GarrettCom MNS-6K 4.1.4 Cli User's Manual

For magnum 6k family of switches

page of 364

/ 364
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

MAGNUM 6K FAMILY OF SWITCHES

Managed Network Software (MNS)

MNS-6K-SECURE 14.1.4 and MNS-6K 4.1.4

CLI User Guide

Table of Contents

Need help?

Do you have a question about the MNS-6K 4.1.4 and is the answer not in the manual?

Questions and answers

Summary of Contents for GarrettCom MNS-6K 4.1.4

Page 1 MAGNUM 6K FAMILY OF SWITCHES Managed Network Software (MNS) MNS-6K-SECURE 14.1.4 and MNS-6K 4.1.4 CLI User Guide...
Page 2 If you need information on a specific feature in Web Management Interface, use the online help provided in the interface. If you need further information or data sheets on GarrettCom Magnum 6K family of switches, refer to the GarrettCom web links at: http://www.garrettcom.com/managed_switches.htm...
Page 3 UL is a registered trademark of Underwriters Laboratories. Ethernet is a trademark of Xerox Corporation. Copyright © 2007 GarrettCom, Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from GarrettCom, Inc. Printed in the United States of America.
Page 4: Table Of Contents
T able of Contents 1 – Conventions Followed ... 19 Flow of the User Guide ... 21 2 – Getting Started ... 23 Before starting ... 23 MNS-6K Software Updates ... 24 Console connection ... 24 Console setup ... 25 Console screen ...
Page 5 Upgrading to MNS-6K-SECURE ... 36 List of commands in this chapter ... 37 3 – IP Address and System Information ... 39 IP Addressing ... 39 Importance of an IP address ... 39 DHCP and bootp ... 40 Bootp Database ... 40 Configuring Auto/DHCP/Bootp/Manual ...
Page 6 Configuring IPv6 ... 74 List of commands in this chapter ... 75 5 – DHCP Server ... 77 Modes of Operation ... 78 Technical Details ... 79 DHCP Discovery ... 79 DHCP Offers ... 80 DHCP Request ... 80 DHCP Acknowledgement ... 80 DHCP Information ...
Page 7 8 – Access Using RADIUS ... 106 RADIUS ... 106 802.1x ... 106 Configuring 802.1x ... 109 List of commands in this chapter ... 114 9 – Access Using TACACS+ ... 116 TACACS – flavors and history ... 116 TACACS+ Flow ... 117 TACACS+ Packet ...
Page 8 Using STP ... 148 List of commands in this chapter ... 158 13 – Rapid Spanning Tree Protocol (RSTP) ... 159 RSTP concepts ... 159 Transition from STP to RSTP ... 160 Configuring RSTP ... 161 List of commands in this chapter ... 172 14 –...
Page 9 Configuring QoS ... 208 List of commands in this chapter ... 213 18 – IGMP ... 214 IGMP concepts ... 214 IGMP-L2 ... 218 Configuring IGMP ... 221 List of commands in this chapter ... 228 19 – GVRP ... 230 GVRP concepts ...
Page 10 System Events ... 272 MAC Address Table ... 277 List of commands in this chapter ... 278 APPENDIX 1 - Command listing by Chapter ... 281 Chapter 2 – Getting Started ... 281 Chapter 3 – IP Address and System Information ... 282 Chapter 4 –...
Page 11 Selecting the proper version ... 337 Downloading the MNS-6K software ... 337 Next steps ... 341 2. Preparing to load the software ... 342 Accessing the switch ... 342 Serial Connection ... 342 Network Access ... 343 Saving the Configuration ... 343 Serial Connection ...
Page 12: List Of Figures
IGURE commands to switch between the levels is not shown here..26 3 – As the switch tries to determine its mode of operation and its IP address, it may IGURE assign and release the IP address a number of times. A continuous ping to the switch will show an intermittent response ...
Page 13 28 – setting up ssh – since telnet sends the information in clear text, make sure that IGURE telnet is disabled to secure the switch. Do not telnet to the switch to disable telnet. Preferred method is to do that via the console or using SWM. The client access is not shown here.
Page 14 59 – Enabling and disabling port security ... 92 IGURE 60 – Viewing port security settings on a switch. On port 9, learning is enabled. This port IGURE has 6 stations connected to it with the MAC addresses as shown. Other ports have learning disabled and the MAC addresses are not configured on those ports ...
Page 15 93 – A fault in the ring interrupts traffic. The blocking port now becomes forwarding so IGURE that traffic can reach all switches in the network Note – the mP62 as well as the ESD42 switches support LLL and can participate in S-Ring as an access switch ... 179...
Page 16 94 – More than one S-Ring pair can be selected and more than one S-Ring can be IGURE defined per switch. Note – the mP62 as well as the ES42 switches support LLL and can participate in S-Ring as an access switch ... 180 95 –...
Page 17 Each switch has the IGMPL2 turned on. Each switch can exchange the IGMP query message and respond properly. R4 wants to view surveillance traffic from T1. As shown by (1), a join request is sent by R4. Once the join report information is exchanged, only R4 receives the video surveillance traffic, as shown by (2).
Page 18 152 – Here, you can view the certificate, permanently make an exception and confirm the IGURE exception. The locations to do those are identified in this figure ... 332 153 – Self signed certificate from GarrettCom Inc for MNS-6K... 333 IGURE 154 – Using IE 7 ... 334 IGURE 155 –...
Page 19 170 – Dialog for upgrading the image using tftp ... 351 IGURE 171 – Updating the boot code over the network using the upgrade command. Make sure IGURE to reboot the switch after the boot loader upgrade is completed ... 353 xviii...
Page 20: Conventions Followed
Commands typed by a user will be shown in a different color and this font Switch prompt – shown in Bold font, with a “# or >” at the end. For the document we will use Magnum6K25#...
Page 21 Windows-XP based machine when in doubt. Supported MNS-6K Version – The documentation reflects features of MNS-6K version 3.4 or later. If your switch is not at the current version, GarrettCom Inc. recommends upgrade to the latest version. Please refer to the GarrettCom Web site for information on upgrading the MNS-6K software on Magnum 6K family of switches.
Page 22: Flow Of The User Guide
VLANs can be setup and managed. At this stage the network and the switch are secured. It is now critical to make the network more reliable. The User Guide switches gears and talks about STP, RSTP and S- Ring technologies which can be used for making the network reliable.
Page 23 Chapter 18 focuses on IGMP. Chapter 19 focuses on GVRP. Chapter 20 shows how the SNMP parameters can be setup for managing the switch with network management software such as Castle Rock SNMPc™ Chapter 21 includes miscellaneous commands to improve the overall ease of use and...
Page 24: Getting Started
2 – Getting Started First few simple steps … his section explains how the GarrettCom Magnum 6K family of switches can be setup using the console port on the switch. Some of the functionality includes setting up the IP address of the switch, securing the switch with a user name and password, setting up VLAN’s and more.
Page 25: Mns-6K Software Updates
MNS-6K software. The documentation on how to update the MNS-6K is included as an Appendix in this manual. The Login prompt is shown when the connection to the GarrettCom Magnum 6K Switch is successful and the switch is ready for the configuration commands. Should you get a boot prompt, please contact GarrettCom technical support.
Page 26: Console Setup
Console setup Connect the console port on the switch to the serial port on the computer using the serial cable listed above. The settings for the HyperTerminal software emulating a VT100 are shown in Figure 1 below. Make sure the serial parameters are set as shown (or bps = 38400, data bits=8, parity=none, stop bits=1, flow control=none).
Page 27: Commands To Switch Between The Levels Is Not Shown Here
To setup the switch, the IP address and other relevant TCP/IP parameters have to be specified. A new GarrettCom Magnum switch looks for a DHCP or a BootP server. If a DHCP or a BootP server is present, the switch will be assigned an IP address from those servers.
Page 28: Show An Intermittent Response
Once the switch assigns itself an IP address the intermittent ping issue is no longer prevalent. 3 – As the switch tries to determine its mode of operation and its IP address, it may assign and IGURE release the IP address a number of times.
Page 29 • Power off the switch (or a software reboot as discussed below) • Power on the switch – login with the new login name and password • From the PC (or from the switch) ping the IP address specified for the switch to ensure connectivity •...
Page 30: Privilege Levels
Some of the parameters in the Magnum 6K family of switches are shown above. The list of parameters below indicates some of the key parameters on the switch and the recommendations for changing them (or optionally keeping them the same).
Page 31: Level
Manager prompt. User management A maximum of five users can be added per switch for MNS-6K and a maximum of twenty users can be added for MNS-6K-SECURE. Users can be added, deleted or changed from a manager level account. There can be more than one manager account, subject to the maximum number of users on the switch.
Page 32: Delete User
M A G N U M S W I T C H E S , user Magnum6K25# add user=peter level=2 Magnum6K25(user)## Enter User Password:****** Confirm New Password:****** Magnum6K25(user)## 8 - Adding a user with Manager level privilege IGURE In this example, user ‘peter’ was added with Manager privilege. Delete User Syntax delete user=<name>...
Page 33: Modifying Access Privileges
M A G N U M S W I T C H E S , Magnum6K25(user)## 11 - Changing the privilege levels for a user IGURE In this example, user ‘peter’ was modified to Operator privileges. Modifying Access Privileges User access allows the network administrators to control as to who has read and write access and for which set of command groups.
Page 34 After this command, user Peter will not have read access to the VLAN, system and user groups. In another example, if the user Peter is not allowed to access the switch using telnet, the access can be blocked using the steps shown below:...
Page 35: Help
M A G N U M S W I T C H E S , Help Typing the ‘help’ command lists the commands you can execute at the current privilege level. For example, typing ‘help’ at the Operator level shows help Magnum6K25>...
