Digisol DG-CS4554F User Manual
  1. Manuals
  2. Brands
  3. Digisol Manuals
  4. Switch
  5. DG-CS4554F
  6. User manual
Digisol DG-CS4554F User Manual

Digisol DG-CS4554F User Manual

10g top-of-rack switches
Hide thumbs Also See for DG-CS4554F:
1
2
3
4
Table Of Contents
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
Table of Contents

Advertisement

Quick Links

Download this manual
10G Top-of-Rack Switches
DG-CS4554F
User Manual
V1.0
2015-10-20
As our products undergo continuous development the specifications are subject to change without prior notice.
Page 1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the DG-CS4554F and is the answer not in the manual?

Questions and answers

Related Manuals for Digisol DG-CS4554F

Summary of Contents for Digisol DG-CS4554F

  • Page 1 10G Top-of-Rack Switches DG-CS4554F User Manual V1.0 2015-10-20 As our products undergo continuous development the specifications are subject to change without prior notice. Page 1...
  • Page 2 Web Management Guide DG-CS4554F 54-Port 10G Data Center Switch with 48 10GBASE SFP+ Ports, 6 40GBASE QSFP Ports, 2 Power Supply Units, and 5 Fan Trays (5 Fans – F2B and B2F Airflow)
  • Page 3 How to Use This Guide This guide includes detailed information on the switch software, including how to operate and use the management functions of the switch. To deploy this switch effectively and ensure trouble-free operation, you should first read the relevant sections in this guide so that you are familiar with all of its software features.
  • Page 4 How to Use This Guide For information on how to install the switch, see the following guide: Installation Guide For all safety information and regulatory statements, see the following documents: Quick Start Guide Safety and Regulatory Information Conventions The following conventions are used throughout this guide to show information: Note: Emphasizes important information or calls your attention to related features or instructions.

  • Page 5: Table Of Contents

    Contents How to Use This Guide Contents Figures Tables Section I Getting Started 1 Introduction Key Features Description of Software Features Equal-cost Multipath Load Balancing System Defaults Section II Web Configuration 2 Using the Web Interface Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options...
  • Page 6 Contents Managing System Files Copying Files via FTP/TFTP or HTTP Saving the Running Configuration to a Local File Setting The Start-Up File Showing System Files Automatic Operation Code Upgrade Setting the System Clock Setting the Time Manually Setting the SNTP Polling Interval Configuring NTP Configuring Time Servers Setting the Time Zone...

  • Page 7: Contents

    Contents Traffic Segmentation Enabling Traffic Segmentation Configuring Uplink and Downlink Ports 5 VLAN Configuration IEEE 802.1Q VLANs Configuring VLAN Groups Adding Static Members to VLANs 6 Address Table Settings Configuring MAC Address Learning Setting Static Addresses Changing the Aging Time Displaying the Dynamic Address Table Clearing the Dynamic Address Table Issuing MAC Address Traps...
  • Page 8 Contents Mapping CoS Priorities to Internal DSCP Values Mapping Internal DSCP Values to Egress CoS Values Mapping IP Precedence Values to Internal DSCP Values Mapping IP Port Priority to Internal DSCP Values 10 Quality of Service Overview Configuring a Class Map Creating QoS Policies Attaching a Policy Map to a Port 11 Security Measures...
  • Page 9 Contents 12 Basic Administration Protocols Configuring Event Logging System Log Configuration Remote Log Configuration Link Layer Discovery Protocol Setting LLDP Timing Attributes Configuring LLDP Interface Attributes Configuring LLDP Interface Civic-Address Displaying LLDP Local Device Information Displaying LLDP Remote Device Information Displaying Device Statistics Simple Network Management Protocol Configuring Global Settings for SNMP...
  • Page 10 Contents IGMP Protocol Layer 2 IGMP (Snooping and Query for IPv4) Configuring IGMP Snooping and Query Parameters Specifying Static Interfaces for an IPv4 Multicast Router Assigning Interfaces to IPv4 Multicast Services Setting IGMP Snooping Status per Interface Filtering IGMP Query Packets Displaying Multicast Groups Discovered by IGMP Snooping Displaying IGMP Snooping Statistics Filtering and Throttling IGMP Groups...
  • Page 11 Contents Configuring IP Routing Interfaces Configuring Local and Remote Interfaces Using the Ping Function Using the Trace Route Function Address Resolution Protocol ARP Timeout Configuration Configuring Static ARP Addresses Displaying Dynamic or Local ARP Entries Displaying ARP Statistics Configuring Static Routes Displaying the Routing Table Equal-cost Multipath Routing 17 Configuring Router Redundancy...
  • Page 12 Contents Section III Appendices A Software Specifications Software Features Management Features Standards Management Information Bases B Troubleshooting Problems Accessing the Management Interface Using System Logs C License Information The GNU General Public License Glossary Index – 12 –...
  • Page 13 Figures Figure 1: Home Page Figure 2: Front Panel Indicators Figure 3: System Information Figure 4: General Switch Information Figure 5: Configuring Support for Jumbo Frames Figure 6: Displaying Bridge Extension Configuration Figure 7: Copy Firmware Figure 8: Saving the Running Configuration Figure 9: Setting Start-Up Files Figure 10: Displaying System Files Figure 11: Configuring Automatic Code Upgrade...
  • Page 14 Figures Figure 30: Configuring Connections by Port Range Figure 31: Displaying Port Information Figure 32: Configuring Local Port Mirroring Figure 33: Configuring Local Port Mirroring Figure 34: Displaying Local Port Mirror Sessions Figure 35: Showing Port Statistics (Table) Figure 36: Showing Port Statistics (Chart) Figure 37: Configuring a History Sample Figure 38: Showing Entries for History Sampling Figure 39: Showing Status of Statistical History Sample...

  • Page 15: Figures

    Figures Figure 65: Modifying Settings for Static VLANs Figure 66: Showing Static VLANs Figure 67: Configuring Static Members by VLAN Index Figure 68: Configuring Static VLAN Members by Interface Figure 69: Configuring Static VLAN Members by Interface Range Figure 70: Configuring MAC Address Learning Figure 71: Configuring Static MAC Addresses Figure 72: Displaying Static MAC Addresses Figure 73: Setting the Address Aging Time...
  • Page 16 Figures Figure 99: Setting the Queue Mode (WRR) Figure 100: Setting the Queue Mode (Strict and WRR) Figure 101: Mapping CoS Values to Egress Queues Figure 102: Showing CoS Values to Egress Queue Mapping Figure 103: Setting the Trust Mode Figure 104: Configuring DSCP to DSCP Internal Mapping Figure 105: Showing DSCP to DSCP Internal Mapping Figure 106: Configuring CoS to DSCP Internal Mapping...
  • Page 17 Figures Figure 134: Generating the SSH Host Key Pair Figure 135: Showing the SSH Host Key Pair Figure 136: Copying the SSH User’s Public Key Figure 137: Showing the SSH User’s Public Key Figure 138: Setting the Name of a Time Range Figure 139: Showing a List of Time Ranges Figure 140: Add a Rule to a Time Range Figure 141: Showing the Rules Configured for a Time Range...
  • Page 18 Figures Figure 169: Showing Remote Engine IDs for SNMP Figure 170: Creating an SNMP View Figure 171: Showing SNMP Views Figure 172: Adding an OID Subtree to an SNMP View Figure 173: Showing the OID Subtree Configured for SNMP Views Figure 174: Creating an SNMP Group Figure 175: Showing SNMP Groups Figure 176: Setting Community Access Strings...
  • Page 19 Figures Figure 204: Configuring General Settings for IGMP Snooping Figure 205: Configuring a Static Interface for an IPv4 Multicast Router Figure 206: Showing Static Interfaces Attached an IPv4 Multicast Router Figure 207: Showing Current Interfaces Attached an IPv4 Multicast Router Figure 208: Assigning an Interface to an IPv4 Multicast Service Figure 209: Showing Static Interfaces Assigned to an IPv4 Multicast Service Figure 210: Configuring IGMP Snooping on a VLAN...
  • Page 20 Figures Figure 239: Pinging a Network Device Figure 240: Tracing the Route to a Network Device Figure 241: Configuring ARP Timeout Figure 242: Configuring Static ARP Entries Figure 243: Displaying Static ARP Entries Figure 244: Displaying ARP Entries Figure 245: Displaying ARP Statistics Figure 246: Configuring Static Routes Figure 247: Displaying Static Routes Figure 248: Displaying the Routing Table...
  • Page 21 Figures Figure 274: Displaying Information on NSSA and Stub Areas Figure 275: Route Summarization for ABRs Figure 276: Configuring Route Summaries for an Area Range Figure 277: Showing Configured Route Summaries Figure 278: Redistributing External Routes Figure 279: Importing External Routes Figure 280: Showing Imported External Route Types Figure 281: Summarizing External Routes Figure 282: Showing Summary Addresses for External Routes...
  • Page 22 Figures – 22 –...

  • Page 23: Tables

    Tables Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Switch Main Menu Table 5: Port Statistics Table 6: LACP Port Counters Table 7: LACP Internal Configuration Information Table 8: LACP Remote Device Configuration Information Table 9: Traffic Segmentation Forwarding Table 10: Recommended STA Path Cost Range Table 11: Default STA Path Costs...
  • Page 24 Tables Table 30: Show IPv6 Statistics - display description Table 31: Show MTU - display description Table 32: Options 60, 66 and 67 Statements Table 33: Options 55 and 124 Statements Table 34: Address Resolution Protocol Table 35: ARP Statistics Table 36: VRRP Group Statistics Table 37: OSPF System Information Table 38: Troubleshooting Chart...

  • Page 25: Section I

    Section I Getting Started This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: ◆ "Introduction" on page 27 –...
  • Page 26 Section I | Getting Started – 26 –...

  • Page 27: Introduction

    Introduction This switch provides a broad range of features for Layer 2 switching and Layer 3 routing. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch.
  • Page 28 Chapter 1 | Introduction Description of Software Features (Continued) Table 1: Key Features Feature Description Address Table 32K MAC addresses in forwarding table, 1K static MAC addresses; 8K entries in ARP cache, 256 static ARP entries; 512 static IP routes, 512 IP interfaces; 12K IPv4 entries in host table;...
  • Page 29 Chapter 1 | Introduction Description of Software Features Some of the management features are briefly described below. Configuration You can save the current configuration settings to a file on the management station (using the web interface) or an FTP/TFTP server (using the web or console Backup and Restore interface), and later download this file to restore the switch configuration settings.

  • Page 30: Description Of Software Features

    Chapter 1 | Introduction Description of Software Features Storm Control Broadcast, multicast and unknown unicast storm suppression prevents traffic from overwhelming the network.When enabled on a port, the level of traffic passing through the port is restricted. If traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold.
  • Page 31 Chapter 1 | Introduction Description of Software Features STP-compliant mode if they detect STP protocol messages from attached devices. ◆ Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct extension of RSTP. It can provide an independent spanning tree for different VLANs.

  • Page 32: Equal-Cost Multipath Load Balancing

    Chapter 1 | Introduction Description of Software Features in each packet. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. IP Routing The switch provides Layer 3 IP routing. To maintain a high rate of throughput, the switch forwards all traffic passing within the same segment, and routes only traffic that passes between different subnetworks.
  • Page 33 Chapter 1 | Introduction Description of Software Features this protocol is to allow a host device which has been configured with a fixed gateway to maintain network connectivity in case the primary gateway goes down. Address Resolution The switch uses ARP and Proxy ARP to convert between IP addresses and MAC Protocol (hardware) addresses.

  • Page 34: Table 2: System Defaults

    Chapter 1 | Introduction System Defaults System Defaults The switch’s system defaults are provided in the configuration file “Factory_Default_Config.cfg.” To reset the switch defaults, this file should be set as the startup configuration file. The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter...
  • Page 35 Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Port Configuration Admin Status Enabled Auto-negotiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP (all ports) Disabled Congestion Control Storm Control Broadcast: Enabled (500 packets/sec) Multicast: Disabled Unknown Unicast: Disabled Address Table...

  • Page 36: System Defaults

    Chapter 1 | Introduction System Defaults (Continued) Table 2: System Defaults Function Parameter Default Unicast Routing OSPF Disabled OSPFv3 Disabled BGPv4 Disabled Multicast Routing Static Disabled Router Redundancy VRRP Disabled Multicast Filtering IGMP Snooping (Layer 2) Snooping: Enabled Querier: Disabled System Log Status Enabled...

  • Page 37: Web Configuration

    Section II Web Configuration This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: ◆ "Using the Web Interface" on page 39 ◆ "Basic Management Tasks"...
  • Page 38 Section II | Web Configuration – 38 –...

  • Page 39: Connecting To The Web Interface

    Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 8, or Mozilla Firefox 37, Google Chrome 42, or later versions).

  • Page 40: Home Page

    System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics. Figure 1: Home Page Note: This manual covers the DG-CS4554F 10G Ethernet switch. – 40 –...

  • Page 41: Using The Web Interface

    Chapter 2 | Using the Web Interface Navigating the Web Browser Interface Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting.

  • Page 42: Navigating The Web Browser Interface

    Chapter 2 | Using the Web Interface Navigating the Web Browser Interface Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from this program. Table 4: Switch Main Menu Menu Description...

  • Page 43: Figure 2: Front Panel Indicators

    Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Interface Port General Configure by Port List Configures connection settings per port Configure by Port Range Configures connection settings for a range of ports Show Information Displays port connection status Mirror...
  • Page 44 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Internal Displays configuration settings and operational state for the local side of a link aggregation Neighbors Displays configuration settings and operational state for the remote side of a link aggregation Configure Trunk Configure...
  • Page 45 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page MAC Notification Configure Global Issues a trap when a dynamic MAC address is added or removed Configure Interface Enables MAC authentication traps on the current interface Spanning Tree Spanning Tree Algorithm Configure Global...
  • Page 46 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page CoS to DSCP Configure Maps CoS/CFI values in incoming packets to per-hop behavior and drop precedence values for priority processing Show Shows the CoS to DSCP mapping list DSCP to CoS...
  • Page 47 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Server Configures RADIUS and TACACS server message exchange settings User Accounts Configures user names, passwords, and access levels Show Shows authorized users Modify Modifies user attributes...
  • Page 48 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Shows the addresses to be allowed management access Administration System Configure Global Stores error messages in local memory Show System Logs Shows logged error messages Remote...
  • Page 49 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure User Add Community Configures community strings and access mode Show Community Shows community strings and access mode Add SNMPv3 Local User Configures SNMPv3 users on this switch Show SNMPv3 Local User Shows SNMPv3 users configured on this switch...
  • Page 50 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page UDLD UniDirectional Link Detection Configure Global Configures the message probe interval, detection interval, and recovery interval Configure Interface Enables UDLD and aggressive mode which reduces the shut-down delay after loss of bidirectional connectivity is detected Show Information Displays UDLD neighbor information, including neighbor state,...
  • Page 51 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show IP Address Shows the virtual interface address assigned to a VRRP group Configure Detail Configure detailed settings, such as advertisement interval, preemption, priority, and authentication Show Statistics Global Statistics...
  • Page 52 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Show Static Member Shows multicast addresses statically configured on the selected VLAN Show Current Member Shows multicast addresses associated with the selected VLAN, either through static or dynamic configuration Interface Configure VLAN...
  • Page 53 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface (Continued) Table 4: Switch Main Menu Menu Description Page Configure NSSA Area Configures settings for importing routes into or exporting routes out of not-so-stubby areas Configure Stub Area Configures default cost, and settings for importing routes into a stub Show Information Shows statistics for each area, including SPF startups, ABR/ASBR count,...
  • Page 54 Chapter 2 | Using the Web Interface Navigating the Web Browser Interface – 54 –...

  • Page 55: Basic Management Tasks

    Basic Management Tasks This chapter describes the following topics: ◆ Displaying System Information – Provides basic system description, including contact information. ◆ Displaying Hardware/Software Versions – Shows the hardware version, power status, and firmware versions ◆ Configuring Support for Jumbo Frames –...

  • Page 56: Figure 3: System Information

    Chapter 3 | Basic Management Tasks Displaying Hardware/Software Versions ◆ System Object ID – MIB II object ID for switch’s network management subsystem. ◆ System Up Time – Length of time the management agent has been up. ◆ System Name – Name assigned to the switch system. ◆...
  • Page 57 Chapter 3 | Basic Management Tasks Displaying Hardware/Software Versions ◆ Number of Ports – Number of built-in ports. – 57 –...

