Enterasys SmartSwitch 6000 User Manual
  1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Switch
  5. SmartSwitch 6000
  6. User manual
Enterasys SmartSwitch 6000 User Manual

Enterasys SmartSwitch 6000 User Manual

Local management
Hide thumbs Also See for SmartSwitch 6000:
1
2
3
4
5
6
Table Of Contents
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
Table of Contents

Advertisement

Quick Links

See also: Supplemental User's Manual
Matrix E7 Series and
SmartSwitch 6000 Series Modules
(6H2xx, 6E2xx, 6H3xx, and 6G3xx)
Local Management User's Guide
9033528-06

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SmartSwitch 6000 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Enterasys SmartSwitch 6000

Summary of Contents for Enterasys SmartSwitch 6000

  • Page 1 Matrix E7 Series and SmartSwitch 6000 Series Modules (6H2xx, 6E2xx, 6H3xx, and 6G3xx) Local Management User’s Guide 9033528-06...
  • Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. The reader should in all cases consult Enterasys Networks to determine whether any such changes have been made.

  • Page 4: Program License Agreement

    CAREFULLY READ THIS LICENSE AGREEMENT. This document is an agreement (“Agreement”) between the end user (“You”) and Enterasys Networks, Inc. on behalf of itself and its Affiliates (as hereinafter defined) (“Enterasys”) that sets forth Your rights and obligations with respect to the Enterasys software program (including any accompanying documentation, hardware or media) (“Program”) in the...
  • Page 5 52.227-19 (a) through (d) of the Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the Government is subject to restrictions set forth herein.
  • Page 6 Enterasys and, accordingly, You hereby agree to maintain complete books, records and accounts showing (i) license fees due and paid, and (ii) the use, copying and deployment of the Program. You also grant to Enterasys and its authorized representatives, upon reasonable notice, the right to audit and examine during Your normal business...

  • Page 7: Table Of Contents

    Figures ...xii Tables...xv ABOUT THIS GUIDE Using This Guide...xiv Structure of This Guide ...xv Related Documents... xvii Document Conventions... xvii Typographical and Keystroke Conventions... xviii INTRODUCTION Overview ... 1-1 1.1.1 1.1.2 Navigating Local Management Screens ... 1-3 Local Management Requirements ... 1-4 Local Management Screen Elements ...
  • Page 8 Module Selection Screen ... 3-9 3.4.1 Module Menu Screen ... 3-12 Overview of Security Methods ... 3-15 3.6.1 3.6.2 3.6.3 3.6.4 Security Menu Screen... 3-26 Passwords Screen ... 3-29 3.8.1 Radius Configuration Screen ... 3-31 3.9.1 3.9.2 3.10 Name Services Configuration Screen ... 3-35 3.11 System Authentication Configuration Screen...
  • Page 9 Configuring the Trap Table ... 5-24 Entering IP Addresses ... 5-28 Enable/Disable ACL... 5-29 Setting the Reset Peak Switch Utilization ... 5-31 Image File Download Using Runtime... 5-36 Configuration File Download Using TFTP... 5-37 Configuration File Upload Using TFTP ... 5-38...
  • Page 10 PORT CONFIGURATION MENU SCREENS Port Configuration Menu Screen... 6-2 Ethernet Interface Configuration Screen... 6-4 Ethernet Port Configuration Screen ... 6-8 6.3.1 6.3.2 HSIM/VHSIM Configuration Screen ... 6-13 Redirect Configuration Menu Screen ... 6-14 Port Redirect Configuration Screen ... 6-16 6.6.1 VLAN Redirect Configuration Screen...
  • Page 11 Deleting Line Items ... 8-34 Assigning Ports to a VID/Classification... 8-37 Setting Switch Port Priority Port-by-Port ... 9-6 Setting Switch Port Priority on All Ports ... 9-7 Assigning the Traffic Class to Port Priority... 9-11 Setting the Current Queueing Mode ... 9-15 Classification Precedence Rules ...
  • Page 12 Layer 3 Extensions Menu Screen ... 10-2 10.2 IGMP/VLAN Configuration Screen... 10-3 10.2.1 MODULE STATISTICS MENU SCREENS 11.1 Module Statistics Menu Screen... 11-2 11.2 Switch Statistics Screen... 11-4 11.3 Interface Statistics Screen ... 11-6 11.3.1 11.4 RMON Statistics Screen ... 11-10 11.4.1 11.5 Chassis Environmental Statistics Configuration Screen ...
  • Page 13 13.9 Summary of VLAN Local Management... 13-14 13.9.1 13.10 Quick VLAN Walkthrough ... 13-16 13.11 Examples ... 13-21 13.12 Example 1, Single Switch Operation... 13-22 13.12.1 13.12.2 13.13 Example 2, VLANs Across Multiple Switches ... 13-24 13.13.1 13.13.2 13.14 Example 3, Filtering Traffic According to a Layer 4 Classification Rule... 13-32 13.14.1...

  • Page 14: Figures

    Figures Figure Example of a Local Management Screen ... 1-5 Management Terminal Connection... 2-2 Uninterruptible Power Supply (UPS) Connection ... 2-5 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 1 of 3) ... 3-2 802.1Q Switching Mode, Module, LM Screen Hierarchy (Page 2 of 3) ... 3-3 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 3 of 3) ...
  • Page 15 Figure Clear NVRAM Warning ... 5-17 SNMP Configuration Menu Screen ... 5-19 SNMP Community Names Configuration Screen... 5-21 SNMP Traps Configuration Screen ... 5-23 5-10 Access Control List Screen ... 5-26 5-11 System Resources Information Screen... 5-30 5-12 Flash Download Configuration Screen... 5-33 Port Configuration Menu Screen (in Agg Mode, HUNTGROUP) ...
  • Page 16 Example, Dynamic Egress Application ...12-40 13-1 Example of a VLAN ...13-3 13-2 View from Inside the Switch...13-9 13-3 Switch Management with Only Default VLAN...13-12 13-4 Switch Management with VLANs...13-13 13-5 802.1Q VLAN Screen Hierarchy...13-15 13-6 Walkthrough Stage One, Static VLAN Configuration Screen ...13-17 13-7 Walkthrough Stage Two, Port 3 Egress Setting ...13-18...
  • Page 17 Table Event Messages ... 1-6 Keyboard Conventions ... 1-8 VT Terminal Setup... 2-3 Main Menu Screen Menu Item Descriptions... 3-9 Module Selection Screen Field Descriptions ... 3-11 Module Menu Screen Menu Item Descriptions... 3-13 Authentication Terms and Abbreviations ... 3-19 MAC / 802.1X Precedence States ...
  • Page 18 Table Flash Download Configuration Screen Field Descriptions...5-34 Port Configuration Menu Screen Menu Item Descriptions ...6-3 Ethernet Interface Configuration Screen Field Descriptions ...6-5 Ethernet Port Configuration Screen Field Descriptions ...6-9 Redirect Configuration Menu Screen Field Menu Item Descriptions ...6-15 Port Redirect Configuration Screen Field Descriptions...6-18 VLAN Redirect Configuration Screen Field Descriptions ...6-22 802.3ad Main Menu Screen Menu Item Descriptions ...6-29 802.3ad Port Screen Field Descriptions ...6-30...
  • Page 19 Table 11-1 Module Statistics Menu Screen Menu Item Descriptions ... 11-3 11-2 Switch Statistics Screen Field Descriptions... 11-5 11-3 Interface Statistics Screen Field Descriptions ... 11-7 11-4 RMON Statistics Screen Field Descriptions ... 11-11 11-5 Chassis Environmental Statistics Configuration Screen Field Descriptions ... 11-15 12-1 Built-In Commands ...

  • Page 21: Using This Guide

    Welcome to the Enterasys Networks Matrix E7 Series and SmartSwitch 6000 Series Modules (6H2xx, 6E2xx, 6H3xx and 6G3xx) Local Managment User’s Guide. This manual explains how to access and use the Local Management screens to monitor and manage the switch modules, the attached segments, and the SmartSwitch 6C105 or Matrix E7 6C107 chassis.

  • Page 22: Structure Of This Guide

    Access Control List (ACL) for additional security, access system resource information, download a new firmware image to the switch module, provide access to menu screens to configure ports, and configure the switch module for 802.1, 802.1Q VLAN, and layer 3 operations.
  • Page 23 IGMP (Internet Group Management Protocol, RFC 2236) on selected VLANs, or globally on all VLANs that are available. Chapter Module Statistics Menu screens to gather statistics about the switch, interfaces, RMON, and HSIM/VHSIM and, if the device is a repeater, repeater statistics. Chapter Network Tools This chapter also includes examples for each command.

  • Page 24: Related Documents

    Related Documents RELATED DOCUMENTS The following Enterasys Networks documents may help to set up, control, and manage the switch module: • 6C105 SmartSwitch 6000 Overview and Setup Guide • Matrix E7 Chassis Overview and Setup Guide • SmartTrunk User’s Guide •...

  • Page 25: Typographical And Keystroke Conventions

    TYPOGRAPHICAL AND KEYSTROKE CONVENTIONS bold type Bold type can denote either a user input or a highlighted screen selection. RETURN Indicates either the ENTER or RETURN key, depending on your keyboard. Indicates the keyboard Escape key. SPACE bar Indicates the keyboard space bar key. BACKSPACE Indicates the keyboard backspace key.

  • Page 27: Introduction

    6H302-48 modules with a serial number starting with 3655. For the 4.x firmware track, 4.08.41 or higher must be used on 6H302-48 modules with a serial number starting with 3655. OVERVIEW Enterasys Networks Local Management is a management tool that allows a network manager to perform the following tasks: •...
  • Page 28 Configure the switch to operate as a Generic Attribute Registration Protocol (GARP) module to dynamically create VLANs across a switched network. • Configure the module to control the rate of network traffic entering and leaving the switch on a per port/priority basis. •...

  • Page 29: The Management Agent

    Out-of-band network management passes data along a medium that is entirely separate from the common data carrier of the network, for example, a cable connection between a terminal and a switch module COM port. Enterasys Networks Local Management is an out-of-band network management system.

  • Page 30: Local Management Requirements

    You can also access Local Management using a Telnet connection through one of the network ports of the switch module. NOTE: For details on how to connect a console to the switch module, the setup parameters for the console, or how to make a telnet connection, refer to...

  • Page 31: Example Of A Local Management Screen

    Local Management Screen Elements Figure 1-1 Example of a Local Management Screen Introduction...

  • Page 32: Event Messages

    Local Management Screen Elements Event Message Field This field briefly displays messages that indicate if a Local Management procedure was executed correctly or incorrectly, that changes were saved or not saved to Non-Volatile Random Access Memory (NVRAM), or that a user did not have access privileges to an application. Table 1-1 describes the most common event messages.

  • Page 33: Display Fields

    Local Management Screen Elements Display Fields Display fields cannot be edited. These fields may display information that never changes, or information that may change as a result of Local Management operations, user selections, or network monitoring information. In the screens shown in this guide, the characters in the display fields are in plain type (not bold).

  • Page 34: Local Management Keyboard Conventions

    Local Management Keyboard Conventions LOCAL MANAGEMENT KEYBOARD CONVENTIONS All key names appear as capital letters in this manual. and the key functions that are used. Table 1-2 Keyboard Conventions Function ENTER Key Used to enter data or commands. These keys perform the same Local Management function.

  • Page 35: Getting Help

    GETTING HELP For additional support related to the module or this document, contact Enterasys Networks using one of the following methods: World Wide Web http://www.enterasys.com/ Phone (603) 332-9400 Internet mail support@enterasys.com ftp://ftp.enterasys.com Login anonymous Password your email address To send comments or suggestions concerning this document, contact the Technical Writing Department via the following email address: TechWriting@enterasys.com...

  • Page 37: Local Management Requirements

    Monitoring an Uninterruptible Power Supply connection from the COM port to an American Power Conversion (APC) Uninterruptible Power Supply (UPS) device. This type of connection enables the switch module to monitor the power status in case of a power loss.

  • Page 38: Console Cable Connection

    Use the Console Cable Kit provided with the chassis to attach the management terminal to the switch module COM port as shown in To connect the switch module to a PC or compatible device running the VT terminal emulation, proceed as follows: 1.

  • Page 39: Vt Terminal Setup

    2.1.2 Management Terminal Setup Parameters Table 2-1 lists the setup parameters for the local management terminal. Table 2-1 VT Terminal Setup Display Setup Menu Columns -> Controls -> Auto Wrap -> Scroll -> Text Cursor -> Cursor Style -> General Setup Menu Mode ->...

  • Page 40: Telnet Connections

    COM port as shown in follows: 1. Connect the RJ45 connector at one end of the cable to the COM port on the switch module. 2. Plug the RJ45 connector at the other end of the cable into the RJ45-to-DB9 male (UPS) adapter (Enterasys Networks part number, 9372066).

  • Page 41: Uninterruptible Power Supply (Ups) Connection

    Monitoring an Uninterruptible Power Supply Figure 2-2 Uninterruptible Power Supply (UPS) Connection Local Management Requirements...

  • Page 43: Accessing Local Management

    Section 3.6. NAVIGATING LOCAL MANAGEMENT SCREENS The switch module Local Management application consists of a series of menu screens. Navigate through Local Management by selecting items from the menu screens. The hierarchy of the Local Management screens is shown in Figure 3-4.

  • Page 44: Q Switching Mode, Chassis, Lm Screen Hierarchy (Page 1 Of 3)

    3-1, so the screen selection starts with the Password screen and skips to the Module Selection screen. If an additional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM is installed in a switch, an additional statistics screen selection (not shown in Module Statistics Menu screen.

  • Page 45: Q Switching Mode, Module, Lm Screen Hierarchy (Page 2 Of 3)

    Priority Classification Configuration Configuration Configuration Configuration Rate Limiting Rate Limiting IGMP/VLAN IGMP/VLAN Configuration Configuration Switch Statistics Switch Statistics Interface Statistics Interface Statistics Passwords RMON Statistics RMON Statistics Chassis Environment Statistics Configuration Chassis Environment Statistics Configuration Radius Configuration Name Services Configuration...

  • Page 46: Selecting Local Management Menu Screen Items

    Navigating Local Management Screens Figure 3-3 802.1Q Switching Mode, Chassis, LM Screen Hierarchy (Page 3 of 3) Security 3.1.1 Selecting Local Management Menu Screen Items Select items on a menu screen by performing the following steps: 1. Use the arrow keys to highlight a menu item. 2.

  • Page 47: Using The Next And Previous Commands

    Using the RETURN Command To exit LM using the RETURN command, proceed as follows: 1. Use the arrow keys to highlight the RETURN command at the bottom of the Local Management screen. 2. Press ENTER. The previous screen in the Local Management hierarchy displays. NOTE: The user can also exit Local Management screens by pressing ESC twice.

  • Page 48: Password Screen

    NOTE: You can set the same string as a Security password and SNMP Community Name. This will allow you to access and manage the switch whether you are starting a Local Management session via a Telnet connection or local COM port connection, or using a network SNMP management application.

  • Page 49: Local Management Chassis/Module Password Screen

    Screen Example Figure 3-4 Local Management Chassis/Module Password Screen Enter the Password and press ENTER. The default super-user access password is “public” or press ENTER. NOTE: The password is one of the passwords configured in the Module Login Password screen. Access to certain Local Management capabilities depends on the degree of access accorded that password.

  • Page 50: Main Menu Screen

    When to Use To access the two major sets of Local Management screens used to configure the chassis and the switch modules installed in the chassis. How to Access Enter a valid password in the Local Management Password screen as described in press ENTER.

  • Page 51: Module Selection Screen

    NOTE: If the terminal is idle for several minutes the Local Management Password screen redisplays and the session ends. This idle time can be changed in the General Configuration screen in Menu Descriptions Table 3-1 Main Menu Screen Menu Item Descriptions Menu Item Screen Function CHASSIS...

  • Page 52: Module Selection Screen

    Module Selection Screen How to Access Use the arrow keys to highlight the MODULES menu item in the Module Selection screen, and press ENTER. The Module Selection screen, Screen Example Figure 3-6 Module Selection Screen 3-10 Accessing Local Management Figure 3-6, displays.

  • Page 53: Selecting A Module

    Display the type of interface module that is installed in each slot. (Read-Only) Serial # Display the serial number of the module. The serial number of the (Read-Only) device is necessary when calling Enterasys Networks concerning the module. Hardware Revision Display the hardware version of the module. (Read-only) 3.4.1...

  • Page 54: Module Menu Screen

    Password > Main Menu > Module Selection > Module Menu For 6C107 chassis: Password > Module Selection > Module Menu When to Use To access the Local Management screens for the switch module selected in the Module Selection screen. How to Access Use the procedure described in...

