Management software for the at-gs950/8 layer 2 gigabit ethernet websmart switch; version 1.0.0 (72 pages)
Summary of Contents for Allied Telesis AT-9400
Page 1
◆ Menus User’s Guide For Stand-alone AT-9400 Switches Version 2.2.0 for AT-9400 Layer 2+ Switches Version 3.2.0 for AT-9400 Basic Layer 3 Switches 613-001025 Rev. A Software AT-S63...
Page 2
Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc.
Where to Go First ... 23 Starting a Management Session ... 24 Document Conventions ... 25 Where to Find Web-based Guides ... 26 Contacting Allied Telesis ... 27 Online Support ... 27 Email and Telephone Support... 27 Returning Products ... 27 Sales and Corporate Information ...
Page 4
Contents Displaying Port Statistics ... 80 Clearing Port Statistics... 83 Chapter 3: Enhanced Stacking ... 85 Setting a Switch’s Enhanced Stacking Status ... 86 Selecting a Switch in an Enhanced Stack... 88 Returning to the Master Switch ... 91 Displaying the Enhanced Stacking Status ... 92 Chapter 4: SNMPv1 and SNMPv2c ...
Page 5
Listing All Files ... 159 Listing Files on the Compact Flash Card ... 161 Working with Flash Memory ... 162 Displaying Information about the Flash Memory... 162 Formatting the Flash Memory ... 163 Working with the Compact Flash Card ... 164 Displaying Compact Flash Card Information...
Page 6
Contents Chapter 14: Class of Service ...243 Configuring CoS...244 Mapping CoS Priorities to Egress Queues ...247 Configuring Egress Scheduling...248 Displaying Port CoS Priorities ...250 Chapter 15: Quality of Service ...251 Managing Flow Groups ...252 Creating a Flow Group ...252 Modifying a Flow Group...255 Deleting a Flow Group...256 Displaying Flow Groups...257 Managing Traffic Classes ...261...
Page 7
Configuring the SNMPv3 View Table ... 331 Creating an SNMPv3 View Table Entry ... 331 Deleting an SNMPv3 View Table Entry... 334 Modifying an SNMPv3 View Table Entry ... 335 Configuring the SNMPv3 Access Table ... 340 Creating an SNMPv3 Access Table Entry ... 340 Deleting an SNMPv3 Access Table Entry...
Page 8
Contents Chapter 23: Multiple Spanning Tree Protocol ...439 Selecting MSTP as the Active Spanning Tree Protocol ...440 Configuring MSTP Bridge Settings ...441 Configuring the CIST Priority ...445 Displaying the CIST Priority ...447 Creating, Deleting, and Modifying MSTI IDs ...449 Creating an MSTI ID...449 Deleting an MSTI ID ...450 Modifying an MSTI ID ...450 Adding, Removing, and Modifying VLAN Associations to MSTI IDs...452...
Page 9
Chapter 28: MAC Address-based VLANs ... 533 Creating a MAC Address-based VLAN ... 534 Adding and Deleting MAC Addresses ... 536 Adding and Deleting Egress Ports... 538 Deleting a MAC Address-based VLAN... 540 Displaying MAC Address-based VLANs... 542 Section VII: Internet Protocol Routing ... 545 Chapter 29: Internet Protocol Version 4 Routing Interfaces ...
Page 10
Contents Installing CA Certificates onto a Switch ...630 Viewing and Configuring the Maximum Number of Certificates...631 Configuring SSL ...632 Chapter 35: Secure Shell (SSH) ...633 Configuring SSH ...634 Displaying SSH Information ...637 Chapter 36: TACACS+ and RADIUS Protocols ...639 Enabling or Disabling Server-based Management Authentication...640 Configuring the TACACS+ Client...642 Displaying the TACACS+ Settings...644 Configuring the RADIUS Client ...645...
Page 11
Figures Figure 1: System Administration Menu...32 Figure 2: System Configuration Menu ...33 Figure 3: Authentication Configuration Menu ...35 Figure 4: Passwords Configuration Menu...36 Figure 5: Configure System Time Menu ...39 Figure 6: System Utilities Menu ...43 Figure 7: Console (Serial/Telnet) Configuration Menu ...45 Figure 8: System Information Menu...52 Figure 9: System Hardware Information Menu ...55 Figure 10: Uplink Information Menu...57...
Preface This guide contains instructions on how to configure the AT-9400 Layer 2+ and Basic Layer 3 Gigabit Ethernet Switches from the menus of the AT-S63 Management Software. This preface contains the following sections: “How This Guide is Organized” on page 20 “Product Documentation”...
Preface How This Guide is Organized This guide contains the following sections and chapters: Section I: Basic Operations Chapter 1, “Basic Switch Parameters” on page 31 Chapter 2, “Port Parameters” on page 61 Chapter 3, “Enhanced Stacking” on page 85 Chapter 4, “SNMPv1 and SNMPv2c”...
Page 21
AT-S63 Management Software Menus User’s Guide Section V: Spanning Tree Protocols Chapter 22, “Spanning Tree and Rapid Spanning Tree Protocols” on page 419 Chapter 23, “Multiple Spanning Tree Protocol” on page 439 Section VI: Virtual LANs Chapter 24, “Port-based and Tagged VLANs” on page 471 Chapter 25, “GARP VLAN Registration Protocol”...
Preface Product Documentation For overview information on the features of the AT-9400 Switch and the AT-S63 Management Software, refer to: For instructions on starting a local or remote management session on a stand-alone AT-9400 Switch or a stack, refer to:...
AT-S63 Management Software Menus User’s Guide Where to Go First Allied Telesis recommends that you read Chapter 1, Overview, in the AT-S63 Management Software Features Guide before you begin to manage the switch for the first time. There you will find a variety of basic...
Preface Starting a Management Session For instructions on how to start a local or remote management session on the AT-9400 Switch, refer to the Starting an AT-S63 Management Session Guide.
AT-S63 Management Software Menus User’s Guide Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Preface Where to Find Web-based Guides The installation and user guides for all Allied Telesis products are available in portable document format (PDF) on our web site at www.alliedtelesis.com. You can view the documents online or download them onto a local workstation or server.
Knowledge Base and review answers to previously asked questions. Email and For Technical Support by email or telephone, refer to the Allied Telesis web site at www.alliedtelesis.com. Select your country from the list on Telephone the web site and then select the appropriate tab.
Section I Basic Operations The chapters in this section provide information and procedures for basic switch setup using the AT-S63 Management Software. The chapters include: Chapter 1, ”Basic Switch Parameters” on page 31 Chapter 2, ”Port Parameters” on page 61 Chapter 3, ”Enhanced Stacking”...
Chapter 1 Basic Switch Parameters This chapter contains the following procedures: “Configuring the Switch’s Name, Location, and Contact” on page 32 “Changing the Manager and Operator Passwords” on page 35 “Setting the System Time” on page 38 “Rebooting the Switch” on page 43 “Configuring the Console Startup Mode”...
R - Return to Previous Menu Enter your selection? 2. From the System Administration menu, type 2 to select System The System Administration menu is shown in Figure 1. Allied Telesis AT-9424Ts - AT-S63 Marketing System Administration Figure 1. System Administration Menu Configuration.
R - Return to Previous Menu Enter your selection? 3. Adjust options 5 to 7 as necessary. Section I: Basic Operations The System Configuration menu is shown in Figure 2. Allied Telesis AT-9424Ts - AT-S63 Marketing System Configuration Figure 2. System Configuration Menu Note Selections 1 to 4 are described in “Displaying the IP Address of the...
Page 34
Chapter 1: Basic Switch Parameters dashes and asterisks. The default is no name. This parameter is optional. 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section I: Basic Operations...
Changing the Manager and Operator Passwords There are two levels of management access on the AT-9400 Switch: manager and operator. When you log in as manager, you can view and configure all of a switch’s operating parameters. When you log in as an operator, you can only view the operating parameters;...
7. Type 2 to select Set Operator Password. 8. Type the current operator password (the default is “friend”) and press Passwords Configuration. The Passwords Configuration menu is shown in Figure 4. Allied Telesis AT-9424Ts - AT-S63 Marketing Passwords Configuration Figure 4. Passwords Configuration Menu Manager Password.
With this procedure, any person with physical access to the switch can gain access to the unit’s management software without a user name or password. For this reason, all AT-9400 Switches should be maintained in a locked wiring closet or other secure location to prevent unauthorized management access.
There are two ways to set the switch’s time. One method is to set it manually. The AT-9400 Switch has an onboard battery that maintains the date and time even when the unit is powered off or reset. For instructions, refer to “Setting the System Time Manually,”...
Configuration. The System Configuration menu is shown in Figure 2 on page 33. System Time. The Configure System Time menu is shown in Figure 5. Allied Telesis AT-9424Ts - AT-S63 Marketing Configure System Time Figure 5. Configure System Time Menu The following prompt is displayed: Enter new system time [hh:mm:ss] ->...
Chapter 1: Basic Switch Parameters Setting the To configure the switch to obtain its date and time from an SNTP or NTP server on your network or the Internet, perform the following procedure: System Time from an SNTP or 1. From the Main Menu, type 5 to select System Administration. NTP Server 2.
Page 41
8. Type 5 to select Daylight Savings Time (DST) to enable or disable the 9. Type E to enable daylight savings time and allow the switch to adjust 10. Type 6 to select Poll Interval to specify the time interval between 11.
Page 42
Chapter 1: Basic Switch Parameters The Last Delta option in the menu displays the last adjustment that was applied to system time due to a drift in the system clock between two successive queries to the SNTP server. This is a read only field. Option U, Update System Time, allows you to prompt the switch to poll the SNTP or NTP server for the current time and date.
The System Administration menu is shown in Figure 1 on page 32. Utilities. The System Utilities menu is shown in Figure 6. Allied Telesis AT-9424Ts - AT-S63 Marketing System Utilities Figure 6. System Utilities Menu AT-S63 Management Software Menus User’s Guide...
Page 44
Chapter 1: Basic Switch Parameters 3. From the System Utilities menu, type 5 to select Reboot the switch. 4. Type Y to reboot the switch or N to cancel the procedure. Note Item 1 - File Operations, is described in Chapter 9, ”File System” on page 145.
Section I: Basic Operations The System Administration menu is shown in Figure 1 on page 32. (Serial/Telnet) Configuration. The Console (Serial/Telnet) Configuration menu is shown in Figure 7. Allied Telesis AT-9424Ts - AT-S63 Marketing Console (Serial/Telnet) Configuration Figure 7. Console (Serial/Telnet) Configuration Menu the mode is set to Menu, management sessions start with the Main Menu.
Chapter 1: Basic Switch Parameters Configuring the Console Timer The AT-S63 Management Software uses the console timer, also referred to as the console disconnect interval, to automatically end inactive local and remote management sessions. The management software automatically ends a local or remote management session if a management session is inactive for the length of time specified by the console timer.
Configuring the Telnet Server This procedure describes how to enable and disable the Telnet server on the switch. You might disable the server to prevent individuals from managing the switch with a Telnet application or if you intend to use the Secure Shell (SSH) protocol.
Chapter 1: Basic Switch Parameters Setting the Baud Rate of the Serial Terminal Port The default baud rate of the RJ-45 type serial terminal port on the switch is 9600 bps. To change the baud rate, perform the following procedure: 1.
Pinging a Remote System This procedure instructs the switch to ping a remote device on your network. This can be useful in determining whether a valid link exists between the switch and another network device. The local subnet on the switch where the device is a member must have a routing interface.
Chapter 1: Basic Switch Parameters Returning the AT-S63 Management Software to the Factory Default Values The procedure in this section returns all AT-S63 Management Software parameters to the default values. Please note the following before you perform this procedure: To return the AT-S63 Management Software to the default settings, perform the following procedure: 1.
Page 51
5. To return the baud rate of the terminal port on the switch to 9600 bps, 6. Reestablish your management session. 7. From the Main Menu, type S to select Save Configuration Changes. Section I: Basic Operations If you respond with yes, the following prompt is displayed: Do you want to reset the serial port baud rate to 9600 bps? [Yes/No] ->...
MAC Address The MAC address of the switch. You cannot change this parameter. Model Name Model name of the AT-9400 Switch. You cannot change this setting. Serial Number Serial number of the switch. You cannot change this setting. IP Address IP address of the local interface.
Page 53
This field will contain 0.0.0.0 if no default route is defined on the switch. For AT-9400 Switches that do not support IPv4 packet routing, such as the AT-9424T/GB and AT-9424T/SP switches, this field displays the default gateway address.
Page 54
Chapter 1: Basic Switch Parameters information about selection U, Uplink Information, refer to “Displaying Uplink Port Information” on page 57. Section I: Basic Operations...
The information in the System Hardware Status menu varies depending on the model of the switch. The example in Figure 9 is from an AT-9424T/GB switch. Allied Telesis AT-9424T/GB - AT-S63 Marketing System Hardware Status Figure 9. System Hardware Information Menu AT-S63 Management Software Menus User’s Guide...
Page 56
Chapter 1: Basic Switch Parameters The System Hardware Information menu provides the following information: System 1.25 V Power System 1.8V Power System 2.5 V Power System 3.3 V Power System 5 V Power System 12 V Power The current voltage of the six power supplies in the switch. System Temperature (Celsius) The overall system temperature.
It does not indicate whether or not a fiber optic cable is connected to the GBIC or SFP. The number of uplink ports shown in the menu varies, depending on the model of the AT-9400 Switch. AT-S63 Management Software Menus User’s Guide 11:20:02 02-Mar-2005...
Page 58
Chapter 1: Basic Switch Parameters 4. Type the number corresponding to the slot where the transceiver is Allied Telesis AT-9424T/GB - AT-S63 User: Manager Transceiver Identifier ... SFP Extended Transceiver Identifier ... Function defined by serial ID Connector Type ... LC Encoding Algorithm ...
Page 59
Enter your selection? Section I: Basic Operations The GBIC/SFP Information menu (page 2) is displayed. Figure 12 shows some possible fields of information. Allied Telesis AT-9424T/GB - AT-S63 Marketing GBIC/SFP 2 Information Figure 12. GBIC/SFP Information Menu (Page 2) Note The information displayed in the menus depends upon whether a GBIC or an SFP transceiver is installed and the transceiver vendor.
Chapter 2 Port Parameters This chapter contains the procedures for viewing and changing the parameter settings for the individual ports on a switch, and contains the following procedures: “Displaying Port Status” on page 62 “Configuring Port Parameters” on page 65 “Configuring Head of Line Blocking”...
U - Update Display R - Return to Previous Menu Enter your selection? The Port Configuration menu is shown in Figure 13. Allied Telesis AT-9424T/SP - AT-S63 Marketing Port Configuration Figure 13. Port Configuration Menu An example of the Port Status menu is shown in Figure 14.
Page 63
Section I: Basic Operations Note The speed, duplex mode, and flow control settings are blank for a port that has not established a link to its end node. The Port Status menu displays a table that contains the following columns of information: Port The port number.
You can specify the ports individually (for example, 5,7,22), as a range (for example, 18-23), or both (for example 1,5,14-22). The Port Configuration menu is shown in Figure 15. Allied Telesis AT-9424T/SP - AT-S63 Marketing Port Configuration Figure 15. Port Configuration (Port) Menu...
Page 66
Chapter 2: Port Parameters 4. Adjust the following parameters as necessary. Note A change to a parameter is immediately activated on the port. 0 - Description You use this option to assign a description to a port, from 1 to 15 alphanumeric characters.
Page 67
Section I: Basic Operations If you select Auto for Auto-Negotiation, which is the default setting, the switch sets speed, duplex mode, and MDI crossover for the port automatically. The switch determines the highest possible common speed between the port and its end node and sets the port to that speed.
Page 68
Chapter 2: Port Parameters 1000 Mbps (Applies only to 1000Base SFP and GBIC modules. This selection should not be used. An SFP or GBIC module should use Auto-Negotiation to set its speed and duplex mode.) 8 - Duplex This item is only available when Negotiation is set to Manual. The possible settings are full-duplex and half-duplex.
Configuring Head of Line Blocking Head of line (HOL) blocking is a problem that occurs when a port on a switch becomes oversubscribed. An oversubscribed port is receiving more packets from other switch ports than it can transmit in a timely manner. An oversubscribed port can prevent other ports from forwarding packets to each other because ingress packets on a port are buffered in a First In, First Out (FIFO) manner.
Page 70
Chapter 2: Port Parameters other ports to discard packets destined for port D. Port A drops the D packets, enabling it to once again forward packets to port C. The number that you enter for this value represents cells. A cell is 128 bytes.
Configuring Flow Control and Back Pressure A switch port uses flow control to control the flow of ingress packets from its end node when operating in full-duplex mode. A port using flow control issues a special frame, referred to as a PAUSE frame, as specified in the IEEE 802.3x standard, to stop the transmission of data from an end node.
8. Type 4 to select Back Pressure Threshold. This selection specifies the 9. After making changes, type R until you return to the Main Menu. Then The Flow Control menu is shown in Figure 17. Allied Telesis AT-9424T/SP - AT-S63 Marketing Flow Control Figure 17.
The following prompt is displayed: Enter port-list -> The Port Configuration menu is shown in Figure 15 on page 65. The Filtering menu is shown in Figure 18. Allied Telesis AT-9424T/SP - AT-S63 Marketing Filtering Figure 18. Filtering Menu AT-S63 Management Software Menus User’s Guide...
Page 74
Chapter 2: Port Parameters 5. From the Filtering menu, type 1 to toggle Unknown Unicast Ingress 6. Type 2 to toggle Unknown Unicast Egress Filtering between Disabled 7. Type 3 to toggle Unknown Multicast Ingress Filtering between 8. Type 4 to toggle Unknown Multicast Egress Filtering between Disabled 9.
The following prompt is displayed: Enter port-list -> The Port Configuration menu is shown in Figure 15 on page 65. The Rate Limiting menu is shown in Figure 19. Allied Telesis AT-9424T/SP - AT-S63 Marketing Rate Limiting Figure 19. Rate Limiting Menu a.
Page 76
Chapter 2: Port Parameters 6. To control multicast packets, do the following: 7. To control broadcast packets, do the following: 8. After making changes, type R until you return to the Main Menu. Then b. If you enabled the feature, type 2 to select Unknown Unicast Rate. The following prompt is displayed: Enter the Rate Limit (packets/second):[0 to 262143]->...
Resetting a Port Resetting a port is useful in situations where a port is having problems establishing a valid connection to its end node. Resetting a port does not change any of its parameter settings. To reset a port, perform the following procedure: 1.
Chapter 2: Port Parameters Forcing Port Renegotiation Port renegotiation prompts a port operating in Auto-Negotiation to renegotiate its speed and duplex mode with its end node. This option is useful if you believe that a port and end node are not operating at the same speed and duplex mode.
Resetting the Port Configuration to the Default Settings You can return the parameters settings of a port to the default values. To reset a port’s settings to the default settings, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2.
4. Enter the port whose statistics you want to view. You can specify more The Port Configuration menu is shown in Figure 13 on page 62. The Port Statistics menu is shown in Figure 20. Allied Telesis AT-9424T/SP - AT-S63 Marketing Port Statistics Figure 20.
R - Return to Previous Menu Enter your selection? Section I: Basic Operations The Display Port Statistics menu is shown in Figure 21. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Port Statistics Bytes Tx ... 965734443 Frames Tx ... 691396 Bcast Frames Tx ..
Page 82
Chapter 2: Port Parameters Frames 64 Frames 65-127 Frames 128-255 Frames 256-511 Frames 512-1023 Frames 1024-1518 Frames 1519-1522 Number of frames transmitted from the port, grouped by size. CRC Error Number of frames with a cyclic redundancy check (CRC) error but with the proper length (64-1518 bytes) received on the port.
Clearing Port Statistics To clear the Ethernet port statistics and reset them to “0”, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 3 to select Port Statistics. 3.
Page 84
Chapter 2: Port Parameters Section I: Basic Operations...
Chapter 3 Enhanced Stacking This chapter explains the enhanced stacking feature. The sections in this chapter include: “Setting a Switch’s Enhanced Stacking Status” on page 86 “Selecting a Switch in an Enhanced Stack” on page 88 “Returning to the Master Switch” on page 91 “Displaying the Enhanced Stacking Status”...
