Summary of Contents for Allied Telesis AT-GS950/24
Page 1
AT-GS950/24 Gigabit Ethernet Smart Switch AT-GS950/24 Web Users Guide AT-S109 Version 1.1.0 [1.00.043] 613-001490 Rev A...
Page 2
Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Contents List of Figures ..............................9 List of Tables ..............................13 Preface ................................15 Where to Find Web-based Product Information..................16 Contacting Allied Telesis..........................17 Online Support............................. 17 Email and Telephone Support ......................17 Warranty .............................. 17 Returning Products..........................17 Sales or Corporate Information ......................
Page 4
Contents SSL Settings............................... 56 Configuring SSL ........................... 56 System Log Configuration .......................... 58 Chapter 3 : Port Configuration ........................61 Overview..............................62 Display and Configure Ports........................63 Chapter 4 : Port Mirroring ..........................69 Overview..............................70 Port Mirroring Configuration ........................71 Disable Port Mirroring..........................
Page 5
AT-GS950/24 Web Interface User Guide Chapter 9 : Multiple Spanning Tree Protocol ....................133 Multiple Spanning Tree Configuration...................... 134 Head2 ..............................134 VLAN Mapping ............................137 Open MSTP VLAN Mapping Page ....................137 Create VLAN Mapping to MST Instance ................... 137 Modify MST Instance.........................
Page 6
Contents Port List ..............................197 Create Port List ..........................197 Modify Port List ..........................198 Delete Port List...........................199 Policy ................................200 Create Policy............................200 Modify Policy ............................202 Delete Policy ............................203 Policy Sequence............................205 Chapter 14 : Storm Control ..........................207 Overview..............................208 Ingress Rate Limiting .........................209 Egress Rate Limiting ..........................209 Configuration ............................210 Ingress Rate Limiting..........................212 Egress Rate Limiting ..........................214...
Page 7
AT-GS950/24 Web Interface User Guide Dial-in User - Local Authentication......................254 Overview............................254 Dial-in User Configuration ......................... 254 Destination MAC Filter ..........................257 Overview............................257 Destination MAC Filter Configuration ....................257 Delete Destination MAC Filter ......................258 Chapter 19 : LLDP ............................259 Overview ..............................
Page 8
Multiple Spanning Tree Regions ......................338 MST Region Guidelines ........................340 Common and Internal Spanning Tree (CIST) ..................342 MSTP with STP and RSTP ........................342 Associating VLANs to MSTIs........................343 VLANs Across Different Regions......................345 Summary of Guidelines ..........................347 Appendix A: AT-GS950/24 Default Parameters ...................349...
Preface This guide contains instructions on how to use the AT-S109 Version 1.1.0 Management software to manage and monitor the AT-GS950/24 Gigabit Ethernet Smart Switch. The AT-S109 Version 1.1.0 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Preface Where to Find Web-based Product Information The product guides are available for all Allied Telesis products in portable document format (PDF) on our web site. Management software updates are also available. Go to www.alliedtelesis.com/support.
Select your country from the list Support displayed on the website. then select the appropriate menu tab. Warranty For hardware warranty information, refer to the Allied Telesis web site at www.alliedtelesis.com/support/warranty. Returning Products for return or repair must first be assigned a return materials authorization (RMA) number.
Starting a Web Browser Session This chapter contains the procedures for starting, using, and quitting a web browser management session on the AT-GS950/24 switch. This chapter includes the following sections: “Establishing a Remote Connection to the Web Browser Interface” on ...
The AT-GS950/24 switch is shipped with a pre-assigned IP address of 192.168.1.1. After your initial login, Allied Telesis suggests that you assign a new IP address to your switch. To manually assign an IP address to the switch, refer to “Configuration of IP Address, Subnet Mask and Gateway Address”...
The default user name is “manager” and the default password is “friend.” The login name and password are case-sensitive. 4. Press OK. The AT-GS950/24 Switch Information page is displayed. See Figure 3. Note To change the user name and password, refer to “User Name and Password Configuration”...
The AT-S109 Version 1.1.0 Management software displays the front of the switch. Ports are green that have a link to an end node. Ports without a link are grey. The AT-GS950/24 switch front panel page is shown in Figure 4.
AT-GS950/24 Web Interface User Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s Bookmark feature to...
Chapter 2 Basic Switch Configuration This chapter provides procedures to configuring basic system parameters for the AT-GS950/24 switch and contains information for the following sections: “Configuration of IP Address, Subnet Mask and Gateway Address” on page 26 “IP Access List Configuration” on page 28 ...
Chapter 2: Basic Switch Configuration Configuration of IP Address, Subnet Mask and Gateway Address This procedure explains how to change the IP address, subnet mask, and gateway address of the switch. Before performing the procedure, note the following: A gateway address is only required if you want to remotely ...
Page 27
AT-GS950/24 Web Interface User Guide System Default Gateway - Displays the default gateway of the switch. To change the default gateway, enter a new gateway. When DHCP is enabled, you cannot change this parameter. DHCP Mode - For information about setting this parameter, refer to “DHCP Client Configuration”...
Chapter 2: Basic Switch Configuration IP Access List Configuration When the IP Access List feature is enabled, remote access to the AT-S109 Version 1.1.0 management software is restricted to the IP addresses entered into the IP Access List. The procedures in this section describe how to enable or disable the IP Access List feature and how to add or remove IP addresses from the list.
Page 29
AT-GS950/24 Web Interface User Guide Note You can add up to 10 IP address to the IP Access List table.
Chapter 2: Basic Switch Configuration 5. From the IP Restriction Status field, select one of the following choices from the pull-down menu: Enable - This selection restricts the access to the AT-S109 Version 1.1.0 management software to the IP addresses in the table listed under Accessible IP.
AT-GS950/24 Web Interface User Guide System Time The procedures in this section describe how to configure the system time by manually entering the time or through SNTP and how to configure the daylight savings time feature. See the following sections: “Manually Setting System Time”...
Chapter 2: Basic Switch Configuration 3. Use the pull down menu to set the Clock Mode parameter to Local time. 4. In the Local Time Settings section, set the Date Setting (YYYY:MM:DD) to the current date in the YYYY:MM:DD format. 5.
AT-GS950/24 Web Interface User Guide Setting Daylight If you want to configure the switch for daylight savings time, perform the following procedure: Savings Parameters 1. From the main menu on the left side of the page, click the System folder.
Chapter 2: Basic Switch Configuration DHCP and ATI Web Discovery Tool The AT-GS950/24 Gigabit Ethernet Smart switch is managed through a web browser interface only. The factory default IP address is 192.168.1.1. The switch does not have a local console connector, which means that you cannot learn what the switch’s management IP address is on a web...
DHCP Client Configuration This procedure explains how to activate and deactivate the DHCP client on the AT-GS950/24 switch. When the client is activated, the switch obtains its IP configuration including an IP address and subnet mask from a DHCP server on your network. Before performing the procedure, note the following: By default, the DHCP client is disabled on the switch.
Page 36
Note The ATI Web Discovery Tool is available for download on the AT-GS950/24 product page at alliedtelesis.com. 6. Follow the procedure to log on with the new IP address provided by the DHCP Server as described in “Establishing a Remote Connection to the Web Browser Interface”...
AT-GS950/24 Web Interface User Guide DHCP Auto Configuration If you need to automatically update the switch’s configuration files via a remote server, the DHCP Auto Configuration feature is available for this purpose via the DHCP server. Note You must enable the DHCP client so that this feature can operate with the DHCP server.
This section explains how to assign a name, location, and contact information for the AT-GS950/24 switch. This information helps in identifying each specific AT-GS950/24 switch among other switches in the same local area network. Entering this information is optional. Note Allied Telesis recommends that you assign a name to the switch.
Page 39
4. Click Apply. 5. From the main menu on the left side of the page, click on Switch Info. The Switch Information page is displayed. See “AT-GS950/24 Switch Information Page” on page 21 for more information. 6. From the main menu on the left side of the page, select Save...
Chapter 2: Basic Switch Configuration User Name and Password Configuration Password protection is always enabled for access to the AT-S109 Version 1.1.0 Management software. This section explains how to create new users names and passwords and how to modify or delete existing users for the web interface.
AT-GS950/24 Web Interface User Guide 4. To add a password that corresponds to the user name entered in step 3, enter a password of up to 12 alphanumeric characters in the box next to the Password field. The Password field is case sensitive.
Chapter 2: Basic Switch Configuration Delete User Name To delete a user name that you have previously added, perform the following procedure. and Password 1. From the main menu on the left side of the page, click the System folder. The System folder expands.
The Web Server Status is displayed as Enabled for your information only. The Web Server cannot be disabled. SNMP Interface To enable or disable the AT-GS950/24 SNMP interface, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder.
Chapter 2: Basic Switch Configuration Note See Chapter 20, “Simple Network Management Protocol SNMPv1 and v2c” on page 265 and Chapter 21, “Simple Network Management Protocol SNMPv3” on page 275 to configure the remaining SNMP parameters. 4. Click Apply located under the Web Server Status Enable/Disable field.
System Information Display The Switch Information page is initially displayed when you first log into the AT-GS950/24 switch. It provides general information about the switch. To view this information, perform the following procedure: 1. From the main menu on the left side of the page, select Switch Info.