  • Page 55: Module Menu Screen Menu Item Descriptions

    Tree Configuration Menu screen, 802.1Q VLAN Configuration Menu screen, and the 802.1p Configuration Menu screen. These screens are used to set the basic switch operations, and provide access to screens to configure VLANs, and assign port priorities. For details about the screens, refer to: •...
  • Page 56 A different password can be set for each access policy. To prevent clearing the passwords, hardware switch 8 on the board of the device can be disabled using this screen. For an overview of the security available on this switch module, refer to...

  • Page 57: Overview Of Security Methods

    Security screen described in • SNMP Community String – allows access to the switch module via a network SNMP management application. To access the switch module, you must enter an SNMP Community Name string. The level of management access is dependent on the SNMP Community Name and...

  • Page 58: Host Access Control Authentication (Haca)

    For more information, refer to • MAC Authentication – provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices directly attached to switch module ports. For more information, refer to Section 3.6.1...
  • Page 59 All radius values, except the server IPs and shared secrets, are assigned reasonable default values when radius is installed on a new switch module. The defaults are as follows: • Client, disabled •...
  • Page 60 Overview of Security Methods When the Radius Client is active on the switch module, the user is presented with an authorization screen, prompting for a user login name and password when attempting to access the host IP address via the local console LM, Telnet to LM, or WebView application. The embedded Radius Client encrypts the information entered by the user and sends it to the Radius Server for validation.

  • Page 61: Authentication Terms And Abbreviations

    When configured in conjunction with NetSight Policy Manager and Radius server(s), Enterasys Networks’ switch modules can dynamically administer user based policy that is specifically tailored to the end user’s needs.

  • Page 62: Security Overview

    Authenticators reside in edge switches. They shuffle messages and tell the switch when to grant or deny access, but do not validate logins. User validation is the job of authentication servers. This separation of functions allows network managers to put authentication servers on central servers.

  • Page 63: Mac Authentication Overview

    If the string exists and it refers to a currently configured policy in this switch, then the port receives this new policy. If authenticated, but the authorized policy is invalid or non-existent, then the port forwards the frame normally according to the port default policy, if one exists.

  • Page 64: Authentication

    If a switch port is configured to enable both 802.1X and MAC Authentication, then it is possible for the switch to receive a start or a response 802.1X frame while a MAC Authentication is in progress. If this situation, the switch immediately aborts MAC Authentication. The 802.1X authentication then proceeds to completion.

  • Page 65: Mac / 802.1X Precedence States

    Table 3-5 MAC / 802.1X Precedence States 802.1X Port Port Authen- Control Control ticated? Force Don’t Don’t Authorized Care Care Force Don’t Don’t Authorized Care Care Auto Enabled Auto Enabled Auto Enabled Auto Enabled Auto Enabled Autho- Default rized Policy Policy Exists? Exists?
  • Page 66 Overview of Security Methods Table 3-5 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Control Control Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Force Enabled Unauthori- zation Force Enabled Unauthori- zation Force Enabled Unauthori- zation Force Enabled Unauthori- zation...

  • Page 67: Mac Authentication Control

    Table 3-5 MAC / 802.1X Precedence States (Continued) 802.1X Port Port Authen- Control Control ticated? Force Enabled Unauthori- zation Force Disabled Don’t Unauthori- Care zation 3.6.4 MAC Authentication Control This global variable can be set to enabled or disabled. If set to enabled, then a.

  • Page 68: Security Menu Screen

    Security Menu Screen SECURITY MENU SCREEN Screen Navigation Path For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Security Menu For 6C107 chassis: Password > Module Selection > Module Menu > Security Menu When to Use To access the Passwords, Radius Configuration, Name Services Configuration, System Authentication Configuration, EAP Configuration, EAP Statistics Menu, MAC Port Configuration, and MAC Supplicant Configuration screens.

  • Page 69: Security Menu Screen Menu Item Descriptions

    For details, refer to Section Used to configure the Radius Client Parameters on the switch, primary server, and secondary server. For details, refer to Used to set parameters for personalized Web authentication, including the URL and IP of the Secure Harbour web page.
  • Page 70 Security Menu Screen Table 3-6 Security Menu Screen Menu Item Descriptions (Continued) Menu Item SYSTEM AUTHENTICATION CONFIGURATION CONFIGURATION EAP STATISTICS MAC PORT CONFIGURATION MAC SUPPLICANT CONFIGURATION 3-28 Accessing Local Management Screen Function Used to enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports.

  • Page 71: Module Login Passwords Screen

    Local Management access (super-user, read-write and read-only) via serial console or telnet connection. This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords. How to Access Use the arrow keys to highlight the PASSWORDS menu item on the Security Menu screen and press ENTER.

  • Page 72: Module Login Passwords Screen Field Descriptions

    Switch 8 Enable or disable the function of hardware switch S8 on the main (Toggle) board of the device. When set to ENABLED, S8 can be used to clear the password. When set to DISABLED, S8 cannot be used to clear the password.

  • Page 73: Setting The Module Login Password

    Access Policy. 2. Press ENTER. 3. To disable the function of switch S8 so the passwords cannot be cleared, use the arrow keys to highlight the Switch 8 field. 4. Press the SPACE bar to select DISABLED.

  • Page 74: Radius Configuration Screen

    Radius Configuration Screen How to Access Use the arrow keys to highlight the RADIUS CONFIGURATION menu item on the Security Menu screen and press ENTER. The Radius Configuration screen, Screen Example Figure 3-10 Radius Configuration Screen Field Descriptions Refer to Table 3-8 for a functional description of each screen field.
  • Page 75 Table 3-8 Radius Configuration Screen Field Descriptions (Continued) Use this field… To… Last Resort Accept, Challenge, and Reject, which do the following: Action/Local (Selectable) For more details, refer to To set local and remote servers, refer to Last Resort Accept, Challenge, and Reject, which do the following: Action/Remote (Selectable) For more details, refer to...

  • Page 76: Setting The Last Resort Authentication

    Radius Configuration Screen 3.9.1 Setting the Last Resort Authentication The Radius client can be configured to use primary and secondary servers. If the primary server does not respond within the specified number of retries during the specified time-out period, the client will then attempt to authenticate using the secondary server.

  • Page 77: Name Services Configuration Screen

    Use this screen when enabling Port-based Web authentication. This screen can also be used to configure the global Secure Harbour name and IP address. The user can Enable/Disable Name Services and associate the switch name with the Secure Harbour IP address. How to Access Use the arrow keys to highlight the NAME SERVICES CONFIGURATION menu item on the Security Menu screen and press ENTER.

  • Page 78: Name Services Configuration Screen Field Descriptions

    (Toggle) 3-36 Accessing Local Management NOTE: The switch Name and the Secure Harbour IP must be globally unique within your network and the end switch must contain the identical information. NOTE: The Switch Name and the Secure Harbour IP must be globally unique within your network and the end switch must contain the identical information.

  • Page 79: System Authentication Configuration Screen

    System Authentication Configuration Screen 3.11 SYSTEM AUTHENTICATION CONFIGURATION SCREEN When to Use To enable or disable an authentication type for the device, and to display the authentication type and authentication status (enabled or disabled) for all ports. How to Access Use the arrow keys to highlight the SYSTEM AUTHENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER.

  • Page 80: System Authentication Configuration Screen Field Descriptions

    MAC authentication limits access to the network by validating the MAC address of their connected devices. EAP MAC enables using both MAC and EAP authentication methods concurrently for security. NONE turns off all port authentication in the switch. The default is NONE.

  • Page 81: Eap (Port) Configuration Screen

    EAP (Port) Configuration Screen 3.12 EAP (PORT) CONFIGURATION SCREEN When to Use To configure authentication settings for each port. How to Access Use the arrow keys to highlight the EAP CONFIGURATION menu item on the Security Menu screen and press ENTER. The EAP Port Configuration screen, Figure 3-13, displays.

  • Page 82: Eap Port Configuration Screen Field Descriptions

    EAP (Port) Configuration Screen Field Descriptions Refer to Table 3-11 for a functional description of each screen field. Table 3-11 EAP Port Configuration Screen Field Descriptions Use this field… To… Port See the port number of all ports known to the device. Up to 10 ports (Read-Only) can be displayed as a time.
  • Page 83 See the current backend state of each port. (Read-Only) The backend state machine controls the protocol interaction between the authenticator (the switch) and the authentication server (typically a radius server). These following seven states are the possible internal states for the authenticator.
  • Page 84 If a policy string is returned that has no definition in the switch, then this is an illegal configuration and the port is not authenticated. Therefore frame forwarding in this case follows the rules outlined...
  • Page 85 Table 3-11 EAP Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port Control • Forced Authenticated Mode: The Forced Authenticated Mode is (Cont’d) • Forced Unauthenticated Mode: When a port is set to the Forced Initialized Port Set to TRUE to initialize all state machines for this port. After (Single Setting) initialization, authentication can proceed normally on this port according to its control settings.

  • Page 86: Eap Statistics Menu Screen

    EAP Statistics Menu Screen 3.13 EAP STATISTICS MENU SCREEN Screen Navigation Path For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Security Menu > EAP Statistics Menu For 6C107 chassis: Password > Module Selection > Module Menu > Security Menu > EAP Statistics Menu When to Use To access the EAP Session Statistics, EAP Authenticator Statistics, and EAP Diagnostic Statistics screens.

  • Page 87: Eap Statistics Menu Screen Descriptions

    Menu Descriptions Refer to Table 3-12 for a functional description of each menu item. Table 3-12 EAP Statistics Menu Screen Descriptions Menu Item EAP SESSION STATISTICS AUTHENTICATOR STATISTICS EAP DIAGNOSTIC STATISTICS Screen Function Used to review and clear EAP session statistics for each port. For details, refer to Section 3.13.1.

  • Page 88: Eap Session Statistics Screen

    EAP Statistics Menu Screen 3.13.1 EAP Session Statistics Screen When to Use To review and clear EAP session statistics for each port. How to Access Use the arrow keys to highlight the EAP SESSION STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.

  • Page 89: Eap Session Statistics Screen Field Descriptions

    Table 3-13 EAP Session Statistics Screen Field Descriptions Use this field… To… SessionID See the unique ASCII string identifier for a particular session. (Read-Only) SessionOctetsRx See counts of user data octets received on the port during a particular (Read-Only) session. SessionOctetsTx See counts of octets of transmitted on the port during a particular (Read-Only)

  • Page 90: Eap Authenticator Statistics Screen

    EAP Statistics Menu Screen Table 3-13 EAP Session Statistics Screen Field Descriptions (Continued) Use this field… To… Session User Name See the user name associated with the PAE (Point of Access Entity). (Read-Only) Port Number Select the port number to display the associated EAP Session Statistics. (Selectable) To select a port number, use the arrow keys to highlight the Port Number field.

  • Page 91: Eap Authenticator Statistics Screen Field Descriptions

    Screen Example Figure 3-16 EAP Authenticator Statistics Screen Field Descriptions Refer to Table 3-14 for a functional description of each screen field. Table 3-14 EAP Authenticator Statistics Screen Field Descriptions Use this field… To… Total Frames Rx See counts of all EAP frames received by the authenticator. (Read-Only) Total Frames Tx See counts of all EAP frames transmitted by the authenticator.
  • Page 92 EAP Statistics Menu Screen Table 3-14 EAP Authenticator Statistics Screen Field Descriptions (Continued) Use this field… To… Response Id Frames See counts of EAP response identification type frames received by the authenticator. (Read-Only) Response Frames See counts of EAP response type frames received by the authenticator. (Read-Only) Request Id Frames See counts of EAP request identification type frames transmitted by the...

  • Page 93: Eap Diagnostic Statistics Screen

    EAP Statistics Menu Screen 3.13.3 EAP Diagnostic Statistics Screen When to Use To view port counters useful for EAP troubleshooting, including logoffs and timeouts while authenticating, and to view authorization failure messages from the authentication server. The counters on this screen refresh automatically. How to Access Use the arrow keys to highlight the EAP DIAGNOSTIC STATISTICS menu item on the EAP Statistics Menu screen and press ENTER.

  • Page 94: Eap Diagnostic Statistics Screen Field Descriptions

    EAP Statistics Menu Screen Field Descriptions Refer to Table 3-15 for a functional description of each screen field. Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions Use this field… To… Enters Connecting See counts of transitions to connecting state from any other state. (Read-Only) Logoffs Connecting See counts of transitions from connecting to disconnected state after an...
  • Page 95 Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… Reauths See counts of transitions from authenticated to connecting state due to a Authenticated reauthentication request. (Read-Only) Starts See counts of transitions from authenticated to connecting state due to a Authenticated start from the supplicant (end-user requesting authentication).

  • Page 96: Mac Port Configuration Screen

    MAC Port Configuration Screen Table 3-15 EAP Diagnostic Statistics Screen Field Descriptions (Continued) Use this field… To… CLEAR Set the octets and frame counters to zero for a particular port. To clear COUNTERS the counters, use the arrow keys to highlight CLEAR COUNTERS and (Command) press ENTER.

  • Page 97: Mac Port Configuration Screen Field Descriptions

    Screen Example Figure 3-18 MAC Port Configuration Screen Field Descriptions Refer to Table 3-16 for a functional description of each screen field. Table 3-16 MAC Port Configuration Screen Field Descriptions Use this field… To… Port # See the port numbers of all ports known to the device. Up to 9 ports can (Read-Only) be displayed at a time.

  • Page 98: Mac Supplicant Configuration Screen

    MAC Supplicant Configuration Screen Table 3-16 MAC Port Configuration Screen Field Descriptions (Continued) Use this field… To… Initialize Port Initialize the authentication status of the port. When this field is set to (Single Setting) TRUE, the current authentication session is terminated, the port returns to its initial authentication status, and the field returns to FALSE.

  • Page 99: Mac Supplicant Configuration Screen Field Descriptions

    Screen Example Figure 3-19 MAC Supplicant Configuration Screen Field Descriptions Refer to Table 3-17 for a functional description of each screen field. Table 3-17 MAC Supplicant Configuration Screen Field Descriptions Use this field… To… Port See the port numbers of all ports known to the device. Up to 10 ports (Read-Only) can be displayed at a time.
  • Page 100 It always displays a value of FALSE. Reauthenticate Force a revalidation of the MAC credential for the supplicant. When set Supplicant to TRUE, the switch forces the revalidation. It always displays a value (Single Setting) of FALSE. 3-58...

  • Page 101: Chassis Menu Screens

    Redirect Configuration Menu screen and its menu items to access other screens to configure the chassis to redirect traffic from a source switch port to a destination switch port, or redirect traffic from a VLAN to a particular switch port...

  • Page 102: Chassis Menu Screen

    Chassis Menu Screen CHASSIS MENU SCREEN When to Use To access the Local Management screens that allow you to configure and monitor operating parameters, modify SNMP community names, set SNMP traps, monitor the chassis environmental status, and to perform port redirect functions. How to Access Use the arrow keys to highlight the CHASSIS menu item on the Main Menu screen and press ENTER.

  • Page 103: Chassis Menu Screen Menu Item Descriptions

    Menu Descriptions Refer to Table 4-1 for a functional description of each menu item. Table 4-1 Chassis Menu Screen Menu Item Descriptions Menu Item Screen Function CHASSIS Allows the user to configure operating parameters for the chassis. For CONFIGURATION details, refer to SNMP Used to access the SNMP Community Names Configuration screen CONFIGURATION...

  • Page 104: Chassis Configuration Screen

    Chassis Configuration Screen CHASSIS CONFIGURATION SCREEN When to Use To set the chassis date and time, IP address and Subnet Mask, the operational mode of all modules installed in the chassis, view the chassis uptime, screen refresh time and lockout time, and view the chassis uptime.

  • Page 105: Chassis Configuration Screen Field Descriptions

    Field Descriptions Refer to Table 4-2 for a functional description of each screen field. Table 4-2 Chassis Configuration Screen Field Descriptions Use this field… To… MAC Address Display the base physical address of the chassis. (Read-Only) IP Address Set the IP address for the chassis. If an IP address is assigned to the (Modifiable) chassis, all the interface modules installed in the chassis can be managed via this IP address, eliminating the need to assign an IP...

  • Page 106: Setting The Ip Address

    Chassis Configuration Screen Table 4-2 Chassis Configuration Screen Field Descriptions (Continued) Use this field… To… Screen Lockout Set the maximum number of minutes that the Local Management Time application displays a module’s screen while awaiting input or action (Modifiable) from a user. For example, if the number 5 is entered in this field, the user has up to five minutes to respond to each of the specified module’s Local Management screens.

  • Page 107: Setting The Subnet Mask

    4.2.2 Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the 6C105 is located on a separate subnet, the subnet mask for the 6C105 chassis must be changed from its default. To change the subnet mask from its default, perform the following steps: 1.

  • Page 108: Setting The Chassis Time

    Chassis Configuration Screen 4.2.4 Setting the Chassis Time To set the chassis clock, perform the following steps: 1. Use the arrow keys to highlight the Chassis Time field. 2. Enter the time in this 24-hour format: HH:MM:SS NOTE: When entering the time in the system time field, separators between hours, minutes, and seconds do not need to be added as long as each entry uses two numeric characters.