You must access the switch directly, either through a local or remote session, to change its stacking status. Enhanced Stacking menu is shown in Figure 22. Allied Telesis AT-9424Ts - AT-S63 Marketing Enhanced Stacking Figure 22. Enhanced Stacking Menu The menu displays the current status of the switch at the end of selection “1 - Switch State.”...
Page 87
2. To change a switch’s stacking status, type 1 to select Switch State. 3. Type M to change the switch to a master switch, S to make it a slave 4. After making changes, type R until you return to the Main Menu. Then Section I: Basic Operations Note Item 2, Stacking Services, is only displayed on master switches.
The Enhanced Stacking menu is shown in Figure 22 on page 86. Services. Note Item 2, Stacking Services, is only displayed on master switches. The Stacking Services menu is shown in Figure 23. Allied Telesis AT-9424Ts - AT-S63 Marketing Stacking Services Switch Name Mode Figure 23.
Note Item 4, Load Image/Bootloader, uploads the AT-S63 image from the master switch to another AT-9400 Switch in the enhanced stack, as explained in “Uploading the AT-S63 Image File Switch to Switch” on page 176. Item 5, Load Configuration File, allows you to upload a configuration file from a master switch to another AT-9400 Switch, as explained in “Uploading an AT-S63 Configuration File Switch to...
Page 90
Chapter 3: Enhanced Stacking 5. Type the number of the switch in the list you want to manage. 6. Enter the appropriate username and password for the switch. A prompt similar to the following is displayed: Enter the switch number -> [1 to 24] The command line interface of the selected switch is displayed.
AT-S63 Management Software Menus User’s Guide Returning to the Master Switch When you are finished managing a slave switch, return to the Main Menu of the switch and type Q for Quit. This returns you to the Stacking Services menu on the master switch where you started the management session. You can either select another switch from the list to manage or, to manage the master switch, type R twice to return to the master switch’s Main Menu.
1 - Switch State-(M)aster/(S)lave/(U)navailable... Slave R - Return to Previous Menu Enter your selection? The Enhanced Stacking menu is shown in Figure 25. Allied Telesis AT-9424Ts - AT-S63 Marketing Enhanced Stacking Figure 25. Enhanced Stacking Menu The menu shows the enhanced stacking status of the switch you selected.
Chapter 4 SNMPv1 and SNMPv2c This chapter explains how to activate SNMP management on the switch and how to create, modify, and delete SNMPv1 and SNMPv2c community strings. Sections in the chapter include: “Enabling or Disabling SNMP Management” on page 94 “Setting the Authentication Failure Trap”...
4. After making changes, type R until you return to the Main Menu. Then The System Administration menu is shown in Figure 1 on page 32. Configuration. The SNMP Configuration menu is shown in Figure 26. Allied Telesis AT-9424Ts - AT-S63 Marketing SNMP Configuration Figure 26. SNMP Configuration Menu option between its two settings of Enabled and Disabled.
Setting the Authentication Failure Trap As mentioned in the SNMP Overview section in this chapter, a trap is a message sent by the switch to a management workstation or server to signal an operating event, such as when the device is reset. An authentication failure trap is similar to other the traps.
1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 5 to select SNMP 3. From the SNMP Configuration menu, type 3 to select Configure Allied Telesis AT-9424Ts - AT-S63 User: Manager Configure SNMPv1 & SNMPv2c Community...
Page 97
4. To create a new community string, type 1 to select Create SNMP 5. Enter the new SNMP community string. The name can be from one to 6. Specify the access mode for the new SNMP community string. If you 7.
Page 98
Chapter 4: SNMPv1 and SNMPv2c 9. If you want the switch to send traps to a management workstation or 10. If desired, repeat this procedure starting with Step 4 to create additional 11. After making changes, type R until you return to the Main Menu. Then management workstations.
The Configure SNMPv1 &SNMPv2c Community menu in shown in Figure 27 on page 96. select Modify SNMP Community. The Modify SNMP Community menu is shown in Figure 28. Allied Telesis AT-9424Ts - AT-S63 Marketing Modify SNMPv1 & SNMPv2c Community Status...
Page 100
Chapter 4: SNMPv1 and SNMPv2c The menu options are described below: 1 - Add Attributes to Community If a community string has a closed access mode, you can use this selection to add new IP addresses of management workstations that can use the string.
Page 101
Section I: Basic Operations Enter SNMP Manager IP Addr: c. If you want to remove the IP address of a management workstation from the community string, enter the IP address at the prompt. Otherwise, just press Return. This prompt is displayed: Enter Trap Receiver IP Addr: d.
Page 102
Chapter 4: SNMPv1 and SNMPv2c Enter Community Status [E-Enable, D-Disable]: c. Type E to enable the community string or D to disable it. This confirmation prompt is displayed: Do you want to change Community Status? (Y/N): [Yes/No] -> d. Type Y to change the string’s status or N to cancel the change. e.
Deleting a Community String To delete an SNMPv1 or SNMPv2c community string, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 5 to select SNMP 3. From the SNMP Configuration menu, type 3 to select Configure 4.
Configuration. The SNMP Configuration menu is shown in Figure 26 on page 94. & SNMPv2c Community. The Display SNMPv1 & SNMPv2c Community menu is shown in Figure 29. Allied Telesis AT-9424Ts - AT-S63 Marketing Display SNMPv1 & SNMPv2c Community Status...
Chapter 5 MAC Address Table This chapter contains the procedures for viewing the static and dynamic MAC address table. It also explains how to add static MAC addresses to the table. This chapter contains the following sections: “Displaying the MAC Address Tables” on page 106 “Adding Static Unicast and Multicast MAC Addresses”...
7 - Display on Base Ports R - Return to Previous Menu Enter your selection? Address Tables menu is shown in Figure 30. Allied Telesis AT-9424T/SP - AT-S63 Marketing MAC Address Tables Figure 30. MAC Address Tables Menu MAC Addresses or 4 to select Display Multicast MAC Addresses. The Display Unicast MAC Addresses menu is shown in Figure 31.
This selection displays all dynamic addresses learned on the ports of the switch and all static addresses that have been assigned to the ports. An example of a unicast MAC address table is shown in Figure Allied Telesis AT-9424T/SP - AT-S63 Marketing Display All...
01:00:51:00:00:01 U - Update Display R - Return to Previous Menu Enter your selection? An example of a multicast MAC address table is shown in Figure 33. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display All Page 1 VLANID Type Port Maps (U:Untagged T:Tagged)
Page 109
7 - Display on Base Ports This selection displays the static and dynamic MAC addresses learned on the base ports on the AT-9400 Switch. It does not display any addresses assigned or learned on any uplink ports. Section I: Basic Operations...
This section contains the procedure for adding static unicast and multicast MAC addresses to the switch. You can assign up to 255 static addresses per port on the AT-9400 Switch. To add a static MAC address, perform the following procedure: 1.
Page 111
5. Enter the number of the port on the switch where you want to assign 6. Enter the VLAN ID where the port is a member. 7. Repeat this procedure starting with Step 3 to enter additional static Section I: Basic Operations the static address.
Chapter 5: MAC Address Table Deleting Unicast and Multicast MAC Addresses To delete a dynamic or static unicast or multicast address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. 2.
Deleting All Dynamic MAC Addresses To delete all dynamic unicast and multicast MAC address from the MAC address table, perform the following procedure: 1. From the Main Menu, type 4 to select MAC Address Tables. 2. From the MAC Address Tables menu, type 2 to select MAC Addresses 3.
Chapter 5: MAC Address Table Changing the Aging Time The switch uses the aging time to delete inactive dynamic MAC addresses from the MAC address table. The switch deletes a MAC address from the table when no packets are sent to or received from the end node of the address for the period of time specified by the aging time.
Chapter 6 Static Port Trunks This chapter contains the procedures for managing static port trunks. Sections in the chapter include: “Creating a Static Port Trunk” on page 116 “Modifying a Static Port Trunk” on page 120 “Deleting a Static Port Trunk” on page 123 Section I: Basic Operations...
VLAN. You cannot create a trunk of ports that are untagged members of different VLANs. LACP. The Port Trunking and LACP menu is shown in Figure 35. Allied Telesis AT-9448T/SP - AT-S63 Marketing Port Trunking and LACP Figure 35.
This menu lists the current trunks on the switch. The information includes the following: 4. To create a new trunk, type C to select Create Trunk. Section I: Basic Operations Allied Telesis AT-9448T/SP - AT-S63 Marketing Static Port Trunking Name...
R - Return to Previous Menu Enter your selection? 5. Configure the following parameters as necessary: The Create Trunk menu is shown in Figure 37. Allied Telesis AT-9448T/SP - AT-S63 Marketing Create Trunk Figure 37. Create Trunk Menu 1 - Trunk ID Specifies the trunk ID, a value from 1 to 6.
Page 119
6. Type C to select Create Trunk. 7. To permanently save your change, return to the Main Menu and type S 8. Configure the ports on the remote switch for port trunking. 9. Connect the cables to the ports of the trunk on the switch. Section I: Basic Operations The port trunk is now active on the switch.
Chapter 6: Static Port Trunks Modifying a Static Port Trunk This section contains the procedure for modifying a static port trunk on the switch. Note the following before performing this procedure: To modify a port trunk, perform the following procedure: 1.
Section I: Basic Operations The Modify Trunk menu is displayed. The menu displays the operating specifications of the selected trunk. An example is shown in Figure 38. Allied Telesis AT-9448T/SP - AT-S63 Marketing Modify Trunk Figure 38. Modify Trunk Menu Note You cannot change a trunk’s ID number.
Page 122
Chapter 6: Static Port Trunks 6. Type M to select Modify Trunk. 7. To permanently save your change, return to the Main Menu and type S 8. Reconnect the cables to the ports of the trunk on the switch. The modifications to the port trunk are activated on the switch. to select Save Configuration Changes.
Deleting a Static Port Trunk To delete a static port trunk from the switch, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Menu, type 4 to select Port Trunking and LACP. 3.
Chapter 7 LACP Port Trunks This chapter contains the procedures for managing LACP port trunks. Sections in the chapter include: “Enabling or Disabling LACP” on page 126 “Setting the LACP System Priority” on page 128 “Creating an Aggregator” on page 129 “Modifying an Aggregator”...
LACP. The Port Trunking and LACP menu is shown in Figure 35 on page 116. The LACP (IEEE 8023ad) Configuration menu is shown in Figure 39. Allied Telesis AT-9448T/SP - AT-S63 Marketing LACP (IEEE 802.3ad) Configuration Figure 39. LACP (IEEE 8023ad) Configuration Menu...
Page 127
4. Type 1 to toggle LACP Status between Disabled and Enabled. The default is disabled. 5. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Section I: Basic Operations AT-S63 Management Software Menus User’s Guide...
Chapter 7: LACP Port Trunks Setting the LACP System Priority This procedure explains how to set the LACP system priority value on a switch. The switch uses this parameter if a conflict occurs when establishing an aggregate trunk with the other device. The LACP settings on the device with the higher priority take precedence over the settings on the other device.
Creating an Aggregator To create an aggregator, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 4 to select Port Trunking and 3. Type 2 to select LACP Configuration. 4.
Enter your selection? 5. Configure the following parameters as necessary: The Create LACP (IEEE 8023ad) Aggregator menu is shown in Figure Allied Telesis AT-9448T/SP - AT-S63 Marketing Create LACP (IEEE 802.3ad) Aggregator Figure 40. Create LACP (IEEE 8023ad) Aggregator Menu 1 - Aggregator Specifies a name for the aggregator.
Page 131
6. After you configure the parameters, type C to select Create 7. If LACP is not enabled on the switch, perform the procedure “Enabling 8. Configure LACP on the other network device. 9. Connect the cables to the ports of the aggregator on both the switch 10.
116. Configuration menu is shown in Figure 39 on page 126. The Modify LACP (IEEE 8023ad) Aggregator menu is shown in Figure Allied Telesis AT-9448T/SP - AT-S63 Marketing Modify LACP (IEEE 802.3ad) Aggregator Figure 41. Modify LACP (IEEE 8023ad) Aggregator Menu...
Page 133
5. Type 1 to select Aggregator and, when prompted, enter the name of 6. Configure the following parameters as necessary: 7. After configuring the parameters, type M to select Modify Aggregator. 8. To permanently save your change, return to the Main Menu and type S 9.
Chapter 7: LACP Port Trunks Deleting an Aggregator This procedure deletes an aggregator from the switch. The ports that are members of the aggregator stop transmitting LACPDU packets after the aggregator is deleted. To delete an aggregator, perform the following procedure: 1.
2. From the Port Configuration menu, type 4 to select Port Trunking and 3. Type 2 to select LACP Configuration. The LACP (IEEE 8023ad) 4. To view port status, type 6 to select Show LACP Port Status. To view Allied Telesis AT-9448T/SP - AT-S63 User: Manager Port ... 01 Aggregator ...
Chapter 8 Port Mirroring This chapter contains the procedures for creating and deleting a port mirror. Sections in the chapter include: “Creating a Port Mirror” on page 138 “Disabling a Port Mirror” on page 140 “Modifying a Port Mirror” on page 141 “Displaying the Port Mirror”...
R - Return to Previous Menu Enter your selection? 5. Type 2 to select Mirror-To (Destination) Port. The Port Mirroring menu is shown in Figure 44. Allied Telesis AT-9448T/SP - AT-S63 Marketing Port Mirroring Figure 44. Port Mirroring Menu #1 The following prompt is displayed.
Page 139
6. Enter the number of the port to function as the destination port. This is 7. To mirror the ingress (received) traffic on one or more ports, do the 8. To mirror the egress (transmitted) traffic from one or more ports, do the 9.
Chapter 8: Port Mirroring Disabling a Port Mirror To delete a port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. 3.
Modifying a Port Mirror To modify the port mirror, perform the following procedure: 1. From the Main Menu, type 1 to select Port Configuration. 2. From the Port Configuration menu, type 6 to select Port Mirroring. 3. Type 2 to select Mirror-To (Destination) Port. 4.
4 - Egress (Tx) Mirror (Source) Ports ... 1,3,11-13 R - Return to Previous Menu Enter your selection? The Port Mirroring menu is shown in Figure 46. Allied Telesis AT-9448T/SP - AT-S63 Marketing Port Mirroring Figure 46. Port Mirroring Menu...
Section II Advanced Operations The chapters in this section contain overview information on some of the advanced features of the AT-9400 Switch. The chapters also contain procedures for configuring these features using the AT-S63 Management Software. The chapters include: Chapter 9, ”File System” on page 145 Chapter 10, ”File Downloads and Uploads”...
Chapter 9 File System The chapter describes the AT-S63 file system, and how you can copy, rename, and delete system files from the file system or from a compact flash card. This chapter also explains how you can use the file system to select which boot configuration file you want the switch to use the next time the device is reset or power cycled.
You can also copy boot configuration files onto different switches to save yourself the trouble of having to manually configure AT-9400 Switches that are to have similar configurations. One way to do this with switches that support compact flash cards is to copy the configuration file from flash memory on the master switch onto the compact flash card.
Section II: Advanced Operations “Selecting the Active Boot Configuration File for the Switch” on page 149 Utilities. The File Operations menu is shown in Figure 47. Allied Telesis AT-9424T/SP - AT-S63 Marketing File Operations Figure 47. File Operations Menu Note Item 9, Format Flash Drive, and item F, Display Flash Information, are described in “Working with Flash Memory”...
Page 148
Chapter 9: File System 4. From the File Operations menu, type 3 to select Create Configuration 5. Enter a file name for the new boot configuration file. When entering a 6. Type 1 to select Boot Configuration File. 7. Enter the same file name you entered in Step 5. Configuring the Switch’s Parameter Settings After you create the boot configuration file and designate it as the active boot configuration file on the switch, you can configure the switch’s...
Selecting the Active Boot Configuration File for the Switch You have now created the boot configuration file, made the necessary changes to the switch’s parameter settings, and saved the changes. If you want the switch to use this new boot configuration file the next time you reset or power cycle the switch, no further steps are necessary.
Page 150
Chapter 9: File System To select the active boot configuration file for the switch, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 9 to select System 3.
6. Do one of the following: Viewing a Boot Use the following procedure to view the contents of a boot configuration file. (To display the names of the boot configuration files on the switch, see Configuration “Displaying System Files” on page 159.) File To view the contents of a boot configuration file, perform the following procedure:...
149. The contents of the boot configuration file are displayed in the View File menu. An example is shown in Figure 48. Allied Telesis AT-9424T/SP - AT-S63 Marketing View File Figure 48. View File Menu with Sample Boot Configuration File A boot configuration file contains those switch settings that differ from the AT-S63 default values.
Page 153
AT-S63 Management Software Menus User’s Guide The following are several guidelines for editing a boot configuration file: The text editor must be able to store the file as ASCII text. Do not use special formatting codes, such as boldface or italics. The boot configuration file must contain AT-S63 command line commands.
Chapter 9: File System Copying a System File This procedure is used to create copies of files stored in a switch’s file system or on a flash memory card. For instance, you might perform this procedure to create a copy of a configuration file so that you have a backup copy.
6. Enter the new file name. The file name can be up to 16 alphanumeric 7. Press any key to return to the File Operations menu. Examples The following examples illustrate how to create copies of files as well as transfer files between a switch’s flash memory and a compact flash card.
Chapter 9: File System Renaming a System File This procedure is used to rename files in a system’s file system or a compact flash card. Before renaming a file, note the following: To rename a system file, perform the following procedure: 1.
Examples The following examples illustrate how to rename files in a switch’s flash memory and on a compact flash card. This example renames the file “eventlog11.log” in the switch’s flash memory to ‘apr12_events.log”: This example renames the file “sw24.cfg” located on a flash memory card to “sw24_bk.cfg”: Section II: Advanced Operations You can enter a file name of up to 16 alphanumeric characters,...
Chapter 9: File System Deleting a System File This procedure is used to delete files from a system’s flash memory or a compact flash card. Before deleting a file, note the following: To delete a system file, perform the following procedure: 1.
Displaying System Files Use this procedure to display a list of the system files currently stored either in the flash memory of the switch or on a compact flash card. Listing All Files To display a list of the system files stored in flash memory as well as on a compact flash card (if the switch supports this and a compact flash card is inserted in the slot), perform the following procedure: 1.
R - Return to Previous Menu Enter your selection? Figure 49. List Files Menu for Flash Memory and a Compact Flash Card An example of this display is shown in Figure 49. Allied Telesis AT-9424T/SP - AT-S63 Marketing List Files Device...
The File Operations menu is shown in Figure 47 on page 147. The following prompt is displayed: Enter file name pattern to list: cflash:*.* The system displays files on the compact flash card, as shown in Figure 50. Allied Telesis AT-9424T/SP - AT-S63 Marketing List Files Device Size (Bytes) cflash <dir>...
Chapter 9: File System Working with Flash Memory The flash memory in the AT-9400 Switch stores the file system and the permanent event log. Displaying To display information about the flash memory, perform the following procedure: Information about the Flash 1.
Formatting the The procedure formats the flash memory in the switch. Flash Memory To format the flash memory, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 9 to select System 3.
Chapter 9: File System Working with the Compact Flash Card Some of the AT-9400 Switches have a slot for a compact flash card. Compact flash cards can be used for transferring files between switches, such as configuration files, and storing backup copies of files.
Page 165
AT-S63 Management Software Menus User’s Guide The Display Compact Flash Information menu provides the following information: Current Directory The currently selected directory. To change the directory, see “Changing the Current Flash Card Directory” on page 166. Number of files The number of files in the current directory. Number of directories The number of directories on the compact flash card.
The FIle Operations menu is shown in Figure 47 on page 147. Flash Directory. The Set/Change Compact Flash Directory menu is shown in Figure 53. Allied Telesis AT-9424T/SP - AT-S63 Marketing Set/Change Compact Flash Directory Figure 53. Set/Change Compact Flash Directory Menu Current Directory.
