Page 1 AT-GS950/24 Gigabit Ethernet Smart Switch AT-GS950/24 Web Users Guide AT-S109 Version 1.1.0 [1.00.043] 613-001490 Rev A...
Page 2 Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 3: Table Of Contents
Contents List of Figures ..............................9 List of Tables ..............................13 Preface ................................15 Where to Find Web-based Product Information..................16 Contacting Allied Telesis..........................17 Online Support............................. 17 Email and Telephone Support ......................17 Warranty .............................. 17 Returning Products..........................17 Sales or Corporate Information ......................
Page 4 Contents SSL Settings............................... 56 Configuring SSL ........................... 56 System Log Configuration .......................... 58 Chapter 3 : Port Configuration ........................61 Overview..............................62 Display and Configure Ports........................63 Chapter 4 : Port Mirroring ..........................69 Overview..............................70 Port Mirroring Configuration ........................71 Disable Port Mirroring..........................
Page 5 AT-GS950/24 Web Interface User Guide Chapter 9 : Multiple Spanning Tree Protocol ....................133 Multiple Spanning Tree Configuration...................... 134 Head2 ..............................134 VLAN Mapping ............................137 Open MSTP VLAN Mapping Page ....................137 Create VLAN Mapping to MST Instance ................... 137 Modify MST Instance.........................
Page 6 Contents Port List ..............................197 Create Port List ..........................197 Modify Port List ..........................198 Delete Port List...........................199 Policy ................................200 Create Policy............................200 Modify Policy ............................202 Delete Policy ............................203 Policy Sequence............................205 Chapter 14 : Storm Control ..........................207 Overview..............................208 Ingress Rate Limiting .........................209 Egress Rate Limiting ..........................209 Configuration ............................210 Ingress Rate Limiting..........................212 Egress Rate Limiting ..........................214...
Page 7 AT-GS950/24 Web Interface User Guide Dial-in User - Local Authentication......................254 Overview............................254 Dial-in User Configuration ......................... 254 Destination MAC Filter ..........................257 Overview............................257 Destination MAC Filter Configuration ....................257 Delete Destination MAC Filter ......................258 Chapter 19 : LLDP ............................259 Overview ..............................
Page 8 Multiple Spanning Tree Regions ......................338 MST Region Guidelines ........................340 Common and Internal Spanning Tree (CIST) ..................342 MSTP with STP and RSTP ........................342 Associating VLANs to MSTIs........................343 VLANs Across Different Regions......................345 Summary of Guidelines ..........................347 Appendix A: AT-GS950/24 Default Parameters ...................349...
Page 9: List Of Figures
Figure 24. AT-GS950/24 VLAN Mode Page........................81 Figure 25. AT-GS950/24 Tagged VLAN Page........................83 Figure 26. Example of AT-GS950/24 Tagged VLAN Page....................85 Figure 27. AT-GS950/24 Modify VLAN Page ........................85 Figure 28. AT-GS950/24 VLAN Port Setting Page ......................89 Figure 29.
Page 10 Figure 79. AT-GS950/24 Ingress Rate Limiting Page...................... 212 Figure 80. AT-GS950/24 Egress Rate Limiting Page ...................... 214 Figure 81. AT-GS950/24 Static Unicast Address Table Page ..................218 Figure 82. AT-GS950/24 Static Multicast Address Table Page ..................222 Figure 83. General Settings Page............................ 231 Figure 84.
Page 11 Figure 113. File Download with HTTP ..........................318 Figure 114. Result Page ..............................319 Figure 115. Configuration Upload/Download via TFTP Page..................320 Figure 116. AT-GS950/24 Loopback Detection Page ..................... 324 Figure 117. Cable Diagnostics Page ..........................327 Figure 118. VLAN Fragmentation with STP or RSTP...................... 332 Figure 119.
Page 12 Figures...
Page 13: List Of Tables
List of Tables Table 1. Bridge Priority Value Increments ..................115 Table 2. Valid Port Priority Values ....................117 Table 3. Default Mappings Priority Levels to Priority Queues ............169 Table 4. Customized Mappings Priority Levels to Priority Queues ..........169 Table 5.
Page 14 List of Tables...
Page 15: Preface
Preface This guide contains instructions on how to use the AT-S109 Version 1.1.0 Management software to manage and monitor the AT-GS950/24 Gigabit Ethernet Smart Switch. The AT-S109 Version 1.1.0 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Page 16: Where To Find Web-Based Product Information
Preface Where to Find Web-based Product Information The product guides are available for all Allied Telesis products in portable document format (PDF) on our web site. Management software updates are also available. Go to www.alliedtelesis.com/support.
Page 17: Contacting Allied Telesis
Select your country from the list Support displayed on the website. then select the appropriate menu tab. Warranty For hardware warranty information, refer to the Allied Telesis web site at www.alliedtelesis.com/support/warranty. Returning Products for return or repair must first be assigned a return materials authorization (RMA) number.
Page 18 Preface...
Page 19: Chapter 1 : Starting A Web Browser Session
Starting a Web Browser Session This chapter contains the procedures for starting, using, and quitting a web browser management session on the AT-GS950/24 switch. This chapter includes the following sections: “Establishing a Remote Connection to the Web Browser Interface” on ...
Page 20: Establishing A Remote Connection To The Web Browser Interface
The AT-GS950/24 switch is shipped with a pre-assigned IP address of 192.168.1.1. After your initial login, Allied Telesis suggests that you assign a new IP address to your switch. To manually assign an IP address to the switch, refer to “Configuration of IP Address, Subnet Mask and Gateway Address”...
Page 21: Figure 3. At-Gs950/24 Switch Information Page
The default user name is “manager” and the default password is “friend.” The login name and password are case-sensitive. 4. Press OK. The AT-GS950/24 Switch Information page is displayed. See Figure 3. Note To change the user name and password, refer to “User Name and Password Configuration”...
Page 22: Figure 4. At-Gs950/24 Front Panel Page
The AT-S109 Version 1.1.0 Management software displays the front of the switch. Ports are green that have a link to an end node. Ports without a link are grey. The AT-GS950/24 switch front panel page is shown in Figure 4.
Page 23: Web Browser Tools
AT-GS950/24 Web Interface User Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s Bookmark feature to...
Page 24: Quitting A Web Browser Management Session
Chapter 1: Starting a Web Browser Session Quitting a Web Browser Management Session To exit a web browser management session, close the web browser.
Page 25: Chapter 2 : Basic Switch Configuration
Chapter 2 Basic Switch Configuration This chapter provides procedures to configuring basic system parameters for the AT-GS950/24 switch and contains information for the following sections: “Configuration of IP Address, Subnet Mask and Gateway Address” on  page 26 “IP Access List Configuration” on page 28 ...
Page 26: Configuration Of Ip Address, Subnet Mask And Gateway Address
Chapter 2: Basic Switch Configuration Configuration of IP Address, Subnet Mask and Gateway Address This procedure explains how to change the IP address, subnet mask, and gateway address of the switch. Before performing the procedure, note the following: A gateway address is only required if you want to remotely ...
Page 27 AT-GS950/24 Web Interface User Guide System Default Gateway - Displays the default gateway of the switch. To change the default gateway, enter a new gateway. When DHCP is enabled, you cannot change this parameter. DHCP Mode - For information about setting this parameter, refer to “DHCP Client Configuration”...
Page 28: Ip Access List Configuration
Chapter 2: Basic Switch Configuration IP Access List Configuration When the IP Access List feature is enabled, remote access to the AT-S109 Version 1.1.0 management software is restricted to the IP addresses entered into the IP Access List. The procedures in this section describe how to enable or disable the IP Access List feature and how to add or remove IP addresses from the list.
Page 29 AT-GS950/24 Web Interface User Guide Note You can add up to 10 IP address to the IP Access List table.
Page 30: Delete An Ip Address List Entry
Chapter 2: Basic Switch Configuration 5. From the IP Restriction Status field, select one of the following choices from the pull-down menu: Enable - This selection restricts the access to the AT-S109 Version 1.1.0 management software to the IP addresses in the table listed under Accessible IP.
Page 31: System Time
AT-GS950/24 Web Interface User Guide System Time The procedures in this section describe how to configure the system time by manually entering the time or through SNTP and how to configure the daylight savings time feature. See the following sections: “Manually Setting System Time”...
Page 32: Setting Sntp
Chapter 2: Basic Switch Configuration 3. Use the pull down menu to set the Clock Mode parameter to Local time. 4. In the Local Time Settings section, set the Date Setting (YYYY:MM:DD) to the current date in the YYYY:MM:DD format. 5.
Page 33: Setting Daylight Savings Parameters
AT-GS950/24 Web Interface User Guide Setting Daylight If you want to configure the switch for daylight savings time, perform the following procedure: Savings Parameters 1. From the main menu on the left side of the page, click the System folder.
Page 34: Dhcp And Ati Web Discovery Tool
Chapter 2: Basic Switch Configuration DHCP and ATI Web Discovery Tool The AT-GS950/24 Gigabit Ethernet Smart switch is managed through a web browser interface only. The factory default IP address is 192.168.1.1. The switch does not have a local console connector, which means that you cannot learn what the switch’s management IP address is on a web...
Page 35: Dhcp Client Configuration
DHCP Client Configuration This procedure explains how to activate and deactivate the DHCP client on the AT-GS950/24 switch. When the client is activated, the switch obtains its IP configuration including an IP address and subnet mask from a DHCP server on your network. Before performing the procedure, note the following: By default, the DHCP client is disabled on the switch.
Page 36 Note The ATI Web Discovery Tool is available for download on the AT-GS950/24 product page at alliedtelesis.com. 6. Follow the procedure to log on with the new IP address provided by the DHCP Server as described in “Establishing a Remote Connection to the Web Browser Interface”...
Page 37: Dhcp Auto Configuration
AT-GS950/24 Web Interface User Guide DHCP Auto Configuration If you need to automatically update the switch’s configuration files via a remote server, the DHCP Auto Configuration feature is available for this purpose via the DHCP server. Note You must enable the DHCP client so that this feature can operate with the DHCP server.
Page 38: System Management Information
This section explains how to assign a name, location, and contact information for the AT-GS950/24 switch. This information helps in identifying each specific AT-GS950/24 switch among other switches in the same local area network. Entering this information is optional. Note Allied Telesis recommends that you assign a name to the switch.
Page 39 4. Click Apply. 5. From the main menu on the left side of the page, click on Switch Info. The Switch Information page is displayed. See “AT-GS950/24 Switch Information Page” on page 21 for more information. 6. From the main menu on the left side of the page, select Save...
Page 40: User Name And Password Configuration
Chapter 2: Basic Switch Configuration User Name and Password Configuration Password protection is always enabled for access to the AT-S109 Version 1.1.0 Management software. This section explains how to create new users names and passwords and how to modify or delete existing users for the web interface.