Page 46
Chapter 2: Basic Switch Configuration Administration Information Section: Switch Name - This parameter displays the name assigned to the switch. To assign the switch a name, refer to “System Management Information” on page 38. Switch Location - This parameter displays the location of the switch.
AT-GS950/24 Web Interface User Guide Switch Reboot You can reboot the AT-GS950/24 switch by either pressing the front panel eco-friendly switch between 5 to 9 seconds or by using the Normal reboot function provided in the AT-S109 Version 1.1.0 management software.
Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. See “Disabling Factory Default Reset Feature” on page 51 for information about how to disable the factory default reset feature.
Values Note The AT-S109 Version 1.1.0 Management software factory default values are listed in “AT-GS950/24 Default Parameters” on page 349. Caution This procedure causes the switch to reboot. The switch does not forward network traffic during the reboot process. Some network...
Page 50
To return the AT-S109 Version 1.1.0 Management software to the default settings, perform the following procedure: Note See “AT-GS950/24 Default Parameters” on page 349 for the specific factory default values. 1. From the main menu on the left side of the page, select the Tools folder.
5. In the New Password field, enter a password of up to 12 characters in length. It is case-sensitive. There is not a default password for this field. Caution Since you define this password as part of the process of disabling this function, Allied Telesis has no knowledge of it. You are...
Chapter 2: Basic Switch Configuration responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. 6. Re-enter the same password in the Confirm Password field.
AT-GS950/24 Web Interface User Guide Note If the Factory Default Reset field is already set to Enable, you do not need to continue with this procedure. 4. To enable the factory default reset feature, select Enable on the pull- down menu of the Factory Default Reset field.
Chapter 2: Basic Switch Configuration Pinging a Remote System This procedure instructs the AT-GS950/24 switch to ping a node on your network. This procedure is useful in determining whether an active link exists between the switch and another network device.
AT-GS950/24 Web Interface User Guide 5. To view the ping results, click Show Ping Results. A sample Ping Test Results Page is displayed. See Figure 19. Figure 19. Ping Test Results Page The following information is displayed: Destination IP Address - Indicates the IP address of the unit that receives the ping.
HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted. When operating in this mode, only the AT-GS950/24 switch and the web browser are able to decipher the packets sent and received between them. Configuring SSL...
Page 57
AT-GS950/24 Web Interface User Guide 4. Click Apply. The SSL setting that you have selected is now active. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 2: Basic Switch Configuration System Log Configuration The System log is designed to monitor the operation the AT-GS950/24 switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.
Page 59
AT-GS950/24 Web Interface User Guide 3. From the Syslog Status field, select one of the following choices from the pull-down menu: Enable - The System log is active. Disable - The System log is inactive. 4. From the Time Stamp field, select one of the following choices from the...
Chapter 3 Port Configuration This chapter provides a description of the physical characteristics of the ports and a procedure that explains how to view and change the port settings. This chapter includes the following sections: “Overview” on page 62 “Display and Configure Ports”...
Chapter 3: Port Configuration Overview This chapter describes how to display and modify the physical characteristics of an AT-GS950/24 switch. You can display and modify the settings of all the ports on one web page. The port characteristics that are displayed are: Trunk Group Number ...
This parameter can not be configured on this page, However, for information about configuring a trunk, refer to Chapter 10, “Static Port Trunking” on page 147. Type - Indicates the port type. On the AT-GS950/24, the port type...
Page 64
Chapter 3: Port Configuration is 1000TX for 10/100/1000Base-T twisted-pair ports (1 through 20, 21R through 24R) and 100FX or 1000TX for the SFP ports (21 through 24) for copper or fiber SFP type. Link Status - This parameter indicates the status of the link between the port and the end node connected to the port.
Page 65
AT-GS950/24 Web Interface User Guide Note When QoS is enabled on a port, the Jumbo frame parameter can not be enabled. To enable or disable QoS, see “Mapping CoS Priorities to Egress Queues” and “CoS Page” on page 173...
Page 66
Chapter 3: Port Configuration Mode -This parameter i Indicates the speed and duplex mode settings for the port. You can use this parameter to set the speed and duplex mode of a port. The possible settings are: Ignore -This parameter i Indicates that the All setting does not apply to the Mode field.
Page 67
AT-GS950/24 Web Interface User Guide Ignore - This parameter indicates that the All setting does not apply to the Flow Control field. In other words, each port is set individually. Enabled - This parameter indicates that the port is permitted to use flow control.
Chapter 4 Port Mirroring This chapter describes the Port Mirroring feature and the procedure for setting up port mirroring. Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port.
Chapter 4: Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic received and transmitted on one or more ports by copying the traffic to another switch port. You can connect a data analyzer to the port where the traffic is copied and monitor the traffic on the other ports without impacting network performance or speed.
AT-GS950/24 Web Interface User Guide Port Mirroring Configuration To configure Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring Page is displayed. See Figure 23.
Page 72
Chapter 4: Port Mirroring 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/24 Web Interface User Guide Disable Port Mirroring To disable Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring page is shown in Figure 23 on page 71.
Chapter 5 Virtual LANs This chapter contains a description of Virtual Local Area Networks (VLANs) and the procedures for creating, modifying, and deleting both port-based and tagged VLANs. This chapter contains the following sections: “VLAN Overview” on page 76 “Assign Ports to a VLAN Mode”...
Chapter 5: Virtual LANs VLAN Overview A virtual LAN or VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment via the AT-S109 Version 1.1.0 Management software. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN.
Sales, Production, and Engineering. VLAN Index You must assign a unique number to each VLAN in a network. This number is called the Port-Based VLAN Index. This number uniquely identifies a VLAN in the AT-GS950/24 switch and across the network.
A tagged VLAN consists of the following: VLAN Index You must assign a unique number to each tagged VLAN in a network. This number is called the tagged VLAN ID. This number uniquely identifies a tagged VLAN in the AT-GS950/24 switch and across the network.
Page 79
AT-GS950/24 Web Interface User Guide VLAN Name To create a tagged VLAN, you must give it a unique name. This name can reflect the function of the network devices that are VLAN members, such as Sales, Production, and Engineering. Tagged and Untagged Ports When you specify that a port is a member of a tagged VLAN, you need to specify that it is tagged or untagged.
Page 80
VLAN spans multiple switches, each part of the VLAN on the different switches must be assigned the same VLAN ID. A tagged port can be a member of multiple VLANs. The AT-GS950/24 Gigabit Ethernet Smart Switch can support up to 255 tagged VLANs per switch.
3. From the VLAN folder, select VLAN Mode. The VLAN Mode Page is displayed. See Figure 24. Figure 24. AT-GS950/24 VLAN Mode Page 4. To add ports to a 802.1Q Tagged VLAN or Port-Based VLAN, select the ports accordingly on the VLAN Mode page.
Page 82
Chapter 5: Virtual LANs 5. Click Apply. 6. If you want to restore the port assignment before saving the configuration, click Restore. Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration, the Restore button will not be active for those port assignments.
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Tagged VLAN. The AT-GS950/24 Tagged VLAN Page is displayed. See Figure 25. Figure 25. AT-GS950/24 Tagged VLAN Page...
Chapter 5: Virtual LANs 4. To assign a VLAN ID, type a VLAN ID in the VLAN ID field. The range for this field is 2 to 4,000. You can create a maximum of 255 tagged VLANs. 5. To assign a name to the VLAN, type a unique name in the VLAN Name field.
An example of a tagged VLAN (VLAN2) is shown in the table at the bottom of Figure 26 on page 85. Figure 26. Example of AT-GS950/24 Tagged VLAN Page 4. In the VLAN Action column, click Modify in the row of the VLAN that you want to change.
Page 86
Chapter 5: Virtual LANs 6. To change the VLAN Name, type a new VLAN Name in the VLAN Name field. For more information about this field, refer to “VLAN Name” on page 77.
AT-GS950/24 Web Interface User Guide 7. To change the Management VLAN assignment, select one of the following choices from the pull-down menu: Enable - This parameter enables Management VLAN on this VLAN. The Management VLAN will be disabled on all other VLANs and only be operational on this VLAN.
Page 88
Chapter 5: Virtual LANs Note You cannot delete the Default VLAN which has a VID of 1. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
2. From the Bridge folder, select Port Settings. The VLAN folder expands. From the VLAN folder, select Port Settings. A partial view of the AT-GS950/24 VLAN Port Settings is displayed. See Figure 28. Figure 28. AT-GS950/24 VLAN Port Setting Page 3.
Page 90
Chapter 5: Virtual LANs Disable - This disables Ingress Filtering at the selected port. 6. Click Apply. The port configuration becomes effective. 7. If you need to configure other ports of the switch for the VLAN Port Settings, repeat steps 4 through 7. 8.
AT-GS950/24 Web Interface User Guide Port-Based VLAN Configuration A port-based VLAN is a group of ports on the switch that form a logical Ethernet segment. This type of VLAN is independent of the header information including VLAN tags in a frame.
4. In the VLAN Action column, click Modify next to the VLAN that you want to change. The Modify Port-based VLAN Page is displayed. See Figure 30. Figure 30. AT-GS950/24 Modify Port-based VLAN 5. To change the name of the VLAN, type a new name in the VLAN Name field.
