Download Print this page

Edge-Core ECS4620-28T Quick Start Manual

Edge-Core ECS4620-28T Quick Start Manual

28/52-port l3 stackable gigabit ethernet switch

Hide thumbs Also See for ECS4620-28T:

Installation manual (59 pages)

,

Quick start manual (9 pages)

,

Cli reference manual (1260 pages)

Table of Contents

Table of Contents

Advertisement

Quick Links

See also: Cli Reference Manual , Installation Manual

Quick Star t Guide

28/52-Port L3 Stackable Gigabit Ethernet Switch

ECS4620-28T / ECS4620-28P / ECS4620-28F

ECS4620-52T / ECS4620-52P

ECS4620-28T

ECS4620-28P

ECS4620-28F

ECS4620-52T

ECS4620-52P

www.edge-core.com

The ECS4620-28T, ECS4620-28P, ECS4620-52T, and ECS4620-52P are stackable

Layer 3 switches that provide 24/48 10/100/1000BASE-T RJ-45 ports, and two 10

Gigabit (10G) Small Form Factor Pluggable Plus (SFP+) slots that support 1G and

10G transceivers. The ECS4620-28F is a Layer 3 switch that provides 22 SFP 1G

transceiver slots, two combination Gigabit RJ-45/SFP ports, and two 10G SFP+ slots.

The ECS4620-28P and ECS4620-52P also provide Power-over-Ethernet Plus (PoE+)

capability on the RJ-45 ports.

All switches also provide one rear-panel slot for a dual-port 10G hot-swappable

expansion module.

Note:

For detailed switch installation information, refer to the Installation Guide,

which is on the Documentation CD included with the switch.

Note:

For Safety and Regulatory information, refer to the Safety and Regulatory

Information document included with the switch.

– 1 –

E072014-CS-R03

150200000789A

Table of Contents

Advertisement

Chapters

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the ECS4620-28T and is the answer not in the manual?