  • Page 58: Displaying Hardware/Software Versions

    Diagnostics Code Version – Version of Power-On Self-Test (POST) and boot code. ◆ Operation Code Version – Version number of runtime code. ◆ Thermal Detector – The DG-CS4554F has five detectors ◆ Temperature – Temperature at specified thermal detection point. Web Interface To view hardware and software version information.

  • Page 59: Figure 5: Configuring Support For Jumbo Frames

    Chapter 3 | Basic Management Tasks Displaying Bridge Extension Capabilities Configuring Support for Jumbo Frames Use the System > Capability page to configure support for layer 2 jumbo frames. The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames of up to 9216 bytes for Gigabit, 10 Gigabit, and 40 Gigabit Ethernet ports or trunks.

  • Page 60: Configuring Support For Jumbo Frames

    Chapter 3 | Basic Management Tasks Configuring Support for Jumbo Frames Displaying Bridge Extension Capabilities Use the System > Capability page to display settings based on the Bridge MIB. The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs.

  • Page 61: Displaying Bridge Extension Capabilities

    Chapter 3 | Basic Management Tasks Managing System Files Web Interface To view Bridge Extension information: Click System, then Capability. Figure 6: Displaying Bridge Extension Configuration Managing System Files This section describes how to upgrade the switch operating software or configuration files, and set the system start-up files.

  • Page 62: Managing System Files

    Chapter 3 | Basic Management Tasks Managing System Files FTP Download – Copies a file from the switch to an FTP server. ■ HTTP Upload – Copies a file from a management station to the switch. ■ HTTP Download – Copies a file from the switch to a management station ■...

  • Page 64: Saving The Running Configuration To A Local File

    Chapter 3 | Basic Management Tasks Managing System Files Select a file on the switch to overwrite or specify a new file name. Then click Apply. Figure 7: Copy Firmware If you replaced a file currently used for startup and want to start using the new file, reboot the system via the System >...

  • Page 65: Setting The Start-Up File

    Chapter 3 | Basic Management Tasks Managing System Files Web Interface To save the running configuration file: Click System, then File. Select Copy from the Action list. Select Running-Config from the Copy Type list. Select the current startup file on the switch to overwrite or specify a new file name.

  • Page 66: Showing System Files

    Chapter 3 | Basic Management Tasks Managing System Files Figure 9: Setting Start-Up Files To start using the new firmware or configuration settings, reboot the system via the System > Reset menu. Showing System Files Use the System > File (Show) page to show the files in the system directory, or to delete a file.

  • Page 67: Automatic Operation Code Upgrade

    Chapter 3 | Basic Management Tasks Managing System Files Automatic Operation Use the System > File (Automatic Operation Code Upgrade) page to automatically download an operation code file when a file newer than the currently installed one Code Upgrade is discovered on the file server. After the file is transferred from the server and successfully written to the file system, it is automatically set as the startup file, and the switch is rebooted.
  • Page 68 Chapter 3 | Basic Management Tasks Managing System Files ◆ If two operation code image files are already stored on the switch’s file system, then the non-startup image is deleted before the upgrade image is transferred. ◆ The automatic upgrade process will take place in the background without impeding normal operations (data switching, etc.) of the switch.
  • Page 69 Chapter 3 | Basic Management Tasks Managing System Files username – Defines the user name for the FTP connection. If the user name ■ is omitted, then “anonymous” is the assumed user name for the connection. password – Defines the password for the FTP connection. To differentiate ■...

  • Page 70: Figure 11: Configuring Automatic Code Upgrade

    Chapter 3 | Basic Management Tasks Managing System Files ftp://switches:upgrade@192.168.0.1/switches/opcode/ ■ The user name is “switches” and the password is “upgrade”. The image file is in the “opcode” directory, which is within the “switches” parent directory, relative to the FTP root. Web Interface To configure automatic code upgrade: Click System, then File.

  • Page 71: Setting The System Clock

    Chapter 3 | Basic Management Tasks Setting the System Clock Setting the System Clock Simple Network Time Protocol (SNTP) allows the switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries.

  • Page 72: Setting The Sntp Polling Interval

    Chapter 3 | Basic Management Tasks Setting the System Clock Figure 12: Manually Setting the System Clock Setting the SNTP Use the System > Time (Configure General - SNTP) page to set the polling interval at Polling Interval which the switch will query the specified time servers. Parameters The following parameters are displayed: ◆...

  • Page 73: Configuring Ntp

    Chapter 3 | Basic Management Tasks Setting the System Clock Configuring NTP Use the System > Time (Configure General - NTP) page to configure NTP authentication and show the polling interval at which the switch will query the specified time servers. Parameters The following parameters are displayed: ◆...

  • Page 74: Configuring Time Servers

    Chapter 3 | Basic Management Tasks Setting the System Clock Configuring Time Use the System > Time (Configure Time Server) pages to specify the IP address for NTP/SNTP time servers, or to set the authentication key for NTP time servers. Servers Specifying SNTP Time Servers Use the System >...

  • Page 75: Figure 16: Adding An Ntp Time Server

    Chapter 3 | Basic Management Tasks Setting the System Clock page. It issues time synchronization requests at a fixed interval of 1024 seconds. The switch will poll all the time servers configured, the responses received are filtered and compared to determine the most reliable and accurate time update for the switch.

  • Page 76: Figure 17: Showing The Ntp Time Server List

    Chapter 3 | Basic Management Tasks Setting the System Clock Figure 17: Showing the NTP Time Server List Specifying NTP Authentication Keys Use the System > Time (Configure Time Server – Add NTP Authentication Key) page to add an entry to the authentication key list. Parameters The following parameters are displayed: ◆...

  • Page 77: Setting The Time Zone

    Chapter 3 | Basic Management Tasks Setting the System Clock Figure 18: Adding an NTP Authentication Key To show the list of configured NTP authentication keys: Click System, then Time. Select Configure Time Server from the Step list. Select Show NTP Authentication Key from the Action list. Figure 19: Showing the NTP Authentication Key List Setting the Time Zone Use the System >...

  • Page 78: Configuring The Console Port

    Chapter 3 | Basic Management Tasks Configuring The Console Port Name – Assigns a name to the time zone. (Range: 1-30 characters) ■ Hours (0-13) – The number of hours before or after UTC. The maximum ■ value before UTC is 12. The maximum value after UTC is 13. Minutes (0-59) –...
  • Page 79 Chapter 3 | Basic Management Tasks Configuring The Console Port Parameters The following parameters are displayed: ◆ Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session.

  • Page 80: Configuring Telnet Settings

    Chapter 3 | Basic Management Tasks Configuring Telnet Settings Web Interface To configure parameters for the console port: Click System, then Console. Specify the connection parameters as required. Click Apply Figure 21: Console Port Settings Configuring Telnet Settings Use the System > Telnet menu to configure parameters for accessing the CLI over a Telnet connection.

  • Page 81: Figure 22: Telnet Connection Settings

    Chapter 3 | Basic Management Tasks Configuring Telnet Settings ◆ Login Timeout – Sets the interval that the system waits for a user to log into the CLI. If a login attempt is not detected within the timeout interval, the connection is terminated for the session.

  • Page 82: Displaying Cpu Utilization

    Chapter 3 | Basic Management Tasks Displaying CPU Utilization Displaying CPU Utilization Use the System > CPU Utilization page to display information on CPU utilization. Parameters The following parameters are displayed: ◆ Time Interval – The interval at which to update the displayed utilization rate. (Options: 1, 5, 10, 30, 60 seconds;...

  • Page 83: Resetting The System

    Chapter 3 | Basic Management Tasks Resetting the System ◆ Used Size – The amount of memory allocated to active processes. ◆ Total – The total amount of system memory. Web Interface To display memory utilization: Click System, then Memory Status. Figure 24: Displaying Memory Utilization Resetting the System Use the System >...
  • Page 84 Chapter 3 | Basic Management Tasks Resetting the System At – Specifies a time at which to reload the switch. ■ DD - The day of the month at which to reload. (Range: 01-31) ■ MM - The month at which to reload. (Range: 01-12) ■...

  • Page 85: Figure 25: Restarting The Switch (Immediately)

    Chapter 3 | Basic Management Tasks Resetting the System Figure 25: Restarting the Switch (Immediately) Figure 26: Restarting the Switch (In) – 83 –...

  • Page 86: Figure 27: Restarting The Switch (At)

    Chapter 3 | Basic Management Tasks Resetting the System Figure 27: Restarting the Switch (At) Figure 28: Restarting the Switch (Regularly) – 84 –...

  • Page 87: Interface Configuration

    Interface Configuration This chapter describes the following topics: ◆ Port Configuration – Configures connection settings, including auto- negotiation, or manual setting of speed, duplex mode, and flow control. ◆ Local Port Mirroring – Sets the source and target ports for mirroring on the local switch.
  • Page 88 Chapter 4 | Interface Configuration Port Configuration ◆ When using auto-negotiation , the optimal settings will be negotiated between the link partners based on their advertised capabilities. To set flow control and symmetric pause frames under auto-negotiation, the required operation modes must be specified in the capabilities list for an interface. ◆...
  • Page 89 Chapter 4 | Interface Configuration Port Configuration enable it after the problem has been resolved. You may also disable an interface for security reasons. (Default: Enabled) ◆ Media Type – Configures the forced transceiver mode for SFP+ ports. None - Forced transceiver mode is not used for SFP+ ports. (This is the ■...

  • Page 90: Configuring By Port Range

    Chapter 4 | Interface Configuration Port Configuration Figure 29: Configuring Connections by Port List Configuring by Port Use the Interface > Port > General (Configure by Port Range) page to enable/ disable an interface, set auto-negotiation and the interface capabilities to Range advertise, or manually fix the speed, duplex mode, and flow control.

  • Page 91: Displaying Connection Status

    Chapter 4 | Interface Configuration Port Configuration Figure 30: Configuring Connections by Port Range Displaying Use the Interface > Port > General (Show Information) page to display the current Connection Status connection status, including link state, speed/duplex mode, flow control, and auto- negotiation.

  • Page 92: Configuring Local Port Mirroring

    Chapter 4 | Interface Configuration Port Configuration Web Interface To display port connection parameters: Click Interface, Port, General. Select Show Information from the Action List. Figure 31: Displaying Port Information Configuring Local Port Use the Interface > Port > Mirror page to mirror traffic from any source port to a target port for real-time analysis.

  • Page 93: Figure 33: Configuring Local Port Mirroring

    Chapter 4 | Interface Configuration Port Configuration ◆ Target Port – The port that will mirror the traffic on the source port. ◆ Type – Allows you to select which traffic to mirror to the target port, Rx (receive), Tx (transmit), or Both. (Default: Both) Web Interface To configure a local mirror session: Click Interface, Port, Mirror.

  • Page 94: Showing Port Or Trunk Statistics

    Chapter 4 | Interface Configuration Port Configuration Showing Port or Trunk Use the Interface > Port/Trunk > Statistics or Chart page to display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as Statistics well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
  • Page 95 Chapter 4 | Interface Configuration Port Configuration Table 5: Port Statistics (Continued) Parameter Description Transmitted Broadcast The total number of packets that higher-level protocols requested be Packets transmitted, and which were addressed to a broadcast address at this sub-layer, including those that were discarded or not sent. Received Unknown Packets The number of packets received via the interface which were discarded because of an unknown or unsupported protocol.
  • Page 96 Chapter 4 | Interface Configuration Port Configuration Table 5: Port Statistics (Continued) Parameter Description Broadcast Packets The total number of good packets received that were directed to the broadcast address. Note that this does not include multicast packets. Multicast Packets The total number of good packets received that were directed to this multicast address.

  • Page 97: Figure 35: Showing Port Statistics (Table)

    Chapter 4 | Interface Configuration Port Configuration Figure 35: Showing Port Statistics (Table) – 95 –...

  • Page 98: Displaying Statistical History

    Chapter 4 | Interface Configuration Port Configuration To show a chart of port statistics: Click Interface, Port, Chart. Select the statistics mode to display (Interface, Etherlike, RMON or All). If Interface, Etherlike, RMON statistics mode is chosen, select a port from the drop-down list.
  • Page 99 Chapter 4 | Interface Configuration Port Configuration Parameters These parameters are displayed: ◆ Port – Port number. (Range: 1-32/54) ◆ History Name – Name of sample interval. (Range: 1-32 characters) ◆ Interval - The interval for sampling statistics. (Range: 1-86400 minutes) ◆...

  • Page 100: Figure 37: Configuring A History Sample

    Chapter 4 | Interface Configuration Port Configuration Click Apply. Figure 37: Configuring a History Sample To show the configured entries for a history sample: Click Interface, Port, Statistics, or Interface, Trunk, Statistics. Select Show from the Action menu. Select an interface from the Port or Trunk list. Figure 38: Showing Entries for History Sampling To show the configured parameters for a sampling entry: Click Interface, Port, Statistics, or Interface, Trunk, Statistics.

  • Page 101: Figure 39: Showing Status Of Statistical History Sample

    Chapter 4 | Interface Configuration Port Configuration Figure 39: Showing Status of Statistical History Sample To show statistics for the current interval of a sample entry: Click Interface, Port, Statistics, or Interface, Trunk, Statistics. Select Show Details from the Action menu. Select Current Entry from the options for Mode.

  • Page 102: Displaying Transceiver Data

    Chapter 4 | Interface Configuration Port Configuration To show ingress or egress traffic statistics for a sample entry: Click Interface, Port, Statistics, or Interface, Trunk, Statistics. Select Show Details from the Action menu. Select Input Previous Entry or Output Previous Entry from the options for Mode.

  • Page 103: Configuring Transceiver Thresholds

    Chapter 4 | Interface Configuration Port Configuration problems with optical devices. This feature, referred to as Digital Diagnostic Monitoring (DDM) provides information on transceiver parameters. Web Interface To display identifying information and functional parameters for optical transceivers: Click Interface, Port, Transceiver. Select a port from the scroll-down list.
  • Page 104 Chapter 4 | Interface Configuration Port Configuration problems with optical devices. This feature, referred to as Digital Diagnostic Monitoring (DDM) provides information on transceiver parameters. ◆ Trap – Sends a trap when any of the transceiver’s operation values falls outside of specified thresholds.

  • Page 105: Trunk Configuration

    Chapter 4 | Interface Configuration Trunk Configuration Trap messages configured by this command are sent to any management ■ station configured as an SNMP trap manager using the Administration > SNMP (Configure Trap) page. Web Interface To configure threshold values for optical transceivers: Click Interface, Port, Transceiver.

  • Page 106: Configuring A Static Trunk

    Chapter 4 | Interface Configuration Trunk Configuration other device will negotiate a trunk link between them. If an LACP trunk consists of more than eight ports, all other ports will be placed in standby mode. Should one link in the trunk fail, one of the standby ports will automatically be activated to replace it.

  • Page 107: Figure 45: Creating Static Trunks

    Chapter 4 | Interface Configuration Trunk Configuration Command Usage ◆ When configuring static trunks, you may not be able to link switches of different types, depending on the vendor’s implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible. ◆...

  • Page 108: Figure 46: Adding Static Trunks Members

    Chapter 4 | Interface Configuration Trunk Configuration To add member ports to a static trunk: Click Interface, Trunk, Static. Select Configure Trunk from the Step list. Select Add Member from the Action list. Select a trunk identifier. Set the unit and port for an additional trunk member. Click Apply.

  • Page 109: Configuring A Dynamic Trunk

    Chapter 4 | Interface Configuration Trunk Configuration To display trunk connection parameters: Click Interface, Trunk, Static. Select Configure General from the Step list. Select Show Information from the Action list. Figure 48: Showing Information for Static Trunks Configuring a Use the Interface > Trunk > Dynamic pages to set the administrative key for an aggregation group, enable LACP on a port, and configure protocol parameters for Dynamic Trunk local and partner ports.
  • Page 110 Chapter 4 | Interface Configuration Trunk Configuration ◆ Ports are only allowed to join the same Link Aggregation Group (LAG) if (1) the LACP port system priority matches, (2) the LACP port admin key matches, and (3) the LAG admin key matches (if configured). However, if the LAG admin key is set, then the port admin key must be set to the same value for a port to be allowed to join that group.
  • Page 111 Chapter 4 | Interface Configuration Trunk Configuration Configure Aggregation Port - Actor/Partner ◆ Port – Port number. (Range: 1-32/54) ◆ Admin Key – The LACP administration key must be set to the same value for ports that belong to the same LAG. (Range: 0-65535; Default – Actor: 1, Partner: 0) By default, the Actor Admin Key is determined by port's link speed, and copied to Oper Key.

  • Page 112: Figure 50: Configuring The Lacp Aggregator Admin Key

    Chapter 4 | Interface Configuration Trunk Configuration Web Interface To configure the admin key for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Aggregator from the Step list. Set the Admin Key and timeout mode for the required LACP group. Click Apply.