Page 93
AT-GS950/24 Web Interface User Guide The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Port-Based VLAN. The Port-Based VLAN Page is shown in Figure 29 on page 91.
Chapter 6 GVRP This chapter contains the following sections: “Overview and Guidelines” on page 96 “General Configuration” on page 97 “Port Settings” on page 98 “Time Settings” on page 100 ...
The default port setting on the switch for GVRP is active, meaning that the ports participate in GVRP. Allied Telesis recommends disabling GVRP on those ports that are connected to GVRP- inactive devices, meaning devices that do not feature GVRP.
AT-GS950/24 Web Interface User Guide General Configuration Perform the following procedure to enable or disable GVRP: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP.
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Port Settings. A partial view of the AT-GS950/24 Port Settings Page is displayed. See Figure 32. Figure 32. AT-GS950/24 Port Settings Page 4. The following fields are listed for each port: Port - This parameter displays the ports on the switch.
Page 99
AT-GS950/24 Web Interface User Guide port row selected. Disable - The Restricted VLAN Registration is de-active for the port row selected. 5. Once you have configured the parameters, click Apply for the affected port. 6. If you want to configure GVRP for other ports, repeat steps 4 and 5.
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select GVRP Time Setting. A partial view of the AT-GS950/24 GVRP Time Setting Page is displayed. See Figure 33. Figure 33. AT-GS950/24 GVRP Time Setting Page GARPLeaveTimer must be greater than (GARPJoinTimer x2 + 10).
Page 101
AT-GS950/24 Web Interface User Guide equation: GARPLeaveAllTimer > (GARPLeaveTimer + 10) Note To ensure compatibility between network devices, you need to configure the same values for the GARP Join Timer, GARP Leave Timer, and GARP Leave All Timer on all participating GVRP devices in your network.
Chapter 7 Voice VLAN This chapter contains a description of the AT-GS950/24 switch’s Voice VLAN feature and the procedures to create, modify, and delete a voice VLAN configuration. This chapter contains the following sections: “Overview” on page 104 “General Guidelines” on page 107 ...
CoS with Voice The Voice VLAN CoS parameter maintains the voice quality between the ingress and egress ports of the AT-GS950/24 switch. CoS must be VLAN enabled for the Voice VLAN CoS priority to take effect. The CoS priority level that you configure is applied to voice traffic on all ports of the voice VLAN.
IP phone(s) for the same VLAN ID as the AT-GS950/24 switch’s voice VLAN ID. When voice data is detected on one of the “Not Member” ports, the packets from the IP phone will contain the voice VLAN ID so they are switched within the AT-GS950/24 switch’s voice VLAN.
Page 106
Note Link Layer Discovery Protocol for Media Endpoint Devices (LLDP- MED) is not supported on the AT-GS950/24 switch. Each IP phone that is VLAN aware should be manually configured for the VLAN ID that matches your AT-GS950/24 voice VLAN ID. Each of the AT-GS950/24 voice VLAN ports connected to an IP phone should be configured as “Not Member”...
Up to 10 IP phone MAC addresses/OUIs can be configured at one time. Link Layer Discovery Protocol for Media Endpoint Devices (LLDP- MED) is not supported on the AT-GS950/24 switch. Power over Ethernet (PoE) is not supported on the AT-GS950/24 switch.
2. From the Bridge folder, select Voice VLAN. The Voice VLAN folder expands. 3. From the Voice VLAN folder, select Voice VLAN Settings. A partial view of the AT-GS950/24 Voice VLAN Setting Page is displayed. See Figure 34. Figure 34. AT-GS950/24 Voice VLAN Setting Page...
Page 109
AT-GS950/24 Web Interface User Guide 4. From the Voice VLAN field at the top of the page, select one of the following choices from the pull-down menu: Enable - The voice VLAN feature is active. The other parameter fields in the voice VLAN Global Settings section become active and are eligible for data to be entered.
Page 110
Chapter 7: Voice VLAN Note The voice VLAN Auto-Detection feature can only be enabled on “Not Member” ports of the voice VLAN. Member ports cannot have the voice VLAN Auto-Detection feature enabled. The Status column displays Static for the member ports. See “Dynamic Auto-Detection vs Static Ports”...
AT-GS950/24 Web Interface User Guide OUI Setting You can create and delete Voice VLAN OUI Settings by following the procedures in these sections: “Create OUI Setting” “Modify OUI Setting” on page 112 Create OUI To create a Voice OUI configuration, perform the following procedure: Setting 1.
Chapter 7: Voice VLAN Modify OUI To modify or delete an OUI, it must be first be deleted and then re-entered by following the procedure in “Create OUI Setting” on page 111. Setting Delete OUI To delete an OUI, perform the following procedure: Setting 1.
Chapter 8 STP and RSTP This chapter provides background information about the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP). In addition, there are procedures to configure STP and RSTP. The sections in the chapter include: “Overview” on page 114 ...
Chapter 8: STP and RSTP Overview The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path.
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Bridge Priority The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge and the Root distributes network topology information to the other network bridges and Bridge is used by the other bridges to determine if there are redundant paths in...
Chapter 8: STP and RSTP Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root...
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Table 2. Valid Port Priority Values Port Step Priority Forwarding If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This Delay and may trigger a change in the state of some blocked ports.
Page 118
Chapter 8: STP and RSTP The forwarding delay value is adjustable in the AT-S109 Version 1.1.0 Management software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network.
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Figure 36. Point-to-Point Ports A port operates as an edge port when it is connected to a network terminal device such as a workstation or a server. An edge port on a bridge should not have any STP or RSTP devices connected to it either directly or through another device connected to that port.
Chapter 8: STP and RSTP If you decide to activate spanning tree on the switch, Allied Telesis recommends RSTP instead of STP even when all of other switches in the network are running STP. The AT-GS950/24 switch can combine RSTP with the STP of the other switches.
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Figure 38. STP and VLAN Fragmentation with Untagged Ports You can avoid this problem by connecting the switches using tagged instead of untagged ports when you plan to have STP or RSTP enabled on your network.
Chapter 8: STP and RSTP Figure 39. STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports, refer to Chapter 5, “VLAN Overview” on page 76.
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide Basic STP and RSTP Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 124
Chapter 8: STP and RSTP The RSTP Configuration page allows you to configure basic STP (STP-Compatible) or RSTP protocols as well as to view current settings of the feature. In the upper portion of the page, you can set the following ...
Page 125
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide The following parameters refer to the designated root bridge. You cannot change these fields. Designated Root - This parameter includes two fields: the root bridge priority and the MAC address of the root bridge. For example, 1000 00C08F1211BB shows the root bridge priority as 1000, and 00C08F1211BB as the MAC address.
Figure 41. AT-GS950/24 RSTP Basic Port Configuration Page This page displays the following information about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings for the STP Status, Priority, and Path Cost fields to your switch.
Page 127
AlliedWare Plus Version 2.1.2 Management Software Web Browser User’s Guide sent or received on a the port except for BPDU data. A port with a higher path cost to the root bridge than another on the switch will cause a switching loop and is placed in the blocking state by the Spanning Tree algorithm.
3. From the Spanning Tree folder, select the RSTP folder. The RSTP folder expands. 4. From the RSTP folder, select RSTP Advanced Port folder. A partial view of the AT-GS950/24 RSTP Advanced Port Configuration Page is displayed. See Figure 42 on page 129.
Figure 42. AT-GS950/24 RSTP Advanced Port Configuration Page This page displays the following information about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings to the STP Status, Priority, and Path Cost fields to all the ports on your switch.
Page 130
Chapter 8: STP and RSTP Disabled - The Disabled Port role is assigned if the port is not operational or is excluded from the active topology by management or it is a network access port (IEEE Std 802.1X) and it is Unauthorized, or its Administrative Bridge Port state is Disabled.
The following information is displayed about the ports: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Trunk - The trunk of which the port is a member. Link Status - Whether the link on the port is up or down.
Chapter 9 Multiple Spanning Tree Protocol This chapter provides the procedures for configuring Multiple Spanning Tree Protocol (MSTP). You can find an overview and configuration guidelines for this feature in “MSTP Overview” on page 329. When you configure MSTP, the information should be entered in order on the following web pages: “Multiple Spanning Tree Configuration”...
Chapter 9: Multiple Spanning Tree Protocol Multiple Spanning Tree Configuration Head2 Head3 To configure the MSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 135
AT-GS950/24 Web Interface User Guide Global MSTP Status - Set this field to Enable or Disable the MSTP feature on the switch. The Global MSTP Status must be set to Enable before the other MSTP configuration parameters can be set.
Page 136
Chapter 9: Multiple Spanning Tree Protocol bridge spends in the listening and learning states. Its range is 4 - 30 seconds. Maximum Hop Count - The Maximum Hop Count is a parameter set in a BPDU packet when it originates. It is decremented by 1 each time it is retransmitted by the next bridge.
AT-GS950/24 Web Interface User Guide VLAN Mapping You can create, modify and delete MSTP settings with the procedures in the following sections: ”Open MSTP VLAN Mapping Page” ”Create VLAN Mapping to MST Instance”. “Modify MST Instance” on page 138.
Chapter 9: Multiple Spanning Tree Protocol Modify MST If you wish to modify a MST Instance, you must first delete the instance and then redefine it. Refer to “Create VLAN Mapping to MST Instance” on Instance page 137 for more information. Delete MST 1.
