Dell PowerConnect 5424 User Manual
  1. Manuals
  2. Brands
  3. Dell Manuals
  4. Switch
  5. PowerConnect 5424
  6. User manual

Dell PowerConnect 5424 User Manual

Powerconnect 5400 series
Hide thumbs Also See for PowerConnect 5424:
1
2
Table Of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
Table of Contents

Advertisement

Quick Links

Dell™ PowerConnect™
54xx Systems

User Guide

w w w . d e l l . c o m | s u p p o r t . d e l l . c o m

Advertisement

Table of Contents
loading

Related Manuals for Dell PowerConnect 5424

Summary of Contents for Dell PowerConnect 5424

  • Page 1: User Guide

    Dell™ PowerConnect™ 54xx Systems User Guide w w w . d e l l . c o m | s u p p o r t . d e l l . c o m...
  • Page 2 Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Axim, Dell, the DELL logo, DellNet, Dell OpenManage, Dell Precision, Dimension, Inspiron, Latitude, OptiPlex, PowerConnect, PowerApp, and PowerVault are trademarks of Dell Inc. Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries.

  • Page 3: Table Of Contents

    Contents Introduction ............PowerConnect 54xx Series Systems Features .
  • Page 4 Installing the PowerConnect Device ....Installation Precautions ......Site Requirements .
  • Page 5 Password Recovery Software Download Through TFTP Server ....Using Dell OpenManage Switch Administrator ..Understanding the Interface .
  • Page 6 Configuring System Information ....Defining General Device Information ..... . .
  • Page 7 Managing Device Security ......Defining Access Profiles ......Adding an Access Profile .
  • Page 8 Managing Files ....... . . File Management Overview ......Downloading Files .
  • Page 9 Configuring Address Tables ......Viewing Dynamic Addresses ......
  • Page 10 Viewing RMON Statistics ......Viewing RMON Statistics Group ..... Viewing RMON History Control Statistics .
  • Page 11 Device Memory Specifications ......Feature Specifications ......
  • Page 12 Contents...

  • Page 13: Introduction

    When one is connected the other is disabled. The following figures illustrate the PowerConnect 54xx series systems front and back panels. Figure 1-1. PowerConnect 5424 Front Panel Figure 1-2. PowerConnect 5448 Front Panel Figure 1-3. PowerConnect 5424 and 5428 Back Panel Introduction...

  • Page 14: Features

    Features This section describes the device user-configured features. For a complete list of all updated device features, refer to the latest software version Release Notes. General Features IP Version 6 (IPv6) Support The device functions as an IPv6 compliant Host, as well as an IPv4 Host (also known as dual stack). This allows device operation in a pure IPv6 network as well as in a combined IPv4/IPv6 network.

  • Page 15: Mac Address Supported Features

    Back Pressure Support On half-duplex links, the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic. For information on configuring Back Pressure for ports or LAGs, see "Defining Port Parameters" on page 278 or "Configuring Load Balancing" on page 284. iSCSI Optimization iSCSI is a communication protocol used for sending data between file servers and storage disks.

  • Page 16: Layer 2 Features

    Static MAC Entries User defined static MAC entries are stored in the Bridging Table. For more information, see "Configuring Address Tables" on page 295. VLAN-aware MAC-based Switching Packets arriving from an unknown source address are sent to the microprocessor, where the source addresses are added to the Hardware Table.

  • Page 17: Vlan Supported Features

    VLAN Supported Features VLAN Support VLANs are collections of switching ports that comprise a single broadcast domain. Packets are classified as belonging to a VLAN based on either the VLAN tag or based on a combination of the ingress port and packet contents.

  • Page 18: Spanning Tree Protocol Features

    Spanning Tree Protocol Features Spanning Tree Protocol (STP) 802.1d Spanning tree is a standard Layer 2 switch requirement that allows bridges to automatically prevent and resolve L2 forwarding loops. Switches exchange configuration messages using specifically formatted frames and selectively enable and disable forwarding on ports. For more information, see "Configuring the Spanning Tree Protocol"...

  • Page 19: Layer 3 Features

    • Improved bandwidth granularity • High bandwidth server connectivity LAG is composed of ports with the same speed, set to full-duplex operation. For more information, see "Defining LAG Membership" on page 354. Link Aggregation and LACP LACP uses peer exchanges across links to determine, on an ongoing basis, the aggregation capability of various links, and continuously provides the maximum level of aggregation capability achievable between a given pair of systems.

  • Page 20: Device Management Features

    Device Management Features SNMP Alarms and Trap Logs The system logs events with severity codes and timestamps. Events are sent as Simple Network Management Protocol (SNMP) traps to a Trap Recipient List. For more information on SNMP Alarms and Traps, see "Configuring LLDP and LLDP-MED" on page 181.

  • Page 21: Security Features

    Command Line Interface Command Line Interface (CLI) syntax and semantics conform as much as possible to common industry practice. CLI is composed of mandatory and optional elements. The CLI interpreter provides command and keyword completion to assist user and shorten typing. Syslog Syslog is a protocol that allows event notifications to be sent to a set of remote servers, where they can be stored, examined and acted upon.

  • Page 22: Locked Port Support

    Port Based Authentication (802.1x) Port based authentication enables authenticating system users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data. Ports are authenticated via the Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol (EAP).

  • Page 23: Additional Cli Documentation

    DHCP Snooping DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers. By enabling DHCP Snooping network administrators can differentiate between trusted interfaces connected to end-users or DHCP Servers and untrusted interfaces located beyond the network firewall.
  • Page 24 Introduction...

  • Page 25: Hardware Description

    Terminal port — RS-232 console based port The following figure illustrates the PowerConnect 54xx series systems front panel. Figure 2-1. PowerConnect 5424 Front Panel The front panel contains ports1-24/48, which are copper based RJ-45 ports, designated as 10/100/1000 Mbps and support both Half and Full Duplex modes. There are four SFP fiber ports which are designated as Combo ports 21-24/45-48.

  • Page 26: Powerconnect Back Panel Port Description

    PowerConnect Back Panel Port Description The device back panel contains connectors for power, as illustrated in the Figure 2-2. Figure 2-2. Device Back Panel On the device back panel are two power supply connectors and an RS-232 Console port. For general use there is an AC Power Supply connector which is connectable to either 110V or 220V power supplies.

  • Page 27: Physical Dimensions

    If both RJ-45 and SFP are present, and a connector is inserted in the SFP port, the SFP port is active, unless the copper connector of the Base-T port of the same number is inserted and has a link. The system can switch from the RJ-45 to the SFP (or vice-versa) without a system reboot or reset. Physical Dimensions The device has the following physical dimensions: •...

  • Page 28: System Leds

    SFP LEDs The SFP ports each have one LED marked as LNK. Figure 2-5. SFP Port LED The SFP port LED indications are described in the following table: Table 2-2. SFP Port LED Indications Color Description Green Static The port is currently up. Green Flashing The port is currently transmitting or receiving data.

  • Page 29: Hardware Components

    The following table describes the system LED indications. Table 2-3. System LED Indications Color Description Diagnostics (DIAG) Green Flashing The system is currently running a diagnostic test. Green Static The system passed the diagnostic test. Red Static The system failed the diagnostic test. Fan (FAN) Green Static The device fans are operating normally.

  • Page 30: Reset Button

    AC Power Supply Unit The AC power supply unit converts standard 220/110V AC 50/60 Hz to 5V DC at 5A, 12V DC at 3A. The unit automatically senses the available voltage rating (110 or 220V) and no setting is required. The AC power supply unit uses a standard AC220/110V connector.

  • Page 31: Installing The Powerconnect Device

    Installation Precautions WARNING: Before performing any of the following procedures, read and follow the safety instructions located in the System Information Guide included in the Dell Documentation. WARNING: Observe the following points before performing the procedures in this section: •...

  • Page 32: Site Requirements

    Site Requirements The device can be mounted in a standard 19-inch rack or placed on a tabletop. Before installing the device, verify that the location chosen for installation meets the site requirements. • General — Ensure that the power supply is correctly installed. •...

  • Page 33: Mounting The Device

    Mounting the Device Overview The power connectors for the device are positioned on the back panel. Connecting a DC Redundant Power Supply (UPS) is optional, but is recommended. The UPS DC connector is located on the back panel of the device. Mounting the System Device Rack Installation WARNING:...

  • Page 34: Installing The Device Without A Rack

    4 Insert the unit into the 19-inch rack ensuring the rack-mounting holes on the device line up to the mounting hole on the rack. 5 Secure the unit to the rack with the rack screws (not provided). Fasten the lower pair of screws before the upper pair of screws.
  • Page 35 CAUTION: When using HyperTerminal with Microsoft® Windows 2000,ensure that Windows® 2000 Service Pack 2 or later is installed. With Windows 2000 Service Pack 2, the arrow keys function properly in HyperTerminal’s VT100 emulation. Go to www.microsoft.com for information on Windows 2000 service packs. 3 Connect the female connector of the RS-232 crossover cable directly to the device Console port, and tighten the captive retaining screws.

  • Page 36: Connecting A Device To A Power Supply

    Connecting a Device to a Power Supply 1 Using a 5-foot (1.5 m) standard power cable with safety ground connected, connect the power cable to the AC connector located on the back panel. 2 Connect the power cable to a grounded AC outlet. Figure 3-3.

  • Page 37: Port Default Settings

    When selecting cables to connect the device ports to their networking peers, straight through cables must be used to connect the device to a station, and crossover cables must be used to connect one transmission device (switch or hub) to another. Both the straight through and crossover cables are category 5. After a port is connected, its LINK indication LED is lit.

  • Page 38: Mdi/Mdix

    If the station on the other side of the link attempts to auto-negotiate with a device 10/100/1000BaseT port that is configured to full duplex, the auto-negotiation results in the station attempting to operate in half duplex. MDI/MDIX The device supports auto-detection of straight through and crossed cables on all switching 10/100/1000BaseT ports.

  • Page 39: Starting And Configuring The Device

    For initial configuration, the standard device configuration is performed. NOTE: Before proceeding, read the release notes for this product. The release notes can be downloaded from www.support.dell.com. Figure 4-1. Installation and Configuration Flow Hardware Connect Device and...

  • Page 40: Configure The Terminal

    Configure the Terminal To configure the device, the terminal must be running terminal emulation software. Ensure that the terminal emulation software is set as follows: 1 Select the appropriate serial port (serial port 1 or serial port 2) to connect to the console. 2 Set the data rate to 9600 baud.
  • Page 41 3 Power on the device. 4 As the device boots, the bootup test first counts the device memory availability and then continues to boot. The following screen is an example of the displayed POST: ------ Performing the Power-On Self Test (POST) ------ UART Channel Loopback Test......PASS Testing the System SDRAM......PASS Boot1 Checksum Test.......PASS...
  • Page 42 ********************************************************************* *** Running Ver. x.x.x.x Date 12-Jul-xxxx Time 16:51:25 *** ********************************************************************* HW version is 1 Base Mac address is: 00:15:77:12:34:56 Dram size is: 64M bytes Dram first block size is: 47104K bytes Dram first PTR is: 0x1200000 Flash size is: 16M 01-Jan-xxxx 01:01:07 %CDB-I-LOADCONFIG: Loading running configuration.

  • Page 43: Initial Configuration

    "Software Download" on page 54. Initial Configuration NOTE: Before proceeding, read the release notes for this product. Download the release notes from the Dell Support website at support.dell.com. NOTE: The initial configuration assumes the following: •...
  • Page 44 Wizard Step 1 The following is displayed: The system is not setup for SNMP management by default. To manage the switch using SNMP (required for Dell Network Manager) you can Setup the initial SNMP version 2 account now. Return later and setup additional SNMP v1/v3 accounts.
  • Page 45 [Privilege Level 15] to this account. You can use Dell Network Manager or CLI to change this setting, and to add additional management systems. For more information on adding management systems, see the user documentation.
  • Page 46 Wizard Step 3 The following is displayed: Next, an IP address is setup. The IP address is defined on the default VLAN (VLAN #1), of which all ports are members. This is the IP address you use to access the CLI, Web interface, or SNMP interface for the switch.To setup an IP address: Please enter the IP address of the device (A.B.C.D):[1.1.1.1]...

  • Page 47: Advanced Configuration

    Enter [Y] to complete the Setup Wizard. The following is displayed: Configuring SNMP management interface Configuring user account..Configuring IP and subnet..Thank you for using Dell Easy Setup Wizard. You will now enter CLI mode. Wizard Step 6 The CLI prompt is displayed.
  • Page 48 • Assigning Dynamic IP Addresses (on a VLAN): console# configure console(config)# interface ethernet vlan 1 console(config-if)# ip address dhcp hostname device console(config-if)# exit console(config)# 3 To verify the IP address, enter the show ip interface command at the system prompt as shown in the following example.

  • Page 49: Receiving An Ip Address From A Bootp Server

    Receiving an IP Address From a BOOTP Server The standard BOOTP protocol is supported and enables the device to automatically download its IP host configuration from any standard BOOTP server in the network. In this case, the device acts as a BOOTP client.

  • Page 50: Configuring Security Passwords

    The system is delivered with no default password configured. All passwords are user-defined. If a user-defined password is lost, a password recovery procedure can be invoked from the Startup menu. The procedure is applicable for the local terminal only and allows a one-time access to the device from the local terminal with no password entered.

  • Page 51: Configuring An Initial Ssh Password

    console(config-line)# login authentication default console(config-line)# enable authentication default console(config-line)# password bob • When initially logging onto a device through a Telnet session, enter bob at the password prompt. • When changing a device mode to enable, enter bob. Configuring an Initial SSH Password To configure an initial SSH password, enter the following commands: console(config)# aaa authentication login default line console(config)# aaa authentication enable default line...

  • Page 52: Configuring Login Banners

    When initially enabling an http or https session, enter admin for user name and user1 for password. NOTE: Http and Https services require level 15 access and connect directly to the configuration level access. Configuring Login Banners You can define 3 types of login banners: •...
  • Page 53 UART Channel Loopback Test......PASS Testing the System SDRAM......PASS Boot1 Checksum Test.......PASS Boot2 Checksum Test.......PASS Flash Image Validation Test.......PASS BOOT Software Version 1.0.0.20 Built 22-Jan-xxxx 15:09:28 Processor: FireFox 88E6218 ARM946E-S , 64 MByte SDRAM. I-Cache 8 KB. D-Cache 8 KB. Cache Enabled. Autoboot in 2 seconds - press RETURN or Esc.

  • Page 54: Software Download

    Software Download The software download procedure is performed when a new version must be downloaded to replace the corrupted files, update or upgrade the system software. To download software from the Startup menu: 1 From the Startup menu, press [1] . The following prompt appears: Downloading code using XMODEM 2 When using the HyperTerminal, click Transfer on the HyperTerminal Menu Bar.

  • Page 55: Software Download Through Tftp Server

    To recover a lost password for the local terminal only: 1 From the Startup menu, type 3 and press <Enter>. The password is deleted. NOTE: To ensure device security, reconfigure passwords for applicable management methods. Software Download Through TFTP Server This section contains instructions for downloading device software (system and boot images) through a TFTP server.
  • Page 56 5 Enter copy tftp://{tftp address}/{file name} image to copy a new system image to the device. When the new image is downloaded, it is saved in the area allocated for the other copy of system image (image-2, as given in the example). The following is an example of the information that appears: console# copy tftp://176.215.31.3/file1.ros image Accessing file ‘file1’...
  • Page 57 Boot Image Download Loading a new boot image from the TFTP server and programming it into the flash updates the boot image. The boot image is loaded when the device is powered on. A user has no control over the boot image copies.
  • Page 58 Starting and Configuring the Device...

  • Page 59: Using Dell Openmanage Switch Administrator

    Using Dell OpenManage Switch Administrator This section provides an introduction to the user interface. Understanding the Interface The home page contains the following views: • Tree View — Located on the left side of the home page, the tree view provides an expandable view of the features and their components.

  • Page 60: Device Representation

    The information buttons provide access to information about the device and access to Dell Support. For more information, see "Information Buttons." Device Representation The PowerConnect home page contains a graphical device representation of the front panel.

  • Page 61: Using The Switch Administrator Buttons

    For example, if the IP Addressing page is open, the help topic for that page opens when Help is clicked. About Contains the version and build number and Dell copyright information. Log Out Logs out of the application and closes the browser window.

  • Page 62: Starting The Application

    Passwords are both case sensitive and alpha-numeric. 4 Click OK. The Dell PowerConnect OpenManage™ Switch Administrator home page opens. Accessing the Device Through the CLI The device can be managed over a direct connection to the console port or via a Telnet connection.

