Enterasys SmartSwitch 2200 Management Supplement
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Switch
  5. SmartSwitch 2200
  6. Management supplement
Enterasys SmartSwitch 2200 Management Supplement

Enterasys SmartSwitch 2200 Management Supplement

802.1q vlan user’s guide local management supplement
Hide thumbs Also See for SmartSwitch 2200:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installer and User Manual
802.1Q VLAN User's Guide
Local Management Supplement
9033135-02

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SmartSwitch 2200 and is the answer not in the manual?

Questions and answers

Related Manuals for Enterasys SmartSwitch 2200

Summary of Contents for Enterasys SmartSwitch 2200

  • Page 1 802.1Q VLAN User’s Guide Local Management Supplement 9033135-02...
  • Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.

  • Page 5: Table Of Contents

    INTRODUCTION Using This Supplement ... 1-2 Structure of This Document ... 1-2 Overview of the Revision ... 1-2 LOCAL MANAGEMENT SCREENS Revised Hierarchy... 2-1 Screen Format ... 2-1 VLAN Classification Configuration Screen... 2-2 2.3.1 2.3.2 2.3.3 2.3.4 Protocol Port Configuration Screen... 2-13 2.4.1 CONFIGURATION EXAMPLES Example 4, Isolating Network Traffic According to Protocol ...
  • Page 6 Figures Figure 802.1Q VLAN Screen Hierarchy ... 2-1 Example of a Local Management Screen ... 2-2 VLAN Classification Configuration Screen... 2-3 Protocol Port Configuration Screen ... 2-13 Example 4, Isolating Traffic According to Protocol ... 3-2 Example 5, Filtering Traffic According to a Classification ... 3-5 Example 6, Securing Traffic to One Subnet...
  • Page 7 Table Classification List ... 2-4 Classification Precedence ... 2-9 Tables Page Tables Tables...

  • Page 9: Important Notice

    The firmware in the SmartSwitch 2200 standalone devices and SmartSwitch 6000 modules has been revised up to 3.10.xx and 3.11.xx. This document provides the following changes and additions to the 802.1Q VLAN User’s Guide (9032599-03) as a result of both firmware revisions.

  • Page 10: Introduction

    OVERVIEW OF THE REVISION Firmware revisions for the SmartSwitch 2200/6000 series devices allow network administrators to classify frames received by the switch based on specific Layer 2, 3, and 4 information. The classification is used for two independent functions: •...
  • Page 11 Overview of the Revision Traffic Filtering Any unwanted protocol types, possibly originating from a shared segment, can be filtered-out of the switched network altogether by disallowing that protocol at the ingress switch port (port receiving the frames). Traffic Security Any well-known or proprietary protocol can be confined to authorized switched ports/users.

  • Page 13: Local Management Screens

    This chapter describes the new VLAN Classification Configuration screen and the revised Port Protocol Configuration screen that replace the Protocol VLAN Configuration and Protocol Port Configuration screens, respectively, in the 802.1Q VLAN User’s Guide (PN 9032599-03). REVISED HIERARCHY The 802.1Q VLAN Configuration Menu screen hierarchy has changed as shown in Figure 2-1 802.1Q VLAN Screen Hierarchy SCREEN FORMAT Since the top part of the screen contains the same type of information (the name of the screen, the...

  • Page 14: Vlan Classification Configuration Screen

    VLAN Classification Configuration Screen Figure 2-2 Example of a Local Management Screen VLAN CLASSIFICATION CONFIGURATION SCREEN The VLAN Classification Configuration screen, • Display the VLAN ID (VID), Protocol Classification, and Description of each classification of the current entries • Assign VLANs according to Classification rules •...

  • Page 15: Vlan Classification Configuration Screen

    When a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented. Instead, the frame is processed by the SmartSwitch device according to the information contained in the 802.1Q frame tag. NOTE: The VLAN Classification Configuration screen does not display when the operational mode of the device is set to SECURE FAST VLAN.
  • Page 16 VLAN Classification Configuration Screen Classification (Selectable) - Top of Screen Displays the classification associated with the VLAN in the VID column and may be selected to call up the Protocol Port Configuration screen. Description (Selectable) - Top of Screen Provides the description of the classification. VID (Modifiable) Used to enter the VID of a VLAN to be associated with the classification selected in the Classification field.
  • Page 17 Table 2-1 Classification List (Continued) Classification Subclassification and Options 802.3 SAP> SSAP/DSAP (803.2): IP TOS Type of Service: 0x0000 IP Protocol Type IP Protocol Type: IPX COS IPX Class Of Service: IPX Packet Type IPX Packet Type Src IP Address IP Address: 000.000.000.000 Dest IP Address...
  • Page 18 VLAN Classification Configuration Screen Table 2-1 Classification List (Continued) Classification Subclassification and Options Dest IPX Network IPX Network Num: 0x00000000 Bil IPX Network IPX Network Num: 0x00000000 Src UDP Port IP UDP Port: Dest UDP Port IP UDP Port: Bil UDP Port IP UDP Port: Local Management Screens FTP Data...
  • Page 19 Table 2-1 Classification List (Continued) Classification Subclassification and Options Src TCP Port TCP Port: Dest TCP Port TCP Port: Bil TCP Port TCP Port: Src IPX Socket IPX Socket: Dest IPX Socket IPX Socket: FTPData BOOTP Server BOOTP Client Telnet TFTP HTTP SMTP...