3. From the Spanning Tree folder, select the MSTP folder. The MSTP folder expands. 4. From the MSTP folder, select MSTP Port Configuration. A partial view of the AT-GS950/24 MSTP Port Configuration Page is displayed. See Figure 46. Figure 46. AT-GS950/24 MSTP Port Configuration Page You may choose a port and configure its MSTP parameters on this page.
Page 140
Chapter 9: Multiple Spanning Tree Protocol network topology. ForcedFalse - The port is not connected to a network device in the network topology. Auto - The switch will automatically determine the port type. Edge Port - Indicates if a port is connected to an edge device in the network topology or not.
Page 141
AT-GS950/24 Web Interface User Guide True - The port cannot process receive/transmit TCN BPDUs. False - The port can process receive/transmit TCN BPDU packets. 5. Once you have configured the parameters, click Apply in the Action column. 6. If you choose to change the MSTP port configuration for other ports, repeat steps 4 and 5.
You may choose a port and configure its MSTP parameters on this page. The following information is displayed: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Use the All row to apply the same settings for the Port State field to all the ports on your switch.
Page 143
AT-GS950/24 Web Interface User Guide 6. If you choose to change the MSTP port settings for other ports, repeat steps 4 and 5. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
The following information displayed on this page shows the current status of MSTP for each port: Port - Indicates ports 1 through 24 on the AT-GS950/24 switch. Designated Root - The designated root bridge to which the switch’s root port is actively connected.
Page 145
AT-GS950/24 Web Interface User Guide Regional Root Priority - The priority of the regional root port. Regional Path Cost - The path cost from the regional root port to the regional root bridge. Type - This specifies the regional port type which can be either a point-to-point or an edge type port.
Page 146
Chapter 9: Multiple Spanning Tree Protocol...
Chapter 10 Static Port Trunking This chapter contains a description of port trunking and the procedures for creating, modifying, and deleting a static port trunk. The following topics are discussed: “Overview” on page 148 “Create a Port Trunk” on page 151 ...
AT-S109 Version 1.1.0 Management software on the switch automatically groups them together. The example in Figure 49 illustrates a static port trunk of four links between two AT-GS950/24 switches. Figure 49. Static Port Trunk Example...
Page 149
General Guidelines Following are the guidelines for creating a static trunk: Allied Telesis recommends setting static port trunks between Allied Telesis networking devices to ensure compatibility. A static trunk can contain up to eight ports.
Page 150
Chapter 10: Static Port Trunking more than one VLAN. The ports of a static trunk can be either untagged or untagged members of the same VLAN. The switch selects a port in the trunk to handle broadcast packets and packets of unknown destination.
AT-GS950/24 Web Interface User Guide Create a Port Trunk This procedure explains how to create a static port trunk. Caution Do not connect the cables of a port trunk to the ports on the switch until you have configured the ports on both the switch and the end nodes.
Page 152
8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. 9. Configure the port trunk on the other switch. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/24 switch and the trunk ports on the other switch.
AT-GS950/24 Web Interface User Guide Modify a Port Trunk This procedure explains how to change the status of a port trunk and add or remove ports from a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk.
Page 154
Chapter 10: Static Port Trunking 9. Configure the port trunk on the other switch with the same parameters. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/24 switch and the trunk ports on the other switch.
AT-GS950/24 Web Interface User Guide Disable a Port Trunk This procedure explains how to disable a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology.
AT-GS950/24 Web Interface User Guide Chapter 11 LACP Port Trunks This chapter contains overview information about LACP port trunks and the procedures for setting this feature. This chapter contains the following sections: “System Priority” on page 159 “Port Priority Value” on page 159 ...
The main component of an LACP trunk is an aggregator which manages a group of ports on the switch. On the AT-GS950/24, the ports assigned to a trunk group are automatically assigned to an aggregator. Only one aggregator can be assigned to each trunk group.
AT-GS950/24 Web Interface User Guide System Priority It is possible for two devices interconnected by an aggregate trunk to encounter a conflict when they form the trunk. For example, the two devices might not support the same number of active ports in an aggregate trunk or might not agree on which ports are active and which are in standby mode.
Page 160
Chapter 11: LACP Port Trunks Two conditions must be met for a port in an aggregate trunk to function in the standby mode. First, the number of ports in the trunk must exceed the highest allowed number of active ports and, second, the port must be receiving LACPDU packets from the other device.
AT-GS950/24 Web Interface User Guide General Guidelines The following guidelines apply when creating aggregators: LACP must be activated on both the AT-GS950/24 switch and its partner device. The other device must be 802.3ad-compliant. The AT-S109 Version 1.1.0 Management software supports up to ...
Page 162
AT-GS950/24 switch, you should assign the other vendor’s device a higher system LACP priority than your AT-GS950/24 switch. This can help avoid a conflict between the devices if some ports are placed in the standby mode when the devices create the trunk.
AT-GS950/24 Web Interface User Guide Group Status To display the LACP Group Status, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands.
Chapter 11: LACP Port Trunks The System Priority is a preassigned value that you cannot alter. This value applies to the switch. See “System Priority” on page 159. The System ID is a MAC address value assigned to the individual switch.
AT-GS950/24 Web Interface User Guide Figure 53. LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link-Up status.
2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select Port Priority. A partial view of the AT-GS950/24 Port Priority Page is displayed. See Figure 54. Figure 54. AT-GS950/24 Port Priority Page The System Priority is a preassigned value that you cannot alter.
Chapter 12 Quality of Service (CoS) This chapter contains the following topics: “Overview” on page 168 “Associate Ports to CoS Priorities” on page 175 “Associate DSCP Classes to Egress Queues” on page 176 “Queue Scheduling Algorithm” on page 177 ...
Chapter 12: Quality of Service (CoS) Overview When a port on an Ethernet switch becomes oversubscribed, its egress queues contain more packets than the port can handle in a timely manner. In this situation, the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
AT-GS950/24 Web Interface User Guide Egress Queue vs Each switch port has four egress queues, labeled Q0, Q1, Q2, and Q3. Q0 is the lowest priority queue and Q3 is the highest. A packet in a high Packet Priority priority egress queue is typically transmitted sooner than a packet in a low Mapping priority queue.Table 3 lists the default mappings between the eight CoS...
However, the Untagged Packets AT-GS950/24 switch has a priority associated with each individual ingress port. By default, each port’s priority is 0. You can redefine this parameter as described in “Associate Ports to CoS Priorities” on page 175.
Page 171
AT-GS950/24 Web Interface User Guide never be transmitted from the switch because the algorithm might never have time to process the packets waiting in the lower priority queues.
Chapter 12: Quality of Service (CoS) Weighted Round Robin Priority Scheduling The weighted round robin (WRR) scheduling method functions as its name implies. The port transmits a set number of packets from each queue, in a round robin fashion, so that each has a chance to transmit traffic.Normally, the higher the queue’s priority the more packets are transmitted in as the algorithm cycles through the queues in turn.
AT-GS950/24 Web Interface User Guide Mapping CoS Priorities to Egress Queues Before mapping the CoS priorities and the egress queues, you must disable the Jumbo frame parameter on each port. See the Jumbo parameter definition in “Display and Configure Ports” on page 63.
Page 174
Chapter 12: Quality of Service (CoS) 4. For each Traffic Class whose queue you want to change, click on the Queue (0, 1, 2, or 3) radio button that applies to your configuration. 5. After you have completed this mapping process, select Enable in the QoS Status field, 6.
2. From the Bridge folder, select QoS. The QoS folder expands. 3. From the QoS folder, select Port Priority. A partial view of the AT-GS950/24 Port Priority Page page is shown in Figure 56. Figure 56. AT-GS950/24 Port Priority Page 4.
Chapter 12: Quality of Service (CoS) Associate DSCP Classes to Egress Queues If you choose to use the DSCP tags in your Access Control policy configuration, each DSCP value (0-63) that is relevant to your configuration needs to be mapped to one of the four egress queues (0-3).
AT-GS950/24 Web Interface User Guide Queue Scheduling Algorithm To change the scheduling algorithm for the egress queues, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select QoS.
Chapter 13 Access Control Configuration Access Control configuration allows you to control different aspects of the Ethernet traffic as it enters the switch ports and is process through the switch. You can specify what traffic is permitted or denied to flow through the switch by setting up specific filter criteria at an ingress port.
Chapter 13: Access Control Configuration Classifier The Create Classifier page allows you to specify packet settings for filtering Ethernet traffic. You can create, modify or delete a Classifier by following the procedures in the following sections: “Create Classifier,” next “Modify Classifier”...
Page 181
AT-GS950/24 Web Interface User Guide 3. Enter a number in the Classifier Index field. The Classifier Index must be a unique number within the range of 1 - 65535. Note The Classifier Index is a required parameter when you create a Policy.
Chapter 13: Access Control Configuration 5. Click ADD. The classifier entry is displayed in the table at the bottom of the page. If you do not see you new entry, you may need to navigate to another page of the table with the First Page, Previous Page, Next Page, and Last Page buttons located below the table.
AT-GS950/24 Web Interface User Guide 3. From the Create Classifier page, identify which classifier that want to modify and click the modify link in the Action column. The Modify Classifier page is displayed in Figure 61. Figure 61. Modify Classifier Page 4.