Page 41: Modify User Name And Password
AT-GS950/24 Web Interface User Guide 4. To add a password that corresponds to the user name entered in step 3, enter a password of up to 12 alphanumeric characters in the box next to the Password field. The Password field is case sensitive.
Page 42: Delete User Name And Password
Chapter 2: Basic Switch Configuration Delete User Name To delete a user name that you have previously added, perform the following procedure. and Password 1. From the main menu on the left side of the page, click the System folder. The System folder expands.
Page 43: User Interface Configuration
The Web Server Status is displayed as Enabled for your information only. The Web Server cannot be disabled. SNMP Interface To enable or disable the AT-GS950/24 SNMP interface, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder.
Page 44: User Interface Timeout
Chapter 2: Basic Switch Configuration Note See Chapter 20, “Simple Network Management Protocol SNMPv1 and v2c” on page 265 and Chapter 21, “Simple Network Management Protocol SNMPv3” on page 275 to configure the remaining SNMP parameters. 4. Click Apply located under the Web Server Status Enable/Disable field.
Page 45: System Information Display
System Information Display The Switch Information page is initially displayed when you first log into the AT-GS950/24 switch. It provides general information about the switch. To view this information, perform the following procedure: 1. From the main menu on the left side of the page, select Switch Info.
Page 46 Chapter 2: Basic Switch Configuration Administration Information Section: Switch Name - This parameter displays the name assigned to the switch. To assign the switch a name, refer to “System Management Information” on page 38. Switch Location - This parameter displays the location of the switch.
Page 47: Switch Reboot
AT-GS950/24 Web Interface User Guide Switch Reboot You can reboot the AT-GS950/24 switch by either pressing the front panel eco-friendly switch between 5 to 9 seconds or by using the Normal reboot function provided in the AT-S109 Version 1.1.0 management software.
Page 48: Switch Reboot
Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. See “Disabling Factory Default Reset Feature” on page 51 for information about how to disable the factory default reset feature.
Page 49: Configure Factory Default Values
Values Note The AT-S109 Version 1.1.0 Management software factory default values are listed in “AT-GS950/24 Default Parameters” on page 349. Caution This procedure causes the switch to reboot. The switch does not forward network traffic during the reboot process. Some network...
Page 50 To return the AT-S109 Version 1.1.0 Management software to the default settings, perform the following procedure: Note See “AT-GS950/24 Default Parameters” on page 349 for the specific factory default values. 1. From the main menu on the left side of the page, select the Tools folder.
Page 51: Disabling Factory Default Reset Feature
5. In the New Password field, enter a password of up to 12 characters in length. It is case-sensitive. There is not a default password for this field. Caution Since you define this password as part of the process of disabling this function, Allied Telesis has no knowledge of it. You are...
Page 52: Enabling Factory Default Reset
Chapter 2: Basic Switch Configuration responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. 6. Re-enter the same password in the Confirm Password field.
Page 53: Figure 17. Factory Default Reset/Reboot Page With Password Entry
AT-GS950/24 Web Interface User Guide Note If the Factory Default Reset field is already set to Enable, you do not need to continue with this procedure. 4. To enable the factory default reset feature, select Enable on the pull- down menu of the Factory Default Reset field.
Page 54: Pinging A Remote System
Chapter 2: Basic Switch Configuration Pinging a Remote System This procedure instructs the AT-GS950/24 switch to ping a node on your network. This procedure is useful in determining whether an active link exists between the switch and another network device.
Page 55: Figure 19. Ping Test Results Page
AT-GS950/24 Web Interface User Guide 5. To view the ping results, click Show Ping Results. A sample Ping Test Results Page is displayed. See Figure 19. Figure 19. Ping Test Results Page The following information is displayed: Destination IP Address - Indicates the IP address of the unit that receives the ping.
Page 56: Ssl Settings
HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted. When operating in this mode, only the AT-GS950/24 switch and the web browser are able to decipher the packets sent and received between them. Configuring SSL...
Page 57 AT-GS950/24 Web Interface User Guide 4. Click Apply. The SSL setting that you have selected is now active. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 58: System Log Configuration
Chapter 2: Basic Switch Configuration System Log Configuration The System log is designed to monitor the operation the AT-GS950/24 switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.
Page 59 AT-GS950/24 Web Interface User Guide 3. From the Syslog Status field, select one of the following choices from the pull-down menu: Enable - The System log is active. Disable - The System log is inactive. 4. From the Time Stamp field, select one of the following choices from the...
Page 60 Chapter 2: Basic Switch Configuration...
Page 61: Chapter 3 : Port Configuration
Chapter 3 Port Configuration This chapter provides a description of the physical characteristics of the ports and a procedure that explains how to view and change the port settings. This chapter includes the following sections: “Overview” on page 62  “Display and Configure Ports”...
Page 62: Overview
Chapter 3: Port Configuration Overview This chapter describes how to display and modify the physical characteristics of an AT-GS950/24 switch. You can display and modify the settings of all the ports on one web page. The port characteristics that are displayed are: Trunk Group Number ...
Page 63: Display And Configure Ports
This parameter can not be configured on this page, However, for information about configuring a trunk, refer to Chapter 10, “Static Port Trunking” on page 147. Type - Indicates the port type. On the AT-GS950/24, the port type...
Page 64 Chapter 3: Port Configuration is 1000TX for 10/100/1000Base-T twisted-pair ports (1 through 20, 21R through 24R) and 100FX or 1000TX for the SFP ports (21 through 24) for copper or fiber SFP type. Link Status - This parameter indicates the status of the link between the port and the end node connected to the port.
Page 65 AT-GS950/24 Web Interface User Guide Note When QoS is enabled on a port, the Jumbo frame parameter can not be enabled. To enable or disable QoS, see “Mapping CoS Priorities to Egress Queues” and “CoS Page” on page 173...
Page 66 Chapter 3: Port Configuration Mode -This parameter i Indicates the speed and duplex mode settings for the port. You can use this parameter to set the speed and duplex mode of a port. The possible settings are: Ignore -This parameter i Indicates that the All setting does not apply to the Mode field.
Page 67 AT-GS950/24 Web Interface User Guide Ignore - This parameter indicates that the All setting does not apply to the Flow Control field. In other words, each port is set individually. Enabled - This parameter indicates that the port is permitted to use flow control.
Page 68 Chapter 3: Port Configuration...
Page 69: Chapter 4 : Port Mirroring
Chapter 4 Port Mirroring This chapter describes the Port Mirroring feature and the procedure for setting up port mirroring. Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port.
Page 70: Overview
Chapter 4: Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic received and transmitted on one or more ports by copying the traffic to another switch port. You can connect a data analyzer to the port where the traffic is copied and monitor the traffic on the other ports without impacting network performance or speed.
Page 71: Port Mirroring Configuration
AT-GS950/24 Web Interface User Guide Port Mirroring Configuration To configure Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring Page is displayed. See Figure 23.
Page 72 Chapter 4: Port Mirroring 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 73: Disable Port Mirroring
AT-GS950/24 Web Interface User Guide Disable Port Mirroring To disable Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring page is shown in Figure 23 on page 71.
Page 74 Chapter 4: Port Mirroring...
Page 75: Chapter 5 : Virtual Lans
Chapter 5 Virtual LANs This chapter contains a description of Virtual Local Area Networks (VLANs) and the procedures for creating, modifying, and deleting both port-based and tagged VLANs. This chapter contains the following sections: “VLAN Overview” on page 76  “Assign Ports to a VLAN Mode”...
Page 76: Vlan Overview
Chapter 5: Virtual LANs VLAN Overview A virtual LAN or VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment via the AT-S109 Version 1.1.0 Management software. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN.
Page 77: Port-Based Vlan Overview
Sales, Production, and Engineering. VLAN Index You must assign a unique number to each VLAN in a network. This number is called the Port-Based VLAN Index. This number uniquely identifies a VLAN in the AT-GS950/24 switch and across the network.
Page 78: Tagged Vlan Overview
A tagged VLAN consists of the following: VLAN Index You must assign a unique number to each tagged VLAN in a network. This number is called the tagged VLAN ID. This number uniquely identifies a tagged VLAN in the AT-GS950/24 switch and across the network.
Page 79 AT-GS950/24 Web Interface User Guide VLAN Name To create a tagged VLAN, you must give it a unique name. This name can reflect the function of the network devices that are VLAN members, such as Sales, Production, and Engineering. Tagged and Untagged Ports When you specify that a port is a member of a tagged VLAN, you need to specify that it is tagged or untagged.
Page 80 VLAN spans multiple switches, each part of the VLAN on the different switches must be assigned the same VLAN ID. A tagged port can be a member of multiple VLANs.  The AT-GS950/24 Gigabit Ethernet Smart Switch can support up  to 255 tagged VLANs per switch.
Page 81: Assign Ports To A Vlan Mode
3. From the VLAN folder, select VLAN Mode. The VLAN Mode Page is displayed. See Figure 24. Figure 24. AT-GS950/24 VLAN Mode Page 4. To add ports to a 802.1Q Tagged VLAN or Port-Based VLAN, select the ports accordingly on the VLAN Mode page.
Page 82 Chapter 5: Virtual LANs 5. Click Apply. 6. If you want to restore the port assignment before saving the configuration, click Restore. Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration, the Restore button will not be active for those port assignments.
Page 83: Tagged Vlan Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Tagged VLAN. The AT-GS950/24 Tagged VLAN Page is displayed. See Figure 25. Figure 25. AT-GS950/24 Tagged VLAN Page...
Page 84: Modify A Tagged Vlan
Chapter 5: Virtual LANs 4. To assign a VLAN ID, type a VLAN ID in the VLAN ID field. The range for this field is 2 to 4,000. You can create a maximum of 255 tagged VLANs. 5. To assign a name to the VLAN, type a unique name in the VLAN Name field.
Page 85: Figure 26. Example Of At-Gs950/24 Tagged Vlan Page
An example of a tagged VLAN (VLAN2) is shown in the table at the bottom of Figure 26 on page 85. Figure 26. Example of AT-GS950/24 Tagged VLAN Page 4. In the VLAN Action column, click Modify in the row of the VLAN that you want to change.
Page 86 Chapter 5: Virtual LANs 6. To change the VLAN Name, type a new VLAN Name in the VLAN Name field. For more information about this field, refer to “VLAN Name” on page 77.
Page 87: Delete A Tagged Vlan
AT-GS950/24 Web Interface User Guide 7. To change the Management VLAN assignment, select one of the following choices from the pull-down menu: Enable - This parameter enables Management VLAN on this VLAN. The Management VLAN will be disabled on all other VLANs and only be operational on this VLAN.
Page 88 Chapter 5: Virtual LANs Note You cannot delete the Default VLAN which has a VID of 1. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 89: Tagged Vlan Port Settings
2. From the Bridge folder, select Port Settings. The VLAN folder expands. From the VLAN folder, select Port Settings. A partial view of the AT-GS950/24 VLAN Port Settings is displayed. See Figure 28. Figure 28. AT-GS950/24 VLAN Port Setting Page 3.
Page 90 Chapter 5: Virtual LANs Disable - This disables Ingress Filtering at the selected port. 6. Click Apply. The port configuration becomes effective. 7. If you need to configure other ports of the switch for the VLAN Port Settings, repeat steps 4 through 7. 8.
