Download Print this page

Allied Telesis AT-GS950/16PS User Manual

Allied Telesis AT-GS950/16PS User Manual

Gigabit ethernet poe+ switch

Hide thumbs Also See for AT-GS950/16PS:

User manual (86 pages)

,

Installation manual (72 pages)

,

Product information (3 pages)

Table Of Contents

page of 386

/ 386
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

See also: Installation Manual

AT-GS950/16PS Switch Web Interface User's Guide

AT-S112

[1.00.010]

613-001779 Rev A

AT-GS950/16PS

Gigabit Ethernet PoE+ Switch

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the AT-GS950/16PS and is the answer not in the manual?

Questions and answers

Summary of Contents for Allied Telesis AT-GS950/16PS

Page 1 AT-GS950/16PS Gigabit Ethernet PoE+ Switch AT-GS950/16PS Switch Web Interface User’s Guide AT-S112 [1.00.010] 613-001779 Rev A...
Page 2 Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 3: Table Of Contents
List of Figures ..............................9 List of Tables ..............................13 Preface ................................15 Document Conventions..........................16 Allied Telesis Contact Information......................17 Getting Started ..............................19 Chapter 1 : Starting a Web Browser Session ....................21 Establishing a Remote Connection to the Web Browser Interface ............22 Web Browser Tools............................
Page 4 Contents Forwarding Delay and Topology Changes................... 65 Mixed STP and RSTP Networks ......................67 Spanning Tree and VLANs ........................68 Basic STP and RSTP Configuration......................70 Configure RSTP Port Settings........................73 Configure the Basic RSTP Port Settings....................73 Configure the Advanced RSTP Port Settings ..................75 Spanning Tree Topology ..........................
Page 5 AT-GS950/16PS Switch Web Interface User’s Guide Ingress Rate Limiting......................... 143 Egress Rate Limiting ......................... 143 Configuration............................144 Ingress Rate Limiting ..........................146 Egress Rate Limiting ..........................148 Chapter 13 : Virtual LANs ..........................149 VLAN Overview............................150 Port-based VLAN Overview....................... 151 Tagged VLAN Overview ........................
Page 6 Contents Overview..............................202 SNMPv3 Authentication Protocols .....................202 SNMPv3 Privacy Protocol ........................203 SNMPv3 MIB Views ...........................203 SNMPv3 Configuration Process......................204 SNMPv3 User and Group Names ......................206 Creating SNMPv3 User and Group Names ..................206 Modifying SNMPv3 User and Group Names..................207 Deleting SNMPv3 User and Group Names..................207 SNMPv3 View Names ..........................209 Creating SNMPv3 View Names ......................209 Modifying SNMPv3 View Names .......................211...
Page 7 AT-GS950/16PS Switch Web Interface User’s Guide Overview ..............................258 CoS with Voice VLAN ........................258 Organization Unique Identifier (OUI) ....................258 Dynamic Auto-Detection vs Static Ports .................... 259 General Guidelines ..........................261 Configuration............................262 OUI Setting............................... 265 Create OUI Setting ..........................265 Modify OUI Setting ..........................
Page 8 Multiple Spanning Tree Regions ......................358 MST Region Guidelines ........................360 Common and Internal Spanning Tree (CIST) ..................362 MSTP with STP and RSTP ........................362 Associating VLANs to MSTIs........................363 VLANs Across Different Regions......................365 Summary of Guidelines ..........................367 Appendix B: AT-GS950/16PS Default Parameters ..................369...
Page 9: List Of Figures
Figure 20. STP and VLAN Compatibility with Tagged Ports....................69 Figure 21. Rapid Spanning Tree Configuration Page......................70 Figure 22. AT-GS950/16PS RSTP Basic Port Configuration Page ................... 73 Figure 23. AT-GS950/16PS RSTP Advanced Port Configuration Page................75 Figure 24. AT-GS950/16PS Designated Topology Information Page ................78 Figure 25.
Page 10 Figure 53. AT-GS950/16PS VLAN Port Setting Page ..................... 162 Figure 54. Port-Based VLAN Page ..........................164 Figure 55. Example of AT-GS950/16PS Port Based VLAN Page ................... 165 Figure 56. GVRP Global Configuration Page ........................169 Figure 57. GVRP Port Setting Page ..........................170 Figure 58.
Page 11 Figure 118. Trusted Interfaces Page Example ........................ 299 Figure 119. AT-GS950/16PS Binding Database Page ....................300 Figure 120. Binding Database Page Example......................... 301 Figure 121. AT-GS950/16PS LLDP Global Settings Page ....................305 Figure 122. LLDP Neighbors Information Page....................... 309 Figure 123. Traffic Comparison Page..........................313 Figure 124.
Page 12 Figures...
Page 13: List Of Tables
List of Tables Table 1. Bridge Priority Value Increments ..................63 Table 2. Valid Port Priority Values ....................65 Table 3. Default Mappings Priority Levels to Priority Queues ............177 Table 4. Customized Mappings Priority Levels to Priority Queues ..........177 Table 5.
Page 14 List of Tables...
Page 15: Preface
Preface This guide contains instructions on how to use the AT-S112 Management Software to manage and monitor the AT-GS950/16PS Gigabit Ethernet PoE+ Switch. The AT-S112 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Page 16: Document Conventions
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Page 17: Allied Telesis Contact Information
AT-GS950/16PS Switch Web Interface User’s Guide Allied Telesis Contact Information If you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Services section of the Allied Telesis web site at www.alliedtelesis.com/support. You can find links for...
Page 18 Preface...
Page 19: Getting Started
Section I Getting Started This section contains the following chapters: Chapter 1, “Starting a Web Browser Session” on page 21  Chapter 2, “System Configuration” on page 27 ...
Page 21: Chapter 1 : Starting A Web Browser Session
Starting a Web Browser Session This chapter contains the procedures for starting, using, and quitting a web browser management session on the AT-GS950/16PS switch. This chapter includes the following sections: “Establishing a Remote Connection to the Web Browser Interface” on ...
Page 22: Establishing A Remote Connection To The Web Browser Interface
Chapter 1: Starting a Web Browser Session Establishing a Remote Connection to the Web Browser Interface The AT-GS950/16PS switch is shipped with a pre-assigned IP address of 192.168.1.1. After your initial login, Allied Telesis suggests that you assign a new IP address to your switch. To manually assign an IP address to the switch, refer to “Configuration of IP Address, Subnet Mask and Gateway...
Page 23: Figure 3. At-Gs950/16Ps Switch Information Page
The default user name is “manager” and the default password is “friend.” The login name and password are case-sensitive. 4. Press OK. The AT-GS950/16PS Switch Information page is displayed. See Figure Note To change the user name and password, refer to “User Name and Password Configuration”...
Page 24: Figure 4. Front Panel Page
The AT-S112 Management software displays the front of the switch. Ports are green that have a link to an end node. Ports without a link are grey. The AT-GS950/16PS switch front panel page is shown in Figure 4. Figure 4. Front Panel Page A web browser management session remains active even if you link to other sites.
Page 25: Web Browser Tools
AT-GS950/16PS Switch Web Interface User’s Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s Bookmark feature to...
Page 26: Quitting A Web Browser Management Session
Chapter 1: Starting a Web Browser Session Quitting a Web Browser Management Session To exit a web browser management session, close the web browser.
Page 27: Chapter 2 : System Configuration
Chapter 2 System Configuration This chapter provides procedures to configuring basic system parameters for the AT-GS950/16PS switch and contains information for the following sections: “System Management Information” on page 28  “Configuration of IP Address, Subnet Mask and Gateway Address” on ...
Page 28: System Management Information
Entering this information is optional. Note Allied Telesis recommends that you assign a name to the switch. Naming each switch can help you identify the specific switch you want to manage among others. It can also help to avoid performing a configuration procedure on the wrong switch.
Page 29 AT-GS950/16PS Switch Web Interface User’s Guide System Name - Specifies a name for the switch, for example, Sales. The name is optional and may contain up to 15 characters. System Location - Specifies the location of the switch. The location is optional and may contain up to 30 characters.
Page 30: Configuration Of Ip Address, Subnet Mask And Gateway Address
Chapter 2: System Configuration Configuration of IP Address, Subnet Mask and Gateway Address This procedure explains how to change the IP address, subnet mask, and gateway address of the switch. Before performing the procedure, note the following: A gateway address is only required if you want to ...
Page 31 AT-GS950/16PS Switch Web Interface User’s Guide System Default Gateway - Displays the default gateway of the switch. To change the default gateway, enter a new gateway. When DHCP is enabled, you cannot change this parameter. DHCP Mode - For information about setting this parameter, refer to “DHCP Client Configuration”...
Page 32: Ip Access List Configuration
Chapter 2: System Configuration IP Access List Configuration When the IP Access List feature is enabled, remote access to the AT-S112 management software is restricted to the IP addresses entered into the IP Access List. The procedures in this section describe how to enable or disable the IP Access List feature and how to add or remove IP addresses from the list.
Page 33: Delete An Ip Address List Entry
AT-GS950/16PS Switch Web Interface User’s Guide 5. From the IP Restriction Status field, select one of the following choices from the pull-down menu: Enable - This selection restricts the access to the AT-S112 management software to the IP addresses in the table listed under Accessible IP.
Page 34: User Name And Password Configuration
Chapter 2: System Configuration User Name and Password Configuration Password protection is always enabled for access to the AT-S112 Management software. This section explains how to create new users names and passwords and how to modify or delete existing users for the web interface.
Page 35: Modify User Name And Password
AT-GS950/16PS Switch Web Interface User’s Guide 4. To add a password that corresponds to the user name entered in step 3, enter a password of up to 12 alphanumeric characters in the box next to the Password field. The Password field is case sensitive.
Page 36: Delete User Name And Password
Chapter 2: System Configuration Delete User Name To delete a user name that you have previously added, perform the following procedure. and Password 1. From the main menu on the left side of the page, click the System folder. The System folder expands. 2.
Page 37: User Interface Configuration
The Web Server Status is displayed as Enabled for your information only. The Web Server cannot be disabled. SNMP Interface To enable or disable the AT-GS950/16PS SNMP interface, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder.
Page 38: User Interface Timeout
Chapter 2: System Configuration Note See Chapter 20, “Simple Network Management Protocol SNMPv1 and v2c” on page 263 and Chapter 21, “Simple Network Management Protocol SNMPv3” on page 273 to configure the remaining SNMP parameters. 4. Click Apply located under the Web Server Status Enable/Disable field.
Page 39: System Time
AT-GS950/16PS Switch Web Interface User’s Guide System Time The procedures in this section describe how to configure the system time by manually entering the time or through SNTP and how to configure the daylight savings time feature. See the following sections: “Manually Setting System Time”...
Page 40: Setting Sntp
Chapter 2: System Configuration 4. In the Local Time Settings section, set the Date Setting (YYYY:MM:DD) to the current date in the YYYY:MM:DD format. 5. In the Local Time Settings section, set the Time Settings (HH:MM:SS) to the current time in the HH:MM:SS format. 6.
Page 41: Setting Daylight Savings Parameters
AT-GS950/16PS Switch Web Interface User’s Guide Setting Daylight If you want to configure the switch for daylight savings time, perform the following procedure: Savings Parameters 1. From the main menu on the left side of the page, click the System folder.
Page 42: Ssl Settings
HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted. When operating in this mode, only the AT-GS950/16PS switch and the web browser are able to decipher the packets sent and received between them. Configuring SSL...
Page 43 AT-GS950/16PS Switch Web Interface User’s Guide 4. Click Apply. The SSL setting that you have selected is now active. 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 44: Dhcp And Ati Web Discovery Tool