  • Page 109: Setting The Screen Lockout Time

    4.2.6 Setting the Screen Lockout Time The screen lockout time can be set from 1 to 30 minutes with a default of 15 minutes. To set a new lockout time, perform the following steps: 1. Use the arrow keys to highlight the Screen Lockout Time field. 2.

  • Page 110: Snmp Configuration Menu Screen

    SNMP Configuration Menu Screen SNMP CONFIGURATION MENU SCREEN When to Use To access the SNMP Community Names Configuration screen and the SNMP Traps Configuration screen. These screens are used to modify SNMP community names and set SNMP traps. How to Access Use the arrow keys to highlight the SNMP CONFIGURATION MENU item on the Chassis Menu screen and press ENTER.

  • Page 111: Snmp Configuration Menu Screen Menu Item Descriptions

    Menu Descriptions Refer to Table 4-3 for a functional description of each menu item. Table 4-3 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP Used to enter new, change, or review the community names used as COMMUNITY access passwords for module management operation.

  • Page 112: Snmp Community Names Configuration Screen

    (read-only, read-write, and super-user). NOTE: Super-User access gives the user full management privileges, allows existing passwords to be changed, and all modifiable MIB objects for the Enterasys/Cabletron Container MIB and Internet MIB-II to be edited. How to Access Use the arrow keys to highlight the SNMP COMMUNITY NAMES CONFIGURATION menu item in the SNMP Configuration Menu screen and press ENTER.

  • Page 113: Establishing Community Names

    Field Descriptions Refer to Table 4-4 for a functional description of each screen field. Table 4-4 SNMP Community Names Configuration Screen Field Descriptions Use this field… To… Community Name Enter the user-defined name used to access chassis management. Any (Modifiable) community name assigned here acts as a password to Local Management.

  • Page 114: Snmp Traps Configuration Screen

    SNMP Traps Configuration Screen To establish community names, proceed as follows: 1. Use the arrow keys to highlight the Community Name field adjacent to the selected access level. 2. Enter the password in the field (maximum 31 characters). 3. Press ENTER. 4.

  • Page 115: Snmp Traps Configuration Screen Field Descriptions

    Screen Example Figure 4-5 SNMP Traps Configuration Screen Field Descriptions Refer to Table 4-5 for a functional description of each screen field. Table 4-5 SNMP Traps Configuration Screen Field Descriptions Use this field… To… Trap Destination Set the IP address of the workstation to receive trap alarms. Up to eight (Modifiable) different destinations can be defined.

  • Page 116: Configuring The Trap Table

    Chassis Environmental Information Screen 4.5.1 Configuring the Trap Table To configure the Trap table, proceed as follows: 1. Using the arrow keys, highlight the appropriate Trap Destination field. 2. Enter the IP Address of the workstation that is to receive traps. IP address entries must follow the DDN format (nnn.nnn.nnn.nnn).

  • Page 117: Chassis Environmental Information Screen

    Screen Example Figure 4-6 Chassis Environmental Information Screen Field Descriptions Refer to Table 4-6 for a functional description of each screen field. Table 4-6 Chassis Environmental Information Screen Field Descriptions Use this field… To… Chassis Power Display the current redundancy status of the chassis power supplies. Redundancy This field will read either “Available”...

  • Page 118: Redirect Configuration Menu Screen (Chassis)

    Redirect Configuration Menu Screen (Chassis) REDIRECT CONFIGURATION MENU SCREEN (CHASSIS) When to Use To access the Port Redirect Configuration and VLAN Redirect Configuration screens at the chassis level. Any combination, up to 128, of port and/or VLAN redirect instances can be configured per installed module, giving a maximum of 640 instances for a chassis with 5 modules.

  • Page 119: Port Redirect Configuration Screen

    VLAN REDIRECT Used to configure the device to direct traffic from a VLAN to a CONFIGURATION particular switch port. This screen will not display if the chassis has no modules in 802.1Q mode. For details, refer to PORT REDIRECT CONFIGURATION SCREEN...

  • Page 120: Port Redirect Configuration Screen Field Descriptions

    Port Redirect Configuration Screen Screen Example Figure 4-8 Port Redirect Configuration Screen Field Descriptions Refer to Table 4-8 for a functional description of each screen field. Table 4-8 Port Redirect Configuration Screen Field Descriptions Use this field… To… Source Module See which modules are currently set as source modules.
  • Page 121 Table 4-8 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Frame Format See the current frame format setting: NORMAL, TAGGED, or (Read-Only) UNTAGGED. The default is NORMAL. • • • Redirect Errors See whether the corresponding source ports are configured ON to send (Read-Only) frames with errors to the destination ports, or OFF to drop all frames with errors and only forward traffic without errored frames to the...

  • Page 122: Changing Source And Destination Ports

    Port Redirect Configuration Screen Table 4-8 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Redirect Errors Set each source port to either ON, to send errored frames to its (Toggle) destination port, or OFF to drop errored frames, and send only valid traffic to its destination port.

  • Page 123: Vlan Redirect Configuration Screen

    14. Use the SPACE bar to select either the ADD or DELETE option. Press ENTER. This adds or deletes the selections for the Source Port, Destination Port, Frame Format, and Redirect Errors made in steps 1 through 12 and also updates the screen. TIP: If more than one port is being redirected, repeat steps 1 through 14 for each additional setting.

  • Page 124: Vlan Redirect Configuration Screen Field Descriptions

    VLAN Redirect Configuration Screen How to Access Use the arrow keys to highlight the VLAN REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER. The VLAN Redirect Configuration screen, Figure 4-9, displays. Screen Example Figure 4-9 VLAN Redirect Configuration Screen Field Descriptions Refer to Table 4-9...
  • Page 125 VLAN [n] and Destination Port [n] fields. RECEIVED – Frames are redirected in the format that they were received by the switch module. TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification of the receiving port.

  • Page 126: Changing Source Vlan And Destination Ports

    VLAN Redirect Configuration Screen 4.9.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format and Redirect Errors functions, proceed as follows: 1. Use the arrow keys to highlight the Src VLAN ID field near the bottom of the screen. 2.

  • Page 127: Module Configuration Menu Screens

    Module Configuration Menu Screens The chapter describes the Module Configuration Menu screen and the following screens that can be selected: • General Configuration screen • SNMP Configuration Menu screen • SNMP Community Names Configuration screen • SNMP Traps Configuration screen •...

  • Page 128: Module Configuration Menu Screen

    To access a series of Local Management screens used to establish an Access Control List for SNMP to provide additional security, configure and monitor operating parameters, modify SNMP community names, set SNMP traps, configure switch parameters and configure the switch module ports.

  • Page 129: Module Configuration Menu Screen Menu Item Descriptions

    CPU (switch) utilization and the peak switch utilization. For details, refer to FLASH Used to force the switch module to download a new image file from a DOWNLOAD TFTP server to its FLASH memory. For details, refer to...

  • Page 130: General Configuration Screen

    General Configuration Screen GENERAL CONFIGURATION SCREEN When to Use To set the system date and time, IP address and subnet mask, the default gateway, the TFTP and gateway IP address. This screen can also be used to clear the NVRAM, set the screen refresh time, the screen lockout time, the IP fragmentation, the COM port configuration, and monitor the total time (uptime) that the module has been running.

  • Page 131: General Configuration Screen Field Descriptions

    MAC Address See the base physical address of the switch module. (Read-Only) IP Address See the IP address for the switch module. To set the IP address, refer to (Modifiable) Section Address Discovery. Runtime IP Address Discovery enables the switch module to...
  • Page 132 DISTRIBUTED management mode to access the Local Management of each switch module. In STANDALONE management mode, the switch can be configured with its own IP address and operate as an independent switch within the chassis. Module Configuration Menu Screens Section 5.2.8.
  • Page 133 Enable or disable IP Fragmentation. The default setting for this field is (Toggle) ENABLED. If the switch module is to be bridged to an FDDI ring using an HSIM-F6, IP Fragmentation should be enabled. If IP Fragmentation is disabled, all FDDI frames that exceed the maximum Ethernet frame...

  • Page 134: Setting The Ip Address

    NOTE: If the 6C105 or 6C107 chassis has been assigned an IP address, it is not necessary to assign an IP address to the switch module. All installed modules have the same IP address as the chassis. If a separate IP address for the switch module is needed, proceed as follows.

  • Page 135: Setting The Subnet Mask

    Setting the Subnet Mask If the management workstation that is to receive SNMP traps from the switch module is located on a separate subnet, the subnet mask for the switch module may need to be changed from its default value.

  • Page 136: Setting The Default Gateway

    If the SNMP management station is on a different IP subnet than the module, a default gateway must be specified. When an SNMP Trap is generated, the switch module sends out an ARP request to the default gateway, which responds with its MAC address. The switch module then sends the trap using the IP address from the Trap Table and the MAC address of the default gateway.

  • Page 137: Setting The Tftp Gateway Ip Address

    Setting the TFTP Gateway IP Address If the network TFTP server is located on a different IP subnet than the switch module, a Gateway IP address should be specified. To set the TFTP Gateway IP address, perform the following steps: 1.

  • Page 138: Setting The Module Name

    All installed modules recognize the chassis date. The switch module is year 2000 compliant so that the Module Date field can be set beyond the year 1999. To set the system date, perform the following steps: 1.

  • Page 139: Setting The Module Time

    Setting the Module Time NOTE: If the 6C105 or 6C107 chassis has been assigned a chassis time, it is not necessary to assign a module time to the switch module. All installed modules recognize the chassis time. To set the switch module time, perform the following steps: 1.

  • Page 140: Setting The Screen Lockout Time

    5.2.10 Configuring the COM Port Upon power up, the COM port is configured to the default settings of ENABLED and LM. CAUTION: Before altering the COM port settings, ensure that the switch module or chassis is set with a valid IP address. (Refer to port configuration section before changing the settings of the COM port.

  • Page 141: Com Port Warning

    ENABLED for the LM or UPS application. Selecting DISABLED prevents a connection via the COM port thus providing additional module security. CAUTION: If the COM port is reconfigured without a valid IP address set on the switch module or chassis, the message shown in Do not continue unless the outcome of the action is fully understood.

  • Page 142: Com Port Application Settings

    Ensure that the switch module has a valid IP address before saving changes to the COM port application. If the switch module does not have a valid IP address and the changes are saved, refer to your switch module hardware/user’s guide for instructions on clearing NVRAM to reestablish COM port communications.

  • Page 143: Enabling/Disabling Ip Fragmentation

    5.2.12 Enabling/Disabling IP Fragmentation To enable or disable IP Fragmentation, proceed as follows: CAUTION: If the switch module is being bridged to an FDDI ring (for example, via an optional HSIM-F6), IP Fragmentation should be enabled. If it is disabled, all FDDI frames that exceed the maximum Ethernet frame size are discarded.

  • Page 144: Snmp Configuration Menu Screen

    SNMP Configuration Menu Screen SNMP CONFIGURATION MENU SCREEN Screen Navigation Paths For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > SNMP Configuration Menu For 6C107 chassis: Password > Module Selection > Module Menu > Module Configuration Menu > SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration, SNMP Traps Configuration,...

  • Page 145: Snmp Configuration Menu Screen

    Screen Example Figure 5-7 SNMP Configuration Menu Screen Menu Descriptions Refer to Table 5-4 for a functional description of each menu item. Table 5-4 SNMP Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function SNMP Used to enter new, change, or review the community names used as COMMUNITY access passwords for module management operation.

  • Page 146: Snmp Community Names Configuration Screen

    6C105 chassis screens by assigning different community names to the switch module(s). When this is done, the CHASSIS menu item of the Main Menu screen will not display, and access will be limited to the screens specific to the switch module attached to the terminal.

  • Page 147: Snmp Community Names Configuration Screen Field Descriptions

    To… Community Name Display the user-defined name through which a user accesses the (Modifiable) switch module SNMP Management. Any community name assigned here acts as a password to Local Management. SNMP Community Names Configuration Screen Module Configuration Menu Screens 5-21...

  • Page 148: Establishing Community Names

    MIB objects, excluding security protected fields for Super-User access only. This community name gives the user read-write access to the switch module MIB objects and allows the user to change all modifiable parameters including community names, IP addresses, traps, and SNMP...

  • Page 149: Snmp Traps Configuration Screen

    SNMP TRAPS CONFIGURATION SCREEN When to Use To assign SNMP traps to eight different IP addresses. Since the switch module is an SNMP compliant module, it can send messages to multiple Network Management Stations to alert users of status changes.

  • Page 150: Configuring The Trap Table

    4. Use the arrow keys to highlight the Trap Community Name field. Enter the community name. 5. Press ENTER. 6. Use the arrow keys to highlight the Enable Traps field. Press the SPACE bar to choose either YES (send alarms from the switch module to the workstation), or NO (prevent alarms from being sent). 5-24...

  • Page 151: Access Control List Screen

    You can limit user access to the switch module according to their IP addresses. Up to 16 single IP addresses and/or range of addresses can be configured. To manage an ACL enabled switch module, the management station must be a member of the ACL and authenticated according to traditional SNMP rules.

  • Page 152: Access Control List Screen

    Access Control List Screen Screen Example Figure 5-10 Access Control List Screen Field Descriptions Refer to Table 5-7 for a functional description of each screen field. 5-26 Module Configuration Menu Screens...

  • Page 153: Access Control List Screen Field Descriptions

    The limited access applies to all IP access including, but not limited to, SLIP/PPP connections, Telnet, Ping, SNMP and HTTP. When locally connected to the COM port of the host switch module), ACL does not restrict access to local management.

  • Page 154: Entering Ip Addresses

    Access Control List Screen 5.6.1 Entering IP Addresses To enter a single or range of IP addresses into the ACL, proceed as follows: Entering Single Addresses 1. Use the arrow keys to highlight one of the place holders (0.0.0.0) under IP Addresses. 2.

  • Page 155: Enable/Disable Acl

    4. Repeat steps 1 through 3 if more than one range of addresses is being entered. Up to 16 ranges of IP addresses, including any single IP Addresses entered. If an invalid format is used to enter an IP address, one of the following messages may display in the Event Message Line: •...

  • Page 156: System Resources Information Screen

    SYSTEM RESOURCES INFORMATION SCREEN When to Use To monitor the current switch utilization and the peak switch utilization. This screen provides information concerning the processor used in the switch module and the amount of FLASH memory, DRAM, and NVRAM that is installed and how much of that memory is available.

  • Page 157: Setting The Reset Peak Switch Utilization

    5.7.1 Setting the Reset Peak Switch Utilization To set the Reset Peak Switch Utilization field to YES or NO, proceed as follows: 1. Use the arrow keys to highlight the Reset Peak Switch Utilization field. 2. Press the SPACE bar to select YES or NO.

  • Page 158: Flash Download Configuration Screen

    There are restrictions on the version of firmware required for 6H302-48 modules with a serial number starting with 3655xxxxxx. The serial number is visible on the top ejector tab of the switch, or by querying the PIC MIB. For firmware in the 5.x track, version 5.03.05 or higher must be used on 6H302-48 modules with a serial number starting with 3655.

  • Page 159: Flash Download Configuration Screen

    NOTE: Configuration files cannot be downloaded or uploaded directly from one switch module to another. How to Access Use the arrow keys to highlight the FLASH DOWNLOAD CONFIGURATION menu item on the Module Configuration Menu screen, and press ENTER. The Flash Download Configuration...

  • Page 160: Flash Download Configuration Screen Field Descriptions

    Runtime. DOWNLOAD CONFIG – Used to download a configuration file from a TFTP server to a switch module. The configuration file must be one that was uploaded to the TFTP server from a switch module of the same model with the same optional hardware, and running firmware revision 3.10.7 or higher.
  • Page 161 Table 5-9 Flash Download Configuration Screen Field Descriptions (Continued) Use this field… To… Reboot After Set the switch module so it will either reboot or not reboot after Download completing the download of an image. This field toggles between YES (Toggle) and NO, when the Download Method field is set to RUNTIME.

  • Page 162: Image File Download Using Runtime

    2. Use the SPACE bar to select either YES or NO. Select YES if you want the module to reboot after the download is completed. Select NO if you want the switch module to store the new image in FLASH memory until the module is reset or during the next power-up.

  • Page 163: Configuration File Download Using Tftp

    5.8.2 Configuration File Download Using TFTP To download a configuration file from a TFTP server to the switch module, proceed as follows: 1. Use the arrow keys to highlight the Download Method field. 2. Use the SPACE bar to select DOWNLOAD CONFIG.

  • Page 164: Configuration File Upload Using Tftp

    NO (and cannot be changed). 3. Use the arrow keys to highlight the TFTP Gateway IP Addr field. 4. Set the IP address of the target TFTP server which is to receive a copy of the switch module configurable settings.

  • Page 165: Port Configuration Menu Screens

    Port Configuration Menu Screens This chapter describes the Port Configuration Menu screen and the following screens that can be selected: • Ethernet Interface Configuration screen • Ethernet Port Configuration screen • HSIM/VHSIM Configuration screen • Redirect Configuration Menu screen • Port Redirect Configuration screen •...