Questions and answers

Summary of Contents for Edge-Core ECS4620-28T

Page 1 ECS4620-28T / ECS4620-28P / ECS4620-28F ECS4620-52T / ECS4620-52P The ECS4620-28T, ECS4620-28P, ECS4620-52T, and ECS4620-52P are stackable Layer 3 switches that provide 24/48 10/100/1000BASE-T RJ-45 ports, and two 10 Gigabit (10G) Small Form Factor Pluggable Plus (SFP+) slots that support 1G and 10G transceivers.
Page 2 1. Unpack the Switch Unpack the switch and check the package contents. ◆ L3 Stackable Gigabit Ethernet Switch ECS4620-28T, ECS4620-28P, ECS4620-28F, ECS4620-52T, or ECS4620-52P ◆ Rack Mounting Kit — includes two brackets and eight screws ◆ Four adhesive foot pads ◆...
Page 3 4. Connect Power Connect the switch to an AC power source that can provide the following: ◆ ECS4620-28T: 100 to 240 V, 50-60 Hz, 1.5 A ◆ ECS4620-28P: 100 to 240 V, 50-60 Hz, 10 A ◆...
Page 4 Quick Start Guide 5. Verify Switch Verify basic switch operation by checking the system LEDs. Operation When operating normally, the Diag and Power LEDs should both be on green. System Status LEDs. 6. Make Initial At this point you may need to make a few basic switch configuration changes Configuration before connecting to the network.
Page 5 Quick Start Guide 7. Connect Network Install SFP/SFP+ transceivers and connect network cables to port interfaces: Cables ◆ For RJ-45 ports, use 100-ohm Category 5, 5e or better twisted-pair cable for 1000BASE-T connections, Category 5 or better for 100BASE-TX connections, and Category 3 or better for 10BASE-T connections.
Page 6: Quick Start Guide
Specification Chassis Specifications SIze (W x D x H) ECS4620-28T/P/F: 44.0 x 31.5 x 4.4 cm (17.3 x 12.4 x 1.7 in.) ECS4620-52T/P: 44.0 x 39.1 x 4.4 cm (17.3 x 15.4 x 1.7 in.) Weight ECS4620-28T: 3.7 kg (8.16 lb) ECS4620-28P: 4.5 kg (9.92 lb)
Page 7 ECS4620-28T/P/F ECS4620-28T/F-DC W e b M a n a g e m e n t G u i d e ECS4620-52T/P 28/52-Port Layer 3 Stackable GE Switch Software Release v1.2.2.0 www.edge-core.com...
Page 8 W e b M a n a g e m e n t G u i d e ECS4620-28T Stackable GE Switch Layer 3 Stackable Gigabit Ethernet Switch with 24 10/100/1000BASE-T (RJ-45) Ports, 2 10-Gigabit SFP+ Ports, and Optional Module with 2 10-Gigabit SFP+ Ports...
Page 9: How To Use This Guide
How to Use This Guide This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Page 10 Added information for ECS4620-28F-DC. July 2014 Revision This is the third version of this guide. This guide is valid for software release v1.2.2.0. It contains the following changes: ◆ Added information for ECS4620-28T-DC. ◆ Added "Issuing MAC Address Traps" on page 205.
Page 11 How to Use This Guide ◆ Updated command usage and parameter information under "Configuring Static Bindings for IPv4 Source Guard" on page 370. ◆ Updated parameter information under "Configuring VLAN Settings for ARP Inspection" on page 344. ◆ Added "UDLD Configuration" on page 533.
Page 12 How to Use This Guide ◆ Updated command usage section under "Configuring Port Security" on page 351. ◆ Updated command usage section under "Setting the Port PoE Power Budget" on page 418. ◆ Updated private traps in Table 29, "Supported Notification Messages, " on page 429.
Page 13: Table Of Contents
Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Key Features Description of Software Features IP Routing Equal-cost Multipath Load Balancing Router Redundancy Address Resolution Protocol Operation, Administration, and Maintenance System Defaults Section II Web Configuration 2 Using the Web Interface Connecting to the Web Interface...
Page 14 Contents 3 Basic Management Tasks Displaying System Information Displaying Hardware/Software Versions Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File Setting the Start-up File Showing System Files Automatic Operation Code Upgrade Setting the System Clock...
Page 15 Contents Displaying Transceiver Data Configuring Transceiver Thresholds Performing Cable Diagnostics Trunk Configuration Configuring a Static Trunk Configuring a Dynamic Trunk Displaying LACP Port Counters Displaying LACP Settings and Status for the Local Side Displaying LACP Settings and Status for the Remote Side Configuring Load Balancing Saving Power Traffic Segmentation...
Page 16 Contents Changing the Aging Time Displaying the Dynamic Address Table Clearing the Dynamic Address Table Configuring MAC Address Mirroring Issuing MAC Address Traps 7 Spanning Tree Algorithm Overview Configuring Loopback Detection Configuring Global Settings for STA Displaying Global Settings for STA Configuring Interface Settings for STA Displaying Interface Settings for STA Configuring Multiple Spanning Trees...
Page 17 Contents Attaching a Policy Map to a Port 11 VoIP Traffic Configuration Overview Configuring VoIP Traffic Configuring Telephony OUI Configuring VoIP Traffic Ports 12 Security Measures AAA (Authentication, Authorization and Accounting) Configuring Local/Remote Logon Authentication Configuring Remote Logon Authentication Servers Configuring AAA Accounting Configuring AAA Authorization Configuring User Accounts...
Page 18 Contents Configuring an Extended IPv4 ACL Configuring a Standard IPv6 ACL Configuring an Extended IPv6 ACL Configuring a MAC ACL Configuring an ARP ACL Binding a Port to an Access Control List Configuring ACL Mirroring Showing ACL Hardware Counters ARP Inspection Configuring Global Settings for ARP Inspection Configuring VLAN Settings for ARP Inspection Configuring Interface Settings for ARP Inspection...
Page 19 Contents 13 Basic Administration Protocols Configuring Event Logging System Log Configuration Remote Log Configuration Sending Simple Mail Transfer Protocol Alerts Link Layer Discovery Protocol Setting LLDP Timing Attributes Configuring LLDP Interface Attributes Configuring LLDP Interface Civic-Address Displaying LLDP Local Device Information Displaying LLDP Remote Device Information Displaying Device Statistics Power over Ethernet...
Page 20 Contents Managing Cluster Members Ethernet Ring Protection Switching ERPS Global Configuration ERPS Ring Configuration ERPS Forced and Manual Mode Operations Connectivity Fault Management Configuring Global Settings for CFM Configuring Interfaces for CFM Configuring CFM Maintenance Domains Configuring CFM Maintenance Associations Configuring Maintenance End Points Configuring Remote Maintenance End Points Transmitting Link Trace Messages...
Page 21 Contents 14 Multicast Filtering Overview Layer 2 IGMP (Snooping and Query for IPv4) Configuring IGMP Snooping and Query Parameters Specifying Static Interfaces for a Multicast Router Assigning Interfaces to Multicast Services Setting IGMP Snooping Status per Interface Filtering IGMP Query Packets and Multicast Data Displaying Multicast Groups Discovered by IGMP Snooping Displaying IGMP Snooping Statistics Filtering and Throttling IGMP Groups...
Page 22 Contents Multicast VLAN Registration for IPv6 Configuring MVR6 Global Settings Configuring MVR6 Domain Settings Configuring MVR6 Group Address Profiles Configuring MVR6 Interface Status Assigning Static MVR6 Multicast Groups to Interfaces Displaying MVR6 Receiver Groups Displaying MVR6 Statistics 15 IP Configuration Setting the Switch’s IP Address (IP Version 4) Sending DHCP Inform Requests for Additional Information Setting the Switch’s IP Address (IP Version 6)
Page 23 Contents Configuring the PPPoE Intermediate Agent Configuring PPPoE IA Global Settings Configuring PPPoE IA Interface Settings Showing PPPoE IA Statistics 17 General IP Routing Overview Initial Configuration IP Routing and Switching Routing Path Management Routing Protocols Configuring IP Routing Interfaces Configuring Local and Remote Interfaces Using the Ping Function Using the Trace Route Function...
Page 24 Contents Specifying Static Neighbors Configuring Route Redistribution Specifying an Administrative Distance Configuring Network Interfaces for RIP Displaying RIP Interface Settings Displaying Peer Router Information Resetting RIP Statistics Configuring the Open Shortest Path First Protocol (Version 2) Defining Network Areas Based on Addresses Configuring General Protocol Settings Displaying Administrative Settings and Statistics Adding an NSSA or Stub...
Page 25 Contents Configuring a PIM RP Candidate Displaying the PIM BSR Router Displaying PIM RP Mapping Configuring PIMv6 for IPv6 Enabling PIMv6 Globally Configuring PIMv6 Interface Settings Displaying PIM6 Neighbor Information Configuring Global PIM6-SM Settings Configuring a PIM6 BSR Candidate Configuring a PIM6 Static Rendezvous Point Configuring a PIM6 RP Candidate Displaying the PIM6 BSR Router Displaying RP Mapping...
Page 26 Contents – 20 –...
Page 27: Figures
Figures Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Configuring Automatic Code Upgrade...
Page 28 Figures Figure 30: Restarting the Switch (At) Figure 31: Restarting the Switch (Regularly) Figure 32: Configuring Connections by Port List Figure 33: Configuring Connections by Port Range Figure 34: Displaying Port Information Figure 35: Configuring Local Port Mirroring Figure 36: Configuring Local Port Mirroring Figure 37: Displaying Local Port Mirror Sessions Figure 38: Configuring Remote Port Mirroring Figure 39: Configuring Remote Port Mirroring (Source)
Page 29 Figures Figure 65: Configuring Members for Traffic Segmentation Figure 66: Showing Traffic Segmentation Members Figure 67: Configuring VLAN Trunking Figure 68: Configuring VLAN Trunking Figure 69: VLAN Compliant and VLAN Non-compliant Devices Figure 70: Using GVRP Figure 71: Creating Static VLANs Figure 72: Modifying Settings for Static VLANs Figure 73: Showing Static VLANs Figure 74: Configuring Static Members by VLAN Index...
Page 30 Figures Figure 100: Configuring Static MAC Addresses Figure 101: Displaying Static MAC Addresses Figure 102: Setting the Address Aging Time Figure 103: Displaying the Dynamic MAC Address Table Figure 104: Clearing Entries in the Dynamic MAC Address Table Figure 105: Mirroring Packets Based on the Source MAC Address Figure 106: Showing the Source MAC Addresses to Mirror Figure 107: Issuing MAC Address Traps (Global Configuration) Figure 108: Issuing MAC Address Traps (Interface Configuration)
Page 31 Figures Figure 135: Setting the Queue Mode (Strict) Figure 136: Setting the Queue Mode (WRR) Figure 137: Setting the Queue Mode (Strict and WRR) Figure 138: Mapping CoS Values to Egress Queues Figure 139: Showing CoS Values to Egress Queue Mapping Figure 140: Setting the Trust Mode Figure 141: Configuring DSCP to DSCP Internal Mapping Figure 142: Showing DSCP to DSCP Internal Mapping...
Page 32 Figures Figure 170: Displaying a Summary of Applied AAA Accounting Methods Figure 171: Displaying Statistics for AAA Accounting Sessions Figure 172: Configuring AAA Authorization Methods Figure 173: Showing AAA Authorization Methods Figure 174: Configuring AAA Authorization Methods for Exec Service Figure 175: Displaying the Applied AAA Authorization Method Figure 176: Configuring User Accounts Figure 177: Showing User Accounts...
Page 33 Figures Figure 205: Configuring a ARP ACL Figure 206: Binding a Port to an ACL Figure 207: Configuring ACL Mirroring Figure 208: Showing the VLANs to Mirror Figure 209: Showing ACL Statistics Figure 210: Configuring Global Settings for ARP Inspection Figure 211: Configuring VLAN Settings for ARP Inspection Figure 212: Configuring Interface Settings for ARP Inspection Figure 213: Displaying Statistics for ARP Inspection...
Page 34 Figures Figure 240: Configuring SMTP Alert Messages Figure 241: Configuring LLDP Timing Attributes Figure 242: Configuring LLDP Interface Attributes Figure 243: Configuring the Civic Address for an LLDP Interface Figure 244: Showing the Civic Address for an LLDP Interface Figure 245: Displaying Local Device Information for LLDP (General) Figure 246: Displaying Local Device Information for LLDP (Port) Figure 247: Displaying Local Device Information for LLDP (Port Details) Figure 248: Displaying Remote Device Information for LLDP (Port)
Page 35 Figures Figure 275: Showing SNMP Notification Logs Figure 276: Showing SNMP Statistics Figure 277: Configuring an RMON Alarm Figure 278: Showing Configured RMON Alarms Figure 279: Configuring an RMON Event Figure 280: Showing Configured RMON Events Figure 281: Configuring an RMON History Sample Figure 282: Showing Configured RMON History Samples Figure 283: Showing Collected RMON History Samples Figure 284: Configuring an RMON Statistical Sample...
Page 36 Figures Figure 310: Showing Maintenance Associations Figure 311: Configuring Detailed Settings for Maintenance Associations Figure 312: Configuring Maintenance End Points Figure 313: Showing Maintenance End Points Figure 314: Configuring Remote Maintenance End Points Figure 315: Showing Remote Maintenance End Points Figure 316: Transmitting Link Trace Messages Figure 317: Transmitting Loopback Messages Figure 318: Transmitting Delay-Measure Messages...
Page 37 Figures Figure 345: Dropping IGMP Query or Multicast Data Packets Figure 346: Showing Multicast Groups Learned by IGMP Snooping Figure 347: Displaying IGMP Snooping Statistics – Query Figure 348: Displaying IGMP Snooping Statistics – VLAN Figure 349: Displaying IGMP Snooping Statistics – Port Figure 350: Enabling IGMP Filtering and Throttling Figure 351: Creating an IGMP Filtering Profile Figure 352: Showing the IGMP Filtering Profiles Created...
Page 38 Figures Figure 380: Assigning Static MVR Groups to an Interface Figure 381: Showing the Static MVR Groups Assigned to a Port Figure 382: Displaying MVR Receiver Groups Figure 383: Displaying MVR Statistics – Query Figure 384: Displaying MVR Statistics – VLAN Figure 385: Displaying MVR Statistics –...
Page 39 Figures Figure 415: Showing the List of Domain Names for DNS Figure 416: Configuring a List of Name Servers for DNS Figure 417: Showing the List of Name Servers for DNS Figure 418: Configuring Static Entries in the DNS Table Figure 419: Showing Static Entries in the DNS Table Figure 420: Showing Entries in the DNS Cache Figure 421: Specifying A DHCP Client Identifier...
Page 40 Figures Figure 450: Configuring Static Routes Figure 451: Displaying Static Routes Figure 452: Displaying the Routing Table Figure 453: Setting the Maximum ECMP Number Figure 454: Master Virtual Router with Backup Routers Figure 455: Several Virtual Master Routers Using Backup Routers Figure 456: Several Virtual Master Routers Configured for Mutual Backup and Load Sharing 688 Figure 457: Configuring the VRRP Group ID Figure 458: Showing Configured VRRP Groups...
Page 41 Figures Figure 485: Showing OSPF Network Areas Figure 486: Showing OSPF Process Identifiers Figure 487: AS Boundary Router Figure 488: Configure General Settings for OSPF Figure 489: Showing General Settings for OSPF Figure 490: Adding an NSSA or Stub Figure 491: Showing NSSAs or Stubs Figure 492: OSPF NSSA Figure 493: Configuring Protocol Settings for an NSSA Figure 494: OSPF Stub Area...
Page 42 Figures Figure 520: Displaying the IPv6 Multicast Routing Table Figure 521: Displaying Detailed Entries from IPv6 Multicast Routing Table Figure 522: Enabling PIM Multicast Routing Figure 523: Configuring PIM Interface Settings (Dense Mode) Figure 524: Configuring PIM Interface Settings (Sparse Mode) Figure 525: Showing PIM Neighbors Figure 526: Configuring Global Settings for PIM-SM Figure 527: Configuring a PIM-SM BSR Candidate...
Page 43: Tables
Tables Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Switch Main Menu Table 5: Port Statistics Table 6: LACP Port Counters Table 7: LACP Internal Configuration Information Table 8: LACP Remote Device Configuration Information Table 9: Traffic Segmentation Forwarding Table 10: Recommended STA Path Cost Range Table 11: Default STA Path Costs...
Page 44 Tables Table 30: ERPS Request/State Priority Table 31: Remote MEP Priority Levels Table 32: MEP Defect Descriptions Table 33: OAM Operation State Table 34: Remote Loopback Status Table 35: Show IPv6 Neighbors - display description Table 36: Show IPv6 Statistics - display description Table 37: Show MTU - display description Table 38: Options 60, 66 and 67 Statements Table 39: Options 55 and 124 Statements...
Page 45: Getting Started
Section I Getting Started This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: ◆ "Introduction" on page 41 –...
Page 46 Section I | Getting Started – 40 –...
Page 47: Table 1: Key Features
Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
Page 48 Chapter 1 | Introduction Key Features (Continued) Table 1: Key Features Feature Description Address Table 16K MAC addresses in the forwarding table, 1K static MAC addresses; 1760 entries in the ARP cache, 256 static ARP entries, 3836 dynamic ARP entries; 512 static IP routes, 512 IP interfaces;...
Page 49: Description Of Software Features
Chapter 1 | Introduction Description of Software Features Description of Software Features The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network.
Page 50 Chapter 1 | Introduction Description of Software Features server located in a different network. And DHCP Relay Option 82 controls the processing of Option 82 information in DHCP request packets relayed by this device. Port Configuration You can manually configure the speed, duplex mode, and flow control used on specific ports, or use auto-negotiation to detect the connection settings used by the attached device.
Page 51 Chapter 1 | Introduction Description of Software Features source IP/MAC address pairs based on static entries or entries stored in the DHCP Snooping table. IEEE 802.1D Bridge The switch supports IEEE 802.1D transparent bridging. The address table facilitates data switching by learning addresses, and then filtering or forwarding traffic based on this information.
Page 52 Chapter 1 | Introduction Description of Software Features Virtual LANs The switch supports up to 4094 VLANs. A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network. The switch supports tagged VLANs based on the IEEE 802.1Q standard.
Page 53: Ip Routing
Chapter 1 | Introduction Description of Software Features Quality of Service Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per-hop basis. Each packet is classified upon entry into the network based on access lists, IP Precedence or DSCP values, or VLAN lists.
Page 54: Equal-Cost Multipath Load Balancing
Chapter 1 | Introduction Description of Software Features Policy-based Routing for BGP – The next-hop behavior for ingress IP traffic can be determined based on matching criteria. Equal-cost Multipath When multiple paths to the same destination and with the same path cost are Load Balancing found in the routing table, the Equal-cost Multipath (ECMP) algorithm first checks if the cost is lower than that of any other routing entries.
Page 55: Table 2: System Defaults
Chapter 1 | Introduction System Defaults shared by hosts residing in other standard or private VLAN groups, while preserving security and data isolation for normal traffic. Link Layer Discovery LLDP is used to discover basic information about neighboring devices within the Protocol local broadcast domain.
Page 56 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Authentication and Privileged Exec Level Username “admin” Security Measures Password “admin” Normal Exec Level Username “guest” Password “guest” Enable Privileged Exec from Password “super” Normal Exec Level RADIUS Authentication Disabled TACACS+ Authentication...
Page 57 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Congestion Control Rate Limiting Disabled Storm Control Broadcast: Enabled (64 kbits/sec) Multicast: Disabled Unknown Unicast: Disabled Auto Traffic Control Disabled Address Table Aging Time 300 seconds Spanning Tree Algorithm Status Enabled, RSTP...
Page 58 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Enabled Cache Timeout: 20 minutes Proxy: Disabled Unicast Routing Disabled OSPF Disabled OSPFv3 Disabled BGPv4 Disabled Multicast Routing PIMv4 Disabled PIMv6 Disabled Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled...
Page 59: Web Configuration
Section II Web Configuration This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: ◆ "Using the Web Interface" on page 55 ◆ "Basic Management Tasks"...
Page 60 Section II | Web Configuration ◆ "Configuring Router Redundancy" on page 687 ◆ "Unicast Routing" on page 697 ◆ "Multicast Routing" on page 751 – 54 –...
Page 61: Using The Web Interface
Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 6, Mozilla Firefox 4, or Google Chrome 29, or more recent versions).
Page 62: Figure 1: Home Page
Figure 1: Home Page This manual covers the ECS4620-28T/52T Gigabit Ethernet switches, the ECS4620-28F and ECS620-28F-DC Gigabit Ethernet Fiber switch, the ECS4620-28T- DC Gigabit Ethernet switch, and the ECS4620-28P/52P Gigabit Ethernet PoE...
Page 63: Table 3: Web Page Configuration Buttons
Other than the difference in port types, and support for PoE (ECS4620- 28P/52P), there are no other significant differences. Therefore nearly all of the screen display examples are based on the ECS4620-28T. The panel graphics for all switch types are shown on the following page.
Page 64: Figure 2: Front Panel Indicators
The web agent displays an image of the switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex), or Flow Control (i.e., with or without flow control). Figure 2: Front Panel Indicators ECS4620-28T ECS4620-28P ECS4620-28F ECS4620-52T...
Page 65: Table 4: Switch Main Menu
Chapter 2 | Using the Web Interface Navigating the Web Browser Interface Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 4: Switch Main Menu Menu Description...
Page 66 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Reset Restarts the switch immediately, at a specified time, after a specified delay, or at a periodic interval Interface Port General Configure by Port List...
Page 67 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Partner Configures parameters for link aggregation group members on the remote side Show Information Counters Displays statistics for LACP protocol messages Internal Displays configuration settings and operational state for the local side of a link aggregation...
Page 68 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP Tunnel IEEE 802.1Q (QinQ) Tunneling Configure Global Sets tunnel mode for the switch Configure Service Sets a CVLAN to SPVLAN mapping entry...
Page 69 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Mirror Mirrors traffic matching a specified source address from any port on the switch to a target port MAC Notification Configure Global Issues a trap when a dynamic MAC address is added or removed.
Page 70 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Priority Default Priority Sets the default priority for each port or trunk Queue Sets queue mode for the switch; sets the service weight for each queue that will use a weighted or hybrid mode Trust Mode Selects DSCP or CoS priority processing...
Page 71 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure OUI Maps the OUI in the source MAC address of ingress packets to the VoIP device manufacturer Show Shows the OUI telephony list Configure Interface Configures VoIP traffic settings for ports, including the way in which a...
Page 72 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows authorized users Modify Modifies user attributes Web Authentication Allows authentication and access to the network when 802.1X or Network Access authentication are infeasible or impractical Configure Global Configures general protocol settings...
Page 73 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Rule Shows the time specified by a rule Configure ACL Show TCAM Shows utilization parameters for TCAM Adds an ACL based on IP or MAC address filtering Show Shows the name and type of configured ACLs Add Rule...
Page 74 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page IP Source Guard Filters IP traffic based on static entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table Port Configuration Enables IP source guard and selects filter type per port Static Binding...
Page 75 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Remote Device Information Port/Trunk Displays information about a remote device connected to a port on this switch Port/Trunk Details Displays detailed information about a remote device connected to this switch Show Device Statistics...
Page 76 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure Notify Filter Creates an SNMP notification log Show Shows the configured notification logs Show Statistics Shows the status of SNMP communications RMON Remote Monitoring Configure Global...
Page 77 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Connectivity Fault Management Configure Global Configures global settings, including administrative status, cross-check start delay, link trace, and SNMP traps Configure Interface Configures administrative status on an interface Configure MD...
Page 78 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Link Trace Cache Shows information about link trace operations launched from this device Show Fault Notification Generator Displays configuration settings for the fault notification generator Show Continuity Check Error Displays CFM continuity check errors logged on this device Operation, Administration, and Maintenance...
Page 79 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Routing Static Routes Configures static routing entries Show Shows static routing entries Routing Table Show Information Shows all routing entries, including local, static and dynamic routes Configure ECMP Number Sets the maximum number of equal-cost paths to the same destination that can be installed in the routing table...
Page 80 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page IP Service Domain Name Service General Configure Global Enables DNS lookup; defines the default domain name appended to incomplete host names Add Domain Name Defines a list of domain names that can be appended to incomplete host names...
Page 81 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show IP Binding Displays addresses currently bound to DHCP clients UDP Helper General Enables UDP helper globally on the switch Forwarding Specifies the UDP destination ports for which broadcast traffic will be forwarded...
Page 82 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Filter Configure General Enables IGMP filtering for the switch Configure Profile Adds IGMP filter profile; and sets access mode Show Shows configured IGMP filter profiles Add Multicast Group Range...
Page 83 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Group Information Show Information Shows the current multicast groups learned through IGMP for each VLAN Show Detail Shows detailed information on each multicast group associated with a VLAN interface Multicast Routing General...
Page 84 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show VLAN Statistics Shows statistics for protocol messages and number of active groups Show Port Statistics Shows statistics for protocol messages and number of active groups Show Trunk Statistics Shows statistics for protocol messages and number of active groups MVR6...
Page 85 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Passive Interface Stops RIP broadcast and multicast messages from being sent on specified network interfaces Show Shows the configured passive interfaces Neighbor Address Configures the router to directly exchange routing information with a static neighbor...
Page 86 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Area Configure Area Adds NSSA or stub Add Area Shows configured NSSA or stub Show Area Configures settings for importing routes into or exporting routes Configure NSSA Area out of not-so-stubby areas Configures default cost, and settings for importing routes into a...
Page 87 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Enables PIM globally for the switch General Enables PIM per interface, and sets the mode to dense or sparse Interface Displays information neighboring PIM routers Neighbor...
Page 88 Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Information Displays information about the BSR Show BSR Router Displays the active RPs and associated multicast routing entries Show RP Mapping ECS4620-28T/52P – 82 –...
Page 89: Basic Management Tasks
Basic Management Tasks This chapter describes the following topics: ◆ Displaying System Information – Provides basic system description, including contact information. ◆ Displaying Hardware/Software Versions – Shows the hardware version, power status, and firmware versions ◆ Configuring Support for Jumbo Frames –...
Page 90: Figure 3: System Information
Chapter 3 | Basic Management Tasks Displaying System Information Displaying System Information Use the System > General page to identify the system by displaying information such as the device name, location and contact information. Parameters These parameters are displayed: ◆ System Description –...
Page 91: Displaying Hardware/Software Versions
Chapter 3 | Basic Management Tasks Displaying Hardware/Software Versions Displaying Hardware/Software Versions Use the System > Switch page to display hardware/firmware version numbers for the main board and management software, as well as the power status of the system. Parameters The following parameters are displayed: Main Board Information ◆...
Page 92: Figure 4: General Switch Information
Chapter 3 | Basic Management Tasks Configuring Support for Jumbo Frames Web Interface To view hardware and software version information. Click System, then Switch. Figure 4: General Switch Information Configuring Support for Jumbo Frames Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 10240 bytes for Gigabit Ethernet and 10 Gigabit Ethernet ports or trunks.
Page 93: Figure 5: Configuring Support For Jumbo Frames
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities Web Interface To configure support for jumbo frames: Click System, then Capability. Enable or disable support for jumbo frames. Click Apply. Figure 5: Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Use the System >...
Page 94: Figure 6: Displaying Bridge Extension Configuration
Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities ◆ Configurable PVID Tagging – This switch allows you to override the default Port VLAN ID (PVID used in frame tags) and egress status (VLAN-Tagged or Untagged) on each port. (Refer to “VLAN Configuration”...
Page 95: Managing System Files
Chapter 3 | Basic Management Tasks Managing System Files Managing System Files This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files. Copying Files via FTP/ Use the System > File (Copy) page to upload/download firmware or configuration TFTP or HTTP settings using FTP, TFTP or HTTP.
Page 96: Figure 7: Copy Firmware
Chapter 3 | Basic Management Tasks Managing System Files names is 32 characters for files on the switch or 127 characters for files on the server. (Valid characters: A-Z, a-z, 0-9, “. ” , “-”, “_”) Note: Up to two copies of the system software (i.e., the runtime firmware) can be stored in the file directory on the switch.
Page 97: Saving The Running Configuration To A Local File
Chapter 3 | Basic Management Tasks Managing System Files If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Saving the Running Use the System > File (Copy) page to save the current configuration settings to a Configuration to a local file on the switch.
Page 98: Figure 8: Saving The Running Configuration
Chapter 3 | Basic Management Tasks Managing System Files Figure 8: Saving the Running Configuration If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System > Reset menu. Setting the Use the System >...
Page 99: Figure 10: Displaying System Files
Chapter 3 | Basic Management Tasks Managing System Files Showing System Files Use the System > File (Show) page to show the files in the system directory, or to delete a file. Note: Files designated for start-up, and the Factory_Default_Config.cfg file, cannot be deleted.
Page 100 ◆ The switch-based search function is case-insensitive in that it will accept a file name in upper or lower case (i.e., the switch will accept ECS4620-28T.BIX from the server even though ECS4620-28T.bix was requested). However, keep in mind that the file systems of many operating systems such as Unix and most Unix- like systems (FreeBSD, NetBSD, OpenBSD, and most Linux distributions, etc.) are...
Page 101 Automatic Upgrade Location URL – Defines where the switch should search for the operation code upgrade file. The last character of this URL must be a forward slash (“/”). The ECS4620-28T.bix filename must not be included since it is automatically appended by the switch. (Options: ftp, tftp)
Page 102 Chapter 3 | Basic Management Tasks Managing System Files Examples The following examples demonstrate the URL syntax for a TFTP server at IP address 192.168.0.1 with the operation code image stored in various locations: tftp://192.168.0.1/ ■ The image file is in the TFTP root directory. tftp://192.168.0.1/switch-opcode/ ■...
Page 103: Figure 11: Configuring Automatic Code Upgrade
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 11: Configuring Automatic Code Upgrade If a new image is found at the specified location, the following type of messages will be displayed during bootup. Automatic Upgrade is looking for a new image New image detected: current version 1.2.1.3;...
Page 104: Figure 12: Manually Setting The System Clock
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the Time Use the System > Time (Configure General - Manual) page to set the system time on the switch manually without using SNTP. Manually Parameters The following parameters are displayed: ◆...
Page 105: Figure 13: Setting The Polling Interval For Sntp
Chapter 3 | Basic Management Tasks Setting the System Clock Setting the SNTP Use the System > Time (Configure General - SNTP) page to set the polling interval at which the switch will query the specified time servers. Polling Interval Parameters The following parameters are displayed: ◆...
Page 106: Figure 14: Configuring Ntp
Chapter 3 | Basic Management Tasks Setting the System Clock You can enable NTP authentication to ensure that reliable updates are received from only authorized NTP servers. The authentication keys and their associated key number must be centrally managed and manually distributed to NTP servers and clients.
Page 107: Figure 15: Specifying Sntp Time Servers
Chapter 3 | Basic Management Tasks Setting the System Clock Parameters The following parameters are displayed: ◆ SNTP Server IP Address – Sets the IPv4 or IPv6 address for up to three time servers. The switch attempts to update the time from the first server, if this fails it attempts an update from the next server in the sequence.
Page 108: Figure 16: Adding An Ntp Time Server
Chapter 3 | Basic Management Tasks Setting the System Clock ◆ Authentication Key – Specifies the number of the key in the NTP Authentication Key List to use for authentication with the configured server. NTP authentication is optional. If enabled on the System > Time (Configure General) page, you must also configure at least one key on the System >...
Page 109: Figure 18: Adding An Ntp Authentication Key
Chapter 3 | Basic Management Tasks Setting the System Clock Specifying NTP Authentication Keys Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list. Parameters The following parameters are displayed: ◆...
Page 110: Figure 19: Showing The Ntp Authentication Key List
Chapter 3 | Basic Management Tasks Setting the System Clock Figure 19: Showing the NTP Authentication Key List Setting the Time Zone Use the System > Time (Configure Time Zone) page to set the time zone. SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth’s prime meridian, zero degrees longitude, which passes through Greenwich, England.
Page 111: Figure 20: Setting The Time Zone
Chapter 3 | Basic Management Tasks Configuring the Console Port Figure 20: Setting the Time Zone Configuring the Console Port Use the System > Console menu to configure connection parameters for the switch’s console port. You can access the onboard configuration program by attaching a VT100 compatible device to the switch’s serial console port.
Page 112: Figure 21: Console Port Settings
Chapter 3 | Basic Management Tasks Configuring the Console Port ◆ Stop Bits – Sets the number of the stop bits transmitted per byte. (Range: 1-2; Default: 1 stop bit) ◆ Parity – Defines the generation of a parity bit. Communication protocols provided by some terminals can require a specific parity bit setting.
Page 113: Configuring Telnet Settings
Chapter 3 | Basic Management Tasks Configuring Telnet Settings Configuring Telnet Settings Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection. You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled/disabled and other parameters set, including the TCP port number, time outs, and a password.
Page 114: Figure 22: Telnet Connection Settings
Chapter 3 | Basic Management Tasks Displaying CPU Utilization authentication by a single global password as configured for the password command, or by passwords set up for specific user-name accounts. The default is for local passwords configured on the switch. Web Interface To configure parameters for the console port: Click System, then Telnet.
Page 115: Figure 23: Displaying Cpu Utilization
Chapter 3 | Basic Management Tasks Displaying Memory Utilization Figure 23: Displaying CPU Utilization Displaying Memory Utilization Use the System > Memory Status page to display memory utilization parameters. Parameters The following parameters are displayed: ◆ Free Size – The amount of memory currently free for use. ◆...
Page 116: Stacking
Chapter 3 | Basic Management Tasks Stacking Stacking This section describes the basic functions which enable a properly connected set of switches to function as a single logical entity for management purposes. For information on how to physically connect units into a stack, see the Hardware Installation Guide.
Page 117: Figure 25: Setting The Stack Master
Chapter 3 | Basic Management Tasks Stacking Click Apply. Figure 25: Setting the Stack Master Enabling Use the System > Stacking (Configure Stacking Button) page to enable stacking on the front panel 10G ports. Stacking Ports Command Usage ◆ The stacking ports must be enabled on all stack members. ◆...
Page 118: Figure 26: Enabling Stacking On 10G Ports
Chapter 3 | Basic Management Tasks Stacking Figure 26: Enabling Stacking on 10G Ports Renumbering If the units are no longer numbered sequentially after several topology changes or failures, use the System > Stacking (Renumber) page to reset the unit numbers. Just the Stack remember to save the new configuration settings to a startup configuration file prior to powering off the stack Master.
Page 119: Resetting The System
Chapter 3 | Basic Management Tasks Resetting the System Resetting the System Use the System > Reset menu to restart the switch immediately, at a specified time, after a specified delay, or at a periodic interval. Command Usage ◆ This command resets the entire system. ◆...
Page 120 Chapter 3 | Basic Management Tasks Resetting the System YYYY - The year at which to reload. (Range: 1970-2037) ■ HH - The hour at which to reload. (Range: 00-23) ■ MM - The minute at which to reload. (Range: 00-59) ■...
Page 121: Figure 28: Restarting The Switch (Immediately)
Chapter 3 | Basic Management Tasks Resetting the System Figure 28: Restarting the Switch (Immediately) Figure 29: Restarting the Switch (In) – 115 –...
Page 122: Figure 30: Restarting The Switch (At)
Chapter 3 | Basic Management Tasks Resetting the System Figure 30: Restarting the Switch (At) Figure 31: Restarting the Switch (Regularly) – 116 –...
Page 123: Interface Configuration
Interface Configuration This chapter describes the following topics: ◆ Port Configuration – Configures connection settings, including auto- negotiation, or manual setting of speed, duplex mode, and flow control. ◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local switch.
Page 124: Port Configuration
Chapter 4 | Interface Configuration Port Configuration Port Configuration This section describes how to configure port connections, mirror traffic from one port to another, and run cable diagnostics. Configuring by Use the Interface > Port > General (Configure by Port List) page to enable/disable Port List an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 125 Chapter 4 | Interface Configuration Port Configuration ◆ Media Type – Configures the forced transceiver mode for SFP/SFP+ ports, or forced/preferred port type for RJ-45/SFP combination ports. None - Forced transceiver mode is not used for SFP/SFP+ ports. (This is the ■...
Page 126: Figure 32: Configuring Connections By Port List
Chapter 4 | Interface Configuration Port Configuration ◆ Speed/Duplex – Allows you to manually set the port speed and duplex mode. (i.e., with auto-negotiation disabled) ◆ Flow Control – Allows automatic or manual selection of flow control. Web Interface To configure port connection parameters: Click Interface, Port, General.
Page 127: Figure 33: Configuring Connections By Port Range
Chapter 4 | Interface Configuration Port Configuration Enter a range of ports to which your configuration changes apply. Modify the required interface settings. Click Apply. Figure 33: Configuring Connections by Port Range Displaying Use the Interface > Port > General (Show Information) page to display the current connection status, including link state, speed/duplex mode, flow control, and auto- Connection Status negotiation.
Page 128: Figure 34: Displaying Port Information
Chapter 4 | Interface Configuration Port Configuration ◆ Oper Flow Control – Shows the flow control type used. Web Interface To display port connection parameters: Click Interface, Port, General. Select Show Information from the Action List. Figure 34: Displaying Port Information Configuring Use the Interface >...
Page 129: Figure 36: Configuring Local Port Mirroring
Chapter 4 | Interface Configuration Port Configuration ◆ When traffic matches the rules for both port mirroring, and for mirroring of VLAN traffic or packets based on a MAC address, the matching packets will not be sent to target port specified for port mirroring. ◆...
Page 130: Figure 37: Displaying Local Port Mirror Sessions
Chapter 4 | Interface Configuration Port Configuration To display the configured mirror sessions: Click Interface, Port, Mirror. Select Show from the Action List. Figure 37: Displaying Local Port Mirror Sessions Configuring Use the Interface > RSPAN page to mirror traffic from remote switches for analysis Remote Port Mirroring at a destination port on the local switch.
Page 131 Chapter 4 | Interface Configuration Port Configuration ◆ Configuration Guidelines Take the following step to configure an RSPAN session: Use the VLAN Static List (see “Configuring VLAN Groups” on page 166) to reserve a VLAN for use by RSPAN (marking the “Remote VLAN” field on this page.
Page 132 Chapter 4 | Interface Configuration Port Configuration though RSPAN source and destination ports can still be configured. When RSPAN uplink ports are enabled on the switch, 802.1X cannot be enabled globally. Port Security – If port security is enabled on any port, that port cannot be ■...
Page 133: Figure 39: Configuring Remote Port Mirroring (Source)
Chapter 4 | Interface Configuration Port Configuration ◆ Destination Port – Specifies the destination port to monitor the traffic mirrored from the source ports. Only one destination port can be configured on the same switch per session, but a destination port can be configured on more than one switch for the same session.
Page 134: Figure 40: Configuring Remote Port Mirroring (Intermediate)
Chapter 4 | Interface Configuration Port Configuration Figure 40: Configuring Remote Port Mirroring (Intermediate) Figure 41: Configuring Remote Port Mirroring (Destination) Showing Port or Trunk Use the Interface > Port/Trunk > Statistics or Chart page to display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as Statistics well as a detailed breakdown of traffic based on the RMON MIB.
Page 135: Table 5: Port Statistics
Chapter 4 | Interface Configuration Port Configuration Parameters These parameters are displayed: Table 5: Port Statistics Parameter Description Interface Statistics Received Octets The total number of octets received on the interface, including framing characters. Transmitted Octets The total number of octets transmitted out of the interface, including framing characters.
Page 136 Chapter 4 | Interface Configuration Port Configuration (Continued) Table 5: Port Statistics Parameter Description Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium was busy. Frames Too Long A count of frames received on a particular interface that exceed the maximum permitted frame size.
Page 137: Figure 42: Showing Port Statistics (Table)
Chapter 4 | Interface Configuration Port Configuration (Continued) Table 5: Port Statistics Parameter Description 65-127 Byte Packets The total number of packets (including bad packets) received and transmitted where the number of octets fall within the specified range 128-255 Byte Packets (excluding framing bits but including FCS octets).
Page 138: Figure 43: Showing Port Statistics (Chart)
Chapter 4 | Interface Configuration Port Configuration To show a chart of port statistics: Click Interface, Port, Chart. Select the statistics mode to display (Interface, Etherlike, RMON or All). If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list.
Page 139 Chapter 4 | Interface Configuration Port Configuration Displaying Use the Interface > Port > Transceiver page to display identifying information, and operational for optical transceivers which support Digital Diagnostic Monitoring Transceiver Data (DDM). Parameters These parameters are displayed: ◆ Port – Port number. (ECS4620-28F/28F-DC: 1-28, Other models: SFP/SFP+ ports 25-28 / 49-52) ◆...
Page 140: Figure 44: Displaying Transceiver Data
Chapter 4 | Interface Configuration Port Configuration Figure 44: Displaying Transceiver Data Configuring Use the Interface > Port > Transceiver page to configure thresholds for alarm and Transceiver warning messages for optical transceivers which support Digital Diagnostic Monitoring (DDM). This page also displays identifying information for supported Thresholds transceiver types, and operational parameters for transceivers which support DDM.
Page 141 Chapter 4 | Interface Configuration Port Configuration ◆ Auto Mode – Uses default threshold settings obtained from the transceiver to determine when an alarm or trap message should be sent. (Default: Enabled) ◆ DDM Thresholds – Information on alarm and warning thresholds. The switch can be configured to send a trap when the measured parameter falls outside of the specified thresholds.
Page 142: Figure 45: Configuring Transceiver Thresholds
Chapter 4 | Interface Configuration Port Configuration Web Interface To configure threshold values for optical transceivers: Click Interface, Port, Transceiver. Select a port from the scroll-down list. Set the switch to send a trap based on default or manual settings. Set alarm and warning thresholds if manual configuration is used.
Page 143 Chapter 4 | Interface Configuration Port Configuration ◆ Potential conditions which may be listed by the diagnostics include: OK: Correctly terminated pair ■ ■ Open: Open pair, no link partner ■ Short: Shorted pair Not Supported: This message is displayed for any Gigabit Ethernet ports ■...
Page 144: Figure 46: Performing Cable Tests
Chapter 4 | Interface Configuration Trunk Configuration Web Interface To test the cable attached to a port: Click Interface, Port, Cable Test. Click Test for any port to start the cable test. Figure 46: Performing Cable Tests Trunk Configuration This section describes how to configure static and dynamic trunks. You can create multiple links between devices that work as one virtual, aggregate link.
Page 145: Figure 47: Configuring Static Trunks
Chapter 4 | Interface Configuration Trunk Configuration Command Usage Besides balancing the load across each port in the trunk, the other ports provide redundancy by taking over the load if a port in the trunk fails. However, before making any physical connections between devices, use the web interface or CLI to specify the trunk on the devices at both ends.
Page 146: Figure 48: Creating Static Trunks