Page 184
Chapter 13: Access Control Configuration 3. From the Create Classifier page, identify which classifier table entry that want to delete and click the Delete button in the Action column. You will be prompted with a message saying, “Do you want to delete classifier xxxx?”...
AT-GS950/24 Web Interface User Guide Profile Action The Create Profile Action page defines the priority parameters for policing on DSCP (layer 3) and/or class of service (layer 2). Note You must enter a Profile Index on this page even if you do not define...
Chapter 13: Access Control Configuration 3. Enter a number in the Profile Action Index field. The Index must be a unique number ranging from 1 to 72. 4. Enter a number in the Policed DSCP field within the range of 0 to 63. This field indicates the DSCP level of interest.
AT-GS950/24 Web Interface User Guide 2. From the Access Control Config folder, select Profile Action. An example of the Create Profile Action page with a Profile Action table entry is shown in Figure 64 on page 187. 3. Select the table entry that you want to modify and click the modify link in the Action column.
Page 188
Chapter 13: Access Control Configuration 4. Click on the OK button. The profile action entry is deleted from the profile action table. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/24 Web Interface User Guide In-Profile Action The Create In-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege for packets in the ingress queue. Note A Profile Action Index is required to create an In-Profile Action.
Chapter 13: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Create Profile Action” on page 185 for more information. 5.
AT-GS950/24 Web Interface User Guide Modify In-Profile To modify a In-Profile action entry, perform the following procedure: Action Note You must first enter a In-Profile action before you can modify it. See “Create In-Profile Action” on page 189 for more information.
Chapter 13: Access Control Configuration Delete In-Profile To delete a In-Profile action entry, perform the following procedure: Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
AT-GS950/24 Web Interface User Guide Out-Profile Action The Create Out-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege and bandwidth restrictions for packets in the egress queue. You can create, modify or delete an Out-Profile Action by following the procedures in the following sections: “Create Out-Profile Action,”...
Chapter 13: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Create Profile Action” on page 185 for more information. 5.
AT-GS950/24 Web Interface User Guide Modify Out- To modify a Out-Profile action entry, perform the following procedure: Profile Action Note Before you can modify an entry, you must first enter a Out-Profile action - see “Create In-Profile Action” on page 189.
Chapter 13: Access Control Configuration Delete Out- To delete a Out-Profile action entry, perform the following procedure: Profile Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
AT-GS950/24 Web Interface User Guide Port List The Create Port List page allows you to specify a list of ports that will be used as part of the policy specification. You can create, modify or delete a Port List by following the procedures in the following sections: “Create Port List,”...
Chapter 13: Access Control Configuration 5. Click Add. The Out-Profile Action entry is added to the status table. If the Page field located below the table displays a page number and you do not see your new entry, then there are multiple pages of the table that you can navigate.
AT-GS950/24 Web Interface User Guide Figure 73. Modify Port List Page 4. Change the parameters as required. Note See “Create Port List” on page 197 for the definitions of each parameters. 5. Click Apply. The modified Port List entry is displayed in the table at the bottom of the page of the Create Port List page.
Chapter 13: Access Control Configuration Policy The Create Policy page allows you to specify the filtering criteria for one policy. Before creating a policy, you must pre-define the following indexes: Classifier Index - See “Create Classifier” on page 180 for more information.
Page 201
AT-GS950/24 Web Interface User Guide 3. Enter a number in the Policy Index field. The Policy Index is a unique number within the range of 1 - 65535 which identifies the policy. This field is mandatory. 4. Enter data in the remaining parameters. All parameters listed below...
Chapter 13: Access Control Configuration Figure 75. Example of Policy Entry 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Policy To modify a Policy entry, perform the following procedure: Note Before you can modify an entry, you must first enter a Policy - see “Create Policy”...
AT-GS950/24 Web Interface User Guide Figure 76. Modify Policy Page 4. Change the parameters as required. Note See “Create Policy” on page 200 for the definitions of each parameters. 5. Click Apply. The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page.
Page 204
Chapter 13: Access Control Configuration 2. From the Access Control Config folder, select Policy. An example of the Create Policy page with a Policy table entry is shown in Figure 75 on page 202. 3. From the Create Policy page, identify which Policy table entry that want to delete and click the Delete button in the Action column.
AT-GS950/24 Web Interface User Guide Policy Sequence The Policy Sequence page displays the order that policies are applied to each port. You can order the display by Policy Index or by Policy Sequence number. To display the policy sequence, perform the following procedure: 1.
Page 206
Chapter 13: Access Control Configuration...
Chapter 14 Storm Control This chapter contains a description and configuration procedures for the Storm Control (bandwidth) feature. The following topics are discussed: “Overview” on page 208 “Configuration” on page 210 “Ingress Rate Limiting” on page 212 “Egress Rate Limiting”...
Each setting can be configured on individual ports or on all of the ports of the AT-GS950/24 switch. Traffic is measured in packets per second. See the following definitions for more information about these settings.
AT-GS950/24 Web Interface User Guide Ingress Rate The Ingress Rate Limiting feature restricts the traffic to a pre-configured data rate that can flow into a port. This data rate limit can be configured in Limiting 64 Kbps increments within a range from 64 Kbps to 1000 Mbps. The...
2. From the Bridge folder, select Bandwidth Control. The Bandwidth Control folder expands. 3. From the Bandwidth Control folder, select Storm Control. A partial view of the AT-GS950/24 Storm Control page is displayed. See Figure 78. Figure 78. AT-GS950/24 Storm Control Page 4.
Page 211
AT-GS950/24 Web Interface User Guide Note For more information, see the Broadcast setting definition in“Overview” on page 208. 7. Click Apply. 8. To enable or disable ingress and egress Multicast packets, select Enable or Disable from the Multicast pull-down menu next to the port that you want to change.
A partial view of the AT-GS950/24 Ingress Rate Limiting page is displayed. See Figure 79. Figure 79. AT-GS950/24 Ingress Rate Limiting Page 4. To set the Bandwidth field on the AT-GS950/24 switch, enter a number in the range of 1 - 15625. Note See “Ingress Rate Limiting”...
Page 213
AT-GS950/24 Web Interface User Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
2. From the Bridge folder, select Bandwidth Control. The Bandwidth Control folder expands. 3. From the Bandwidth Control folder, select Egress Rate Filtering. A partial view of the AT-GS950/24 Egress Rate Limiting page is displayed. See Figure 80. Figure 80. AT-GS950/24 Egress Rate Limiting Page To set the Bandwidth field, enter a number in the range of 1 to 15625.
Chapter 15 MAC Address Table This chapter contains a description of the static multicast MAC address feature and the procedure for configuring it. This chapter includes the following sections: “Overview” on page 216 “Static Unicast MAC Address Configuration” on page 218 ...
Chapter 15: MAC Address Table Overview The AT-GS950/24 switch has a MAC address table with a storage capacity of up to 8,000 entries. The table stores the MAC addresses of the network nodes connected to its ports and the port number where each address is learned.
Page 217
AT-GS950/24 Web Interface User Guide allows the multicast stream to be forwarded immediately to those predefined ports entered in the MAC table without any configuration delays or loss of data.
2. From the Bridge folder, select Static Unicast. The Static Unicast Address Table Page is displayed. See Figure 81. Figure 81. AT-GS950/24 Static Unicast Address Table Page Before continuing, you must create an 802.1Q VLAN ID(s) or a Port- Based VLAN Index(s). For information about defining these parameters, go to: “Tagged VLAN Configuration”...
Page 219
AT-GS950/24 Web Interface User Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Chapter 15: MAC Address Table Modify Static Unicast Address To modify the port assignment of a unicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
AT-GS950/24 Web Interface User Guide Delete Static Unicast Address To delete a unicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
2. From the Bridge folder, select Static Multicast. The Static Multicast Address Table Page is displayed. See Figure 82. Figure 82. AT-GS950/24 Static Multicast Address Table Page Before continuing, you must create an 802.1Q VLAN ID(s) or a Port- Based VLAN Index(s). For information about defining these parameters, go to: “Tagged VLAN Configuration”...
Page 223
AT-GS950/24 Web Interface User Guide 4. In the Group MAC Address field, enter a multicast MAC address. The range is from 01:00:5E:00:01:00 to 01:00:5E:7F:FF:FF. 5. Assign the MAC address a Group Member (or members) by selecting the check box beside each port number.
Chapter 15: MAC Address Table Modify Static Multicast Address To modify the port assignment of a multicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
AT-GS950/24 Web Interface User Guide Delete Static Multicast Address To delete a multicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Chapter 16 DHCP Snooping This chapter contains a description of the AT-GS950/24 switch’s DHCP Snooping feature and the procedures for creating, modifying, and deleting the DHCP Snooping configuration. This chapter contains the following sections: “Overview” on page 228 “Trusted Ports” on page 228 ...
The DHCP Snooping feature provides security by inspecting ingress packets for the correct IP and MAC address information. The DHCP Snooping feature defines the AT-GS950/24 ports as either trusted or untrusted. With DHCP Snooping enabled, two network security issues are...
You can configure the AT-GS950/24 to pass DHCP packets containing Option 82 information through the switch without altering the information Option 82 within the packet. You can also configure the AT-GS950/24 switch to insert DHCP Option 82 information directly into the DHCP packets as they pass through the switch.