  • Page 166: Port Configuration Menu Screen

    Port Configuration Menu Screen PORT CONFIGURATION MENU SCREEN When to Use To select screens to perform port configuration tasks on the switch module. How to Access Use the arrow keys to highlight the PORT CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER.

  • Page 167: Port Configuration Menu Screen (In Agg Mode, Ieee8023Ad)

    INTERFACE Ethernet port, and provide access to the Ethernet Port Configuration CONFIGURATION screen, which allows the configuration of the switch module Ethernet ports. For details, refer to HSIM/VHSIM Provides access to the HSIM or VHSIM setup screen, depending on the CONFIGURATION one installed in the switch module.

  • Page 168: Ethernet Interface Configuration Screen

    Ethernet Port Configuration screen, which allows configuration of the Ethernet port. In normal operation, all front panel ports of the switch module automatically establish a link with the device at the other end of the segment without requiring user setup. However, the Ethernet Interface Configuration screen can be used to access the Ethernet Port Configuration screen to select a port and display its characteristics.

  • Page 169: Ethernet Interface Configuration Screen Field Descriptions

    See the type of interface using the name of the physical port type. For (Read-Only) the Ethernet 10/100 Mbps ports in the switch module, FE-100TX will be displayed. If a Fast Ethernet port is installed via an optional HSIM, the interface displayed may be FE-100TX or FE100-FX. If a Gigabit port is installed via an optional VHSIM, the interface displayed may be GE-1000SX, GE-1000LX, or GE-1000CX.
  • Page 170 Port Configuration Menu Screens NOTE: In normal operation, the front panel ports of the switch module automatically establish a link with the device at the other end of the segment without requiring user setup. However, Local Management provides the user with the option of manually configuring that port.
  • Page 171 Table 6-2 Ethernet Interface Configuration Screen Field Descriptions (Continued) Use this field… To… HDX FC See the current half duplex flow control setting. Half duplex flow (Read-Only) control, also known as back pressure, is a collision based flow control mechanism used in half duplex configurations. The port will display On, Off, or NA.

  • Page 172: Ethernet Port Configuration Screen

    Ethernet Port Configuration Screen ETHERNET PORT CONFIGURATION SCREEN When to Use To change the operating mode of a specific Ethernet interface, such as the speed, duplex, auto-negotiation, advertised ability, and the flow control settings. Configuring optional Fast Ethernet or Gigabit Ethernet ports is also done on this screen. How to Access Use the arrow keys to highlight the desired Ethernet port on the Ethernet Interface Configuration screen and press ENTER.

  • Page 173: Ethernet Port Configuration Screen Field Descriptions

    Field Descriptions Refer to Table 6-3 for a functional description of each screen field. Table 6-3 Ethernet Port Configuration Screen Field Descriptions Use this field… To… Interface See the Interface number. (Read-Only) Physical Port See the number of the physical port on the interface. (Read-Only) Default Speed See the current operational speed in Mbps.
  • Page 174 Ethernet Port Configuration Screen Table 6-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Advertised Ability Select the port “advertised” mode of operation. In normal operation, (Selectable) with all capabilities enabled, the port “advertises” that it has the ability to operate in any mode.
  • Page 175 Table 6-3 Ethernet Port Configuration Screen Field Descriptions (Continued) Use this field… To… Full Duplex Flow Set the flow control feature on each port for a specific mode. The Control choices are as follows: (Selectable) Symmetric – the port operates in Symmetric mode, causing the port to interpret received PAUSE frames and allow the port to transmit PAUSE frames when necessary at any speed connection.

  • Page 176: Selecting Field Settings

    Ethernet Port Configuration Screen 6.3.1 Selecting Field Settings All selectable or toggle fields other than Advertised Ability can be changed by following this procedure: 1. Use the arrow keys to highlight the field to be changed. 2. Use the SPACE bar or BACKSPACE key to step or toggle through the selections. 3.

  • Page 177: Hsim/Vhsim Configuration Screen

    To configure an optional HSIM or VHSIM. NOTE: The HSIM/VHSIM Configuration menu item can only be selected when a non-Ethernet HSIM or VHSIM is installed in the switch module. The applicable setup screen for that interface displays. This only applies to HSIMs and VHSIMs that can support WAN, FDDI or ATM.

  • Page 178: Redirect Configuration Menu Screen

    Redirect Configuration Menu Screen REDIRECT CONFIGURATION MENU SCREEN For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > Port Configuration Menu > Redirect Configuration Menu For 6C107 chassis: Password > Module Selection > Module Menu > Module Configuration Menu > Port Configuration Menu >...

  • Page 179: Redirect Configuration Menu Screen Field Menu Item Descriptions

    Used to redirect traffic from a source switch port to a destination CONFIGURATION switch port. For details, refer to VLAN REDIRECT Used to configure the switch module to direct traffic from a VLAN to a CONFIGURATION particular switch port. For details, refer to Redirect Configuration Menu Screen Section 6.6.

  • Page 180: Port Redirect Configuration Screen

    To redirect frames from one source port to many destination ports or many source ports to one destination port on a switch module in a 6C105 chassis. Frames received on a source port can be redirected and transmitted in the frame format in which they are received (normal), or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).

  • Page 181: Port Redirect Configuration Screen

    • You can redirect frames between any Ethernet 6X2XX series module ports and any other Ethernet ports. • The VLAN tag in the frame, as it is being mirrored, is maintained and forwarded to the destination mirrored port. • You can add a new port redirect entry to a destination port that is already saved and active. However, this will cause a Local Management warning to appear at the top left corner of the screen.

  • Page 182: Port Redirect Configuration Screen Field Descriptions

    Port Redirect Configuration Screen Table 6-5 Port Redirect Configuration Screen Field Descriptions Use this field… To… Source Port See which ports are currently set as source ports. (Read-Only) Destination Port See which ports are currently set as destination ports. (Read-Only) Frame Format See the current frame format setting: NORMAL, TAGGED, or (Read-Only)

  • Page 183: Changing Source And Destination Ports

    Table 6-5 Port Redirect Configuration Screen Field Descriptions (Continued) Use this field… To… Redirect Errors Set each source port to either ON, to send errored frames to its (Toggle) destination port, or OFF to drop errored frames and send only valid traffic to its destination port.

  • Page 184: Vlan Redirect Configuration Screen

    To redirect frames in a 6C105 chassis from one or more source VLANs to one destination port on the switch module. Frames received on a source VLAN can be redirected and transmitted in the frame format in which they are received (normal), or they can be redirected with a VLAN Tag (TAGGED) or without a VLAN Tag (UNTAGGED).

  • Page 185: Vlan Redirect Configuration Screen

    The VLAN redirect function is very useful for troubleshooting purposes. It allows all inbound and outbound traffic from one or more source VLANs to be sent to a destination VLAN where all current traffic from the source VLANs can be examined using analyzers, RMON probes, or IDS sensors.

  • Page 186: Vlan Redirect Configuration Screen Field Descriptions

    Port Configuration Menu Screens RECEIVED – Frames are redirected in the format that they were received by the switch module. TAGGED – Frames are transmitted on the destination port with a VLAN tag inserted according to the frame classification of the receiving port.

  • Page 187: Changing Source Vlan And Destination Ports

    6.7.1 Changing Source VLAN and Destination Ports To add or delete source VLAN and destination port entries and set the Frame Format, proceed as follows: 1. Use the arrow keys to highlight the Source VLAN field near the bottom of the screen. 2.

  • Page 188: Link Aggregation Screen (802.3Ad Main Menu Screen)

    In normal usage (and typical implementations) there is no need to modify any of these parameters. The default values will result in the maximum number of aggregations possible. If the switch is placed in a configuration with its peers not running the protocol, no aggregations will be formed and the switch will function normally (that is, will block redundant paths).
  • Page 189 Spanning Tree When multiple links are connected from one switch to another, it is necessary that only one link be allowed to switch network traffic. Due to the functionality of a switch, if multiple links were active, a packet would end up “looping” around in those links indefinitely. This problem is well documented and is the reason that bridges implement the Spanning Tree Protocol (STP).
  • Page 190 Link Aggregation Screen (802.3ad Main Menu Screen) The STP is able to calculate which ports on a switch can be allowed to forward traffic to eliminate the possibility of looping in a network. So, if multiple links were attached between two switches, only one would be used.
  • Page 191 Most switch vendors provide a way to group these ports together manually. For example, the user could configure Ports 1, 2 and 3 in a trunk on switch X and connect to ports 4, 5 and 6 that are in a trunk on switch Y.

  • Page 192: Ad Main Menu Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-8 802.3ad Main Menu Screen Menu Descriptions Refer to Table 6-7 for a functional description of each menu item. 6-28 Port Configuration Menu Screens...

  • Page 193: Ad Port Screen

    Table 6-7 802.3ad Main Menu Screen Menu Item Descriptions Menu Item Screen Function PORT Used to access the 802.3ad Port screen, described in view port instances and to access the 802.3ad Port Details screen, described in Section AGGREGATOR Used to access the 802.3ad Aggregator screen to display a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator.

  • Page 194: Ad Port Screen Field Descriptions

    Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-9 802.3ad Port Screen Field Descriptions Refer to Table 6-8 for a functional description of each screen field. Table 6-8 802.3ad Port Screen Field Descriptions Use this field… To… Port View the port number, which correlates to the port numbers in other (Read-Only) screens.

  • Page 195: Ad Port Details Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) Figure 6-9 shows the four columns of information: The Port Instance; the Aggregator that the Port is attached to; the operational key of the Port, and the state of the port’s MUX state machine. Viewing and Editing 802.3ad Port Parameters To view the 802.3ad related port parameters of any port displayed on the screen, proceed as follows:...

  • Page 196: Ad Port Details Screen Field Descriptions

    Link Aggregation Screen (802.3ad Main Menu Screen) Screen Example Figure 6-10 802.3ad Port Details Screen Field Descriptions Refer to Table 6-9 for a functional description of each screen field. Table 6-9 802.3ad Port Details Screen Field Descriptions Use this field… Port Instance (Read-Only) ActorSystemPriority...
  • Page 197 See the current operation key for this port. Only ports with matching operation keys may aggregate. See ActorPort on the partner switch that we are currently attached to. Set a default value to use for the PartnerOperSysPriority when no protocol partner is available.
  • Page 198 Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) 6-34 Port Configuration Menu Screens To… See the current (operational) value of the port’s Actor_State. The hex value is displayed as well as the individual bit fields.
  • Page 199 Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… ActorOperState (Read-Only) (Continued) PartnerAdminKey (Modifiable) PartnerAdminState (hex) (Modifiable) PartnerOperKey (Read-Only) PartnerOperState (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen) To… bit 5 Distributing, 1 indicates that this port is Distributing. “Distributing”...

  • Page 200: Displaying Port Statistics

    Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-9 802.3ad Port Details Screen Field Descriptions (Continued) Use this field… SelectedAggID (Read-Only) AttachedAggID (Read-Only) LAGID (Read-Only) STATS (Command) Viewing and Editing 802.3ad Port Parameters To change a parameter, proceed as follows: 1.

  • Page 201: Ad Port Statistics Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.1.2 802.3ad Port Statistics Screen When to Use To view all the port-related LACP parameters about a port instance shown in the 802.3ad Port Details screen described back in Section 6.8.1.1. How to Access Use the arrow keys to highlight the STATS command in the 802.3ad Port Details screen and press ENTER.

  • Page 202: Ad Port Statistics Screen Field Descriptions

    Link Aggregation Screen (802.3ad Main Menu Screen) Table 6-10 802.3ad Port Statistics Screen Field Descriptions Use this field… Port Instance (Read-Only) LACPDUsRx (Read-Only) IllegalRx (Read-Only) MarkerPDUsRx (Read-Only) LACPDUsTx (Read-Only) MarkerResponsePDUsRx (Read-Only) MarkerPDUsTx (Read-Only) UnknownRx (Read-Only) MarkerResponsePDUsTx (Read-Only) RxState (Read-Only) 6-38 Port Configuration Menu Screens To…...
  • Page 203 Table 6-10 802.3ad Port Statistics Screen Field Descriptions (Continued) Use this field… LastRxTime(delta) (Read-Only) ActorChurnState (Read-Only) PartnerChurnState (Read-Only) ActorChurnCount (Read-Only) PartnerChurnCount (Read-Only) AsyncTransCount (Read-Only) PsyncTransCount (Read-Only) ActorChangeCount (Read-Only) PartnerChangeCount (Read-Only) MuxState (Read-Only) MuxReason (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen) To…...

  • Page 204: Ad Aggregator Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.2 802.3ad Aggregator Screen When to Use To see a summary of all the available aggregators and other basic information, including the aggregator interface instance, operational key, system priority, and the number of ports currently attached to the aggregator.

  • Page 205: Ad Aggregator Screen Field Descriptions

    Table 6-11 802.3ad Aggregator Screen Field Descriptions Use this field… To… AggInst See dot3adAggIndex, a unique number that identifies this aggregator. (Read-Only) OperKey See dot3adAggActorOperKey, the associated operational key value. (Read-Only) SysPri See dot3adAggActorSystemPriority, the priority value associated with (Read-Only) this aggregator.

  • Page 206: Ad Aggregator Details Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.2.1 802.3ad Aggregator Details Screen When to Use To see the current parameter details of the Aggregator Instance selected on the 802.3ad Aggregator screen described in Section How to Access Use the arrow keys to highlight the line containing the Aggregator of interest on the 802.3ad Aggregator screen and press ENTER.

  • Page 207: Ad Aggregator Details Screen Field Descriptions

    Table 6-12 802.3ad Aggregator Details Screen Field Descriptions Use this field… To… Aggregator See the instance of the aggregator being viewed. The instance is a numerical value used to uniquely identify an aggregator in a system Instance and matches the aggregator’s logical port number. Actor System See the System associated with the aggregator.

  • Page 208: Ad System Screen

    Link Aggregation Screen (802.3ad Main Menu Screen) 6.8.3 802.3ad System Screen When to Use To see basic system-level information, such as System Identifier, Number of Ports and Number of Aggregators. How to Access Use the arrow keys to highlight the SYSTEM menu item in 802.3ad Main Menu screen and press ENTER.

  • Page 209: Ad System Screen Field Descriptions

    To… System Identifier See the uniquely identified system-to-protocol partner. (Read-Only) Number of Ports See the number of ports that are participating in 802.3ad on this switch. (Read-Only) Number of See the number of aggregators that exist on this switch. Aggregators (Read-Only) Link Aggregation Screen (802.3ad Main Menu Screen)

  • Page 210: Broadcast Suppression Configuration Screen

    Broadcast Suppression Configuration Screen BROADCAST SUPPRESSION CONFIGURATION SCREEN NOTE: Broadcast frames received above the threshold setting are dropped. When to Use To set a limit for the receive broadcast frames that are switched out to the other ports. How to Access Use the arrow keys to highlight the BROADCAST SUPPRESSION CONFIGURATION menu item on the Port Configuration Menu screen and press ENTER.

  • Page 211: Setting The Threshold

    Field Descriptions Refer to Table 6-14 for a functional description of each screen field. Table 6-14 Broadcast Suppression Configuration Screen Field Descriptions Use this field… To… PORT # Identify the number of the port. (Read-Only) Total RX See the total number of broadcast frames received. (Read-Only) Peak Rate See the highest number of broadcast frames received in a one-second...

  • Page 212: Setting The Reset Peak

    Broadcast Suppression Configuration Screen 6.9.2 Setting the Reset Peak To set the Reset Peak field to YES or NO, proceed as follows: 1. Use the arrow keys to highlight the Reset Peak field for the selected port. 2. Press the SPACE bar to select YES or NO. 3.

  • Page 213: Configuration Menu Screens

    802.1 Configuration Menu Screens This chapter discusses the Enterasys Networks Rapid Reconvergence Spanning Tree implementation as well as the implementation of IEEE 802.3AD. The following screens are discussed: • 802.1 Configuration Menu screen • 802.3ad Configuration screens • Spanning Tree Configuration Menu screen •...

  • Page 214: Configuration Menu Screen

    802.1 Configuration Menu Screen 802.1 CONFIGURATION MENU SCREEN When to Use To access the Spanning Tree Configuration Menu, 802.1Q VLAN Configuration Menu, or 802.1p Configuration Menu screen. How to Access Use the arrow keys to highlight the 802.1 CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER.

  • Page 215: Configuration Menu Screen Menu Item Descriptions

    Used to select the screens for configuring and managing VLANs. CONFIGURATION Details about VLANs, how to configure them, and examples showing MENU how to configure the switch for VLANs to solve a given problem are described in Configuration screens, refer to 802.1p...

  • Page 216: Spanning Tree Configuration Menu Screen

    Spanning Tree Configuration Menu Screen SPANNING TREE CONFIGURATION MENU SCREEN CAUTION: These screens should be used only by personnel who are very knowledgeable about Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. For 6C105 chassis: Password >...

