ExtremeSwitching 200 Series Administration Manual

page of 369

/ 369
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

ExtremeSwitching 200

Series: Administration Guide

122041-00

Published May 2017

Table of Contents

Need help?

Do you have a question about the 200 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for ExtremeSwitching 200 Series

Page 1 ExtremeSwitching 200 Series: Administration Guide 122041-00 Published May 2017...
Page 2: Legal Notice
Copyright © 2017 Extreme Networks, Inc. All rights reserved. Legal Notice Extreme Networks, Inc. reserves the right to make changes in specifications and other information contained in this document and its website without prior notice. The reader should in all cases consult representatives of Extreme Networks to determine whether any such changes have been made.
Page 3: Table Of Contents
Configuring Email Alerts..............................83 Configuring and Viewing ISDP Information......................87 Configuring Link Dependency............................. 89 Configuring Link Local Protocol Filtering........................91 Selecting the SDM Template............................92 Configuring sFlow................................93 Configuring SNTP Settings............................98 Configuring Time Ranges............................. 103 Configuring the Time Zone............................105 ExtremeSwitching 200 Series: Administration Guide...
Page 4 Configuring ARP................................256 Configuring Global IP Settings..........................258 Router....................................267 Configuring Routing Information Protocol (RIP)....................271 Chapter 6: Managing Device Security................272 Port Access Control................................ 272 RADIUS Settings................................284 TACACS+ Settings................................289 Authentication Manager...............................292 Chapter 7: Configuring IPv6....................296 ExtremeSwitching 200 Series: Administration Guide...
Page 5 Configuring Multiple Spanning Tree Protocol....................335 Configuring VLAN Routing............................338 Configuring 802.1X Network Access Control......................341 Configuring Authentication Tiering........................342 Configuring Differentiated Services for VoIP.....................343 IGMP and MLD Snooping Switches........................346 Configuring Port Mirroring............................350 Bidirectional Forwarding Detection.........................351 Glossary............................353 Index............................369 ExtremeSwitching 200 Series: Administration Guide...
Page 6: Preface
(+). Example: Press [Ctrl]+[Alt]+[Del] Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in the text. Italics are also used when referring to publication titles. ExtremeSwitching 200 Series: Administration Guide...
Page 7: Providing Feedback To Us
Preface Terminology When features, functionality, or operation is specific to a switch family, such as ExtremeSwitching ™ Summit ® , the family name is used. Explanations about features and operations that are the same across all product families simply refer to the product as the switch.
Page 8: Related Publications
Preface Related Publications 200 Series Documentation • ExtremeSwitching 210 and 220 Series Switches: Hardware Installation Guide • ExtremeSwitching 200 Series: Administration Guide • ExtremeSwitching 200 Series: Command Reference Guide Other Documentation • Extreme Hardware/Software Compatibility and Recommendation Matrices • Extreme Networks Pluggable Transceivers Installation Guide •...
Page 9: Chapter 1: Getting Started
Using a straight-through modem cable, connect a VT100/ANSI terminal or a workstation to the console (serial) port. If you attached a PC, Apple, or UNIX workstation, start a terminal-emulation program, such as HyperTerminal or TeraTerm. ExtremeSwitching 200 Series: Administration Guide...
Page 10 To view the assigned or configured network address, enter: show serviceport If the unit does not have a service port: • To use a DHCP server to obtain the IP address, subnet mask, and default gateway information, enter: ExtremeSwitching 200 Series: Administration Guide...
Page 11: Booting The Switch
Series Application will start automatically... Series Startup -- Main Menu 1 - Start 200 Series Application 2 - Display Utility Menu Select (1, 2): 2 For information about the Utility menu, see Understanding the Utility Menu on page 12. ExtremeSwitching 200 Series: Administration Guide...
Page 12: Understanding The Utility Menu
The following sections describe the Utility menu options. By default, if no selection is made within five seconds, the operational code starts. Start the 200 Series Application Use option 1 to resume loading the 200 Series application code. To relaunch the boot process from the Utility menu, select 1 and press [Enter]. The following prompt displays: Extracting FASTPATH from image2..done...
Page 13 Ready to RECEIVE File tempcfg.bin in binary mode Send several Control-X characters to cancel before transfer starts. 2 Select the transfer mode: press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM. 3 When using HyperTerminal, click Transfer on the HyperTerminal menu bar. ExtremeSwitching 200 Series: Administration Guide...
Page 14 File asciilog.bin Ready to SEND in binary mode Estimated File Size 169K, 1345 Sectors, 172032 Bytes Estimated transmission time 3 minutes 20 seconds Send several Control-X characters to cancel before transfer starts. 3 The bootup process resumes. ExtremeSwitching 200 Series: Administration Guide...
Page 15: Erase Current Configuration
Select option (1-4): 2 The bootup process resumes. Activate Backup Image Use option 9 to activate the backup image. The active image becomes the backup when this option is selected. To activate the backup image: ExtremeSwitching 200 Series: Administration Guide...
Page 16: Getting Started
This process runs until all sectors have been erased, verified erased, and written. Flash Diagnostics passed [Utility menu] 2 The bootup process resumes. Reboot Use option 11 to reboot the system: From the Utility menu, select 11 and press [Enter]. 2 The bootup process resumes. ExtremeSwitching 200 Series: Administration Guide...
Page 17: Understanding The User Interfaces
For more information about the modules, see Getting Started on page 9. Using the Web Interface To access the switch by using a web browser, the browser must meet the following software requirements: • HTML version 4.0, or later ExtremeSwitching 200 Series: Administration Guide...
Page 18 The port coloring indicates if a port is currently active. Green indicates that the port is enabled, red indicates that an error has occurred on the port, and blue indicates that the link is disabled. ExtremeSwitching 200 Series: Administration Guide...
Page 19 Click the feature menu, such as System or Switching, to view the options in that menu. Each menu contains submenus, HTML pages, or a combination of both. Figure 3 shows an example of a feature menu (Switching), submenu (VLAN), and the active page in the navigation menu (Port Configuration). ExtremeSwitching 200 Series: Administration Guide...
Page 20 Each page contains access to the HTML-based help that explains the fields to configure or view on the page. Many pages also contain command buttons. Table 3 shows the command buttons that are used throughout the pages in the web interface. ExtremeSwitching 200 Series: Administration Guide...
Page 21 User-Defined Fields User-defined field names can contain between 1 and 159 characters, unless otherwise noted on the configuration web page. All characters may be used except the following (unless specifically noted for a particular feature): ExtremeSwitching 200 Series: Administration Guide...
Page 22: Using Snmp
• Using SNMP For 200 Series software that includes the SNMP module, you can configure SNMP groups and users that can manage traps that the SNMP agent generates. 200 Series uses both standard public MIBs for standard functionality and private MIBs that support additional switch functionality.
Page 23 <cr> Press Enter to execute the command For more information about the CLI, see ExtremeSwitching 200 Series: Command Reference Guide. That guide lists each available command with the following information: •...
Page 24: Chapter 2: Getting Started With Stacking
Merging Two Operational Stacks Preconfiguration This section describes the concepts and recommended operating procedures to manage stacked Ethernet switches running 200 Series. Note For complete syntax and usage information for the commands used in this chapter, see ExtremeSwitching 200 Series: Command Reference Guide.
Page 25: Switch Stack Membership
By default, 200 Series configures the new member. The operation of the switch stack continues uninterrupted during membership changes unless you remove the stack manager.
Page 26: Switch Stack Software Compatibility Recommendations
Setting the switch priority to 0 (zero) makes it ineligible for manager selection. Switch Stack Software Compatibility Recommendations All stack members must run the same 200 Series software version to ensure compatibility between stack members. The software versions on all stack members, including the stack manager, must be the same.
Page 27: Incompatible Software And Stack Member Image Upgrades
After downloading a configuration file to a stack, you must perform a configuration save operation from the 200 Series user interface (that is, the copy command shown above) to distribute this configuration to non-management units in the stack. This is also true of SSH key files and SSL certificate files.
Page 28: General Practices
4 To set up a stack, complete the following steps: a Make sure there is a 200 Series image on each box. b If the image does not exist or needs to be updated, use TFTP or xmodem to perform the update operation.
Page 29: Removing A Unit From The Stack
"member" (never as manager; the existing manager of the stack should not change). 7 If the 200 Series software version of the newly added member is not the same as the existing stack, update the software image.
Page 30: Renumbering Stack Members
8 Click the Edit Switch ID (pencil) icon, select a new number in the drop-down list, and click Submit. Moving a Manager to a Different Unit in the Stack Use the following steps to change the stack manager from the current switch to a new switch in the stack: ExtremeSwitching 200 Series: Administration Guide...
Page 31: Removing A Manager Unit From An Operating Stack
If the stack merge is performed in this way, then we strongly recommend setting the priority of the desired winner stack manager to a higher value than the stack manager that should lose the election. ExtremeSwitching 200 Series: Administration Guide...
Page 32: Preconfiguration
To resolve this situation, you may change the unit number of the mismatched unit, using the procedure in Renumbering Stack Members on page 30, or delete the preconfigured unit type using the command no member unit-id from the config stack mode. ExtremeSwitching 200 Series: Administration Guide...
Page 33: Chapter 3: Configuring System Information
Viewing the Dashboard After a successful login, the Dashboard window opens. This page provides a brief overview of the system. To navigate to the Dashboard, click System > Summary > Dashboard in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 34 Traffic on this port is segregated from operational network traffic on the switch ports and cannot be switched or routed to the operational network. Service Port MAC The device burned-in universally-administered media access control (MAC) address of Address the service port. ExtremeSwitching 200 Series: Administration Guide...
Page 35: Viewing Arp Cache
ARP cache is used for all interfaces, or a separate cache is maintained per interface. While the latter approach is useful when network addressing is not unique per interface, this is not the case for Ethernet MAC address assignment so a single ARP cache is employed. ExtremeSwitching 200 Series: Administration Guide...
Page 36: Viewing Inventory Information
The operating system currently running on the switch. Network Processing Identifies the network processor hardware. Device Additional Packages A list of the optional software packages installed on the switch, if any. Click Refresh to update the information on the screen. ExtremeSwitching 200 Series: Administration Guide...
Page 37: Viewing Mac Addresses
Use the System Resources page to display the following memory information for the switch: • Free memory • Allocated memory • CPU utilization by task • Total CPU utilization at the following intervals: • Five seconds ExtremeSwitching 200 Series: Administration Guide...
Page 38: Defining General Device Information
Click Cancel to exit the page. Defining General Device Information The Configuration submenu in the System menu contains links to pages that allow you to configure device parameters. The Configuration folder contains links to the following features: ExtremeSwitching 200 Series: Administration Guide...
Page 39: System Description
Enter the contact person for this switch. You may use up to 31 alphanumeric characters. The factory default is blank. IP Address The IP address assigned to the network interface. To change the IP address, see Network Connectivity Configuration on page 46. ExtremeSwitching 200 Series: Administration Guide...
Page 40: Defining System Information
Transmissions are temporarily halted to prevent buffer overflows. To display the Switch Configuration page, click System > Basic Configuration > Switch in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 41: Ip Address Conflict Detection
