GTL-2881 28-Port Stackable Layer 3 Lite Managed Gigabit Switch, 2 x SFP+, 2 x SFP+ (Optional Modules) GTL-2882 28-Port Stackable Layer 3 Lite Managed Gigabit Fiber Switch, 2 x SFP+, 2 x SFP+ (Optional Modules) User Manual V1.0 Digital Data Communications Asia Co., Ltd.
Page 2
U se r M a n u a l GTL-2881 Layer Layer 3 Lite Stackable Gigabit Ethernet Switch with 24 10/100/1000BASE-T (RJ-45) Ports, 2 10-Gigabit SFP+ Ports, and Optional Module with 2 10-Gigabit SFP+ Ports GTL-2882 Layer Layer 3 Lite Stackable Gigabit Ethernet Fiber Switch...
How to Use This Guide This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Page 4
How to Use This Guide For information on how to install the switch, see the following guide: Installation Guide For all safety information and regulatory statements, see the following documents: Quick Start Guide Safety and Regulatory Information Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions.
Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Key Features Description of Software Features IP Routing Equal-cost Multipath Load Balancing Address Resolution Protocol Operation, Administration, and Maintenance System Defaults Section II Web Configuration 2 Using the Web Interface Connecting to the Web Interface Navigating the Web Browser Interface...
Page 6
Contents Displaying Hardware/Software Versions Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File Setting the Start-Up File Showing System Files Automatic Operation Code Upgrade Setting the System Clock Setting the Time Manually Setting the SNTP Polling Interval...
Page 7
Contents Configuring Transceiver Thresholds Performing Cable Diagnostics Trunk Configuration Configuring a Static Trunk Configuring a Dynamic Trunk Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Configuring Load Balancing Saving Power Traffic Segmentation Enabling Traffic Segmentation...
Page 8
Contents Displaying the Dynamic Address Table Clearing the Dynamic Address Table Configuring MAC Address Mirroring Issuing MAC Address Traps 7 Spanning Tree Algorithm Overview Configuring Loopback Detection Configuring Global Settings for STA Displaying Global Settings for STA Configuring Interface Settings for STA Displaying Interface Settings for STA Configuring Multiple Spanning Trees Configuring Interface Settings for MSTP...
Page 9
Contents 11 VoIP Traffic Configuration Overview Configuring VoIP Traffic Configuring Telephony OUI Configuring VoIP Traffic Ports 12 Security Measures AAA (Authentication, Authorization and Accounting) Configuring Local/Remote Logon Authentication Configuring Remote Logon Authentication Servers Configuring AAA Accounting Configuring AAA Authorization Configuring User Accounts Web Authentication Configuring Global Settings for Web Authentication Configuring Interface Settings for Web Authentication...
Page 10
Contents Configuring a Standard IPv6 ACL Configuring an Extended IPv6 ACL Configuring a MAC ACL Configuring an ARP ACL Binding a Port to an Access Control List Configuring ACL Mirroring Showing ACL Hardware Counters ARP Inspection Configuring Global Settings for ARP Inspection Configuring VLAN Settings for ARP Inspection Configuring Interface Settings for ARP Inspection Displaying ARP Inspection Statistics...
Page 11
Contents 13 Basic Administration Protocols Configuring Event Logging System Log Configuration Remote Log Configuration Sending Simple Mail Transfer Protocol Alerts Link Layer Discovery Protocol Setting LLDP Timing Attributes Configuring LLDP Interface Attributes Configuring LLDP Interface Civic-Address Displaying LLDP Local Device Information Displaying LLDP Remote Device Information Displaying Device Statistics Simple Network Management Protocol...
Page 12
Contents Ethernet Ring Protection Switching ERPS Global Configuration ERPS Ring Configuration ERPS Forced and Manual Mode Operations Connectivity Fault Management Configuring Global Settings for CFM Configuring Interfaces for CFM Configuring CFM Maintenance Domains Configuring CFM Maintenance Associations Configuring Maintenance End Points Configuring Remote Maintenance End Points Transmitting Link Trace Messages Transmitting Loop Back Messages...
Page 13
Contents 14 Multicast Filtering Overview Layer 2 IGMP (Snooping and Query for IPv4) Configuring IGMP Snooping and Query Parameters Specifying Static Interfaces for a Multicast Router Assigning Interfaces to Multicast Services Setting IGMP Snooping Status per Interface Filtering IGMP Query Packets and Multicast Data Displaying Multicast Groups Discovered by IGMP Snooping Displaying IGMP Snooping Statistics Filtering and Throttling IGMP Groups...
Page 14
Contents Displaying MVR6 Receiver Groups Displaying MVR6 Statistics 15 IP Configuration Setting the Switch’s IP Address (IP Version 4) Setting the Switch’s IP Address (IP Version 6) Configuring the IPv6 Default Gateway Configuring IPv6 Interface Settings Configuring an IPv6 Address Showing IPv6 Addresses Showing the IPv6 Neighbor Cache Showing IPv6 Statistics...
Page 15
Contents Configuring IP Routing Interfaces Configuring Local and Remote Interfaces Using the Ping Function Using the Trace Route Function Address Resolution Protocol Basic ARP Configuration Configuring Static ARP Addresses Displaying Dynamic or Local ARP Entries Displaying ARP Statistics Configuring Static Routes Displaying the Routing Table 18 Unicast Routing Overview...
Page 16
Contents B Troubleshooting Problems Accessing the Management Interface Using System Logs C License Statement / GPL Code Statement Written Offer for GPL/LGPL Source Code The GNU General Public License How to Apply These Terms to Your New Programs Notification of Compliance Glossary Index –...
Figures Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Configuring Automatic Code Upgrade...
Page 18
Figures Figure 30: Restarting the Switch (In) Figure 31: Restarting the Switch (At) Figure 32: Restarting the Switch (Regularly) Figure 33: Configuring Connections by Port List Figure 34: Configuring Connections by Port Range Figure 35: Displaying Port Information Figure 36: Configuring Local Port Mirroring Figure 37: Configuring Local Port Mirroring Figure 38: Displaying Local Port Mirror Sessions Figure 39: Configuring Remote Port Mirroring...
Page 19
Figures Figure 65: Enabling Traffic Segmentation Figure 66: Configuring Members for Traffic Segmentation Figure 67: Showing Traffic Segmentation Members Figure 68: Configuring VLAN Trunking Figure 69: Configuring VLAN Trunking Figure 70: VLAN Compliant and VLAN Non-compliant Devices Figure 71: Using GVRP Figure 72: Creating Static VLANs Figure 73: Modifying Settings for Static VLANs Figure 74: Showing Static VLANs...
Page 20
Figures Figure 100: Configuring MAC Address Learning Figure 101: Configuring Static MAC Addresses Figure 102: Displaying Static MAC Addresses Figure 103: Setting the Address Aging Time Figure 104: Displaying the Dynamic MAC Address Table Figure 105: Clearing Entries in the Dynamic MAC Address Table Figure 106: Mirroring Packets Based on the Source MAC Address Figure 107: Showing the Source MAC Addresses to Mirror Figure 108: Issuing MAC Address Traps (Global Configuration)
Page 21
Figures Figure 135: Configuring ATC Interface Attributes Figure 136: Setting the Default Port Priority Figure 137: Setting the Queue Mode (Strict) Figure 138: Setting the Queue Mode (WRR) Figure 139: Setting the Queue Mode (Strict and WRR) Figure 140: Mapping CoS Values to Egress Queues Figure 141: Showing CoS Values to Egress Queue Mapping Figure 142: Setting the Trust Mode Figure 143: Configuring DSCP to DSCP Internal Mapping...
Page 22
Figures Figure 170: Configuring AAA Accounting Service for Command Service Figure 171: Configuring AAA Accounting Service for Exec Service Figure 172: Displaying a Summary of Applied AAA Accounting Methods Figure 173: Displaying Statistics for AAA Accounting Sessions Figure 174: Configuring AAA Authorization Methods Figure 175: Showing AAA Authorization Methods Figure 176: Configuring AAA Authorization Methods for Exec Service Figure 177: Displaying the Applied AAA Authorization Method...
Page 23
Figures Figure 205: Configuring an Extended IPv6 ACL Figure 206: Configuring a MAC ACL Figure 207: Configuring a ARP ACL Figure 208: Binding a Port to an ACL Figure 209: Configuring ACL Mirroring Figure 210: Showing the VLANs to Mirror Figure 211: Showing ACL Statistics Figure 212: Configuring Global Settings for ARP Inspection Figure 213: Configuring VLAN Settings for ARP Inspection...
Page 24
Figures Figure 240: Showing Error Messages Logged to System Memory Figure 241: Configuring Settings for Remote Logging of Error Messages Figure 242: Configuring SMTP Alert Messages Figure 243: Configuring LLDP Timing Attributes Figure 244: Configuring LLDP Interface Attributes Figure 245: Configuring the Civic Address for an LLDP Interface Figure 246: Showing the Civic Address for an LLDP Interface Figure 247: Displaying Local Device Information for LLDP (General) Figure 248: Displaying Local Device Information for LLDP (Port)
Page 26
Figures Figure 310: Configuring Detailed Settings for Maintenance Domains Figure 311: Creating Maintenance Associations Figure 312: Showing Maintenance Associations Figure 313: Configuring Detailed Settings for Maintenance Associations Figure 314: Configuring Maintenance End Points Figure 315: Showing Maintenance End Points Figure 316: Configuring Remote Maintenance End Points Figure 317: Showing Remote Maintenance End Points Figure 318: Transmitting Link Trace Messages Figure 319: Transmitting Loopback Messages...
Page 27
Figures Figure 345: Showing Current Interfaces Attached a Multicast Router Figure 346: Configuring IGMP Snooping on a VLAN Figure 347: Showing Interface Settings for IGMP Snooping Figure 348: Dropping IGMP Query or Multicast Data Packets Figure 349: Showing Multicast Groups Learned by IGMP Snooping Figure 350: Displaying IGMP Snooping Statistics –...
Page 28
Figures Figure 380: Displaying MVR Statistics – VLAN Figure 381: Displaying MVR Statistics – Port Figure 382: Configuring Global Settings for MVR6 Figure 383: Configuring Domain Settings for MVR6 Figure 384: Configuring an MVR6 Group Address Profile Figure 385: Displaying MVR6 Group Address Profiles Figure 386: Assigning an MVR6 Group Address Profile to a Domain Figure 387: Showing MVR6 Group Address Profiles Assigned to a Domain Figure 388: Configuring Interface Settings for MVR6...
Page 29
Figures Figure 415: Showing Entries in the DNS Cache Figure 416: Specifying a DHCP Client Identifier Figure 417: Layer 3 DHCP Relay Service Figure 418: Configuring DHCP Relay Service Figure 419: Configuring Global Settings for PPPoE Intermediate Agent Figure 420: Configuring Interface Settings for PPPoE Intermediate Agent Figure 421: Showing PPPoE Intermediate Agent Statistics Figure 422: Virtual Interfaces and Layer 3 Routing Figure 423: Pinging a Network Device...
Section I Getting Started This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: ◆ "Introduction" on page 35 –...
Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 36
Chapter 1 | Introduction Key Features (Continued) Table 1: Key Features Feature Description Address Table 16K MAC addresses in the forwarding table, 1K static MAC addresses; 1760 entries in the ARP cache, 256 static ARP entries; 256 static IP routes, 32 IP interfaces; 2K IPv4 entries in the host table;...
Chapter 1 | Introduction Description of Software Features Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network.
Page 38
Chapter 1 | Introduction Description of Software Features Port Configuration You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device. Use full-duplex mode on ports whenever possible to double the throughput of switch connections.
Page 39
Chapter 1 | Introduction Description of Software Features IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information. The address table supports up to 16K addresses. Store-and-Forward The switch copies each frame into its memory before forwarding them to another Switching...
Page 40
Chapter 1 | Introduction Description of Software Features GVRP, or ports can be manually assigned to a specific set of VLANs. This allows the switch to restrict traffic to the VLAN groups to which a user has been assigned. By segmenting your network into VLANs, you can: ◆...
Chapter 1 | Introduction Description of Software Features allows you select traffic based on Layer 2, Layer 3, or Layer 4 information contained in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. Ethernet Ring ERPS can be used to increase the availability and robustness of Ethernet rings, such as those used in Metropolitan Area Networks (MAN).
Chapter 1 | Introduction Description of Software Features Equal-cost Multipath When multiple paths to the same destination and with the same path cost are found in the routing table, the Equal-cost Multipath (ECMP) algorithm first checks if Load Balancing the cost is lower than that of any other routing entries. If the cost is the lowest in the table, the switch will use up to eight paths having the lowest path cost to balance traffic forwarded to the destination.
Chapter 1 | Introduction System Defaults Link Layer Discovery LLDP is used to discover basic information about neighboring devices within the local broadcast domain. LLDP is a Layer 2 protocol that advertises information Protocol about the sending device and collects information gathered from neighboring network nodes it discovers.
Page 44
Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Authentication and Privileged Exec Level Username “admin” Security Measures Password “admin” Normal Exec Level Username “guest” Password “guest” Enable Privileged Exec from Password “super” Normal Exec Level RADIUS Authentication Disabled TACACS+ Authentication...
Page 45
Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Congestion Control Rate Limiting Disabled Storm Control Broadcast: Enabled (64 kbits/sec) Multicast: Disabled Unknown Unicast: Disabled Auto Traffic Control Disabled Address Table Aging Time 300 seconds Spanning Tree Algorithm Status Enabled, RSTP...
Section II Web Configuration This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: ◆ "Using the Web Interface" on page 49 ◆ "Basic Management Tasks"...
Page 48
Section II | Web Configuration ◆ "Unicast Routing" on page 651 – 48 –...
Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent versions).
Figure 1: Home Page Note: This manual covers the GTL-2881 Gigabit Ethernet switch and GTL-2882 Gigabit Ethernet Fiber switch. Other than the difference in port types, there are no – 50 –...
Note: You can open a connection to the vendor’s web site by clicking on the levelone logo. Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting.
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 4: Switch Main Menu Menu Description...
Page 53
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Renumber Reset stack identification numbers Reset Restarts the switch immediately, at a specified time, after a specified delay, or at a periodic interval Interface Port General...
Page 54
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Actor Configures parameters for link aggregation group members on the local side Partner Configures parameters for link aggregation group members on the remote side Show Information Counters...
Page 55
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Dynamic VLAN Show VLAN Shows the VLANs this switch has joined through GVRP Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP Tunnel IEEE 802.1Q (QinQ) Tunneling Configure Global...
Page 56
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Clear Dynamic MAC Removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries Mirror Mirrors traffic matching a specified source address from any port on the...
Page 57
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Interface Sets the storm control mode (broadcast or multicast), the traffic thresholds, the control response, to automatically release a response of rate limiting, or to send related SNMP trap messages Priority Default Priority...
Page 58
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure OUI Maps the OUI in the source MAC address of ingress packets to the VoIP device manufacturer Show Shows the OUI telephony list Configure Interface Configures VoIP traffic settings for ports, including the way in which a...
Page 59
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows authorized users Modify Modifies user attributes Web Authentication Allows authentication and access to the network when 802.1X or Network Access authentication are infeasible or impractical Configure Global Configures general protocol settings...
Page 60
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Rule Shows the time specified by a rule Configure ACL Show TCAM Shows utilization parameters for TCAM Adds an ACL based on IP or MAC address filtering Show Shows the name and type of configured ACLs Add Rule...
Page 61
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table Port Configuration Enables IP source guard and selects filter type per port Static Binding...
Page 62
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Remote Device Information Port/Trunk Displays information about a remote device connected to a port on this switch Port/Trunk Details Displays detailed information about a remote device connected to this switch Show Device Statistics...
Page 63
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows the configured notification logs Show Statistics Shows the status of SNMP communications RMON Remote Monitoring Configure Global Alarm Sets threshold bounds for a monitored variable Event...
Page 64
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Interface Configures administrative status on an interface Configure MD Configure Maintenance Domains Defines a portion of the network for which connectivity faults can be managed, identified by an MD index, maintenance level, and the MIP creation method Configure Details...
Page 65
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Continuity Check Error Displays CFM continuity check errors logged on this device Operation, Administration, and Maintenance Interface Enables OAM on specified port, sets the mode to active or passive, and enables the reporting of critical events or errored frame events Counters Displays statistics on OAM PDUs...
Page 66
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Routing Table Show Information Shows all routing entries, including local, static and dynamic routes IPv6 Configuration Configure Global Sets an IPv6 default gateway for traffic with no known next hop Configure Interface Configures IPv6 interface address using auto-configuration or link-local address, and sets related protocol settings...
Page 67
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Snooping Configure Global Enables DHCP snooping globally, MAC-address verification, information option; and sets the information policy Configure VLAN Enables DHCP snooping on a VLAN Configure Interface Sets the trust mode for an interface Show Information...
Page 68
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Add Multicast Group Range Assigns multicast groups to selected profile Show Multicast Group Range Shows multicast groups assigned to a profile Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action Statistics...
Page 69
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Static Group Member Statically assigns MVR multicast streams to an interface Show Shows MVR multicast streams assigned to an interface Show Member Shows the multicast groups assigned to an MVR VLAN, the source address of the multicast services, and the interfaces with active...
Page 70
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Routing Protocol General Configure Enables or disables RIP, sets the global RIP attributes and timer values Clear Route Clears the specified route type or network interface from the routing table Network Sets the network interfaces that will use RIP...
Basic Management Tasks This chapter describes the following topics: ◆ Displaying System Information – Provides basic system description, including contact information. ◆ Displaying Hardware/Software Versions – Shows the hardware version, power status, and firmware versions ◆ Configuring Support for Jumbo Frames –...
Chapter 3 | Basic Management Tasks Displaying System Information Displaying System Information Use the System > General page to identify the system by displaying information such as the device name, location and contact information. Parameters These parameters are displayed: ◆ System Description –...
Chapter 3 | Basic Management Tasks Displaying Hardware/Software Versions Displaying Hardware/Software Versions Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Parameters The following parameters are displayed: Main Board Information ◆...
Chapter 3 | Basic Management Tasks Configuring Support for Jumbo Frames Web Interface To view hardware and software version information. Click System, then Switch. Figure 4: General Switch Information Configuring Support for Jumbo Frames Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit Ethernet ports or trunks.
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities Web Interface To configure support for jumbo frames: Click System, then Capability. Enable or disable support for jumbo frames. Click Apply. Figure 5: Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Use the System >...