Page 36: Context Help
M A G N U M S W I T C H E S , show active-vlan show address-table show age show alarm show arp show auth <config|ports> show backpressure show bootmode --more-- 16 - Options for the ‘show’ command IGURE Context help Other ways to display help, specifically, with reference to a command or a set of...
Page 37: Exiting
Upgrading to MNS-6K-SECURE MNS-6K-SECURE license can be purchased with the purchase of the switch. In that case a license key will be issues to you with the delivery of the switch. This license key will be needed to upgrade the version.
Page 38: List Of Commands In This Chapter
[add|del] – to set IP address on the switch Syntax save – save changes made to the configuration Syntax reboot – restart the switch – same effect as physically turning off the power Syntax show setup – show setup parameters Syntax show config –...
Page 39 M A G N U M S W I T C H E S , Syntax <TAB> - listing all commands available at the privilege level Syntax <command string> <TAB> - options for a command Syntax <first character of the command> <TAB> - listing commands starting with the character Syntax logout –...
Page 40: Ip Address And System Information
(e.g. class A, Class B and Class C addressing). Importance of an IP address Without an IP address, the switch will operate as a standalone Layer 2 switch. Without an IP address, you cannot • Use the web interface to manage the switch •...
Page 41: Dhcp And Bootp
A sample entry by which the bootp software will look up the database and update the IP address and subnet mask of the switch would be as follows M6k25switch:\...
Page 42: Configuring Auto/Dhcp/Bootp/Manual
By default, the switch is configured for ‘auto’. As describer earlier in Chapter 2, in the auto mode, the switch will first look for a DHCP server. If a DHCP server is not found, it will then look for a BootP server. If that server is not found, the switch will first inspect to see if the IP address 192.168.1.2 with a netmask of 255.255.255.0 is free.
Page 43: Using Telnet
IGURE Using Telnet By default, the telnet client is enabled on the GarrettCom Magnum 6K family of switches. MNS-6K supports five simultaneous sessions on a switch – four telnet sessions and one console session. This allows many users to view, discuss or edit changes to the MNS-6K.
Page 44: Figure 25 - Reviewing The Console Parameters - Note Telnet Is Enabled
While MNS-6K times out an idle telnet session, it may be useful to see who is currently connected to the switch. It may also be useful for a person to remotely terminate a telnet session. To facilitate this, MNS-6K supports two commands Syntax show session Syntax kill session id=<session>...
Page 45: Using Ssh
In the above example, the user with user-id peter is given telnet access (which was disabled earlier in Chapter 2). Then multiple users telnet into the switch. This is shown using the “show session” command. The user operator session is then terminated using the “kill session” command.
Page 46 M A G N U M S W I T C H E S , strong algorithms such as blowfish, 3DES, IDEA etc.). Encryption provides confidentiality and integrity of data. . The goal of SSH was to replace the earlier rlogin, Telnet and rsh protocols, which did not provide strong authentication or guarantee confidentiality.
Page 47 M A G N U M S W I T C H E S , • The user authentication layer (RFC 4252). This layer handles client authentication and provides a number of authentication methods. Authentication is client-driven, a fact commonly misunderstood by users; when one is prompted for a password, it may be the SSH client prompting, not the server.
Page 48 Session Inactivity Time (min) show sysconfig ML2400# System Name System Contact System Location : Yes : Yes : Yes : Yes : Yes : Yes : VT100 : 38400 : None : 10 : Magnum 6K25 : support@garrettcom.com : Fremont, CA...
Page 49: Commonly An Application Like Putty Is Used To Access The Switch Via Ssh. Use The Show Console Command To Verify Telnet Is Turned Off
IGURE the switch. Do not telnet to the switch to disable telnet. Preferred method is to do that via the console or using SWM. The client access is not shown here. Commonly an application like PUTTY is used to access the switch via ssh. Use the show console command to verify telnet is turned off SSH sessions cannot originate from the switch to another device.
Page 50: Figure 29 - Use Of Dns
M A G N U M S W I T C H E S , show dns Magnum6K25# DNS Server Address : 0.0.0.0 Domain Name : Not Set DNS Status : Disabled. set dns server=192.168.5.254 domain=customer-domain.com Magnum6K25# Domain Name Server Set. show dns Magnum6K25# DNS Server Address : 192.168.5.254...
Page 51: Setting Serial Port Parameters
To be compliant with IT or other policies the console parameters can be changed from the CLI interface. This is best done by setting the IP address and then telnet over to the switch. Once connected using telnet, the serial parameters can be changed. If you are using the serial port, remember to set the VT-100 emulation software properties to match the new settings.
Page 52: Changed
32 - System parameters using the show sysconfig command. Most parameters here can be IGURE changed. System variables can be changed. Below is a list of system variables which GarrettCom recommends changing. System Name: Using a unique name helps you to identify individual devices in a network.
Page 53: Date And Time
34 - Setting the system date, time and time zone IGURE Rebooting the switch resets the time to the default. Synchronizing with the time server resets the time. Other relevant date and time commands are: M N S - 6 K...
Page 54: Network Time (Sntp Client)
Simple Network Time Protocol (SNTP). To specify the SNTP server, one has to 1) Set the IP parameters on the switch 2) Define the SNTP parameters To set the SNTP parameter, enter the SNTP configuration mode from the manager. The ‘setsntp, sync, sntp’...
Page 55: Network Time (Sntp Server)
M A G N U M S W I T C H E S , Syntax sntp [enable|disable] For example, to set the SNTP server to be 204.65.129.201 and a number of retries set to 3 times); allowing the synchronization to be ever 5 hours, the following commands are used sntp Magnum6K25#...
Page 56: Figure 37 - Saving The Configuration On A Tftp Server
“passive ftp” in which the client initiating the connection initiates both the data and command connection request. Most companies prefer passive ftp and GarrettCom MNS-6K provides means to operate in those environments. M N S - 6 K...
Page 57 This can also perform the task of exporting a configuration file or uploading a new image to the switch [host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>] [pass=<password>] – parameters associated with ftp server for proper communications with the server The “sftp”...
Page 58: Upload Or Download Different Types Of Files And Images .Other Files Such As Log Files, Hosts File Can Also Be Saved Or Loaded Onto A Switch
The details are conceptually explained in the figure below. 38 – Based on the sftp, ftp, tftp or xmodem commands – the MNS-6K based switch can IGURE upload or download different types of files and images .Other files such as log files, hosts file can also be saved or loaded onto a switch Prior to Release 3.2, the configuration was saved only as a binary object (file).
Page 59: Config Files
S W I T C H E S , object or in a newer format as an ASCII (readable) file. The new format is preferred by GarrettCom and GarrettCom recommends all configuration files be saved in the new format. GarrettCom recommends saving the configuration in the old format only if there are multiple Magnum 6K family of switches on the network and they all run different versions of MNS-6K.
Page 60: Figure 40 - Contents Of The Config File
# test environment prior to use in a "live" production network. # All modifications are made at the User's own risk and are # subject to the limitations of the GarrettCom software End User # License Agreement (EULA). Incorrect usage may result in # network shutdown.
Page 61: Script Files
M A G N U M S W I T C H E S , System portion of the file only. GarrettCom recommends editing the “script” file (see below) Note 2 – File names cannot have special characters such as *#!@$^&* space and control characters.
Page 62: Recommends That Modifications Of This File And The Commands Should Be Verified By The User In A Test Environment Prior To Use In A "Live" Production Network
41 – Example of Script file. Note all the commands are CLI commands. This script provides IGURE insights into the configuration of Magnum MNS-6K settings. GarrettCom recommends that modifications of this file and the commands should be verified by the User in a test environment prior to use in a "live"...
Page 63: Displaying Configuration
M A G N U M S W I T C H E S , ==================================================================== server Magnum6K25(access)## 42 – Creating host entries on MNS-6K IGURE Syntax more <enable|disable|show> - enable or disable the scrolling of lines one page at a time Example more show Magnum6K25#...
Page 64: Figure 44 - ' Show Config' Command Output
M A G N U M S W I T C H E S , gvrp GVRP settings snmp SNMP settings Web and SSL/TLS settings tacacs TACACS+ settings auth 802.1x Settings igmp IGMP Settings smtp SMTP settings If the module name is not specified the whole configuration is displayed. show config Magnum6K25# [HARDWARE]...
Page 65: Displaying Or Hiding Passwords
M A G N U M S W I T C H E S , deftrapcomm=public authtrap=disable com2sec_count=0 group_count=0 view_count=1 view1_name=all view1_type=included view1_subtree=.1 view1_mask=ff --more— <additional lines deleted for succinct viewing> 45 – displaying specific modules using the IGURE show config module=snmp,system Magnum6K25# [HARDWARE] type=Magnum6K25...
Page 66: Erasing Configuration
‘kill config’. This command is a “hidden command” i.e. the on-line help and other help functions normally do not display this command. The ‘kill config’ command resets everything to the factory default. The reset does not take place till the switch reboots. It is recommended to save the configuration (using ‘saveconf’ command discussed above) before using the ‘kill config’...
Page 67: Displaying Serial Number
48 – Erasing configuration without erasing the IP address IGURE Once the configuration is erased, please reboot the switch for the changes to take effect. Displaying Serial Number To display the serial number of the unit, use the command “show setup” as shown below. The command also displays other information related to the switch.
Page 68: List Of Commands In This Chapter
– do not set the IP address automatically auto - the switch will first look for a DHCP server. If a DHCP server is not found, it will then look for a BootP server. If that server is not found, the switch will check to see if the switch had a pre-configured IP address.