  • Page 113: Figure 51: Enabling Lacp On A Port

    Chapter 4 | Interface Configuration Trunk Configuration Figure 51: Enabling LACP on a Port To configure LACP parameters for group members: Click Interface, Trunk, Dynamic. Select Configure Aggregation Port from the Step list. Select Configure from the Action list. Click Actor or Partner. Configure the required settings.

  • Page 114: Figure 53: Showing Members Of A Dynamic Trunk

    Chapter 4 | Interface Configuration Trunk Configuration To show the active members of a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step List. Select Show Member from the Action List. Select a Trunk. Figure 53: Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic.

  • Page 115: Displaying Lacp Port Counters

    Chapter 4 | Interface Configuration Trunk Configuration To display connection parameters for a dynamic trunk: Click Interface, Trunk, Dynamic. Select Configure Trunk from the Step List. Select Show from the Action List. Figure 55: Displaying Connection Parameters for Dynamic Trunks Displaying LACP Port Use the Interface >...

  • Page 116: Displaying Lacp Settings And Status For The Local Side

    Chapter 4 | Interface Configuration Trunk Configuration Select a group member from the Port list. Figure 56: Displaying LACP Port Counters Displaying LACP Use the Interface > Trunk > statistics (Configure Aggregation Port - Show Settings and Status for Information - Internal) page to display the configuration settings and operational state for the local side of a link aggregation.

  • Page 117: Figure 57: Displaying Lacp Port Internal Information

    Chapter 4 | Interface Configuration Trunk Configuration Table 7: LACP Internal Configuration Information (Continued) Parameter Description ◆ Aggregation – The system considers this link to be aggregatable; i.e., a potential candidate for aggregation. ◆ Long timeout – Periodic transmission of LACPDUs uses a slow transmission rate.

  • Page 118: Displaying Lacp Settings And Status For The Remote Side

    Chapter 4 | Interface Configuration Trunk Configuration Displaying LACP Use the Interface > Trunk > Dynamic (Configure Aggregation Port - Show Settings and Status for Information - Neighbors) page to display the configuration settings and operational state for the remote side of a link aggregation. the Remote Side Parameters These parameters are displayed:...

  • Page 119: Configuring Load Balancing

    Chapter 4 | Interface Configuration Trunk Configuration Figure 58: Displaying LACP Port Remote Information Configuring Use the Interface > Trunk > Load Balance page to set the load-distribution method Load Balancing used among ports in aggregated links. Command Usage ◆ This command applies to all static and dynamic trunks on the switch.

  • Page 120: Figure 59: Configuring Load Balancing

    Chapter 4 | Interface Configuration Trunk Configuration Source and Destination MAC Address: All traffic with the same source ■ and destination MAC address is output on the same link in a trunk. This mode works best for switch-to-switch trunk links where traffic through the switch is received from and destined for many different hosts.

  • Page 121: Traffic Segmentation

    Chapter 4 | Interface Configuration Traffic Segmentation Traffic Segmentation If tighter security is required for passing traffic from different clients through downlink ports on the local network and over uplink ports to the service provider, port-based traffic segmentation can be used to isolate traffic for individual clients. Traffic belonging to each client is isolated to the allocated downlink ports.

  • Page 122: Configuring Uplink And Downlink Ports

    Chapter 4 | Interface Configuration Traffic Segmentation Figure 60: Enabling Traffic Segmentation Configuring Uplink Use the Interface > Traffic Segmentation (Configure Session) page to assign the and Downlink Ports downlink and uplink ports to use in the segmented group. Ports designated as downlink ports can not communicate with any other ports on the switch except for the uplink ports.

  • Page 123: Figure 61: Configuring Members For Traffic Segmentation

    Chapter 4 | Interface Configuration Traffic Segmentation ◆ If a downlink port is not configured for the session, the assigned uplink ports will operate as normal ports. Parameters These parameters are displayed: ◆ Session ID – Traffic segmentation session. (Range: 1-4) ◆...

  • Page 124: Figure 62: Showing Traffic Segmentation Members

    Chapter 4 | Interface Configuration Traffic Segmentation Select Show from the Action list. Figure 62: Showing Traffic Segmentation Members – 122 –...

  • Page 125: Vlan Configuration

    VLAN Configuration This chapter includes the following topics: ◆ IEEE 802.1Q VLANs – Configures static and dynamic VLANs. IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.

  • Page 126: Figure 63: Vlan Compliant And Vlan Non-Compliant Devices

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Assigning Ports to VLANs Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports.

  • Page 127: Configuring Vlan Groups

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Forwarding Tagged/Untagged Frames If you want to create a small port-based VLAN for devices attached directly to a single switch, you can assign ports to the same untagged VLAN. However, to participate in a VLAN group that crosses several switches, you should create a VLAN for that group and enable tagging on all ports.

  • Page 128: Figure 64: Creating Static Vlans

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs type. This parameter must be enabled before you can assign an IP address to a VLAN. Show ◆ VLAN ID – ID of configured VLAN. ◆ VLAN Name – Name of the VLAN. ◆...

  • Page 129: Figure 65: Modifying Settings For Static Vlans

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs To modify the configuration settings for VLAN groups: Click VLAN, Static. Select Modify from the Action list. Select the identifier of a configured VLAN. Modify the VLAN name, operational status, or Layer 3 Interface status as required.

  • Page 130: Adding Static Members To Vlans

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Adding Static Use the VLAN > Static page to configure port members for the selected VLAN index, interface, or a range of interfaces. Use the menus for editing port members to Members to VLANs configure the VLAN behavior for specific interfaces, including the mode of operation (Hybrid or 1Q Trunk), the default VLAN identifier (PVID), accepted frame types, and ingress filtering.
  • Page 131 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs ◆ Ingress Filtering – Determines how to process frames tagged for VLANs for which the ingress port is not a member. (Default: Disabled) Ingress filtering only affects tagged frames. ■ If ingress filtering is disabled and a port receives frames tagged for VLANs ■...

  • Page 132: Figure 67: Configuring Static Members By Vlan Index

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Web Interface To configure static members by the VLAN index: Click VLAN, Static. Select Edit Member by VLAN from the Action list. Set the Interface type to display as Port or Trunk. Modify the settings for any interface as required.

  • Page 133: Figure 68: Configuring Static Vlan Members By Interface

    Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs Figure 68: Configuring Static VLAN Members by Interface To configure static members by interface range: Click VLAN, Static. Select Edit Member by Interface Range from the Action list. Set the Interface type to display as Port or Trunk. Enter an interface range.
  • Page 134 Chapter 5 | VLAN Configuration IEEE 802.1Q VLANs – 132 –...

  • Page 135: Address Table Settings

    Address Table Settings Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.

  • Page 136: Figure 70: Configuring Mac Address Learning

    Chapter 6 | Address Table Settings Configuring MAC Address Learning Parameters These parameters are displayed: ◆ Interface – Displays a list of ports or trunks. ◆ Port – Port Identifier. (Range: 1-32/54) ◆ Trunk – Trunk Identifier. (Range: 1-16/27) ◆ Status –...

  • Page 137: Setting Static Addresses

    Chapter 6 | Address Table Settings Setting Static Addresses Setting Static Addresses Use the MAC Address > Static page to configure static MAC addresses. A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved.

  • Page 138: Changing The Aging Time

    Chapter 6 | Address Table Settings Changing the Aging Time Figure 71: Configuring Static MAC Addresses To show the static addresses in MAC address table: Click MAC Address, Static. Select Show from the Action list. Figure 72: Displaying Static MAC Addresses Changing the Aging Time Use the MAC Address >...

  • Page 139: Displaying The Dynamic Address Table

    Chapter 6 | Address Table Settings Displaying the Dynamic Address Table Web Interface To set the aging time for entries in the dynamic address table: Click MAC Address, Dynamic. Select Configure Aging from the Action list. Modify the aging status if required. Specify a new aging time.

  • Page 140: Clearing The Dynamic Address Table

    Chapter 6 | Address Table Settings Clearing the Dynamic Address Table Web Interface To show the dynamic address table: Click MAC Address, Dynamic. Select Show Dynamic MAC from the Action list. Select the Sort Key (MAC Address, VLAN, or Interface). Enter the search parameters (MAC Address, VLAN, or Interface).

  • Page 141: Issuing Mac Address Traps

    Chapter 6 | Address Table Settings Issuing MAC Address Traps Select the method by which to clear the entries (i.e., All, MAC Address, VLAN, or Interface). Enter information in the additional fields required for clearing entries by MAC Address, VLAN, or Interface. Click Clear.

  • Page 142: Figure 76: Issuing Mac Address Traps (Global Configuration)

    Chapter 6 | Address Table Settings Issuing MAC Address Traps Configure MAC notification traps and the transmission interval. Click Apply. Figure 76: Issuing MAC Address Traps (Global Configuration) To enable MAC address traps at the interface level: Click MAC Address, MAC Notification. Select Configure Interface from the Step list.
  • Page 143 Spanning Tree Algorithm This chapter describes the following basic topics: ◆ Global Settings for STA – Configures global bridge settings for STP, RSTP and MSTP. ◆ Interface Settings for STA – Configures interface settings for STA, including priority, path cost, link type, and designation as an edge port. ◆...

  • Page 144: Spanning Tree Algorithm Overview

    Chapter 7 | Spanning Tree Algorithm Overview Figure 78: STP Root Ports and Designated Ports Designated Root Root Designated Port Port Designated Bridge Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.

  • Page 145: Configuring Global Settings For Sta

    Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Configuration Digest – see “Configuring Multiple Spanning Trees” on page 155). An MST Region may contain multiple MSTP Instances. An Internal Spanning Tree (IST) is used to connect all the MSTP switches within an MST region. A Common Spanning Tree (CST) interconnects all adjacent MST Regions, and acts as a virtual bridge node for communications with STP or RSTP nodes in the global network.
  • Page 146 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA ◆ Rapid Spanning Tree Protocol RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting the type of protocol messages the RSTP node transmits, as described below: STP Mode –...
  • Page 147 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA lowest MAC address will then become the root device. (Note that lower numeric values indicate higher priority.) Default: 32768 ■ Range: 0-61440, in steps of 4096 ■ Options: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, ■...
  • Page 148 Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA ◆ Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames.

  • Page 149: Figure 81: Configuring Global Settings For Sta (Stp)

    Chapter 7 | Spanning Tree Algorithm Configuring Global Settings for STA Figure 81: Configuring Global Settings for STA (STP) Figure 82: Configuring Global Settings for STA (RSTP) – 147 –...

  • Page 150: Displaying Global Settings For Sta

    Chapter 7 | Spanning Tree Algorithm Displaying Global Settings for STA Figure 83: Configuring Global Settings for STA (MSTP) Displaying Global Settings for STA Use the Spanning Tree > STA (Configure Global - Show Information) page to display a summary of the current bridge STA information that applies to the entire switch. Parameters The parameters displayed are described in the preceding section, except for the following items:...

  • Page 151: Configuring Interface Settings For Sta

    Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA ◆ Root Path Cost – The path cost from the root port on this switch to the root device. ◆ Topology Changes – The number of times the Spanning Tree has been reconfigured.

  • Page 152: Table 10: Recommended Sta Path Cost Range

    Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA ◆ BPDU Flooding - Enables/disables the flooding of BPDUs to other ports when global spanning tree is disabled (page 143) or when spanning tree is disabled on specific port. When flooding is enabled, BPDUs are flooded to all other ports on the switch or to all other ports within the receiving port’s native VLAN as specified by the Spanning Tree BPDU Flooding attribute (page...
  • Page 153 Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for STA Table 11: Default STA Path Costs Port Type Short Path Cost Long Path Cost (IEEE 802.1D-1998) (802.1D-2004) Gigabit Ethernet 10,000 10,000 10G Ethernet 1,000 1,000 40G Ethernet 65535 2,000,000 1 Undefined in standard, but recommended setting is 250.

  • Page 154: Displaying Interface Settings For Sta

    Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA If the port does not receive any BPDUs after the edge delay timer expires, ■ its role changes to designated port and it immediately enters forwarding state (see “Displaying Interface Settings for STA” on page 152).
  • Page 155 Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA ◆ STA Status – Displays current state of this port within the Spanning Tree: Discarding - Port receives STA configuration messages, but does not ■ forward packets. Learning - Port has transmitted configuration messages for an interval set ■...

  • Page 156: Figure 86: Sta Port Roles

    Chapter 7 | Spanning Tree Algorithm Displaying Interface Settings for STA false if a BPDU is received, indicating that another bridge is attached to this port. ◆ Port Role – Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge (i.e., root port), connecting a LAN through the bridge to the root bridge (i.e., designated port), is the MSTI regional root (i.e., master port), or is an alternate or backup port...

  • Page 157: Configuring Multiple Spanning Trees

    Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Figure 87: Displaying Interface Settings for STA Configuring Multiple Spanning Trees Use the Spanning Tree > MSTP (Configure Global) page to create an MSTP instance, or to add VLAN groups to an MSTP instance. Command Usage MSTP generates a unique spanning tree for each instance.

  • Page 158: Figure 88: Creating An Mst Instance

    Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Parameters These parameters are displayed: ◆ MST ID – Instance identifier to configure. (Range: 0-4094) ◆ VLAN ID – VLAN to assign to this MST instance. (Range: 1-4094) ◆ Priority – The priority of a spanning tree instance. (Range: 0-61440 in steps of 4096;...

  • Page 159: Figure 89: Displaying Mst Instances

    Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees To show the MSTP instances: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Show from the Action list. Figure 89: Displaying MST Instances To modify the priority for an MST instance: Click Spanning Tree, MSTP.

  • Page 160: Figure 91: Displaying Global Settings For An Mst Instance

    Chapter 7 | Spanning Tree Algorithm Configuring Multiple Spanning Trees Select an MST ID. The attributes displayed on this page are described under “Displaying Global Settings for STA” on page 148. Figure 91: Displaying Global Settings for an MST Instance To add additional VLAN groups to an MSTP instance: Click Spanning Tree, MSTP.

  • Page 161: Configuring Interface Settings For Mstp

    Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP To show the VLAN members of an MSTP instance: Click Spanning Tree, MSTP. Select Configure Global from the Step list. Select Show Member from the Action list. Figure 93: Displaying Members of an MST Instance Configuring Interface Settings for MSTP Use the Spanning Tree >...

  • Page 162: Figure 94: Configuring Mstp Interface Settings

    Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP ◆ Priority – Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning Tree.

  • Page 163: Figure 95: Displaying Mstp Interface Settings

    Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP To display MSTP parameters for a port or trunk: Click Spanning Tree, MSTP. Select Configure Interface from the Step list. Select Show Information from the Action list. Figure 95: Displaying MSTP Interface Settings –...
  • Page 164 Chapter 7 | Spanning Tree Algorithm Configuring Interface Settings for MSTP – 162 –...

  • Page 165: Congestion Control

    Congestion Control The switch can control traffic storms by setting a maximum threshold for broadcast traffic or multicast traffic. Congestion Control includes following options: ◆ Storm Control – Sets the traffic storm threshold for each interface. Storm Control Use the Traffic > Storm Control page to configure broadcast, multicast, and unknown unicast storm control thresholds.

  • Page 166: Figure 96: Configuring Storm Control

    Chapter 8 | Congestion Control Storm Control ◆ Rate – Threshold level as a rate; i.e., packets per second. (Range: 500-14880000 pps for 10G ports, 500-59520000 pps for 40G ports; Default: Disabled for unknown unicast and multicast traffic, 500 pps for broadcast traffic) Web Interface To configure broadcast storm control: Click Traffic, Storm Control.

  • Page 167: Class Of Service

    Class of Service Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with eight priority queues for each port. Data packets in a port’s high- priority queue will be transmitted before those in the lower-priority queues.

  • Page 168: Selecting The Queue Mode

    Chapter 9 | Class of Service Layer 2 Queue Settings ◆ If the output port is an untagged member of the associated VLAN, these frames are stripped of all VLAN tags prior to transmission. Parameters These parameters are displayed: ◆ Interface –...
  • Page 169 Chapter 9 | Class of Service Layer 2 Queue Settings the switch services each queue before moving on to the next queue. This prevents the head-of-line blocking that can occur with strict priority queuing. ◆ If Strict and WRR mode is selected, a combination of strict and weighted service is used as specified for each queue.

  • Page 170: Figure 98: Setting The Queue Mode (Strict)

    Chapter 9 | Class of Service Layer 2 Queue Settings Web Interface To configure the queue mode: Click Traffic, Priority, Queue. Select a port or trunk. Set the queue mode. If the weighted queue mode is selected, the queue weight can be modified if required.