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities ◆ Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration”...
Chapter 3 | Basic Management Tasks Managing System Files Managing System Files This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. Copying Files via FTP/ Use the System > File (Copy) page to upload/download firmware or configuration TFTP or HTTP settings using FTP, TFTP or HTTP.
Page 78
Chapter 3 | Basic Management Tasks Managing System Files ◆ File Name – The file name should not contain slashes (\ or /), the leading letter of the file name should not be a period (.), and the maximum length for file names is 32 characters for files on the switch or 127 characters for files on the server.
Chapter 3 | Basic Management Tasks Managing System Files Figure 7: Copy Firmware If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Saving the Running Use the System >...
Chapter 3 | Basic Management Tasks Managing System Files Select the current startup file on the switch to overwrite or specify a new file name. Then click Apply. Figure 8: Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System >...
Chapter 3 | Basic Management Tasks Managing System Files Showing System Files Use the System > File (Show) page to show the files in the system directory, or to delete a file. Note: Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be deleted.
Page 82
Chapter 3 | Basic Management Tasks Managing System Files ◆ The path to the directory must also be defined. If the file is stored in the root directory for the FTP/TFTP service, then use the “/” to indicate this (e.g., ftp:// 192.168.0.1/).
Page 83
Chapter 3 | Basic Management Tasks Managing System Files ◆ The switch will immediately restart after the upgrade file is successfully written to the file system and set as the startup image. Parameters The following parameters are displayed: ◆ Automatic Opcode Upgrade – Enables the switch to search for an upgraded operation code file during the switch bootup process.
Page 84
Chapter 3 | Basic Management Tasks Managing System Files Examples The following examples demonstrate the URL syntax for a TFTP server at IP address 192.168.0.1 with the operation code image stored in various locations: tftp://192.168.0.1/ ■ The image file is in the TFTP root directory. tftp://192.168.0.1/switch-opcode/ ■...
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 11: Configuring Automatic Code Upgrade If a new image is found at the specified location, the following type of messages will be displayed during bootup. Automatic Upgrade is looking for a new image New image detected: current version 1.5.2.15;...
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the Time Use the System > Time (Configure General - Manual) page to set the system time on the switch manually without using SNTP. Manually Parameters The following parameters are displayed: ◆...
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the SNTP Use the System > Time (Configure General - SNTP) page to set the polling interval at which the switch will query the specified time servers. Polling Interval Parameters The following parameters are displayed: ◆...
Chapter 3 | Basic Management Tasks Setting the System Clock You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients.
Chapter 3 | Basic Management Tasks Setting the System Clock Parameters The following parameters are displayed: ◆ SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.
Chapter 3 | Basic Management Tasks Setting the System Clock ◆ Authentication Key – Specifies the number of the key in the NTP Authentication Key List to use for authentication with the configured server. NTP authentication is optional. If enabled on the System > Time (Configure General) page, you must also configure at least one key on the System >...
Chapter 3 | Basic Management Tasks Setting the System Clock Specifying NTP Authentication Keys Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list. Parameters The following parameters are displayed: ◆...
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 19: Showing the NTP Authentication Key List Setting the Time Zone Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 20: Setting the Time Zone Configuring Use the Summer Time page to set the system clock forward during the summer Summer Time months (also known as daylight savings time). In some countries or regions, clocks are adjusted through the summer months so that afternoons have more daylight and mornings have less.
Chapter 3 | Basic Management Tasks Setting the System Clock Table 5: Predefined Summer-Time Parameters Region Start Time, Day, Week, & Month End Time, Day, Week, & Month Rel. Offset Australia 00:00:00, Sunday, Week 5 of October 23:59:59, Sunday, Week 5 of March 60 min Europe 00:00:00, Sunday, Week 5 of March...
Chapter 3 | Basic Management Tasks Configuring the Console Port Figure 21: Configuring Summer Time Configuring the Console Port Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port.
Chapter 3 | Basic Management Tasks Configuring the Console Port per character. If no parity is required, specify 8 data bits per character. (Default: 8 bits) ◆ Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2;...
Chapter 3 | Basic Management Tasks Configuring Telnet Settings Configuring Telnet Settings Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password.
Chapter 3 | Basic Management Tasks Displaying CPU Utilization authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch. Web Interface To configure parameters for the console port: Click System, then Telnet.
Chapter 3 | Basic Management Tasks Displaying Memory Utilization Figure 24: Displaying CPU Utilization Displaying Memory Utilization Use the System > Memory Status page to display memory utilization parameters. Parameters The following parameters are displayed: ◆ Free Size – The amount of memory currently free for use. ◆...
Chapter 3 | Basic Management Tasks Stacking Stacking This section describes the basic functions which enable a properly connected set of switches to function as a single logical entity for management purposes. For information on how to physically connect units into a stack, see the Hardware Installation Guide.
Chapter 3 | Basic Management Tasks Stacking Click Apply. Figure 26: Setting the Stack Master Enabling Use the System > Stacking (Configure Stacking Button) page to enable stacking on the front panel 10G ports. Stacking Ports Command Usage ◆ The stacking ports must be enabled on all stack members. ◆...
Chapter 3 | Basic Management Tasks Stacking Figure 27: Enabling Stacking on 10G Ports Renumbering If the units are no longer numbered sequentially after several topology changes or failures, use the System > Stacking (Renumber) page to reset the unit numbers. Just the Stack remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master.
Chapter 3 | Basic Management Tasks Resetting the System Resetting the System Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval. Command Usage ◆ This command resets the entire system. ◆...
Page 104
Chapter 3 | Basic Management Tasks Resetting the System YYYY - The year at which to reload. (Range: 1970-2037) ■ HH - The hour at which to reload. (Range: 00-23) ■ MM - The minute at which to reload. (Range: 00-59) ■...
Interface Configuration This chapter describes the following topics: ◆ Port Configuration – Configures connection settings, including auto- negotiation, or manual setting of speed, duplex mode, and flow control. ◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local switch.
Chapter 4 | Interface Configuration Port Configuration Port Configuration This section describes how to configure port connections, mirror traffic from one port to another, and run cable diagnostics. Configuring by Use the Interface > Port > General (Configure by Port List) page to enable/disable Port List an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 109
Chapter 4 | Interface Configuration Port Configuration ◆ Media Type – Configures the forced transceiver mode for SFP/SFP+ ports, or forced/preferred port type for RJ-45/SFP combination ports. None - Forced transceiver mode is not used for SFP/SFP+ ports. (This is the ■...
Chapter 4 | Interface Configuration Port Configuration Default: Autonegotiation enabled on Gigabit and 10 Gigabit ports; Advertised capabilities for 1000BASE-T – 10half, 10full, 100half, 100full, 1000full 1000BASE-SX/LX/ZX (SFP SFP+) – 1000full 10GBASE-SR/LR/ER (SFP+) – 10Gfull ◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., with auto-negotiation disabled) ◆...
Chapter 4 | Interface Configuration Port Configuration Configuring by Use the Interface > Port > General (Configure by Port Range) page to enable/ disable an interface, set auto-negotiation and the interface capabilities to Port Range advertise, or manually fix the speed, duplex mode, and flow control. For more information on command usage and a description of the parameters, refer to “Configuring by Port List”...
Chapter 4 | Interface Configuration Port Configuration ◆ Admin – Shows if the port is enabled or disabled. ◆ Oper Status – Indicates if the link is Up or Down. ◆ Media Type – Shows the forced transceiver mode for SFP/SFP+ ports, or forced/preferred port type for RJ-45/SFP combination ports used in the GTL- 2882.
Page 113
Chapter 4 | Interface Configuration Port Configuration (remote port mirroring as described in “Configuring Remote Port Mirroring” on page 114). ◆ Monitor port speed should match or exceed source port speed, otherwise traffic may be dropped from the monitor port. ◆...
Chapter 4 | Interface Configuration Port Configuration Figure 37: Configuring Local Port Mirroring To display the configured mirror sessions: Click Interface, Port, Mirror. Select Show from the Action List. Figure 38: Displaying Local Port Mirror Sessions Configuring Use the Interface > RSPAN page to mirror traffic from remote switches for analysis Remote Port Mirroring at a destination port on the local switch.
Chapter 4 | Interface Configuration Port Configuration Figure 39: Configuring Remote Port Mirroring Intermediate Switch Intermediate Switch RPSAN VLAN Uplink Port Uplink Port Destination Switch Source Switch Source Port Uplink Port Uplink Port Destination Port Tagged or untagged traffic Ingress or egress traffic from the RSPAN VLAN is is mirrored onto the RSPAN analyzed at this port.
Page 116
Chapter 4 | Interface Configuration Port Configuration ◆ RSPAN Limitations The following limitations apply to the use of RSPAN on this switch: RSPAN Ports – Only ports can be configured as an RSPAN source, ■ destination, or uplink; static and dynamic trunks are not allowed. A port can only be configured as one type of RSPAN interface –...
Page 117
Chapter 4 | Interface Configuration Port Configuration Intermediate - Specifies this device as an intermediate switch, ■ transparently passing mirrored traffic from one or more sources to one or more destinations. Destination - Specifies this device as a switch configured with a ■...
Chapter 4 | Interface Configuration Port Configuration Showing Port or Trunk Use the Interface > Port/Trunk > Statistics or Chart page to display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as Statistics well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
Page 120
Chapter 4 | Interface Configuration Port Configuration (Continued) Table 6: Port Statistics Parameter Description Transmitted Broadcast The total number of packets that higher-level protocols requested be Packets transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent. Received Unknown Packets The number of packets received via the interface which were discarded because of an unknown or unsupported protocol.
Page 121
Chapter 4 | Interface Configuration Port Configuration (Continued) Table 6: Port Statistics Parameter Description Broadcast Packets The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Packets The total number of good packets received that were directed to this multicast address.
Chapter 4 | Interface Configuration Port Configuration Figure 43: Showing Port Statistics (Table) To show a chart of port statistics: Click Interface, Port, Chart. Select the statistics mode to display (Interface, Etherlike, RMON or All). If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list.
Chapter 4 | Interface Configuration Port Configuration Figure 44: Showing Port Statistics (Chart) Displaying Use the Interface > Port > Transceiver page to display identifying information, and operational for optical transceivers which support Digital Diagnostic Monitoring Transceiver Data (DDM). Parameters These parameters are displayed: ◆...
DDM. Parameters These parameters are displayed: ◆ Port – Port number. (GTL-2881: SFP+ ports 25-28; GTL-2882: SFP ports 1-28) ◆ General – Information on connector type and vendor-related parameters. – 124 –...
Page 125
Chapter 4 | Interface Configuration Port Configuration ◆ DDM Information – Information on temperature, supply voltage, laser bias current, laser power, and received optical power. The switch can display diagnostic information for SFP modules which support the SFF-8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers.
Chapter 4 | Interface Configuration Port Configuration will not be generated until the sampled value has risen above the low threshold and reaches the high threshold. Threshold events are triggered as described above to avoid a hysteresis ■ effect which would continuously trigger event messages if the power level were to fluctuate just above and below either the high threshold or the low threshold.
Page 127
Chapter 4 | Interface Configuration Port Configuration Command Usage ◆ Cable diagnostics are performed using Digital Signal Processing (DSP) test methods. DSP analyses the cable by sending a pulsed signal into the cable, and then examining the reflection of that pulse. ◆...
Chapter 4 | Interface Configuration Trunk Configuration Web Interface To test the cable attached to a port: Click Interface, Port, Cable Test. Click Test for any port to start the cable test. Figure 47: Performing Cable Tests Trunk Configuration This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link.
Chapter 4 | Interface Configuration Trunk Configuration Command Usage Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the web interface or CLI to specify the trunk on the devices at both ends.
Chapter 4 | Interface Configuration Trunk Configuration Command Usage ◆ When configuring static trunks, you may not be able to link switches of different types, depending on the vendor’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. ◆...
Chapter 4 | Interface Configuration Trunk Configuration To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list. Select a trunk identifier. Set the unit and port for an additional trunk member. Click Apply.
Chapter 4 | Interface Configuration Trunk Configuration To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 52: Showing Information for Static Trunks Configuring a Use the Interface > Trunk > Dynamic pages to set the administrative key for an Dynamic Trunk aggregation group, enable LACP on a port, configure protocol parameters for local and partner ports, or to set Ethernet connection parameters.
Page 133
Chapter 4 | Interface Configuration Trunk Configuration ◆ Ports are only allowed to join the same Link Aggregation Group (LAG) if (1) the LACP port system priority matches, (2) the LACP port admin key matches, and (3) the LAG admin key matches (if configured). However, if the LAG admin key is set, then the port admin key must be set to the same value for a port to be allowed to join that group.
Page 134
Chapter 4 | Interface Configuration Trunk Configuration When a dynamic port-channel is torn down, the configured timeout value will be retained. When the dynamic port-channel is constructed again, that timeout value will be used. Configure Aggregation Port - General ◆ Port –...
Chapter 4 | Interface Configuration Trunk Configuration Note: Configuring LACP settings for a port only applies to its administrative state, not its operational state, and will only take effect the next time an aggregate link is established with that port. Note: Configuring the port partner sets the remote side of an aggregate link;...
Chapter 4 | Interface Configuration Trunk Configuration Figure 55: Enabling LACP on a Port To configure LACP parameters for group members: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click Actor or Partner. Configure the required settings.
Chapter 4 | Interface Configuration Trunk Configuration Select a Trunk. Figure 57: Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Configure from the Action list. Modify the required interface settings.
Chapter 4 | Interface Configuration Trunk Configuration To show connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Show from the Action list. Figure 59: Showing Connection Parameters for Dynamic Trunks Displaying LACP Use the Interface >...
Chapter 4 | Interface Configuration Trunk Configuration Select a group member from the Port list. Figure 60: Displaying LACP Port Counters Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Settings and Status Information - Internal) page to display the configuration settings and operational state for the local side of a link aggregation.
Chapter 4 | Interface Configuration Trunk Configuration (Continued) Table 8: LACP Internal Configuration Information Parameter Description ◆ Aggregation – The system considers this link to be aggregatable; i.e., a potential candidate for aggregation. ◆ Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate.
Chapter 4 | Interface Configuration Trunk Configuration Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Information - Neighbors) page to display the configuration settings and Settings and Status operational state for the remote side of a link aggregation. for the Remote Side Parameters These parameters are displayed:...
Chapter 4 | Interface Configuration Trunk Configuration Figure 62: Displaying LACP Port Remote Information Configuring Use the Interface > Trunk > Load Balance page to set the load-distribution method Load Balancing used among ports in aggregated links. Command Usage ◆ This command applies to all static and dynamic trunks on the switch.
Chapter 4 | Interface Configuration Trunk Configuration Source and Destination MAC Address: All traffic with the same source ■ and destination MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is received from and destined for many different hosts.
Chapter 4 | Interface Configuration Saving Power Saving Power Use the Interface > Green Ethernet page to enable power savings mode on the selected port. Command Usage ◆ IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters. Enabling power saving mode can reduce power used for cable lengths of 60 meters or less, with more significant reduction for cables of 20 meters or less, and continue to ensure signal integrity.
Chapter 4 | Interface Configuration Saving Power ◆ Power Saving Status – Adjusts the power provided to ports based on the length of the cable used to connect to other devices. Only sufficient power is used to maintain connection requirements. (Default: Enabled on Gigabit Ethernet RJ-45 ports) Web Interface To enable power savings:...
Chapter 4 | Interface Configuration Traffic Segmentation Traffic Segmentation If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic for individual clients. Data traffic on downlink ports is only forwarded to, and from, uplink ports.
Chapter 4 | Interface Configuration Traffic Segmentation Figure 65: Enabling Traffic Segmentation Configuring Uplink Use the Interface > Traffic Segmentation (Configure Session) page to assign the downlink and uplink ports to use in the segmented group. Ports designated as and Downlink Ports downlink ports can not communicate with any other ports on the switch except for the uplink ports.
Chapter 4 | Interface Configuration Traffic Segmentation ◆ If a downlink port is not configured for the session, the assigned uplink ports will operate as normal ports. Parameters These parameters are displayed: ◆ Session ID – Traffic segmentation session. (Range: 1-4) ◆...
Chapter 4 | Interface Configuration VLAN Trunking To show the members of the traffic segmentation group: Click Interface, Traffic Segmentation. Select Configure Session from the Step list. Select Show from the Action list. Figure 67: Showing Traffic Segmentation Members VLAN Trunking Use the Interface >...
Page 150
Chapter 4 | Interface Configuration VLAN Trunking and E automatically allow frames with VLAN group tags 1 and 2 (groups that are unknown to those switches) to pass through their VLAN trunking ports. ◆ VLAN trunking is mutually exclusive with the “access” switchport mode (see “Adding Static Members to VLANs”...
VLAN Configuration This chapter includes the following topics: ◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs. ◆ IEEE 802.1Q Tunneling – Configures QinQ tunneling to maintain customer- specific VLAN and Layer 2 protocol configurations across a service provider network, even when different customers use the same internal VLAN IDs.
Page 154
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs groups (such as e-mail), or multicast groups (used for multimedia applications such as video conferencing). VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 70: VLAN Compliant and VLAN Non-compliant Devices tagged frames VA: VLAN Aware VU: VLAN Unaware tagged untagged frames frames VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs. Note: If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs”...
Page 157
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Parameters These parameters are displayed: ◆ VLAN ID – ID of VLAN or range of VLANs (1-4094). VLAN 1 is the default untagged VLAN. VLAN 4093 is dedicated for Switch Clustering. Configuring this VLAN for other purposes may cause problems in the Clustering operation.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Mark the Status field to configure the VLAN as operational. Specify whether the VLANs are to be used for remote port mirroring. Click Apply. Figure 72: Creating Static VLANs To modify the configuration settings for VLAN groups: Click VLAN, Static.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To show the configuration settings for VLAN groups: Click VLAN, Static. Select Show from the Action list. Figure 74: Showing Static VLANs Adding Static Use the VLAN > Static (Edit Member by VLAN, Edit Member by Interface, or Edit Members to VLANs Member by Interface Range) pages to configure port members for the selected VLAN index, interface, or a range of interfaces.
Page 160
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged ■ or untagged frames. 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a ■...
Page 161
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs None: Interface is not a member of the VLAN. Packets associated with this ■ VLAN will not be transmitted by the interface. Note: VLAN 1 is the default untagged VLAN containing all ports on the switch using Hybrid mode.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 75: Configuring Static Members by VLAN Index To configure static members by interface: Click VLAN, Static. Select Edit Member by Interface from the Action list. Select a port or trunk configure. Modify the settings for any interface as required.