Page 69 The modules are system, event, port, bridge, stp, ps, mirror, sntp, vlan, gvrp and snmp Syntax show session – display telnet sessions active on the switch Syntax kill session id=<session> - kill a specific telnet session Syntax set ftp mode=<normal|passive>...
Page 70 This can also perform the task of exporting a configuration file or uploading a new image to the switch [host=<hostname>] [pass=<password>] – parameters associated with ftp server for proper communications with the server Syntax stftp<get|put| list|del >...
Page 71: Other Commands
This can also perform the task of exporting a configuration file or uploading a new image to the switch Syntax host <add|edit|del> name=<host-name> [ip=<ipaddress>] [user=<user>] [pass=<password>] – create a host entry for accessing host. This is equivalent to creating a host table on many systems.
Page 72 M N S - 6 K U S E R G U I D E Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been operational...
Page 73: Ipv6
4 – IPv6 Next generation IP addressing his section explains how the access to the GarrettCom Magnum MNS-6K can setup using IPv6 instead of IPv4 addressing described earlier. IPv6 provides a much larger address space and is required today by many. IPv6 is available in MNS-6K-SECURE version only.
Page 74: What's Changed In Ipv6
M A G N U M S W I T C H E S , incremental, with few or no critical interdependencies. Most of today's internet uses IPv4, which is now nearly twenty years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems.
Page 75: Configuring Ipv6
used as an identifier for the node. A single interface may be assigned multiple IPv6 addresses of any type. There are three types of IPv6 addresses. These are unicast, anycast, and multicast. Unicast addresses identify a single interface. Anycast addresses identify a set of interfaces such that a packet sent to an anycast address will be delivered to one member of the set.
Page 76: List Of Commands In This Chapter
– Besides, if the end station supports IPv6 addressing (as most Linux and Windows systems do), one can access the switch using the IPv6 addressing as shown in the example below http://fe80::220:6ff:fe25:ed80 List of commands in this chapter Syntax ipconfig [ip=<ip-address>] [mask=<subnet-mask>] [dgw=<gateway>]...
Page 77 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E...
Page 78: Dhcp Server
5 – DHCP Server Access to other devices on the network…. his feature is available in MNS-6K-SECURE only. This section explains how DHCP services can be provided for devices on the network. MNS-6K can provide DHCP services. Network administrators use Dynamic Host Configuration Protocol (DHCP) servers to administer IP addresses and other configuration information to IP devices on the network.
Page 79: Modes Of Operation
M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E As described earlier, the Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP addresses, subnet masks, default gateway, DNS servers and other IP parameters.
Page 80: Technical Details
M A G N U M S W I T C H E S , intervention. Most administrators prefer to use static IP addresses (which are allocated out for such purposes) instead of using the manual mode. Allocating specific IP address for specific networks or VLANs also aids in securing the network. Firewall rules or access rules can be written and designed for specific address ranges, which are allocated out by the DHCP server.
Page 81: Dhcp Offers
M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E The client broadcasts on the physical subnet to find available servers. Network administrators can configure a local router to forward DHCP packets to a DHCP server on a different subnet.
Page 82: Dhcp Information
M A G N U M S W I T C H E S , acknowledgement to the client. The system as a whole expects the client to configure its network interface with the supplied options. DHCP Information The client sends a request to the DHCP server: either to request more information than the server sent with the original DHCP ACK;...
Page 83 M A G N U M S W I T C H E S , Syntax - reserve-ip ip=<ip> [mac=<mac>] - reserve a specific IP address for a device Syntax - clear-reserveip ip=<ip> - clear the reverse IP assigned Syntax - show dhcpsrv <config|status|leases> - display the DHCP server configuration, leases as well as status DHCP Services are available for the default VLAN only.
Page 84: List Of Commands In This Chapter
M A G N U M S W I T C H E S , Gateway : 192.168.10.1 Lease time : 8 Hours dhcpsrv stop Magnum6K25(dhcpserver)## The Server takes few seconds to Stop... exit Magnum6K25(dhcpserver)## Magnum6K25# 51 – Setting up DHCP Server on MNS-6K-SECURE IGURE List of commands in this chapter Syntax - dhcpsrv <start|stop>...
Page 85: Sntp Server
Internet on this topic. SNTP Server is available only on MNS-6K-SECURE Not all models of the GarrettCom 6K family of switches support SNTP server as this functionality requires a clock that needs to be accurate. While all devices can be SNTP clients, a select set of devices can be SNTP servers.
Page 86: Stratum Clocks
M A G N U M S W I T C H E S , Time or Temps Atomique International (TAI) by inserting leap seconds at intervals of about 18 months. UTC time is disseminated by various means, including radio and satellite navigation systems, telephone modems and portable clocks.
Page 87 M A G N U M S W I T C H E S , Stratum 2 devices will peer with other Stratum 2 devices to provide more stable and robust time for all devices in the peer group. Stratum 2 devices normally act as servers for Stratum 3 NTP requests.
Page 88: Mns-6K-Secure Implementation
Magnum6K25# 53 – Using the SNTP commands IGURE A Tech Brief on the GarrettCom web site describes how this capability can be used to create time servers in a network. To review this tech brief, please go to www.garrettcom.com Tech Briefs.
Page 89: List Of Commands In This Chapter
M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax sntpserver – enter the SNTP Server configuration mode Syntax sntpsrv <start|stop>...
Page 90: Access Considerations
7 – Access Considerations Securing the switch access…. his section explains how the access to the GarrettCom Magnum MNS-6K can be secured. Further security considerations are also covered such as securing access by IP address or MAC address. Securing access is assumed here that the user is familiar with issues concerning security well as securing access for users and computers on a network.
Page 91: Port Security
M A G N U M S W I T C H E S , Port Security The port security feature can be used to block computers from accessing the network by requiring the port to validate the MAC address against a known list of MAC addresses. This port security feature is provided on an Ethernet, Fast Ethernet, or Gigabit Ethernet port.
Page 92 Syntax remove mac=<all|address|list|range> port=<num|list|range> Syntax signal port=<num|list|range> <none|log|trap|logandtrap> Where allow mac – configures the switch to setup allowed MAC addresses on specific ports learn port – configures the switch to learn the MAC addresses associated with specific port or a group of ports show port-security –...
Page 93: Information
58 – Port security - the port learns the MAC addresses. Note – a maximum of 200 MAC IGURE addresses can be learnt per port and a maximum of 500 per switch. Also, the ‘action’ on the port must be set to none before the port ‘learns’ the MAC address information.
Page 94: Port-
ENABLE NONE Magnum6K25(port-security)## 60 – Viewing port security settings on a switch. On port 9, learning is enabled. This port has 6 IGURE stations connected to it with the MAC addresses as shown. Other ports have learning disabled and the...
Page 95 M A G N U M S W I T C H E S , ENABLE NONE ENABLE NONE 62 – Allowing specific MAC address on specific ports. After the MAC address is specified, the IGURE port or specific ports or a range of ports can be queried as shown Magnum6K25(port-security)## Specified MAC address(es) removed from selected port(s) Magnum6K25(port-security)##...
Page 96 M A G N U M S W I T C H E S , 9) (Optional step) Set the notification to notify the management station on security breach attempts (Use command ‘signal port’ to make a log entry or send a trap) port-security Magnum6K25# Magnum6K25(port-security)##...
Page 97: Syslog And Logs
M A G N U M S W I T C H E S , Once port security is setup, it is important to manage the log and review the log often. If the signals are sent to the trap receiver, the traps should also be reviewed for intrusion and other infractions.
Page 98 M A G N U M S W I T C H E S , Code Description The above categories are defined for MNS as fatal (or Emergency) alert (same as Alert) crit (or Critical) error (same as Error) warn (or Warning) note (or Notice) info (or Informational) debug (same as Debug)
Page 99 M A G N U M S W I T C H E S , The ‘show log’ command displays the log information and the ‘clear log’ command clears the log entries. Syntax show log [fatal|alert|crit|error|warn|note|info|debug] – display the log Syntax clear log [fatal|alert|crit|error|warn|note|info|debug]–...
Page 100 M A G N U M S W I T C H E S , Note 06-23-2007 05:59:02 P.M SNTP:SNTP Client Started Note 06-23-2007 05:59:09 P.M SNTP:SNTP Time Synchronized Note 06-23-2007 05:59:10 P.M SNTP:SNTP Time Synchronized Note 06-23-2007 05:59:36 P.M CLI:Session Started from Telnet: 192.168.5.2 Note 06-23-2007 05:59:39 P.M SNTP:SNTP Time Synchronized Note 06-23-2007 05:59:40 P.M SNTP:SNTP Time Synchronized Note 06-23-2007 05:59:49 P.M CLI:User manager Login From Telnet: 192.168.5.2...
Page 101 M A G N U M S W I T C H E S , Server Added Magnum6K25 (syslog)## SysLog Status: Disabled Server ID: 1 SysLog Server Host : 192.168.5.2 Server Logging : Disabled Log Events : Default Server ID: 2 SysLog Server Host : 192.168.5.98 Server Logging : Disabled Log Events...
Page 102: Commands Are Also Displayed
IGURE commands are also displayed The log shows the most recent event at the top of the listing. If the log is filled when the switch detects a new event, the oldest entry is dropped off the listing. As discussed in the prior section, any port can be set to monitor security as well as make a log of the events that take place.
Page 103: Authorized Managers
Time – time the event occurred on. See Chapter 3 on setting the switch Log Description – description of event as detected by the switch Severity is one of 8 severities described at the beginning of this section. Authorized managers This feature is available in MNS-6K-SECURE.
Page 104: List Of Commands In This Chapter
M A G N U M S W I T C H E S , deny – deny specified services for specified IP addresses – IP addresses can be individual stations, a group of stations or subnets. The range is determined by the IP address and netmask settings remove –...