Chapter 2: System Configuration DHCP and ATI Web Discovery Tool The AT-GS950/16PS Gigabit Ethernet Smart switch is managed through a web browser interface only. The factory default IP address is 192.168.1.1. The switch does not have a local console connector, which means that you cannot learn what the switch’s management IP address is on a web...
Page 45: Dhcp Client Configuration
DHCP Client Configuration This procedure explains how to activate and deactivate the DHCP client on the AT-GS950/16PS switch. When the client is activated, the switch obtains its IP configuration including an IP address and subnet mask from a DHCP server on your network. Before performing the procedure, note the following: By default, the DHCP client is disabled on the switch.
Page 46 DHCP setting (Enabled). The next time the switch boots up, it will use the DHCP process to establish the IP address used to manage the AT-GS950/16PS switch. If you enter a new IP address after disabling DHCP and save your configuration, the DHCP setting (Disabled) and the new IP address on the switch is saved.
Page 47: Dhcp Auto Configuration
AT-GS950/16PS Switch Web Interface User’s Guide DHCP Auto Configuration If you need to automatically update the switch’s configuration files via a remote server, the DHCP Auto Configuration feature is available for this purpose via the DHCP server. Note You must enable the DHCP client so that this feature can operate with the DHCP server.
Page 48: System Information Display
System Information Display The Switch Information page is initially displayed when you first log into the AT-GS950/16PS switch. It provides general information about the switch. To view this information, perform the following procedure: 1. From the main menu on the left side of the page, select Switch Info.
Page 49 AT-GS950/16PS Switch Web Interface User’s Guide Administration Information Section: Switch Name - This parameter displays the name assigned to the switch. To assign the switch a name, refer to “System Management Information” on page 28. Switch Location - This parameter displays the location of the switch.
Page 50: System Log Configuration
Chapter 2: System Configuration System Log Configuration The System log is designed to monitor the operation the AT-GS950/16PS switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.
Page 51 AT-GS950/16PS Switch Web Interface User’s Guide 3. From the Syslog Status field, select one of the following choices from the pull-down menu: Enable - The System log is active. Disable - The System log is inactive. 4. From the Time Stamp field, select one of the following choices from the...
Page 52 Chapter 2: System Configuration...
Page 53: Bridge Configuration
Section II Bridge Configuration This section contains the following chapters: Chapter 3, “Port Configuration” on page 55  Chapter 4, “STP and RSTP” on page 61  Chapter 5, “Multiple Spanning Tree Protocol” on page 79  Chapter 6, “Static Port Trunking” on page 93 ...
Page 55: Chapter 3 : Port Configuration
Chapter 3 Port Configuration This chapter provides a description of the physical characteristics of the ports and a procedure that explains how to view and change the port settings. This chapter includes the following sections: “Overview” on page 56  “Displaying and Configuring Ports”...
Page 56: Overview
Chapter 3: Port Configuration Overview This chapter describes how to display and modify the physical characteristics of an AT-GS950/16PS switch. You can display and modify the settings of all the ports on one web page. The port characteristics that are displayed are: Trunk Group Number ...
Page 57: Displaying And Configuring Ports
However, for information about configuring a trunk, refer to Chapter 6, “Static Port Trunking” on page 93. Type - Indicates the port type. On the AT-GS950/16PS, the port type is 1000TX for 10/100/1000Base-T twisted-pair ports (1 through 14, 15R and 16R) and 100FX or 1000TX for the SFP ports...
Page 58 Chapter 3: Port Configuration (15 and 16) for copper or fiber SFP type. Link Status - This parameter indicates the status of the link between the port and the end node connected to the port. The possible values are: Up -This parameter i Indicates a valid link exists between the port and the end node.
Page 59 AT-GS950/16PS Switch Web Interface User’s Guide settings for the port. You can use this parameter to set the speed and duplex mode of a port. The possible settings are: Ignore -This parameter i Indicates that the All setting does not apply to the Mode field.
Page 60 Chapter 3: Port Configuration notify the end node to stop transmitting for a specified period of time. The possible values are: Ignore - This parameter indicates that the All setting does not apply to the Flow Control field. In other words, each port is set individually.
Page 61: Chapter 4 : Stp And Rstp
Chapter 4 STP and RSTP This chapter provides background information about the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP). In addition, there are procedures to configure STP and RSTP. The sections in the chapter include: “Overview” on page 62 ...
Page 62: Overview
Chapter 4: STP and RSTP Overview The performance of a Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path.
Page 63: Bridge Priority And The Root Bridge
AT-GS950/16PS Switch Web Interface User’s Guide Bridge Priority The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge and the Root distributes network topology information to the other network bridges and...
Page 64: Port Priority
Chapter 4: STP and RSTP Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge and the port through which the bridge is communicating with the root bridge is referred to as the root...
Page 65: Forwarding Delay And Topology Changes
AT-GS950/16PS Switch Web Interface User’s Guide Table 2. Valid Port Priority Values Port Step Priority Forwarding If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This Delay and may trigger a change in the state of some blocked ports.
Page 66 Chapter 4: STP and RSTP The forwarding delay value is adjustable in the AT-S112 Management software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network.
Page 67: Mixed Stp And Rstp Networks
RSTP Networks network can operate together to create a single spanning tree domain. If you decide to activate spanning tree on the switch, Allied Telesis recommends RSTP instead of STP even when all of other switches in the network are running STP. The AT-GS950/16PS switch can combine RSTP with the STP of the other switches.
Page 68: Spanning Tree And Vlans
Chapter 4: STP and RSTP Spanning Tree The spanning tree implementation in the AT-S112 Management software can be a single-instance spanning tree as described in this chapter. If you and VLANs choose to define multiple spanning trees on this switch, go to Chapter 5, “Multiple Spanning Tree Protocol”...
Page 69: Figure 20. Stp And Vlan Compatibility With Tagged Ports
AT-GS950/16PS Switch Web Interface User’s Guide VLAN VLAN VLAN Ports blocked by STP Blocked Data Links VLAN VLAN VLAN Figure 20. STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports, refer to Chapter 13, “VLAN Overview” on page 150.
Page 70: Basic Stp And Rstp Configuration
Chapter 4: STP and RSTP Basic STP and RSTP Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2.
Page 71 AT-GS950/16PS Switch Web Interface User’s Guide The RSTP Configuration page allows you to configure basic STP (STP-Compatible) or RSTP protocols as well as to view current settings of the feature. In the upper portion of the page, you can set the ...
Page 72 Chapter 4: STP and RSTP The following parameters refer to the designated root  bridge. You cannot change these fields. Designated Root - This parameter includes two fields: the root bridge priority and the MAC address of the root bridge. For example, 1000 00C08F1211BB shows the root bridge priority as 1000, and 00C08F1211BB as the MAC address.
Page 73: Configure Rstp Port Settings
Figure 22. AT-GS950/16PS RSTP Basic Port Configuration Page This page displays the following information about the ports: Port - Indicates ports 1 through 16 on the AT-GS950/16PS switch. You can select the All row to apply the same setting to all ports of your switch for the STP Status, Priority, and Path Cost fields.
Page 74 Chapter 4: STP and RSTP sent or received on a the port except for BPDU data. A port with a higher path cost to the root bridge than another on the switch will cause a switching loop and is placed in the blocking state by the Spanning Tree algorithm.
Page 75: Configure The Advanced Rstp Port Settings
The RSTP folder expands. 4. From the RSTP folder, select RSTP Advanced Port folder. The AT-GS950/16PS RSTP Advanced Port Configuration Page is displayed. See Figure 23 on page 75 for a partial view of this page. Figure 23. AT-GS950/16PS RSTP Advanced Port Configuration Page...
Page 76 Chapter 4: STP and RSTP This page displays the following information about the ports: Port - Indicates ports 1 through 16 on the AT-GS950/16PS switch. You can select the All row to apply the same setting to all ports of your switch for the AdminOperEdge, Admin/OperPtoP, and Migration fields.
Page 77 AT-GS950/16PS Switch Web Interface User’s Guide this port receives root path cost information that is greater than the root port's path cost and less than any other port's received information, then this port becomes the designated port. Backup - Any operational Bridge Port that is not a Root or Designated Port is a Backup Port if the Bridge is the Designated Bridge for the attached LAN.
Page 78: Spanning Tree Topology
The following information is displayed about the ports: Port - Indicates ports 1 through 16 on the AT-GS950/16PS switch. Trunk - The trunk of which the port is a member. Link Status - Whether the link on the port is up or down.
Page 79: Chapter 5 : Multiple Spanning Tree Protocol
Chapter 5 Multiple Spanning Tree Protocol This chapter provides the procedures for configuring Multiple Spanning Tree Protocol (MSTP). You can find an overview and configuration guidelines for this feature in “MSTP Overview” on page 349. When you configure MSTP, the information should be entered in order on the following web pages: “Multiple Spanning Tree Configuration”...
Page 80: Multiple Spanning Tree Configuration
Chapter 5: Multiple Spanning Tree Protocol Multiple Spanning Tree Configuration To configure the MSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 81 AT-GS950/16PS Switch Web Interface User’s Guide following parameters: Global MSTP Status - Set this field to Enable or Disable the MSTP feature on the switch. The Global MSTP Status must be set to Enable before the other MSTP configuration parameters can be set.
Page 82 Chapter 5: Multiple Spanning Tree Protocol Forward Delay - The Forward Delay defines the time that the bridge spends in the listening and learning states. Its range is 4 - 30 seconds. Maximum Hop Count - The Maximum Hop Count is a parameter set in a BPDU packet when it originates.
Page 83: Port Configuration
You may choose a port and configure its MSTP parameters on this page. The following information is displayed: Port - Indicates ports 1 through 16 on the AT-GS950/16PS switch. You can select the All row to apply the same setting to all ports of...
Page 84 Chapter 5: Multiple Spanning Tree Protocol ForcedTrue - The port is connected to a network device in the network topology. ForcedFalse - The port is not connected to a network device in the network topology. Auto - The switch will automatically determine the port type. Edge Port - Indicates if a port is connected to an edge device in the network topology or not.
Page 85 AT-GS950/16PS Switch Web Interface User’s Guide Restricted TCN - The Restricted TCN parameter does not allow Topology Change Notification (TCN) BPDUs to be processed on the port. True - The port cannot process receive/transmit TCN BPDUs. False - The port can process receive/transmit TCN BPDU packets.
Page 86: Vlan Mapping
Chapter 5: Multiple Spanning Tree Protocol VLAN Mapping You can create, modify and delete MSTP settings with the procedures in the following sections: ”Open MSTP VLAN Mapping Page”  ”Create VLAN Mapping to MST Instance”.  “Modify MST Instance” on page 87. ...
Page 87: Modify Mst Instance
AT-GS950/16PS Switch Web Interface User’s Guide 5. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify MST If you wish to modify a MST Instance, you must first delete the instance and then redefine it.
Page 88: Port Settings
Chapter 5: Multiple Spanning Tree Protocol Port Settings To configure the MSTP port settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 89 AT-GS950/16PS Switch Web Interface User’s Guide 6. If you choose to change the MSTP port settings for other ports, repeat steps 4 and 5. 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 90: Topology Information
The following information displayed on this page shows the current status of MSTP for each port: Port - Indicates ports 1 through 16 on the AT-GS950/16PS switch. Designated Root - The designated root bridge to which the switch’s root port is actively connected.
Page 91 AT-GS950/16PS Switch Web Interface User’s Guide Regional Root - The root bridge of the MST instance. Regional Root Priority - The priority of the regional root port. Regional Path Cost - The path cost from the regional root port to the regional root bridge.
Page 92 Chapter 5: Multiple Spanning Tree Protocol...
Page 93: Chapter 6 : Static Port Trunking
Chapter 6 Static Port Trunking This chapter contains a description of port trunking and the procedures for creating, modifying, and deleting a static port trunk. The following topics are discussed: “Overview” on page 94  “Create a Port Trunk” on page 97 ...
Page 94: Overview