Page 91: Port-Based Vlan Configuration
AT-GS950/24 Web Interface User Guide Port-Based VLAN Configuration A port-based VLAN is a group of ports on the switch that form a logical Ethernet segment. This type of VLAN is independent of the header information including VLAN tags in a frame.
Page 92: Modify A Port-Based Vlan
4. In the VLAN Action column, click Modify next to the VLAN that you want to change. The Modify Port-based VLAN Page is displayed. See Figure 30. Figure 30. AT-GS950/24 Modify Port-based VLAN 5. To change the name of the VLAN, type a new name in the VLAN Name field.
Page 93 AT-GS950/24 Web Interface User Guide The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Port-Based VLAN. The Port-Based VLAN Page is shown in Figure 29 on page 91.
Page 94 Chapter 5: Virtual LANs...
Page 95: Chapter 6 : Gvrp
Chapter 6 GVRP This chapter contains the following sections: “Overview and Guidelines” on page 96  “General Configuration” on page 97  “Port Settings” on page 98  “Time Settings” on page 100 ...
Page 96: Overview And Guidelines
The default port setting on the switch for GVRP is active, meaning  that the ports participate in GVRP. Allied Telesis recommends disabling GVRP on those ports that are connected to GVRP- inactive devices, meaning devices that do not feature GVRP.
Page 97: General Configuration
AT-GS950/24 Web Interface User Guide General Configuration Perform the following procedure to enable or disable GVRP: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP.
Page 98: Port Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Port Settings. A partial view of the AT-GS950/24 Port Settings Page is displayed. See Figure 32. Figure 32. AT-GS950/24 Port Settings Page 4. The following fields are listed for each port: Port - This parameter displays the ports on the switch.
Page 99 AT-GS950/24 Web Interface User Guide port row selected. Disable - The Restricted VLAN Registration is de-active for the port row selected. 5. Once you have configured the parameters, click Apply for the affected port. 6. If you want to configure GVRP for other ports, repeat steps 4 and 5.
Page 100: Time Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select GVRP Time Setting. A partial view of the AT-GS950/24 GVRP Time Setting Page is displayed. See Figure 33. Figure 33. AT-GS950/24 GVRP Time Setting Page GARPLeaveTimer must be greater than (GARPJoinTimer x2 + 10).
Page 101 AT-GS950/24 Web Interface User Guide equation: GARPLeaveAllTimer > (GARPLeaveTimer + 10) Note To ensure compatibility between network devices, you need to configure the same values for the GARP Join Timer, GARP Leave Timer, and GARP Leave All Timer on all participating GVRP devices in your network.
Page 102 Chapter 6: GVRP...
Page 103: Chapter 7 : Voice Vlan
Chapter 7 Voice VLAN This chapter contains a description of the AT-GS950/24 switch’s Voice VLAN feature and the procedures to create, modify, and delete a voice VLAN configuration. This chapter contains the following sections: “Overview” on page 104  “General Guidelines” on page 107 ...
Page 104: Overview
CoS with Voice The Voice VLAN CoS parameter maintains the voice quality between the ingress and egress ports of the AT-GS950/24 switch. CoS must be VLAN enabled for the Voice VLAN CoS priority to take effect. The CoS priority level that you configure is applied to voice traffic on all ports of the voice VLAN.
Page 105: Dynamic Auto-Detection Vs Static Ports
IP phone(s) for the same VLAN ID as the AT-GS950/24 switch’s voice VLAN ID. When voice data is detected on one of the “Not Member” ports, the packets from the IP phone will contain the voice VLAN ID so they are switched within the AT-GS950/24 switch’s voice VLAN.
Page 106 Note Link Layer Discovery Protocol for Media Endpoint Devices (LLDP- MED) is not supported on the AT-GS950/24 switch. Each IP phone that is VLAN aware should be manually configured for the VLAN ID that matches your AT-GS950/24 voice VLAN ID. Each of the AT-GS950/24 voice VLAN ports connected to an IP phone should be configured as “Not Member”...
Page 107: General Guidelines
Up to 10 IP phone MAC addresses/OUIs can be configured at one  time. Link Layer Discovery Protocol for Media Endpoint Devices (LLDP-  MED) is not supported on the AT-GS950/24 switch. Power over Ethernet (PoE) is not supported on the AT-GS950/24  switch.
Page 108: Configuration
2. From the Bridge folder, select Voice VLAN. The Voice VLAN folder expands. 3. From the Voice VLAN folder, select Voice VLAN Settings. A partial view of the AT-GS950/24 Voice VLAN Setting Page is displayed. See Figure 34. Figure 34. AT-GS950/24 Voice VLAN Setting Page...
Page 109 AT-GS950/24 Web Interface User Guide 4. From the Voice VLAN field at the top of the page, select one of the following choices from the pull-down menu: Enable - The voice VLAN feature is active. The other parameter fields in the voice VLAN Global Settings section become active and are eligible for data to be entered.
Page 110 Chapter 7: Voice VLAN Note The voice VLAN Auto-Detection feature can only be enabled on “Not Member” ports of the voice VLAN. Member ports cannot have the voice VLAN Auto-Detection feature enabled. The Status column displays Static for the member ports. See “Dynamic Auto-Detection vs Static Ports”...
Page 111: Oui Setting
AT-GS950/24 Web Interface User Guide OUI Setting You can create and delete Voice VLAN OUI Settings by following the procedures in these sections: “Create OUI Setting”  “Modify OUI Setting” on page 112  Create OUI To create a Voice OUI configuration, perform the following procedure: Setting 1.
Page 112: Modify Oui Setting
Chapter 7: Voice VLAN Modify OUI To modify or delete an OUI, it must be first be deleted and then re-entered by following the procedure in “Create OUI Setting” on page 111. Setting Delete OUI To delete an OUI, perform the following procedure: Setting 1.
Page 113: Chapter 8 : Stp And Rstp
Chapter 8 STP and RSTP This chapter provides background information about the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP). In addition, there are procedures to configure STP and RSTP. The sections in the chapter include: “Overview” on page 114 ...
Page 114: Overview
Chapter 8: STP and RSTP Overview The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path.
Page 115: Bridge Priority And The Root Bridge
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Bridge Priority The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge and the Root distributes network topology information to the other network bridges and Bridge is used by the other bridges to determine if there are redundant paths in...
Page 116: Port Priority
Chapter 8: STP and RSTP Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root...
Page 117: Forwarding Delay And Topology Changes
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Table 2. Valid Port Priority Values Port Step Priority Forwarding If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This Delay and may trigger a change in the state of some blocked ports.
Page 118 Chapter 8: STP and RSTP The forwarding delay value is adjustable in the AT-S109 Version 1.1.0 Management software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network.
Page 119: Mixed Stp And Rstp Networks
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Figure 36. Point-to-Point Ports A port operates as an edge port when it is connected to a network terminal device such as a workstation or a server. An edge port on a bridge should not have any STP or RSTP devices connected to it either directly or through another device connected to that port.
Page 120: Spanning Tree And Vlans
Chapter 8: STP and RSTP If you decide to activate spanning tree on the switch, Allied Telesis recommends RSTP instead of STP even when all of other switches in the network are running STP. The AT-GS950/24 switch can combine RSTP with the STP of the other switches.
Page 121: Figure 38. Stp And Vlan Fragmentation With Untagged Ports
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Figure 38. STP and VLAN Fragmentation with Untagged Ports You can avoid this problem by connecting the switches using tagged instead of untagged ports when you plan to have STP or RSTP enabled on your network.
Page 122: Figure 39. Stp And Vlan Compatibility With Tagged Ports
Chapter 8: STP and RSTP Figure 39. STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports, refer to Chapter 5, “VLAN Overview” on page 76.
Page 123: Basic Stp And Rstp Configuration
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Basic STP and RSTP Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 124 Chapter 8: STP and RSTP The RSTP Configuration page allows you to configure basic STP (STP-Compatible) or RSTP protocols as well as to view current settings of the feature. In the upper portion of the page, you can set the following ...
Page 125 AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide The following parameters refer to the designated root bridge. You  cannot change these fields. Designated Root - This parameter includes two fields: the root bridge priority and the MAC address of the root bridge. For example, 1000 00C08F1211BB shows the root bridge priority as 1000, and 00C08F1211BB as the MAC address.
Page 126: Configure Rstp Port Settings
Figure 41. AT-GS950/24 RSTP Basic Port Configuration Page This page displays the following information about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings for the STP Status, Priority, and Path Cost fields to your switch.
Page 127 AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide sent or received on a the port except for BPDU data. A port with a higher path cost to the root bridge than another on the switch will cause a switching loop and is placed in the blocking state by the Spanning Tree algorithm.
Page 128: Configure The Advanced Rstp Port Settings
3. From the Spanning Tree folder, select the RSTP folder. The RSTP folder expands. 4. From the RSTP folder, select RSTP Advanced Port folder. A partial view of the AT-GS950/24 RSTP Advanced Port Configuration Page is displayed. See Figure 42 on page 129.
Page 129: Figure 42. At-Gs950/24 Rstp Advanced Port Configuration Page
Figure 42. AT-GS950/24 RSTP Advanced Port Configuration Page This page displays the following information about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings to the STP Status, Priority, and Path Cost fields to all the ports on your switch.
Page 130 Chapter 8: STP and RSTP Disabled - The Disabled Port role is assigned if the port is not operational or is excluded from the active topology by management or it is a network access port (IEEE Std 802.1X) and it is Unauthorized, or its Administrative Bridge Port state is Disabled.
Page 131: Spanning Tree Topology
The following information is displayed about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Trunk - The trunk of which the port is a member. Link Status - Whether the link on the port is up or down.
Page 132 Chapter 8: STP and RSTP...
Page 133: Chapter 9 : Multiple Spanning Tree Protocol
Chapter 9 Multiple Spanning Tree Protocol This chapter provides the procedures for configuring Multiple Spanning Tree Protocol (MSTP). You can find an overview and configuration guidelines for this feature in “MSTP Overview” on page 329. When you configure MSTP, the information should be entered in order on the following web pages: “Multiple Spanning Tree Configuration”...
Page 134: Multiple Spanning Tree Configuration
Chapter 9: Multiple Spanning Tree Protocol Multiple Spanning Tree Configuration Head2 Head3 To configure the MSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 135 AT-GS950/24 Web Interface User Guide Global MSTP Status - Set this field to Enable or Disable the MSTP feature on the switch. The Global MSTP Status must be set to Enable before the other MSTP configuration parameters can be set.
Page 136 Chapter 9: Multiple Spanning Tree Protocol bridge spends in the listening and learning states. Its range is 4 - 30 seconds. Maximum Hop Count - The Maximum Hop Count is a parameter set in a BPDU packet when it originates. It is decremented by 1 each time it is retransmitted by the next bridge.
Page 137: Vlan Mapping
AT-GS950/24 Web Interface User Guide VLAN Mapping You can create, modify and delete MSTP settings with the procedures in the following sections: ”Open MSTP VLAN Mapping Page”  ”Create VLAN Mapping to MST Instance”.  “Modify MST Instance” on page 138.
Page 138: Modify Mst Instance
Chapter 9: Multiple Spanning Tree Protocol Modify MST If you wish to modify a MST Instance, you must first delete the instance and then redefine it. Refer to “Create VLAN Mapping to MST Instance” on Instance page 137 for more information. Delete MST 1.
Page 139: Port Configuration