To run the tool and check for possible address conflicts, click Run Conflict Detection. If the conflict detection status is true, click Reset Conflict Detection Status to clear the information and run the tool again. ExtremeSwitching 200 Series: Administration Guide...
Page 42 IPv6 Addresses Displays IPv6 addresses. Default Routers Displays the address(es) entered in the IPv6 Gateway field. To renew the IPv4 address learned from a DHCP server on the service port, click Renew DHCP IPv4 Address. ExtremeSwitching 200 Series: Administration Guide...
Page 43 If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 44 To remove service port static IPv6 neighbor entries, select each static neighbor entry to remove and click Remove. After you click Add or Edit, a window opens and allows you to configure Service Port IPv6 Neighbor settings. ExtremeSwitching 200 Series: Administration Guide...
Page 45: Network Port Dhcpv6 Client Statistics
DHCPv6 server to request an extension of its addresses and an update to any other relevant information. This message is sent only if the client does not receive a response to the renew message. ExtremeSwitching 200 Series: Administration Guide...
Page 46 This read-only field displays the MAC address that is burned-in to the network card at the factory. This MAC address is used for in-band connectivity if you choose not to configure a locally administered address. ExtremeSwitching 200 Series: Administration Guide...
Page 47: Network Port Ipv6 Neighbors
The Network Port IPv6 Neighbors page provides information about IPv6 neighbors the device has discovered through the network interface by using the Neighbor Discovery Protocol (NDP) and the manually configured static network port IPv6 neighbors. ExtremeSwitching 200 Series: Administration Guide...
Page 48 To remove network port static IPv6 neighbor entries, select each static neighbor entry to remove and click Remove. After you click Add or Edit, a window opens and allows you to configure Network Port IPv6 Neighbor settings. You can configure the IPv6 Address and the MAC Address. ExtremeSwitching 200 Series: Administration Guide...
Page 49: Dhcp Client Options
HTTPS protocol. SSH Admin Mode Enables or disables the administrative mode of SSH. When this mode is disabled, all existing SSH connections remain connected until timed-out or logged out, but new SSH connections cannot be established. ExtremeSwitching 200 Series: Administration Guide...
Page 50: Telnet Session
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 51: Serial Port Configuration
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 52: Cli Banner Configuration
Sets the inactivity timeout for HTTP sessions. The value must be in the range of 1 to 60 minutes. A value of zero corresponds to an infinite timeout. The default value is 5 minutes. The currently configured value is shown when the web page is displayed. ExtremeSwitching 200 Series: Administration Guide...
Page 53: Https Configuration
HTTPS activity that occurs. Maximum Number of HTTPS The maximum number of HTTPS sessions that can be connected to the device Sessions simultaneously. ExtremeSwitching 200 Series: Administration Guide...
Page 54: Ssh Configuration
When this option is selected, the SSH server on the device can accept connections from an SSH client using SSH-2 protocol. If the option is clear, the device does not allow connections from clients using the SSH-2 protocol. ExtremeSwitching 200 Series: Administration Guide...
Page 55 TCP/IP. This page provides the capability to add, edit, and remove MACALs. MACALs can be applied only to in- band ports and cannot be applied to the service port. ExtremeSwitching 200 Series: Administration Guide...
Page 56 Ethernet links of the same speed to be aggregated together. Service The type of service to permit or deny: • • Telnet • HTTP • HTTPS • SNMP • • TFTP • SNTP • JAVA Priority Priority for the rule. Duplicates are not allowed. ExtremeSwitching 200 Series: Administration Guide...
Page 57: User Accounts
Read Write - The user can view and modify the configuration. • Read Only - The user can view the configuration but cannot modify any fields. • Suspended - The user exists but is not permitted to log on to the device. ExtremeSwitching 200 Series: Administration Guide...
Page 58: Changing User Account Information
4 Click Submit to update the switch with the values on this screen. If you want the switch to retain the new values across a power cycle, you must perform a save. ExtremeSwitching 200 Series: Administration Guide...
Page 59: Authentication Server Users
To change the password information for an existing user, select the user to update and click Edit. • To delete a user from the database, select each user to delete and click Remove. • To remove all users from the database, click Clear All Users. ExtremeSwitching 200 Series: Administration Guide...
Page 60 Domain name authentication is supported when user authentication is performed by a RADIUS (Remote Authentication Dial In User Service) server or TACACS+ server. ExtremeSwitching 200 Series: Administration Guide...
Page 61 To remove the task, click the Reset icon in the row. The tasks available are platform and package dependent. Permissions The task permissions. • Read • Write • Debug • Execute Use the buttons to perform the following: ExtremeSwitching 200 Series: Administration Guide...
Page 62 Use the buttons to perform the following tasks in the Accounting List tab: • To configure a new accounting list, click Add. • To edit a list, select the entry to modify and click Edit. The settings that can be edited depend on the list type. ExtremeSwitching 200 Series: Administration Guide...
Page 63 The method(s) used to record user activity. The possible methods are as follows: • TACACS+ – Accounting notifications are sent to the configured TACACS+ server. • RADIUS – Accounting notifications are sent to the configured RADIUS server. ExtremeSwitching 200 Series: Administration Guide...
Page 64 If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 65: Authentication List Summary
TACACS+ – Sends the user's ID and password to the configured superloop server to verify the user's credentials. • None – No authentication is used. • IAS – Uses the local Internal Authentication Server (IAS) database for 802.1X port-based authentication. ExtremeSwitching 200 Series: Administration Guide...
Page 66 The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a secure shell (SSH) session. List Name The name of the authentication list. This field can be configured only when adding a new authentication list. ExtremeSwitching 200 Series: Administration Guide...
Page 67 Use the Authorization List Configuration page to view and configure the authorization lists for users who access the CLI and for users who access the network through IEEE 802.1X-enabled ports. Authorization lists are used to determine whether a user is permitted to perform a given activity on the ExtremeSwitching 200 Series: Administration Guide...
Page 68 To reset the Method Options for a default authorization list to the factory default values, click the Reset icon associated with the entry. You must confirm the action before the entry is reset. ExtremeSwitching 200 Series: Administration Guide...
Page 69: Line Password
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 70: Enable Password
Specify the minimum number of special characters (non-alphanumeric, such as Characters # or &) a password must include. Maximum Number of Repeated Specify the maximum number of repeated characters a password is allowed to Characters include. An example of four repeated characters is aaaa. ExtremeSwitching 200 Series: Administration Guide...
Page 71: Last Password Result
Strength Check Displays Enabled if Strength Check is applied in last password change, otherwise it displays Disabled. ExtremeSwitching 200 Series: Administration Guide...
Page 72: Denial Of Service
Configuring System Information Denial of Service Use the Denial of Service (DoS) page to configure DoS control. 200 Series software provides support for classifying and blocking specific types of DoS attacks. You can configure your system to monitor and block these types of attacks: •...
Page 73: Managing The Dhcp Server
TCP/IP configurations for clients. Conflict Logging Mode Enables or disables the logging mode for IP address conflicts. When enabled, the system stores information IP address conflicts that are detected by the DHCP server. ExtremeSwitching 200 Series: Administration Guide...
Page 74 A DHCP server pool is a set of network configuration information available to DHCP clients that request the information.. To access this page, click System > Advanced Configuration > DHCP Server > Pool Summary in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 75 Hardware Address Type field must be set to the appropriate value. Otherwise, the DHCP server will not respond to the client's request. Host IP Address (Manual pools only) The IP address to offer the client. ExtremeSwitching 200 Series: Administration Guide...
Page 76: Pool Configuration
Unallocated: The addresses are not assigned to a client. • Automatic: The IP address is automatically assigned to a client by the DHCP server. • Manual: You statically assign an IP address to a client based on the client’s MAC address. ExtremeSwitching 200 Series: Administration Guide...
Page 77 To delete an entry from the list, click the – (minus) button associated with the entry to remove. • To delete all entries from the list, click the – (minus) button in the heading row. ExtremeSwitching 200 Series: Administration Guide...
Page 78: Pool Options
Shows the Option IP Address Value for the selected pool. Delete Option Code To delete an option code for the selected Pool, enter the option code in the folder and click Delete. This button is not visible to a user with read-only permission. ExtremeSwitching 200 Series: Administration Guide...
Page 79: Bindings Information
Shows the number of DHCPDECLINE messages received by the DHCP server. DHCPRELEASE Shows the number of DHCPRELEASE messages received by the DHCP server. DHCPINFORM Shows the number of DHCPINFORM messages received by the DHCP server. ExtremeSwitching 200 Series: Administration Guide...
Page 80: Conflicts Information
• Host Declined – The server received a DHCPDECLINE message from the host. A DHCPDECLINE message indicates that the host has discovered that the IP address is already in use on the network. ExtremeSwitching 200 Series: Administration Guide...
Page 81: Configuring Dns
Repeat this step to add multiple domains to the default domain list. • To remove a domain from the default list select the Remove option next to the item you want to remove and click Submit. ExtremeSwitching 200 Series: Administration Guide...
Page 82 Table 59: DNS Host Name Mapping Configuration Fields Field Description Host Name Enter the host name to assign to the static entry. IP Address Enter the IP4 or IPv6 address associated with the host name. The page includes the following command buttons: ExtremeSwitching 200 Series: Administration Guide...
Page 83: Configuring Email Alerts
With the email alerting feature, log messages can be sent to one or more email addresses. You must configure information about the network SMTP (Simple Mail Transfer Protocol) server for email to be successfully sent from the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 84: Email Alert Global Configuration
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. After configuring all email alert settings, click Test to send a test message to the configured address(es). ExtremeSwitching 200 Series: Administration Guide...
Page 85: Email Alert Server Configuration
Number of Emails Failed Displays the number of email alert messages that were unable to be sent since last reset. Time Since Last Email Time that has passed since the last email alert message was sent successfully. Sent ExtremeSwitching 200 Series: Administration Guide...
Page 86: Email Alert Subject Configuration
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 87: Configuring And Viewing Isdp Information
Cisco devices running the CDP (Cisco Discovery Protocol). ISDP is used to share information between neighboring devices. 200 Series software participates in the CDP protocol and is able to both discover and be discovered by other CDP supporting devices.
Page 88: Isdp Cache Table
(See ISDP Global Configuration on page 87.) To access this page, click System > Advanced Configuration > ISDP > Interface in the navigation menu. The following table describes the fields available on this page. ExtremeSwitching 200 Series: Administration Guide...
Page 89: Configuring Link Dependency
B, the switch automatically brings down the link on port A. When the link is restored to port B, the switch automatically restores the link to port A. ExtremeSwitching 200 Series: Administration Guide...
Page 90 Available in the Group Entry Details dialog, this field lists the upstream and downstream interfaces that currently have their link up. Link Down Available in the Group Entry Details dialog, this field lists the upstream and downstream interfaces that currently have their link down. ExtremeSwitching 200 Series: Administration Guide...
Page 91: Configuring Link Local Protocol Filtering
If you select the All Protocols option, all protocols are blocked whether their associated box is checked or unchecked. ExtremeSwitching 200 Series: Administration Guide...
Page 92: Selecting The Sdm Template
IPv6 NDP Entries The maximum number of IPv6 Neighbor Discovery Protocol (NDP) cache entries. IPv6 Unicast Routes The maximum number of IPv6 unicast forwarding table entries. Click Refresh to display the latest information from the router. ExtremeSwitching 200 Series: Administration Guide...
Page 93: Configuring Sflow