AT-S112 Management software on the switch automatically groups them together. The example in Figure 30 illustrates a static port trunk of four links between two AT-GS950/16PS switches. Static Trunk Figure 30. Static Port Trunk Example...
Page 95 AT-GS950/16PS Switch Web Interface User’s Guide Network equipment vendors tend to employ different techniques to implement static trunks. Consequently, a static trunk on one device may be incompatible with the same feature on a device from a different manufacturer. For this reason static trunks are typically employed only between devices from the same vendor.
Page 96 Chapter 6: Static Port Trunking A port can belong to only one static trunk at a time.  The ports of a static trunk can be configured to be  members of more than one VLAN. The ports of a static trunk can be either untagged or ...
Page 97: Create A Port Trunk
AT-GS950/16PS Switch Web Interface User’s Guide Create a Port Trunk This procedure explains how to create a static port trunk. Caution Do not connect the cables of a port trunk to the ports on the switch until you have configured the ports on both the switch and the end nodes.
Page 98 Chapter 6: Static Port Trunking A check in a box indicates the port is a member of the trunk. No check means the port is not a member. A port trunk can contain up to eight ports. 5. Change the Trunk Status from Disable to another setting. The choice in the status field are the following: Active - The specific aggregator will broadcast and respond to LACPDU (LACP Data Unit) packets.
Page 99: Modify A Port Trunk
AT-GS950/16PS Switch Web Interface User’s Guide Modify a Port Trunk This procedure explains how to change the status of a port trunk and add or remove ports from a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk.
Page 100 Chapter 6: Static Port Trunking 9. Configure the port trunk on the other switch with the same parameters. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/ 16PS switch and the trunk ports on the other switch.
Page 101: Disable A Port Trunk
AT-GS950/16PS Switch Web Interface User’s Guide Disable a Port Trunk This procedure explains how to disable a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology.
Page 102 Chapter 6: Static Port Trunking...
Page 103: Chapter 7 : Lacp Port Trunks
AT-GS950/16PS Switch Web Interface User’s Guide Chapter 7 LACP Port Trunks This chapter contains overview information about LACP port trunks and the procedures for setting this feature. This chapter contains the following sections: “Overview” on page 104  “System Priority” on page 105 ...
Page 104: Overview
The main component of an LACP trunk is an aggregator which manages a group of ports on the switch. On the AT-GS950/16PS switch, the ports assigned to a trunk group are automatically assigned to an aggregator.
Page 105: System Priority
AT-GS950/16PS Switch Web Interface User’s Guide System Priority It is possible for two devices interconnected by an aggregate trunk to encounter a conflict when they form the trunk. For example, the two devices might not support the same number of active ports in an aggregate trunk or might not agree on which ports are active and which are in standby mode.
Page 106: Port Priority Value
Chapter 7: LACP Port Trunks Port Priority Value The switch uses a port’s LACP priority to determine which ports are active and which are in the standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active ports.
Page 107: General Guidelines
AT-GS950/16PS Switch Web Interface User’s Guide General Guidelines The following guidelines apply when creating aggregators: LACP must be activated on both the AT-GS950/16PS  switch and its partner device. The other device must be 802.3ad-compliant.  The AT-S112 Management software supports up to ...
Page 108 If the number is less than eight, the maximum number for the AT-GS950/16PS switch, you should assign the other vendor’s device a higher system LACP priority than your AT-GS950/16PS switch.
Page 109: Group Status
AT-GS950/16PS Switch Web Interface User’s Guide Group Status To display the LACP Group Status, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands.
Page 110: Configuration Example
Chapter 7: LACP Port Trunks The System Priority is a preassigned value that you cannot alter. This value applies to the switch. See “System Priority” on page 105. The System ID is a MAC address value assigned to the individual switch.
Page 111: Figure 34. Lacp Group Status Page With Three Cables Connected
AT-GS950/16PS Switch Web Interface User’s Guide Figure 34. LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link-Up status.
Page 112: Port Priority Configuration
2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select Port Priority. The AT-GS950/16PS Port Priority Page is displayed. See Figure 35 for a partial view of this page. Figure 35. AT-GS950/16PS Port Priority Page The System Priority is a preassigned value that you cannot alter.
Page 113: Chapter 8 : Port Mirroring
Chapter 8 Port Mirroring This chapter describes the Port Mirroring feature and the procedure for setting up port mirroring. Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port.
Page 114: Overview
Chapter 8: Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic received and transmitted on one or more ports by copying the traffic to another switch port. You can connect a data analyzer to the port where the traffic is copied and monitor the traffic on the other ports without impacting network performance or speed.
Page 115: Port Mirroring Configuration
AT-GS950/16PS Switch Web Interface User’s Guide Port Mirroring Configuration To configure Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring Page is displayed. See Figure 36.
Page 116 Chapter 8: Port Mirroring 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 117: Disable Port Mirroring
AT-GS950/16PS Switch Web Interface User’s Guide Disable Port Mirroring To disable Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring page is shown in Figure 36 on page 115.
Page 118 Chapter 8: Port Mirroring...
Page 119: Chapter 9 : Loopback Protection
Loopback Protection This chapter explains how to configure the Loopback Protection feature for specific ports on the AT-GS950/16PS switch. If the Tx and Rx pairs on the same port are connected, then this feature detects this condition and disables the port for a pre-configured amount of time.
Page 120: Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Loopback Detection. A partial view of the AT-GS950/16PS Loopback Detection Page is displayed. See Figure 37. Figure 37. AT-GS950/16PS Loopback Detection Page 3.
Page 121 Note In the All row when you select Enable or Disable instead of Ignore, the selection applies to all of the AT-GS950/16PS switch ports. 7. Click the Apply button in the Action column of the table. 8. Repeat steps 6 and 7 for other individual port settings.
Page 122: Status
Chapter 9: Loopback Protection Status The status of the Loopback Detection is given in the Loop Status column of the table at the bottom of the Loopback Detection page. See Figure 37 on page 120. The status is one of the following states: Normal: This status indicates that the port does not have the Tx to Rx pairs connected.
Page 123: Chapter 10 : Mac Address Table
Chapter 10 MAC Address Table This chapter provides a description of the static multicast MAC address feature and the procedure for configuring it. This chapter includes the following sections: “Overview” on page 124  “Static Unicast MAC Address Configuration” on page 126 ...
Page 124: Overview
Chapter 10: MAC Address Table Overview The AT-GS950/16PS switch has a MAC address table with a storage capacity of up to 8,000 entries. The table stores the MAC addresses of the network nodes connected to its ports and the port number where each address is learned.
Page 125 AT-GS950/16PS Switch Web Interface User’s Guide predefined ports entered in the MAC table without any configuration delays or loss of data.
Page 126: Static Unicast Mac Address Configuration
Static Unicast MAC Address Configuration This procedure explains how to set the static multicast feature for each port on the AT-GS950/16PS switch. Before beginning this procedure, you must create either an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: “Tagged VLAN Configuration”...
Page 127: Figure 39. Static Unicast Address Table With Port-Base Vlan Example
AT-GS950/16PS Switch Web Interface User’s Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Page 128: Modify Static Unicast Address
Chapter 10: MAC Address Table Modify Static Unicast Address To modify the port assignment of a unicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 129: Delete Static Unicast Address
AT-GS950/16PS Switch Web Interface User’s Guide Delete Static Unicast Address To delete a unicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 130: Static Multicast Address Configuration
Static Multicast Address Configuration This procedure explains how to set the static multicast feature for each port on the AT-GS950/16PS switch. Before beginning this procedure, you must create an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: “Tagged VLAN Configuration”...
Page 131: Figure 42. Static Multicast Address Table Example
AT-GS950/16PS Switch Web Interface User’s Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which is not been defined or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Page 132 Chapter 10: MAC Address Table 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 133: Modify Static Multicast Address
AT-GS950/16PS Switch Web Interface User’s Guide Modify Static Multicast Address To modify the port assignment of a multicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 134: Delete Static Multicast Address
Chapter 10: MAC Address Table Delete Static Multicast Address To delete a multicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 1.
Page 135: Chapter 11 : Igmp Snooping
Chapter 11 IGMP Snooping This chapter contains a description of the IGMP Snooping procedure as well as procedures for working with IGMP Snooping in the web interface. The following topics are discussed: “Overview” on page 136  “IGMP Snooping Configuration” on page 138 ...
Page 136: Overview
Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group. The IGMP snooping feature on the AT-GS950/16PS switch supports IGMP versions 1 and 2. The switch monitors the flow of queries from a router and reports and leave messages from host nodes to build its own multicast membership lists.
Page 137 Such flooding of packets can negatively impact network performance. The AT-GS950/16PS switch maintains a list of multicast groups through an adjustable time out value, which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups, and by processing leave requests.
Page 138: Igmp Snooping Configuration
Chapter 11: IGMP Snooping IGMP Snooping Configuration This procedure explains how to set IGMP snooping and IGMP Snooping Querier on the switch and set the IGMP Snooping (V1) age-out timer. To configure IGMP snooping, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 139: Figure 45. Igmp Snooping Page With Mac Addresses
AT-GS950/16PS Switch Web Interface User’s Guide 9. The IGMP Snooping Page is updated with active Multicast Group address. See Figure 45. Note The Multicast Group Address table contains MAC addresses of nodes that are active members of multicast groups. To set a static Multicast Group Address, see “Static Multicast Address...
Page 140 Chapter 11: IGMP Snooping...
Page 141: Chapter 12 : Storm Control
Chapter 12 Storm Control This chapter contains a description and configuration procedures for the Storm Control (bandwidth) feature. The following topics are discussed: “Overview” on page 142  “Configuration” on page 144  “Ingress Rate Limiting” on page 146  “Egress Rate Limiting”...
Page 142: Overview
Each setting can be configured on individual ports or on all of the ports of the AT-GS950/16PS switch. Traffic is measured in packets per second. See the following definitions for more information about these settings.
Page 143: Ingress Rate Limiting
AT-GS950/16PS Switch Web Interface User’s Guide Ingress Rate The Ingress Rate Limiting feature restricts the traffic to a pre-configured data rate that can flow into a port. This data rate limit can be configured in Limiting 64 Kbps increments within a range from 64 Kbps to 1000 Mbps. The...
Page 144: Configuration
2. From the Bridge folder, select Storm Control. The Storm Control folder expands. 3. From the Storm Control folder, select Storm Control. The AT-GS950/16PS Storm Control page is displayed. See Figure 46 for a partial view of this page. Figure 46. AT-GS950/16PS Storm Control Page 4.
Page 145 AT-GS950/16PS Switch Web Interface User’s Guide Note For more information, see the Broadcast setting definition in“Overview” on page 142. 7. Click Apply. 8. To enable or disable ingress and egress Multicast packets, select Enable or Disable from the Multicast pull-down menu next to the port that you want to change.
Page 146: Ingress Rate Limiting
The AT-GS950/16PS Ingress Rate Limiting page is displayed. See Figure 47 for a partial view of this page. Figure 47. AT-GS950/16PS Ingress Rate Limiting Page 4. To set the Bandwidth field on the AT-GS950/16PS switch, enter a number in the range from 1 to 15625. Note See “Ingress Rate Limiting”...
Page 147 AT-GS950/16PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 148: Egress Rate Limiting
Chapter 12: Storm Control Egress Rate Limiting This procedure explains how to set Bandwidth levels and Status for Egress Rate Limiting on each port of the AT-GS950/16PS switch. To change the settings of the egress rate limiting feature, perform the following procedure: 1.
Page 149: Chapter 13 : Virtual Lans