Chapter 4 | Interface Configuration Trunk Configuration Command Usage ◆ When configuring static trunks, you may not be able to link switches of different types, depending on the vendor’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. ◆...
Page 147: Figure 49: Adding Static Trunks Members
Chapter 4 | Interface Configuration Trunk Configuration To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list. Select a trunk identifier. Set the unit and port for an additional trunk member. Click Apply.
Page 148: Figure 51: Showing Information For Static Trunks
Chapter 4 | Interface Configuration Trunk Configuration To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 51: Showing Information for Static Trunks Configuring a Use the Interface > Trunk > Dynamic pages to set the administrative key for an Dynamic Trunk aggregation group, enable LACP on a port, configure protocol parameters for local and partner ports, or to set Ethernet connection parameters.
Page 149 Chapter 4 | Interface Configuration Trunk Configuration ◆ Ports are only allowed to join the same Link Aggregation Group (LAG) if (1) the LACP port system priority matches, (2) the LACP port admin key matches, and (3) the LAG admin key matches (if configured). However, if the LAG admin key is set, then the port admin key must be set to the same value for a port to be allowed to join that group.
Page 150 Chapter 4 | Interface Configuration Trunk Configuration Configure Aggregation Port - Actor/Partner ◆ Port – Port number. (Range: 1-28/52) ◆ Admin Key – The LACP administration key must be set to the same value for ports that belong to the same LAG. (Range: 0-65535; Default – Actor: 1, Partner: 0) By default, the Actor Admin Key is determined by port's link speed, and copied to Oper Key.
Page 151: Figure 53: Configuring The Lacp Aggregator Admin Key
Chapter 4 | Interface Configuration Trunk Configuration Web Interface To configure the admin key for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Aggregator from the Step list. Set the Admin Key and timeout mode for the required LACP group. Click Apply.
Page 152: Figure 54: Enabling Lacp On A Port
Chapter 4 | Interface Configuration Trunk Configuration Figure 54: Enabling LACP on a Port To configure LACP parameters for group members: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click Actor or Partner. Configure the required settings.
Page 153: Figure 56: Showing Members Of A Dynamic Trunk
Chapter 4 | Interface Configuration Trunk Configuration Select a Trunk. Figure 56: Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Configure from the Action list. Modify the required interface settings.
Page 154: Figure 58: Showing Connection Parameters For Dynamic Trunks
Chapter 4 | Interface Configuration Trunk Configuration To show connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step list. Select Show from the Action list. Figure 58: Showing Connection Parameters for Dynamic Trunks Displaying LACP Use the Interface >...
Page 155: Figure 59: Displaying Lacp Port Counters
Chapter 4 | Interface Configuration Trunk Configuration Select a group member from the Port list. Figure 59: Displaying LACP Port Counters Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Settings and Status Information - Internal) page to display the configuration settings and operational state for the local side of a link aggregation.
Page 156: Figure 60: Displaying Lacp Port Internal Information
Chapter 4 | Interface Configuration Trunk Configuration (Continued) Table 7: LACP Internal Configuration Information Parameter Description ◆ Admin State, Aggregation – The system considers this link to be aggregatable; i.e., a Oper State potential candidate for aggregation. (continued) ◆ Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate.
Page 157: Table 8: Lacp Remote Device Configuration Information
Chapter 4 | Interface Configuration Trunk Configuration Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Information - Neighbors) page to display the configuration settings and Settings and Status operational state for the remote side of a link aggregation. for the Remote Side Parameters These parameters are displayed:...
Page 158: Figure 61: Displaying Lacp Port Remote Information
Chapter 4 | Interface Configuration Trunk Configuration Figure 61: Displaying LACP Port Remote Information Configuring Use the Interface > Trunk > Load Balance page to set the load-distribution method Load Balancing used among ports in aggregated links. Command Usage ◆ This command applies to all static and dynamic trunks on the switch.
Page 159: Figure 62: Configuring Load Balancing
Chapter 4 | Interface Configuration Trunk Configuration Source and Destination MAC Address: All traffic with the same source ■ and destination MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is received from and destined for many different hosts.
Page 160: Saving Power
Chapter 4 | Interface Configuration Saving Power Saving Power Use the Interface > Green Ethernet page to enable power savings mode on the selected port. Command Usage ◆ IEEE 802.3 defines the Ethernet standard and subsequent power requirements based on cable connections operating at 100 meters. Enabling power saving mode can reduce power used for cable lengths of 60 meters or less, with more significant reduction for cables of 20 meters or less, and continue to ensure signal integrity.
Page 161: Figure 63: Enabling Power Savings
Chapter 4 | Interface Configuration Saving Power ◆ Power Saving Status – Adjusts the power provided to ports based on the length of the cable used to connect to other devices. Only sufficient power is used to maintain connection requirements. (Default: Enabled on Gigabit Ethernet RJ-45 ports) Web Interface To enable power savings:...
Page 162: Traffic Segmentation
Chapter 4 | Interface Configuration Traffic Segmentation Traffic Segmentation If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic for individual clients. Data traffic on downlink ports is only forwarded to, and from, uplink ports.
Page 163: Figure 64: Enabling Traffic Segmentation
Chapter 4 | Interface Configuration Traffic Segmentation Figure 64: Enabling Traffic Segmentation Configuring Uplink Use the Interface > Traffic Segmentation (Configure Session) page to assign the downlink and uplink ports to use in the segmented group. Ports designated as and Downlink Ports downlink ports can not communicate with any other ports on the switch except for the uplink ports.
Page 164: Figure 65: Configuring Members For Traffic Segmentation
Chapter 4 | Interface Configuration Traffic Segmentation ◆ If a downlink port is not configured for the session, the assigned uplink ports will operate as normal ports. Parameters These parameters are displayed: ◆ Session ID – Traffic segmentation session. (Range: 1-4) ◆...
Page 165: Figure 66: Showing Traffic Segmentation Members
Chapter 4 | Interface Configuration VLAN Trunking To show the members of the traffic segmentation group: Click Interface, Traffic Segmentation. Select Configure Session from the Step list. Select Show from the Action list. Figure 66: Showing Traffic Segmentation Members VLAN Trunking Use the Interface >...
Page 166 Chapter 4 | Interface Configuration VLAN Trunking and E automatically allow frames with VLAN group tags 1 and 2 (groups that are unknown to those switches) to pass through their VLAN trunking ports. ◆ VLAN trunking is mutually exclusive with the “access” switchport mode (see “Adding Static Members to VLANs”...
Page 167: Figure 68: Configuring Vlan Trunking
Chapter 4 | Interface Configuration VLAN Trunking Figure 68: Configuring VLAN Trunking – 161 –...
Page 168 Chapter 4 | Interface Configuration VLAN Trunking – 162 –...
Page 169: Vlan Configuration
VLAN Configuration This chapter includes the following topics: ◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs. ◆ IEEE 802.1Q Tunneling – Configures QinQ tunneling to maintain customer- specific VLAN and Layer 2 protocol configurations across a service provider network, even when different customers use the same internal VLAN IDs.
Page 170: Figure 69: Vlan Compliant And Vlan Non-Compliant Devices
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs VLANs provide greater network efficiency by reducing broadcast traffic, and allow you to make network changes without having to update IP addresses or IP subnets. VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN.
Page 171 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs VLAN Classification – When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.
Page 172: Figure 70: Using Gvrp
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 70: Using GVRP Port-based VLAN 10 11 15 16 Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.
Page 173 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs ◆ Remote VLAN – Reserves this VLAN for RSPAN (see “Configuring Remote Port Mirroring” on page 124). Modify ◆ VLAN ID – ID of configured VLAN (1-4094). ◆ VLAN Name – Name of the VLAN (1 to 32 characters). ◆...
Page 174: Figure 71: Creating Static Vlans
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 71: Creating Static VLANs To modify the configuration settings for VLAN groups: Click VLAN, Static. Select Modify from the Action list. Select the identifier of a configured VLAN. Modify the VLAN name or operational status as required. Enable the L3 Interface field to specify that a VLAN will be used as a Layer 3 interface.
Page 175: Figure 73: Showing Static Vlans
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To show the configuration settings for VLAN groups: Click VLAN, Static. Select Show from the Action list. Figure 73: Showing Static VLANs Adding Static Use the VLAN > Static (Edit Member by VLAN, Edit Member by Interface, or Edit Members to VLANs Member by Interface Range) pages to configure port members for the selected VLAN index, interface, or a range of interfaces.
Page 176 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Hybrid – Specifies a hybrid VLAN interface. The port may transmit tagged ■ or untagged frames. 1Q Trunk – Specifies a port as an end-point for a VLAN trunk. A trunk is a ■...
Page 177 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs None: Interface is not a member of the VLAN. Packets associated with this ■ VLAN will not be transmitted by the interface. Note: VLAN 1 is the default untagged VLAN containing all ports on the switch. Edit Member by Interface All parameters are the same as those described under the preceding section for Edit Member by VLAN.
Page 178: Figure 74: Configuring Static Members By Vlan Index
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 74: Configuring Static Members by VLAN Index To configure static members by interface: Click VLAN, Static. Select Edit Member by Interface from the Action list. Select a port or trunk configure. Modify the settings for any interface as required.
Page 179: Figure 76: Configuring Static Vlan Members By Interface Range
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To configure static members by interface range: Click VLAN, Static. Select Edit Member by Interface Range from the Action list. Set the Interface type to display as Port or Trunk. Enter an interface range. Modify the VLAN parameters as required.
Page 180 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Configure Interface ◆ Interface – Displays a list of ports or trunks. ◆ Port – Port Identifier. (Range: 1-28/52) ◆ Trunk – Trunk Identifier. (Range: 1-16) ◆ GVRP Status – Enables/disables GVRP for the interface. GVRP must be globally enabled for the switch before this setting can take effect (using the Configure General page).
Page 181: Figure 77: Configuring Global Status Of Gvrp
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Web Interface To configure GVRP on the switch: Click VLAN, Dynamic. Select Configure General from the Step list. Enable or disable GVRP. Click Apply. Figure 77: Configuring Global Status of GVRP To configure GVRP status and timers on a port or trunk: Click VLAN, Dynamic.
Page 182: Figure 79: Showing Dynamic Vlans Registered On The Switch
Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To show the dynamic VLAN joined by this switch: Click VLAN, Dynamic. Select Show Dynamic VLAN from the Step list. Select Show VLAN from the Action list. Figure 79: Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN: Click VLAN, Dynamic.
Page 183: Ieee 802.1Q Tunneling
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling IEEE 802.1Q Tunneling IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs.
Page 184: Figure 81: Qinq Operational Concept
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Figure 81: QinQ Operational Concept Customer A Customer A (VLANs 1-10) (VLANs 1-10) QinQ Tunneling Service Provider Service Provider VLAN 10 VLAN 10 (edge switch B) (edge switch A) Tunnel Access Port Tunnel Access Port...
Page 185 Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Layer 2 Flow for Packets Coming into a Tunnel Uplink Port An uplink port receives one of the following packets: ◆ Untagged ◆ One tag (CVLAN or SPVLAN) ◆ Double tag (CVLAN + SPVLAN) The ingress process does source and destination lookups.
Page 186 Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Configuration Limitations for QinQ ◆ The native VLAN of uplink ports should not be used as the SPVLAN. If the SPVLAN is the uplink port's native VLAN, the uplink port must be an untagged member of the SPVLAN.
Page 187 Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member (see “Adding Static Members to VLANs” on page 169). Enabling QinQ Use the VLAN > Tunnel (Configure Global) page to configure the switch to operate in IEEE 802.1Q (QinQ) tunneling mode, which is used for passing Layer 2 traffic Tunneling on across a service provider’s metropolitan area network.
Page 188: Figure 82: Enabling Qinq Tunneling
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Figure 82: Enabling QinQ Tunneling Creating Use the VLAN > Tunnel (Configure Service) page to create a CVLAN to SPVLAN CVLAN to SPVLAN mapping entry. Mapping Entries Command Usage ◆ The inner VLAN tag of a customer packet entering the edge router of a service provider’s network is mapped to an outer tag indicating the service provider VLAN that will carry this traffic across the 802.1Q tunnel.
Page 189: Figure 83: Configuring Cvlan To Spvlan Mapping Entries
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling Web Interface To configure a mapping entry: Click VLAN, Tunnel. Select Configure Service from the Step list. Select Add from the Action list. Select an interface from the Port list. Specify the CVID to SVID mapping for packets exiting the specified port. Click Apply.
Page 190: Enabling Qinq Tunneling On The Switch
Chapter 5 | VLAN Configuration IEEE 802.1Q Tunneling The preceding example sets the SVID to 99 in the outer tag for egress packets exiting port 1 when the packet’s CVID is 2. For a more detailed example, see the “switchport dot1q-tunnel service match cvid” command in the CLI Reference Guide. Adding an Interface Follow the guidelines under "Enabling QinQ Tunneling on the Switch"...
Page 191: Figure 85: Adding An Interface To A Qinq Tunnel
Chapter 5 | VLAN Configuration Protocol VLANs Click Apply. Figure 85: Adding an Interface to a QinQ Tunnel Protocol VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 192: Configuring Protocol Vlan Groups
Chapter 5 | VLAN Configuration Protocol VLANs Configuring Protocol Use the VLAN > Protocol (Configure Protocol - Add) page to create protocol groups. VLAN Groups Parameters These parameters are displayed: ◆ Frame Type – Choose either Ethernet, RFC 1042, or LLC Other as the frame type used by this protocol.
Page 193: Figure 86: Configuring Protocol Vlans
Chapter 5 | VLAN Configuration Protocol VLANs Figure 86: Configuring Protocol VLANs To configure a protocol group: Click VLAN, Protocol. Select Configure Protocol from the Step list. Select Show from the Action list. Figure 87: Displaying Protocol VLANs Mapping Protocol Use the VLAN >...
Page 194 Chapter 5 | VLAN Configuration Protocol VLANs If the frame is untagged and the protocol type matches, the frame is ■ forwarded to the appropriate VLAN. If the frame is untagged but the protocol type does not match, the frame is ■...
Page 195: Figure 88: Assigning Interfaces To Protocol Vlans
Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs Figure 88: Assigning Interfaces to Protocol VLANs To show the protocol groups mapped to a port or trunk: Click VLAN, Protocol. Select Configure Interface from the Step list. Select Show from the Action list. Select a port or trunk.
Page 196 Chapter 5 | VLAN Configuration Configuring IP Subnet VLANs Command Usage ◆ Each IP subnet can be mapped to only one VLAN ID. An IP subnet consists of an IP address and a mask. The specified VLAN need not be an existing VLAN. ◆...
Page 197: Figure 90: Configuring Ip Subnet Vlans
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs Figure 90: Configuring IP Subnet VLANs To show the configured IP subnet VLANs: Click VLAN, IP Subnet. Select Show from the Action list. Figure 91: Showing IP Subnet VLANs Configuring MAC-based VLANs Use the VLAN >...
Page 198: Figure 92: Configuring Mac-Based Vlans
Chapter 5 | VLAN Configuration Configuring MAC-based VLANs ◆ When MAC-based, IP subnet-based, and protocol-based VLANs are supported concurrently, priority is applied in this sequence, and then port-based VLANs last. Parameters These parameters are displayed: ◆ MAC Address – A source MAC address which is to be mapped to a specific VLAN.
Page 199: Figure 93: Showing Mac-Based Vlans
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring To show the MAC addresses mapped to a VLAN: Click VLAN, MAC-Based. Select Show from the Action list. Figure 93: Showing MAC-Based VLANs Configuring VLAN Mirroring Use the VLAN > Mirror (Add) page to mirror traffic from one or more source VLANs to a target port for real-time analysis.
Page 200: Figure 94: Configuring Vlan Mirroring
Chapter 5 | VLAN Configuration Configuring VLAN Mirroring ◆ When traffic matches the rules for both port mirroring, and for mirroring of VLAN traffic or packets based on a MAC address, the matching packets will not be sent to target port specified for port mirroring. Parameters These parameters are displayed: ◆...
Page 201: Figure 96: Configuring Vlan Translation
Chapter 5 | VLAN Configuration Configuring VLAN Translation Configuring VLAN Translation Use the VLAN > Translation (Add) page to map VLAN IDs between the customer and service provider for networks that do not support IEEE 802.1Q tunneling. Command Usage ◆ QinQ tunneling uses double tagging to preserve the customer’s VLAN tags on traffic crossing the service provider’s network.
Page 202: Figure 97: Configuring Vlan Translation
Chapter 5 | VLAN Configuration Configuring VLAN Translation Web Interface To configure VLAN translation: Click VLAN, Translation. Select Add from the Action list. Select a port, and enter the original and new VLAN IDs. Click Apply. Figure 97: Configuring VLAN Translation To show the mapping entries for VLANs translation: Click VLAN, Translation.
Page 203: Address Table Settings
Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 204: Figure 99: Configuring Mac Address Learning
Chapter 6 | Address Table Settings Configuring MAC Address Learning ◆ Also note that MAC address learning cannot be disabled if any of the following conditions exist: 802.1X Port Authentication has been globally enabled on the switch (see ■ “Configuring 802.1X Global Settings” on page 355).
Page 205: Setting Static Addresses
Chapter 6 | Address Table Settings Setting Static Addresses Setting Static Addresses Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved.
Page 206: Figure 100: Configuring Static Mac Addresses
Chapter 6 | Address Table Settings Setting Static Addresses Web Interface To configure a static MAC address: Click MAC Address, Static. Select Add from the Action list. Specify the VLAN, the port or trunk to which the address will be assigned, the MAC address, and the time to retain this entry.
Page 207: Figure 102: Setting The Address Aging Time
Chapter 6 | Address Table Settings Changing the Aging Time Changing the Aging Time Use the MAC Address > Dynamic (Configure Aging) page to set the aging time for entries in the dynamic address table. The aging time is used to age out dynamically learned forwarding information.
Page 208: Figure 103: Displaying The Dynamic Mac Address Table
Chapter 6 | Address Table Settings Displaying the Dynamic Address Table Parameters These parameters are displayed: ◆ Sort Key - You can sort the information displayed based on MAC address, VLAN or interface (port or trunk). ◆ MAC Address – Physical address associated with this interface. ◆...
Page 209: Figure 104: Clearing Entries In The Dynamic Mac Address Table
Chapter 6 | Address Table Settings Clearing the Dynamic Address Table Clearing the Dynamic Address Table Use the MAC Address > Dynamic (Clear Dynamic MAC) page to remove any learned entries from the forwarding database. Parameters These parameters are displayed: ◆...
Page 210: Configuring Mac Address Mirroring
Chapter 6 | Address Table Settings Configuring MAC Address Mirroring Configuring MAC Address Mirroring Use the MAC Address > Mirror (Add) page to mirror traffic matching a specified source address from any port on the switch to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner.
Page 211: Figure 105: Mirroring Packets Based On The Source Mac Address
Chapter 6 | Address Table Settings Issuing MAC Address Traps Figure 105: Mirroring Packets Based on the Source MAC Address To show the MAC addresses to be mirrored: Click MAC Address, Mirror. Select Show from the Action list. Figure 106: Showing the Source MAC Addresses to Mirror Issuing MAC Address Traps Use the MAC Address >...
Page 212: Figure 107: Issuing Mac Address Traps (Global Configuration)
Chapter 6 | Address Table Settings Issuing MAC Address Traps MAC authentication traps must be enabled at the global level for this attribute to take effect. Web Interface To enable MAC address traps at the global level: Click MAC Address, MAC Notification. Select Configure Global from the Step list.
Page 213: Spanning Tree Algorithm
Spanning Tree Algorithm This chapter describes the following basic topics: ◆ Loopback Detection – Configures detection and response to loopback BPDUs. ◆ Global Settings for STA – Configures global bridge settings for STP, RSTP and MSTP. ◆ Interface Settings for STA –...
Page 214: Figure 109: Stp Root Ports And Designated Ports
Chapter 7 | Spanning Tree Algorithm Overview Figure 109: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 215: Figure 111: Spanning Tree - Common Internal, Common, Internal
Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection An MST Region consists of a group of interconnected bridges that have the same MST Configuration Identifiers (including the Region Name, Revision Level and Configuration Digest – see “Configuring Multiple Spanning Trees” on page 224).
Page 216 Chapter 7 | Spanning Tree Algorithm Configuring Loopback Detection Note: Loopback detection will not be active if Spanning Tree is disabled on the switch. Note: When configured for manual release mode, then a link down/up event will not release the port from the discarding state. Parameters These parameters are displayed: ◆...
Page 217: Figure 112: Configuring Port Loopback Detection
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Figure 112: Configuring Port Loopback Detection Configuring Global Settings for STA Use the Spanning Tree > STA (Configure Global - Configure) page to configure global settings for the spanning tree that apply to the entire switch. Command Usage ◆...
Page 218 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance. To allow multiple spanning trees to operate over the network, you must ■...
Page 219 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA ◆ Cisco Prestandard Status – Configures spanning tree operation to be compatible with Cisco prestandard versions. (Default: Disabled) Cisco prestandard versions prior to Cisco IOS Release 12.2(25)SEC do not fully follow the IEEE standard, causing some state machine procedures to function incorrectly.
Page 220 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. Default: 15 ■...
Page 221: Figure 113: Configuring Global Settings For Sta (Stp)
Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Click Apply Figure 113: Configuring Global Settings for STA (STP) Figure 114: Configuring Global Settings for STA (RSTP) – 215 –...
Page 222: Figure 115: Configuring Global Settings For Sta (Mstp)
Chapter 7 | Spanning Tree Algorithm Displaying Global Settings for STA Figure 115: Configuring Global Settings for STA (MSTP) Displaying Global Settings for STA Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch. Parameters The parameters displayed are described in the preceding section, except for the following items:...
Page 223: Figure 116: Displaying Global Settings For Sta
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA root port, then this switch has been accepted as the root device of the Spanning Tree network. ◆ Root Path Cost – The path cost from the root port on this switch to the root device.
Page 224: Table 10: Recommended Sta Path Cost Range
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Parameters These parameters are displayed: ◆ Interface – Displays a list of ports or trunks. ◆ Spanning Tree – Enables/disables STA on this interface. (Default: Enabled) ◆ BPDU Flooding - Enables/disables the flooding of BPDUs to other ports when global spanning tree is disabled (page 211) or when spanning tree is disabled...
Page 225: Table 11: Default Sta Path Costs
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Table 11: Default STA Path Costs Port Type Short Path Cost Long Path Cost (IEEE 802.1D-1998) (IEEE 802.1D-2004) Ethernet 65,535 1,000,000 Fast Ethernet 65,535 100,000 Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000...
Page 226 Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA An interface cannot function as an edge port under the following conditions: If spanning tree mode is set to STP (page 211), edge-port mode cannot ■ automatically transition to operational edge-port state using the automatic setting.
Page 227: Figure 117: Configuring Interface Settings For Sta
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA Figure 117: Configuring Interface Settings for STA Displaying Interface Settings for STA Use the Spanning Tree > STA (Configure Interface - Show Information) page to display the current status of ports or trunks in the Spanning Tree. Parameters These parameters are displayed: ◆...
Page 228 Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA The rules defining port status are: A port on a network segment with no other STA compliant bridging device ■ is always forwarding. If two ports of a switch are connected to the same segment and there is no ■...
Page 229: Figure 118: Sta Port Roles
Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA Figure 118: STA Port Roles R: Root Port Alternate port receives more A: Alternate Port useful BPDUs from another D: Designated Port bridge and is therefore not B: Backup Port selected as the designated port.
Page 230: Configuring Multiple Spanning Trees
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Configuring Multiple Spanning Trees Use the Spanning Tree > MSTP (Configure Global) page to create an MSTP instance, or to add VLAN groups to an MSTP instance. Command Usage MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide- scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 231: Figure 120: Creating An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Web Interface To create instances for MSTP: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add from the Action list. Specify the MST instance identifier and the initial VLAN member. Additional member can be added using the Spanning Tree >...
Page 232: Figure 122: Modifying The Priority For An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To modify the priority for an MST instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Modify from the Action list. Modify the priority for an MSTP Instance. Click Apply.
Page 233: Figure 124: Adding A Vlan To An Mst Instance
Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Add Member from the Action list. Select an MST instance from the MST ID list. Enter the VLAN group to add to the instance in the VLAN ID field.
Page 234: Configuring Interface Settings For Mstp
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Configuring Interface Settings for MSTP Use the Spanning Tree > MSTP (Configure Interface - Configure) page to configure the STA interface settings for an MST instance. Parameters These parameters are displayed: ◆...
Page 235: Figure 126: Configuring Mstp Interface Settings
Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP Web Interface To configure MSTP parameters for a port or trunk: Click Spanning Tree, MSTP. Select Configure Interface from the Step list. Select Configure from the Action list. Enter the priority and path cost for an interface Click Apply.
Page 236 Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP – 230 –...
Page 237: Congestion Control
Congestion Control The switch can set the maximum upload or download data transfer rate for any port. It can also control traffic storms by setting a maximum threshold for broadcast traffic or multicast traffic. It can also set bounding thresholds for broadcast and multicast storms which can be used to automatically trigger rate limits or to shut down a port.
Page 238: Figure 128: Configuring Rate Limits
Chapter 8 | Congestion Control Storm Control ◆ Rate – Sets the rate limit level. (Range: 64 - 1,000,000 kbits per second for Gigabit Ethernet ports; 64 - 10,000,000 kbits per second for 10 Gigabit Ethernet ports) Web Interface To configure rate limits: Click Traffic, Rate Limit.
Page 239 Chapter 8 | Congestion Control Storm Control ◆ When traffic exceeds the threshold specified for broadcast and multicast or unknown unicast traffic, packets exceeding the threshold are dropped until the rate falls back down beneath the threshold. ◆ Traffic storms can be controlled at the hardware level using Storm Control or at the software level using Automatic Traffic Control which triggers various...
Page 240: Figure 129: Configuring Storm Control
Chapter 8 | Congestion Control Automatic Traffic Control Set the required threshold beyond which the switch will start dropping packets. Click Apply. Figure 129: Configuring Storm Control Automatic Traffic Control Use the Traffic > Congestion Control > Auto Traffic Control pages to configure bounding thresholds for broadcast and multicast storms which can automatically trigger rate limits or shut down a port.
Page 241: Figure 131: Storm Control By Shutting Down A Port
Chapter 8 | Congestion Control Automatic Traffic Control ◆ When traffic exceeds the alarm fire threshold and the apply timer expires, a traffic control response is applied, and a Traffic Control Apply Trap is sent and logged. ◆ Alarm Clear Threshold – The lower threshold beneath which a control response can be automatically terminated after the release timer expires.
Page 242: Setting The Atc Timers
Chapter 8 | Congestion Control Automatic Traffic Control Setting the ATC Timers Use the Traffic > Auto Traffic Control (Configure Global) page to set the time at which to apply the control response after ingress traffic has exceeded the upper threshold, and the time at which to release the control response after ingress traffic has fallen beneath the lower threshold.
Page 243: Figure 132: Configuring Atc Timers
Chapter 8 | Congestion Control Automatic Traffic Control Figure 132: Configuring ATC Timers Configuring ATC Use the Traffic > Auto Traffic Control (Configure Interface) page to set the storm control mode (broadcast or multicast), the traffic thresholds, the control response, Thresholds and to automatically release a response of rate limiting, or to send related SNMP trap Responses...
Page 244 Chapter 8 | Congestion Control Automatic Traffic Control event is logged by the system and a Traffic Release Trap can be sent. (Default: Disabled) If automatic control release is not enabled and a control response of rate limiting has been triggered, you can manually stop the rate limiting response using the Manual Control Release attribute.
Page 245: Figure 133: Configuring Atc Interface Attributes
Chapter 8 | Congestion Control Automatic Traffic Control Web Interface To configure the response timers for automatic storm control: Click Traffic, Auto Traffic Control. Select Configure Interface from the Step field. Enable or disable ATC as required, set the control response, specify whether or not to automatically release the control response of rate limiting, set the upper and lower thresholds, and specify which trap messages to send.
Page 246 Chapter 8 | Congestion Control Automatic Traffic Control – 240 –...
Page 247: Class Of Service
Class of Service Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high- priority queue will be transmitted before those in the lower-priority queues.
Page 248: Figure 134: Setting The Default Port Priority
Chapter 9 | Class of Service Layer 2 Queue Settings ◆ If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission. Parameters These parameters are displayed: ◆ Interface –...
Page 249 Chapter 9 | Class of Service Layer 2 Queue Settings the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur with strict priority queuing. ◆ If Strict and WRR mode is selected, a combination of strict service is used for the high priority queues and weighted service for the remaining queues.
Page 250: Figure 135: Setting The Queue Mode (Strict)
Chapter 9 | Class of Service Layer 2 Queue Settings Web Interface To configure the queue mode: Click Traffic, Priority, Queue. Set the queue mode. If the weighted queue mode is selected, the queue weight can be modified if required. If the queue mode that uses a combination of strict and weighted queueing is selected, the queues which are serviced first must be specified by enabling strict mode parameter in the table.
Page 251: Figure 137: Setting The Queue Mode (Strict And Wrr)
Chapter 9 | Class of Service Layer 2 Queue Settings Figure 137: Setting the Queue Mode (Strict and WRR) Mapping CoS Values Use the Traffic > Priority > PHB to Queue page to specify the hardware output to Egress Queues queues to use based on the internal per-hop behavior value.
Page 252: Table 13: Cos Priority Levels
Chapter 9 | Class of Service Layer 2 Queue Settings The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in Table 13. However, priority levels can be mapped to the switch’s output queues in any way that benefits application traffic for the network. Table 13: CoS Priority Levels Priority Level Traffic Type...
Page 253: Figure 138: Mapping Cos Values To Egress Queues
Chapter 9 | Class of Service Layer 2 Queue Settings Select a port. Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes.
Page 254: Layer 3/4 Priority Settings
Chapter 9 | Class of Service Layer 3/4 Priority Settings Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.
Page 255: Figure 140: Setting The Trust Mode
Chapter 9 | Class of Service Layer 3/4 Priority Settings Parameters These parameters are displayed: ◆ Port – Port identifier. (Range: 1-28/52) ◆ Trust Mode CoS – Maps layer 3/4 priorities using Class of Service values. (This is the ■ default setting.) DSCP –...
Page 256: Table 15: Default Mapping Of Dscp Values To Internal Phb/Drop Values
Chapter 9 | Class of Service Layer 3/4 Priority Settings DSCP mutation map will not be accepted by the switch, unless the trust mode has been set to DSCP. ◆ Two QoS domains can have different DSCP definitions, so the DSCP-to-PHB/ Drop Precedence mutation map can be used to modify one set of DSCP values to match the definition of another domain.
Page 257: Figure 141: Configuring Dscp To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map DSCP values to internal PHB/drop precedence: Click Traffic, Priority, DSCP to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any DSCP value. Click Apply.
Page 258: Table 16: Default Mapping Of Cos/Cfi To Internal Phb/Drop Precedence
Chapter 9 | Class of Service Layer 3/4 Priority Settings Mapping Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in incoming packets to per-hop behavior and drop precedence values for priority processing. CoS Priorities to Internal DSCP Values Command Usage ◆...
Page 259: Figure 143: Configuring Cos To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map CoS/CFI values to internal PHB/drop precedence: Click Traffic, Priority, CoS to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any of the CoS/CFI combinations. Click Apply.
Page 260: Figure 144: Showing Cos To Dscp Internal Mapping
Chapter 9 | Class of Service Layer 3/4 Priority Settings To show the CoS/CFI to internal PHB/drop precedence map: Click Traffic, Priority, CoS to DSCP. Select Show from the Action list. Select a port. Figure 144: Showing CoS to DSCP Internal Mapping –...
Page 261: Quality Of Service
Quality of Service This chapter describes the following tasks required to apply QoS policies: ◆ Class Map – Creates a map which identifies a specific class of traffic. ◆ Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic.
Page 262: Configuring A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Command Usage To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic.
Page 263: Figure 145: Configuring A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Add Rule ◆ Class Name – Name of the class map. ◆ Type – The criteria specified by the match command. (This field is set on the Add page.) ◆ ACL –...
Page 264: Figure 146: Showing Class Maps
Chapter 10 | Quality of Service Configuring a Class Map To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 146: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.
Page 265: Figure 147: Adding Rules To A Class Map
Chapter 10 | Quality of Service Configuring a Class Map Figure 147: Adding Rules to a Class Map To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 148: Showing the Rules for a Class Map –...
Page 266: Creating Qos Policies
Chapter 10 | Quality of Service Creating QoS Policies Creating QoS Policies Use the Traffic > DiffServ (Configure Policy) page to create a policy map that can be attached to multiple interfaces. A policy map is used to group one or more class map statements (page 256), modify service tagging, and enforce bandwidth...
Page 267 Chapter 10 | Quality of Service Creating QoS Policies ◆ The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.
Page 268 Chapter 10 | Quality of Service Creating QoS Policies (BP). Action may taken for traffic conforming to the maximum throughput, exceeding the maximum throughput, or exceeding the peak burst size. ◆ The PHB label is composed of five bits, three bits for per-hop behavior, and two bits for the color scheme used to control queue congestion.
Page 269 Chapter 10 | Quality of Service Creating QoS Policies Command Usage ◆ A policy map can contain 512 class statements that can be applied to the same interface (page 269). Up to 32 policy maps can be configured for ingress ports. ◆...
Page 270 Chapter 10 | Quality of Service Creating QoS Policies ◆ Meter Mode – Selects one of the following policing methods. Flow (Police Flow) – Defines the committed information rate (CIR, or ■ maximum throughput), committed burst size (BC, or burst rate), and the action to take for conforming and non-conforming traffic.
Page 271 Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Burst in bytes. ■ (Range: 64-16000000 at a granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Excess Burst Size (BE) – Burst in excess of committed burst size. ■...
Page 272 Chapter 10 | Quality of Service Creating QoS Policies Committed Burst Size (BC) – Burst in bytes. (Range: 64-16000000 at a ■ granularity of 4k bytes) The burst size cannot exceed 16 Mbytes. Peak Information Rate (PIR) – Rate in kilobits per second. ■...
Page 273: Figure 149: Configuring A Policy Map
Chapter 10 | Quality of Service Creating QoS Policies Web Interface To configure a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add from the Action list. Enter a policy name. Enter a description. Click Add. Figure 149: Configuring a Policy Map To show the configured policy maps: Click Traffic, DiffServ.
Page 274: Figure 151: Adding Rules To A Policy Map
Chapter 10 | Quality of Service Creating QoS Policies To edit the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add Rule from the Action list. Select the name of a policy map. Set the CoS or per-hop behavior for matching packets to specify the quality of service to be assigned to the matching traffic class.
Page 275: Figure 152: Showing The Rules For A Policy Map
Chapter 10 | Quality of Service Attaching a Policy Map to a Port To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 152: Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic >...
Page 276: Figure 153: Attaching A Policy Map To A Port
Chapter 10 | Quality of Service Attaching a Policy Map to a Port Select a policy map from the scroll-down box. Click Apply. Figure 153: Attaching a Policy Map to a Port – 270 –...
Page 277: Voip Traffic Configuration
VoIP Traffic Configuration This chapter covers the following topics: ◆ Global Settings – Enables VOIP globally, sets the Voice VLAN, and the aging time for attached ports. ◆ Telephony OUI List – Configures the list of phones to be treated as VOIP devices based on the specified Organization Unit Identifier (OUI).
Page 278: Configuring Voip Traffic
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Configuring VoIP Traffic Use the Traffic > VoIP (Configure Global) page to configure the switch for VoIP traffic. First enable automatic detection of VoIP devices attached to the switch ports, then set the Voice VLAN ID for the network. The Voice VLAN aging time can also be set to remove a port from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 279: Figure 154: Configuring A Voice Vlan
Chapter 11 | VoIP Traffic Configuration Configuring Telephony OUI Figure 154: Configuring a Voice VLAN Configuring Telephony OUI VoIP devices attached to the switch can be identified by the vendor’s Organizational Unique Identifier (OUI) in the source MAC address of received packets.
Page 280: Figure 155: Configuring An Oui Telephony List
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Click Apply. Figure 155: Configuring an OUI Telephony List To show the MAC OUI numbers used for VoIP equipment: Click Traffic, VoIP. Select Configure OUI from the Step list. Select Show from the Action list. Figure 156: Showing an OUI Telephony List Configuring VoIP Traffic Ports Use the Traffic >...
Page 281 Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Parameters These parameters are displayed: ◆ Mode – Specifies if the port will be added to the Voice VLAN when VoIP traffic is detected. (Default: None) None – The Voice VLAN feature is disabled on the port. The port will not ■...
Page 282: Figure 157: Configuring Port Settings For A Voice Vlan
Chapter 11 | VoIP Traffic Configuration Configuring VoIP Traffic Ports Web Interface To configure VoIP traffic settings for a port: Click Traffic, VoIP. Select Configure Interface from the Step list. Configure any required changes to the VoIP settings each port. Click Apply.
Page 283: Security Measures
Security Measures You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports. This switch provides secure network management access using the following options: ◆...
Page 284: Aaa (Authentication, Authorization And Accounting)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) ◆ IPv6 Source Guard – Filters IPv6 traffic on insecure ports for which the source address cannot be identified via ND snooping, DHCPv6 snooping, nor static source bindings. ◆ DHCP Snooping –...
Page 285 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure AAA on the switch, you need to follow this general process: Configure RADIUS and TACACS+ server access parameters. See “Configuring Local/Remote Logon Authentication” on page 279. Define RADIUS and TACACS+ server groups to support the accounting and authorization of services.
Page 286: Figure 158: Configuring The Authentication Sequence
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) TACACS – User authentication is performed using a TACACS+ server only. ■ [authentication sequence] – User authentication is performed by up to ■ three authentication methods in the indicated sequence. Web Interface To configure the method(s) of controlling management access: Click Security, AAA, System Authentication.
Page 287 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. Command Usage ◆ If a remote authentication server is used, you must specify the message exchange parameters for the remote authentication protocol.
Page 288 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Authentication Key – Encryption key used to authenticate logon access ■ for client. Do not use blank spaces in the string. (Maximum length: 48 characters) Confirm Authentication Key – Re-type the string entered in the previous ■...
Page 289: Figure 160: Configuring Remote Authentication Server (Radius)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) ◆ Sequence at Priority - Specifies the server and sequence to use for the group. (Range: 1-5 for RADIUS; 1 for TACACS) When specifying the priority sequence for a sever, the server index must already be defined (see “Configuring Local/Remote Logon Authentication”...
Page 290: Figure 161: Configuring Remote Authentication Server (Tacacs+)
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 161: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Add from the Action list.
Page 291: Figure 163: Showing Aaa Server Groups
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 163: Showing AAA Server Groups Configuring Use the Security >...
Page 292 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Exec – Administrative accounting for local console, Telnet, or SSH ■ connections. ◆ Privilege Level – The CLI privilege levels (0-15). This parameter only applies to Command accounting. ◆ Method Name – Specifies an accounting method for service requests. The “default”...
Page 293: Figure 164: Configuring Global Settings For Aaa Accounting
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) VTY Method Name – Specifies a user defined method name to apply to ■ Telnet and SSH connections. Show Information – Summary ◆ Accounting Type - Displays the accounting service. ◆...
Page 294: Figure 165: Configuring Aaa Accounting Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) To configure the accounting method applied to various service types and the assigned server group: Click Security, AAA, Accounting. Select Configure Method from the Step list. Select Add from the Action list. Select the accounting type (802.1X, Command, Exec).
Page 295: Figure 166: Showing Aaa Accounting Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 166: Showing AAA Accounting Methods To configure the accounting method applied to specific interfaces, console commands entered at specific privilege levels, and local console, Telnet, or SSH connections: Click Security, AAA, Accounting. Select Configure Service from the Step list.
Page 296: Figure 168: Configuring Aaa Accounting Service For Command Service
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 168: Configuring AAA Accounting Service for Command Service Figure 169: Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified service types: Click Security, AAA, Accounting.
Page 297: Figure 170: Displaying A Summary Of Applied Aaa Accounting Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Figure 170: Displaying a Summary of Applied AAA Accounting Methods To display basic accounting information and statistics recorded for user sessions: Click Security, AAA, Accounting. Select Show Information from the Step list. Click Statistics.
Page 298 Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Parameters These parameters are displayed: Configure Method ◆ Authorization Type – Specifies the service as Exec, indicating administrative authorization for local console, Telnet, or SSH connections. ◆ Method Name – Specifies an authorization method for service requests. The “default”...