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To configure static members by interface range: Click VLAN, Static. Select Edit Member by Interface Range from the Action list. Set the Interface type to display as Port or Trunk. Enter an interface range. Modify the VLAN parameters as required.
Page 164
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Configure Interface ◆ Interface – Displays a list of ports or trunks. ◆ Port – Port Identifier. (Range: 1-28) ◆ Trunk – Trunk Identifier. (Range: 1-16) ◆ GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect (using the Configure General page).
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Web Interface To configure GVRP on the switch: Click VLAN, Dynamic. Select Configure General from the Step list. Enable or disable GVRP. Click Apply. Figure 78: Configuring Global Status of GVRP To configure GVRP status and timers on a port or trunk: Click VLAN, Dynamic.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling To show the dynamic VLAN joined by this switch: Click VLAN, Dynamic. Select Show Dynamic VLAN from the Step list. Select Show VLAN from the Action list. Figure 80: Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN: Click VLAN, Dynamic.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling A service provider’s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported. VLAN ranges required by different customers in the same service-provider network might easily overlap, and traffic passing through the infrastructure might be mixed.
Page 168
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the incoming packet has, it is treated as tagged packet. The ingress process does source and destination lookups.
Page 169
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling If the ether-type of an incoming packet (single or double tagged) is not equal to the TPID of the uplink port, the VLAN tag is determined to be a Customer VLAN (CVLAN) tag. The uplink port’s PVID VLAN native tag is added to the packet.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ There are some inherent incompatibilities between Layer 2 and Layer 3 switching: Tunnel ports do not support IP Access Control Lists. ■ Layer 3 Quality of Service (QoS) and other QoS features containing Layer 3 ■...
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ Ethernet Type – The Tag Protocol Identifier (TPID) specifies the ethertype of incoming packets on a tunnel port. (Range: hexadecimal 0800-FFFF; Default: 8100) Use this field to set a custom 802.1Q ethertype value for the 802.1Q Tunnel TPID.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Creating Use the VLAN > Tunnel (Configure Service) page to create a CVLAN to SPVLAN mapping entry. CVLAN to SPVLAN Mapping Entries Command Usage ◆ The inner VLAN tag of a customer packet entering the edge router of a service provider’s network is mapped to an outer tag indicating the service provider VLAN that will carry this traffic across the 802.1Q tunnel.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Figure 84: Configuring CVLAN to SPVLAN Mapping Entries To show the mapping table: Click VLAN, Tunnel. Select Configure Service from the Step list. Select Show from the Action list. Select an interface from the Port list. Figure 85: Showing CVLAN to SPVLAN Mapping Entries The preceding example sets the SVID to 99 in the outer tag for egress packets exiting port 1 when the packet’s CVID is 2.
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling ◆ Then use the Configure Interface page to set the access interface on the edge switch to Access mode, and set the uplink interface on the switch attached to the service provider network to Uplink mode. Parameters These parameters are displayed: ◆...
Chapter 5 | VLAN Configuration Protocol VLANs Protocol VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Chapter 5 | VLAN Configuration Protocol VLANs Note: Traffic which matches IP Protocol Ethernet Frames is mapped to the VLAN (VLAN 1) that has been configured with the switch's administrative IP. IP Protocol Ethernet traffic must not be mapped to another VLAN or you will lose administrative network connectivity to the switch.
Chapter 5 | VLAN Configuration Protocol VLANs Figure 88: Displaying Protocol VLANs Mapping Protocol Use the VLAN > Protocol (Configure Interface - Add) page to map a protocol group to a VLAN for each interface that will participate in the group. Groups to Interfaces Command Usage ◆...
Chapter 5 | VLAN Configuration Protocol VLANs ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority) Web Interface To map a protocol group to a VLAN for a port or trunk: Click VLAN, Protocol.
Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs Figure 90: Showing the Interface to Protocol Group Mapping Configuring IP Subnet VLANs Use the VLAN > IP Subnet page to configure IP subnet-based VLANs. When using port-based classification, all untagged frames received by a port are classified as belonging to the VLAN whose VID (PVID) is associated with that port.
Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs ◆ VLAN – VLAN to which matching IP subnet traffic is forwarded. (Range: 1-4094) ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority; Default: 0) Web Interface To map an IP subnet to a VLAN: Click VLAN, IP Subnet.
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs Figure 92: Showing IP Subnet VLANs Configuring MAC-based VLANs Use the VLAN > MAC-Based page to configure VLAN based on MAC addresses. The MAC-based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC addresses.
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs So the mask in hexadecimal for this example could be: ff-fx-xx-xx-xx-xx/ff-c0-00-00-00-00/ff-e0-00-00-00-00 ◆ VLAN – VLAN to which ingress traffic matching the specified source MAC address is forwarded. (Range: 1-4094) ◆ Priority – The priority assigned to untagged ingress traffic. (Range: 0-7, where 7 is the highest priority;...
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring Figure 94: Showing MAC-Based VLANs Configuring VLAN Mirroring Use the VLAN > Mirror (Add) page to mirror traffic from one or more source VLANs to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source VLAN(s) in a completely unobtrusive manner.
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring Parameters These parameters are displayed: ◆ Source VLAN – A VLAN whose traffic will be monitored. (Range: 1-4094) ◆ Target Port – The destination port that receives the mirrored traffic from the source VLAN.
Chapter 5 | VLAN Configuration Configuring VLAN Translation Configuring VLAN Translation Use the VLAN > Translation (Add) page to map VLAN IDs between the customer and service provider for networks that do not support IEEE 802.1Q tunneling. Command Usage ◆ QinQ tunneling uses double tagging to preserve the customer’s VLAN tags on traffic crossing the service provider’s network.
Chapter 5 | VLAN Configuration Configuring VLAN Translation Web Interface To configure VLAN translation: Click VLAN, Translation. Select Add from the Action list. Select a port, and enter the original and new VLAN IDs. Click Apply. Figure 98: Configuring VLAN Translation To show the mapping entries for VLANs translation: Click VLAN, Translation.
Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Chapter 6 | Address Table Settings Configuring MAC Address Learning ◆ Also note that MAC address learning cannot be disabled if any of the following conditions exist: 802.1X Port Authentication has been globally enabled on the switch (see ■ “Configuring 802.1X Global Settings” on page 344).
Chapter 6 | Address Table Settings Setting Static Addresses Setting Static Addresses Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved.
Chapter 6 | Address Table Settings Setting Static Addresses Web Interface To configure a static MAC address: Click MAC Address, Static. Select Add from the Action list. Specify the VLAN, the port or trunk to which the address will be assigned, the MAC address, and the time to retain this entry.
Chapter 6 | Address Table Settings Changing the Aging Time Changing the Aging Time Use the MAC Address > Dynamic (Configure Aging) page to set the aging time for entries in the dynamic address table. The aging time is used to age out dynamically learned forwarding information.
Chapter 6 | Address Table Settings Displaying the Dynamic Address Table Parameters These parameters are displayed: ◆ Sort Key - You can sort the information displayed based on MAC address, VLAN or interface (port or trunk). ◆ MAC Address – Physical address associated with this interface. ◆...
Chapter 6 | Address Table Settings Clearing the Dynamic Address Table Clearing the Dynamic Address Table Use the MAC Address > Dynamic (Clear Dynamic MAC) page to remove any learned entries from the forwarding database. Parameters These parameters are displayed: ◆...
Chapter 6 | Address Table Settings Configuring MAC Address Mirroring Configuring MAC Address Mirroring Use the MAC Address > Mirror (Add) page to mirror traffic matching a specified source address from any port on the switch to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
Chapter 6 | Address Table Settings Issuing MAC Address Traps Figure 106: Mirroring Packets Based on the Source MAC Address To show the MAC addresses to be mirrored: Click MAC Address, Mirror. Select Show from the Action list. Figure 107: Showing the Source MAC Addresses to Mirror Issuing MAC Address Traps Use the MAC Address >...
Chapter 6 | Address Table Settings Issuing MAC Address Traps MAC authentication traps must be enabled at the global level for this attribute to take effect. Web Interface To enable MAC address traps at the global level: Click MAC Address, MAC Notification. Select Configure Global from the Step list.
Spanning Tree Algorithm This chapter describes the following basic topics: ◆ Loopback Detection – Configures detection and response to loopback BPDUs. ◆ Global Settings for STA – Configures global bridge settings for STP, RSTP and MSTP. ◆ Interface Settings for STA –...
Chapter 7 | Spanning Tree Algorithm Overview Figure 110: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest – see “Configuring Multiple Spanning Trees” on page 214).
Page 200
Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection Note: Loopback detection will not be active if Spanning Tree is disabled on the switch. Note: When configured for manual release mode, then a link down/up event will not release the port from the discarding state. Parameters These parameters are displayed: ◆...
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Figure 113: Configuring Port Loopback Detection Configuring Global Settings for STA Use the Spanning Tree > STA (Configure Global - Configure) page to configure global settings for the spanning tree that apply to the entire switch. Command Usage ◆...
Page 202
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance. To allow multiple spanning trees to operate over the network, you must ■...
Page 203
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA ◆ Cisco Prestandard Status – Configures spanning tree operation to be compatible with Cisco prestandard versions. (Default: Disabled) Cisco prestandard versions prior to Cisco IOS Release 12.2(25)SEC do not fully follow the IEEE standard, causing some state machine procedures to function incorrectly.
Page 204
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. Default: 15 ■...
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Click Apply Figure 114: Configuring Global Settings for STA (STP) Figure 115: Configuring Global Settings for STA (RSTP) – 205 –...
Chapter 7 | Spanning Tree Algorithm Displaying Global Settings for STA Figure 116: Configuring Global Settings for STA (MSTP) Displaying Global Settings for STA Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch. Parameters The parameters displayed are described in the preceding section, except for the following items:...
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA root port, then this switch has been accepted as the root device of the Spanning Tree network. ◆ Root Path Cost – The path cost from the root port on this switch to the root device.
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Parameters These parameters are displayed: ◆ Interface – Displays a list of ports or trunks. ◆ Spanning Tree – Enables/disables STA on this interface. (Default: Enabled) ◆ BPDU Flooding - Enables/disables the flooding of BPDUs to other ports when global spanning tree is disabled (page 201) or when spanning tree is disabled...
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Table 12: Default STA Path Costs Port Type Short Path Cost Long Path Cost (IEEE 802.1D-1998) (IEEE 802.1D-2004) Ethernet 65,535 1,000,000 Fast Ethernet 65,535 100,000 Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000...
Page 210
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA not cause the spanning tree to initiate reconfiguration when the interface changes state, and also overcomes other STA-related timeout problems. However, remember that Edge Port should only be enabled for ports connected to an end-node device.
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA ◆ BPDU Filter – BPDU filtering allows you to avoid transmitting BPDUs on configured edge ports that are connected to end nodes. By default, STA sends BPDUs to all ports regardless of whether administrative edge is enabled on a port.
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA Displaying Interface Settings for STA Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. Parameters These parameters are displayed: ◆...
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA ◆ Oper Path Cost – The contribution of this port to the path cost of paths towards the spanning tree root which include this port. ◆ Oper Link Type – The operational point-to-point status of the LAN segment attached to this interface.
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Web Interface To display interface settings for STA: Click Spanning Tree, STA. Select Configure Interface from the Step list. Select Show Information from the Action list. Figure 121: Displaying Interface Settings for STA Configuring Multiple Spanning Trees Use the Spanning Tree >...
Page 215
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Enter the spanning tree priority for the selected MST instance on the Spanning Tree > MSTP (Configure Global - Add) page. Add the VLANs that will share this MSTI on the Spanning Tree > MSTP (Configure Global - Add Member) page.
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Figure 122: Creating an MST Instance To show the MSTP instances: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Show from the Action list. Figure 123: Displaying MST Instances –...
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To modify the priority for an MST instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Modify from the Action list. Modify the priority for an MSTP Instance. Click Apply.
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add Member from the Action list. Select an MST instance from the MST ID list. Enter the VLAN group to add to the instance in the VLAN ID field.
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Configuring Interface Settings for MSTP Use the Spanning Tree > MSTP (Configure Interface - Configure) page to configure the STA interface settings for an MST instance. Parameters These parameters are displayed: ◆...
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Web Interface To configure MSTP parameters for a port or trunk: Click Spanning Tree, MSTP. Select Configure Interface from the Step list. Select Configure from the Action list. Enter the priority and path cost for an interface Click Apply.
Congestion Control The switch can set the maximum upload or download data transfer rate for any port. It can also control traffic storms by setting a maximum threshold for broadcast traffic or multicast traffic. It can also set bounding thresholds for broadcast and multicast storms which can be used to automatically trigger rate limits or to shut down a port.
Chapter 8 | Congestion Control Storm Control Web Interface To configure rate limits: Click Traffic, Rate Limit. Set the interface type to Port or Trunk. Enable the Rate Limit Status for the required interface. Set the rate limit for required interfaces. Click Apply.
Page 223
Chapter 8 | Congestion Control Storm Control control responses. However, only one of these control types can be applied to a port. Enabling hardware-level storm control on a port will disable automatic storm control on that port. ◆ Rate limits set by the storm control function are also used by automatic storm control when the control response is set to rate control on the Auto Traffic Control (Configure Interface) page.
Chapter 8 | Congestion Control Automatic Traffic Control Figure 131: Configuring Storm Control Automatic Traffic Control Use the Traffic > Auto Traffic Control pages to configure bounding thresholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port.
Chapter 8 | Congestion Control Automatic Traffic Control ◆ Alarm Clear Threshold – The lower threshold beneath which a control response can be automatically terminated after the release timer expires. When ingress traffic falls below this threshold, ATC sends a Storm Alarm Clear Trap and logs it. ◆...
Chapter 8 | Congestion Control Automatic Traffic Control be triggered (as configured under the Action field) or a trap message sent (as configured under the Trap Storm Fire field). ◆ The release timer only applies to a Rate Control response set in the Action field of the ATC (Interface Configuration) page.
Chapter 8 | Congestion Control Automatic Traffic Control Configuring ATC Use the Traffic > Auto Traffic Control (Configure Interface) page to set the storm control mode (broadcast or multicast), the traffic thresholds, the control response, Thresholds and to automatically release a response of rate limiting, or to send related SNMP trap Responses messages.
Page 228
Chapter 8 | Congestion Control Automatic Traffic Control ◆ Alarm Clear Threshold – The lower threshold for ingress traffic beneath which a control response for rate limiting will be released after the Release Timer expires, if so configured by the Auto Release Control attribute. (Range: 1-255 kilo-packets per second;...
Class of Service Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high- priority queue will be transmitted before those in the lower-priority queues.
Chapter 9 | Class of Service Layer 2 Queue Settings ◆ If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission. Parameters These parameters are displayed: ◆ Interface –...
Page 233
Chapter 9 | Class of Service Layer 2 Queue Settings the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur with strict priority queuing. ◆ If Strict and WRR mode is selected, a combination of strict service is used for the high priority queues and weighted service for the remaining queues.
Chapter 9 | Class of Service Layer 2 Queue Settings Web Interface To configure the queue mode: Click Traffic, Priority, Queue. Set the queue mode. If the weighted queue mode is selected, the queue weight can be modified if required. If the queue mode that uses a combination of strict and weighted queueing is selected, the queues which are serviced first must be specified by enabling strict mode parameter in the table.
Chapter 9 | Class of Service Layer 2 Queue Settings Figure 139: Setting the Queue Mode (Strict and WRR) Mapping CoS Values Use the Traffic > Priority > PHB to Queue page to specify the hardware output to Egress Queues queues to use based on the internal per-hop behavior value.
Chapter 9 | Class of Service Layer 2 Queue Settings The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in Table 14. However, priority levels can be mapped to the switch’s output queues in any way that benefits application traffic for the network. Table 14: CoS Priority Levels Priority Level Traffic Type...
Chapter 9 | Class of Service Layer 2 Queue Settings Select a port. Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes.
Chapter 9 | Class of Service Layer 3/4 Priority Settings Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.
Chapter 9 | Class of Service Layer 3/4 Priority Settings Parameters These parameters are displayed: ◆ Port – Port identifier. (Range: 1-28) ◆ Trust Mode CoS – Maps layer 3/4 priorities using Class of Service values. (This is the ■ default setting.) DSCP –...
Chapter 9 | Class of Service Layer 3/4 Priority Settings DSCP mutation map will not be accepted by the switch, unless the trust mode has been set to DSCP. ◆ Two QoS domains can have different DSCP definitions, so the DSCP-to-PHB/ Drop Precedence mutation map can be used to modify one set of DSCP values to match the definition of another domain.
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map DSCP values to internal PHB/drop precedence: Click Traffic, Priority, DSCP to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any DSCP value. Click Apply.
Chapter 9 | Class of Service Layer 3/4 Priority Settings Mapping Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in incoming packets to per-hop behavior and drop precedence values for priority processing. CoS Priorities to Internal DSCP Values Command Usage ◆...
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map CoS/CFI values to internal PHB/drop precedence: Click Traffic, Priority, CoS to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any of the CoS/CFI combinations. Click Apply.
Chapter 9 | Class of Service Layer 3/4 Priority Settings To show the CoS/CFI to internal PHB/drop precedence map: Click Traffic, Priority, CoS to DSCP. Select Show from the Action list. Select a port. Figure 146: Showing CoS to DSCP Internal Mapping –...
Quality of Service This chapter describes the following tasks required to apply QoS policies: ◆ Class Map – Creates a map which identifies a specific class of traffic. ◆ Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic.
Chapter 10 | Quality of Service Configuring a Class Map Command Usage To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic.
Page 247
Chapter 10 | Quality of Service Configuring a Class Map Match Any – Match any condition within a class map. ■ ◆ Description – A brief description of a class map. (Range: 1-64 characters) Add Rule ◆ Class Name – Name of the class map. ◆...
Chapter 10 | Quality of Service Configuring a Class Map Figure 147: Configuring a Class Map To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 148: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.
Chapter 10 | Quality of Service Configuring a Class Map Figure 149: Adding Rules to a Class Map To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 150: Showing the Rules for a Class Map –...
Chapter 10 | Quality of Service Creating QoS Policies Creating QoS Policies Use the Traffic > DiffServ (Configure Policy) page to create a policy map that can be attached to multiple interfaces. A policy map is used to group one or more class map statements (page 246), modify service tagging, and enforce bandwidth...