Use the Refresh button to refresh the page with the most current data from the switch. sFlow Receiver Configuration Use the sFlow Receiver Configuration page to configure the sFlow Receiver. To access this page, click System > Advanced Configuration > sFlow > Receiver in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 94: Sflow Poller Configuration
The sFlow Agent keeps a list of counter sources being sampled. When a Packet Flow Sample is generated, the sFlow Agent examines the list and adds counters to the sample datagram, least recently sampled first. Counters are added to the datagram only when the sources are within five seconds of ExtremeSwitching 200 Series: Administration Guide...
Page 95: Sflow Sampler Configuration
When a sample is taken, the counter that indicates how many packets to skip before taking the next sample is reset. The value of the counter is set to a random integer where the sequence of random integers used over time is the Sampling Rate. ExtremeSwitching 200 Series: Administration Guide...
Page 96 If a receiver expires, then all samplers associated with the receiver will also expire. The allowed range is 1 to 8. Ingress sFlow instance packet Sampling Rate for Ingress sampling. Sampling Rate ExtremeSwitching 200 Series: Administration Guide...
Page 97 If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 98: Configuring Sntp Settings
Time synchronization is performed by a network SNTP server. 200 Series software operates only as an SNTP client and cannot provide time services to other systems. Time sources are established by Stratums. Stratums define the accuracy of the reference clock. The higher the stratum (where zero is the highest), the more accurate the clock.
Page 99: Sntp Global Configuration
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 100: Sntp Global Status
Specifies the number of current valid unicast server entries configured for this client. Broadcast Count Specifies the number of unsolicited broadcast SNTP messages that have been received and processed by the SNTP client since last reboot. ExtremeSwitching 200 Series: Administration Guide...
Page 101: Sntp Server Configuration
Specifies the local date and time (UTC) that the response from this server was used to update the system clock. Last Attempt Time Specifies the local date and time (UTC) that this SNTP server was last queried. ExtremeSwitching 200 Series: Administration Guide...
Page 102 • VLAN – The primary IP address of a VLAN routing interface is used as the source address. Interface When the selected Type is Interface, select the physical port to use as the source interface. ExtremeSwitching 200 Series: Administration Guide...
Page 103: Configuring Time Ranges
To add a time range, click Add and configure a name for the time range configuration. • To delete a configured time range, select each entry to delete, click Remove, and confirm the action. • Use Submit to add a new time range. ExtremeSwitching 200 Series: Administration Guide...
Page 104: Time Range Entry Configuration
Specify the time when the entry begins. The time is based on a 24-hour clock. For example, 6:00 PM is 18:00. End Day (Periodic Days of Week only) Select the day the time range entry ends. ExtremeSwitching 200 Series: Administration Guide...
Page 105: Configuring The Time Zone
The Time Zone Summary page displays information about the current system time, the time zone, and the daylight saving time (also known as summer time) settings configured on the device. To access this page, click System > Advanced Configuration > Time Zone > Summary in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 106: Time Zone Configuration
Date - The current date in month, day, and year on the system clock. To change the date, click the calendar icon to the right of the field, select the year from the menu, browse to the desired month, and click the date. ExtremeSwitching 200 Series: Administration Guide...
Page 107: Summer Time Configuration
• Ending Time of Day - The time, in hours and minutes to end summer time on the specified day. ExtremeSwitching 200 Series: Administration Guide...
Page 108: Managing Snmp Traps
The number of traps that have occurred since the traps were last displayed. Last Viewed Displaying the traps by any method (terminal interface display, web display, upload file from switch, etc.) will cause this counter to be cleared to 0. The sequence number of this trap. ExtremeSwitching 200 Series: Administration Guide...
Page 109: Managing Cpu Traffic Filters
Managing CPU Traffic Filters The pages in the CPU Traffic Filter folder allow you to configure CPU traffic filtering and view data about filtered traffic. ExtremeSwitching 200 Series: Administration Guide...
Page 110 To edit CPU traffic filters for both directions, select the Tx (transmitted) and Rx (received) checkboxes and click Edit. • To remove one or more configured filters, select each entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 111 Source / Destination TCP Port. UDP Port Source / Destination UDP Port specific filter. The statistics and/or the traces for configured filters are obtained for the packet matching configured Source / Destination UDP Port. ExtremeSwitching 200 Series: Administration Guide...
Page 112 The counter statistics for an interface associated with the Tx (transmitted) direction. Last Updated Tx Timestamp The time when the sent packet count on a Tx interface was last updated, based on the user-defined packet filter on the interface. ExtremeSwitching 200 Series: Administration Guide...
Page 113: Viewing The System Firmware Status
Click Refresh to refresh the page with the most current data from the switch. Viewing the System Firmware Status The pages in the Firmware folder allow you to view and monitor the system firmware status. The Firmware folder has links to the following pages. ExtremeSwitching 200 Series: Administration Guide...
Page 114: Dual Image Status
Configuring System Information Dual Image Status The Dual Image feature allows the switch to have two 200 Series software images in the permanent storage. One image is the active image, and the second image is the backup. This feature reduces the system down-time during upgrades and downgrades.
Page 115 The IP addresses of DNS name servers (option 6). The IP addresses of DNS name servers should be returned from the DHCP server only if the DNS server is in the same LAN as the switch performing ExtremeSwitching 200 Series: Administration Guide...
Page 116: Managing Logs
On stackable systems, this log exists only on the management unit. Other platforms in the stack forward their messages to the management unit log. Access to in-memory logs on other than the management unit is not supported. ExtremeSwitching 200 Series: Administration Guide...
Page 117: Log Configuration
Protocol Version The RFC (Request for Comment) version of the syslog protocol. Local UDP Port The UDP (User Datagram Protocol) port on the local host from which syslog messages are sent. ExtremeSwitching 200 Series: Administration Guide...
Page 118: Buffered Log
The event log is preserved across system resets. To access this page, click System > Logs > Event Log in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 119 The incident category that indicates the cause of the log entry: EVENT, ERROR, etc. Filename The 200 Series source code filename identifying the code that detected the event. Line The line number within the source file of the code that detected the event.
Page 120: Syslog Source Interface Configuration
To access the Syslog Source Interface Configuration page, click System > Logs > Source Interface Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 121: Persistent Log
• notice (5): The device is experiencing normal but significant conditions. • info (6): The device is providing non-critical information. • debug (7): The device is providing debug-level information. ExtremeSwitching 200 Series: Administration Guide...
Page 122: Configuring And Searching The Forwarding Database
Configuring Power Over Ethernet (PoE) and PoE Statistics Use these pages to view PoE (Power over Ethernet) status information, configure global PoE settings, configure PoE settings on interfaces and view PoE interface statistical information. ExtremeSwitching 200 Series: Administration Guide...
Page 123: Poe Configuration
Click Refresh to redisplay the page with the current data from the switch. PoE Port Configuration Use the PoE Port Configuration page to configure PoE settings on interfaces. To access this page, click System > PoE > Port Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 124 2Pt-Dot3af + Legacy – The switch uses the 802.3af 2-point detection scheme, followed by the legacy detection scheme. • None – No detection is performed. Timer Schedule The time range from the list of time ranges configured on the system. ExtremeSwitching 200 Series: Administration Guide...
Page 125 Use the buttons to perform the following tasks: • To configure the settings for one or more interfaces, select each entry to modify and click Edit. • To apply the same settings to all interfaces, click Edit All. ExtremeSwitching 200 Series: Administration Guide...
Page 126: Viewing Device Port Information
Identifies the port that the information in the rest of the row is associated with. Interface Index The interface index object value assigned by the IF-MIB. This value is used to identify the interface when managing the device by using SNMP. ExtremeSwitching 200 Series: Administration Guide...
Page 127 • <Speed> Half Duplex: The port speeds available from the menu depend on the platform on which the 200 Series software is running and which port you select. In half-duplex mode, the transmissions are one-way. In other words, the port does not send and receive traffic at the same time.
Page 128: Port Description
Click Refresh to redisplay the most current information from the router. Port Description Use the Port Description page to configure a human-readable description of the port. To access this page, click System > Port > Description in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 129: Cable Test
Open and Short: There is an electrical short in the cable. • Cable Status Test Failed: The cable status could not be determined. The cable may in fact be working. This field is displayed after you click Test Cable and results are available. ExtremeSwitching 200 Series: Administration Guide...
Page 130 To configure the administrative mode for a port mirroring session, click Configure Session and configure the desired settings. • To configure destination as Remote VLAN or probe port, click Edit and configure the desired settings. ExtremeSwitching 200 Series: Administration Guide...
Page 131 VLAN and this VLAN is assigned as a source VLAN for a Monitor session, the interface can be assigned as a LAG member. From the Multiple Port Mirroring page, click Configure Session to display the Session Configuration page. ExtremeSwitching 200 Series: Administration Guide...
Page 132 The VLAN that is configured as the RSPAN VLAN. VLAN ID The VLAN to use as the source. Traffic from all physical ports that are members of this VLAN is mirrored. This field is available only when the selected Type is VLAN. ExtremeSwitching 200 Series: Administration Guide...
Page 133 The source ports are removed from the port mirroring session, and the device is updated. From the Port Mirroring page, click Remove Source Port. 2 Select one or more source ports to remove from the session. Use the [Ctrl] key to select multiple ports to remove. 3 Click Remove. ExtremeSwitching 200 Series: Administration Guide...
Page 134 Green Ethernet feature on the device. The Green Ethernet feature is designed to reduce per-port power usage. To access this page, click System > Advanced Configuration > Green Ethernet > Status in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 135: Green Ethernet Configuration
The number of LPI samples to store in the buffer. EEE Low Power Idle The administrative mode of EEE LPI on the device. When enabled, the ports can enter a low-power mode to reduce power consumption during periods of low link utilization. ExtremeSwitching 200 Series: Administration Guide...
Page 136 (Type Length Value)s to its link partner (the remote system). The TLVs are defined in the IEEE 802.1AB standard and provide information about the capabilities of the local device. To access this page, click System > Advanced Configuration > Green Ethernet > Local in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 137 The system wake time (Tw_sys) that the interface received from its link partner. Tw_sys_tx Echo The system wake time the remote system sends to the local interface when it receives a Tw_sys_tx request from the local interface. ExtremeSwitching 200 Series: Administration Guide...
Page 138 From this page, you can also view per-port EEE LPI data. To access this page, click System > Advanced Configuration > Green Ethernet > EEE History in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 139: Configuring And Viewing Device Slot Information
The pages in the Slot folder provide information about the cards installed in the slots on the switch. The physical location of the slots depends on the hardware on which 200 Series software is running. From the Configuration page, you can also manually configure information about cards on some platforms.
Page 140: Defining Snmp Parameters
Displays a data field used to identify the supported card. Click Refresh to redisplay the most current information from the router. Defining SNMP Parameters SNMP provides a method for managing network devices. The device supports SNMP version 1, SNMP version 2, and SNMP version ExtremeSwitching 200 Series: Administration Guide...
Page 141: Snmp Community Configuration