  • Page 63: Using The Cli

    The user EXEC commands permit connecting to remote devices, changing terminal settings on a temporary basis, performing basic tests, and listing system information. To list the user EXEC commands, enter a question mark at the command prompt. Using Dell OpenManage Switch Administrator...

  • Page 64: Privileged Exec Mode

    #. console(config)# To list the Global Configuration commands, enter a question mark at the command prompt. To return from Global Configuration mode to Privileged EXEC mode, type the exit command or use the <Ctrl><Z> command. Using Dell OpenManage Switch Administrator...

  • Page 65: Interface Configuration Mode

    Management Access List The Management Access List mode contains commands to define management access-lists. The Global Configuration mode command management access-list is used to enter the Management Access List Configuration mode. Using Dell OpenManage Switch Administrator...

  • Page 66: Cli Examples

    Console(config)# crypto key pubkey-chain ssh Console(config-pubkey-chain)# CLI Examples CLI commands are provided as configuration examples. For a full description of the CLI commands, including examples, refer to the "CLI Reference Guide" included on the Documentation CD. Using Dell OpenManage Switch Administrator...

  • Page 67: Configuring System Information

    Configuring System Information This section provides information for defining system parameters including security features, downloading device software, and resetting the device. To open the System page, click System in the tree view. Figure 6-1. System Defining General Device Information The General page contains links to pages for configuring device parameters. Viewing Device Information The Asset page contains parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, date, time, and...
  • Page 68 Figure 6-2. Asset • System Name (0-159 Characters) — Defines the user-defined device name. • System Contact (0-159 Characters) — Specifies the name of the contact person. • System Location (0-159 Characters) — Specifies the location where the system is currently running. •...
  • Page 69 Defining System Information: 1 Open the Asset page. 2 Define the relevant fields. 3 Click Apply Changes. The system parameters are defined, and the device is updated. Initiating a Telnet Session: 1 Open the Asset page. 2 Click Telnet. A Telnet session is initiated. Configuring Device Information Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Asset page.
  • Page 70 The following is an example of the CLI commands: Console (config)# hostname dell Console (config)# snmp-server contact Dell_Tech_Supp Console (config)# snmp-server location New_York Console (config)# exit Console # exit Console (config)# asset-tag 1qwepot Console> clock set 13:32:00 7 Dec 2004 Console>...

  • Page 71: Defining System Time Settings

    Defining System Time Settings The Time Synchronization page contains fields for defining system time parameters for both the local hardware clock, and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device.
  • Page 72 • Lebanon — Last weekend of March until the last weekend of October. • Lithuania — Last weekend of March until the last weekend of October. • Luxembourg — Last weekend of March until the last weekend of October. • Macedonia —...
  • Page 73 Figure 6-3. Time Synchronization • Clock Source — The source used to set the system clock. The possible field values are: – SNTP — Specifies that the system time is set via an SNTP server. For more information, see "Configuring SNTP Settings" on page 81. –...
  • Page 74 • Daylight Savings — Enables the Daylight Savings Time (DST) on the device based on the devices location. The possible field values are: USA — The device switches to DST at 2 a.m. on the second Sunday of March, and reverts to standard time at 2 a.m.
  • Page 75 • From — Defines the time that DST begins each year. For example, DST begins locally every second Sunday in April at 5:00 am. The possible field values are: – Day — The day of the week from which DST begins every year. The possible field range is Sunday-Saturday.
  • Page 76 Defining Clock Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Time Synchronization page. Table 6-2. Clock Setting CLI Commands Description clock source {sntp} Configures an external time source for the system clock.

  • Page 77: Viewing System Health Information

    Viewing System Health Information The System Health page shows physical device hardware information. To open the System Health page, → → click System General Health in the tree view. Figure 6-4. System Health • Power Supply Status — The main power supply state. The possible field values are: –...
  • Page 78 DELL Switch# show system System Description: Ethernet Routing Switch System Up Time (days,hour:min:sec): 0,00:04:17 System Contact: System Name: DELL Switch System Location: R&D System MAC Address: 00:10:b5:f4:00:01 Sys Object ID: 1.3.6.1.4.1.674.10895.3000 Type: PowerConnect 5400 Power Supply Status ------------- -------- Main...

  • Page 79: Viewing The Versions Page

    Viewing the Versions Page The Versions page contains information about the hardware and software versions currently running. → → To open the Versions page, click System General Versions in the tree view. Figure 6-5. Versions • Software Version — The current software version running on the device. •...

  • Page 80: Resetting The Device

    Resetting the Device The Reset page enables the device to be reset from a remote location. Save all changes to the Running Configuration file before resetting the device. This prevents the current device configuration from being lost. For more information about saving Configuration files, see "Managing Files" on page 220 To open →...

  • Page 81: Configuring Sntp Settings

    The following is an example of the CLI command: Console >reload This command will reset the whole system and disconnect your current session. Do you want to continue (y/n) [n] ? Configuring SNTP Settings The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond.

  • Page 82: Defining Sntp Global Parameters

    Polling for Anycast Time Information Polling for Anycast information is used when the server IP address is unknown. The first anycast server to return a response is used to set the time value. Time levels T3 and T4 are used to determine the server time.
  • Page 83 • Receive Anycast Servers Updates — Polls the SNTP server for Anycast server time information, when enabled. If both the Receive Anycast Servers Update, and the Receive Broadcast Servers Update fields are enabled, the system time is set according the Anycast server time information. •...

  • Page 84: Defining Sntp Authentication Methods

    Defining SNTP Authentication Methods The SNTP Authentication page enables SNTP authentication between the device and an SNTP server. The means by which the SNTP server is authenticated is also selected in the SNTP Authentication page. Click System → SNTP→ Authentication in the tree view to open the SNTP Authentication page. Figure 6-8.
  • Page 85 Adding an SNTP Authentication Key 1 Open the SNTP Authentication page. 2 Click Add. The Add Authentication Key page opens: Figure 6-9. Add Authentication Key 3 Define the fields. 4 Click Apply Changes. The SNTP Authentication Key is added, and the device is updated. Displaying the Authentication Key Table 1 Open the SNTP Authentication page.

  • Page 86: Defining Sntp Servers

    Deleting the Authentication Key 1 Open the SNTP Authentication page. 2 Click Show All. The Authentication Key Table opens. 3 Select an Authentication Key Table entry. 4 Select the Remove check box. 5 Click Apply Changes. The entry is removed, and the device is updated. Defining SNTP Authentication Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Authentication page.
  • Page 87 Figure 6-11. SNTP Servers • SNTP Server — Enter a user-defined SNTP server IP addresses or hostname. Up to eight SNTP servers can be defined. This field can contain 1 - 158 characters. • Poll Interval — Enables polling the selected SNTP Server for system time information, when enabled. •...
  • Page 88 • Delay — The amount of time it takes to reach the SNTP server. • Remove — Removes a specific SNTP server from the SNTP Server list, when selected. When adding an SNTP Server, the following additional parameters are available: •...
  • Page 89 The following table summarizes the equivalent CLI commands for setting fields displayed in the Add SNTP Server page. Table 6-8. SNTP Server CLI Commands CLI Command Description sntp server {ipv4-address|ipv6- Configures the device to use SNTP to request and accept NTP address|hostname [poll] [key keyid] traffic from a server.
  • Page 90 Deleting the SNTP Server 1 Open the SNTP Servers page. 2 Click Show All. The SNTP Servers Table opens. 3 Select an SNTP Server entry. 4 Select the Remove check box. 5 Click Apply Changes. The entry is removed, and the device is updated. Defining SNTP Servers Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Servers page.

  • Page 91: Defining Sntp Interfaces

    Server Preference Status Last response Offset Delay [mSec] [mSec] ------- ---------- ------- -------------- ----- ------ VLAN 119 Secondary 19:53:21.789 PDT 7.19 119.89 Feb 19 2002 Broadcast: Interface IP address Last response ----------- ----------- ------------------------ 176.1.1.8 Primary AFE252C1.6DBDDFF2 176.1.8.179 Secondary AFE21789.643287C9 Defining SNTP Interfaces The SNTP Broadcast Interface Table contains fields for setting SNTP on different interfaces.
  • Page 92 Adding an SNTP Interface 1 Open the SNTP Broadcast Interface Table page. 2 Click Add. The Add SNTP Interface page opens: Figure 6-14. Add SNTP Interface Page 3 Define the relevant fields. 4 Click Apply Changes. The SNTP interface is added, and the device is updated. Defining SNTP Interface Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Broadcast Interface Table.

  • Page 93: Managing Logs

    The following is an example of the CLI commands: Console# show sntp configuration Polling interval: 7200 seconds. MD5 Authentication keys: 8, 9 Authentication is required for synchronization. Trusted Keys: 8,9 Unicast Clients Polling: Enabled. Server Polling Encryption Key ----------- -------- ----------------- 176.1.1.8 Enabled...
  • Page 94 Debug Provides detailed information about the log. If a Debug error occurs, contact Dell Online Technical Support The Global Log Parameters page contains fields for defining which events are recorded to which logs. It contains fields for enabling logs globally, and parameters for defining log parameters. The Severity log messages are listed from the highest severity to the lowest.
  • Page 95 • Logging — Enables device global logs for Cache, File, and Server Logs. Console logs are enabled by default. • Severity — The following are the available severity logs: – Emergency — The highest warning level. If the device is down or not functioning properly, an emergency log message is saved to the specified logging location.
  • Page 96 Table 6-11. Global Log Parameters CLI Commands (continued) CLI Command Description logging buffered level Limits syslog messages displayed from an internal buffer (RAM) based on severity. logging file level Limits syslog messages sent to the logging file based on severity. clear logging Clears logs.

  • Page 97: Displaying Ram Log Table

    Displaying RAM Log Table The RAM Log Table contains information about log entries kept in RAM, including the time the log was → → entered, the log severity, and a description of the log. To open the RAM Log Table, click System Logs RAM Log in the tree view.
  • Page 98 The following is an example of the CLI commands: console# show logging Logging is enabled. Console Logging: Level info. Console Messages: 0 Dropped. Buffer Logging: Level info. Buffer Messages: 26 Logged, 26 Displayed, 200 Max. File Logging: Level error. File Messages: 157 Logged, 26 Dropped. 1 messages were not logged 01-Jan-2000 01:03:42 :%INIT-I-Startup: Cold Startup 01-Jan-2000 01:01:36 :%LINK-W-Down:...

  • Page 99: Displaying The Log File Table

    Displaying the Log File Table The Log File Table contains information about log entries saved to the Log File in FLASH, including the time the log was entered, the log severity, and a description of the log message. To open the Log File →...
  • Page 100 The following is an example of the CLI commands: Console # show logging file Logging is enabled. Console Logging: Level info. Console Messages: 0 Dropped. Buffer Logging: Level info. Buffer Messages: 62 Logged, 62 Displayed, 200 Max. File Logging: Level debug. File Messages: 11 Logged, 51 Dropped.

  • Page 101: Viewing The Device Login History

    Viewing the Device Login History The Login History page contains information for viewing and monitoring device utilization, including the time the user logged in and the protocol used to log on to the device. To open the Login History page, click System→ Logs→ Login History in the tree view. Figure 6-18.

  • Page 102: Configuring The Remote Log Server Settings Page

    Displaying the Device Login History Using CLI Commands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Login History page. Table 6-14. Log File Table CLI Commands CLI Command Description show users login-history Displays password management history information.
  • Page 103 Figure 6-19. Remote Log Server Settings • Available Servers — Contains a list of servers to which logs can be sent. • UDP Port (1-65535) — The UDP port to which the logs are sent for the selected server. The possible range is 1 - 65535.
  • Page 104 – Warning — A system warning has occurred. – Notice — The system is functioning properly, but system notice has occurred. – Informational — Provides device information. – Debug — Provides detailed information about the log. If a Debug error occurs, contact Customer Tech Support.
  • Page 105 Sending Logs to a Server: 1 Open the Remote Log Server Settings page. 2 Select a server from the Available Servers drop-down list. 3 Define the fields. 4 Select the log severity in the Severity to Include check boxes. 5 Click Apply Changes. The log settings are saved, and the device is updated.
  • Page 106 New Log Server IP Address — Defines the IP address of the new Log Server. 3 Define the fields. 4 Click Apply Changes. The server is defined and added to the Available Servers list. Displaying the Remote Log Servers Table: 1 Open the Remote Log Server Settings page.

  • Page 107: Defining Device Ip Addresses

    The following is an example of the CLI commands: console> enable console# configure console (config) # logging 10.1.1.1 severity critical Console# show logging Logging is enabled. Console Logging: Level debug. Console Messages: 5 Dropped. Buffer Logging: Level debug. Buffer Messages: 16 Logged, 16 Displayed, 200 Max.

  • Page 108: Defining Ipv4 Default Gateways

    IPv6 Syntax The 128-bit IPv6 address format is divided into eight groups of four hexadecimal digits. Abbreviation of this format by replacing a group of zeros with "double colons" (::) is acceptable. IPv6 address representation can be further simplified by suppressing the leading zeros. All different IPv6 address formats are acceptable for insertion, yet for display purposes, the system will display the most abbreviated form, which replaces groups of zeros with "double colons"...

  • Page 109: Defining Ipv4 Interfaces

    The IPv4 Default Gateway page contains the following fields: • User Defined — Displays the default gateway IP address. • Active — Displays the currently configured Default Gateway. • Remove User Defined — Removes Gateway devices from the IPv4 Default Gateway drop-down list, when selected.
  • Page 110 Figure 6-23. IPv4 Interface Parameters • IP Address — The interface IP address. • Prefix Length — The number of bits that comprise the source IP address prefix, or the network mask of the source IP address. • Interface — The interface type for which the IP address is defined. Select Port, LAG, or VLAN. •...
  • Page 111 3 Complete the fields on the page. Network Mask specifies the subnetwork mask of the source IP address. 4 Click Apply Changes. The new interface is added, and the device is updated. Modifying IP Address Parameters 1 Open the IPv6 Interface page. 2 Select an IP address in the IP Address drop-down menu.
  • Page 112 Defining IPv4 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Interface page. Table 6-17. IPv4 Interface Parameters CLI Commands CLI Command Description ip address ip-address {mask | prefix-length} Sets an IP address. no ip address [ip-address] Removes an IP address show ip interface [ethernet interface-number...

  • Page 113: Defining Dhcp Ipv4 Interface Parameters

    Defining DHCP IPv4 Interface Parameters The DHCP IPv4 Interface page contains fields for specifying the DHCP clients on device interfaces. Click System→ IP Addressing→ DHCP IPv4 Interface in the tree view. To open the DHCP IPv4 Interface page. Figure 6-26. DHCP IPv4 Interface •...
  • Page 114 Modifying a DHCP IPv4 Interface 1 Open the DHCP IPv4 Interface page. 2 Modify the fields. 3 Click Apply Changes. The entry is modified, and the device is updated. Deleting a DHCP IPv4 Interface 1 Open the DHCP IPv4 Interface page. 2 Click Show All.

  • Page 115: Defining Ipv6 Interfaces

    Defining IPv6 Interfaces The system supports IPv6 hosts. The IPv6 Interface page contains fields for defining IPv6 interfaces. → → To open the IPv6 Interface page, click System IP Addressing IPv6 Interface in the tree view. Figure 6-27. IPv6 Interface •...
  • Page 116 • Autoconfiguration — Specifies whether IPv6 address assignment on an interface is done by stateless autoconfiguration. When enabled, the router solicitation ND procedure is initiated (to discover a router in order to assign an IP address to the interface based on prefixes received with RA messages). When autoconfiguration is disabled, no automatic assignment of IPv6 Global Unicast addresses is performed, and existing automatically assigned IPv6 Global Unicast addresses are removed from the interface.
  • Page 117 • IPv6 Address Origin Type — Defines the type of configurable static IPv6 address for an interface. The possible values are: – Dyanmic — Indicates the IP address was received from RA. – Static — Indicates the IP address was configured by the user. –...
  • Page 118 Adding an IPv6 Address to the Current Interface 1 Open the IPv6 Interface page. 2 Click Add IPv6 Address. The Add IPv6 Address page opens: Figure 6-29. Add IPv6 Address 3 Complete the fields on the page. 4 Click Apply Changes. The new address is added, and the device is updated.
  • Page 119 Defining IPv6 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Interface page. Table 6-19. IPv6 Interface CLI Commands CLI Command Description ipv6 enable [no-autoconfig] Enables IPv6 processing on an interface. ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface.