Chapter 13 Virtual LANs This chapter contains a description of Virtual Local Area Networks (VLANs) and the procedures for creating, modifying, and deleting both port-based and tagged VLANs. This chapter contains the following sections: “VLAN Overview” on page 150  “Assign Ports to a VLAN Mode”...
Page 150: Vlan Overview
Chapter 13: Virtual LANs VLAN Overview A virtual LAN or VLAN is a group of ports on an Ethernet switch that form a logical Ethernet segment via the AT-S112 Management software. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN.
Page 151: Port-Based Vlan Overview
Sales, Production, and Engineering. VLAN Index You must assign a unique number to each VLAN in a network. This number is called the Port-Based VLAN Index. This number uniquely identifies a VLAN in the AT-GS950/16PS switch and across the network.
Page 152: Tagged Vlan Overview
Chapter 13: Virtual LANs Each port of a port-based VLAN can belong to as many VLANs as needed. Therefore, traffic can be forwarded to the members of the groups to which the port is assigned. For example, port 1 and port 2 are members of group 1 and ports 1 and 3 are members of group 2.
Page 153 You must assign a unique number to each tagged VLAN in a network. This number is called the tagged VLAN ID. This number uniquely identifies a tagged VLAN in the AT-GS950/16PS switch and across the network. VLAN Name To create a tagged VLAN, you must give it a unique name. This name can reflect the function of the network devices that are VLAN members, such as Sales, Production, and Engineering.
Page 154: General Rules For Creating A Tagged Vlan
VLAN on the different switches must be assigned the same VLAN ID. A tagged port can be a member of multiple VLANs.  The AT-GS950/16PS Gigabit Ethernet Smart Switch  can support up to 255 tagged VLANs per switch.
Page 155: Assign Ports To A Vlan Mode
AT-GS950/16PS Switch Web Interface User’s Guide Assign Ports to a VLAN Mode The procedure described in this section allows you to assign ports to tagged or a port-based VLAN. In addition, it permits you to display the current VLAN assignment of ports.
Page 156 Chapter 13: Virtual LANs 5. Click Apply. 6. If you want to restore the port assignment before saving the configuration, click Restore. Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration, the Restore button will not be active for those port assignments.
Page 157: Tagged Vlan Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Tagged VLAN. The AT-GS950/16PS Tagged VLAN Page is displayed. See Figure 50. Figure 50. AT-GS950/16PS Tagged VLAN Page...
Page 158: Modify A Tagged Vlan
Chapter 13: Virtual LANs 4. To assign a VLAN ID, type a VLAN ID in the VLAN ID field. The range for this field is 2 to 4,000. You can create a maximum of 255 tagged VLANs. 5. To assign a name to the VLAN, type a unique name in the VLAN Name field.
Page 159: Figure 51. Example Of At-Gs950/16Ps Tagged Vlan Page
An example of a tagged VLAN (Index 2, Sales VLAN) is shown in the table at the bottom of Figure 51 on page 159. Figure 51. Example of AT-GS950/16PS Tagged VLAN Page 4. In the VLAN Action column, click Modify in the row of the VLAN that you want to change.
Page 160: Delete A Tagged Vlan
Chapter 13: Virtual LANs 5. You cannot modify the VLAN ID on this web page. If you want to delete the VLAN ID, go to “Delete a Tagged VLAN” on page 160 for more information. 6. To change the VLAN Name, type a new VLAN Name in the VLAN Name field.
Page 161 AT-GS950/16PS Switch Web Interface User’s Guide 3. From the VLAN folder, select Tagged VLAN. An example of the Tagged VLAN Page is shown in Figure 52 on page 159. 4. In the VLAN Action column, select Delete next to the VLAN that you want to delete.
Page 162: Tagged Vlan Port Settings
2. From the Bridge folder, select VLAN. The VLAN folder expands. From the VLAN folder, select Port Setting. A partial view of the AT-GS950/16PS VLAN Port Settings is displayed. See Figure 53. Figure 53. AT-GS950/16PS VLAN Port Setting Page 3. For a selected port, set the PVID field to an existing VLAN ID. For an explanation of the PVID parameter, see the Port VLAN Identifier section in “VLAN Overview”...
Page 163 AT-GS950/16PS Switch Web Interface User’s Guide Disable - This disables Ingress Filtering at the selected port. 6. Click Apply. The port configuration becomes effective. 7. If you need to configure other ports of the switch for the VLAN Port Settings, repeat steps 4 through 7.
Page 164: Port-Based Vlan Configuration
Chapter 13: Virtual LANs Port-Based VLAN Configuration A port-based VLAN is a group of ports on the switch that form a logical Ethernet segment. This type of VLAN is independent of the header information including VLAN tags in a frame. You can create and delete Port-Based VLANs by following the procedures in the following sections: “Create a Port-Based VLAN”...
Page 165: Modify A Port-Based Vlan
3. From the VLAN folder, select Port-Based VLAN. An example VLAN (Index 2, Sales VLAN) is shown in the table at the bottom of AT-GS950/16PS Port-Based VLAN page. See Figure 55. Figure 55. Example of AT-GS950/16PS Port Based VLAN Page 4.
Page 166 Chapter 13: Virtual LANs 3. From the VLAN folder, select Port-Based VLAN. The Port-Based VLAN Page is shown in Figure 54 on page 164. 4. In the VLAN Action column, click Delete next to the VLAN that you want to delete. A confirmation prompt is displayed.
Page 167: Chapter 14 : Gvrp
Chapter 14 GVRP This chapter contains the following sections: “Overview and Guidelines” on page 168  “General Configuration” on page 169  “Port Settings” on page 170  “Time Settings” on page 172 ...
Page 168: Overview And Guidelines
The default port setting on the switch for GVRP is  active, meaning that the ports participate in GVRP. Allied Telesis recommends disabling GVRP on those ports that are connected to GVRP-inactive devices, meaning devices that do not feature GVRP.
Page 169: General Configuration
AT-GS950/16PS Switch Web Interface User’s Guide General Configuration Perform the following procedure to enable or disable GVRP: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP.
Page 170: Port Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Port Setting. A partial view of the AT-GS950/16PS Port Settings Page is displayed. See Figure 57. Figure 57. GVRP Port Setting Page 4. The following fields are listed for each port: Port - This parameter displays the ports on the switch.
Page 171 AT-GS950/16PS Switch Web Interface User’s Guide port row selected. Disable - The Restricted VLAN Registration is de-active for the port row selected. 5. Once you have configured the parameters, click Apply for the affected port. 6. If you want to configure GVRP for other ports, repeat steps 4 and 5.
Page 172: Time Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Time Setting. A partial view of the AT-GS950/16PS GVRP Time Setting Page is displayed. See Figure 58. Figure 58. AT-GS950/16PS GVRP Time Setting Page...
Page 173 AT-GS950/16PS Switch Web Interface User’s Guide GarpLeaveAllTime - This parameter is the GARP Leave Timer.Its range si 30 - 2147483630 milli-seconds. This timer must be set in relation to the GVRP Leave Timer according to the following equation: GARPLeaveAllTimer > (GARPLeaveTimer + 10)
Page 174 Chapter 14: GVRP...
Page 175: Chapter 15 : Quality Of Service And Cost Of Service
Chapter 15 Quality of Service and Cost of Service This chapter provides descriptions of both the Quality of Service (QoS) and Cost of Service (CoS) features. The following topics are covered: “Overview” on page 176  “Associate Ports to CoS Priorities” on page 182 ...
Page 176: Chapter 15 Overview
Chapter 15: Quality of Service and Cost of Service Overview When a port on an Ethernet switch becomes oversubscribed, its egress queues contain more packets than the port can handle in a timely manner. In this situation, the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
Page 177: Egress Queue Vs Packet Priority Mapping
AT-GS950/16PS Switch Web Interface User’s Guide Egress Queue vs Each port has four egress queues, labeled Q0, Q1, Q2, and Q3. Q0 is the lowest priority queue and Q3 is the highest. A packet in a high priority Packet Priority...
Page 178: Prioritizing Untagged Packets
However, the Untagged Packets AT-GS950/16PS switch has a priority associated with each individual ingress port. By default, each port’s priority is 0. You can redefine this parameter as described in “Associate Ports to CoS Priorities” on page 182.
Page 179: Table 5. Example Of Weighted Round Robin Priority
AT-GS950/16PS Switch Web Interface User’s Guide The problem with this method is that some low priority packets might never be transmitted from the switch because the algorithm might never have time to process the packets waiting in the lower priority queues.
Page 180: Mapping Cos Priorities To Egress Queues
Chapter 15: Quality of Service and Cost of Service Mapping CoS Priorities to Egress Queues Before mapping the CoS priorities and the egress queues, you must disable the Jumbo frame parameter on each port. See the Jumbo parameter definition in “Displaying and Configuring Ports” on page 57. Note When Jumbo frames are enabled, COS can not be enabled.
Page 181 AT-GS950/16PS Switch Web Interface User’s Guide 4. For each Traffic Class whose queue you want to change, click on the Queue (0, 1, 2, or 3) radio button that applies to your configuration. 5. After you have completed this mapping process, select Enable in the QoS Status field, 6.
Page 182: Associate Ports To Cos Priorities
2. From the Bridge folder, select QoS. The QoS folder expands. 3. From the QoS folder, select Port Priority. The AT-GS950/16PS Port Priority Page page is displayed. See Figure 60 for a partial view of this page. Figure 60. AT-GS950/16PS Port Priority Page 4.
Page 183: Associate Dscp Classes To Egress Queues
AT-GS950/16PS Switch Web Interface User’s Guide Associate DSCP Classes to Egress Queues If you choose to use the DSCP tags in your Access Control policy configuration, each DSCP value (0-63) that is relevant to your configuration needs to be mapped to one of the four egress queues (0-3).
Page 184 Chapter 15: Quality of Service and Cost of Service 5. After you have completed this mapping process, click Apply. 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 185: Queue Scheduling Algorithm
AT-GS950/16PS Switch Web Interface User’s Guide Queue Scheduling Algorithm To change the scheduling algorithm for the egress queues, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 186 Chapter 15: Quality of Service and Cost of Service...
Page 187: Advanced Features
Section III Advanced Features This section contains the following chapters: Chapter 16, “SNMPv1 and v2c” on page 189  Chapter 17, “SNMPv3” on page 201  Chapter 18, “Access Control Configuration” on page 217  Chapter 19, “RMON” on page 245 ...
Page 189: Chapter 16 : Snmpv1 And V2C
Chapter 16 SNMPv1 and v2c This chapter contains a description of SNMPv1 and SNMPv2c and the procedures for configuring with these protocols. This chapter contains the following sections: “SNMPv1 and SNMPv2c Overview” on page 190  “Trap Receiver Attributes” on page 191 ...
Page 190: Snmpv1 And Snmpv2C Overview
In the SNMPv1 and SNMPv2c protocols, the terms agent and manager may be used. An agent is software which runs on managed equipment such as the AT-GS950/16PS switch. A manager is a workstation or server that runs the SNMP Network Management System (NMS) software.
Page 191: Trap Receiver Attributes
AT-GS950/16PS Switch Web Interface User’s Guide Trap Receiver Attributes A trap is a message sent by the agent to one or more managers to indicate the occurrence of a particular event on the device. There are numerous events that can trigger a trap. For instance, when the switch reboots or when the Spanning Tree Root Bridge changes.
Page 192: Activate Snmp Interface
Chapter 16: SNMPv1 and v2c Activate SNMP Interface The SNMP interface is activated by default. If you want to de-activate it or re-activate it, go to “User Interface Configuration” on page 37.
Page 193: Snmpv1 And Snmpv2C User And Group Names
AT-GS950/16PS Switch Web Interface User’s Guide SNMPv1 and SNMPv2c User and Group Names SNMPv1 and SNMPv2c User Name and Group Name definitions is the basis for creating SNMP communities. Use the following sections to create and delete User and Group Names: “Create User and Group Names”...
Page 194: Modify User And Group Names
Chapter 16: SNMPv1 and v2c Note If you choose to use the default User and Group Names (ReadOnly and ReadWrite) that are already displayed in the table, proceed to step 7 below. 3. Type a new User Name. Enter a name up to 31 characters in length. 4.
Page 195: Delete User And Group Names
AT-GS950/16PS Switch Web Interface User’s Guide To create a new entry in this table, see “Create User and Group Names” on page 193. Delete User and This procedure explains how to delete an entry on the SNMP User/Group page. Group Names 1.
Page 196: Snmp Community Strings
Chapter 16: SNMPv1 and v2c SNMP Community Strings A community string has attributes for controlling who can use the string and what the string will allow a network management station to do on the switch. The AT-S112 Management Software does not provide any default community strings.
Page 197: Modify Snmp Community Strings
AT-GS950/16PS Switch Web Interface User’s Guide 5. Click Add. The values of the new Community Name and User Name are displayed. See Figure 66 for an example. Figure 66. SNMP Community Table Page Example 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 198: Snmp Traps
Chapter 16: SNMPv1 and v2c SNMP Traps A Host IP address is used to specify a management device that needs to receive SNMP traps sent by the switch. This IP address is associated with the SNMP Version and a valid Community Name in the Host table of the switch.
