the robustness variable. Global Settings Parameters These parameters are displayed: ◆ Proxy Switching – Configures MVR proxy switching, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.
Page 565: Figure 369: Configuring Global Settings For Mvr
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Proxy Query Interval – Configures the interval at which the receiver port sends out general queries. (Range: 2-31744 seconds; Default: 125 seconds) This parameter sets the general query interval at which active receiver ■...
Page 566: Configuring Mvr Domain Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Domain) page to enable MVR globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Page 567: Configuring Mvr Group Address Profiles
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Click Apply. Figure 370: Configuring Domain Settings for MVR Configuring Use the Multicast > MVR (Configure Profile and Associate Profile) pages to assign the multicast group address for required services to one or more MVR domains. MVR Group Address Profiles Command Usage...
Page 568: Figure 371: Configuring An Mvr Group Address Profile
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Associate Profile ◆ Domain ID – An independent multicast domain. (Range: 1-5) ◆ Profile Name – The name of a profile to be assigned to this domain. (Range: 1-21 characters) Web Interface To configure an MVR group address profile: Click Multicast, MVR.
Page 569: Figure 373: Assigning An Mvr Group Address Profile To A Domain
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To assign an MVR group address profile to a domain: Click Multicast, MVR. Select Associate Profile from the Step list. Select Add from the Action list. Select a domain from the scroll-down list, and enter the name of a group profile.
Page 570: Configuring Mvr Interface Status
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Interface) page to configure each interface that participates in the MVR protocol as a source port or receiver port. If you are sure Interface Status that only one subscriber attached to an interface is receiving multicast services, you can enable the immediate leave function.
Page 571 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Type – The following interface types are supported: Source – An uplink port that can send and receive multicast data for the ■ groups assigned to the MVR VLAN. Note that the source port must be manually configured as a member of the MVR VLAN (see “Adding Static Members to VLANs”...
Page 572: Assigning Static Mvr Multicast Groups To Interfaces
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 375: Configuring Interface Settings for MVR Assigning Static MVR Use the Multicast > MVR (Configure Static Group Member) page to statically bind Multicast Groups to multicast groups to a port which will receive long-term multicast streams associated with a stable set of hosts.
Page 573: Figure 376: Assigning Static Mvr Groups To An Interface
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To assign a static MVR group to an interface: Click Multicast, MVR. Select Configure Static Group Member from the Step list. Select Add from the Action list. Select an MVR domain. Select a VLAN and interface to receive the multicast stream, and then enter the multicast group address.
Page 574: Displaying Mvr Receiver Groups
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 377: Showing the Static MVR Groups Assigned to a Port Displaying MVR Use the Multicast > MVR (Show Member) page to show the multicast groups either Receiver Groups statically or dynamically assigned to the MVR receiver groups on each interface. Parameters These parameters are displayed: ◆...
Page 575: Displaying Mvr Statistics
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 378: Displaying MVR Receiver Groups Displaying Use the Multicast > MVR > Show Statistics pages to display MVR protocol-related MVR Statistics statistics for the specified interface. Parameters These parameters are displayed: ◆...
Page 576 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 VLAN, Port, and Trunk Statistics Input Statistics ◆ Report – The number of IGMP membership reports received on this interface. ◆ Leave – The number of leave messages received on this interface. ◆...
Page 577: Figure 379: Displaying Mvr Statistics - Query
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display statistics for MVR query-related messages: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR domain. Figure 379: Displaying MVR Statistics –...
Page 578: Figure 380: Displaying Mvr Statistics - Vlan
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To display MVR protocol-related statistics for a VLAN: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR domain. Select a VLAN.
Page 579: Multicast Vlan Registration For Ipv6
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR protocol-related statistics for a port: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR domain. Select a Port.
Page 580: Configuring Mvr6 Global Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Set the interfaces that will join the MVR as source ports or receiver ports (see “Configuring MVR6 Interface Status” on page 586). For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see “Assigning Static MVR6 Multicast Groups to...