  • Page 120: Defining Ipv6 Default Gateway

    The following is an example of the CLI commands: console# show ipv6 interface vlan 1 Number of ND DAD attempts: 1 MTU size: 1500 Stateless Address Autoconfiguration state: enabled ICMP unreachable message state: enabled MLD version: 2 IP addresses Type DAD State ------------------------ ------ -----------...
  • Page 121 → → To open the IPv6 Default Gateway page, click System IP Addressing IPv6 Default Gateway in the tree view. Figure 6-30. IPv6 Default Gateway • Default Gateway IP Address — Displays the Link Local IPv6 address of the default gateway. •...
  • Page 122 – Delay — Indicates that the default gateway is no longer known to be reachable, and traffic has recently been sent to the default gateway. Rather than probe the default gateway immediately, however, there is a delay sending probes for a short while in order to give upper-layer protocols a chance to provide reachability confirmation.

  • Page 123: Defining Ipv6 Isatap Tunnels

    Defining IPv6 ISATAP Tunnels The IPv6 ISATAP Tunnel Page defines the tunneling process on the device, which encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 network. The Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv6 transition mechanism which is defined as a tunneling IPv6 interface and is meant to transmit IPv6 packets between dual-stack nodes on top of an IPv4 network.
  • Page 124 Figure 6-32. IPv6 ISATAP Tunnel • ISATAP Status — Specifies the status of ISATAP on the device. The possible field values are: – Enable — ISATAP is enabled on the device. – Disable — ISATAP is disabled on the device. This is the default value. •...

  • Page 125: Defining Ipv6 Neighbors

    Defining IPv6 ISATAP Tunnel Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 ISATAP Tunnel page. Table 6-21. IPv6 Default Gateway CLI Commands CLI Command Description interface tunnel number Enters tunnel interface configuration mode. tunnel mode ipv6ip {isatap} Configures an IPv6 transition mechanism global support mode.
  • Page 126 The device supports a total of up to 256 neighbors obtained either statically or dynamically. When removing an IPv6 interface, all neighbors learned statically and dynamically are removed. → → To open the IPv6 Neighbors page, click System IP Addressing IPv6 Neighbors in the tree view.
  • Page 127 • Remove — When selected, removes the neighbor from the list. In the IPv6 Neighbors Table, the following additional parameter appears: State — Displays the IPv6 Neighbor status. The field possible values are: • Incomplete — Indicates that an address resolution is in progress and the link-layer address of the neighbor has not yet been determined.
  • Page 128 Modifying Neighbor Parameters 1 Open the IPv6 Neighbors page. 2 Select an IP address in the IPv6 Address drop-down menu. 3 Modify the required fields. 4 Click Apply Changes. The parameters are modified, and the device is updated. Deleting Neighbors 1 Open the IPv6 Neighbors page.

  • Page 129: Viewing The Ipv6 Routes Table

    Defining IPv6 Neighbors Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Neighbors page. Table 6-22. IPv6 Neighbors Parameters CLI Commands CLI Command Description ipv6 neighbor ipv6_addr Configures a static entry in the IPv6 neighbor hw_addr {ethernet interface- discovery cache.
  • Page 130 Figure 6-36. IPv6 Routes Table • IPv6 Address — Defines the destination IPv6 address. • Prefix Length — Specifies the length of the IPv6 prefix. The Prefix field is applicable only when the IPv6 Static IP address is defined as a Global IPv6 address. The range is 5 - 128. •...
  • Page 131 Viewing IPv6 Routes Table Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv6 Routes Table page. Table 6-23. IPv6 Default Gateway CLI Commands CLI Command Description traceroute {ipv4-address | Discovers the routes that IPv4 packets will size hostname} [ packet_size]...

  • Page 132: Configuring Domain Name Systems

    Configuring Domain Name Systems Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is assigned the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated to 192.87.56.2. DNS servers maintain domain name databases and their corresponding IP addresses.
  • Page 133 When defining a new DNS server, the following additional parameters are available: • Supported IP Format — Specifies the IP format supported by the server. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. •...
  • Page 134 Displaying the DNS Servers Table 1 Open the Domain Naming System (DNS) page. 2 Click Show All. The DNS Server Table opens: Figure 6-39. DNS Server Table Removing DNS Servers 1 Open the Domain Naming System (DNS) page. 2 Click Show All. 3 The DNS Server Table opens.

  • Page 135: Defining Default Domains

    The following is an example of the CLI commands: console> enable Console# configure console (config)# ip name-server 176.16.1.18 Defining Default Domains The Default Domain Name page provides information for defining default DNS domain names. To open the Default Domain Name page, click System→ IP Addressing→ Default Domain Name in the tree view. Figure 6-40.

  • Page 136: Mapping Domain Host

    The following is an example of the CLI commands: console> enable console# configure console (config)# ip domain-name www.dell.com Mapping Domain Host The Host Name Mapping page provides parameters for assigning static host names IP addresses. The Host Name Mapping page provides up to eight IP addresses per host. To open the Host Name Mapping page, click System →...
  • Page 137 When defining a new host name mapping, the following additional parameters are available: • Supported IP Format — Specifies the IP format supported by the host. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. •...
  • Page 138 Displaying the Hosts Name Mapping Table 1 Open the Host Name Mapping page. 2 Click Show All. The Hosts Name Mapping Table opens: Figure 6-43. Hosts Name Mapping Table Removing Host Name from IP Address Mapping 1 Open the Host Name Mapping page. 2 Click Show All 3 The Host Mapping Table opens.

  • Page 139: Configuring Arp

    Table 6-26. Domain Host Name CLI Commands (continued) CLI Command Description clear host {name | *} Deletes entries from the host name-to-address cache. show hosts [name] Displays the default domain name, list of name server hosts, the static and the cached list of host names and addresses. The following is an example of the CLI commands: console# enable console# configure...
  • Page 140 • Global Settings — Select this option to activate the fields for ARP global settings. • ARP Entry Age Out (1-40000000) — For all devices, the amount of time (seconds) that passes between ARP requests about an ARP table entry. After this period, the entry is deleted from the table. The range is 1 - 4000000, where zero indicates that entries are never cleared from the cache.
  • Page 141 4 Define the fields. 5 Click Apply Changes. The ARP Table entry is added, and the device is updated. Displaying the ARP Table 1 Open the ARP Settings page. 2 Click Show All. The ARP Table opens: Figure 6-46. ARP Table Page Deleting ARP Table Entry 1 Open the ARP Settings page 2 Click Show All.

  • Page 142: Running Cable Diagnostics

    Configuring ARP Using the CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the ARP Settings page. Table 6-27. ARP Settings CLI Commands CLI Command Description arp ip_addr hw_addr {ethernet interface- Adds a permanent entry in the ARP cache. number | vlan vlan-id | port-channel number} arp timeout seconds Configures how long an entry remains in the ARP cache.
  • Page 143 exception of the Approximated Cable Length test. The cable length returned is an approximation in the ranges of up to 50 meters, 50m-80m, 80m-110m, 110m-120m, or more than 120m. The deviation may be up to 20 meters. To open the Integrated Cable Test for Copper Cables page, click System→ Diagnostics→ Integrated Cable Test in the tree view.
  • Page 144 Performing a Cable Test 1 Ensure that both ends of the copper cable are connected to a device. 2 Open the Integrated Cable Test for Copper Cables page. 3 Click Test Now. The copper cable test is performed, and the results are displayed on the Integrated Cable Test for Copper Cables page.

  • Page 145: Viewing Optical Transceiver Diagnostics

    Viewing Optical Transceiver Diagnostics The Optical Transceiver Diagnostics page contains fields for performing tests on Fiber Optic cables. Optical transceiver diagnostics can be performed only when the link is present. To open the Optical Transceiver Diagnostics page, click System→ Diagnostics→ Optical Transceiver Diagnostics in the tree view. Figure 6-48.
  • Page 146 Displaying Optical Transceiver Diagnostics Test Results Table 1 Open the Optical Transceiver Diagnostics page. 2 Click Show All. The test is run and the Virtual Cable Test Results Table opens. The Optical Transceiver Diagnostics Table contains the following columns: • Temp —...

  • Page 147: Managing Device Security

    The following is an example of the CLI command: console> enable Console# show fiber-ports optical-transceiver Power Port Temp Voltage Current Output Input (Volt) (mA) (mWatt) (mWatt) Fault Copper Temp – Internally measured transceiver temperature. Voltage - Internally measured supply voltage. Current –...
  • Page 148 Management Access Lists contain the rules that determine which users can manage the device, and by which methods. Users can also be blocked from accessing the device. The Access Profiles page contains fields for configuring Management Lists and applying them to specific interfaces.

  • Page 149: Adding An Access Profile

    Adding an Access Profile Rules act as filters for determining rule priority, the device management method, interface type, source IP address and network mask, and the device management access action. Users can be blocked or permitted management access. Rule priority sets the order of rule application in a profile. Defining Rules for an Access Profile: 1 Open the Access Profiles page.
  • Page 150 • Interface — The interface type to which the rule applies. This is an optional field. This rule can be applied to a selected port, LAG, or VLAN by selecting the check box and selecting the appropriate option button and interface. Assigning an access profile to an interface denies access via other interfaces.
  • Page 151 Adding Rules to Access Profile The first rule must be defined to beginning matching traffic to access profiles. 1 Open the Access Profiles page. 2 Click Add Profile to Rule. The Add An Access Profile Rule page opens: Figure 6-51. Add An Access Profile Rule 3 Complete the fields.
  • Page 152 Viewing the Profile Rules Table: The order in which rules appear in the Profile Rules Table is important. Packets are matched to the first rule which meets the rule criteria. 1 Open the Access Profiles page. 2 Click Show All. The Profile Rules Table Page opens: Figure 6-52.
  • Page 153 Table 6-30. Access Profiles CLI Commands (continued) CLI Command Description permit ip-source {ipv4-address | ipv6-address / prefix-length} Sets port permitting conditions for the management [mask mask | prefix-length] [ethernet interface-number | access list, and the selected management method. vlan vlan-id | port-channel number] [service service] deny [ethernet interface-number | vlan vlan-id | port- Sets port denying conditions for the management channel number] [service service]...

  • Page 154: Defining Authentication Profiles

    Defining Authentication Profiles The Authentication Profiles page contains fields for selecting the user authentication method on the device. User authentication occurs: • Locally • Via an external server User authentication can also be set to None. User authentication occurs in the order the methods are selected. For example, if both the Local and RADIUS options are selected, the user is authenticated first locally.
  • Page 155 Authentication Profile Name — User-defined authentication profile lists to which user-defined authentication profiles are added. The defaults are Network Default and Console Default. • Optional Methods — User authentication methods. Possible options are: – None — No user authentication occurs. –...
  • Page 156 3 Configure the profile. 4 Click Apply Changes. The authentication profile is updated to the device. Displaying the Show All Authentication Profiles Page: 1 Open the Authentication Profiles page. 2 Click Show All. The Authentication Profile page opens: Figure 6-55. Authentication Profiles Deleting an Authentication Profiles: 1 Open the Authentication Profiles page.

  • Page 157: Assigning Authentication Profiles

    The following is an example of the CLI commands: Console (config)# aaa authentication login default radius local enable none Console (config)# no aaa authentication login default Assigning Authentication Profiles After Authentication Profiles are defined, the Authentication Profiles can be applied to Management Access methods.
  • Page 158 • Console — Authentication profiles used to authenticate console users. • Telnet — Authentication profiles used to authenticate Telnet users. • Secure Telnet (SSH) — Authentication profiles used to authenticate Secure Shell (SSH) users. SSH provides clients with secure and encrypted remote connections to a device. •...
  • Page 159 Assigning Secure HTTP Sessions an Authentication Sequence 1 Open the Select Authentication page. 2 Select an authentication sequence in the Secure HTTP field. 3 Click Apply Changes. Secure HTTP sessions are assigned an authentication sequence. Assigning Access Authentication Profiles or Sequences Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Select Authentication page.
  • Page 160 The following is an example of the CLI commands: Console (config-line)# enable authentication default Console (config-line)# login authentication default Console (config-line)# exit Console (config)# ip http authentication radius local Console (config)# ip https authentication radius local Console (config)# exit Console# show authentication methods Login Authentication Method Lists --------------------------------- Default: Radius, Local, Line...

  • Page 161: Managing Passwords

    Managing Passwords Password management provides increased network security and improved password control. Passwords for SSH, Telnet, HTTP , HTTPS, and SNMP access are assigned security features, which include: • Defining minimum password lengths • Password expiration • Prevents frequent password reuse •...
  • Page 162 The Password Management page contains the following fields: • Password Minimum Length (8-64) — Indicates the minimum password length, when checked. For example, the administrator can define that all passwords must have a minimum of 10 characters. • Consecutive Passwords Before Re-use — Indicates the amount of times a password is changed, before the password can be reused.
  • Page 163 The following is an example of the CLI commands: console # show passwords configuration Minimal length: 0 History: Disabled History hold time: no limit Lockout control: disabled Enable Passwords Level Password Password Lockout Aging Expiry date ----- -------- ----------- ------- Line Passwords Line Password...

  • Page 164: Viewing Active Users

    Viewing Active Users The Active Users page contains information about who is currently logged in to the device. Figure 6-58. Active Users • Name — The user’s login name. • Protocol — The protocol being used to access the device. •...

  • Page 165: Defining The Local User Databases

    Defining the Local User Databases The Local User Database page contains fields for defining users, passwords and access levels. To open the Local User Database page, click System→ Management Security→ Local User Database in the tree view. Figure 6-59. Local User Database The Local User Database page contains the following fields: •...
  • Page 166 • Lockout Status — Indicates whether the user currently has access (status Usable), or whether the user is locked out due to too many failed authentication attempts since the user last logged in successfully(status Locked). • Reactivate Suspended User — Reactivate the specified user’s access rights, when selected. Access rights can be suspended after unsuccessfully attempting to login.
  • Page 167 Displaying the Local User Table: 1 Open the Local User Database page. 2 Click Show All. The Local User Table opens: Figure 6-61. Local User Table Reactivating a Suspended User: 1 Open the Local User Database page. 2 Click Show All. The Local User Table opens.

  • Page 168: Defining Line Passwords

    Table 6-34. Local User Database CLI Commands CLI Command Description username name [password password] [level level] [encrypted] Establishes a username-based authentication system. set username name active Reactivates a suspended user’s access rights. The following is an example of the CLI commands: console(config)# username bob password lee level 15 console# set username bob active Defining Line Passwords...
  • Page 169 The Line Password page contains the following fields: • Line Password for Console/Telnet/Secure Telnet — The line password for accessing the device via a Console, Telnet, or Secure Telnet session. • Confirm Password for Console/Telnet/Secure Telnet — Confirms the new line password. The password appears in the ***** format.

  • Page 170: Defining Enable Passwords

    [encrypted] Indicates a password on a line. The following is an example of the CLI commands: console(config-line)# password dell Defining Enable Passwords The Enable Password page sets a local password to control access to Normal and Privilege levels. To open the Enable Password page, click System →...

  • Page 171: Defining Tacacs+ Settings

    • Expiry Date — Indicates the expiration date of the enable password. • Lockout Status — Specifies the number of failed authentication attempts since the user last logged in successfully, when the Enable Login Attempts checkbox is selected in the Password Management page.
  • Page 172 Figure 6-64. TACACS+ Settings • Host IP Address — Specifies the TACACS+ Server IP address. • Priority (0-65535) — Specifies the order in which the TACACS+ servers are used. The default is 0. • Source IP Address — The device source IP address used for the TACACS+ session between the device and the TACACS+ server.
  • Page 173 • Status — The connection status between the device and the TACACS+ server. The possible field values are: – Connected — There is currently a connection between the device and the TACACS+ server. – Not Connected — There is not currently a connection between the device and the TACACS+ server. •...
  • Page 174 Displaying the TACACS+ Table 1 Open the TACACS+ Settings page. 2 Click Show All. The TACACS+ Table opens: Figure 6-66. TACACS+ Table Removing a TACACS+ Server 1 Open the TACACS+ Settings page. 2 Click Show All. The TACACS+ Table opens. 3 Select a TACACS+ Table entry.
  • Page 175 Table 6-37. TACACS+ CLI Commands (continued) CLI Command Description Specifies the authentication and encryption key for all tacacs-server key key-string TACACS+ communications between the device and the TACACS+ server. This key must match the encryption used on the TACACS+ daemon. (Range: 0 - 128 characters.) tacacs-server timeout timeout Specifies the timeout value in seconds.