Page 199: Modify A Trap Host Table Entry
AT-GS950/16PS Switch Web Interface User’s Guide Note The Community Name must correlate with one of the communities displayed on the SNMP Community Table page. See “SNMP Community Strings” on page 196. If you enter a Community Name that has not been pre-defined, the Trap Host entry is displayed, but agent/manager communication fails.
Page 200 Chapter 16: SNMPv1 and v2c 4. To delete an entry in the host table, click Delete next to the entry in the table that you want to remove. The Host table entry is removed from the table. No confirmation message is displayed. 5.
Page 201: Chapter 17 : Snmpv3
Chapter 17 SNMPv3 This chapter contains a description of SNMPv3 and the procedures for configuring this protocol. This chapter contains the following sections: “Overview” on page 202  “SNMPv3 User and Group Names” on page 206  “SNMPv3 View Names” on page 209 ...
Page 202: Overview
Chapter 17: SNMPv3 Overview The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 16 on page 189. In SNMPv3, User-based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a secure SNMP environment.
Page 203: Snmpv3 Privacy Protocol
AT-GS950/16PS Switch Web Interface User’s Guide this configuration for someone with super-user capabilities. SNMPv3 Privacy After you have configured an authentication protocol, you have the option of assigning a privacy protocol if you have the encrypted version of the Protocol AT-S112 Management software.
Page 204: Snmpv3 Configuration Process
Chapter 17: SNMPv3 In addition, you can define a MIB view that the user can access or a MIB view that the user cannot access. When you want to permit a user to access a MIB view, you include a particular view. When you want to deny a user access to a MIB view, you exclude a particular view.
Page 205: Figure 70. Snmpv3 Table Relationships
AT-GS950/16PS Switch Web Interface User’s Guide 5. Finally, the traps can be defined on the Trap Management page based on the Community or User Name. See Figure 70 for an illustration of how the user configuration tables are linked. Figure 70. SNMPv3 Table Relationships...
Page 206: Snmpv3 User And Group Names
Chapter 17: SNMPv3 SNMPv3 User and Group Names An SNMPv3 User Name and Group Name definition is the basis for all the other SNMPv3 tables. You can create and delete View Names by following the procedures in the following sections: “Creating SNMPv3 User and Group Names”...
Page 207: Modifying Snmpv3 User And Group Names
AT-GS950/16PS Switch Web Interface User’s Guide 8. Enter the password for the Auth-Protocol. 9. Select one of the following choices for the Priv-Protocol field: DES: Specifies DES encryption scrambles the SNMP data so that outside observers are prevented from seeing the data content.
Page 208 Chapter 17: SNMPv3 folder. The SNMP folder expands. 2. From the SNMP folder, select SNMP User/Group. The SNMP User/Group Page is displayed. See Figure 63 on page 193. 3. In the Action column of the table, click Delete for the User Name and Group Name that you want to remove.
Page 209: Snmpv3 View Names
AT-GS950/16PS Switch Web Interface User’s Guide SNMPv3 View Names The SNMPv3 View names are defined in the SNMP Group Access table and are based on the User and Group Names.You can create and delete View Names with the following procedures: “Creating SNMPv3 View Names”...
Page 210: Figure 73. Snmp Group Access Table Example For Snmpv3
Chapter 17: SNMPv3 This name is an optional field. It can be up to 31 characters in length. 5. Enter the Write View Name. This name is an optional field. It can be up to 31 characters in length. 6. Enter the Notify View Name. This name is an optional field.
Page 211: Modifying Snmpv3 View Names
AT-GS950/16PS Switch Web Interface User’s Guide Modifying If you need to modify an entry in the SNMP Group Access page, you must first delete the entry and then re-enter it. For information about how to SNMPv3 View delete an entry in this table, see “Deleting SNMPv3 View Names” on Names page 211.
Page 212: Snmpv3 View Table
Chapter 17: SNMPv3 SNMPv3 View Table The SNMPv3 View table specifies the MIB object access criteria for each View Name. If the View Name is not specified on this page, then it has access to all MIB objects. You can specify specific areas of the MIB that can be accessed or denied based on the entries in this table.
Page 213: Modifying Snmpv3 View Table Entries
AT-GS950/16PS Switch Web Interface User’s Guide Included: This selection allows the specified MIB object to be included in the view. Excluded: This selection blocks the view of the specified MIB object. 7. Click the Add button. The updated view is displayed in the View Table. See Figure 75.
Page 214 Chapter 17: SNMPv3 3. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 215: Snmpv3 Traps
AT-GS950/16PS Switch Web Interface User’s Guide SNMPv3 Traps The creation, modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1/v2. See “SNMP Traps” on page 198.
Page 216 Chapter 17: SNMPv3...
Page 217: Chapter 18 : Access Control Configuration
Chapter 18 Access Control Configuration This chapter contains a description of the AT-GS950/16PS switch’s Access Control Configuration feature and the procedures to create, modify, and delete a Access Control configuration. This chapter contains the following sectio “Overview” on page 218 ...
Page 218: Overview
Chapter 18: Access Control Configuration Overview Access Control configuration allows you to control different aspects of the Ethernet traffic as it enters the switch ports and is process through the switch. You can specify what traffic is permitted or denied to flow through the switch by setting up specific filter criteria at an ingress port.
Page 219: Classifier
AT-GS950/16PS Switch Web Interface User’s Guide Classifier The Create Classifier page allows you to specify packet settings for filtering Ethernet traffic. You can create, modify or delete a Classifier by following the procedures in the following sections: “Creating a Classifier,” next ...
Page 220 Chapter 18: Access Control Configuration 3. Enter a number in the Classifier Index field. The Classifier Index must be a unique number within the range of 1 - 65535 Note The Classifier Index is a required parameter when you create a Policy.
Page 221: Modifying A Classifier
AT-GS950/16PS Switch Web Interface User’s Guide 5. Click ADD. The classifier entry is displayed in the table at the bottom of the page. If you do not see you new entry, you may need to navigate to another page of the table with the First Page, Previous Page, Next Page, and Last Page buttons located below the table.
Page 222: Deleting A Classifier
Chapter 18: Access Control Configuration 2. From the Access Control Config folder, select Classifier. An example of a classifier table entry on the Create Classifier page is displayed in Figure 77. 3. From the Create Classifier page, identify which classifier that want to modify and click the Modify link in the Action column.
Page 223 AT-GS950/16PS Switch Web Interface User’s Guide 2. From the Access Control Config folder, select Classifier. The Example of Create Classifier page is displayed in Figure 77 on page 221. 3. From the Create Classifier page, identify which classifier table entry that want to delete and click the Delete link in the Action column.
Page 224: Profile Action
Chapter 18: Access Control Configuration Profile Action The Create Profile Action page defines the priority parameters for policing on DSCP (layer 3) and/or class of service (layer 2). Note You must enter a Profile Index on this page even if you do not define the Policed-DHCP and Policed-CoS parameters because the Profile Index is a required parameter for creating both the In-Profile and Out-Profile Actions.
Page 225: Modifying Profile Action
AT-GS950/16PS Switch Web Interface User’s Guide 3. Enter a number in the Profile Action Index field. The Index must be a unique number ranging from 1 to 72. 4. Enter a number in the Policed DSCP field within the range of 0 to 63.
Page 226: Deleting A Profile Action
Chapter 18: Access Control Configuration 2. From the Access Control Config folder, select Profile Action. An example of the Create Profile Action page with a Profile Action table entry is shown in Figure 79 on page 224. 3. Select the table entry that you want to modify and click the Modify link in the Action column.
Page 227: In-Profile Action
AT-GS950/16PS Switch Web Interface User’s Guide In-Profile Action The Create In-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege for packets in the ingress queue. Note A Profile Action Index is required to create an In-Profile Action.
Page 228: Figure 83. Example Of In-Profile Action Entry
Chapter 18: Access Control Configuration Note The In-Profile Action Index is a required parameter when you create a Policy. See “Create Policy” on page 238 for more information. 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory.
Page 229: Modifying An In-Profile Action
AT-GS950/16PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modifying an In- To modify a In-Profile action entry, perform the following procedure:...
Page 230: Deleting An In-Profile Action
Chapter 18: Access Control Configuration Deleting an In- To delete a In-Profile action entry, perform the following procedure: Profile Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
Page 231: Out-Profile Action
AT-GS950/16PS Switch Web Interface User’s Guide Out-Profile Action The Create Out-Profile Action page allows you to specify a Profile Action’s Permit or Deny privilege and bandwidth restrictions for packets in the egress queue. You can create, modify or delete an Out-Profile Action by following the procedures in the following sections: “Creating a Out-Profile Action,”...
Page 232: Figure 86. Example Of Out-Profile Action Entry
Chapter 18: Access Control Configuration 4. Enter a number in the Profile Action ID field ranging from 0 to 72. This field is mandatory. Note This field must be pre-defined on the Create Profile page - see “Creating a Profile Action” on page 224 for more information. 5.
Page 233: Modify Out-Profile Action
AT-GS950/16PS Switch Web Interface User’s Guide 7. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Out- To modify a Out-Profile action entry, perform the following procedure:...
Page 234: Delete Out-Profile Action
Chapter 18: Access Control Configuration Delete Out- To delete a Out-Profile action entry, perform the following procedure: Profile Action 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands. 2.
Page 235: Port List
AT-GS950/16PS Switch Web Interface User’s Guide Port List The Create Port List page allows you to specify a list of ports that will be used as part of the policy specification. You can create, modify or delete a Port List by following the procedures in the following sections: “Create Port List,”...
Page 236: Modify Port List
Chapter 18: Access Control Configuration 6. Click Add. The Out-Profile Action entry is added to the status table. If the Page field located below the table displays a page number and you do not see your new entry, then there are multiple pages of the table that you can navigate.
Page 237: Delete Port List
AT-GS950/16PS Switch Web Interface User’s Guide 4. Change the parameters as required. Note See “Create Port List” on page 235 for the definitions of each parameters. 5. Click Apply. The modified Port List entry is displayed in the table at the bottom of the page of the Create Port List page.
Page 238: Policy
Chapter 18: Access Control Configuration Policy The Create Policy page allows you to specify the filtering criteria for one policy. Before creating a policy, you must pre-define the following indexes: Classifier Index: See “Creating a Classifier” on page 219 for more information.
Page 239 AT-GS950/16PS Switch Web Interface User’s Guide 3. Enter a number in the Policy Index field. The Policy Index is a unique number within the range of 1 - 65535 which identifies the policy. This field is mandatory. 4. Enter data in the remaining parameters. All parameters listed below...
Page 240: Modify Policy
Chapter 18: Access Control Configuration Figure 92. Example of Policy Entry 6. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify Policy To modify a Policy entry, perform the following procedure: Note Before you can modify an entry, you must first enter a Policy - see “Create Policy”...
Page 241: Delete Policy
AT-GS950/16PS Switch Web Interface User’s Guide Figure 93. Modify Policy Page 4. Change the parameters as required. Note See “Create Policy” on page 238 for the definitions of each parameters. 5. Click Apply. The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page.
Page 242 Chapter 18: Access Control Configuration Control Config folder. The Access Control Config folder expands. 2. From the Access Control Config folder, select Policy. An example of the Create Policy page with a Policy table entry is shown in Figure 92 on page 240. 3.
Page 243: Policy Sequence Status
AT-GS950/16PS Switch Web Interface User’s Guide Policy Sequence Status The Policy Sequence page displays the status of the order that policies are applied to each port. You can order the display by Policy Index or by Policy Sequence number. To display the policy sequence, perform the following procedure: 1.
Page 244 Chapter 18: Access Control Configuration...
Page 245: Chapter 19 : Rmon
Chapter 19 RMON This chapter contains the following sections: “Overview” on page 246  “Enable and Disable RMON” on page 247  “Port Statistics” on page 248  “Histories” on page 250  “Events” on page 252  “Alarms” on page 254 ...
Page 246: Overview
Chapter 19: RMON Overview The RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch supports the four RMON MIB groups listed here: Statistic group— This group is used to view port ...