Page 581 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Robustness Value – Configures the expected packet loss, and thereby the number of times to generate report and group-specific queries. (Range: 1-10; Default: 2) This parameter is used to set the number of times report messages are sent ■...
Page 582: Configuring Mvr6 Domain Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 382: Configuring Global Settings for MVR6 Configuring MVR6 Use the Multicast > MVR6 (Configure Domain) page to enable MVR6 globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Page 583: Configuring Mvr6 Group Address Profiles
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 IPv6 address including the network prefix and host address bits. By default, all MVR6 reports sent upstream use a null source IP address. All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ”...
Page 584 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Page 585: Figure 384: Configuring An Mvr6 Group Address Profile
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 384: Configuring an MVR6 Group Address Profile To show the configured MVR6 group address profiles: Click Multicast, MVR6. Select Configure Profile from the Step list. Select Show from the Action list. Figure 385: Displaying MVR6 Group Address Profiles To assign an MVR6 group address profile to a domain: Click Multicast, MVR6.
Page 586: Configuring Mvr6 Interface Status
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 386: Assigning an MVR6 Group Address Profile to a Domain To show the MVR6 group address profiles assigned to a domain: Click Multicast, MVR6. Select Associate Profile from the Step list. Select Show from the Action list.
Page 587 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 membership for MVR6 receiver ports cannot be set to access mode (see“Adding Static Members to VLANs” on page 159). ◆ One or more interfaces may be configured as MVR6 source ports. A source port is able to both receive and send data for configured MVR6 groups or for groups which have been statically assigned (see “Assigning Static MVR Multicast...
Page 588: Assigning Static Mvr6 Multicast Groups To Interfaces
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 “Active” only if there are subscribers receiving multicast traffic from one of the MVR6 groups, or a multicast group has been statically assigned to an interface. ◆ Immediate Leave – Configures the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group.
Page 589: Figure 389: Assigning Static Mvr6 Groups To A Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Page 590: Displaying Mvr6 Receiver Groups
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To show the static MVR6 groups assigned to an interface: Click Multicast, MVR6. Select Configure Static Group Member from the Step list. Select Show from the Action list. Select an MVR6 domain. Select the port or trunk for which to display this information.
Page 591: Displaying Mvr6 Statistics
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Count – The number of multicast services currently being forwarded from the MVR6 VLAN. ◆ Clear MVR6 Group – Clears multicast group information dynamically learned through MVR6. Statically configured multicast addresses are not cleared. Web Interface To display the interfaces assigned to the MVR6 receiver groups: Click Multicast, MVR6.
Page 592 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ General Query Sent – The number of general queries sent from this interface. ◆ Specific Query Received – The number of specific queries received on this interface. ◆ Specific Query Sent – The number of specific queries sent from this interface. ◆...
Page 593: Figure 392: Displaying Mvr6 Statistics - Query
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Web Interface To display statistics for MVR6 query-related messages: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR6 domain. Figure 392: Displaying MVR6 Statistics –...
Page 594: Figure 393: Displaying Mvr6 Statistics - Vlan
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a VLAN: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR6 domain. Select a VLAN.
Page 595: Figure 394: Displaying Mvr6 Statistics - Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a port: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR6 domain. Select a Port.
Page 596 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 – 596 –...
Page 597: Ip Configuration
IP Configuration This chapter describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address, or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server.
Page 598 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ◆ To enable routing between interfaces defined on this switch and external network interfaces, you must configure static routes (page 647) or use dynamic routing; i.e., RIP (page 652) ◆...
Page 599: Figure 395: Configuring A Static Ipv4 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Web Interface To set a static IPv4 address for the switch: Click IP, General, Routing Interface. Select Add Address from the Action list. Select any configured VLAN, set IP Address Mode to “User Specified, ” set IP Address Type to “Primary”...
Page 600: Figure 396: Configuring A Dynamic Ipv4 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Figure 396: Configuring a Dynamic IPv4 Address Note: The switch will also broadcast a request for IP configuration settings on each power reset. Note: If you lose the management connection, make a console connection to the switch and enter “show ip interface”...