Page 105 Syntax allow mac=<address|list|range> port=<num|list|range> - specify a specific MAC address or MAC address list Syntax learn port=<number-list> <enable|disable> - learn MAC addresses connected to the Magnum 6K switch Syntax show port-security – display port security settings Syntax action port=<num|list|range> <none|disable|drop> - action to perform in case of breach of port security Syntax signal port=<num|list|range>...
Page 106 M A G N U M S W I T C H E S , Syntax deny ip=<ipaddress> mask=<netmask> service=<name|list> - deny specific IP address or range of IP addresses Syntax remove ip=<ipaddress> mask=<netmask> - delete a specific IP address from the access or trusted host list Syntax removeall –...
Page 107: Access Using Radius
Authentication Server (RADIUS Server). In the figure below, the PC acts as the supplicant. The supplicant is an entity being authenticated and desiring access to the services. The switch is the authenticator. The authenticator enforces authentication before allowing access to services that are accessible via that port. The authenticator is...
Page 108 EAP over RADIUS encapsulates EAP packets onto RADIUS packets for relaying to RADIUS authentication servers. The details of the 802.1x authentication are shown below M N S - 6 K U S E R G U I D E 802.1x 802.1x Switch Switch Authentication Authentication Server (RADIUS) Server (RADIUS)
Page 109 3. The supplicant then sends back its own identification using an EAP-Response/Identity frame to the authenticator (Magnum 6K switch.) The authenticator then relays this to the authentication server by encapsulating the EAP frame on a RADIUS-Access-Request packet 4.
Page 110: Configuring 802.1X
Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] - define the RADIUS server – use UDP socket number if the RADIUS authentication is on port other than 1812 Syntax auth <enable|disable> - enables or disables the 802.1x authenticator function on MNS-6K switch Syntax setport port=<num|list|range> [status=<enable|disable>] [control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] - setting the...
Page 111 Default value is 30. Values can be from 1 to 65535 seconds Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] - set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or port – [mandatory] – ports to be configured status –...
Page 112 auth disable Magnum6K25(auth)## 802.1X Authenticator is disabled. authserver ip=192.168.1.239 secret=secret Magnum6K25(auth)## Successfully set RADIUS Authentication Server parameter(s) Magnum6K25(auth)##auth enable 802.1X Authenticator is enabled. show auth ports Magnum6K25(auth)## Port Status Control ================================================================ Enabled Auto Enabled ForcedAuth Enabled Auto Enabled Auto Enabled Auto Enabled Auto Enabled Auto Enabled Auto...
Page 113 show-port backend Magnum6K25(auth)## Port Supp Timeout Server Timeout (sec) ================================================= portaccess port=2 quiet=120 maxreauth=7 transmit=120 Magnum6K25(auth)## Successfully set port access parameter(s) show-port access Magnum6K25(auth)## Port Quiet Period Max Reauth (sec) ================================================= reauth port=1 status=enable period=300 Magnum6K25(auth)## Successfully set re-authentication parameter(s) Max Request (sec) Tx Period...
Page 114: Figure 70 - Securing The Network Using Port Access
M A G N U M S W I T C H E S , show-port reauth Magnum6K25(auth)## Port Reauth Status ================================================= Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled show-stats port=3 Magnum6K25(auth)## Port 3 Authentication Counters authEntersConnecting...
Page 115: List Of Commands In This Chapter
Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] - define the RADIUS server – use UDP socket number if the RADIUS authentication is on port other than 1812 Syntax auth <enable|disable> - enables or disables the 802.1x authenticator function on MNS-6K switch Syntax setport port=<num|list|range> [status=<enable|disable>] [control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] - setting the...
Page 116 S W I T C H E S , Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] - set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or port – [mandatory] – ports to be configured status – [optional] This enables/disables re-authentication period –...
Page 117: Access Using Tacacs
9 – Access Using TACACS+ Using a TACACS+ server to authenticate access…. his feature is available in MNS-6K-SECURE. TACACS+, short for Terminal Access Controller Access Control System, protocol provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services.
Page 118: Authorization
TACACS+ Flow TACACS works in conjunction with the local user list on the MNS-6K software (operating system.) Please refer to User Management process of authentication as well as authorization is shown in the flow chart below. Login as Operator Login as Operator Is User Manager? Is User Manager? Login as Manager...
Page 119: Tacacs+ Packet
M A G N U M S W I T C H E S , is authentication where the user is verified against the network user database. The second stage is authorization, where it is determined whether the user has operator access or manager privileges. TACACS+ Packet Packet encryption is a supported and is a configurable option for the Magnum MNS-6K software.
Page 120 M A G N U M S W I T C H E S , Syntax tacplus <enable|disable> [ order=<tac,local | local,tac>] - enable or disable TACACS authentication, specifying the order in which the server or local database is looked up where “tac,local” implies, first the TACAS+ server, then local logins on the device.
Page 121: List Of Commands In This Chapter
M A G N U M S W I T C H E S , ================================================ 10.21.1.170 10.21.1.123 tacserver delete id=2 Magnum6K25(user)## TACACS+ server is deleted. show tacplus servers Magnum6K25(user)## TACACS+ Server ================================================ 10.21.1.170 tacplus enable Magnum6K25(user)## TACACS+ is enabled. Magnum6K25(user)## 73 –...
Page 122 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E [key=<string>] – [optional for add, mandatory with encrypt] when encryption is enabled, the secret shared key string must be supplied [mgrlevel=<level>] and [oprlevel=<level>] –...
Page 123: For A Specific Port
Setup the ports for network speeds, performance as well as for monitoring…. his section explains how individual characteristics of a port on the GarrettCom Magnum 6K family of switches are setup. For monitoring a specific port, the traffic on a port can be mirrored on another port and viewed by protocol analyzers.
Page 124: Port Setup
Port setup Each port on the GarrettCom Magnum 6K family of switches can be setup specific port characteristics. The command for setting the port characteristics are: Syntax device – enter the device configuration mode Syntax setport port=<port#|list|range>...
Page 125: Speed Settings
speed – specifically sets the speed to be 10 or 100Mbps. Note – this works only with 10/100 ports – with 10Mbps ports, the option is ignored. No error is shown. See speed settings section below. flow – sets up flow control on the port. See Flow Control section below bp –...
Page 126: Flow Control
M A G N U M S W I T C H E S , with the 802.3u standard, then the port configuration on the switch must be manually set to match the port configuration on the other device. Possible port setting combinations for copper ports are: •...
Page 127: Back Pressure
M A G N U M S W I T C H E S , where xonlimit can be from 3 to 30, default value is 4 xofflimit from 3 to 127, default value is 6 Syntax show flowcontrol Back Pressure Back Pressure is for half duplex operations and the controls provided indicates the number of buffers allowed for incoming traffic before a xon/xoff message is sent.
Page 128 device Magnum6K25# show flowcontrol Magnum6K25(device)## XOnLimit : 4 XOffLimit : 6 flowcontrol xonlimit=10 xofflimit=15 Magnum6K25(device)## XOn Limit set successfully XOff Limit set successfully show flowcontrol Magnum6K25(device)## XOnLimit : 10 XOffLimit : 15 show backpressure Magnum6K25(device)## Rx Buffer Threshold : 28 backpressure rxthreshold=45 Magnum6K25(device)## Rx Buffer Threshold set successfully...
Page 129: Broadcast Storms
M A G N U M S W I T C H E S , Port Back Pressure Port Events Notify Magnum6K25(device)## Magnum6K25(device)## Keys: E = Enable H = Half Duplex M = Multiple VLAN's LI = Listening F = Forwarding Port Name Status Dplx Media Link -------------------------------------------------------------------------------------------------------------...
Page 130: Preventing Broadcast Storms
M A G N U M S W I T C H E S , programs (including some network games) are used. Storms can reduce network performance and cause bridges, routers, workstations, servers and PC's to slow down or even crash. Preventing broadcast storms The Magnum 6K family of switches is capable of detecting and limiting storms on each port.
Page 131: Port Rate Limiting For Broadcast Traffic
M A G N U M S W I T C H E S , Enabled 19531 Enabled 19531 Enabled 19531 Enabled 19531 Magnum 25(device) # Broadcast Rate Threshold set Magnum6K25(device)## ====================================================================== PORT | STATUS | THRESHOLD (frms/sec) | CURR RATE (frms/sec) | ACTIVE ====================================================================== Enabled 19531...
Page 132 – display flow control buffers yntax backpressure rxthreshold=<value> - configure backpressure buffers yntax show backpressure – display backpressure buffers yntax broadcast-protect <enable|disable> - protect switch from broadcast storms yntax rate-threshold port=<port|list|range> rate=<frames/sec> - change the allowed broadcast rate threshold...
Page 133: Traditional" Ethernet Segments
Magnum 6K family of switches. A VLAN is a group of ports designated by the switch as belonging to the same broadcast domain. The IEEE 802.1Q specification establishes a standard method for inserting VLAN membership information into Ethernet frames.
Page 134 L3-switch). The routing function can be done internally to a L3-switch. One advantage of an L3 switch is that the switch can also support multiple VLANs. The L3 switch can thus route traffic across multiple VLANs easily and provides a cost effective solution if there are mnay VLANs defined.
Page 135: Creating Vlans
80 – routing between different VLANs is performed using a router such as a Magnum DX IGURE device or a Layer 3 switch (L3-switch) MNS-6K supports up to 32 VLANs per switch. MNS-6K-SECURE supports up to 256 VLANs per switch. Creating VLANs Creating VLAN and to configure VLAN related commands Syntax set vlan type=<tag|none>...