  • Page 171: Mapping Cos Values To Egress Queues

    Chapter 9 | Class of Service Layer 2 Queue Settings Figure 100: Setting the Queue Mode (Strict and WRR) Mapping CoS Values Use the Traffic > Priority > PHB to Queue page to specify the hardware output queues to use based on the internal per-hop behavior value. (For more information to Egress Queues on exact manner in which the ingress priority tags are mapped to egress queues for internal processing, see...

  • Page 172: Table 13: Cos Priority Levels

    Chapter 9 | Class of Service Layer 2 Queue Settings The priority levels recommended in the IEEE 802.1p standard for various network applications are shown in Table 13. However, priority levels can be mapped to the switch’s output queues in any way that benefits application traffic for the network. Table 13: CoS Priority Levels Priority Level Traffic Type...

  • Page 173: Figure 101: Mapping Cos Values To Egress Queues

    Chapter 9 | Class of Service Layer 2 Queue Settings Map an internal PHB to a hardware queue. Depending on how an ingress packet is processed internally based on its CoS value, and the assigned output queue, the mapping done on this page can effectively determine the service priority for different traffic classes.

  • Page 174: Layer 3/4 Priority Settings

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Layer 3/4 Priority Settings Mapping Layer 3/4 Priorities to CoS Values The switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (ToS) octet, or the number of the TCP/UDP port.

  • Page 175: Mapping Ingress Dscp Values To Internal Dscp Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Parameters These parameters are displayed: ◆ Interface – Specifies a port or trunk. ◆ Trust Mode CoS – Maps layer 3/4 priorities using Class of Service values. (This is the ■...

  • Page 176: Table 15: Default Mapping Of Dscp Values To Internal Phb/Drop Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings ◆ This map is only used when the priority mapping mode is set to DSCP (see page 172), and the ingress packet type is IPv4. Any attempt to configure the DSCP mutation map will not be accepted by the switch, unless the trust mode has been set to DSCP.

  • Page 177: Figure 104: Configuring Dscp To Dscp Internal Mapping

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map DSCP values to internal PHB/drop precedence: Click Traffic, Priority, DSCP to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any DSCP value. Click Apply.

  • Page 178: Mapping Cos Priorities To Internal Dscp Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Mapping CoS Use the Traffic > Priority > CoS to DSCP page to maps CoS/CFI values in incoming Priorities to Internal packets to per-hop behavior and drop precedence values for priority processing. DSCP Values Command Usage ◆...

  • Page 179: Figure 106: Configuring Cos To Dscp Internal Mapping

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Web Interface To map CoS/CFI values to internal PHB/drop precedence: Click Traffic, Priority, CoS to DSCP. Select Configure from the Action list. Select a port. Set the PHB and drop precedence for any of the CoS/CFI combinations. Click Apply.

  • Page 180: Mapping Internal Dscp Values To Egress Cos Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Figure 107: Showing CoS to DSCP Internal Mapping Mapping Internal Use the Traffic > Priority > DSCP to CoS page to map internal per-hop behavior and drop precedence value pairs to CoS values used in tagged egress packets on a DSCP Values to Layer 2 interface.

  • Page 181: Figure 108: Configuring Dscp To Cos Egress Mapping

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Table 17: Mapping Internal PHB/Drop Precedence to CoS/CFI Values Drop Precedence 0 (green) 1 (red) 3 (yellow) Per-hop Behavior (0,0) (0,1) (0,1) (1,0) (1,1) (1,1) (2,0) (2,1) (2,1) (3,0) (3,1) (3,1) (4,0) (4,1)

  • Page 182: Mapping Ip Precedence Values To Internal Dscp Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings To show the DSCP to CoS egress map in the web interface: Click Traffic, Priority, DSCP to CoS. Select Show from the Action list. Select an interface. Figure 109: Showing DSCP to CoS Egress Mapping Mapping IP Use the Traffic >...

  • Page 183: Table 19: Default Mapping Of Ip Precedence To Internal Phb/Drop Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Command Usage ◆ Enter per-hop behavior and drop precedence for any of the IP Precedence values 0 - 7. ◆ If the priority mapping mode is set the IP Precedence and the ingress packet type is IPv4, then the IP Precedence-to-PHB/Drop Precedence mapping table is used to generate priority and drop precedence values for internal processing.

  • Page 184: Mapping Ip Port Priority To Internal Dscp Values

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Figure 110: Configuring IP Precedence to DSCP Internal Mapping To show the IP Precedence to internal PHB/drop precedence map in the web interface: Click Traffic, Priority, IP Precedence to DSCP. Select Show from the Action list.

  • Page 185: Figure 112: Configuring Ip Port Number To Dscp Internal Mapping

    Chapter 9 | Class of Service Layer 3/4 Priority Settings Parameters These parameters are displayed in the web interface: ◆ Interface – Specifies a port or trunk. ◆ IP Protocol TCP – Transport Control Protocol ■ UDP – User Datagram Protocol ■...

  • Page 186: Figure 113: Showing Ip Port Number To Dscp Internal Mapping

    Chapter 9 | Class of Service Layer 3/4 Priority Settings To show the TCP/UDP port number to per-hop behavior and drop precedence map in the web interface: Click Traffic, Priority, IP Port to DSCP. Select Show from the Action list. Select an interface.

  • Page 187: Quality Of Service

    Quality of Service This chapter describes the following tasks required to apply QoS policies: Class Map – Creates a map which identifies a specific class of traffic. Policy Map – Sets the boundary parameters used for monitoring inbound traffic, and the action to take for conforming and non-conforming traffic. Binding to a Port –...

  • Page 188: Configuring A Class Map

    Chapter 10 | Quality of Service Configuring a Class Map Command Usage To create a service policy for a specific category or ingress traffic, follow these steps: Use the Configure Class (Add) page to designate a class name for a specific category of traffic.

  • Page 189: Figure 114: Configuring A Class Map

    Chapter 10 | Quality of Service Configuring a Class Map Add Rule ◆ Class Name – Name of the class map. ◆ Type – Only one match command is permitted per class map, so the match-any field refers to the criteria specified by the lone match command. ◆...

  • Page 190: Figure 115: Showing Class Maps

    Chapter 10 | Quality of Service Configuring a Class Map To show the configured class maps: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show from the Action list. Figure 115: Showing Class Maps To edit the rules for a class map: Click Traffic, DiffServ.

  • Page 191: Figure 116: Adding Rules To A Class Map

    Chapter 10 | Quality of Service Configuring a Class Map Figure 116: Adding Rules to a Class Map To show the rules for a class map: Click Traffic, DiffServ. Select Configure Class from the Step list. Select Show Rule from the Action list. Figure 117: Showing the Rules for a Class Map –...

  • Page 192: Creating Qos Policies

    Chapter 10 | Quality of Service Creating QoS Policies Creating QoS Policies Use the Traffic > DiffServ (Configure Policy) page to create a policy map that can be attached to multiple interfaces. A policy map is used to group one or more class map statements (page 186), modify service tagging, and enforce bandwidth...
  • Page 193 Chapter 10 | Quality of Service Creating QoS Policies ◆ The meter operates in one of two modes. In the color-blind mode, the meter assumes that the packet stream is uncolored. In color-aware mode the meter assumes that some preceding entity has pre-colored the incoming packet stream so that each packet is either green, yellow, or red.
  • Page 194 Chapter 10 | Quality of Service Creating QoS Policies (BP). Action may taken for traffic conforming to the maximum throughput, exceeding the maximum throughput, or exceeding the peak burst size. ◆ The PHB label is composed of five bits, three bits for per-hop behavior, and two bits for the color scheme used to control queue congestion.
  • Page 195 Chapter 10 | Quality of Service Creating QoS Policies which are green, yellow, or red. Refer to RFC 2698 for more information on other aspects of trTCM. Command Usage ◆ A policy map can contain 16 class statements that can be applied to the same interface (page 199).
  • Page 196 Chapter 10 | Quality of Service Creating QoS Policies ◆ Meter Mode – Selects one of the following policing methods. Flow (Police Flow) – Defines the committed information rate (CIR, or ■ maximum throughput), committed burst size (BC, or burst rate), and the action to take for conforming and non-conforming traffic.
  • Page 197 Chapter 10 | Quality of Service Creating QoS Policies Excess Burst Size (BE) – Burst in excess of committed burst size. ■ (Range:1000-12800000 bytes) Conform – Specifies that traffic conforming to the maximum rate (CIR) ■ will be transmitted without any change to the DSCP service level. Set IP DSCP –...
  • Page 198 Chapter 10 | Quality of Service Creating QoS Policies Peak Burst Size (BP) – Burst size in bytes. (Range: 1000-128000000 ■ bytes) Conform – Specifies that traffic conforming to the maximum rate (CIR) ■ will be transmitted without any change to the DSCP service level. Set IP DSCP –...

  • Page 199: Figure 118: Configuring A Policy Map

    Chapter 10 | Quality of Service Creating QoS Policies Web Interface To configure a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add from the Action list. Enter a policy name. Enter a description. Click Add. Figure 118: Configuring a Policy Map To show the configured policy maps: Click Traffic, DiffServ.

  • Page 200: Figure 120: Adding Rules To A Policy Map

    Chapter 10 | Quality of Service Creating QoS Policies To edit the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Add Rule from the Action list. Select the name of a policy map. Set the CoS or per-hop behavior for matching packets to specify the quality of service to be assigned to the matching traffic class.

  • Page 201: Attaching A Policy Map To A Port

    Chapter 10 | Quality of Service Attaching a Policy Map to a Port To show the rules for a policy map: Click Traffic, DiffServ. Select Configure Policy from the Step list. Select Show Rule from the Action list. Figure 121: Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic >...

  • Page 202: Figure 122: Attaching A Policy Map To A Port

    Chapter 10 | Quality of Service Attaching a Policy Map to a Port Web Interface To bind a policy map to a port: Click Traffic, DiffServ. Select Configure Interface from the Step list. Check the box under the Ingress or egress field to enable a policy map for a port.

  • Page 203: Security Measures

    Security Measures You can configure this switch to authenticate users logging into the system for management access using local or remote authentication methods. Port-based authentication using IEEE 802.1X can also be configured to control either management access to the uplink ports or client access to the data ports. This switch provides secure network management access using the following options: ◆...

  • Page 204: Configuring Local/Remote Logon Authentication

    Chapter 11 | Security Measures AAA Authorization and Accounting as a method for controlling user access to specified services. For example, when the switch attempts to authenticate a user, a request is sent to the first server in the defined group, if there is no response the second server will be tried, and so on. If at any point a pass or fail is returned, the process stops.

  • Page 205: Configuring Remote Logon Authentication Servers

    Chapter 11 | Security Measures AAA Authorization and Accounting Parameters These parameters are displayed: ◆ Authentication Sequence – Select the authentication, or authentication sequence required: Local – User authentication is performed only locally by the switch. ■ RADIUS – User authentication is performed using a RADIUS server only. ■...

  • Page 206: Figure 124: Authentication Server Operation

    Chapter 11 | Security Measures AAA Authorization and Accounting Figure 124: Authentication Server Operation console Telnet 1. Client attempts management access. 2. Switch contacts authentication server. RADIUS/ 3. Authentication server challenges client. 4. Client responds with proper password or key. TACACS+ 5.
  • Page 207 Chapter 11 | Security Measures AAA Authorization and Accounting Accounting Server UDP Port – Network (UDP) port on authentication ■ server used for accounting messages. (Range: 1-65535; Default: 1813) Authentication Server UDP Port – Network (UDP) port on authentication ■ server used for authentication messages.
  • Page 208 Chapter 11 | Security Measures AAA Authorization and Accounting Confirm Authentication Key – Re-type the string entered in the previous ■ field to ensure no errors were made. The switch will not change the encryption key if these two fields do not match. Configure Group ◆...

  • Page 209: Figure 125: Configuring Remote Authentication Server (Radius)

    Chapter 11 | Security Measures AAA Authorization and Accounting Figure 125: Configuring Remote Authentication Server (RADIUS) Figure 126: Configuring Remote Authentication Server (TACACS+) To configure the RADIUS or TACACS+ server groups to use for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list.

  • Page 210: Figure 127: Configuring Aaa Server Groups

    Chapter 11 | Security Measures AAA Authorization and Accounting Figure 127: Configuring AAA Server Groups To show the RADIUS or TACACS+ server groups used for accounting and authorization: Click Security, AAA, Server. Select Configure Group from the Step list. Select Show from the Action list. Figure 128: Showing AAA Server Groups –...

  • Page 211: Configuring User Accounts

    Chapter 11 | Security Measures Configuring User Accounts Configuring User Accounts Use the Security > User Accounts page to control management access to the switch based on manually configured user names and passwords. Command Usage ◆ The default guest name is “guest” with the password “guest.” The default administrator name is “admin”...

  • Page 212: Figure 129: Configuring User Accounts

    Chapter 11 | Security Measures Configuring User Accounts Web Interface To configure user accounts: Click Security, User Accounts. Select Add from the Action list. Specify a user name, select the user's access level, then enter a password if required and confirm it. Click Apply.

  • Page 213: Configuring Https

    Chapter 11 | Security Measures Configuring HTTPS Configuring HTTPS You can configure the switch to enable the Secure Hypertext Transfer Protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface. Configuring Global Use the Security >...

  • Page 214: Replacing The Default Secure-Site Certificate

    Chapter 11 | Security Measures Configuring HTTPS Parameters These parameters are displayed: ◆ HTTPS Status – Allows you to enable/disable the HTTPS server feature on the switch. (Default: Enabled) HTTPS Port – Specifies the UDP port number used for HTTPS connection to the ◆...
  • Page 215 Chapter 11 | Security Measures Configuring HTTPS When you have obtained these, place them on your TFTP server and transfer them to the switch to replace the default (unrecognized) certificate with an authorized one. Note: The switch must be reset for the new certificate to be activated. To reset the switch, see “Resetting the System”...

  • Page 216: Configuring The Secure Shell

    Chapter 11 | Security Measures Configuring the Secure Shell Figure 132: Downloading the Secure-Site Certificate Configuring the Secure Shell The Berkeley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments.
  • Page 217 Chapter 11 | Security Measures Configuring the Secure Shell To use the SSH server, complete these steps: Generate a Host Key Pair – On the SSH Host Key Settings page, create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
  • Page 218 Chapter 11 | Security Measures Configuring the Secure Shell Note: To use SSH with only password authentication, the host public key must still be given to the client, either during initial connection or manually entered into the known host file. However, you do not need to configure the client’s keys. Public Key Authentication –...

  • Page 219: Configuring The Ssh Server

    Chapter 11 | Security Measures Configuring the Secure Shell Configuring the SSH Use the Security > SSH (Configure Global) page to enable the SSH server and configure basic settings for authentication. Server Note: A host key pair must be configured on the switch before you can enable the SSH server.

  • Page 220: Generating The Host Key Pair

    Chapter 11 | Security Measures Configuring the Secure Shell Figure 133: Configuring the SSH Server Generating the Host Use the Security > SSH (Configure Host Key - Generate) page to generate a host public/private key pair used to provide secure communications between an SSH Key Pair client and the switch.

  • Page 221: Figure 134: Generating The Ssh Host Key Pair

    Chapter 11 | Security Measures Configuring the Secure Shell ◆ Clear – Clears the RSA or DSA public keys when the check box is selected. Web Interface To generate the SSH host key pair: Click Security, SSH. Select Configure Host Key from the Step list. Select Generate from the Action list.

  • Page 222: Importing User Public Keys

    Chapter 11 | Security Measures Configuring the Secure Shell Figure 135: Showing the SSH Host Key Pair Importing User Public Use the Security > SSH (Configure User Key - Copy) page to upload a user’s public key to the switch. This public key must be stored on the switch for the user to be Keys able to log in using the public key authentication mechanism.

  • Page 223: Figure 136: Copying The Ssh User's Public Key

    Chapter 11 | Security Measures Configuring the Secure Shell Web Interface To copy the SSH user’s public key: Click Security, SSH. Select Configure User Key from the Step list. Select Copy from the Action list. Select the user name and the public-key type from the respective drop-down boxes, input the TFTP server IP address and the public key source file name.

  • Page 224: Access Control Lists

    Chapter 11 | Security Measures Access Control Lists Figure 137: Showing the SSH User’s Public Key Access Control Lists Access Control Lists (ACL) provide packet filtering for IPv4 frames (based on address, protocol, Layer 4 protocol port number or TCP control code), IPv6 frames (based on address, DSCP, next header type, or flow label), or any frames (based on MAC address or Ethernet type).