Page 247: Enable And Disable Rmon
AT-GS950/16PS Switch Web Interface User’s Guide Enable and Disable RMON You can use your SNMP Network Management System (NMS) software and the RMON section of the MIB tree to view the RMON statistics, history and alarms associated with specific ports. Since RMON uses the SNMP agent for communicating with your NMS software, the SNMP Agent must be enabled and the SNMP feature must be configured on your switch.
Page 248: Port Statistics
Chapter 19: RMON Port Statistics You can remotely view individual port statistics with RMON by using your SNMP NMS software and the RMON portion of the MIB tree. Perform the following procedure to configure RMON port statistics for a specific port: 1.
Page 249: Figure 98. Ethernet Statistics Configuration Example
AT-GS950/16PS Switch Web Interface User’s Guide Figure 98. Ethernet Statistics Configuration Example 5. If you want to configure RMON statistics for other ports, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save...
Page 250: Histories
Chapter 19: RMON Histories RMON histories are snapshots of port statistics. They are taken by the switch at predefined intervals and can be used to identify trends or patterns in the numbers or types of ingress packets on the ports on the switch.
Page 251: Figure 100. History Control Configuration Example Page
AT-GS950/16PS Switch Web Interface User’s Guide snapshot of RMON statistics. Different ports can have different numbers of buckets. The range is 1 to 50 buckets. Interval: This parameter specifies how frequently the switch takes snapshots of the port’s statistics. The range is 1 to 3600 seconds (1 hour).
Page 252: Events
Chapter 19: RMON Events An event specifies the action of the switch when the ingress packet activity on a port crosses a statistical threshold defined in an alarm. The choices are to log a message in the event log of the switch, send an SNMP trap to an SNMP workstation, or both.
Page 253: Figure 102. Rmon Event Configuration Example Page
AT-GS950/16PS Switch Web Interface User’s Guide Owner: This parameter is used to identify the person who created an entry. It is primarily intended for switches that are managed by more than one person, and is an optional field. 4. Once you have configured the parameters, click Add.
Page 254: Alarms
Chapter 19: RMON Alarms RMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below specified threshold values. The alert messages can take the form of messages that are entered in the event log on the switch or traps that are send to your SNMP NMS software or both.
Page 255: Figure 103. Rmon Alarm Configuration Page
AT-GS950/16PS Switch Web Interface User’s Guide 2. From the RMON folder, select Alarm. The RMON Alarm Configuration Page is displayed. See Figure 103. Figure 103. RMON Alarm Configuration Page 3. The following fields are listed: Index: This parameter specifies the ID number of the new group. The range is 1 to 65535.
Page 256: Figure 104. Rmon Alarm Configuration Example Page (To Be Provided)
Chapter 19: RMON Falling Threshold: This parameter specifies a specific value or threshold level of the monitored statistic. When the value of the monitored statistic becomes less than this threshold level, an alarm event is triggered. The parameter’s range is 1 to 2147483647. Rising Event Index: This parameter specifies the event index for the rising threshold.
Page 257: Chapter 20 : Voice Vlan
Chapter 20 Voice VLAN This chapter contains a description of the AT-GS950/16PS switch’s Voice VLAN feature and the procedures to create, modify, and delete a voice VLAN configuration. This chapter contains the following sections: “Overview” on page 258  “General Guidelines” on page 261 ...
Page 258: Overview
CoS with Voice The Voice VLAN CoS parameter maintains the voice quality between the ingress and egress ports of the AT-GS950/16PS switch. CoS must be VLAN enabled for the Voice VLAN CoS priority to take effect. The CoS priority level that you configure is applied to voice traffic on all ports of the voice VLAN.
Page 259: Dynamic Auto-Detection Vs Static Ports
802.1Q packets with imbedded VLAN ID tags. You must manually configure your IP phone(s) for the same VLAN ID as the AT-GS950/16PS switch’s voice VLAN ID. When voice data is detected on one of the “Not Member” ports, the packets from the IP phone will contain the voice VLAN ID so they are switched within the AT-GS950/16PS switch’s voice VLAN.
Page 260 IP phone that is VLAN aware should be manually configured for the VLAN ID that matches your AT-GS950/16PS voice VLAN ID. Each of the AT-GS950/16PS voice VLAN ports connected to an IP phone should be configured as “Not Member” ports of the tagged VLAN.
Page 261: General Guidelines
AT-GS950/16PS Switch Web Interface User’s Guide General Guidelines Here is a summary of the rules to observe when you create a voice VLAN: One voice VLAN can be configured on the switch at  any time. A voice VLAN is based on a pre-defined tagged VLAN.
Page 262: Configuration
The Voice VLAN folder expands. 3. From the Voice VLAN folder, select Voice VLAN Settings. The AT-GS950/16PS Voice VLAN Setting Page is displayed. See Figure 105 for a partial view of this page. Figure 105. AT-GS950/16PS Voice VLAN Setting Page...
Page 263 AT-GS950/16PS Switch Web Interface User’s Guide 4. From the Voice VLAN field at the top of the page, select one of the following choices from the pull-down menu: Enable - The voice VLAN feature is active. The other parameter fields in the voice VLAN Global Settings section become active and are eligible for data to be entered.
Page 264 Chapter 20: Voice VLAN Note The voice VLAN Auto-Detection feature can only be enabled on “Not Member” ports of the voice VLAN. Member ports cannot have the voice VLAN Auto-Detection feature enabled. The Status column displays Static for the member ports. See “Dynamic Auto-Detection vs Static Ports”...
Page 265: Oui Setting
AT-GS950/16PS Switch Web Interface User’s Guide OUI Setting You can create and delete Voice VLAN OUI Settings by following the procedures in these sections: “Create OUI Setting”  “Modify OUI Setting” on page 266  Create OUI To create a Voice OUI configuration, perform the following procedure: Setting 1.
Page 266: Modify Oui Setting
Chapter 20: Voice VLAN 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes. Modify OUI To modify or delete an OUI, it must be first be deleted and then re-entered by following the procedure in “Create OUI Setting”...
Page 267: Chapter 21 : Security
Chapter 21 Security This chapter contains information about the Port-based security features and the procedures for setting this feature. This chapter includes the following sections: “Port Access Control” on page 268  “RADIUS Client” on page 273  “Dial-in User— Local Authentication” on page 276 ...
Page 268: Port Access Control
Chapter 21: Security Port Access Control This section contains information and configuration procedures for the Port-based Access Control. The following information is provided: “Overview” on page 268  “Port Access Control Configuration” on page 269  Note After configuring the Port-based Network Access Control, you can choose to use either the local authentication server in the AT-S112 for 802.1x authentication or a remote RADIUS server for 802.1x authentication.
Page 269: Port Access Control Configuration
AT-GS950/16PS Switch Web Interface User’s Guide Port Access To configure port-based access control, perform the following procedure: Control 1. Select the Security folder from the main menu on the left side of the Configuration page. The Security folder expands. 2. From the Security folder, select Port Access Control. The Port Access Control Configuration Page is displayed.
Page 270: Figure 108. Expanded Port Access Control Configuration Page
Chapter 21: Security 5. To set the advanced configuration parameters, click Settings. The Port Access Control Configure page is expanded. See Figure 108. Figure 108. Expanded Port Access Control Configuration Page 6. Set the following parameters as needed: Port: This parameter specifies the port being configured for authentication.
Page 271 AT-GS950/16PS Switch Web Interface User’s Guide 802.1x authenticator role, in the unauthorized state. Although the ports are in the authenticator role, the switch blocks all authentication on the ports, which means that no clients can log on and forward packets through them.
Page 272 Chapter 21: Security authentication. Enabled: The Piggyback Mode is Enabled. Disabled: The Piggyback Mode is Disabled. VLAN Assignment - This parameter enables the VLAN assignment that you select with the Guest VLAN ID parameter. Choose from the following: Enabled: The VLAN Assignment is Enabled. Disabled: The VLAN Assignment is Disabled.
Page 273: Radius Client
AT-GS950/16PS Switch Web Interface User’s Guide RADIUS Client You can use the RADIUS client with 802.1x port-based access control to authenticate which packets are forwarded through the switch. This section explains how to configure the RADIUS client on the switch and contains the following sections: “Overview”...
Page 274: Radius Client Configuration
Chapter 21: Security You need to specify the user name and password combinations when  configuring the RADIUS server software on the authentication server. Note This manual does not explain how to configure RADIUS server software. Refer to the documentation that comes with the RADIUS server software for instructions.
Page 275 AT-GS950/16PS Switch Web Interface User’s Guide 8. From the main menu on the left side of the page, select Save Configuration to Flash to permanently save your changes.
Page 276: Dial-In User- Local Authentication
Chapter 21: Security Dial-in User— Local Authentication Dial-in User feature provides the local authentication server for port security when a remote (RADIUS) server is not available. This section includes the following: “Overview” on page 276  “Dial-in User Configuration” on page 276 ...
Page 277: Figure 110. Dial-In User Page
AT-GS950/16PS Switch Web Interface User’s Guide Figure 110. Dial-In User Page 3. In the User Name field, type a name for the user. 4. In the Password field, type a password for the user. 5. In the Dynamic VLAN field, enter the VID of the VLAN which you will allow the user to access.
Page 278 Chapter 21: Security The Dial-in User page is displayed. See Figure 110 on page 277. 3. In the list of dial-in users, highlight the user you want to modify. The user’s information is displayed in fields above. 4. In the Password field, enter the new password. 5.
Page 279: Destination Mac Filter
“Delete Destination MAC Filter” on page 280  Overview The Destination MAC Filter feature prevents the AT-GS950/16PS switch from forwarding packets to a specified device. On the Destination MAC Filter Page of the AT-S112 Management software, enter the MAC address of the device that you want to filter.
Page 280: Delete Destination Mac Filter
Chapter 21: Security Figure 112. Destination MAC Filter Page 3. To enter the MAC address that you want filtered, enter the MAC address into the MAC Address field. 4. Click the Add button to save your entry. See Figure 113. Figure 113.
Page 281 AT-GS950/16PS Switch Web Interface User’s Guide 3. Select the Delete button next to the MAC address that you want to delete. The MAC address is removed from the MAC address table. 4. From the main menu on the left side of the page, select Save...
Page 282 Chapter 21: Security...
Page 283: Chapter 22 : Power Over Ethernet (Poe)
Chapter 22 Power Over Ethernet (PoE) This chapter provides background information about PoE and includes procedures to configure the PoE feature on each port. The sections in this chapter include: “Overview” on page 284  “PoE Configuration” on page 286 ...
Page 284: Overview
Ethernet switches. PD Classes PDs are grouped into five classes. The classes are based on the amount of power that PDs require. The AT-GS950/16PS PoE switch supports all five classes listed in Table 6. Table 6. IEEE Powered Device Classes...
Page 285: Port Prioritization
AT-GS950/16PS Switch Web Interface User’s Guide Port Prioritization As long as the total power requirements of the PDs is less than the total available power of the switch, it can supply power to all of the PDs. However, when the PD power requirements exceed the total available power, the switch denies power to some ports based on a process called port prioritization.
Page 286: Poe Configuration
Chapter 22: Power Over Ethernet (PoE) PoE Configuration To configure the basic STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Power Over Ethernet Configuration. The Power Over Ethernet Configuration page is displayed. See Figure 114.
Page 287 AT-GS950/16PS Switch Web Interface User’s Guide Power ON - The port is supplying PoE power. Power OFF - The port is not supplying PoE power. Class - The PoE class is indicated the class of the PD. N/A is displayed when the port is not supplying power.
Page 288 Chapter 22: Power Over Ethernet (PoE)
Page 289 Chapter 23...
Page 290: Chapter 23: Dhcp Snooping
Chapter 23: DHCP Snooping Chapter 23 DHCP Snooping This chapter contains a description of the DHCP Snooping feature and the procedures for creating, modifying, and deleting the DHCP Snooping configuration. This chapter contains the following sections: “Overview” on page 291 ...
Page 291: Overview
The DHCP Snooping feature provides security by inspecting ingress packets for the correct IP and MAC address information. The DHCP Snooping feature defines the AT-GS950/16PS ports as either trusted or untrusted. With DHCP Snooping enabled, two network security issues are...
Page 292: Dhcp With Option 82