Chapter 16: DHCP Snooping General Guidelines Here is a summary of the rules to observe when you configure DHCP Snooping: A trusted port is connect to one of the following: – Directly to the legitimate trusted DHCP Server. – A network device relaying DHCP messages to and from a trusted server.
AT-GS950/24 Web Interface User Guide General Configuration The following procedure describes how to configure the DHCP Snooping feature on the AT-GS950/24 switch: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands.
Page 232
Chapter 16: DHCP Snooping through the switch without regard to the IP and MAC Address information in the packet header. 6. From the Backup Database field, select one of the following choices from the pull-down menu: Enable - The AT-S109 Version 1.1.0 Management software saves a backup copy of the Binding Table to flash at a specified interval (Database Update Interval) of time.
AT-GS950/24 Web Interface User Guide VLAN Setting You can create and delete DHCP Snooping VLAN settings by following the procedures in these sections: "Create VLAN Setting" “Modify VLAN Setting” on page 234 “Delete VLAN Setting” on page 234 ...
Chapter 16: DHCP Snooping Modify VLAN To modify or delete a VLAN ID, it must first be deleted and then re-entered by following the procedure outline in “Create VLAN Setting” on page 233. Setting Delete VLAN To delete a VLAN ID, perform the following procedure: Setting 1.
Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select Trusted Interfaces. A partial view of the AT-GS950/24 Trusted Interfaces page is displayed. See Figure 85. Figure 85. AT-GS950/24 Trusted Interfaces Page 3. From the Trust column, select one of the following choices from the...
Add button. The following procedure describes how to configure the DHCP Snooping Binding Database on the AT-GS950/24 switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network: 1.
AT-GS950/24 Web Interface User Guide Type - Because the IP Address being entered is static, you must select Static. Lease Time - Enter the time that IP address assignment is valid. The range is 10 to 4294967295 seconds. 2. Click Add.
Chapter 17 IGMP Snooping This chapter contains a description of the IGMP Snooping procedure as well as procedures for working with IGMP Snooping in the web interface. The following topics are discussed: “Overview” on page 240 “IGMP Snooping Configuration” on page 242 ...
Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group. The IGMP snooping feature on the AT-GS950/24 switch supports IGMP versions 1 and 2. The switch monitors the flow of queries from a router and reports and leave messages from host nodes to build its own multicast membership lists.
Page 241
Such flooding of packets can negatively impact network performance. The AT-GS950/24 switch maintains a list of multicast groups through an adjustable time out value, which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups, and by processing leave requests.
Chapter 17: IGMP Snooping IGMP Snooping Configuration This procedure explains how to set IGMP snooping on the switch and set the IGMP Snooping (V1) age-out timer. To configure IGMP snooping, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
AT-GS950/24 Web Interface User Guide 6. The IGMP Snooping Page is updated with active Multicast Group address(s). See Figure 88. Note The Multicast Group Address table contains MAC addresses of nodes that are active members of multicast groups. To set a static Multicast Group Address, see “Static Multicast Address...
Chapter 18 Security This Chapter contains information about the Port-based security features and the procedures for setting this feature. This chapter includes the following sections: “Port Access Control” on page 246 “RADIUS Client” on page 251 “Dial-in User - Local Authentication” on page 254 ...
Chapter 18: Security Port Access Control This section contains information and configuration procedures for the Port-based Access Control. This section includes the following sections: “Overview” on page 246 “Port Access Control Configuration” on page 247 Note After configuring the Port-based Network Access Control, you can choose to use either the local authentication server in the AT-S109 Version 1.1.0 for 802.1x authentication or a remote RADIUS server for 802.1x authentication.
AT-GS950/24 Web Interface User Guide Port Access To configure port-based access control, perform the following procedure: Control 1. Select the Security folder from the main menu on the left side of the Configuration page. The Security folder expands. 2. From the Security folder, select Port Access Control. The Port Access Control Configuration Page is displayed.
Page 248
Chapter 18: Security Port - This parameter specifies the port being configured for authentication. Authentication Mode - This parameter specifies the port-based authentication mode. The pull-down menu choices are as follows: 802.1x - 802.1x is specified as the authentication mode. This setting applies to configuration for either RADIUS or Dial-In User authentication.
Page 249
AT-GS950/24 Web Interface User Guide Supplicant Mode - This parameter specifies if one or more supplicants can be authenticated on a port. Single - The port is set to permit only one supplicant to log on and forwards only the traffic of that supplicant. After one supplicant has logged on, the port discards packets from any other supplicant.
Page 250
Chapter 18: Security Maximum Request - Specifies the maximum number of times authenticator ports transmit EAP Request packets to clients before timing out authentication sessions. The range is 1 to 10. Re-authentication Period - Specifies the time interval for reauthentication of clients on an authenticator port. The range is 1 to 65535 seconds Server Timeout - Sets the length of time the switch waits for a response from the authentication server.
AT-GS950/24 Web Interface User Guide RADIUS Client You can use the RADIUS client with 802.1x port-based access control to authenticate which packets are forwarded through the switch. This section explains how to configure the RADIUS client on the switch and contains the following sections: “Overview”...
Chapter 18: Security You need to specify the user name and password combinations when configuring the RADIUS server software on the authentication server. Note This manual does not explain how to configure RADIUS server software. Refer to the documentation that comes with the RADIUS server software for instructions.
Page 253
AT-GS950/24 Web Interface User Guide 7. Click Apply to save your changes. 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Chapter 18: Security Dial-in User - Local Authentication Dial-in User feature provides the local authentication server for port security when a remote (RADIUS) server is not available. This section includes the following: “Overview” on page 254 “Dial-in User Configuration” on page 254 ...
AT-GS950/24 Web Interface User Guide Figure 91. Dial-In User Page 3. In the User Name field, type a name for the user. 4. In the Password field, type a password for the user. 5. In the Dynamic VLAN field, enter the VID of the VLAN which you will allow the user to access.
Page 256
Chapter 18: Security Delete a Dial-in User To delete a dial-in user, perform the following procedure: 1. From the main menu on the left side of the page, select the Security folder. The Security folder expands. 2. From the Security folder, Dial-in User. The Dial-in User page is displayed.
Overview The Destination MAC Filter feature prevents the AT-GS950/24 switch from forwarding packets to a specified device. On the Destination MAC Filter Page of the AT-S109 Version 1.1.0 Management software, enter the MAC address of the device that you want to filter.
Chapter 18: Security Figure 92. Destination MAC Filter Page 3. To enter the MAC address that you want filtered, enter the MAC address into the MAC Address field. 4. Click Add to save your entry. 5. After you have configured a destination MAC address, the Destination MAC Filter Page is updated with the MAC address.
Chapter 19 LLDP Link Layer Discovery Protocol (LLDP) allows Ethernet network devices such as switches and routers to receive and/or transmit device-related information to directly connected devices on the network that are also using the protocols, and to store the information that is learned about other devices.
Chapter 19: LLDP Overview The data sent and received by LLDP are useful for many reasons. The switch can discover other devices directly connected to it. Neighboring devices can use LLDP to advertise some parts of their Layer 2 configuration to each other, which may highlight inconsistencies in the neighboring device’s configuration which can then be corrected.
1. From the main menu on the left side of the page, click the LLDP folder. The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Settings A partial view of the AT-GS950/24 LLDP Global Settings Page is displayed. See Figure 93. Figure 93. AT-GS950/24 LLDP Global Settings Page...
Chapter 19: LLDP 3. From the LLDP parameter, select one of the following radio button choices: Enable - The LLDP feature is active. Note The LLDP feature is not dependent on the DHCP feature. Therefore the DHCP feature can be either Enabled or Disabled without affecting LLDP.
AT-GS950/24 Web Interface User Guide For more information, see “System Management Information” on page 38 System Description - This parameter describes the switch’s title that is advertised. You cannot change this parameter. Port States Each port on the switch can be assigned a LLDP states as follows: 1.
Entity - This parameter is a number assigned to the reporting neighbors in the order that the LLDP information is received from them. Port - This parameter specifies the AT-GS950/24 local port number where the LLDP information was received. Chassis ID Subtype - This parameter describes the Chassis ID subtype of the neighboring network device which is reporting the LLDP information.
Chapter 20 Simple Network Management Protocol SNMPv1 and v2c This chapter contains a description of SNMPv1 and SMNMPv2c and the procedures for configuring with these protocols. This chapter contains the following sections: “SNMPv1 and SNMPv2c Overview” on page 266 “Trap Receiver Attributes”...
In the SNMPv1 and SNMPv2c protocols, the terms agent and manager may be used. An agent is software which runs on managed equipment such as the AT-GS950/24 switch. A manager is a workstation or server that runs the SNMP Network Management System (NMS) software.
AT-GS950/24 Web Interface User Guide Attributes Trap Receiver A trap is a message sent by the agent to one or more managers to indicate the occurrence of a particular event on the device. There are numerous events that can trigger a trap. For instance, when the switch reboots or when the Spanning Tree Root Bridge changes.
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c Activate SNMP Interface The SNMP interface is activated by default. If you want to de-activate it or re-activate it, go to “User Interface Configuration” on page 43.