Page 601: Setting The Switch's Ip Address (Ip Version 6)
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 397: Showing the Configured IPv4 Address for an Interface Setting the Switch’s IP Address (IP Version 6) This section describes how to configure an IPv6 interface for management access over the network, or for creating an interface to multiple subnets.
Page 602: Configuring The Ipv6 Default Gateway
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring the Use the IP > IPv6 Configuration (Configure Global) page to configure an IPv6 default gateway for the switch. IPv6 Default Gateway Parameters These parameters are displayed: ◆...
Page 603: Configuring Ipv6 Interface Settings
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring IPv6 Use the IP > IPv6 Configuration (Configure Interface) page to configure general auto-configuration of a global IPv6 settings for the selected VLAN, including Interface Settings unicast interface address, and explicit configuration of a link local interface address, the MTU size, and neighbor discovery protocol settings for duplicate...
Page 604 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) have the “other stateful configuration” flag set, the switch will attempt to acquire other non-address configuration information (such as a default gateway). If auto-configuration is not selected, then an address must be manually ■...
Page 605 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) remain in a “tentative” state. If no duplicate link-local address is found, duplicate address detection is started for the remaining IPv6 addresses. If a duplicate address is detected, it is set to “duplicate” state, and a warning ■...
Page 606 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Prior to submitting a client request to a DHCPv6 server, the switch should be configured with a link-local address using the Address Autoconfig option. The state of the Managed Address Configuration flag (M flag) and Other Stateful Configuration flag (O flag) received in Router Advertisement messages will determine the information this switch should attempt to acquire from the DHCPv6 server as described...
Page 607: Figure 399: Configuring General Settings For An Ipv6 Interface
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Enable address auto-configuration, or enable IPv6 Explicitly to automatically configure a link-local address and enable IPv6 on the selected interface. (To manually configure the link-local address, use the Add IPv6 Address page.) Set the MTU size, the maximum number of duplicate address detection messages, the neighbor solicitation message interval, and the amount of time that a remote IPv6 node is considered reachable.
Page 608: Configuring An Ipv6 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 400: Configuring RA Guard for an IPv6 Interface Configuring an Use the IP > IPv6 Configuration (Add IPv6 Address) page to configure an IPv6 interface for management access over the network, or for creating an interface to IPv6 Address multiple subnets.
Page 609 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) You can also manually configure the global unicast address by entering the ■ full address and prefix length. ◆ You can configure multiple IPv6 global unicast addresses per interface, but only one link-local address per interface.
Page 610: Figure 401: Configuring An Ipv6 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) inverting the universal/local bit in the address and inserting the hexadecimal number FFFE between the upper and lower three bytes of the MAC address. For example, if a device had an EUI-48 address of 28-9F-18-1C-82-35, the global/local bit must first be inverted to meet EUI-64 requirements (i.e., 1 for globally defined addresses and 0 for locally defined addresses), changing 28 to 2A.
Page 611: Showing Ipv6 Addresses
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing IPv6 Use the IP > IPv6 Configuration (Show IPv6 Address) page to display the IPv6 addresses assigned to an interface. Addresses Parameters These parameters are displayed: ◆...
Page 612: Showing The Ipv6 Neighbor Cache
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Select a VLAN from the list. Figure 402: Showing Configured IPv6 Addresses Showing the IPv6 Use the IP > IPv6 Configuration (Show IPv6 Neighbor Cache) page to display the IPv6 addresses detected for neighbor devices.
Page 613: Showing Ipv6 Statistics
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 36: Show IPv6 Neighbors - display description Field Description The following states are used for static entries: ◆ Incomplete - The interface for this entry is down. ◆...
Page 614: Table 37: Show Ipv6 Statistics - Display Description
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) feed back information about more suitable routes (that is, the next hop router) to use for a specific destination. ◆ UDP – User Datagram Protocol provides a datagram mode of packet switched communications.
Page 615 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Reassembled Succeeded The number of IPv6 datagrams successfully reassembled. Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments.
Page 616 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Parameter Problem The number of ICMP Parameter Problem messages received by the Messages interface. Echo Request Messages The number of ICMP Echo (request) messages received by the interface.