Page 299: Figure 172: Configuring Aaa Authorization Methods
Chapter 12 | Security Measures AAA (Authentication, Authorization and Accounting) Specify the name of the authorization method and server group name. Click Apply. Figure 172: Configuring AAA Authorization Methods To show the authorization method applied to the EXEC service type and the assigned server group: Click Security, AAA, Authorization.
Page 300: Figure 174: Configuring Aaa Authorization Methods For Exec Service
Chapter 12 | Security Measures Configuring User Accounts Figure 174: Configuring AAA Authorization Methods for Exec Service To display a the configured authorization method and assigned server groups for The Exec service type: Click Security, AAA, Authorization. Select Show Information from the Step list. Figure 175: Displaying the Applied AAA Authorization Method Configuring User Accounts Use the Security >...
Page 301 Chapter 12 | Security Measures Configuring User Accounts ◆ Access Level – Specifies command access privileges. (Range: 0-15) Level 0, 8 and 15 are designed for users (guest), managers (network maintenance), and administrators (top-level access). The other levels can be used to configured specialized access profiles.
Page 302: Figure 176: Configuring User Accounts
Chapter 12 | Security Measures Web Authentication Specify a user name, select the user's access level, then enter a password if required and confirm it. Click Apply. Figure 176: Configuring User Accounts To show user accounts: Click Security, User Accounts. Select Show from the Action list.
Page 303: Configuring Global Settings For Web Authentication
Chapter 12 | Security Measures Web Authentication Note: RADIUS authentication must be activated and configured properly for the web authentication feature to work properly. (See “Configuring Local/Remote Logon Authentication” on page 279.) Note: Web authentication cannot be configured on trunk ports. Configuring Use the Security >...
Page 304: Figure 178: Configuring Global Settings For Web Authentication
Chapter 12 | Security Measures Web Authentication Figure 178: Configuring Global Settings for Web Authentication Configuring Use the Security > Web Authentication (Configure Interface) page to enable web Interface Settings for authentication on a port, and display information for any connected hosts. Web Authentication Parameters These parameters are displayed:...
Page 305: Figure 179: Configuring Interface Settings For Web Authentication
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 179: Configuring Interface Settings for Web Authentication Network Access (MAC Address Authentication) Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations. This is often true for devices such as network printers, IP phones, and some wireless access points.
Page 306: Table 17: Dynamic Qos Profiles
Chapter 12 | Security Measures Network Access (MAC Address Authentication) maximum number of secure MAC addresses supported for the switch system is 1024. ◆ Configured static MAC addresses are added to the secure address table when seen on a switch port. Static addresses are treated as authenticated without sending a request to a RADIUS server.
Page 307 Chapter 12 | Security Measures Network Access (MAC Address Authentication) For example, if the attribute is “service-policy-in=p1;service-policy-in=p2”, then the switch applies only the DiffServ profile “p1. ” ◆ Any unsupported profiles in the Filter-ID attribute are ignored. For example, if the attribute is “map-ip-dscp=2:3;service-policy-in=p1, ” then the switch ignores the “map-ip-dscp”...
Page 308: Figure 180: Configuring Global Settings For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Authenticated MAC addresses are stored as dynamic entries in the switch’s secure MAC address table and are removed when the aging time expires. The maximum number of secure MAC addresses supported for the switch system is 1024.
Page 309 Chapter 12 | Security Measures Network Access (MAC Address Authentication) Intrusion – Sets the port response to a host MAC authentication failure to ■ either block access to the port or to pass traffic through. (Options: Block, Pass; Default: Block) Max MAC Count –...
Page 310: Figure 181: Configuring Interface Settings For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Web Interface To configure MAC authentication on switch ports: Click Security, Network Access. Select Configure Interface from the Step list. Click the General button. Make any configuration changes required to enable address authentication on a port, set the maximum number of secure addresses supported, the guest VLAN to use when MAC Authentication or 802.1X Authentication fails, and the dynamic VLAN and QoS assignments.
Page 311: Figure 182: Configuring Link Detection For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) ◆ Action – The switch can respond in three ways to a link up or down trigger event. Trap – An SNMP trap is sent. ■ Trap and shutdown – An SNMP trap is sent and the port is shut down. ■...
Page 312: Figure 183: Configuring A Mac Address Filter For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Parameters These parameters are displayed: ◆ Filter ID – Adds a filter rule for the specified filter. ◆ MAC Address – The filter rule will check ingress packets against the entered MAC address or range of MAC addresses (as defined by the MAC Address Mask).
Page 313: Figure 184: Showing The Mac Address Filter Table For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Figure 184: Showing the MAC Address Filter Table for Network Access Displaying Secure Use the Security > Network Access (Show Information) page to display the authenticated MAC addresses stored in the secure MAC address table. Information MAC Address on the secure MAC entries can be displayed and selected entries can be removed Information...
Page 314: Figure 185: Showing Addresses Authenticated For Network Access
Chapter 12 | Security Measures Network Access (MAC Address Authentication) Web Interface To display the authenticated MAC addresses stored in the secure MAC address table: Click Security, Network Access. Select Show Information from the Step list. Use the sort key to display addresses based MAC address, interface, or attribute. Restrict the displayed addresses by entering a specific address in the MAC Address field, specifying a port in the Interface field, or setting the address type to static or dynamic in the Attribute field.
Page 315: Table 18: Https System Support
Chapter 12 | Security Measures Configuring HTTPS Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Configuring Global Use the Security >...
Page 316: Figure 186: Configuring Https
Chapter 12 | Security Measures Configuring HTTPS Parameters These parameters are displayed: ◆ HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) ◆ HTTPS Port – Specifies the TCP port number used for HTTPS connection to the switch’s web interface.
Page 317 Chapter 12 | Security Measures Configuring HTTPS When you have obtained these, place them on your TFTP server and transfer them to the switch to replace the default (unrecognized) certificate with an authorized one. Note: The switch must be reset for the new certificate to be activated. To reset the switch, see “Resetting the System”...
Page 318: Figure 187: Downloading The Secure-Site Certificate
Chapter 12 | Security Measures Configuring the Secure Shell Figure 187: Downloading the Secure-Site Certificate Configuring the Secure Shell The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments.
Page 319 Chapter 12 | Security Measures Configuring the Secure Shell To use the SSH server, complete these steps: Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Page 320: Configuring The Ssh Server
Chapter 12 | Security Measures Configuring the Secure Shell Public Key Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it.
Page 321: Figure 188: Configuring The Ssh Server
Chapter 12 | Security Measures Configuring the Secure Shell Parameters These parameters are displayed: ◆ SSH Server Status – Allows you to enable/disable the SSH server on the switch. (Default: Disabled) ◆ Version – The Secure Shell version number. Version 2.0 is displayed, but the switch supports management access via either SSH Version 1.5 or 2.0 clients.
Page 322: Generating The Host Key Pair
Chapter 12 | Security Measures Configuring the Secure Shell Generating the Use the Security > SSH (Configure Host Key - Generate) page to generate a host public/private key pair used to provide secure communications between an SSH Host Key Pair client and the switch.
Page 323: Figure 189: Generating The Ssh Host Key Pair
Chapter 12 | Security Measures Configuring the Secure Shell Figure 189: Generating the SSH Host Key Pair To display or clear the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Show from the Action list. Select the host-key type to clear.
Page 324: Figure 191: Copying The Ssh User's Public Key
Chapter 12 | Security Measures Configuring the Secure Shell Parameters These parameters are displayed: ◆ User Name – This drop-down box selects the user who’s public key you wish to manage. Note that you must first create users on the User Accounts page (see “Configuring User Accounts”...
Page 325: Figure 192: Showing The Ssh User's Public Key
Chapter 12 | Security Measures Access Control Lists To display or clear the SSH user’s public key: Click Security, SSH. Select Configure User Key from the Step list. Select Show from the Action list. Select a user from the User Name list. Select the host-key type to clear.
Page 326 Chapter 12 | Security Measures Access Control Lists Command Usage The following restrictions apply to ACLs: ◆ The maximum number of ACLs is 512. ◆ The maximum number of rules per system is 2048 rules. ◆ An ACL can have up to 2048 rules. However, due to resource restrictions, the average number of rules bound to the ports should not exceed 20.
Page 327: Setting A Time Range
Chapter 12 | Security Measures Access Control Lists If the result of checking an IP ACL is to permit a packet, but the result of a MAC ACL on the same packet is to deny it, the packet will be denied (because the decision to deny a packet has a higher priority for security reasons).
Page 328: Figure 193: Setting The Name Of A Time Range
Chapter 12 | Security Measures Access Control Lists Figure 193: Setting the Name of a Time Range To show a list of time ranges: Click Security, ACL. Select Configure Time Range from the Step list. Select Show from the Action list. Figure 194: Showing a List of Time Ranges To configure a rule for a time range: Click Security, ACL.
Page 329: Figure 195: Add A Rule To A Time Range
Chapter 12 | Security Measures Access Control Lists Figure 195: Add a Rule to a Time Range To show the rules configured for a time range: Click Security, ACL. Select Configure Time Range from the Step list. Select Show Rule from the Action list. Figure 196: Showing the Rules Configured for a Time Range Showing Use the Security >...
Page 330: Figure 197: Showing Tcam Utilization
Chapter 12 | Security Measures Access Control Lists For example, when binding an ACL to a port, each rule in an ACL will use two PCEs; and when setting an IP Source Guard filter rule for a port, the system will also use two PCEs.
Page 331: Figure 198: Creating An Acl
Chapter 12 | Security Measures Access Control Lists ◆ Type – The following filter modes are supported: IP Standard: IPv4 ACL mode filters packets based on the source IPv4 ■ address. IP Extended: IPv4 ACL mode filters packets based on the source or ■...
Page 332: Figure 199: Showing A List Of Acls
Chapter 12 | Security Measures Access Control Lists To show a list of ACLs: Click Security, ACL. Select Configure ACL from the Step list. Select Show from the Action list. Figure 199: Showing a List of ACLs Configuring a Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to configure a Standard IPv4 ACL Standard IPv4 ACL.
Page 333: Figure 200: Configuring A Standard Ipv4 Acl
Chapter 12 | Security Measures Access Control Lists address, and compared with the address for each IP packet entering the port(s) to which this ACL has been assigned. ◆ Time Range – Name of a time range. Web Interface To add rules to an IPv4 Standard ACL: Click Security, ACL.
Page 334: Configuring An Extended Ipv4 Acl
Chapter 12 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to configure an Extended IPv4 ACL. Extended IPv4 ACL Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...
Page 335 Chapter 12 | Security Measures Access Control Lists 4 (rst) – Reset ■ 8 (psh) – Push ■ ■ 16 (ack) – Acknowledgement ■ 32 (urg) – Urgent pointer For example, use the code value and mask below to catch packets with the following flags set: SYN flag valid, use control-code 2, control bit mask 2 ■...
Page 336: Figure 201: Configuring An Extended Ipv4 Acl
Chapter 12 | Security Measures Access Control Lists Figure 201: Configuring an Extended IPv4 ACL Configuring a Use the Security > ACL (Configure ACL - Add Rule - IPv6 Standard) page to Standard IPv6 ACL configure a Standard IPv6ACL. Parameters These parameters are displayed: ◆...
Page 337: Figure 202: Configuring A Standard Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists Web Interface To add rules to a Standard IPv6 ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add Rule from the Action list. Select IPv6 Standard from the Type list. Select the name of an ACL from the Name list.
Page 338 Chapter 12 | Security Measures Access Control Lists ◆ Action – An ACL can contain any combination of permit or deny rules. ◆ Source Address Type – Specifies the source IP address type. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IPv6-Prefix”...
Page 339: Figure 203: Configuring An Extended Ipv6 Acl
Chapter 12 | Security Measures Access Control Lists Select Add Rule from the Action list. Select IPv6 Extended from the Type list. Select the name of an ACL from the Name list. Specify the action (i.e., Permit or Deny). Select the address type (Any or IPv6-prefix). If you select “Host, ”...
Page 340 Chapter 12 | Security Measures Access Control Lists ◆ Action – An ACL can contain any combination of permit or deny rules. ◆ Source/Destination Address Type – Use “Any” to include all possible addresses, “Host” to indicate a specific MAC address, or “MAC” to specify an address range with the Address and Bit Mask fields.
Page 341: Figure 204: Configuring A Mac Acl
Chapter 12 | Security Measures Access Control Lists Select the address type (Any, Host, or MAC). If you select “Host, ” enter a specific address (e.g., 11-22-33-44-55-66). If you select “MAC, ” enter a base address and a hexadecimal bit mask for an address range.
Page 342 Chapter 12 | Security Measures Access Control Lists ◆ Source/Destination IP Address Type – Specifies the source or destination IPv4 address. Use “Any” to include all possible addresses, “Host” to specify a specific host address in the Address field, or “IP” to specify a range of addresses with the Address and Mask fields.
Page 343: Figure 205: Configuring A Arp Acl
Chapter 12 | Security Measures Access Control Lists Figure 205: Configuring a ARP ACL Binding a Port to an After configuring ACLs, use the Security > ACL (Configure Interface – Configure) Access Control List page to bind the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list and one MAC access list to any port.
Page 344: Figure 206: Binding A Port To An Acl
Chapter 12 | Security Measures Access Control Lists Select the name of an ACL from the ACL list. Click Apply. Figure 206: Binding a Port to an ACL Configuring After configuring ACLs, use the Security > ACL > Configure Interface (Add Mirror) ACL Mirroring page to mirror traffic matching an ACL from one or more source ports to a target port for real-time analysis.
Page 345: Figure 207: Configuring Acl Mirroring
Chapter 12 | Security Measures Access Control Lists Web Interface To bind an ACL to a port: Click Security, ACL. Select Configure Interface from the Step list. Select Add Mirror from the Action list. Select a port. Select the name of an ACL from the ACL list. Click Apply.
Page 346: Showing Acl Hardware Counters
Chapter 12 | Security Measures Access Control Lists Showing ACL Use the Security > ACL > Configure Interface (Show Hardware Counters) page to show statistics for ACL hardware counters. Hardware Counters Parameters These parameters are displayed: ◆ Port – Port identifier. (Range: 1-28/52) ◆...
Page 347: Figure 209: Showing Acl Statistics
Chapter 12 | Security Measures ARP Inspection Figure 209: Showing ACL Statistics ARP Inspection ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain “man-in-the- middle”...
Page 348: Configuring Global Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection When ARP Inspection is disabled, all ARP request and reply packets will ■ bypass the ARP Inspection engine and their switching behavior will match that of all other packets. Disabling and then re-enabling global ARP Inspection will not affect the ■...
Page 349 Chapter 12 | Security Measures ARP Inspection ◆ When the switch drops a packet, it places an entry in the log buffer, then generates a system message on a rate-controlled basis. After the system message is generated, the entry is cleared from the log buffer. ◆...
Page 350: Figure 210: Configuring Global Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection Click Apply. Figure 210: Configuring Global Settings for ARP Inspection Configuring Use the Security > ARP Inspection (Configure VLAN) page to enable ARP inspection for any VLAN and to specify the ARP ACL to use. VLAN Settings for ARP Inspection Command Usage...
Page 351: Figure 211: Configuring Vlan Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection ◆ DAI Status – Enables Dynamic ARP Inspection for the selected VLAN. (Default: Disabled) ◆ ACL Name – Allows selection of any configured ARP ACLs. (Default: None) ◆ Static – When an ARP ACL is selected, and static mode also selected, the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database.
Page 352: Figure 212: Configuring Interface Settings For Arp Inspection
Chapter 12 | Security Measures ARP Inspection Packets arriving on trusted interfaces bypass all ARP Inspection and ARP Inspection Validation checks and will always be forwarded, while those arriving on untrusted interfaces are subject to all configured ARP inspection tests. ◆...
Page 353: Table 19: Arp Inspection Statistics
Chapter 12 | Security Measures ARP Inspection Displaying Use the Security > ARP Inspection (Show Information - Show Statistics) page to display statistics about the number of ARP packets processed, or dropped for ARP Inspection various reasons. Statistics Parameters These parameters are displayed: Table 19: ARP Inspection Statistics Parameter Description...
Page 354: Figure 213: Displaying Statistics For Arp Inspection
Chapter 12 | Security Measures ARP Inspection Figure 213: Displaying Statistics for ARP Inspection Displaying the Use the Security > ARP Inspection (Show Information - Show Log) page to show ARP Inspection Log information about entries stored in the log, including the associated VLAN, port, and address components.
Page 355: Figure 214: Displaying The Arp Inspection Log
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Figure 214: Displaying the ARP Inspection Log Filtering IP Addresses for Management Access Use the Security > IP Filter page to create a list of up to 15 IP addresses or IP address groups that are allowed management access to the switch through the web interface, SNMP, or Telnet.
Page 356: Figure 215: Creating An Ip Address Filter For Management Access
Chapter 12 | Security Measures Filtering IP Addresses for Management Access Telnet – Configures IP address(es) for the Telnet group. ■ All – Configures IP address(es) for all groups. ■ ◆ Start IP Address – A single IP address, or the starting address of a range. ◆...
Page 357: Figure 216: Showing Ip Addresses Authorized For Management Access
Chapter 12 | Security Measures Configuring Port Security To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 216: Showing IP Addresses Authorized for Management Access Configuring Port Security Use the Security >...
Page 358 Chapter 12 | Security Measures Configuring Port Security ◆ When the port security state is changed from enabled to disabled, all dynamically learned entries are cleared from the address table. ◆ If port security is enabled, and the maximum number of allowed addresses are set to a non-zero value, any device not in the address table that attempts to use the port will be prevented from accessing the switch.
Page 359: Figure 217: Configuring Port Security
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Current MAC Count – The number of MAC addresses currently associated with this interface. ◆ MAC Filter – Shows if MAC address filtering has been set under Security > Network Access (Configure MAC Filter) as described on page 305.
Page 360: Figure 218: Configuring Port Security
Chapter 12 | Security Measures Configuring 802.1X Port Authentication This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange authentication protocol messages with the client, and a remote RADIUS authentication server to verify user identity and access rights. When a client (i.e., Supplicant) connects to a switch port, the switch (i.e., Authenticator) responds with an EAPOL identity request.
Page 361: Configuring 802.1X Global Settings
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ The RADIUS server and 802.1X client support EAP. (The switch only supports EAPOL in order to pass the EAP packets from the server to the client.) ◆ The RADIUS server and client also have to support the same EAP authentication type –...
Page 362: Figure 219: Configuring Global Settings For 802.1X Port Authentication
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Default – Sets all configurable 802.1X global and port settings to their default values. Web Interface To configure global settings for 802.1X: Click Security, Port Authentication. Select Configure Global from the Step list. Enable 802.1X globally for the switch, and configure EAPOL Pass Through if required.
Page 363 Chapter 12 | Security Measures Configuring 802.1X Port Authentication parameters for those ports which must authenticate clients through the remote authenticator (see “Configuring Port Supplicant Settings for 802.1X” on page 361). ◆ This switch can be configured to serve as the authenticator on selected ports by setting the Control Mode to Auto on this configuration page, and as a supplicant on other ports by the setting the control mode to Force-Authorized on this page and enabling the PAE supplicant on the Supplicant configuration...
Page 364 Chapter 12 | Security Measures Configuring 802.1X Port Authentication In this mode, each host connected to a port needs to pass authentication. The number of hosts allowed access to a port operating in this mode is limited only by the available space in the secure address table (i.e., up to 1024 addresses).
Page 365 Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Intrusion Action – Sets the port’s response to a failed authentication. Block Traffic – Blocks all non-EAP traffic on the port. (This is the default ■ setting.) Guest VLAN – All traffic for the port is assigned to a guest VLAN. The guest ■...
Page 366: Figure 220: Configuring Interface Settings For 802.1X Port Authenticator
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Web Interface To configure port authenticator settings for 802.1X: Click Security, Port Authentication. Select Configure Interface from the Step list. Click Authenticator. Modify the authentication settings for each port as required. Click Apply Figure 220: Configuring Interface Settings for 802.1X Port Authenticator –...
Page 367: Configuring Port Supplicant Settings For 802.1X
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Configuring Use the Security > Port Authentication (Configure Interface – Supplicant) page to configure 802.1X port settings for supplicant requests issued from a port to an Port Supplicant authenticator on another device. When 802.1X is enabled and the control mode is Settings for 802.1X set to Force-Authorized (see “Configuring Port Authenticator Settings for 802.1X”...
Page 368: Figure 221: Configuring Interface Settings For 802.1X Port Supplicant
Chapter 12 | Security Measures Configuring 802.1X Port Authentication ◆ Maximum Start – The maximum number of times that a port supplicant will send an EAP start frame to the client before assuming that the client is 802.1X unaware. (Range: 1-65535; Default: 3) ◆...
Page 369: Table 21: 802.1X Statistics
Chapter 12 | Security Measures Configuring 802.1X Port Authentication Displaying Use the Security > Port Authentication (Show Statistics) page to display statistics for dot1x protocol exchanges for any port. 802.1X Statistics Parameters These parameters are displayed: Table 21: 802.1X Statistics Parameter Description Authenticator...
Page 370: Figure 222: Showing Statistics For 802.1X Port Authenticator
Chapter 12 | Security Measures Configuring 802.1X Port Authentication (Continued) Table 21: 802.1X Statistics Parameter Description Rx EAP LenError The number of EAPOL frames that have been received by this Supplicant in which the Packet Body Length field is invalid. Tx EAPOL Total The number of EAPOL frames of any type that have been transmitted by this Supplicant.
Page 371: Figure 223: Showing Statistics For 802.1X Port Supplicant
Chapter 12 | Security Measures DoS Protection To display port supplicant statistics for 802.1X: Click Security, Port Authentication. Select Show Statistics from the Step list. Click Supplicant. Figure 223: Showing Statistics for 802.1X Port Supplicant DoS Protection Use the Security > DoS Protection page to protect against denial-of-service (DoS) attacks.
Page 372 Chapter 12 | Security Measures DoS Protection ◆ Smurf Attack – Attacks in which a perpetrator generates a large amount of spoofed ICMP Echo Request traffic to the broadcast destination IP address (255.255.255.255), all of which uses a spoofed source address of the intended victim.
Page 373: Figure 224: Protecting Against Dos Attacks
Chapter 12 | Security Measures DoS Protection ◆ WinNuke Attack – Attacks in which affected the Microsoft Windows 3.1x/95/ NT operating systems. In this type of attack, the perpetrator sends the string of OOB out-of-band (OOB) packets contained a TCP URG flag to the target computer on TCP port 139 (NetBIOS), casing it to lock up and display a “Blue Screen of Death.
Page 374: Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard IPv4 Source Guard IPv4 Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see “DHCP Snooping”...
Page 375 Chapter 12 | Security Measures IPv4 Source Guard If a matching entry is found in the binding table and the entry type is static IP source guard binding, or dynamic DHCP snooping binding, the packet will be forwarded. If IP source guard if enabled on an interface for which IP source bindings ■...
Page 376: Figure 225: Setting The Filter Type For Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard Figure 225: Setting the Filter Type for IPv4 Source Guard Configuring Use the Security > IP Source Guard > Static Configuration (Configure ACL Table and Configure MAC Table) pages to bind a static address to a port. Table entries include Static Bindings a MAC address, IP address, lease time, entry type (Static, Dynamic), VLAN identifier, for IPv4 Source Guard...
Page 377 Chapter 12 | Security Measures IPv4 Source Guard A valid static IP source guard entry will be added to the binding table in ■ MAC mode if one of the following conditions are true: If there is no binding entry with the same IP address and MAC address, ■...
Page 378: Figure 226: Configuring Static Bindings For Ipv4 Source Guard
Chapter 12 | Security Measures IPv4 Source Guard Web Interface To configure static bindings for IP Source Guard: Click Security, IP Source Guard, Static Configuration. Select Configure ACL Table or Configure MAC Table from the Step list. Select Add from the Action list. Enter the required bindings for each port.
Page 379: Displaying Information For Dynamic Ipv4 Source Guard Bindings
Chapter 12 | Security Measures IPv4 Source Guard Displaying Use the Security > IP Source Guard > Dynamic Binding page to display the source- guard binding table for a selected interface. Information for Dynamic IPv4 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Page 380: Figure 228: Showing The Ipv4 Source Guard Binding Table
Chapter 12 | Security Measures IPv6 Source Guard Figure 228: Showing the IPv4 Source Guard Binding Table IPv6 Source Guard IPv6 Source Guard is a security feature that filters IPv6 traffic on non-routed, Layer 2 network interfaces based on manually configured entries in the IPv6 Source Guard table, or dynamic entries in the Neighbor Discovery Snooping table or DHCPv6 Snooping table when either snooping protocol is enabled (refer to the DHCPv6 Snooping commands in the CLI Reference Guide).
Page 381 Chapter 12 | Security Measures IPv6 Source Guard ◆ Table entries include a MAC address, IPv6 global unicast address, entry type (Static-IPv6-SG-Binding, Dynamic-ND-Binding, Dynamic-DHCPv6-Binding), VLAN identifier, and port identifier. ◆ Static addresses entered in the source guard binding table (using the Static Binding page) are automatically configured with an infinite lease time.
Page 382: Figure 229: Setting The Filter Type For Ipv6 Source Guard
Chapter 12 | Security Measures IPv6 Source Guard Guide), and static entries set by IPv6 Source Guard (see “Configuring Static Bindings for IPv6 Source Guard” on page 376). IPv6 source guard maximum bindings must be set to a value higher than ■...
Page 383 Chapter 12 | Security Measures IPv6 Source Guard ◆ Static addresses entered in the source guard binding table are automatically configured with an infinite lease time. ◆ When source guard is enabled, traffic is filtered based upon dynamic entries learned via ND snooping, DHCPv6 snooping, or static addresses configured in the source guard binding table.
Page 384: Figure 230: Configuring Static Bindings For Ipv6 Source Guard
Chapter 12 | Security Measures IPv6 Source Guard ND – Dynamic Neighbor Discovery binding, stateless address. ■ STA – Static IPv6 Source Guard binding. ■ Web Interface To configure static bindings for IPv6 Source Guard: Click Security, IPv6 Source Guard, Static Configuration. Select Add from the Action list.
Page 385: Displaying Information For Dynamic Ipv6 Source Guard Bindings
Chapter 12 | Security Measures IPv6 Source Guard Displaying Use the Security > IPv6 Source Guard > Dynamic Binding page to display the source-guard binding table for a selected interface. Information for Dynamic IPv6 Source Guard Bindings Parameters These parameters are displayed: Query by ◆...
Page 386: Figure 232: Showing The Ipv6 Source Guard Binding Table
Chapter 12 | Security Measures DHCP Snooping Figure 232: Showing the IPv6 Source Guard Binding Table DHCP Snooping The addresses assigned to DHCP clients on insecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard).
Page 387 Chapter 12 | Security Measures DHCP Snooping ◆ Filtering rules are implemented as follows: If the global DHCP snooping is disabled, all DHCP packets are forwarded. ■ If DHCP snooping is enabled globally, and also enabled on the VLAN where ■...
Page 388: Dhcp Snooping Configuration
Chapter 12 | Security Measures DHCP Snooping DHCP Snooping Option 82 ◆ DHCP provides a relay mechanism for sending information about its DHCP clients or the relay agent itself to the DHCP server. Also known as DHCP Option 82, it allows compatible DHCP servers to use the information when assigning IP addresses, or to set other services or policies for clients.
Page 389 Chapter 12 | Security Measures DHCP Snooping ◆ DHCP Snooping Information Option Status – Enables or disables DHCP Option 82 information relay. (Default: Disabled) ◆ DHCP Snooping Information Option Sub-option Format – Enables or disables use of sub-type and sub-length fields in circuit-ID (CID) and remote-ID (RID) in Option 82 information.
Page 390: Figure 233: Configuring Global Settings For Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping Figure 233: Configuring Global Settings for DHCP Snooping DHCP Snooping Use the IP Service > DHCP > Snooping (Configure VLAN) page to enable or disable VLAN Configuration DHCP snooping on specific VLANs. Command Usage ◆...
Page 391: Figure 234: Configuring Dhcp Snooping On A Vlan
Chapter 12 | Security Measures DHCP Snooping Enable DHCP Snooping on any existing VLAN. Click Apply Figure 234: Configuring DHCP Snooping on a VLAN Configuring Ports Use the IP Service > DHCP > Snooping (Configure Interface) page to configure for DHCP Snooping switch ports as trusted or untrusted.
Page 392: Figure 235: Configuring The Port Mode For Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping Web Interface To configure global settings for DHCP Snooping: Click IP Service, DHCP, Snooping. Select Configure Interface from the Step list. Set any ports within the local network or firewall to trusted. Specify the mode used for sending circuit ID information, and an arbitrary string if required.
Page 393: Figure 236: Displaying The Binding Table For Dhcp Snooping
Chapter 12 | Security Measures DHCP Snooping ◆ Store – Writes all dynamically learned snooping entries to flash memory. This function can be used to store the currently learned dynamic DHCP snooping entries to flash memory. These entries will be restored to the snooping table when the switch is reset.
Page 394 Chapter 12 | Security Measures DHCP Snooping – 388 –...
Page 395: Basic Administration Protocols
Basic Administration Protocols This chapter describes basic administration tasks including: ◆ Event Logging – Sets conditions for logging event messages to system memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).
Page 396: Table 22: Logging Levels
Chapter 13 | Basic Administration Protocols Configuring Event Logging Configuring Event Logging The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages.
Page 397: Figure 237: Configuring Settings For System Memory Logs
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ RAM Level – Limits log messages saved to the switch’s temporary RAM memory for all levels up to the specified level. For example, if level 7 is specified, all messages from level 0 to level 7 will be logged to RAM. (Range: 0-7, Default: 7) Note: The Flash Level must be equal to or less than the RAM Level.
Page 398: Figure 238: Showing Error Messages Logged To System Memory
Chapter 13 | Basic Administration Protocols Configuring Event Logging memory (RAM; i.e., memory flushed on power reset) and up to 4096 entries in permanent flash memory. Figure 238: Showing Error Messages Logged to System Memory Remote Log Use the Administration > Log > Remote page to send log messages to syslog servers or other management stations.
Page 399: Figure 239: Configuring Settings For Remote Logging Of Error Messages
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Port - Specifies the UDP port number used by the remote server. (Range: 1-65535; Default: 514) Web Interface To configure the logging of error messages to remote servers: Click Administration, Log, Remote. Enable remote logging, specify the facility type to use for the syslog messages.
Page 400: Figure 240: Configuring Smtp Alert Messages
Chapter 13 | Basic Administration Protocols Configuring Event Logging ◆ Email Destination Address – Specifies the email recipients of alert messages. You can specify up to five recipients. ◆ Server IP Address – Specifies a list of up to three recipient SMTP servers. IPv4 or IPv6 addresses may be specified.
Page 401: Link Layer Discovery Protocol
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
Page 402 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol increase the probability that multiple, rather than single changes, are reported in each transmission. This attribute must comply with the rule: (4 * Delay Interval)   Transmission Interval ◆ Reinitialization Delay –...
Page 403: Figure 241: Configuring Lldp Timing Attributes
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 241: Configuring LLDP Timing Attributes Configuring LLDP Use the Administration > LLDP (Configure Interface - Configure General) page to Interface Attributes specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
Page 404 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Basic Optional TLVs – Configures basic information included in the TLV field of advertised messages. Management Address – The management address protocol packet ■ includes the IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 405 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol VLAN ID – The port’s default VLAN identifier (PVID) indicates the VLAN with ■ which untagged or priority-tagged frames are associated (see “IEEE 802.1Q VLANs” on page 163). (Default: Enabled) VLAN Name –...
Page 406 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Network Policy – This option advertises network policy configuration ■ information, aiding in the discovery and diagnosis of VLAN configuration mismatches on a port. Improper network policy configurations frequently result in voice quality degradation or complete service disruption. (Default: Enabled) ◆...
Page 407: Figure 242: Configuring Lldp Interface Attributes
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 242: Configuring LLDP Interface Attributes Configuring Use the Administration > LLDP (Configure Interface – Add CA-Type) page to specify the physical location of the device attached to an interface. LLDP Interface Civic-Address Command Usage...
Page 408: Figure 243: Configuring The Civic Address For An Lldp Interface
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 23: LLDP MED Location CA Types CA Type Description CA Value Example Landmark or vanity address Tech Center Unit (apartment, suite) Apt 519 Floor Room 509B ◆ Any number of CA type and value pairs can be specified for the civic address location, as long as the total does not exceed 250 characters.
Page 409: Figure 244: Showing The Civic Address For An Lldp Interface
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol To show the physical location of the attached device: Click Administration, LLDP. Select Configure Interface from the Step list. Select Show CA-Type from the Action list. Select an interface from the Port or Trunk list. Figure 244: Showing the Civic Address for an LLDP Interface Displaying LLDP Use the Administration >...
Page 410: Table 25: System Capabilities
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Chassis ID – An octet string indicating the specific identifier for the particular chassis in this system. ◆ System Name – A string that indicates the system’s administratively assigned name (see “Displaying System Information”...
Page 411: Table 26: Port Id Subtype
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Port/Trunk ID Type – There are several ways in which a port may be identified. A port ID subtype is used to indicate how the port is being referenced in the Port ID TLV.
Page 412: Figure 245: Displaying Local Device Information For Lldp (General)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 245: Displaying Local Device Information for LLDP (General) Figure 246: Displaying Local Device Information for LLDP (Port) Figure 247: Displaying Local Device Information for LLDP (Port Details) – 406 –...
Page 413 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Displaying LLDP Use the Administration > LLDP (Show Remote Device Information) page to display information about devices connected directly to the switch’s ports which are Remote Device advertising information through LLDP, or to display detailed information about an Information LLDP-enabled device connected to a specific port on the local switch.
Page 414: Table 27: Remote Port Auto-Negotiation Advertised Capability
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ System Capabilities Supported – The capabilities that define the primary function(s) of the system. (See Table 25, "System Capabilities," on page 404.) ◆ System Capabilities Enabled – The primary function(s) of the system which are currently enabled.
Page 415 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 27: Remote Port Auto-Negotiation Advertised Capability Capability 100BASE-TX full duplex mode 100BASE-T2 half duplex mode 100BASE-T2 full duplex mode PAUSE for full-duplex links Asymmetric PAUSE for full-duplex links Symmetric PAUSE for full-duplex links Asymmetric and Symmetric PAUSE for full-duplex links 1000BASE-X, -LX, -SX, -CX half duplex mode...
Page 416 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – 802.3 Extension Trunk Information ◆ Remote Link Aggregation Capable – Shows if the remote port is not in link aggregation state and/or it does not support link aggregation. ◆...
Page 417 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – Network Policy ◆ Application Type – The primary application(s) defined for this network policy: Voice ■ Voice Signaling ■ Guest Signaling ■ Guest Voice Signaling ■ Softphone Voice ■...
Page 418 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ECS ELIN – Emergency Call Service Emergency Location Identification ■ Number supports traditional PSAP-based Emergency Call Service in North America. ◆ Country Code – The two-letter ISO 3166 country code in capital ASCII letters. (Example: DK, DE or US) ◆...
Page 419: Figure 248: Displaying Remote Device Information For Lldp (Port)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Web Interface To display LLDP information for a remote port: Click Administration, LLDP. Select Show Remote Device Information from the Step list. Select Port, Port Details, Trunk, or Trunk Details. When the next page opens, select a port on this switch and the index for a remote device attached to this port.
Page 420: Figure 249: Displaying Remote Device Information For Lldp (Port Details)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Figure 249: Displaying Remote Device Information for LLDP (Port Details) – 414 –...
Page 421: Figure 250: Displaying Remote Device Information For Lldp (End Node)
Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol Additional information displayed by an end-point device which advertises LLDP- MED TLVs is shown in the following figure. Figure 250: Displaying Remote Device Information for LLDP (End Node) Displaying Use the Administration > LLDP (Show Device Statistics) page to display statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages Device Statistics transmitted or received on all local interfaces.
Page 422 Chapter 13 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Neighbor Entries Dropped Count – The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources. ◆ Neighbor Entries Age-out Count – The number of times that a neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired.
Page 423: Figure 251: Displaying Lldp Device Statistics (General)
Chapter 13 | Basic Administration Protocols Power over Ethernet Figure 251: Displaying LLDP Device Statistics (General) Figure 252: Displaying LLDP Device Statistics (Port) Power over Ethernet The ECS4620-28P/52P can provide DC power to a wide range of connected devices, eliminating the need for an additional power source and cutting down on the amount of cables attached to each device.
Page 424: Setting The Port Poe Power Budget
Chapter 13 | Basic Administration Protocols Power over Ethernet Ports can be set to one of three power priority levels, critical, high, or low. To control the power supply within the switch’s budget, ports set at critical to high priority have power enabled in preference to those ports set at low priority.
Page 425 Chapter 13 | Basic Administration Protocols Power over Ethernet power is provided to the port only if the switch can drop power to one or more lower-priority ports and thereby remain within its overall budget. If a device is connected to a port after the switch has finished booting up ■...
Page 426: Figure 253: Setting A Port's Poe Budget
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 253: Setting a Port’s PoE Budget Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Page 427: Table 28: Snmpv3 Security Models And Levels
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol and SNMPv3. Users are assigned to “groups” that are defined by a security model and specified security levels. Each group also has a defined security access to set of MIB objects for reading and writing, which are known as “views. ” The switch has a default view (all MIB objects) and default groups defined for security models v1 and v2c.
Page 428: Configuring Global Settings For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Configuring SNMPv3 Management Access Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages. Use the Administration > SNMP (Configure Trap) page to specify trap managers so that key events are reported by this switch to your management station.
Page 429: Figure 254: Configuring Global Settings For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Click Apply Figure 254: Configuring Global Settings for SNMP Setting the Use the Administration > SNMP (Configure Engine - Set Engine ID) page to change Local Engine ID the local engine ID. An SNMPv3 engine is an independent SNMP agent that resides on the switch.
Page 430: Figure 255: Configuring The Local Engine Id For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 255: Configuring the Local Engine ID for SNMP Specifying a Use the Administration > SNMP (Configure Engine - Add Remote Engine) page to configure a engine ID for a remote management station. To allow management Remote Engine ID access from an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.
Page 431: Figure 256: Configuring A Remote Engine Id For Snmp
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 256: Configuring a Remote Engine ID for SNMP To show the remote SNMP engine IDs: Click Administration, SNMP. Select Configure Engine from the Step list. Select Show Remote Engine from the Action list. Figure 257: Showing Remote Engine IDs for SNMP Setting SNMPv3 Views Use the Administration >...
Page 432: Figure 258: Creating An Snmp View
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Add OID Subtree ◆ View Name – Lists the SNMP views configured in the Add View page. (Range: 1-32 characters) ◆ OID Subtree – Adds an additional object identifier of a branch within the MIB tree to the selected View.
Page 433: Figure 259: Showing Snmp Views
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 259: Showing SNMP Views To add an object identifier to an existing SNMP view of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Add OID Subtree from the Action list.
Page 434: Figure 261: Showing The Oid Subtree Configured For Snmp Views
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 261: Showing the OID Subtree Configured for SNMP Views Configuring Use the Administration > SNMP (Configure Group) page to add an SNMPv3 group which can be used to set the access policy for its assigned users, restricting them to SNMPv3 Groups specific read, write, and notify views.
Page 435: Table 29: Supported Notification Messages
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Table 29: Supported Notification Messages Model Level Group RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its...
Page 436 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 29: Supported Notification Messages Model Level Group Private Traps swPowerStatusChangeTrap 1.3.6.1.4.1.259.10.1.41.2.1.0.1 This trap is sent when the power state changes. swPortSecurityTrap 1.3.6.1.4.1.259.10.1.41.2.1.0.36 This trap is sent when the port is being intruded. This trap will only be sent when the portSecActionTrap is enabled.
Page 437 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 29: Supported Notification Messages Model Level Group swCpuUtiRisingNotification 1.3.6.1.4.1.259.10.1.41.2.1.0.107 This notification indicates that the CPU utilization has risen from cpuUtiFallingThreshold to cpuUtiRisingThreshold. swCpuUtiFallingNotification 1.3.6.1.4.1.259.10.1.41.2.1.0.108 This notification indicates that the CPU utilization has fallen from cpuUtiRisingThreshold to cpuUtiFallingThreshold.