Page 251
Chapter 10 | Quality of Service Creating QoS Policies ◆ The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.
Page 252
Chapter 10 | Quality of Service Creating QoS Policies (BP). Action may taken for traffic conforming to the maximum throughput, exceeding the maximum throughput, or exceeding the peak burst size. ◆ The PHB label is composed of five bits, three bits for per-hop behavior, and two bits for the color scheme used to control queue congestion.
Page 253
Chapter 10 | Quality of Service Creating QoS Policies Command Usage ◆ A policy map can contain 512 class statements that can be applied to the same interface (page 259). Up to 32 policy maps can be configured for ingress ports. ◆...
Page 254
Chapter 10 | Quality of Service Creating QoS Policies Flow (Police Flow) – Defines the committed information rate (CIR, or ■ maximum throughput), committed burst size (BC, or burst rate), and the action to take for conforming and non-conforming traffic. Policing is based on a token bucket, where bucket depth (that is, the maximum burst before the bucket overflows) is specified by the “burst”...
Page 255
Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Committed burst in bytes. ■ (Range: 64-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Excess Burst Size (BE) – Burst in excess of committed burst size. ■...
Page 256
Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Committed burst in bytes. ■ (Range: 64-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Peak Information Rate (PIR) – Rate in kilobits per second. ■...
Chapter 10 | Quality of Service Creating QoS Policies Web Interface To configure a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add from the Action list. Enter a policy name. Enter a description. Click Add. Figure 151: Configuring a Policy Map To show the configured policy maps: Click Traffic, DiffServ.
Chapter 10 | Quality of Service Creating QoS Policies To edit the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add Rule from the Action list. Select the name of a policy map. Set the CoS or per-hop behavior for matching packets to specify the quality of service to be assigned to the matching traffic class.
Chapter 10 | Quality of Service Attaching a Policy Map to a Port To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 154: Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic >...
Chapter 10 | Quality of Service Attaching a Policy Map to a Port Check the box under the Ingress or Egress field to enable a policy map for a port. Select a policy map from the scroll-down box. Click Apply. Figure 155: Attaching a Policy Map to a Port –...
VoIP Traffic Configuration This chapter covers the following topics: ◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the aging time for attached ports. ◆ Telephony OUI List – Configures the list of phones to be treated as VOIP devices based on the specified Organization Unit Identifier (OUI).
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Configuring VoIP Traffic Use the Traffic > VoIP (Configure Global) page to configure the switch for VoIP traffic. First enable automatic detection of VoIP devices attached to the switch ports, then set the Voice VLAN ID for the network. The Voice VLAN aging time can also be set to remove a port from the Voice VLAN when VoIP traffic is no longer received on the port.
Chapter 11 | VoIP Traffic Configuration Configuring Telephony OUI Figure 156: Configuring a Voice VLAN Configuring Telephony OUI VoIP devices attached to the switch can be identified by the vendor’s Organizational Unique Identifier (OUI) in the source MAC address of received packets.
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Enter a description for the devices. Click Apply. Figure 157: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: Click Traffic, VoIP. Select Configure OUI from the Step list. Select Show from the Action list.
Page 265
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Parameters These parameters are displayed: ◆ Mode – Specifies if the port will be added to the Voice VLAN when VoIP traffic is detected. (Default: None) None – The Voice VLAN feature is disabled on the port. The port will not ■...
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports When VoIP Mode is set to Auto, the Remaining Age will be displayed. Otherwise, if the VoIP Mode is Disabled or set to Manual, the remaining age will display “NA. ” Web Interface To configure VoIP traffic settings for a port: Click Traffic, VoIP.
Security Measures You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports. This switch provides secure network management access using the following options: ◆...
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure AAA on the switch, you need to follow this general process: Configure RADIUS and TACACS+ server access parameters. See “Configuring Local/Remote Logon Authentication” on page 269. Define RADIUS and TACACS+ server groups to support the accounting and authorization of services.
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) TACACS – User authentication is performed using a TACACS+ server only. ■ [authentication sequence] – User authentication is performed by up to ■ three authentication methods in the indicated sequence. Web Interface To configure the method(s) of controlling management access: Click Security, AAA, System Authentication.
Page 271
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. Command Usage ◆ If a remote authentication server is used, you must specify the message exchange parameters for the remote authentication protocol.
Page 272
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Authentication Key – Encryption key used to authenticate logon access ■ for client. Enclose any string containing blank spaces in double quotes. (Maximum length: 48 characters) Confirm Authentication Key – Re-type the string entered in the previous ■...
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Web Interface To configure the parameters for RADIUS or TACACS+ authentication: Click Security, AAA, Server. Select Configure Server from the Step list. Select RADIUS or TACACS+ server type. Select Global to specify the parameters that apply globally to all specified servers, or select a specific Server Index to specify the parameters that apply to a specific server.
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 163: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Add from the Action list.
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 165: Showing AAA Server Groups Configuring Use the Security >...
Page 276
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Exec – Administrative accounting for local console, Telnet, or SSH ■ connections. ◆ Privilege Level – The CLI privilege levels (0-15). This parameter only applies to Command accounting. ◆ Method Name – Specifies an accounting method for service requests. The “default”...
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) VTY Method Name – Specifies a user defined method name to apply to ■ Telnet and SSH connections. Show Information – Summary ◆ Accounting Type - Displays the accounting service. ◆...
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure the accounting method applied to various service types and the assigned server group: Click Security, AAA, Accounting. Select Configure Method from the Step list. Select Add from the Action list. Select the accounting type (802.1X, Command, Exec).
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 168: Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces, console commands entered at specific privilege levels, and local console, Telnet, or SSH connections: Click Security, AAA, Accounting. Select Configure Service from the Step list.
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 170: Configuring AAA Accounting Service for Command Service Figure 171: Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types: Click Security, AAA, Accounting.
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 172: Displaying a Summary of Applied AAA Accounting Methods To display basic accounting information and statistics recorded for user sessions: Click Security, AAA, Accounting. Select Show Information from the Step list. Click Statistics.
Page 282
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Parameters These parameters are displayed: Configure Method ◆ Authorization Type – Specifies the service as Exec, indicating administrative authorization for local console, Telnet, or SSH connections. ◆ Method Name – Specifies an authorization method for service requests. The “default”...
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Specify the name of the authorization method and server group name. Click Apply. Figure 174: Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group: Click Security, AAA, Authorization.
Chapter 12 | Security Measures Configuring User Accounts Figure 176: Configuring AAA Authorization Methods for Exec Service To display a the configured authorization method and assigned server groups for The Exec service type: Click Security, AAA, Authorization. Select Show Information from the Step list. Figure 177: Displaying the Applied AAA Authorization Method Configuring User Accounts Use the Security >...
Page 285
Chapter 12 | Security Measures Configuring User Accounts ◆ Access Level – Specifies command access privileges. (Range: 0-15) Level 0, 8 and 15 are designed for users (guest), managers (network maintenance), and administrators (top-level access). The other levels can be used to configured specialized access profiles.
Chapter 12 | Security Measures Web Authentication Specify a user name, select the user's access level, then enter a password if required and confirm it. Click Apply. Figure 178: Configuring User Accounts To show user accounts: Click Security, User Accounts. Select Show from the Action list.
Chapter 12 | Security Measures Web Authentication Note: RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See “Configuring Local/Remote Logon Authentication” on page 269.) Note: Web authentication cannot be configured on trunk ports. Configuring Use the Security >...
Chapter 12 | Security Measures Web Authentication Figure 180: Configuring Global Settings for Web Authentication Configuring Use the Security > Web Authentication (Configure Interface) page to enable web Interface Settings for authentication on a port, and display information for any connected hosts. Web Authentication Parameters These parameters are displayed:...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 181: Configuring Interface Settings for Web Authentication Network Access (MAC Address Authentication) Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations. This is often true for devices such as network printers, IP phones, and some wireless access points.
Chapter 12 | Security Measures Network Access (MAC Address Authentication) maximum number of secure MAC addresses supported for the switch system is 1024. ◆ Configured static MAC addresses are added to the secure address table when seen on a switch port. Static addresses are treated as authenticated without sending a request to a RADIUS server.
Chapter 12 | Security Measures Network Access (MAC Address Authentication) For example, if the attribute is “service-policy-in=p1;service-policy-in=p2”, then the switch applies only the DiffServ profile “p1. ” ◆ Any unsupported profiles in the Filter-ID attribute are ignored. For example, if the attribute is “map-ip-dscp=2:3;service-policy-in=p1, ” then the switch ignores the “map-ip-dscp”...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Authenticated MAC addresses are stored as dynamic entries in the switch’s secure MAC address table and are removed when the aging time expires. The maximum number of secure MAC addresses supported for the switch system is 1024.
Page 293
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Intrusion – Sets the port response to a host MAC authentication failure to ■ either block access to the port or to pass traffic through. (Options: Block, Pass; Default: Block) Max MAC Count –...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) ◆ MAC Filter ID – Allows a MAC Filter to be assigned to the port. MAC addresses or MAC address ranges present in a selected MAC Filter are exempt from authentication on the specified port (as described under "Configuring a MAC Address...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Link up and down – All link up and link down events will trigger the port ■ action. ◆ Action – The switch can respond in three ways to a link up or down trigger event.
Chapter 12 | Security Measures Network Access (MAC Address Authentication) ◆ There is no limitation on the number of entries used in a filter table. Parameters These parameters are displayed: ◆ Filter ID – Adds a filter rule for the specified filter. (Range: 1-64) ◆...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 186: Showing the MAC Address Filter Table for Network Access Displaying Secure Use the Security > Network Access (Show Information) page to display the authenticated MAC addresses stored in the secure MAC address table. Information MAC Address on the secure MAC entries can be displayed and selected entries can be removed Information...
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Web Interface To display the authenticated MAC addresses stored in the secure MAC address table: Click Security, Network Access. Select Show Information from the Step list. Use the sort key to display addresses based MAC address, interface, or attribute. Restrict the displayed addresses by entering a specific address in the MAC Address field, specifying a port in the Interface field, or setting the address type to static or dynamic in the Attribute field.
Chapter 12 | Security Measures Configuring HTTPS Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Configuring Global Use the Security >...
Chapter 12 | Security Measures Configuring HTTPS Parameters These parameters are displayed: ◆ HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) ◆ HTTPS Port – Specifies the TCP port number used for HTTPS connection to the switch’s web interface.
Page 301
Chapter 12 | Security Measures Configuring HTTPS When you have obtained these, place them on your TFTP server and transfer them to the switch to replace the default (unrecognized) certificate with an authorized one. Note: The switch must be reset for the new certificate to be activated. To reset the switch, see “Resetting the System”...
Chapter 12 | Security Measures Configuring the Secure Shell Figure 189: Downloading the Secure-Site Certificate Configuring the Secure Shell The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments.
Page 303
Chapter 12 | Security Measures Configuring the Secure Shell To use the SSH server, complete these steps: Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Chapter 12 | Security Measures Configuring the Secure Shell Public Key Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it.
Chapter 12 | Security Measures Configuring the Secure Shell Parameters These parameters are displayed: ◆ SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) ◆ Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Chapter 12 | Security Measures Configuring the Secure Shell Generating the Use the Security > SSH (Configure Host Key - Generate) page to generate a host public/private key pair used to provide secure communications between an SSH Host Key Pair client and the switch.
Chapter 12 | Security Measures Configuring the Secure Shell To display or clear the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Show from the Action list. Select the option to save the host key from memory to flash by clicking Save, or select the host-key type to clear and click Clear.
Chapter 12 | Security Measures Configuring the Secure Shell The switch uses only RSA Version 1 for SSHv1.5 clients and DSA Version 2 for SSHv2 clients. ◆ TFTP Server IP Address – The IP address of the TFTP server that contains the public key file you wish to import.
Chapter 12 | Security Measures Access Control Lists Figure 194: Showing the SSH User’s Public Key Access Control Lists Access Control Lists (ACL) provide packet filtering for IPv4/IPv6 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, DSCP traffic class, or next header type), or any frames (based on MAC address or Ethernet type).
Chapter 12 | Security Measures Access Control Lists possible depends on too many factors to be precisely determined. It depends on the amount of hardware resources reserved at runtime for this purpose. Auto ACE Compression is a software feature used to compress all the ACEs of an ACL to utilize hardware resources more efficiency.
Chapter 12 | Security Measures Access Control Lists Parameters These parameters are displayed: ◆ Time-Range Name – Name of a time range. (Range: 1-16 characters) Add Rule ◆ Time-Range – Name of a time range. ◆ Mode Absolute – Specifies a specific time or time range. ■...
Chapter 12 | Security Measures Access Control Lists Select Show from the Action list. Figure 196: Showing a List of Time Ranges To configure a rule for a time range: Click Security, ACL. Select Configure Time Range from the Step list. Select Add Rule from the Action list.
Chapter 12 | Security Measures Access Control Lists Select Show Rule from the Action list. Figure 198: Showing the Rules Configured for a Time Range Showing Use the Security > ACL (Configure ACL - Show TCAM) page to show utilization TCAM Utilization parameters for TCAM (Ternary Content Addressable Memory), including the number policy control entries in use, the number of free entries, and the overall...
Chapter 12 | Security Measures Access Control Lists Web Interface To show information on TCAM utilization: Click Security, ACL. Select Configure ACL from the Step list. Select Show TCAM from the Action list. Figure 199: Showing TCAM Utilization Setting the Use the Security >...
Chapter 12 | Security Measures Access Control Lists Web Interface To configure the name and type of an ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add from the Action list. Fill in the ACL Name field, and select the ACL type. Click Apply.
Chapter 12 | Security Measures Access Control Lists Configuring a Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to configure a Standard IPv4 ACL. Standard IPv4 ACL Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...
Chapter 12 | Security Measures Access Control Lists Figure 202: Configuring a Standard IPv4 ACL Configuring an Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to configure an Extended IPv4 ACL. Extended IPv4 ACL Parameters These parameters are displayed: ◆...
Page 318
Chapter 12 | Security Measures Access Control Lists ◆ Service Type – Packet priority settings based on the following criteria: Precedence – IP precedence level. (Range: 0-7) ■ ■ DSCP – DSCP priority level. (Range: 0-63) ◆ Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header.
Chapter 12 | Security Measures Access Control Lists If you select “Host, ” enter a specific address. If you select “IP, ” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or control code.
Chapter 12 | Security Measures Access Control Lists the address to indicate the appropriate number of zeros required to fill the undefined fields. ◆ Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address).
Chapter 12 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page to configure an Extended IPv6 ACL. Extended IPv6 ACL Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...
Chapter 12 | Security Measures Access Control Lists ◆ Time Range – Name of a time range. Web Interface To add rules to an Extended IPv6 ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select IPv6 Extended from the Type list.
Chapter 12 | Security Measures Access Control Lists Configuring a Use the Security > ACL (Configure ACL - Add Rule - MAC) page to configure a MAC ACL based on hardware addresses, packet format, and Ethernet type. MAC ACL Parameters These parameters are displayed: ◆...
Chapter 12 | Security Measures Access Control Lists Web Interface To add rules to a MAC ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select MAC from the Type list. Select the name of an ACL from the Name list.
Chapter 12 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - ARP) page to configure ACLs based on ARP message addresses. ARP Inspection can then use these ACLs to filter ARP ACL suspicious traffic (see “Configuring Global Settings for ARP Inspection”...
Chapter 12 | Security Measures Access Control Lists Select the name of an ACL from the Name list. Specify the action (i.e., Permit or Deny). Select the packet type (Request, Response, All). Select the address type (Any, Host, or IP). If you select “Host, ”...
Chapter 12 | Security Measures Access Control Lists ◆ Counter – Enables counter for ACL statistics. Web Interface To bind an ACL to a port: Click Security, ACL. Select Configure Interface from the Step list. Select Configure from the Action list. Select IP, MAC or IPv6 from the Type options.
Chapter 12 | Security Measures Access Control Lists Command Usage ACL-based mirroring is only used for ingress traffic. To mirror an ACL, follow these steps: Create an ACL as described in the preceding sections. Add one or more mirrored ports to ACL as described under “Binding a Port to an Access Control List”...
Chapter 12 | Security Measures Access Control Lists Select a port. Figure 210: Showing the VLANs to Mirror Showing ACL Use the Security > ACL > Configure Interface (Show Hardware Counters) page to Hardware Counters show statistics for ACL hardware counters. Parameters These parameters are displayed: ◆...
Chapter 12 | Security Measures ARP Inspection Select a port. Select ingress or egress traffic. Figure 211: Showing ACL Statistics ARP Inspection ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the- middle”...
Chapter 12 | Security Measures ARP Inspection When ARP Inspection is enabled globally, all ARP request and reply packets ■ on inspection-enabled VLANs are redirected to the CPU and their switching behavior handled by the ARP Inspection engine. If ARP Inspection is disabled globally, then it becomes inactive for all ■...
Page 332
Chapter 12 | Security Measures ARP Inspection ARP Inspection Logging ◆ By default, logging is active for ARP Inspection, and cannot be disabled. ◆ The administrator can configure the log facility rate. ◆ When the switch drops a packet, it places an entry in the log buffer, then generates a system message on a rate-controlled basis.
Chapter 12 | Security Measures ARP Inspection Web Interface To configure global settings for ARP Inspection: Click Security, ARP Inspection. Select Configure General from the Step list. Enable ARP inspection globally, enable any of the address validation options, and adjust any of the logging parameters if required. Click Apply.
Chapter 12 | Security Measures ARP Inspection ◆ If Static is not specified, ARP packets are first validated against the selected ACL; if no ACL rules match the packets, then the DHCP snooping bindings database determines their validity. Parameters These parameters are displayed: ◆...
Chapter 12 | Security Measures ARP Inspection Configuring Use the Security > ARP Inspection (Configure Interface) page to specify the ports that require ARP inspection, and to adjust the packet inspection rate. Interface Settings for ARP Inspection Parameters These parameters are displayed: ◆...
Chapter 12 | Security Measures ARP Inspection Displaying Use the Security > ARP Inspection (Show Information - Show Statistics) page to display statistics about the number of ARP packets processed, or dropped for ARP Inspection various reasons. Statistics Parameters These parameters are displayed: Table 20: ARP Inspection Statistics Parameter Description...