Page 617: Figure 404: Showing Ipv6 Statistics (Ipv6)
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Group Membership The number of ICMPv6 Group Membership Reduction messages sent. Reduction Messages Multicast Listener The number of MLDv2 reports sent by the interface. Discovery Version 2 Reports UDP Statistics Input...
Page 618: Figure 405: Showing Ipv6 Statistics (Icmpv6)
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 405: Showing IPv6 Statistics (ICMPv6) Figure 406: Showing IPv6 Statistics (UDP) – 618 –...
Page 619: Showing The Mtu For Responding Destinations
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing the MTU Use the IP > IPv6 Configuration (Show MTU) page to display the maximum transmission unit (MTU) cache for destinations that have returned an ICMP packet- for Responding too-big message along with an acceptable MTU to this switch.
Page 620 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) – 620 –...
Page 621: Ip Services
IP Services This chapter describes the following IP services: ◆ – Configures default domain names, identifies servers to use for dynamic lookup, and shows how to configure static entries. ◆ DHCP – Configures client and relay. ◆ PPPoE Intermediate Agent –...
Page 622: Configuring A List Of Domain Names
Chapter 16 | IP Services Domain Name Service Parameters These parameters are displayed: ◆ Domain Lookup – Enables DNS host name-to-address translation. (Default: Disabled) ◆ Default Domain Name – Defines the default domain name appended to incomplete host names. Do not include the initial dot that separates the host name from the domain name.
Page 623: Figure 409: Configuring A List Of Domain Names For Dns
Chapter 16 | IP Services Domain Name Service checking with the specified name servers for a match (see “Configuring a List of Name Servers” on page 624). ◆ If all name servers are deleted, DNS will automatically be disabled. Parameters These parameters are displayed: Domain Name –...
Page 624: Configuring A List Of Name Servers
Chapter 16 | IP Services Domain Name Service Configuring a List Use the IP Service > DNS - General (Add Name Server) page to configure a list of name servers to be tried in sequential order. of Name Servers Command Usage ◆...
Page 625: Configuring Static Dns Host To Address Entries
Chapter 16 | IP Services Domain Name Service Figure 412: Showing the List of Name Servers for DNS Configuring Use the IP Service > DNS - Static Host Table (Add) page to manually configure static Static DNS Host entries in the DNS table that are used to map domain names to IP addresses. to Address Entries Command Usage ◆...
Page 626: Displaying The Dns Cache
Chapter 16 | IP Services Domain Name Service To show static entries in the DNS table: Click IP Service, DNS, Static Host Table. Select Show from the Action list. Figure 414: Showing Static Entries in the DNS Table Displaying the Use the IP Service >...
Page 627: Dynamic Host Configuration Protocol
Chapter 16 | IP Services Dynamic Host Configuration Protocol Web Interface To display entries in the DNS cache: Click IP Service, DNS, Cache. Figure 415: Showing Entries in the DNS Cache Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up.
Page 628: Table 40: Options 55 And 124 Statements
Chapter 16 | IP Services Dynamic Host Configuration Protocol ◆ By default, DHCP option 66/67 parameters are not carried in a DHCP server reply. To ask for a DHCP reply with option 66/67 information, the DHCP client request sent by this switch includes a “parameter request list” asking for this information.
Page 629: Configuring Dhcp Relay Service
Chapter 16 | IP Services Dynamic Host Configuration Protocol Figure 416: Specifying a DHCP Client Identifier Configuring DHCP Use the IP Service > DHCP > Relay page to configure DHCP relay service for attached host devices. If DHCP relay is enabled, and this switch sees a DHCP request Relay Service broadcast, it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located.
Page 630: Configuring The Pppoe Intermediate Agent
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Web Interface To configure DHCP relay service: Click IP Service, DHCP, Relay. Enter up to five IP addresses for DHCP servers or relay servers in order of preference for any VLAN. Click Apply.
Page 631: Figure 419: Configuring Global Settings For Pppoe Intermediate Agent
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Parameters These parameters are displayed: ◆ PPPoE IA Global Status – Enables the PPPoE Intermediate Agent globally on the switch. (Default: Disabled) Note that PPPoE IA must be enabled globally before it can be enabled on an interface.
Page 632: Configuring Pppoe Ia Interface Settings
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Configuring PPPoE IA Use the IP Service > PPPoE Intermediate Agent (Configure Interface) page to enable PPPoE IA on an interface, set trust status, enable vendor tag stripping, and set the Interface Settings circuit ID and remote ID.
Page 633: Showing Pppoe Ia Statistics
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent ◆ Remote ID – String identifying the remote identifier (or interface) on this switch to which the user is connected. (Range: 1-63 ASCII characters; Default: Port MAC address) ◆ Operational Remote ID – The configured circuit identifier. Web Interface To configure interface settings for PPPoE IA: Click IP Service, PPPoE Intermediate Agent.