To change information for an existing community, select the checkbox for the entry and click Edit. • To delete a configured community from the list, select the checkbox for each entry to delete and click Remove. ExtremeSwitching 200 Series: Administration Guide...
Page 142 The SNMP management host is also known as the SNMP trap receiver. To access this page, click System > Advanced Configuration > SNMP > Trap Receiver V1/V2 from the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 143 To access this page, click System > Advanced Configuration > SNMP > Trap Receiver V3 from the navigation menu. Use the buttons to perform the following tasks: • To add an SNMP trap receiver and configure its settings, click Add and complete the required information. ExtremeSwitching 200 Series: Administration Guide...
Page 144: Supported Mibs
Supported MIBs The Supported MIBs page lists the MIBs that the system currently supports. To access this page, click System > Advanced Configuration > SNMP > Supported MIBs in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 145: Access Control Group
SNMP messages that use an MD5 key/password for authentication, but not a DES key/password for encryption. • Auth Priv – Authentication and data encryption. With this security level, users send an MD5 key/password for authentication and a DES key/password for encryption. ExtremeSwitching 200 Series: Administration Guide...
Page 146 An SNMP agent won't respond to a request from a management system outside its configured group, but an agent can be a member of multiple groups at the same time. This allows for communications with SNMP managers from different groups. ExtremeSwitching 200 Series: Administration Guide...
Page 147 To add an SNMP view, click Add. Specify the desired settings and click Submit. • To remove one or more SNMP views, select one or more views and click Remove.You must confirm the action before the views are removed. ExtremeSwitching 200 Series: Administration Guide...
Page 148 If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 149: Viewing System Statistics
Total Entries Deleted The number of VLANs that have been created and then deleted since the last reboot. This field does not apply to the MAC address table entries. System ExtremeSwitching 200 Series: Administration Guide...
Page 150: Port Summary
The discarded packets count cannot be cleared. • Click Clear All Counters to clear counters for all switches in the stack. Port Detailed Statistics The Port Detailed page displays a variety of per-port traffic statistics. ExtremeSwitching 200 Series: Administration Guide...
Page 151 The Transmit column shows the total number of packets that higher-level protocols requested be transmitted to a subnetwork unicast address, including those that were discarded or not sent. The Receive column shows the number of subnetwork unicast packets delivered to a higher-layer protocol. ExtremeSwitching 200 Series: Administration Guide...
Page 152 Multiple Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision. ExtremeSwitching 200 Series: Administration Guide...
Page 153 Click Clear All Counters to clear all the counters for all ports on the switch. The button resets all statistics for all ports to default values. • Click Refresh to refresh the data on the screen and display the most current statistics. ExtremeSwitching 200 Series: Administration Guide...
Page 154 Click Clear Counters to clear all the counters. This resets all statistics for this port to the default values. Time Based Group Statistics Use the Time Based Group Statistics page to define criteria for collecting time-based statistics for interface traffic. The time-based statistics can be useful for troubleshooting and diagnostics purposes. ExtremeSwitching 200 Series: Administration Guide...
Page 155 To add a set of time-based traffic group statistics to collect, click Add and configure the desired settings. • To delete one or more time-based statistics groups, select each entry to delete and click Remove. ExtremeSwitching 200 Series: Administration Guide...
Page 156 After you click Add, the Time Based Flow Configuration window opens and allows you to configure a rule for traffic flow statistics. The match conditions are optional, but the rule must specify at least one match condition. The following information describes the match criteria fields that are available in this window. ExtremeSwitching 200 Series: Administration Guide...
Page 157: Using System Utilities
Click Refresh to refresh the data on the screen with the present state of the data in the switch. Using System Utilities The System Utilities feature menu contains links to web pages that help you configure features that help you manage the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 158: System Reset
The source IP address to use when sending the Echo requests packets. This field is enabled when IP Address is selected as source option. Interface The interface to use when sending the Echo requests packets. This field is enabled when Interface is selected as source option. ExtremeSwitching 200 Series: Administration Guide...
Page 159: Ping Ipv6
The results of the ping test, which includes information about the reply (if any) received from the host. Click Submit to send the specified number of pings. The results display in the Ping Output box. ExtremeSwitching 200 Series: Administration Guide...
Page 160: Ip Address Conflict
IP address of another device on the same LAN (or on the Internet, for a routable IP address) and to help you resolve any existing conflicts. An IP address conflict can make both this system and the system with the same IP address unusable for network operation. ExtremeSwitching 200 Series: Administration Guide...
Page 161 The File Download window opens. Configure the information for the file transfer (described below), and click the download icon to the right of the Progress field to begin the transfer. After you click the upload icon, the File Upload window opens. ExtremeSwitching 200 Series: Administration Guide...
Page 162 Status Provides information about the status of the file transfer. After you click the download icon, the File Download window opens. The following information describes the fields in the File Download window for all protocols. ExtremeSwitching 200 Series: Administration Guide...
Page 163 Public Key Image – Select this option to transfer the public key file used for code image validation to the device. • Public Key Config – Select this option to transfer the public key file used for configuration script validation to the device. ExtremeSwitching 200 Series: Administration Guide...
Page 164 Description Digital Signature Verification Provides option to verify the digital signature of a downloaded file. Code Verify the digital signature of downloaded code image files. Configuration Verify the digital signature of downloaded configuration script files. ExtremeSwitching 200 Series: Administration Guide...
Page 165 The IP address of the router. To add a stack IP address, click Add and configure an IP address, netmask, and gateway address. To delete a configured stack IP, select each entry to delete, click Remove, and confirm the action. ExtremeSwitching 200 Series: Administration Guide...
Page 166 To access this page, click System > Utilities > Core Dump Test in the navigation menu. Table 157: Core Dump Test Fields Field Description Status Displays test status as if test passes and if test fails. Error Result Displays detailed error information with logs. ExtremeSwitching 200 Series: Administration Guide...
Page 167: Chapter 4: Configuring Switching Information
A VLAN is a set of end stations and the switch ports that connect them. You may have many reasons for the logical division, such as department or project membership. The only physical requirement is that the end station and the port to which it is connected both belong to the same VLAN. ExtremeSwitching 200 Series: Administration Guide...
Page 168 VLAN, be sure to select the correct VLAN from the menu. Interface Select the interface for which you want to display or configure data. Select All to set the parameters for all ports to same values. ExtremeSwitching 200 Series: Administration Guide...
Page 169: Vlan Port Summary
The VLAN ID assigned to untagged or priority tagged frames received on this port. This value is also known as the Port VLAN ID (PVID). In a tagged frame, the VLAN is identified by the VLAN ID in the tag. ExtremeSwitching 200 Series: Administration Guide...
Page 170 VLAN configuration of the port accordingly. Assigning the appropriate switchport mode helps simplify VLAN configuration and minimize errors. To access this page, click Switching > VLAN > Switchport Summary in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 171: Vlan Internal Usage
The first VLAN ID to be assigned to a port-based routing interface. Allocation Policy Determines whether VLAN IDs assigned to port-based routing interfaces start at the base and decrease in value (Descending) or start at the base and increase in value (Ascending). ExtremeSwitching 200 Series: Administration Guide...
Page 172: Configuring Udld
If you change any information on the page, click Submit to apply the changes to the system. Configuring UDLD The UDLD feature detects unidirectional links on physical ports by exchanging packets containing information about neighboring devices. The purpose of the UDLD feature is to detect and avoid ExtremeSwitching 200 Series: Administration Guide...
Page 173: Udld Interface Configuration
The interface associated with the rest of the data in the row. In the Edit UDLD Interface Configuration window, this field identifies each interface that is being configured. Admin Mode The administrative mode of UDLD on the port. ExtremeSwitching 200 Series: Administration Guide...
Page 174: Private Vlan
The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports that are members of the same private VLAN. Private VLAN Configuration To access the Private VLAN Configuration page, click Switching > Private VLAN > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 175: Private Vlan Association
Use the buttons to perform the following tasks: • To configure a primary VLAN association, select each entry to modify and click Edit. Note Isolated VLANs and Community VLANs are collectively called Secondary VLANs. ExtremeSwitching 200 Series: Administration Guide...
Page 176 Remove Promiscuous Association. You must confirm the action before the promiscuous association for the entry is cleared. ExtremeSwitching 200 Series: Administration Guide...
Page 177: Voice Vlan Configuration
Voice VLAN is enabled per-port basis. A port can participate only in one voice VLAN at a time. The Voice VLAN feature is disabled by default. To display the Voice VLAN Configuration page, click Switching > Voice VLAN > Configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 178: Voice Vlan Interface
The Class of Service override mode: • Enabled – The port ignores the 802.1p priority value in the Ethernet frames it receives from connected devices. • Disabled – The port trusts the priority value in the received frame. ExtremeSwitching 200 Series: Administration Guide...
Page 179: Port Auto Recovery
Use the Port Auto Recovery Configuration page to allow a port to attempt to become re-enabled if it has been placed into a diagnostically disabled state due to the detection of certain error conditions. To access this page, click Switching > Auto Recovery > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 180 The interface which is error disabled. Admin Mode The administrative mode of the interface. Port Status Whether the link is up or down. The link is the physical connection between the port or trunk and the interface on another device. ExtremeSwitching 200 Series: Administration Guide...
Page 181: Creating Mac Filters
Use the MAC Filter Configuration page to associate a MAC address with a VLAN and one or more source and/or destination ports To access this page, click Switching > Filters > MAC Filters in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 182: Configuring Dynamic Arp Inspection
To remove a filter, select it from the MAC Filter drop-down menu and click Remove. Configuring Dynamic ARP Inspection Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other ExtremeSwitching 200 Series: Administration Guide...
Page 183: Dai Configuration
To disable DAI on one or more VLANs, select each entry to disable and click Remove. After confirming the action, the entries are removed from the table. To display this page, click Switching > Dynamic ARP Inspection > VLAN in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 184: Dai Interface Configuration
The maximum rate for incoming ARP packets on the interface, in packets per second (pps). If the incoming rate exceeds the configured limit, the ARP packets are dropped. Rate limiting can be enabled or disabled after you select an interface and click Edit. ExtremeSwitching 200 Series: Administration Guide...
Page 185: Dai Arp Acl Configuration
DAI ARP ACL Rule Configuration Use the DAI ARP ACL Rule Configuration page to add or remove DAI ARP ACL Rules. To display this page, click Add Rule from the Dynamic ARP Inspection ACL Configuration page. ExtremeSwitching 200 Series: Administration Guide...
Page 186: Dai Statistics
Click Refresh to refresh the page with the most current data from the switch. DAI Statistics Use the DAI Statistics page to display the statistics per VLAN. To display this page, click Switching > Dynamic ARP Inspection > DAI Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 187: Garp Configuration
GARP defines a set of switches interested in a given network attribute, such as VLAN ID or multicast address. GARP Switch Configuration To access the GARP Switch Configuration page, click Switching > GARP > Switch in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 188: Garp Port Configuration