Chapter 12 | Security Measures ARP Inspection Figure 215: Displaying Statistics for ARP Inspection Displaying the Use the Security > ARP Inspection (Show Information - Show Log) page to show ARP Inspection Log information about entries stored in the log, including the associated VLAN, port, and address components.
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Figure 216: Displaying the ARP Inspection Log Filtering IP Addresses for Management Access Use the Security > IP Filter page to create a list of up to 15 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet.
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Telnet – Configures IP address(es) for the Telnet group. ■ All – Configures IP address(es) for all groups. ■ ◆ Start IP Address – A single IP address, or the starting address of a range. ◆...
Chapter 12 | Security Measures Configuring Port Security To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 218: Showing IP Addresses Authorized for Management Access Configuring Port Security Use the Security >...
Page 341
Chapter 12 | Security Measures Configuring Port Security ◆ When the port security state is changed from enabled to disabled, all dynamically learned entries are cleared from the address table. ◆ If port security is enabled, and the maximum number of allowed addresses are set to a non-zero value, any device not in the address table that attempts to use the port will be prevented from accessing the switch.
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Current MAC Count – The number of MAC addresses currently associated with this interface. ◆ MAC Filter – Shows if MAC address filtering has been set under Security > Network Access (Configure MAC Filter) as described on page 295.
Chapter 12 | Security Measures Configuring 802.1X Port Authentication This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights. When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., Authenticator) responds with an EAPOL identity request.
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) ◆ The RADIUS server and client also have to support the same EAP authentication type –...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Default – Sets all configurable 802.1X global and port settings to their default values. Web Interface To configure global settings for 802.1X: Click Security, Port Authentication. Select Configure Global from the Step list. Enable 802.1X globally for the switch, and configure EAPOL Pass Through if required.
Page 346
Chapter 12 | Security Measures Configuring 802.1X Port Authentication parameters for those ports which must authenticate clients through the remote authenticator (see “Configuring Port Supplicant Settings for 802.1X” on page 350). ◆ This switch can be configured to serve as the authenticator on selected ports by setting the Control Mode to Auto on this configuration page, and as a supplicant on other ports by the setting the control mode to Force-Authorized on this page and enabling the PAE supplicant on the Supplicant configuration...
Page 347
Chapter 12 | Security Measures Configuring 802.1X Port Authentication In this mode, each host connected to a port needs to pass authentication. The number of hosts allowed access to a port operating in this mode is limited only by the available space in the secure address table (i.e., up to 1024 addresses).
Page 348
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Intrusion Action – Sets the port’s response to a failed authentication. Block Traffic – Blocks all non-EAP traffic on the port. (This is the default ■ setting.) Guest VLAN – All traffic for the port is assigned to a guest VLAN. The guest ■...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Web Interface To configure port authenticator settings for 802.1X: Click Security, Port Authentication. Select Configure Interface from the Step list. Click Authenticator. Modify the authentication settings for each port as required. Click Apply Figure 222: Configuring Interface Settings for 802.1X Port Authenticator –...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Configuring Use the Security > Port Authentication (Configure Interface – Supplicant) page to configure 802.1X port settings for supplicant requests issued from a port to an Port Supplicant authenticator on another device. When 802.1X is enabled and the control mode is Settings for 802.1X set to Force-Authorized (see “Configuring Port Authenticator Settings for 802.1X”...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Maximum Start – The maximum number of times that a port supplicant will send an EAP start frame to the client before assuming that the client is 802.1X unaware. (Range: 1-65535; Default: 3) ◆...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Displaying Use the Security > Port Authentication (Show Statistics) page to display statistics for dot1x protocol exchanges for any port. 802.1X Statistics Parameters These parameters are displayed: Table 22: 802.1X Statistics Parameter Description Authenticator...
Chapter 12 | Security Measures Configuring 802.1X Port Authentication (Continued) Table 22: 802.1X Statistics Parameter Description Rx EAP LenError The number of EAPOL frames that have been received by this Supplicant in which the Packet Body Length field is invalid. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Supplicant.
Chapter 12 | Security Measures DoS Protection To display port supplicant statistics for 802.1X: Click Security, Port Authentication. Select Show Statistics from the Step list. Click Supplicant. Figure 225: Showing Statistics for 802.1X Port Supplicant DoS Protection Use the Security > DoS Protection page to protect against denial-of-service (DoS) attacks.
Page 355
Chapter 12 | Security Measures DoS Protection ◆ Smurf Attack – Attacks in which a perpetrator generates a large amount of spoofed ICMP Echo Request traffic to the broadcast destination IP address (255.255.255.255), all of which uses a spoofed source address of the intended victim.
Chapter 12 | Security Measures DoS Protection ◆ UDP Flooding Attack Rate – Maximum allowed rate. (Range: 64-2000 kbits/ second; Default: 1000 kbits/second) ◆ WinNuke Attack – Attacks in which affected the Microsoft Windows 3.1x/95/ NT operating systems. In this type of attack, the perpetrator sends the string of OOB out-of-band (OOB) packets contained a TCP URG flag to the target computer on TCP port 139 (NetBIOS), casing it to lock up and display a “Blue Screen of Death.
Chapter 12 | Security Measures IPv4 Source Guard IPv4 Source Guard IPv4 Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping”...
Page 358
Chapter 12 | Security Measures IPv4 Source Guard If DHCP snooping is enabled, IP source guard will check the VLAN ID, source ■ IP address, port number, and source MAC address (for the SIP-MAC option). If a matching entry is found in the binding table and the entry type is static IP source guard binding, or dynamic DHCP snooping binding, the packet will be forwarded.
Chapter 12 | Security Measures IPv4 Source Guard Figure 227: Setting the Filter Type for IPv4 Source Guard Configuring Use the Security > IP Source Guard > Static Binding (Configure ACL Table and Configure MAC Table) pages to bind a static address to a port. Table entries include Static Bindings a MAC address, IP address, lease time, entry type (Static, Dynamic), VLAN identifier, for IPv4 Source Guard...
Page 360
Chapter 12 | Security Measures IPv4 Source Guard A valid static IP source guard entry will be added to the binding table in ■ MAC mode if one of the following conditions are true: If there is no binding entry with the same IP address and MAC address, ■...
Chapter 12 | Security Measures IPv4 Source Guard Web Interface To configure static bindings for IP Source Guard: Click Security, IP Source Guard, Static Binding. Select Configure ACL Table or Configure MAC Table from the Step list. Select Add from the Action list. Enter the required bindings for each port.
Chapter 12 | Security Measures IPv4 Source Guard Displaying Use the Security > IP Source Guard > Dynamic Binding page to display the source- guard binding table for a selected interface. Information for Dynamic IPv4 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Chapter 12 | Security Measures IPv6 Source Guard Figure 230: Showing the IPv4 Source Guard Binding Table IPv6 Source Guard IPv6 Source Guard is a security feature that filters IPv6 traffic on non-routed, Layer 2 network interfaces based on manually configured entries in the IPv6 Source Guard table, or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled (refer to the DHCPv6 Snooping commands in the CLI Reference Guide).
Page 364
Chapter 12 | Security Measures IPv6 Source Guard ◆ Table entries include a MAC address, IPv6 global unicast address, entry type (Static-IPv6-SG-Binding, Dynamic-ND-Binding, Dynamic-DHCPv6-Binding), VLAN identifier, and port identifier. ◆ Static addresses entered in the source guard binding table (using the Static Binding page) are automatically configured with an infinite lease time.
Chapter 12 | Security Measures IPv6 Source Guard Guide), and static entries set by IPv6 Source Guard (see “Configuring Static Bindings for IPv6 Source Guard” on page 365). IPv6 source guard maximum bindings must be set to a value higher than ■...
Page 366
Chapter 12 | Security Measures IPv6 Source Guard ◆ Static addresses entered in the source guard binding table are automatically configured with an infinite lease time. ◆ When source guard is enabled, traffic is filtered based upon dynamic entries learned via ND snooping, DHCPv6 snooping, or static addresses configured in the source guard binding table.
Chapter 12 | Security Measures IPv6 Source Guard Displaying Use the Security > IPv6 Source Guard > Dynamic Binding page to display the source-guard binding table for a selected interface. Information for Dynamic IPv6 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Chapter 12 | Security Measures DHCP Snooping Figure 234: Showing the IPv6 Source Guard Binding Table DHCP Snooping The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 370
Chapter 12 | Security Measures DHCP Snooping ◆ Filtering rules are implemented as follows: If the global DHCP snooping is disabled, all DHCP packets are forwarded. ■ If DHCP snooping is enabled globally, and also enabled on the VLAN where ■...
Chapter 12 | Security Measures DHCP Snooping DHCP Snooping Option 82 ◆ DHCP provides a relay mechanism for sending information about its DHCP clients or the relay agent itself to the DHCP server. Also known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 372
Chapter 12 | Security Measures DHCP Snooping packet is not same as the client's hardware address in the DHCP packet, the packet is dropped. (Default: Enabled) ◆ DHCP Snooping Rate Limit – Sets the maximum number of DHCP packets that can be trapped by the switch for DHCP snooping. (Range: 1-2048 packets/ second) Information ◆...
Chapter 12 | Security Measures DHCP Snooping Select the required options for the general DHCP snooping process and for the DHCP snooping information option. Click Apply Figure 235: Configuring Global Settings for DHCP Snooping DHCP Snooping Use the IP Service > DHCP > Snooping (Configure VLAN) page to enable or disable DHCP snooping on specific VLANs.
Chapter 12 | Security Measures DHCP Snooping Web Interface To configure global settings for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Configure VLAN from the Step list. Enable DHCP Snooping on any existing VLAN. Click Apply Figure 236: Configuring DHCP Snooping on a VLAN Configuring Ports Use the IP Service >...
Chapter 12 | Security Measures DHCP Snooping Value – An arbitrary string inserted into the circuit identifier field. ■ (Range: 1-32 characters) Web Interface To configure global settings for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Configure Interface from the Step list. Set any ports within the local network or firewall to trusted.
Chapter 12 | Security Measures DHCP Snooping ◆ VLAN – VLAN to which this entry is bound. ◆ Interface – Port or trunk to which this entry is bound. ◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be used to store the currently learned dynamic DHCP snooping entries to flash memory.
Basic Administration Protocols This chapter describes basic administration tasks including: ◆ Event Logging – Sets conditions for logging event messages to system memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
Chapter 13 | Basic Administration Protocols Configuring Event Logging Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Level must be equal to or less than the RAM Level.
Chapter 13 | Basic Administration Protocols Configuring Event Logging memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory. Figure 240: Showing Error Messages Logged to System Memory Remote Log Use the Administration > Log > Remote page to send log messages to syslog servers or other management stations.
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Port - Specifies the UDP port number used by the remote server. (Range: 1-65535) Web Interface To configure the logging of error messages to remote servers: Click Administration, Log, Remote. Enable remote logging, specify the facility type to use for the syslog messages.
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Email Destination Address – Specifies the email recipients of alert messages. You can specify up to five recipients. ◆ Server IP Address – Specifies a list of up to three recipient SMTP servers. IPv4 or IPv6 addresses may be specified.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
Page 384
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol increase the probability that multiple, rather than single changes, are reported in each transmission. This attribute must comply with the rule: (4 * Delay Interval) ≤ Transmission Interval ◆ Reinitialization Delay – Configures the delay before attempting to re-initialize after LLDP ports are disabled or the link goes down.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 243: Configuring LLDP Timing Attributes Configuring LLDP Use the Administration > LLDP (Configure Interface - Configure General) page to Interface Attributes specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
Page 386
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Basic Optional TLVs – Configures basic information included in the TLV field of advertised messages. Management Address – The management address protocol packet ■ includes the IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 387
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol VLAN ID – The port’s default VLAN identifier (PVID) indicates the VLAN with ■ which untagged or priority-tagged frames are associated (see “IEEE 802.1Q VLANs” on page 153). (Default: Enabled) VLAN Name –...
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Country – The two-letter ISO 3166 country code in capital ASCII letters. ■ (Example: DK, DE or US) Device entry refers to – The type of device to which the location applies: ■...
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Configuring Use the Administration > LLDP (Configure Interface – Add CA-Type) page to specify the physical location of the device attached to an interface. LLDP Interface Civic-Address Command Usage ◆ Use the Civic Address type (CA-Type) to advertise the physical location of the device attached to an interface, including items such as the city, street number, building and room information.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Select an interface from the Port or Trunk list. Specify a CA-Type and CA-Value pair. Click Apply. Figure 245: Configuring the Civic Address for an LLDP Interface To show the physical location of the attached device: Click Administration, LLDP.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Displaying LLDP Use the Administration > LLDP (Show Local Device Information) page to display information about the switch, such as its MAC address, chassis ID, management IP Local Device address, and port information. Information Parameters These parameters are displayed:...
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 26: System Capabilities ID Basis Reference Telephone IETF RFC 2011 DOCSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 ◆ System Capabilities Enabled – The primary function(s) of the system which are currently enabled.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 27: Port ID Subtype ID Basis Reference Agent circuit ID agent circuit ID (IETF RFC 3046) Locally assigned locally assigned ◆ Port/Trunk ID – A string that contains the specific identifier for the local interface based on interface subtype used by this switch.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 248: Displaying Local Device Information for LLDP (Port) Figure 249: Displaying Local Device Information for LLDP (Port Details) Displaying LLDP Use the Administration > LLDP (Show Remote Device Information) page to display Remote Device information about devices connected directly to the switch’s ports which are advertising information through LLDP, or to display detailed information about an...
Page 395
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details ◆ Port – Port identifier on local switch. ◆ Remote Index – Index of remote device attached to this port. ◆ Local Port – The local port to which a remote LLDP-capable device is attached. ◆...
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol supports port-based protocol VLANs, and whether the port-based protocol VLANs are enabled on the given port associated with the remote system. ◆ Remote VLAN Name List – VLAN names associated with a port. ◆...
Page 397
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Remote Port MAU Type – An integer value that indicates the operational MAU type of the sending device. This object contains the integer value derived from the list position of the corresponding dot3MauType as listed in IETF RFC 3636 and is equal to the last number in the respective dot3MauType OID.
Page 398
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – LLDP-MED Capability ◆ Device Class – Any of the following categories of endpoint devices: Class 1 – The most basic class of endpoint devices. ■ Class 2 – Endpoint devices that supports media stream capabilities. ■...
Page 399
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Layer 2 Priority – The Layer 2 priority to be used for the specified application type. This field may specify one of eight priority levels (0-7), where a value of 0 represents use of the default priority.
Page 400
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol PD – Unknown, PSE, Local, PSE and Local ■ PSE – Unknown, Primary Power Source, Backup Power Source - Power ■ conservation mode ◆ Power Value – The total power in watts required by a PD device from a PSE device, or the total power a PSE device is capable of sourcing over a maximum length cable based on its current configuration.
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Additional information displayed by an end-point device which advertises LLDP- MED TLVs is shown in the following figure. Figure 252: Displaying Remote Device Information for LLDP (End Node) Displaying Use the Administration > LLDP (Show Device Statistics) page to display statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages Device Statistics transmitted or received on all local interfaces.
Page 404
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Neighbor Entries Dropped Count – The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources. ◆ Neighbor Entries Age-out Count – The number of times that a neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol The switch includes an onboard agent that supports SNMP versions 1, 2c, and 3. This agent continuously monitors the status of the switch hardware, as well as the traffic passing through its ports. A network management station can access this information using network management software.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Command Usage Configuring SNMPv1/2c Management Access To configure SNMPv1 or v2c management access to the switch, follow these steps: Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Link-up and Link-down Traps – Issues a notification message whenever a port link is established or broken. (Default: Enabled) Web Interface To configure global settings for SNMP: Click Administration, SNMP. Select Configure Global from the Step list.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Engine Boots – The number of times that the engine has (re-)initialized since the SNMP Engine ID was last configured. Web Interface To configure the local SNMP engine ID: Click Administration, SNMP.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Remote IP Host – The IPv4 or IPv6 address of a remote management station which is using the specified engine ID. Web Interface To configure a remote SNMP engine ID: Click Administration, SNMP.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Setting SNMPv3 Views Use the Administration > SNMP (Configure View) page to configure SNMPv3 views which are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview”...
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 259: Creating an SNMP View To show the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Show View from the Action list. Figure 260: Showing SNMP Views To add an object identifier to an existing SNMP view of the switch’s MIB database: Click Administration, SNMP.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 261: Adding an OID Subtree to an SNMP View To show the OID branches configured for the SNMP views of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Show OID Subtree from the Action list.
Page 414
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Security Level – The following security levels are only used for the groups assigned to the SNMP security model: noAuthNoPriv – There is no authentication or encryption used in SNMP ■...
Page 415
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Table 30: Supported Notification Messages Model Level Group RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its...
Page 416
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 30: Supported Notification Messages Model Level Group Private Traps swPowerStatusChangeTrap 1.3.6.1.4.1.22426 .10.1.24.2.1.0.1 This trap is sent when the power state changes. swPortSecurityTrap 1.3.6.1.4.1.22426.10.11.24.2.1.0.36 This trap is sent when the port is being intruded. This trap will only be sent when the portSecActionTrap is enabled.
Page 417
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 30: Supported Notification Messages Model Level Group swCpuUtiFallingNotification 1.3.6.1.4.1.22426.10.11.24.2.1.0.108 This notification indicates that the CPU utilization has fallen from cpuUtiRisingThreshold to cpuUtiFallingThreshold. swMemoryUtiRisingThreshold 1.3.6.1.4.1.22426.10.11.24.2.1.0.109 This notification indicates that the memory Notification utilization has risen from memoryUtiFallingThreshold to...
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Web Interface To configure an SNMP group: Click Administration, SNMP. Select Configure Group from the Step list. Select Add from the Action list. Enter a group name, assign a security model and level, and then select read, write, and notify views.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Setting Community Use the Administration > SNMP (Configure User - Add Community) page to configure up to five community strings authorized for management access by Access Strings clients using SNMP v1 and v2c. For security reasons, you should consider removing the default strings.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol To show the community access strings: Click Administration, SNMP. Select Configure User from the Step list. Select Show Community from the Action list. Figure 266: Showing Community Access Strings Configuring Use the Administration >...
Page 421
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 267: Configuring Local SNMPv3 Users To show local SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Local User from the Action list. Figure 268: Showing Local SNMPv3 Users To change a local SNMPv3 local user group: Click Administration, SNMP.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Click Apply. Figure 269: Changing a Local SNMPv3 User Group Configuring Use the Administration > SNMP (Configure User - Add SNMPv3 Remote User) page to identify the source of SNMPv3 inform messages sent from the local switch. Each Remote SNMPv3 Users SNMPv3 user is defined by a unique name.