Page 634: Figure 421: Showing Pppoe Intermediate Agent Statistics
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent PADO – PPPoE Active Discovery Offer messages. ■ PADR – PPPoE Active Discovery Request messages. ■ PADS – PPPoE Active Discovery Session-Confirmation messages. ■ PADT – PPPoE Active Discovery Terminate messages. ■...
Page 635: General Ip Routing
General IP Routing This chapter provides information on network functions including: ◆ Ping – Sends ping message to another node on the network. ◆ Trace Route – Sends ICMP echo request packets to another node on the network. ◆ Address Resolution Protocol –...
Page 636: Ip Routing And Switching
Chapter 17 | General IP Routing IP Routing and Switching Figure 422: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged VLAN 1 VLAN 2 Tagged or Untagged Tagged or Untagged Tagged or Untagged Tagged or Untagged Intra-subnet traffic (Layer 2 switching) IP Routing and Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets...
Page 637: Routing Path Management
Chapter 17 | General IP Routing IP Routing and Switching If the destination belongs to a different subnet on this switch, the packet can be routed directly to the destination node. However, if the packet belongs to a subnet not included on this switch, then the packet should be sent to the next hop router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node).
Page 638: Routing Protocols
Chapter 17 | General IP Routing Configuring IP Routing Interfaces Routing Protocols The switch supports both static and dynamic routing. ◆ Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. ◆...
Page 639: Using The Ping Function
Chapter 17 | General IP Routing Configuring IP Routing Interfaces destinations, i.e., packets that do not match any routing table entry. If another router is designated as the default gateway, then the switch will pass packets to this router for any unknown hosts or subnets. To configure a default gateway for IPv4, use the static routing table as described on page 647, enter 0.0.0.0 for the IP address and subnet mask, and then specify this...
Page 640: Using The Trace Route Function
Chapter 17 | General IP Routing Configuring IP Routing Interfaces include zone-id information indicating the VLAN identifier after the % delimiter. For example, FE80::7272%1 identifies VLAN 1 as the interface. Web Interface To ping another device on the network: Click IP, General, Ping. Specify the target device and ping parameters.
Page 641: Figure 424: Tracing The Route To A Network Device
Chapter 17 | General IP Routing Configuring IP Routing Interfaces ◆ A trace terminates when the destination responds, when the maximum timeout (TTL) is exceeded, or the maximum number of hops is exceeded. ◆ The trace route function first sends probe datagrams with the TTL value set at one.
Page 642: Address Resolution Protocol
Chapter 17 | General IP Routing Address Resolution Protocol Address Resolution Protocol If IP routing is enabled (page 651), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next.
Page 643: Figure 425: Proxy Arp
Chapter 17 | General IP Routing Address Resolution Protocol requesting node. That node then sends traffic to the router, which in turn uses its own routing table to forward the traffic to the remote destination. Figure 425: Proxy ARP Proxy ARP request no routing, no default...
Page 644: Configuring Static Arp Addresses
Chapter 17 | General IP Routing Address Resolution Protocol Figure 426: Configuring General Settings for ARP Configuring For devices that do not respond to ARP requests or do not respond in a timely manner, traffic will be dropped because the IP address cannot be mapped to a Static ARP Addresses physical address.
Page 645: Figure 427: Configuring Static Arp Entries
Chapter 17 | General IP Routing Address Resolution Protocol Web Interface To map an IP address to the corresponding physical address in the ARP cache: Click IP, ARP. Select Configure Static Address from the Step List. Select Add from the Action List. Enter the IP address and the corresponding MAC address.
Page 646: Displaying Dynamic Or Local Arp Entries
Chapter 17 | General IP Routing Address Resolution Protocol Displaying Dynamic Use the IP > ARP (Show Information – ARP Addresses) page to display dynamic or local entries in the ARP cache. The ARP cache contains static entries, and entries for or Local ARP Entries local interfaces, including subnet, host, and broadcast addresses.
Page 647: Configuring Static Routes
Chapter 17 | General IP Routing Configuring Static Routes Click Statistics. Figure 430: Displaying ARP Statistics Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP). However, you can also manually enter static routes in the routing table using the IP >...
Page 648: Figure 431: Configuring Static Routes
Chapter 17 | General IP Routing Configuring Static Routes ◆ Next Hop – IP address of the next router hop used for this route. ◆ Distance – An administrative distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route.
Page 649: Displaying The Routing Table
Chapter 17 | General IP Routing Displaying the Routing Table Displaying the Routing Table Use the IP > Routing > Routing Table (Show Information) page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.