  • Page 217: Spanning Tree Configuration Menu Screen Menu Item Descriptions

    Screen Function SPANNING TREE Used to create a Per VLAN Spanning Tree (PVST) instance for each CONFIGURATION VLAN currently configured on the switch. For details about the Spanning Tree Port Configuration screen, refer to Section SPANNING TREE Used to enable or disable Spanning Tree on a per port, per VLAN PORT basis.

  • Page 218: Spanning Tree Configuration Screen

    Spanning Trees and how to develop them. Otherwise, the proper operation of the network could be at risk. When to Use To create a separate Spanning Tree topology for each VLAN configured in the switch module. Also provides access to the PVST Configuration screen. How to Access Use the arrow keys to highlight the SPANNING TREE CONFIGURATION menu item on the Spanning Tree Configuration Menu screen, and press ENTER.

  • Page 219: Spanning Tree Configuration Screen Field Descriptions

    Screen Example Figure 7-3 Spanning Tree Configuration Screen Field Descriptions Refer to Table 7-3 for a functional description of each screen field. Table 7-3 Spanning Tree Configuration Screen Field Descriptions Use this field… To… VLAN See a list of the VLAN or Spanning Tree Instances. This field also –...
  • Page 220 Spanning Tree Configuration Screen Table 7-3 Spanning Tree Configuration Screen Field Descriptions (Continued) Use this field… To… AgeTime Enter the age time (10 to 1 million seconds) for the associated VLAN. (Modifiable) This is the amount of time that the entry remains in the bridge forwarding table.

  • Page 221: Configuring A Vlan Spanning Tree

    Table 7-3 Spanning Tree Configuration Screen Field Descriptions (Continued) Use this field… To… ADD ALL Implement the new configuration to all static VLANs and update the CONFIGURED VLAN list to include those new static VLANs. VLAN (Toggle) 7.3.1 Configuring a VLAN Spanning Tree To configure a VLAN Spanning Tree, proceed as follows: 1.

  • Page 222: Spanning Tree Port Configuration Screen

    14.If you want to add all the VLANs configured on the switch to the screen with a default age time of 300 seconds and a bridge priority of 32768, use the arrow keys to highlight the ADD ALL CONFIGURED VLAN command and press ENTER.

  • Page 223: Spanning Tree Port Configuration Screen Field Descriptions

    (Read-Only) selected in the STP VLAN ID field. MAC Address See the Mac address of the switch residing off each port.The first MAC (Read-Only) Address is always associated with the VLAN ID selected in the STP VLAN ID field. The default is the MAC Address of the Default VLAN.

  • Page 224: Enabling/Disabling The Default Spanning Tree Ports

    VLAN shown in the STP VLAN ID field. Switch Address See the MAC address of the switch. (Read-Only) Age Time See the time out of learned entries.

  • Page 225: Viewing Status Of Spanning Tree Ports

    7.4.2 Viewing Status of Spanning Tree Ports Ports and their status associated with an STP VLAN can be viewed, as follows: 1. Use the arrow keys to highlight the STP VLAN ID field near the bottom of the screen. 2. Use the SPACE bar to step to the appropriate STP VLAN ID and press ENTER. The ports, MAC Address, port state, port status, age time, and number of ports associated with the STP VLAN ID are displayed.

  • Page 226: Pvst Port Configuration Screen Field Descriptions

    PVST Port Configuration Screen Field Descriptions Refer to Table 7-5 for a functional description of each screen. Table 7-5 PVST Port Configuration Screen Field Descriptions Use this field… Port # (Read-Only) Corresponding ifindex (Read-Only) Corresponding idDescr (Read-Only) Port Designated Root (Read-Only) Port Designated Bridge (Read-Only)
  • Page 227 Table 7-5 PVST Port Configuration Screen Field Descriptions (Continued) Use this field… Port Path Cost (Modifiable) STP Vlan ID (Read-Only) To… View the cost contribution of this port in the path to the Spanning Tree root. View the Id of the VLAN in which this port belongs. PVST Port Configuration Screen 802.1 Configuration Menu Screens 7-15...
  • Page 228 PVST Port Configuration Screen 7-16 802.1 Configuration Menu Screens...

  • Page 229: Q Vlan Configuration Menu Screens

    802.1Q VLAN Configuration Menu Screens NOTE: It is strongly recommended that you read of VLANs and the associated terminology; how to use the VLAN Configuration screens to create VLANs; examples of how to configure VLANs in switches to solve a problem; and details on how frames are handled as they travel through the network.

  • Page 230: Q Vlan Screen Hierarchy

    VLANs and to assign ports to those VLANs. The VLAN Configuration screens are a standard part of the Local Management hierarchy when the switch is configured to operate in 802.1Q Mode. The hierarchy of the Local Management screens pertaining to 802.1Q VLAN configuration is shown in Figure 8-1 802.1Q VLAN Screen Hierarchy...

  • Page 231: Q Vlan Configuration Menu Screen

    The VLAN Local Management menu items listed on the 802.1Q VLAN Configuration Menu allow such VLANs to be configured on a network at the switched port of the switch module. Each port mode of operation can also be configured to handle untagged frames (Hybrid Mode), tagged frames (1Q Trunk Mode), or frames of a legacy 802.1D switch fabric (1D Trunk Mode).

  • Page 232: Q Vlan Configuration Menu Screen Menu Item Descriptions

    Screen Function Used to view, add, name, enable, or disable static VLANs within the switch module, and also display the Filter Database ID (FDB ID) associated with each VLAN. This screen also allows you to access the Static VLAN Egress Configuration screen.
  • Page 233 Table 8-1 802.1Q VLAN Configuration Menu Screen Menu Item Descriptions (Continued) Menu Item Screen Function CURRENT VLAN Displays a list of the current VLANs along with their VLAN IDs, CONFIGURATION FDB IDs, VLAN Type, and if they have ports on the egress list. Each VLAN ID on the list may be highlighted to access the Current VLAN Egress Configuration screen.

  • Page 234: Static Vlan Configuration Screen

    Static VLAN Configuration Screen STATIC VLAN CONFIGURATION SCREEN When to Use To create, modify, and/or delete one or more Static VLANs and associated VLAN names. This screen also provides access to the Static VLAN Egress Configuration screen to modify the port list of a VLAN selected from this screen, as described in NOTE: Static VLANs are those VLANs that you create manually using this screen and can only be deleted using this screen.

  • Page 235: Static Vlan Configuration Screen Field Descriptions

    VLAN, and is not required for (Modifiable) VLAN operation. Add the new VLAN to the switch module. If this is successful, the (Command) screen refreshes and the new VLAN is added to the list in the screen.

  • Page 236: Creating A Static Vlan

    2. Enter the VLAN ID using a unique number between 2 and 4094. The VLAN IDs of 0, 1, and 4095 may not be used for user-defined VLANs. NOTE: Each VLAN ID must be unique. If a duplicate VLAN ID is entered, the switch assumes that the Administrator intends to modify the existing VLAN.

  • Page 237: Renaming A Static Vlan

    8.3.3 Renaming a Static VLAN To change the name of an existing VLAN, proceed as follows: 1. Use the arrow keys to highlight the VLAN ID field near the bottom of the screen. 2. Type the VLAN ID number of the VLAN to be changed. Press ENTER. 3.

  • Page 238: Paging Through The Vlan List

    • TAGGED – sets the port to transmit frames with a tag header to associate the frame with the VLAN. This setting is usually to configure a port as a trunk port to another switch. • NO – sets the port so it does not transmit frames (tagged or untagged) of the VLAN.

  • Page 239: Static Vlan Egress Configuration Screen

    Screen Example Figure 8-4 Static VLAN Egress Configuration Screen Field Descriptions Refer to Table 8-3 for a functional description of each screen field. Table 8-3 Static VLAN Egress Configuration Screen Field Descriptions Use this field… To… VLAN ID See the VLAN ID of the VLAN selected in the Static VLAN (Read-Only) Configuration screen.

  • Page 240: Setting Egress Types On Ports

    Static VLAN Egress Configuration Screen Table 8-3 Static VLAN Egress Configuration Screen Field Descriptions (Continued) Use this field… To… Egress Select the type of VLAN frame transmission (egress) for each port. (Selectable) You can select UNTAGGED, TAGGED, or NO, using the SPACE bar. UNTAGGED –...

  • Page 241: Displaying The Next Group Of Ports

    3. To change the egress type on more than one port, repeat the first two steps for each port. 4. After the changes are complete, use the arrow keys to highlight the SAVE command at the bottom of the screen. 5.

  • Page 242: Current Vlan Configuration Screen

    To see the current VLANs and the associated FDB ID, VLAN type, and if the ports are on the egress list. The egress list is how the switch keeps track of all VLANs that it will recognize. How to Access Use the arrow keys to highlight the CURRENT VLAN CONFIGURATION menu item on the 802.1Q VLAN Configuration Menu screen, and press ENTER.

  • Page 243: Current Vlan Configuration Screen Field Descriptions

    Table 8-4 Current VLAN Configuration Screen Field Descriptions Use this field… To… VLAN ID See a list of the VLANs currently recognized by the switch. (Read-Only) FDB ID See the Filter Database ID (FDB ID) of the associated VLAN. (Read-Only) VLAN Type See the VLAN Type of the associated VLAN (Static or Dynamic).

  • Page 244: Current Vlan Egress Configuration Screen

    Current VLAN Egress Configuration Screen CURRENT VLAN EGRESS CONFIGURATION SCREEN When to Use To see the egress settings of all ports associated with the VLAN ID selected from the Current VLAN Configuration screen. How to Access Use the arrow keys to highlight the line item with the VLAN ID of interest on the Current VLAN Configuration screen and press ENTER.

  • Page 245: Vlan Port Configuration Screen

    • the ingress filtering on the port, which can be enabled or disabled to filter out (drop) frames that are not on the switch egress list, or • the GARP VLAN Registration Protocol (GVRP) status, which can be enabled or disabled.

  • Page 246: Vlan Port Configuration Screen

    VLAN Port Configuration Screen How to Access Use the arrow keys to highlight the VLAN PORT CONFIGURATION menu item on the 802.1Q Configuration Menu screen and press ENTER. The VLAN Port Configuration screen, displays. Screen Example Figure 8-7 VLAN Port Configuration Screen 8-18 802.1Q VLAN Configuration Menu Screens Figure...

  • Page 247: Vlan Port Configuration Screen Field Descriptions

    Enable or Disable the GVRP Status. GVRP and PVST are not (Toggle) interoperable. When ENABLED, GVRP is turned on for the entire switch. When DISABLED, the VLANs are not learned on a given port. Port See a list of the switch ports.

  • Page 248: Changing The Port Mode

    • HYBRID – This is the default mode for all ports on the switch. The initial Port VLAN List includes the PVID with a frame format of untagged. Any other VLANs desired for the Port VLAN List need to be manually configured.

  • Page 249: Configuring The Vlan Ports

    8.7.2 Configuring the VLAN Ports To configure a VLAN port, proceed as follows: NOTE: In the following steps, you only need to step to the fields that you are going to change. 1. Use the arrow keys to highlight the PVID field. 2.

  • Page 250: Vlan Classification Configuration Screen

    When a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented. Instead, the frame is processed by the switch module according to the information contained in the 802.1Q frame tag. When the frame is transmitted, it is sent to the ports associated...

  • Page 251: Vlan Classification Configuration Screen Field Descriptions

    NOTE: Besides the VID selected, the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section when there are multiple classifications configured in the switch module. 8.8.3. 802.1Q VLAN Configuration Menu Screens Section 8.8.3.

  • Page 252: Classification List

    VLAN Classification Configuration Screen Table 8-7 VLAN Classification Configuration Screen Field Descriptions (Continued) Use this field … To … DEL ALL/DEL Delete all or one or more marked Classification Rule entries on the MARKED screen. The DEL ALL command is the default and it is used to (Command) simultaneously delete all the configured Classification Rules.
  • Page 253 Table 8-8 Classification List (Continued) Classification 802.3 SAP> Same IP TOS IP Protocol Type IPX COS IPX Packet Type Src IP Address VLAN Classification Configuration Screen Subclassification and Options SSAP/DSAP (802.3): - IP - IPX - IPX RAW - BANYAN - SNA - CUSTOM >...
  • Page 254 VLAN Classification Configuration Screen Table 8-8 Classification List (Continued) Classification Dest IP Address Bil IP Address Src IPX Network Dest IPX Network Bil IPX Network Src UDP Port 8-26 802.1Q VLAN Configuration Menu Screens Subclassification and Options IP Address: 000.000.000.000 IP Address: 000.000.000.000 IPX Network Num:...
  • Page 255 Table 8-8 Classification List (Continued) Classification Dest UDP Port Bil UDP Port Src TCP Port Dest TCP Port Bil TCP Port VLAN Classification Configuration Screen Subclassification and Options IP UDP Port: Same selection as for Src UDP Port Classification IP UDP Port: Same selection as for Src UDP Port Classification TCP Port:...
  • Page 256 VLAN Classification Configuration Screen Table 8-8 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments Src UDP Range Dest UDP Range 8-28 802.1Q VLAN Configuration Menu Screens Subclassification and Options IPX Socket:...

  • Page 257: Classification Precedence Rules

    When there are multiple classifications assigned to a switch module, the switch module must determine which classification takes precedence according to the Classification Precedence Rules. The order of precedence is predefined in the switch module and cannot be changed.

  • Page 258: Classification Precedence

    VLAN Classification Configuration Screen NOTE: In Table 8-9 – Highest precedence is 1a. – Lowest precedence is 6. – Exact Match indicates a match of an explicitly defined address. – Best Match indicates a match of an entire subnet, or range of addresses within a subnet.
  • Page 259 Table 8-9 Classification Precedence (Continued) Classification Type Destination IPX Network Number IP Fragments Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range UDP Dest Port UDP Dest Port Range TCP Source Port...

  • Page 260: Displaying The Current Classification Rule Assignments

    UDP port number of 55 will be assigned to the Blue VLAN because a Layer 3 IP Address rule takes precedence over a Layer 4 rule. The key thing to remember is that the switch modules will classify frames based on one of the classification options.

  • Page 261: Assigning A Classification To A Vid

    8.8.3 Assigning a Classification to a VID NOTE: It is strongly recommended that you read concerning classification before configuring the switch module. Incorrect configuration will affect network operation. To assign a Classification to a VID, proceed as follows: 1. Use the arrow keys to highlight the VID (VLAN identification) field.

  • Page 262: Deleting Line Items

    VLAN Classification Configuration Screen 8.8.4 Deleting Line Items All, or one or more, line items can be deleted as follows: Deleting All Classification Rules To delete all the Classification Rules in the top half of the screen, use the arrow keys to highlight the DEL ALL command field and press ENTER.

  • Page 263: Protocol Port Configuration Screen

    Add or remove ports from being associated with the Classification Rule. • Add ports to the VLAN Forwarding List of the switch module. NOTE: The ports can only be added to the VLAN Forwarding List of an existing VLAN. If the VLAN does not exist, it must be created before the ports can be assigned to the VLAN Forwarding List.

  • Page 264: Protocol Port Configuration Screen Field Descriptions

    Protocol Port Configuration Screen Screen Example Figure 8-9 Protocol Port Configuration Screen Field Descriptions Refer to Table 8-10 for a functional description of each screen field. Table 8-10 Protocol Port Configuration Screen Field Descriptions Use this field … To … Classification Rule See the VID, Classification, and Definition of the line selected in the Field...

  • Page 265: Assigning Ports To A Vid/Classification

    TO VLAN FORWARDING field toggles between NO and YES with (Toggle) NO as the default setting. YES adds all the ports set to YES to the VLAN Forwarding list of the switch module. 8.9.1 Assigning Ports to a VID/Classification The following procedures describe how to •...
  • Page 266 Protocol Port Configuration Screen Assigning One or More Ports Individually 1. Use the arrow keys to highlight the Classify field adjacent to the Port number. 2. Press the SPACE bar to toggle the Classify field to YES or NO. YES assigns the port to the VID/Classification shown in the Classification Rule field.

  • Page 267: Configuration Menu Screens

    802.1p Configuration Menu Screens This chapter describes the 802.1p Configuration Menu screen and the following screens that may be selected from its menu: • Port Priority Configuration screen • Traffic Class Information screen • Traffic Class Configuration screen • Transmit Queues Configuration screen •...

  • Page 268: Configuration Menu Screen

    802.1p Configuration Menu Screen 802.1p CONFIGURATION MENU SCREEN When to Use To select the screens used for setting port priority, priority classifications, or configuring rate limiting. How to Access Use the arrow keys to highlight the 802.1p CONFIGURATION MENU item on the 802.1 Configuration Menu screen and press ENTER.