  • Page 176: Configuring Radius Global Parameters

    Configuring RADIUS Global Parameters Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers provide a centralized authentication method for: • Telnet Access • Web Access • Console to Device Access To open the RADIUS Settings page, click System → Management Security → RADIUS in the tree view. Figure 6-67.
  • Page 177 • Number of Retries (1-10) — Specifies the number of transmitted requests sent to RADIUS server before a failure occurs. The possible field values are 1 - 10. Three is the default value. • Timeout for Reply (1-30) — Specifies the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server.
  • Page 178 Defining RADIUS Parameters: 1 Open the RADIUS Settings page. 2 Define the fields. 3 Click Apply Changes. The RADIUS setting are updated to the device. Adding a RADIUS Server: 1 Open the RADIUS Settings page. 2 Click Add. The Add RADIUS Server page opens: Figure 6-68.
  • Page 179 Displaying the RADIUS Server List: 1 Open the RADIUS Settings page. 2 Click Show All. The Show all RADIUS Servers page opens: Figure 6-69. Show all RADIUS Servers Modifying the RADIUS Server Settings: 1 Open the RADIUS Settings page. 2 Click Show All. The RADIUS Servers List page opens.
  • Page 180 The following is an example of the CLI commands: Console (config)# radius-server timeout 5 Console (config)# radius-server retransmit 5 Console (config)# radius-server deadtime 10 Console (config)# radius-server key dell-server Console (config)# radius-server host 196.210.100.1 auth-port 1645 timeout 20 Configuring System Information...

  • Page 181: Configuring Lldp And Lldp-Med

    Console# show radius-servers Port IP address Auth Acct TimeOut Retransmit Deadtime Source Priority Usage --------- ---- ---- ------- ---------- ------- ----- ------- ----- 33.1.1.1 1812 1813 0.0.0.0 172.16.1.2 1645 1646 Global Global Global values -------------- TimeOut: 5 Retransmit: 5 Deadtime: 10 Source IP: 0.0.0.0 Configuring LLDP and LLDP-MED The Link Layer Discovery Protocol (LLDP) allows network managers to troubleshoot and enhance network...

  • Page 182: Defining Lldp Properties

    LLDP Media Endpoint Discovery (LLDP-MED) increases network flexibility by allowing different IP systems to co-exist on a single network LLDP: Provides detailed network topology information, including what device are located on the network, and where the devices are located. For example, what IP phone is connect to what port, what software is running on what switch, and with port is connected to what PC.

  • Page 183: Configuring Lldp Using Cli Commands

    • Hold Multiplier (2-10) — Indicates the number of times that LLDP packets are held before the packets are discarded. The possible field range is 2 - 10 times. The field default is 4 times. • Reinitializing Delay (1-10) — Indicates the amount of time that passes between disabling LLDP and when reinitializing begins.
  • Page 184 Figure 6-71. Port Settings • Port — Contains a list of ports on which LLDP is enabled. – State — Indicates the port type on which LLDP is enabled. The possible field values are: – Tx Only — Enables transmitting LLDP packets only. –...
  • Page 185 • Management IP Address — Indicates the management IP address that is advertised from the interface. • Use Default — Indicates that information included in the TLVs is per the device defaults. The possible field values are: – Checked — Enables sending the device default LLDP advertisements. –...

  • Page 186: Defining Lldp Med Network Policy

    Defining LLDP MED Network Policy The MED Network Policy page contains fields for configuring LLDP . → → To open the MED Network Policy page, click System LLDP-MED MED Network Policy in the tree view. Figure 6-73. MED Network Policy The MED Network Policy page contains the following fields: •...
  • Page 187 • VLAN Type — Indicates the VLAN type for which the network policy is defined. The possible field values are: – Tagged — Indicates the network policy is defined for tagged VLANs. – Untagged — Indicates the network policy is defined for untagged VLANs. •...

  • Page 188: Defining Lldp Med Port Settings

    Defining LLDP MED Port Settings The MED Port Settings contains parameters for assigning LLDP network policies to specific ports. → → To open the MED Port Settings page, click System LLDP-MED Port Settings in the tree view. Figure 6-76. MED Port Settings The MED Port Settings page contains the following fields: •...
  • Page 189 • Tx Optional TLVs/Available TLVs — Contains a list of available TLVs that can be advertised by the port. The possible field values are: – Network Policy — Advertises the network policy attached to the port. – Location — Advertises the port’s location. •...
  • Page 190 Displaying advertise information details: 1 Open the MED Port Settings page. 2 Click Details. The Details Advertise Information page opens: Figure 6-78. Details Advertise Information Page Configuring System Information...
  • Page 191 The Details Advertise Inforsmation page contains the following fields: • Port — The port for which detailed information is played. • Auto-Negotiation Status — The auto-negotiation status of the port. The possible field values are: – Enabled — Auto-negotiation is enabled on the port. –...

  • Page 192: Viewing The Lldp Neighbors Information

    Viewing the LLDP Neighbors Information The Neighbors Information page contains information received from neighboring device LLDP → → advertisements. To open the Neighbor Information page, click System LLDP-MED Neighbors Information in the tree view. Figure 6-79. Neighbors Information • Port — Displays the neighboring port number. •...
  • Page 193 View the details of the LLDP MED information advertised by a neighbor device: 1 Open the Neighbors Information page. 2 Click the Details button next to the desired entry. The Details Neighbor Information page appears: Figure 6-80. Details Neighbors Information For information on the fields, refer to the Details Advertise Information page above.

  • Page 194: Defining Snmp Parameters

    Table 6-41. LLDP Neighbors Information CLI Commands CLI Command Description Displays information about neighboring show lldp neighbors devices discovered using Link Layer interface Discovery Protocol (LLDP) The following is an example of the CLI commands: Switch# show lldp neighbors Port Device ID Port Hold...
  • Page 195 Figure 6-81. Global Parameters • Local Engine ID (10 - 64 Hex Characters) — Indicates the local device engine ID. The field value is a hexadecimal string. Each byte in hexadecimal character strings is two hexadecimal digits. Each byte can be separated by a period or a colon. The Engine ID must be defined before SNMPv3 is enabled. For stand-alone devices select a default Engine ID that is comprised of Enterprise number and the default MAC address.
  • Page 196 Enabling Authentication Notifications 1 Open the SNMP Global Parameters page. 2 Select Enable in the Authentication Notifications field. 3 Click Apply Changes. Enabling SNMP Notifications Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the SNMP Global Parameters page.

  • Page 197: Defining Snmp View Settings

    Version 1,2 notifications Target Type Community Version Filter Retries Address Port name ------- ---- --------- ------- ---- ------ --- ------- Version 3 notifications Target Type Username Security Filter Retries Address Level Port name -------- ---- --------- -------- ---- ------ --- ------- System Contact: Robert System Location: Marketing...
  • Page 198 Figure 6-82. SNMPv3 View Settings • View Name — Contains a list of user-defined views. The view name can contain a maximum of 30 alphanumeric characters. The possible field values are: – Default — Displays the default user-defined view. – DefaultSuper —...

  • Page 199: Adding A View

    Adding a View 1 Open the SNMPv3 View Settings page. 2 Click Add. The Add a View page opens: Figure 6-83. Add a View 3 Define the field. 4 Click Apply Changes. The SNMP View is added, and the device is updated. Displaying the View Table 1 Open the SNMPv3 View Settings page.

  • Page 200: Defining Snmp Views Using Cli Commands

    Defining SNMP Views Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the SNMPv3 View Settings page. Figure 6-85. SNMP View CLI Commands CLI Command Description Creates or updates a view entry. snmp-server view view-name oid-tree {included | excluded} Displays the configuration of views.
  • Page 201 Figure 6-86. Access Control Group • Group Name — The user-defined group to whom access control rules are applied. The field range is up to 30 characters. • Security Model — Defines the SNMP version attached to the group. The possible field values are: –...

  • Page 202: Defining Snmp Groups

    Defining SNMP Groups 1 Open the Access Control Group page. 2 Click Add. The Add an Access Control Group page opens: Figure 6-87. Add an Access Control Group 3 Define the fields in the Add an Access Control Group page. 4 Click Apply Changes.

  • Page 203: Removing Snmp Groups

    Removing SNMP Groups Open the Access Control Group page. Click Show All. The Access Table opens. Select an SNMP group. Check the Remove checkbox. Click Apply Changes. The SNMP group is deleted, and the device is updated. Defining SNMP Access Control Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the Access Control Group page.
  • Page 204 Figure 6-89. User Security Model • User Name — Contains a list of user-defined user names. The field range is up to 30 alphanumeric characters. • Engine ID — Indicates either the local or remote SNMP entity, to which the user is connected. Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database.

  • Page 205: Adding Users To A Group

    • Authentication Key (MD5-16; SHA-20 hexa chars) — Defines the HMAC-MD5-96 or HMAC-SHA-96 authentication level. The authentication and privacy keys are entered to define the authentication key. If only authentication is required, 16 bytes are defined for MD5. If both privacy and authentication are required, 32 bytes are defined for MD5.

  • Page 206: Displaying The User Security Model Table

    Displaying the User Security Model Table 1 Open the User Security Model (USM) page. 2 Click Show All. The User Security Model Table opens: Figure 6-91. User Security Model Table Deleting an User Security Model Table Entry 1 Open the SNMPv3 User Security Model (USM) page. 2 Click Show All.

  • Page 207: Defining Communities

    The following is an example of the CLI commands: console (config)# snmp-server user John user-group auth-md5 1234 console (config)# end console (config)# show snmp users Name Group Name Auth Method Remote ------- ---------- ----------- ------ John user-group Defining Communities Access rights are managed by defining communities in the Community Table. When the community names are changed, access rights are also changed.
  • Page 208 • Basic Access Mode — Defines the access rights of the community. The possible field values are: – Read Only — The management access is restricted to read-only, for all MIBs except the community table, for which there is no access. –...
  • Page 209 Defining a New Community 1 Open the SNMP Community page. 2 Click Add. The Add SNMP Community page opens: Figure 6-93. Add SNMP Community 3 Select one of the following: – SNMP Management Station — Defines an SNMP community for a specific management station. (A value of 0.0.0.0 specifies all management stations.) –...
  • Page 210 Displaying all Communities 1 Open the SNMP Community page. 2 Click Show All. The Community Table opens: Figure 6-94. Community Table Deleting Communities 1 Open the Community Table page. 2 Click Show All. The Community Table opens. 3 Select a community from the Community Table. 4 Select the Remove check box.
  • Page 211 Table 6-44. SNMP Community CLI Commands (continued) CLI Command Description snmp-server v3-host { ipv4-address | ipv6-address | hostname} username [traps | Specifies the recipient of Simple informs] {noauth | auth | priv} [udp-port port] [filter filtername] [timeout Network Management Protocol seconds] [retries retries] Version 3 notification operation.

  • Page 212: Defining Notification Filters

    Defining Notification Filters The Notification Filter page permits filtering traps based on OIDs. Each OID is linked to a device feature or a feature aspect. The Notification Filter page also allows network managers to filter → → notifications. To open the Notification Filter page, click System SNMP Notification Filter in the tree view.
  • Page 213 Adding SNMP Filters 1 Open the Notification Filter page. 2 Click Add. The Add Filter page opens: Figure 6-96. Add Filter 3 Define the relevant fields. 4 Click Apply Changes. The new filter is added, and the device is updated. Displaying the Filter Table 1 Open the Notification Filter page.

  • Page 214: Defining Snmp Notification Recipients

    Removing a Filter 1 Open the Notification Filter page. 2 Click Show All. The Filter Table opens. 3 Select a Filter Table entry. 4 Check the Remove checkbox. The filter entry is deleted, and the device is updated. Configuring Notification Filters Using CLI Commands The following table summarizes equivalent CLI commands for defining fields displayed in the Notification Filters page.
  • Page 215 Figure 6-98. Notification Recipients Configuring System Information...
  • Page 216 • Recipient IP — Indicates the IP address to whom the traps are sent. – Notification Type — The notification sent. The possible field values are: – Traps — Traps are sent. – Informs — Informs are sent. • SNMPv1,2 — SNMP versions 1 and 2 are enabled for the selected recipient. Define the following fields for SNMPv1 and SNMPv2: •...
  • Page 217 • IPv6 Address Type — When the recipient supports IPv6 (see previous parameter), this specifies the type of static address supported. The possible values are: – Link Local — A Link Local address that is non-routable and used for communication on the same network only.
  • Page 218 Displaying Notification Recipients Tables 1 Open Notification Recipients page. 2 Click Show All. The Notification Recipients Tables page opens: Figure 6-99. Notification Recipients Tables Deleting Notification Recipients 1 Open Notification Recipients page. 2 Click Show All. The Notification Recipients Tables page opens. 3 Select a notification recipient in either the SNMPV1,2 Notification Recipient or SNMPv3 Notification Recipient Tables.
  • Page 219 Configuring SNMP Notification Recipients Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the Notification Recipients page. Table 6-46. SNMP Notification Recipients CLI Commands CLI Command Description Creates or updates a notification recipient snmp-server host { ipaddress | receiving notifications in SNMP version 1 or 2.

  • Page 220: Managing Files

    Managing Files The File Management page contains fields for managing device software, the Image Files, and the Configuration Files. Files can be downloaded from a TFTP server. File Management Overview The configuration file structure consists of the following configuration files: •...

  • Page 221: Downloading Files

    Downloading Files The File Download From Server page contains fields for downloading system image and Configuration files from the TFTP server or HTTP client to the device. To open the File Download From Server page, click System → File Management → File Download in the tree view. Figure 6-100.
  • Page 222 • Supported IP Format — Specifies the IP format supported by the server. The possible values are: – IPv6 — IP version 6 is supported. – IPv4 — IP version 4 is supported. • IPv6 Address Type — When the server supports IPv6 (see previous parameter), this specifies the type of static address supported.
  • Page 223 The possible field values are: – Running Configuration — Downloads commands into the Running Configuration file. – Startup Configuration — Downloads the Startup Configuration file, and overwrites it. – <filename> — Downloads commands into a configuration backup file. The filename is determined by the user at download.

  • Page 224: Uploading Files

    Uploading Files The File Upload to Server page contains fields for uploading the software from the device to the TFTP server. To open the File Upload to Server page, click System → File Management → File Upload in the tree view. Figure 6-101.
  • Page 225 • Link Local Interface — When the server supports an IPv6 Link Local address (see previous parameter), this specifies the the Link Local interface. The possible values are: – VLAN1 — The IPv6 interface is configured on VLAN1. – ISATAP — The IPv6 interface is configured on ISATAP tunnel. •...
  • Page 226 Uploading Files 1 Open the File Upload to Server page. 2 Define the file type to upload. 3 Define the fields. 4 Click Apply Changes. The software is uploaded to the device. Uploading Files Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the File Upload to Server page.

  • Page 227: Copying Files

    Copying Files Files can be copied and deleted from the Copy Files page. To open the Copy Files page, click System→ File Management→ Copy Files in the tree view. Figure 6-102. Copy Files • Copy Configuration — When selected, copies the configuration to the destination file as specified. –...
  • Page 228 Restoring Company Factory Default Settings 1 Open the Copy Files page. 2 Click Restore Company Factory Defaults. 3 Click Apply Changes. The company factory default settings are restored, and the device is updated. Copying and Deleting Files Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Copy Files page.

  • Page 229: Managing Device Files

    Managing Device Files The Files on File System page provides information about files currently stored on the system, including file names, file sizes, files modifications, and file permissions. The files system permits managing up to five files and a total file size of 3MB. To open the Files on File System page, click System→ File Management→...

  • Page 230: Defining Advanced Settings

    Managing Files Using CLI Commands The following table summarizes the equivalent CLI commands for managing system files. Table 6-50. Copy Files CLI Commands CLI Command Description Display list of files on a flash file system The following is an example of the CLI commands: console# dir Directory of flash: File Name...

  • Page 231: Configuring General Device Tuning Parameters

    Configuring General Device Tuning Parameters The General Settings page provides information for defining general device parameters. To open the → → General Settings page, click System Advanced Settings General in the tree view. Figure 6-104. General Settings • Attribute — The general setting attribute. •...

  • Page 232: Optimizing Iscsi

    Viewing RAM Log Entries Counter Using the CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the General Settings page. Table 6-51. General Settings CLI Commands CLI Command Description logging buffered size number Sets the number of syslog messages stored in the internal buffer (RAM). port jumbo-frame Enables jumbo frames for the device.
  • Page 233 Figure 6-105. Global Parameters • iSCSI Status — Whether iSCSI Optimization is enabled on the device. The default value is enabled. • Classification — Whether priority of iSCSI packets is determined by CoS or DSCP. Select the classification and then choose the desired value. •...