3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP Port Configuration. A partial view of the AT-GS950/24 MSTP Port Configuration Page is displayed. See Figure 46. Figure 46. AT-GS950/24 MSTP Port Configuration Page You may choose a port and configure its MSTP parameters on this page.
Page 140 Chapter 9: Multiple Spanning Tree Protocol network topology. ForcedFalse - The port is not connected to a network device in the network topology. Auto - The switch will automatically determine the port type. Edge Port - Indicates if a port is connected to an edge device in the network topology or not.
Page 141 AT-GS950/24 Web Interface User Guide True - The port cannot process receive/transmit TCN BPDUs. False - The port can process receive/transmit TCN BPDU packets. 5. Once you have configured the parameters, click Apply in the Action column. 6. If you choose to change the MSTP port configuration for other ports, repeat steps 4 and 5.
Page 142: Port Settings
You may choose a port and configure its MSTP parameters on this page. The following information is displayed: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings for the Port State field to all the ports on your switch.
Page 143 AT-GS950/24 Web Interface User Guide 6. If you choose to change the MSTP port settings for other ports, repeat steps 4 and 5. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 144: Topology Information
The following information displayed on this page shows the current status of MSTP for each port: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Designated Root - The designated root bridge to which the switch’s root port is actively connected.
Page 145 AT-GS950/24 Web Interface User Guide Regional Root Priority - The priority of the regional root port. Regional Path Cost - The path cost from the regional root port to the regional root bridge. Type - This specifies the regional port type which can be either a point-to-point or an edge type port.
Page 146 Chapter 9: Multiple Spanning Tree Protocol...
Page 147: Chapter 10 : Static Port Trunking
Chapter 10 Static Port Trunking This chapter contains a description of port trunking and the procedures for creating, modifying, and deleting a static port trunk. The following topics are discussed: “Overview” on page 148  “Create a Port Trunk” on page 151 ...
Page 148: Overview
AT-S109 Version 1.1.0 Management software on the switch automatically groups them together. The example in Figure 49 illustrates a static port trunk of four links between two AT-GS950/24 switches. Figure 49. Static Port Trunk Example...
Page 149 General Guidelines Following are the guidelines for creating a static trunk: Allied Telesis recommends setting static port trunks between Allied  Telesis networking devices to ensure compatibility. A static trunk can contain up to eight ports.
Page 150 Chapter 10: Static Port Trunking more than one VLAN. The ports of a static trunk can be either untagged or untagged  members of the same VLAN. The switch selects a port in the trunk to handle broadcast packets and packets of unknown destination.
Page 151: Create A Port Trunk
AT-GS950/24 Web Interface User Guide Create a Port Trunk This procedure explains how to create a static port trunk. Caution Do not connect the cables of a port trunk to the ports on the switch until you have configured the ports on both the switch and the end nodes.
Page 152 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. 9. Configure the port trunk on the other switch. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/24 switch and the trunk ports on the other switch.
Page 153: Modify A Port Trunk
AT-GS950/24 Web Interface User Guide Modify a Port Trunk This procedure explains how to change the status of a port trunk and add or remove ports from a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk.
Page 154 Chapter 10: Static Port Trunking 9. Configure the port trunk on the other switch with the same parameters. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/24 switch and the trunk ports on the other switch.
Page 155: Disable A Port Trunk
AT-GS950/24 Web Interface User Guide Disable a Port Trunk This procedure explains how to disable a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology.
Page 156 Chapter 10: Static Port Trunking...
Page 157: Chapter 11 : Lacp Port Trunks
AT-GS950/24 Web Interface User Guide Chapter 11 LACP Port Trunks This chapter contains overview information about LACP port trunks and the procedures for setting this feature. This chapter contains the following sections: “System Priority” on page 159  “Port Priority Value” on page 159 ...
Page 158: Overview
The main component of an LACP trunk is an aggregator which manages a group of ports on the switch. On the AT-GS950/24, the ports assigned to a trunk group are automatically assigned to an aggregator. Only one aggregator can be assigned to each trunk group.
Page 159: System Priority
AT-GS950/24 Web Interface User Guide System Priority It is possible for two devices interconnected by an aggregate trunk to encounter a conflict when they form the trunk. For example, the two devices might not support the same number of active ports in an aggregate trunk or might not agree on which ports are active and which are in standby mode.
Page 160 Chapter 11: LACP Port Trunks Two conditions must be met for a port in an aggregate trunk to function in the standby mode. First, the number of ports in the trunk must exceed the highest allowed number of active ports and, second, the port must be receiving LACPDU packets from the other device.
Page 161: General Guidelines
AT-GS950/24 Web Interface User Guide General Guidelines The following guidelines apply when creating aggregators: LACP must be activated on both the AT-GS950/24 switch and its  partner device. The other device must be 802.3ad-compliant.  The AT-S109 Version 1.1.0 Management software supports up to ...
Page 162 AT-GS950/24 switch, you should assign the other vendor’s device a higher system LACP priority than your AT-GS950/24 switch. This can help avoid a conflict between the devices if some ports are placed in the standby mode when the devices create the trunk.
Page 163: Group Status
AT-GS950/24 Web Interface User Guide Group Status To display the LACP Group Status, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands.
Page 164: Configuration Example
Chapter 11: LACP Port Trunks The System Priority is a preassigned value that you cannot alter. This value applies to the switch. See “System Priority” on page 159. The System ID is a MAC address value assigned to the individual switch.
Page 165: Figure 53. Lacp Group Status Page With Three Cables Connected
AT-GS950/24 Web Interface User Guide Figure 53. LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link-Up status.
Page 166: Port Priority Configuration
2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select Port Priority. A partial view of the AT-GS950/24 Port Priority Page is displayed. See Figure 54. Figure 54. AT-GS950/24 Port Priority Page The System Priority is a preassigned value that you cannot alter.
Page 167: Chapter 12 : Quality Of Service (Cos)
Chapter 12 Quality of Service (CoS) This chapter contains the following topics: “Overview” on page 168  “Associate Ports to CoS Priorities” on page 175  “Associate DSCP Classes to Egress Queues” on page 176  “Queue Scheduling Algorithm” on page 177 ...
Page 168: Overview
Chapter 12: Quality of Service (CoS) Overview When a port on an Ethernet switch becomes oversubscribed, its egress queues contain more packets than the port can handle in a timely manner. In this situation, the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
Page 169: Egress Queue Vs Packet Priority Mapping
AT-GS950/24 Web Interface User Guide Egress Queue vs Each switch port has four egress queues, labeled Q0, Q1, Q2, and Q3. Q0 is the lowest priority queue and Q3 is the highest. A packet in a high Packet Priority priority egress queue is typically transmitted sooner than a packet in a low Mapping priority queue.Table 3 lists the default mappings between the eight CoS...
Page 170: Prioritizing Untagged Packets
However, the Untagged Packets AT-GS950/24 switch has a priority associated with each individual ingress port. By default, each port’s priority is 0. You can redefine this parameter as described in “Associate Ports to CoS Priorities” on page 175.
Page 171 AT-GS950/24 Web Interface User Guide never be transmitted from the switch because the algorithm might never have time to process the packets waiting in the lower priority queues.
Page 172: Table 5. Example Of Weighted Round Robin Priority
Chapter 12: Quality of Service (CoS) Weighted Round Robin Priority Scheduling The weighted round robin (WRR) scheduling method functions as its name implies. The port transmits a set number of packets from each queue, in a round robin fashion, so that each has a chance to transmit traffic.Normally, the higher the queue’s priority the more packets are transmitted in as the algorithm cycles through the queues in turn.
Page 173: Mapping Cos Priorities To Egress Queues
AT-GS950/24 Web Interface User Guide Mapping CoS Priorities to Egress Queues Before mapping the CoS priorities and the egress queues, you must disable the Jumbo frame parameter on each port. See the Jumbo parameter definition in “Display and Configure Ports” on page 63.
Page 174 Chapter 12: Quality of Service (CoS) 4. For each Traffic Class whose queue you want to change, click on the Queue (0, 1, 2, or 3) radio button that applies to your configuration. 5. After you have completed this mapping process, select Enable in the QoS Status field, 6.
Page 175: Associate Ports To Cos Priorities
2. From the Bridge folder, select QoS. The QoS folder expands. 3. From the QoS folder, select Port Priority. A partial view of the AT-GS950/24 Port Priority Page page is shown in Figure 56. Figure 56. AT-GS950/24 Port Priority Page 4.
Page 176: Associate Dscp Classes To Egress Queues
Chapter 12: Quality of Service (CoS) Associate DSCP Classes to Egress Queues If you choose to use the DSCP tags in your Access Control policy configuration, each DSCP value (0-63) that is relevant to your configuration needs to be mapped to one of the four egress queues (0-3).
Page 177: Queue Scheduling Algorithm
AT-GS950/24 Web Interface User Guide Queue Scheduling Algorithm To change the scheduling algorithm for the egress queues, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select QoS.
Page 178 Chapter 12: Quality of Service (CoS)
Page 179: Chapter 13 : Access Control Configuration
Chapter 13 Access Control Configuration Access Control configuration allows you to control different aspects of the Ethernet traffic as it enters the switch ports and is process through the switch. You can specify what traffic is permitted or denied to flow through the switch by setting up specific filter criteria at an ingress port.
Page 180: Classifier
Chapter 13: Access Control Configuration Classifier The Create Classifier page allows you to specify packet settings for filtering Ethernet traffic. You can create, modify or delete a Classifier by following the procedures in the following sections: “Create Classifier,” next  “Modify Classifier”...
Page 181 AT-GS950/24 Web Interface User Guide 3. Enter a number in the Classifier Index field. The Classifier Index must be a unique number within the range of 1 - 65535. Note The Classifier Index is a required parameter when you create a Policy.
Page 182: Modify Classifier
Chapter 13: Access Control Configuration 5. Click ADD. The classifier entry is displayed in the table at the bottom of the page. If you do not see you new entry, you may need to navigate to another page of the table with the First Page, Previous Page, Next Page, and Last Page buttons located below the table.
Page 183: Delete Classifier
AT-GS950/24 Web Interface User Guide 3. From the Create Classifier page, identify which classifier that want to modify and click the modify link in the Action column. The Modify Classifier page is displayed in Figure 61. Figure 61. Modify Classifier Page 4.
Page 184 Chapter 13: Access Control Configuration 3. From the Create Classifier page, identify which classifier table entry that want to delete and click the Delete button in the Action column. You will be prompted with a message saying, “Do you want to delete classifier xxxx?”...
Page 185: Profile Action
AT-GS950/24 Web Interface User Guide Profile Action The Create Profile Action page defines the priority parameters for policing on DSCP (layer 3) and/or class of service (layer 2). Note You must enter a Profile Index on this page even if you do not define...
Page 186: Modify Profile Action