Page 438: Figure 262: Creating An Snmp Group
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Web Interface To configure an SNMP group: Click Administration, SNMP. Select Configure Group from the Step list. Select Add from the Action list. Enter a group name, assign a security model and level, and then select read, write, and notify views.
Page 439: Figure 263: Showing Snmp Groups
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 263: Showing SNMP Groups Setting Community Use the Administration > SNMP (Configure User - Add Community) page to configure up to five community strings authorized for management access by Access Strings clients using SNMP v1 and v2c.
Page 440: Figure 264: Setting Community Access Strings
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Web Interface To set a community access string: Click Administration, SNMP. Select Configure User from the Step list. Select Add Community from the Action list. Add new community strings as required, and select the corresponding access rights from the Access Mode list.
Page 441: Configuring Local Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Configuring Use the Administration > SNMP (Configure User - Add SNMPv3 Local User) page to authorize management access for SNMPv3 clients, or to identify the source of Local SNMPv3 Users SNMPv3 trap messages sent from the local switch.
Page 442: Figure 266: Configuring Local Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Web Interface To configure a local SNMPv3 user: Click Administration, SNMP. Select Configure User from the Step list. Select Add SNMPv3 Local User from the Action list. Enter a name and assign it to a group. If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv, then an authentication protocol and password must be specified.
Page 443: Figure 267: Showing Local Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 267: Showing Local SNMPv3 Users Configuring Use the Administration > SNMP (Configure User - Add SNMPv3 Remote User) page to identify the source of SNMPv3 inform messages sent from the local switch. Each Remote SNMPv3 Users SNMPv3 user is defined by a unique name.
Page 444 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol AuthPriv – SNMP communications use both authentication and ■ encryption. ◆ Authentication Protocol – The method used for user authentication. (Options: MD5, SHA; Default: MD5) ◆ Authentication Password – A minimum of eight plain text characters is required.
Page 445: Figure 268: Configuring Remote Snmpv3 Users
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 268: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Remote User from the Action list. Figure 269: Showing Remote SNMPv3 Users –...
Page 446: Specifying Trap Managers
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Specifying Use the Administration > SNMP (Configure Trap) page to specify the host devices to be sent traps and the types of traps to send. Traps indicating status changes are Trap Managers issued by the switch to the specified trap managers.
Page 447 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ Community String – Specifies a valid community string for the new trap manager entry. (Range: 1-32 characters, case sensitive) Although you can set this string in the Configure Trap – Add page, we recommend defining it in the Configure User –...
Page 448 Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Inform – Notifications are sent as inform messages. Note that this option is ■ only available for version 2c and 3 hosts. (Default: traps are used) Timeout – The number of seconds to wait for an acknowledgment ■...
Page 449: Figure 270: Configuring Trap Managers (Snmpv1)
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Click Apply Figure 270: Configuring Trap Managers (SNMPv1) Figure 271: Configuring Trap Managers (SNMPv2c) Figure 272: Configuring Trap Managers (SNMPv3) – 443 –...
Page 450: Figure 273: Showing Trap Managers
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol To show configured trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Show from the Action list. Figure 273: Showing Trap Managers Creating SNMP Use the Administration > SNMP (Configure Notify Filter - Add) page to create an Notification Logs SNMP notification log.
Page 451: Figure 274: Creating Snmp Notification Logs
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ When a trap host is created using the Administration > SNMP (Configure Trap – Add) page described on page 440, a default notify filter will be created. Parameters These parameters are displayed: ◆...
Page 452: Figure 275: Showing Snmp Notification Logs
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol Figure 275: Showing SNMP Notification Logs Showing Use the Administration > SNMP (Show Statistics) page to show counters for SNMP input and output protocol data units. SNMP Statistics Parameters The following counters are displayed: ◆...
Page 453: Figure 276: Showing Snmp Statistics
Chapter 13 | Basic Administration Protocols Simple Network Management Protocol ◆ SNMP packets output – The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service. ◆ Too big errors – The total number of SNMP PDUs which were generated by the SNMP protocol entity and for which the value of the error-status field is “tooBig.
Page 454: Remote Monitoring
Chapter 13 | Basic Administration Protocols Remote Monitoring Remote Monitoring Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
Page 455 Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Sample Type – Tests for absolute or relative changes in the specified variable. Absolute – The variable is compared directly to the thresholds at the end ■ of the sampling period. Delta –...
Page 456: Figure 277: Configuring An Rmon Alarm
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 277: Configuring an RMON Alarm To show configured RMON alarms: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Alarm. Figure 278: Showing Configured RMON Alarms –...
Page 457: Configuring Rmon Events
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Global - Add - Event) page to set the action to take when an alarm is triggered. The response can include logging the Events alarm or sending a message to a trap manager.
Page 458: Figure 279: Configuring An Rmon Event
Chapter 13 | Basic Administration Protocols Remote Monitoring Web Interface To configure an RMON event: Click Administration, RMON. Select Configure Global from the Step list. Select Add from the Action list. Click Event. Enter an index number, the type of event to initiate, the community string to send with trap messages, the name of the person who created this event, and a brief description of the event.
Page 459: Figure 280: Showing Configured Rmon Events
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 280: Showing Configured RMON Events Configuring RMON Use the Administration > RMON (Configure Interface - Add - History) page to collect History Samples statistics on a physical interface to monitor network utilization, packet types, and errors.
Page 460: Figure 281: Configuring An Rmon History Sample
Chapter 13 | Basic Administration Protocols Remote Monitoring ◆ Interval - The polling interval. (Range: 1-3600 seconds; Default: 1800 seconds) ◆ Buckets - The number of buckets requested for this entry. (Range: 1-65536; Default: 50) The number of buckets granted are displayed on the Show page. ◆...
Page 461: Figure 282: Showing Configured Rmon History Samples
Chapter 13 | Basic Administration Protocols Remote Monitoring Select a port from the list. Click History. Figure 282: Showing Configured RMON History Samples To show collected RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list.
Page 462: Configuring Rmon Statistical Samples
Chapter 13 | Basic Administration Protocols Remote Monitoring Configuring RMON Use the Administration > RMON (Configure Interface - Add - Statistics) page to collect statistics on a port, which can subsequently be used to monitor the network Statistical Samples for common errors and overall traffic rates. Command Usage ◆...
Page 463: Figure 284: Configuring An Rmon Statistical Sample
Chapter 13 | Basic Administration Protocols Remote Monitoring Figure 284: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click Statistics.
Page 464: Figure 286: Showing Collected Rmon Statistical Samples
Chapter 13 | Basic Administration Protocols Switch Clustering Figure 286: Showing Collected RMON Statistical Samples Switch Clustering Switch clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 465: Configuring General Settings For Clusters
Chapter 13 | Basic Administration Protocols Switch Clustering ◆ The cluster VLAN 4093 is not configured by default. Before using clustering, take the following actions to set up this VLAN: Create VLAN 4093 (see “Configuring VLAN Groups” on page 166). Add the participating ports to this VLAN (see “Adding Static Members to VLANs”...
Page 466: Figure 287: Configuring A Switch Cluster
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure a switch cluster: Click Administration, Cluster. Select Configure Global from the Step list. Set the required attributes for a Commander or a managed candidate. Click Apply Figure 287: Configuring a Switch Cluster Cluster Member Use the Administration >...
Page 467: Figure 288: Configuring A Cluster Members
Chapter 13 | Basic Administration Protocols Switch Clustering Web Interface To configure cluster members: Click Administration, Cluster. Select Configure Member from the Step list. Select Add from the Action list. Select one of the cluster candidates discovered by this switch, or enter the MAC address of a candidate.
Page 468: Figure 290: Showing Cluster Candidates
Chapter 13 | Basic Administration Protocols Switch Clustering To show cluster candidates: Click Administration, Cluster. Select Configure Member from the Step list. Select Show Candidate from the Action list. Figure 290: Showing Cluster Candidates Managing Cluster Use the Administration > Cluster (Show Member) page to manage another switch Members in the cluster.
Page 469: Figure 291: Managing A Cluster Member
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Web Interface To manage a cluster member: Click Administration, Cluster. Select Show Member from the Step list. Select an entry from the Cluster Member List. Click Operate. Figure 291: Managing a Cluster Member Ethernet Ring Protection Switching Note: Information in this section is based on ITU-T G.8032/Y.1344.
Page 470 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Operational Concept Loop avoidance in the ring is achieved by guaranteeing that, at any time, traffic may flow on all but one of the ring links. This particular link is called the ring protection link (RPL), and under normal conditions this link is blocked to traffic.
Page 471: Figure 292: Erps Ring Components
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 292: ERPS Ring Components East Port West Port RPL Owner (Idle State) CC Messages CC Messages Multi-ring/Ladder Network – ERPSv2 also supports multipoint-to-multipoint connectivity within interconnected rings, called a “multi-ring/ladder network” topology.
Page 472: Figure 293: Ring Interconnection Architecture (Multi-Ring/Ladder Network)
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Interconnection nodes C and D have separate ERP Control Processes for each Ethernet Ring. Figure 293 on page 466 (Signal Fail Condition) illustrates a situation where protection switching has occurred due to an SF condition on the ring link between interconnection nodes C and D.
Page 473 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching that the ring has stabilized before blocking the RPL after recovery from a signal failure. Configure the ERPS control VLAN (Configure Domain – Configure Details): Specify the control VLAN (CVLAN) used to pass R-APS ring maintenance commands.
Page 474: Figure 294: Setting Erps Global Status
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ERPS Global Use the Administration > ERPS (Configure Global) page to globally enable or disable ERPS on the switch. Configuration Parameters These parameters are displayed: ◆ ERPS Status – Enables ERPS on the switch. (Default: Disabled) ERPS must be enabled globally on the switch before it can enabled on an ERPS ring (by setting the Admin Status on the Configure Domain –...
Page 475 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Parameters These parameters are displayed: ◆ Domain Name – Name of an ERPS ring. (Range: 1-12 characters) ◆ Domain ID – ERPS ring identifier used in R-APS messages. (Range: 1-255) Show ◆...
Page 476 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching generated R-APS messages is allowed and the reception of all R-APS messages is allowed. Forwarding – The transmission and reception of traffic is allowed; ■ transmission, reception and forwarding of R-APS messages is allowed. Unknown –...
Page 477 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Revertive/Non-revertive recovery ■ Forced Switch (FS) and Manual Switch (MS) commands for manually ■ blocking a particular ring port Flush FDB (forwarding database) logic which reduces amount of flush FDB ■...
Page 478 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ◆ Node Type – Shows ERPS node type as one of the following: None – Node is neither Ring Protection Link (RPL) owner nor neighbor. ■ (This is the default setting.) RPL Owner –...
Page 479 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching protection reversion, or until there is another higher priority request (e.g., an SF condition) in the ring. A ring node that has one ring port in an SF condition and detects the SF condition cleared, continuously transmits the R-APS (NR –...
Page 480 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching its RPL port, and transmits an R-APS (NR, RB) message in both directions, repeatedly. Upon receiving an R-APS (NR, RB) message, any blocking node should unblock its non-failed ring port. If it is an R-APS (NR, RB) message without a DNF indication, all ring nodes flush the FDB.
Page 481 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Then, after the operator issues the Clear command (Configure Operation page) at the RPL Owner Node, this ring node blocks the ring port attached to the RPL, transmits an R-APS (NR, RB) message on both ring ports, informing the ring that the RPL is blocked, and flushes its FDB.
Page 482 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The acceptance of the R-APS (NR, RB) message causes all ring nodes to unblock any blocked non-RPL that does not have an SF condition. If it is an R-APS (NR, RB) message without a DNF indication, all Ethernet Ring Nodes flush their FDB.
Page 483: Figure 295: Sub-Ring With Virtual Channel
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching The node identifier may also be used for debugging, such as to distinguish messages when a node is connected to more than one ring. ◆ R-APS with VC – Configures an R-APS virtual channel to connect two interconnection points on a sub-ring, allowing ERPS protocol traffic to be tunneled across an arbitrary Ethernet network.
Page 484: Figure 296: Sub-Ring Without Virtual Channel
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching are terminated on the interconnection points. Since the sub-ring does not provide an R-APS channel nor R-APS virtual channel beyond the interconnection points, R-APS channel blocking is not employed on the normal ring links to avoid channel segmentation.
Page 485: Figure 297: Non-Erps Device Protection
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching again. The major ring will not be broken, but the bandwidth of data traffic on the major ring may suffer for a short period of time due to this flooding behavior.
Page 486 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching In order to coordinate timing of protection switches at multiple layers, a hold- off timer may be required. Its purpose is to allow, for example, a server layer protection switch to have a chance to fix the problem before switching at a client layer.
Page 487 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching If the switch goes into ring protection state due to a signal failure, after the failure condition is cleared, the RPL owner will start the wait-to-restore timer and wait until it expires to verify that the ring has stabilized before blocking the RPL and returning to the Idle (normal operating) state.
Page 488: Figure 298: Creating An Erps Ring
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching how ERPS recovers from a node failure, refer to the description of the Revertive parameter on this configuration page. ◆ RPL – If node is connected to the RPL, this shows by which interface. Web Interface To create an ERPS ring: Click Administration, ERPS.
Page 489: Figure 299: Creating An Erps Ring
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Figure 299: Creating an ERPS Ring To show the configured ERPS rings: Click Administration, ERPS. Select Configure Domain from the Step list. Select Show from the Action list. Figure 300: Showing Configured ERPS Rings –...
Page 490: Erps Forced And Manual Mode Operations
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching ERPS Forced and Use the Administration > ERPS (Configure Operation) page to block a ring port using Forced Switch or Manual Switch commands. Manual Mode Operations Parameters These parameters are displayed: ◆...
Page 491: Table 30: Erps Request/State Priority
Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching command. As such, two or more forced switches are allowed in the ring, which may inadvertently cause the segmentation of an ring. It is the responsibility of the operator to prevent this effect if it is undesirable.
Page 492 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching Manual Switch – Blocks specified ring port, in the absence of a failure or an ■ FS command. (Options: West or East) A ring with no request has a logical topology with the traffic channel ■...
Page 493 Chapter 13 | Basic Administration Protocols Ethernet Ring Protection Switching An ring node with a local manual switch command that receives an R-APS message or a local request of higher priority than R-APS (MS) clear its manual switch request. The ring node then processes the new higher priority request.
Page 494: Figure 301: Blocking An Erps Ring Port
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 301: Blocking an ERPS Ring Port Connectivity Fault Management Connectivity Fault Management (CFM) is an OAM protocol that includes proactive connectivity monitoring using continuity check messages, fault verification through loop back messages, and fault isolation by examining end-to-end connections between provider edge devices or between customer edge devices.
Page 495: Figure 302: Single Cfm Maintenance Domain
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ A Maintenance Level allows maintenance domains to be nested in a hierarchical fashion, providing access to the specific network portions required by each operator. Domains at lower levels may be either hidden or exposed to operators managing domains at a higher level, allowing either course or fine fault resolution.
Page 496: Figure 303: Multiple Cfm Maintenance Domains
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 303: Multiple CFM Maintenance Domains Customer MA Operator 1 MA Operator 2 MA Provider MA Note that the Service Instances within each domain shown above are based on a unique maintenance association for the specific users, distinguished by the domain name, maintenance level, maintenance association’s name, and assigned VLAN.
Page 497 Chapter 13 | Basic Administration Protocols Connectivity Fault Management the configured time period, and fault alarms are enabled, a corresponding trap will be sent. No further fault alarms are sent until the fault notification generator has been reset by the passage of a configured time period without detecting any further faults.
Page 498: Configuring Global Settings For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Global Use the Administration > CFM (Configure Global) page to configure global settings for CFM, such as enabling the CFM process on the switch, setting the start-up delay Settings for CFM for cross-check operations, configuring parameters for the link trace cache, and enabling traps for events discovered by continuity check messages or cross-check messages.
Page 499 Chapter 13 | Basic Administration Protocols Connectivity Fault Management name, MA name, MEPID, sequence number, and TTL value (see "Displaying Fault Notification Settings"). ◆ Link Trace Cache Hold Time – The hold time for CFM link trace cache entries. (Range: 1-65535 minutes; Default: 100 minutes) Before setting the aging time for cache entries, the cache must first be enabled in the Link Trace Cache attribute field.
Page 500: Figure 304: Configuring Global Settings For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management A MEP Missing trap is sent if cross-checking is enabled , and no CCM is received for a remote MEP configured in the static list ◆ Cross Check MEP Unknown – Sends a trap if an unconfigured MEP comes up. A MEP Unknown trap is sent if cross-checking is enabled , and a CCM is received from a remote MEP that is not configured in the static list...
Page 501: Figure 305: Configuring Interfaces For Cfm
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Interfaces CFM processes are enabled by default for all physical interfaces, both ports and trunks. You can use the Administration > CFM (Configure Interface) page to change for CFM these settings. Command Usage ◆...
Page 502 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Command Usage Configuring General Settings ◆ Where domains are nested, an upper-level hierarchical domain must have a higher maintenance level than the ones it encompasses. The higher to lower level domain types commonly include entities such as customer, service provider, and operator.
Page 503: Table 31: Remote Mep Priority Levels
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Configuring Fault Notification ◆ A fault alarm can generate an SNMP notification. It is issued when the MEP fault notification generator state machine detects that the configured time period (MEP Fault Notify Alarm Time) has passed with one or more defects indicated, and fault alarms are enabled at or above the specified priority level (MEP Fault Notify Lowest Priority).
Page 504 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MD Name – Maintenance domain name. (Range: 1-43 alphanumeric characters) ◆ MD Level – Authorized maintenance level for this domain. (Range: 0-7) ◆ MIP Creation Type – Specifies the CFM protocol’s creation method for maintenance intermediate points (MIPs) in this domain: Default –...
Page 505: Figure 306: Configuring Maintenance Domains
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Specify the manner in which MIPs can be created within each domain. Click Apply. Figure 306: Configuring Maintenance Domains To show the configured maintenance domains: Click Administration, CFM. Select Configure MD from the Step list. Select Show from the Action list.
Page 506: Figure 308: Configuring Detailed Settings For Maintenance Domains
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 308: Configuring Detailed Settings for Maintenance Domains Configuring CFM Use the Administration > CFM (Configure MA) pages to create and configure the Maintenance Maintenance Associations (MA) which define a unique CFM service instance. Each MA can be identified by its parent MD, the MD’s maintenance level, the VLAN Associations assigned to the MA, and the set of maintenance end points (MEPs) assigned to it.
Page 507 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ If a maintenance point fails to receive three consecutive CCMs from any other MEP in the same MA, a connectivity failure is registered. ◆ If a maintenance point receives a CCM with an invalid MEPID or MA level or an MA level lower than its own, a failure is registered which indicates a configuration error or cross-connect error (i.e., overlapping MAs).
Page 508 Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Name Format – Specifies the name format for the maintenance association as IEEE 802.1ag character based, or ITU-T SG13/SG15 Y.1731 defined ICC-based format. Character String – IEEE 802.1ag defined character string format. This is an ■...
Page 509: Figure 309: Creating Maintenance Associations
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from the MD Index list. Specify the MAs assigned to each domain, the VLAN through which CFM messages are passed, and the manner in which MIPs can be created within each MA.
Page 510: Figure 311: Configuring Detailed Settings For Maintenance Associations
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select an entry from MD Index and MA Index. Specify the CCM interval, enable the transmission of connectivity check and cross check messages, and configure the required AIS parameters. Click Apply Figure 311: Configuring Detailed Settings for Maintenance Associations Configuring Use the Administration >...
Page 511: Figure 312: Configuring Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Maintenance end point identifier. (Range: 1-8191) ◆ MEP Direction – Up indicates that the MEP faces inward toward the switch cross-connect matrix, and transmits CFM messages towards, and receives them from, the direction of the internal bridge relay mechanism.
Page 512: Figure 313: Showing Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Select Show from the Action list. Select an entry from MD Index and MA Index. Figure 313: Showing Maintenance End Points Configuring Use the Administration > CFM (Configure Remote MEP – Add) page to specify remote maintenance end points (MEPs) set on other CFM-enabled devices within a Remote Maintenance common MA.
Page 513: Figure 314: Configuring Remote Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ MEP ID – Identifier for a maintenance end point which exists on another CFM- enabled device within the same MA.
Page 514: Figure 315: Showing Remote Maintenance End Points
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 315: Showing Remote Maintenance End Points Transmitting Link Use the Administration > CFM (Transmit Link Trace) page to transmit link trace Trace Messages messages (LTMs). These messages can isolate connectivity faults by tracing the path through a network to the designated target node (i.e., a remote maintenance end point).
Page 515 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Parameters These parameters are displayed: ◆ MD Index – Domain index. (Range: 1-65535) ◆ MA Index – MA identifier. (Range: 1-2147483647) ◆ Source MEP ID – The identifier of a source MEP that will send the link trace message.
Page 516: Figure 316: Transmitting Link Trace Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Figure 316: Transmitting Link Trace Messages Transmitting Loop Use the Administration > CFM (Transmit Loopback) page to transmit Loopback Messages (LBMs). These messages can be used to isolate or verify connectivity Back Messages faults by submitting a request to a target node (i.e., a remote MEP or MIP) to echo the message back to the source.
Page 517: Figure 317: Transmitting Loopback Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Target MEP ID – The identifier of a remote MEP that is the target of a loopback ■ message. (Range: 1-8191) MAC Address – MAC address of a remote MEP that is the target of a ■...
Page 518: Transmitting Delay-Measure Requests
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Transmitting Use the Administration > CFM (Transmit Delay Measure) page to send periodic delay-measure requests to a specified MEP within a maintenance association. Delay-Measure Requests Command Usage ◆ Delay measurement can be used to measure frame delay and frame delay variation between MEPs.
Page 519: Figure 318: Transmitting Delay-Measure Messages
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Packet Size – The size of the delay-measure message. (Range: 64-1518 bytes; Default: 64 bytes) ◆ Interval – The transmission delay between delay-measure messages. (Range: 1-5 seconds; Default: 1 second) ◆...
Page 520: Figure 319: Showing Information On Local Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MEPs Use the Administration > CFM > Show Information (Show Local MEP) page to show information for the MEPs configured on this device. Parameters These parameters are displayed: ◆ MEP ID –...
Page 521 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details Use the Administration > CFM > Show Information (Show Local MEP Details) page to show detailed CFM information about a local MEP in the continuity check for Local MEPs database.
Page 522: Figure 320: Showing Detailed Information On Local Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management ◆ Suppressing Alarms – Shows if the specified MEP is currently suppressing sending frames containing AIS information following the detection of defect conditions. Web Interface To show detailed information for the MEPs configured on this device: Click Administration, CFM.
Page 523: Figure 321: Showing Information On Local Mips
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Local MIPs Use the Administration > CFM > Show Information (Show Local MIP) page to show the MIPs on this device discovered by the CFM protocol. (For a description of MIPs, refer to the Command Usage section under "Configuring CFM Maintenance Domains".)
Page 524: Figure 322: Showing Information On Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Use the Administration > CFM > Show Information (Show Remote MEP) page to show MEPs located on other devices which have been discovered through Remote MEPs continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Page 525: Displaying Details For Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying Details for Use the Administration > CFM > Show Information (Show Remote MEP Details) page to show detailed information for MEPs located on other devices which have Remote MEPs been discovered through continuity check messages, or statically configured in the MEP database and verified through cross-check messages.
Page 526: Figure 323: Showing Detailed Information On Remote Meps
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Down – The interface cannot pass packets. ■ Testing – The interface is in some test mode. ■ ■ Unknown – The interface status cannot be determined for some reason. ■ Dormant –...
Page 527 Chapter 13 | Basic Administration Protocols Connectivity Fault Management Displaying the Use the Administration > CFM > Show Information (Show Link Trace Cache) page to show information about link trace operations launched from this device. Link Trace Cache Parameters These parameters are displayed: ◆...
Page 528: Figure 324: Showing The Link Trace Cache
Chapter 13 | Basic Administration Protocols Connectivity Fault Management HIT – Target located on this device. ■ Web Interface To show information about link trace operations launched from this device: Click Administration, CFM. Select Show Information from the Step list. Select Show Link Trace Cache from the Action list.
Page 529: Figure 325: Showing Settings For The Fault Notification Generator
Chapter 13 | Basic Administration Protocols Connectivity Fault Management Web Interface To show configuration settings for the fault notification generator: Click Administration, CFM. Select Show Information from the Step list. Select Show Fault Notification Generator from the Action list. Figure 325: Showing Settings for the Fault Notification Generator Displaying Use the Administration >...
Page 530: Figure 326: Showing Continuity Check Errors
Chapter 13 | Basic Administration Protocols OAM Configuration EXCESS_LEV – The number of different MD levels at which MIPs are to be ■ created on this port exceeds the bridge's capabilities. OVERLAP_LEV – A MEP is created for one VID at one maintenance level, but ■...
Page 531: Table 33: Oam Operation State
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Admin Status – Enables or disables OAM functions. (Default: Disabled) ◆ Operation State – Shows the operational state between the local and remote OAM devices. This value is always “disabled” if OAM is disabled on the local interface.
Page 532 Chapter 13 | Basic Administration Protocols OAM Configuration Critical Event – If a critical event occurs, the local OAM entity indicates this ■ to its peer by setting the appropriate flag in the next OAMPDU to be sent and stores this information in its OAM event log. (Default: Enabled) Critical events include various failures, such as abnormal voltage fluctuations, out-of-range temperature detected, fan failure, CRC error in flash memory, insufficient memory, or other hardware faults.
Page 533: Figure 327: Enabling Oam For Local Ports
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 327: Enabling OAM for Local Ports Displaying Statistics Use the Administration > OAM > Counters page to display statistics for the various for OAM Messages types of OAM messages passed across each port. Parameters These parameters are displayed: ◆...
Page 534: Figure 328: Displaying Statistics For Oam Messages
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display statistics for OAM messages: Click Administration, OAM, Counters. Figure 328: Displaying Statistics for OAM Messages Displaying the Use the Administration > OAM > Event Log page to display link events for the OAM Event Log selected port.
Page 535: Figure 329: Displaying The Oam Event Log
Chapter 13 | Basic Administration Protocols OAM Configuration Figure 329: Displaying the OAM Event Log Displaying the Status Use the Administration > OAM > Remote Interface page to display information about attached OAM-enabled devices. of Remote Interfaces Parameters These parameters are displayed: ◆...
Page 536: Figure 330: Displaying Status Of Remote Interfaces
Chapter 13 | Basic Administration Protocols OAM Configuration Web Interface To display information about attached OAM-enabled devices: Click Administration, OAM, Remote Interface. Figure 330: Displaying Status of Remote Interfaces Configuring a Remote Use the Administration > OAM > Remote Loopback (Remote Loopback Test) page Loopback Test to initiate a loop back test to the peer device attached to the selected port.
Page 537: Table 34: Remote Loopback Status
Chapter 13 | Basic Administration Protocols OAM Configuration ◆ Loopback Status – Shows if loopback testing is currently running. Loopback Test Parameters ◆ Packet Number – Number of packets to send. (Range: 1-99999999; Default: 10000) ◆ Packet Size – Size of packets to send. (Range: 64-1518 bytes; Default: 64 bytes) ◆...
Page 538: Figure 331: Running A Remote Loop Back Test
Chapter 13 | Basic Administration Protocols OAM Configuration Select the port on which to initiate remote loop back testing, enable the Loop Back Mode attribute, and click Apply. Set the number of packets to send and the packet size, and then click Test. Figure 331: Running a Remote Loop Back Test Displaying Results of Use the Administration >...
Page 539: Figure 332: Displaying The Results Of Remote Loop Back Testing
Chapter 13 | Basic Administration Protocols UDLD Configuration Figure 332: Displaying the Results of Remote Loop Back Testing UDLD Configuration The switch can be configured to detect general loopback conditions caused by hardware problems or faulty protocol settings. When enabled, a control frame is transmitted on the participating ports, and the switch monitors inbound traffic to see if the frame is looped back.
Page 540: Configuring Udld Protocol Intervals
Chapter 13 | Basic Administration Protocols UDLD Configuration Configuring UDLD Use the Administration > UDLD > Configure Global page to configure the UniDirectional Link Detection message probe interval, detection interval, and Protocol Intervals recovery interval. Parameters These parameters are displayed: ◆...
Page 541: Figure 333: Configuring Udld Protocol Intervals
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To configure the UDLD message probe interval, detection interval, and recovery interval: Click Administration, UDLD, Configure Global. Select Configure Global from the Step list. Configure the message and detection intervals. Enable automatic recovery if required, and set the recovery interval.
Page 542 Chapter 13 | Basic Administration Protocols UDLD Configuration ends without the proper echo information being received, the link is considered to be unidirectional. ◆ Aggressive Mode – Reduces the shut-down delay after loss of bidirectional connectivity is detected. (Default: Disabled) UDLD can function in two modes: normal mode and aggressive mode.
Page 543: Figure 334: Configuring Udld Interface Settings
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To enable UDLD and aggressive mode: Click Administration, UDLD, Configure Interface. Enable UDLD and aggressive mode on the required ports. Click Apply. Figure 334: Configuring UDLD Interface Settings Displaying Use the Administration > UDLD (Show Information) page to show UDLD neighbor UDLD Neighbor information, including neighbor state, expiration time, and protocol intervals.
Page 544: Figure 335: Displaying Udld Neighbor Information
Chapter 13 | Basic Administration Protocols UDLD Configuration Web Interface To display UDLD neighbor information: Click Administration, UDLD, Show Information. Select an interface from the Port list. Figure 335: Displaying UDLD Neighbor Information – 538 –...
Page 545: Multicast Filtering
Multicast Filtering This chapter describes how to configure the following multicast services: ◆ IGMP – Configures snooping and query parameters. ◆ Filtering and Throttling – Filters specified multicast service, or throttles the maximum of multicast groups allowed on an interface. ◆...
Page 546: Figure 336: Multicast Filtering Concept
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 336: Multicast Filtering Concept Unicast Flow Multicast Flow This switch can use Internet Group Management Protocol (IGMP) to filter multicast traffic. IGMP Snooping can be used to passively monitor or “snoop” on exchanges between attached hosts and an IGMP-enabled device, most commonly a multicast router.
Page 547: Layer 2 Igmp (Snooping And Query For Ipv4)
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) switches in the local network segment, IGMP Snooping is the only service required to support multicast filtering. When using IGMPv3 snooping, service requests from IGMP Version 1, 2 or 3 hosts are all forwarded to the upstream router as IGMPv3 reports.
Page 548: Configuring Igmp Snooping And Query Parameters
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Static IGMP Host Interface – For multicast applications that you need to control more carefully, you can manually assign a multicast service to specific interfaces on the switch (page 548).
Page 549 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ IGMP Querier – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic. If there is more than one router/ switch on the LAN performing IP multicasting, one of these devices is elected “querier”...
Page 550 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) If a topology change notification (TCN) is received, and all the uplink ports are subsequently deleted, a time out mechanism is used to delete all of the currently learned multicast channels.
Page 551 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ Unregistered Data Flooding – Floods unregistered multicast traffic into the attached VLAN. (Default: Disabled) Once the table used to store multicast entries for IGMP snooping and multicast routing is filled, no new entries are learned.
Page 552: Figure 337: Configuring General Settings For Igmp Snooping
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Click Apply. Figure 337: Configuring General Settings for IGMP Snooping Specifying Static Use the Multicast > IGMP Snooping > Multicast Router (Add Static Multicast Router) page to statically attach an interface to a multicast router/switch. Interfaces for a Multicast Router Depending on network connections, IGMP snooping may not always be able to...
Page 553: Figure 338: Configuring A Static Interface For A Multicast Router
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Show Static Multicast Router ◆ VLAN – Selects the VLAN for which to display any configured static multicast routers. ◆ Interface – Shows the interface to which the specified static multicast routers are attached.
Page 554: Figure 339: Showing Static Interfaces Attached A Multicast Router
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 339: Showing Static Interfaces Attached a Multicast Router Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol (such as PIM) to support IP multicasting across the Internet.
Page 555: Figure 341: Assigning An Interface To A Multicast Service
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ports attached to participating hosts to a common VLAN, and then assign the multicast service to that VLAN group. Command Usage ◆ Static multicast addresses are never aged out. ◆...
Page 556: Figure 342: Showing Static Interfaces Assigned To A Multicast Service
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) To show the static interfaces assigned to a multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list. Select the VLAN for which to display this information. Figure 342: Showing Static Interfaces Assigned to a Multicast Service Setting IGMP Use the Multicast >...
Page 557 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Note: The default values recommended in the MRD draft are implemented in the switch. Multicast Router Discovery uses the following three message types to discover multicast routers: ◆...
Page 558 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Parameters These parameters are displayed: ◆ VLAN – ID of configured VLANs. (Range: 1-4094) ◆ IGMP Snooping Status – When enabled, the switch will monitor network traffic on the indicated VLAN interface to determine which hosts want to receive multicast traffic.
Page 559 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ General Query Suppression – Suppresses general queries except for ports attached to downstream multicast hosts. (Default: Disabled) By default, general query messages are flooded to all ports, except for the multicast router through which they are received.
Page 560 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) This attribute applies when the switch is serving as the querier (page 542), or as a proxy host when IGMP snooping proxy reporting is enabled (page 542). ◆...
Page 561: Figure 343: Configuring Igmp Snooping On A Vlan
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Web Interface To configure IGMP snooping on a VLAN: Click Multicast, IGMP Snooping, Interface. Select Configure VLAN from the Action list. Select the VLAN to configure and update the required parameters. Click Apply.
Page 562: Figure 345: Dropping Igmp Query Or Multicast Data Packets
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Filtering IGMP Query Use the Multicast > IGMP Snooping > Interface (Configure Interface) page to configure an interface to drop IGMP query packets or multicast data packets. Packets and Multicast Data Parameters...
Page 563: Figure 346: Showing Multicast Groups Learned By Igmp Snooping
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Parameters These parameters are displayed: ◆ VLAN – An interface on the switch that is forwarding traffic to downstream ports for the specified multicast group address. ◆ Group Address –...
Page 564: Displaying Igmp Snooping Statistics
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Displaying IGMP Use the Multicast > IGMP Snooping > Statistics pages to display IGMP snooping protocol-related statistics for the specified interface. Snooping Statistics Parameters These parameters are displayed: ◆...
Page 565 Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ V3 Warning Count – The number of times the query version received (Version 3) does not match the version configured for this interface. VLAN, Port, and Trunk Statistics Input Statistics ◆...
Page 566: Figure 347: Displaying Igmp Snooping Statistics - Query
Chapter 14 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 347: Displaying IGMP Snooping Statistics – Query To display IGMP snooping protocol-related statistics for a VLAN: Click Multicast, IGMP Snooping, Statistics. Select Show VLAN Statistics from the Action list. Select a VLAN.
Page 567: Figure 349: Displaying Igmp Snooping Statistics - Port
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups To display IGMP snooping protocol-related statistics for a port: Click Multicast, IGMP Snooping, Statistics. Select Show Port Statistics from the Action list. Select a Port. Figure 349: Displaying IGMP Snooping Statistics – Port Filtering and Throttling IGMP Groups In certain switch applications, the administrator may want to control the multicast services that are available to end users.
Page 568: Figure 350: Enabling Igmp Filtering And Throttling
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups switch randomly removes an existing group and replaces it with the new multicast group. Enabling IGMP Use the Multicast > IGMP Snooping > Filter (Configure General) page to enable Filtering and IGMP filtering and throttling globally on the switch.
Page 569: Figure 351: Creating An Igmp Filtering Profile
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups Parameters These parameters are displayed: ◆ Profile ID – Creates an IGMP profile. (Range: 1-4294967295) ◆ Access Mode – Sets the access mode of the profile; either permit or deny. (Default: Deny) When the access mode is set to permit, IGMP join reports are processed when a multicast group falls within the controlled range.
Page 570: Figure 352: Showing The Igmp Filtering Profiles Created
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups To show the IGMP filter profiles: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Show from the Action list. Figure 352: Showing the IGMP Filtering Profiles Created To add a range of multicast groups to an IGMP filter profile: Click Multicast, IGMP Snooping, Filter.
Page 571: Figure 354: Showing The Groups Assigned To An Igmp Filtering Profile
Chapter 14 | Multicast Filtering Filtering and Throttling IGMP Groups To show the multicast groups configured for an IGMP filter profile: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Show Multicast Group Range from the Action list. Select the profile for which to display this information.
Page 572: Figure 355: Configuring Igmp Filtering And Throttling Interface Settings
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) ◆ Current Multicast Groups – Displays the current multicast groups the interface has joined. ◆ Throttling Action Mode – Sets the action to take when the maximum number of multicast groups for the interface has been exceeded.
Page 573: Mld Snooping (Snooping And Query For Ipv6)
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) include MLDv2 query and report messages, as well as MLDv1 report and done messages. Remember that IGMP Snooping and MLD Snooping are independent functions, and can therefore both function at the same time. Configuring MLD Use the Multicast >...
Page 574: Figure 356: Configuring General Settings For Mld Snooping
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) receiving query packets) to have expired. (Range: 300-500 seconds; Default: 300 seconds) ◆ MLD Snooping Version – The protocol version used for compatibility with other devices on the network. This is the MLD version the switch uses to send snooping reports.
Page 575: Figure 357: Configuring Immediate Leave For Mld Snooping
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) ◆ Immediate Leave Status – Immediately deletes a member port of an IPv6 multicast service when a leave packet is received at that port and immediate leave is enabled for the parent VLAN. (Default: Disabled) If MLD immediate-leave is not used, a multicast router (or querier) will send a group-specific query message when an MLD group leave message is received.