Page 136: Private Vlans
Port VLAN for additional information. The reasons Private VLANs are constructed are for security. For example, if some confidential data were residing on VLAN 5, then only the people connected to that switch on VLAN 5 can M N S - 6 K...
Page 137: Using Vlans
VLAN basis. For example the command status=tagged will instruct the switch to tag all packets going out of port 1 to belong to VLAN Syntax set-port port=<number|list|range> join id=<number> adds the specified port(s) to the specified VLAN id.
Page 138 3. There can only be one default VLAN for the switch. The default is set to VLAN 1 and can be changed to another VLAN. A word of caution on changing the default VLAN as well –...
Page 139 M A G N U M S W I T C H E S , VLAN ID: 30 Name : marketing Status : Active ======================== PORT | STATUS ======================== DOWN stop vlan=all Magnum6K25(port-vlan)## All active VLAN's stopped. exit Magnum6K25(port-vlan)## show active-vlan Magnum6K25# Tag VLAN is currently active.
Page 140 M A G N U M S W I T C H E S , Tag based vlan Added Successfully. Vlan id Vlan name : sales Ports :14-16 add id=20 name=marketing port=14-16 Magnum6K25(tag-vlan)## ERROR: Duplicate Vlan Id add id=30 name=marketing port=14-16 Magnum6K25(tag-vlan)## Tag based vlan Added Successfully.
Page 141 M A G N U M S W I T C H E S , UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN VLAN ID: 30 Name : marketing Status : Pending ---------------------------------------------------- PORT MODE STATUS ---------------------------------------------------- UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN start vlan=all...
Page 142 ----------------------------------------------- PORT | MODE STATUS ----------------------------------------------- 14 | UNTAGGED | DOWN 15 | UNTAGGED | DOWN 16 | UNTAGGED | DOWN VLAN ID: 20 Name : sales Status : Active ----------------------------------------------- PORT | MODE STATUS ----------------------------------------------- 14 | UNTAGGED | DOWN 15 | UNTAGGED |...
Page 143 UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN UNTAGGED | DOWN 10 | UNTAGGED | DOWN 11 | UNTAGGED | DOWN 12 | UNTAGGED | DOWN 13 | UNTAGGED | DOWN 14 |...
Page 144 M A G N U M S W I T C H E S , Port 1 Default ID Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 2 Default ID Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED <Deleting repeated information for ports 3 through 12>...
Page 145 show-port Magnum6K25(tag-vlan)## VLAN Port Status. Port 1 Default ID Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED Port 2 Default ID Filter Status : DISABLED. VLAN Memberships: Vlan: 1 Status: Active UNTAGGED <Deleting repeated information for ports 3 through 12> Port 13 Default ID Filter Status...
Page 146: List Of Commands In This Chapter
VLAN on MNS-6K using Cisco Catalyst® switches or Magnum DX routers. These tech briefs are available on the GarrettCom Inc. web site Support Software Support.
Page 147 M A G N U M S W I T C H E S , Syntax set-port port=<number|list|range> tagging id=<number> status=<tagged| untagged> defines whether the outgoing packets from a port will be tagged or untagged. Syntax set-port port=<number|list|range> join id=<number> adds the specified port(s) to the specified VLAN id Syntax set-port port=<number|list|range>...
Page 148: Spanning Tree Protocol (Stp)
The MNS-6K software allows a manager to adjust the cost, priority, the mode for each port as well as the global STP parameter values for the switch. While allowing only one active path through a network at any time, STP retains any redundant physical path to serve as a backup (blocked) path in case the existing active path fails.
Page 149: Using Stp
The commands used for configuring STP are listed below. Syntax show stp <config|ports > - regardless of whether STP is enabled or disabled (default) this command lists the switch’s full STP configuration, including general settings and port settings show stp config...
Page 150: Figure 83 - Viewing Stp Configuration
Value ranges from 6 to 40 seconds with default value of 20 seconds oot Port: indicates the port number, which is elected as the root port of the switch. A root port of “0” indicates STP is disabled oot Path Cost: A path cost is assigned to individual ports for the switch to determine which ports are the forwarding points.
Page 151: Figure 84 - Stp Port Status Information
Root B ridge Forward Delay: indicates the designated root bridge’s forward delay. This the time the switch waits before it switches from the listening to the forwarding state. The default is 15 seconds. This value can be set between 4-30 seconds Root Bridge Hello Time: indicates the designated root bridge’s...
Page 152 Priority: STP uses this to determine which ports are used for forwarding. Lower the umber means higher priority. Value ranges from 0 to 255. Default is 128 Path Cost: This is the assigned port cost value used for the switch to deter rwarding points. Values range from 1 to 65535 State: indicates the STP state of individual ports.
Page 153: Figure 85 - Enabling Stp
Syntax priority [port=<num port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 Syntax c ost port=<number|list|range>...
Page 154 Priority : specifies the switch (bridge) priority value. witch MAC address to determine which switch in the network is the root device. Lower values mean higher priority. Value ranges from 0 to 65535. Default value is 32768 Cost: A path cost is assigned to individual ports for the switch to determine whic re the forwarding points.
Page 155 M A G N U M S W I T C H E S , STP Port Configuration ------------------------------------------------------------------------------------------------------------------------ Port# Type Priority ------------------------------------------------------------------------------------------------------------------------ TP(10/ 0) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 stp enable Magnum6K25(stp)## Successfully set the STP status...
Page 156 M A G N U M S W I T C H E S , TP(10/100) 128 TP(10/100) 128 TP(10/100) 128 priority value=15535 Magnum6K25(stp)## Successfully set the bridge priority show stp config Magnum6K25(stp)## STP CONFIGURATION ----------------- Spanning Tree Enabled(Global) Spanning Tree Enabled(Ports) Protocol Bridge ID Bridge Priority...
Page 157 M A G N U M S W I T C H E S , Setting cost for STP...Successfully set the path cost for port 13 show stp ports Magnum6K25(stp)## STP Port Configuration ------------------------------------------------------------------------------------------------------------------------ Port# Type Priority ------------------------------------------------------------------------------------------------------------------------ TP(10/ 0) 128 TP(10/100) 128 TP(10/100) 128 TP(10/100) 128...
Page 158 M A G N U M S W I T C H E S , show stp config Magnum6K25(stp)## STP CONFIGURATION ----------------- Spanning Tree Enabled(Global) Spanning Tree Enabled(Ports) Protocol Bridge ID Bridge Priority Bridge Forward Delay Bridge Hello Time Bridge Max Age Root Port Root Path Cost Designated Root...
Page 159: List Of Commands In This Chapter
Syntax priority [port=<number|list|range>] value=<0-255 | 0 switch level priority. When a port(s) are specified the priority is associated with ports a 255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 Syntax c ost port=<number|list|range>...
Page 160: Rapid Spanning Tree Protocol (Rstp)
IEEE 802.1D-2004 proposes a new standard for faster recovery for up to 16 switches. GarrettCom implements the IEEE 802.1D-2004 and enhancements to cover more than 16 switches for larger networks. RSTP converges in less than one second to six seconds.
Page 161: Transition From Stp To Rstp
Proper implementations of RSTP (by switch vendors) is designed to be compatible with IEEE 802.1d STP. GarrettCom recommends that you employ RSTP or STP in your network. Transition from STP to RSTP IEEE 802.1w RSTP is designed to be compatible with IEEE 802.1D STP.
Page 162: Configuring Rstp
Configuring RSTP The commands to setup and configure RSTP on MNS-6K are Syntax set stp type=<stp|rstp> - Set the switch to support RSTP or change it back to STP. Need to save and reboot the switch after this command Syntax rstp – enter the RSTP configuration mode...
Page 163 STP services, but cannot support RSTP services p2p - This parameter is used to tell the port if it is connected to another switch or a hub or a bridge device. This parameter should be set to off for all ports that are connected to a shared device such as a hub.
Page 164: Figure 87 - Enabling Rstp And Reviewing The Rstp Variables
Value ranges from 6 to 160 seconds with default value of 20 seconds. Root Port: indicates the port number, which is elected as the root port of the switch. A root port of “0” indicates STP is disabled...
Page 165: Figure 88 - Reviewing The Rstp Port Parameters
S W I T C H E S , Root Path Cost: a path cost is assigned to individual ports for the switch to determine which ports are the forwarding points. A higher cost means more loops; a lower cost means fewer loops.
Page 166: Figure 89 - Path Cost As Defined In Ieee 802.1D (Stp) And 802.1W (Rstp)
M A G N U M S W I T C H E S , Port#: indicates the port number. Value ranges from 01 to max number of ports in the switch Type: indicates the type of port – TP indicates Twisted Pair Priority: STP uses this to determine which ports are used for forwarding.
Page 167 Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0- 255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 Syntax cost port=<number|list|range>...
Page 168 The value is from 1 to 10 seconds. Default value is 2 seconds Age: This is the maximum time a message with STP information is allowed by the switch before the switch discards the information and updates the address table again. Value ranges from 6 to 160 seconds with default value of 20 seconds.
Page 169 Disabled Forwarding 00:00:00:20:06:25:ed:89 00:0d Disabled Disabled Disabled “forceversion” can be used for compatibility with STP devices. In this example, the switch is forced to STP mode. : YES : 9,10,11,12,13,14,15,16 : Force to STP only : 00:00:00:20:06:25:ed:89 : 15 : 02...
Page 170 U S E R G U I D E : 20 : 100 Using forceversion the switch is now operating using RSTP. Note the “show stp config” command also indicates the switch protocol is RSTP. : YES : 9,10,11,12,13,14,15,16 : Normal RSTP...