Chapter 13: Access Control Configuration 3. Enter a number in the Profile Action Index field. The Index must be a unique number ranging from 1 to 72. 4. Enter a number in the Policed DSCP field within the range of 0 to 63. This field indicates the DSCP level of interest.
Page 187: Delete Profile Action
AT-GS950/24 Web Interface User Guide 2. From the Access Control Config folder, select Profile Action. An example of the Create Profile Action page with a Profile Action table entry is shown in Figure 64 on page 187. 3. Select the table entry that you want to modify and click the modify link in the Action column.
Page 188 Chapter 13: Access Control Configuration 4. Click on the OK button. The profile action entry is deleted from the profile action table. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 189: In-Profile Action
AT-GS950/24 Web Interface User Guide In-Profile Action The Create In-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege for packets in the ingress queue. Note A Profile Action Index is required to create an In-Profile Action.
Page 190: Figure 66. Example Of In-Profile Action Entry
Chapter 13: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Create Profile Action” on page 185 for more information. 5.
Page 191: Modify In-Profile Action
AT-GS950/24 Web Interface User Guide Modify In-Profile To modify a In-Profile action entry, perform the following procedure: Action Note You must first enter a In-Profile action before you can modify it. See “Create In-Profile Action” on page 189 for more information.
Page 192: Delete In-Profile Action
Chapter 13: Access Control Configuration Delete In-Profile To delete a In-Profile action entry, perform the following procedure: Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
Page 193: Out-Profile Action
AT-GS950/24 Web Interface User Guide Out-Profile Action The Create Out-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege and bandwidth restrictions for packets in the egress queue. You can create, modify or delete an Out-Profile Action by following the procedures in the following sections: “Create Out-Profile Action,”...
Page 194: Figure 69. Example Of Out-Profile Action Entry
Chapter 13: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Create Profile Action” on page 185 for more information. 5.
Page 195: Modify Out-Profile Action
AT-GS950/24 Web Interface User Guide Modify Out- To modify a Out-Profile action entry, perform the following procedure: Profile Action Note Before you can modify an entry, you must first enter a Out-Profile action - see “Create In-Profile Action” on page 189.
Page 196: Delete Out-Profile Action
Chapter 13: Access Control Configuration Delete Out- To delete a Out-Profile action entry, perform the following procedure: Profile Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
Page 197: Port List
AT-GS950/24 Web Interface User Guide Port List The Create Port List page allows you to specify a list of ports that will be used as part of the policy specification. You can create, modify or delete a Port List by following the procedures in the following sections: “Create Port List,”...
Page 198: Modify Port List
Chapter 13: Access Control Configuration 5. Click Add. The Out-Profile Action entry is added to the status table. If the Page field located below the table displays a page number and you do not see your new entry, then there are multiple pages of the table that you can navigate.
Page 199: Delete Port List
AT-GS950/24 Web Interface User Guide Figure 73. Modify Port List Page 4. Change the parameters as required. Note See “Create Port List” on page 197 for the definitions of each parameters. 5. Click Apply. The modified Port List entry is displayed in the table at the bottom of the page of the Create Port List page.
Page 200: Policy
Chapter 13: Access Control Configuration Policy The Create Policy page allows you to specify the filtering criteria for one policy. Before creating a policy, you must pre-define the following indexes: Classifier Index - See “Create Classifier” on page 180 for more information.
Page 201 AT-GS950/24 Web Interface User Guide 3. Enter a number in the Policy Index field. The Policy Index is a unique number within the range of 1 - 65535 which identifies the policy. This field is mandatory. 4. Enter data in the remaining parameters. All parameters listed below...
Page 202: Modify Policy
Chapter 13: Access Control Configuration Figure 75. Example of Policy Entry 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Policy To modify a Policy entry, perform the following procedure: Note Before you can modify an entry, you must first enter a Policy - see “Create Policy”...
Page 203: Delete Policy
AT-GS950/24 Web Interface User Guide Figure 76. Modify Policy Page 4. Change the parameters as required. Note See “Create Policy” on page 200 for the definitions of each parameters. 5. Click Apply. The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page.
Page 204 Chapter 13: Access Control Configuration 2. From the Access Control Config folder, select Policy. An example of the Create Policy page with a Policy table entry is shown in Figure 75 on page 202. 3. From the Create Policy page, identify which Policy table entry that want to delete and click the Delete button in the Action column.
Page 205: Policy Sequence
AT-GS950/24 Web Interface User Guide Policy Sequence The Policy Sequence page displays the order that policies are applied to each port. You can order the display by Policy Index or by Policy Sequence number. To display the policy sequence, perform the following procedure: 1.
Page 206 Chapter 13: Access Control Configuration...
Page 207: Chapter 14 : Storm Control
Chapter 14 Storm Control This chapter contains a description and configuration procedures for the Storm Control (bandwidth) feature. The following topics are discussed: “Overview” on page 208  “Configuration” on page 210  “Ingress Rate Limiting” on page 212  “Egress Rate Limiting”...
Page 208: Overview
Each setting can be configured on individual ports or on all of the ports of the AT-GS950/24 switch. Traffic is measured in packets per second. See the following definitions for more information about these settings.
Page 209: Ingress Rate Limiting
AT-GS950/24 Web Interface User Guide Ingress Rate The Ingress Rate Limiting feature restricts the traffic to a pre-configured data rate that can flow into a port. This data rate limit can be configured in Limiting 64 Kbps increments within a range from 64 Kbps to 1000 Mbps. The...
Page 210: Configuration
2. From the Bridge folder, select Bandwidth Control. The Bandwidth Control folder expands. 3. From the Bandwidth Control folder, select Storm Control. A partial view of the AT-GS950/24 Storm Control page is displayed. See Figure 78. Figure 78. AT-GS950/24 Storm Control Page 4.
Page 211 AT-GS950/24 Web Interface User Guide Note For more information, see the Broadcast setting definition in“Overview” on page 208. 7. Click Apply. 8. To enable or disable ingress and egress Multicast packets, select Enable or Disable from the Multicast pull-down menu next to the port that you want to change.
Page 212: Ingress Rate Limiting
A partial view of the AT-GS950/24 Ingress Rate Limiting page is displayed. See Figure 79. Figure 79. AT-GS950/24 Ingress Rate Limiting Page 4. To set the Bandwidth field on the AT-GS950/24 switch, enter a number in the range of 1 - 15625. Note See “Ingress Rate Limiting”...
Page 213 AT-GS950/24 Web Interface User Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 214: Egress Rate Limiting
2. From the Bridge folder, select Bandwidth Control. The Bandwidth Control folder expands. 3. From the Bandwidth Control folder, select Egress Rate Filtering. A partial view of the AT-GS950/24 Egress Rate Limiting page is displayed. See Figure 80. Figure 80. AT-GS950/24 Egress Rate Limiting Page To set the Bandwidth field, enter a number in the range of 1 to 15625.
Page 215: Chapter 15 : Mac Address Table
Chapter 15 MAC Address Table This chapter contains a description of the static multicast MAC address feature and the procedure for configuring it. This chapter includes the following sections: “Overview” on page 216  “Static Unicast MAC Address Configuration” on page 218 ...
Page 216: Overview
Chapter 15: MAC Address Table Overview The AT-GS950/24 switch has a MAC address table with a storage capacity of up to 8,000 entries. The table stores the MAC addresses of the network nodes connected to its ports and the port number where each address is learned.
Page 217 AT-GS950/24 Web Interface User Guide allows the multicast stream to be forwarded immediately to those predefined ports entered in the MAC table without any configuration delays or loss of data.
Page 218: Static Unicast Mac Address Configuration
2. From the Bridge folder, select Static Unicast. The Static Unicast Address Table Page is displayed. See Figure 81. Figure 81. AT-GS950/24 Static Unicast Address Table Page Before continuing, you must create an 802.1Q VLAN ID(s) or a Port- Based VLAN Index(s). For information about defining these parameters, go to: “Tagged VLAN Configuration”...
Page 219 AT-GS950/24 Web Interface User Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Page 220: Modify Static Unicast Address
Chapter 15: MAC Address Table Modify Static Unicast Address To modify the port assignment of a unicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 221: Delete Static Unicast Address
AT-GS950/24 Web Interface User Guide Delete Static Unicast Address To delete a unicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 222: Static Multicast Address Configuration
2. From the Bridge folder, select Static Multicast. The Static Multicast Address Table Page is displayed. See Figure 82. Figure 82. AT-GS950/24 Static Multicast Address Table Page Before continuing, you must create an 802.1Q VLAN ID(s) or a Port- Based VLAN Index(s). For information about defining these parameters, go to: “Tagged VLAN Configuration”...
Page 223 AT-GS950/24 Web Interface User Guide 4. In the Group MAC Address field, enter a multicast MAC address. The range is from 01:00:5E:00:01:00 to 01:00:5E:7F:FF:FF. 5. Assign the MAC address a Group Member (or members) by selecting the check box beside each port number.
Page 224: Modify Static Multicast Address
Chapter 15: MAC Address Table Modify Static Multicast Address To modify the port assignment of a multicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 225: Delete Static Multicast Address
AT-GS950/24 Web Interface User Guide Delete Static Multicast Address To delete a multicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 226 Chapter 15: MAC Address Table...
Page 227: Chapter 16 : Dhcp Snooping
Chapter 16 DHCP Snooping This chapter contains a description of the AT-GS950/24 switch’s DHCP Snooping feature and the procedures for creating, modifying, and deleting the DHCP Snooping configuration. This chapter contains the following sections: “Overview” on page 228  “Trusted Ports” on page 228 ...
Page 228: Overview
The DHCP Snooping feature provides security by inspecting ingress packets for the correct IP and MAC address information. The DHCP Snooping feature defines the AT-GS950/24 ports as either trusted or untrusted. With DHCP Snooping enabled, two network security issues are...
Page 229: Dhcp With Option 82
You can configure the AT-GS950/24 to pass DHCP packets containing Option 82 information through the switch without altering the information Option 82 within the packet. You can also configure the AT-GS950/24 switch to insert DHCP Option 82 information directly into the DHCP packets as they pass through the switch.
Page 230: General Guidelines
Chapter 16: DHCP Snooping General Guidelines Here is a summary of the rules to observe when you configure DHCP Snooping: A trusted port is connect to one of the following:  – Directly to the legitimate trusted DHCP Server. – A network device relaying DHCP messages to and from a trusted server.
Page 231: General Configuration
AT-GS950/24 Web Interface User Guide General Configuration The following procedure describes how to configure the DHCP Snooping feature on the AT-GS950/24 switch: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands.
Page 232 Chapter 16: DHCP Snooping through the switch without regard to the IP and MAC Address information in the packet header. 6. From the Backup Database field, select one of the following choices from the pull-down menu: Enable - The AT-S109 Version 1.1.0 Management software saves a backup copy of the Binding Table to flash at a specified interval (Database Update Interval) of time.
Page 233: Vlan Setting
AT-GS950/24 Web Interface User Guide VLAN Setting You can create and delete DHCP Snooping VLAN settings by following the procedures in these sections: "Create VLAN Setting"  “Modify VLAN Setting” on page 234  “Delete VLAN Setting” on page 234 ...
Page 234: Modify Vlan Setting