  • Page 234: Defining Iscsi Global Parameters Using Cli Commands

    Defining iSCSI Global Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the iSCSI Global Parameters page. Figure 6-106. iSCSI Global Parameters CLI Commands CLI Command Description To globally enable iSCSI awareness use iscsi enable the iscsi enable command in global no iscsi enable...
  • Page 235 Figure 6-107. The following is an example of the CLI commands: Console# show iscsi Target: iqn.1993-11.com.disk-vendor:diskarrays.sn.45678 -------------------------------------------------------------- Session 1: --------- Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12. storage:sys1.xyz Time started: 23-Jul-2002 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port...

  • Page 236: Managing Iscsi Targets

    Managing iSCSI Targets The iSCSI Targets Table contains information about iSCSI targets in the network. → → To open the iSCSI Targets Table, click System iSCSI Optimization iSCSI Targets in the tree view. Figure 6-108. iSCSI Targets Table • TCP Port — The TCP port used by the target for iSCSI communications. IP Address —...

  • Page 237: Defining Iscsi Targets Using Cli Commands

    3 Fill in the parameters. 4 Click Apply Changes. Removing Targets 1 Open the iSCSI Targets Table. 2 In the table, check the Remove checkbox next to each target to be removed. 3 Click Apply Changes. Defining iSCSI Targets Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the iSCSI Targets Table.

  • Page 238: Monitoring Iscsi Sessions

    Monitoring iSCSI Sessions The iSCSI Sessions page contains information about iSCSI communications going through the device. → → To open the iSCSI Sessions page, click System iSCSI Optimization iSCSI Sessions in the tree view. Figure 6-111. iSCSI Sessions For each session, the following information is shown: •...

  • Page 239: Defining Iscsi Sessions Using Cli Commands

    Defining iSCSI Sessions Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the iSCSI Sessions page. Figure 6-112. iSCSI Sessions CLI Commands CLI Command Description To display the iSCSI sessions, use the show iscsi sessions show iscsi sessions privileged EXEC command.
  • Page 240 Configuring System Information...

  • Page 241: Configuring Device Information

    Configuring Device Information This section provides all system operation and general information for configuring network security, ports, Address tables, GARP , VLANs, Spanning Tree, Port Aggregation, and Multicast Support. Configuring Network Security The device enables network security through both Access Control Lists and Locked Ports. To open the Network Security page select Switch →...
  • Page 242 MAC Based Authentication MAC based authentication is an alternative to 802.1x that allows allows network access to devices (such as printers and IP phones) that do not have the 802.1X supplicant capability. MAC authentication uses the MAC address of the connecting device to grant or deny network access. Advanced Port Based Authentication Advanced Port Based Authentication enables multiple hosts to be attached to a single port.
  • Page 243 Configuring Port Based Authentication The Port Based Authentication page contains fields for configuring port based authentication and for enabling Guest VLANs. To open the Port Based Authentication page, click Switch → Network Security → Port Based Authentication. Figure 7-1. Port Based Authentication Configuring Device Information...
  • Page 244 • Port Based Authentication State — Permits port based authentication on the device. The possible field values are: – Enable — Enables port based authentication on the device. – Disable — Disables port based authentication on the device. • Authentication Method — The Authentication method used. The possible field values are: –...
  • Page 245 – Authenticated ports are added to the supplicant VLAN as untagged. – Authenticated ports remain unauthenticated VLAN and Guest VLAN members. Static VLAN configuration is not applied to the port. – The following list of VLANs cannot participate in DVA: an Unauthenticated VLAN, a Dynamic VLAN that was created by GVRP, a Voice VLAN, a Default VLAN and a Guest VLAN.
  • Page 246 Displaying the Port Based Authentication Table 1 Display the Port Based Authentication page. 2 Click Show All. The Port Based Authentication Table opens: Figure 7-2. Port Based Authentication Table Termination Cause — The reason for which the port authentication was terminated. Copy To Checkbox —...
  • Page 247 Enabling Port Based Authentication Using the CLI Commands The following table summarizes the equivalent CLI commands for enabling the port based authentication as displayed in the Port Based Authentication page. Table 7-1. Port Authentication CLI Commands CLI Command Description aaa authentication dot1x default Specifies one or more authentication, authorization, and accounting (AAA) method1 [method2.] methods for use on interfaces running IEEE 802.1X.

  • Page 248: Configuring Advanced Port Based Authentication

    The following is an example of the CLI commands: console> enable Console# show dot1x Interface Admin Mode Oper Mode Reauth Reauth Username Control Period --------- ---------- ---------- -------- ------ -------- Auto Authorized 3600 Auto Authorized 3600 John Auto Unauthorized 3600 Clark Force-auth Authorized 3600...
  • Page 249 • Port — The port number for which Advanced Port Based Authentication is enabled. • Host Authentication — Defines the host authentication type. The possible fields are: – Single — Enables a single authorized host for single-session access to the system. –...
  • Page 250 Displaying the Multiple Hosts Table 1 Open the Multiple Hosts page. 2 Click Show All. The Multiple Hosts Table opens: Figure 7-4. Multiple Hosts Table Enabling Multiple Hosts Using the CLI Commands The following table summarizes the equivalent CLI commands for enabling the advanced port based authentication as displayed in the Multiple Hosts page.

  • Page 251: Authenticating Users

    Authenticating Users The Authenticated Users page displays user port access lists. The User Access Lists are defined in the Add User Name page. To open the Authenticated Users page, click Switch → Network Security → Authenticated Users. Figure 7-5. Authenticated Users •...

  • Page 252: Configuring Port Security

    Displaying the Authenticated Users Table 1 Open the Add User Name page. 2 Click Show All. The Authenticated Users Table opens: Figure 7-6. Authenticated Users Table Authenticating Users Using the CLI Commands The following table summarizes the equivalent CLI commands for authenticating users as displayed in the Add User Name page.
  • Page 253 packet is received on a locked port, and the packet’s source MAC address is not tied to that port (either it was learned on a different port, or is unknown to the system), the protection mechanism is invoked, and can provide various options. Unauthorized packets arriving to a locked port are either: •...
  • Page 254 • Set Port — The port is either locked or unlocked. The possible field values are: – Unlocked — Unlocks Port. This is the default value. – Locked — Locks Port. • Learning Mode — The port learning mode. The possible field values are: –...
  • Page 255 Displaying the Locked Port Table 1 Open the Port Security page. 2 Click Show All. The Port Security Table opens: Locked Ports can also be defined from the Locked Ports Table, as well as the Port Security page. Figure 7-8. Port Security Table Configuring Locked Port Security with CLI Commands The following table summarizes the equivalent CLI commands for configuring Locked Port security as displayed in the Port Security page.

  • Page 256: Acl Overview

    The following is an example of the CLI commands: Console # show ports security Port Status Action Trap Frequency Counter ----- ------- ------- ------- --------- -------- Unlocked Discard Enable Unlocked Discard, Disable Shutdown Unlocked ACL Overview Access Control Lists (ACL) allow network managers to define classification actions and rules for specific ingress ports.
  • Page 257 Figure 7-9. Network Security - IP Based ACL • ACL Name — User-defined ACLs. • New ACE Priority — ACE priority that determines which ACE is matched to a packet based on a first-match basis. • Protocol — Enables creating an ACE based on a specific protocol. The possible field values are: –...
  • Page 258 – TCP — Transmission Control Protocol (TCP). Enables two hosts to communicate and exchange data streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent. – EGP — Exterior Gateway Protocol (EGP). Permits exchanging routing information between two neighboring gateway hosts in an autonomous systems network.
  • Page 259 • Source Port — The TCP/UDP source port. Select Any to include all ports. • Destination Port — The TCP/UDP destination port. Select Any to include all ports. • Source IP Address — Matches the source port IP address to which packets are addressed to the ACE. Wildcard masks specify which bits are used and which bits are ignored.
  • Page 260 Adding IP based ACLs 1 Open the IP Based ACL page. 2 Click Add. The Network Security - IP Based ACL page opens: Figure 7-10. Add IP Based ACL 3 Define the relevant fields. 4 Click Apply Changes. The IP based protocol is defined, and the device is updated. Configuring Device Information...
  • Page 261 Displaying the ACEs Associated with IP based ACLs 1 Open the Network Security - IP Based ACL page. 2 Click Show All. The ACEs Associated with IP-ACL opens: Figure 7-11. ACEs Associated with IP-ACL Removing an IP based ACL 1 Open the Network Security - IP Based ACL page. 2 Click Show All.
  • Page 262 Configuring IP Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring IP Based ACLs. Table 7-5. IP Based ACL CLI Commands CLI Command Description ip access-list access-list-name To define an IPv4 access list and to place the device in IPv4 access list configuration no ip access-list access-list-name mode, use the ipv4 access-list command...

  • Page 263: Defining Mac Based Access Control Lists

    Defining MAC Based Access Control Lists The Network Security - MAC Based ACL page allows a MAC- based ACL to be defined. ACEs can be added only if the ACL is not bound to an interface. To define MAC Based ACLs, click Switch → Network Security → MAC Based ACL. Figure 7-12.
  • Page 264 • Destination Address — Matches the destination MAC address to which packets are addressed to the ACE. Wildcard masks specify which bits are used and which bits are ignored. A wildcard of 0.0.0.0 indicates that all the bits are important. •...
  • Page 265 Adding MAC based ACLs 1 Open the MAC Based ACL page. 2 Click Add. The Network Security - MAC Based ACL page opens: Figure 7-13. Add Mac Based ACL 3 Define the relevant fields. 4 Click Apply Changes. The MAC based protocol is defined, and the device is updated. Configuring Device Information...
  • Page 266 Displaying the ACEs Associated with MAC based ACLs 1 Open the Network Security - MAC Based ACL page. 2 Click Show All. The ACEs Associated with MAC Based ACL opens: Removing a MAC based ACL 1 Open the Network Security - MAC Based ACL page. 2 Click Show All.

  • Page 267: Defining Acl Binding

    Configuring MAC Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring MAC Based ACLs . Table 7-6. MAC Based ACL CLI Commands CLI Command Description mac access-list access-list-name To define a Layer 2 access list and to place the device in MAC access list configuration mode, use no mac access-list access-list-name the mac access-list command in global...
  • Page 268 3 In the Bind ACL to an Interface field, select a port or LAG. 4 Click Apply Changes. The ACL is bound to the interface. Displaying the ACL Bindings Table: 1 Open the Network Security - ACL Binding page. 2 Click Show All. The ACL Bindings Table opens: Figure 7-15.

  • Page 269: Configuring Dhcp Snooping

    Configuring ACL Bindings with CLI Commands The following table summarizes the equivalent CLI commands for configuring ACL Bindings . Table 7-7. ACL Bindings CLI Commands CLI Command Description service-acl input acl-name To control access to an interface, use the service-acl command in interface no service-acl input configuration mode.
  • Page 270 Defining DHCP Snooping Global Parameters The DHCP Snooping Global Parameters page contains parameters for enabling and configuring DHCP Snooping on the device. To define DHCP global parameters, click Switch→ DHCP Snooping → Global Parameters. Figure 7-16. Global Parameters • DHCP Snooping Status — Indicates if DHCP Snooping is enabled on the device. The possible field values are: –...
  • Page 271 Configuring DHCP Snooping Global Parameters with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping global parameters DHCP Snooping Global Parameters Table 7-8. CLI Commands CLI Command Description ip dhcp snooping Use the ip dhcp snooping global configuration command to globally enable DHCP snooping.

  • Page 272: Defining Dhcp Snooping On Vlans

    The following is an example of some of the CLI commands: Console# show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs: 2, 7-18 DHCP snooping database: enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled Interface Trusted...

  • Page 273: Defining Trusted Interfaces

    Defining DHCP Snooping on VLANS 1 Open the DHCP Snooping VLAN Settings page. 2 Click Add and Remove to add/remove VLAN IDs to or from the Enabled VLAN list. 3 Click Apply Changes. Configuring DHCP Snooping on VLANs with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping on VLANs .
  • Page 274 Displaying the Trusted Interfaces Table: 1 Open the Trusted Interfaces page. 2 Click Show All. The Trusted Interfaces Table opens: Figure 7-19. Trusted Interfaces Table Copying Trusted Interfaces Settings Between Interfaces 1 Open the Trusted Interfaces page. 2 Click Show All. The Trusted Interfaces Table opens. 3 In the Unit and Copy from fields, select a Port or LAG from which you want to copy settings.

  • Page 275: Adding Interfaces To The Dhcp Snooping Database

    Configuring DHCP Snooping Trusted Interfaces with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping Trusted Interfaces Table 7-10. DHCP Snooping Trusted Interfaces CLI Commands CLI Command Description ip dhcp snooping trust Use the ip dhcp snooping trust interface configuration command to configure a port no ip dhcp snooping trust as trusted for DHCP snooping purposes.
  • Page 276 Querying the Database 1 Open the Binding Database page. 2 Select the following categories: • MAC Address — Indicates the MAC addresses recorded in the DHCP Snooping Database. • IP Address — Indicates the IP addresses recorded in the DHCP Snooping Database. •...
  • Page 277 Figure 7-21. Bind DHCP Snooping Page 3 Define the fields. 4 Click Apply Changes. Configuring DHCP Snooping Binding Database with CLI Commands The following table summarizes the equivalent CLI commands for configuring DHCP Snooping Binding Database DHCP Snooping Binding Database Table 7-11.

  • Page 278: Configuring Ports

    Configuring Ports The Ports page contains links to port functionality pages including advanced features, such as Storm Control and Port Mirroring. To open the Ports page, click Switch → Ports. Defining Port Parameters The Port Configuration page contains fields for defining port parameters. To open the Port Configuration page, click Switch →...
  • Page 279 • Re-Activate Suspended Port — Reactivates a port if the port has been suspended through the locked port security option. • Operational Status — The port operational status. Possible field values are: – Suspended — The port is currently active, and is currently not receiving or transmitting traffic. –...
  • Page 280 Hubs and switches are deliberately wired opposite the way end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable can be used, and the pairs are match up properly. When two hubs/switches are connected to each other, or two end stations are connected to each other, a crossover cable is used ensure that the correct pairs are connected.
  • Page 281 Displaying the Port Configuration Table: 1 Open the Port Configuration page. 2 Click Show All. The Ports Configuration Table opens: Figure 7-23. Ports Configuration Table Configuring Ports with CLI Commands The following table summarizes the equivalent CLI commands for configuring ports as displayed in the Ports Configuration Table page.
  • Page 282 Table 7-12. Port Configuration CLI Commands (continued) CLI Command Description system flowcontrol Enables flow control on cascade ports (between the 2 CPUs). This command is relevant for 48-port devices only. mdix {on | auto} Enables automatic crossover on a given interface or Port-channel.
  • Page 283 The following is an example of the CLI commands: Console (config)# interface ethernet g5 Console (config-if)# description RD SW#3 Console (config-if)# shutdown Console (config-if)# no shutdown Console (config-if)# speed 100 Console (config-if)# duplex full Console (config-if)# negotiation Console (config-if)# back-pressure Console (config-if)# flowcontrol on Console (config-if)# mdix auto Console (config-if)# exit...

  • Page 284: Configuring Load Balancing

    Console# show interfaces status Port Type Duplex Speed Flow Link Back Mdix Control State Pressure Mode ---- ----- ------ ------ ---- ------ ----- ------ ---- Full Auto Enable Full Down Disable Full 1000 Disable Type Duplex Speed Flow Back Link Control Pressure State...
  • Page 285 Figure 7-24. LAG Configuration The LAG Configuration page contains the following fields: • Load Balance — Indicates the load balancing type enabled on the LAG. The possible field values are: – Layer 2 — Enables load balancing based on static and dynamic MAC addresses. –...
  • Page 286 • LAG Type — The port types that comprise the LAG. • Admin Status — Enables or disables traffic forwarding through the selected LAG. • Current LAG Status — Indicates if the LAG is currently operating. • Re-Activate Suspended LAG — Reactivates a suspended LAG. •...
  • Page 287 Displaying the LAG Configuration Table: 1 Open the LAG Configuration page. 2 Click Show All. The LAG Configuration Table opens: Figure 7-25. LAG Configuration Table Configuring LAGs with CLI Commands The following table summarizes the equivalent CLI commands for configuring LAGs as displayed in the LAG Configuration page.
  • Page 288 Table 7-13. LAG Configuration CLI Commands (continued) CLI Command Description Sets the line for automatic baud rate detection. autobaud Enables auto negotiation operation for the negotiation speed and duplex parameters of a given interface. Enables Back Pressure on a given interface. back-pressure Configures the Flow Control on a given flowcontrol {auto | on |...