Page 171 M A G N U M S W I T C H E S , priority port=13 value=100 Magnum6K25(rstp)## show rstp ports Magnum6K25(rstp)## RSTP Port Configuration ----------------------------------------------------------------------------------------------------------------- Port# Type Priority Path Cost ---------------------------------------------------------------------------------------------------------------- TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 100 200000 TP(10/100) 128 2000000...
Page 172: Figure 91 - Configuring Rstp On Mns-6K
TP(10/100) 128 2000000 port port=9 status=enable Magnum6K25(rstp)## show rstp ports Magnum6K25(rstp)## RSTP Port Configuration ------------------------------------------------------------------------------------------------------------------ Port# Type Priority Path Cost ------------------------------------------------------------------------------------------------------------------ TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 100 250000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 TP(10/100) 128 2000000 timers forward-delay=20 hello=5 age=30 Magnum6K25(rstp)##...
Page 173: List Of Commands In This Chapter
List of commands in this chapter Syntax set stp type=<stp|rstp> - Set the switch to support RSTP or change it back to STP. Need to save and reboot the switch after this command Syntax rstp – enter the RSTP configuration mode Syntax rstp <enable|disable>...
Page 174 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax timers forward-delay=<4-30> hello=<1-10> age=<6-160> - change the STP Forward delay, Hello timer and Aging timer values...
Page 175: S-Ring™ And Link-Loss-Learn™ (Lll)
STP where it does the necessary actions for fault recovery (such as re-learn addresses) in case of a link failure. S-Ring is a ring technology using the GarrettCom MNS-6K software. In a S-Ring, a switch is designated as a “Ring Manager”. Devices in a S-Ring can be managed...
Page 176: S-Ring And Lll Concepts
STP, S-Ring offers an additional topology option to network architects. The two ends of a ring must be connected to two ports in a Magnum 6K Switch that is enabled with the S-Ring software. The end points of the ring provide an alternate path to reach the switch that has failed.
Page 177: Comparing Resiliency Methods
M A G N U M S W I T C H E S , There can be multiple S-Rings on a given Magnum 6K switch. There can be multiple ring topologies in a network. Each ring has to be a separate ring. Ring of rings or overlapping rings are not supported at this time S-Ring topologies support one failure in the network.
Page 178: Rstp/Stp Operation Without S-Ring
S-Ring supports non managed switches as long as LLL capability is supported on that switch. A ring is a special form of mesh network topology. The two top-of-the-ring ports form an otherwise-illegal redundant path, and standard RSTP/STP causes one of these two ports to block incoming packets in order to enable normal Ethernet traffic flow.
Page 179 M A G N U M S W I T C H E S , Forwarding Forwarding Port Port 92 – Normal RSTP/STP operations in a series of switches. Note – this normal status is IGURE designated RING_CLOSED This normal status is designated as RING_CLOSED. Operations will continue this way indefinitely until a fault occurs.
Page 180: Rstp/Stp Operation With S-Ring
S-Ring when RSTP or STP is configured and in use. For the S-Ring, the user must select two ports of one 6K switch to operate as a pair in support of each Ethernet ring, and attach to the two “ends” of each ring as it comes together at the ring control switch.
Page 181: Participate In S-Ring As An Access Switch
94 – More than one S-Ring pair can be selected and more than one S-Ring can be defined per IGURE switch. Note – the mP62 as well as the ES42 switches support LLL and can participate in S-Ring as an access switch More than one S-Ring port-pair may be selected per ring control switch.
Page 182: Lll With S-Ring
S- Ring port-pair list for that 6K Switch. The user can enable or disable ports pairs that are on the S-Ring list by CLI commands in order to exercise final control if needed.
Page 183 1) On the switch which is the root node, authorize the use of S-Ring software 2) On the switch which is the root node or where the top of the ring ports are configured, enable STP 3) On the root node enable S-Ring and add the necessary ports as S-Ring ports...
Page 184 Syntax s-ring add port=<port1,port2> - define ports which make up the S-Ring ports. Note as discussed earlier, you can create multiple S-Rings on a switch Syntax s-ring del port=<port1,port2> - remove the switch from S-Ring topology by eliminating the end ports on the switch...
Page 185 LLL has to be setup on other switches in the ring for the in-out ports on the switch. Syntax lll <enable|disable> - enable or disable LLL on the switch If STP is enabled, Link Loss Learn will not work even though it was enabled.
Page 186: List Of Commands In This Chapter
Syntax s-ring add port=<port1,port2> - define ports which make up the S-ring ports. Note as discussed earlier, you can create multiple S-Rings on a switch Syntax s-ring del port=<port1,port2> - remove the switch from S-Ring topology by eliminating the end ports on the switch Syntax lll <enable|disable>...
Page 187 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E Syntax lll add port=<port|list|range> - enable LLL on the list of specified ports Syntax lll del port=<port|list|range>...
Page 188: 15 - Dual-Homing
A dual- homing switch (such as EDS42) offers two attachments into the network or two independent media paths and two upstream switch connections. In the case of the Magnum 6K family of switches, any two ports can be defined as dual-home ports to provide this level of redundancy.
Page 189: A Connectivity Break – The Connection Switches To The Standby Path Or Standby Link
M A G N U M S W I T C H E S , 98 – Dual-homing using ESD42 switch and Magnum 6K family of switches. In case of a IGURE connectivity break – the connection switches to the standby path or standby link...
Page 190 • Dual-homing ports can span different modules in a switch If dual homing is not configured there is a potential a loop can be created and either STP or RSTP will setup the port in the active stand-by mode.
Page 191: Dual-Homing Modes
There are two modes in which the dual-homing works. The first one is where the ports are “equivalent” i.e. if one port fails, the other one take over, however, if the first (failed) port recovers, the active port does not switch back. The second mode of operation is primary-secondary mode. In this mode of operation, the primary port is explicitly defined and the secondary port is explicitly defined.
Page 192 M A G N U M S W I T C H E S , dualhome ? Magnum6K25# dualhome : Configures Dual homing Usage dualhome <enter> show dualhome Magnum6K25# Dual Homing Status : DISABLED dualhome Magnum6K25# dualhome add port1=10 port2=11 Magnum6K25(dualhome)## Dual Homing Ports configured dualhome enable...
Page 193: List Of Commands In This Chapter
M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E List of commands in this chapter Syntax dualhome – enter the dual-homing configuration sub-system Syntax dualhome <enable|disable>...
Page 194: Link Aggregation Control Protocol (Lacp)
M A G N U M S W I T C H E S , 16 – Link Aggregation Control Protocol (LACP) Increase Network throughput and reliability ink aggregation Link Aggregation Control Protocol (LACP) is part of an IEEE specification (IEEE 802.3ad) that allows several physical ports to be grouped or bundled together to form a single logical channel.
Page 195: Lacp Configuration
LACP Configuration For LACP to work on the Magnum 6K family of switches, only one trunk per module can be created. Some valid connections are shown in the picture below. Switch 1 Switch 2 M N S - 6 K...
Page 196: Different Vlans
(for LACP using 4 ports) as the trunk group belongs to two different VLANs. However – on each switch, the set of ports can belong to same VLANs as shown in the figure below. While the ports belong to the same VLANs, there is no common VLAN...
Page 197 VLAN to another cannot be forwarded. There should be at least one VLAN common between the two switches and the LACP port groups. VLAN 1,10 VLAN 1,20 M N S - 6 K U S E R G U I D E Switch 1 Switch 2 Switch 1 Switch 2...
Page 198: Configuration On The Switches. Then Define The Lacp Ports. Then Finally Connect The Ports Together To Form The Meshed Redundant Link Topology As Shown Above
LACP ports. Then finally connect the ports together to form the meshed redundant link topology as shown above. Using the Magnum edge switch with dual-homing allows the edge devices to have link level redundancy as well – bringing the fault tolerance from the network to the edge.
Page 199 108 – LACP, along with RSTP/STP brings redundancy to the network core or backbone. IGURE Using this reliable core with a dual-homed edge switch brings reliability and redundancy to the edge of the network It is recommended not to use LACP with S-Ring at this time.
Page 200 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E S-Ring 1 S-Ring 2 109 – This architecture is not recommended IGURE LACP can be used for creating a reliable network between two facilities connected via a wireless bridge.
Page 201 Before enabling, please ensure that the correct ports are configured. If network connectivity is lost due to a port being configured as a LACP port, you will need to physically access the switch via the console to correct this error.
Page 202 M A G N U M S W I T C H E S , the lowest priority value has the highest priority and is designated as the primary port. If traffic analysis is required, it is recommended to mirror the primary port (and physically disconnect the other ports if all traffic needs to be captured).
Page 203 Trunk Mismatch The other switch sent a BPDU which did not match the trunk information associated with this port. This happens when the port is connected to a different switch, or a different module in the Magnum...
Page 204: Figure 112 - The Network For The 'Show Lacp' Command Listed Below
In the figure shown above, Switch 1 has ports 11 and 15 forming the first trunk, connecting to Switch 3. Switch 1 also has ports 17 and 23 forming the second trunk on Switch 2. The ‘show lacp’ command was executed on Switch 1.
Page 205: List Of Commands In This Chapter
M A G N U M S W I T C H E S , ===================== 32768 Primary Port 32768 Member Port 113 – LACP information over a network IGURE List of commands in this chapter Syntax lacp - enable the LACP configuration module within CLI Syntax lacp <enable | disable>...
Page 206: 17 - Quality Of Service
To make the preemptive queuing possible, most switches implement at least two queue buffers. The Magnum 6K family of switches has two priority queues, 1 (low) and 0 (high).When tagged packets enter a switch port, the switch responds by placing Chapter...