Chapter 16: DHCP Snooping Modify VLAN To modify or delete a VLAN ID, it must first be deleted and then re-entered by following the procedure outline in “Create VLAN Setting” on page 233. Setting Delete VLAN To delete a VLAN ID, perform the following procedure: Setting 1.
Page 235: Trusted And Untrusted Port Configuration
Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select Trusted Interfaces. A partial view of the AT-GS950/24 Trusted Interfaces page is displayed. See Figure 85. Figure 85. AT-GS950/24 Trusted Interfaces Page 3. From the Trust column, select one of the following choices from the...
Page 236: Binding Database
Add button. The following procedure describes how to configure the DHCP Snooping Binding Database on the AT-GS950/24 switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network: 1.
Page 237: Viewing
AT-GS950/24 Web Interface User Guide Type - Because the IP Address being entered is static, you must select Static. Lease Time - Enter the time that IP address assignment is valid. The range is 10 to 4294967295 seconds. 2. Click Add.
Page 238 Chapter 16: DHCP Snooping...
Page 239: Chapter 17 : Igmp Snooping
Chapter 17 IGMP Snooping This chapter contains a description of the IGMP Snooping procedure as well as procedures for working with IGMP Snooping in the web interface. The following topics are discussed: “Overview” on page 240  “IGMP Snooping Configuration” on page 242 ...
Page 240: Overview
Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group. The IGMP snooping feature on the AT-GS950/24 switch supports IGMP versions 1 and 2. The switch monitors the flow of queries from a router and reports and leave messages from host nodes to build its own multicast membership lists.
Page 241 Such flooding of packets can negatively impact network performance. The AT-GS950/24 switch maintains a list of multicast groups through an adjustable time out value, which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups, and by processing leave requests.
Page 242: Igmp Snooping Configuration
Chapter 17: IGMP Snooping IGMP Snooping Configuration This procedure explains how to set IGMP snooping on the switch and set the IGMP Snooping (V1) age-out timer. To configure IGMP snooping, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 243: Figure 88. Igmp Snooping Page With Mac Address
AT-GS950/24 Web Interface User Guide 6. The IGMP Snooping Page is updated with active Multicast Group address(s). See Figure 88. Note The Multicast Group Address table contains MAC addresses of nodes that are active members of multicast groups. To set a static Multicast Group Address, see “Static Multicast Address...
Page 244 Chapter 17: IGMP Snooping...
Page 245: Chapter 18 : Security
Chapter 18 Security This Chapter contains information about the Port-based security features and the procedures for setting this feature. This chapter includes the following sections: “Port Access Control” on page 246  “RADIUS Client” on page 251  “Dial-in User - Local Authentication” on page 254 ...
Page 246: Port Access Control
Chapter 18: Security Port Access Control This section contains information and configuration procedures for the Port-based Access Control. This section includes the following sections: “Overview” on page 246  “Port Access Control Configuration” on page 247  Note After configuring the Port-based Network Access Control, you can choose to use either the local authentication server in the AT-S109 Version 1.1.0 for 802.1x authentication or a remote RADIUS server for 802.1x authentication.
Page 247: Port Access Control Configuration
AT-GS950/24 Web Interface User Guide Port Access To configure port-based access control, perform the following procedure: Control 1. Select the Security folder from the main menu on the left side of the Configuration page. The Security folder expands. 2. From the Security folder, select Port Access Control. The Port Access Control Configuration Page is displayed.
Page 248 Chapter 18: Security Port - This parameter specifies the port being configured for authentication. Authentication Mode - This parameter specifies the port-based authentication mode. The pull-down menu choices are as follows: 802.1x - 802.1x is specified as the authentication mode. This setting applies to configuration for either RADIUS or Dial-In User authentication.
Page 249 AT-GS950/24 Web Interface User Guide Supplicant Mode - This parameter specifies if one or more supplicants can be authenticated on a port. Single - The port is set to permit only one supplicant to log on and forwards only the traffic of that supplicant. After one supplicant has logged on, the port discards packets from any other supplicant.
Page 250 Chapter 18: Security Maximum Request - Specifies the maximum number of times authenticator ports transmit EAP Request packets to clients before timing out authentication sessions. The range is 1 to 10. Re-authentication Period - Specifies the time interval for reauthentication of clients on an authenticator port. The range is 1 to 65535 seconds Server Timeout - Sets the length of time the switch waits for a response from the authentication server.
Page 251: Radius Client
AT-GS950/24 Web Interface User Guide RADIUS Client You can use the RADIUS client with 802.1x port-based access control to authenticate which packets are forwarded through the switch. This section explains how to configure the RADIUS client on the switch and contains the following sections: “Overview”...
Page 252: Radius Client Configuration
Chapter 18: Security You need to specify the user name and password combinations when  configuring the RADIUS server software on the authentication server. Note This manual does not explain how to configure RADIUS server software. Refer to the documentation that comes with the RADIUS server software for instructions.
Page 253 AT-GS950/24 Web Interface User Guide 7. Click Apply to save your changes. 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 254: Dial-In User - Local Authentication
Chapter 18: Security Dial-in User - Local Authentication Dial-in User feature provides the local authentication server for port security when a remote (RADIUS) server is not available. This section includes the following: “Overview” on page 254  “Dial-in User Configuration” on page 254 ...
Page 255: Figure 91. Dial-In User Page
AT-GS950/24 Web Interface User Guide Figure 91. Dial-In User Page 3. In the User Name field, type a name for the user. 4. In the Password field, type a password for the user. 5. In the Dynamic VLAN field, enter the VID of the VLAN which you will allow the user to access.
Page 256 Chapter 18: Security Delete a Dial-in User To delete a dial-in user, perform the following procedure: 1. From the main menu on the left side of the page, select the Security folder. The Security folder expands. 2. From the Security folder, Dial-in User. The Dial-in User page is displayed.
Page 257: Destination Mac Filter
Overview The Destination MAC Filter feature prevents the AT-GS950/24 switch from forwarding packets to a specified device. On the Destination MAC Filter Page of the AT-S109 Version 1.1.0 Management software, enter the MAC address of the device that you want to filter.
Page 258: Delete Destination Mac Filter
Chapter 18: Security Figure 92. Destination MAC Filter Page 3. To enter the MAC address that you want filtered, enter the MAC address into the MAC Address field. 4. Click Add to save your entry. 5. After you have configured a destination MAC address, the Destination MAC Filter Page is updated with the MAC address.
Page 259: Chapter 19 : Lldp
Chapter 19 LLDP Link Layer Discovery Protocol (LLDP) allows Ethernet network devices such as switches and routers to receive and/or transmit device-related information to directly connected devices on the network that are also using the protocols, and to store the information that is learned about other devices.
Page 260: Overview
Chapter 19: LLDP Overview The data sent and received by LLDP are useful for many reasons. The switch can discover other devices directly connected to it. Neighboring devices can use LLDP to advertise some parts of their Layer 2 configuration to each other, which may highlight inconsistencies in the neighboring device’s configuration which can then be corrected.
Page 261: Global Configuration
1. From the main menu on the left side of the page, click the LLDP folder. The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Settings A partial view of the AT-GS950/24 LLDP Global Settings Page is displayed. See Figure 93. Figure 93. AT-GS950/24 LLDP Global Settings Page...
Page 262: System Information
Chapter 19: LLDP 3. From the LLDP parameter, select one of the following radio button choices: Enable - The LLDP feature is active. Note The LLDP feature is not dependent on the DHCP feature. Therefore the DHCP feature can be either Enabled or Disabled without affecting LLDP.
Page 263: Port States
AT-GS950/24 Web Interface User Guide For more information, see “System Management Information” on page 38 System Description - This parameter describes the switch’s title that is advertised. You cannot change this parameter. Port States Each port on the switch can be assigned a LLDP states as follows: 1.
Page 264: Neighbors Information
Entity - This parameter is a number assigned to the reporting neighbors in the order that the LLDP information is received from them. Port - This parameter specifies the AT-GS950/24 local port number where the LLDP information was received. Chassis ID Subtype - This parameter describes the Chassis ID subtype of the neighboring network device which is reporting the LLDP information.
Page 265: Chapter 20 : Simple Network Management Protocol Snmpv1 And V2C
Chapter 20 Simple Network Management Protocol SNMPv1 and v2c This chapter contains a description of SNMPv1 and SMNMPv2c and the procedures for configuring with these protocols. This chapter contains the following sections: “SNMPv1 and SNMPv2c Overview” on page 266  “Trap Receiver Attributes”...
Page 266: Snmpv1 And Snmpv2C Overview
In the SNMPv1 and SNMPv2c protocols, the terms agent and manager may be used. An agent is software which runs on managed equipment such as the AT-GS950/24 switch. A manager is a workstation or server that runs the SNMP Network Management System (NMS) software.
Page 267: Trap Receiver Attributes
AT-GS950/24 Web Interface User Guide Attributes Trap Receiver A trap is a message sent by the agent to one or more managers to indicate the occurrence of a particular event on the device. There are numerous events that can trigger a trap. For instance, when the switch reboots or when the Spanning Tree Root Bridge changes.
Page 268: Activate Snmp Interface
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c Activate SNMP Interface The SNMP interface is activated by default. If you want to de-activate it or re-activate it, go to “User Interface Configuration” on page 43.
Page 269: Snmpv1/V2 User And Group Names
AT-GS950/24 Web Interface User Guide SNMPv1/v2 User and Group Names A v1/v2 User Name and Group Name definition is the basis for creating SNMPv1/v2 communities. You can create and delete User and Group Names with the procedures in the following sections: “Create SNMP v1/v2 User and Group Names”...
Page 270: Modify Snmpv1/V2 User And Group Names
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c Note If you choose to use the default User and Group Names (ReadOnly and ReadWrite) that are already displayed in the table, proceed to step 7 below. 3. Type a new User Name. Enter a name up to 31 characters in length.
Page 271: Snmpv1/V2 Community Strings
AT-GS950/24 Web Interface User Guide SNMPv1/v2 Community Strings A community string has attributes for controlling who can use the string and what the string will allow a network management station to do on the switch. The AT-S109 Version 1.1.0 Management software does NOT provide any default community strings.
Page 272: Modify Snmpv1/V2 Community Strings
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c 5. Click Add. The new Community Name and User Name are displayed. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify SNMPv1/ If you need to modify a Community Table entry, you must first delete the entry by using the procedure below and then re-enter it with the...
Page 273: Snmp Traps
AT-GS950/24 Web Interface User Guide SNMP Traps A Host IP address is used to specify a management device that needs to receive SNMP traps sent by the switch. This IP address is associated with the SNMP Version and a valid Community Name in the Host table of the switch.
Page 274: Modify Trap Host Table Entry
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c 6. Click Add. The new host is added to the table. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Trap If you need to modify an SNMP Trap entry, you must first delete the entry by using the procedure below and then re-enter it with the modification by...