When disabled, the protocol will not be active on the interface, and the GARP timers have no effect Join Timer (Centisecs) The amount of time between the transmission of GARP PDUs registering (or re- registering) membership for a VLAN or multicast group. ExtremeSwitching 200 Series: Administration Guide...
Page 189: Configuring Dhcp Snooping
VLANs. For Layer 2 (non-routing) VLANs, DHCP snooping forwards valid DHCP client messages received on the VLANs. The message is forwarded on all trusted interfaces in the VLAN. When a DHCP packet is received on a routing VLAN, the DHCP snooping application applies its filtering rules and ExtremeSwitching 200 Series: Administration Guide...
Page 190: Dhcp Snooping Interface Configuration
DHCP Snooping settings for one or more interfaces, select each entry to modify and click Edit. The same settings are applied to all selected interfaces. To access this page, click Switching > DCHP Snooping > Base > Interface Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 191: Dhcp Snooping Static Bindings
Table 185: DHCP Snooping Static Bindings Fields Field Description Interface The interface on which the DHCP client is authorized. MAC Address The MAC address associated with the DHCP client. This is the Key to the binding database. ExtremeSwitching 200 Series: Administration Guide...
Page 192: Dhcp Snooping Dynamic Bindings
The device must be able to reach the IP address of the remote system to send bindings to a remote database. To access this page, click Switching > DCHP Snooping > Base > Persistent in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 193 Layer 3 Relay agent/DHCP server. In this instance, some of the client device information required by the Layer 3 Relay agent may not be visible to it. When this ExtremeSwitching 200 Series: Administration Guide...
Page 194: Dhcp L2 Relay Interface Configuration
Use the DHCP L2 Relay VLAN Configuration page to control the DHCP Layer 2 relay settings on a particular VLAN. The VLAN is identified by a service VLAN ID (S-VID), which a service provider uses to ExtremeSwitching 200 Series: Administration Guide...
Page 195: Dhcp L2 Relay Interface Statistics
An interface is untrusted when the DHCP Layer 2 relay trust mode is disabled. To access this page, click Switching > DCHP Snooping > L2 Relay > Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 196: Configuring Ipv6 Dhcp Snooping
If you change any of the parameters, click Submit to apply the changes to the system. If you want the switch to retain the new values across a power cycle, you must save the configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 197 MAC address and the DHCPv6 client hardware address match. Where there is a mismatch, IPv6 DHCP snooping logs the event (when logging of invalid packets is enabled) and drops the packet. To ExtremeSwitching 200 Series: Administration Guide...
Page 198 Click Refresh to refresh the page with the most current data from the switch. IPv6 DHCP Snooping Static Bindings Use the IPv6 DHCP Snooping Static Bindings page to view, add, and remove static bindings in the IPv6 DHCP snooping bindings database. ExtremeSwitching 200 Series: Administration Guide...
Page 199 The MAC address associated with the DHCPv6 client that sent the message. This is the key to the binding database. VLAN ID The VLAN ID of the client interface. IP Address The IPv6 address assigned to the client by the DHCPv6 server. ExtremeSwitching 200 Series: Administration Guide...
Page 200 DHCPv6 messages filtered by the IPv6 DHCP snooping feature. Only interfaces that are enabled for IPv6 DHCP snooping and are untrusted appear in the table. To access this page, click Switching > DCHP Snooping > Base > Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 201: Configuring Igmp Snooping
Global Configuration and Status Use the IGMP Snooping Configuration and Status page to enable IGMP snooping on the switch and view information about the current IGMP configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 202 Select the Fast Leave mode for the a particular interface from the drop-down menu. The default is Disable. If you make any changes on the page, click Submit to apply the new settings to the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 203 Enabled – Only the first IGMP report from all hosts for a group IGMP report is forwarded to the multicast routers. • Disabled – The device forwards all IGMP reports from all hosts in a multicast group to the multicast routers. ExtremeSwitching 200 Series: Administration Guide...
Page 204 To enable or disable specific VLANs as multicast router interfaces for a physical port or LAG, use the Add and Edit buttons. A multicast router interface faces a multicast router or IGMP querier and receives multicast traffic. ExtremeSwitching 200 Series: Administration Guide...
Page 205: Configuring Igmp Snooping Querier
The IGMP snooping querier can perform the IGMP snooping functions on the VLAN. IGMP Snooping Querier Configuration To access the IGMP Snooping Querier Configuration page, click Switching > IGMP Snooping Querier > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 206 To disable the IGMP snooping querier feature on one or more VLANs, select each entry to change and click Remove. You must confirm the action before the entry is deleted. Clicking this button does not remove the VLAN from the system. ExtremeSwitching 200 Series: Administration Guide...
Page 207 Disabled – The snooping querier is not operational on the VLAN. The snooping querier moves to the disabled mode when IGMP snooping is not operational on the VLAN, when the querier address is not configured, or the network management address is not configured. ExtremeSwitching 200 Series: Administration Guide...
Page 208: Configuring Mld Snooping
Select Enable or Disable in the MLD Snooping > Admin Mode field and click Submit to turn the feature on or off. Perform a save if you want the changes to remain in effect over a power cycle. ExtremeSwitching 200 Series: Administration Guide...
Page 209 You must confirm the action before MLD snooping is disabled on the selected VLANs. When MLD snooping is disabled, the VLAN entry is removed from the table, but the VLAN itself still exists on the system. ExtremeSwitching 200 Series: Administration Guide...
Page 210 The interface associated with the rest of the data in the row. When configuring the MLD snooping multicast router settings, this field identifies each interface that is being configured. Multicast Router Whether the interface is enabled or disabled as a multicast router interface. ExtremeSwitching 200 Series: Administration Guide...
Page 211: Configuring Mld Snooping Querier
However, if the IP-multicast traffic in a VLAN needs to be Layer 2 switched only, an IP-multicast router is not required. The MLD snooping querier can perform the MLD snooping functions on the VLAN. Note This feature is available for 220 switches only. ExtremeSwitching 200 Series: Administration Guide...
Page 212: Mld Snooping Querier Configuration
To disable the MLD snooping querier feature on one or more VLANs, select each entry to change and click Remove. You must confirm the action before the entry is deleted. Clicking this button does not remove the VLAN from the system. ExtremeSwitching 200 Series: Administration Guide...
Page 213 Disabled – The snooping querier is not operational on the VLAN. The snooping querier moves to the disabled mode when MLD snooping is not operational on the VLAN, when the querier address is not configured, or the network management address is not configured. ExtremeSwitching 200 Series: Administration Guide...
Page 214: Creating Port Channels
LAG. The switch can treat the port channel as if it were a single link. To access this page, click Switching > Port Channel > Summary in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 215: Port Channel Configuration
Use the Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated together to form a port channel, which is also known as a LAG. The switch treats the port channel as if it were a single link. ExtremeSwitching 200 Series: Administration Guide...
Page 216 Enhanced hashing mode Port Channel Members After you create one or more port channel, this field lists the members of the Port Channel. If there are no port channels on the system, this field is not present. ExtremeSwitching 200 Series: Administration Guide...
Page 217: Port Channel Statistics
Clear Counters (Button) Click this button to reset the flap counters for all port channels and member ports to 0. Click Refresh to display the latest information from the router. ExtremeSwitching 200 Series: Administration Guide...
Page 218: Viewing Multicast Forwarding Database Information
Static – The entry has been manually added to the MFDB by an administrator. • Dynamic – The entry has been added to the MFDB as a result of a learning process or protocol. Description A text description of this multicast table entry. ExtremeSwitching 200 Series: Administration Guide...
Page 219: Gmrp Table
IGMP snooping allows the device to dynamically add or remove ports from IPv4 multicast groups by listening to IGMP join and leave requests. To access this page, click Switching > Multicast Forwarding Database > IGMP Snooping in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 220: Multicast Vlan Registration
Join and Report messages only for the statically configured groups. All other groups are managed by IGMP snooping. MVR uses the multicast VLAN, a dedicated VLAN used to transfer multicast traffic over the network avoiding duplication of multicast streams for clients in different VLANs. ExtremeSwitching 200 Series: Administration Guide...
Page 221: Mvr Global Configuration
To edit a configured group, select the entry to modify and click Edit. Then, configure which interfaces should be members of that group. • To remove one or more configured groups, select each entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 222 VLAN. • Receiver – The port where listening host is connected to the switch. It must not be a member of the multicast VLAN. • None – The port is not an MVR port. ExtremeSwitching 200 Series: Administration Guide...
Page 223: Configuring Protected Ports
Unprotected ports can forward traffic to both protected and unprotected ports. To access this page, click Switching > Protected Ports > Configuration in the navigation menu. Use the buttons to perform the following tasks: ExtremeSwitching 200 Series: Administration Guide...
Page 224: Configuring Spanning Tree Protocol
For more information about regions and their effect on network topology, refer to the IEEE 802.1Q standard. Switch Configuration/Status The Spanning Tree Switch Configuration/Status page contains fields for enabling STP on the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 225: Cst Configuration
The value that helps determine which bridge in the spanning tree is elected as the root bridge during STP convergence. A lower value increases the probability that the bridge becomes the root bridge. Bridge Max Age The amount of time a bridge waits before implementing a topological change. ExtremeSwitching 200 Series: Administration Guide...
Page 226 If you make any configuration changes, click Submit to apply the new settings to the switch. • Click Force to force the port to send out 802.1w or 802.1D BPDUs. • Click Refresh to update the screen with most recent data. ExtremeSwitching 200 Series: Administration Guide...
Page 227: Cst Port Configuration
Edit, a window opens and allows you to edit the CST port settings and view additional CST information for the interface. The following information describes the additional fields available in the Edit CST Port Entry window. ExtremeSwitching 200 Series: Administration Guide...
Page 228 When enabled, Loop Guard prevents an interface from erroneously transitioning from blocking state to forwarding when the interface stops receiving BPDUs. The port is marked as being in loop-inconsistent state. In this state, the interface does not forward frames. ExtremeSwitching 200 Series: Administration Guide...
Page 229: Mst Configuration
# of Associated VLANs The number of VLANs that are mapped to the MSTI. This number does not contain any information about the VLAN IDs that are mapped to the instance. ExtremeSwitching 200 Series: Administration Guide...
Page 230: Mst Port Configuration
The menu contains the ID of each MST instance that has been created on the device. Interface The port or LAG associated with the rest of the data in the row. When configuring MST settings for an interface, this field identifies the interface being configured. ExtremeSwitching 200 Series: Administration Guide...
Page 231 The bridge ID of the root bridge for the MST instance. Designated Cost The path cost offered to the LAN by the designated port. Designated Bridge The bridge ID of the bridge with the designated port. ExtremeSwitching 200 Series: Administration Guide...
Page 232: Spanning Tree Statistics
Use this page to view and configure Per VLAN Spanning Tree Protocol (PVSTP)/Per VLAN Rapid Spanning Tree Protocol (PVRSTP) Global settings for the device. To display the PVST Global page, click Switching > Spanning Tree > PVST Global in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 233 The root ID cost for the specified VLAN. Port The root ID port for the specified VLAN. Hello Time The root ID hello time for the specified VLAN. (Seconds) Max Age (Seconds) The maximum age for the specified VLAN. ExtremeSwitching 200 Series: Administration Guide...
Page 234 Click Add to add a new row to the VLAN configuration • Select an entry and then click Edit to change the PVST configuration on the VLAN. • Select an entry and then click Remove to remove the PVST row from the VLAN configuration. ExtremeSwitching 200 Series: Administration Guide...