  • Page 225: Setting A Time Range

    Chapter 11 | Security Measures Access Control Lists Auto ACE Compression is a software feature used to compress all the ACEs of an ACL to utilize hardware resources more efficiency. Without compression, one ACE would occupy a fixed number of entries in TCAM. So if one ACL includes 25 ACEs, the ACL would need (25 * n) entries in TCAM, where “n”...

  • Page 226: Figure 138: Setting The Name Of A Time Range

    Chapter 11 | Security Measures Access Control Lists ◆ Mode Absolute – Specifies a specific time or time range. ■ Start/End – Specifies the hours, minutes, month, day, and year at which ■ to start or end. Periodic – Specifies a periodic interval. ■...

  • Page 227: Figure 139: Showing A List Of Time Ranges

    Chapter 11 | Security Measures Access Control Lists Figure 139: Showing a List of Time Ranges To configure a rule for a time range: Click Security, ACL. Select Configure Time Range from the Step list. Select Add Rule from the Action list. Select the name of time range from the drop-down list.

  • Page 228: Showing Tcam Utilization

    Chapter 11 | Security Measures Access Control Lists Figure 141: Showing the Rules Configured for a Time Range Showing TCAM Use the Security > ACL (Configure ACL - Show TCAM) page to show utilization parameters for TCAM (Ternary Content Addressable Memory), including the Utilization number policy control entries in use, the number of free entries, and the overall percentage of TCAM in use.

  • Page 229: Setting The Acl Name And Type

    Chapter 11 | Security Measures Access Control Lists Select Show TCAM from the Action list. Figure 142: Showing TCAM Utilization Setting the ACL Name Use the Security > ACL (Configure ACL - Add) page to create an ACL. and Type Parameters These parameters are displayed: ◆...

  • Page 230: Figure 143: Creating An Acl

    Chapter 11 | Security Measures Access Control Lists Web Interface To configure the name and type of an ACL: Click Security, ACL. Select Configure ACL from the Step list. Select Add from the Action list. Fill in the ACL Name field, and select the ACL type. Click Apply.

  • Page 231: Configuring A Standard Ipv4 Acl

    Chapter 11 | Security Measures Access Control Lists Configuring a Use the Security > ACL (Configure ACL - Add Rule - IP Standard) page to configure a Standard IPv4 ACL Standard IPv4 ACL. Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...

  • Page 232: Configuring An Extended Ipv4 Acl

    Chapter 11 | Security Measures Access Control Lists Figure 145: Configuring a Standard IPv4 ACL Configuring an Use the Security > ACL (Configure ACL - Add Rule - IP Extended) page to configure Extended IPv4 ACL an Extended IPv4 ACL. Parameters These parameters are displayed: ◆...
  • Page 233 Chapter 11 | Security Measures Access Control Lists Precedence – IP precedence level. (Range: 0-7) ■ DSCP – DSCP priority level. (Range: 0-63) ■ ◆ Control Code – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range: 0-63) ◆...

  • Page 234: Configuring A Standard Ipv6 Acl

    Chapter 11 | Security Measures Access Control Lists If you select “Host,” enter a specific address. If you select “IP,” enter a subnet address and the mask for an address range. Set any other required criteria, such as service type, protocol type, or control code.

  • Page 235: Figure 147: Configuring A Standard Ipv6 Acl

    Chapter 11 | Security Measures Access Control Lists the address to indicate the appropriate number of zeros required to fill the undefined fields. ◆ Source Prefix-Length – A decimal value indicating how many contiguous bits (from the left) of the address comprise the prefix (i.e., the network portion of the address).

  • Page 236: Configuring An Extended Ipv6 Acl

    Chapter 11 | Security Measures Access Control Lists Configuring an Use the Security > ACL (Configure ACL - Add Rule - IPv6 Extended) page to Extended IPv6 ACL configure an Extended IPv6 ACL. Parameters These parameters are displayed: ◆ Type – Selects the type of ACLs to show in the Name list. ◆...

  • Page 237: Configuring A Mac Acl

    Chapter 11 | Security Measures Access Control Lists Figure 148: Configuring an Extended IPv6 ACL Configuring a Use the Security > ACL (Configure ACL - Add Rule - MAC) page to configure a MAC ACL based on hardware addresses, packet format, and Ethernet type. MAC ACL Parameters These parameters are displayed:...
  • Page 238 Chapter 11 | Security Measures Access Control Lists ◆ Ethernet Type – This option can only be used to filter Ethernet II formatted packets. (Range: 0-ffff hex.) A detailed listing of Ethernet protocol types can be found in RFC 1060. A few of the more common types include 0800 (IP), 0806 (ARP), 8137 (IPX).

  • Page 239: Binding A Port To An Access Control List

    Chapter 11 | Security Measures Access Control Lists Figure 149: Configuring a MAC ACL Binding a Port to an After configuring ACLs, use the Security > ACL (Configure Interface) page to bind Access Control List the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list and one MAC access list to any port.

  • Page 240: Filtering Ip Addresses For Management Access

    Chapter 11 | Security Measures Filtering IP Addresses for Management Access Web Interface To bind an ACL to a port: Click Security, ACL. Select Configure Interface from the Step list. Select IP, MAC or IPv6 from the Type list. Select a port. Select the name of an ACL from the ACL list.
  • Page 241 Chapter 11 | Security Measures Filtering IP Addresses for Management Access ◆ IP address can be configured for SNMP, web and Telnet access respectively. Each of these groups can include up to five different sets of addresses, either individual addresses or address ranges. ◆...

  • Page 242: Figure 151: Creating An Ip Address Filter For Management Access

    Chapter 11 | Security Measures Filtering IP Addresses for Management Access Figure 151: Creating an IP Address Filter for Management Access To show a list of IP addresses authorized for management access: Click Security, IP Filter. Select Show from the Action list. Figure 152: Showing IP Addresses Authorized for Management Access –...

  • Page 243: Basic Administration Protocols

    Basic Administration Protocols This chapter describes basic administration tasks including: ◆ Event Logging – Sets conditions for logging event messages to system memory or flash memory, configures conditions for sending trap messages to remote log servers, and configures trap reporting to remote hosts using Simple Mail Transfer Protocol (SMTP).

  • Page 244: Table 21: Logging Levels

    Chapter 12 | Basic Administration Protocols Configuring Event Logging Parameters These parameters are displayed: ◆ System Log Status – Enables/disables the logging of debug or error messages to the logging process. (Default: Enabled) ◆ Flash Level – Limits log messages saved to the switch’s permanent flash memory for all levels up to the specified level.

  • Page 245: Figure 153: Configuring Settings For System Memory Logs

    Chapter 12 | Basic Administration Protocols Configuring Event Logging Enable or disable system logging, set the level of event messages to be logged to flash memory and RAM. Click Apply. Figure 153: Configuring Settings for System Memory Logs To show the error messages logged to system or flash memory: Click Administration, Log, System.

  • Page 246: Remote Log Configuration

    Chapter 12 | Basic Administration Protocols Configuring Event Logging Remote Log Use the Administration > Log > Remote page to send log messages to syslog Configuration servers or other management stations. You can also limit the event messages sent to only those messages below a specified level. Parameters These parameters are displayed: ◆...

  • Page 247: Link Layer Discovery Protocol

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Figure 155: Configuring Settings for Remote Logging of Error Messages Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device.
  • Page 248 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Hold Time Multiplier – Configures the time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below. (Range: 2-10; Default: 4) The time-to-live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner.

  • Page 249: Configuring Lldp Interface Attributes

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Web Interface To configure LLDP timing attributes: Click Administration, LLDP. Select Configure Global from the Step list. Enable LLDP, and modify any of the timing parameters as required. Click Apply. Figure 156: Configuring LLDP Timing Attributes Configuring LLDP Use the Administration >...
  • Page 250 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a trap notification are included in the transmission. An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification-events missed due to throttling or transmission loss.
  • Page 251 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol System Name – The system name is taken from the sysName object in ■ RFC 3418, which contains the system’s administratively assigned name. To configure the system name, see “Displaying System Information” on page 55.
  • Page 252 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Network Policy – This option advertises network policy configuration ■ information, aiding in the discovery and diagnosis of VLAN configuration mismatches on a port. Improper network policy configurations frequently result in voice quality degradation or complete service disruption. (Default: Enabled) ◆...

  • Page 253: Configuring Lldp Interface Civic-Address

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Figure 157: Configuring LLDP Interface Attributes Configuring LLDP Use the Administration > LLDP (Configure Interface – Add CA-Type) page to specify Interface Civic- the physical location of the device attached to an interface. Address Command Usage ◆...

  • Page 254: Figure 158: Configuring The Civic Address For An Lldp Interface

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 22: LLDP MED Location CA Types CA Type Description CA Value Example Landmark or vanity address Tech Center Unit (apartment, suite) Apt 519 Floor Room 509B ◆ Any number of CA type and value pairs can be specified for the civic address location, as long as the total does not exceed 250 characters.

  • Page 255: Displaying Lldp Local Device Information

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Displaying LLDP Local Use the Administration > LLDP (Show Local Device Information) page to display Device Information information about the switch, such as its MAC address, chassis ID, management IP address, and port information.

  • Page 256: Table 25: Port Id Subtype

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 24: System Capabilities ID Basis Reference Router IETF RFC 1812 Telephone IETF RFC 2011 DOCSIS cable device IETF RFC 2669 and IETF RFC 2670 End Station Only IETF RFC 2011 ◆...

  • Page 257: Figure 159: Displaying Local Device Information For Lldp (General)

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol (Continued) Table 25: Port ID Subtype ID Basis Reference Agent circuit ID agent circuit ID (IETF RFC 3046) Locally assigned locally assigned ◆ Port/Trunk ID – A string that contains the specific identifier for the local interface based on interface subtype used by this switch.

  • Page 258: Displaying Lldp Remote Device Information

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Figure 160: Displaying Local Device Information for LLDP (Port) Displaying LLDP Use the Administration > LLDP (Show Remote Device Information) page to display information about devices connected directly to the switch’s ports which are Remote Device advertising information through LLDP, or to display detailed information about an Information...
  • Page 259 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Chassis ID – An octet string indicating the specific identifier for the particular chassis in this system. ◆ System Name – A string that indicates the system’s assigned name. ◆...

  • Page 260: Table 26: Remote Port Auto-Negotiation Advertised Capability

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – 802.3 Extension Port Information (why not shown?) ◆ Remote Port Auto-Neg Supported – Shows whether the given port (associated with remote system) supports auto-negotiation. ◆ Remote Port Auto-Neg Adv-Capability – The value (bitmap) of the ifMauAutoNegCapAdvertisedBits object (defined in IETF RFC 3636) which is associated with a port on the remote system.
  • Page 261 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Remote Power Pairs – “Signal” means that the signal pairs only are in use, and “Spare” means that the spare pairs only are in use. ◆ Remote Power MDI Supported – Shows whether MDI power is supported on the given port associated with the remote system.
  • Page 262 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Supported Capabilities – The supported set of capabilities that define the primary function(s) of the port: LLDP-MED Capabilities ■ Network Policy ■ Location Identification ■ Extended Power via MDI – PSE ■...
  • Page 263 Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Port Details – Location Identification ◆ Location Data Format – Any of these location ID data formats: Coordinate-based LCI – Defined in RFC 3825, includes latitude resolution, ■ latitude, longitude resolution, longitude, altitude type, altitude resolution, altitude, and datum.

  • Page 264: Figure 161: Displaying Remote Device Information For Lldp (Port)

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Manufacture Name – The manufacturer of the end-point device. ◆ Asset ID – The asset identifier of the end-point device. End-point devices are typically assigned asset identifiers to facilitate inventory management and assets tracking.

  • Page 265: Figure 162: Displaying Remote Device Information For Lldp (Port Details)

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Figure 162: Displaying Remote Device Information for LLDP (Port Details) – 263 –...

  • Page 266: Displaying Device Statistics

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol Additional information displayed by an end-point device which advertises LLDP- MED TLVs is shown in the following figure. Figure 163: Displaying Remote Device Information for LLDP (End Node) Displaying Device Use the Administration >...

  • Page 267: Figure 164: Displaying Lldp Device Statistics (General)

    Chapter 12 | Basic Administration Protocols Link Layer Discovery Protocol ◆ Neighbor Entries Age-out Count – The number of times that a neighbor’s information has been deleted from the LLDP remote systems MIB because the remote TTL timer has expired. Port/Trunk ◆...

  • Page 268: Simple Network Management Protocol

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 165: Displaying LLDP Device Statistics (Port) Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.

  • Page 269: Table 27: Snmpv3 Security Models And Levels

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol and specified security levels. Each group also has a defined security access to set of MIB objects for reading and writing, which are known as “views.” The switch has a default view (all MIB objects) and default groups defined for security models v1 and v2c.

  • Page 270: Configuring Global Settings For Snmp

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Configuring SNMPv3 Management Access Use the Administration > SNMP (Configure Global) page to enable SNMP on the switch, and to enable trap messages. Use the Administration > SNMP (Configure Trap) page to specify trap managers so that key events are reported by this switch to your management station.

  • Page 271: Setting The Local Engine Id

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 166: Configuring Global Settings for SNMP Setting the Local Use the Administration > SNMP (Configure Engine - Set Engine ID) page to change the local engine ID. An SNMPv3 engine is an independent SNMP agent that resides Engine ID on the switch.

  • Page 272: Specifying A Remote Engine Id

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 167: Configuring the Local Engine ID for SNMP Specifying a Remote Use the Administration > SNMP (Configure Engine - Add Remote Engine) page to configure a engine ID for a remote management station. To allow management Engine ID access from an SNMPv3 user on a remote device, you must first specify the engine identifier for the SNMP agent on the remote device where the user resides.

  • Page 273: Setting Snmpv3 Views

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 168: Configuring a Remote Engine ID for SNMP To show the remote SNMP engine IDs: Click Administration, SNMP. Select Configure Engine from the Step list. Select Show Remote Engine from the Action list. Figure 169: Showing Remote Engine IDs for SNMP Setting SNMPv3 Views Use the Administration >...

  • Page 274: Figure 170: Creating An Snmp View

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Add OID Subtree ◆ View Name – Lists the SNMP views configured in the Add View page. ◆ OID Subtree – Adds an additional object identifier of a branch within the MIB tree to the selected View.

  • Page 275: Figure 171: Showing Snmp Views

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 171: Showing SNMP Views To add an object identifier to an existing SNMP view of the switch’s MIB database: Click Administration, SNMP. Select Configure View from the Step list. Select Add OID Subtree from the Action list.

  • Page 276: Configuring Snmpv3 Groups

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 173: Showing the OID Subtree Configured for SNMP Views Configuring SNMPv3 Use the Administration > SNMP (Configure Group) page to add an SNMPv3 group which can be used to set the access policy for its assigned users, restricting them to Groups specific read, write, and notify views.

  • Page 277: Table 28: Supported Notification Messages

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Table 28: Supported Notification Messages Model Level Group RFC 1493 Traps newRoot 1.3.6.1.2.1.17.0.1 The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its...
  • Page 278 Chapter 12 | Basic Administration Protocols Simple Network Management Protocol (Continued) Table 28: Supported Notification Messages Model Level Group swThermalFallingNotification 1.3.6.1.4.1.259.12.1.2.2.1.0.59 This trap is sent when the temperature is below the switchThermalActionFallingThreshold. autoUpgradeTrap 1.3.6.1.4.1.259.12.1.2.2.1.0.104 This trap is sent when auto upgrade is executed. swCpuUtiRisingNotification 1.3.6.1.4.1.259.12.1.2.2.1.0.107 This notification indicates that the CPU utilization has...

  • Page 279: Figure 174: Creating An Snmp Group

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Web Interface To configure an SNMP group: Click Administration, SNMP. Select Configure Group from the Step list. Select Add from the Action list. Enter a group name, assign a security model and level, and then select read, write, and notify views.

  • Page 280: Setting Community Access Strings

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Setting Community Use the Administration > SNMP (Configure User - Add Community) page to configure up to five community strings authorized for management access by Access Strings clients using SNMP v1 and v2c. For security reasons, you should consider removing the default strings.

  • Page 281: Configuring Local Snmpv3 Users

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Select Show Community from the Action list. Figure 177: Showing Community Access Strings Configuring Local Use the Administration > SNMP (Configure User - Add SNMPv3 Local User) page to authorize management access for SNMPv3 clients, or to identify the source of SNMPv3 Users SNMPv3 trap messages sent from the local switch.

  • Page 282: Figure 178: Configuring Local Snmpv3 Users

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol ◆ Privacy Protocol – The encryption algorithm used for data privacy: 3DES - Uses SNMPv3 with privacy with 3DES (168-bit) encryption. ■ AES128 - Uses SNMPv3 with privacy with AES128 encryption. ■...