Page 275: Chapter 21 : Simple Network Management Protocol Snmpv3
Chapter 21 Simple Network Management Protocol SNMPv3 This chapter contains a description of SNMPv3 and the procedures for configuring this protocol. This chapter contains the following sections: “SNMPv3 Overview” on page 276  “SNMPv3 Authentication Protocols” on page 276  “SNMPv3 Privacy Protocol”...
Page 276: Snmpv3 Overview
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 Overview The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 20 on page 265. In SNMPv3, User-based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a secure SNMP environment.
Page 277: Snmpv3 Privacy Protocol
AT-GS950/24 Web Interface User Guide In addition, you have the option of assigning no user authentication. In this case, no authentication is performed for this user. You may want to make this configuration for someone with super-user capabilities. SNMPv3 Privacy...
Page 278: Snmpv3 Configuration Process
Chapter 21: Simple Network Management Protocol SNMPv3 Figure 98. MIB Tree The AT-S109 Version 1.1.0 Management software supports the MIB tree, starting with the Internet MIBs, as defined by 1.3.6.1. There are two ways to specify a MIB view. You can enter the OID number of the MIB view or its equivalent text name.
Page 279: Figure 99. Snmp V3 Table Relationships
AT-GS950/24 Web Interface User Guide 4. You must enter information in the Community table based on a pre- defined User Name. Note The Community Strings do not have a default value defined and are initially blank. 5. Finally, the traps can be defined on the Trap Management page based on the Community or User Name.
Page 280: Snmpv3 User And Group Names
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 User and Group Names A v3 User Name and Group Name definition is the basis for all the other SNMPv3 tables. You can create and delete View Names by following the procedures in the following sections: “Create SNMPv3 User and Group Names”...
Page 281: Modify Snmpv3 User And Group Names
AT-GS950/24 Web Interface User Guide 9. Select one of the following choices for the Priv-Protocol field: DES - The DES encryption scrambles the SNMP data so that outside observers are prevented from seeing the data content. none - No encryption is selected for the SNMP data.
Page 282: Snmpv3 View Names
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 View Names The SNMPv3 View names are defined in the SNMP Group Access table and are based on the User and Group Names. You can create and delete View Names by following the procedures in the following sections: “Create SNMPv3 View Names”...
Page 283: Modify Snmpv3 View Names
AT-GS950/24 Web Interface User Guide 5. Enter the Write View Name. This name is an optional field. It can be up to 31 characters in length. 6. Enter the Notify View Name. This name is an optional field. It can be up to 31 characters in length.
Page 284 Chapter 21: Simple Network Management Protocol SNMPv3 4. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 285: View Table
AT-GS950/24 Web Interface User Guide View Table The SNMP v3 View table specifies the MIB object access criteria for each View Name. If the View Name is not specified on this page, then it has access to all MIB objects. You can specify specific areas of the MIB that can be accessed or denied based on the entries in this table.
Page 286: Modify Snmpv3 View Table Entries
Chapter 21: Simple Network Management Protocol SNMPv3 5. Enter “1” for the OID Mask. 6. Enter the View Type. This can be one of two choices: Included - This selection allows the specified MIB object to be included in the view. Excluded - This selection blocks the view of the specified MIB object.
Page 287: Snmpv3 Traps
AT-GS950/24 Web Interface User Guide SNMPv3 Traps The creation, modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1/v2. See “SNMP Traps” on page 273.
Page 288 Chapter 21: Simple Network Management Protocol SNMPv3...
Page 289: Chapter 22 : Rmon
Chapter 22 RMON This chapter contains the following sections: “Overview” on page 290  “Enable and Disable RMON” on page 291  “Port Statistics” on page 292  “Histories” on page 293  “Events” on page 295  “Alarms” on page 297 ...
Page 290: Overview
Chapter 22: RMON Overview The RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch supports the four RMON MIB groups listed here: Statistic group. This group is used to view port statistics remotely ...
Page 291: Enable And Disable Rmon
AT-GS950/24 Web Interface User Guide Enable and Disable RMON You can now use your SNMP Network Management System (NMS) software and the RMON section of the MIB tree to view the RMON statistics, history and alarms associated with specific ports. Since RMON...
Page 292: Port Statistics
Chapter 22: RMON Port Statistics You can remotely view individual port statistics with RMON by using your SNMP NMS software and the RMON portion of the MIB tree. Perform the following procedure to configure RMON port statistics for a specific port: 1.
Page 293: Histories
AT-GS950/24 Web Interface User Guide Histories RMON histories are snapshots of port statistics. They are taken by the switch at predefined intervals and can be used to identify trends or patterns in the numbers or types of ingress packets on the ports on the switch.
Page 294 Chapter 22: RMON Interval - This parameter specifies how frequently the switch takes snapshots of the port’s statistics. The range is 1 to 3600 seconds (1 hour). For example, if you want the switch to take one snapshot every minute on a port, you specify an interval of sixty seconds. Owner - This parameter is used to identify the person who created an entry.
Page 295: Events
AT-GS950/24 Web Interface User Guide Events An event specifies the action of the switch when the ingress packet activity on a port crosses a statistical threshold defined in an alarm. The choices are to log a message in the event log of the switch, send an SNMP trap to an SNMP workstation, or both.
Page 296 Chapter 22: RMON 4. Once you have configured the parameters, click Add. Your entry will appear in the table at the bottom of the page. 5. If you want to configure additional RMON events, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 297: Alarms
AT-GS950/24 Web Interface User Guide Alarms RMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below specified threshold values. The alert messages can take the form of messages that are entered in the event log on the switch or traps that are send to your SNMP NMS software or both.
Page 298: Figure 106. Rmon Alarm Configuration Page
Chapter 22: RMON 2. From the RMON folder, select Alarm. The RMON Alarm Configuration Page is displayed. See Figure 106. Figure 106. RMON Alarm Configuration Page 3. The following fields are listed: Index - This parameter specifies the ID number of the new group. The range is 1 to 65535.
Page 299 AT-GS950/24 Web Interface User Guide Rising Event Index - This parameter specifies the event index for the rising threshold. Its range is 1 to 65535. This field is mandatory and must match an Event Index that you previously entered in “Events” on page 295.
Page 300 Chapter 22: RMON...
Page 301: Chapter 23 : Network Statistics
Chapter 23 Network Statistics The sections in this chapter explain how to display traffic, error, and history statistics about the network traffic on the AT-GS950/24 switch and its ports. This chapter includes the following sections: “Overview” on page 302 ...
Page 302: Overview
Chapter 23: Network Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S109 Version 1.1.0 Management software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color used to draw the chart.
Page 303: Traffic Comparison Statistics
AT-GS950/24 Web Interface User Guide Traffic Comparison Statistics The Traffic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports. You can select 12 statistic types and 12 colors for each port. To display traffic comparison statistics, perform the following procedure: 1.
Page 304: Table 6 Traffic Comparison Options
Chapter 23: Network Statistics 3. To view traffic statistics, click on the arrow next to “Statistics” and select one of the options in Table 6. Table 6 Traffic Comparison Options Option Definition Inbound Octets (Bytes/s) Measures the number of inbound octet bits in bytes per second.
Page 305 AT-GS950/24 Web Interface User Guide 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6. To create the traffic comparison graph, select Draw.
Page 306: Error Group Statistics
Chapter 23: Network Statistics Error Group Statistics The Error Group chart displays the discard and error counts for a specified port. To display error group statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2.
Page 307 AT-GS950/24 Web Interface User Guide 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color.
Page 308: Historical Status Charts
Chapter 23: Network Statistics Historical Status Charts The Historical Status chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation. To display historical status charts statistics for a port, perform the following procedure: 1.
Page 309: Table 7 Historical Status Options
AT-GS950/24 Web Interface User Guide Table 7 Historical Status Options Option Definition Inbound Octet Rate (Bytes) Measures the rate of inbound octet bits in bytes per second. Inbound Unicast Packet Rate (Pkts) Measures the rate of inbound unicast packets in packets per second.
Page 310 Chapter 23: Network Statistics 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue...
Page 311: Chapter 24 : Management Software Updates
Chapter 24 Management Software Updates This chapter explains the methods for upgrading the AT-S109 Version 1.1.0 Management software on the switch and saving configuration files. This chapter contains the following sections: “Overview” on page 312  “Upgrade Firmware Image via HTTP” on page 313 ...
Page 312: Overview
Internet browser. However, to perform one of these operations using TFTP, you must have access to an TFTP server. In addition, you can save a configuration file from your AT-GS950/24 switch, which can be downloaded to other AT-GS950/24 switches on your network.
Page 313: Upgrade Firmware Image Via Http
AT-GS950/24 Web Interface User Guide Upgrade Firmware Image via HTTP This section describes how to upgrade an firmware image of the AT-S109 Version 1.1.0 Management software using HTTP on an Internet server. Before downloading a new version of the AT-S109 Version 1.1.0...
Page 314: Figure 110. Firmware Upgrade Via Http Page
Chapter 24: Management Software Updates 2. From the Firmware Upgrade folder, select via HTTP. The Firmware Upgrade via HTTP Page is displayed. See Figure 110. Figure 110. Firmware Upgrade via HTTP Page 3. Change the following parameter as necessary: Firmware File - Enter the path and the firmware file name or click the Browse button and select the file name.
Page 315: Upgrade Firmware Image Via Tftp
AT-GS950/24 Web Interface User Guide Upgrade Firmware Image via TFTP This section describes how to upgrade an firmware image of the AT-S109 Version 1.1.0 Management software using TFTP on an TFTP server. Before downloading a new version of the AT-S109 Version 1.1.0...
Page 316: Figure 111. Firmware Upgrade Via Tftp Page
Chapter 24: Management Software Updates Figure 111. Firmware Upgrade via TFTP Page The Image/Version Date shows the current version and date of software installed on the switch. 3. Change the following parameters as necessary: TFTP Server IP - The IP address of the TFTP server from which you are downloading the new software.
Page 317: Download Or Upload A Configuration File Via Http
AT-GS950/24 Web Interface User Guide Download or Upload a Configuration File via HTTP This section describes how to download or upload a configuration file using HTTP on an Internet server. Before you upload or download a configuration file via HTTP, note the following: You must be able to access the new AT-S109 Version 1.1.0 image file...
Page 318: Configuration File Upload
Chapter 24: Management Software Updates Configuration To upload an AT-S109 Version 1.1.0 configuration file onto the switch, perform the following procedure: File Upload 1. Select the Upload button. Select this button to upload a configuration file from the switch to your PC. The following window shown in Figure 113 is displayed.
Page 319: Figure 114. Result Page
AT-S109 Version 1.1.0 Management software on the AT-GS950/24 switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool. See“DHCP and ATI Web Discovery Tool” on page 34 for more information.
Page 320: Download Or Upload A Configuration File Via Tftp