Page 576: Figure 358: Configuring A Static Interface For An Ipv6 Multicast Router
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) ◆ Interface – Activates the Port or Trunk scroll down list. ◆ Port or Trunk – Specifies the interface attached to a multicast router. Web Interface To specify a static interface attached to a multicast router: Click Multicast, MLD Snooping, Multicast Router.
Page 577: Figure 360: Showing Current Interfaces Attached An Ipv6 Multicast Router
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Select the VLAN for which to display this information. Ports in the selected VLAN which are attached to a neighboring multicast router/switch are displayed. Figure 360: Showing Current Interfaces Attached an IPv6 Multicast Router Assigning Interfaces Use the Multicast >...
Page 578: Figure 361: Assigning An Interface To An Ipv6 Multicast Service
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) Web Interface To statically assign an interface to an IPv6 multicast service: Click Multicast, MLD Snooping, MLD Member. Select Add Static Member from the Action list. Select the VLAN that will propagate the multicast service, specify the interface attached to a multicast service (through an MLD-enabled switch or multicast router), and enter the multicast IP address.
Page 579: Figure 363: Showing Current Interfaces Assigned To An Ipv6 Multicast Service
Chapter 14 | Multicast Filtering MLD Snooping (Snooping and Query for IPv6) To display information about all IPv6 multicast groups, MLD Snooping or multicast routing must first be enabled on the switch. To show all of the interfaces statically or dynamically assigned to an IPv6 multicast service: Click Multicast, MLD Snooping, MLD Member.
Page 580: Figure 364: Showing Ipv6 Multicast Services And Corresponding Sources
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) source addresses, except for those listed in the exclude source-list and for any other sources where the source timer status has expired. ◆ Filter Timer Elapse – The Filter timer is only used when a specific multicast address is in Exclude mode.
Page 581: Figure 365: Igmp Proxy Routing
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) multicast traffic. Layer 3 IGMP Query, as described below, is used in conjunction with both Layer 2 IGMP Snooping and multicast routing. IGMP – This protocol includes a form of multicast query specifically designed to work with multicast routing.
Page 582 Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) Using IGMP proxy routing to forward multicast traffic on edge switches greatly reduces the processing load on those devices by not having to run more complicated multicast routing protocols such as PIM. It also makes the proxy devices independent of the multicast routing protocols used by core routers.
Page 583: Figure 366: Configuring Igmp Proxy Routing
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) ◆ The system periodically checks the multicast route table for (*,G) any-source multicast forwarding entries. When changes occur in the downstream IGMP groups, an IGMP state change report is created and sent to the upstream router. ◆...
Page 584: Configuring Igmp Interface Parameters
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) Configuring IGMP Use the Multicast > IGMP > Interface page to configure interface settings for IGMP. Interface Parameters The switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service.
Page 585 Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) meaning that this device will not advertise a QRV in any query messages it subsequently sends. ◆ Query Interval – Configures the frequency at which host query messages are sent.
Page 586: Figure 367: Configuring Igmp Interface Settings
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) Click Apply. Figure 367: Configuring IGMP Interface Settings Configuring Use the Multicast > IGMP > Static Group page to manually propagate traffic from Static IGMP specific multicast groups onto the specified VLAN interface. Group Membership Command Usage ◆...
Page 587: Figure 368: Configuring Static Igmp Groups
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) ◆ Source Address – The source address of a multicast server transmitting traffic to the specified multicast group address. Web Interface To configure static IGMP groups: Click Multicast, IGMP, Static Group. Select Add from the Action list.
Page 588: Displaying Multicast Group Information
Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) Displaying Multicast When IGMP (Layer 3) is enabled on the switch, use the Multicast > IGMP > Group Information pages to display the current multicast groups learned through IGMP. Group Information When IGMP (Layer 3) is disabled and IGMP (Layer 2) is enabled, the active multicast groups can be viewed on the Multicast >...
Page 589 Chapter 14 | Multicast Filtering Layer 3 IGMP (Query used with Multicast Routing) ◆ Group Address – IP multicast group address with subscribers directly attached or downstream from the switch, or a static multicast group assigned to this interface. ◆ Interface –...
Page 590: Figure 370: Displaying Multicast Groups Learned From Igmp (Information)
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 370: Displaying Multicast Groups Learned from IGMP (Information) To display detailed information about the current multicast groups learned through IGMP: Click Multicast, IGMP, Group Information. Select Show Details from the Action list. Select a VLAN.
Page 591: Figure 372: Mvr Concept
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 from the MVR VLAN, users in different IEEE 802.1Q or private VLANs cannot exchange any information (except through upper-level routing services). Figure 372: MVR Concept Multicast Router Satellite Services Service Network Multicast Server Source...
Page 592: Configuring Mvr Global Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Global) page to configure proxy switching and the robustness variable. Global Settings Parameters These parameters are displayed: ◆ Proxy Switching – Configures MVR proxy switching, where the source port acts as a host, and the receiver port acts as an MVR router with querier service enabled.
Page 593: Figure 373: Configuring Global Settings For Mvr
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Proxy Query Interval – Configures the interval at which the receiver port sends out general queries. (Range: 2-31744 seconds; Default: 125 seconds) This parameter sets the general query interval at which active receiver ■...
Page 594: Configuring Mvr Domain Settings
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Configuring MVR Use the Multicast > MVR (Configure Domain) page to enable MVR globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Page 595: Figure 374: Configuring Domain Settings For Mvr
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Enable MVR for the selected domain, select the MVR VLAN, set the forwarding priority to be assigned to all ingress multicast traffic, and set the source IP address for all control packets sent upstream as required. Click Apply.
Page 596: Figure 375: Configuring An Mvr Group Address Profile
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ End IP Address – Ending IP address for an MVR multicast group. (Range: 224.0.1.0 - 239.255.255.255) Associate Profile ◆ Domain ID – An independent multicast domain. (Range: 1-5) ◆ Profile Name –...
Page 597: Figure 376: Displaying Mvr Group Address Profiles
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To show the configured MVR group address profiles: Click Multicast, MVR. Select Configure Profile from the Step list. Select Show from the Action list. Figure 376: Displaying MVR Group Address Profiles To assign an MVR group address profile to a domain: Click Multicast, MVR.
Page 598: Figure 378: Showing The Mvr Group Address Profiles Assigned To A Domain
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Figure 378: Showing the MVR Group Address Profiles Assigned to a Domain Configuring MVR Use the Multicast > MVR (Configure Interface) page to configure each interface that participates in the MVR protocol as a source port or receiver port. If you are sure Interface Status that only one subscriber attached to an interface is receiving multicast services, you can enable the immediate leave function.
Page 599: Assigning Static Mvr Multicast Groups To Interfaces
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 response to determine if there are any remaining subscribers for that multicast group before removing the port from the group list. Using immediate leave can speed up leave latency, but should only be ■...
Page 600: Figure 379: Configuring Interface Settings For Mvr
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To configure interface settings for MVR: Click Multicast, MVR. Select Configure Interface from the Step list. Select an MVR domain. Click Port or Trunk. Set each port that will participate in the MVR protocol as a source port or receiver port, and optionally enable Immediate Leave on any receiver port to which only one subscriber is attached.
Page 601: Figure 380: Assigning Static Mvr Groups To An Interface
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Parameters These parameters are displayed: ◆ Domain ID – An independent multicast domain. (Range: 1-5) ◆ Interface – Port or trunk identifier. ◆ VLAN – VLAN identifier. (Range: 1-4094) ◆ Group IP Address –...
Page 602: Figure 381: Showing The Static Mvr Groups Assigned To A Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Select an MVR domain. Select the port or trunk for which to display this information. Figure 381: Showing the Static MVR Groups Assigned to a Port Displaying MVR Use the Multicast > MVR (Show Member) page to show the multicast groups either Receiver Groups statically or dynamically assigned to the MVR receiver groups on each interface.
Page 603: Figure 382: Displaying Mvr Receiver Groups
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display the interfaces assigned to the MVR receiver groups: Click Multicast, MVR. Select Show Member from the Step list. Select an MVR domain. Figure 382: Displaying MVR Receiver Groups Displaying Use the Multicast >...
Page 604 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 ◆ Specific Query Received – The number of specific queries received on this interface. ◆ Specific Query Sent – The number of specific queries sent from this interface. ◆ Number of Reports Sent – The number of reports sent from this interface. ◆...
Page 605: Figure 383: Displaying Mvr Statistics - Query
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 Web Interface To display statistics for MVR query-related messages: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR domain. Figure 383: Displaying MVR Statistics –...
Page 606: Figure 384: Displaying Mvr Statistics - Vlan
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv4 To display MVR protocol-related statistics for a VLAN: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR domain. Select a VLAN.
Page 607: Figure 385: Displaying Mvr Statistics - Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR protocol-related statistics for a port: Click Multicast, MVR. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR domain. Select a Port.
Page 608: Multicast Vlan Registration For Ipv6
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Set the interfaces that will join the MVR as source ports or receiver ports (see “Configuring MVR6 Interface Status” on page 608). For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see “Assigning Static MVR6 Multicast Groups to...
Page 609 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Robustness Value – Configures the expected packet loss, and thereby the number of times to generate report and group-specific queries. (Range: 1-10; Default: 2) This parameter is used to set the number of times report messages are sent ■...
Page 610: Figure 386: Configuring Global Settings For Mvr6
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 386: Configuring Global Settings for MVR6 Configuring MVR6 Use the Multicast > MVR6 (Configure Domain) page to enable MVR6 globally on the switch, and select the VLAN that will serve as the sole channel for common Domain Settings multicast streams supported by the service provider.
Page 611: Figure 387: Configuring Domain Settings For Mvr6
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 IPv6 address including the network prefix and host address bits. By default, all MVR6 reports sent upstream use a null source IP address. All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ”...
Page 612 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ All IPv6 addresses must be according to RFC 2373 “IPv6 Addressing Architecture, ” using 8 colon-separated 16-bit hexadecimal values. One double colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields.
Page 613: Figure 388: Configuring An Mvr6 Group Address Profile
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 388: Configuring an MVR6 Group Address Profile To show the configured MVR6 group address profiles: Click Multicast, MVR6. Select Configure Profile from the Step list. Select Show from the Action list. Figure 389: Displaying MVR6 Group Address Profiles To assign an MVR6 group address profile to a domain: Click Multicast, MVR6.
Page 614: Figure 390: Assigning An Mvr6 Group Address Profile To A Domain
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Figure 390: Assigning an MVR6 Group Address Profile to a Domain To show the MVR6 group address profiles assigned to a domain: Click Multicast, MVR6. Select Associate Profile from the Step list. Select Show from the Action list.
Page 615 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 membership for MVR6 receiver ports cannot be set to access mode (see“Adding Static Members to VLANs” on page 169). ◆ One or more interfaces may be configured as MVR6 source ports. A source port is able to both receive and send data for configured MVR6 groups or for groups which have been statically assigned (see “Assigning Static MVR Multicast...
Page 616: Figure 392: Configuring Interface Settings For Mvr6
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 “Active” only if there are subscribers receiving multicast traffic from one of the MVR6 groups, or a multicast group has been statically assigned to an interface. ◆ Immediate Leave – Configures the switch to immediately remove an interface from a multicast stream as soon as it receives a leave message for that group.
Page 617: Figure 393: Assigning Static Mvr6 Groups To A Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 colon may be used in the address to indicate the appropriate number of zeros required to fill the undefined fields. (Note that the IP address ff02::X is reserved.) ◆ The MVR6 VLAN cannot be specified as the receiver VLAN for static bindings. Parameters These parameters are displayed: ◆...
Page 618: Figure 394: Showing The Static Mvr6 Groups Assigned To A Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To show the static MVR6 groups assigned to an interface: Click Multicast, MVR6. Select Configure Static Group Member from the Step list. Select Show from the Action list. Select an MVR6 domain. Select the port or trunk for which to display this information.
Page 619: Figure 395: Displaying Mvr6 Receiver Groups
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ Count – The number of multicast services currently being forwarded from the MVR6 VLAN. ◆ Clear MVR6 Group – Clears multicast group information dynamically learned through MVR6. Statically configured multicast addresses are not cleared. Web Interface To display the interfaces assigned to the MVR6 receiver groups: Click Multicast, MVR6.
Page 620 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 ◆ General Query Sent – The number of general queries sent from this interface. ◆ Specific Query Received – The number of specific queries received on this interface. ◆ Specific Query Sent – The number of specific queries sent from this interface. ◆...
Page 621: Figure 396: Displaying Mvr6 Statistics - Query
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 Web Interface To display statistics for MVR6 query-related messages: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Query Statistics from the Action list. Select an MVR6 domain. Figure 396: Displaying MVR6 Statistics –...
Page 622: Figure 397: Displaying Mvr6 Statistics - Vlan
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a VLAN: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show VLAN Statistics from the Action list. Select an MVR6 domain. Select a VLAN.
Page 623: Figure 398: Displaying Mvr6 Statistics - Port
Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 To display MVR6 protocol-related statistics for a port: Click Multicast, MVR6. Select Show Statistics from the Step list. Select Show Port Statistics from the Action list. Select an MVR6 domain. Select a Port.
Page 624 Chapter 14 | Multicast Filtering Multicast VLAN Registration for IPv6 – 618 –...
Page 625: Ip Configuration
IP Configuration This chapter describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types. You can manually configure a specific IPv4 or IPv6 address, or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server.
Page 626 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ◆ To enable routing between interfaces defined on this switch and external network interfaces, you must configure static routes (page 681) or use dynamic routing; i.e., RIP (page 698), OSPFv2 (page...
Page 627: Figure 399: Configuring A Static Ipv4 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Web Interface To set a static IPv4 address for the switch: Click IP, General, Routing Interface. Select Add Address from the Action list. Select any configured VLAN, set IP Address Mode to “User Specified, ” set IP Address Type to “Primary”...
Page 628: Figure 400: Configuring A Dynamic Ipv4 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Figure 400: Configuring a Dynamic IPv4 Address Note: The switch will also broadcast a request for IP configuration settings on each power reset. Note: If you lose the management connection, make a console connection to the switch and enter “show ip interface”...
Page 629: Figure 401: Showing The Configured Ipv4 Address For An Interface
Chapter 15 | IP Configuration Sending DHCP Inform Requests for Additional Information Figure 401: Showing the Configured IPv4 Address for an Interface Sending DHCP Inform Requests for Additional Information Use the IP > General > Routing Interface (Configure Interface) page to submit a DHCP request for information about the default domain name server and default gateway from a VLAN interface configured with a static IPv4 address.
Page 630: Figure 402: Send Dhcp Inform Requests For Additional Information
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Web Interface To send DHCP Inform requests for additional information: Click IP, General, Routing Interface. Select Configure Interface from the Action list. Select a VLAN configured with a static IPv4 address. Set the DHCP inform field to the required status.
Page 631: Figure 403: Configuring The Ipv6 Default Gateway
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring the Use the IP > IPv6 Configuration (Configure Global) page to configure an IPv6 default gateway for the switch. IPv6 Default Gateway Parameters These parameters are displayed: ◆...
Page 632: Configuring Ipv6 Interface Settings
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring IPv6 Use the IP > IPv6 Configuration (Configure Interface) page to configure general IPv6 settings for the selected VLAN, including explicit configuration of a link local Interface Settings interface address, the MTU size, and neighbor discovery protocol settings for duplicate address detection and the neighbor solicitation interval.
Page 633 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) All devices on the same physical medium must use the same MTU in order ■ to operate correctly. IPv6 must be enabled on an interface before the MTU can be set. If an IPv6 ■...
Page 634 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) ◆ ND Reachable-Time – The amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred. (Range: 0-3600000 milliseconds) Default: 30000 milliseconds is used for neighbor discovery operations, 0 milliseconds is advertised in router advertisements.
Page 635: Figure 404: Configuring General Settings For An Ipv6 Interface
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) duplicate address detection messages, the neighbor solicitation message interval, and the amount of time that a remote IPv6 node is considered reachable. Click Apply. Figure 404: Configuring General Settings for an IPv6 Interface To configure RA Guard for the switch: Click IP, IPv6 Configuration.
Page 636: Configuring An Ipv6 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Configuring an Use the IP > IPv6 Configuration (Add IPv6 Address) page to configure an IPv6 interface for management access over the network, or for creating an interface to IPv6 Address multiple subnets.
Page 637 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) a port belonging to any VLAN, as long as that VLAN has been assigned an IP address. (Range: 1-4094) ◆ Address Type – Defines the address type configured for this interface. Global –...
Page 638: Figure 406: Configuring An Ipv6 Address
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) The specified address replaces a link-local address that was ■ automatically generated for the interface. ◆ IPv6 Address – IPv6 address assigned to this interface. Web Interface To configure an IPv6 address: Click IP, IPv6 Configuration.
Page 639: Figure 407: Showing Configured Ipv6 Addresses
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) nodes. The interface-local multicast address is only used for loopback transmission of multicast traffic. Link-local multicast addresses cover the same types as used by link-local unicast addresses, including all nodes (FF02::1), all routers (FF02::2), and solicited nodes (FF02::1:FFXX:XXXX) as described below.
Page 640: Table 35: Show Ipv6 Neighbors - Display Description
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing the IPv6 Use the IP > IPv6 Configuration (Show IPv6 Neighbor Cache) page to display the IPv6 addresses detected for neighbor devices. Neighbor Cache Parameters These parameters are displayed: Table 35: Show IPv6 Neighbors - display description Field Description...
Page 641: Figure 408: Showing Ipv6 Neighbors
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Web Interface To show neighboring IPv6 devices: Click IP, IPv6 Configuration. Select Show IPv6 Neighbors from the Action list. Figure 408: Showing IPv6 Neighbors Showing Use the IP > IPv6 Configuration (Show Statistics) page to display statistics about IPv6 Statistics IPv6 traffic passing through this switch.
Page 642: Table 36: Show Ipv6 Statistics - Display Description
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Parameters These parameters are displayed: Table 36: Show IPv6 Statistics - display description Field Description IPv6 Statistics IPv6 Received Total The total number of input datagrams received by the interface, including those received in error.
Page 643 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 36: Show IPv6 Statistics - display description Field Description IPv6 Transmitted Forwards Datagrams The number of output datagrams which this entity received and forwarded to their final destinations. In entities which do not act as IPv6 routers, this counter will include only those packets which were Source- Routed via this entity, and the Source-Route processing was successful.
Page 644 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 36: Show IPv6 Statistics - display description Field Description Neighbor Advertisement The number of ICMP Neighbor Advertisement messages received by Messages the interface. Redirect Messages The number of Redirect messages received by the interface.
Page 645: Figure 409: Showing Ipv6 Statistics (Ipv6)
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 36: Show IPv6 Statistics - display description Field Description Other Errors The number of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port. Output The total number of UDP datagrams sent from this entity.
Page 646: Figure 410: Showing Ipv6 Statistics (Icmpv6)
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 410: Showing IPv6 Statistics (ICMPv6) Figure 411: Showing IPv6 Statistics (UDP) – 640 –...
Page 647: Figure 412: Showing Reported Mtu Values
Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing the MTU Use the IP > IPv6 Configuration (Show MTU) page to display the maximum transmission unit (MTU) cache for destinations that have returned an ICMP packet- for Responding too-big message along with an acceptable MTU to this switch.
Page 648 Chapter 15 | IP Configuration Setting the Switch’s IP Address (IP Version 6) – 642 –...
Page 649: Ip Services
IP Services This chapter describes the following IP services: ◆ – Configures default domain names, identifies servers to use for dynamic lookup, and shows how to configure static entries. ◆ DHCP Client – Specifies the DHCP client identifier for an interface. ◆...
Page 650: Figure 413: Configuring General Settings For Dns
Chapter 16 | IP Services Domain Name Service Parameters These parameters are displayed: ◆ Domain Lookup – Enables DNS host name-to-address translation. (Default: Disabled) ◆ Default Domain Name – Defines the default domain name appended to incomplete host names. Do not include the initial dot that separates the host name from the domain name.
Page 651: Figure 414: Configuring A List Of Domain Names For Dns
Chapter 16 | IP Services Domain Name Service checking with the specified name servers for a match (see “Configuring a List of Name Servers” on page 646). Parameters These parameters are displayed: Domain Name – Name of the host. Do not include the initial dot that separates the host name from the domain name.
Page 652: Figure 416: Configuring A List Of Name Servers For Dns
Chapter 16 | IP Services Domain Name Service Configuring a List Use the IP Service > DNS - General (Add Name Server) page to configure a list of name servers to be tried in sequential order. of Name Servers Command Usage ◆...
Page 653: Figure 417: Showing The List Of Name Servers For Dns
Chapter 16 | IP Services Domain Name Service Figure 417: Showing the List of Name Servers for DNS Configuring Use the IP Service > DNS - Static Host Table (Add) page to manually configure static Static DNS Host entries in the DNS table that are used to map domain names to IP addresses. to Address Entries Command Usage ◆...
Page 654: Figure 419: Showing Static Entries In The Dns Table
Chapter 16 | IP Services Domain Name Service To show static entries in the DNS table: Click IP Service, DNS, Static Host Table. Select Show from the Action list. Figure 419: Showing Static Entries in the DNS Table Displaying the Use the IP Service >...
Page 655: Figure 420: Showing Entries In The Dns Cache
Chapter 16 | IP Services Dynamic Host Configuration Protocol Web Interface To display entries in the DNS cache: Click IP Service, DNS, Cache. Figure 420: Showing Entries in the DNS Cache Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up.
Page 656: Table 38: Options 60, 66 And 67 Statements
Chapter 16 | IP Services Dynamic Host Configuration Protocol Table 38: Options 60, 66 and 67 Statements Statement Option Keyword Parameter vendor-class-identifier a string indicating the vendor class identifier tftp-server-name a string indicating the tftp server name bootfile-name a string indicating the bootfile name ◆...
Page 657: Figure 421: Specifying A Dhcp Client Identifier
Chapter 16 | IP Services Dynamic Host Configuration Protocol Web Interface To configure a DHCP client identifier: Click IP Service, DHCP, Client. Mark the check box to enable this feature. Select the default setting, or the format for a vendor class identifier. If a non-default value is used, enter a text string or hexadecimal value.
Page 658: Figure 423: Configuring Dhcp Relay Service
Chapter 16 | IP Services Dynamic Host Configuration Protocol Parameters These parameters are displayed: ◆ VLAN ID – ID of configured VLAN. ◆ Server IP Address – Addresses of DHCP servers or relay servers to be used by the switch’s DHCP relay agent in order of preference. ◆...
Page 659: Figure 425: Enabling The Dhcp Server
Chapter 16 | IP Services Dynamic Host Configuration Protocol Command Usage ◆ First configure any excluded addresses, including the address for this switch. ◆ Then configure address pools for the network interfaces. You can configure up to 8 network address pools. You can also manually bind an address to a specific client if required.
Page 660: Figure 426: Configuring Excluded Addresses On The Dhcp Server
Chapter 16 | IP Services Dynamic Host Configuration Protocol Setting Excluded Addresses Use the IP Service > DHCP > Server (Configure Excluded Addresses – Add) page to specify the IP addresses that should not be assigned to clients. Parameters These parameters are displayed: ◆...
Page 661: Figure 427: Showing Excluded Addresses On The Dhcp Server
Chapter 16 | IP Services Dynamic Host Configuration Protocol Figure 427: Showing Excluded Addresses on the DHCP Server Configuring Address Pools Use the IP Service > DHCP > Server (Configure Pool – Add) page configure IP address pools for each IP interface that will provide addresses to attached clients via the DHCP server.
Page 662 Chapter 16 | IP Services Dynamic Host Configuration Protocol Parameters These parameters are displayed: Creating a New Address Pool ◆ Pool Name – A string or integer. (Range: 1-32 characters) ◆ Type – Sets the address pool type to Network or Host. Setting Parameters for a Network Pool ◆...
Page 663: Figure 428: Configuring Dhcp Server Address Pools (Network)
Chapter 16 | IP Services Dynamic Host Configuration Protocol ◆ Lease Time – The duration that an IP address is assigned to a DHCP client. (Options: Finite, Infinite; Default: Infinite) Web Interface To configure DHCP address pools: Click IP Service, DHCP, Server. Select Configure Pool from the Step list.
Page 664: Figure 429: Configuring Dhcp Server Address Pools (Host)
Chapter 16 | IP Services Dynamic Host Configuration Protocol Figure 429: Configuring DHCP Server Address Pools (Host) To show the configured DHCP address pools: Click IP Service, DHCP, Server. Select Configure Pool from the Step list. Select Show from the Action list. Figure 430: Showing Configured DHCP Server Address Pools Displaying Address Bindings Use the IP Service >...
Page 665: Figure 431: Shows Addresses Assigned By The Dhcp Server
Chapter 16 | IP Services Forwarding UDP Service Requests ◆ MAC Address – MAC address of host. ◆ Lease Time – Duration that this IP address can be used by the host. ◆ Start Time – Time this address was assigned by the switch. Web Interface To show the addresses assigned to DHCP clients: Click IP Service, DHCP, Server.
Page 666: Figure 432: Enabling The Udp Helper
Chapter 16 | IP Services Forwarding UDP Service Requests Enabling the Use the IP Service > UDP Helper > General page to enable the UDP helper globally on the switch. UDP Helper Parameters These parameters are displayed: ◆ UDP Helper Status – Enables or disables the UDP helper. (Default: Disabled) Web Interface To enable the UDP help: Click IP Service, UDP Helper, General.
Page 667: Figure 433: Specifying Udp Destination Ports
Chapter 16 | IP Services Forwarding UDP Service Requests TFTP port 69 Web Interface To specify UDP destination ports for forwarding: Click IP Service, UDP Helper, Forwarding. Select Add from the Action list. Enter a destination UDP port number for which service requests are to be forwarded to a remote application server.
Page 668 Chapter 16 | IP Services Forwarding UDP Service Requests ◆ The UDP packets to be forwarded must be specified in the IP Service > UDP Helper > Forwarding page, and the packets meet the following criteria: The MAC address of the received frame must be the all-ones broadcast ■...
Page 669: Figure 435: Specifying The Target Server Or Subnet For Udp Requests
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Figure 435: Specifying the Target Server or Subnet for UDP Requests To show the target server or subnet for UDP requests: Click IP Service, UDP Helper, Address. Select Show from the Action list. Figure 436: Showing the Target Server or Subnet for UDP Requests Configuring the PPPoE Intermediate Agent This section describes how to configure the PPPoE Intermediate Agent (PPPoE IA)
Page 670: Figure 437: Configuring Global Settings For Pppoe Intermediate Agent
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Parameters These parameters are displayed: ◆ PPPoE IA Global Status – Enables the PPPoE Intermediate Agent globally on the switch. (Default: Disabled) Note that PPPoE IA must be enabled globally before it can be enabled on an interface.
Page 671: Configuring Pppoe Ia Interface Settings
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent Configuring PPPoE IA Use the IP Service > PPPoE Intermediate Agent (Configure Interface) page to enable PPPoE IA on an interface, set trust status, enable vendor tag stripping, and set the Interface Settings circuit ID and remote ID.
Page 672: Figure 438: Configuring Interface Settings For Pppoe Intermediate Agent
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent ◆ Remote ID – String identifying the remote identifier (or interface) on this switch to which the user is connected. (Range: 1-63 ASCII characters; Default: Port MAC address) ◆ Operational Remote ID – The configured circuit identifier. Web Interface To configure interface settings for PPPoE IA: Click IP Service, PPPoE Intermediate Agent.
Page 673: Figure 439: Showing Pppoe Intermediate Agent Statistics
Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent PADO – PPPoE Active Discovery Offer messages. ■ PADR – PPPoE Active Discovery Request messages. ■ PADS – PPPoE Active Discovery Session-Confirmation messages. ■ PADT – PPPoE Active Discovery Terminate messages. ■...
Page 674 Chapter 16 | IP Services Configuring the PPPoE Intermediate Agent – 668 –...
Page 675: General Ip Routing
General IP Routing This chapter provides information on network functions including: ◆ Ping – Sends ping message to another node on the network. ◆ Trace – Sends ICMP echo request packets to another node on the network. ◆ Address Resolution Protocol –...
Page 676: Figure 440: Virtual Interfaces And Layer 3 Routing
Chapter 17 | General IP Routing IP Routing and Switching Each VLAN represents a virtual interface to Layer 3. You just need to provide the network address for each virtual interface, and the traffic between different subnetworks will be routed by Layer 3 switching. Figure 440: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing...
Page 677: Routing Path Management
Chapter 17 | General IP Routing IP Routing and Switching address is not yet known to the switch, an Address Resolution Protocol (ARP) packet with the destination IP address is broadcast to get the destination MAC address from the destination node. The IP packet can then be sent directly with the destination MAC address.
Page 678: Routing Protocols
Chapter 17 | General IP Routing Configuring IP Routing Interfaces Routing Protocols The switch supports both static and dynamic routing. ◆ Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. ◆...
Page 679 Chapter 17 | General IP Routing Configuring IP Routing Interfaces destinations, i.e., packets that do not match any routing table entry. If another router is designated as the default gateway, then the switch will pass packets to this router for any unknown hosts or subnets. To configure a default gateway for IPv4, use the static routing table as described on page 681, enter 0.0.0.0 for the IP address and subnet mask, and then specify this...
Page 680: Figure 441: Pinging A Network Device
Chapter 17 | General IP Routing Configuring IP Routing Interfaces include zone-id information indicating the VLAN identifier after the % delimiter. For example, FE80::7272%1 identifies VLAN 1 as the interface. Web Interface To ping another device on the network: Click IP, General, Ping. Specify the target device and ping parameters.
Page 681: Figure 442: Tracing The Route To A Network Device
Chapter 17 | General IP Routing Configuring IP Routing Interfaces ◆ A trace terminates when the destination responds, when the maximum timeout (TTL) is exceeded, or the maximum number of hops is exceeded. ◆ The trace route function first sends probe datagrams with the TTL value set at one.
Page 682: Table 40: Address Resolution Protocol
Chapter 17 | General IP Routing Address Resolution Protocol Address Resolution Protocol If IP routing is enabled (page 697), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next.
Page 683: Figure 443: Proxy Arp
Chapter 17 | General IP Routing Address Resolution Protocol requesting node. That node then sends traffic to the router, which in turn uses its own routing table to forward the traffic to the remote destination. Figure 443: Proxy ARP Proxy ARP request no routing, no default...
Page 684: Figure 444: Configuring General Settings For Arp
Chapter 17 | General IP Routing Address Resolution Protocol Figure 444: Configuring General Settings for ARP Configuring For devices that do not respond to ARP requests or do not respond in a timely manner, traffic will be dropped because the IP address cannot be mapped to a Static ARP Addresses physical address.
Page 685: Figure 445: Configuring Static Arp Entries
Chapter 17 | General IP Routing Address Resolution Protocol Web Interface To map an IP address to the corresponding physical address in the ARP cache: Click IP, ARP. Select Configure Static Address from the Step List. Select Add from the Action List. Enter the IP address and the corresponding MAC address.
Page 686: Figure 447: Displaying Arp Entries
Chapter 17 | General IP Routing Address Resolution Protocol Displaying Dynamic Use the IP > ARP (Show Information) page to display dynamic or local entries in the ARP cache. The ARP cache contains static entries, and entries for local interfaces, or Local ARP Entries including subnet, host, and broadcast addresses.
Page 687: Figure 449: Displaying Arp Statistics
Chapter 17 | General IP Routing Configuring Static Routes Click Statistics. Figure 448: Displaying ARP Statistics Configuring Static Routes This router can dynamically configure routes to other network segments using dynamic routing protocols (i.e., RIP, OSPF, BGP). However, you can also manually enter static routes in the routing table using the IP >...
Page 688 Chapter 17 | General IP Routing Configuring Static Routes ◆ Net Mask / Prefix Length – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets. ◆ Next Hop – IP address of the next router hop used for this route. ◆...
Page 689: Figure 450: Configuring Static Routes
Chapter 17 | General IP Routing Displaying the Routing Table Figure 450: Displaying Static Routes Displaying the Routing Table Use the IP > Routing > Routing Table (Show Information) page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.
Page 690 Chapter 17 | General IP Routing Equal-cost Multipath Routing Parameters These parameters are displayed: ◆ VLAN – VLAN identifier (i.e., configured as a valid IP subnet). ◆ Destination IP Address – IP address of the destination network, subnetwork, or host. Note that the address 0.0.0.0 indicates the default gateway for this router.
Page 691: Figure 452: Displaying The Routing Table
Chapter 17 | General IP Routing Equal-cost Multipath Routing the traffic forwarded to the destination. ECMP uses either equal-cost multipaths manually configured in the static routing table, or equal-cost multipaths dynamically generated by the Open Shortest Path Algorithm (OSPF). In other words, it uses either static or OSPF entries, not both.
Page 692: Figure 453: Setting The Maximum Ecmp Number
Chapter 17 | General IP Routing Equal-cost Multipath Routing Web Interface To configure the maximum ECMP number: Click IP, Routing, Routing Table. Select Configure ECMP Number from the Action List. Enter the maximum number of equal-cost paths used to route traffic to the same destination that are permitted on the switch.
Page 693: Figure 454: Master Virtual Router With Backup Routers
Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load.
Page 694: Figure 455: Several Virtual Master Routers Using Backup Routers
Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups Figure 455: Several Virtual Master Routers Using Backup Routers Master Router Backup Router VRID 23 IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3 VRID 23 VR Priority = 255 IP(R3) = 192.168.1.4 IP(VR23) = 192.168.1.3 Master Router VR Priority = 100 VRID 25...
Page 695 Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups Command Usage Address Assignment – ◆ To designate a specific router as the VRRP master, the IP address assigned to the virtual router must already be configured on the router that will become the Owner of the group address.
Page 696 Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups ◆ You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control. If the router attempting to become the master has just come on line, this delay also gives it time to gather information for its routing table before actually preempting the currently active master router.
Page 697 Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups The priority for backup routers is used to determine which router will take ■ over as the acting master router if the current master fails. ◆ Preempt Mode – Allows a backup router to take over as the master virtual router if it has a higher priority than the acting master virtual router (i.e., a master router that is not the group’s address owner, or another backup router that has taken over from the previous master).
Page 698: Figure 457: Configuring The Vrrp Group Id
Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups Select Add from the Action List. Enter the VRID group number, and select the VLAN (i.e., IP subnet) which is to be serviced by this group. Click Apply. Figure 457: Configuring the VRRP Group ID To show the configured VRRP groups: Click IP, VRRP.
Page 699: Figure 459: Setting The Virtual Router Address For A Vrrp Group
Chapter 18 | Configuring Router Redundancy Configuring VRRP Groups Figure 459: Setting the Virtual Router Address for a VRRP Group To show the virtual IP address assigned to a VRRP group: Click IP, VRRP. Select Configure Group ID from the Step List. Select Show IP Addresses from the Action List.
Page 700: Figure 461: Configuring Detailed Settings For A Vrrp Group
Chapter 18 | Configuring Router Redundancy Displaying VRRP Global Statistics Figure 461: Configuring Detailed Settings for a VRRP Group Displaying VRRP Global Statistics Use the IP > VRRP (Show Statistics – Global Statistics) page to display counters for errors found in VRRP protocol packets. Parameters These parameters are displayed: ◆...
Page 701: Figure 462: Showing Counters For Errors Found In Vrrp Packets
Chapter 18 | Configuring Router Redundancy Displaying VRRP Group Statistics Figure 462: Showing Counters for Errors Found in VRRP Packets Displaying VRRP Group Statistics Use the IP > VRRP (Show Statistics – Group Statistics) page to display counters for VRRP protocol events and errors that have occurred on a specific VRRP interface. Parameters These parameters are displayed: ◆...
Page 702: Figure 463: Showing Counters For Errors Found In A Vrrp Group
Chapter 18 | Configuring Router Redundancy Displaying VRRP Group Statistics (Continued) Table 42: VRRP Group Statistics Parameter Description Received Error Address List Number of packets received for which the address list does not match VRRP Packets the locally configured list for the virtual router. Received Invalid Number of packets received with an unknown authentication type.
Page 703: Unicast Routing
Unicast Routing This chapter describes how to configure the following unicast routing protocols: – Configures Routing Information Protocol. OSPFv2 – Configures Open Shortest Path First (Version 2) for IPv4. Overview This switch can route unicast traffic to different subnetworks using the Routing Information Protocol (RIP) or Open Shortest Path First (OSPF) protocol.
Page 704: Figure 464: Configuring Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Configuring the Routing Information Protocol The RIP protocol is the most widely used routing protocol. The RIP protocol uses a distance-vector-based approach to routing. Routes are determined on the basis of minimizing the distance vector, or hop count, which serves as a rough estimate of transmission cost.
Page 705: Configuring General Protocol Settings
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Configuring General Use the Routing Protocol > RIP > General (Configure) page to configure general settings and the basic timers. Protocol Settings RIP is used to specify how routers exchange routing information. When RIP is enabled on this router, it sends RIP messages to all devices in the network every 30 seconds (by default), and updates its own routing table when RIP messages are received from other routers.
Page 706 Chapter 19 | Unicast Routing Configuring the Routing Information Protocol ◆ RIP Default Metric – Sets the default metric assigned to external routes imported from other protocols. (Range: 1-15; Default: 1) The default metric must be used to resolve the problem of redistributing external routes with incompatible metrics.
Page 707 Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Basic Timer Settings Note: The timers must be set to the same values for all routers in the network. ◆ Update – Sets the rate at which updates are sent. This is the fundamental timer used to control all basic RIP processes.
Page 708: Figure 465: Configuring General Settings For Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 465: Configuring General Settings for RIP Clearing Entries from Use the Routing Protocol > RIP > General (Clear Route) page to clear entries from the Routing Table the routing table based on route type or a specific network address. Command Usage ◆...
Page 709: Figure 466: Clearing Entries From The Routing Table
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol ◆ Clear Route By Network – Clears a specific route based on its IP address and prefix length. Network IP Address – Deletes all related entries for the specified network ■...
Page 710: Figure 467: Adding Network Interfaces To Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Parameters These parameters are displayed: ◆ By Address – Adds a network to the RIP routing process. Subnet Address – IP address of a network directly connected to this router. ■...
Page 711: Figure 468: Showing Network Interfaces Using Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 468: Showing Network Interfaces Using RIP Specifying Use the Routing Protocol > RIP > Passive Interface (Add) page to stop RIP from Passive Interfaces sending routing updates on the specified interface. Command Usage ◆...
Page 712: Figure 469: Specifying A Passive Rip Interface
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 469: Specifying a Passive RIP Interface To show the passive RIP interfaces: Click Routing Protocol, RIP, Passive Interface. Select Show from the Action list. Figure 470: Showing Passive RIP Interfaces Specifying Use the Routing Protocol >...
Page 713: Figure 471: Specifying A Static Rip Neighbor
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 471: Specifying a Static RIP Neighbor To show static RIP neighbors: Click Routing Protocol, RIP, Neighbor Address. Select Show from the Action list. Figure 472: Showing Static RIP Neighbors Configuring Route Use the Routing Protocol >...
Page 714: Figure 473: Redistributing External Routes Into Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol A route metric must be used to resolve the problem of redistributing external routes with incompatible metrics. When a metric value has not been configured on this page, the default-metric determines the metric value to be used for all imported external routes.