  • Page 269: P Configuration Menu Screen Menu Item Descriptions

    Menu Descriptions Refer to Table 9-1 for a functional description of each menu item. Table 9-1 802.1p Configuration Menu Screen Menu Item Descriptions Menu Item Screen Function PORT PRIORITY Used to view or change the port default transmit priority (0 through 7) CONFIGURATION of each port for frames that are received (ingress) without priority information in their tag header.

  • Page 270: Port Priority Configuration Screen

    A frame with priority information in its tag header is transmitted according to that priority. NOTE: The priority is only changed while the switch module is processing the frame. Frames received by the switch module with a 1p priority value are transmitted with that same value.

  • Page 271: Port Priority Configuration Screen

    Port Priority Configuration Screen Screen Example Figure 9-2 Port Priority Configuration Screen 802.1p Configuration Menu Screens...

  • Page 272: Setting Switch Port Priority Port-By-Port

    (Read-Only) (Toggle) 9.2.1 Setting Switch Port Priority Port-by-Port To set the default port priority on a particular port, proceed as follows: 1. Use the arrow keys to highlight the Set field. 2. Press the SPACE bar to step to the INDIVIDUAL setting.

  • Page 273: Setting Switch Port Priority On All Ports

    Then you can apply the new settings to either the selected port or to all the ports. NOTE: The priority is only changed while the switch module is processing the frame. Frames received by the switch module with a 1p priority value are transmitted with that same value. Traffic Class Information Screen...

  • Page 274: Traffic Class Information Screen

    Traffic Class Information Screen Priority-to-Traffic Class Mapping is used to assign 802.1p priority values to a Traffic Class (0 through 3 with 0 being the lowest level Traffic Class) for each frame priority. For example, if the Traffic Class is set to 3 for those frames with a priority 7, then those frames would be transmitted before any frames contained in Traffic Classes 2 through 0.

  • Page 275: Traffic Class Information Screen Field Descriptions

    Port View up to 12 port numbers along with their Traffic Class-to-priority (Read-Only) settings. If the number of ports on the switch module exceed 12, one or more screens may be viewed using the NEXT and PREVIOUS commands. The port fields can also be used to access its Traffic Class Configuration screen, where the current Traffic Class-to-priority settings may be changed and applied to that port only or to all ports.

  • Page 276: Traffic Class Configuration Screen

    Traffic Class Configuration Screen TRAFFIC CLASS CONFIGURATION SCREEN When to Use To change the Traffic Class setting of one or more priorities on each port. The new Traffic Class settings may be applied only to the port selected or to all ports, simultaneously. How to Access Use the arrow keys to highlight the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen.

  • Page 277: Assigning The Traffic Class To Port Priority

    Field Descriptions Refer to Table 9-4 for a functional description of each screen field. Table 9-4 Traffic Class Configuration Screen Field Descriptions Use this field… To… Priority See the list of eight priority levels (0 through 7) that can be associated (Read-Only) with the Traffic Class settings.

  • Page 278: Transmit Queues Configuration Screen

    Transmit Queues Configuration Screen 3. If more than one Traffic Class setting is to be changed, repeat steps 1 and 2 until all of the changes in the Traffic Class settings have been made. 4. To save and apply the settings to only the port shown on the screen, proceed to step 5. To save the Traffic Class selections and apply them to all front panel Ethernet ports, proceed to step 6.

  • Page 279: Transmit Queues Configuration Screen

    Transmit Queues Configuration Screen How to Access Use the arrow keys to highlight the TRANSMIT QUEUES CONFIGURATION menu item on the 802.1p Configuration Menu screen and press ENTER. The Transmit Queues Configuration screen, Figure 9-5, displays. Screen Example Figure 9-5 Transmit Queues Configuration Screen 802.1p Configuration Menu Screens 9-13...

  • Page 280: Transmit Queues Configuration Screen Field Descriptions

    Transmit Queues Configuration Screen Field Descriptions Refer to Table 9-5 for a functional description of each screen field. Table 9-5 Transmit Queues Configuration Screen Field Descriptions Use this field … To… Current Queueing Toggle between the STRICT 802.1 and WEIGHTED mode. The default Mode setting is STRICT 802.1.

  • Page 281: Setting The Current Queueing Mode

    9.5.1 Setting the Current Queueing Mode To set the current queueing mode for a particular port, proceed as follows: 1. Use the arrow keys to highlight the Port field. 2. Press the SPACE bar to step to the appropriate port number. The port type displays to the right of the Port number field.

  • Page 282: Priority Classification Configuration Screen

    Write over an existing TOS value. When a frame is received that already contains an 802.1Q frame tag, frame classification is not implemented. Instead, the frame is processed by the switch module according to the information contained in the 802.1Q frame tag.

  • Page 283: Priority Classification Configuration Screen Field Descriptions

    Screen Example Figure 9-6 Priority Classification Configuration Screen Field Descriptions Refer to Table 9-6 for a functional description of each screen field. Table 9-6 Priority Classification Configuration Screen Field Descriptions Use this field … To… Display the Priority Identifiers (PIDs) currently associated with –...
  • Page 284 NOTE: Besides the PID selected, the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section when there are multiple classifications configured in the switch module. Table 9-7. 9.6.1. These rules come into effect Section 9.6.4.

  • Page 285: Classification List

    Table 9-7 provides a list of the classifications that can be selected in the Classification field and the associated subclassifications. Table 9-7 Classification List Classification Ethernet II Type> 802.3 SAP> New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same...
  • Page 286 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification IP TOS New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> IP Protocol Type New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same IPX COS IPX Packet Type 9-20...
  • Page 287 Table 9-7 Classification List (Continued) Classification Src IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Dest IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil IP Address New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...
  • Page 288 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification Src UDP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest UDP Port Same selections as for Src UDP Port Bil UDP Port...
  • Page 289 Table 9-7 Classification List (Continued) Classification Src TCP Port New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Same Dest TCP Port Same selections as for Src TCP Port Bil TCP Port Same selections as for...
  • Page 290 Priority Classification Configuration Screen Table 9-7 Classification List (Continued) Classification Src IPX Socket Dest IPX Socket Bil IPX Socket Src MAC Address Dest MAC Address Bil MAC Address IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> 9-24 802.1p Configuration Menu Screens Subclassification and...
  • Page 291 Table 9-7 Classification List (Continued) Classification IP Fragments New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Dest UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM> Bil UDP Range New IP TOS: - NO CHANGE - TOS=PID - CUSTOM>...

  • Page 292: Classification Precedence Rules

    Classification Precedence Rules NOTE: It is important that you have a comprehensive understanding of the precedence concept before configuring the switch, as these rules can have a significant impact on the network operation. When there are multiple classifications assigned to a switch, the switch must determine which classification takes precedence according to the Classification Precedence Rules.

  • Page 293: Classification Precedence

    Table 9-8 Classification Precedence Classification Type Layer 2 Source MAC Address Best Match Destination MAC Address Best Match EtherType IP TOS IP Type IPX COS IPX Type Layer 3 Source IP Address Exact Match Source IP Address Best Match Destination IP Address Exact Match Destination IP Address Best Match Source IPX Network Number Destination IPX Network Number...
  • Page 294 Priority Classification Configuration Screen Table 9-8 Classification Precedence (Continued) Classification Type Layer 4 UDP Port Source UDP Port Destination TCP Source Port TCP Destination Port IPX Socket Source IPX Socket Destination UDP Source Port UDP Source Port Range UDP Dest Port UDP Dest Port Range TCP Source Port TCP Source Port Range...

  • Page 295: About The Ip Tos Rewrite Feature

    Figure 9-7 Datagram, Layer 2 and Layer 3 This IP TOS Rewrite feature enables a Network Administrator to assign Layer 3 TOS characteristics to incoming frames and set the switch to rewrite the 8-bit TOS value in the Layer 3 information portion of incoming frames.

  • Page 296: Displaying The Current Pid/Classification Assignments

    Priority Classification Configuration Screen The IP TOS Rewrite feature enables you to configure the switch to: • Insert a user-defined 8-bit value into the layer-3 TOS field. • Write over an existing TOS value. This is useful when the Network Administrator wants to enforce a specific priority policy in the network.

  • Page 297: Deleting Pid/Classification/Description Line Items

    4. Press the SPACE bar to step to the appropriate Classification. subclassification associated with each Classification (examples of classifications: Ethernet II Type, 802.3 SAP, IP TOS, IP Protocol Type, etc.). 5. Use the arrow keys to highlight the subclassification field to the immediate right of the Classification field.

  • Page 298: Protocol Port Configuration Screen

    Protocol Port Configuration Screen 3. If more than one line item is to be deleted, repeat NOTE: To remove a mark, perform highlighted will remove the mark. If all marks are removed, the DEL MARKED command is changed back to DEL ALL 4.

  • Page 299: Protocol Port Configuration Screen Field Descriptions

    Screen Example Figure 9-8 Protocol Port Configuration Screen Field Descriptions Refer to Table 9-9 for a functional description of each screen field. Table 9-9 Protocol Port Configuration Screen Field Descriptions Use this field… To… Classification Rule See the Classification Rule (Priority, Classification, and Definition) of (Read-Only) the line selected in the Priority Classification Configuration screen.

  • Page 300: Assigning Ports To A Pid/Classification

    Protocol Port Configuration Screen Table 9-9 Protocol Port Configuration Screen Field Descriptions (Continued) Use this field… To… Port See the number of each port. (Read-Only) Classify See which ports are set to the PID/Classification indicated in the (Toggle) Classification Rule field (see between YES and NO, which determines whether or not the associated port is set to the Classification Rule.

  • Page 301: Prioritizing Network Traffic According To Classification Rule

    Solving the Problem In this example, switches S1 and S2 have already been configured and are operating. The following covers only the additional steps needed to configure each switch to establish the priority for each server. NOTE: For optimal operation of the prioritizing function, the connection between S1 and S2 is set for 802.1Q tagging.
  • Page 302 • Data Mask: 255.255.255.255 2. Assign all ports on the switch module to use this classification setting. 3. To set the Mail Server (IP 123.123.30.7) to the lowest priority (0), the following settings will be made using the Priority Classification Configuration screen: •...

  • Page 303: Rate Limiting Configuration Screen

    SmartTrunk segments. When to Use To limit the rate of traffic entering and leaving the switch module on a per port/priority basis. Up to three inbound rules and three outbound rules can be programmed per port to control traffic according to the priority entries. The rules also contain the programmed traffic rate. The allowable range for the rate limit is 1 Kbps to 1 Gbps.

  • Page 304: Rate Limiting Configuration Screen Field Descriptions

    Rate Limiting Configuration Screen Screen Example Figure 9-10 Rate Limiting Configuration Screen Field Descriptions Refer to Table 9-10 for a functional description of each screen field. Table 9-10 Rate Limiting Configuration Screen Field Descriptions Use this field… To… Port # See the number of each configured port.
  • Page 305 Table 9-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Traffic Rate See the maximum traffic rate set for each port entry. There can be up to (Read-Only) six entries (three for Inbound and three for Outbound traffic) for the same port.
  • Page 306 Inbound configures the rate limit to drop frames when the traffic rate (kbps) received by the switch port exceeds the setting in the Max Rate: kbps field for a particular entry. If there are two or three priority port entries set to Inbound, each entry functions independently.

  • Page 307: Configuring A Port

    Table 9-10 Rate Limiting Configuration Screen Field Descriptions (Continued) Use this field… To… Max Rate: kbps Enter the maximum transmission rate for this entry. The maximum (Modifiable) transmission rate includes all frames associated with the priorities selected in the Priority List field. The default high setting is 100 Kbps maximum interface speed.
  • Page 308 Rate Limiting Configuration Screen 3. Use the arrow keys to highlight the field below the Priority List field, near the bottom of the screen. 4. Select the priority setting(s) for the port as follows: a. Use the SPACE bar to step to a priority setting: ALL, 0, 1, 2, 3, 4, 5, 6, or 7. b.

  • Page 309: Changing/Deleting Port Line Items

    9.8.2 Changing/Deleting Port Line Items All, or one or more, line items containing the configured port and its priority, maximum rate, and associated dropped frames can be changed/replaced or deleted as follows: Changing One or More Line Items To change the configuration values in a line item, that line item must be deleted and replaced with a new entry with the correct configuration values.

  • Page 310: More About Rate Limiting

    Assume that a network was built using a 6C105 chassis in each closet and interconnected with Enterasys Networks switch routers using Gigabit Ethernet links. Also, assume that 100 users are attached to each 6C105 chassis through 100 Mbps Ethernet ports. If each user attempted to transfer data out of the wiring closet at the maximum possible rate, there could be up to 10 Gbps (100 users x 100 Mbps) of traffic attempting to leave the chassis over a single gigabit link.
  • Page 311 Rate Limiting Configuration Screen To solve this problem, the Rate Limiting feature can be configured on each port to provide each user with 5 Mbps of high priority bandwidth into the fabric. Now the maximum possible amount of traffic attempting to leave the chassis at high priority is 5 x 100 = 500 Mbps. The gigabit link has ample capacity to carry this load out of the chassis.

  • Page 313: Layer 3 Extensions Menu Screens

    Layer 3 Extensions Menu Screens This chapter describes the Layer 3 Extensions Menu screen and the IGMP/VLAN Configuration screen (Section 10.2). Screen Navigation Paths For 6C105 chassis: Password > Main Menu > Module Selection > Module Menu > Module Configuration Menu > Layer 3 Extensions Menu For 6C107 chassis: Password >...

  • Page 314: Igmp/Vlan Configuration Screen

    Layer 3 Extensions Menu Screen 10.1 LAYER 3 EXTENSIONS MENU SCREEN When to Use To access the IGMP/VLAN Configuration screen. How to Access Use the arrow keys to highlight the LAYER 3 EXTENSIONS MENU item on the Module Configuration Menu screen and press ENTER. The Layer 3 Extensions Menu screen, displays.

  • Page 315: Igmp/Vlan Configuration Screen

    IGMP is enabled or disabled by VLAN, not port by port. NOTE: Certain versions of firmware will not allow the switch to be a querier. Please check your release notes for further information. Refer to RFC 2236, Section 8, for more information on IGMP.
  • Page 316 IGMP/VLAN Configuration Screen The following multicast routing protocols are transparently supported and are used only to detect the location of routers (See the Release Notes for any changes or additions to this list): • DVMRP (Distance Vector Multicast Routing Protocol, RFC 1075) •...

  • Page 317: Igmp/Vlan Configuration Screen Field Descriptions

    ALL is chosen as the option under VLAN ID. The field will initially display an asterisk (*). Query Interval See or change the query interval time. If the switch is the querier, the (Modifiable) value in the Query Interval field indicates how often IGMP Host-Query frames are transmitted on the VLAN selected in the VLAN ID field.
  • Page 318 The interval is in tenths of seconds. This value is not used if the switch is not the querier. The field will initially display an asterisk (*). Switch Query IP...

  • Page 319: Igmp/Vlan Configuration Procedure

    Table 10-2 IGMP/VLAN Configuration Screen Field Descriptions (Continued) Use this field… To… VLAN ID See the Identifying number of the VLANs available to be modified. If (Selectable) there are no VLANs available, NONE is displayed in this field and asterisks (*) will display in the Configuration, Statistics, and IGMP State fields.
  • Page 320 RFC 2236 concerning switches, and routers. 5. Use the arrow keys to highlight the remaining fields: Query Interval, Query Response Time, Interface Robustness, Last Member Query Interval, Switch Query IP, and McastMartPoolSize. Enter the desired numbers in each field. 6. Use the arrow keys to highlight the SAVE command and press the ENTER key to save the information in all the fields that were changed.

  • Page 321: Module Statistics Menu Screens

    An HSIM or VHSIM Statistics screen may be selected from the Module Statistics Menu screen when an optional HSIM or VHSIM is installed in the switch module. For a description of the screen and how to use it, refer to the user’s guide for that HSIM or VHSIM.

  • Page 322: Module Statistics Menu Screen

    Statistics concerning frame traffic through each switch port. • MIB II statistics for each switched interface. • Statistics gathered by the embedded RMON agent on the switch. • Statistics on any optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM installed in the module.

  • Page 323: Module Statistics Menu Screen Menu Item Descriptions

    Screen Function SWITCH Lists the number of frames received, transmitted, filtered, and STATISTICS forwarded by each switch port. For details, refer to INTERFACE Provides the MIB-II statistics for each switched interface, on an STATISTICS interface-by-interface basis. For details, refer to...

  • Page 324: Switch Statistics Screen

    To obtain switch statistics about the number of frames received, transmitted, filtered, and forwarded by each switch port. How to Access Use the arrow keys to highlight the SWITCH STATISTICS menu item on the Module Statistics Menu screen and press ENTER. The Switch Statistics screen, 11-4...

  • Page 325: Switch Statistics Screen Field Descriptions

    Field Descriptions Refer to Table 11-2 for a functional description of each screen field. Table 11-2 Switch Statistics Screen Field Descriptions Use this field… To… Port # Identify the port number. The total number of ports is dependent on the...