Chapter 24: Management Software Updates Download or Upload a Configuration File via TFTP This section describes how to download or upload a configuration file using TFTP on an TFTP server. Before uploading or downloading a configuration file onto the switch using TFTP, note the following: Your network must have a TFTP server.
Page 321: Configuration File Download
AT-GS950/24 Web Interface User Guide Configuration To download an AT-S109 Version 1.1.0 configuration file onto the switch, perform the following procedure: File Download 1. Enter the name of the configuration file in the field next to the Config File Name parameter.
Page 322 Chapter 24: Management Software Updates...
Page 323: Chapter 25 : Loopback Protection
Loopback Protection This chapter explains how to configure the Loopback Protection feature for specific ports on the AT-GS950/24 switch. If the Tx and Rx pairs on the same port are connected, then this feature detects this condition and disables the port for a pre-configured amount of time.
Page 324: Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Loopback Detection. A partial view of the AT-GS950/24 Loopback Detection Page is displayed. See Figure 116. Figure 116. AT-GS950/24 Loopback Detection Page 3.
Page 325 Note In the All row when you select Enable or Disable instead of Ignore, the selection applies to all of the AT-GS950/24 switch ports. 7. Click the Apply button in the Action column of the table. 8. Repeat steps 6 and 7 for other individual port settings.
Page 326: Status
Chapter 25: Loopback Protection Status The status of the Loopback Detection is given in the Loop Status column of the table at the bottom of the Loopback Detection page. See Figure 116 on page 324. The status is one of the following states: Normal - This status indicates that the port does not have the Tx to Rx pairs connected.
Page 327: Chapter 26 : Cable Diagnostics
Chapter 26 Cable Diagnostics This chapter provides procedures to run cable diagnostics on the cables connected to the switch ports. If a port is selected, a cable must be connected to it for meaningful test results to be displayed. Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Page 328 Chapter 26: Cable Diagnostics Test Results - Displays the diagnostic results for each pair in the cable. One of the following cable status parameters is displayed: OK - There is not problem detected with the cable. Open in Cable - There is an open wire within the cable. Short in Cable - Two wires are shorted together within the cable.
Page 329: Appendix A: Mstp Overview
“Associating VLANs to MSTIs” on page 343  “VLANs Across Different Regions” on page 345  “Summary of Guidelines” on page 347  Note To configure the MSTP feature on the AT-GS950/24 switch, go to “Multiple Spanning Tree Protocol” on page 133 for more information.
Page 330: Overview
Appendix A: MSTP Overview Overview In the AT-GS950/24, STP and RSTP are referred to as single-instance spanning trees that search for physical loops across all VLANs in a bridged network. When loops are detected, the active protocol stops the loops by placing one or more bridge ports in a blocking state.
Page 331 AT-GS950/24 Web Interface User Guide Note Do not activate MSTP on the AT-GS950/24 switch without first familiarizing yourself with the following concepts and guidelines. Like STP and RSTP, you must activate this MSTP protocol on a switch and then configure the protocol parameters.
Page 332: Multiple Spanning Tree Instance (Msti)
Following are several examples of how MSTP can be applied. Fragmentation Figure 118 illustrates two AT-GS950/24 switches, each containing the two VLANs Sales and Production. The ports of each VLAN on each switch are connected with a direct link using untagged ports. If the switches were running STP or RSTP, one of these two links would be blocked because the links constitute a physical loop.
Page 333: Multiple Vlans Assigned To An Msti
AT-GS950/24 Web Interface User Guide Figure 119 on page 333 illustrates the same two AT-GS950/24 switches and the same two virtual LANs. But in this example, the two switches are running MSTP and the two VLANs have been assigned different spanning tree instances.
Page 334: Figure 120. Multiple Vlans In A Msti
Appendix A: MSTP Overview Figure 120. Multiple VLANs in a MSTI In this example, because an MSTI contains more than one VLAN, the links between the VLAN parts is made with tagged (not untagged) ports so that they can carry traffic from more than one virtual LAN. Referring again to Figure 120, the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs.
Page 335: General Guidelines
AT-GS950/24 Web Interface User Guide General Guidelines Here are the guidelines for MSTIs: The AT-GS950/24 switch can support up to 31 spanning tree instances,  including the CIST. A MSTI can contain any number of VLANs.  A VLAN can belong to only one MSTI at a time.
Page 336: Vlan And Msti Associations
Appendix A: MSTP Overview VLAN and MSTI Associations Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
Page 337: Ports In Multiple Mstis
AT-GS950/24 Web Interface User Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTI’s. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Page 338: Multiple Spanning Tree Regions
Figure 121 on page 339 illustrates the concept of regions. It shows one MSTP region consisting of two AT-GS950/24 switches. Each switch in the region has the same configuration name and revision level. The switches also have the...
Page 339: Figure 121. Multiple Spanning Tree Region
AT-GS950/24 Web Interface User Guide Figure 121. Multiple Spanning Tree Region The AT-GS950/24 switch determines regional boundaries by examining the MSTP BPDUs received on the ports. A port that receives a MSTP BPDU from another bridge with regional information different from its own is considered to be a boundary port and the bridge connected to the port as belonging to another region.
Page 340: Mst Region Guidelines
A network can contain any number of regions and a region can contain  any number of AT-GS950/24 switches. The AT-GS950/24 switch can belong to only one region at a time.  A region can contain any number of VLANs.
Page 341 AT-GS950/24 Web Interface User Guide Each MSTI must have a regional root for locating loops in the instance.  MSTIs can share the same regional root or have different roots. A regional root is determined by the MSTI Bridge Priority value and a bridge’s MAC address.
Page 342: Common And Internal Spanning Tree (Cist)
The CIST regional root is set with the CIST Priority parameter. This parameter, which functions similar to the RSTP bridge priority value, selects the root bridge for the entire bridged network. If the AT-GS950/24 switch has the lowest CIST Priority value among all the spanning tree bridges, it functions as the root bridge for all the MSTP regions and STP and RSTP single- instance spanning trees in the network.
Page 343: Associating Vlans To Mstis
BPDU packet. By default, all ports of the AT-GS950/24 switch belong to the CIST instance. So the CIST identification is always included in the BPDU. If the port is also a member of a VLAN that has been assigned to a MSTI, that information is included in the BPDU too.
Page 344: Figure 123. Cist And Vlan Guideline - Example 2
Appendix A: MSTP Overview Figure 123. CIST and VLAN Guideline - Example 2 When port 3 on switch B receives a BPDU, the switch notes the port sending the packet belongs only to CIST 0. Therefore, switch B uses CIST 0 in determining whether a loop exists. The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0.
Page 345: Vlans Across Different Regions
AT-GS950/24 Web Interface User Guide VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network.
Page 346: Figure 125. Spanning Regions Without Blocking
Appendix A: MSTP Overview Another approach is to configure multiple regions in a subnet and group the VLANs that need to span two or more regions into the same MSTI. If other VLANs also exist that do not span multiple regions, they can be assigned to other MSTIs within their respective region.
Page 347: Summary Of Guidelines
A network can contain any number of regions and a region can contain  any number of AT-GS950/24 switches. The AT-GS950/24 switch can belong to only one region at a time.  A region can contain any number of VLANs.
Page 348 Appendix A: MSTP Overview...
Page 349: Appendix A: At-Gs950/24 Default Parameters
AT-GS950/24 Default Parameters Table 9 lists the factory default settings for the AT-S109 Version 1.1.0 Management software on the AT-GS950/24 switch. The Parameters reflect the fields found on each web page. Table 9. AT-S109 Version 1.1.0 Management Software Default Settings...
Page 350: Specifications
Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting IP address none IPv4 address in xxx.xxx.xxx.xxx hex format; except 127.0.0.1 IP address entries 10 entries 10 entries System/Administration User Name...
Page 351 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting From January:01:00:00 (Month:Day:HH:MM) January:01:00:00 (Month:Day:HH:MM) DST Offset 1 hr System/SSL Settings SSL Settings Disabled Enabled/Disabled System/DHCP Auto Configuration Settings Auto Configuration...
Page 352 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Port All, 1 - 24 Trunk Type 1000TX Down Up/Down Link Status Enabled Enabled/Disabled Admin Status Mode Auto Auto/10Half/10Full/100Half/100Full/1000Full Enabled...
Page 353: Default Setting
AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Maximum MST 1 - 31 Instances Bridge Priority 32768 0 - 61440 Region Name MAC Address of AT-GS950/24 switch Region Revision...
Page 354 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Hello Time 1 - 9 seconds AutoEdge Status True True/False Restricted Role False True/False Restricted TCN False True/False Port State...
Page 355 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Port All, 1 - 24 Loopback Detection Disabled Enabled/Disabled State Bridge/Static Unicast 802.1Q VLAN ID 1 - 4000 Port-Based VLAN...
Page 356 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Storm Control Disabled Enabled/Disabled Multicast Control Status Storm Control High (2500 pps) Threshold Medium (1000 pps) Low (500 pps) @ Packet size = 1518 Bytes...
Page 357 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Private VLAN 1 -24 ports Source Port 1 - 8 ports Private VLAN 1 -24 ports 1 -24 ports Forwarding Ports...
Page 358 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Notify View Name ReadWrite Security Model v1/v2c/v3 Security Level NoAuthNoPriv NoAuthNoPriv/AuthNoPriv/AuthPriv SNMP User/Group User Name Enabled Enabled/Disabled Group Name 10 entries...
Page 359 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Destination MAC xx:xx:xx:xx:xx:xx hex format none Address Destination MAC Mask 1 - 48 none Length VLAN ID none 0 - 4000 802.1p Priority...
Page 360 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Out-Profile Action 16K/32K/64K Burst Size Port List Index none 1 - 65535 Port List none Any combination of ports 1 - 24...
Page 361 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Alarms Rising 1 to 2147483647 seconds none Threshold Alarms Falling 1 to 2147483647 seconds none Threshold Alarms Rising Event 1 - 65535...
Page 362 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Port Access Control Local Local/Radius Authentication Method Dial-In User none 1 - 23 characters Name Dial-In User none 1 - 23 characters...
Page 363 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting General Setting Enabled/Disabled Disabled DHCP Option 82 Insertion VLAN Settings 1 - 4000 none VLAN ID Trusted Interfaces - Enabled/Disabled...
Page 364 Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Traffic Comparison 5 seconds 5/10/15/30 seconds Auto Refresh Traffic Comparison Green 12 colors Color Error Group port 1 - 24...
Page 365 AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Configuration File 0.0.0.0 IPv4 address in xxx.xxx.xxx.xxx hex format; except Upload/Download via 127.0.0.1 TFTP TFTP Server IP Configuration File none...
Page 366 Appendix A: AT-GS950/24 Default Parameters...

Allied Telesis AT-GS950/24 User Manual

List of Figures

List of Tables

Preface

Chapter 1 : Starting a Web Browser Session

Chapter 2 : Basic Switch Configuration

Chapter 3 : Port Configuration

Chapter 4 : Port Mirroring

Chapter 5 : Virtual Lans

Chapter 6 : GVRP

Chapter 7 : Voice VLAN

Chapter 8 : STP and RSTP

Chapter 9 : Multiple Spanning Tree Protocol

Chapter 10 : Static Port Trunking

Chapter 11 : LACP Port Trunks

Chapter 12 : Quality of Service (Cos)

Chapter 13 : Access Control Configuration

Chapter 14 : Storm Control

Chapter 15 : MAC Address Table

Chapter 16 : DHCP Snooping

Chapter 17 : IGMP Snooping

Chapter 18 : Security

Quick Links

Related Manuals for Allied Telesis AT-GS950/24

Summary of Contents for Allied Telesis AT-GS950/24