Page 424
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required.
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Specifying Use the Administration > SNMP (Configure Trap) page to specify the host devices to be sent traps and the types of traps to send. Traps indicating status changes are Trap Managers issued by the switch to the specified trap managers.
Page 427
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Community String – Specifies a valid community string for the new trap manager entry. (Range: 1-32 characters, case sensitive) Although you can set this string in the Configure Trap – Add page, we recommend defining it in the Configure User –...
Page 428
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Inform – Notifications are sent as inform messages. Note that this option is ■ only available for version 2c and 3 hosts. (Default: traps are used) Timeout – The number of seconds to wait for an acknowledgment ■...
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ When a trap host is created using the Administration > SNMP (Configure Trap – Add) page described on page 426, a default notify filter will be created. Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 277: Showing SNMP Notification Logs Showing Use the Administration > SNMP (Show Statistics) page to show counters for SNMP input and output protocol data units. SNMP Statistics Parameters The following counters are displayed: ◆...
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ SNMP packets output – The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service. ◆ Too big errors – The total number of SNMP PDUs which were generated by the SNMP protocol entity and for which the value of the error-status field is “tooBig.
Chapter 13 | Basic Administration Protocols Remote Monitoring Remote Monitoring Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
Page 435
Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Sample Type – Tests for absolute or relative changes in the specified variable. Absolute – The variable is compared directly to the thresholds at the end ■ of the sampling period. Delta –...
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 279: Configuring an RMON Alarm To show configured RMON alarms: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Alarm. Figure 280: Showing Configured RMON Alarms –...
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Global - Add - Event) page to set the action to take when an alarm is triggered. The response can include logging the Events alarm or sending a message to a trap manager.
Chapter 13 | Basic Administration Protocols Remote Monitoring Web Interface To configure an RMON event: Click Administration, RMON. Select Configure Global from the Step list. Select Add from the Action list. Click Event. Enter an index number, the type of event to initiate, the community string to send with trap messages, the name of the person who created this event, and a brief description of the event.
Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 seconds) ◆ Buckets - The number of buckets requested for this entry. (Range: 1-65536; Default: 50) The number of buckets granted are displayed on the Show page. ◆...
Chapter 13 | Basic Administration Protocols Remote Monitoring Select a port from the list. Click History. Figure 284: Showing Configured RMON History Samples To show collected RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list.
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Interface - Add - Statistics) page to collect statistics on a port, which can subsequently be used to monitor the network Statistical Samples for common errors and overall traffic rates. Command Usage ◆...
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 286: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click Statistics.
Chapter 13 | Basic Administration Protocols Switch Clustering Figure 288: Showing Collected RMON Statistical Samples Switch Clustering Switch clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Chapter 13 | Basic Administration Protocols Switch Clustering ◆ The cluster VLAN 4093 is not configured by default. Before using clustering, take the following actions to set up this VLAN: Create VLAN 4093 (see “Configuring VLAN Groups” on page 156). Add the participating ports to this VLAN (see “Adding Static Members to VLANs”...
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure a switch cluster: Click Administration, Cluster. Select Configure Global from the Step list. Set the required attributes for a Commander or a managed candidate. Click Apply Figure 289: Configuring a Switch Cluster Cluster Member Use the Administration >...
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure cluster members: Click Administration, Cluster. Select Configure Member from the Step list. Select Add from the Action list. Select one of the cluster candidates discovered by this switch, or enter the MAC address of a candidate.
Chapter 13 | Basic Administration Protocols Switch Clustering To show cluster candidates: Click Administration, Cluster. Select Configure Member from the Step list. Select Show Candidate from the Action list. Figure 292: Showing Cluster Candidates Managing Cluster Use the Administration > Cluster (Show Member) page to manage another switch in the cluster.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 293: Managing a Cluster Member Ethernet Ring Protection Switching Note: Information in this section is based on ITU-T G.8032/Y.1344. The ITU G.8032 recommendation specifies a protection switching mechanism and protocol for Ethernet layer network rings.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching In Idle state, the physical topology has all nodes connected in a ring. The logical topology guarantees that all nodes are connected without a loop by blocking the RPL. Each link is monitored by its two adjacent nodes using Connectivity Fault Management (CFM) protocol messages.
Page 451
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ Each Major Ring or Sub-Ring must have its own RPL. Figure 295 on page 452 (Normal Condition) depicts an example of a multi-ring/ ladder network. If the network is in normal operating condition, the RPL owner node of each ring blocks the transmission and reception of traffic over the RPL for that ring.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 295: Ring Interconnection Architecture (Multi-ring/Ladder Network) Normal Condition Signal Fail Condition RPL Owner RPL Owner Node Node for ERP1 for ERP1 ring node B ring node A ring node B ring node A ERP1 ERP1...
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Enable ERPS (Configure Global): Before enabling a ring as described in the next step, first globally enable ERPS on the switch. If ERPS has not yet been enabled or has been disabled, no ERPS rings will work. Enable an ERPS ring (Configure Domain –...
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Web Interface To globally enable ERPS on the switch: Click Administration, ERPS. Select Configure Global from the Step list. Mark the ERPS Status check box. Click Apply. Figure 296: Setting ERPS Global Status ERPS Ring Use the Administration >...
Page 455
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ ID – ERPS ring identifier used in R-APS messages. ◆ Admin Status – Shows whether ERPS is enabled on the switch. ◆ Ver – Shows the ERPS version. ◆ MEG Level –...
Page 456
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ MEP – The CFM MEP used to monitor the status on this link. ◆ RPL – Shows if this node is connected to the RPL. Configure Details ◆ Domain Name – Name of a configured ERPS ring. (Range: 1-12 characters) Service Instances within each ring are based on a unique maintenance association for the specific users, distinguished by the ring name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 457
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The version number is automatically set to “1” when a ring node, supporting only the functionalities of G.8032v1, exists on the same ring with other nodes that support G.8032v2. When ring nodes running G.8032v1 and G.8032v2 co-exist on a ring, the ring ID of each node is configured as “1”.
Page 458
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching protection state is enabled with the Forced Switch or Manual Switch commands on the Configure Operation page). The east and west connections to the ring must be specified for all ring ■...
Page 459
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching this ring node unblocks its ring ports. Otherwise, the block remains unchanged. As a result, there is only one link with one end blocked. The ring nodes stop transmitting R-APS (NR) messages when they accept an R-APS (NR, RB –...
Page 460
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching removes any existing local operator commands, and triggers reversion if the ring is in revertive behavior mode. The ring node where the Forced Switch was cleared continuously transmits the R-APS (NR) message on both ring ports, informing other nodes that no request is present at this ring node.
Page 461
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching the ring port which was blocked as result of an operator command. Recovery for Manual Switching – A Manual Switch command is ■ removed by issuing the Clear command (Configure Operation page) at the same ring node where the Manual Switch is in effect.
Page 462
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Recovery with non-revertive mode is handled as follows: ■ The RPL Owner Node, upon reception of an R-APS (NR) message and in the absence of any other higher priority request does not perform any action. Then, after the operator issues the Clear command (Configure Operation page) at the RPL Owner Node, this ring node blocks the ring port attached to the RPL, transmits an R-APS (NR, RB)
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching A sub-ring may be attached to a primary ring with or without a virtual ■ channel. A virtual channel is used to connect two interconnection points on the sub-ring, tunneling R-APS control messages across an arbitrary Ethernet network topology.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching No R-APS messages are inserted or extracted by other rings or sub- rings at the interconnection nodes where a sub-ring is attached. Hence there is no need for either additional bandwidth or for different VIDs/Ring IDs for the ring interconnection.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The RPL owner node detects a failed link when it receives R-APS (SF - signal ■ fault) messages from nodes adjacent to the failed link. The owner then enters protection state by unblocking the RPL. However, using this standard recovery procedure may cause a non-EPRS device to become isolated when the ERPS device adjacent to it detects a continuity check message (CCM) loss event and blocks the link between the non-ERPS...
Page 466
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching will be checked. If one does exist, that defect will be reported to the protection switching mechanism. The reported defect need not be the same one that started the timer. ◆...
Page 467
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ West/East – Connects to next ring node to the west/east. Each node must be connected to two neighbors on the ring. For convenience, the ports connected are referred to as east and west ports. Alternatively, the closest neighbor to the east should be the next node in the ring in a clockwise direction, and the closest neighbor to the west should be the next node in the ring in a counter-clockwise direction.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Web Interface To create an ERPS ring: Click Administration, ERPS. Select Configure Domain from the Step list. Select Add from the Action list. Enter a name and optional identifier for the ring. Click Apply.
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 301: Creating an ERPS Ring To show the configured ERPS rings: Click Administration, ERPS. Select Configure Domain from the Step list. Select Show from the Action list. Figure 302: Showing Configured ERPS Rings –...
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ERPS Forced and Use the Administration > ERPS (Configure Operation) page to block a ring port using Forced Switch or Manual Switch commands. Manual Mode Operations Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching command. As such, two or more forced switches are allowed in the ring, which may inadvertently cause the segmentation of an ring. It is the responsibility of the operator to prevent this effect if it is undesirable.
Page 472
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Manual Switch – Blocks specified ring port, in the absence of a failure or an ■ FS command. (Options: West or East) A ring with no request has a logical topology with the traffic channel ■...
Page 473
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching An ring node with a local manual switch command that receives an R-APS message or a local request of higher priority than R-APS (MS) clear its manual switch request. The ring node then processes the new higher priority request.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 303: Blocking an ERPS Ring Port Connectivity Fault Management Connectivity Fault Management (CFM) is an OAM protocol that includes proactive connectivity monitoring using continuity check messages, fault verification through loop back messages, and fault isolation by examining end-to-end connections between provider edge devices or between customer edge devices.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ A Maintenance Level allows maintenance domains to be nested in a hierarchical fashion, providing access to the specific network portions required by each operator. Domains at lower levels may be either hidden or exposed to operators managing domains at a higher level, allowing either course or fine fault resolution.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 305: Multiple CFM Maintenance Domains Customer MA Operator 1 MA Operator 2 MA Provider MA Note that the Service Instances within each domain shown above are based on a unique maintenance association for the specific users, distinguished by the domain name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 477
Chapter 13 | Basic Administration Protocols Connectivity Fault Management the configured time period, and fault alarms are enabled, a corresponding trap will be sent. No further fault alarms are sent until the fault notification generator has been reset by the passage of a configured time period without detecting any further faults.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Global Use the Administration > CFM (Configure Global) page to configure global settings for CFM, such as enabling the CFM process on the switch, setting the start-up delay Settings for CFM for cross-check operations, configuring parameters for the link trace cache, and enabling traps for events discovered by continuity check messages or cross-check messages.
Page 479
Chapter 13 | Basic Administration Protocols Connectivity Fault Management name, MA name, MEPID, sequence number, and TTL value (see "Displaying Fault Notification Settings"). ◆ Link Trace Cache Hold Time – The hold time for CFM link trace cache entries. (Range: 1-65535 minutes; Default: 100 minutes) Before setting the aging time for cache entries, the cache must first be enabled in the Link Trace Cache attribute field.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management A MEP Missing trap is sent if cross-checking is enabled , and no CCM is received for a remote MEP configured in the static list ◆ Cross Check MEP Unknown – Sends a trap if an unconfigured MEP comes up. A MEP Unknown trap is sent if cross-checking is enabled , and a CCM is received from a remote MEP that is not configured in the static list...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Interfaces CFM processes are enabled by default for all physical interfaces, both ports and trunks. You can use the Administration > CFM (Configure Interface) page to change for CFM these settings. Command Usage ◆...
Page 482
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Command Usage Configuring General Settings ◆ Where domains are nested, an upper-level hierarchical domain must have a higher maintenance level than the ones it encompasses. The higher to lower level domain types commonly include entities such as customer, service provider, and operator.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Fault Notification ◆ A fault alarm can generate an SNMP notification. It is issued when the MEP fault notification generator state machine detects that the configured time period (MEP Fault Notify Alarm Time) has passed with one or more defects indicated, and fault alarms are enabled at or above the specified priority level (MEP Fault Notify Lowest Priority).
Page 484
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MD Name – Maintenance domain name. (Range: 1-43 alphanumeric characters) ◆ MD Level – Authorized maintenance level for this domain. (Range: 0-7) ◆ MIP Creation Type – Specifies the CFM protocol’s creation method for maintenance intermediate points (MIPs) in this domain: Default –...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Specify the manner in which MIPs can be created within each domain. Click Apply. Figure 308: Configuring Maintenance Domains To show the configured maintenance domains: Click Administration, CFM. Select Configure MD from the Step list. Select Show from the Action list.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 310: Configuring Detailed Settings for Maintenance Domains Configuring CFM Use the Administration > CFM (Configure MA) pages to create and configure the Maintenance Maintenance Associations (MA) which define a unique CFM service instance. Each MA can be identified by its parent MD, the MD’s maintenance level, the VLAN Associations assigned to the MA, and the set of maintenance end points (MEPs) assigned to it.
Page 487
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA, a connectivity failure is registered. ◆ If a maintenance point receives a CCM with an invalid MEPID or MA level or an MA level lower than its own, a failure is registered which indicates a configuration error or cross-connect error (i.e., overlapping MAs).
Page 488
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Name Format – Specifies the name format for the maintenance association as IEEE 802.1ag character based, or ITU-T SG13/SG15 Y.1731 defined ICC-based format. Character String – IEEE 802.1ag defined character string format. This is an ■...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from the MD Index list. Specify the MAs assigned to each domain, the VLAN through which CFM messages are passed, and the manner in which MIPs can be created within each MA.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from MD Index and MA Index. Specify the CCM interval, enable the transmission of connectivity check and cross check messages, and configure the required AIS parameters. Click Apply Figure 313: Configuring Detailed Settings for Maintenance Associations Configuring Use the Administration >...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Maintenance end point identifier. (Range: 1-8191) ◆ MEP Direction – Up indicates that the MEP faces inward toward the switch cross-connect matrix, and transmits CFM messages towards, and receives them from, the direction of the internal bridge relay mechanism.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select Show from the Action list. Select an entry from MD Index and MA Index. Figure 315: Showing Maintenance End Points Configuring Use the Administration > CFM (Configure Remote MEP – Add) page to specify remote maintenance end points (MEPs) set on other CFM-enabled devices within a Remote Maintenance common MA.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Identifier for a maintenance end point which exists on another CFM- enabled device within the same MA.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 317: Showing Remote Maintenance End Points Transmitting Link Use the Administration > CFM (Transmit Link Trace) page to transmit link trace Trace Messages messages (LTMs). These messages can isolate connectivity faults by tracing the path through a network to the designated target node (i.e., a remote maintenance end point).
Page 495
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ Source MEP ID – The identifier of a source MEP that will send the link trace message.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 318: Transmitting Link Trace Messages Transmitting Loop Use the Administration > CFM (Transmit Loopback) page to transmit Loopback Messages (LBMs). These messages can be used to isolate or verify connectivity Back Messages faults by submitting a request to a target node (i.e., a remote MEP or MIP) to echo the message back to the source.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Target MEP ID – The identifier of a remote MEP that is the target of a loopback ■ message. (Range: 1-8191) MAC Address – MAC address of a remote MEP that is the target of a ■...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Transmitting Use the Administration > CFM (Transmit Delay Measure) page to send periodic delay-measure requests to a specified MEP within a maintenance association. Delay-Measure Requests Command Usage ◆ Delay measurement can be used to measure frame delay and frame delay variation between MEPs.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MEPs Use the Administration > CFM > Show Information (Show Local MEP) page to show information for the MEPs configured on this device. Parameters These parameters are displayed: ◆ MEP ID –...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details Use the Administration > CFM > Show Information (Show Local MEP Details) page to show detailed CFM information about a local MEP in the continuity check for Local MEPs database.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Suppressing Alarms – Shows if the specified MEP is currently suppressing sending frames containing AIS information following the detection of defect conditions. Web Interface To show detailed information for the MEPs configured on this device: Click Administration, CFM.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MIPs Use the Administration > CFM > Show Information (Show Local MIP) page to show the MIPs on this device discovered by the CFM protocol. (For a description of MIPs, refer to the Command Usage section under "Configuring CFM Maintenance Domains".)
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Use the Administration > CFM > Show Information (Show Remote MEP) page to show MEPs located on other devices which have been discovered through Remote MEPs continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details for Use the Administration > CFM > Show Information (Show Remote MEP Details) page to show detailed information for MEPs located on other devices which have Remote MEPs been discovered through continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Down – The interface cannot pass packets. ■ Testing – The interface is in some test mode. ■ ■ Unknown – The interface status cannot be determined for some reason. ■ Dormant –...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying the Use the Administration > CFM > Show Information (Show Link Trace Cache) page to show information about link trace operations launched from this device. Link Trace Cache Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols Connectivity Fault Management HIT – Target located on this device. ■ Web Interface To show information about link trace operations launched from this device: Click Administration, CFM. Select Show Information from the Step list. Select Show Link Trace Cache from the Action list.
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Web Interface To show configuration settings for the fault notification generator: Click Administration, CFM. Select Show Information from the Step list. Select Show Fault Notification Generator from the Action list. Figure 327: Showing Settings for the Fault Notification Generator Displaying Use the Administration >...
Chapter 13 | Basic Administration Protocols OAM Configuration EXCESS_LEV – The number of different MD levels at which MIPs are to be ■ created on this port exceeds the bridge's capabilities. OVERLAP_LEV – A MEP is created for one VID at one maintenance level, but ■...
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Admin Status – Enables or disables OAM functions. (Default: Disabled) ◆ Operation State – Shows the operational state between the local and remote OAM devices. This value is always “disabled” if OAM is disabled on the local interface.
Page 512
Chapter 13 | Basic Administration Protocols OAM Configuration Critical Event – If a critical event occurs, the local OAM entity indicates this ■ to its peer by setting the appropriate flag in the next OAMPDU to be sent and stores this information in its OAM event log. (Default: Enabled) Critical events include various failures, such as abnormal voltage fluctuations, out-of-range temperature detected, fan failure, CRC error in flash memory, insufficient memory, or other hardware faults.