Page 715: Figure 474: Showing External Routes Redistributed Into Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 474: Showing External Routes Redistributed into RIP Specifying an Use the Routing Protocol > RIP > Distance (Add) page to define an administrative Administrative distance for external routes learned from other routing protocols. Distance Command Usage ◆...
Page 716: Figure 475: Setting The Distance Assigned To External Routes
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 475: Setting the Distance Assigned to External Routes To show the distance assigned to external routes learned from other routing protocols: Click Routing Protocol, RIP, Distance. Select Show from the Action list. Figure 476: Showing the Distance Assigned to External Routes Configuring Network Use the Routing Protocol >...
Page 717 Chapter 19 | Unicast Routing Configuring the Routing Information Protocol multicasting as normally required by RIPv2. (Using this mode allows older RIPv2 routers which only receive RIP broadcast messages to receive all of the information provided by RIPv2, including subnet mask, next hop and authentication information.
Page 718 Chapter 19 | Unicast Routing Configuring the Routing Information Protocol ◆ Send Version – The RIP version to send on an interface. RIPv1: Sends only RIPv1 packets. ■ RIPv2: Sends only RIPv2 packets. ■ RIPv1 Compatible: Route information is broadcast to other routers with ■...
Page 719: Figure 477: Configuring A Network Interface For Rip
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol ◆ Instability Prevention – Specifies the method used to reduce the convergence time when the network topology changes, and to prevent RIP protocol messages from looping back to the source router. Split Horizon –...
Page 720: Figure 478: Showing Rip Network Interface Settings
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Figure 478: Showing RIP Network Interface Settings Displaying RIP Use the Routing Protocol > RIP > Statistics (Show Interface Information) page to Interface Settings display information about RIP interface configuration settings. Parameters These parameters are displayed: ◆...
Page 721: Figure 480: Showing Rip Peer Information
Chapter 19 | Unicast Routing Configuring the Routing Information Protocol Displaying Peer Use the Routing Protocol > RIP > Statistics (Show Peer Information) page to display information on neighboring RIP routers. Router Information Parameters These parameters are displayed: ◆ Peer Address – IP address of a neighboring RIP router. ◆...
Page 722: Figure 481: Resetting Rip Statistics
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 481: Resetting RIP Statistics Configuring the Open Shortest Path First Protocol (Version 2) Open Shortest Path First (OSPF) is more suited for large area networks which experience frequent changes in the links.
Page 723: Defining Network Areas Based On Addresses
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) throughput and connectivity. OSPF utilizes IP multicast to reduce the amount of routing traffic required when sending or receiving routing path updates. The separate routing area scheme used by OSPF further reduces the amount of routing traffic, and thus inherently provides another level of routing protection.
Page 724: Figure 483: Ospf Areas
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Routers in a normal area may import or export routing information about individual nodes. To reduce the amount of routing traffic flooded onto the network, an area can be configured to export a single summarized route that covers a broad range of network addresses within the area (page 732).
Page 725: Figure 484: Defining Ospf Network Areas Based On Addresses
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ If an address range overlaps other network areas, the router will use the network area with the address range that most closely matches the interface address.
Page 726: Figure 485: Showing Ospf Network Areas
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To to show the OSPF areas and the assigned interfaces: Click Routing Protocol, OSPF, Network Area. Select Show from the Action list. Figure 485: Showing OSPF Network Areas To to show the OSPF process identifiers: Click Routing Protocol, OSPF, Network Area.
Page 727 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) calculating summary route costs. Enable this field to force the router to calculate summary route costs using RFC 1583. (Default: Disabled) When RFC 1583 compatibility is enabled, only cost is used when choosing among multiple AS-external LSAs advertising the same destination.
Page 728: Figure 487: As Boundary Router
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Default Information ◆ Originate Default Route – Generates a default external route into an autonomous system. Note that the Advertise Default Route field must also be properly configured.
Page 729: Figure 488: Configure General Settings For Ospf
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Web Interface To configure general settings for OSPF: Click Routing Protocol, OSPF, System. Select Configure from the Action list. Select a Process ID, and then specify the Router ID and other global attributes as required.
Page 730: Figure 489: Showing General Settings For Ospf
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) (Continued) Table 43: OSPF System Information Parameter Description Originate LSAs The number of new link-state advertisements that have been originated. AS LSA Count The number of autonomous system LSAs in the link-state database. External LSA Count The number of external link-state advertisements in the link-state database.
Page 731: Figure 490: Adding An Nssa Or Stub
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Adding an Use the Routing Protocol > OSPF > Area (Configure Area – Add Area) page to add a not-so-stubby area (NSSA) or a stubby area (Stub). NSSA or Stub Command Usage ◆...
Page 732: Figure 491: Showing Nssas Or Stubs
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To show the NSSA or stubs added to the specified OSPF domain: Click Routing Protocol, OSPF, Area. Select Configure Area from the Step list. Select Show Area from the Action list. Select a Process ID.
Page 733 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Command Usage ◆ Before creating an NSSA, first specify the address range for the area (see “Defining Network Areas Based on Addresses” on page 717). Then create an NSSA as described under “Adding an NSSA or Stub”...
Page 734 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Originate Default Information – When the router is an NSSA Area Border Router (ABR) or an NSSA Autonomous System Boundary Router (ASBR), this option causes it to generate a Type-7 default LSA into the NSSA. This default provides a route to other areas within the AS for an NSSA ABR, or to areas outside the AS for an NSSA ASBR.
Page 735: Figure 493: Configuring Protocol Settings For An Nssa
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 493: Configuring Protocol Settings for an NSSA Configuring Use the Routing Protocol > OSPF > Area (Configure Area – Configure Stub Area) page to configure protocol settings for a stub. Stub Settings A stub does not accept external routing information.
Page 736 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 717). ◆ Area ID – Identifier for a stub. ◆...
Page 737: Figure 495: Configuring Protocol Settings For A Stub
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 495: Configuring Protocol Settings for a Stub Displaying Use the Routing Protocol > OSPF > Area (Show Information) page to protocol information on NSSA and Stub areas. Information on NSSA and Stub Areas Parameters...
Page 738: Figure 496: Displaying Information On Nssa And Stub Areas
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 496: Displaying Information on NSSA and Stub Areas Configuring Area An OSPF area can include a large number of nodes. If the Area Border Router (ABR) Ranges (Route has to advertise route information for each of these nodes, this wastes a lot of bandwidth and processor time.
Page 739: Figure 498: Configuring Route Summaries For An Area Range
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 717). ◆ Area ID – Identifies an area for which the routes are summarized. The area ID can be in the form of an IPv4 address, or also as a four octet unsigned integer ranging from 0-4294967295.
Page 740: Figure 499: Showing Configured Route Summaries
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To show the configured route summaries: Click Routing Protocol, OSPF, Area Range. Select Show from the Action list. Select the process ID. Figure 499: Showing Configured Route Summaries Redistributing Use the Routing Protocol >...
Page 741 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 717). ◆ Protocol Type – Specifies the external routing protocol type for which routing information is to be redistributed into the local routing domain.
Page 742: Figure 501: Importing External Routes
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 501: Importing External Routes To show the imported external route types: Click Routing Protocol, OSPF, Redistribute. Select Show from the Action list. Select the process ID. Figure 502: Showing Imported External Route Types Configuring Redistributing routes from other protocols into OSPF normally requires the router...
Page 743: Figure 503: Summarizing External Routes
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) imported into the routing table, and then configure one or more summary addresses to reduce the size of the routing table and consolidate these external routes for advertising into the local domain. ◆...
Page 744: Figure 504: Showing Summary Addresses For External Routes
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 504: Showing Summary Addresses for External Routes Configuring OSPF You should specify a routing interface for any local subnet that needs to Interfaces communicate with other network segments located on this router or elsewhere in the network.
Page 745 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Routes are assigned a metric equal to the sum of all metrics for each interface link in the route. This router uses a default cost of 1 for all ports. Therefore, if you install a 10 Gigabit module, you need to reset the cost for all of the 1 Gbps ports to a value greater than 1 to reflect the actual interface bandwidth.
Page 746 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) problem, you can use the transmit delay to force the router to wait a specified interval between transmissions. ◆ Retransmit Interval – Sets the time between re-sending link-state advertisements.
Page 747: Figure 505: Configuring Settings For All Interfaces Assigned To A Vlan
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Normally, only one key is used per interface to generate authentication information for outbound packets and to authenticate incoming packets. Neighbor routers must use the same key identifier and key value. When changing to a new key, the router will send multiple copies of all protocol messages, one with the old key and another with the new key.
Page 748: Figure 506: Configuring Settings For A Specific Area Assigned To A Vlan
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To configure interface settings for a specific area assigned to a VLAN: Click Routing Protocol, OSPF, Interface. Select Configure by Address from the Action list. Specify the VLAN ID, enter the address assigned to an area, and configure the required interface settings.
Page 749: Figure 507: Showing Ospf Interfaces
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 507: Showing OSPF Interfaces To show the MD5 authentication keys configured for an interface: Click Routing Protocol, OSPF, Interface. Select Show MD5 Key from the Action list. Select the VLAN ID.
Page 750: Figure 509: Ospf Virtual Link
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 509: OSPF Virtual Link isolated area virtual link backbone normal area Virtual links can also be used to create a redundant link between any area and the backbone to help prevent partitioning, or to connect two existing backbone areas into a common backbone.
Page 751: Figure 510: Adding A Virtual Link
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Web Interface To create a virtual link: Click Routing Protocol, OSPF, Virtual Link. Select Add from the Action list. Specify the process ID, the Area ID, and Neighbor router ID. Click Apply.
Page 752: Figure 512: Configuring Detailed Settings For A Virtual Link
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Click Apply. Figure 512: Configuring Detailed Settings for a Virtual Link To show the MD5 authentication keys configured for a virtual link: Click Routing Protocol, OSPF, Interface. Select Show MD5 Key from the Action list.
Page 753 Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) You can show information about different LSAs stored in this router’s database, which may include any of the following types: ◆ Router (Type 1) – All routers in an OSPF area originate Router LSAs that describe the state and cost of its active interfaces and neighbors.
Page 754: Figure 514: Displaying Information In The Link State Database
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Sequence – Sequence number of LSA (used to detect older duplicate LSAs). ◆ Checksum – Checksum of the complete contents of the LSA. Web Interface To display information in the link state database: Click Routing Protocol, OSPF, Information.
Page 755: Displaying Information On Neighboring Routers
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Displaying Use the Routing Protocol > OSPF > Information (Neighbor) page to display information about neighboring routers on each interface. Information on Neighboring Routers Parameters These parameters are displayed: ◆...
Page 756: Figure 515: Displaying Neighbor Routers Stored In The Link State Database
Chapter 19 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 515: Displaying Neighbor Routers Stored in the Link State Database – 750 –...
Page 757: Multicast Routing
Multicast Routing This chapter describes the following multicast routing topics: ◆ Enabling Multicast Routing Globally – Describes how to globally enable multicast routing. ◆ Displaying the Multicast Routing Table – Describes how to display the multicast routing table. ◆ Configuring PIM for IPv4 –...
Page 758 Chapter 20 | Multicast Routing Overview maintaining its own multicast routing table, making it routing protocol independent. PIM-DM is a simple multicast routing protocol that uses flood and prune to build a source-routed multicast delivery tree for each multicast source-group pair. As mentioned above, it does not maintain it’s own routing table, but instead, uses the routing table provided by whatever unicast routing protocol is enabled on the router interface.
Page 759 Chapter 20 | Multicast Routing Overview advertising itself as a BSR candidate. Eventually, only the router with the highest BSR priority will continue sending bootstrap messages. Rendezvous Point (RP) – A router may periodically sends PIMv2 messages to the BSR advertising itself as a candidate RP for specified group addresses. The BSR places information about all of the candidate RPs in subsequent bootstrap messages.
Page 760: Figure 516: Enabling Ipv4 Multicast Routing
Chapter 20 | Multicast Routing Configuring Global Settings for Multicast Routing register-stop message, it stops sending register messages to the RP. If there are no other sources using the shared tree, it is also torn down. Setting up the SPT requires more memory than when using the shared tree, but can significantly reduce group join and data transmission delays.
Page 761: Figure 517: Enabling Ipv6 Multicast Routing
Chapter 20 | Multicast Routing Configuring Global Settings for Multicast Routing Web Interface (IPv6) To enable IPv6 multicast routing: Click Multicast, IPv6 Multicast Routing, General. Enable Multicast Forwarding Status. Click Apply. Figure 517: Enabling IPv6 Multicast Routing Displaying the Use the Multicast > Multicast Routing > Information page or the IPv6 Multicast > Multicast Routing Multicast Routing >...
Page 762 Chapter 20 | Multicast Routing Configuring Global Settings for Multicast Routing case, any VLAN receiving register packets will be converted into the register interface. ◆ Owner – The associated multicast protocol (PIM-DM, PIM-SM, IGMP Proxy for PIMv4, MLD Proxy for PIMv6). ◆...
Page 763: Figure 518: Displaying The Ipv4 Multicast Routing Table
Chapter 20 | Multicast Routing Configuring Global Settings for Multicast Routing SPT-bit set – Multicast packets have been received from a source on ■ shortest path tree. Join SPT – The rate of traffic arriving over the shared tree has exceeded the ■...
Page 764: Figure 519: Displaying Detailed Entries From Ipv4 Multicast Routing Table
Chapter 20 | Multicast Routing Configuring Global Settings for Multicast Routing Select a Source Address. Figure 519: Displaying Detailed Entries from IPv4 Multicast Routing Table Web Interface (IPv6) To display the multicast routing table: Click Multicast, IPv6 Multicast Routing, Information. Select Show Summary from the Action List.
Page 765: Figure 521: Displaying Detailed Entries From Ipv6 Multicast Routing Table
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Figure 521: Displaying Detailed Entries from IPv6 Multicast Routing Table Configuring PIM for IPv4 This section describes how to configure PIM-DM and PIM-SM for IPv4. Enabling PIM Globally Use the Routing Protocol > PIM > General page to enable IPv4 PIM routing globally on the router.
Page 766: Figure 522: Enabling Pim Multicast Routing
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Figure 522: Enabling PIM Multicast Routing Configuring PIM Use the Routing Protocol > PIM > Interface page configure the routing protocol’s functional attributes for each interface. Interface Settings Command Usage ◆ Most of the attributes on this page are common to both PIM-DM and PIM-SM.
Page 767 Chapter 20 | Multicast Routing Configuring PIM for IPv4 Parameters These parameters are displayed: Common Attributes ◆ VLAN – Layer 3 VLAN interface. (Range: 1-4094) ◆ Mode – PIM routing mode. (Options: Dense, Sparse, None) ◆ IP Address – Primary IP address assigned to the selected VLAN. ◆...
Page 768 Chapter 20 | Multicast Routing Configuring PIM for IPv4 ◆ LAN Prune Delay – Causes this device to inform downstream routers of how long it will wait before pruning a flow after receiving a prune request. (Default: Disabled) When other downstream routers on the same VLAN are notified that this upstream router has received a prune request, they must send a Join to override the prune before the prune delay expires if they want to continue receiving the flow.
Page 769 Chapter 20 | Multicast Routing Configuring PIM for IPv4 Dense-Mode Attributes ◆ Graft Retry Interval – The time to wait for a Graft acknowledgement before resending a Graft message. (Range: 1-10 seconds; Default: 3 seconds) A graft message is sent by a router to cancel a prune state. When a router receives a graft message, it must respond with an graft acknowledgement message.
Page 770: Figure 523: Configuring Pim Interface Settings (Dense Mode)
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Use the same join/prune message interval on all PIM-SM routers in the same PIM-SM domain, otherwise the routing protocol’s performance will be adversely affected. The multicast interface that first receives a multicast stream from a particular source forwards this traffic only to those interfaces on the router that have requests to join this group.
Page 771: Figure 524: Configuring Pim Interface Settings (Sparse Mode)
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Figure 524: Configuring PIM Interface Settings (Sparse Mode) Displaying PIM Use the Routing Protocol > PIM > Neighbor page to display all neighboring PIM Neighbor Information routers. Parameters These parameters are displayed: ◆...
Page 772: Configuring Global Pim-Sm Settings
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Configuring Global Use the Routing Protocol > PIM > SM (Configure Global) page to configure the rate at which register messages are sent, the source of register messages, and switch PIM-SM Settings over to the Shortest Path Tree (SPT).
Page 773: Figure 526: Configuring Global Settings For Pim-Sm
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Web Interface To configure global settings for PIM-SM: Click Multicast, Multicast Routing, SM. Select Configure Global from the Step list. Set the register rate limit and source of register messages if required. Also specify any multicast groups which must be routed across the shared tree, instead of switching over to the SPT.
Page 774: Figure 527: Configuring A Pim-Sm Bsr Candidate
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Parameters These parameters are displayed: ◆ BSR Candidate Status – Configures the switch as a Bootstrap Router (BSR) candidate. (Default: Disabled) ◆ VLAN ID – Identifier of configured VLAN interface. (Range: 1-4094) ◆...
Page 775 Chapter 20 | Multicast Routing Configuring PIM for IPv4 Configuring Use the Routing Protocol > PIM > SM (RP Address) page to configure a static address as the Rendezvous Point (RP) for a particular multicast group. a PIM Static Rendezvous Point Command Usage ◆...
Page 776: Figure 528: Configuring A Pim Static Rendezvous Point
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Figure 528: Configuring a PIM Static Rendezvous Point To display static rendezvous points: Click Routing Protocol, PIM, SM. Select RP Address from the Step list. Select Show from the Action list. Figure 529: Showing PIM Static Rendezvous Points Configuring a Use the Routing Protocol >...
Page 777 Chapter 20 | Multicast Routing Configuring PIM for IPv4 Compute hash value based on the group address, RP address, priority, and ■ hash mask included in the bootstrap messages. If there is a tie, use the candidate RP with the highest IP address. ■...
Page 778: Figure 530: Configuring A Pim Rp Candidate
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Figure 530: Configuring a PIM RP Candidate To display settings for an RP candidate: Click Routing Protocol, PIM, SM. Select RP Candidate from the Step list. Select Show from the Action list. Select an interface from the VLAN list.
Page 779: Figure 532: Showing Information About The Pim Bsr
Chapter 20 | Multicast Routing Configuring PIM for IPv4 ◆ Hash Mask Length – The number of significant bits used in the multicast group comparison mask by this BSR candidate. ◆ Expire – The time before the BSR is declared down. ◆...
Page 780: Figure 533: Showing Pim Rp Mapping
Chapter 20 | Multicast Routing Configuring PIM for IPv4 Displaying Use the Routing Protocol > PIM > SM (Show Information – Show RP Mapping) page to display active RPs and associated multicast routing entries. PIM RP Mapping Parameters These parameters are displayed: ◆...
Page 781: Figure 534: Enabling Pimv6 Multicast Routing
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 Configuring PIMv6 for IPv6 This section describes how to configure PIM-DM and PIM-SM for IPv6. Enabling Use the Routing Protocol > PIM6 > General page to enable IPv6 PIM routing PIMv6 Globally globally on the router.
Page 782 Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 ◆ PIMv6 and MLD proxy cannot be used at the same time. When an interface is set to use PIMv6 Dense mode, MLD proxy cannot be enabled on any interface of the device (see “MLD Proxy Routing” in the CLI Reference Guide). Also, when MLD proxy is enabled on an interface, PIMv6 cannot be enabled on any interface.
Page 783 Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 ◆ Hello Interval – Sets the frequency at which PIM hello messages are transmitted out on all interfaces. (Range: 1-65535 seconds; Default: 30 seconds) Hello messages are sent to neighboring PIM routers from which this device has received probes, and are used to verify whether or not these neighbors are still active members of the multicast tree.
Page 784 Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 continue receiving the flow referenced in the message. (Range: 500-6000 milliseconds; Default: 2500 milliseconds) The override interval and the propagation delay are used to calculate the LAN prune delay. If a downstream router has group members which want to continue receiving the flow referenced in a LAN prune delay message, then the override interval represents the time required for the downstream router to process the message and then respond by sending a Join message back to the...
Page 785 Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 forwarding a control message down the distribution tree, refreshing the prune state on the outgoing interfaces of each router in the tree. This also enables PIM routers to recognize topology changes (sources joining or leaving a multicast group) before the default three-minute state timeout expires.
Page 786: Figure 535: Configuring Pimv6 Interface Settings (Dense Mode)
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 Click Apply. Figure 535: Configuring PIMv6 Interface Settings (Dense Mode) Figure 536: Configuring PIMv6 Interface Settings (Sparse Mode) – 780 –...
Page 787: Figure 537: Showing Pimv6 Neighbors
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 Displaying PIM6 Use the Routing Protocol > PIM6 > Neighbor page to display all neighboring PIMv6 routers. Neighbor Information Parameters These parameters are displayed: ◆ Address – IP address of the next-hop router. ◆...
Page 788 Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 ◆ Register Source – Configures the IP source address of a register message to an address other than the outgoing interface address of the DR that leads back toward the RP. (Range: VLAN 1-4094; Default: The IP address of the DR’s outgoing interface that leads back to the RP) When the source address of a register message is filtered by intermediate network devices, or is not a uniquely routed address to which the RP can send...
Page 789: Figure 538: Configuring Global Settings For Pim6-Sm
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 Figure 538: Configuring Global Settings for PIM6-SM Configuring a PIM6 Use the Routing Protocol > PIM6 > SM (BSR Candidate) page to configure the switch as a Bootstrap Router (BSR) candidate. BSR Candidate Command Usage ◆...
Page 790: Figure 539: Configuring A Pim6-Sm Bsr Candidate
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 portion of the hash is used, and a single RP will be defined for multiple groups. (Range: 0-32; Default: 10) ◆ Priority – Priority used by the candidate bootstrap router in the election process.
Page 791: Figure 540: Configuring A Pim6 Static Rendezvous Point
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 longer group prefix length. If the prefix lengths are the same, then the static RP with the highest IP address is chosen. ◆ Static definitions for RP addresses may be used together with RP addresses dynamically learned through the bootstrap router (BSR).
Page 792: Figure 541: Showing Pim6 Static Rendezvous Points
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 To display static rendezvous points: Click Routing Protocol, PIM6, SM. Select RP Address from the Step list. Select Show from the Action list. Figure 541: Showing PIM6 Static Rendezvous Points Configuring a PIM6 Use the Routing Protocol >...
Page 793: Figure 542: Configuring A Pim6 Rp Candidate
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 ◆ To improve failover recovery, it is advisable to select at least two core routers in diverse locations, each to serve as both a candidate BSR and candidate RP. It is also preferable to set up one of these routers as both the primary BSR and RP.
Page 794: Figure 543: Showing Settings For A Pim6 Rp Candidate
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 To display settings for an RP candidate: Click Routing Protocol, PIM6, SM. Select RP Candidate from the Step list. Select Show from the Action list. Select an interface from the VLAN list. Figure 543: Showing Settings for a PIM6 RP Candidate Displaying the Use the Routing Protocol >...
Page 795: Figure 544: Showing Information About The Pim6 Bsr
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 BSR or from a C-BSR with higher weight than the current BSR will be accepted. Candidate BSR – Bidding in election process. ■ Pending-BSR – The router is a candidate to be the BSR for the RP-set. ■...
Page 796: Figure 545: Showing Pim6 Rp Mapping
Chapter 20 | Multicast Routing Configuring PIMv6 for IPv6 Web Interface To display the RPs mapped to multicast groups: Click Routing Protocol, PIM6, SM. Select Show Information from the Step list. Select Show RP Mapping from the Action list. Figure 545: Showing PIM6 RP Mapping –...
Page 797: Section Iii Appendices
Section III Appendices This section provides additional information and includes these items: ◆ “Software Specifications” on page 793 ◆ “Troubleshooting” on page 799 ◆ “License Information” on page 801 – 791 –...
Page 798 Section III | Appendices – 792 –...
Page 799: A Software Specifications
Software Specifications Software Features Management Local, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Security, IP Filter Authentication General Security Access Control Lists (512 rules), Port Authentication (802.1X), MAC Authentication, Port Security, DHCP Snooping, IP Source Guard Measures Port Configuration 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex 1000BASE-SX/LX/ZX: 1000 Mbps at full duplex (SFP , SFP+)
Page 800 Appendix A | Software Specifications Software Features Spanning Tree Spanning Tree Protocol (STP, IEEE 802.1D-2004) Algorithm Rapid Spanning Tree Protocol (RSTP, IEEE 802.1D-2004) Multiple Spanning Tree Protocol (MSTP, IEEE 802.1D-2004) VLAN Support 4094 Up to groups; port-based, protocol-based, tagged (802.1Q), voice VLANs, IP subnet, MAC-based, QinQ tunnel, GVRP for automatic VLAN learning Class of Service Supports four levels of priority...
Page 801: Management Features
Appendix A | Software Specifications Management Features Management Features In-Band Management Telnet, web-based HTTP or HTTPS, SNMP manager, or Secure Shell Out-of-Band RS-232 DB-9 console port Management Software Loading HTTP, FTP or TFTP in-band, or XModem out-of-band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event)
Page 802: Management Information Bases
Appendix A | Software Specifications Management Information Bases IGMPv2 (RFC 2236) IGMPv3 (RFC 3376) - partial support IGMP Proxy (RFC 4541) IPv4 IGMP (RFC 3228) MLD Snooping (RFC 4541) NTP (RFC 1305) OSPF (RFC 2328, 2178, 1587) OSPFv3 (RFC 2740) PIM-SM (RFC 4601) PIM-DM (RFC 3973) RADIUS+ (RFC 2618)
Page 803 Appendix A | Software Specifications Management Information Bases IPV6-TCP-MIB (RFC 2052) IPV6-UDP-MIB (RFC2054) Link Aggregation MIB (IEEE 802.3ad) MAU MIB (RFC 3636) MIB II (RFC 1213) NTP (RFC 1305) OSPF MIB (RFC 1850) OSPFv3 MIB (draft-ietf-ospf-ospfv3-mib-15.txt) P-Bridge MIB (RFC 2674P) Port Access Entity MIB (IEEE 802.1X) Port Access Entity Equipment MIB Power Ethernet MIB (RFC 3621)
Page 804 Appendix A | Software Specifications Management Information Bases – 798 –...
Page 805: Problems Accessing The Management Interface
Troubleshooting Problems Accessing the Management Interface Table 44: Troubleshooting Chart Symptom Action ◆ Cannot connect using Be sure the switch is powered on. Telnet, web browser, or ◆ Check network cabling between the management station and the SNMP software switch. Make sure the ends are properly connected and there is no damage to the cable.
Page 806: Using System Logs
Appendix B | Troubleshooting Using System Logs Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.
Page 807: C License Information
License Information This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
Page 808 Appendix C | License Information The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
Page 809 Appendix C | License Information The GNU General Public License Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
Page 810 Appendix C | License Information The GNU General Public License If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.
Page 811: Glossary
Glossary Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
Page 812 Glossary DiffServ Differentiated Services provides quality of service on large networks by employing a well- defined set of building blocks from which a variety of aggregate forwarding behaviors may be built. Each packet carries information (DS byte) used by each hop to give it a particular forwarding treatment, or per-hop behavior, at each network node.
Page 813 Glossary ICMP Internet Control Message Protocol is a network layer protocol that reports errors in processing IP packets. ICMP is also used by routers to feed back information about better routing choices. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 814 Glossary IGMP Query On each subnetwork, one IGMP-capable device will act as the querier — that is, the device that asks all hosts to report on the IP multicast groups they wish to join or to which they already belong. The elected querier will be the device with the lowest IP address in the subnetwork.
Page 815 Glossary Management Information Base. An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Router Discovery is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers. This process allows IGMP-enabled devices to determine where to send multicast source and group membership messages.
Page 816 Glossary Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high-speed logical link that combines several lower-speed physical links. QinQ QinQ tunneling is designed for service providers carrying traffic for multiple customers across their networks.
Page 817 Glossary Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems.
Page 818 Glossary XModem A protocol used to transfer files between devices. Data is grouped in 128-byte blocks and error-corrected. – 812 –...
Page 819: Index
Index Numerics address table 197 aging time 201 802.1Q tunnel 177 aging time, displaying 201 access 184 aging time, setting 201 configuration, guidelines 180 configuration, limitations 180 configuration 676 CVID to SVID map 182 description 676 description 177 proxy 676 ethernet type 181 statistics 681 interface configuration 184...
Page 820 Index flooding when STA globally disabled 212 CoS 241 ignoring superior BPDUs 219 configuring 241 selecting protocol based on message format 220 default mapping to internal values 252 shut down port on receipt 220 enabling 248 bridge extension capabilities, displaying 87 layer 3/4 priorities 248 broadcast storm, threshold 232 priorities, mapping to internal values 252...
Page 821 Index color blind, srTCM 264 edge port, STA 219 color blind, trTCM 265 encryption committed burst size 264 DSA 316 committed information rate 264 RSA 316 configuring 255 engine ID 423 excess burst size 265 ERPS metering, configuring 260 configuration guidelines 466 peak burst size 266 control VLAN 471 peak information rate 266...
Page 822 Index hash mask length, PIM-SM BSR 768 IGMP proxy hash mask length, PIMv6-SM BSR 783 configuration steps 577 hello holdtime enabling 578 PIM 761 unsolicited report interval 578 PIMv6 776 IGMP services, displaying 557 hello interval IGMP snooping PIM 761 configuring 550 PIMv6 777 enabling per interface 550...
Page 823 Index setting 619 link trace message, CFM 488 IPv6 link type, STA 219 displaying neighbors 634 LLDP 395 duplicate address detection 634 device statistics details, displaying 417 enabling 626 device statistics, displaying 415 MTU 626 display device information 407 router advertisements, blocking 628 displaying remote information 407 IPv6 address interface attributes, configuring 397...
Page 824 Index maintenance end point, CFM 489 enabling, IPv4 754 enabling, IPv6 754 maintenance intermediate point, CFM 489 global settings, IPv4 754 maintenance level, CFM 489 global settings, IPv6 754 maintenance point, CFM 488 PIM 759 management access, filtering per address 349 PIM-DM 759 management access, IP filter 349 PIM-SM 759...
Page 825 Index specifying a domain 610 LSA database, displaying 746 specifying a VLAN 605 message digest key 740 static binding 611 neighboring router information, diplaying 749 static binding, group to port 611 network area 717 statistics, displaying 614 normal area 718 using immediate leave 611 NSSA 725 process ID 719...
Page 826 Index interface settings 763 policy map neighbor routers 765 DiffServ 260 register rate limit for DR 766 port authentication 353 rendezvous point 769 port power RP candidate 770 displaying status 420 RP candidate, advertising 770 inline 418 RP mapping, displaying 774 inline status 420 shared tree 766 maximum allocation 418...
Page 827 Index interface protocol settings 710 interface, enabling 703 QinQ Tunneling See 802.1Q tunnel neighbor router 706 QoS 255 passively monitoring updates 705 configuring 255 poison reverse 698 CoS/CFI to PHB/drop precedence 252 protocol packets, receiving 712 DSCP to PHB/drop precedence 249 protocol packets, sending 712 dynamic assignment 303 receive version 712...
Page 828 Index SNMP 420 path cost 222 community string 433 path cost method 213 enabling traps 440 port priority 218 enabling traps, mac-address changes 205 port/trunk loopback detection 209 filtering IP addresses 349 protocol migration 220 global settings, configuring 422 transmission limit 213 trap manager 440 stack traps, CFM 493...
Page 829 Index transceiver data, displaying 133 description 163 transceiver thresholds displaying port members by interface 172 configuring 134 displaying port members by interface range 173 displaying 134 displaying port members by VLAN index 172 trap manager 440 dynamic assignment 303 troubleshooting 799 egress mode 169 trTCM ingress filtering 170...
Page 830 E122014/ST-R04 ECS4620-28T/P/F ECS4620-52T/P 149100000245A ECS4620-28T-DC ECS4620-28F-DC 150200000929A...
Page 831 ECS4620-28T/P/F ECS4620-28T/F-DC C L I R e f e r e n c e G u i d e ECS4620-52T/P 28/52-Port Layer 3 Stackable GE Switch Software Release v1.2.2.0 www.edge-core.com...
Page 832 C L I R e f e r e n c e G u i d e ECS4620-28T Stackable GE Switch Layer 3 Stackable Gigabit Ethernet Switch with 24 10/100/1000BASE-T (RJ-45) Ports, 2 10-Gigabit SFP+ Ports, and Optional Module with 2 10-Gigabit SFP+ Ports...
Page 833 How to Use This Guide This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
Page 834 April 2014 Revision This is the second version of this guide. This guide is valid for software release v1.2.1.3. It contains the following changes: ◆ Added information for ECS4620-28F, ECS4620-28T, and ECS4620-28P. ◆ Extended configurable VLAN range from 1-4093 to 1-4094. ◆...
Page 835 How to Use This Guide ◆ Added the command "show process cpu task" on page 128. ◆ Added "Stacking" on page 195. ◆ Updated syntax for "snmp-server enable traps" on page 204. ◆ Added the commands "snmp-server enable port-traps mac-notification" on page 208 "show snmp-server enable port-traps"...
Page 836 How to Use This Guide ◆ Updated syntax for the command "auto-traffic-control control-release" on page 485. ◆ Added the command "loopback-detection action" on page 492. ◆ Removed the command “loopback-detection mode. ” ◆ Added the command "loopback detection trap" on page 494.
Page 837 How to Use This Guide ◆ Added BGP to the parameter list for the OSPFv2 command "redistribute" on page 993. ◆ Added the command "area authentication" on page 996. ◆ Added the command "neighbor password" on page 1107. December 2013 Revision This is the first version of this guide.
Page 838 How to Use This Guide – 8 –...
Page 839 Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Initial Switch Configuration Connecting to the Switch Configuration Options Connecting to the Console Port Logging Onto the Command Line Interface Setting Passwords Remote Connections Stack Operations Selecting the Stack Master Selecting the Backup Unit Recovering from Stack Failure or Topology Change...
Page 840 Contents Automatic Installation of Operation Code and Configuration Settings Downloading Operation Code from a File Server Specifying a DHCP Client Identifier Downloading a Configuration File Referenced by a DHCP Server Setting the System Clock Setting the Time Manually Configuring SNTP Configuring NTP Section II Command Line Interface...
Page 841 Contents show history configure disable reload (Privileged Exec) show reload exit 4 System Management Commands Device Designation hostname Banner Information banner configure banner configure company banner configure dc-power-info banner configure department banner configure equipment-info banner configure equipment-location banner configure ip-lan banner configure lp-number banner configure manager-info banner configure mux...
Page 842 Contents show watchdog watchdog software Fan Control fan-speed force-full Frame Size jumbo frame File Management General Commands boot system copy delete whichboot Automatic Code Upgrade Commands upgrade opcode auto upgrade opcode path upgrade opcode reload show upgrade TFTP Configuration Commands ip tftp retry ip tftp timeout show ip tftp...
Page 843 Contents terminal show line Event Logging logging facility logging history logging host logging on logging trap clear log show log show logging SMTP Alerts logging sendmail logging sendmail host logging sendmail level logging sendmail destination-email logging sendmail source-email show logging sendmail Time SNTP Commands sntp client...
Page 844 Contents calendar set show calendar Time Range time-range absolute periodic show time-range Switch Clustering cluster cluster commander cluster ip-pool cluster member rcommand show cluster show cluster members show cluster candidates Stacking switch all renumber switch master button switch stacking button show switch master button show switch stacking button 5 SNMP Commands...
Page 845 Contents SNMPv3 Commands snmp-server engine-id snmp-server group snmp-server user snmp-server view show snmp engine-id show snmp group show snmp user show snmp view Notification Log Commands snmp-server notify-filter show nlm oper-status show snmp notify-filter Additional Trap Commands memory process cpu 6 Remote Monitoring Commands rmon alarm rmon event...
Page 846 Contents 8 Authentication Commands User Accounts and Privilege Levels enable password username privilege show privilege Authentication Sequence authentication enable authentication login RADIUS Client radius-server acct-port radius-server auth-port radius-server host radius-server key radius-server retransmit radius-server timeout show radius-server TACACS+ Client tacacs-server host tacacs-server key tacacs-server port tacacs-server retransmit...
Page 847 Contents accounting exec authorization exec show accounting Web Server ip http port ip http server ip http secure-port ip http secure-server Telnet Server ip telnet max-sessions ip telnet port ip telnet server show ip telnet Secure Shell ip ssh authentication-retries ip ssh server ip ssh server-key size ip ssh timeout...
Page 848 Contents dot1x port-control dot1x re-authentication dot1x timeout quiet-period dot1x timeout re-authperiod dot1x timeout supp-timeout dot1x timeout tx-period dot1x re-authenticate Supplicant Commands dot1x identity profile dot1x max-start dot1x pae supplicant dot1x timeout auth-period dot1x timeout held-period dot1x timeout start-period Information Display Commands show dot1x Management IP Filter management...
Page 849 Contents port security mac-address-as-permanent show port security Network Access (MAC Address Authentication) network-access aging network-access mac-filter mac-authentication reauth-time network-access dynamic-qos network-access dynamic-vlan network-access guest-vlan network-access link-detection network-access link-detection link-down network-access link-detection link-up network-access link-detection link-up-down network-access max-mac-count network-access mode mac-authentication network-access port-mac-filter mac-authentication intrusion-action mac-authentication max-mac-count...
Page 850 Contents ip dhcp snooping information option ip dhcp snooping information option encode no-subtype ip dhcp snooping information option remote-id ip dhcp snooping information option tr101 board-id ip dhcp snooping information policy ip dhcp snooping limit rate ip dhcp snooping verify mac-address ip dhcp snooping vlan ip dhcp snooping information option circuit-id ip dhcp snooping trust...
Page 851 Contents IPv6 Source Guard ipv6 source-guard binding ipv6 source-guard ipv6 source-guard max-binding show ipv6 source-guard show ipv6 source-guard binding ARP Inspection ip arp inspection ip arp inspection filter ip arp inspection log-buffer logs ip arp inspection validate ip arp inspection vlan ip arp inspection limit ip arp inspection trust show ip arp inspection configuration...
Page 852 Contents show traffic-segmentation 10 Access Control Lists IPv4 ACLs access-list ip ip access-group (Global Configuration) permit, deny (Standard IP ACL) permit, deny (Extended IPv4 ACL) ip access-group (Interface Configuration) show ip access-group show ip access-list IPv6 ACLs access-list ipv6 ipv6 access-group (Global Configuration) permit, deny (Standard Pv6 ACL) permit, deny (Extended IPv6 ACL) ipv6 access-group (Interface Configuration)
Page 853 Contents 11 Interface Commands Interface Configuration interface alias capabilities description discard flowcontrol media-type negotiation shutdown speed-duplex clear counters show discard show interfaces brief show interfaces counters show interfaces status show interfaces switchport Transceiver Threshold Configuration transceiver-monitor transceiver-threshold-auto transceiver-threshold current transceiver-threshold rx-power transceiver-threshold temperature transceiver-threshold tx-power transceiver-threshold voltage...
Page 854 Contents 12 Link Aggregation Commands Manual Configuration Commands port channel load-balance channel-group Dynamic Configuration Commands lacp lacp admin-key (Ethernet Interface) lacp port-priority lacp system-priority lacp admin-key (Port Channel) lacp timeout Trunk Status Display Commands show lacp show port-channel load-balance 13 Power over Ethernet Commands power inline power inline maximum allocation power inline priority...
Page 855 Contents Storm Control Commands switchport packet-rate Automatic Traffic Control Commands Threshold Commands auto-traffic-control apply-timer auto-traffic-control release-timer auto-traffic-control auto-traffic-control action auto-traffic-control alarm-clear-threshold auto-traffic-control alarm-fire-threshold auto-traffic-control auto-control-release auto-traffic-control control-release SNMP Trap Commands snmp-server enable port-traps atc broadcast-alarm-clear snmp-server enable port-traps atc broadcast-alarm-fire snmp-server enable port-traps atc broadcast-control-apply snmp-server enable port-traps atc broadcast-control-release snmp-server enable port-traps atc multicast-alarm-clear...
Page 856 Contents udld message-interval udld recovery udld recovery-interval udld aggressive udld port show udld 18 Address Table Commands mac-address-table aging-time mac-address-table hash-lookup-depth mac-address-table static clear collision-mac-address-table clear mac-address-table dynamic show collision-mac-address-table show mac-address-table show mac-address-table aging-time show mac-address-table count show mac-address-table hash-lookup-depth 19 Spanning Tree Commands spanning-tree spanning-tree cisco-prestandard...
Page 857 Contents revision spanning-tree bpdu-filter spanning-tree bpdu-guard spanning-tree cost spanning-tree edge-port spanning-tree link-type spanning-tree loopback-detection spanning-tree loopback-detection action spanning-tree loopback-detection release-mode spanning-tree loopback-detection trap spanning-tree mst cost spanning-tree mst port-priority spanning-tree port-bpdu-flooding spanning-tree port-priority spanning-tree root-guard spanning-tree spanning-disabled spanning-tree tc-prop-stop spanning-tree loopback-detection release spanning-tree protocol-migration show spanning-tree show spanning-tree mst configuration...