  • Page 289: Enabling Storm Control

    The following is an example of the CLI commands: console(config-if)# channel-group 1 mode on console(config-if)# exit console(config)# interface range e g21-24 console(config-if)# channel-group 1 mode on console(config-if)# ex console(config)# interface ethernet g5 console(config-if)# channel-group 2 mode on console(config-if)# exit console(config)# exit console# show interfaces port-channel Channel Ports...
  • Page 290 Figure 7-26. Storm Control • Port — The port from which storm control is enabled. • Broadcast Control — Enables or disables forwarding broadcast packet types on the device. • Mode — Specifies the Broadcast mode currently enabled on the device. The possible field value are: Unknown Unicast, Multicast &...
  • Page 291 Displaying the Storm Control Table 1 Open the Storm Control page. 2 Click Show All. The Storm Control Table opens: Figure 7-27. Storm Control Table Configuring Storm Control with CLI Commands The following table summarizes the equivalent CLI commands for configuring Storm Control as displayed on the Storm Control page.

  • Page 292: Defining Port Mirroring Sessions

    The following is an example of the CLI commands: console> enable console# configure Console(config)# port storm-control include-multicast Console(config)# port storm-control broadcast rate 8000 Console(config)# interface ethernet g1 Console(config-if)# port storm-control broadcast enable Console(config-if)# end Console# show ports storm-control Port Broadcast Storm control [Packets/sec] ----- ------------------------------------- 8000...
  • Page 293 The following restrictions apply to ports configured to be source ports: • Source Ports cannot be a LAG member. • Ports cannot be configured as a destination port. • All packets are transmitted tagged from the destination port. • Monitored all RX/TX packets to the same port. To open the Port Mirroring page, click Switch→...
  • Page 294 5 Define the Type field. 6 Click Apply Changes. The new source port is defined, and the device is updated. Deleting a Copy Port from a Port Mirroring Session 1 Open the Port Mirroring page. 2 Select the Remove check box. 3 Click Apply Changes.

  • Page 295: Configuring Address Tables

    Configuring Address Tables MAC addresses are stored in either the Static Address or the Dynamic Address databases. A packet addressed to a destination stored in one of the databases is forwarded immediately to the port. The Static and Dynamic Address Tables can be sorted by interface, VLAN, and interface type. MAC addresses are dynamically learned as packets from sources arrive at the device.
  • Page 296 • Status — MAC address status. Possible values are: – Secure — Guarantees that a locked port MAC address is not deleted. – Permanent — The MAC address is permanent. – Delete on Reset — The MAC address is deleted when the device is reset. –...
  • Page 297 Configuring Static Address Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for configuring static address parameters as displayed in the Static MAC Address page. Table 7-16. Static Address CLI Commands CLI Command Description bridge address mac-address {ethernet Adds a static MAC-layer station source interface | port-channel port-channel- address to the bridge table.

  • Page 298: Viewing Dynamic Addresses

    Viewing Dynamic Addresses The Dynamic Address Table contains fields for querying information in the dynamic address table, including the interface type, MAC addresses, VLAN, and table sorting. Packets forwarded to an address stored in the address table are forwarded directly to those ports. The Dynamic Address Table also contains information about the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic Address list.
  • Page 299 • Address Aging (10-630) — Specifies the amount of time the MAC Address remains in the Dynamic Address Table before it is timed out if no traffic from the source is detected. The default value is 300 seconds. • Interface — Specifies the interface for which the table is queried. There are two interface types from which to select.
  • Page 300 Querying and Sorting Dynamic Addresses Using CLI Commands The following table summarizes the equivalent CLI commands for querying and sorting dynamic addresses as displayed in the Dynamic Address Table. Table 7-17. Query and Sort CLI Commands CLI Command Description bridge aging-time seconds Sets the address table aging time. Displays classes of dynamically created show bridge address-table entries in the bridge-forwarding database.

  • Page 301: Configuring Garp

    Configuring GARP Generic Attribute Registration Protocol (GARP) is a general-purpose protocol that registers any network connectivity or membership-style information. GARP defines a set of devices interested in a given network attribute, such as VLAN or Multicast address. When configuring GARP , ensure the following: •...
  • Page 302 • GARP Leave Timer (10 - 2147483640) — Time lapse, in milliseconds, that the device waits before leaving its GARP state. Leave time is activated by a Leave All Time message sent/received, and cancelled by the Join message received. Leave time must be greater than or equal to three times the join time.

  • Page 303: Configuring The Spanning Tree Protocol

    The following is an example of the CLI commands: console(config)# interface ethernet g1 console(config-if)# garp timer leave 900 console(config-if)# end console# show gvrp configuration ethernet g1 GVRP Feature is currently Disabled on the device. Maximum VLANs: 223 Port(s) GVRP- Registration Dynamic VLAN Timers (milliseconds)
  • Page 304 Defining STP Global Settings The STP Global Settings page contains parameters for enabling and configuring STP operation on the device. To open the STP Global Settings page, click Switch→ Spanning Tree → Global Settings in the tree view. Figure 7-32. STP Global Settings •...
  • Page 305 • BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port/ device. BPDUs are used to transmit spanning tree information. The possible field values are: – Filtering — Filters BPDU packets when spanning tree is disabled on an interface. –...
  • Page 306 Defining STP Global Parameters 1 Open the STP Global Settings page. 2 Select the port that needs to be enabled from the Select a Port drop-down menu. 3 Select Enable in the Spanning Tree State field. 4 Select the STP mode in the STP Operation Mode field, and define the bridge settings. 5 Click Apply Changes.
  • Page 307 The following is an example of the CLI commands: console(config)# spanning-tree console(config)# spanning-tree mode rstp console(config)# spanning-tree priority 12288 console(config)# spanning-tree hello-time 5 console(config)# spanning-tree max-age 15 console(config)# spanning-tree forward-time 25 console(config)# exit console# show spanning-tree Spanning tree enabled mode RSTP Default port cost method: short Root ID Priority...

  • Page 308: Defining Stp Port Settings

    Defining STP Port Settings The STP Port Settings page contains fields for assigning STP properties to individual ports. To open the STP Port Settings page, click Switch→ Spanning Tree→ Port Settings in the tree view. Figure 7-33. STP Port Settings •...
  • Page 309 • Port State — The current port STP state. If enabled, the port state determines what forwarding action is taken on traffic. Possible port states are: – Disabled — The port link is currently down. – Blocking — The port is currently blocked and cannot be used to forward traffic or learn MAC addresses.
  • Page 310 • Priority (0-240, in steps of 16) — The priority value of the port. The priority value influences the port choice when a bridge has two ports connected in a loop. The priority value is between 0-240. The priority value is provided in increments of 16. •...
  • Page 311 Table 7-20. STP Port Settings CLI Commands CLI Command Description spanning-tree disable Disables spanning tree on a specific port. spanning-tree cost cost Configures the spanning tree cost contribution of a port. spanning-tree port-priority priority Configures port priority. spanning-tree portfast Enables PortFast mode. show spanning-tree [ethernet interface | Displays spanning tree configuration.

  • Page 312: Defining Stp Lag Settings

    Defining STP LAG Settings The STP LAG Settings page contains fields for assigning STP aggregating port parameters. To open the STP LAG Settings page, click Switch→ Spanning Tree→ LAG Settings in the tree view. Figure 7-34. STP LAG Settings • Select a LAG —...
  • Page 313 • LAG State — Current STP state of a LAG. If enabled, the LAG state determines what forwarding action is taken on traffic. If the bridge discovers a malfunctioning LAG, the LAG is placed in the Broken state. Possible LAG states are: –...

  • Page 314: Configuring Rapid Spanning Tree

    Modifying the LAG STP Parameters 1 Open the STP LAG Settings page. 2 Select a LAG from the Select a LAG drop-down menu. 3 Modify the fields as desired. 4 Click Apply Changes. The STP LAG parameters are modified, and the device is updated. Defining STP LAG Settings Using CLI Commands The following table summarizes the equivalent CLI commands for defining STP LAG settings.
  • Page 315 RSTP has the following different port states: • Disabled • Learning • Discarding • Forwarding Rapid Spanning Tree is enabled on the STP Global Settings page. To open the Rapid Spanning Tree (RSTP) page, click Switch→ Spanning Tree→ Rapid Spanning Tree in the tree view. Figure 7-35.
  • Page 316 • Mode — Displays the STP mode by which STP is enabled on the device. The possible field values are: – Classic STP — Enables Classic STP on the device. This is the default value. – Rapid STP — Enables Rapid STP on the device. •...

  • Page 317: Configuring Multiple Spanning Tree

    Defining Rapid STP Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for defining Rapid STP parameters as displayed in the Rapid Spanning Tree (RSTP) page. Table 7-22. RSTP Settings CLI Command CLI Command Description spanning-tree link-type {point-to-point | shared} Overrides the default link-type setting.
  • Page 318 Figure 7-36. MSTP Settings • Region Name (1-32 Characters) — Indicates user-defined MSTP region name. • Revision (0-65535) — Defines unsigned 16-bit number that identifies the current MST configuration revision. The revision number is required as part of the MST configuration. The possible field range is 0-65535.
  • Page 319 • Instance ID — Defines the MSTP instance. The field range is 0-15. • Included VLANs — Maps the selected VLANs to the selected instance. Each VLAN belongs to one instance. • Bridge Priority (0-61440, in steps of 4096) — Specifies the selected spanning tree instance device priority.
  • Page 320 Defining MST Instances Using CLI Commands The following table summarizes the equivalent CLI commands for defining MST instance groups as displayed in the MSTP Settings page. Table 7-23. MSTP Instances CLI Commands CLI Command Description Enters MST Configuration mode. spanning-tree mst configuration Maps VLANs to the MST instance.

  • Page 321: Defining Mstp Interface Settings

    Defining MSTP Interface Settings The MSTP Interface Settings page contains parameters assigning MSTP settings to specific interfaces. To open the MSTP Interface Settings page, click Switch → Spanning Tree → MSTP Interface Settings in the tree view. Figure 7-38. MSTP Interface Settings •...
  • Page 322 • Role — Indicates the port role assigned by the STP algorithm in order to provide to STP paths. The possible field values are: – Root — Provides the lowest cost path to forward packets to root device. – Designated — Indicates the port or LAG via which the designated device is attached to the LAN. –...

  • Page 323: Configuring Vlans

    Viewing the MSTP Interface Table 1 Open the MSTP Interface Settings page. 2 Click Show All. The MSTP Interface Table page opens: Figure 7-39. MSTP Interface Table Configuring VLANs VLANs are logical subgroups of a Local Area Network (LAN) created via software rather than defining a hardware solution.
  • Page 324 The VLAN ID tag is assigned to a customer port in the service providers network. The designated port then provides additional services to the packets with the double-tags. This allows administrators to expand service to VLAN users. Defining VLAN Members The VLAN Membership page contains fields for defining VLAN groups.
  • Page 325 • Status — The VLAN type. Possible values are: – Dynamic — The VLAN was dynamically created through GVRP. – Static — The VLAN is user-defined. – Default — The VLAN is the default VLAN. • Unauthorized Users — Enables or disables unauthorized users from accessing a VLAN. •...
  • Page 326 3 Select the Remove VLAN check box. 4 Click Apply Changes. The selected VLAN is deleted, and the device is updated. Defining VLAN Membership Groups Using CLI Commands The following table summarizes the equivalent CLI commands for defining VLAN membership groups as displayed in the VLAN Membership page.
  • Page 327 The VLAN Port Membership Table displays the ports and the ports states, as well as LAGs. Ports which are LAG members are not displayed in the VLAN Port Membership Table. Assigning Ports to a VLAN Group 1 Open the VLAN Membership page. 2 Click the VLAN ID or VLAN Name option button and select a VLAN from the drop-down menu.
  • Page 328 The following is an example of the CLI commands: Console (config)# vlan database Console (config-vlan)# vlan 23-25 Console (config-vlan)# exit Console (config)# interface vlan 23 Console (config-if)# name Marketing Console (config-if)# exit Console (config)# interface ethernet g8 Console (config-if)# switchport mode access Console (config-if)# switchport access vlan 23 Console (config-if)# exit Console (config)# interface ethernet g9...
  • Page 329 The following table summarizes the equivalent CLI commands for configuring QinQ. Table 7-27. QinQ CLI Commands CLI Command Console>enable Console#config Console (config)# Console (config)# vlan database Console (config-vlan)# vlan 100 Console (config-vlan)# exit Console (config)# interface ethernet e5 Console (config-if)# switchport mode customer Console (config-if)# switchport customer vlan 100 Console (config-if)# exit Console (config)# interface ethernet e10...
  • Page 330 Vlan Name Egress rule Port Membership Type ---- ----------------------- ----------- -------------------- Untagged Static Forbidden VLANS: Vlan Name ---- ----------------------- Classification rules: Protocol based VLANs: Group ID Vlan ID -------- ------------------ Mac based VLANs: Group ID Vlan ID -------- ------------------ Subnet based VLANs: Group ID Vlan ID --------...

  • Page 331: Defining Vlan Ports Settings

    Defining VLAN Ports Settings The VLAN Port Settings page contains fields for managing ports that are part of a VLAN. The port default VLAN ID (PVID) is configured on the VLAN Port Settings page. All untagged packets arriving to the device are tagged by the ports PVID. →...
  • Page 332 • Frame Type — Packet type accepted on the port. Possible values are: – Admit Tag Only — Only tagged packets are accepted on the port. – Admit All — Both tagged and untagged packets are accepted on the port. •...
  • Page 333 Assigning Ports to VLAN Groups Using CLI Commands The following table summarizes the equivalent CLI commands for assigning ports to VLAN groups. Table 7-28. VLAN Port CLI Commands CLI Command Description switchport mode {customer Configures a port VLAN membership mode. |access | trunk | general} switchport trunk native vlan Defines the port as a member of the specified...

  • Page 334: Defining Vlan Lag Settings

    Defining VLAN LAG Settings The VLAN LAG Setting page provides parameters for managing LAGs that are part of a VLAN. VLANs can either be composed of individual ports or of LAGs. Untagged packets entering the device are tagged with the LAGs ID specified by the PVID. To open the VLAN LAG Setting page, click Switch→ VLAN→...
  • Page 335 • Ingress Filtering — Enables or disables Ingress filtering by the LAG. Ingress filtering discards packets that are destined to VLANs of which the specific port is not a member. • Current Reserve VLAN — The VLAN currently designated as the reserved VLAN. •...
  • Page 336 The following is an example of the CLI commands: console(config)# interface port-channel 1 console(config-if)# switchport mode access console(config-if)# switchport access vlan 2 console(config-if)# exit console(config)# interface port-channel 2 console(config-if)# switchport mode general console(config-if)# switchport general allowed vlan add 2-3 tagged console(config-if)# switchport general pvid 2 console(config-if)# switchport general acceptable-frame-type tagged-only...

  • Page 337: Defining Vlan Protocol Groups

    Defining VLAN Protocol Groups • The Protocol Group page provides parameters for configuring frame types to specific protocol groups. To open the Protocol Group page, click Switch→ VLAN→ Protocol Group in the tree view. Figure 7-45. Protocol Group • Frame Type — The packet type. Possible field values are Ethernet, RFC1042, and LLC Other. •...
  • Page 338 Assigning VLAN Protocol Group Settings 1 Open the Protocol Group page. 2 Complete the fields on the page. 3 Click Apply Changes. The VLAN protocol group parameters are defined, and the device is updated. Removing Protocols From the Protocol Group Table 1 Open the Protocol Group page.

  • Page 339: Adding Protocol Ports

    Adding Protocol Ports The Protocol Port page adds interfaces to Protocol groups. To open the Protocol Port page, click Switch→ VLAN→ Protocol Port in the tree view. Figure 7-46. Protocol Port • Interface — Port or LAG number added to a protocol group. •...