Chapter 10 File Downloads and Uploads This chapter contains the procedures for downloading a new AT-S63 image file onto the switch. This chapter also contains the procedures for uploading and downloading system files, such as a boot configuration file, from the file system in the switch. The procedures in this chapter are: “Downloading the AT-S63 Image File onto a Switch”...
“Returning the AT-S63 Management Software to the Factory Default Values” on page 50. If you are upgrading the AT-9400 Switch from AT-S63 version 1.3.0 or earlier and the switch has an IP address, the upgrade process automatically creates a routing interface on the switch to preserve the device’s IP configuration.
Page 169
The following guidelines apply to a TFTP download: The following procedures assume that you have already obtained the new software from Allied Telesis and have stored it on your management station or on the TFTP server. Section II: Advanced Operations interface is assigned the same address.
Utilities. The System Utilities menu is shown in Figure 6 on page 43. Uploads. The Downloads and Uploads menu is shown in Figure 54. Allied Telesis AT-9424T/SP - AT-S63 Marketing Downloads and Uploads Figure 54. Downloads and Uploads Menu Application Image/Bootloader.
Page 171
7. To download a file using Xmodem, type X at the prompt in Step 5. Section II: Advanced Operations The following prompt is displayed: TFTP Server IP address: b. Enter the IP address of the TFTP server. The following prompt is displayed: Remote File Name: c.
Chapter 10: File Downloads and Uploads 8. Type Y for Yes. 9. Begin the file transfer. 10. From the HyperTerminal main window, select Send File from the 11. Click Browse and specify the location and file to be downloaded onto 12.
13. Click Send. Section II: Advanced Operations The software immediately begins downloading onto the switch. The Xmodem File Send window in Figure 57 displays the current status of the software download. The download process takes several minutes to complete. Figure 57. XModem File Send Window After receiving the file, the switch compares the version number of the new image file that you just downloaded against the file already in the application block on the switch.
Chapter 10: File Downloads and Uploads Downloading the Review “Guidelines” on page 168 before performing the following download procedure. AT-S63 Image from a Remote To download a new AT-S62 image file into the application block portion of Management the switch’s flash memory, making it the active image file on the switch, from a remote management session (i.e, Telnet or SSH) using TFTP, Session perform the following procedure:...
Page 175
Section II: Advanced Operations After the switch has downloaded the image file, the following message is displayed: File received successfully! After receiving the file, the switch compares the version number of the new image file that you just downloaded against the file already in the application block on the switch.
The AT-S63 image file contains the bootloader for the switch. You cannot load the image file and bootloader separately. If you are upgrading the AT-9400 Switch from AT-S63 version 1.3.0 or earlier and the switch has an IP address, the upgrade process automatically creates a routing interface on the switch to preserve the device’s IP configuration.
Page 177
3. From the Stacking Services menu, type 1 to select Get/Refresh List of 4. Type 4 to select Download Image/Bootloader File. 5. Enter the number (Num column in the menu) of the AT-9400 Switch 6. You can respond with Yes or No to this prompt. It does not affect the Section II: Advanced Operations For example, if the switch has the static IP address 149.44.44.44 and...
Page 178
Chapter 10: File Downloads and Uploads 7. If you answer Yes to this prompt, the management software prompts The following prompt is displayed: Do you want confirmation before downloading each switch - > [Yes/No] you with a confirmation message before upgrading a switch. If you answer No, the management software does not display a confirmation prompt before uploading the image file.
Uploading an AT-S63 Configuration File Switch to Switch This procedure explains how to upload a boot configuration file on a master AT-9400 Switch to another AT-9400 Switch in an enhanced stack. This procedure provides you with an easy way of distributing a configuration file to different switches that are to share a similar configuration.
Page 180
Chapter 10: File Downloads and Uploads To upload a boot configuration file on the master switch to another switch in an enhanced stack, perform the following procedure: 1. From the Main Menu, type 8 to select Enhanced Stacking. 2. From the Enhanced Stacking menu, type 2 to select Stacking 3.
Page 181
7. Enter the number (Num column in the menu) of the AT-9400 Switch to 8. If you answer Yes to this prompt, the management software prompts Section II: Advanced Operations After you have entered a name, the following prompt is displayed: Enter the list of switches ->...
Chapter 10: File Downloads and Uploads Downloading a System File This section contains the following two procedures: Both procedures are used to download files into a switch’s file system. One procedure downloads files from a local management using either Xmodem or TFTP, and the other explains how to do it from a remote management session using TFTP.
Page 183
You cannot download a private encryption key onto a switch, but you can download a public key. However, because the switch can only use those encryption keys that it has generated itself, Allied Telesis recommends against downloading any keys onto the switch.
Chapter 10: File Downloads and Uploads Downloading a Review “Guidelines” on page 182 before performing this procedure. System File from To download a system file onto a switch from a local management session a Local using Xmodem or TFTP, perform the following procedure: Management 1.
Page 185
6. To download a file using Xmodem, type X at the prompt displayed in 7. Enter a name for the system file. This is the name that the switch will 8. Type Y for Yes. Section II: Advanced Operations d. Enter a name for the system file. This is the name that the switch will store the file as in its file system.
Chapter 10: File Downloads and Uploads 9. Begin the file transfer of the system file using the terminal emulator 10. From the HyperTerminal main window, select Send File from the 11. Click Browse and specify the location and system file to be 12.
14. If you downloaded a configuration file and want to make it the active Downloading a Review “Guidelines” on page 182 before performing this procedure. System File from To download a system file onto a switch from a remote management a Remote session using TFTP, perform the following procedure: Management...
Page 188
Chapter 10: File Downloads and Uploads 4. From the System Utilities menu, type 2 to select Downloads and 5. From the Downloads and Uploads menu, type 3 to select Download a 6. Enter the IP address of the TFTP server. 7.
Page 189
AT-S63 Management Software Menus User’s Guide This completes the procedure for downloading a file into the switch’s file system or flash memory card from a remote management session using TFTP. Section II: Advanced Operations...
Chapter 10: File Downloads and Uploads Uploading a System File This section contains the following two procedures: These procedures explain how to upload files from a switch’s file system to your management workstation or a TFTP server. One procedure explains how to perform the upload from a local management using either Xmodem or TFTP.
This guideline applies only to an Xmodem upload: These guidelines apply only to a TFTP upload: Uploading a Review “Guidelines” on page 190 before performing this procedure. System File from To upload a file from the switch’s file system to a workstation or TFTP a Local server from a local management session using Xmodem or TFTP, perform Management...
Page 192
Chapter 10: File Downloads and Uploads 5. From the Downloads and Uploads menu, type 4 to select Upload a 6. To upload a system file using Xmodem, go to Step 7. To upload a file 7. To upload a file using Xmodem, type X at the prompt displayed in Step File.
8. Enter the name of the system file on the switch that you want to upload 9. Type Y for Yes. 10. Begin the file transfer. 11. From the HyperTerminal main window, select Receive File from the Section II: Advanced Operations to your computer.
Chapter 10: File Downloads and Uploads 12. Click Browse and specify the location on your computer where you 13. Click in the Protocol field and select as the transfer protocol either 14. Click Receive. 15. When prompted, enter a name for the file. This is the name given the Uploading a Review “Guidelines”...
Page 195
4. From the System Utilities menu, type 2 to select Downloads and 5. From the Downloads and Uploads menu, type 4 to select Upload a 6. Enter the IP address of the TFTP server. 7. Enter a name for the file for when it is stored on the TFTP server. 8.
Chapter 11 Event Logs and the Syslog Client This chapter describes how to monitor the activity of a switch by viewing the event messages in the event logs and sending the messages to a syslog server. Sections in the chapter include: “Working with the Event Logs”...
“Saving an Event Log to a File” on page 206 Note Allied Telesis recommends setting the switch’s date and time if you enable the event logs. Otherwise, event messages will not have the correct time and date. For instructions, refer to “Setting the System Time”...
3. To enable or disable event logging, type 1 to toggle Event Logging 4. To permanently save your change, return to the Main Menu and type S Displaying an To view the events in an event log, perform the following procedure: Event Log 1.
Page 200
Chapter 11: Event Logs and the Syslog Client 4. To select the order of the events in the event log, type 3 to select 5. To select the format of the event log, type 4 to select Display Mode 6. To display events of a selected severity, type 5 to select Display Display Order and toggle between these two options: Chronological Displays the events in the order from the oldest event to the most...
7. To view the events of a particular AT-S63 software module, type 7 to Module Name CLASSIFIER ENCO ESTACK EVTLOG FILE GARP HTTP IGMPSNOOP LACP MGMTACL MLDSNOOP PACCESS PCFG PMIRR Section II: Advanced Operations select Event Module and enter the module. To specify more than one module, separate them by a comma—for example, “system, stp, ptrunk.”...
Page 202
Chapter 11: Event Logs and the Syslog Client Module Name PSEC PTRUNK RADIUS SNMP SYSTEM TACACS TELNET TFTP TIME VLAN WATCHDOG Table 1. AT-S63 Modules (Continued) Description MAC address-based port security Static port trunking Quality of Service RADIUS authentication protocol Redundant power supply RRP snooping Real time clock...
Severity Code Section II: Advanced Operations chosen, type V to select View Log. Figure 64 shows an example of an event log in Normal mode. Allied Telesis AT-9424T/SP - AT-S63 Marketing Event Log Event ssh: SSH server disabled garp: GARP initialized...
Modifying the This procedure explains how to control the action of the logs when they reach the maximum capacity of 4,000 events for the temporary log and Event Log Full 2,000 events for the permanent log. A log can either delete the oldest Action entries as it adds new entries or stop adding entries, so as to preserve the existing log contents.
Chapter 11: Event Logs and the Syslog Client Clearing an To clear all events from an event log, perform the following procedure: Event Log 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 8 to select Event Log. 3.
147. The following prompt is displayed: Enter file name to view: .log Return. A sample log file saved in full mode is shown in Figure 66. Allied Telesis AT-9424T/SP - AT-S63 Marketing View File 12:31:02 323003 ssh: SSH server disabled...
Page 208
Chapter 11: Event Logs and the Syslog Client 13. To upload the file to your management station, refer to “Uploading a System File” on page 190. Section II: Advanced Operations...
Configuring Log Outputs There are two methods for viewing the events generated by the switch. One approach is to display one of the switch’s event logs. The drawback to this method is that you must establish a management session with the switch before you can view the logs and you can view the log of only one switch at a time.
The Event Log menu is shown in Figure 63 on page 198. The Configure Log Outputs menu, with a list of any log outputs that have already been created, is shown in Figure 67. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Log Outputs...
10. Type 3 to toggle Output Status between the following options: Section II: Advanced Operations The Syslog Output Configuration menu is displayed, as shown in Figure 68. Allied Telesis AT-9424T/SP - AT-S63 Marketing Syslog Output Configuration Figure 68. Syslog Output Configuration Menu The following prompt is displayed: Enter new output ID [2 to 20] ->2...
Chapter 11: Event Logs and the Syslog Client 11. Type 4 to toggle Message Format between the following options: 12. Type 5 to select Facility Level. Table 3. Applicable RFC 3164 Numerical Code and AT-S63 Module Numerical Normal Sends the severity, module, and description for each event. Extended Sends the same information as Normal along with the date, time, and switch’s IP address.
Table 3. Applicable RFC 3164 Numerical Code and AT-S63 Module Numerical Section II: Advanced Operations Mappings (Continued) RFC 3164 Facility Code Clock daemon Local use 6 Local use 7 Local use 0 For example, the setting of DEFAULT assigns all port mirroring events a code of 22 and all encryption key events a code of 4.
Page 214
Chapter 11: Event Logs and the Syslog Client 13. To include events of a selected severity, type 6 to select Event 14. To send events generated by a particular AT-S63 software module, Table 4. Numerical Code and Facility Level Mappings (Continued) Numerical Code LOCAL4...
Outputs menu and begins to send events to the sever, if you enabled the definition when you created it. An example of the menu with a new syslog server definition is shown in Figure 69. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Log Outputs...
Chapter 11: Event Logs and the Syslog Client 5. Enter the number of the log output that you want to modify. 6. Refer to “Creating a Log Output Definition” on page 210 for information 7. When you complete the modifications, type M to select Modify Log 8.
Enter output ID to view [0 to 20] -> The Syslog Output Configuration menu for the selected output is displayed. An example is shown in Figure 70. Allied Telesis AT-9424T/SP - AT-S63 Marketing Syslog Output Configuration To modify the log output configuration, refer to “Modifying a Log Output”...
Page 218
Chapter 11: Event Logs and the Syslog Client Section II: Advanced Operations...
Chapter 12 Classifiers This chapter explains classifiers and how you can create classifiers to define traffic flows. The sections in this chapter include: “Creating a Classifier” on page 220 “Modifying a Classifier” on page 224 “Deleting a Classifier” on page 226 “Deleting All Classifiers”...
Enter your selection? 2. From the Security and Services menu, type 1 to select Classifier The Security and Services menu is shown in Figure 71. Allied Telesis AT-9424T/SP - AT-S63 Marketing Security and Services Figure 71. Security and Services Menu Configuration.
U - Update Display R - Return to Previous Menu Enter your selection? Section II: Advanced Operations The Classifier Configuration menu is shown in Figure 72. Allied Telesis AT-9424T/SP - AT-S63 Marketing Classifier Configuration Figure 72. Classifier Configuration Menu Classifier.
This is the first page of the classifier variables. To view the remaining variables, type N to select Next Page. The Create Classifier menu (page 2) is shown in Figure 74. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create Classifier Figure 74. Create Classifier Menu (Page 2) The following prompt is displayed.
Page 223
7. Repeat steps 5 and 6 to adjust any other variables necessary to define 8. After configuring the necessary variables, type C to select Create 9. To create more classifiers, repeat this procedure starting with step 3. 10. To permanently save your change, return to the Main Menu and type S 11.
Chapter 12: Classifiers Modifying a Classifier In order to modify a classifier, you need to know its ID number. If you are unsure of the ID number of the classifier you want to modify, refer to “Displaying Classifiers” on page 228. You cannot modify a classifier if it belongs to an ACL or QoS policy that is assigned to a port.
Page 225
7. To modify other classifiers, repeat this process starting with step 3. 8. To permanently save your change, return to the Main Menu and type S 9. To add the modified classifier to an ACL, refer to “Creating an ACL” on Section II: Advanced Operations to select Save Configuration Changes.
Chapter 12: Classifiers Deleting a Classifier This procedure deletes a classifier from the switch. To delete a classifier, you need to know its ID number. If you are unsure of the ID number of the classifier you want to delete, refer to “Displaying Classifiers” on page 228. To delete a classifier, perform the following procedure: 1.
Deleting All Classifiers This procedure deletes all classifiers from the switch. To delete individual classifiers, refer to “Deleting a Classifier” on page 226. To delete all classifiers from the switch, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
The Security and Services menu is shown in Figure 71 on page 220. Configuration. The Classifier Configuration menu is shown in Figure 72 on page 221. Classifiers. An example of the Show Classifiers menu is shown in Figure 75. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Classifiers Description Number of...
The following prompt is displayed: Enter Classifier ID : [1 to 9999] -> 1 The first page of the Display Classifier Details menu is shown in Figure Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Classifier Details Figure 76. Display Classifier Details Menu (Page 1) AT-S63 Management Software Menus User’s Guide...
R - Return to Previous Menu Enter your selection? The second page of the Display Classifier Details menu is shown in Figure 77. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Classifier Details Figure 77. Display Classifier Details Menu (Page 2)
Chapter 13 Access Control Lists This chapter explains how to manage access control lists (ACL). This chapter contains the following sections: “Creating an ACL” on page 232 “Modifying an ACL” on page 235 “Deleting an ACL” on page 237 “Deleting All ACLs” on page 239 “Displaying ACLs”...
3. From the Access Control Lists (ACL) menu, type 1 to select Create Lists. The Access Control Lists (ACL) menu is shown in Figure 78. Allied Telesis AT-9424T/SP - AT-S63 Marketing Access Control Lists (ACL) Figure 78. Access Control Lists (ACL) Menu ACL.
8. Type 4 to select Classifier List from the Create ACL menu and, when Section II: Advanced Operations The Create ACL menu is shown in Figure 79. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create ACL Figure 79. Create ACL Menu the ACL.
Page 234
Chapter 13: Access Control Lists 9. Type 5 to select Port List and, when prompted, enter the ports where 10. Type C to select Create ACL. 11. To create additional ACLs, repeat this procedure starting with step 3. 12. To permanently save your change, return to the Main Menu and type S you want to assign the ACL.
ACL at a time. The Modify ACL window is displayed with the specifications of the selected ACL. An example of the window is shown in Figure 80. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify ACL Figure 80. Modify ACL Menu You cannot change an ACL’s ID number.
Page 236
Chapter 13: Access Control Lists 5. To change the description of the ACL, type 2 to select Description and 6. To change the ACL’s action, type 3 to select Action. 7. Type 0 if you want the ACL to discard ingress packets that meet the 8.
The Destroy ACL window is displayed with the specifications of the selected ACL. You can use this window to confirm that you are deleting the correct ACL. An example of the window is shown in Figure 81. Allied Telesis AT-9424T/SP - AT-S63 Marketing Destroy ACL Figure 81.
Page 238
Chapter 13: Access Control Lists 6. To delete additional ACLs, repeat this procedure starting with step 3. 7. To permanently save your change, return to the Main Menu and type S A deleted ACL is immediately removed from the switch. to select Save Configuration Changes.
Deleting All ACLs This procedure deletes all ACLs from the switch. To delete all ACLs, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 4 to select Access Control 3.
Lists. The Access Control Lists (ACL) menu is shown in Figure 78 on page 232. ACLs. An example of the Show ACLs window is illustrated in Figure 82. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show ACLs Description IP - deny...
[0 to 250] -> 0 selected ACL are displayed. An example of the Display ACL Details window is illustrated in Figure 83. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display ACL Details Figure 83. Display ACL Details Menu This menu is for viewing purposes only. To modify an ACL, refer to “Modifying an ACL”...
Chapter 14 Class of Service This chapter contains the procedures for configuring Class of Service (CoS). Sections in the chapter include: “Configuring CoS” on page 244 “Mapping CoS Priorities to Egress Queues” on page 247 “Configuring Egress Scheduling” on page 248 “Displaying Port CoS Priorities”...
Class of Service (CoS) Figure 84. Class of Service (CoS) Menu The “Number of CoS Queues” line indicates the number of egress queues on each port. The AT-9400 Switch has eight queues per port. This value cannot be changed. 11:20:02 02-Mar-2005...
Enter port number -> [1 to 24] -> CoS. You can specify only one port at a time. The Configure Port COS Priorities menu is shown in Figure 85. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Port CoS Priorities Figure 85. Configure Port COS Priorities Menu Menu option 1 cannot be changed.
Page 246
Chapter 14: Class of Service 8. Type C to select Configure Port COS Priorities. 9. To permanently save your change, return to the Main Menu and type S Note CoS does not change the tagged information in a frame. A tagged frame leaves a switch with the same priority level that it had when it entered.
244. Priority to Egress Queue. The Map CoS Priority to Egress Queue menu is shown in Figure 86. Allied Telesis AT-9424T/SP - AT-S63 Marketing Map CoS Priority to Egress Queue Figure 86. Map CoS Priority to Egress Queue Menu want to change.
The Class of Service (CoS) menu is shown in Figure 84 on page 244. Egress Scheduling. The Configure Egress Scheduling menu is shown in Figure 87. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Egress Scheduling Figure 87. Configure Egress Scheduling Menu The default setting is Strict Priority.
Page 249
AT-S63 Management Software Menus User’s Guide The default value of 1 for each queue gives all egress queues the same weight. 6. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Section II: Advanced Operations...
Service (CoS). The Class of Service (CoS) menu is shown in Figure 84 on page 244. CoS Priorities. The Show Port CoS Priorities menu is shown in Figure 88. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Port CoS Priorities PVID Priority Figure 88.
Chapter 15 Quality of Service This chapter describes Quality of Service (QoS). Sections in the chapter include: “Managing Flow Groups” on page 252 “Managing Traffic Classes” on page 261 “Managing Policies” on page 271 Section II: Advanced Operations...