AT-GS950/24 Web Interface User Guide SNMPv1/v2 User and Group Names A v1/v2 User Name and Group Name definition is the basis for creating SNMPv1/v2 communities. You can create and delete User and Group Names with the procedures in the following sections: “Create SNMP v1/v2 User and Group Names”...
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c Note If you choose to use the default User and Group Names (ReadOnly and ReadWrite) that are already displayed in the table, proceed to step 7 below. 3. Type a new User Name. Enter a name up to 31 characters in length.
AT-GS950/24 Web Interface User Guide SNMPv1/v2 Community Strings A community string has attributes for controlling who can use the string and what the string will allow a network management station to do on the switch. The AT-S109 Version 1.1.0 Management software does NOT provide any default community strings.
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c 5. Click Add. The new Community Name and User Name are displayed. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify SNMPv1/ If you need to modify a Community Table entry, you must first delete the entry by using the procedure below and then re-enter it with the...
AT-GS950/24 Web Interface User Guide SNMP Traps A Host IP address is used to specify a management device that needs to receive SNMP traps sent by the switch. This IP address is associated with the SNMP Version and a valid Community Name in the Host table of the switch.
Chapter 20: Simple Network Management Protocol SNMPv1 and v2c 6. Click Add. The new host is added to the table. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Trap If you need to modify an SNMP Trap entry, you must first delete the entry by using the procedure below and then re-enter it with the modification by...
Chapter 21 Simple Network Management Protocol SNMPv3 This chapter contains a description of SNMPv3 and the procedures for configuring this protocol. This chapter contains the following sections: “SNMPv3 Overview” on page 276 “SNMPv3 Authentication Protocols” on page 276 “SNMPv3 Privacy Protocol”...
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 Overview The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 20 on page 265. In SNMPv3, User-based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a secure SNMP environment.
AT-GS950/24 Web Interface User Guide In addition, you have the option of assigning no user authentication. In this case, no authentication is performed for this user. You may want to make this configuration for someone with super-user capabilities. SNMPv3 Privacy...
Chapter 21: Simple Network Management Protocol SNMPv3 Figure 98. MIB Tree The AT-S109 Version 1.1.0 Management software supports the MIB tree, starting with the Internet MIBs, as defined by 1.3.6.1. There are two ways to specify a MIB view. You can enter the OID number of the MIB view or its equivalent text name.
AT-GS950/24 Web Interface User Guide 4. You must enter information in the Community table based on a pre- defined User Name. Note The Community Strings do not have a default value defined and are initially blank. 5. Finally, the traps can be defined on the Trap Management page based on the Community or User Name.
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 User and Group Names A v3 User Name and Group Name definition is the basis for all the other SNMPv3 tables. You can create and delete View Names by following the procedures in the following sections: “Create SNMPv3 User and Group Names”...
AT-GS950/24 Web Interface User Guide 9. Select one of the following choices for the Priv-Protocol field: DES - The DES encryption scrambles the SNMP data so that outside observers are prevented from seeing the data content. none - No encryption is selected for the SNMP data.
Chapter 21: Simple Network Management Protocol SNMPv3 SNMPv3 View Names The SNMPv3 View names are defined in the SNMP Group Access table and are based on the User and Group Names. You can create and delete View Names by following the procedures in the following sections: “Create SNMPv3 View Names”...
AT-GS950/24 Web Interface User Guide 5. Enter the Write View Name. This name is an optional field. It can be up to 31 characters in length. 6. Enter the Notify View Name. This name is an optional field. It can be up to 31 characters in length.
Page 284
Chapter 21: Simple Network Management Protocol SNMPv3 4. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/24 Web Interface User Guide View Table The SNMP v3 View table specifies the MIB object access criteria for each View Name. If the View Name is not specified on this page, then it has access to all MIB objects. You can specify specific areas of the MIB that can be accessed or denied based on the entries in this table.
Chapter 21: Simple Network Management Protocol SNMPv3 5. Enter “1” for the OID Mask. 6. Enter the View Type. This can be one of two choices: Included - This selection allows the specified MIB object to be included in the view. Excluded - This selection blocks the view of the specified MIB object.
AT-GS950/24 Web Interface User Guide SNMPv3 Traps The creation, modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1/v2. See “SNMP Traps” on page 273.
Chapter 22 RMON This chapter contains the following sections: “Overview” on page 290 “Enable and Disable RMON” on page 291 “Port Statistics” on page 292 “Histories” on page 293 “Events” on page 295 “Alarms” on page 297 ...
Chapter 22: RMON Overview The RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch supports the four RMON MIB groups listed here: Statistic group. This group is used to view port statistics remotely ...
AT-GS950/24 Web Interface User Guide Enable and Disable RMON You can now use your SNMP Network Management System (NMS) software and the RMON section of the MIB tree to view the RMON statistics, history and alarms associated with specific ports. Since RMON...
Chapter 22: RMON Port Statistics You can remotely view individual port statistics with RMON by using your SNMP NMS software and the RMON portion of the MIB tree. Perform the following procedure to configure RMON port statistics for a specific port: 1.
AT-GS950/24 Web Interface User Guide Histories RMON histories are snapshots of port statistics. They are taken by the switch at predefined intervals and can be used to identify trends or patterns in the numbers or types of ingress packets on the ports on the switch.
Page 294
Chapter 22: RMON Interval - This parameter specifies how frequently the switch takes snapshots of the port’s statistics. The range is 1 to 3600 seconds (1 hour). For example, if you want the switch to take one snapshot every minute on a port, you specify an interval of sixty seconds. Owner - This parameter is used to identify the person who created an entry.
AT-GS950/24 Web Interface User Guide Events An event specifies the action of the switch when the ingress packet activity on a port crosses a statistical threshold defined in an alarm. The choices are to log a message in the event log of the switch, send an SNMP trap to an SNMP workstation, or both.
Page 296
Chapter 22: RMON 4. Once you have configured the parameters, click Add. Your entry will appear in the table at the bottom of the page. 5. If you want to configure additional RMON events, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
AT-GS950/24 Web Interface User Guide Alarms RMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below specified threshold values. The alert messages can take the form of messages that are entered in the event log on the switch or traps that are send to your SNMP NMS software or both.
Chapter 22: RMON 2. From the RMON folder, select Alarm. The RMON Alarm Configuration Page is displayed. See Figure 106. Figure 106. RMON Alarm Configuration Page 3. The following fields are listed: Index - This parameter specifies the ID number of the new group. The range is 1 to 65535.
Page 299
AT-GS950/24 Web Interface User Guide Rising Event Index - This parameter specifies the event index for the rising threshold. Its range is 1 to 65535. This field is mandatory and must match an Event Index that you previously entered in “Events” on page 295.
Chapter 23 Network Statistics The sections in this chapter explain how to display traffic, error, and history statistics about the network traffic on the AT-GS950/24 switch and its ports. This chapter includes the following sections: “Overview” on page 302 ...
Chapter 23: Network Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S109 Version 1.1.0 Management software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color used to draw the chart.
AT-GS950/24 Web Interface User Guide Traffic Comparison Statistics The Traffic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports. You can select 12 statistic types and 12 colors for each port. To display traffic comparison statistics, perform the following procedure: 1.
Chapter 23: Network Statistics 3. To view traffic statistics, click on the arrow next to “Statistics” and select one of the options in Table 6. Table 6 Traffic Comparison Options Option Definition Inbound Octets (Bytes/s) Measures the number of inbound octet bits in bytes per second.
Page 305
AT-GS950/24 Web Interface User Guide 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6. To create the traffic comparison graph, select Draw.
Chapter 23: Network Statistics Error Group Statistics The Error Group chart displays the discard and error counts for a specified port. To display error group statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2.
Page 307
AT-GS950/24 Web Interface User Guide 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color.
Chapter 23: Network Statistics Historical Status Charts The Historical Status chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation. To display historical status charts statistics for a port, perform the following procedure: 1.
AT-GS950/24 Web Interface User Guide Table 7 Historical Status Options Option Definition Inbound Octet Rate (Bytes) Measures the rate of inbound octet bits in bytes per second. Inbound Unicast Packet Rate (Pkts) Measures the rate of inbound unicast packets in packets per second.
Page 310
Chapter 23: Network Statistics 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds 10 seconds 15 seconds 30 seconds 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green Blue...
Chapter 24 Management Software Updates This chapter explains the methods for upgrading the AT-S109 Version 1.1.0 Management software on the switch and saving configuration files. This chapter contains the following sections: “Overview” on page 312 “Upgrade Firmware Image via HTTP” on page 313 ...
Internet browser. However, to perform one of these operations using TFTP, you must have access to an TFTP server. In addition, you can save a configuration file from your AT-GS950/24 switch, which can be downloaded to other AT-GS950/24 switches on your network.
AT-GS950/24 Web Interface User Guide Upgrade Firmware Image via HTTP This section describes how to upgrade an firmware image of the AT-S109 Version 1.1.0 Management software using HTTP on an Internet server. Before downloading a new version of the AT-S109 Version 1.1.0...
Chapter 24: Management Software Updates 2. From the Firmware Upgrade folder, select via HTTP. The Firmware Upgrade via HTTP Page is displayed. See Figure 110. Figure 110. Firmware Upgrade via HTTP Page 3. Change the following parameter as necessary: Firmware File - Enter the path and the firmware file name or click the Browse button and select the file name.