  • Page 326: Interface Statistics Screen

    11.3 INTERFACE STATISTICS SCREEN When to Use To obtain the MIB-II statistics of all the switch interfaces with the exception of an installed HSIM or VHSIM. NOTE: Enterasys Networks HSIMs that support FDDI or WAN gather their own statistics, and may be viewed via the Local Management screens of the applicable HSIM.

  • Page 327: Interface Statistics Screen Field Descriptions

    Interface See the Interface number for which statistics are currently being (Read-Only) displayed. represents Port 1 of the switch module. To view other interface statistics, refer to Name See the type of interface for which statistics are being displayed. (Read-Only)
  • Page 328 (Read-Only) though the frames contained no errors. This field may increment because the switch module was receiving frames during initialization and was not ready to forward them, or the switch was being overutilized. InErrors See the total number of inbound frames that have been discarded (Read-Only) because they contained errors.

  • Page 329: Displaying Interface Statistics

    Table 11-3 Interface Statistics Screen Field Descriptions (Continued) Use this field… To… Address See the MAC address of the interface that is currently being displayed. (Read-Only) Last Change See the last time that the interface was reset. (Read-Only) Admin Status See the current status of the interface.

  • Page 330: Rmon Statistics Screen

    When to Use To obtain RMON statistics for each interface, on an interface-by-interface basis. NOTE: The RMON Statistics screen provides statistics for all the switch module front panel Ethernet Interfaces, and any Ethernet HSIM/VHSIM installed in the switch module. How to Access Use the arrow keys to highlight the RMON STATISTICS field on the Module Statistics Menu screen and press ENTER.

  • Page 331: Rmon Statistics Screen Field Descriptions

    RMON Index See the current Ethernet interface for which statistics are being shown. (Read-Only) The switch module has an embedded RMON agent that gathers statistics for each interface on the switch module. Data Source See the source of the statistics data that is currently being displayed on (Read-Only) the screen.
  • Page 332 RMON Statistics Screen Table 11-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… Undersized Pkts See the number of frames received containing less than the minimum (Read-Only) Ethernet frame size of 64 bytes, not including the preamble, but have a valid CRC.

  • Page 333: Displaying Rmon Statistics

    Table 11-4 RMON Statistics Screen Field Descriptions (Continued) Use this field… To… 512 – 1023 Octets See the total number of frames, including bad frames, received that (Read-Only) were between 512 and 1023 bytes in length (excluding framing bits, but including FCS bytes). 1024 –...

  • Page 334: Chassis Environmental Statistics Configuration Screen

    Chassis Environmental Statistics Configuration Screen 11.5 CHASSIS ENVIRONMENTAL STATISTICS CONFIGURATION SCREEN When to Use To obtain Chassis statistics for fan and power supplies. How to Access Use the arrow keys to highlight the Chassis Environmental Statistics Configuration screen on the Module Statistics menu screen and press ENTER. The Chassis Environmental Statistics Configuration screen Figure 11-5 Screen Example...

  • Page 335: Chassis Environmental Statistics Configuration Screen Field Descriptions

    Field Descriptions Refer to Table 11-5 for a functional description of each screen field. Table 11-5 Chassis Environmental Statistics Configuration Screen Field Descriptions Use this field… To… Chassis Power Determine whether there is power redundancy available. Redundancy Chassis Power #1 Determine the status of the redundant power supply.

  • Page 337: Network Tools Screens

    This chapter describes the Network Tools Help screen and how to use it and the Network Tools commands to access and manage network devices. An example of each command is also included. Screen Navigation Paths Password > Main Menu > Module Selection > Module Menu > Network Tools 12.1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set.

  • Page 338: Network Tools Help Screen

    Screen Example Figure 12-1 Network Tools Help Screen The Network Tools functions are performed using a series of commands. Entering commands in Network Tools involves typing the command to be executed at the Network Tools prompt, adding any desired or required extensions, and pressing ENTER. There are two categories of commands in the command set: Built-in and Special, which are described below and detailed in •...

  • Page 339: Built-In Commands

    Refer to Table 12-1 for a list of the commands. Table 12-1 Built-In Commands alias bridge gigabit_port_mode link_trap loopback_detect non_bridge_if_num passiveStp radius rate_limit_mode show soft_reset stpLegacyPathCost stpPointToPointMAC suppress_topology_ telnet traps traceroute vrrpPort 1. The atm_stp_state command only displays when an HSIM or VHSIM is installed that supports ATM, such as the HSIM-A6DP or VHSIM2-A6DP.

  • Page 340: Built-In Commands

    command Description: Briefly describes the command and its uses. Syntax: Shows the required command format. It indicates where arguments, if any, must be specified. Options: Lists any additional fields in the appropriate format that may be added to the command. Example: Shows an example of the command.
  • Page 341 alias (Continued) Examples: -> alias disable 1-4 Snooping is disabled on port 1. Snooping is disabled on port 2. Snooping is disabled on port 3. Snooping is disabled on port 4. -> alias status 1 Snooping is disabled on port 1. ->...
  • Page 342 Super-user access is required to delete an entry or add a static route. Each ARP cache entry lists the network interface that the switch module is connected to, the device’s network address or IP address, the device’s physical address or MAC address, and the media type of connection to the device.
  • Page 343 arp_learn Description: Sets how the ARP cache entry will be affected under different conditions as described in the options below, and displays current ARP cache settings. Syntax: arp_learn [normal | limited | status] Options: normal – Changes the ARP cache entry for a given IP Address, if the source address (SA) in the entry does not match that of any received IP Packet.
  • Page 344 Description: Enables, disables or displays the status of the CDP Discovery Protocol. Syntax: cdp [enable/disable/status] Options: enable — Enables CDP discovery protocol on the device. disable — Disables CDP discovery prototol on the device. status — Displays the status of the CDP discovery protocol. Examples: ->...
  • Page 345 The VID of the VLAN to be acted on. The VLAN must be one that has been configured in the switch before it can be selected. The maximum VID value that can be entered is 4095. NOTE: Devices that do not source frames regularly (such as printers), may not operate properly with dynamic egress enabled.
  • Page 346 dynamic_egress (Continued) Examples: -> dynamic_egress status 1 Dynamic Egress Disabled for VLAN ID 0x0001 -> dynamic_egress enable 1 Dynamic Egress Enabled for VLAN ID 0x0001 -> dynamic_egress disable 1 Dynamic Egress Disabled for VLAN ID 0x0001 Description: Enables or disables groups of events or all events concerning logging functions.
  • Page 347 ev (Continued) Options: ENABLE – Enables Group or events or all DISABLE – Disables Group or events or all Commands to Control Logging Functions: ev STARt [Logging] [Trapping] – begin logging events/traps ev STOp [Logging] [Trapping] – stop logging events/traps ev Clear –...
  • Page 348 — Displays the current state of igmpv3_drop on the device. Examples: -> igmpv3_drop enable -> igmpv3_drop disable -> igmpv3_drop status igmpv3 drop is Disabled. 12-12 Network Tools Screens NOTE: This field is displayed only when the switch module supports an installed Gigabit Ethernet VHSIM.
  • Page 349 lg_frame_admin Description: Enables large frame support on a per port basis. allowing the user to determine if large frames can be forwarded out a particular port. Syntax: lg_frame_admin [ set ] [ LARGE | FRAG_IF_POSS | SMALL | AUTO ] [ PORT | ALL_BPLANE | ALL_FDDI ] lg_frame_admin [ status ] [ port # ] Options:...
  • Page 350 link_trap Description: Enables, disables, or displays the status of link traps on one or all ports. Syntax: link_trap [enable/disable/status] <PORT/all> Options: enable — Enables a link trap. disable — Disables a link trap. status — Displays link trap status. PORT/ all — Specifies a port or all ports. Examples: ->...
  • Page 351 maclock Description: Configures the MAC locking feature per port. When enabled, either a static MAC is locked to the port, or the first MAC seen on the port is locked to that port. Only incoming traffic with the locked MAC as the source MAC address shall be forwarded.
  • Page 352 maclock (Continued) Syntax: maclock set enable [ port# | all | global ] (Continued) Enables MAC locking globally or on one or more ports. When enabled and configured for a specific MAC address and port string, this locks a port so that only one end station address is allowed to participate in frame relay.
  • Page 353 maclock (Continued) Options: port# | all — Applies MAC locking parameters to a specific ports or to all ports on the device. global — Applies MAC locking parameters globally. firstarrival — Displays MAC locking information about first arrival end stations connected to the device. static —...
  • Page 354 maclock (Continued) Examples: -> maclock set enable global (Continued) MAC locking is globally enabled. -> maclock set disable global MAC locking is globally disabled. -> maclock set 00:a0:c9:0d:32:11 3 create MAC_locking for MAC 00:A0:C9:0D:32:11 created on Port 3. -> maclock set firstarrival 3 6 MAC-Locking Dynamic entry changed to 6 on port 3.
  • Page 355 netstat (Continued) Example: -> netstat -i Interface + DescriptionMTU #1 (ethernet - csmacd) 1514 10000000 up #2 (ethernet - csmacd) 1514 10000000 up #3 (ethernet - csmacd) 1514 10000000 up #4 (ethernet - csmacd) 1514 10000000 up -> netstat -r Destination # Default Route # 134.141.0.0...
  • Page 356 passiveStp Description: Enables, disables, or displays the status of Passive Mode Spanning Tree on the device. Passive Mode Spanning tree allows ports on leaf bridges to transition very quickly and not invoke a global network re-span through requesting root elections by: •...
  • Page 357 policy Description: Displays the policy table and configures policy-port mappings. Syntax: policy show profile <profile_index> Displays the policy table, including policy index, policy name, policy status (enable/disable), and PVID and priority override information policy show port <port_number_or_range_or_all> Displays the policy status of one or more ports, including default policy, current policy, authentication type (Static, PWA, EAP and MAC), authentication status (Auth/NoAuth/NA) and authentication information (authenticated MAC or UserName).
  • Page 358 policy (Continued) Examples: (Contiued) -> policy show port 1-4 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ Guest Guest <none> Guest <none> -> policy set port 1-2 1 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ Default Default -> policy clear profile port 1-2 ------------------------------------------------------------------------------ Port DefaultPolicy ------------------------------------------------------------------------------ <none>...
  • Page 359 radius Description: Enables, disables, and configures RADIUS authentication, which can only be used when the client has been properly configured and enabled. When the RADIUS Client is not enabled, the legacy password authentication will run as before. For more about Radius Client, refer to Syntax: radius radius status...
  • Page 360 radius (Continued) Options: radius — Shows RADIUS help. radius status — Shows all RADIUS client settings. radius [enable | disable] — Enables or disables the RADIUS Client. radius prim_ip <server ip> — Shows <sets> the primary RADIUS server’s IP, in decimal-dotted format. radius sec_ip <server ip>...
  • Page 361 radius (Continued) Options: radius prim_secret — Sets the primary RADIUS server’s shared secret. (Cont’d) radius sec_secret — Sets the secondary RADIUS server’s shared secret. Examples: -> radius client RADIUS Configuration Cli Command Format : radius status clear timeout last_resort retry enable disable prim_secret...
  • Page 362 radius (Continued) Examples: (Cont’d) -> radius sec_secret Enter Secret (max 32): *** Confirm Secret: *** ERROR : secret minimum length is 6 -> radius sec_secret Enter Secret (max 32): ******* Confirm Secret: ******* Warning: rfc2865 recommends min length of 16 ->...
  • Page 363 rate_limit_mode Description: Displays the status of rate limiting or configures the exit-rate limit range to either the default high_range (100 Kbps to 1 Gbps) or the low range (50 Kbps to 400 Mbps). This mode is stored in non-volatile memory and is retained by normal resetting.
  • Page 364 reset Description: Initiates a hardware reset of the device. This command initializes the CPU processor, runs the onboard diagnostics, and restarts the software image, which restores the user configuration settings from NVRAM. The user will be queried to confirm the reset command to ensure against unwanted resets. Syntax: reset Options:...
  • Page 365 show Description: Displays information concerning various components of the device. Protocols currently supported are IP, IPX, DECnet, and AppleTalk. Components of those protocols that are currently supported are ARP caches, route tables, FIB tables, server tables, and interface tables. The number of valid entries in the table will be outputted at the end of the table display.
  • Page 366 show (Continued) Options: PROTOCOL — Specifies a protocol for which information will be displayed. TABLE — Specifies a type of table to display. fid – Show MAC addresses for the filter database identifier (fdbId). address – Show the address (mac) if it is known by the device. port –...
  • Page 367 show (Continued) -> show Appletalk interfaces # Interface AdminStatus enabled disabled > show IP ARP # Interface MediaType 3(dynamic) 3(dynamic) # Number of valid entries: 2 -> show mac MAC Address ----------------- ---------- 00:00:1D:00:00:20 00:00:1D:00:03:20 00:00:1D:C3:BE:53 00:00:1D:C3:BE:63 more? (y or n) soft_reset Description: Restarts the software image, which restores the user configuration settings...
  • Page 368 stpEdgePort Description: Sets a port to EDGE PORT (enable) or BRIDGE PORT (disable). Syntax: stpEdgePort [ status ] stpEdgePort [ enable ] [ vlan id ] [ port range ] stpEdgePort [ disable ] [ vlan id ] [ port range ] Options: status —...

  • Page 369: Path Cost Parameter Values

    stpLegacyPathCost Description: Enables or disables the use of 802.1D or 802.1t Path Cost bridging values on the device. The default is legacy 802.1D standard Path Cost values. Table 12-2 Table 12-2 Path Cost Parameter Values Link Speed 10 Mb/s 100 Mb/s 1 Gb/s 10 Gb/s Bridges conforming to IEEE Std 802.1D, 1998 Edition, i.e., that support only 16-bit...
  • Page 370 stpLegacyPathCost (Continued) Examples: To set the device to use the 802.1D legacy path costs, enter: -> stpLegacyPathCost enable To set the device to use the 802.1t path costs (default setting), enter: -> stpLegacyPathCost disable To determine if the device is currently operating using 802.1t or 802.1D path costs values, enter: ->...
  • Page 371 stpPort Description: Enables, disables, or displays which physical ports are enabled as Spanning Tree ports. This command does not apply to virtual interfaces such as ATM. To enable, disable, or view the status of ATM ports, use the atm_stp_state command. Syntax: stpPort [status] stpPort [enable] [port#]...
  • Page 372 Enables or disables the generation of topology traps on inter switch links. Only inter switch link ports that transition to forwarding or blocking cause the switch to issue a topology trap. By default, this feature is disabled and will allow the generation of topology traps.
  • Page 373 timed_soft_reset Description: Configures a soft reset in number of seconds, or displays when a soft reset will occur. The reset_nv and dont_reset_nv commands tell the timed reset if non-volatile memory should be reset or not. If reset non_volatile is chosen, ip will be retained.
  • Page 374 SmartSwitch devices to establish new virtual connections based on the new router paths. 12-38 Network Tools Screens NOTE: This command is only valid when the switch supports the installed HSIM or VHSIM.

  • Page 375: Example, Effects Of Aging Time On Dynamic Egress

    In this example, assume that a rule set on Port 1 of the switch module classifies all IP frames to a Red VLAN. Once Port 1 receives a frame from a user device, the frame is classified to the Red VLAN and added to the dynamic Port VLAN List of Port 1.

  • Page 376: Example, Dynamic Egress Application

    Figure 12-2 Example, Dynamic Egress Application Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with Filter Database Identifier (FDB ID) 0001 as the Port VLAN Identifier (PVID) on all ports.

  • Page 377: Special Commands

    that port. The Port VLAN List contains a list of all VLANs whose frames can be transmitted out that port. In this example, the AppleTalk traffic is routed only to AppleTalk users (Ports 1, 2, 5, and 6), while IP traffic is allowed to be seen by IP users (Ports 3, 4, and 7) and by IP/AppleTalk users (Ports 1, 2, 5, and 6).
  • Page 378 Special Commands 12-42 Network Tools Screens...

  • Page 379: Vlan Operation And Network Applications

    VLAN Operation and Network Applications NOTE: It is recommended to read this chapter to gain an understanding of VLANs before configuring the switch. This chapter provides the following information: • Definition of VLANs (Section • Types of VLANs (Section •...

  • Page 380: Defining Vlans

    Defining VLANs 13.1 DEFINING VLANs A Virtual Local Area Network is a group of devices that function as a single Local Area Network segment (broadcast domain). The devices that make up a particular VLAN may be widely separated, both by geography and location in the network. The creation of VLANs allows users located in separate areas or connected to separate ports to belong to a single VLAN group.

  • Page 381: Example Of A Vlan

    SmartSwitch A, cross the high speed link to SmartSwitch B, and then propagated out all switch ports on SmartSwitch B. The SmartSwitches treat each port as being equivalent to any other port, and have no understanding of the departmental memberships of each workstation.

  • Page 382: Types Of Vlans

    FDB ID cannot communicate with the members of another FDB ID. To set up a VLAN, all the network switch devices that are assigned to the VLAN must support the IEEE 802.1Q specification for VLANs. Before you attempt to implement a VLAN strategy, ensure that the switches under consideration support the IEEE 802.1Q specification.