Page 650: Figure 433: Displaying The Routing Table
Chapter 17 | General IP Routing Displaying the Routing Table ◆ Protocol – The protocol which generated this route information. (Options: Local, Static, RIP, OSPF, Others) Web Interface To display the routing table: Click IP, Routing, Routing Table. Figure 433: Displaying the Routing Table –...
Page 651: Unicast Routing
Unicast Routing This chapter describes how to configure the following unicast routing protocols: – Configures Routing Information Protocol. Overview This switch can route unicast traffic to different subnetworks using Routing Information Protocol (RIP) . These protocols exchange routing information, calculate routing tables, and can respond to changes in the status or loading of the network.
Page 652: Configuring The Routing Information Protocol
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.
Page 653: Configuring General Protocol Settings
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Configuring General Use the Routing Protocol > RIP > General (Configure) page to configure general settings and the basic timers. Protocol Settings RIP is used to specify how routers exchange routing information. When RIP is enabled on this router, it sends RIP messages to all devices in the network every 30 seconds (by default), and updates its own routing table when RIP messages are received from other routers.
Page 654 Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ RIP Default Metric – Sets the default metric assigned to external routes imported from other protocols. (Range: 1-15; Default: 1) The default metric must be used to resolve the problem of redistributing external routes with incompatible metrics.
Page 655 Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Basic Timer Settings Note: The timers must be set to the same values for all routers in the network. ◆ Update – Sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes.
Page 656: Clearing Entries From The Routing Table
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 435: Configuring General Settings for RIP Clearing Entries from Use the Routing Protocol > RIP > General (Clear Route) page to clear entries from the Routing Table the routing table based on route type or a specific network address. Command Usage ◆...
Page 657: Specifying Network Interfaces
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Clear Route By Network – Clears a specific route based on its IP address and prefix length. Network IP Address – Deletes all related entries for the specified network ■...
Page 658: Figure 437: Adding Network Interfaces To Rip
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Parameters These parameters are displayed: ◆ By Address – Adds a network to the RIP routing process. Subnet Address – IP address of a network directly connected to this router. ■...
Page 659: Specifying Passive Interfaces
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 438: Showing Network Interfaces Using RIP Specifying Use the Routing Protocol > RIP > Passive Interface (Add) page to stop RIP from Passive Interfaces sending routing updates on the specified interface. Command Usage ◆...
Page 660: Specifying Static Neighbors
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 439: Specifying a Passive RIP Interface To show the passive RIP interfaces: Click Routing Protocol, RIP, Passive Interface. Select Show from the Action list. Figure 440: Showing Passive RIP Interfaces Specifying Use the Routing Protocol >...
Page 661: Configuring Route Redistribution
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 441: Specifying a Static RIP Neighbor To show static RIP neighbors: Click Routing Protocol, RIP, Neighbor Address. Select Show from the Action list. Figure 442: Showing Static RIP Neighbors Configuring Route Use the Routing Protocol >...
Page 662: Figure 443: Redistributing External Routes Into Rip
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol When a metric value has not been configured on this page, the default-metric determines the metric value to be used for all imported external routes. It is advisable to use a low metric when redistributing routes from another protocol into RIP.
Page 663: Specifying An Administrative Distance
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 444: Showing External Routes Redistributed into RIP Specifying an Use the Routing Protocol > RIP > Distance (Add) page to define an administrative Administrative distance for external routes learned from other routing protocols. Distance Command Usage ◆...
Page 664: Configuring Network Interfaces For Rip
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 445: Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols: Click Routing Protocol, RIP, Distance. Select Show from the Action list. Figure 446: Showing the Distance Assigned to External Routes Configuring Network Use the Routing Protocol >...
Page 665 Chapter 18 | Unicast Routing Configuring the Routing Information Protocol multicasting as normally required by RIPv2. (Using this mode allows older RIPv2 routers which only receive RIP broadcast messages to receive all of the information provided by RIPv2, including subnet mask, next hop and authentication information.
Page 666 Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Send Version – The RIP version to send on an interface. RIPv1: Sends only RIPv1 packets. ■ RIPv2: Sends only RIPv2 packets. ■ RIPv1 Compatible: Route information is broadcast to other routers with ■...