  • Page 283: Configuring Remote Snmpv3 Users

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol To show local SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Local User from the Action list. Figure 179: Showing Local SNMPv3 Users Configuring Remote Use the Administration >...
  • Page 284 Chapter 12 | Basic Administration Protocols Simple Network Management Protocol ◆ Security Level – The following security levels are only used for the groups assigned to the SNMP security model: noAuthNoPriv – There is no authentication or encryption used in SNMP ■...

  • Page 285: Figure 180: Configuring Remote Snmpv3 Users

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 180: Configuring Remote SNMPv3 Users To show remote SNMPv3 users: Click Administration, SNMP. Select Configure User from the Step list. Select Show SNMPv3 Remote User from the Action list. Figure 181: Showing Remote SNMPv3 Users –...

  • Page 286: Specifying Trap Managers

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Specifying Trap Use the Administration > SNMP (Configure Trap) page to specify the host devices to be sent traps and the types of traps to send. Traps indicating status changes are Managers issued by the switch to the specified trap managers.
  • Page 287 Chapter 12 | Basic Administration Protocols Simple Network Management Protocol ◆ Community String – Specifies a valid community string for the new trap manager entry. (Range: 1-32 characters, case sensitive) Although you can set this string in the Configure Trap – Add page, we recommend defining it in the Configure User –...
  • Page 288 Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Inform – Notifications are sent as inform messages. Note that this option is ■ only available for version 2c and 3 hosts. (Default: traps are used) Timeout – The number of seconds to wait for an acknowledgment ■...

  • Page 289: Figure 182: Configuring Trap Managers (Snmpv1)

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 182: Configuring Trap Managers (SNMPv1) Figure 183: Configuring Trap Managers (SNMPv2c) Figure 184: Configuring Trap Managers (SNMPv3) – 287 –...

  • Page 290: Creating Snmp Notification Logs

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol To show configured trap managers: Click Administration, SNMP. Select Configure Trap from the Step list. Select Show from the Action list. Figure 185: Showing Trap Managers Creating SNMP Use the Administration > SNMP (Configure Notify Filter - Add) page to create an SNMP notification log.

  • Page 291: Figure 186: Creating Snmp Notification Logs

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol ◆ When a trap host is created using the Administration > SNMP (Configure Trap – Add) page described on page 284, a default notify filter will be created. Parameters These parameters are displayed: ◆...

  • Page 292: Showing Snmp Statistics

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol Figure 187: Showing SNMP Notification Logs Showing SNMP Use the Administration > SNMP (Show Statistics) page to show counters for SNMP input and output protocol data units. Statistics Parameters The following counters are displayed: ◆...

  • Page 293: Figure 188: Showing Snmp Statistics

    Chapter 12 | Basic Administration Protocols Simple Network Management Protocol ◆ SNMP packets output – The total number of SNMP Messages which were passed from the SNMP protocol entity to the transport service. ◆ Too big errors – The total number of SNMP PDUs which were generated by the SNMP protocol entity and for which the value of the error-status field is “tooBig.”...

  • Page 294: Remote Monitoring

    Chapter 12 | Basic Administration Protocols Remote Monitoring Remote Monitoring Remote Monitoring allows a remote device to collect information or respond to specified events on an independent basis. This switch is an RMON-capable device which can independently perform a wide range of tasks, significantly reducing network management traffic.
  • Page 295 Chapter 12 | Basic Administration Protocols Remote Monitoring ◆ Sample Type – Tests for absolute or relative changes in the specified variable. Absolute – The variable is compared directly to the thresholds at the end ■ of the sampling period. Delta –...

  • Page 296: Figure 189: Configuring An Rmon Alarm

    Chapter 12 | Basic Administration Protocols Remote Monitoring Web Interface To configure an RMON alarm: Click Administration, RMON. Select Configure Global from the Step list. Select Add from the Action list. Click Alarm. Enter an index number, the MIB object to be polled (etherStatsEntry.n.n), the polling interval, the sample type, the thresholds, and the event to trigger.

  • Page 297: Configuring Rmon Events

    Chapter 12 | Basic Administration Protocols Remote Monitoring Figure 190: Showing Configured RMON Alarms Configuring RMON Use the Administration > RMON (Configure Global - Add - Event) page to set the action to take when an alarm is triggered. The response can include logging the Events alarm or sending a message to a trap manager.

  • Page 298: Figure 191: Configuring An Rmon Event

    Chapter 12 | Basic Administration Protocols Remote Monitoring ◆ Community – A password-like community string sent with the trap operation to SNMP v1 and v2c hosts. Although the community string can be set on this configuration page, it is recommended that it be defined on the SNMP trap configuration page (see “Setting Community Access Strings”...

  • Page 299: Configuring Rmon History Samples

    Chapter 12 | Basic Administration Protocols Remote Monitoring To show configured RMON events: Click Administration, RMON. Select Configure Global from the Step list. Select Show from the Action list. Click Event. Figure 192: Showing Configured RMON Events Configuring RMON Use the Administration > RMON (Configure Interface - Add - History) page to collect History Samples statistics on a physical interface to monitor network utilization, packet types, and errors.
  • Page 300 Chapter 12 | Basic Administration Protocols Remote Monitoring example, if control entry 15 is assigned to port 5, this index entry will be removed from the Show and Show Details page for port 8. Parameters These parameters are displayed: ◆ Port –...

  • Page 301: Figure 193: Configuring An Rmon History Sample

    Chapter 12 | Basic Administration Protocols Remote Monitoring Figure 193: Configuring an RMON History Sample To show configured RMON history samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show from the Action list. Select a port from the list. Click History.

  • Page 302: Configuring Rmon Statistical Samples

    Chapter 12 | Basic Administration Protocols Remote Monitoring Click History. Figure 195: Showing Collected RMON History Samples Configuring RMON Use the Administration > RMON (Configure Interface - Add - Statistics) page to collect statistics on a port, which can subsequently be used to monitor the network Statistical Samples for common errors and overall traffic rates.

  • Page 303: Figure 196: Configuring An Rmon Statistical Sample

    Chapter 12 | Basic Administration Protocols Remote Monitoring Select a port from the list as the data source. Enter an index number, and the name of the owner for this entry Click Apply Figure 196: Configuring an RMON Statistical Sample To show configured RMON statistical samples: Click Administration, RMON.

  • Page 304: Udld Configuration

    Chapter 12 | Basic Administration Protocols UDLD Configuration To show collected RMON statistical samples: Click Administration, RMON. Select Configure Interface from the Step list. Select Show Details from the Action list. Select a port from the list. Click Statistics. Figure 198: Showing Collected RMON Statistical Samples UDLD Configuration The switch can be configured to detect general loopback conditions caused by hardware problems or faulty protocol settings.

  • Page 305: Configuring Udld Protocol Intervals

    Chapter 12 | Basic Administration Protocols UDLD Configuration spanning tree protocol, general loopback detection cannot be enabled on the same interface. ◆ When a loopback event is detected on an interface or when a interface is released from a shutdown state caused by a loopback event, a trap message is sent and the event recorded in the system log.

  • Page 306: Configuring Udld Interface Settings

    Chapter 12 | Basic Administration Protocols UDLD Configuration ◆ Recovery Interval – Specifies the period after which to automatically recover from UDLD disabled port state. (Range: 30-86400 seconds; Default: 7 seconds) When the recovery interval is changed, any ports shut down by UDLD will be reset.
  • Page 307 Chapter 12 | Basic Administration Protocols UDLD Configuration detection process on its side of the connection and sends N echo messages in reply. (This mechanism implicitly assumes that N packets are sufficient to get through a link and reach the other end, even though some of them might get dropped during the transmission.) Since this behavior must be the same on all the neighbors, the sender of the echoes expects to receive an echo in reply.

  • Page 308: Displaying Udld Neighbor Information

    Chapter 12 | Basic Administration Protocols UDLD Configuration ◆ Detection Interval – The period the switch remains in detection state after discovering a neighbor. Web Interface To enable UDLD and aggressive mode: Click Administration, UDLD, Configure Interface. Enable UDLD and aggressive mode on the required ports. Click Apply.

  • Page 309: Figure 201: Displaying Udld Neighbor Information

    Chapter 12 | Basic Administration Protocols UDLD Configuration ◆ Message Interval – The interval between UDLD probe messages for ports in advertisement phase. ◆ Detection Interval – The period the switch remains in detection state after discovering a neighbor. Web Interface To display UDLD neighbor information: Click Administration, UDLD, Show Information.
  • Page 310 Chapter 12 | Basic Administration Protocols UDLD Configuration – 308 –...

  • Page 311: Multicast Filtering

    Multicast Filtering This chapter describes how to configure the following multicast services: ◆ IGMP Snooping – Configures snooping and query parameters for IPv4. ◆ Filtering and Throttling – Filters specified multicast service, or throttling the maximum of multicast groups allowed on an interface for IPv4. Overview Multicasting is used to support real-time applications such as video conferencing or streaming audio.

  • Page 312: Igmp Protocol

    Chapter 13 | Multicast Filtering IGMP Protocol used to actively ask the attached hosts if they want to receive a specific multicast service. IGMP Query thereby identifies the ports containing hosts requesting to join the service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.

  • Page 313: Layer 2 Igmp (Snooping And Query For Ipv4)

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 203: IGMP Protocol Network core (multicast routing) Edge switches (snooping and query) Switch to end nodes (snooping on IGMP clients) Layer 2 IGMP (Snooping and Query for IPv4) IGMP Snooping and Query –...
  • Page 314 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Note: When the switch is configured to use IGMPv3 snooping, the snooping version may be downgraded to version 2 or version 1, depending on the version of the IGMP query packets detected on each VLAN.

  • Page 315: Configuring Igmp Snooping And Query Parameters

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Configuring IGMP Use the Multicast > IGMP Snooping > General page to configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report Snooping and Query messages, the switch forwards multicast traffic only to the ports that request it.
  • Page 316 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) When proxy reporting is enabled with this command, the switch performs “IGMP Snooping with Proxy Reporting” (as defined in DSL Forum TR-101, April 2006), including last leave, and query suppression. Last leave sends out a proxy query when the last member leaves a multicast group, and query suppression means that specific queries are not forwarded from an upstream multicast router to hosts downstream from this device.
  • Page 317 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) multicast router receives this solicitation, it immediately issues an IGMP general query. A query solicitation can be sent whenever the switch notices a topology change, even if it is not the root bridge in spanning tree. ◆...

  • Page 318: Specifying Static Interfaces For An Ipv4 Multicast Router

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ IGMP Snooping Version – Sets the protocol version for compatibility with other devices on the network. This is the IGMP Version the switch uses to send snooping reports.
  • Page 319 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) multicast groups supported by the attached router. This can ensure that multicast traffic is passed to all the appropriate interfaces within the switch. Command Usage IGMP Snooping must be enabled globally on the switch (see “Configuring IGMP Snooping and Query Parameters”...

  • Page 320: Figure 205: Configuring A Static Interface For An Ipv4 Multicast Router

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 205: Configuring a Static Interface for an IPv4 Multicast Router To show the static interfaces attached to a multicast router: Click Multicast, IGMP Snooping, Multicast Router. Select Show Static Multicast Router from the Action list.

  • Page 321: Assigning Interfaces To Ipv4 Multicast Services

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 207: Showing Current Interfaces Attached an IPv4 Multicast Router Assigning Interfaces Use the Multicast > IGMP Snooping > IGMP Member (Add Static Member) page to to IPv4 Multicast statically assign an IPv46 multicast service to an interface.

  • Page 322: Setting Igmp Snooping Status Per Interface

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Click Apply. Figure 208: Assigning an Interface to an IPv4 Multicast Service To show the static interfaces assigned to an IPv4 multicast service: Click Multicast, IGMP Snooping, IGMP Member. Select Show Static Member from the Action list.
  • Page 323 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) multicast routing devices. MRD is used to discover which interfaces are attached to multicast routers, allowing IGMP-enabled devices to determine where to send multicast source and group membership messages. (MRD is specified in draft-ietf- magma-mrdisc-07.) Multicast source data and group membership reports must be received by all multicast routers on a segment.
  • Page 324 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) packets, which do not have a null source address (0.0.0.0), to all ports in the attached VLAN. IGMP packets with a null source address are only flooded to all ports in the VLAN if the system is operating in multicast flooding mode, such as when a new VLAN or new router port is being established, or an spanning tree topology change has occurred.
  • Page 325 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) interface if it is connected to only one IGMP-enabled device, either a service host or a neighbor running IGMP snooping. By Host IP – The switch will not send out a group-specific query when an ■...
  • Page 326 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) This attribute configures the IGMP report/query version used by IGMP snooping. Versions 1 - 3 are all supported, and versions 2 and 3 are backward compatible, so the switch can operate with other devices, regardless of the snooping version employed.

  • Page 327: Figure 210: Configuring Igmp Snooping On A Vlan

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Many hosts do not implement RFC 4541, and therefore do not understand query messages with the source address of 0.0.0.0. These hosts will therefore not reply to the queries, causing the multicast router to stop sending traffic to them.

  • Page 328: Filtering Igmp Query Packets

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) To show the interface settings for IGMP snooping: Click Multicast, IGMP Snooping, Interface. Select Show VLAN Information from the Action list. Figure 211: Showing Interface Settings for IGMP Snooping Filtering IGMP Query Use the Multicast >...

  • Page 329: Displaying Multicast Groups Discovered By Igmp Snooping

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 212: Dropping IGMP Query Packets Displaying Multicast Use the Multicast > IGMP Snooping > Forwarding Entry page to display the Groups Discovered by forwarding entries learned through IGMP Snooping. IGMP Snooping Command Usage To display information about multicast groups, IGMP Snooping must first be...

  • Page 330: Displaying Igmp Snooping Statistics

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Web Interface To show multicast groups learned through IGMP snooping: Click Multicast, IGMP Snooping, Forwarding Entry. Select the VLAN for which to display this information. Figure 213: Showing Multicast Groups Learned by IGMP Snooping Displaying IGMP Use the Multicast >...
  • Page 331 Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ General Query Received – The number of general queries received on this interface. ◆ General Query Sent – The number of general queries sent from this interface. ◆...

  • Page 332: Figure 214: Displaying Igmp Snooping Statistics - Query

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) ◆ G Query – The number of general query messages sent from this interface. ◆ G(-S)-S Query – The number of group specific or group-and-source specific query messages sent from this interface. Web Interface To display statistics for IGMP snooping query-related messages: Click Multicast, IGMP Snooping, Statistics.

  • Page 333: Figure 215: Displaying Igmp Snooping Statistics - Vlan

    Chapter 13 | Multicast Filtering Layer 2 IGMP (Snooping and Query for IPv4) Figure 215: Displaying IGMP Snooping Statistics – VLAN To display IGMP snooping protocol-related statistics for a port: Click Multicast, IGMP Snooping, Statistics. Select Show Port Statistics from the Action list. Select a Port.

  • Page 334: Filtering And Throttling Igmp Groups

    Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups Filtering and Throttling IGMP Groups In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan.

  • Page 335: Configuring Igmp Filter Profiles

    Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups Figure 217: Enabling IGMP Filtering and Throttling Configuring IGMP Use the Multicast > IGMP Snooping > Filter (Configure Profile – Add) page to create an IGMP profile and set its access mode. Then use the (Add Multicast Group Range) Filter Profiles page to configure the multicast groups to filter.

  • Page 336: Figure 218: Creating An Igmp Filtering Profile

    Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups Web Interface To create an IGMP filter profile and set its access mode: Click Multicast, IGMP Snooping, Filter. Select Configure Profile from the Step list. Select Add from the Action list. Enter the number for a profile, and set its access mode.

  • Page 337: Configuring Igmp Filtering And Throttling For Interfaces

    Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups Select Add Multicast Group Range from the Action list. Select the profile to configure, and add a multicast group address or range of addresses. Click Apply. Figure 220: Adding Multicast Groups to an IGMP Filtering Profile To show the multicast groups configured for an IGMP filter profile: Click Multicast, IGMP Snooping, Filter.
  • Page 338 Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups port, the switch can take one of two actions; either “deny” or “replace.” If the action is set to deny, any new IGMP join reports will be dropped. If the action is set to replace, the switch randomly removes an existing group and replaces it with the new multicast group.

  • Page 339: Figure 222: Configuring Igmp Filtering And Throttling Interface Settings

    Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups Figure 222: Configuring IGMP Filtering and Throttling Interface Settings – 337 –...
  • Page 340 Chapter 13 | Multicast Filtering Filtering and Throttling IGMP Groups – 338 –...