  • Page 383: Vlan Terms And Definitions

    13.4 VLAN TERMS To fully understand the operation and configuration of port based VLANs, it is essential to understand the definitions of several key terms. Table 13-1 VLAN Terms and Definitions VLAN Term VLAN ID VLAN Name Egress Ingress Filtering Database Identifier (FDB ID) Tag Header (VLAN Tag) Tagged Frame...
  • Page 384 The port will drop all incoming frames that do not have a VLAN tag. This is a reference to a connection from a switch that passes only untagged traffic. By default, a port designated to pass only untagged frames has all VLANs on its Port VLAN List and is configured to transmit all frames as untagged frames.

  • Page 385: Vlan Operation

    The 802.1Q VLAN operation is slightly different than the operation of traditional switched networking systems. These differences are due to the importance of keeping track of each frame and its VLAN association as it passes from switch to switch or from port to port within a switch. 13.5.2 VLAN Components Before describing the operation of an 802.1Q VLAN, it is important to understand the basic...

  • Page 386: Configuration Process

    Before a VLAN can operate, steps must be performed to configure the switch to establish and configure a VLAN. Enterasys Networks VLAN-aware switches default to operate in the 802.1Q VLAN mode. However, further configuration is necessary to establish multiple logical networks.

  • Page 387: Vlan Switch Operation

    These VLAN tags are added to data frames by the switch as the frames are transmitted out certain ports, and are later used to make forwarding decisions by the switch and other VLAN-aware switches. In the absence of a VLAN tag header, the classification of a frame into a particular VLAN depends upon the configuration of the switch port that received the frame.

  • Page 388: Receiving Frames From Vlan Ports

    The switch receives a frame from Port 1 and examines the frame. The switch notices that this frame does not currently have a VLAN tag. The switch recognizes that Port 1 is a member of VLAN A and classifies the frame as such. In this fashion, all untagged frames entering a VLAN switch assume membership in a VLAN.

  • Page 389: Known Unicasts

    When the switch is powered up, the switch uses its default settings to switch frames like an 802.1Q switch. In this default configuration, all ports are a member of the default VLAN (VLAN 1) including the virtual Host Data Port of the switch, so any port can be used to manage the device as shown in Figure 13-3.

  • Page 390: Switch With Vlans

    Figure 13-3 Switch Management with Only Default VLAN 13.8.3 Switch with VLANs If the switch is to be configured for multiple VLANs, it may be desirable to configure a management-only VLAN. This allows a management station connected to the management VLAN to manage all ports on the switch and make management secure by preventing management via ports assigned to other VLANs.

  • Page 391: Switch Management With Vlans

    VLAN” (or other suitable name) and its VLAN ID. In this example, the VLAN ID is set to 2. An FDB ID is automatically assigned by the switch, so that the Management VLAN has its filtering database to make the VLAN secure. In this example, the FDB ID is 2 and no other VLAN is assigned to this FDB ID.

  • Page 392: Summary Of Vlan Local Management

    No matter how many switches are connected, a management station connected to any port on the same Management VLAN can be used to remotely manage any Enterasys Networks 802.1Q switch in the network as long as the Host Data Port of all the switches are members of the same Management VLAN.

  • Page 393: Preparing For Vlan Configuration

    It may also be helpful to sketch out a diagram of your VLAN strategy. The examples provided starting with Section 13.11 provides a quick walkthrough on how to use the screens to configure the switch for VLANs. may be useful for a depiction of the planning process. VLAN Operation and Network Applications...

  • Page 394: Quick Vlan Walkthrough

    Quick VLAN Walkthrough 13.10 QUICK VLAN WALKTHROUGH The procedures below provide a short tutorial walkthrough that presents each of the steps necessary to configure a new Static VLAN. These steps include the following: • Assigning a VLAN ID and VLAN Name •...

  • Page 395: Walkthrough Stage One, Static Vlan Configuration Screen

    2. Use the arrow keys to highlight the Egress field of Port 3. NOTE: For the purposes of this walkthrough, Port 3 will be configured. As this port will connect to a single workstation, and is not to be used for switch-to-switch communications, the Egress will be set to UNTAGGED.

  • Page 396: Walkthrough Stage Two, Port 3 Egress Setting

    Now that Port 3 belongs to VLAN 2, we will designate one port as a trunk port for a connection to another VLAN-aware switch. This trunk port will carry tagged frames from all VLANs, allowing VLAN frames to maintain their VLAN ID across multiple switches.

  • Page 397: Walkthrough Stage Three, Port 10 Egress Setting

    NOTE: Since Port 3 will connect to a single workstation, and is not to be used for switch-to-switch communications, the acceptable frame types allowed through this port will be all frame types (tagged and untagged). Since Port 3 will not receive VLAN frames from the work station, it is not necessary to filter frames.
  • Page 398 NOTE: Since Port 10 will be used for switch-to-switch communications, the PVID is left set on the default VLAN value of 1. This associates Port 10 with all VLANs on the switch. Since Port 10 will be used as a trunk port, only tagged frames will be allowed through the port.

  • Page 399: Examples

    This effectively completes the configuration of a single VLAN, assigning it to a port, and configuring the switch to forward the frames received on that port to a trunk port. The trunk port in turn forward the frames as tagged to another switch.

  • Page 400: Example 1, Single Switch Operation

    Figure 13-10 Example 1, Single Switch Operation 13.12.1 Solving the Problem To set up this switch, users will be assigned to two new VLANs, red stations to the Red VLAN, and blue stations to the Blue VLAN. The information below describes how the switch is configured to create these two VLANs and how users are assigned to them.

  • Page 401: Switch Configured For Vlans

    Figure 13-11 Switch Configured for VLANs The switch will now classify each frame received as belonging to either the Red or Blue VLANs. Traffic from one VLAN will not be forwarded to the members of the other VLAN, and all frames transmitted by the switch will be normal, untagged Ethernet frames.

  • Page 402: Frame Handling

    R1. 1. Station R1 transmits the broadcast frame. The switch receives this frame on Port 1. As the frame is received, the switch classifies it. The frame is untagged, so the switch classifies it as belonging to the VLAN that Port 1 is assigned to, the Red VLAN.

  • Page 403: Example 2, Vlans Across Multiple Switches

    Example 2, VLANs Across Multiple Switches Figure 13-12 Example 2, VLANs Across Multiple Switches VLAN Operation and Network Applications 13-25...

  • Page 404: Solving The Problem

    Example 2, VLANs Across Multiple Switches 13.13.1 Solving the Problem To solve the problem in this example, the users are assigned to VLANs using Switch 4 and Switch 2 as shown in Figure 13-12. Redco users are assigned to the Red VLAN and Blue Industries users to the Blue VLAN.
  • Page 405 By default the port remains as a member of the Default VLAN. With the original classification information inserted in the frame Tag Header, the receiving switch will maintain the original frame classification. GVRP is enabled on this port and will support dynamic VLANs created by GVRP.
  • Page 406 Ingress Filtering: ENABLED GVRP Status: DISABLED This causes the switch to classify all untagged frames received as belonging to the VLAN specified by each port PVID and to replace the previous PVID information in the port VLAN List with the new PVID information. This makes Port 1 part of the Blue VLAN, Port 3 part of the Red VLAN, and both are set to the VLAN frame format of untagged.

  • Page 407: Frame Handling

    Switch 4 updates its Source Address Table in FDB ID 2 if it didn’t already have a dynamic entry for MAC address “Y” in FDB ID 2. Because Switch 4 received the frame on Port 1, it does not forward the frame out that port, but does forward the frame to Port 4.

  • Page 408: Transmitting To Switch 4

    Figure 13-14 Transmitting to Switch 4 3. When Switch 2 receives the tagged frame on its Port 2, it checks the frame’s VLAN Tag Header and determines that the frame is classified as belonging to the Red VLAN, and that the frame is a broadcast frame.

  • Page 409: Transmitting To Bridge 4

    MAC address, VLAN, and receive port. 5. The frame from the File Server is received on Switch 2, and forwarded to Switch 1 as a tagged frame classified as belonging to the Red VLAN. Switch 1 removes the tag and forwards the frame to Bridge 1, which in turn forwards the frame out of the port attached to User A.

  • Page 410: Example 5, Filtering Traffic According To A Classification

    Layer 4 classification rule that will classify each RIP broadcast frame received on Port 25 of each switch to the Null VLAN. Since the Null VLAN is not associated with any ports, the frame will be dropped and not transmitted out any port.

  • Page 411: Example 4, Securing Sensitive Information According To Subnet

    2. The VLAN Classification Configuration screen is used to configure the switch to detect and classify the incoming RIP broadcast frames on Port 25 to the Null VLAN. Since the Null VLAN is not assigned to any port, the frame is dropped (not transmitted out any port). The VLAN Classification Configuration screen is set as follows: •...

  • Page 412: Solving The Problem

    To isolate the Finance Department traffic, Subnet 28 will be isolated from the Engineering Department subnet 50 and other users on the company’s network (123.123.xx.xx). The following covers only those steps needed to configure the switch to solve the problem. Switch 1...

  • Page 413: Example 7, Dynamic Egress Application

    Figure 13-18 Example 7, Dynamic Egress Application Solving the Problem In this example, Switch 1 (S1) has already been configured with a default VLAN 0001 associated with FDB ID 0001 as the PVID on all ports. The following additional steps are required to configure the switch to solve this problem.

  • Page 414: Example 6, Locking A Mac Address To A Port Using Classification Rules

    The following example illustrates how to add security by “locking” an individual MAC address to a port on the switch module (S1). This would typically be done to ensure that only a particular device can gain access to the network from a specific port. Traffic received by the switch from any MAC address other than the one assigned to the “locked”...
  • Page 415 • The Static VLAN Egress Configuration screen to set Ports 1 and 2 to transmit only untagged frames and add them to the VLAN Egress list of the switch. • The Static VLAN Egress Configuration screen to remove all ports from the Default VLAN List.
  • Page 416 Example 6, Locking a MAC Address to a Port Using Classification Rules 3. Remove all ports from the Default VLAN Egress List as follows: • The Default VLAN is selected from the Static VLAN Configuration screen to display the Static VLAN Egress Configuration screen. The following is set using the Static VLAN Egress Configuration screen: SET ALL PORTS: NO This configuration setting will cause the untagged frames sent to the Default VLAN from Ports...

  • Page 417: A.1 Operation

    The purpose of GVRP is to dynamically create VLANs across a switched network. When a VLAN is declared, the information is transmitted out GVRP configured ports on the switch in a GARP formatted frame using the GVRP multicast MAC address. A switch that receives this frame, examines the frame, and extracts the VLAN IDs.

  • Page 418: A-1 Example Of Vlan Propagation Via Gvrp

    A-1, Switch 4, port 1 is registered as being a member of VLAN Blue and then declares this fact out all its ports (2 and 3) to Switch 1 and Switch 2. These two switches register this in the Port VLAN Lists of the ports (Switch 1, port 1 and Switch 2, port 1) that received the frames with the information.

  • Page 419: B.1 Igmp Overview

    Internet Group Management Protocol (IGMP) is a multicast protocol used by routers. This protocol is supported by Enterasys Networks SmartSwitches when operating in the 802.1Q mode to “snoop” the IGMP frames. The multicast information is gleaned from the IGMP frame and a filter is created to send the stream of data only to those end stations that will receive it.

  • Page 420: Supported Features And Functions

    Ports that receive queries are marked as upstream ports. It is assumed a router exists somewhere off this port, and responses are sent here. If the switch detects a router protocol on a port, that port is also marked as a router port. This keeps the switch from blocking traffic to other routers.

  • Page 421: Detecting Multicast Routers

    The router(s) sends multicast routing protocol frames that get flooded throughout the network. By snooping on these protocol, the switch will mark ports as connected to a router. The port is put in a “forward all” mode where all multicast frames will be flooded. This allows all types of IP multicast traffic (including IGMP streams) to go to the router.
  • Page 423 Numerics 1D Connection 13-6 1D Trunk 8-20 1Q Connection 13-6 1Q Trunk 8-20 802.1 Configuration Menu screen 802.1p Configuration Menu screen 802.1Q switching mode hierarchy of 802.1Q VLAN Configuration Menu screen 802.3ad Aggregator Details screen screen fields Admin Key 6-43 Aggregator Instance 6-43 Collector Max Delay...
  • Page 424 MuxReason 6-39 MuxState 6-39 PartnerChangeCount 6-39 PartnerChurnCount 6-39 PartnerChurnState 6-39 Port Instance 6-38 PsyncTransCount 6-39 RxState 6-38 UnknownRx 6-38 802.3ad System screen 6-44 screen fields Number of Aggregators 6-45 Number of Ports 6-45 System Identifier 6-45 Acceptable Frame Type setting of 8-21 Access Control List screen 5-25...
  • Page 425 Configuration VLAN Spanning Tree VLAN Spanning Tree ports 7-12, Configuration Process 13-8 Confining Network Traffic According to Priority and VLAN 9-35 Controlling Traffic example of 12-40 Current VLAN Configuration screen screen fields FDB ID 8-15 Ports on Egress 8-15 VLAN ID 8-15 VLAN Type 8-15...
  • Page 426 SessionFramesRx 3-47 SessionFramesTx 3-47 SessionID 3-47 SessionOctetsRx 3-47 SessionOctetsTx 3-47 EAP Statistics Menu screen 3-44 Egress Types on Ports setting of 8-12 Ethernet Interface Configuration screen screen fields Config Duplex FDX FC HDX FC Intf Link Port Port Type Speed Ethernet Port Configuration screen screen fields Advertised Ability...
  • Page 427 10-6 Querier Address 10-6 Querier Expire Time 10-6 Querier Uptime 10-6 Query Interval 10-5 Query Response Time Switch Query IP VLAN ID Ingress Filtering enabling or disabling of port Input field Interface Statistics screen InOctets interface 8-21 name screen fields...
  • Page 428 13-6 Local Management clearing counters exiting from navigating the screens paging to next or previous screen requirements screen elements See also managing the switch Local Management screens selection of MAC Locking 12-15 MAC Port Configuration screen screen fields Authentication State...
  • Page 429 dynamic_egress 12-9 12-10 gigabit_port_mode 12-12 igmpv3_drop 12-12 lg_frame_admin 12-13 link_trap 12-14 loopback_detect 12-14 MAC lock 12-15 netstat 12-18 non_bridge_if_num 12-19 passiveStp 12-20 ping 12-20 policy 12-21 radius 12-23 rate_limit_mode 12-27 reset 12-28 sat_size 12-28 show 12-29, 12-33 soft_reset 12-31 stpEdgePort 12-32 stpForceVersion 12-32...
  • Page 430 Src Port [n] (Selectable) Status 4-22 Port Redirect Configuration screen (module) Port Security setup example 13-36 Port VLAN list 13-6 Ports setting Egress types on 8-12 PREVIOUS command how to use Primary and Secondary Servers function of 3-16 Priority and VLAN isolating network according to Priority Classification Configuration screen screen fields...
  • Page 431 Port Type 9-39 Priority List 9-40 Priority List (top of screen) Redirect Configuration Menu screen xvii Related manuals Remote Management See also managing the switch Reset Peak Switch Utilization setting of 5-31 RMON Statistics screen 11-10 65 – 127 11-12 fragments...
  • Page 432 SNMP Configuration Menu screen SNMP Traps Configuration screen 10-2 Spanning Tree Configuration Menu screen Static VLAN Configuration screen Static VLAN Egress Configuration screen Switch Statistics screen System Resources Information screen Traffic Class Configuration screen 11-2 Traffic Class Information screen Transmit Queues Configuration screen...
  • Page 433 VLAN ID VLAN Name 5-24 Station Strict 802.1p Queueing Mode 5-24 setting of Subnet mask 4-5, 5-5, Supplicant Switch Switch 8 Function Enable/Disable Switch Statistics screen clearing counters screen fields Clearing Counters Frames Fltrd 7-10 Frames Frwded Frames Rcvd Frames Txmtd...
  • Page 434 Reset Peak Switch Utilization 13-5 Tag Header 13-5 Tagged frame 13-5, 13-10 Telnet connections TFTP Gateway IP Addr 5-35 TFTP gateway IP addr Traffic Class Configuration screen screen fields Priority 9-11 SAVE 9-11 SAVE TO ALL PORTS Traffic Class 9-11...
  • Page 435 Src VLAN ID [n] (Selectable) Status (Toggle) 4-25 VLAN Spanning Tree configuring a VLAN Spanning Tree Ports configuration of 7-12, 7-13 viewing status of 7-13 VLAN Switch Operation description of 13-9 Weighted Queueing Mode setting of 9-15 6-22 4-25 4-25 4-25...

This manual is also suitable for:

Matrix e7 5g106-06Matrix e7 seriesSmartswitch 6000 series6h2 series6e2 series6h3 series ... Show all

Table of Contents