“Deleting a Flow Group” on page 256 “Displaying Flow Groups” on page 257 Service. The Quality of Service (QoS) menu is shown in Figure 89. Allied Telesis AT-9424T/SP - AT-S63 Marketing Quality of Service (QoS) Figure 89. Quality of Service (QoS) menu Configuration.
Enter your selection? 5. Configure the following parameters as desired: Section II: Advanced Operations The Flow Group Configuration menu is shown in Figure 90. Allied Telesis AT-9424T/SP - AT-S63 Marketing Flow Group Configuration Figure 90. Flow Group Configuration Menu Group.
Page 254
Chapter 15: Quality of Service 2 - Description Specifies a description for the flow group. The description can be from 1 to 15 alphanumeric characters including spaces. This parameter is optional, but recommended. Names can help you identify the groups on the switch.
7. To create another flow group, repeat this procedure starting with step 8. To permanently save your change, return to the Main Menu and type S Modifying a Flow To modify a flow group, perform the following procedure: Group 1. From the Main Menu, type 7 to select Security and Services. 2.
1. From the Main Menu, type 7 to select Security and Services. 2. From the Security and Services menu, type 6 to select Quality of 3. From the Quality of Service (QoS) menu, type 1 to select Flow Group Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify Flow Group Figure 92.
The selected flow group is displayed in the Destroy Flow Group menu. You can use the menu to verify that you are deleting the correct group. An example is shown in Figure 93. Allied Telesis AT-9424T/SP - AT-S63 Marketing Destroy Flow Group Figure 93.
Configuration. The Flow Group Configuration menu is shown in Figure 90 on page 253. Groups. The Show Flow Groups menu is shown in Figure 94. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Flow Groups Parent Traffic Class ID Figure 94. Show Flow Groups Menu The Show Flow Groups menu provides the following information: The flow group’s ID number.
The specifications of the selected flow group are displayed in the Display Flow Group Details menu. An example is shown in Figure 95. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Flow Group Details Figure 95.
Page 260
Chapter 15: Quality of Service Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 1 to 7. Move ToS to Priority If set to Yes, replaces the value in the 802.1p priority field with the value in the ToS priority field on IPv4 packets.
The Quality of Service (QoS) menu is shown in Figure 89 on page 252. Configuration. The Traffic Class Configuration menu is shown in Figure 96. Allied Telesis AT-9424T/SP - AT-S63 Marketing Traffic Class Configuration Figure 96. Traffic Class Configuration Menu Traffic Class.
R - Return to Previous Menu Enter your selection? 5. Configure the following parameters as desired: The Create Traffic Class menu is shown in Figure 97. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create Traffic Class Figure 97. Create Traffic Class Menu 1 - Traffic Class ID Specifies an ID number for the traffic class.
Page 263
Section II: Advanced Operations 5 - DSCP value Specifies a replacement value to write into the DSCP (TOS) field of the packets. The range is 0 to 63. A new DSCP value can be set at all three levels: flow group, traffic class, and policy.
Page 264
Chapter 15: Quality of Service matches the number being used by the traffic. However, no unused tokens will accumulate in the bucket. If the traffic increases, the excess traffic will be discarded since no tokens are available for handling the increase.
6. After configuring the parameters, type C to select Create Traffic Class. 7. To create another traffic class, repeat this procedure starting with step 8. To permanently save your change, return to the Main Menu and type S Modifying a To modify a traffic class, perform the following procedure: Traffic Class 1.
9. To permanently save your change, return to the Main Menu and type S The selected traffic class is displayed in the Modify Traffic Class menu. An example is shown in Figure 98. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify Traffic Class Figure 98.
Destroy Traffic Class menu. An example is shown in Figure 99. You can use the menu to verify that you are deleting the correct traffic class. Allied Telesis AT-9424T/SP - AT-S63 Marketing Destroy Traffic Class Figure 99. Destroy Traffic Class Menu AT-S63 Management Software Menus User’s Guide...
Configuration. The Traffic Class Configuration menu is shown in Figure 96 on page 261. Traffic Classes. The Show Traffic Classes menu is shown in Figure 100. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Traffic Classes Parent Policy ID Figure 100. Show Traffic Classes Menu...
You can display only one traffic class at a time. An example of the Display Traffic Class Details menu is shown in Figure 101. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Traffic Class Details Figure 101. Display Traffic Class Details Menu AT-S63 Management Software Menus User’s Guide...
Page 270
Chapter 15: Quality of Service The Display Traffic Class Details menu provides the following information: Traffic Class ID The traffic class ID number. Description The description of the traffic class. Exceed Action The action taken if the traffic of the traffic class exceeds the maximum bandwidth.
Service. The Quality of Service (QoS) menu is shown in Figure 89 on page 252. Configuration. The Policy Configuration menu is shown in Figure 102. Allied Telesis AT-9424T/SP - AT-S63 Marketing Policy Configuration Figure 102. Policy Configuration Menu AT-S63 Management Software Menus User’s Guide...
R - Return to Previous Menu Enter your selection? 5. Configure the following parameters as needed: The Create Policy menu is shown in Figure 103. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create Policy Figure 103. Create Policy Menu 1 - Policy ID Specifies an ID number for the policy.
Page 273
6. After configuring the parameters, type C to select Create Policy. 7. To create another policy, repeat this procedure starting with step 3. Section II: Advanced Operations 5 - ToS Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets.
[0 to 255] -> 0 only one policy at a time. The selected policy is displayed in the Modify Policy menu. An example is shown in Figure 104. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify Policy Figure 104. Modify Policy Menu “Creating a Policy”...
7. Type M to select Modify Policy. 8. To modify another policy, repeat this procedure starting with step 4. 9. To permanently save your change, return to the Main Menu and type S Deleting a Policy To delete a policy, perform the following procedure: 1.
The Quality of Service (QoS) menu is shown in Figure 89 on page 252. Configuration. The Policy Configuration menu is shown in Figure 102 on page 271. The Show Policies menu is shown in Figure 105. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Policies Description...
Enter Policy ID : [0 to 255] -> 0 only one policy at a time. The Display Policy Details menu is shown in Figure 106. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Policy Details Figure 106. Display Policy Details Menu...
Page 278
Chapter 15: Quality of Service Specifies a replacement value to write into the Type of Service (ToS) field of IPv4 packets. The range is 1 to 7. A ToS value specified at the policy level is used only if no value has been specified at the flow group and traffic class levels.
Chapter 16 Denial of Service Defenses This chapter contains the procedure for configuring the switch’s defense mechanisms against denial of service (DoS) attacks: “Configuring Denial of Service Defense” on page 280 Section II: Advanced Operations...
R - Return to Previous Menu Enter your selection? Service (DoS). The Denial of Service (DoS) menu is shown in Figure 107. Allied Telesis AT-9424T/SP - AT-S63 Marketing Denial of Service (DoS) Figure 107. Denial of Service (DoS) Menu the IP address of a node connected to the switch and a subnet mask.
Page 281
The following prompt is displayed: Enter port-list: Note If you plan to use the Teardrop defense, Allied Telesis recommends activating it on only the uplink port and one other port. The defense is CPU intensive and can overwhelm the switch’s CPU.
A menu is displayed containing either one or two options, depending on the DoS defense you selected. An example of the menu is shown in Figure 109. Allied Telesis AT-9424T/SP - AT-S63 Marketing SYN Flood Configuration Figure 109. SYN Flood Configuration Menu 1 - Attack Detection Enables and disables the selected DoS defense on the selected ports.
Chapter 17 Power Over Ethernet This chapter contains the procedures for configuring Power over Ethernet (PoE) on the AT-924T/POE Switch. Sections in the chapter include: Section II: Advanced Operations “Setting the PoE Threshold” on page 284 “Configuring PoE Port Settings” on page 286 “Displaying PoE Status and Settings”...
R - Return to Previous Menu Enter your selection? Ethernet (PoE) Configuration menu. The Power Over Ethernet Configuration menu is shown in Figure 110. Allied Telesis AT-924T/POE - AT-S63 Production Switch Power Over Ethernet (PoE) Configuration Figure 110. Power Over Ethernet Configuration Menu PoE Global Configuration.
Page 285
4. From the PoE Global Configuration menu, type 1 to select Power 5. After making the change, type R until you return to the Main Menu. Section II: Advanced Operations Options 2, Maximum Available Power, displays the maximum amount of PoE supplied by the switch. For the AT-924T/POE switch, this value is 380W.
PoE Port Configuration. The following prompt is displayed: port at a time. The PoE Port Configuration menu is shown in Figure 112. Allied Telesis AT-924T/POE - AT-S63 Production Switch PoE Port Configuration Figure 112. PoE Port Configuration Menu If you are configuring multiple ports, the management software displays the settings of the lowest numbered port.
Page 287
6. To change the port’s priority, type 2 to select Power Priority and, when 7. To change the maximum amount of power the port can supply to the 8. After making your changes, type R until you return to the Main Menu. Section II: Advanced Operations prompted, type C for Critical, H for High, or L for Low.
The Power Over Ethernet Configuration menu is shown in Figure 110 on page 284. PoE Status. The PoE Status menu is shown in Figure 113. Allied Telesis AT-924T/POE - AT-S63 Production Switch PoE Status Figure 113. PoE Status Menu The selections are defined below.
Enter your selection? Section II: Advanced Operations 1 - PoE Global Status Menu This selection displays the following window: Allied Telesis Ethernet Switch AT-924T/POE - AT-S63 Production Switch PoE Global Status Figure 114. PoE Global Status Menu The selections in this window are for viewing purposes only. These parameters are not adjustable.
Chapter 17: Power Over Ethernet Allied Telesis AT-924T/POE - AT-S63 User: Manager Port PoE Function Consumed Power (mW) ------------------------------------------------------------------------- ENABLED 1,900 ENABLED 1,900 ENABLED 1,900 ENABLED ENABLED N - Next Page U - Update Display R - Return to Previous Menu...
When you select this option, you are prompted to enter the port(s) you want to view. You can specify more than one port at a time. Once you have specified the port, the selection displays the following window: Allied Telesis AT-924T/POE - AT-S63 Production Switch PoE Detailed Port Status Figure 116.
This selection displays the hardware and firmware version numbers of the PoE chipset used in the switch. This selection is intended for troubleshooting purposes and displays the following window: Allied Telesis AT-924T/POE - AT-S63 Production Switch PoE Device Information Figure 117. PoE Device Information...
Section III IGMP Snooping, MLD Snooping, and RRP Snooping The chapters in this section contain overview information on IGMP snooping, MLD snooping, and RRP snooping. The chapters also explain how to configure these features from the menus interface of the AT-S63 Management Software.
Chapter 18 IGMP Snooping This chapter explains how to activate and configure the Internet Group Management Protocol (IGMP) snooping feature on the switch. Sections in the chapter include: “Configuring IGMP Snooping” on page 296 “Enabling or Disabling IGMP Snooping” on page 300 “Displaying a List of Host Nodes”...
R - Return to Previous Menu Enter your selection? 2. From the Advanced Configuration menu, type 2 to select IGMP The Advanced Configuration menu is shown in Figure 118. Allied Telesis AT-9424T/SP - AT-S63 Marketing Advanced Configuration Figure 118. Advanced Configuration Menu Snooping Configuration.
3. Adjust the following parameters as necessary: Section III: IGMP Snooping, MLD Snooping, and RRP Snooping The IGMP Snooping Configuration menu is shown in Figure 119. Allied Telesis AT-9424T/SP - AT-S63 Marketing IGMP Snooping Configuration Figure 119. IGMP Snooping Configuration Menu 1 - IGMP Snooping Status Enables or disables IGMP snooping on the switch.
Page 298
Chapter 18: IGMP Snooping If a switch has a mixture of host nodes, that is, some connected directly to the switch and others through an Ethernet hub, you should select the Multi-Host Port (Intermediate) selection. 3 - Host/Router Timeout Interval Specifies the time period in seconds at which the switch determines that a host node is inactive.
Page 299
AT-S63 Management Software Menus User’s Guide Note Selection 6, View IGMP Multicast Hosts List, is described in “Displaying a List of Host Nodes” on page 301. Selection 7, View IGMP Multicast Routers List, is described in “Displaying a List of Multicast Routers”...
Chapter 18: IGMP Snooping Enabling or Disabling IGMP Snooping To activate or deactivate IGMP snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. 2. From the Advanced Configuration menu, type 2 to select IGMP 3.
The IGMP Snooping Configuration menu is shown in Figure 119 on page 297. IGMP Multicast Hosts List. The View IGMP Multicast Host List menu is shown in Figure 120. Allied Telesis AT-9424T/SP - AT-S63 Marketing View IGMP Multicast Hosts List VLAN Port/...
Page 302
Chapter 18: IGMP Snooping VLAN The VID of the VLAN where the port is an untagged member. Port/Trunk The port on the switch where the host node is connected. If the host node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed.
The IGMP Snooping Configuration menu is shown in Figure 119 on page 297. IGMP Multicast Routers List. The View IGMP Multicast Routers List menu is shown in Figure 121. Allied Telesis AT-9424T/SP - AT-S63 Marketing View IGMP Multicast Routers List Port/Trunk ID...
Page 304
Chapter 18: IGMP Snooping switch learned the router on a port trunk, the trunk ID number, not the port number, is displayed. Router IP The IP address of the multicast router. Section III: IGMP Snooping, MLD Snooping, and RRP Snooping...
Chapter 19 MLD Snooping This chapter explains how to activate and configure Multicast Listener Discovery (MLD) snooping on the switch. Sections in the chapter include: “Configuring MLD Snooping” on page 306 “Enabling or Disabling MLD Snooping” on page 309 “Displaying a List of Host Nodes” on page 310 “Displaying a List of Multicast Routers”...
The Advanced Configuration menu is shown in Figure 118 on page 296. Snooping Configuration. The MLD Snooping Configuration menu is shown in Figure 122. Allied Telesis AT-9424T/SP - AT-S63 Marketing MLD Snooping Configuration Figure 122. MLD Snooping Configuration Menu 1 - MLD Snooping Status Enables or disables MLD snooping on the switch.
Page 307
Section III: IGMP Snooping, MLD Snooping, and RRP Snooping additional multicast packets out the port where the host node is connected. Multiple Host/Ports (Intermediate) The Multi-Host setting is appropriate if there is more than one host node connected to a switch port, such as when a port is connected to an Ethernet hub to which multiple host nodes are connected.
Page 308
Chapter 19: MLD Snooping 4. After making changes, type R until you return to the Main Menu. Then Note A change to any parameter in this menu is immediately activated on the switch. Note Selection 6, View MLD Multicast Hosts List, is described in “Displaying a List of Host Nodes”...
Enabling or Disabling MLD Snooping To activate or deactivate MLD snooping on the switch, perform the following procedure: 1. From the Main Menu, type 6 to select Advanced Configuration. 2. From the Advanced Configuration menu, type 3 to select MLD 3.
The MLD Snooping Configuration menu is shown in Figure 122 on page 306. MLD Multicast Hosts List. The View MLD Multicast Host List menu is shown in Figure 123. Allied Telesis AT-9424T/SP - AT-S63 Marketing View MLD Multicast Hosts List Port/...
Page 311
AT-S63 Management Software Menus User’s Guide node is connected to the switch through a trunk, the trunk ID number, not the port number, is displayed. HostIP The IP address of the host node connected to the port. Exp. Time The number of seconds remaining before the host is timed out if no further MLD reports are received from it.
The MLD Snooping Configuration menu is shown in Figure 122 on page 306. MLD Multicast Routers List. The View MLD Multicast Routers List menu is shown in Figure 124. Allied Telesis AT-9424T/SP - AT-S63 Marketing View MLD Multicast Routers List RouterIP fe80:0000:0000:0000:0200:cdff:fe12:bf08 Figure 124.
Page 313
AT-S63 Management Software Menus User’s Guide Port/Trunk ID The port on the switch where the multicast router is connected. If the switch learned the router on a port trunk, the trunk ID number, not the port number, is displayed. Router IP The IP address of the multicast router.
Chapter 20 RRP Snooping The section in this chapter explains how to configure RRP snooping: “Enabling or Disabling RRP Snooping” on page 316 Section III: IGMP Snooping, MLD Snooping, and RRP Snooping...
4. To permanently save your change, return to the Main Menu and type S Snooping Configuration. The RRP Snooping Configuration menu is shown in Figure 125. Allied Telesis AT-9424T/SP - AT-S63 Marketing RRP Snooping Configuration Figure 125. RRP Snooping Menu setting between Enabled and Disabled.
Section IV SNMPv3 The chapter in this section contains overview information on SNMPv3. The chapter also explains how to configure this feature from the menus interface of the AT-S63 Management Software. The chapter is: Section IV: SNMPv3 Chapter 21, ”SNMPv3” on page 319...
Chapter 21 SNMPv3 This chapter provides a description of the AT-S63 implementation of the SNMPv3 protocol. In addition, the chapter contains procedures that allow you to create and modify SNMPv3 entities. The following sections are provided: Section IV: SNMPv3 “Configuring SNMPv3 Entities” on page 320 “Configuring the SNMPv3 User Table”...
You use the SNMPv3 Community Table to configure SNMPv1 and SNMPv2 communities. Due to the complexity of the SNMPv3 configuration, Allied Telesis recommends that you configure the SNMPv3 protocol with the procedures listed above, in the order they are listed. However, you can configure the SNMPv3 protocol using the above procedures in any order.
Configuring the SNMPv3 User Table This section contains a description of the SNMPv3 User Table and how to create, delete, and modify table entries. Configure the SNMPv3 User Table first. Creating this table, allows you to create an entry in an SNMPv3 User Table for a User Name.
3 - Modify SNMPv3 Table Entry U - Update Display R - Return to Previous Menu Enter your selection? The Configure SNMPv3 Table menu is shown in Figure 126. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 Table Figure 126. Configure SNMPv3 Table Menu Note The SNMP Engine field is a read-only field.
Page 323
5. To create a new user table, type 1 to select Create SNMPv3 Table 6. Enter a descriptive name of the user. 7. Enter one of the following: 8. Enter an authentication password of up to 32 alphanumeric characters Section IV: SNMPv3 Entry.
Page 324
Chapter 21: SNMPv3 9. Select one of the following options: 10. Enter a privacy password of up to 32 alphanumeric characters. 11. Select one of the following storage types for this table entry: You are prompted to re-enter the password. The following prompt is displayed: Enter Privacy Protocol [D-DES, N-None]: Note...
5. Enter Y to delete the user or N to save the user. 6. After making changes, type R until you return to the Main Menu. Then Section IV: SNMPv3 allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
The SNMPv3 User Table is shown in Figure 127 on page 322. Entry. The Modify SNMPv3 User Table is shown in Figure 128. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 User Table Figure 128. Modify SNMPv3 User Table Menu...
Page 327
4. To change the authentication protocol and password, type 1 to select 5. Enter the User Name of the User Table you want to modify. 6. Enter one of the following: 7. Enter an authentication password of up to 32 alphanumeric characters. 8.
Page 328
Chapter 21: SNMPv3 9. Enter the Privacy Password for this User Name. 10. Re-enter the password. 11. After making changes, type R until you return to the Main Menu. Then Modifying the Privacy Protocol and Password To modify the Privacy Protocol and Password in an SNMPv3 User Table entry, perform the following procedure.
Page 329
6. Choose one of the following Privacy Protocols: 7. Enter a privacy password of up to 32 alphanumeric characters. 8. Re-enter the password. 9. After making changes, type R until you return to the Main Menu. Then Modifying the Storage Type To modify the Storage Type in an SNMPv3 User Table entry, perform the following procedure.
Page 330
SNMPv3 User Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. type S to select Save Configuration Changes.
Configuring the SNMPv3 View Table This section contains a description of the SNMPv3 View Table and how to create, delete, and modify table entries. Creating this table, allows you to specify a view using the following parameters: To configure the SNMPv3 View Table, you need to be very familiar with the OID table.
4. Enter a descriptive name of this View. 5. Enter the subtree that this view will or will not be permitted to display. The Configure SNMPv3 View Table menu is shown in Figure 129. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 View Table Figure 129.