Page 858 Contents non-revertive propagate-tc raps-def-mac raps-without-vc ring-port rpl neighbor rpl owner version wtr-timer clear erps statistics erps clear erps forced-switch erps manual-switch show erps 21 VLAN Commands GVRP and Bridge Extension Commands bridge-ext gvrp garp timer switchport forbidden vlan switchport gvrp show bridge-ext show garp timer show gvrp configuration...
Page 859 Contents Displaying VLAN Information show vlan Configuring IEEE 802.1Q Tunneling dot1q-tunnel system-tunnel-control switchport dot1q-tunnel mode switchport dot1q-tunnel service match cvid switchport dot1q-tunnel tpid show dot1q-tunnel Configuring L2CP Tunneling l2protocol-tunnel tunnel-dmac switchport l2protocol-tunnel show l2protocol-tunnel Configuring VLAN Translation switchport vlan-translation show vlan-translation Configuring Protocol-based VLANs protocol-vlan protocol-group (Configuring Groups) protocol-vlan protocol-group (Configuring Interfaces)
Page 860 Contents 22 Class of Service Commands Priority Commands (Layer 2) queue mode queue weight switchport priority default show queue mode show queue weight Priority Commands (Layer 3 and 4) qos map cos-dscp qos map dscp-mutation qos map phb-queue qos map trust-mode show qos map cos-dscp show qos map dscp-mutation show qos map phb-queue...
Page 861 Contents 24 Multicast Filtering Commands IGMP Snooping ip igmp snooping ip igmp snooping priority ip igmp snooping proxy-reporting ip igmp snooping querier ip igmp snooping router-alert-option-check ip igmp snooping router-port-expire-time ip igmp snooping tcn-flood ip igmp snooping tcn-query-solicit ip igmp snooping unregistered-data-flood ip igmp snooping unsolicited-report-interval ip igmp snooping version ip igmp snooping version-exclusive...
Page 862 Contents permit, deny range ip igmp authentication ip igmp filter (Interface Configuration) ip igmp max-groups ip igmp max-groups action ip igmp query-drop ip multicast-data-drop show ip igmp authentication show ip igmp filter show ip igmp profile show ip igmp query-drop show ip igmp throttle interface show ip multicast-data-drop MLD Snooping...
Page 863 Contents permit, deny range ipv6 mld filter (Interface Configuration) ipv6 mld max-groups ipv6 mld max-groups action ipv6 mld query-drop ipv6 multicast-data-drop show ipv6 mld filter show ipv6 mld profile show ipv6 mld query-drop show ipv6 mld throttle interface MVR for IPv4 mvr associated-profile mvr domain mvr priority...
Page 864 Contents MVR for IPv6 mvr6 associated-profile mvr6 domain mvr6 priority mvr6 profile mvr6 proxy-query-interval mvr6 proxy-switching mvr6 robustness-value mvr6 source-port-mode dynamic mvr6 upstream-source-ip mvr6 vlan mvr6 immediate-leave mvr6 type mvr6 vlan group clear mvr6 groups dynamic clear mvr6 statistics show mvr6 show mvr6 associated-profile show mvr6 interface show mvr6 members...
Page 865 Contents ip igmp proxy unsolicited-report-interval MLD (Layer 3) ipv6 mld ipv6 mld last-member-query-response-interval ipv6 mld max-resp-interval ipv6 mld query-interval ipv6 mld robustval ipv6 mld static-group ipv6 mld version clear ipv6 mld group show ipv6 mld groups show ipv6 mld interface MLD Proxy Routing ipv6 mld proxy ipv6 mld proxy unsolicited-report-interval...
Page 866 Contents lldp dot3-tlv mac-phy lldp dot3-tlv max-frame lldp dot3-tlv poe lldp med-location civic-addr lldp med-notification lldp med-tlv ext-poe lldp med-tlv inventory lldp med-tlv location lldp med-tlv med-cap lldp med-tlv network-policy lldp notification show lldp config show lldp info local-device show lldp info remote-device show lldp info statistics 26 CFM Commands Defining CFM Structures...
Page 867 Contents Continuity Check Operations ethernet cfm cc ma interval ethernet cfm cc enable snmp-server enable traps ethernet cfm cc mep archive-hold-time clear ethernet cfm maintenance-points remote clear ethernet cfm errors show ethernet cfm errors Cross Check Operations ethernet cfm mep crosscheck start-delay snmp-server enable traps ethernet cfm crosscheck mep crosscheck mpid ethernet cfm mep crosscheck...
Page 868 Contents efm oam link-monitor frame threshold efm oam link-monitor frame window efm oam mode clear efm oam counters clear efm oam event-log efm oam remote-loopback efm oam remote-loopback test show efm oam counters interface show efm oam event-log interface show efm oam remote-loopback interface show efm oam status interface show efm oam status remote interface 28 Domain Name Service Commands...
Page 869 Contents DHCP Relay DHCP Relay for IPv4 ip dhcp relay server ip dhcp restart relay DHCP Relay for IPv6 ipv6 dhcp relay destination show ipv6 dhcp relay destination DHCP Server ip dhcp excluded-address ip dhcp pool service dhcp bootfile client-identifier default-router dns-server domain-name...
Page 870 Contents traceroute ping ARP Configuration arp timeout ip proxy-arp clear arp-cache show arp UDP Helper Configuration ip forward-protocol udp ip helper ip helper-address show ip helper IPv6 Interface Interface Address Configuration and Utilities ipv6 default-gateway ipv6 address ipv6 address eui-64 ipv6 address link-local ipv6 enable ipv6 mtu...
Page 871 Contents ipv6 nd reachable-time ipv6 nd prefix ipv6 nd ra interval ipv6 nd ra lifetime ipv6 nd ra router-preference ipv6 nd ra suppress clear ipv6 neighbors show ipv6 nd raguard show ipv6 neighbors ND Snooping ipv6 nd snooping ipv6 nd snooping auto-detect ipv6 nd snooping auto-detect retransmit count ipv6 nd snooping auto-detect retransmit interval ipv6 nd snooping prefix timeout...
Page 872 Contents 50 IP Routing Commands Global Routing Configuration IPv4 Commands ip route maximum-paths show ip host-route show ip route show ip route database show ip route summary show ip traffic IPv6 Commands ipv6 route show ipv6 route Routing Information Protocol (RIP) router rip default-information originate default-metric...
Page 873 Contents Open Shortest Path First (OSPFv2) General Configuration router ospf compatible rfc1583 default-information originate router-id timers spf clear ip ospf process Route Metrics and Summaries area default-cost area range auto-cost reference-bandwidth default-metric redistribute summary-address Area Configuration area authentication area nssa area stub area virtual-link 1000...
Page 874 Contents show ip ospf database 1015 show ip ospf interface 1021 show ip ospf neighbor 1023 show ip ospf route 1024 show ip ospf virtual-links 1024 show ip protocols ospf 1025 Open Shortest Path First (OSPFv3) 1026 General Configuration 1028 router ipv6 ospf 1028 abr-type...
Page 875 Contents show ipv6 ospf neighbor 1050 show ipv6 ospf route 1051 show ipv6 ospf virtual-links 1052 Border Gateway Protocol (BGPv4) 1053 BGP Overview 1053 External and Internal BGP 1053 BGP Routing Basics 1055 Internal BGP Scalability 1058 Route Flap Dampening 1063 BGP Command List 1064...
Page 876 Contents bgp bestpath as-path ignore 1089 bgp bestpath compare-confed-aspath 1090 bgp bestpath compare-routerid 1090 bgp bestpath med 1091 bgp default local-preference 1092 bgp deterministic-med 1092 distance 1093 distance bgp 1094 Neighbor Configuration 1095 neighbor activate 1095 neighbor advertisement-interval 1096 neighbor allowas-in 1096 neighbor attribute-unchanged 1097...
Page 877 Contents neighbor route-reflector-client 1113 neighbor route-server-client 1114 neighbor send-community 1115 neighbor shutdown 1115 neighbor soft-reconfiguration inbound 1116 neighbor strict-capability-match 1117 neighbor timers 1118 neighbor timers connect 1118 neighbor unsuppress-map 1119 neighbor update-source 1120 neighbor weight 1120 Display Information 1121 show ip bgp 1121 show ip bgp attribute-info 1122...
Page 878 Contents continue 1138 description 1139 match as-path 1139 match community 1140 match extcommunity 1141 match ip address 1141 match ip next-hop 1142 match ip route-source 1142 match metric 1143 match origin 1143 match pathlimit as 1144 match peer 1145 on-match 1145 set aggregator as 1146...
Page 879 Contents show ipv6 mroute 1161 Static Multicast Routing 1163 ip igmp snooping vlan mrouter 1163 show ip igmp snooping mrouter 1164 PIM Multicast Routing 1165 IPv4 PIM Commands 1165 PIM Shared Mode Commands 1166 router pim 1166 ip pim 1167 ip pim hello-holdtime 1168 ip pim hello-interval...
Page 880 Contents IPv6 PIM Commands 1188 PIM6 Shared Mode Commands 1189 router pim6 1189 ipv6 pim 1190 ipv6 pim hello-holdtime 1191 ipv6 pim hello-interval 1192 ipv6 pim join-prune-holdtime 1192 ipv6 pim lan-prune-delay 1193 ipv6 pim override-interval 1194 ipv6 pim propagation-delay 1195 ipv6 pim trigger-hello-delay 1195 show ipv6 pim interface...
Page 881 Contents Section III Appendices 1213 A Troubleshooting 1215 Problems Accessing the Management Interface 1215 Using System Logs 1216 B License Information 1217 The GNU General Public License 1217 Glossary 1221 Index of CLI Commands 1229 Index 1241 – 51 –...
Page 882 Contents – 52 –...
Page 883 Figures Figure 1: Storm Control by Limiting the Traffic Rate Figure 2: Storm Control by Shutting Down a Port Figure 3: Non-ERPS Device Protection Figure 4: Sub-ring with Virtual Channel Figure 5: Sub-ring without Virtual Channel Figure 6: Configuring VLAN Trunking Figure 7: Mapping QinQ Service VLAN to Customer VLAN Figure 8: Configuring VLAN Translation Figure 1: Connections for Internal and External BGP...
Page 884 Figures – 54 –...
Page 885 Tables Table 1: Options 60, 66 and 67 Statements Table 2: Options 55 and 124 Statements Table 3: General Command Modes Table 4: Configuration Command Modes Table 5: Keystroke Commands Table 6: Command Group Index Table 7: General Commands Table 8: System Management Commands Table 9: Device Designation Commands Table 10: Banner Commands Table 11: System Status Commands...
Page 886 Tables Table 30: show snmp engine-id - display description Table 31: show snmp group - display description Table 32: show snmp user - display description Table 33: show snmp view - display description Table 34: RMON Commands Table 35: sFlow Commands Table 36: Authentication Commands Table 37: User Access Commands Table 38: Default Login Settings...
Page 887 Tables Table 65: Commands for Configuring Traffic Segmentation Table 66: Traffic Segmentation Forwarding Table 67: Access Control List Commands Table 68: IPv4 ACL Commands Table 69: IPv6 ACL Commands Table 70: MAC ACL Commands Table 71: ARP ACL Commands Table 72: ACL Information Commands Table 73: Interface Commands Table 74: show interfaces counters - display description Table 75: show interfaces switchport - display description...
Page 888 Tables Table 100: show erps - summary display description Table 101: show erps domain - detailed display description Table 102: show erps statistics - detailed display description Table 103: VLAN Commands Table 104: GVRP and Bridge Extension Commands Table 105: show bridge-ext - display description Table 106: Commands for Editing VLAN Groups Table 107: Commands for Configuring VLAN Interfaces Table 108: Commands for Displaying VLAN Information...
Page 889 Tables Table 135: show mvr interface - display description Table 136: show mvr members - display description Table 137: show mvr statistics input - display description Table 138: show mvr statistics output - display description Table 139: show mvr statistics query - display description Table 140: show mvr statistics summary interface - display description Table 141: show mvr statistics summary interface mvr vlan - description Table 142: Multicast VLAN Registration for IPv6 Commands...
Page 890 Tables Table 170: show hosts - display description Table 171: DHCP Commands Table 172: DHCP Client Commands Table 173: Options 60, 66 and 67 Statements Table 174: Options 55 and 124 Statements Table 175: DHCP Relay Option 82 Commands Table 176: DHCP Server Commands Table 177: IP Interface Commands Table 178: IPv4 Interface Commands Table 179: Basic IP Configuration Commands...
Page 891: Table 44: Troubleshooting Chart
Tables Table 14: show ip ospf neighbor - display description 1023 Table 15: show ip ospf virtual-links - display description 1025 Table 16: show ip protocols ospf - display description 1025 Table 17: Open Shortest Path First Commands (Version 3) 1026 Table 18: show ip ospf - display description 1047...
Page 892 Tables – 62 –...
Page 893 Section I Getting Started This section describes how to configure the switch for management access through the web interface or SNMP. This section includes these chapters: ◆ "Initial Switch Configuration" on page 65 – 63 –...
Page 894 Section I | Getting Started – 64 –...
Page 895: Initial Switch Configuration
Initial Switch Configuration This chapter includes information on connecting to the switch and basic configuration procedures. Connecting to the Switch The switch includes a built-in network management agent. The agent offers a variety of management options, including SNMP, RMON and a web-based interface. A PC may also be connected directly to the switch for configuration and monitoring via a command line interface (CLI).
Page 896 Chapter 1 | Initial Switch Configuration Connecting to the Switch ◆ Filter packets using Access Control Lists (ACLs) ◆ Configure up to 4094 IEEE 802.1Q VLANs ◆ Enable GVRP automatic VLAN registration ◆ Configure IP routing for unicast or multicast traffic ◆...
Page 897 Chapter 1 | Initial Switch Configuration Connecting to the Switch Set flow control to none. ■ Set the emulation mode to VT100. ■ ■ When using HyperTerminal, select Terminal keys, not Windows keys. Power on the switch. After the system completes the boot cycle, the logon screen appears. Logging Onto the The CLI program provides two different command levels —...
Page 898 Console(config)#username guest password 0 [password] Console(config)#username admin password 0 [password] Console(config)# * This manual covers the ECS4620-28T/52T Gigabit Ethernet switches, the ECS4620-28F and ECS4620-28F-DC Gigabit Ethernet fiber switch, the ECS4620- 28T-DC Gigabit Ethernet switch, and the ECS4620-28P/52P Gigabit Ethernet PoE switches.
Page 899: Stack Operations
Chapter 1 | Initial Switch Configuration Stack Operations Stack Operations Up to eight switches can be stacked together as described in the Installation Guide. One unit in the stack acts as the Master for configuration tasks and firmware upgrade. All of the other units function in Slave mode, but can automatically take over management of the stack if the Master unit fails.
Page 900 Chapter 1 | Initial Switch Configuration Stack Operations Selecting the Once the Master unit finishes booting up, it continues to synchronize configuration information to all of the Slave units in the stack. If the Master unit fails or is powered Backup Unit off, a new master unit will be selected based on the election rules described in the preceding section.
Page 901 Chapter 1 | Initial Switch Configuration Stack Operations failover events, you should include port members on several units within the primary VLAN used for stack management. Resilient Configuration If a unit in the stack fails, the unit numbers will not change. This means that when you replace a unit in the stack, the original configuration for the failed unit will be restored to the replacement unit.
Page 902 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management image” and downloads the image to those backup units that are running a different image version. Configuring the Switch for Remote Management Using the Network The switch can be managed through the operational network, known as in-band Interface management.
Page 903 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management Assigning an IPv4 Address Before you can assign an IP address to the switch, you must obtain the following information from your network administrator: ◆ IP address for the switch ◆...
Page 904 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management To configure an IPv6 link local address for the switch, complete the following steps: From the Global Configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>. Type “ipv6 address”...
Page 905 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management To generate an IPv6 global unicast address for the switch, complete the following steps: From the global configuration mode prompt, type “interface vlan 1” to access the interface-configuration mode. Press <Enter>. From the interface prompt, type “ipv6 address ipv6-address”...
Page 906 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management Dynamic Configuration Obtaining an IPv4 Address If you select the “bootp” or “dhcp” option, the system will immediately start broadcasting service requests. IP will be enabled but will not function until a BOOTP or DHCP reply has been received.
Page 907 Chapter 1 | Initial Switch Configuration Configuring the Switch for Remote Management Console(config)#interface vlan 1 Console(config-if)#ip address dhcp Console(config-if)#end Console#show ip interface VLAN 1 is Administrative Up - Link Up Address is 00-E0-0C-00-00-FB Index: 1001, MTU: 1500 Address Mode is DHCP IP Address: 192.168.0.2 Mask: 255.255.255.0 Proxy ARP is disabled DHCP Inform is disabled...
Page 908: Enabling Snmp Management Access
Enabling SNMP Management Access The switch can be configured to accept management commands from Simple Network Management Protocol (SNMP) applications such as Edge-Core ECView Pro. You can configure the switch to respond to SNMP requests or generate SNMP traps. When SNMP management stations send requests to the switch (either to return information or to set a parameter), the switch provides the requested data or sets the specified parameter.
Page 909 Chapter 1 | Initial Switch Configuration Enabling SNMP Management Access Console(config)#snmp-server community admin rw Console(config)#snmp-server community private Console(config)# Note: If you do not intend to support access to SNMP version 1 and 2c clients, we recommend that you delete both of the default community strings. If there are no community strings, then SNMP management access from SNMP v1 and v2c clients is disabled.
Page 910 Chapter 1 | Initial Switch Configuration Managing System Files For a more detailed explanation on how to configure the switch for access from SNMP v3 clients, refer to the CLI Reference Guide or Web Management Guide. Managing System Files The switch’s flash memory supports three types of system files that can be managed by the CLI program, the web interface, or SNMP.
Page 911 Chapter 1 | Initial Switch Configuration Managing System Files Upgrading the The following example shows how to download new firmware to the switch and activate it. The TFTP server could be any standards-compliant server running on Operation Code Windows or Linux. When downloading from an FTP server, the logon interface will prompt for a user name and password configured on the remote server.
Page 912 Chapter 1 | Initial Switch Configuration Automatic Installation of Operation Code and Configuration Settings The maximum number of saved configuration files depends on available flash memory. The amount of available flash memory can be checked by using the dir command. To save the current configuration settings, enter the following command: From the Privileged Exec mode prompt, type “copy running-config startup- config”...
Page 913 192.168.0.1/). ◆ The file name must not be included in the upgrade file location URL. The file name of the code stored on the remote server must be ECS4620-28T.bix (using lower case letters as indicated). ◆ The FTP connection is made with PASV mode enabled. PASV mode is needed to traverse some fire walls, even if FTP traffic is not blocked.
Page 914 Chapter 1 | Initial Switch Configuration Automatic Installation of Operation Code and Configuration Settings ◆ During the automatic search and transfer process, the administrator cannot transfer or update another operation code image, configuration file, public key, or HTTPS certificate (i.e., no other concurrent file management operations are possible).
Page 915 It will search for a new version of the image at the location specified by upgrade opcode path command. The name for the new image stored on the TFTP server must be ECS4620-28T.bix. If the switch detects a code version newer than the one currently in use, it will download the new image.
Page 916 Chapter 1 | Initial Switch Configuration Automatic Installation of Operation Code and Configuration Settings can be formatted in either text or hexadecimal, but the format used by both the client and server must be the same. Console(config)#interface vlan 2 Console(config-if)#ip dhcp client class-id hex 0000e8666572 Console(config-if)# Downloading a Information passed on to the switch from a DHCP server may also include a...
Page 917 Chapter 1 | Initial Switch Configuration Automatic Installation of Operation Code and Configuration Settings To successfully transmit a bootup configuration file to the switch, the DHCP daemon (using a Linux based system for this example) must be configured with the following information: ◆...
Page 918 "192.168.255.101"; option bootfile-name "test"; Note: Use “ecs4620-28t.cfg” for the vendor-class-identifier in the dhcpd.conf file. Setting the System Clock Simple Network Time Protocol (SNTP) or Network Time Protocol (NTP) can be used to set the switch’s internal clock based on periodic updates from a time server.
Page 919 Chapter 1 | Initial Switch Configuration Setting the System Clock To set the time shift for summer time, enter a command similar to the following. Console(config)#clock summer-time SUMMER date 2 april 2013 0 0 30 june 2013 0 Console(config)# To display the clock configuration settings, enter the following command. Console#show calendar Current Time : Apr...
Page 920 Chapter 1 | Initial Switch Configuration Setting the System Clock Console(config)#ntp server 192.168.3.21 Console(config)#ntp server 192.168.5.23 key 19 Console(config)#exit Console#show ntp Current Time : Apr 29 13:57:32 2011 Polling : 1024 seconds Current Mode : unicast NTP Status : Enabled NTP Authenticate Status : Enabled Last Update NTP Server...
Page 921: Command Line Interface
Section II Command Line Interface This section provides a detailed description of the Command Line Interface, along with examples for all of the commands. This section includes these chapters: ◆ “Using the Command Line Interface” on page 93 ◆ “General Commands” on page 107 ◆...
Page 922 Section II | Command Line Interface ◆ “Address Table Commands” on page 505 ◆ “Spanning Tree Commands” on page 513 ◆ “ERPS Commands” on page 543 ◆ “VLAN Commands” on page 575 ◆ “Class of Service Commands” on page 621 ◆...
Page 923: Using The Command Line
When finished, exit the session with the “quit” or “exit” command. After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the ECS4620-28T is opened. To end the CLI session, enter [Exit]. Console# – 93 –...
Page 924 When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the ECS4620-28T is opened. To end the CLI session, enter [Exit]. Vty-0# – 94 –...
Page 925: Entering Commands
Chapter 2 | Using the Command Line Interface Entering Commands Note: You can open up to eight sessions to the device via Telnet or SSH. Entering Commands This section describes how to enter CLI commands. Keywords and A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters.
Page 926: Showing Commands
Chapter 2 | Using the Command Line Interface Entering Commands Getting Help You can display a brief description of the help system by entering the help command. You can also display command syntax by using the “?” character to list on Commands keywords or parameters.
Page 927 Chapter 2 | Using the Command Line Interface Entering Commands port Port characteristics port-channel Port channel information power Shows power power-save Shows the power saving information pppoe Displays PPPoE configuration privilege Shows current privilege level process Device process protocol-vlan Protocol-VLAN information public-key Public key information Quality of Service...
Page 928 Chapter 2 | Using the Command Line Interface Entering Commands display the rest of the information without stopping. You can press any other key to terminate the display. Partial Keyword If you terminate a partial keyword with a question mark, alternatives that match the Lookup initial letters are provided.
Page 929 “super. ” To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the ECS4620-28T is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the ECS4620-28T is opened.
Page 930 Chapter 2 | Using the Command Line Interface Entering Commands Configuration Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not Commands saved when the switch is rebooted. To store the running configuration in non- volatile storage, use the copy running-config startup-config command.
Page 931 Chapter 2 | Using the Command Line Interface Entering Commands ◆ VLAN Configuration - Includes the command to create VLAN groups. To enter the Global Configuration mode, enter the command configure in Privileged Exec mode. The system prompt will change to “Console(config)#” which gives you access privilege to all Global Configuration commands.
Page 932 Chapter 2 | Using the Command Line Interface Entering Commands For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec mode Console(config)#interface ethernet 1/5 Console(config-if)#exit Console(config)# Command Line Commands are not case sensitive. You can abbreviate commands and parameters Processing as long as they contain enough letters to differentiate them from any other currently available commands or parameters.
Page 933: Cli Command Groups
Chapter 2 | Using the Command Line Interface CLI Command Groups Showing Status There are various “show” commands which display configuration settings or the status of specified processes. Many of these commands will not display any Information information unless the switch is properly configured, and in some cases the interface to which a command applies is up.
Page 934 Chapter 2 | Using the Command Line Interface CLI Command Groups (Continued) Table 6: Command Group Index Command Group Description Page General Security Measures Segregates traffic for clients attached to common data ports; and prevents unauthorized access by configuring valid static or dynamic addresses, web authentication, MAC address authentication, filtering DHCP requests and replies, and discarding invalid ARP responses...
Page 935 Chapter 2 | Using the Command Line Interface CLI Command Groups (Continued) Table 6: Command Group Index Command Group Description Page Configures Operations, Administration and Maintenance remote management tools required to monitor and maintain the links to subscriber CPEs Domain Name Service Configures DNS services.
Page 936 Chapter 2 | Using the Command Line Interface CLI Command Groups – 106 –...
Page 937 General Commands The general commands are used to control the command access mode, configuration mode, and other basic functions. Table 7: General Commands Command Function Mode prompt Customizes the CLI prompt reload Restarts the system at a specified time, after a specified delay, or at a periodic interval enable Activates privileged mode...
Page 938 Chapter 3 | General Commands Command Mode Global Configuration Example Console(config)#prompt RD2 RD2(config)# reload This command restarts the system at a specified time, after a specified delay, or at a (Global Configuration) periodic interval. You can reboot the system immediately, or you can configure the switch to reset after a specified amount of time.
Page 939 Chapter 3 | General Commands Command Mode Global Configuration Command Usage ◆ This command resets the entire system. ◆ Any combination of reload options may be specified. If the same option is re- specified, the previous setting will be overwritten. ◆...
Page 940 Chapter 3 | General Commands Example Console>enable Password: [privileged level password] Console# Related Commands disable (112) enable password (238) quit This command exits the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program. Example This example shows how to quit a CLI session: Console#quit...
Page 941 Chapter 3 | General Commands Example In this example, the show history command lists the contents of the command history buffer: Console#show history Execution command history: 2 config 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console#...
Page 942 Chapter 3 | General Commands disable This command returns to Normal Exec mode from privileged mode. In normal access mode, you can only display basic information on the switch's configuration or Ethernet statistics. To gain access to all commands, you must use the privileged mode.
Page 943 Chapter 3 | General Commands show reload This command displays the current reload settings, and the time at which next scheduled reload will take place. Command Mode Privileged Exec Example Console#show reload Reloading switch in time: 0 hours 29 minutes. The switch will be rebooted at January 1 02:11:50 2001.
Page 944 Chapter 3 | General Commands Example This example shows how to return to the Privileged Exec mode from the Global Configuration mode, and then quit the CLI session: Console(config)#exit Console#exit Press ENTER to start session User Access Verification Username: – 114 –...
Page 945: System Management
System Management Commands The system management commands are used to control system logs, passwords, user names, management options, and display or configure a variety of other system information. Table 8: System Management Commands Command Group Function Device Designation Configures information that uniquely identifies this switch Banner Information Configures administrative contact, device identification and location System Status...
Page 946 Chapter 4 | System Management Commands Banner Information hostname This command specifies or modifies the host name for this device. Use the no form to restore the default host name. Syntax hostname name no hostname name - The name of this host. (Maximum length: 255 characters) Default Setting None Command Mode...
Page 947 If, for example, a mistake is made in the company name, it can be corrected with the banner configure company command. Example Console(config)#banner configure Company: Edge-Core Networks Responsible department: R&D Dept Name and telephone to Contact the management people Manager1 name: Sr. Network Admin phone number: 123-555-1212 Manager2 name: Jr.
Page 948: Banner Configure Company
| System Management Commands Banner Information The physical location of the equipment. City and street address: 12 Straight St. Motown, Zimbabwe Information about this equipment: Manufacturer: Edge-Core Networks ID: 123_unique_id_number Floor: 2 Row: 7 Rack: 29 Shelf in this rack: 8 Information about DC power supply.
Page 949 Chapter 4 | System Management Commands Banner Information banner configure This command is use to configure DC power information displayed in the banner. Use the no form to restore the default setting. dc-power-info Syntax banner configure dc-power-info floor floor-id row row-id rack rack-id electrical-circuit ec-id no banner configure dc-power-info [floor | row | rack | electrical-circuit] floor-id - The floor number.
Page 950 Chapter 4 | System Management Commands Banner Information Command Mode Global Configuration Command Usage Input strings cannot contain spaces. The banner configure department command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 951 Chapter 4 | System Management Commands Banner Information Example Console(config)#banner configure equipment-info manufacturer-id ECS4620-28T floor 3 row 10 rack 15 shelf-rack 12 manufacturer Edge-Core Console(config)# banner configure This command is used to configure the equipment location information displayed equipment-location in the banner. Use the no form to restore the default setting.
Page 952 Chapter 4 | System Management Commands Banner Information Command Mode Global Configuration Command Usage Input strings cannot contain spaces. The banner configure ip-lan command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 953 Chapter 4 | System Management Commands Banner Information banner configure This command is used to configure the manager contact information displayed in the banner. Use the no form to restore the default setting. manager-info Syntax banner configure manager-info name mgr1-name phone-number mgr1-number [name2 mgr2-name phone-number mgr2-number | name3 mgr3-name phone-number mgr3-number] no banner configure manager-info [name1 | name2 | name3]...
Page 954 Chapter 4 | System Management Commands Banner Information Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces. The banner configure mux command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where white space is necessary for clarity.
Page 955 R&D Albert_Einstein - 123-555-1212 Lamar - 123-555-1219 Station's information: 710_Network_Path,_Indianapolis ECS4620-28T Floor / Row / Rack / Sub-Rack 3/ 10 / 15 / 12 DC power supply: Power Source A: Floor / Row / Rack / Electrical circuit 3/ 15 / 24 / 48v-id_3.15.24.2...
Page 956 Chapter 4 | System Management Commands System Status (Continued) Table 11: System Status Commands Command Function Mode show users Shows all active console and Telnet sessions, including user NE, PE name, idle time, and IP address of Telnet clients show version Displays version information for the system NE, PE show watchdog...
Page 957 Chapter 4 | System Management Commands System Status Example Console#show memory Status Bytes ------ ---------- --- Free 111706112 Used 156729344 Total 268435456 Alarm Configuration Rising Threshold : 90% Falling Threshold : 70% Console# Related Commands memory (220) show process cpu This command shows the CPU utilization parameters, alarm status, and alarm configuration.
Page 958 Chapter 4 | System Management Commands System Status show process cpu task This command shows the CPU utilization per process. Command Mode Privileged Exec Example Console#show process cpu task Task Util (%) Avg (%) Max (%) --------------- -------- -------- -------- AMTR_ADDRESS 0.00 0.00...
Page 959 Chapter 4 | System Management Commands System Status SWCTRL_TD 0.00 0.00 0.00 SWDRV_MONITOR 21.00 19.25 21.00 SYS_MGMT_PROC 0.00 0.00 0.00 SYSDRV 0.00 0.00 0.00 SYSLOG_TD 0.00 0.00 0.00 SYSMGMT_GROUP 0.00 0.00 0.00 SYSTEM 0.00 0.00 0.00 UDLD_GROUP 0.00 0.00 0.00 WTDOG_PROC 0.00 0.00...
Page 960 Chapter 4 | System Management Commands System Status Any configured settings for the console port and Telnet ■ Example Console#show running-config Building running configuration. Please wait... !<stackingDB>0000000000000000</stackingDB> !<stackingMac>01_70-72-cf-83-34-66_03</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !<stackingMac>00_00-00-00-00-00-00_00</stackingMac> !---<InitPhaseConfig> !---</InitPhaseConfig> snmp-server community public ro snmp-server community private rw snmp-server enable traps authentication username admin access-level 15...
Page 961 No information will be displayed under POST Result, unless there is a problem with the unit. If any POST test indicates “FAIL,” contact your distributor for assistance. Example Console#show system System Description : ECS4620-28T System OID String : 1.3.6.1.4.1.259.10.1.41.104 – 131 –...
Page 962 Chapter 4 | System Management Commands System Status System Information System Up Time : 0 days, 0 hours, 15 minutes, and 38.27 seconds System Name System Location System Contact MAC Address (Unit 1) : 70-72-CF-83-34-66 Web Server : Enabled Web Server Port : 80 Web Secure Server : Enabled...
Page 963 Chapter 4 | System Management Commands System Status show tech-support This command displays a detailed list of system settings designed to help technical support resolve configuration or functional problems. Command Mode Normal Exec, Privileged Exec Command Usage This command generates a long list of information including detailed system and interface settings.
Page 964 Chapter 4 | System Management Commands System Status Command Usage The session used to execute this command is indicated by a “*” symbol next to the Line (i.e., session) index number. Example Console#show users User Name Accounts: User Name Privilege Public-Key -------------------------------- --------- ---------- admin 15 None...
Page 965 Chapter 4 | System Management Commands System Status (Continued) Table 13: show version – display description Parameter Description EPLD Version Version number of Erasable Programmable Logic Device. Number of Ports Number of built-in ports. Main Power Status Displays the status of the internal power supply. Redundant Power Status Displays the status of the redundant power supply.
Page 966: Fan Control
Chapter 4 | System Management Commands Fan Control Fan Control This section describes the command used to force fan speed. Table 14: Fan Control Commands Command Function Mode fan-speed force-full Forces fans to full speed show system Shows if full fan speed is enabled NE, PE fan-speed force-full This command sets all fans to full speed.
Page 967: File Management
Chapter 4 | System Management Commands File Management Default Setting Disabled Command Mode Global Configuration Command Usage ◆ This switch provides more efficient throughput for large sequential data transfers by supporting layer 2 jumbo frames on Gigabit and 10 Gigabit Ethernet ports or trunks up to 10240 bytes.
Page 968 Chapter 4 | System Management Commands File Management Saving or Restoring Configuration Settings Configuration settings can be uploaded and downloaded to and from an FTP/TFTP server. The configuration file can be later downloaded to restore switch settings. The configuration file can be downloaded under a new file name and then set as the startup file, or the current startup configuration file can be specified as the destination file to directly replace it.
Page 969 Chapter 4 | System Management Commands File Management General Commands boot system This command specifies the file or image used to start up the system. Syntax boot system [unit:] {boot-rom | config | opcode}: filename unit* - Unit identifier. (Range: 1-8) boot-rom* - Boot ROM.
Page 970 Chapter 4 | System Management Commands File Management copy This command moves (upload/download) a code image or configuration file between the switch’s flash memory and an FTP/TFTP server. When you save the system code or configuration settings to a file on an FTP/TFTP server, that file can later be downloaded to the switch to restore system operation.
Page 971 Chapter 4 | System Management Commands File Management Command Usage ◆ The system prompts for data required to complete the copy command. ◆ The destination file name should not contain slashes (\ or /), and the maximum length for file names is 32 characters for files on the switch or 127 characters for files on the server.
Page 972 Chapter 4 | System Management Commands File Management The following example shows how to upload the configuration settings to a file on the TFTP server: Console#copy file tftp Choose file type: 1. config: 2. opcode: 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed.
Page 973 Chapter 4 | System Management Commands File Management This example shows how to copy a public-key used by SSH from an TFTP server. Note that public key authentication via SSH is only supported for users configured locally on the switch. Console#copy tftp public-key TFTP server IP address: 192.168.1.19 Choose public key type:...
Page 974 Chapter 4 | System Management Commands File Management Command Mode Privileged Exec Command Usage ◆ If the file type is used for system startup, then this file cannot be deleted. ◆ “Factory_Default_Config.cfg” cannot be deleted. ◆ A colon (:) is required after the specified unit number. ◆...
Page 975 Chapter 4 | System Management Commands File Management ◆ A colon (:) is required after the specified unit number. File information is shown below: Table 17: File Directory Information Column Heading Description File Name The name of the file. File Type File types: Boot-Rom, Operation Code, and Config file.
Page 976 The name for the new image stored on the TFTP server must be ECS4620-28T.bix. If the switch detects a code version newer than the one currently in use, it will download the new image. If two code images are already stored in the switch, the image not set to start up the system will be overwritten by the new version.
Page 977 Chapter 4 | System Management Commands File Management ◆ Any changes made to the default setting can be displayed with the show running-config show startup-config commands. Example Console(config)#upgrade opcode auto Console(config)#upgrade opcode path tftp://192.168.0.1/sm24/ Console(config)# If a new image is found at the specified location, the following type of messages will be displayed during bootup.
Page 978 Chapter 4 | System Management Commands File Management ◆ When specifying a TFTP server, the following syntax must be used, where filedir indicates the path to the directory containing the new image: tftp://192.168.0.1[/filedir]/ ◆ When specifying an FTP server, the following syntax must be used, where filedir indicates the path to the directory containing the new image: ftp://[username[:password@]]192.168.0.1[/filedir]/ If the user name is omitted, “anonymous”...
Page 979 Auto Image Upgrade Global Settings: Status : Disabled Reload Status : Disabled Path File Name : ECS4620-28T.bix Console# TFTP Configuration Commands ip tftp retry This command specifies the number of times the switch can retry transmitting a request to a TFTP server after waiting for the configured timeout period and receiving no response.
Page 980 Chapter 4 | System Management Commands File Management ip tftp timeout This command specifies the time the switch can wait for a response from a TFTP server before retransmitting a request or timing out for the last retry. Use the no form to restore the default setting.
Page 981 Chapter 4 | System Management Commands Line Line You can access the onboard configuration program by attaching a VT100 compatible device to the server’s serial port. These commands are used to set communication parameters for the serial port or Telnet (i.e., a virtual terminal). Table 18: Line Commands Command Function...
Page 982 Chapter 4 | System Management Commands Line line This command identifies a specific line for configuration, and to process subsequent line configuration commands. Syntax line {console | vty} console - Console terminal line. vty - Virtual terminal for remote console access (i.e., Telnet). Default Setting There is no default line.
Page 983 Chapter 4 | System Management Commands Line Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with parity. If parity is being generated, specify 7 data bits per character.
Page 984 Chapter 4 | System Management Commands Line login This command enables password checking at login. Use the no form to disable password checking and allow connections without a password. Syntax login [local] no login local - Selects local password checking. Authentication is based on the user name specified with the username command.
Page 985 Chapter 4 | System Management Commands Line parity This command defines the generation of a parity bit. Use the no form to restore the default setting. Syntax parity {none | even | odd} no parity none - No parity even - Even parity odd - Odd parity Default Setting No parity...
Page 986 Chapter 4 | System Management Commands Line Command Usage ◆ When a connection is started on a line with password protection, the system prompts for the password. If you enter the correct password, the system shows a prompt. You can use the password-thresh command to set the number of times a user can enter an incorrect password before the system terminates the...
Page 987 Chapter 4 | System Management Commands Line Example To set the password threshold to five attempts, enter this command: Console(config-line)#password-thresh 5 Console(config-line)# Related Commands silent-time (157) silent-time This command sets the amount of time the management console is inaccessible after the number of unsuccessful logon attempts exceeds the threshold set by the password-thresh command.
Page 988 Chapter 4 | System Management Commands Line speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting. Syntax speed bps no speed bps - Baud rate in bits per second.
Page 989 Chapter 4 | System Management Commands Line Example To specify 2 stop bits, enter this command: Console(config-line)#stopbits 2 Console(config-line)# timeout login This command sets the interval that the system waits for a user to log into the CLI. response Use the no form to restore the default setting. Syntax timeout login response [seconds] no timeout login response...
Page 990 Chapter 4 | System Management Commands Line Command Mode Privileged Exec Command Usage Specifying session identifier “0” will disconnect the console connection. Specifying any other identifiers for an active session will disconnect an SSH or Telnet connection. Example Console#disconnect 1 Console# Related Commands show ssh (276)
Page 991 Chapter 4 | System Management Commands Line Terminal Type: VT100 Width: 80 Command Mode Privileged Exec Example This example sets the number of lines displayed by commands with lengthy output such as show running-config to 48 lines. Console#terminal length 48 Console# show line This command displays the terminal line’s parameters.
Page 992: Event Logging
Chapter 4 | System Management Commands Event Logging Login Timeout : 300 sec. Silent Time : Disabled Console# Event Logging This section describes commands used to configure event logging on the switch. Table 19: Event Logging Commands Command Function Mode logging facility Sets the facility type for remote logging of syslog messages GC logging history...
Page 993 Chapter 4 | System Management Commands Event Logging Example Console(config)#logging facility 19 Console(config)# logging history This command limits syslog messages saved to switch memory based on severity. The no form returns the logging of syslog messages to the default level. Syntax logging history {flash | ram} level no logging history {flash | ram}...
Page 994 Chapter 4 | System Management Commands Event Logging Example Console(config)#logging history ram 0 Console(config)# logging host This command adds a syslog server host IP address that will receive logging messages. Use the no form to remove a syslog server host. Syntax logging host host-ip-address [port udp-port] no logging host host-ip-address...
Page 995 Chapter 4 | System Management Commands Event Logging Command Usage The logging process controls error messages saved to switch memory or sent to remote syslog servers. You can use the logging history command to control the type of error messages that are stored in memory. You can use the logging trap command to control the type of error messages that are sent to specified syslog servers.
Page 996 Chapter 4 | System Management Commands Event Logging clear log This command clears messages from the log buffer. Syntax clear log [flash | ram] flash - Event history stored in flash memory (i.e., permanent memory). ram - Event history stored in temporary RAM (i.e., memory flushed on power reset).
Page 997 Chapter 4 | System Management Commands Event Logging Example The following example shows the event message stored in RAM. Console#show log ram [1] 00:01:30 2001-01-01 "VLAN 1 link-up notification." level: 6, module: 5, function: 1, and event no.: 1 [0] 00:01:30 2001-01-01 "Unit 1, Port 1 link-up notification."...
Page 998 Chapter 4 | System Management Commands Event Logging Table 21: show logging flash/ram - display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command. History logging in FLASH The message level(s) reported based on the logging history command.
Page 999: Smtp Alerts
Chapter 4 | System Management Commands SMTP Alerts SMTP Alerts These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients. Table 23: Event Logging Commands Command Function Mode logging sendmail Enables SMTP event handling logging sendmail host SMTP servers to receive alert messages logging sendmail level...
Page 1000 Chapter 4 | System Management Commands SMTP Alerts Default Setting None Command Mode Global Configuration Command Usage ◆ You can specify up to three SMTP servers for event handing. However, you must enter a separate command to specify each server. ◆...

This manual is also suitable for:

Ecs4620-28p Ecs4620-28f Ecs4620-28t-dc Ecs4620-28f-dc Ecs4620-52t Ecs4620-52p