  • Page 341: Ip Configuration

    IP Configuration This chapter describes how to configure an initial IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
  • Page 342 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 4) ◆ To enable routing between interfaces defined on this switch and external network interfaces, you must configure static routes (page 376) or use dynamic routing; i.e., OSPFv2 (page 393).

  • Page 343: Figure 223: Configuring A Static Ipv4 Address

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 341) Web Interface To set a static IPv4 address for the switch: Click IP, General, Routing Interface. Select Add from the Action list. Select any configured VLAN, set IP Address Mode to “User Specified,” set IP Address Type to “Primary”...

  • Page 344: Figure 224: Configuring A Dynamic Ipv4 Address

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 4) Figure 224: Configuring a Dynamic IPv4 Address Note: The switch will also broadcast a request for IP configuration settings on each power reset. Note: If you lose the management connection, make a console connection to the switch and enter “show ip interface”...

  • Page 345: Setting The Switch's Ip Address (Ip Version 6)

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 225: Showing the IPv4 Address Configured for an Interface Setting the Switch’s IP Address (IP Version 6) This section describes how to configure an initial IPv6 interface for management access over the network, or for creating an interface to multiple subnets.

  • Page 346: Configuring Ipv6 Interface Settings

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) If a routing protocol is enabled (page 393), you can still define a static route ■ (page 376) to ensure that traffic to the designated address or subnet passes through a preferred gateway.
  • Page 347 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) are the number of attempts made to verify whether or not a duplicate address exists on the same network segment, and the interval between neighbor solicitations used to verify reachability information. Parameters These parameters are displayed: ◆...
  • Page 348 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) all nodes on a link use the same MTU value in cases where the link MTU is not otherwise well known. IPv6 routers do not fragment IPv6 packets forwarded from other routers. ■...
  • Page 349 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) When a non-default value is configured, the specified interval is used both for router advertisements and by the router itself. ◆ ND Reachable-Time – The amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred.

  • Page 350: Configuring An Ipv6 Address

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 227: Configuring General Settings for an IPv6 Interface Configuring an IPv6 Use the IP > IPv6 Configuration (Add IPv6 Address) page to configure an initial IPv6 interface for management access over the network, or for creating an interface to Address multiple subnets.
  • Page 351 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) ◆ You can configure multiple IPv6 global unicast addresses per interface, but only one link-local address per interface. ◆ If a duplicate link-local address is detected on the local segment, this interface is disabled and a warning message displayed on the console.

  • Page 352: Figure 228: Configuring An Ipv6 Address

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) For example, if a device had an EUI-48 address of 28-9F-18-1C-82-35, the global/local bit must first be inverted to meet EUI-64 requirements (i.e., 1 for globally defined addresses and 0 for locally defined addresses), changing 28 to 2A.

  • Page 353: Showing Ipv6 Addresses

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing IPv6 Use the IP > IPv6 Configuration (Show IPv6 Address) page to display the IPv6 Addresses addresses assigned to an interface. Parameters These parameters are displayed: ◆...

  • Page 354: Showing The Ipv6 Neighbor Cache

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Web Interface To show the configured IPv6 addresses: Click IP, IPv6 Configuration. Select Show IPv6 Address from the Action list. Select a VLAN from the list. Figure 229: Showing Configured IPv6 Addresses Showing the IPv6 Use the IP >...

  • Page 355: Showing Ipv6 Statistics

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 29: Show IPv6 Neighbors - display description Field Description ◆ Delay - More than the ReachableTime interval has elapsed since the last positive confirmation was received that the forward path was functioning. A packet was sent within the last DELAY_FIRST_PROBE_TIME interval.

  • Page 356: Table 30: Show Ipv6 Statistics - Display Description

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) processing IPv6 packets. ICMP is therefore an integral part of the Internet Protocol. ICMP messages may be used to report various situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route.
  • Page 357 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 30: Show IPv6 Statistics - display description Field Description Delivers The total number of datagrams successfully delivered to IPv6 user- protocols (including ICMP). This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams.
  • Page 358 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 30: Show IPv6 Statistics - display description Field Description Destination Unreachable The number of ICMP Destination Unreachable messages received by Messages the interface. Packet Too Big Messages The number of ICMP Packet Too Big messages received by the interface.
  • Page 359 Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) (Continued) Table 30: Show IPv6 Statistics - display description Field Description Neighbor Advertisement The number of ICMP Router Advertisement messages sent by the Messages interface. Redirect Messages The number of Redirect messages sent.

  • Page 360: Figure 231: Showing Ipv6 Statistics (Ipv6)

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Web Interface To show the IPv6 statistics: Click IP, IPv6 Configuration. Select Show Statistics from the Action list. Click IPv6, ICMPv6 or UDP. Figure 231: Showing IPv6 Statistics (IPv6) –...

  • Page 361: Figure 232: Showing Ipv6 Statistics (Icmpv6)

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Figure 232: Showing IPv6 Statistics (ICMPv6) Figure 233: Showing IPv6 Statistics (UDP) – 359 –...

  • Page 362: Showing The Mtu For Responding Destinations

    Chapter 14 | IP Configuration Setting the Switch’s IP Address (IP Version 6) Showing the MTU for Use the IP > IPv6 Configuration (Show MTU) page to display the maximum Responding transmission unit (MTU) cache for destinations that have returned an ICMP packet- too-big message along with an acceptable MTU to this switch.

  • Page 363: Ip Services

    IP Services This chapter describes the following IP services: ◆ DHCP Client – Specifies the DHCP client identifier for an interface. ◆ DHCP Relay – Enables DHCP relay service, and defines the servers to which client requests are forwarded. Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) can dynamically allocate an IP address and other configuration information to network clients when they boot up.

  • Page 364: Table 33: Options 55 And 124 Statements

    Chapter 15 | IP Services Dynamic Host Configuration Protocol request sent by this switch includes a “parameter request list” asking for this information. Besides, the client request also includes a “vendor class identifier” that allows the DHCP server to identify the device, and select the appropriate configuration file for download.

  • Page 365: Configuring Dhcp Relay Service

    Chapter 15 | IP Services Dynamic Host Configuration Protocol Figure 235: Specifying A DHCP Client Identifier Configuring DHCP Use the IP Service > DHCP > Relay page to configure DHCP relay service for attached host devices. If DHCP relay is enabled, and this switch sees a DHCP request Relay Service broadcast, it inserts its own IP address into the request so that the DHCP server will know the subnet where the client is located.

  • Page 366: Figure 237: Configuring Dhcp Relay Service

    Chapter 15 | IP Services Dynamic Host Configuration Protocol Parameters These parameters are displayed: ◆ VLAN ID – ID of configured VLAN. ◆ Server IP Address – Addresses of DHCP servers to be used by the switch’s DHCP relay agent in order of preference. ◆...

  • Page 367: General Ip Routing

    General IP Routing This chapter provides information on network functions including: ◆ Ping – Sends ping message to another node on the network. ◆ Trace – Sends ICMP echo request packets to another node on the network. ◆ Address Resolution Protocol –...

  • Page 368: Ip Routing And Switching

    Chapter 16 | General IP Routing IP Routing and Switching Figure 238: Virtual Interfaces and Layer 3 Routing Inter-subnet traffic (Layer 3 switching) Routing Untagged Untagged VLAN 1 VLAN 2 Tagged or Untagged Tagged or Untagged Tagged or Untagged Tagged or Untagged Intra-subnet traffic (Layer 2 switching) IP Routing and Switching IP Switching (or packet forwarding) encompasses tasks required to forward packets...

  • Page 369: Routing Path Management

    Chapter 16 | General IP Routing IP Routing and Switching If the destination belongs to a different subnet on this switch, the packet can be routed directly to the destination node. However, if the packet belongs to a subnet not included on this switch, then the packet should be sent to the next hop router (with the MAC address of the router itself used as the destination MAC address, and the destination IP address of the destination node).

  • Page 370: Routing Protocols

    Chapter 16 | General IP Routing Configuring IP Routing Interfaces Routing Protocols The switch supports both static and dynamic routing. ◆ Static routing requires routing information to be stored in the switch either manually or when a connection is set up by an application outside the switch. ◆...

  • Page 371: Using The Ping Function

    Chapter 16 | General IP Routing Configuring IP Routing Interfaces destinations, i.e., packets that do not match any routing table entry. If another router is designated as the default gateway, then the switch will pass packets to this router for any unknown hosts or subnets. To configure a default gateway for IPv4, use the static routing table as described on page 376, enter 0.0.0.0 for the IP address and subnet mask, and then specify this...

  • Page 372: Using The Trace Route Function

    Chapter 16 | General IP Routing Configuring IP Routing Interfaces Web Interface To ping another device on the network: Click IP, General, Ping. Specify the target device and ping parameters. Click Apply. Figure 239: Pinging a Network Device Using the Trace Route Use the IP >...

  • Page 373: Figure 240: Tracing The Route To A Network Device

    Chapter 16 | General IP Routing Configuring IP Routing Interfaces ◆ The trace route function first sends probe datagrams with the TTL value set at one. This causes the first router to discard the datagram and return an error message. The trace function then sends several probe messages at each subsequent TTL level and displays the round-trip time for each message.

  • Page 374: Address Resolution Protocol

    Chapter 16 | General IP Routing Address Resolution Protocol Address Resolution Protocol If IP routing is enabled (page 393), the router uses its routing tables to make routing decisions, and uses Address Resolution Protocol (ARP) to forward traffic from one hop to the next.

  • Page 375: Configuring Static Arp Addresses

    Chapter 16 | General IP Routing Address Resolution Protocol The aging time determines how long dynamic entries remain in the cache. If the timeout is too short, the router may tie up resources by repeating ARP requests for addresses recently flushed from the table. When a ARP entry expires, it is deleted from the cache and an ARP request packet is sent to re-establish the MAC address.

  • Page 376: Figure 242: Configuring Static Arp Entries

    Chapter 16 | General IP Routing Address Resolution Protocol ◆ Static entries are only displayed on the Show page for VLANs that are up. In other words, static entries are only displayed when configured for the IP subnet of a existing VLAN, and that VLAN is linked up. Parameters These parameters are displayed: ◆...

  • Page 377: Displaying Dynamic Or Local Arp Entries

    Chapter 16 | General IP Routing Address Resolution Protocol Figure 243: Displaying Static ARP Entries Displaying Dynamic or The ARP cache contains static entries, and entries for local interfaces, including subnet, host, and broadcast addresses. However, most entries will be dynamically Local ARP Entries learned through replies to broadcast messages.

  • Page 378: Configuring Static Routes

    Chapter 16 | General IP Routing Configuring Static Routes (Continued) Table 35: ARP Statistics Parameter Description Sent Request Number of ARP Request packets sent by the router. Sent Reply Number of ARP Reply packets sent by the router. Web Interface To display ARP statistics: Click IP, ARP.

  • Page 379: Figure 246: Configuring Static Routes

    Chapter 16 | General IP Routing Configuring Static Routes ◆ If both static and dynamic paths have the same lowest cost, the first route stored in the routing table, either statically configured or dynamically learned via a routing protocol, will be used. ◆...

  • Page 380: Displaying The Routing Table

    Chapter 16 | General IP Routing Displaying the Routing Table Figure 247: Displaying Static Routes Displaying the Routing Table Use the IP > Routing > Routing Table page to display all routes that can be accessed via local network interfaces, through static routes, or through a dynamically learned route.

  • Page 381: Equal-Cost Multipath Routing

    Chapter 16 | General IP Routing Equal-cost Multipath Routing ◆ Destination IP Address – IP address of the destination network, subnetwork, or host. Note that the address 0.0.0.0 indicates the default gateway for this router. ◆ Net Mask / Prefix Length – Network mask for the associated IP subnet. This mask identifies the host address bits used for routing to specific subnets.
  • Page 382 Chapter 16 | General IP Routing Equal-cost Multipath Routing selects the path with the lowest cost, but can forward traffic over multiple paths if they all have the same lowest cost. ECMP is enabled by default on the switch. If there is only one lowest cost path toward the destination, this path will be used to forward all traffic.

  • Page 383: Figure 249: Setting The Maximum Ecmp Number

    Chapter 16 | General IP Routing Equal-cost Multipath Routing Enter the maximum number of equal-cost paths used to route traffic to the same destination that are permitted on the switch. Click Apply Figure 249: Setting the Maximum ECMP Number – 381 –...
  • Page 384 Chapter 16 | General IP Routing Equal-cost Multipath Routing – 382 –...

  • Page 385: Configuring Router Redundancy

    Configuring Router Redundancy Router redundancy protocols use a virtual IP address to support a primary router and multiple backup routers. The backup routers can be configured to take over the workload if the master router fails, or can also be configured to share the traffic load.

  • Page 386: Configuring Vrrp Groups

    Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups Figure 251: Several Virtual Master Routers Using Backup Routers Master Router Backup Router VRID 23 IP(R1) = 192.168.1.3 IP(VR23) = 192.168.1.3 VRID 23 VR Priority = 255 IP(R3) = 192.168.1.4 IP(VR23) = 192.168.1.3 Master Router VR Priority = 100 VRID 25...
  • Page 387 Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups Command Usage Address Assignment – ◆ To designate a specific router as the VRRP master, the IP address assigned to the virtual router must already be configured on the router that will become the Owner of the group address.
  • Page 388 Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups ◆ You can add a delay to the preempt function to give additional time to receive an advertisement message from the current master before taking control. If the router attempting to become the master has just come on line, this delay also gives it time to gather information for its routing table before actually preempting the currently active master router.
  • Page 389 Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups ◆ Priority – The priority of this router in a VRRP group. (Range: 1-254; Default: 100) The priority for the VRRP group address owner is automatically set to 255. ■ The priority for backup routers is used to determine which router will take ■...

  • Page 390: Figure 253: Configuring The Vrrp Group Id

    Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups Web Interface To configure VRRP: Click IP, VRRP. Select Configure Group ID from the Step List. Select Add from the Action List. Enter the VRID group number, and select the VLAN (i.e., IP subnet) which is to be serviced by this group.

  • Page 391: Figure 255: Setting The Virtual Router Address For A Vrrp Group

    Chapter 17 | Configuring Router Redundancy Configuring VRRP Groups Select a VLAN, a VRRP group identifier, and enter the IP address for the virtual router. Click Apply. Figure 255: Setting the Virtual Router Address for a VRRP Group To show the virtual IP address assigned to a VRRP group: Click IP, VRRP.

  • Page 392: Displaying Vrrp Global Statistics

    Chapter 17 | Configuring Router Redundancy Displaying VRRP Global Statistics Figure 257: Configuring Detailed Settings for a VRRP Group Displaying VRRP Global Statistics Use the IP > VRRP (Show Statistics – Global Statistics) page to display counters for errors found in VRRP protocol packets. Parameters These parameters are displayed: ◆...

  • Page 393: Displaying Vrrp Group Statistics

    Chapter 17 | Configuring Router Redundancy Displaying VRRP Group Statistics Figure 258: Showing Counters for Errors Found in VRRP Packets Displaying VRRP Group Statistics Use the IP > VRRP (Show Statistics – Group Statistics) page to display counters for VRRP protocol events and errors that have occurred on a specific VRRP interface. Parameters These parameters are displayed: ◆...

  • Page 394: Figure 259: Showing Counters For Errors Found In A Vrrp Group

    Chapter 17 | Configuring Router Redundancy Displaying VRRP Group Statistics (Continued) Table 36: VRRP Group Statistics Parameter Description Received Error Address List Number of packets received for which the address list does not match VRRP Packets the locally configured list for the virtual router. Received Invalid Number of packets received with an unknown authentication type.

  • Page 395: Unicast Routing

    Unicast Routing This chapter describes how to configure the following unicast routing protocols: OSPFv2 – Configures Open Shortest Path First (Version 2) for IPv4. Overview This switch can route unicast traffic to different subnetworks using the Open Shortest Path First (OSPF) protocol. It supports OSPFv2 and OSPFv3 dynamic routing.

  • Page 396: Figure 260: Configuring Ospf

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Note: The OSPF protocol implemented in this device is based on RFC 2328 (Version 2). It also supports RFC 1583 (early Version 2) compatibility mode to ensure that the same method is used to calculate summary route costs throughout the network when older OSPF routers exist;...

  • Page 397: Defining Network Areas Based On Addresses

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To implement OSPF for a large network, you must first organize the ■ network into logical areas to limit the number of OSPF routers that actively exchange Link State Advertisements (LSAs).