Page 333
6. Enter a subtree mask in hexadecimal format. 7. Enter one of the following view types: 8. Select one of the following storage types for this table entry: Section IV: SNMPv3 The following prompt is displayed: Enter Subtree Mask (Hex format): This is an optional parameter that is used to further refine the value in the View Subtree parameter.
SNMPv3 View Table to the configuration file. After making changes to an SNMPv3 View Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
6. Enter Y to delete the view or N to save the view. 7. After making changes, type R until you return to the Main Menu. Then Modifying an This section describes how to modify parameters in an SNMPv3 Notify Table entry.
6. Enter Subtree that this view will or will not be permitted to display. 7. Enter a Subtree Mask in hexadecimal format. The Modify SNMPv3 View Table menu is shown in Figure 130. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 View Table Figure 130.
Page 337
8. After making changes, type R until you return to the Main Menu. Then Modifying a View Type To modify the View Type parameter in an SNMPv3 View Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2.
Page 338
Chapter 21: SNMPv3 6. Enter the View Subtree value for this View Name. 7. Choose one of the following view types: 8. After making changes, type R until you return to the Main Menu. Then Modifying a Storage Type To modify the Storage Type parameter in an SNMPv3 View Table entry, perform the following procedure.
Page 339
SNMPv3 View Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. type S to select Save Configuration Changes.
Chapter 21: SNMPv3 Configuring the SNMPv3 Access Table This section contains a description of the SNMPv3 Access Table and how to create, delete, and modify table entries. The SNMPv3 Access Table allows you to configure a security group. Each user must belong to a security group.
4. Enter a descriptive name of the group. The Group Name can consist of Section IV: SNMPv3 The Configure SNMPv3 Access Table menu is shown in Figure 131. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 Access Table Figure 131. Configure SNMPv3 Access Table Menu SNMPv3 Table Entry.
Page 342
Chapter 21: SNMPv3 5. Select one of the following SNMP protocols as the Security Model for 6. Select one of the following security levels: Note The Context Prefix and the Context Match fields are a read only fields. The Context Prefix field is always set to null. The Context Match field is always set to exact.
Page 343
7. Enter a value that you configured with the View Name parameter in the 8. Enter a value that you configured with the View Name parameter in the 9. Enter a value that you configured with the View Name parameter in the 10.
SNMPv3 Access Table to the configuration file. After making changes to an SNMPv3 Access Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
Page 345
5. Enter the Security Model of this Group Name. 6. Enter the Security Level of this Group Name. Section IV: SNMPv3 The following prompt is displayed: Enter Security Model [1-v1, 2-v2c, 3-v3]: Select one of the following security levels: 1-v1 Select this value to associate the Group Name with the SNMPv1 protocol.
Chapter 21: SNMPv3 7. Enter Y to delete the view or N to save the view. 8. After making changes, type R until you return to the Main Menu. Then Modifying an This section describes how to modify parameters in an SNMPv3 Access Table entry.
6. Enter the Security Model configured for this Group Name. You cannot Section IV: SNMPv3 SNMPv3 Table Entry. The Modify SNMPv3 Access Table is shown in Figure 132. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 Access Table Figure 132. Modify SNMPv3 Access Table Menu View Name.
Page 348
Chapter 21: SNMPv3 7. Select one of the following security levels: 8. Enter a value that you configured with the View Name parameter in the 9. After making changes, type R until you return to the Main Menu. Then 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol.
Page 349
Modifying the Write View Name To modify the Write View Name parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2. From the Configure SNMPv3 Table menu, type 4 to select Configure 3.
Page 350
Chapter 21: SNMPv3 7. Enter the Security Level configured for this Group Name. You cannot 8. Enter a value that you configured with the View Name parameter in the 9. After making changes, type R until you return to the Main Menu. Then The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]:...
Page 351
Modifying the Notify View Name To modify the Notify View Name parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2. From the Configure SNMPv3 Table menu, type 4 to select Configure 3.
Page 352
Chapter 21: SNMPv3 7. Enter the Security Level configured for this Group Name. You cannot 8. Enter a value that you configured with the View Name parameter in the 9. After making changes, type R until you return to the Main Menu. Then The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]:...
Page 353
Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Access Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2. From the Configure SNMPv3 Table menu, type 4 to select Configure 3.
Page 354
Chapter 21: SNMPv3 7. Enter the Security Level configured for this Group Name. You cannot 8. Select one of the following storage types for this table entry: The following prompt is displayed: Enter Security Level [N-NoAuthNoPriv, A-AuthNoPriv, P-AuthPriv]: change the value of the Security Level parameter. Select one of the following security levels: N-NoAuthNoPriv This option represents no authentication and no privacy protocol.
Page 355
AT-S63 Management Software Menus User’s Guide allowing you to save your changes. Allied Telesis recommends this storage type. 9. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section IV: SNMPv3...
Chapter 21: SNMPv3 Configuring the SNMPv3 SecurityToGroup Table This section contains a description of the SNMPv3 SecurityToGroup Table and how to create, delete, and modify table entries. The SNMPv3 SecurityToGroup Table allows you to associate a User Name with a Group Name.
5. Select the SNMP protocol that was configured for this User Name. Section IV: SNMPv3 The Configure SNMPv3 SecurityToGroup Table menu is shown in Figure 133. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 SecurityToGroup Table Figure 133. Configure SNMPv3 SecurityToGroup Table Menu select Create SNMPv3 Table Entry.
Page 358
Chapter 21: SNMPv3 6. Enter a Group Name that you configured in the SNMPv3 Access Table. 7. Select one of the following storage types for this table entry: 8. After making changes, type R until you return to the Main Menu. Then 3-v3 Select this value to associate the Group Name with the SNMPv3 protocol.
Deleting an You may want to delete an entry from the SNMPv3 SecurityToGroup Table. When you delete an SNMPv3 SecurityToGroup Table entry, there SNMPv3 is no way to undelete, or recover, the entry. SecurityToGroup Table Entry To delete an entry in the SNMPv3 SecurityToGroup Table, perform the following procedure: 1.
Chapter 21: SNMPv3 6. Enter Y to delete this SecurityToGroup entry or N to save the entry. 7. After making changes, type R until you return to the Main Menu. Then Modifying an This section describes how to modify parameters in an SNMPv3 SecurityToGroup Table entry.
6. Enter the Security Model configured for this User Name. You cannot Section IV: SNMPv3 The Modify SecurityToGroup Table is displayed as shown Figure 133. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 SecurityToGroup Table Figure 134. Modify SNMPv3 SecurityToGroup Table Menu...
Page 362
Chapter 21: SNMPv3 7. Enter the new Group Name. 8. After making changes, type R until you return to the Main Menu. Then Modifying the Storage Type To modify the Storage Type in an SNMPv3 SecurityToGroup Table entry, perform the following procedure. 1.
Page 363
6. Enter the Security Model configured for this User Name. You cannot 7. Select one of the following storage types for this table entry: 8. After making changes, type R until you return to the Main Menu. Then Section IV: SNMPv3 change the value of the Security Model parameter.
Chapter 21: SNMPv3 Configuring the SNMPv3 Notify Table This section contains a description of the SNMPv3 Notify Table menu and how to create, delete, and modify table entries. The Configure SNMPv3 Notify Table menu allows you to define a name for sending traps. For each Notify Name, you define if a trap or inform message ia sent.
5. Enter the name of the Notify Tag. 6. Enter one of the following message types: Section IV: SNMPv3 The Configure SNMPv3 Notify Table menu is shown in Figure 135. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 Notify Table Figure 135. Configure SNMPv3 Notify Table Menu Entry.
SNMPv3 Notify Table to the configuration file. After making changes to an SNMPv3 Notify Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
3. To delete an SNMPv3 Notify Table entry, type 2 to select Delete 4. Enter a Notify Name. 5. Enter Y to delete the SNMPv3 Notify Table entry or N to save the entry. 6. After making changes, type R until you return to the Main Menu. Then Modifying an This section describes how to modify parameters in an SNMPv3 Notify Table entry.
7. After making changes, type R until you return to the Main Menu. Then SNMPv3 Table Entry. The Modify SNMPv3 Notify Table menu is shown in Figure 136. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 Notify Table Figure 136. Modify SNMPv3 Notify Table Menu...
Page 369
Modifying a Notify Type To modify the Notify Type parameter in an SNMPv3 Notify Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2. From the Configure SNMPv3 Table menu, type 6 to select Configure 3.
Page 370
SNMPv3 Notify Table to the configuration file. After making changes to an SNMPv3 Notify Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Section IV: SNMPv3...
Page 371
AT-S63 Management Software Menus User’s Guide 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section IV: SNMPv3...
Chapter 21: SNMPv3 Configuring the SNMPv3 Target Address Table This section contains a description of the SNMPv3 Target Address Table menu and how to create, delete, and modify table entries. You use the SNMPv3 Target Address Table menu to assign the IP address of a host that is used for generating notifications.
6. Enter a UDP port. Section IV: SNMPv3 The Configure SNMPv3 Target Address Table menu is shown in Figure 137. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 Target Address Table Figure 137. Configure SNMPv3 Target Address Table Menu select Create SNMPv3 Table Entry.
Page 374
Chapter 21: SNMPv3 7. Enter a timeout value in milliseconds. 8. Enter the number of times the switch will retry, or resend, an Inform 9. Enter a Tag List. 10. Enter a Target Parameters name. 11. Select one of the following storage types for this table entry: The following prompt is displayed: Enter Timeout (10mS): [0 to 2147483647]->...
SNMPv3 Target Address Table to the configuration file. After making changes to an SNMPv3 Target Address entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. Note The Row Status parameter is a read-only field.
Chapter 21: SNMPv3 3. To delete an SNMPv3 Target Address Table entry, type 2 to select 4. Enter a Target Address Name. 5. Enter Y to delete the SNMPv3 Target Address Table entry or N to save 6. After making changes, type R until you return to the Main Menu. Then Modifying an This section describes how to modify parameters in an SNMPv3 Target Address Table entry.
137 on page 373. select Modify SNMPv3 Table Entry. The Modify SNMPv3 Target Address Table menu is shown in Figure 138. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 Target Address Table Figure 138. Modify SNMPv3 Target Address Table Menu Address.
Page 378
Chapter 21: SNMPv3 7. After making changes, type R until you return to the Main Menu. Then Modifying the Target Address UDP Port To modify the Target Address UDP Port parameter in an SNMPv3 Target Address Table entry, perform the following procedure: 1.
Page 379
7. After making changes, type R until you return to the Main Menu. Then Modifying the Target Address Timeout The Target Address Timeout parameter only applies when the message type is an Inform message. To modify the Target Address Timeout parameter in an SNMPv3 Target Address Table entry, perform the following procedure.
Page 380
Chapter 21: SNMPv3 7. After making changes, type R until you return to the Main Menu. Then Modifying the Target Address Retries The Target Address Retries parameter only applies when the message type is an Inform message. To modify the Target Address Retries parameter in an SNMPv3 Target Address Table entry, perform the following procedure.
Page 381
7. After making changes, type R until you return to the Main Menu. Then Modifying the Target Address Tag List To modify the Target Address Tag List parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2.
Page 382
Chapter 21: SNMPv3 6. After making changes, type R until you return to the Main Menu. Then Modifying the Target Parameters Field To modify the Target Parameters field in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2.
Page 383
7. After making changes, type R until you return to the Main Menu. Then Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Target Address Table entry, perform the following procedure. 1. Display the Configure SNMPv3 Table menu by performing steps 1 2.
Page 384
SNMPv3 Target Address entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. 7. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes.
Configuring the SNMPv3 Target Parameters Table This section contains a description of the SNMPv3 Target Parameters Table and how to create, delete, and modify table entries. The SNMPv3 Target Parameters Table links the user security information with the message notification information configured in the Configure SNMPv3 Notify Table menu and Configure SNMPv3 Target Address Table menu.
322. SNMPv3 Target Parameters Table menu. The Configure SNMPv3 Target Parameters Table menu is shown in Figure 139. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure SNMPv3 Target Parameters Table Figure 139. Configure SNMPv3 Target Parameters Table Menu SNMPv3 Table Entry.
Page 387
5. Enter a User Name. 6. Select one of the following SNMP protocols as the Security Model for 7. Select one of the following Security Levels: Section IV: SNMPv3 Note You are prompted to enter a value for the Message Processing Model parameter only if you select SNMPv1 or SNMPv2c as the Security Model.
Page 388
Chapter 21: SNMPv3 8. Select one of the following storage types for this table entry: N-NoAuthNoPriv This option represents no authentication and no privacy protocol. Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol.
9. After making changes, type R until you return to the Main Menu. Then Deleting an You may want to delete an entry from the SNMPv3 Target Parameters Table. When you delete an SNMPv3 Target Parameters Table entry, there SNMPv3 Target is no way to undelete, or recover, the entry.
Chapter 21: SNMPv3 Modifying an This section provides procedures for modifying parameters in an SNMPv3 Target Parameters Table entry. The parameter values configured in the SNMPv3 Target Target Parameters Table must match those configured in the other tables. Parameters Table For a more detailed explanation, see “Creating an SNMPv3 Target Entry Parameters Table Entry”...
Figure 139. select Modify SNMPv3 Table Entry. The Modify SNMPv3 Target Parameters Table menu is shown in Figure 140. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify SNMPv3 Target Parameters Table Figure 140. Modify SNMPv3 Target Parameters Table Menu AT-S63 Management Software Menus User’s Guide...
Page 392
Chapter 21: SNMPv3 4. To change the Security Name parameter, type 1 to select Set Security 5. Enter a previously configured Target Parameters Name. 6. Enter a User Name. 7. After making changes, type R until you return to the Main Menu. Then Modifying the Security Model For the Security or User Name you have selected, the value of the Security Model parameter in an SNMPv3 Target Parameter Table entry...
Page 393
3. From the Configure SNMPv3 Target Parameters Table menu, type 3 to 4. To change the Security Model, type 2 to select Security Model. 5. Enter a previously configured Target Parameters Name. 6. Select one of the following SNMP protocols that was previously 7.
Page 394
Chapter 21: SNMPv3 2. From the Configure SNMPv3 Table menu, type 8 to select Configure 3. From the Configure SNMPv3 Target Parameters Table menu, type 3 to 4. To modify the Security Level, type 3 to select Set Security Level. 5.
Page 395
7. After making changes, type R until you return to the Main Menu. Then Modifying the Message Process Model You can modify the Message Process Model for SNMPv1 and SNMPv2c protocol configurations only. When you configure the SNMPv3 protocol, the Message Process Model is automatically assigned to the SNMPv3 protocol.
Page 396
Chapter 21: SNMPv3 5. Enter a previously configured Target Parameters Name. 6. Select one of the following SNMP protocols that is used to process, or 7. After making changes, type R until you return to the Main Menu. Then Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Target Parameter Table entry, perform the following procedure.
Page 397
5. Enter a previously configured Target Parameters Name. 6. Select one of the following storage types for this table entry: 7. After making changes, type R until you return to the Main Menu. Then Section IV: SNMPv3 Enter a value of up to 32 alphanumeric characters. The following prompt is displayed: Enter Storage Type [V-Volatile, N-NonVolatile]: V - Volatile...
Table allows you to create SNMPv1 and SNMPv2c Communities using the SNMPv3 Tables. Allied Telesis does not recommend that you use the menu described in this section to configure SNMPv1 and SNMPv2c communities. Instead, use the procedures described in “Enabling or Disabling SNMP Management”...
In addition, you can display the entries configured with the Configure SNMPv1 & SNMPv2c Community menu in the Configure SNMPv3 Community Table menu. However, you cannot modify an SNMPv1 & SNMPv2c Community Table entry with the Configure SNMPv3 Community Table menu. There are three functions you can perform with the Configure SNMPv3 Target Parameters Table menu.
The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry. This parameter is case sensitive. Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel.
Page 401
SNMPv3 Community Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. AT-S63 Management Software Menus User’s Guide...
Chapter 21: SNMPv3 9. After making changes, type R until you return to the Main Menu. Then Deleting an You may want to delete an entry from the SNMPv3 Community Table. When you delete an entry in the SNMPv3 Community Table, there is no SNMPv3 way to undelete or recover the entry.
Modifying an For each entry in the SNMPv3 Community Table, you can modify the following parameters: SNMPv3 Community Table Entry However, you cannot modify the Community Index parameter. Although you can display the SNMPv1 and SNMPv2c configuration created with the procedures described in “Creating an SNMP Community String”...
SNMPv3 Community Table entry. This parameter is case sensitive. Enter a value of up to 64 alphanumeric characters. Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel.
Page 405
Modifying the Security Name To modify the Security Name parameter in an SNMPv3 Community Table entry, perform the following procedure: 1. Display the Configure SNMPv3 Table menu by performing steps 1 2. From the Configure SNMPv3 Table menu, type 9 to select Configure 3.
Page 406
Chapter 21: SNMPv3 2. From the Configure SNMPv3 Table menu, type 9 to select Configure 3. From the Configure SNMPv3 Community Table, type 3 to select Modify 4. To change the Transport Tag, type 3 to select Set Transport Tag. 5.
Page 407
SNMPv3 Community Table entry with a NonVolatile storage type, the S - Save Configuration Changes option appears on the Main Menu, allowing you to save your changes. Allied Telesis recommends this storage type. type S to select Save Configuration Changes.
Chapter 21: SNMPv3 Displaying SNMPv3 Table Menus The procedures in this section describe how to display the SNMPv3 Tables. The following procedures are provided: Displaying the This section describes how to display the Display SNMPv3 User Table menu. For information about the SNMPv3 User Table, see “Creating an Display SNMPv3 SNMPv3 User Table Entry”...
R - Return to Previous Menu Enter your selection? Section IV: SNMPv3 The Display SNMPv3 Table menu is shown in Figure 143. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 Table Figure 143. Display SNMPv3 Table Menu SNMPv3 User Table.
408. Or, from the Main menu type 5->5->6. SNMPv3 View Table. The Display SNMPv3 View Table menu is shown in Figure 145. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 View Table Figure 145. Display SNMPv3 View Table Menu...
408. Or, from the Main menu type 5->5->6. SNMPv3 Access Table. The Display SNMPv3 Access Table menu is shown in Figure 146. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 Access Table Figure 146. Display SNMPv3 Access Table Menu through 3 in “Displaying the Display SNMPv3 User Table Menu”...
R - Return to Previous Menu Enter your selection? The Display SNMPv3 SecurityToGroup Table menu is shown in Figure 147. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 SecurityToGroup Table Figure 147. Display SNMPv3 SecurityToGroup Table Menu through 3 in “Displaying the Display SNMPv3 User Table Menu” on page 408.
408. Or, from the Main menu type 5->5->6. SNMPv3 Target Address Table. The Display SNMPv3 Target Address Table menu is shown in Figure 147. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 Target Address Table Figure 149. Display SNMPv3 Target Address Table Menu through 3 in “Displaying the Display SNMPv3 User Table Menu”...
2. From the Display SNMPv3 Table menu, type 8 to select Display The Display SNMPv3 Target Parameters Table menu is shown in Figure 147. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display SNMPv3 Target Parameters Table Figure 150. Display SNMPv3 Target Parameters Table Menu through 3 in “Displaying the Display SNMPv3 User Table Menu”...
AT-S63 Management Software Menus User’s Guide The Display SNMPv3 Community Table menu is shown in Figure 147. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager 11:20:02 02-Mar-2005 Display SNMPv3 Community Table Community Index ... atiindex14 Community Name ... sunnyvale Security Name ... hoa Transport Tag...
Spanning Tree Protocols The chapters in this section contain overview information on the different spanning tree protocols supported on the AT-9400 Switch. The chapters also explain how to configure the spanning tree protocols from the menu interface of the AT-S63 Management Software. The chapters include: Chapter 22, “Spanning Tree and Rapid Spanning Tree Protocols”...
Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols This chapter provides background information on the Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters.
2. To change the active version of spanning tree on the switch, type 2 to 3. Type S to select STP or R to select RSTP, or M to select MSTP. The Spanning Tree Configuration menu is shown in Figure 152. Allied Telesis AT-9424T/SP - AT-S63 Marketing Spanning Tree Configuration Figure 152.