AT-GS950/24 Web Interface User Guide Upgrade Firmware Image via TFTP This section describes how to upgrade an firmware image of the AT-S109 Version 1.1.0 Management software using TFTP on an TFTP server. Before downloading a new version of the AT-S109 Version 1.1.0...
Chapter 24: Management Software Updates Figure 111. Firmware Upgrade via TFTP Page The Image/Version Date shows the current version and date of software installed on the switch. 3. Change the following parameters as necessary: TFTP Server IP - The IP address of the TFTP server from which you are downloading the new software.
AT-GS950/24 Web Interface User Guide Download or Upload a Configuration File via HTTP This section describes how to download or upload a configuration file using HTTP on an Internet server. Before you upload or download a configuration file via HTTP, note the following: You must be able to access the new AT-S109 Version 1.1.0 image file...
Chapter 24: Management Software Updates Configuration To upload an AT-S109 Version 1.1.0 configuration file onto the switch, perform the following procedure: File Upload 1. Select the Upload button. Select this button to upload a configuration file from the switch to your PC. The following window shown in Figure 113 is displayed.
AT-S109 Version 1.1.0 Management software on the AT-GS950/24 switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool. See“DHCP and ATI Web Discovery Tool” on page 34 for more information.
Chapter 24: Management Software Updates Download or Upload a Configuration File via TFTP This section describes how to download or upload a configuration file using TFTP on an TFTP server. Before uploading or downloading a configuration file onto the switch using TFTP, note the following: Your network must have a TFTP server.
AT-GS950/24 Web Interface User Guide Configuration To download an AT-S109 Version 1.1.0 configuration file onto the switch, perform the following procedure: File Download 1. Enter the name of the configuration file in the field next to the Config File Name parameter.
Loopback Protection This chapter explains how to configure the Loopback Protection feature for specific ports on the AT-GS950/24 switch. If the Tx and Rx pairs on the same port are connected, then this feature detects this condition and disables the port for a pre-configured amount of time.
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Loopback Detection. A partial view of the AT-GS950/24 Loopback Detection Page is displayed. See Figure 116. Figure 116. AT-GS950/24 Loopback Detection Page 3.
Page 325
Note In the All row when you select Enable or Disable instead of Ignore, the selection applies to all of the AT-GS950/24 switch ports. 7. Click the Apply button in the Action column of the table. 8. Repeat steps 6 and 7 for other individual port settings.
Chapter 25: Loopback Protection Status The status of the Loopback Detection is given in the Loop Status column of the table at the bottom of the Loopback Detection page. See Figure 116 on page 324. The status is one of the following states: Normal - This status indicates that the port does not have the Tx to Rx pairs connected.
Chapter 26 Cable Diagnostics This chapter provides procedures to run cable diagnostics on the cables connected to the switch ports. If a port is selected, a cable must be connected to it for meaningful test results to be displayed. Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Page 328
Chapter 26: Cable Diagnostics Test Results - Displays the diagnostic results for each pair in the cable. One of the following cable status parameters is displayed: OK - There is not problem detected with the cable. Open in Cable - There is an open wire within the cable. Short in Cable - Two wires are shorted together within the cable.
“Associating VLANs to MSTIs” on page 343 “VLANs Across Different Regions” on page 345 “Summary of Guidelines” on page 347 Note To configure the MSTP feature on the AT-GS950/24 switch, go to “Multiple Spanning Tree Protocol” on page 133 for more information.
Appendix A: MSTP Overview Overview In the AT-GS950/24, STP and RSTP are referred to as single-instance spanning trees that search for physical loops across all VLANs in a bridged network. When loops are detected, the active protocol stops the loops by placing one or more bridge ports in a blocking state.
Page 331
AT-GS950/24 Web Interface User Guide Note Do not activate MSTP on the AT-GS950/24 switch without first familiarizing yourself with the following concepts and guidelines. Like STP and RSTP, you must activate this MSTP protocol on a switch and then configure the protocol parameters.
Following are several examples of how MSTP can be applied. Fragmentation Figure 118 illustrates two AT-GS950/24 switches, each containing the two VLANs Sales and Production. The ports of each VLAN on each switch are connected with a direct link using untagged ports. If the switches were running STP or RSTP, one of these two links would be blocked because the links constitute a physical loop.
AT-GS950/24 Web Interface User Guide Figure 119 on page 333 illustrates the same two AT-GS950/24 switches and the same two virtual LANs. But in this example, the two switches are running MSTP and the two VLANs have been assigned different spanning tree instances.
Appendix A: MSTP Overview Figure 120. Multiple VLANs in a MSTI In this example, because an MSTI contains more than one VLAN, the links between the VLAN parts is made with tagged (not untagged) ports so that they can carry traffic from more than one virtual LAN. Referring again to Figure 120, the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs.
AT-GS950/24 Web Interface User Guide General Guidelines Here are the guidelines for MSTIs: The AT-GS950/24 switch can support up to 31 spanning tree instances, including the CIST. A MSTI can contain any number of VLANs. A VLAN can belong to only one MSTI at a time.
Appendix A: MSTP Overview VLAN and MSTI Associations Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
AT-GS950/24 Web Interface User Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTI’s. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Figure 121 on page 339 illustrates the concept of regions. It shows one MSTP region consisting of two AT-GS950/24 switches. Each switch in the region has the same configuration name and revision level. The switches also have the...
AT-GS950/24 Web Interface User Guide Figure 121. Multiple Spanning Tree Region The AT-GS950/24 switch determines regional boundaries by examining the MSTP BPDUs received on the ports. A port that receives a MSTP BPDU from another bridge with regional information different from its own is considered to be a boundary port and the bridge connected to the port as belonging to another region.
A network can contain any number of regions and a region can contain any number of AT-GS950/24 switches. The AT-GS950/24 switch can belong to only one region at a time. A region can contain any number of VLANs.
Page 341
AT-GS950/24 Web Interface User Guide Each MSTI must have a regional root for locating loops in the instance. MSTIs can share the same regional root or have different roots. A regional root is determined by the MSTI Bridge Priority value and a bridge’s MAC address.
The CIST regional root is set with the CIST Priority parameter. This parameter, which functions similar to the RSTP bridge priority value, selects the root bridge for the entire bridged network. If the AT-GS950/24 switch has the lowest CIST Priority value among all the spanning tree bridges, it functions as the root bridge for all the MSTP regions and STP and RSTP single- instance spanning trees in the network.
BPDU packet. By default, all ports of the AT-GS950/24 switch belong to the CIST instance. So the CIST identification is always included in the BPDU. If the port is also a member of a VLAN that has been assigned to a MSTI, that information is included in the BPDU too.
Appendix A: MSTP Overview Figure 123. CIST and VLAN Guideline - Example 2 When port 3 on switch B receives a BPDU, the switch notes the port sending the packet belongs only to CIST 0. Therefore, switch B uses CIST 0 in determining whether a loop exists. The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0.
AT-GS950/24 Web Interface User Guide VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network.
Appendix A: MSTP Overview Another approach is to configure multiple regions in a subnet and group the VLANs that need to span two or more regions into the same MSTI. If other VLANs also exist that do not span multiple regions, they can be assigned to other MSTIs within their respective region.
A network can contain any number of regions and a region can contain any number of AT-GS950/24 switches. The AT-GS950/24 switch can belong to only one region at a time. A region can contain any number of VLANs.
AT-GS950/24 Default Parameters Table 9 lists the factory default settings for the AT-S109 Version 1.1.0 Management software on the AT-GS950/24 switch. The Parameters reflect the fields found on each web page. Table 9. AT-S109 Version 1.1.0 Management Software Default Settings...
Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting IP address none IPv4 address in xxx.xxx.xxx.xxx hex format; except 127.0.0.1 IP address entries 10 entries 10 entries System/Administration User Name...
Page 351
AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting From January:01:00:00 (Month:Day:HH:MM) January:01:00:00 (Month:Day:HH:MM) DST Offset 1 hr System/SSL Settings SSL Settings Disabled Enabled/Disabled System/DHCP Auto Configuration Settings Auto Configuration...
Page 352
Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Port All, 1 - 24 Trunk Type 1000TX Down Up/Down Link Status Enabled Enabled/Disabled Admin Status Mode Auto Auto/10Half/10Full/100Half/100Full/1000Full Enabled...
AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Maximum MST 1 - 31 Instances Bridge Priority 32768 0 - 61440 Region Name MAC Address of AT-GS950/24 switch Region Revision...
Page 354
Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Hello Time 1 - 9 seconds AutoEdge Status True True/False Restricted Role False True/False Restricted TCN False True/False Port State...
Page 355
AT-GS950/24 Web Interface User Guide Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Port All, 1 - 24 Loopback Detection Disabled Enabled/Disabled State Bridge/Static Unicast 802.1Q VLAN ID 1 - 4000 Port-Based VLAN...
Page 356
Appendix A: AT-GS950/24 Default Parameters Table 9. AT-S109 Version 1.1.0 Management Software Default Settings (Continued) AT-GS950/24 Parameter Specifications Default Setting Storm Control Disabled Enabled/Disabled Multicast Control Status Storm Control High (2500 pps) Threshold Medium (1000 pps) Low (500 pps) @ Packet size = 1518 Bytes...