  • Page 340: Configuring Gvrp

    Defining Protocol Ports Using CLI Commands The following table summarizes the equivalent CLI command for defining Protocol Ports. Table 7-31. Protocol Port CLI Commands CLI Command Description switchport general map Sets a protocol-based classification rule. protocols-group group vlan vlan-id The following example sets a protocol-based classification rule of protocol group 1 to VLAN 8: Console (config-if)# switchport general map protocols-group 1 vlan 8 Configuring GVRP...
  • Page 341 Figure 7-47. GVRP Parameters • GVRP Global Status — Enables or disables GVRP on the device. GVRP is disabled by default. • Interface — The port or LAG for which GVRP is enabled. • GVRP State — Enables or disables GVRP on an interface. •...
  • Page 342 Configuring GVRP Using CLI Commands The following table summarizes the equivalent CLI commands for configuring GVRP as displayed in the GVRP Global Parameters page. Table 7-32. GVRP Global Parameters CLI Commands CLI Command Description gvrp enable (global) Enables GVRP globally. gvrp enable (interface) Enables GVRP on an interface.

  • Page 343: Configuring Voice Vlans

    The following is an example of the CLI commands: console(config)# gvrp enable console(config)# interface ethernet g1 console(config-if)# gvrp enable console(config-if)# gvrp vlan-creation-forbid console(config-if)# gvrp registration-forbid console(config-if)# end console# show gvrp configuration GVRP Feature is currently Enabled on the device. Maximum VLANs: 223 Port(s) GVRP- Registration...
  • Page 344 There are two operational modes for IP Phones: • IP phones are configured with VLAN-mode as enabled, ensuring that tagged packets are used for all communications. • If the IP phone’s VLAN-mode is disabled, the phone uses untagged packets. The phone uses untagged packets while retrieving the initial IP address through DHCP.
  • Page 345 • Class of Service — Enables adding a CoS tag to untagged packets received on the voice VLAN. The possible field values are 0-7, where zero is the lowest priority, and seven is the highest priority. • Remark CoS — Reassigns the CoS tag value to packets received on the voice VLAN. The possible field values are 0-7, where zero is the lowest priority, and seven is the highest priority.
  • Page 346 The following is an example of some of the CLI commands: Switch# show voice vlan Aging timeout: 1440 minutes OUI table MAC Address - Prefix Description 00:E0:BB 3COM 00:03:6B Cisco 00:E0:75 Veritel 00:D0:1E Pingtel 00:01:E3 Siemens 00:60:B9 NEC/Philips 00:0F:E2 Huawei-3COM Voice VLAN VLAN ID: 8 CoS: 6 Remark: Yes...

  • Page 347: Defining Voice Vlan Port Settings

    Defining Voice VLAN Port Settings The Voice VLAN Port Settings Page contains fields for adding ports or LAGs to voice VLAN. To open the Voice VLAN Port Setting page, click Switch→ Voice VLAN → Port Setting in the tree view. Figure 7-49.
  • Page 348 Configuring Port Settings 1 Open the Voice VLAN Port Settings page. 2 Select a port or LAG. 3 Modify the fields as desired. 4 Click Apply Changes. The settings are modified and the device is updated. Displaying the Port Setting Table 1 Open the Voice VLAN Port Settings page.

  • Page 349: Defining Ouis

    Defining OUIs The Voice VLAN OUI page lists the Organizationally Unique Identifiers (OUIs) associated with the Voice VLAN. The first three bytes of the MAC Address contain a manufacturer identifier. While the last three bytes contain a unique station ID. Using the OUI, network managers can add specific manufacturer’s MAC addresses to the OUI table.
  • Page 350 • Remove — Removes OUI from the Telephony OUI List. The possible field values are: – Checked — Removes the selected OUI. – Unchecked — Maintains the current OUIs in the Telephony OUI List. This is the default value. • Restore Default OUIs —...

  • Page 351: Aggregating Ports

    Defining Voice VLAN OUIs Using CLI Commands The following table summarizes the equivalent CLI command for defining Voice VLAN OUIs . Table 7-35. Voice VLAN OUIs CLI Commands CLI Command Description voice vlan oui-table {add mac-address-prefix To configure the voice OUI table, use the voice vlan oui-table [description text] | remove mac-address-prefix} command in global configuration mode.
  • Page 352 Each Aggregated Link has an Aggregated Link Port Type, including Gigabit Ethernet ports. Ports can be added to an Aggregated Link only if they are the same port type. When ports are removed from an Aggregated Links, the ports revert to the original port settings. To open the Link Aggregation page, click Switch→...
  • Page 353 Defining Link Aggregation Global Parameters 1 Open the LACP Parameters page. 2 Complete the LACP System Priority field. 3 Click Apply Changes. The parameters are defined, and the device is updated. Defining Link Aggregation Port Parameters 1 Open the LACP Parameters page. 2 Complete the fields in the Port Parameters area.

  • Page 354: Defining Lag Membership

    The following is an example of the CLI commands: Console (config)# lacp system-priority 120 Console (config)# interface ethernet g1 Console (config-if)# lacp port-priority 247 Console (config-if)# lacp timeout long Console (config-if)# end Console# show lacp ethernet g1 statistics Port g1 LACP Statistics: LACP PDUs sent:2 LACP PDUs received:2 Defining LAG Membership...

  • Page 355: Multicast Forwarding Support

    Configuring a Port to a LAG or LACP 1 Open the LAG Membership page. 2 In the LAG row (the second row), toggle the button to a specific number to aggregate or remove the port to that LAG number. 3 In the LACP row (the first row), toggle the button under the port number to assign either the LACP or the static LAG.
  • Page 356 The device supports: • Forwarding L2 Multicast Packets — Enabled by default, and not configurable. • The system supports Multicast filtering for 256 Multicast groups. • Filtering L2 Multicast Packets — Enables forwarding of Layer 2 packets to interfaces. If Multicast filtering is disabled, Multicast packets are flooded to all relevant ports.
  • Page 357 • Bridge Multicast Filtering — Enables or disables bridge Multicast filtering. Disabled is the default value. IGMP Snooping can be enabled only if Bridge Multicast Filtering is enabled. • IGMP Snooping Status — Enables or disables IGMP Snooping on the device. Disabled is the default value.

  • Page 358: Adding Bridge Multicast Address Members

    Adding Bridge Multicast Address Members The Bridge Multicast Group page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables. The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group.
  • Page 359 The following table contains the IGMP port and LAG members management settings: The port/LAG has joined the Multicast group dynamically in the Current Row. Attaches the port to the Multicast group as static member in the Static Row. The port/LAG has joined the Multicast group statically in the Current Row.
  • Page 360 Defining Ports to Receive Multicast Service 1 Open the Bridge Multicast Group page. 2 Define the VLAN ID and the Bridge Multicast Address fields. 3 Toggle a port to S to join the port to the selected Multicast group. 4 Toggle a port to F to forbid adding specific Multicast addresses to a specific port. 5 Click Apply Changes.
  • Page 361 The following is an example of the CLI commands: Console> enable Console# config console(config)#vlan database console(config-if)#vlan 8 console(config-if)#exit console(config)#interface range ethernet g1-9 console(config-if)# switchport mode general console(config-if)# switchport general allow vlan add 8 console(config)#interface vlan 8 console (config-if)# exit Console(config-if)# bridge multicast address 0100.5e02.0203 add ethernet g1,g2 Console(config-if)# exit Console(config)# exit...

  • Page 362: Assigning Multicast Forward All Parameters

    Console # show bridge multicast address-table format ip Vlan IP Address Type Ports ---- ----------- ----- ---------- 224-239.130|2.2.3 static g1, g2 224-239.130|2.2.8 static g1-8 224-239.130|2.2.8 dynamic g9-11 Forbidden ports for multicast addresses: Vlan IP Address Ports ---- ----------- ---------- 224-239.130|2.2.3 224-239.130|2.2.8 Assigning Multicast Forward All Parameters The Bridge Multicast Forward All page contains fields for attaching ports or LAGs to a device that is...
  • Page 363 Figure 7-58. Bridge Multicast Forward All • VLAN ID — Identifies a VLAN. • Ports — Ports that can be added to a Multicast service. • LAGs — LAGs that can be added to a Multicast service. The contains the settings for managing router and port settings. Port Control Definition Attaches the port to the Multicast router or...
  • Page 364 Attaching a Port to a Multicast Router or Switch 1 Open Bridge Multicast Forward All page. 2 Define the VLAN ID field. 3 Select a port in the Ports table, and assign the port a value. 4 Click Apply Changes. The port is attached to the Multicast router or switch.
  • Page 365 The following is an example of the CLI commands: console(config)#vlan database console(config-if)#vlan 8 console(config-vlan)#exit console(config)#interface range ethernet g1-9 console(config-if)# switchport mode general console(config-if)# switchport general allow vlan add 8 Console(config-if)# exit console(config)#interface vlan 8 Console(config-if)# bridge multicast address 0100.5e02.0203 add ethernet g1-9 Console(config-if)# exit Console (config)# interface VLAN 1 Console (config-if)# bridge multicast forward-all add ethernet...

  • Page 366: Igmp Snooping

    IGMP Snooping The IGMP Snooping page contains fields for adding IGMP members. To open the IGMP Snooping page, click Switch→ Multicast Support→ IGMP Snooping in the tree view. Figure 7-59. IGMP Snooping • VLAN ID — Specifies the VLAN ID. •...
  • Page 367 Enabling IGMP Snooping on the Device 1 Open the IGMP Snooping page. 2 Select the VLAN ID for the device on which IGMP snooping needs to be enabled. 3 Select Enable in the IGMP Snooping Status field. 4 Complete the fields on the page. 5 Click Apply Changes.
  • Page 368 Configuring IGMP Snooping with CLI Commands The following table summarizes the equivalent CLI commands for configuring IGMP Snooping on the device: Table 7-41. IGMP Snooping CLI Commands CLI Command Description ip igmp snooping Enables Internet Group Membership Protocol (IGMP) snooping. ip igmp snooping mrouter learn-pim-dvmrp Enables automatic learning of Multicast router ports in the context of a specific VLAN.
  • Page 369 The following is an example of the CLI commands: Console> enable Console# config Console (config)# ip igmp snooping Console (config)# interface vlan 1 Console (config-if)# ip igmp snooping mrouter learn-pim-dvmrp Console (config-if)# ip igmp snooping host-time-out 300 Console (config-if)# ip igmp snooping mrouter-time-out 200 Console (config-if)# exit Console (config)# interface vlan 1 Console (config-if)# ip igmp snooping leave-time-out 60...
  • Page 370 IGMP Snooping admin: Enabled Hosts and routers IGMP version: 2 IGMP snooping oper mode: Enabled IGMP snooping querier admin: Enabled IGMP snooping querier oper: Enabled IGMP snooping querier address admin: IGMP snooping querier address oper: 172.16.1.1 IGMP snooping querier version admin: 3 IGMP snooping querier version oper: 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled.

  • Page 371: Unregistered Multicast

    Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN. If IGMP Snooping is enabled, the device learns about the existence of Multicast groups and monitors which ports have joined what Multicast group. Multicast groups can also be statically enabled. This enables the device to forward the Multicast frames (from a registered Multicast group) only to ports that are registered to that Multicast group.
  • Page 372 Setting the Unregistered Multicast Status of an Interface 1 Open the Unregistered Multicast page. 2 Select the interface for which Unregistered Multicast needs to be set. 3 Select a status in the Status field. 4 Click Apply Changes. Unregistered Multicast status is set. Displaying the Unregistered Multicast Table 1 Open the Unregistered Multicast page.
  • Page 373 Configuring Unregistered Multicast with CLI Commands The following table summarizes the equivalent CLI commands for configuring Unregistered Multicast on the device: Table 7-42. Unregistered Multicast CLI Commands CLI Command Description bridge multicast Configures the forwarding state of unregistered unregistered multicast addresses. show bridge multicast Displays the unregistered multicast unregistered...
  • Page 374 Configuring Device Information...

  • Page 375: Viewing Statistics

    Viewing Statistics The Statistic pages contains links to device information for interface, GVRP , etherlike, RMON, and device utilization. CLI commands are not available for all the Statistics pages. Viewing Tables The Table Views page contains links for displaying statistics in a chart form. To open the page, click Statistics→...

  • Page 376: Viewing Counter Summary

    • % Interface Utilization — Network interface utilization percentage based on the duplex mode of the interface. The range of this reading is from 0 to 200%. The maximum reading of 200% for a full duplex connection indicates that 100% of bandwidth of incoming and outgoing connections is used by the traffic travelling through the interface.

  • Page 377: Viewing Interface Statistics

    • Transmit Non Unicast Packets — Number of transmitted non-Unicast packets from the interface. • Received Errors — The number of error packets received on the interface. • Global System LAG — Current LAG/trunk performance. Viewing Interface Statistics The Interface Statistics page contains statistics for both received and transmitted packets. The fields for both received and transmitted packets are identical.
  • Page 378 Receive Statistics • Total Bytes (Octets) — Number of octets received on the selected interface. • Unicast Packets — Number of Unicast packets received on the selected interface. • Multicast Packets — Number of Multicast packets received on the selected interface. •...
  • Page 379 The following is an example of the CLI commands. Console> enable Console# show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ---------------- ---------------- ------------ 183892 1289 123899 1788 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------- ------------- ---------------- ---------------- ------------ 9188 8789 InOctets InUcastPkts...

  • Page 380: Viewing Etherlike Statistics

    Viewing Etherlike Statistics The Etherlike Statistics page contains interface statistics. To open the Etherlike Statistics page, click Statistics/RMON→ Table Views→ Etherlike Statistics in the tree view. Figure 8-4. Etherlike Statistics • Interface — Specifies whether statistics are displayed for a port or LAG. •...
  • Page 381 • Internal MAC Receive Errors — Number of internal MAC received errors on the selected interface. • Receive Pause Frames — Number of received paused frames on the selected interface. • Transmitted Paused Frames — Number of paused frames transmitted from the selected interface. Displaying Etherlike Statistics for an Interface 1 Open the Etherlike Statistics page.
  • Page 382 The following is an example of the CLI commands. Console> enable Console# show interfaces counters ethernet g1 Port InOctets InUcastPkts InMcastPkts InBcastPkts ------- ------------- ---------------- ---------------- ------------ 183892 1289 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts ------- ------------- ---------------- ---------------- ------------ 9188 FCS Errors: 8 Single Collision Frames: 0 Multiple Collision Frames: 0...

  • Page 383: Viewing Gvrp Statistics

    Viewing GVRP Statistics The GVRP Statistics page contains device statistics for GVRP . To open the page, click Statistics/RMON→ Table Views→ GVRP Statistics in the tree view. Figure 8-5. GVRP Statistics • Interface — Specifies whether statistics are displayed for a port or LAG. •...
  • Page 384 • Invalid Protocol ID — Device GVRP Invalid Protocol ID statistics. • Invalid Attribute Type — Device GVRP Invalid Attribute ID statistics. • Invalid Attribute Value — Device GVRP Invalid Attribute Value statistics. • Invalid Attribute Length — Device GVRP Invalid Attribute Length statistics. •...
  • Page 385 The following is an example of the CLI commands: Console# show gvrp statistics GVRP statistics: ---------------- : Join Empty Received rJIn : Join In Received rEmp : Empty Received rLIn : Leave In Received : Leave Empty Received : Leave All Received : Join Empty Sent sJIn : Join In Sent sEmp : Empty Sent...
  • Page 386 Console# show gvrp error-statistics GVRP error statistics: ---------------------- Legend: INVPROT : Invalid Protocol Id INVPLEN : Invalid PDU Length INVATYP : Invalid Attribute Type INVALEN : Invalid Attribute Length INVAVAL : Invalid Attribute Value INVEVENT : Invalid Event Port INVPROT INVATYP INVAVAL INVALEN...

  • Page 387: Viewing Eap Statistics

    Viewing EAP Statistics The EAP Statistics page contains information about EAP packets received on a specific port. For more information about EAP , see "Port Based Authentication (802.1x)" on page 241. To open the EAP Statistics page, click Statistics/RMON > Table Views > EAP Statistics in the tree view. Figure 8-6.
  • Page 388 • Respond Frames Receive — The number of valid EAP Response frames received on the port. • Request ID Frames Transmit — The number of EAP Requested ID frames transmitted via the port. • Request Frames Transmit — The number of EAP Request frames transmitted via the port. •...