Page 421
4. If you selected STP as the active spanning tree protocol, go to 5. To enable or disable spanning tree, type 1 to select Spanning Tree 6. Type E to enable spanning tree or D to disable it. The default is 7.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Configuring STP This section contains the following procedures: Configuring STP This section contains the procedure for configuring a bridge’s STP settings. Bridge Settings To configure the bridge settings, perform the following procedure: 1.
Enter your selection? 3. Adjust the following parameters as needed. Section V: Spanning Tree Protocols Configure Active Protocol. The STP menu is shown in Figure 153. Allied Telesis AT-9424T/SP - AT-S63 Marketing STP Menu Figure 153. STP Menu The bridge hello time, bridge forwarding, and bridge max age parameters will have two values if STP is enabled on the switch (for example, Bridge Forwarding ..
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Table 5. Bridge Priority Value Increments Bridge Increment Priority 4096 8192 12288 16384 20480 24576 28672 2 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge. This parameter can be from 1 to 10 seconds. The default is 2 seconds.
4. After making changes, type R until you return to the Main Menu. Then 5. To change STP port settings, go to the next procedure. Configuring STP To adjust STP port parameters, perform the following procedure: Port Settings 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2.
R - Return to Previous Menu Enter your selection? 7. Adjust the following parameters as needed. The STP Port Parameters menu is shown in Figure 154. Allied Telesis AT-9424T/SP - AT-S63 Marketing STP Port Parameters Figure 154. STP Port Parameters Menu The following prompt is displayed: Start Port to Configure [1 to 26] ->...
Section V: Spanning Tree Protocols 1 - Port Priority This parameter is used as a tie breaker when two or more ports have equal costs to the root bridge. The range is 0 to 240 in increments of 16. The default value is 8 (priority value 128). Table 6 lists the increments.
The STP menu is shown in Figure 153 on page 423. The STP Port Parameters menu is shown in Figure 154 on page 426. Port Configuration. The Display STP Port Configuration menu is shown in Figure 156. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display STP Port Configuration State...
Resetting STP to To reset STP to the default settings, perform the following procedure: the Default 1. From the Main Menu, type 3 to select Spanning Tree Configuration. Settings 2. From the Spanning Tree Configuration menu, type 3 to select 3.
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Configuring RSTP This section contains the following procedures: Configuring This section contains the procedure for configuring a bridge’s RSTP settings. RSTP Bridge Settings To configure the RSTP bridge settings, perform the following procedure: 1.
Enter your selection? 3. Adjust the following parameters as necessary. Section V: Spanning Tree Protocols Configure Active Protocol. The RSTP menu is shown in Figure 157. Allied Telesis AT-9424T/SP - AT-S63 Marketing RSTP Menu Figure 157. RSTP Menu The bridge hello time, bridge forwarding, and bridge max age parameters will have two values if RSTP is enabled on the switch (for example, Bridge Forwarding..15/15).
Page 432
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols 4096, with 0 being the highest priority. For a list of the increments, refer to Table 5 on page 424. 3 - Bridge Hello Time The time interval between generating and sending configuration messages by the bridge.
The RSTP menu is shown in Figure 153 on page 423. Configuration. The STP menu is shown in Figure 153 on page 423. The RSTP Port Parameters menu is shown in Figure 158. Allied Telesis AT-9424T/SP - AT-S63 Marketing RSTP Port Parameters Figure 158. RSTP Port Parameters Menu is displayed: Starting Port to Configure [1 to 24] ->...
To configure a range of ports, enter the last port of the range. The Configure RSTP Port Settings menu is shown in Figure 159. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure RSTP Port Settings Figure 159. Configure RSTP Port Settings Menu...
9. After making changes, type R until you return to the Main Menu. Then Displaying the To display the RSTP port configuration, perform the following procedure: RSTP Port 1. From the Main Menu, type 3 to select Spanning Tree Configuration. Configuration 2.
N - Next Page U - Update Display R - Return to Previous Menu Enter your selection? The Display RSTP Port Configuration menu is shown in Figure 160. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display RSTP Port Configuration Auto Detect Auto Detect...
The RSTP menu is shown in Figure 153 on page 423. The RSTP Port Parameters menu is shown in Figure 158 on page 433. Port State. The Display RSTP Port State menu is shown in Figure 161. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display RSTP Port State Role...
Chapter 22: Spanning Tree and Rapid Spanning Tree Protocols Resetting RSTP To reset RSTP to the default settings, perform the following procedure: to the Default 1. From the Main Menu, type 3 to select Spanning Tree Configuration. Settings 2. From the Spanning Tree Configuration menu, type 3 to select 3.
Chapter 23 Multiple Spanning Tree Protocol This chapter contains the procedures for configuring the Multiple Spanning Tree Protocol (MSTP). The sections in this chapter include: “Selecting MSTP as the Active Spanning Tree Protocol” on page 440 “Configuring MSTP Bridge Settings” on page 441 “Configuring the CIST Priority”...
Chapter 23: Multiple Spanning Tree Protocol Selecting MSTP as the Active Spanning Tree Protocol To select and activate MSTP as the active spanning tree protocol on the switch, or to disable spanning tree, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2.
The Spanning Tree Configuration menu is shown in Figure 152 on page 420. Protocol. The MSTP menu is shown in Figure 162. Allied Telesis AT-9424T/SP - AT-S63 Marketing MSTP Configuration Figure 162. MSTP Configuration Menu The hello time, forwarding delay, and max age parameters have two values when MSTP is enabled on the switch (for example, Forwarding Delay ..
Page 442
Chapter 23: Multiple Spanning Tree Protocol 3. Configure the following parameters as necessary. 1 - Force Version This selection determines whether the bridge operates with MSTP or in an STP-compatible mode. If you select MSTP, the bridge operates all ports in MSTP, except for those ports that receive STP or RSTP BPDU packets.
Page 443
Section V: Spanning Tree Protocols bridge within a MSTP region. After the counter reaches zero, the BPDU is deleted. The counter is reset to its original value if a BPDU crosses a MSTP regional boundary. 6 - Configuration Name The name of the MSTP region. The range is 0 (zero) to 32 alphanumeric characters in length.
Page 444
Chapter 23: Multiple Spanning Tree Protocol 4. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section V: Spanning Tree Protocols...
420. Configure Active Protocol. The MSTP menu is shown in Figure 162 on page 441. The CIST menu is shown in Figure 163. Allied Telesis AT-9424T/SP - AT-S63 Marketing CIST Menu Figure 163. CIST Menu The CIST Priority field in the menu displays the current value for this MSTP parameter.
Page 446
Chapter 23: Multiple Spanning Tree Protocol 5. Enter the increment that represents the new CIST priority value. The 6. After making changes, type R until you return to the Main Menu. Then The following prompt is displayed: Enter new priority [the value will be multiplied by 4096]: [0 to 15] ->...
The Spanning Tree Configuration menu is shown in Figure 152 on page 420. Configure Active Protocol. The MSTP menu is shown in Figure 162 on page 441. The MSTI menu is shown in Figure 164. Allied Telesis AT-9424T/SP - AT-S63 Marketing MSTI Menu 00A0D2 1454B3 00A0D2 1454B3 Figure 164.
Page 448
Chapter 23: Multiple Spanning Tree Protocol Path Cost Specifies the path cost from the bridge to the regional root. If the bridge is the regional root, the value is 0. Associated VLANs Specifies the VIDs of the VLANs that have been associated with the MSTI ID.
Creating, Deleting, and Modifying MSTI IDs The following sections contain procedures for working with MSTI IDs: Creating an To create an MSTI ID, perform the following procedure: MSTI ID 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2.
Chapter 23: Multiple Spanning Tree Protocol 8. After making changes, type R until you return to the Main Menu. Then Deleting an MSTI To delete an MSTI ID, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2.
Page 451
5. Enter the MSTP IDs that you want to modify. The range is 1 to 15. You 6. Enter a new MSTI priority number for this MSTI on the bridge. This 7. After making changes, type R until you return to the Main Menu. Then Section V: Spanning Tree Protocols The following prompt is displayed: Enter the MSTI ID to be modified: [1 to 15] ->...
Chapter 23: Multiple Spanning Tree Protocol Adding, Removing, and Modifying VLAN Associations to MSTI IDs When you create a new MSTI ID, you are given the opportunity of associating VLANs to it. But after an MSTI ID is created, you may want to add more VLANs to it, or perhaps remove VLANs.
2. From the Spanning Tree Configuration menu, type 3 to select 3. From the MSTP menu, type M to select MSTI menu. Section V: Spanning Tree Protocols The VLAN-MSTI Association menu is shown in Figure 165. Allied Telesis AT-9424T/SP - AT-S63 Marketing VLAN-MSTI Association Menu Associated VLANs 7,22 Figure 165.
Chapter 23: Multiple Spanning Tree Protocol 4. From the MSTP menu, type V to select VLAN-MSTI Association menu. 5. From the VLAN-MSTI Association menu, type 1 to select Add VLANs 6. Enter the MSTI ID to which you want to associate a VLAN. 7.
6. Enter the MSTI ID to which you want to associate a VLAN. 7. Enter the VLAN ID of the virtual LAN that you want to remove from the 8. After making changes, type R until you return to the Main Menu. Then Associating To associate VLANs to an MSTP ID while deleting all VLANs that are already associated with it, perform the following procedure:...
Chapter 23: Multiple Spanning Tree Protocol 8. Enter the VLAN ID of the virtual LAN that you want to associate with 9. After making changes, type R until you return to the Main Menu. Then Clearing VLAN To clear VLAN to MSTI associations, perform the following procedure: to MSTI 1.
Configuring MSTP Port Settings The MSTP port settings are divided into two groups. The parameters in the first group are set just once on a port, regardless of the number of MSTIs in which a port is a member. These settings are: The procedure for setting these parameters is in “Configuring Generic MSTP Port Settings,”...
3 - Edge Port ... Yes R - Return to Previous Menu Enter your selection? The MSTP Port Parameters menu is shown in Figure 166. Allied Telesis AT-9424T/SP - AT-S63 Marketing MSTP Port Parameters Figure 166. MSTP Port Parameters Menu Generic Port Settings.
7. Adjust the following parameters as necessary: 8. After making changes, type R until you return to the Main Menu. Then Section V: Spanning Tree Protocols 1- Port External Path Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP.
Chapter 23: Multiple Spanning Tree Protocol Configuring This procedure explains how to set a port’s priority and internal path cost. These parameters can be set independently on a port for each MSTI in MSTI-specific which a port is a member. To configure the parameters, perform the Port Parameters following procedure: 1.
8. Adjust the following parameters as necessary: Section V: Spanning Tree Protocols Configure Per Spanning Tree Port Settings Menu is shown in Figure 168. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Per Spanning Tree Port Settings Figure 168. Configure Per Spanning Tree Port Settings Menu The Spanning Tree List displays the ID numbers of the MSTIs you specified.
Chapter 23: Multiple Spanning Tree Protocol 9. After making changes, type R until you return to the Main Menu. Then Table 14 lists the RSTP port costs with Auto-Detect when the port is part of a port trunk. Table 14. RSTP Auto-Detect Port Trunk Costs Port Speed 10 Mbps 100 Mbps...
The MSTP menu is shown in Figure 162 on page 441. The MSTP Port Parameters menu is shown in Figure 166 on page 458. Port Configuration. The Display MSTP Port Configuration menu is shown in Figure 169. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display MSTP Port Configuration Auto-Detect Auto-Detect...
Page 464
Chapter 23: Multiple Spanning Tree Protocol The Display MSTP Port Configuration menu displays a table that contains the following columns of information: Port The port number. Edge-Port Whether or not the port is functioning as an edge port. The possible settings are Yes and No.
Displaying the MSTP Port State To display the MSTP port state, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2. From the Spanning Tree Configuration menu, type 3 to select 3. From the MSTP menu, type P to select MSTP Port Parameters. 4.
N - Next Page U - Update Display R - Return to Previous Menu Enter your selection? The Display MSTP Port State menu is shown in Figure 170. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display MSTP Port State Role Version...
Page 467
AT-S63 Management Software Menus User’s Guide Backup - The port on a designated switch that provides a backup for the path provided by the designated port. Designated - The port on the designated switch for a LAN that has the least cost path to the root switch.
Chapter 23: Multiple Spanning Tree Protocol Resetting MSTP to the Defaults To reset MSTP to the defaults, perform the following procedure: 1. From the Main Menu, type 3 to select Spanning Tree Configuration. 2. From the Spanning Tree Configuration menu, type 3 to select Configure 3.
Virtual LANs The chapters in this section contain overview information on the different types of virtual LANs supported by the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software. The chapters include: Section VI: Virtual LANs Chapter 24, “Port-based and Tagged VLANs”...
Chapter 24 Port-based and Tagged VLANs This chapter contains basic information about virtual LANs (VLANs) and procedures for creating, modifying, and deleting VLANs from a local or Telnet management session. This chapter contains the following sections: Section VI: Virtual LANs “Creating a Port-based or Tagged VLAN”...
R - Return to Previous Menu Enter your selection? 2. From the VLAN Configuration menu, type 3 to select Configure The VLAN Configuration menu is shown in Figure 171. Allied Telesis AT-9424T/SP - AT-S63 Marketing VLAN Configuration Figure 171. VLAN Configuration Menu VLANs.
4. Type 1 to select VLAN Name. 5. Type a name for the new VLAN. Section VI: Virtual LANs The Configure VLANs menu is shown in Figure 172. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure VLANs Figure 172. Configure VLANs Menu The Create VLAN menu is shown in Figure 173.
Page 474
VLANs that exist on the device, and not those that might already be in use in the network. For example, if you add a new AT-9400 Switch to a network that already contains VLANs that use VIDs 2 through 24, the...
Page 475
9. If the VLAN will contain tagged ports, type 4 to select Tagged Ports 10. Type 5 to select Untagged Ports and specify the ports on the switch to 11. Type C to select Create VLAN. The following message is displayed: 12.
Page 476
Chapter 24: Port-based and Tagged VLANs Note Untagged ports of a new VLAN are automatically removed from their current untagged VLAN assignment. For example, if you are creating a new VLAN on a switch that contains only the Default_VLAN, the untagged ports of the new VLAN are automatically removed from the Default_VLAN.
Example of Creating a Port-based VLAN This procedure is an example of how to create an untagged VLAN. The specifications of the VLAN are: To create this VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2.
Page 478
Chapter 24: Port-based and Tagged VLANs The new Sales VLAN has now been created. Section VI: Virtual LANs...
Example of Creating a Tagged VLAN This procedure is an example of how to create a tagged VLAN. The specifications of the example VLAN are: To create the Engineering VLAN, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2.
Page 480
Chapter 24: Port-based and Tagged VLANs The new Engineering VLAN has now been created. Section VI: Virtual LANs...
The VLAN Configuration menu is shown in Figure 171 on page 472. VLANs. The Configure VLANs menu is shown in Figure 172 on page 473. The Modify VLAN menu is shown in Figure 174. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify VLAN Figure 174. Modify VLAN Menu...
Enter your selection? 6. Adjust the following parameters as necessary. The Modify VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 175. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify VLAN Figure 175. Expanded Modify VLAN Menu 1 - VLAN Name This parameter changes the name of a VLAN.
Page 483
7. After making the desired changes, type M to select Modify VLAN. Section VI: Virtual LANs 4 - Tagged Ports Use this selection to add or remove tagged ports from the VLAN. You can specify the ports individually (e.g., 2,3,5), as a range (e.g., 7-9), or both (e.g., 2,5,7-9).
Page 484
Chapter 24: Port-based and Tagged VLANs 8. Press any key. 9. Repeat this procedure starting with Step 4 to modify other VLANs. 10. To permanently save your changes, return to the Main Menu and type If you added or removed from the VLAN a port with one or more static MAC addresses assigned to it, you must update the static addresses by deleting their entries from the MAC address table and reentering them again using the VID of the VLAN to which the port has been...
R - Return to Previous Menu Enter your selection? Section VI: Virtual LANs The VLAN Configuration menu is shown in Figure 171 on page 472. The Show VLANs menu is shown in Figure 176. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show VLANs VLAN Type Protocol...
Page 486
Chapter 24: Port-based and Tagged VLANs VLAN Name Name of the VLAN. VLAN Type The VLAN type. The possible settings are: Port Based - The VLAN is a port-based or tagged VLAN. MAC Based - The VLAN is a MAC address-based VLAN. Protected - The VLAN is a protected ports VLAN.
The VLAN Configuration menu is shown in Figure 171 on page 472. VLANs. The Configure VLANs menu is shown in Figure 172 on page 473. The Delete VLAN menu is shown in Figure 177. Allied Telesis AT-9424T/SP - AT-S63 Marketing Delete VLAN Figure 177. Delete VLAN Menu AT-S63 Management Software Menus User’s Guide...
The Delete VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 178. You can use this menu to confirm that you are deleting the correct VLAN. Allied Telesis AT-9424T/SP - AT-S63 Marketing Delete VLAN Figure 178.
Page 489
AT-S63 Management Software Menus User’s Guide 8. Press any key. 9. Repeat this procedure starting with Step 4 to delete other VLANs. 10. To permanently save your changes, return to the Main Menu and type S to select Save Configuration Changes. Section VI: Virtual LANs...
Chapter 24: Port-based and Tagged VLANs Deleting All VLANs The following procedure deletes all port-based, tagged, protected ports, and MAC address-based VLANs on a switch. To delete selected VLANs, perform the procedure in “Deleting a Port-based or Tagged VLAN” on page 487.
Page 491
5. Press any key. 6. To permanently save your changes, return to the Main Menu and type Section VI: Virtual LANs Any static addresses assigned to the ports of the VLANs are now obsolete, except for the Default_VLAN, because the VLANs have been deleted.
R - Return to Previous Menu Enter your selection? The VLAN Configuration menu is shown in Figure 171 on page 472. The Show PVIDs menu is shown in Figure 179. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show PVIDs PVID Figure 179. Show PVIDs Menu The PVID column displays the current PVID value for each switch port.
AT-S63 Management Software Menus User’s Guide Enabling or Disabling Ingress Filtering There are rules a switch follows when it receives and forwards an Ethernet frame. There are rules for frames as they enter a port (called ingress rules) and rules for when a frame is transmitted out a port (called egress rules). A switch does not accept and forward a frame unless the frame passes the ingress and egress rules.
Page 494
Chapter 24: Port-based and Tagged VLANs In most cases, you will probably want to leave ingress filtering activated on the switch, which is the default. You can enable or disable ingress filtering on a per switch basis. You cannot set this per port. To enable or disable ingress filtering, perform the following procedure: 1.
Chapter 25 GARP VLAN Registration Protocol This chapter describes the GARP VLAN Registration Protocol (GVRP) and contains the following sections: Section VI: Virtual LANs “Configuring GVRP” on page 496 “Enabling or Disabling GVRP on a Port” on page 498 “Converting a Dynamic GVRP VLAN” on page 500 “Displaying the GVRP Port Configuration”...
The VLAN Configuration menu is shown in Figure 171 on page 472. GVRP. The GARP-GVRP menu is shown in Figure 180. Allied Telesis AT-9424T/SP - AT-S63 Marketing GARP-GVRP Figure 180. GARP-GVRP Menu Note Selection 8, Configure GARP-GVRP, is not shown in the VLAN Configuration menu when the VLAN mode is multiple VLANs.
Page 497
4. Type E to enable GVRP or D to disable GVRP. The default setting is 5. Type 2 to select GVRP GIP Status. 6. Type E to enable GIP or D to disable GIP. 7. Type 3 to select GVRP Join Timer. 8.
Enter your selection? 4. From the GVRP Port Parameters menu, type 1 to select Configure Note Allied Telesis recommends disabling GVRP on unused ports and those ports connected to GVRP-inactive devices for protection against unauthorized access to restricted areas of your network.
Section VI: Virtual LANs The following prompt is displayed: Enter port-list: The Configure GVRP Port Settings menu is shown in Figure 182. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure GVRP Port Settings Figure 182. Configure GVRP Port Settings Menu The following prompt is displayed: Enter mode (0-Normal, 1-None): [0 to 1] ->...