Page 235 Use the PVST Statistics page to view and configure Per VLAN Spanning Tree Protocol (PVSTP)/Per VLAN Rapid Spanning Tree Protocol (PVRSTP) Statistics settings for the device. To display this page, click Switching > Spanning Tree > PVST Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 236: Mapping 802.1P Priority
The heading row lists each 802.1p priority value (0–7), and the data in the table shows which traffic class is mapped to the priority value. Incoming frames containing the designated 802.1p priority value are mapped to the corresponding traffic class in the device. ExtremeSwitching 200 Series: Administration Guide...
Page 237: Configuring Port Security
To access this page, click Switching > Port Security > Interface in the navigation menu. Use the buttons as follows: • To configure the settings for one or more interfaces, select each entry to modify and click Edit. ExtremeSwitching 200 Series: Administration Guide...
Page 238 Whether the port security feature shuts down the port after MAC limit is reached. Last Violation MAC/VLAN The source MAC address and, if applicable, associated VLAN ID of the last frame that was discarded at a locked port. ExtremeSwitching 200 Series: Administration Guide...
Page 239: Port Security Statically Configured Mac Addresses
Use the Port Security Static MAC Addresses page to view static MAC addresses configured on an interface. From this page, you can delete statically configured MAC addresses. To access this page, click Switching > Port Security > Static MAC in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 240: Managing Lldp
200 Series allows LLDP to have multiple LLDP neighbors per interface. The number of such neighbors is limited by the memory constraints. A product-specific constant defines the maximum number of...
Page 241: Lldp Interface Configuration
In the Edit LLDP Interface window, this field identifies the interface that is being configured. Port ID Subtype The LLDP Port ID subtype of the interface, which is either MAC Address or Interface Name. ExtremeSwitching 200 Series: Administration Guide...
Page 242 Description page and is the SNMP server name for the device. System Description Select this option to include a description of the device in the LLDPDU the interface transmits. The description includes information about the product model and platform. ExtremeSwitching 200 Series: Administration Guide...
Page 243 System Description The device description, which includes information about the product model and platform. System Capabilities Supported The primary function(s) the device supports. System Capabilities Enabled The primary function(s) the device supports that are enabled. ExtremeSwitching 200 Series: Administration Guide...
Page 244 The description of the port on the remote device that transmitted the LLDP data. System Capabilities Supported The primary function(s) the remote system supports. The possible capabilities include Other, Repeater, Bridge, WLAN (Wireless Local Area Network) AP, Router, Telephone, DOCSIS cable device, and Station. ExtremeSwitching 200 Series: Administration Guide...
Page 245 Displays the number of LLDP TLVs discarded for any reason by the LLDP agent on the corresponding port. Errors Displays the number of invalid LLDP frames received by the LLDP agent on the corresponding port, while the LLDP agent is enabled. ExtremeSwitching 200 Series: Administration Guide...
Page 246 (manufacturer, software and hardware versions, serial/asset number). LLDP-MED Global Configuration Use the LLDP-MED Global Configuration page to set global parameters for LLDP-MED operation. To display this page, click Switching > LLDP-MED > Global in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 247 Whether LLDP-MED topology change notifications are enabled or disabled on the Configuration Notification interface. Mode Operational Status Whether the interface will transmit TLVs. Transmit TLVs The LLDP-MED TLV(s) that the interface transmits: • MED Capabilities: 0 • Network Policy: 1 ExtremeSwitching 200 Series: Administration Guide...
Page 248 Number (ELIN) of the device. Information This column displays the information related to the coordinates, civic address, and ELIN for the device. Click Refresh to update the page with the latest information from the router. ExtremeSwitching 200 Series: Administration Guide...
Page 249 This section describes the information in the inventory TLVs received in the LLDP-MED frames on this interface. Hardware Revision The hardware version advertised by the remote device. Firmware Revision The firmware version advertised by the remote device. ExtremeSwitching 200 Series: Administration Guide...
Page 250: Loop Protection
An interface can also be configured to receive and take action in response to loop protection PDUs, but not to send out the PDUs itself. To display this page, click Switching > Loop Protection > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 251: Multiple Registration Protocol Configuration
Like 802.1AS, Multiple Registration Protocol (MRP) is an Audio Video Bridging (AVB) feature that is available on some 200 Series platforms. MVR is a base registration protocol that enables devices running an MRP application to register attributes to other devices in a network. MRP provides an application to register attributes such as bandwidth requirement for a given AV stream and MAC address information.
Page 252: Mrp Configuration
Use the MRP Configuration page to configure global MRP settings for the switch. To access the basic MRP Configuration page click Switching > MRP > Configuration. Note The fields available on the MRP Configuration page vary based on the platform and its supported features. ExtremeSwitching 200 Series: Administration Guide...
Page 253 Use the MRP Interface Configuration page to view and configure the per-interface Multiple Registration Protocol (MRP) settings. To change the current settings for one or more interfaces, select each interface to modify and click Edit. The same MRP settings are applied to all selected interfaces. ExtremeSwitching 200 Series: Administration Guide...
Page 254: Mmrp Statistics
Shows the number of MMRP frames which were received on the switch. Bad Header Shows number of MMRP frames with bad headers which were received on the switch. Bad Format Shows number of MMRP frames with bad PDUs body formats which were received on the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 255 To reload the page, click Refresh. To clear the statistics for one or more ports, select the checkbox next to the interface or interfaces, and click Clear. To clear the statistics for all interfaces, select the checkbox in the heading row, and click Clear Counters. ExtremeSwitching 200 Series: Administration Guide...
Page 256: Chapter 5: Configuring Routing
Router Configuring Routing Information Protocol (RIP) 200 Series software supports IP routing. Use the links in the Routing navigation menu to manage routing on the system. When a packet enters the switch, the destination MAC address is checked to see if it matches any of the configured routing interfaces.
Page 257: Arp Create
When adding a static ARP entry, specify the MAC address to associate with the IP address in the entry. Interface The routing interface associated with the ARP entry. The network host is associated with the device through this interface. ExtremeSwitching 200 Series: Administration Guide...
Page 258: Configuring Global Ip Settings
The Routing > IP folder contains links to the following web pages that configure and display IP routing data: • Routing IP Configuration on page 259 • Interface Summary on page 260 • Routing IP Interface Configuration on page 262 ExtremeSwitching 200 Series: Administration Guide...
Page 259 Changing the Static Route Preference does not update the preference of existing static routes. Local Route Preference The default distance (preference) for local routes. Maximum Next Hops The maximum number of hops supported by the switch. This is a read-only value. ExtremeSwitching 200 Series: Administration Guide...
Page 260: Interface Summary
MAC Address The burned-in physical address of the interface. The format is six two-digit hexadecimal numbers separated by colons, for example 00:06:29:32:81:40. ExtremeSwitching 200 Series: Administration Guide...
Page 261 ARP request. This feature is useful when a host is not permitted to reply to an ARP request from another host in the same subnet, for example when using the protected ports feature. ExtremeSwitching 200 Series: Administration Guide...
Page 262: Routing Ip Interface Configuration
Manual – The address is to be statically configured. When this option is selected you can specify the IP address and subnet mask in the available fields. • DHCP – The interface will attempt to acquire an IP address from a network DHCP server. ExtremeSwitching 200 Series: Administration Guide...
Page 263 The device sends an ICMP Redirect message on an interface only if ICMP Redirects are enabled both globally and on the interface. An ICMP Redirect message notifies a host when a better route to a particular destination is available on the network segment. ExtremeSwitching 200 Series: Administration Guide...
Page 264: Routing Ip Statistics
Click Refresh to update the information on the screen. Routing IP Statistics The statistics reported on the Routing IP Statistics page are as specified in RFC 1213. To display this page, click Routing > IP > Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 265 Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received. ExtremeSwitching 200 Series: Administration Guide...
Page 266 The number of ICMP Source Quench messages sent. IcmpOutRedirects The number of ICMP Redirect messages sent. For a host, this object is always zero, since hosts do not send redirects. IcmpOutEchos The number of ICMP Echo (request) messages sent. ExtremeSwitching 200 Series: Administration Guide...
Page 267: Router
Whether the route is the preferred route to the network. If the field is blank, a better route to the same network exists in the routing table. Click Refresh to update the information on the screen. ExtremeSwitching 200 Series: Administration Guide...
Page 268 IP Interface Configuration page. Valid next hop IP Addresses can be viewed on the Route Table page. Subnet Mask Also referred to as the subnet/network mask, this indicates the portion of the IP interface address that identifies the attached network. ExtremeSwitching 200 Series: Administration Guide...
Page 269 The total number of reject routes installed by all protocols. Total Routes The total number of routes in the routing table. Best Routes (High) The number of best routes currently in the routing table. This number only counts the best route to each destination. ExtremeSwitching 200 Series: Administration Guide...
Page 270 Counters that report the current state of the routing table, such as the number of routes of each type, are not reset. Click Refresh to update the information on the screen. ExtremeSwitching 200 Series: Administration Guide...
Page 271: Configuring Routing Information Protocol (Rip)
Using RIP, routers periodically exchange entire routing tables. Note This feature is available for 220 switches only. Use the command-line interface to configure RIP. Refer to "Routing Information Protocol Commands" in ExtremeSwitching 200 Series: Command Reference Guide. ExtremeSwitching 200 Series: Administration Guide...
Page 272: Chapter 6: Managing Device Security
Global Port Access Control Configuration Use the Port Based Access Control Configuration page to enable or disable port access control on the system. To display this page, click Security > Port Access Control > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 273 To view additional information about the port-based access control settings for a port, select the port with the information to view and click Details. You are automatically redirected to the Port Access Control Port Details page for the selected port. ExtremeSwitching 200 Series: Administration Guide...
Page 274 The current state of the authenticator PAE state machine, which is the 802.1X process that controls access to the port. The state can be one of the following: • Initialize • Disconnected • Connecting • Authenticating • Authenticated • Aborting • Held • ForceAuthorized • ForceUnauthorized ExtremeSwitching 200 Series: Administration Guide...
Page 275: Port Access Control Port Configuration
Edit. The same settings are applied to all selected ports. • To view additional information about the port-based access control settings for a port, select the port with the information to view and click Details. ExtremeSwitching 200 Series: Administration Guide...
Page 276 The amount of time that the port waits for a response before retransmitting an EAP request frame to the client. Server Timeout The amount of time the port waits for a response from the authentication server. ExtremeSwitching 200 Series: Administration Guide...
Page 277: Port Details
802.1X-unaware. Click Refresh to update the information on the screen. Port Details Use this page to view 802.1X information for a specific port. ExtremeSwitching 200 Series: Administration Guide...
Page 278 The amount of time the port waits for a response from the authentication server. Maximum Requests The maximum number of times that the port sends an EAP request frame (assuming that no response is received) to the client before restarting the authentication process. ExtremeSwitching 200 Series: Administration Guide...
Page 279 The reason why the authenticator placed the supplicant in the VLAN. Possible values are: • RADIUS • Default • Not Assigned Supplicant Options The fields in this section provide information about the settings that apply to the port when it is configured as an 802.1X supplicant. ExtremeSwitching 200 Series: Administration Guide...