Page 667: Figure 447: Configuring A Network Interface For Rip
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Instability Prevention – Specifies the method used to reduce the convergence time when the network topology changes, and to prevent RIP protocol messages from looping back to the source router. Split Horizon –...
Page 668: Displaying Rip Interface Settings
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 448: Showing RIP Network Interface Settings Displaying RIP Use the Routing Protocol > RIP > Statistics (Show Interface Information) page to Interface Settings display information about RIP interface configuration settings. Parameters These parameters are displayed: ◆...
Page 669: Displaying Peer Router Information
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Displaying Peer Use the Routing Protocol > RIP > Statistics (Show Peer Information) page to display information on neighboring RIP routers. Router Information Parameters These parameters are displayed: ◆ Peer Address – IP address of a neighboring RIP router. ◆...
Page 670 Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 451: Resetting RIP Statistics – 670 –...
Page 671: Appendices
Section III Appendices This section provides additional information and includes these items: ◆ “Software Specifications” on page 673 ◆ “Troubleshooting” on page 679 ◆ “License Statement / GPL Code Statement” on page 681 – 671 –...
Page 672 Section III | Appendices – 672 –...
Page 673: A Software Specifications
Software Specifications Software Features Management Local, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Security, IP Filter Authentication General Security Access Control Lists (512 rules), Port Authentication (802.1X), MAC Authentication, Port Security, DHCP Snooping, IP Source Guard Measures Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX/ZX: 1000 Mbps at full duplex (SFP , SFP+)
Page 674 Appendix A | Software Specifications Software Features Spanning Tree Spanning Tree Protocol (STP, IEEE 802.1D-2004) Algorithm Rapid Spanning Tree Protocol (RSTP, IEEE 802.1D-2004) Multiple Spanning Tree Protocol (MSTP, IEEE 802.1D-2004) VLAN Support 4094 Up to groups; port-based, protocol-based, tagged (802.1Q), voice VLANs, IP subnet, MAC-based, QinQ tunnel, GVRP for automatic VLAN learning Class of Service Supports four levels of priority...
Page 675: Management Features
Appendix A | Software Specifications Management Features Management Features In-Band Management Telnet, web-based HTTP or HTTPS, SNMP manager, or Secure Shell Out-of-Band RS-232 DB-9 console port Management Software Loading HTTP, FTP or TFTP in-band, or XModem out-of-band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event)
Page 676: Management Information Bases
Appendix A | Software Specifications Management Information Bases IGMPv2 (RFC 2236) IGMPv3 (RFC 3376) - partial support IGMP Proxy (RFC 4541) IPv4 IGMP (RFC 3228) MLD Snooping (RFC 4541) NTP (RFC 1305) OSPF (RFC 2328, 2178, 1587) OSPFv3 (RFC 2740) PIM-SM (RFC 4601) PIM-DM (RFC 3973) RADIUS+ (RFC 2618)
Page 677 Appendix A | Software Specifications Management Information Bases IPV6-TCP-MIB (RFC 2052) IPV6-UDP-MIB (RFC2054) Link Aggregation MIB (IEEE 802.3ad) MAU MIB (RFC 3636) MIB II (RFC 1213) NTP (RFC 1305) OSPF MIB (RFC 1850) OSPFv3 MIB (draft-ietf-ospf-ospfv3-mib-15.txt) P-Bridge MIB (RFC 2674P) Port Access Entity MIB (IEEE 802.1X) Port Access Entity Equipment MIB Private MIB...
Page 678 Appendix A | Software Specifications Management Information Bases – 678 –...
Page 679: B Troubleshooting
Troubleshooting Problems Accessing the Management Interface Table 43: Troubleshooting Chart Symptom Action ◆ Cannot connect using Be sure the switch is powered on. Telnet, web browser, or ◆ Check network cabling between the management station and the SNMP software switch. Make sure the ends are properly connected and there is no damage to the cable.
Page 680: Using System Logs
Appendix B | Troubleshooting Using System Logs Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 681: C License Statement / Gpl Code Statement
License Statement / GPL Code Statement This product resp. the here (http://global.level1.com/downloads.php?action=init) for downloading offered software includes software code developed by third parties, including software code subject to the GNU General Public License Version 2 ("GPLv2") and GNU Lesser General Public License 2.1 ("LGPLv2.1").
Page 682 Appendix C | License Statement / GPL Code Statement The GNU General Public License Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 683 Appendix C | License Statement / GPL Code Statement The GNU General Public License You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
Page 684 Appendix C | License Statement / GPL Code Statement The GNU General Public License If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
Page 685: How To Apply These Terms To Your New Programs
Appendix C | License Statement / GPL Code Statement How to Apply These Terms to Your New Programs Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission.
Page 686: Notification Of Compliance
Appendix C | License Statement / GPL Code Statement Notification of Compliance MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program;...