Chapter 25: GARP VLAN Registration Protocol Converting a Dynamic GVRP VLAN This procedure converts a dynamic GVRP VLAN into a static VLAN. You can perform this procedure to permanently retain the VLANs the switch learned through GVRP. To convert a dynamic GVRP VLAN to a static VLAN, perform the following procedure: 1.
The GARP-GVRP menu is shown in Figure 180 on page 496. Port Configuration. The Display GVRP Port Configuration menu is shown in Figure 183. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display GVRP Port Configuration Figure 183. Display GVRP Port Configuration Menu...
GVRP. The GARP-GVRP menu is shown in Figure 180 on page 496. Parameters. The Other GVRP Parameters menu is shown in Figure 184. Allied Telesis AT-9424T/SP - AT-S63 Marketing Other GVRP Parameters Figure 184. Other GVRP Parameters Menu GVRP Counters.
Next Page. The second menu is shown in Figure 186. The information in both menus is for display purposes only. Section VI: Virtual LANs The GVRP Counters menu (page 1) is shown in Figure 185. Allied Telesis AT-9424T/SP - AT-S63 Marketing GVRP Counters Transmit:...
Parameters menu. The Other GARP Port Parameters menu is shown in Figure 184 on page 502. GVRP Database The GVRP Database menu is shown in Figure 187. Allied Telesis AT-9424T/SP - AT-S63 Marketing GVRP Database VLAN ID Used GID index Figure 187.
Page 508
Chapter 25: GARP VLAN Registration Protocol begin at 0. If the GARP application has no attributes presently registered, “No attributes have been registered” is displayed. VLAN ID The VLAN ID. Used Indicates whether the GID index is currently being used by any port in the GARP application.
The Other GARP Parameters menu is shown in Figure 184 on page 502. GIP Connected Ports Ring. The GIP Connected Ports Ring menu is shown in Figure 188. Allied Telesis AT-9424T/SP - AT-S63 Marketing GIP Connected Ports Ring Figure 188. GIP Connected Ports Ring Menu...
Page 510
Chapter 25: GARP VLAN Registration Protocol STP ID Present if the GARP application is GVRP; identifies the spanning tree instance associated with the GIP context. Connected Ring The ring of connected ports. Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP connected ring.
The Other GVRP Parameters menu is shown in Figure 184 on page 502. State Machine. The GVRP State Machine menu (page 1) is shown in Figure 189. Allied Telesis AT-9424T/SP - AT-S63 Marketing GVRP State Machine Figure 189. GVRP State Machine Menu (page 1) AT-S63 Management Software Menus User’s Guide...
R - Return to Previous Menu Enter your selection? Port The GVRP State Machine menu (page 2) is displayed, as shown in Figure 190. Allied Telesis AT-9424T/SP - AT-S63 Marketing GVRP State Machine | Port App Reg | Port App Reg | | 11...
Page 513
App (Continued) Section VI: Virtual LANs Table 16. GVRP State Machine Parameters (Continued) Parameter Applicant state machine for the GID index on that particular port. One of: Normal Participant Management state: “Vo” Very Anxious Observer “Ao” Anxious Observer “Qo” Quiet Observer “Lo”...
Page 514
Chapter 25: GARP VLAN Registration Protocol Table 16. GVRP State Machine Parameters (Continued) Parameter Registrar state machine for the GID index on that particular port. One of: “Mt” Empty “Lv3” Leaving substate 3 (final Leaving substate) “Lv2” Leaving substate 2 “Lv1”...
Chapter 26 Multiple VLAN Modes This chapter contains the following sections: Section VI: Virtual LANs “Selecting a VLAN Mode” on page 516 “Displaying VLAN Information” on page 518...
Chapter 26: Multiple VLAN Modes Selecting a VLAN Mode The following procedure explains how to select a VLAN mode. Available modes are: To select a VLAN mode, perform the following procedure: 1. From the Main Menu, type 2 to select VLAN Configuration. 2.
Page 517
AT-S63 Management Software Menus User’s Guide The new VLAN mode is now active on the switch. 5. To permanently save your changes, return to the Main Menu and type S to select Save Configuration Changes. Section VI: Virtual LANs...
2. From the VLAN Configuration menu, type 5 to select Show Multiple The VLAN Configuration menu (multiple VLAN mode) is shown in Figure 191. Allied Telesis AT-9424T/SP - AT-S63 Marketing VLAN Configuration Figure 191. VLAN Configuration Menu (Multiple VLAN Mode) VLANs.
Section VI: Virtual LANs The Show Multiple VLANs menu is shown in Figure 192. Allied Telesis AT-9424T/SP - AT-S63 Marketing User: Manager Show Multiple VLANs Name Untagged Port ---------------------------------------------------- Client_1 Client_2 Client_3 Client_4 Client_5 Client_6 Client_7 Client_8 N - Next Page...
Chapter 27 Protected Ports VLANs This chapter explains protected ports VLANs. It contains the following sections: Section VI: Virtual LANs “Creating a Protected Ports VLAN” on page 522 “Modifying a Protected Ports VLAN” on page 525 “Displaying a Protected Ports VLAN” on page 528 “Deleting a Protected Ports VLAN”...
4. Type 1 to select VLAN Name. 5. Type a name for the new protected ports VLAN. VLANs. The Create VLAN menu is shown in Figure 193. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create VLAN Figure 193. Create VLAN Menu...
Page 523
VIDs of the VLANs that exist on the device, and not those that might already be in use in the network. For example, if you add a new AT-9400 Switch to a network that already contains VLANs that use VIDs 2 through 24, the AT-S63 Management...
Page 524
Chapter 27: Protected Ports VLANs 13. Enter the port in the VLAN to function as the uplink port for the groups 14. Specify the ports of one of the groups of the protected ports VLAN. 15. Enter a group number for the port(s). Each group on a switch must be 16.
To modify a protected ports VLAN, you have to recreate it. You must reselect the uplink port(s) and reassign the ports to the groups. To make the process easier, Allied Telesis recommends displaying the details of the VLAN before performing this procedure, and writing down on paper the current configuration (i.e., uplink port and port to group...
Enter your selection? 6. Adjust the following parameters as necessary. The Modify VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 194. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify VLAN Figure 194. Expanded Modify VLAN Menu 1 - VLAN Name Use this selection to change the name of a VLAN.
Page 527
7. After making the desired changes, type M to select Modify VLAN. 8. Enter the port to function as the uplink port for the VLAN groups. You 9. Specify the ports of one of the groups of the VLAN. This can be a small 10.
4. Enter the VID of a protected ports VLAN. The VLAN Configuration menu is shown in Figure 171 on page 472. The Show VLANs menu is shown in Figure 195. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show VLANs VLAN Type...
U - Update Display R - Return to Previous Menu Enter your selection? Section VI: Virtual LANs An example of the Show VLANs window is shown in Figure 196. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show VLANs VLAN Type Protocol...
5. Enter the VID of the VLAN to be deleted. You can specify only one VID VLANs. The Configure VLANs menu is shown in Figure 172 on page 473. The Delete VLAN menu is shown in Figure 197. Allied Telesis AT-9424T/SP - AT-S63 Marketing Delete VLAN Figure 197. Delete VLAN Menu The following prompt is displayed: Enter new value ->...
The Delete VLAN menu expands to contain the relevant information about the VLAN. You can use the information to confirm that you are deleting the correct VLAN. An example is shown in Figure 198. Allied Telesis AT-9424T/SP - AT-S63 Marketing Delete VLAN Figure 198.
Chapter 28 MAC Address-based VLANs This chapter contains the procedures for creating MAC address-based VLANs. Sections in the chapter include: Section VI: Virtual LANs “Creating a MAC Address-based VLAN” on page 534 “Adding and Deleting MAC Addresses” on page 536 “Adding and Deleting Egress Ports”...
Chapter 28: MAC Address-based VLANs Creating a MAC Address-based VLAN This is the first stage to creating a MAC address-based VLAN. This procedure assigns the VLAN a name and a VID and sets the VLAN type. After completing this procedure you can add the source MAC addresses to the VLAN, as explained in “Adding and Deleting MAC Addresses”...
Page 535
The switch is only aware of the VIDs of the VLANs on the device and not those that might already exist in the network. For example, if you add a new AT-9400 Switch to a network where there are VLANs that use VIDs 2 through 24, the AT-S63 Management Software still uses...
The Configure VLANs menu is shown in Figure 172 on page 473. The Modify VLAN menu is shown in Figure 174 on page 481. Associations. The MAC Based VLANs menu is shown in Figure 199. Allied Telesis AT-9448T/SP - AT-S63 Marketing MAC Based VLANs Figure 199. MAC Based VLANs Menu...
Page 537
5. To add a MAC address to a MAC address-based VLAN, type 1 to Please enter VLAN ID -> [1 to 4094] -> 2 6. Enter the VID of the MAC address-based VLAN where you want to add 7. Enter the MAC address to add to or delete from the VLAN. You can 8.
Chapter 28: MAC Address-based VLANs Adding and Deleting Egress Ports This procedure explains how to add and delete egress ports from the MAC addresses in a MAC address-based VLAN. Before adding egress ports to a MAC address, review the following: To add or delete egress ports from a MAC address, perform the following procedure: 1.
Page 539
7. Enter the MAC address where you want to add or delete an egress 8. Enter the egress port for the address. You can specify more than one 9. To add or delete more egress ports, repeat this procedure starting with 10.
The VLAN Configuration menu is shown in Figure 171 on page 472. VLANs. The Configure VLANs menu is shown in Figure 172 on page 473. The Delete VLAN menu is shown in Figure 200. Allied Telesis AT-9448T/SP - AT-S63 Marketing Delete VLAN Figure 200. Delete VLAN Menu The following prompt is displayed: Enter new value ->...
The Delete VLAN menu expands to contain all relevant information about the VLAN, as shown in Figure 201. You can use this menu to confirm that you are deleting the correct VLAN. Allied Telesis AT-9448T/SP - AT-S63 Marketing Delete VLAN Figure 201.
R - Return to Previous Menu Enter your selection? The VLAN Configuration menu is shown in Figure 171 on page 472. The Show VLANs menu is shown in Figure 202. Allied Telesis AT-9448T/SP - AT-S63 Marketing Show VLANs VLAN Type...
MAC address-based VLAN. based VLAN, type D to select Detail Information Display. The following prompt is displayed: Enter VLAN ID [2 to 4094] -> 2 shown in Figure 203. Allied Telesis AT-9448T/SP - AT-S63 Marketing Detail Information Display VLAN Type Protocol...
Page 544
Chapter 28: MAC Address-based VLANs The lower portion of the display lists the MAC addresses of the VLAN and the egress ports. Section VI: Virtual LANs...
Section VII Internet Protocol Routing The chapter in this section contains the procedures for managing routing interfaces of the Internet Protocol version 4 (IPv4) packet routing feature. The chapter is: Chapter 29, “Internet Protocol Version 4 Routing Interfaces” on page Section VII: Internet Protocol Routing...
Page 546
Section VII: Internet Protocol Routing...
Chapter 29 Internet Protocol Version 4 Routing Interfaces This chapter contains the following procedures for managing Internet Protocol Version 4 (IPv4) routing interfaces: “Creating a New Routing Interface” on page 548 “Modifying a Routing Interface” on page 551 “Deleting a Routing Interface” on page 554 “Displaying the IP Address of the Local Interface”...
R - Return to Previous Menu Enter your selection? Configuration. Interface. The Configure Interface menu lists the current routing interfaces on the switch. An example is shown in Figure 204. Allied Telesis AT-9424Ts - AT-S63 Marketing Configure Interface IPAddress 149.123.11.21 149.55.12.15 149.55.13.2...
The status of the interface. The status “UP” means the VLAN of the interface has at least one active port. The status “DOWN” means the VLAN has no active ports. The Create Interface menu is shown in Figure 205. Allied Telesis AT-9424Ts - AT-S63 Marketing Create Interface Figure 205. Create Interface Menu...
Page 550
Chapter 29: Internet Protocol Version 4 Routing Interfaces 8. Enter a static IP address for the new interface or enter “DHCP” or 9. To change the default subnet mask for a static IP address, type 3 to 10. Enter a subnet mask for the static address of the interface. The default 11.
Modifying a Routing Interface This procedure modifies the IP address and subnet mask of a routing interface. Note the following before performing this procedure: To modify a routing interface, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2.
9. Enter a new subnet mask for the static address of the interface. The The specifications of the interface are displayed in the Modify Interface menu. An example is shown in Figure 205. Allied Telesis AT-9424Ts - AT-S63 Marketing Modify Interface Figure 206.
Page 553
10. Type M to select Modify Interface. 11. Press any key. 12. To modify another routing interface, repeat this procedure starting with 13. To permanently save your change, return to the Main Menu and type S Section VII: Internet Protocol Routing The following prompt is displayed: Interface Modified Successfully? Press any key to continue...
Chapter 29: Internet Protocol Version 4 Routing Interfaces Deleting a Routing Interface This procedure deletes a routing interface from the switch. Note the following before performing this command: To delete a routing interface, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2.
Displaying the IP Address of the Local Interface This procedure displays the IP address and subnet mask of the local interface on the switch. The local interface is used for remote Telnet, SSH, and web browser management of the switch. On the master switch of an enhanced stack, the local interface also designates the common VLAN of the switches.
For an AT-9400 Switch that does not support the IPv4 packet routing feature, such as the AT-9424T/GB and AT-9424T/SP switches, you can define the default gateway from the menus interface. The default gateway is the IP address of a router interface on your network.
Setting the Local Interface This procedure designates the local interface of a switch. The local interface is used for remote Telnet, SSH, and web browser management of the switch. On the master switch of an enhanced stack, the local interface also designates the common VLAN of the switches. A switch can have only one local interface.
Chapter 29: Internet Protocol Version 4 Routing Interfaces Setting the ARP Cache Timeout The ARP cache contains mappings of IP addresses to physical addresses for hosts where the switch has recently routed packets. To have an entry in the ARP cache, a host must have attempted to access another host, and it must have found the physical address by using the ARP protocol.
Port Security The chapters in this section contain overview information on the port security features of the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software. The chapters include: Chapter 30, “MAC Address-based Port Security”...
Chapter 30 MAC Address-based Port Security This chapter explains how you can use the dynamic and static MAC addresses learned or manually added to the switch’s MAC address table to control which end nodes can forward packets through the device. The sections in this chapter include: “Configuring MAC Address Port Security”...
D - Set Default Port Security R - Return to Previous Menu Enter your selection? The Port Security menu is shown in Figure 207. Allied Telesis AT-9424T/SP - AT-S63 Marketing Port Security Figure 207. Port Security Menu The following prompt is displayed: Enter Port-List: can specify one port or a range or ports (for example, 4-8).
Page 563
5. From the Configure Port Security menu, type 1 to select Security 6. Select the desired security level. 7. Do one of the following: Section VIII: Port Security The menu displays the current security level on the selected port. If you are configuring a range of ports and the ports have different security levels, the menu displays the security level of the lowest number port.
Configure Port Security menu, as shown in Figure 209. Continue with Step 8 for instructions on configuring a port operating under the Limited security level. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Port Security Figure 209. Configure Port Security Menu #2 the port to be able to learn, do the following: a.
Page 565
10. If you selected the trap or disable intrusion action, type 4 to toggle the 11. To permanently save your change, return to the Main Menu and type S Section VIII: Port Security Port Participating option to Yes. Option 3, Port Participating, only applies when the intrusion action is set to trap or disable.
R - Return to Previous Menu Enter your selection? The Port Security menu is shown in Figure 207 on page 562. The Display Port Security menu is shown in Figure 210. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Port Security Intruder Action Participating...
Page 567
Section VIII: Port Security Intruder Action The action taken by a port if it receives an invalid frame while operating in the Limited security mode. The possible settings are: Discard - The port discards invalid frames. This is the default. Trap - The port discards invalid frames and sends a trap.
Page 568
Chapter 30: MAC Address-based Port Security Section VIII: Port Security...
Chapter 31 802.1x Port-based Network Access Control This chapter explains 802.1x Port-based Network Access Control and how this feature can increase network security by restricting access to the network ports on the switch. Sections are as follows: “Setting Port Roles” on page 570 “Enabling or Disabling 802.1x Port-based Network Access Control”...
The Security and Services menu is shown in Figure 71 on page 220. Control (802.1X). The Port Access Control (802.1X) menu is shown in Figure 211. Allied Telesis AT-9424T/SP - AT-S63 Marketing Port Access Control (802.1X) Figure 211. Port Access Control (802.1X) Menu Access Role.
7. Repeat this procedure starting with Step 3 to configure the role of the Section VIII: Port Security The Configure Port Access Role menu is shown in Figure 212. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Port Access Role Figure 212. Configure Port Access Role Menu...
Chapter 31: 802.1x Port-based Network Access Control Enabling or Disabling 802.1x Port-based Network Access Control This procedure explains how to enable and disable port-based access control on the switch. If you have not assigned port roles and configured the parameter settings, you should skip this procedure and go first to “Setting Port Roles”...
The Port Access Control (802.1X) menu is shown in Figure 211 on page 570. Authenticator. The Configure Authenticator menu is shown in Figure 213. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Authenticator Figure 213. Configure Authenticator Menu Authenticator Port Access Parameters.
Figure 214. Configure Authenticator Port Access Parameters Menu 6. Adjust the following parameters as necessary. The Configure Authenticator Port Access Parameters menu is shown in Figure 214. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Authenticator Port Access Parameters 0 - Authentication Mode This parameter can take the following values on an authenticator port: 802.1x: Specifies 802.1x username and password authentication.
Page 575
Section VIII: Port Security 1 - Supplicant Mode This parameter can take the following values on an authenticator port: Single: Configures the authenticator port to accept only one authentication. This supplicant mode should be used together with the piggy-back mode. When an authenticator port is set to the Single mode and the piggy-back mode is disabled, only the one client who is authenticated can use the port.
Page 576
Chapter 31: 802.1x Port-based Network Access Control disabled, the supplicant is not require to reauthenticate after the initial authentication. 6 - Reauth Period Specifies the time period in seconds between reauthentications of the client when the Reauth. Enabled option is set to Enabled. The default value is 3600 seconds.
Page 577
7. Repeat this procedure starting with Step 4 to configure additional Section VIII: Port Security specified in the initial authentication, regardless of the VLAN assignments of subsequent authentications. C - Control Direction This parameter specifies how the port handles ingress and egress broadcast and multicast packets when in the unauthorized state.
Page 578
Chapter 31: 802.1x Port-based Network Access Control 8. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section VIII: Port Security...
The Port Access Control (802.1X) menu is shown in Figure 211 on page 570. Supplicant. The Configure Supplicant menu is shown in Figure 213. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Supplicant Figure 215. Configure Supplicant Menu Authenticator Port Access Parameters.
Enter your selection? 6. Adjust the following parameters as necessary. The Configure Supplicant Port Access Parameters menu is shown in Figure 214. Allied Telesis AT-9424T/SP - AT-S63 Marketing Configure Supplicant Port Access Parameters ... 3 Figure 216. Configure Supplicant Port Access Parameters Menu...
Page 581
7. Repeat this procedure starting with Step 4 to configure additional 8. After making changes, type R until you return to the Main Menu. Then Section VIII: Port Security characters, such as asterisks or exclamation points. The username is case sensitive. 6 - User Password This parameter specifies the password for the switch port.
Control (802.1X). The Port Access Control (802.1X) menu is shown in Figure 211 on page 570. Access status. The Display Port Access Status menu is shown in Figure 217. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display Port Access Status AuthMode State ------ 802.1x...
Page 583
AT-S63 Management Software Menus User’s Guide Port Role Port access role configured for the port. The possible settings are None, Authenticator, or Supplicant. AuthMode The port’s authentication mode: 802.1x or MAC Based. State State of the port. The state field is dependent on whether a port is configured as an authenticator or a supplicant.
The Port Access Control (802.1X) menu is shown in Figure 211 on page 570. Configure Accounting. The RADIUS Accounting menu is shown in Figure 218. Allied Telesis AT-9424T/SP - AT-S63 Marketing RADIUS Accounting Figure 218. Radius Accounting Menu 11:20:02 02-Mar-2005...