Page 280 EAPOL and EAP message statistics, select the interface with the information to view and click Details. To access the Port Access Control Statistics page, click Security > Port Access Control > Statistics in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 281 EAPOL-Logoff frames are sent by a supplicant to indicate that it is disconnecting from the network, and the interface can return to the unauthorized state. This field is displayed only if the interface is configured as a supplicant. ExtremeSwitching 200 Series: Administration Guide...
Page 282: Client Summary
The amount of time that has passed since the connected supplicant was granted access to the network through the authenticator port. Filter ID The policy filter ID assigned by the authenticator to the supplicant device. ExtremeSwitching 200 Series: Administration Guide...
Page 283 Edit. The same settings are applied to all selected interfaces. To access the Port Access Control History Log Summary page, click Security > Port Access Control > History Log Summary in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 284: Radius Settings
RADIUS Configuration Use the RADIUS Configuration page to view and configure various settings for the RADIUS servers configured on the system. To access this page, click Security > RADIUS > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 285 IP address or host name for a server after it has been added. • To remove a configured RADIUS server from the list, select the entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 286 The number of RADIUS Access-Request packets destined for the server that have not yet timed out or received a response. Timeouts The number of times a response was not received from the server within the configured timeout value. ExtremeSwitching 200 Series: Administration Guide...
Page 287: Radius Accounting Server Status
RADIUS server group. RADIUS accounting servers in the same group serve as backups for each other. Port Number The UDP port on the RAIDUS accounting server to which the local RADIUS client sends request packets. ExtremeSwitching 200 Series: Administration Guide...
Page 288 The number of RADIUS Accounting-Response packets that contained invalid authenticators received from the accounting server. Unknown Types The number of RADIUS packets of unknown type which were received from the server on the accounting port. ExtremeSwitching 200 Series: Administration Guide...
Page 289: Tacacs+ Settings
The menu contains only the VLAN IDs for VLAN routing interfaces. Click Refresh to update the page with the most current information. TACACS+ Settings To access the TACACS+ Configuration page, click Security > TACACS+ > Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 290 Click Refresh to update the page with the most current information. TACACS+ Server Configuration Use the TACACS+ Server Configuration page to view and configure information about the TACACS+ server(s). To access this page, click Security > TACACS+ > Server Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 291 The menu contains only the VLAN IDs for VLAN routing interfaces. Click Refresh to update the page with the most current information. If you make any changes to the page, click Submit to apply the changes to the system. ExtremeSwitching 200 Series: Administration Guide...
Page 292: Authentication Manager
The default method order is Dot1x, MAC Authentication Bypass (MAB), and Captive Portal. To access this page, click Security > Authentication Manager > Authentication Tiering in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 293 The local interface associated with the rest of the data in the row. Logical Interface The logical port number associated with the client that is connected to the port. Client MAC Address The MAC address of the client that is connected to the port. ExtremeSwitching 200 Series: Administration Guide...
Page 294: Authentication Statistics
Use the buttons at the bottom of the page to perform the following actions: • Click Refresh to display the latest information from the switch. • Click Clear to reset all statistics counters to 0 for the selected interfaces. ExtremeSwitching 200 Series: Administration Guide...
Page 295 Use the buttons at the bottom of the page to perform the following actions: • Click Refresh to display the latest information from the switch. • Click Clear to clear the Authentication Manager history log on the selected interface. ExtremeSwitching 200 Series: Administration Guide...
Page 296: Chapter 7: Configuring Ipv6
Enables or disables the IPv6 administrative mode on the network interface. Network Configuration Specify whether the device should attempt to acquire network information from Protocol a DHCPv6 server. Selecting None disables the DHCPv6 client on the network interface. ExtremeSwitching 200 Series: Administration Guide...
Page 297 IPv6 autoconfiguration or DHCPv6. Default IPv6 Routers Lists the IPv6 address of each default router that has been automatically configured through IPv6 router discovery. Click Refresh to update the information on the screen. ExtremeSwitching 200 Series: Administration Guide...
Page 298: Chapter 8: Configuring Quality Of Service
200 Series software supports IPv4, IPv6, and MAC ACLs. The total number of MAC and IP ACLs supported by 200 Series software is platform- specific.
Page 299 • To configure rules for an ACL, select the ACL to configure and click Edit. You are redirected to the Access Control List Configuration page for the selected ACL. ExtremeSwitching 200 Series: Administration Guide...
Page 300: Access Control List Configuration
To add an Access List Rule entry, select the ID of the ACL that will include the rule from the ACL Identifier menu. Then, click Add Rule and configure the rule criteria and attributes. New rules cannot be created if the maximum number of rules has been reached. ExtremeSwitching 200 Series: Administration Guide...
Page 301 Deny – The packet or frame is dropped. When configuring ACL rules in the Add Access Control List Rule window, the selected action determines which fields can be configured. Not all fields are available for both Permit and Deny actions. ExtremeSwitching 200 Series: Administration Guide...
Page 302 IP packet. You can also specify one of the following keywords: EIGRP, GRE, ICMP, IGMP, , IP, IPINIP, OSPF, PIM, TCP, or UDP. Fragments (IPv4 Extended and IPv4 Named ACLs) IP ACL rule to match on fragmented IP packets. ExtremeSwitching 200 Series: Administration Guide...
Page 303 ICMP message type. This option is available only if the protocol is ICMP. ICMP Code (IPv4 Extended and IPv4 Named ACLs) IP ACL rule to match on the specified ICMP message code. This option is available only if the protocol is ICMP. ExtremeSwitching 200 Series: Administration Guide...
Page 304 (Burst Rate). Match Criteria (IPv6 ACLs) The fields in this section specify the criteria to use to determine whether an IP packet matches the rule. The fields described below apply to IPv6 ACLs. ExtremeSwitching 200 Series: Administration Guide...
Page 305 IP DSCP The IP DSCP value in the IPv6 packet to match to the rule. The DSCP value is defined as the high-order six bits of the Service Type octet in the IPv6 header. ExtremeSwitching 200 Series: Administration Guide...
Page 306 The attributes specify actions other than the basic Permit or Deny actions. Assign Queue The number that identifies the hardware egress queue that will handle all packets matching this rule. ExtremeSwitching 200 Series: Administration Guide...
Page 307 To display this page, click QoS > Access Control Lists > Interfaces in the navigation menu. Use the buttons to perform the following tasks: • To apply an ACL to an interface, click Add and configure the settings in the available fields. ExtremeSwitching 200 Series: Administration Guide...
Page 308 VLAN in the same direction. When multiple ACLs are applied to the same VLAN in the same direction, the ACL with the lowest sequence number is applied first, and the other ACLs are applied in ascending numerical order. ExtremeSwitching 200 Series: Administration Guide...
Page 309 To apply an ACL to the CPU interface, click Add and configure the settings in the available fields. • To remove the association between the CPU interface and an ACL, select each entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 310 ACLs are applied in ascending numerical order. IPv6 ACL Rules The maximum number of IPv6 rules depends on the following factors (also refer to the 200 Series Scaling Parameters and Values for the maximum number of rules per device type): •...
Page 311 The number that indicates the position of a rule within the ACL. Action The action to take when a packet or frame matches the criteria in the rule: • Permit – The packet or frame is forwarded. • Deny – The packet or frame is dropped. ExtremeSwitching 200 Series: Administration Guide...
Page 312: Configuring Auto Voip
323) and/or OUI bits. When the device identifies voice traffic, it is placed in the VLAN specified on this page. The Auto VoIP feature does not rely on LLDP-MED support in connected devices. To display this page, click QoS > Auto VoIP > Global in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 313: Oui Table Summary
Use the buttons to perform the following tasks: • To configure the settings for one or more interfaces, select each entry to modify and click Edit. • To apply the same settings to all interfaces, click Edit All. ExtremeSwitching 200 Series: Administration Guide...
Page 314: Protocol Based Auto Voip
• Remark – Remark the voice traffic with the specified 802.1p priority value at the ingress interface. • Traffic Class – Assign VoIP traffic to the specified traffic class when egressing the interface. ExtremeSwitching 200 Series: Administration Guide...
Page 315: Configuring Class Of Service
Use the IP DSCP Mapping Configuration page to map an IP DSCP value to an internal traffic class. To display the IP DSCP Mapping Configuration page, click QoS > Class of Service > IP DSCP in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 316: Interface Queue Configuration
Each port has its own CoS queue-related configuration. The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per-port. A global configuration change is automatically applied to all ports in the system. ExtremeSwitching 200 Series: Administration Guide...
Page 317: Configuring Diffserv
A policy can contain multiples classes. When the policy is active, the actions taken depend on which class matches the packet. ExtremeSwitching 200 Series: Administration Guide...
Page 318: Diffserv Class Summary
To change the name of an existing class, select the entry to modify and click Rename. • To remove one or more configured classes, select each entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 319: Diffserv Class Configuration
N/A, and the previously referenced class is removed. To display this page, click QoS > Diffserv > Class Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 320 Select this option to require the Class of Service (CoS) value in an Ethernet frame header to match the specified CoS value. Secondary Class of Service Select this option to require the secondary CoS value in an Ethernet frame header to match the specified secondary CoS value. ExtremeSwitching 200 Series: Administration Guide...
Page 321 For example, if the MAC address is aa:bb:cc:dd:ee:ff, and the mask is ff:ff:00:00:00:00, all MAC addresses with aa:bb:xx:xx:xx:xx result in a match (where x is any hexadecimal number). Note that this is not a wildcard mask, which ACLs use. ExtremeSwitching 200 Series: Administration Guide...
Page 322 • Port Start – The source port with the highest value within the range of ports. This field is not required if the match criteria is a single port. ExtremeSwitching 200 Series: Administration Guide...
Page 323 The flow label is a 20-bit number that is unique to an IPv6 packet, used by end stations to signify quality-of-service handling in routers. Click Refresh to update the page with the most current data from the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 324: Diffserv Policy Summary
Add Attribute. • To remove the most recently associated class from the selected policy, click Remove Last Class. To display the Diffserv Policy Configuration page, click QoS > Diffserv > Policy Configuration in the navigation menu. ExtremeSwitching 200 Series: Administration Guide...
Page 325 LAG) without bypassing normal packet forwarding. This action can occur in addition to any marking or policing action. It may also be specified along with a QoS queue assignment. Use the Interface menu to select the interface to which traffic is mirrored. ExtremeSwitching 200 Series: Administration Guide...
Page 326 Exceed Action – The action taken on packets that are considered to exceed the committed burst size but are within the excessive burst size. • Violate Action – The action taken on packets that are considered non- conforming (above the police rate). ExtremeSwitching 200 Series: Administration Guide...
Page 327: Diffserv Service Summary
To edit a configured interface-policy association, select the entry to modify and click Edit. • To remove one or more configured interface-policy associations, select each entry to delete and click Remove. You must confirm the action before the entry is deleted. ExtremeSwitching 200 Series: Administration Guide...
Page 328 In – The policy is applied to traffic as it enters the interface. • Out – The policy is applied to traffic as it exits the interface. Status The operational status of this service interface, either Up or Down. ExtremeSwitching 200 Series: Administration Guide...