Page 207: Diffserv And Qos
DiffServ is a layer-3 protocol and requires no specific layer-2 capability, allowing it to be used in the LAN, MAN, and WAN. DiffServ works by tagging each packet (at the originating device or an intermediate switch) for the requested level of service it requires across the network.
Page 208: Ip Precedence
M A G N U M S W I T C H E S , IP Precedence IP Precedence utilizes the three precedence bits in the IPv4 header's Type of Service (ToS) field to specify class of service for each packet. You can partition traffic in up to eight classes of service using IP precedence.
Page 209: Configuring Qos
Magnum 6K family of switches support three types of QoS - Port based, Tag based and ToS based. QoS is disabled by default on the switch. QoS needs to be enabled and configured. Syntax qos – enter the QoS configuration mode Syntax setqos type=<port|tag|tos|none>...
Page 210: Figure 116 - Port Weight Settings And The Meaning Of The Setting
Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7. A weight is a number calculated from the IP precedence setting for a packet.
Page 211 Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] – displays the QoS settings Sometimes it is necessary to change the priority of the packets going out of a switch. For example, when a packet is received untagged and has to be transmitted with an addition of the 802.1p priority tag, the tag can be assigned depending on the untag value set.
Page 212 Port | DOWN None | DOWN None | DOWN None | DOWN None | DOWN show qos type=port Magnum6K25(qos)## ================================ PORT | PRIORITY | STATUS ================================ None None | DOWN None | DOWN None | DOWN HIGH | DOWN None | DOWN None | DOWN...
Page 213 show qos type=tag Magnum6K25(qos)## ======================================== PORT | Pri for VPT | STATUS | 76543210 ==== ==== ============ ==================== | -------- | UP | -------- | DOWN | -------- | DOWN | -------- | DOWN | -------- | DOWN | -------- | DOWN | -------- | DOWN...
Page 214: List Of Commands In This Chapter
- sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7 yntax show-portweight - display the weight settings on a port yntax show qos [type=<port|tag|tos>] [port=<port|list|range>] –...
Page 215: 18 - Igmp
18 – IGMP Multicast traffic on a network nternet Group Management Protocol (IGMP) is defined in RFC 1112 as the standard for IP multicasting in the Internet. It is used to establish host memberships in particular multicast groups on a single network. The mechanisms of the protocol allows a host to inform its local router, using Host Membership Reports that it wants to receive messages addressed to a specific multicast group.
Page 216 The multicast group running version 2 of IGMP uses three fundamental types of messages to communicate: • Query: A message sent from the querier (multicast router or switch) asking for a response from each host belonging to the multicast group. If a multicast router supporting IGMP is not present, then the switch must assume this function in order to elicit group membership information from the hosts on the network.
Page 217: Figure 118 - Igmp Concepts - Advantages Of Using Igmp
118 – IGMP concepts – advantages of using IGMP IGURE • PCs 1 and 4, switch 2, and all of the routers are members of an IP multicast group. (The routers operate as queriers.) • Switch 1 ignores IGMP traffic and does not distinguish between IP multicast group members and non-members.
Page 218: Figure 119 - Igmp Concepts - Isolating Multicast Traffic In A Network
The next figure (below) shows a network running IP multicasting using IGMP without a multicast router. In this case, the IGMP-configured switch runs as a querier. PCs 2, 5, and 6 are members of the same IP multicast group. IGMP is configured on switches 3 and 4. Either of these switches can operate as querier because a multicast router is not present on the network.
Page 219: Igmp-L2
The benefits of IGMP are clear. The traditional ways of building an IGMP network calls for the IGMP querier to reside on a Layer 3 network device - typically a router or a Layer 3 switch. The end devices (encoders or transmitters) reside on a Layer 2 device and the encoder sends a query/join request to join the specific multicast group.
Page 220: May Appear Sluggish
M A G N U M S W I T C H E S , traffic only goes to the ports requesting the traffic. The Magnum 6K family of switches, using IGMP-L2, can perform the similar tasks a Layer 3 device performs for IGMP. For a Layer 2 IGMP environment, all Magnum 6K family of switches have to be enabled in the IGMP-L2.
Page 221: Issue A Join Request As Well
121 - Using IGMP-L2 on Magnum 6K family of switches, a Layer 2 network can minimize multicast IGURE traffic as shown above. Each switch has the IGMPL2 turned on. Each switch can exchange the IGMP query message and respond properly. R4 wants to view surveillance traffic from T1. As shown by (1), a join request is sent by R4.
Page 222: Configuring Igmp
(IGMP) device reissues a join request again. A few additional facts about IGMP L2 • GarrettCom Magnum 6K family of switches configured for IGMP-L2 can perform the Join aggregation required by IGMP • Multicast forwarding is done based on MAC addresses – so datagram to IP addresses 224.1.2.3 and 239.129.2.3 can be forwarded on the same port groups.
Page 223: Figure 122 - Enabling Igmp And Query The Status Of Igmp
group del ip=<group ip> - delete ports from a specific IGMP broadcast group igmp Magnum6K25# igmp enable Magnum6K25(igmp)## IGMP is enabled show igmp Magnum6K25(igmp)## IGMP State ImmediateLeave Querier Querier Interval Querier Response Interval Multicasting unknown streams mcast disable Magnum6K25(igmp)## MCAST is disabled show igmp Magnum6K25(igmp)## IGMP State...
Page 224: Figure 123 - Displaying Igmp Groups
It disables the port (where the leave message is received) ability to transmit multicast traffic. Querier shows where the switch is acting a querier or a non-querier. In the example above the switch is the querier. Querier Interval shows the time period in seconds on which the switch sends general host- query messages.
Page 225 Syntax show-port – display the port characteristics for IGMP Syntax show-router – displays detected IGMP-enabled router ports Syntax set-leave <enable|disable> - enables or disables the switch to immediately process a host sending a leave message rather that wait for the timer to expire Syntax set-querier <enable|disable>...
Page 226 M A G N U M S W I T C H E S , Forwarding Forwarding Forwarding Auto Blocking Blocking Blocking igmp enable Magnum6K25(igmp)## IGMP is enabled show-router Magnum6K25(igmp)## RouterIp PortNo Timer -------------------------------------- 10.21.1.250 set-leave enable Magnum6K25(igmp)## IGMP immediate leave status is enabled show igmp Magnum6K25(igmp)## IGMP State...
Page 227: Figure 124 - Configuring Igmp
M A G N U M S W I T C H E S , Querier Response Interval set-querier disable Magnum6K25(igmp)## IGMP querier status is disabled show igmp Magnum6K25(igmp)## IGMP State ImmediateLeave Querier Querier Interval Querier Response Interval set-qi interval=127 Magnum6K25(igmp)## Query interval successfully set show igmp...
Page 228: Figure 125 - Adding Broadcast Groups Using The Group Command
GroupIp PortNo Timer ------------------------------------------------------------------------------ 0.0.0.0 239.0.1.10 STATIC 239.0.1.10 STATIC 239.0.1.10 STATIC 239.0.10.10 STATIC 239.0.10.10 STATIC 239.0.10.10 STATIC 239.0.10.10 STATIC 239.0.10.10 STATIC 239.0.10.10 STATIC group del ip=239.0.10.10 Magnum6K25(igmp)## Group Deleted show-group Magnum6K25(igmp)## GroupIp PortNo Timer ------------------------------------------------------------------------------ 0.0.0.0 239.0.1.10 STATIC 239.0.1.10 STATIC 239.0.1.10 STATIC Magnum6K25(igmp)##...
Page 229: List Of Commands In This Chapter
Syntax set-leave <enable|disable> - en leave message rather that wait for the timer to expire yntax set-querier <enable|disable> - enables or disables a switch as IGMP querier yntax set-qi interval=<value> - The IGMP querier router periodically sends general host-query messages.
Page 230 M A G N U M S W I T C H E S , group address, 224.0.0.1. The default value is 125 seconds. The valid range can be from 60 to 127 seconds. Syntax set-qri interval=<value> - elapse between when the querier router sends a host-query message and when it receives a response from a host.
Page 231: 19 - Gvrp
GVRP. GVRP is defined in the IEEE 802.1q and GARP in the IEEE 802.1p standards. In order to utilize the capabilities of GVRP, GarrettCom Inc. strongly recommends that the user is familiar with the concepts and capabilities of IEEE 802.1q.
Page 232: Gvrp Operations
127 – GVRP operation – see description below IGURE Switch 1 with static VLANs (VID= 1, 2, & 3). Port 2 is a member of VIDs 1, 2, & 3. 1. Port 2 advertises VIDs 1, 2, & 3 2. On Switch 2 - Port 1 receives advertisement of VIDs 1, 2, & 3 AND becomes a member of VIDs 1, 2, &...
Page 233 An “unknown VLAN” is a VLAN that the switch learns of by GVRP. For example, suppose that port 1 on switch “A” is connected to port 5 on switch “C”. Because switch “A” has VLAN 22 statically configured, while switch “C” does not have this VLAN statically configured, VLAN 22 is handled as an “Unknown VLAN”...
Page 234: Figure 129 - Port Settings For Gvrp Operations
VLAN with the same VID as in the advertisement, and allow that VLAN’s traffic • If the switch already has a static VLAN with the same VID as in the advertisement, and the port is configured to learn for that VLAN, then the port will dynamically join the VLAN and allow that VLAN’s traffic.
Page 235: Figure 130 - Command To Check For Dynamically Assigned Vlans
M A G N U M S W I T C H E S , ============================================ VLAN ID | NAME ============================================ | Default VLAN | | Blue | dyn10 Magnum6K25(gvrp)## 130 – Command to check for dynamically assigned VLANs IGURE Note that port 10 must be enabled and configured to learn for it to be assigned to the dynamic VLAN.