  • Page 20: Classification Precedence Rules

    VLAN Classification Configuration Screen Table 2-1 Classification List (Continued) Classification Subclassification and Options Bil IPX Socket IPX Socket: 1. Bold type indicates a user entry. ADD (Command) Used to add the current VID and Classification selections to the screen. For details about how to add an entry, refer to Section DEL ALL/DEL MARKED (Command)
  • Page 21 Table 2-2 Classification Precedence Classification Type Layer 2 EtherType Layer 3 IP TOS IP Type IPX COS IPX Type Layer 3 Source IP Address Exact Match Source IP Address Best Match Destination IP Address Exact Match Destination IP Address Best Match Source IPX Network Number Destination IPX Network Number VLAN Classification Configuration Screen...
  • Page 22 VLAN Classification Configuration Screen Table 2-2 Classification Precedence (Continued) Classification Type Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination The precedence concept is illustrated in the following example: Example A network administrator has defined the following two classifications involving VLANs: •...

  • Page 23: Displaying The Current Vid/Classification Assignments

    2.3.2 Displaying the Current VID/Classification Assignments Before assigning classifications to VLANs, you may want to see which ports are set to a particular VLAN/Classification. To do this, the Protocol Port Configuration screen must be displayed. While in that screen, ports may be enabled or disabled from the VLAN/Classification. NOTE: It is strongly recommended that you read concerning classification before configuring the SmartSwitch device.

  • Page 24: Deleting Line Items

    VLAN Classification Configuration Screen 7. In some cases, a selection in the subclassification field requires a user defined value to be entered in a third field to the right of the subclassification field. If so, use the arrow keys to highlight that third field.

  • Page 25: Protocol Port Configuration Screen

    PROTOCOL PORT CONFIGURATION SCREEN The Protocol Port Configuration screen a. display the ports, b. show which ports are set to the line item containing the VID/ Classification (classification rule) of interest in the VLAN Classification Configuration screen described in c. add or remove ports from being associated with the classification rule, and d.
  • Page 26 Protocol Port Configuration Screen The following describes the fields of the Protocol Port Configuration screen: Protocol Information Field (Read-Only) Displays the classification rule of the line selected in the VLAN Classification Configuration screen. For example, in Figure IP) – was selected in the VLAN Classification Configuration screen to access the Protocol Port Configuration screen.

  • Page 27: Assigning Ports To A Classification Rule

    The SET PORTS TO VLAN FORWARDING field toggles between NO and YES. NO is the default setting and has no other function. YES will map all port(s) set to Classify/YES to the VLAN FORWARDING LIST and set their port frame format to untagged. NOTE: Once a port has been assigned to the VLAN Forwarding List, the port can only be removed from the list using the VLAN Forwarding Configuration screen described in the 802.1Q VLAN User’s Guide...
  • Page 28 Protocol Port Configuration Screen Assigning Ports to the VLAN Forwarding List NOTE: The ports can only be added to the VLAN Forwarding List of an existing VLAN. If the VLAN does not exist, it must be created before the ports can be assigned to the VLAN Forwarding List.

  • Page 29: Configuration Examples

    This chapter provides a revised version of the current Example 4 and adds two new examples. The examples show how the VLAN Classification Configuration and Protocol Port Configuration screens can be used to contain, filter, and secure network traffic. EXAMPLE 4, ISOLATING NETWORK TRAFFIC ACCORDING TO PROTOCOL This example illustrates how to contain AppleTalk protocol traffic to prevent unwanted multicast frames from slowing down the whole network and yet be able to send and receive frames...

  • Page 30: Solving The Problem

    Switch 5 will be configured to isolate all AppleTalk protocol frame traffic to the devices in the Gray VLAN and all other protocol traffic to the Yellow VLAN. Switch 3 will link the traffic from Switch 5 to the buildings network backbone.
  • Page 31 Switch 4. Ports 2, 3, 4, 5, 6, 7, and 8 of Switch 5 are connected to the Publication Department devices. These ports will be configured to classify all AppleTalk frames into the AppleTalk VLAN (Gray). The same ports will also be configured to classify all other protocol frames into a second VLAN (Yellow).
  • Page 32 3. To allow all frames (except the AppleTalk frames, which will be prevented in steps 4 and 5) from being transmitted out Port 1 to Switch 3 and the network backbone, Port VLAN IDs are assigned to all switch ports using the Port Assignment screen, as follows: •...

  • Page 33: Example 5, Filtering Traffic According To A Classification

    Ports 2 through 8, the frame would be part of the Yellow VLAN and transmitted out Port 1 as a tagged frame to Switch 3. The frame would be handled in the same manner as described in the previous examples to route the frame to the Mail Server on the first floor.

  • Page 34: Solving The Problem

    Then each switch will be configured with a Layer 4 classification rule that will classify each RIP broadcast frame received on Port 25 of each switch to the Null VLAN. Since the Null VLAN is not associated with any ports, the frame will be dropped and not transmitted out any port.

  • Page 35: Solving The Problem

    To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department Subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem. Switch 1...
  • Page 37 Assigning Ports to a VID/Classification all at a time 2-15 one or more at a time 2-15 Assigning Ports to VLAN Forwarding List Classification Rule filtering traffic according to Filtering Network Traffic According to a Layer 4 Classification Rule Isolating Network Traffic According to Protocol Network Traffic filtering...

This manual is also suitable for:

Smartswitch 6000

Table of Contents