You can configure the AT-GS950/16PS to pass DHCP packets containing Option 82 information through the switch without altering the information Option 82 within the packet. You can also configure the AT-GS950/16PS switch to insert DHCP Option 82 information directly into the DHCP packets as they pass through the switch.
Page 293: General Guidelines
AT-GS950/16PS Switch Web Interface User’s Guide General Guidelines Here is a summary of the rules to observe when you configure DHCP Snooping: A trusted port is connected to one of the following:  – Directly to the legitimate trusted DHCP Server.
Page 294: General Configuration
Chapter 23: DHCP Snooping General Configuration The following procedure describes how to configure the DHCP Snooping feature on the AT-GS950/16PS switch: 1. From the main menu on the left side of the page, select DHCP Snooping. The DHCP Snooping folder expands.
Page 295 AT-GS950/16PS Switch Web Interface User’s Guide Disable - The MAC address of each ingress ARP packet is not validated against the Binding Table. All ARP packets are forwarded through the switch without regard to the IP and MAC Address information in the packet header.
Page 296: Vlan Setting
Chapter 23: DHCP Snooping VLAN Setting You can create and delete DHCP Snooping VLAN settings by following the procedures in these sections: "Creating a VLAN"  “Modifying a VLAN” on page 297  “Deleting a VLAN” on page 297  Creating a VLAN To define a VLAN that will be a part of the DHCP Snooping feature, do the following:...
Page 297: Modifying A Vlan
AT-GS950/16PS Switch Web Interface User’s Guide Modifying a To modify or delete a VLAN ID, you must first deleted it (using the procedure below) and then re-entered re-enter it by following the VLAN procedure outline in “Creating a VLAN” on page 296.
Page 298: Trusted And Untrusted Port Configuration
Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select Trusted Interfaces. A partial view of the AT-GS950/16PS Trusted Interfaces page is displayed. See Figure 117. Figure 117. AT-GS950/16PS Trusted Interfaces Page 3. From the Trust column, select one of the following choices from the...
Page 299: Figure 118. Trusted Interfaces Page Example
AT-GS950/16PS Switch Web Interface User’s Guide Figure 118. Trusted Interfaces Page Example 5. If you choose to configure other switch ports as trusted or untrusted, repeat steps 3 and 4. 6. From the main menu on the left side of the page, select Save...
Page 300: Binding Database
Add button. The following procedure describes how to configure the DHCP Snooping Binding Database on the AT-GS950/16PS switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network: 1.
Page 301: Viewing
AT-GS950/16PS Switch Web Interface User’s Guide VLAN - Enter the host’s VLAN ID. Port - Enter the port number where the host is connected. Type - Because the IP Address being entered is static, you must select Static. Lease Time - Enter the time that IP address assignment is valid. The range is 10 to 4294967295 seconds.
Page 302 Chapter 23: DHCP Snooping Type: This parameter indicates the following: Learned: The host IP Address is dynamically assigned by the DHCP server. Static: The host IP Address is statically assigned. See “Static IP Addresses” on page 300 for more information. Lease Time: This parameter is the time that IP address assignment by the DHCP server is valid.
Page 303: Chapter 24 : Lldp
Chapter 24 LLDP Link Layer Discovery Protocol (LLDP) allows Ethernet network devices, such as switches and routers, to receive and transmit device-related information to directly connected devices on the network and to store data that is learned about other devices. This chapter provides the following information: “Overview”...
Page 304: Overview
Chapter 24: LLDP Overview The data sent and received by LLDP are useful for many reasons. The switch can discover other devices directly connected to it. Neighboring devices can use LLDP to advertise some parts of their Layer 2 configuration to each other, which may highlight inconsistencies in the neighboring device’s configuration which can then be corrected.
Page 305: Global Configuration
The LLDP port settings are on the bottom of the page.  3. See Figure 121 for an example of a partial view of this page. A partial view of the AT-GS950/16PS LLDP Global Settings Page is displayed. See Figure 121. Figure 121. AT-GS950/16PS LLDP Global Settings Page...
Page 306: Enabling Or Disabling Lldp
The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Setting. A partial view of the AT-GS950/16PS LLDP Global Settings Page is displayed. See Figure 121 on page 305. 3. From the LLDP parameter, select one of the following radio button choices: Enable: The LLDP feature is active.
Page 307: Displaying System Information
Information The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Setting. A partial view of the AT-GS950/16PS LLDP Global Settings Page is displayed. See Figure 121 on page 305. 3. The following parameters display the system information: Chassis ID Subtype: This parameter describes the Chassis ID subtype which is “macAddress”.
Page 308 Chapter 24: LLDP transmit LLDP data packets. To change the settings of all the ports to the same state, select a state setting next to All In the Port column. 3. In the Action column, click the Apply button that corresponds to the port to make the state change active.
Page 309: Neighbors Information
Entity: This parameter is a number assigned to the reporting neighbors in the order that the LLDP information is received from them. Port: This parameter specifies the AT-GS950/16PS local port number where the LLDP information was received. Chassis ID Subtype: This parameter describes the Chassis ID subtype of the neighboring network device which is reporting the LLDP information.
Page 310 Chapter 24: LLDP...
Page 311: Chapter 25 : Network Statistics
Chapter 25 Network Statistics The sections in this chapter explain how to display traffic, error, and history statistics about the network traffic on the AT-GS950/16PS switch and its ports. This chapter includes the following sections: “Overview” on page 312 ...
Page 312: Overview
Chapter 25: Network Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S112 Management Software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color used to draw the chart.
Page 313: Traffic Comparison Statistics
AT-GS950/16PS Switch Web Interface User’s Guide Traffic Comparison Statistics The Traffic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports. You can select 12 statistic types and 12 colors for each port. To display traffic comparison statistics, perform the following procedure: 1.
Page 314: Table 8 Traffic Comparison Options
Chapter 25: Network Statistics Table 8 Traffic Comparison Options Option Definition Inbound Octets (Bytes/s) Measures the number of inbound octet bits in bytes per second. Inbound Unicast Packets (Pkts) Measures the number of inbound unicast packets in packets per second. Inbound Non-unicast Packets (Pkts) Measures the number of inbound non-unicast packets (such as broadcast and multicast packets) in packets...
Page 315 AT-GS950/16PS Switch Web Interface User’s Guide 5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green  Blue   Purple  Yellow  Orange  Gray  Light Red ...
Page 316: Error Group Statistics
Chapter 25: Network Statistics Error Group Statistics The Error Group chart displays the discard and error counts for a specified port. To display error group statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder. The Statistics Chart folder expands. 2.
Page 317 AT-GS950/16PS Switch Web Interface User’s Guide 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds  10 seconds  15 seconds  30 seconds  5. To select the color of the traffic comparison graph, select Color.
Page 318: Historical Status Charts
Chapter 25: Network Statistics Historical Status Charts The Historical Status chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation. To display historical status charts statistics for a port, perform the following procedure: 1.
Page 319: Table 9 Historical Status Options
AT-GS950/16PS Switch Web Interface User’s Guide Table 9 Historical Status Options Option Definition Inbound Octet Rate (Bytes) Measures the rate of inbound octet bits in bytes per second. Inbound Unicast Packet Rate (Pkts) Measures the rate of inbound unicast packets in packets per second.
Page 320 Chapter 25: Network Statistics 4. To select the amount of time before the screen is refreshed, click Auto Refresh. Choose from the following options: 5 seconds  10 seconds  15 seconds  30 seconds  5. To select the color of the traffic comparison graph, select Color. Choose one of the following colors: Green ...
Page 321: Tools
This section contains the following chapters: Chapter 26, “Software/Configuration Updates” on page 323  Chapter 27, “Cable Diagnostics” on page 335  Chapter 28, “Rebooting the AT-GS950/16PS” on page 337  Chapter 29, “Pinging a Remote System” on page 347 ...
Page 323: Chapter 26 : Software/Configuration Updates
“Download or Upload a Configuration File via TFTP” on page 332  Note For information about how to obtain new releases of the AT-S112 Management Software, see “Allied Telesis Contact Information” on page 17. Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Page 324: Overview
Internet browser. However, to perform one of these operations using TFTP, you must have access to an TFTP server. In addition, you can save a configuration file from your AT-GS950/16PS switch, which can be downloaded to other AT-GS950/16PS switches on your network.
Page 325: Upgrade Firmware Image Via Http
AT-GS950/16PS Switch Web Interface User’s Guide Upgrade Firmware Image via HTTP This section describes how to upgrade an firmware image of the AT-S112 Management Software using HTTP on an Internet server. Before downloading a new version of the AT-S112 Management Software onto...
Page 326: Figure 126. Firmware Upgrade Via Http Page
Chapter 26: Software/Configuration Updates 2. From the Firmware Upgrade folder, select via HTTP. The Firmware Upgrade via HTTP Page is displayed. See Figure 126. Figure 126. Firmware Upgrade via HTTP Page 3. Change the following parameter as necessary: Firmware File: Enter the path and the firmware file name or click the Browse button and select the file name.
Page 327: Upgrade Firmware Image Via Tftp
AT-GS950/16PS Switch Web Interface User’s Guide Upgrade Firmware Image via TFTP This section describes how to upgrade an firmware image of the AT-S112 Management software using TFTP on an TFTP server. Before downloading a new version of the AT-S112 Management Software onto...
Page 328: Figure 127. Firmware Upgrade Via Tftp Page
Chapter 26: Software/Configuration Updates Figure 127. Firmware Upgrade via TFTP Page The Image/Version Date shows the current version and date of software installed on the switch. 3. Change the following parameters as necessary: TFTP Server IP: The IP address of the TFTP server from which you are downloading the new software.
Page 329: Upload Or Download A Configuration File Via Http
AT-GS950/16PS Switch Web Interface User’s Guide Upload or Download a Configuration File via HTTP This section describes how to upload or download a configuration file using HTTP on an Internet server. Before you upload or download a configuration file via HTTP, note the following: You must be able to access the new AT-S112 configuration file from ...
Page 330: Figure 129. Result Page
URL, you will loose connectivity with the AT-S112 Management software on the AT-GS950/16PS switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool.
Page 331: Configuration File Download
AT-GS950/16PS Switch Web Interface User’s Guide Configuration To download or save the AT-S112 configuration file from the switch to your PC, perform the following procedure: File Download 1. Select the Download button. Select this button to download a configuration file from the switch to your PC.
Page 332: Download Or Upload A Configuration File Via Tftp
Chapter 26: Software/Configuration Updates Download or Upload a Configuration File via TFTP This section describes how to upload or download a configuration file using TFTP on an TFTP server. Before you upload or download a configuration file onto the switch using TFTP, note the following: Your network must have a TFTP server.
Page 333: Configuration File Download
URL, you will loose connectivity with the AT-S112 Management software on the AT-GS950/16PS switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool.
Page 334 Chapter 26: Software/Configuration Updates...
Page 335: Chapter 27 : Cable Diagnostics
Chapter 27 Cable Diagnostics This chapter provides procedures to run cable diagnostics on the cables connected to the switch ports. If a port is selected, a cable must be connected to it for meaningful test results to be displayed. Note To permanently save your new settings or any changes to the configuration file, select Save Configuration to Flash from the main menu on the left side of the page.
Page 336 Chapter 27: Cable Diagnostics Port: This parameter displays the port (cable) selected. Test Results: Displays the diagnostic results for each pair in the cable. One of the following cable status parameters is displayed: OK: There is not problem detected with the cable. Open in Cable: There is an open wire within the cable.
Page 337: Chapter 28 : Rebooting The At-Gs950/16Ps
Chapter 28 Rebooting the AT-GS950/16PS This chapter provides the procedures for rebooting the AT-GS950/16PS switch by using the Normal reboot function provided in the AT-S112 management software. Note Alternately, you can reboot the AT-GS950/16PS switch by pressing the front panel eco-friendly switch between 5 to 9 seconds.