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 329: Enabling OAM for Local Ports Displaying Statistics Use the Administration > OAM > Counters page to display statistics for the various for OAM Messages types of OAM messages passed across each port. Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display statistics for OAM messages: Click Administration, OAM, Counters. Figure 330: Displaying Statistics for OAM Messages Displaying the Use the Administration > OAM > Event Log page to display link events for the OAM Event Log selected port.
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 331: Displaying the OAM Event Log Displaying the Status Use the Administration > OAM > Remote Interface page to display information about attached OAM-enabled devices. of Remote Interfaces Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display information about attached OAM-enabled devices: Click Administration, OAM, Remote Interface. Figure 332: Displaying Status of Remote Interfaces Configuring a Remote Use the Administration > OAM > Remote Loopback (Remote Loopback Test) page Loopback Test to initiate a loop back test to the peer device attached to the selected port.
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Loopback Status – Shows if loopback testing is currently running. Loopback Test Parameters ◆ Packet Number – Number of packets to send. (Range: 1-99999999; Default: 10000) ◆ Packet Size – Size of packets to send. (Range: 64-1518 bytes; Default: 64 bytes) ◆...
Chapter 13 | Basic Administration Protocols OAM Configuration Select the port on which to initiate remote loop back testing, enable the Loop Back Mode attribute, and click Apply. Set the number of packets to send and the packet size, and then click Test. Figure 333: Running a Remote Loop Back Test Displaying Results of Use the Administration >...
Chapter 13 | Basic Administration Protocols UDLD Configuration Figure 334: Displaying the Results of Remote Loop Back Testing UDLD Configuration The switch can be configured to detect general loopback conditions caused by hardware problems or faulty protocol settings. When enabled, a control frame is transmitted on the participating ports, and the switch monitors inbound traffic to see if the frame is looped back.
Chapter 13 | Basic Administration Protocols UDLD Configuration Configuring UDLD Use the Administration > UDLD > Configure Global page to configure the UniDirectional Link Detection message probe interval, detection interval, and Protocol Intervals recovery interval. Parameters These parameters are displayed: ◆...
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To configure the UDLD message probe interval, detection interval, and recovery interval: Click Administration, UDLD, Configure Global. Select Configure Global from the Step list. Configure the message and detection intervals. Enable automatic recovery if required, and set the recovery interval.
Page 522
Chapter 13 | Basic Administration Protocols UDLD Configuration ends without the proper echo information being received, the link is considered to be unidirectional. ◆ Aggressive Mode – Reduces the shut-down delay after loss of bidirectional connectivity is detected. (Default: Disabled) UDLD can function in two modes: normal mode and aggressive mode.
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To enable UDLD and aggressive mode: Click Administration, UDLD, Configure Interface. Enable UDLD and aggressive mode on the required ports. Click Apply. Figure 336: Configuring UDLD Interface Settings Displaying Use the Administration > UDLD (Show Information) page to show UDLD neighbor UDLD Neighbor information, including neighbor state, expiration time, and protocol intervals.
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To display UDLD neighbor information: Click Administration, UDLD, Show Information. Select an interface from the Port list. Figure 337: Displaying UDLD Neighbor Information – 524 –...
Multicast Filtering This chapter describes how to configure the following multicast services: ◆ IGMP Snooping – Configures snooping and query parameters. ◆ Filtering and Throttling – Filters specified multicast service, or throttles the maximum of multicast groups allowed on an interface. ◆...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 338: Multicast Filtering Concept Unicast Flow Multicast Flow This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGMP Snooping can be used to passively monitor or “snoop” on exchanges between attached hosts and an IGMP-enabled device, most commonly a multicast router.
Page 527
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) switches in the local network segment, IGMP Snooping is the only service required to support multicast filtering. When using IGMPv3 snooping, service requests from IGMP Version 1, 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a multicast service to specific interfaces on the switch (page 534).
Page 529
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Note: Multicast routers use this information from IGMP snooping and query reports, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet. Parameters These parameters are displayed: ◆...
Page 530
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) By default, the switch immediately enters into “multicast flooding mode” when a spanning tree topology change occurs. In this mode, multicast traffic will be flooded to all VLAN ports. If many ports have subscribed to different multicast groups, flooding may cause excessive packet loss on the link between the switch and the end host.
Page 531
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ Forwarding Priority – Assigns a CoS priority to all multicast traffic. (Range: 0-7, where 7 is the highest priority; Default: Disabled) This parameter can be used to set a high priority for low-latency multicast traffic such as a video-conference, or to set a low priority for normal multicast traffic not sensitive to latency.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 339: Configuring General Settings for IGMP Snooping Specifying Static Use the Multicast > IGMP Snooping > Multicast Router (Add Static Multicast Router) Interfaces for a page to statically attach an interface to a multicast router/switch. Multicast Router Depending on network connections, IGMP snooping may not always be able to locate the IGMP querier.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Show Static Multicast Router ◆ VLAN – Selects the VLAN for which to display any configured static multicast routers. ◆ Interface – Shows the interface to which the specified static multicast routers are attached.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 341: Showing Static Interfaces Attached a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol (such as PIM) to support IP multicasting across the Internet.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group. Command Usage ◆ Static multicast addresses are never aged out. ◆...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) To show the static interfaces assigned to a multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information. Figure 344: Showing Static Interfaces Assigned to a Multicast Service To show the all interfaces attached to a multicast router: Click Multicast, IGMP Snooping, Multicast Router.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Setting IGMP Use the Multicast > IGMP Snooping > Interface (Configure VLAN) page to configure IGMP snooping attributes for a VLAN. To configure snooping globally, refer to Snooping Status “Configuring IGMP Snooping and Query Parameters”...
Page 538
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ Multicast Router Termination – These messages are sent when a router stops IP multicast routing functions on an interface. Termination messages are sent by multicast routers when: Multicast forwarding is disabled on an interface.
Page 539
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) If immediate leave is not used, a multicast router (or querier) will send a group- specific query message when an IGMPv2 group leave message is received. The router/querier stops forwarding traffic for that group only if no host replies to the query within the specified time out period.
Page 540
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) When IGMP Proxy Reporting is enabled, the source address is based on the following criteria: If a proxy query address is configured, the switch will use that address as ■...
Page 541
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) This attribute will take effect only if IGMP snooping proxy reporting is enabled (page 528) or IGMP querier is enabled (page 528). ◆ Last Member Query Count – The number of IGMP proxy group-specific or group-and-source-specific query messages that are sent out before the system assumes there are no more local members.
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 346: Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping: Click Multicast, IGMP Snooping, Interface. Select Show VLAN Information from the Action list. Figure 347: Showing Interface Settings for IGMP Snooping –...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Filtering IGMP Query Use the Multicast > IGMP Snooping > Interface (Configure Interface) page to configure an interface to drop IGMP query packets or multicast data packets. Packets and Multicast Data Parameters...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Displaying Multicast Use the Multicast > IGMP Snooping > Forwarding Entry page to display the forwarding entries learned through IGMP Snooping. Groups Discovered by IGMP Snooping Command Usage To display information about multicast groups, IGMP Snooping must first be enabled on the switch (see page...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Displaying IGMP Use the Multicast > IGMP Snooping > Statistics pages to display IGMP snooping protocol-related statistics for the specified interface. Snooping Statistics Parameters These parameters are displayed: ◆...
Page 546
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ V3 Warning Count – The number of times the query version received (Version 3) does not match the version configured for this interface. VLAN, Port, and Trunk Statistics Input Statistics ◆...
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 351: Displaying IGMP Snooping Statistics – VLAN To display IGMP snooping protocol-related statistics for a port: Click Multicast, IGMP Snooping, Statistics. Select Show Port Statistics from the Action list. Select a Port.
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Filtering and Throttling IGMP Groups In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan.
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Figure 353: Enabling IGMP Filtering and Throttling Configuring IGMP Use the Multicast > IGMP Snooping > Filter (Configure Profile – Add) page to create Filter Profiles an IGMP profile and set its access mode. Then use the (Add Multicast Group Range) page to configure the multicast groups to filter.
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Web Interface To create an IGMP filter profile and set its access mode: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Add from the Action list. Enter the number for a profile, and set its access mode.
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Select the profile to configure, and add a multicast group address or range of addresses. Click Apply. Figure 356: Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an IGMP filter profile: Click Multicast, IGMP Snooping, Filter.
Page 553
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups set to replace, the switch randomly removes an existing group and replaces it with the new multicast group. Parameters These parameters are displayed: ◆ Interface – Port or trunk identifier. An IGMP profile or throttling setting can be applied to a port or trunk.
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 358: Configuring IGMP Filtering and Throttling Interface Settings MLD Snooping (Snooping and Query for IPv6) Multicast Listener Discovery (MLD) snooping operates on IPv6 traffic and performs a similar function to IGMP snooping for IPv4. That is, MLD snooping dynamically configures switch ports to limit IPv6 multicast traffic so that it is forwarded only to ports with users that want to receive it.
Page 555
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) An IPv6 address must be configured on the VLAN interface from which the querier will act if elected. When serving as the querier, the switch uses this IPv6 address as the query source address.
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Click Apply. Figure 359: Configuring General Settings for MLD Snooping Setting Immediate Use the Multicast > MLD Snooping > Interface page to configure Immediate Leave status for a VLAN. Leave Status for MLD Snooping Parameters...
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 360: Configuring Immediate Leave for MLD Snooping Specifying Static Use the Multicast > MLD Snooping > Multicast Router (Add Static Multicast Router) Interfaces for an page to statically attach an interface to an IPv6 multicast router/switch. IPv6 Multicast Router Depending on your network connections, MLD snooping may not always be able to locate the MLD querier.
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 361: Configuring a Static Interface for an IPv6 Multicast Router To show the static interfaces attached to a multicast router: Click Multicast, MLD Snooping, Multicast Router. Select Show Static Multicast Router from the Action list. Select the VLAN for which to display this information.
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Assigning Interfaces Use the Multicast > MLD Snooping > MLD Member (Add Static Member) page to statically assign an IPv6 multicast service to an interface. to IPv6 Multicast Services Multicast filtering can be dynamically configured using MLD snooping and query messages (see...
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 364: Assigning an Interface to an IPv6 Multicast Service To show the static interfaces assigned to an IPv6 multicast service: Click Multicast, MLD Snooping, MLD Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information.
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Figure 366: Showing Current Interfaces Assigned to an IPv6 Multicast Service Showing MLD Use the Multicast > MLD Snooping > Group Information page to display known Snooping Groups multicast groups, member ports, the means by which each group was learned, and the corresponding source list.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display known MLD multicast groups: Click Multicast, MLD Snooping, Group Information. Select the port or trunk, and then select a multicast service assigned to that interface. Figure 367: Showing IPv6 Multicast Services and Corresponding Sources Multicast VLAN Registration for IPv4 Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 368: MVR Concept Multicast Router Satellite Services Service Network Multicast Server Source Layer 2 Switch Port Receiver Ports Set-top Box Set-top Box Command Usage ◆ General Configuration Guidelines for MVR: Enable MVR for a domain on the switch, and select the MVR VLAN (see “Configuring MVR Domain Settings”...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Global) page to configure proxy switching and the robustness variable. Global Settings Parameters These parameters are displayed: ◆ Proxy Switching – Configures MVR proxy switching, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Proxy Query Interval – Configures the interval at which the receiver port sends out general queries. (Range: 2-31744 seconds; Default: 125 seconds) This parameter sets the general query interval at which active receiver ■...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Domain) page to enable MVR globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Click Apply. Figure 370: Configuring Domain Settings for MVR Configuring Use the Multicast > MVR (Configure Profile and Associate Profile) pages to assign the multicast group address for required services to one or more MVR domains. MVR Group Address Profiles Command Usage...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Associate Profile ◆ Domain ID – An independent multicast domain. (Range: 1-5) ◆ Profile Name – The name of a profile to be assigned to this domain. (Range: 1-21 characters) Web Interface To configure an MVR group address profile: Click Multicast, MVR.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To assign an MVR group address profile to a domain: Click Multicast, MVR. Select Associate Profile from the Step list. Select Add from the Action list. Select a domain from the scroll-down list, and enter the name of a group profile.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Interface) page to configure each interface that participates in the MVR protocol as a source port or receiver port. If you are sure Interface Status that only one subscriber attached to an interface is receiving multicast services, you can enable the immediate leave function.
Page 571
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Type – The following interface types are supported: Source – An uplink port that can send and receive multicast data for the ■ groups assigned to the MVR VLAN. Note that the source port must be manually configured as a member of the MVR VLAN (see “Adding Static Members to VLANs”...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 375: Configuring Interface Settings for MVR Assigning Static MVR Use the Multicast > MVR (Configure Static Group Member) page to statically bind Multicast Groups to multicast groups to a port which will receive long-term multicast streams associated with a stable set of hosts.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To assign a static MVR group to an interface: Click Multicast, MVR. Select Configure Static Group Member from the Step list. Select Add from the Action list. Select an MVR domain. Select a VLAN and interface to receive the multicast stream, and then enter the multicast group address.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 377: Showing the Static MVR Groups Assigned to a Port Displaying MVR Use the Multicast > MVR (Show Member) page to show the multicast groups either Receiver Groups statically or dynamically assigned to the MVR receiver groups on each interface. Parameters These parameters are displayed: ◆...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 378: Displaying MVR Receiver Groups Displaying Use the Multicast > MVR > Show Statistics pages to display MVR protocol-related MVR Statistics statistics for the specified interface. Parameters These parameters are displayed: ◆...
Page 576
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 VLAN, Port, and Trunk Statistics Input Statistics ◆ Report – The number of IGMP membership reports received on this interface. ◆ Leave – The number of leave messages received on this interface. ◆...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display statistics for MVR query-related messages: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR domain. Figure 379: Displaying MVR Statistics –...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To display MVR protocol-related statistics for a VLAN: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR domain. Select a VLAN.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR protocol-related statistics for a port: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR domain. Select a Port.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Set the interfaces that will join the MVR as source ports or receiver ports (see “Configuring MVR6 Interface Status” on page 586). For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see “Assigning Static MVR6 Multicast Groups to...
Page 581
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Robustness Value – Configures the expected packet loss, and thereby the number of times to generate report and group-specific queries. (Range: 1-10; Default: 2) This parameter is used to set the number of times report messages are sent ■...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 382: Configuring Global Settings for MVR6 Configuring MVR6 Use the Multicast > MVR6 (Configure Domain) page to enable MVR6 globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 IPv6 address including the network prefix and host address bits. By default, all MVR6 reports sent upstream use a null source IP address. All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ”...
Page 584
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 384: Configuring an MVR6 Group Address Profile To show the configured MVR6 group address profiles: Click Multicast, MVR6. Select Configure Profile from the Step list. Select Show from the Action list. Figure 385: Displaying MVR6 Group Address Profiles To assign an MVR6 group address profile to a domain: Click Multicast, MVR6.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 386: Assigning an MVR6 Group Address Profile to a Domain To show the MVR6 group address profiles assigned to a domain: Click Multicast, MVR6. Select Associate Profile from the Step list. Select Show from the Action list.
Page 587
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 membership for MVR6 receiver ports cannot be set to access mode (see“Adding Static Members to VLANs” on page 159). ◆ One or more interfaces may be configured as MVR6 source ports. A source port is able to both receive and send data for configured MVR6 groups or for groups which have been statically assigned (see “Assigning Static MVR Multicast...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 “Active” only if there are subscribers receiving multicast traffic from one of the MVR6 groups, or a multicast group has been statically assigned to an interface. ◆ Immediate Leave – Configures the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To show the static MVR6 groups assigned to an interface: Click Multicast, MVR6. Select Configure Static Group Member from the Step list. Select Show from the Action list. Select an MVR6 domain. Select the port or trunk for which to display this information.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Count – The number of multicast services currently being forwarded from the MVR6 VLAN. ◆ Clear MVR6 Group – Clears multicast group information dynamically learned through MVR6. Statically configured multicast addresses are not cleared. Web Interface To display the interfaces assigned to the MVR6 receiver groups: Click Multicast, MVR6.
Page 592
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ General Query Sent – The number of general queries sent from this interface. ◆ Specific Query Received – The number of specific queries received on this interface. ◆ Specific Query Sent – The number of specific queries sent from this interface. ◆...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Web Interface To display statistics for MVR6 query-related messages: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR6 domain. Figure 392: Displaying MVR6 Statistics –...
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a VLAN: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR6 domain. Select a VLAN.
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a port: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR6 domain. Select a Port.
IP Configuration This chapter describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address, or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server.
Page 598
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ◆ To enable routing between interfaces defined on this switch and external network interfaces, you must configure static routes (page 647) or use dynamic routing; i.e., RIP (page 652) ◆...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Web Interface To set a static IPv4 address for the switch: Click IP, General, Routing Interface. Select Add Address from the Action list. Select any configured VLAN, set IP Address Mode to “User Specified, ” set IP Address Type to “Primary”...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Figure 396: Configuring a Dynamic IPv4 Address Note: The switch will also broadcast a request for IP configuration settings on each power reset. Note: If you lose the management connection, make a console connection to the switch and enter “show ip interface”...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 397: Showing the Configured IPv4 Address for an Interface Setting the Switch’s IP Address (IP Version 6) This section describes how to configure an IPv6 interface for management access over the network, or for creating an interface to multiple subnets.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring the Use the IP > IPv6 Configuration (Configure Global) page to configure an IPv6 default gateway for the switch. IPv6 Default Gateway Parameters These parameters are displayed: ◆...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring IPv6 Use the IP > IPv6 Configuration (Configure Interface) page to configure general auto-configuration of a global IPv6 settings for the selected VLAN, including Interface Settings unicast interface address, and explicit configuration of a link local interface address, the MTU size, and neighbor discovery protocol settings for duplicate...
Page 604
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) have the “other stateful configuration” flag set, the switch will attempt to acquire other non-address configuration information (such as a default gateway). If auto-configuration is not selected, then an address must be manually ■...
Page 605
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) remain in a “tentative” state. If no duplicate link-local address is found, duplicate address detection is started for the remaining IPv6 addresses. If a duplicate address is detected, it is set to “duplicate” state, and a warning ■...