Page 585
4. Adjust the following parameters as necessary. 5. After making changes, type R until you return to the Main Menu. Then Section VIII: Port Security 1 - Status This parameter activates or deactivates RADIUS accounting on the switch. Select Enabled to activate the feature or Disabled to deactivate it.
Page 586
Chapter 31: 802.1x Port-based Network Access Control Section VIII: Port Security...
Management Security The chapters in this section contain overview information on the management security features of the AT-9400 Switch. The chapters also explain how to configure these features from the menu interface of the AT-S63 Management Software. The chapters include: Chapter 32, “Web Server”...
Chapter 32 Web Server The chapter provides an overview of the web server feature and procedures for configuring the server. It contains the following sections: “Configuring the Web Server” on page 590 “General Steps for Configuring the Web Server for Encryption” on page 593 Section IX: Management Security...
HTTP. The System Administration menu is shown in Figure 1 on page 32. Configuration. The Web Server Configuration menu is shown in Figure 219. Allied Telesis AT-9424T/SP - AT-S63 Marketing Web Server Configuration Figure 219. Web Server Configuration Menu...
The Web Server Configuration menu is redisplayed. Figure 220 shows an example of the menu configured for HTTPS. Allied Telesis AT-9424T/SP - AT-S63 Marketing Web Server Configuration AT-S63 Management Software Menus User’s Guide...
Page 592
Chapter 32: Web Server The default port number for HTTP is 80. The default port number for HTTPS is 443. 1. After making changes, type R until you return to the Main Menu. Then type S to select Save Configuration Changes. Section IX: Management Security...
General Steps for Configuring the Web Server for Encryption There are several procedures you need to perform in order to implement HTTPS and web browser encryption on the switch. This section is here to provide you with the general steps you need to do and the procedures for performing them.
Page 594
Chapter 32: Web Server 6. After you have received the appropriate certificates from the CA, 7. Add the certificates to the certificate database, as explained in “Adding 8. Configure the web server on the switch by activating HTTPS and download them into the switch’s file system from your management station or a TFTP server, as explained in “Downloading a System File”...
Chapter 33 Encryption Keys This chapter describes encryption keys and how you can use keys to improve the security of your switches. Because of the complexity of the feature, this chapter contains two overview sections. The Basic Overview section offers a general review of the purpose of this feature along with relevant guidelines.
3. From the Keys/Certificates Configuration menu, type 2 to select Key Caution Key generation is a CPU-intensive process. Because this process may affect switch behavior, Allied Telesis recommends creating keys when the switch is not connected to a network or during periods of low network activity.
R - Return to Previous Menu Enter your selection? 5. From the Create Key menu, type 1 to select Key ID. Section IX: Management Security The Key Management menu is shown in Figure 222. Allied Telesis AT-9424T/SP - AT-S63 Marketing Key Management Length Digest 642C6FC8 5333E64F Figure 222.
Page 598
Chapter 33: Encryption Keys 6. Enter an identification number for the key. This number can be from 0 7. Type 3 to select Key Length. 8. Enter a key length. The range is 512 to 1,536 bits, in increments of 256 9.
Page 599
AT-S63 Management Software Menus User’s Guide The new key is added to the list of keys in the Key Management menu. Returning to the Main Menu to save your changes is not necessary with this procedure. This type of change is automatically saved by the management software.
Chapter 33: Encryption Keys Deleting an Encryption Key This section contains the procedure for deleting an encryption key pair from the switch. Note the following before performing this procedure. To delete a public and private key pair, perform the following procedure: 1.
Modifying an Encryption Key The Key Management menu has a selection for modifying the description of an encryption key. This is the only item of a key that you can modify. You cannot change a key’s ID, type, or length. To change the description of a key, perform the following procedure: 1.
Chapter 33: Encryption Keys Exporting an Encryption Key The following procedure exports the public key of a key pair into the AT-S63 file system. (The management software does not allow you to export a private key.) Before performing this procedure, please note the following: To export a public key into the file system, perform the following procedure:...
10. Type 5 to select Export Key to File to export the key to a file. Section IX: Management Security The Export Key to File menu is shown in Figure 224. Allied Telesis AT-9424T/SP - AT-S63 Marketing Export Key to File Figure 224.
Page 604
Chapter 33: Encryption Keys The following message is displayed: Key Export in Progress. Please wait...Done 11. Press any key to return to the Key Management menu. To view the public key in the switch’s file system, refer to “Displaying System Files” on page 159. Returning to the Main Menu to save your changes is not necessary with this procedure.
Importing an Encryption Key Use the following procedure to import a public key from the AT-S63 file system into the key management database. If a file contains both public and private keys, only the public key is imported. The private key is ignored.
8. Type 4 to select Key File Name. 9. Specify the file name of the key. The Import Key from File menu is shown in Figure 225. Allied Telesis AT-9424T/SP - AT-S63 Marketing Import Key from File Figure 225. Import Key from File Menu The following prompt is displayed: Enter Key ID ->...
Page 607
AT-S63 Management Software Menus User’s Guide The key file name must include the “.key” extension. If you are unsure of the file name, display the files in the switch’s file system by referring to “Displaying System Files” on page 159. 10.
The Security and Services menu is shown in Figure 71 on page 220. Configuration. The Keys/Certificate Configuration menu is shown in Figure 221 on page 596. Management. The Key Management Menu is shown in Figure 226. Allied Telesis AT-9424T/SP - AT-S63 Marketing Key Management Length Digest 642C6FC8 5333E64F Figure 226.
Page 609
AT-S63 Management Software Menus User’s Guide Length The length of the key in bits. Digest The CRC32 value of the MD5 digest of the public key. Description The key’s description. Section IX: Management Security...
Chapter 34 PKI Certificates and SSL This chapter contains the procedures for creating public key infrastructure (PKI) certificates for web server security. Because of the complexity of this feature, two overview sections are provided. The Basic Overview section offers a general review of the purpose of certificates along with relevant guidelines.
Chapter 34: PKI Certificates and SSL Creating a Self-signed Certificate This section contains the procedure for creating a self-signed certificate. Please review the following before you perform the procedure: To create a self-signed certificate, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
Enter your selection? Section IX: Management Security The Public Key Infrastructure (PKI) Configuration menu is shown in Figure 227. Allied Telesis AT-9424T/SP - AT-S63 Marketing Public Key Infrastructure (PKI) Configuration Figure 227. Public Key Infrastructure (PKI) Configuration Menu select X509 Certificate Management.
Source field indicates the certificate was generated on the switch. Both MTrust and Source are read-only fields. The Create Self-Signed Certificate menu is shown in Figure 229. Allied Telesis AT-9424T/SP - AT-S63 Marketing Create Self-Signed Certificate Figure 229. Create Self-Signed Certificate Menu certificate.
Page 615
9. Enter the ID number of the encryption key that you want to use to 10. Type 3 to select Format to choose the encoding format for the 11. Type 4 to select Serial Number. 12. Enter a value between 0 and 2,147,483,647. 13.
X509 Certificate Management. The X509 Certificate Management menu is shown in Figure 228 on page 613. Certificate. The Add Certificate menu is shown in Figure 230. Allied Telesis AT-9424T/SP - AT-S63 Marketing Add Certificate Figure 230. Add Certificate Menu...
Page 617
7. Enter a name for the certificate. 8. Type 2 to select (certificate) State. The possible settings are: 9. Type 3 to select Type (of certificate). The possible settings are: Section IX: Management Security The following prompt is displayed: Enter file name (*.key) -> This is the name for the certificate as it will appear in the certificate database list.
Page 618
Chapter 34: PKI Certificates and SSL 10. Type 4 to select File Name. 11. Specify the filename of the certificate. 12. Type 5 to select Add Certificate to add the certificate to the certificate 13. To permanently save your change, return to the Main Menu and type S The following prompt is displayed: Enter file name (*.key) ->...
Modifying a Certificate The procedure in this section modifies a certificate in the certificate database. Here are the certificate items you can modify: To modify a certificate, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
7. Type 2 to select State. The possible settings are: 8. Type 3 to select Type. The possible settings are: 9. Type 4 to select Modify Certificate. The Modify Certificate menu is shown in Figure 231. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify Certificate Figure 231. Modify Certificate Menu Note You cannot change selection 1, Certificate Name.
Page 621
AT-S63 Management Software Menus User’s Guide 10. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Section IX: Management Security...
Chapter 34: PKI Certificates and SSL Deleting a Certificate The procedure in this section deletes a certificate from the certificate database. Please note the following before performing this procedure: To delete a certificate from the certificate database, perform the following procedure: 1.
Page 623
AT-S63 Management Software Menus User’s Guide 7. To permanently save your change, return to the Main Menu and type S to select Save Configuration Changes. Section IX: Management Security...
Chapter 34: PKI Certificates and SSL Viewing a Certificate This procedure displays information about a certificate, such as its distinguished name and serial number. To view the details of a certificate, perform the following procedure: 1. From the Main Menu, type 7 to select Security and Services. 2.
R - Return to Previous Menu Enter your selection? Section IX: Management Security The View Certificate Details menu (page 1) is shown in Figure 232. Allied Telesis AT-9424T/SP - AT-S63 Marketing View Certificate Details Figure 232. View Certificate Details Menu (page 1)
Not Valid After The date the certificate expires. Self-signed certificates are valid for two years. The View Certificate Details menu (page 2) is shown in Figure 233. Allied Telesis AT-9424T/SP - AT-S63 Marketing View Certificate Details Figure 233. View Certificate Details Menu (page 2)
Generating an Enrollment Request To request a certificate from a CA, you must generate an enrollment request. The request contains the public key for the certificate, a distinguished name, and other information. The request is stored as a file with a “.csr” extension in the AT-S63 file system and must be uploaded onto your management station or TFTP server for submission to the CA.
10. Enter a KeyPair ID between 0 and 65,535. 11. Type 3 to toggle the Format selection between the following options: The Generate Enrollment Request menu is shown in Figure 234. Allied Telesis AT-9424T/SP - AT-S63 Marketing Generate Enrollment Request Figure 234.
Page 629
12. Type 5 to select Generate Enrollment Request. 13. Press any key to return to the Public Key Infrastructure (PKI) 14. To submit the request to a CA, upload it from the file system on the Section IX: Management Security After the switch has finished generating the request, a message similar to the following is displayed: Enrollment request is being generated.
Chapter 34: PKI Certificates and SSL Installing CA Certificates onto a Switch This section lists the procedures to perform for a certificate from a public or private CA. It should be noted that a CA generated certificate will consist of several certificates, with a minimum of two. All the certificates from the CA must be installed on the switch and loaded into the certificate database.
Viewing and Configuring the Maximum Number of Certificates You can specify the maximum number of certificates the certificate database can store. The range is a maximum of 12 to 256. The default value is 256. You should never need to adjust this value. To view or change the maximum number of certificates the certificate database can store, perform the following procedure: 1.
5. To permanently save your change, return to the Main Menu and type S Layer (SSL). The Secure Socket Layer (SSL) menu is shown in Figure 235. Allied Telesis AT-9424T/SP - AT-S63 Marketing Secure Socket Layer (SSL) Figure 235. Secure Socket Layer (SSL) Menu number of sessions.
Chapter 35 Secure Shell (SSH) The chapter contains overview information about the Secure Shell (SSH) protocol as well a procedure for configuring this protocol on a switch using a local or Telnet management session. It contains the following sections: “Configuring SSH” on page 634 “Displaying SSH Information”...
R - Return to Previous Menu Enter your selection? Note Allied Telesis recommends disabling the Telnet server before you enable SSH. Otherwise, the security functions provided by SSH are lost. See “Configuring the Telnet Server” on page 47. The Security and Services menu is shown in Figure 71 on page 220.
Page 635
A server key is only valid for the time period configured in the Server Key Expiry (Expiration) Time timer. Allied Telesis recommends you set this field to 1. With this setting, a new key is generated every hour.
Page 636
SSH server. If you attempt to disable the SSH server when it is in this state, you receive a warning message. Note Allied Telesis recommends disabling the Telnet server before you enable SSH. Otherwise, the security provided by SSH is lost. Then type S to select Save Configuration Changes.
(SSH). The Secure Shell (SSH) menu is shown in Figure 236 on page 634. Information. The Show Server Information menu is shown in Figure 237. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Server Information Figure 237. Show Server Information Menu...
Page 638
Chapter 35: Secure Shell (SSH) Host Key ID The host key ID defined for SSH. Host Key Bits Number of bits in the host key. Server Key ID Server key ID defined for SSH. Server Key Expiry Length of time, in hours, until the server key is regenerated. The default is 0 hours which means the server key is not regenerated.
Chapter 36 TACACS+ and RADIUS Protocols This chapter describes how to configure the parameter settings for the two authentication protocols TACACS+ and RADIUS. Sections in the chapter include: “Enabling or Disabling Server-based Management Authentication” on page 640 “Configuring the TACACS+ Client” on page 642 “Displaying the TACACS+ Settings”...
Network Access Control” on page 572. The System Administration menu is shown in Figure 1 on page 32. Configuration. The Authentication Configuration menu is shown in Figure 238. Allied Telesis AT-9424T/SP - AT-S63 Marketing Authentication Configuration Figure 238. Authentication Configuration Menu...
Page 641
3. To select the active authentication protocol, type 2 to select 4. Type T to select TACACS+ or R for RADIUS. The default is TACACS+. 5. To activate or deactivate the feature, type 1 to select Server-based 6. Type E to enable or D to disable server-based authentication on the 7.
The Authentication Configuration menu is shown in Figure 238 on page 640. TACACS+ Configuration. The TACACS+ Client Configuration menu is shown in Figure 239. Allied Telesis AT-9424T/SP - AT-S63 Marketing TACACS+ Client Configuration Figure 239. TACACS+ Client Configuration Menu 1 - TAC Server 1...
Page 643
5. After you have finished configuring the parameters in the TACACS+ 6. To activate the feature, perform the procedure “Enabling or Disabling Section IX: Management Security If you will be specifying more than one TACACS+ server and if all of the servers use the same encryption secret, you can answer No to this prompt and enter the encryption secret using the TAC Global Secret parameter.
Configuration. The Authentication Configuration menu is shown in Figure 238 on page 640. The TACACS+ Client Configuration menu is shown in Figure 240. Allied Telesis AT-9424T/SP - AT-S63 Marketing TACACS+ Client Configuration Figure 240. TACACS+ Client Configuration Menu The TACACS+ Client Configuration menu provides the following...
Configuration. The Authentication Configuration menu is shown in Figure 238 on page 640. The RADIUS Client Configuration menu is shown in Figure 241. Allied Telesis AT-9424T/SP - AT-S63 Marketing RADIUS Client Configuration Figure 241. RADIUS Client Configuration Global Encryption Key This parameter specifies the encryption key for the RADIUS servers.
Use these parameters to specify the IP addresses of up to three network servers containing the RADIUS server software. Selecting one of the options displays the RADIUS Server Configuration menu, shown in Figure 242. Allied Telesis AT-9424T/SP - AT-S63 Marketing RADIUS Server 1 Configuration Figure 242. RADIUS Server Configuration...
Page 647
AT-S63 Management Software Menus User’s Guide 6. To activate the feature, perform the procedure “Enabling or Disabling Server-based Management Authentication” on page 640. Section IX: Management Security...
The Authentication Configuration menu is shown in Figure 238 on page 640. Configuration. The RADIUS Client Configuration menu is shown in Figure 241 on page 645. Status. The Show Status menu is shown in Figure 243. Allied Telesis AT-9424T/SP - AT-S63 Marketing Show Status 1812 WRRT 1812 LLST...
Page 649
AT-S63 Management Software Menus User’s Guide The Show Status menu displays a table that contains the following columns of information: Server IP Address IP address of the RADIUS server. Auth Port UDP port of the RADIUS protocol. Encryption Key Encryption key for the RADIUS server. Auth Req Number of authentication requests the switch has made to the RADIUS server.
Chapter 37 Management Access Control List Sections in this chapter include: “Enabling or Disabling the Management ACL” on page 652 “Creating an ACE” on page 654 “Deleting an ACE” on page 658 “Displaying the ACEs” on page 659 Section IX: Management Security...
“Creating an ACE” on page 654. The System Administration menu is shown in Figure 1 on page 32. ACL. The Management ACL Configuration menu is shown in Figure 244. Allied Telesis AT-9424T/SP - AT-S63 Marketing Management ACL Configuration Figure 244. Management ACL Configuration Menu either Enabled or Disabled.
Page 653
4. After making changes, type R until you return to the Main Menu. Then Section IX: Management Security A change to the status of the management ACL is immediately activated on the switch. Note If you activate the feature while managing the switch from a Telnet management session, your management session will end and you will not be able to reestablish it if the management ACL does not contain an ACE that specifies your management workstation.
Chapter 37: Management Access Control List Creating an ACE To create a new ACE in the management ACL, perform the following procedure: 1. From the Main Menu, type 5 to select System Administration. 2. From the System Administration menu, type 7 to select Management 3.
Page 655
7. Specify the applications that the management station can use to 8. After making your changes, type R until you return to the Main Menu. Section IX: Management Security manage the switch. The options are: Telnet - Permits Telnet management. Web - Permits web browser management.
The specifications of the selected ACE are displayed in the Modify Management ACL Entry window. An example of the window is shown in Figure 245. Allied Telesis AT-9424T/SP - AT-S63 Marketing Modify Management ACL Entry Figure 245. Modify Management ACL Entry...
Page 657
5. Make the desired changes to the entry by selecting the corresponding 6. After entering your changes, type M to select Modify Management ACL 7. After making your changes, type R until you return to the Main Menu. Section IX: Management Security option and entering a new value.
Chapter 37: Management Access Control List Deleting an ACE To delete an ACE, you need to know its identification number. To view the identification numbers of the ACEs, refer to “Displaying the ACEs” on page 659. To delete an ACE, perform the following procedure: 1.
The Management ACL Configuration menu is shown in Figure 244 on page 652. Display All Management ACL Entries. The Display All Management ACL Entries menu is shown in Figure 246. Allied Telesis AT-9424T/SP - AT-S63 Marketing Display All Management ACL Entries IP Address Mask 133.22.145.18...
Page 660
Chapter 37: Management Access Control List Section IX: Management Security...
132 aging time changing 114 associated VLANs parameter 448 associations, VLANs to MSTI IDs 452 AT-9400 Switch, hardware information 52 AT-S63 software resetting to factory defaults 50 AT-S63 software updates downloading from a local session 168 authentication failure trap...
Page 662
Index maximum number in database, configuring 631 modifying 619 type, configuring 617 ciphers available parameter 638 CIST priority parameter 445 Class of Service (CoS) configuring 244 displaying port priorities 250 mapping priorities to egress queues 247 scheduling configuring 248 classifier creating 220 deleting 226, 227 displaying 228...
Page 663
GARP VLAN Registration Protocol (GVRP) configuring 496 disabling 496 disabling on a port 498 displaying counters 502 database 507 GIP connected ports ring 509 GVRP state machine 511 port configuration 501 dynamic VLAN, converting 500 enabling 496 enabling on a port 498 port mode, configuring 499 GBIC transceiver, displaying information about 57 GID index parameter 507...
Page 664
Index displaying 542 MACs available parameter 638 management access control list adding an access control entry 654, 656 deleting an access control entry 658 disabling 652 displaying access control entries 659 enabling 652 management access levels 35 manager access 35 manager password 35 master switch assigning 86...
Page 665
displaying settings 62 duplex mode 68 enabling 66 flow control 71 forcing Auto-Negotiation 78 MDI/MDI-X 68 resetting 77 resetting to default settings 79 speed 66, 67 port cost Rapid Spanning Tree Protocol (RSTP) 434 Spanning Tree Protocol (STP) 427 port external path cost parameter, Multiple Spanning Tree Protocol (MSTP) 459 port internal path cost, Multiple Spanning Tree Protocol (MSTP) 461...
Page 667
system files copying 154 deleting 158 display on compact flash card 161 displaying 159 downloading to switch 182 renaming 156 uploading from switch 190 system hardware information, displaying 55 system information 52 system name 33 system temperature 56 system time 38 TACACS+ configuring 642 displaying settings 644...