Page 338: Switch Reboot
Chapter 28: Rebooting the AT-GS950/16PS Switch Reboot The following procedure outlines how to reboot your AT-GS950/16PS switch. Caution This procedure reboots the switch and reloads the AT-S112 Management software configuration from flash memory. Insure that your current configuration is saved before rebooting the switch by selecting Save Configuration to Flash from the main menu on the left side of the page to permanently save your changes.
Page 339 AT-GS950/16PS Switch Web Interface User’s Guide 4. In the Reboot Type field, select Normal from the pull-down menu. When the switch is rebooted with this selection, all configuration parameters that are saved in flash memory are loaded into the switch’s active memory.
Page 340: Configure Factory Default Values
Chapter 28: Rebooting the AT-GS950/16PS Configure Factory Default Values The following procedure returns all AT-S112 Management software parameters to their factory default values and deletes all tagged and port- based VLANs on the switch. Note The AT-S112 Management software factory default values are listed in “AT-GS950/8 Default Parameters”...
Page 341 AT-GS950/16PS Switch Web Interface User’s Guide address, subnet mask, and gateway settings are managed by the DHCP server. 5. Click Apply. The switch begins the reboot process. You must wait approximately two minutes for the switch to complete the reboot process before you can re-establish your management session and network traffic begins flowing normally again.
Page 342: Password Protection Of Factory Reset
Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. See “Disabling Factory Default Reset Feature” on page 342 for information about how to disable the factory default reset feature.
Page 343: Figure 134. Factory Default Reset/Reboot Page With Password Entry
Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. 6. Re-enter the same password in the Confirm Password field.
Page 344: Enabling Factory Default Reset
Chapter 28: Rebooting the AT-GS950/16PS remain Enabled on both the switch management software and the physical front panel ecoFriendly button. 8. Click Accept.on the message. The Factory Default Reset page changes and displays the Factory Default Reset feature as Disabled. See Figure 135.
Page 345: Figure 136. Factory Default Reset/Reboot Page With Password Entry
AT-GS950/16PS Switch Web Interface User’s Guide Figure 136. Factory Default Reset/Reboot Page with Password Entry 5. Enter the same password that you defined when you previously set the Factory Default Reset field to Disable. 6. Click Apply. The initial Factory Default Reset/Reboot Page is displayed with the Factory Default Reset field Enabled.
Page 346 Chapter 28: Rebooting the AT-GS950/16PS...
Page 347: Chapter 29 : Pinging A Remote System
Chapter 29 Pinging a Remote System This chapter provides the procedure for pinging a node on your network from the AT-GS950/16PS switch. This procedure is useful in determining whether an active link exists between the switch and another network device.
Page 348: Figure 138. Ping Test Results Page
Chapter 29: Pinging a Remote System switch waits for a response before assuming that a ping has failed. Number of Ping Requests - Specifies the number of ping requests you want the switch to perform. 4. Click Start. 5. To view the ping results, click Show Ping Results. A sample Ping Test Results Page is displayed.
Page 349: Appendix A: Mstp Overview
“Associating VLANs to MSTIs” on page 363  “VLANs Across Different Regions” on page 365  “Summary of Guidelines” on page 367  Note To configure the MSTP feature on the AT-GS950/16PS switch, go to “Multiple Spanning Tree Protocol” on page 79 for more information.
Page 350: Overview
Appendix A: MSTP Overview Overview In the AT-GS950/16PS, STP and RSTP are referred to as single-instance spanning trees that search for physical loops across all VLANs in a bridged network. When loops are detected, the active protocol stops the loops by placing one or more bridge ports in a blocking state.
Page 351 AT-GS950/16PS Switch Web Interface User’s Guide Note Do not activate MSTP on the AT-GS950/16PS switch without first familiarizing yourself with the following concepts and guidelines. Like STP and RSTP, you must activate this MSTP protocol on a switch and then configure the protocol parameters.
Page 352: Multiple Spanning Tree Instance (Msti)
Production VLAN. Figure 139. VLAN Fragmentation with STP or RSTP Figure 140 on page 353 illustrates the same two AT-GS950/16PS switches and the same two virtual LANs. But in this example, the two switches are running MSTP and the two VLANs have been assigned different spanning tree instances.
Page 353: Multiple Vlans Assigned To An Msti
Multiple VLANs A MSTI can contain more than one VLAN. This is illustrated in Figure 141 on page 354 where there are two AT-GS950/16PS switches with four VLANs. Assigned to an There are two MSTIs, each containing two VLANs. MSTI 1 contains the Sales...
Page 354: Figure 141. Multiple Vlans In A Msti
Appendix A: MSTP Overview Figure 141. Multiple VLANs in a MSTI In this example, because an MSTI contains more than one VLAN, the links between the VLAN parts is made with tagged (not untagged) ports so that they can carry traffic from more than one virtual LAN. Referring again to Figure 141, the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs.
Page 355: General Guidelines
AT-GS950/16PS Switch Web Interface User’s Guide General Guidelines Here are the guidelines for MSTIs: The AT-GS950/16PS switch can support up to 31 spanning tree instances,  including the CIST. A MSTI can contain any number of VLANs.  A VLAN can belong to only one MSTI at a time.
Page 356: Vlan And Msti Associations
Appendix A: MSTP Overview VLAN and MSTI Associations Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
Page 357: Ports In Multiple Mstis
AT-GS950/16PS Switch Web Interface User’s Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTI’s. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Page 358: Multiple Spanning Tree Regions
Table 10 illustrates the concept of regions. It shows one MSTP region consisting of two AT-GS950/16PS switches. Each switch in the region has the same configuration name and revision level. The switches also have the same...
Page 359: Table 10. Mstp Region
VLAN: Accounting (VID 4) VLAN: Accounting (VID 4) The AT-GS950/16PS switch determines regional boundaries by examining the MSTP BPDUs received on the ports. A port that receives a MSTP BPDU from another bridge with regional information different from its own is considered to be a boundary port and the bridge connected to the port as belonging to another region.
Page 360: Mst Region Guidelines
A network can contain any number of regions and a region can contain  any number of AT-GS950/16PS switches. The AT-GS950/16PS switch can belong to only one region at a time.  A region can contain any number of VLANs.
Page 361 AT-GS950/16PS Switch Web Interface User’s Guide Each MSTI must have a regional root for locating loops in the instance.  MSTIs can share the same regional root or have different roots. A regional root is determined by the MSTI Bridge Priority value and a bridge’s MAC address.
Page 362: Common And Internal Spanning Tree (Cist)
The CIST regional root is set with the CIST Priority parameter. This parameter, which functions similar to the RSTP bridge priority value, selects the root bridge for the entire bridged network. If the AT-GS950/16PS switch has the lowest CIST Priority value among all the spanning tree bridges, it functions as the root bridge for all the MSTP regions and STP and RSTP single-instance spanning trees in the network.
Page 363: Associating Vlans To Mstis
BPDU packet. By default, all ports of the AT-GS950/16PS switch belong to the CIST instance. So the CIST identification is always included in the BPDU. If the port is also a member of a VLAN that has been assigned to a MSTI, that information is included in the BPDU too.
Page 364: Figure 143. Cist And Vlan Guideline - Example 2
Appendix A: MSTP Overview Instances: CIST 0 BPDU Packet Port 1 (Default VLAN) Port 3 (Blocked) plus plus AT-GS950/16PS AT-GS950/16PS Switch B Switch A Gigabit Ethernet PoE+ Switch Gigabit Ethernet PoE+ Switch 13 15R PORT ACTIVITY 13 15R PORT ACTIVITY...
Page 365: Vlans Across Different Regions
AT-GS950/16PS Switch Web Interface User’s Guide VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network.
Page 366: Figure 145. Spanning Regions Without Blocking
Appendix A: MSTP Overview Region 1 VLANs Region 2 VLANs Accounting Accounting Sales Sales Pre-Sales Pre-Sales Marketing Technical Support Product Management Software Engineering Project Management Hardware Engineering The two regions share three VLANs: Accounting, Sales, and Presales. You can group these three VLANs into the same MSTI in each region. For instance, for Region 1 you might group the three VLANs in MSTI 12 and in Region 2 you could group them into MSTI 6.
Page 367: Summary Of Guidelines
Careful planning is essential for the successful implementation of MSTP. This section reviews all the rules and guidelines mentioned in earlier sections, and contains a few new ones: The AT-GS950/16PS switch can support up to 32 multiple  spanning tree instances, including the CIST, at a time.
Page 368 Appendix A: MSTP Overview...
Page 369: Appendix B: At-Gs950/16Ps Default Parameters
Appendix B AT-GS950/16PS Default Parameters Table 12 lists the factory default settings for the AT-S112 Management software on the AT-GS950/16PS switch. The Parameters reflect the fields found on each web page. Table 12. AT-S112 Management Software Default Settings AT-GS950/16PS Parameter...
Page 370: Specifications
Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting IP address entries 10 entries 10 entries System/Administration User Name manager 1 - 12 characters Password friend 1 - 12 characters System/User Interface...
Page 371 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting January:01:00:00 (Month:Day:HH:MM) DST Offset 1 hr System/SSL Settings SSL Settings Disabled Enabled/Disabled System/DHCP Auto Configuration Settings Auto Configuration Disabled Enabled/Disabled State...
Page 372 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Trunk Type 1000TX Down Up/Down Link Status Enabled Enabled/Disabled Admin Status Mode Auto Auto/10Half/10Full/100Half/100Full/1000Full Enabled Enabled/Disabled Jumbo Disabled Enabled/Disabled Flow Control EAP Pass...
Page 373: Default Setting
AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Bridge Priority 32768 0 - 61440 Region Name MAC Address of AT-GS950/16PS switch Region Revision 0 - 65535 Dynamic Path Cost...
Page 374 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Restricted Role False True/False Restricted TCN False True/False Port State Ignore Enable/Disable/Ignore Bridge/Trunk Config/Trunking Trunk Status Disabled Active/Passive/Manual/Disabled Bridge/Trunk Config/LACP Group Status...
Page 375 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Port All, 1 - 16 Loopback Detection Disabled Enabled/Disabled State Bridge/Static Unicast 802.1Q VLAN ID 1 - 4000 Port-Based VLAN ID 1 - 52...
Page 376 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Storm Control Disabled Enabled/Disabled Broadcast Control Status Storm Control Disabled Enabled/Disabled Multicast Control Status Storm Control High (2500 pps) Threshold Medium (1000 pps)
Page 377 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Port Settings Enabled Enabled/Disabled Ingress Filtering Forwarding Table IVL/SVL Learning Mode Private VLAN Source Port All, 1 - 16 Private VLAN...
Page 378 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting SNMP/Group Access Table Group Name ReadOnly/ReadWrite Read View Name ReadWrite Write View None Notify View Name ReadWrite Security Model v1/v2c/v3 Security Level...
Page 379 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Access Control Configuration Classifier Index none 1 - 65535 Source MAC Address xx:xx:xx:xx:xx:xx hex format none Source MAC Mask 1 - 48...
Page 380 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Out-Profile Action 1 - 65535 none Index Out-Profile Action Permit/Deny Permit Deny/Permit Out-Profile Action 64 - 1000000 kbps/unit none Committed Rate Out-Profile Action...
Page 381 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Alarms Index none 1 - 65535 Alarms Interval 1 to 2147483647 seconds none Alarms Variable none Alarms Sample Type Absolute value...
Page 382 Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Port Access Control Nas1 1 - 23 characters NAS ID Port Access Control Disabled Disabled/Enabled Port Access Control Local Local/Radius Authentication Method...
Page 383 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting General Setting Enabled/Disabled Disabled Backup Database General Setting 1200 600 - 86400 Database Update Interval General Setting Enabled/Disabled Disabled DHCP Option 82...
Page 384: Statistics Chart
Appendix B: AT-GS950/16PS Default Parameters Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Global Settings Enabled/Disabled Enabled Port State Statistics Chart Traffic Comparison 25 statistics Inbound Octet Rate (Bytes/ Statistics Traffic Comparison 5 seconds 5/10/15/30 seconds...
Page 385 AT-GS950/16PS Switch Web Interface User’s Guide Table 12. AT-S112 Management Software Default Settings (Continued) AT-GS950/16PS Parameter Specifications Default Setting Firmware Upgrade via 1 - 20 TFTP Retry Count Configuration File none Upload/Download via HTTP Select File Configuration File 0.0.0.0 IPv4 address in xxx.xxx.xxx.xxx hex format;...
Page 386 Appendix B: AT-GS950/16PS Default Parameters...

This manual is also suitable for:

At-s112