Page 606
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Prior to submitting a client request to a DHCPv6 server, the switch should be configured with a link-local address using the Address Autoconfig option. The state of the Managed Address Configuration flag (M flag) and Other Stateful Configuration flag (O flag) received in Router Advertisement messages will determine the information this switch should attempt to acquire from the DHCPv6 server as described...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Enable address auto-configuration, or enable IPv6 Explicitly to automatically configure a link-local address and enable IPv6 on the selected interface. (To manually configure the link-local address, use the Add IPv6 Address page.) Set the MTU size, the maximum number of duplicate address detection messages, the neighbor solicitation message interval, and the amount of time that a remote IPv6 node is considered reachable.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 400: Configuring RA Guard for an IPv6 Interface Configuring an Use the IP > IPv6 Configuration (Add IPv6 Address) page to configure an IPv6 interface for management access over the network, or for creating an interface to IPv6 Address multiple subnets.
Page 609
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) You can also manually configure the global unicast address by entering the ■ full address and prefix length. ◆ You can configure multiple IPv6 global unicast addresses per interface, but only one link-local address per interface.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) inverting the universal/local bit in the address and inserting the hexadecimal number FFFE between the upper and lower three bytes of the MAC address. For example, if a device had an EUI-48 address of 28-9F-18-1C-82-35, the global/local bit must first be inverted to meet EUI-64 requirements (i.e., 1 for globally defined addresses and 0 for locally defined addresses), changing 28 to 2A.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing IPv6 Use the IP > IPv6 Configuration (Show IPv6 Address) page to display the IPv6 addresses assigned to an interface. Addresses Parameters These parameters are displayed: ◆...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Select a VLAN from the list. Figure 402: Showing Configured IPv6 Addresses Showing the IPv6 Use the IP > IPv6 Configuration (Show IPv6 Neighbor Cache) page to display the IPv6 addresses detected for neighbor devices.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 36: Show IPv6 Neighbors - display description Field Description The following states are used for static entries: ◆ Incomplete - The interface for this entry is down. ◆...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) feed back information about more suitable routes (that is, the next hop router) to use for a specific destination. ◆ UDP – User Datagram Protocol provides a datagram mode of packet switched communications.
Page 615
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Reassembled Succeeded The number of IPv6 datagrams successfully reassembled. Note that this counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the fragments.
Page 616
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Parameter Problem The number of ICMP Parameter Problem messages received by the Messages interface. Echo Request Messages The number of ICMP Echo (request) messages received by the interface.
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 37: Show IPv6 Statistics - display description Field Description Group Membership The number of ICMPv6 Group Membership Reduction messages sent. Reduction Messages Multicast Listener The number of MLDv2 reports sent by the interface. Discovery Version 2 Reports UDP Statistics Input...
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing the MTU Use the IP > IPv6 Configuration (Show MTU) page to display the maximum transmission unit (MTU) cache for destinations that have returned an ICMP packet- for Responding too-big message along with an acceptable MTU to this switch.
Page 620
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) – 620 –...
IP Services This chapter describes the following IP services: ◆ – Configures default domain names, identifies servers to use for dynamic lookup, and shows how to configure static entries. ◆ DHCP – Configures client and relay. ◆ PPPoE Intermediate Agent –...
Chapter 16 | IP Services Domain Name Service Parameters These parameters are displayed: ◆ Domain Lookup – Enables DNS host name-to-address translation. (Default: Disabled) ◆ Default Domain Name – Defines the default domain name appended to incomplete host names. Do not include the initial dot that separates the host name from the domain name.
Chapter 16 | IP Services Domain Name Service checking with the specified name servers for a match (see “Configuring a List of Name Servers” on page 624). ◆ If all name servers are deleted, DNS will automatically be disabled. Parameters These parameters are displayed: Domain Name –...
Chapter 16 | IP Services Domain Name Service Configuring a List Use the IP Service > DNS - General (Add Name Server) page to configure a list of name servers to be tried in sequential order. of Name Servers Command Usage ◆...
Chapter 16 | IP Services Domain Name Service Figure 412: Showing the List of Name Servers for DNS Configuring Use the IP Service > DNS - Static Host Table (Add) page to manually configure static Static DNS Host entries in the DNS table that are used to map domain names to IP addresses. to Address Entries Command Usage ◆...
Chapter 16 | IP Services Domain Name Service To show static entries in the DNS table: Click IP Service, DNS, Static Host Table. Select Show from the Action list. Figure 414: Showing Static Entries in the DNS Table Displaying the Use the IP Service >...
Chapter 16 | IP Services Dynamic Host Configuration Protocol Web Interface To display entries in the DNS cache: Click IP Service, DNS, Cache. Figure 415: Showing Entries in the DNS Cache Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up.
Chapter 16 | IP Services Dynamic Host Configuration Protocol ◆ By default, DHCP option 66/67 parameters are not carried in a DHCP server reply. To ask for a DHCP reply with option 66/67 information, the DHCP client request sent by this switch includes a “parameter request list” asking for this information.
Chapter 16 | IP Services Dynamic Host Configuration Protocol Figure 416: Specifying a DHCP Client Identifier Configuring DHCP Use the IP Service > DHCP > Relay page to configure DHCP relay service for attached host devices. If DHCP relay is enabled, and this switch sees a DHCP request Relay Service broadcast, it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located.
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Web Interface To configure DHCP relay service: Click IP Service, DHCP, Relay. Enter up to five IP addresses for DHCP servers or relay servers in order of preference for any VLAN. Click Apply.
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Parameters These parameters are displayed: ◆ PPPoE IA Global Status – Enables the PPPoE Intermediate Agent globally on the switch. (Default: Disabled) Note that PPPoE IA must be enabled globally before it can be enabled on an interface.
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Configuring PPPoE IA Use the IP Service > PPPoE Intermediate Agent (Configure Interface) page to enable PPPoE IA on an interface, set trust status, enable vendor tag stripping, and set the Interface Settings circuit ID and remote ID.
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent ◆ Remote ID – String identifying the remote identifier (or interface) on this switch to which the user is connected. (Range: 1-63 ASCII characters; Default: Port MAC address) ◆ Operational Remote ID – The configured circuit identifier. Web Interface To configure interface settings for PPPoE IA: Click IP Service, PPPoE Intermediate Agent.
General IP Routing This chapter provides information on network functions including: ◆ Ping – Sends ping message to another node on the network. ◆ Trace Route – Sends ICMP echo request packets to another node on the network. ◆ Address Resolution Protocol –...
Chapter 17 | General IP Routing IP Routing and Switching Figure 422: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged VLAN 1 VLAN 2 Tagged or Untagged Tagged or Untagged Tagged or Untagged Tagged or Untagged Intra-subnet traffic (Layer 2 switching) IP Routing and Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets...
Chapter 17 | General IP Routing IP Routing and Switching If the destination belongs to a different subnet on this switch, the packet can be routed directly to the destination node. However, if the packet belongs to a subnet not included on this switch, then the packet should be sent to the next hop router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node).
Chapter 17 | General IP Routing Configuring IP Routing Interfaces Routing Protocols The switch supports both static and dynamic routing. ◆ Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. ◆...
Chapter 17 | General IP Routing Configuring IP Routing Interfaces destinations, i.e., packets that do not match any routing table entry. If another router is designated as the default gateway, then the switch will pass packets to this router for any unknown hosts or subnets. To configure a default gateway for IPv4, use the static routing table as described on page 647, enter 0.0.0.0 for the IP address and subnet mask, and then specify this...
Chapter 17 | General IP Routing Configuring IP Routing Interfaces include zone-id information indicating the VLAN identifier after the % delimiter. For example, FE80::7272%1 identifies VLAN 1 as the interface. Web Interface To ping another device on the network: Click IP, General, Ping. Specify the target device and ping parameters.
Chapter 17 | General IP Routing Configuring IP Routing Interfaces ◆ A trace terminates when the destination responds, when the maximum timeout (TTL) is exceeded, or the maximum number of hops is exceeded. ◆ The trace route function first sends probe datagrams with the TTL value set at one.
Chapter 17 | General IP Routing Address Resolution Protocol Address Resolution Protocol If IP routing is enabled (page 651), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next.
Chapter 17 | General IP Routing Address Resolution Protocol requesting node. That node then sends traffic to the router, which in turn uses its own routing table to forward the traffic to the remote destination. Figure 425: Proxy ARP Proxy ARP request no routing, no default...
Chapter 17 | General IP Routing Address Resolution Protocol Figure 426: Configuring General Settings for ARP Configuring For devices that do not respond to ARP requests or do not respond in a timely manner, traffic will be dropped because the IP address cannot be mapped to a Static ARP Addresses physical address.
Chapter 17 | General IP Routing Address Resolution Protocol Web Interface To map an IP address to the corresponding physical address in the ARP cache: Click IP, ARP. Select Configure Static Address from the Step List. Select Add from the Action List. Enter the IP address and the corresponding MAC address.
Chapter 17 | General IP Routing Address Resolution Protocol Displaying Dynamic Use the IP > ARP (Show Information – ARP Addresses) page to display dynamic or local entries in the ARP cache. The ARP cache contains static entries, and entries for or Local ARP Entries local interfaces, including subnet, host, and broadcast addresses.
Chapter 17 | General IP Routing Configuring Static Routes Click Statistics. Figure 430: Displaying ARP Statistics Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP). However, you can also manually enter static routes in the routing table using the IP >...
Chapter 17 | General IP Routing Configuring Static Routes ◆ Next Hop – IP address of the next router hop used for this route. ◆ Distance – An administrative distance indicating that this route can be overridden by dynamic routing information if the distance of the dynamic route is less than that configured for the static route.
Chapter 17 | General IP Routing Displaying the Routing Table Displaying the Routing Table Use the IP > Routing > Routing Table (Show Information) page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.
Chapter 17 | General IP Routing Displaying the Routing Table ◆ Protocol – The protocol which generated this route information. (Options: Local, Static, RIP, OSPF, Others) Web Interface To display the routing table: Click IP, Routing, Routing Table. Figure 433: Displaying the Routing Table –...
Unicast Routing This chapter describes how to configure the following unicast routing protocols: – Configures Routing Information Protocol. Overview This switch can route unicast traffic to different subnetworks using Routing Information Protocol (RIP) . These protocols exchange routing information, calculate routing tables, and can respond to changes in the status or loading of the network.
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Configuring General Use the Routing Protocol > RIP > General (Configure) page to configure general settings and the basic timers. Protocol Settings RIP is used to specify how routers exchange routing information. When RIP is enabled on this router, it sends RIP messages to all devices in the network every 30 seconds (by default), and updates its own routing table when RIP messages are received from other routers.
Page 654
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ RIP Default Metric – Sets the default metric assigned to external routes imported from other protocols. (Range: 1-15; Default: 1) The default metric must be used to resolve the problem of redistributing external routes with incompatible metrics.
Page 655
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Basic Timer Settings Note: The timers must be set to the same values for all routers in the network. ◆ Update – Sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes.
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 435: Configuring General Settings for RIP Clearing Entries from Use the Routing Protocol > RIP > General (Clear Route) page to clear entries from the Routing Table the routing table based on route type or a specific network address. Command Usage ◆...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Clear Route By Network – Clears a specific route based on its IP address and prefix length. Network IP Address – Deletes all related entries for the specified network ■...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Parameters These parameters are displayed: ◆ By Address – Adds a network to the RIP routing process. Subnet Address – IP address of a network directly connected to this router. ■...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 438: Showing Network Interfaces Using RIP Specifying Use the Routing Protocol > RIP > Passive Interface (Add) page to stop RIP from Passive Interfaces sending routing updates on the specified interface. Command Usage ◆...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 439: Specifying a Passive RIP Interface To show the passive RIP interfaces: Click Routing Protocol, RIP, Passive Interface. Select Show from the Action list. Figure 440: Showing Passive RIP Interfaces Specifying Use the Routing Protocol >...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 441: Specifying a Static RIP Neighbor To show static RIP neighbors: Click Routing Protocol, RIP, Neighbor Address. Select Show from the Action list. Figure 442: Showing Static RIP Neighbors Configuring Route Use the Routing Protocol >...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol When a metric value has not been configured on this page, the default-metric determines the metric value to be used for all imported external routes. It is advisable to use a low metric when redistributing routes from another protocol into RIP.
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 444: Showing External Routes Redistributed into RIP Specifying an Use the Routing Protocol > RIP > Distance (Add) page to define an administrative Administrative distance for external routes learned from other routing protocols. Distance Command Usage ◆...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 445: Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols: Click Routing Protocol, RIP, Distance. Select Show from the Action list. Figure 446: Showing the Distance Assigned to External Routes Configuring Network Use the Routing Protocol >...
Page 665
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol multicasting as normally required by RIPv2. (Using this mode allows older RIPv2 routers which only receive RIP broadcast messages to receive all of the information provided by RIPv2, including subnet mask, next hop and authentication information.
Page 666
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Send Version – The RIP version to send on an interface. RIPv1: Sends only RIPv1 packets. ■ RIPv2: Sends only RIPv2 packets. ■ RIPv1 Compatible: Route information is broadcast to other routers with ■...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol ◆ Instability Prevention – Specifies the method used to reduce the convergence time when the network topology changes, and to prevent RIP protocol messages from looping back to the source router. Split Horizon –...
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Displaying Peer Use the Routing Protocol > RIP > Statistics (Show Peer Information) page to display information on neighboring RIP routers. Router Information Parameters These parameters are displayed: ◆ Peer Address – IP address of a neighboring RIP router. ◆...
Page 670
Chapter 18 | Unicast Routing Configuring the Routing Information Protocol Figure 451: Resetting RIP Statistics – 670 –...
Section III Appendices This section provides additional information and includes these items: ◆ “Software Specifications” on page 673 ◆ “Troubleshooting” on page 679 ◆ “License Statement / GPL Code Statement” on page 681 – 671 –...
Software Specifications Software Features Management Local, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Security, IP Filter Authentication General Security Access Control Lists (512 rules), Port Authentication (802.1X), MAC Authentication, Port Security, DHCP Snooping, IP Source Guard Measures Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX/ZX: 1000 Mbps at full duplex (SFP , SFP+)
Page 674
Appendix A | Software Specifications Software Features Spanning Tree Spanning Tree Protocol (STP, IEEE 802.1D-2004) Algorithm Rapid Spanning Tree Protocol (RSTP, IEEE 802.1D-2004) Multiple Spanning Tree Protocol (MSTP, IEEE 802.1D-2004) VLAN Support 4094 Up to groups; port-based, protocol-based, tagged (802.1Q), voice VLANs, IP subnet, MAC-based, QinQ tunnel, GVRP for automatic VLAN learning Class of Service Supports four levels of priority...
Troubleshooting Problems Accessing the Management Interface Table 43: Troubleshooting Chart Symptom Action ◆ Cannot connect using Be sure the switch is powered on. Telnet, web browser, or ◆ Check network cabling between the management station and the SNMP software switch. Make sure the ends are properly connected and there is no damage to the cable.
Appendix B | Troubleshooting Using System Logs Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
License Statement / GPL Code Statement This product resp. the here (http://global.level1.com/downloads.php?action=init) for downloading offered software includes software code developed by third parties, including software code subject to the GNU General Public License Version 2 ("GPLv2") and GNU Lesser General Public License 2.1 ("LGPLv2.1").
Page 682
Appendix C | License Statement / GPL Code Statement The GNU General Public License Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.
Page 683
Appendix C | License Statement / GPL Code Statement The GNU General Public License You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
Page 684
Appendix C | License Statement / GPL Code Statement The GNU General Public License If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
Appendix C | License Statement / GPL Code Statement How to Apply These Terms to Your New Programs Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission.
Appendix C | License Statement / GPL Code Statement Notification of Compliance MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program;...
Page 687
Appendix C | License Statement / GPL Code Statement Notification of Compliance For GNU General Public License (GPL) related information, please visit http://global.level1.com/downloads.php?action=init – 687 –...
Page 688
Appendix C | License Statement / GPL Code Statement Notification of Compliance – 688 –...
Glossary Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 690
Glossary DiffServ Differentiated Services provides quality of service on large networks by employing a well- defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 691
Glossary ICMP Internet Control Message Protocol is a network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 692
Glossary IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. In-Band Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts.
Page 693
Glossary Multicast Router Discovery is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers. This process allows IGMP-enabled devices to determine where to send multicast source and group membership messages. MSTP Multiple Spanning Tree Protocol can provide an independent spanning tree for different VLANs.
Page 694
Glossary QinQ QinQ tunneling is designed for service providers carrying traffic for multiple customers across their networks. It is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. Quality of Service. QoS refers to the capability of a network to provide better service to selected traffic flows using features such as data prioritization, queuing, congestion avoidance and traffic shaping.
Page 695
Glossary Spanning Tree Algorithm is a technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
Page 699
Index policy map 250 hold-off timer 465 policy map, description 247 major domain 462 QoS policy 250 MEG level 457 service policy 259 node identifier 462 setting CoS for matching packets 253 propagate topology change 464 setting IP DSCP for matching packets 254 ring configuration 454 setting PHB for matching packets 253 ring, enabling 456...
Page 700
Index IGMP IP source guard filter profiles, configuration 550 ACL table, learning mode 358 filter, parameters 550 configuring static entries 359 filtering & throttling 549 learning mode, ACL table or MAC table 358 filtering & throttling, creating profile 550 MAC table, learning mode 358 filtering &...
Page 701
Index partner parameters 141 protocol message statistics 138 MAC address authentication 289 protocol parameters 134 ports, configuring 292 timeout, for LACPDU 133 reauthentication 292 last member query interval, IGMP snooping 540 MAC address, mirroring 194 license information 681 main menu, web interface 52 Link Layer Discovery Protocol - Media Endpoint Discovery maintenance association, CFM 474 See LLDP-MED...
Page 703
Index configuring 108 query response interval, IGMP snooping 540 duplex mode 110 queue weight, assigning to CoS 233 flow control 110 forced selection of media type 109 mirroring 112 RADIUS mirroring local traffic 112 logon authentication 271 mirroring remote traffic 114 settings 271 multicast storm threshold 223 rate limit...
Page 704
Index global settings, displaying 206 STA 197 interface settings, configuring 207 BPDU filter 211 interface settings, displaying 212 BPDU flooding 202 BPDU shutdown 210 detecting loopbacks 199 edge port 209 secure shell 302 global settings, configuring 201 configuration 302 global settings, displaying 206 security, general measures 267 interface settings, configuring 207 serial port, configuring 95...
Page 705
Index settings 272 adding static members 159 creating 156 flood 529 description 153 general query solicitation 530 displaying port members by interface 162 Telnet displaying port members by interface range 163 configuring 97 displaying port members by VLAN index 162 server, enabling 97 dynamic assignment 293 time range, ACL 310...