Page 329 DiffServ treatment is applied. This is the overall count per- interface, per-direction. Packets Discarded The total number of packets discarded for all class instances in this service policy for any reason due to DiffServ treatment. This is the overall count per-interface, per-direction. ExtremeSwitching 200 Series: Administration Guide...
Page 330 Configuring Quality of Service Click Refresh to update the page with the most current data from the switch. ExtremeSwitching 200 Series: Administration Guide...
Page 331: Appendix A: Configuration Examples
Configuring Port Mirroring Bidirectional Forwarding Detection This appendix contains examples of how to configure selected features available in the 200 Series software. Each example contains procedures on how to configure the feature by using the web interface, and/or CLI, and/or SNMP (Simple Network Management Protocol).
Page 332 15 In the Acceptable Frame Types field, select AdmitTaggedOnly to specify that untagged frames will be rejected on receipt. 16 Click Submit. 17 From the Interface menu, select 1/0/2. 18 In the Port VLAN ID field, enter 3 to assign VLAN 3 as the default VLAN for the port. ExtremeSwitching 200 Series: Administration Guide...
Page 333: Configuration Examples
3 exit interface1/0/4 vlan participation include 3 exit exit 6 Specify that untagged frames will be accepted on port 1/0/4. (Extreme 220) (Routing) #Config interface1/0/4 vlan acceptframe all exit exit ExtremeSwitching 200 Series: Administration Guide...
Page 334 3 To specify that frames will always be transmitted tagged from ports that are members of VLAN 2, use the dot1qVlanStaticUntaggedPorts object and set the value of the appropriate number of octets to 0. Each octet represents eight ports, so for a 48-port switch, the first six octets would be zero. ExtremeSwitching 200 Series: Administration Guide...
Page 335: Configuring Multiple Spanning Tree Protocol
Changing the configuration name allows all the bridges that want to be part of the same region to join. a Go to the Switching > Spanning Tree > Switch page. b From the Spanning Tree Admin Mode menu, select Enable. c In the Configuration Name field, enter extreme. d Click Submit. ExtremeSwitching 200 Series: Administration Guide...
Page 336: Using The Cli To Configure Mstp
7 Change the priority of MST ID 20 to ensure the other bridge is the root bridge. spanning-tree mst priority 20 61440 8 Enable STP on interface 1/0/1 interface 1/0/1 spanning-tree port mode exit 9 Enable STP on interface 1/0/2 interface 1/0/2 spanning-tree port mode ExtremeSwitching 200 Series: Administration Guide...
Page 337 Use the objects in dot1qVlanStaticTable (in dot1qVlan in the QBRIDGE-MIB module) to create VLANs 10 and 20. 2 To enable spanning tree globally, set the agentStpAdminMode object in the 200 Series-SWITCHING- MIB module to enable (2). The full path to the object is iso(1).org(3).dod(6).internet(1).private(4).enterprises(1).broadcom(4413).
Page 338: Configuring Vlan Routing
1/0/2 to force the port to be the root port on the non-root bridge. Configuring VLAN Routing This section provides an example of how to configure 200 Series software to support VLAN routing. The configuration of the VLAN router port is similar to that of a physical port. The main difference is that, after the VLAN has been created, you must use the show ip vlan command to determine the VLAN’s interface ID so that you can use it in the router configuration commands.
Page 339 192.150.3.1 255.255.255.0 exit interface 0/4/2 ip address 192.150.4.1 255.255.255.0 exit exit Using SNMP to Configure VLAN Routing While setting the IP address for the VLAN interface, the agentSwitchIpInterfaceIpAddress and agentSwitchIpInterfaceNetMask should be set together. ExtremeSwitching 200 Series: Administration Guide...
Page 340 7 Set the agentSwitchIpRoutingMode object to enable (1) to enable routing for the switch: 8 Use the agentSwitchIpInterfaceIpAddress and agentSwitchIpInterfaceIpMask objects in the agentSwitchIpInterfaceTable to configure the IP addresses and subnet mask for the virtual router ports. ExtremeSwitching 200 Series: Administration Guide...
Page 341: Configuring 802.1X Network Access Control
7 Enable 802.1X authentication on the switch. (Extreme 220) (Config)#dot1x system-auth-control 8 Set the 802.1X mode for port 1/0/1 to Force Authorized. (Extreme 220) (Config)#interface 1/0/1 (Extreme 220) (Interface 1/0/1)#dot1x port-control force-authorized (Extreme 220) (Interface 1/0/1)#exit ExtremeSwitching 200 Series: Administration Guide...
Page 342: Configuring Authentication Tiering
Configuring Authentication Tiering Using the Web Interface on page 342 • Configuring Authentication Tiering Using the CLI on page 343 Configuring Authentication Tiering Using the Web Interface To configure Authentication Tiering through the web interface: ExtremeSwitching 200 Series: Administration Guide...
Page 343: Configuring Differentiated Services For Voip
The configuration script is for Router 1 in Figure 9. A similar script should be applied to Router 2. ExtremeSwitching 200 Series: Administration Guide...
Page 344 2 Create a DiffServ classifier named 'class_voip' and define a single match criterion to detect UDP packets. The class type match-all indicates that all match criteria defined for the class must be satisfied in order for a packet to be considered a match. class-map match-all class_voip match protocol udp exit ExtremeSwitching 200 Series: Administration Guide...
Page 345 DSCP of EF (46). This handles incoming traffic that was previously marked as expedited elsewhere in the network. 9 Use the agentDiffServPolicyRowStatus object in the agentDiffServPolicyTable to create a DiffServ policy. Set the value to CreateAndGo (4). ExtremeSwitching 200 Series: Administration Guide...
Page 346: Igmp And Mld Snooping Switches
Multicast listeners can register to an IP multicast group by sending an IGMP Report message in response to a general query from a multicast router or by sending an unsolicited IGMP Report message. When the snooping switch processes an IGMP Report message, it creates an entry in the Layer 2 ExtremeSwitching 200 Series: Administration Guide...
Page 347 When processing a packet whose destination MAC address is a multicast address, an IEEE standard bridge forwards a copy of the packet to each of the remaining network interfaces that are members of the same VLAN. ExtremeSwitching 200 Series: Administration Guide...
Page 348: Snooping Switch Restrictions
IGMP snooping is a Layer 2 feature and is achieved by using the Layer 2 multicast forwarding table. However when multicast routing is enabled on a 200 Series switch, Layer 2 multicast forwarding entries do not affect multicast data forwarding. Instead, corresponding IP multicast table entries need to be created to achieve similar behavior.
Page 349: Configuring Igmp Snooping Parameters
(Interface Config mode): console(Interface 1/0/1) #set igmp mcrtrexpiretime 60 The following example shows how to configure the multicast router attached ports expiry interval on VLAN 10 (VLAN Config mode): console(config-vlan) #set igmp mcrtrexpiretime 10 60 ExtremeSwitching 200 Series: Administration Guide...
Page 350: Configuring Port Mirroring
A port monitoring session includes one or more source ports that mirror traffic to a single destination port. 200 Series software supports a single port monitoring session. LAGs (port channels) cannot be used as the source or destination ports.
Page 351: Bidirectional Forwarding Detection
In a network device, BFD is presented as a service to its user applications, providing them options to create and destroy a session with a peer device and reporting upon the session status. On 200 Series switches, BGP (Border Gateway Protocol) can use BFD for monitoring of their neighbors' availability in the network and for fast detection of connection faults with them.
Page 352 BFD intervals. 3 Configure BGP to use BFD for fast detection of faults between neighboring devices. A neighboring device IP address (Router) (Config)#router bgp (Router) (Config-router)# neighbor 172.16.11.6 fall-over bfd (Router) (Config-router)# exit ExtremeSwitching 200 Series: Administration Guide...
Page 353: Glossary
0.0.0.0. All areas in an Autonomous System (AS) must connect to the backbone area. Border Gateway Protocol is a router protocol in the IP suite designed to exchange network reachability information with BGP systems in other autonomous systems. You use a fully meshed configuration with BGP. ExtremeSwitching 200 Series: Administration Guide...
Page 354 Connectivity Fault Management allows an ISP to proactively detect faults in the network for each customer service instance individually and separately. CFM comprises capabilities for detecting, verifying, and isolating connectivity failures in virtual bridged LANs. CHAP ExtremeSwitching 200 Series: Administration Guide...
Page 355 Data Center Bridging is a set of IEEE 802.1Q extensions to standard Ethernet, that provide an operational framework for unifying Local Area Networks (LAN), Storage Area Networks (SAN) and Inter-Process Communication (IPC) traffic between switches and endpoints onto a single transport layer. DHCP ExtremeSwitching 200 Series: Administration Guide...
Page 356 EAP-TLS provides for certificate-based and mutual authentication of the client and the network. It relies on client-side and server-side certificates to perform authentication and can be used to dynamically generate user-based and session-based WEP (Wired Equivalent Privacy) keys. ExtremeSwitching 200 Series: Administration Guide...
Page 357 FDB are flooded to all members of the VLAN. For some types of entries, you configure the time it takes for the specific entry to age out of the FDB. ExtremeSwitching 200 Series: Administration Guide...
Page 358 Protocol) is the protocol used to transport mail to an IMAP server. The current version is IMAP4. It is similar to POP3 (Post Office Protocol version 3), but offers additional features. For example, the IMAP4 protocol leaves your email messages on the server rather than ExtremeSwitching 200 Series: Administration Guide...
Page 359 100 Mbps of full-duplex bandwidth into one logical link, you can create up to 800 Mbps of bandwidth. Thus, you increase bandwidth and availability by using a group of ports to carry traffic in parallel between switches. ExtremeSwitching 200 Series: Administration Guide...
Page 360 MPLS-TP is expected to be a low cost level 2 technology (if the limited profile is implemented in isolation) that will provide QoS (Quality of Service), end-to-end OAM (Operation Administration & Maintenance) and protection switching. ExtremeSwitching 200 Series: Administration Guide...
Page 361 DC and Colorado Springs, CO. Running as a continuous background client program on a computer, NTP sends periodic time requests to servers, obtaining server time stamps and using them to adjust the client's clock. (RFC 1305) ExtremeSwitching 200 Series: Administration Guide...
Page 362 STP. PVST is a earlier version of this protocol and is compatible with PVST+. QL In SyncE this is the Quality Level of a given clock source. This is received on a port in a SSM indicating the quality of the clock received in the port. ExtremeSwitching 200 Series: Administration Guide...
Page 363: Root Bridge
RSA is one of the first practicable public-key cryptosystems. It is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key which is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product ExtremeSwitching 200 Series: Administration Guide...
Page 364 SSL connection. SSL uses the public-and- private key encryption system, which includes the use of a digital certificate. SSL is used for other applications than SSH (Secure Shell), for example, OpenFlow. ExtremeSwitching 200 Series: Administration Guide...
Page 365 TACACS+ provides separate authentication, authorization, and accounting services. User passwords are administered in a central database rather than in individual routers, providing easily scalable network security solutions. ExtremeSwitching 200 Series: Administration Guide...
Page 366 User Datagram Protocol is an efficient but unreliable, connectionless protocol that is layered over IP (as is TCP (Transmission Control Protocol)). Application programs must supplement the protocol to provide error processing and retransmitting data. UDP is an OSI Layer 4 protocol. ExtremeSwitching 200 Series: Administration Guide...
Page 367: Virtual Router
Wired Equivalent Privacy is a security protocol for WLAN (Wireless Local Area Network)s defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. WLAN Wireless Local Area Network. ExtremeSwitching 200 Series: Administration Guide...
Page 368 CA (Certificate Authority) can also be used. Also part of the encryption mechanism are 802.1x for dynamic key distribution and MIC (Message Integrity Check or Code ). WPA requires that all computers and devices have WPA software. ExtremeSwitching 200 Series: Administration Guide...
Page 369: Index
VLAN port tagging 338 VLAN routing 338 ip address 338 ip routing 338 web interface: panel 17 listener, MSRP 251 Management Information Base 141 MD5 98 Message digest 5 98 MIB 141 MMRP:definition 251 MMRP:statistics 254 MRP:global settings 252 MRP:port settings 253 MSRP:definition 251 Multiple Registration Protocol 251 Object ID 141 OID 141 ExtremeSwitching 200 Series: Administration Guide...

ExtremeSwitching 200 Series Administration Manual

Preface

Chapter 1: Getting Started

Chapter 2: Getting Started with Stacking

Chapter 3: Configuring System Information

Chapter 4: Configuring Switching Information

Chapter 5: Configuring Routing

Chapter 6: Managing Device Security

Chapter 7: Configuring Ipv6

Chapter 8: Configuring Quality of Service

Appendix A: Configuration Examples

Glossary

Index

Quick Links

Need help?

Questions and answers

Summary of Contents for ExtremeSwitching 200 Series