  • Page 398: Figure 261: Ospf Areas

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 261: OSPF Areas area backbone area CLI References Command Usage ◆ Specify an Area ID and the corresponding network address range for each OSPF broadcast area. Each area identifies a logical group of OSPF routers that actively exchange Link State Advertisements (LSAs) to ensure that they share an identical view of the network topology.

  • Page 399: Figure 262: Defining Ospf Network Areas Based On Addresses

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Netmask – Network mask of the address range to add to the area. ◆ Area ID – Area to which the specified address or range is assigned. An OSPF area identifies a group of routers that share common routing information.

  • Page 400: Configuring General Protocol Settings

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To to show the OSPF areas and the assigned interfaces: Click Routing Protocol, OSPF, Network Area. Select Show from the Action list. Figure 263: Showing OSPF Network Areas To to show the OSPF process identifiers: Click Routing Protocol, OSPF, Network Area.
  • Page 401 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) compatibility mode to ensure that all routers are using the same RFC for calculating summary route costs. Enable this field to force the router to calculate summary route costs using RFC 1583. (Default: Disabled) When RFC 1583 compatibility is enabled, only cost is used when choosing among multiple AS-external LSAs advertising the same destination.

  • Page 402: Figure 265: As Boundary Router

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Default Information ◆ Originate Default Route – Generates a default external route into an autonomous system. Note that the Advertise Default Route field must also be properly configured.

  • Page 403: Displaying Administrative Settings And Statistics

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Web Interface To configure general settings for OSPF: Click Routing Protocol, OSPF, System. Select Configure from the Action list. Select a Process ID, and then specify the Router ID and other global attributes as required.

  • Page 404: Figure 267: Showing General Settings For Ospf

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) (Continued) Table 37: OSPF System Information Parameter Description Originate LSAs The number of new link-state advertisements that have been originated. AS LSA Count The number of autonomous system LSAs in the link-state database. External LSA Count The number of external link-state advertisements in the link-state database.

  • Page 405: Adding An Nssa Or Stub

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Adding an NSSA or Use the Routing Protocol > OSPF > Area (Configure Area – Add Area) page to add a not-so-stubby area (NSSA) or a stubby area (Stub). Stub Command Usage ◆...

  • Page 406: Configuring Nssa Settings

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To show the NSSA or stubs added to the specified OSPF domain: Click Routing Protocol, OSPF, Area. Select Configure Area from the Step list. Select Show Area from the Action list. Select a Process ID.
  • Page 407 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Command Usage ◆ Before creating an NSSA, first specify the address range for the area (see “Defining Network Areas Based on Addresses” on page 395). Then create an NSSA as described under “Adding an NSSA or Stub”...
  • Page 408 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Originate Default Information – When the router is an NSSA Area Border Router (ABR) or an NSSA Autonomous System Boundary Router (ASBR), this option causes it to generate a Type-7 default LSA into the NSSA. This default provides a route to other areas within the AS for an NSSA ABR, or to areas outside the AS for an NSSA ASBR.

  • Page 409: Configuring Stub Settings

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 271: Configuring Protocol Settings for an NSSA Configuring Stub Use the Routing Protocol > OSPF > Area (Configure Area – Configure Stub Area) page to configure protocol settings for a stub. Settings A stub does not accept external routing information.
  • Page 410 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 395). ◆ Area ID – Identifier for a stub. ◆...

  • Page 411: Displaying Information On Nssa And Stub Areas

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 273: Configuring Protocol Settings for a Stub Displaying Use the Routing Protocol > OSPF > Area (Show Information) page to protocol Information on NSSA information on NSSA and Stub areas. and Stub Areas Parameters These parameters are displayed:...

  • Page 412: Configuring Area Ranges (Route Summarization For Abrs)

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 274: Displaying Information on NSSA and Stub Areas Configuring Area An OSPF area can include a large number of nodes. If the Area Border Router (ABR) has to advertise route information for each of these nodes, this wastes a lot of Ranges (Route bandwidth and processor time.

  • Page 413: Figure 276: Configuring Route Summaries For An Area Range

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 395). ◆ Area ID – Identifies an area for which the routes are summarized. The area ID can be in the form of an IPv4 address, or also as a four octet unsigned integer ranging from 0-4294967295.

  • Page 414: Redistributing External Routes

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Select the process ID. Figure 277: Showing Configured Route Summaries Redistributing Use the Routing Protocol > OSPF > Redistribute (Add) page to import external routing information from other routing protocols, static routes, or directly External Routes connected routes into the autonomous system, and to generate AS-external-LSAs.

  • Page 415: Figure 279: Importing External Routes

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Metric Type – Indicates the method used to calculate external route costs. (Options: Type 1, Type 2; Default: Type 1) Metric type specifies the way to advertise routes to destinations outside the autonomous system (AS) through External LSAs.

  • Page 416: Configuring Summary Addresses (For External As Routes)

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To show the imported external route types: Click Routing Protocol, OSPF, Redistribute. Select Show from the Action list. Select the process ID. Figure 280: Showing Imported External Route Types Configuring Summary Redistributing routes from other protocols into OSPF normally requires the router Addresses (for...

  • Page 417: Figure 281: Summarizing External Routes

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ IP Address – Summary address covering a range of addresses. ◆ Netmask – Network mask for the summary route. Web Interface To configure the router to summarize external routing information: Click Routing Protocol, OSPF, Summary Address.

  • Page 418: Configuring Ospf Interfaces

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Configuring OSPF You should specify a routing interface for any local subnet that needs to communicate with other network segments located on this router or elsewhere in Interfaces the network.
  • Page 419 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Set the priority to zero to prevent a router from being elected as a DR or BDR. If set to any value other than zero, the router with the highest priority becomes the DR and the router with the next highest priority becomes the BDR.
  • Page 420 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) ◆ Authentication Type – Specifies the authentication type used for an interface. (Options: None, Simple, MD5; Default: None) Use authentication to prevent routers from inadvertently joining an unauthorized area.

  • Page 421: Figure 283: Configuring Settings For All Interfaces Assigned To A Vlan

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Web Interface To configure OSPF interface for all areas assigned to a VLAN: Click Routing Protocol, OSPF, Interface. Select Configure by VLAN from the Action list. Specify the VLAN ID, and configure the required interface settings.

  • Page 422: Figure 284: Configuring Settings For A Specific Area Assigned To A Vlan

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 284: Configuring Settings for a Specific Area Assigned to a VLAN To show the configuration settings for OSPF interfaces: Click Routing Protocol, OSPF, Interface. Select Show from the Action list. Select the VLAN ID.

  • Page 423: Configuring Virtual Links

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 286: Showing MD5 Authentication Keys Configuring Virtual Use the Routing Protocol > OSPF > Virtual Link (Add) and (Configure Detailed Settings) pages to configure a virtual link from an area that does not have a direct Links physical connection to the OSPF backbone.

  • Page 424: Figure 288: Adding A Virtual Link

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Command Usage ◆ Use the Add page to create a virtual link, and then use the Configure Detailed Settings page to set the protocol timers and authentication settings for the link. The parameters to be configured on the Configure Detailed Settings page are described under “Configuring OSPF Interfaces”...

  • Page 425: Figure 289: Showing Virtual Links

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Select the process ID. Figure 289: Showing Virtual Links To configure detailed settings for a virtual link: Click Routing Protocol, OSPF, Virtual Link. Select Configure Detailed Settings from the Action list. Specify the process ID, then modify the protocol timers and authentication settings as required.

  • Page 426: Displaying Link State Database Information

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 291: Showing MD5 Authentication Keys Displaying Link State Use the Routing Protocol > OSPF > Information (LSDB) page to show the Link State Database Information Advertisements (LSAs) sent by OSPF routers advertising routes.
  • Page 427 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Parameters These parameters are displayed: ◆ Process ID – Process ID as configured in the Network Area configuration screen (see page 395). ◆ Query by – The LSA database can be searched using the following criteria: Self-Originate –...

  • Page 428: Displaying Information On Neighboring Routers

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Figure 292: Displaying Information in the Link State Database Displaying Use the Routing Protocol > OSPF > Information (Neighbor) page to display Information on information about neighboring routers on each interface. Neighboring Routers Parameters These parameters are displayed:...

  • Page 429: Configuring Passive Interfaces

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) Init – Have received Hello packet, but communications not yet established ■ Two-way – Bidirectional communications established ■ ExStart – Initializing adjacency between neighbors ■ Exchange – Database descriptions being exchanged ■...

  • Page 430: Figure 294: Configuring An Ospf Passive Interface

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) passive where an adjacency already exists, the adjacency will drop almost immediately. ◆ Use this command in conjunction with the information provided under “Displaying Information on Neighboring Routers” on page 426 to control the routing updates sent to specific neighbors.

  • Page 431: Figure 295: Showing Ospf Passive Interfaces

    Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) To display information about passive interfaces Click Routing Protocol, OSPF, Passive Interface. Select Show from the Action list. Figure 295: Showing OSPF Passive Interfaces – 429 –...
  • Page 432 Chapter 18 | Unicast Routing Configuring the Open Shortest Path First Protocol (Version 2) – 430 –...

  • Page 433: Appendices

    Section III Appendices This section provides additional information and includes these items: ◆ “Software Specifications” on page 433 ◆ “Troubleshooting” on page 439 ◆ “License Information” on page 441 – 431 –...
  • Page 434 Section III | Appendices – 432 –...

  • Page 435: Software Features

    Software Specifications Software Features Management Local, RADIUS, TACACS+, Port Authentication (802.1X), HTTPS, SSH, Port Security, IP Filter Authentication Client Access Control Access Control Lists (2048 rules), Port Authentication (802.1X), MAC Authentication, Port Security, DHCP Snooping, IP Source Guard Port Configuration 1000BASE-SX/LX - 1000 Mbps full duplex (SFP) 10GBASE-CR/SR/LR/LRM - 10 Gbps full duplex (SFP+) 40GBASET-CR4 - 40 Gbps full duplex (Q...

  • Page 436: Management Features

    Appendix A | Software Specifications Management Features VLAN Support Up to 4094 groups; port-based, protocol-based, tagged (802.1Q) Class of Service Supports eight levels of priority Strict, Weighted Round Robin (WRR), or combination of strict and weighted queueing Layer 3/4 priority mapping: IP Port, IP Precedence, IP DSCP Quality of Service DiffServ supports class maps, policy maps, and service policies Multicast Filtering...

  • Page 437: Standards

    Appendix A | Software Specifications Standards Software Loading HTTP, FTP or TFTP in-band, or XModem out-of-band SNMP Management access via MIB database Trap management to specified hosts RMON Groups 1, 2, 3, 9 (Statistics, History, Alarm, Event) Standards IEEE 802.1AB Link Layer Discovery Protocol IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities Spanning Tree Protocol Rapid Spanning Tree Protocol...

  • Page 438: Management Information Bases

    Appendix A | Software Specifications Management Information Bases RIPv1 (RFC 1058) RIPv2 (RFC 2453) RIPv2, extension (RFC 1724) RMON (RFC 2819 groups 1,2,3,9) SNMP (RFC 1157) SNMPv2c (RFC 1901, 2571) SNMPv3 (RFC DRAFT 2273, 2576, 3410, 3411, 3413, 3414, 3415) SNTP (RFC 2030) SSH (Version 2.0) TELNET (RFC 854, 855, 856)
  • Page 439 Appendix A | Software Specifications Management Information Bases Q-Bridge MIB (RFC 2674Q) QinQ Tunneling (IEEE 802.1ad Provider Bridges) Quality of Service MIB RADIUS Accounting Server MIB (RFC 2621) RADIUS Authentication Client MIB (RFC 2619) RIP1 MIB (RFC 1058) RIP2 MIB (RFC 2453) RIP2 Extension (RFC1724) RMON MIB (RFC 2819) RMON II Probe Configuration Group (RFC 2021, partial implementation)
  • Page 440 Appendix A | Software Specifications Management Information Bases – 438 –...

  • Page 441: Table 38: Troubleshooting Chart

    Troubleshooting Problems Accessing the Management Interface Table 38: Troubleshooting Chart Symptom Action Cannot connect using a ◆ Be sure the switch is powered on. web browser ◆ Check network cabling between the management station and the switch. Make sure the ends are properly connected and there is no damage to the cable.

  • Page 442: Using System Logs

    Appendix B | Troubleshooting Using System Logs Using System Logs If a fault does occur, refer to the Installation Guide to ensure that the problem you encountered is actually caused by the switch. If the problem appears to be caused by the switch, follow these steps: Enable logging.

  • Page 443: C License Information

    License Information This product includes copyrighted third-party software subject to the terms of the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other related free software licenses. The GPL code used in this product is distributed WITHOUT ANY WARRANTY and is subject to the copyrights of one or more authors.
  • Page 444 Appendix C | License Information The GNU General Public License GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program"...
  • Page 445 Appendix C | License Information The GNU General Public License Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange;...
  • Page 446 Appendix C | License Information The GNU General Public License If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded.

  • Page 447: Glossary

    Glossary Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Address Resolution Protocol converts between IP addresses and MAC (hardware) addresses. ARP is used to locate the MAC address corresponding to a given IP address.
  • Page 448 Glossary Domain Name Service. A system used for translating host names for network nodes into IP addresses. DSCP Differentiated Services Code Point Service. DSCP uses a six-bit tag to provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding.
  • Page 449 Glossary IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks.
  • Page 450 Glossary IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to identify IP Multicast group members. In-Band Management Management of the network from a station attached directly to the network. IP Multicast Filtering A process whereby this switch can pass multicast traffic along to participating hosts.
  • Page 451 Glossary Multicast Router Discovery is a A protocol used by IGMP snooping and multicast routing devices to discover which interfaces are attached to multicast routers. This process allows IGMP-enabled devices to determine where to send multicast source and group membership messages. MSTP Multiple Spanning Tree Protocol can provide an independent spanning tree for different VLANs.
  • Page 452 Glossary QinQ QinQ tunneling is designed for service providers carrying traffic for multiple customers across their networks. It is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. Quality of Service. QoS refers to the capability of a network to provide better service to selected traffic flows using features such as data prioritization, queuing, congestion avoidance and traffic shaping.
  • Page 453 Glossary Spanning Tree Algorithm is a technology that checks your network for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest available path, maximizing the performance and efficiency of the network.
  • Page 454 Glossary – 452 –...

  • Page 455: Index

    Index CoS 165 configuring 165 default mapping to internal values 176 authorization & accounting 201 enabling 172 acceptable frame type layer 3/4 priorities 172 ACL 222 priorities, mapping to internal values 176 binding to a port 237 queue mapping IPv4 Extended 227 queue mode 166 IPv4 Standard 227 queue weights, assigning 167...
  • Page 456 Index setting CoS for matching packets 193 HTTPS 211 setting PHB for matching packets 193 configuring 211 replacing SSL certificate 212 single-rate, three-color meter 190 srTCM metering 190 secure-site certificate 212 traffic between CIR and BE, configuring response 194 UDP port, configuring 212 traffic between CIR and PIR, configuring response 195 HTTPS, secure server 211 trTCM metering 195...
  • Page 457 Index static router port, configuring 316 key pair statistics, displaying host 214 TCN flood 314 host, generating unregistered data flooding 315 version exclusive version for interface, setting 323 LACP version, setting 316 admin key 108 with proxy reporting 312 configuration immediate leave, IGMP snooping 322 group attributes, configuring 111 importing user public keys 220...
  • Page 458 Index TLV, location 249 multicast static router port 316 TLV, MED capabilities 249 configuring TLV, network policy multicast storm, threshold 163 local engine ID 269 multicast, filtering and throttling 332 logging multicast, static router port 316 messages, displaying syslog traps 244 to syslog servers 244 log-in, web interface 40 authentication keys, specifying 74...
  • Page 459 Index transmit delay over interface 417 virtual link 421 QoS 185 virtual links, displaying configuration guidelines 186 configuring 185 CoS/CFI to PHB/drop precedence 176 DSCP to PHB/drop precedence packet block IP Port to PHB/drop precedence broadcast 163 IP precedence to PHB/drop precedence 180 multicast 163 matching class settings unknown multicast...
  • Page 460 Index interface settings, displaying interface settings, displaying 152 link type 151 maximum age 145 MSTP interface settings, configuring 159 secure shell 214 MSTP path cost 160 configuration path cost 150 security, general measures 201 path cost method 145 serial port, configuring port priority 150 Simple Network Management Protocol See SNMP protocol migration...
  • Page 461 Index transceiver data configuring trap thresholds 102 – VLANs 123 displaying acceptable frame type 128 transceiver data, displaying 100 adding static members trap manager configuring port members, VLAN index 130 troubleshooting 439 creating 125 trTCM description police meter 195 displaying port members 130 QoS policy 191 displaying port members by interface trunk...

Table of Contents