Page 687 Appendix C | License Statement / GPL Code Statement Notification of Compliance For GNU General Public License (GPL) related information, please visit http://global.level1.com/downloads.php?action=init – 687 –...
Page 688 Appendix C | License Statement / GPL Code Statement Notification of Compliance – 688 –...
Page 689: Glossary
Glossary Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 690 Glossary DiffServ Differentiated Services provides quality of service on large networks by employing a well- defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 691 Glossary ICMP Internet Control Message Protocol is a network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 692 Glossary IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. In-Band Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts.
Page 693 Glossary Multicast Router Discovery is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers. This process allows IGMP-enabled devices to determine where to send multicast source and group membership messages. MSTP Multiple Spanning Tree Protocol can provide an independent spanning tree for different VLANs.
Page 694 Glossary QinQ QinQ tunneling is designed for service providers carrying traffic for multiple customers across their networks. It is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. Quality of Service. QoS refers to the capability of a network to provide better service to selected traffic flows using features such as data prioritization, queuing, congestion avoidance and traffic shaping.
Page 695 Glossary Spanning Tree Algorithm is a technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
Page 696 Glossary – 696 –...
Page 697: Index
Index Numerics address table 187 aging time 191 802.1Q tunnel 166 aging time, displaying 191 access 174 aging time, setting 191 configuration, guidelines 170 configuration, limitations 169 configuration 642 CVID to SVID map 172 description 642 description 166 proxy 642 ethernet type 171 statistics 646 interface configuration 173...
Page 698 Index bridge extension capabilities, displaying 75 priorities, mapping to internal values 242 broadcast storm, threshold 222 queue mapping 235 queue mode 232 queue weights, assigning 233 CoS/CFI to PHB/drop precedence 242 cable diagnostics 126 canonical format indicator 242 status 98 utilization, showing 98 basic operations 476 cross-check message, CFM 474...
Page 699 Index policy map 250 hold-off timer 465 policy map, description 247 major domain 462 QoS policy 250 MEG level 457 service policy 259 node identifier 462 setting CoS for matching packets 253 propagate topology change 464 setting IP DSCP for matching packets 254 ring configuration 454 setting PHB for matching packets 253 ring, enabling 456...
Page 700 Index IGMP IP source guard filter profiles, configuration 550 ACL table, learning mode 358 filter, parameters 550 configuring static entries 359 filtering & throttling 549 learning mode, ACL table or MAC table 358 filtering & throttling, creating profile 550 MAC table, learning mode 358 filtering &...
Page 701 Index partner parameters 141 protocol message statistics 138 MAC address authentication 289 protocol parameters 134 ports, configuring 292 timeout, for LACPDU 133 reauthentication 292 last member query interval, IGMP snooping 540 MAC address, mirroring 194 license information 681 main menu, web interface 52 Link Layer Discovery Protocol - Media Endpoint Discovery maintenance association, CFM 474 See LLDP-MED...
Page 702 Index router configuration 532 multicast groups 536 network access displaying 536 authentication 289 static 534 dynamic QoS assignment 293 multicast router discovery 537 dynamic VLAN assignment 293 multicast router port, displaying 534 MAC address filter 294 multicast services port configuration 292 configuring 534 reauthentication 292 displaying 536...
Page 703 Index configuring 108 query response interval, IGMP snooping 540 duplex mode 110 queue weight, assigning to CoS 233 flow control 110 forced selection of media type 109 mirroring 112 RADIUS mirroring local traffic 112 logon authentication 271 mirroring remote traffic 114 settings 271 multicast storm threshold 223 rate limit...
Page 704 Index global settings, displaying 206 STA 197 interface settings, configuring 207 BPDU filter 211 interface settings, displaying 212 BPDU flooding 202 BPDU shutdown 210 detecting loopbacks 199 edge port 209 secure shell 302 global settings, configuring 201 configuration 302 global settings, displaying 206 security, general measures 267 interface settings, configuring 207 serial port, configuring 95...
Page 705 Index settings 272 adding static members 159 creating 156 flood 529 description 153 general query solicitation 530 displaying port members by interface 162 Telnet displaying port members by interface range 163 configuring 97 displaying port members by VLAN index 162 server, enabling 97 dynamic assignment 293 time range, ACL 310...
Page 706 GTL-2881 GTL-2882 E112016/ST-R01...

This manual is also suitable for:

Gtl-2882

LevelOne GTL-2881 User Manual

How to Use this Guide

Contents

Figures

Tables

Section I

Getting Started

1 Introduction

Web Configuration

2 Using the Web Interface

3 Basic Management Tasks

4 Interface Configuration

5 VLAN Configuration

6 Address Table Settings

7 Spanning Tree Algorithm

8 Congestion Control

9 Class of Service

10 Quality of Service

Quick Links

User Manual

Related Manuals for LevelOne GTL-2881

Summary of Contents for LevelOne GTL-2881