  • Page 389: Viewing Rmon Statistics

    The following is an example of the CLI commands: Switch# show dot1x statistics ethernet g1 EapolFramesRx: 11 EapolFramesTx: 12 EapolStartFramesRx: 1 EapolLogoffFramesRx: 1 EapolRespIdFramesRx: 3 EapolRespFramesRx: 6 EapolReqIdFramesTx: 3 EapolReqFramesTx: 6 InvalidEapolFramesRx: 0 EapLengthErrorFramesRx: 0 LastEapolFrameVersion: 1 LastEapolFrameSource: 0008.3b79.8787 Viewing RMON Statistics Remote Monitoring (RMON) contains links for viewing network information from a remote location.
  • Page 390 Figure 8-7. RMON Statistics Group • Interface — Specifies the port or LAG for which statistics are displayed. • Refresh Rate — Amount of time that passes before the statistics are refreshed. • Drop Events — Number of dropped events that have occurred on the interface since the device was last refreshed.
  • Page 391 • Multicast Packets Received — Number of good Multicast packets received on the interface since the device was last refreshed. • CRC & Align Errors — Number of CRC and Align errors that have occurred on the interface since the device was last refreshed.

  • Page 392: Viewing Rmon History Control Statistics

    The following is an example of the CLI commands: console> enable console> enable Console# show rmon statistics ethernet g1 Port g1 Dropped: 8 Octets: 878128 Packets: 978 Broadcast: 7 Multicast: 1 CRC Align Errors: 0 Collisions: 0 Undersize Pkts: 0 Oversize Pkts: 0 Fragments: 0 Jabbers: 0 64 Octets: 98 65 to 127 Octets: 0 128 to 255 Octets: 0 256 to 511 Octets: 0...
  • Page 393 Figure 8-8. RMON History Control • History Entry No. — Entry number for the History Control Table page. • Source Interface — Port or LAG from which the history samples were taken. • Owner (0-20 characters) — RMON station or user that requested the RMON information. •...

  • Page 394: Viewing The Rmon History Table

    Modifying a History Control Table Entry 1 Open the RMON History Control page. 2 Select an entry in the History Entry No. field. 3 Modify the fields as required. 4 Click Apply Changes. The table entry is modified, and the device is updated. Deleting a History Control Table Entry 1 Open the RMON History Control page.
  • Page 395 Figure 8-9. RMON History Table • Sample No. — The specific sample the information in the table reflects. • Drop Events — The number of dropped packets due to lack of network resources during the sampling interval. This may not represent the exact number of dropped packets, but rather the number of times dropped packets were detected.

  • Page 396: Defining Device Rmon Events

    Viewing Statistics for a Specific History Entry 1 Open the RMON History Table. 2 Select an entry in the History Table No. field. The entry statistics display in the RMON History Table. Viewing RMON History Control Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing RMON history.
  • Page 397 Figure 8-10. RMON Events Control • Event Entry — The event. • Community — Community to which the event belongs. • Description — User-defined event description. • Type — Describes the event type. Possible values are: – Log — Event type is a log entry. –...
  • Page 398 Adding an RMON Event 1 Open the RMON Events Control page. 2 Click Add. The Add an Event Entry page opens. 3 Complete the information in the dialog and click Apply Changes. The Event Table entry is added, and the device is updated. Modifying an RMON Event 1 Open the RMON Events Control page 2 Select an entry in the Event Table.

  • Page 399: Viewing The Rmon Events Log

    The following is an example of the CLI commands: console> enable console# config console (config)# rmon event 1 log console (config)# exit Console# show rmon events Index Description Type Community Owner Last time sent ----- ----------- -------- --------- ------- -------------------- Errors Jan 18 2002 23:58:17 High...
  • Page 400 Defining Device Events Using the CLI Commands The following table summarizes the equivalent CLI commands for defining device events. Table 8-9. Device Event Definition CLI Commands CLI Command Description show rmon log event Displays the RMON logging table. The following is an example of the CLI commands: console>...

  • Page 401: Defining Rmon Device Alarms

    Defining RMON Device Alarms The RMON Alarms page contains fields for setting network alarms. Network alarms occur when a network problem, or event, is detected. Rising and falling thresholds generate events. To open the RMON Alarms page, click Statistics/RMON→ RMON→ Alarms in the tree view. Figure 8-12.
  • Page 402 • Rising Threshold — The rising counter value that triggers the rising threshold alarm. The rising threshold is presented on top of the graph bars. Each monitored variable is designated a color. • Rising /Falling Event — The mechanism in which the alarms are reported — LOG, TRAP, or a combination of both.
  • Page 403 Modifying an Alarm Table Entry 1 Open the RMON Alarms page. 2 Select an entry in the Alarm Entry drop-down menu. 3 Modify the fields in the dialog as required. 4 Click Apply Changes. The entry is modified, and the device is updated. Displaying the Alarm Table 1 Open the RMON Alarms page.

  • Page 404: Viewing Charts

    The following is an example of the CLI commands: console> enable console# config Console (config)# rmon alarm 1000 dell 360000 1000000 1000000 10 20 Console# show rmon alarm-table Index Owner ------ ------------------- -------------- 1.3.6.1.2.1.2.2.1.1 1.3.6.1.2.1.2.2.1.1 Manager 1.3.6.1.2.1.2.2.1.1 Viewing Charts The Chart page contains links for displaying statistics in a chart form. To open the page, click Statistics→...
  • Page 405 Figure 8-14. Port Statistics • Interface Statistics — Selects the type of interface statistics to open. • Etherlike Statistics — Selects the type of Etherlike statistics to open. • RMON Statistics — Selects the type of RMON statistics to open. •...

  • Page 406: Viewing Lag Statistics

    Table 8-11. Port Statistic CLI Commands (continued) CLI Command Description show gvrp statistics ethernet interface Displays GVRP statistics. port-channel port-channel-number show gvrp error-statistics ethernet interface Displays GVRP error statistics. port-channel port-channel-number Console# show interfaces description ethernet g1 Port Description ---- ------------------ Management_port R&D_port...
  • Page 407 Figure 8-15. LAG Statistics • Interface Statistics — Selects the type of interface statistics to open. • Etherlike Statistics — Selects the type of Etherlike statistics to open. • RMON Statistics — Selects the type of RMON statistics to open. •...
  • Page 408 Viewing LAG Statistics Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing LAG statistics. Table 8-12. LAG Statistic CLI Commands CLI Command Description show interfaces counters ethernet interface port-channel port-channel- Displays traffic seen by the number physical interface.

  • Page 409: Viewing The Cpu Utilization

    Viewing the CPU Utilization The CPU Utilization page contains information about the system’s CPU utilization and percentage of CPU resources consumed by each stacking member. Each stacking member is assigned a color on the graph. To open the CPU Utilization page, click Statistics/RMON→ Charts→ CPU Utilization in the tree view. Figure 8-16.

  • Page 410: Viewing Cpu Utilization Using Cli Commands

    Viewing CPU Utilization Using CLI Commands The following table summarizes the equivalent CLI commands for viewing CPU utilization. Figure 8-17. CPU Utilization CLI Commands CLI Command Description To display the CPU utilization. show cpu utilization The following is an example of the CLI commands: Console# show cpu utilization CPU utilization service is on.

  • Page 411: Configuring Quality Of Service

    Configuring Quality of Service This section provides information for defining and configuring Quality of Service (QoS) parameters. To open the Click Quality of Service in the tree view. Quality of Service (QoS) provides the ability to implement QoS and priority queuing within a network.
  • Page 412 Packets arriving untagged are assigned a default VPT that is set on a per port basis. The assigned VPT is used to map the packet to the output queue and as the egress VPT. DSCP values can be mapped to priority queues. The following table contains the default DSCP mapping to forwarding queue values: Table 9-2.

  • Page 413: Defining Cos Global Parameters

    The scheduling scheme is enabled system-wide. Queues assigned to the strict priority policy are automati-cally assigned to the highest priority queue. By default all values are set as Strict Priority. Queue weight values can be assigned in any order using WRR. WRR values can be assigned system-wide. Best effort traffic is always assigned to the first queue.

  • Page 414: Defining Qos Interface Settings

    Enabling Trust: 1 Open the CoS Settings page. 2 Select Trust in the Trust Mode field. 3 Click Apply Changes. Trust is enabled on the device. Enabling Trust Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the CoS Settings page.
  • Page 415 Figure 9-2. Interface Settings • Interface — The specific port or LAG to configure: • Disable "Trust" Mode on Interface — Disables Trust Mode on the specified interface. This setting overrides the Trust Mode configured on the device globally. • Set Default CoS For Incoming Traffic To —...

  • Page 416: Defining Bandwidth Settings

    Displaying the QoS Interface Settings Table: 1 Open the Interface Settings page. 2 Click Show All. The QoS Interface Settings Table page opens: Figure 9-3. QoS Interface Settings Table Assigning CoS Interfaces Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Interface Settings page.
  • Page 417 Figure 9-4. Bandwidth Settings • Interface — Indicates the port or LAG that is being displayed. • Egress Shaping Rate on Selected Port — Indicates the Egress traffic limit status for the interface. – Checked — The Egress traffic limit is enabled. –...
  • Page 418 Displaying the Bandwidth Settings Table: 1 Open the Bandwidth Settings page. 2 Click Show All. The Bandwidth Settings Table opens. Figure 9-5. Bandwidth Settings Table Assigning Bandwidth Settings Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Bandwidth Settings page.

  • Page 419: Defining Queue Settings

    Defining Queue Settings The QoS Queue Settings page contains fields for configuring the scheduling method by which the queues are maintained. To open the QoS Queue Settings page click Quality of Service→ CoS Global Parameters→ Queue Settings in the tree view. Figure 9-6.
  • Page 420 Assigning Queue Setting Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the QoS Queue Settings page. Table 9-6. Queue Settings CLI Commands CLI Command Description wrr-queue bandwidth weight1 Assigns Weighted Round Robin weight2 .
  • Page 421 Console (config)# wrr-queue bandwidth 10 20 30 40 Console (config)# exit Console # exit Console> show qos interface ethernet g1 queueing Ethernet g1 wrr bandwidth weights and EF priority: weights Priority ----- -------- ----- ---------- Disable Disable Disable Disable Disable Disable Disable Disable...

  • Page 422: Mapping Cos Values To Queues

    Mapping CoS Values to Queues The CoS to Queue Mapping Table page contains fields for classifying CoS settings to traffic queues. To open the CoS to Queue Mapping Table page, click Quality of Service→ CoS Global Parameters→ CoS to Queue in the tree view. Figure 9-7.

  • Page 423: Mapping Dscp Values To Queues

    Mapping a CoS value to a Queue 1 Open the CoS to Queue Mapping Table page. 2 Select a CoS entry. 3 Define the queue number in the Queue field. 4 Click Apply Changes. The CoS value is mapped to a queue, and the device is updated. Assigning CoS Values to Queues Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the CoS to Queue Mapping Table page.
  • Page 424 Figure 9-8. DSCP to Queue • DSCP In — The values of the DSCP field within the incoming packet. • Queue — The queue to which packets with the specific DSCP value is assigned. The values are 1-8, where one is the lowest value and eight is the highest. Configuring Quality of Service...
  • Page 425 Mapping a DSCP value and assigning priority queue: 1 Open the DSCP to Queue page. 2 Select a value in the DSCP In column. 3 Define the Queue fields. 4 Click Apply Changes. The DSCP is overwritten, and the value is assigned a forwarding queue. Restoring default values: 1 Open the DSCP to Queue page.
  • Page 426 Configuring Quality of Service...

  • Page 427: Device Specifications

    Device Specifications This appendix includes the information needed for running the device. Port and Cable Specifications This section describes the port specifications. Port Specifications The following table describes the device port types, as well as, a description of the port types. Table 10-1.

  • Page 428: Operating Conditions

    Operating Conditions This section details operating conditions including operating temperatures and humidity. Table 10-2. Operating Conditions Feature Specification Operating Temperature 0 to 45 C / 32 to 113 F Operating Humidity 10% - 90% (non-condensing) Physical Device Specifications This section details operating conditions including operating temperatures and humidity. Table 10-3.

  • Page 429: Feature Specifications

    Feature Specifications VLAN • VLAN support for Tagging and Port Based as per IEEE 802.1Q • Up to 4094 VLANs Supported • Reserved VLANs for internal system use • Dynamic VLANs with GVRP support • Protocol based VLANs Quality of Service •...

  • Page 430: Additional Switching Features

    Additional Switching Features • Link Aggregation with support for up to 8 Aggregated Links per device and up to 8 Ports per aggregated link (IEEE 802.3ad) • LACP Support • Supports Jumbo Frames up to 10K • Broadcast Storm Control •...

  • Page 431: Glossary

    Glossary This glossary contains key technical words of interest. ASIC Access Mode Application Specific Integrated Circuit. A custom chip designed for a specific application. Specifies the method by which user access is granted to the system. Asset Tag Access Profiles Specifies the user-defined device reference.
  • Page 432 Backup Configuration Files BPDU Contains a backup copy of the device configuration. Bridge Protocol Data Unit. Provide bridging The Backup file changes when the Running information in a message format. BPDUs are sent Configuration file or the Startup file is copied to the across device information with in Spanning Tree Backup file.
  • Page 433 DHCP Client Configuration Data Base. A file containing a An Internet host using DHCP to obtain device’s configuration information. configuration parameters, such as a network address. Class of Service DSCP Class of Service (CoS). Class of Service is the 802.1p priority scheme.
  • Page 434 Flow Control Egress Ports Enables lower speed devices to communicate with higher speed devices, that is, that the higher speed Ports from which network traffic is transmitted. device refrains from sending packets. End System Fragment An end user device on a network. Ethernet packets smaller than 576 bits.
  • Page 435 Image File HTTP System images are saved in two Flash sectors called HyperText Transport Protocol. Transmits HTML images (Image 1 and Image 2). The active image documents between servers and clients on the stores the active copy; while the other image stores a internet.
  • Page 436 iSCSI LLDP-MED Link Layer Discovery Protocol - Media Endpoint iSCSI is a communication protocol used for sending data between file servers and storage disks. The file Discovery. LLDP allows network managers to servers are called initiators and the disks are called troubleshoot and enhance network management by targets.
  • Page 437 Mask A filter that includes or excludes certain values, for Neighbor Discovery. example parts of an IP address. For example, Unit 2 is inserted in the first minute of Neighbor Solicitation. a ten-minute cycle, and Unit 1 is inserted in fifth minute of the same cycle, the units are considered the same age.
  • Page 438 PING Query Packet Internet Groper. Verifies if a specific IP Extracts information from a database and presents address is available. A packet is sent to another IP the information for use. address and waits for a reply. Port Physical ports provide connecting components that RADIUS Advertisement.
  • Page 439 Running Configuration File Spanning Tree Protocol Contains all Startup file commands, as well as all Prevents loops in network traffic. The Spanning Tree commands entered during the current session. After Protocol (STP) provides tree topography for any the device is powered down or rebooted, all arrangement of bridges.
  • Page 440 TCP/IP VLAN Transmissions Control Protocol. Enables two hosts to Virtual Local Area Networks. Logical subgroups with communicate and exchange data streams. TCP a Local Area Network (LAN) created via software guarantees packet delivery, and guarantees packets rather than defining a hardware solution. are transmitted and received in the order their sent.

  • Page 441: Index

    Index Numerics BPDU, 318, 432 Defining device information, 67 Bridge Protocol Data 802.1d, 18 Device installation, 33-34 Unit, 432 802.1Q, 17, 331, 334 Device representation, 60 Buttons, 61 Device view, 59-60 DHCP, 19 Dimensions, 27 AC unit, 29-30 Cables, 142, 145 DNS, 132 Access mode, 208 CIDR, 433...
  • Page 442 HTTP, 147 HTTPS, 147 Fans, 30 L2TP, 436 Fast Link, 18 LACP, 352 Fast link, 308 LAG, 284, 436 File Transfer Protocol, 434 LAGs, 362 ICMP, 435 Filtering, 332, 335, 356 LCP, 316 IDRP, 435 Firmware, 222 Leds, 27 IEEE, 435 Flow Control, 38 Light Emitting Diodes, 27 IEEE 802.1d, 435...
  • Page 443 Management Access Passwords, 62, 171 Reset, 80, 107 Methods, 157 PDU, 437 Reset button, 30 Management Information PING, 438 RFC1042, 337 Base., 437 Port, 26 RMON, 389, 391-392, 394, Management methods, 149 Port aggregation, 351 Management security, 147 RMON History Control Port LEDs, 27 Master Election/Topology Page, 393...
  • Page 444 Storm control, 289 STP, 18, 304, 310, 316 Ventilation System, 30 System, 67 Virtual Local Area Networks, 440 VLAN, 324, 326, 331, 334, 362, 440 TACACS, 155 VLAN ID, 299 TCP, 19 VLAN membership, 324 Telnet, 147, 158 VLAN Port Membership Table, 326 Terminal Access Controller Access Control...

This manual is also suitable for:

Powerconnect 5448

Table of Contents