Page 236: Configuring Gvrp
Since dynamic VLANs operate as tagged VLANs, and it is possible that a tagged port on one device may not communicate with an untagged port on another device, GarrettCom Inc. recommends that you use Tagged VLANs for the static VLANs.
Page 237 VLANs and the current Primary VLAN Syntax gvrp <enable|disable> - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch Syntax set-ports port=<port|list|range> state=<learn|block|disable> - set the state of the port to learn, block or disable for GVRP.
Page 238: Gvrp Operations Notes
– on a reboot the changes can be lost without the save command. ithin the same broadcast domain, a dynamic VLAN can pass through a device that is not GVRP-aware. This is because a hub or a switch that is not GVRP-aware will flood the GVRP (multicast) advertisement packets out all ports.
Page 239: List Of Commands In This Chapter
VLANs and the current Primary VLAN Syntax gvrp <enable|disable> - enable or disable GVRP Syntax show-vlan – list all the VLANs (including dynamic VLANs) on the switch Syntax set-ports port=<port|list|range> state=<learn|block|disable> - set the state of the port to learn, block or disable for GVRP.
Page 240: 20 - Snmp
20 – SNMP Managing your network using SNMP imple Network Management Protocol (SNMP) enables management of the network. There are many software packages which provide a graphical interface and a graphical view of the network and its devices. The graphical interface and view would not be possible without SNMP.
Page 241 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E Simple Network Management Protocol Version 3 (SNMPv3) – The third version of SNMP, the enhancements made to secure access, different levels of access and security.
Page 242: Traps
SNMPv1 standards Security via configuration of SNMP communities • • Event reporting via SNMP • Managing the switch with an SNMP network management tool Supported Standard MIBs include: SNMP MIB-II (RFC 1213) • Bridge MIB (RFC 1493) (ifGeneralGroup, ifRcvAddressGroup, ifStackGroup) •...
Page 243: Configuring Snmp
M A G N U M S W I T C H E S , RMON MIB (RFC 1757) • RMON: groups 1, 2, 3, and 9 (Statistics, Events, Alarms, and History) • • Version 1 traps (Warm Start, Cold Start, Link Up, Link Down, Authentication Failure, Rising Alarm, Falling Alarm) RFC 1901-1908 –...
Page 244 Syntax mgrip <add|delete> ip=<IPaddress> - adds or deletes a management station, specified by the IP address, which can query SNMP variables from the switch. This is done to protect the switch from being polled by unauthorized managers. Valid for SNMP v1. Maximum of 5 stations allowed Syntax setvar [sysname|syscontact|syslocation]=<string>...
Page 245 Syntax com2sec <add|delete> id=<id> [secname=<name>] [source=<source>] [community=<community>] - a part of the View based Access control model (VACM) as defined in RFC 2275. This specifies the mapping from a source/community pair to a security name. On MNS- 6K, up to 10 entries can be specified Syntax group <add|delete>...
Page 246 M A G N U M S W I T C H E S , SNMP MANAGERS INFO ------------------ SNMP TRAP STATIONS INFO ----------------------- snmp Magnum6K25# community write=private read=public Magnum6K25(snmp)## SNMP Read community name successfully set SNMP Write community name successfully set show snmp Magnum6K25(snmp)## SNMP CONFIGURATION INFORMATION...
Page 247 M A G N U M S W I T C H E S , SNMP TRAP STATIONS INFO ----------------------- traps add type=Snmp,Rmon ip=192.168.1.2 Magnum6K25(snmp)## Successfully Added. show snmp Magnum6K25(snmp)## SNMP CONFIGURATION INFORMATION ------------------------------ SNMP Get Community Name : public SNMP Set Community Name : private SNMP Trap Community Name : public AuthenTrapsEnableFlag...
Page 248 Default Trap Community : public trap add id=1 type=v1 host=10.21.1.100 Magnum6K25(snmpv3)## Entry is added successfully : Magnum6K25 : Fremont, CA : support@garrettcom.com : Disabled : public : 6K_v3Engine Switch over to SNMPv3 from this point forward Max limit of system variables is 15 characters...
Page 249 M A G N U M S W I T C H E S , show-trap Magnum6K25(snmpv3)## Trap Type Host IP ================================================================ 10.21.1.100 -- show-trap id=1 Magnum6K25(snmpv3)## Trap ID Trap Type : v1 Host IP : 10.21.1.100 Community : -- Auth.
Page 250 M A G N U M S W I T C H E S , group add id=1 groupname=v1 model=v1 com2secid=1 Magnum6K25(snmpv3)## Entry is added successfully show-group Magnum6K25(snmpv3)## Group Name Sec. Model ================================================== public public show-group id=1 Magnum6K25(snmpv3)## Group ID Group Name : v1 Model : v1...
Page 251 M A G N U M S W I T C H E S , access add id=1 accessname=v1 model=v1 level=noauth read=1 writ Magnum6K25(snmpv3)## e=none notify=none Entry is added successfully show-access Magnum6K25(snmpv3)## ID View Name Model Level ============================================================== noauth show-access id=1 Magnum6K25(snmpv3)## Access ID Access Name...
Page 252: Configuring Rmon
RMON MIB definition. The following RMON groups are supported: • Ethernet Statistics Group - maintains utilization and error statistics for the switch port being monitored. • History Group – gathers and stores periodic statistical samples from previous Statistics Group.
Page 253: List Of Commands In This Chapter
M A G N U M S W I T C H E S , The following RMON communities, when defined, enable the specific RMON group as show above. Syntax rmon – enter the RMON configuration mode to setup RMON groups and communities Syntax history def-owner=<string>...
Page 254 Syntax mgrip <add|delete> ip=<IPaddress> - adds or deletes a management station, specified by the IP address, which can query SNMP variables from the switch. This is done to protect the switch from being polled by unauthorized managers. Valid for SNMP v. Maximum of five stations allowed.
Page 255 M A G N U M S W I T C H E S , Syntax trap <add|delete> id=<id> [type=<v1|v2|inform>] [host=<host-ip>] [community=<string>] [port=<1-65534>] station can receive v1, v2 traps and/or inform notifications. An inform notification is an acknowledgments that a trap has been received. A user can add up to 5 stations. Syntax show-trap [id=<id#>]- shows the configured trap stations in tabular format - id is optional and is the number corresponding to the trap entry number in the table Syntax com2sec <add|delete>...
Page 256 M A G N U M S W I T C H E S , Syntax statistics def-owner=<string> def-comm=<string>- define the RMON statistics group and the community string associated with the group Syntax alarm def-owner=<string> def-comm=<string> - define the RMON alarm group and the community string associated with the group Syntax event def-owner=<string>...
Page 257: 21 - Miscellaneous Commands
21 – Miscellaneous Commands Improving productivity and manageability here are several features built into the Magnum 6K family of switches which help with the overall productivity and manageability of the switch. These items are examined individually in this chapter. Alarm Relays In a wiring closet, it would be helpful if there was a visual indication for faults on components on the network.
Page 258 M A G N U M S W I T C H E S , Event ID Event Description S-RING OPEN Cold Start Warm Start Link Up Link Down Authentication Failure RMON Rising Alarm RMON Falling Alarm Intruder Alarm Link Loss Learn Triggered Broadcast Storm Detected STP/RSTP Reconfigured 136 –...
Page 259 M A G N U M S W I T C H E S , Syntax period time=<1..10> - sets the duration of relay action for the momentary type signal. This may be needed to adjust to the behavior of the circuit or relay. Default is 3 seconds. Time is in seconds Syntax del event=<event-id|list|range|all>...
Page 260 M A G N U M S W I T C H E S , 6 Authentication Failure 7 RMON Raising Alarm 8 RMON Falling Alarm 9 Intruder Alarm 10 Link Loss Learn Triggered 11 Broadcast Storm Detected 12 STP/RSTP Reconfigured add event=2 Magnum6K25(alarm)## Alarm Event(s) Added: 2...
Page 261: Email
M A G N U M S W I T C H E S , 9 Intruder Alarm 10 Link Loss Learn Triggered 11 Broadcast Storm Detected 12 STP/RSTP Reconfigured alarm disable Magnum6K25(alarm)## Alarm system Disabled del event=1,3,5,7 Magnum6K25(alarm)## Alarm Event(s) Deleted: 1, 3, 5, 7 show alarm Magnum6K25(alarm)## Alarm Events Configuration...
Page 262 If this capability is used, please ensure that SPAM filters and other filters are not set to delete these emails. GarrettCom Inc. recommends that a rule be setup on the mail server so that all emails indicating SNMP faults are automatically stored in a folder or redirected to the necessary administrators.
Page 263 M A G N U M S W I T C H E S , traps – [optional] this is the trap filter. If value is “all”, all traps of any type will be sent to this recipient. If value is none, no traps are sent to this recipient. Value can also be a combination of ‘S’...
Page 264 SMTP Server IP : 67.109.247.195 SMTP Server Port : 25 Retry Count show smtp recipients Magnum6K25(smtp)## E-mail Address =========================================================== rk@gci,sys@gci.com 67.109.247.195 add id=2 email=jsmith@garrettcom.com traps=S events=CF Magnum6K25(smtp)## Recipient successfully added show smtp recipients Magnum6K25(smtp)## E-mail Address =========================================================== rk@gci,sys@gci.com 67.109.247.195 jsmith@gci.com delete id=2...
Page 265 M A G N U M S W I T C H E S , add id=2 email=jsmith@garrettcom.com traps=S events=CF Magnum6K25(smtp)## ip=192.168.10.13 Recipient successfully added show smtp recipients Magnum6K25(smtp)## E-mail Address =========================================================== rk@gci,sys@gci.com 67.109.247.195 jsmith@gci.com sendmail server=10.21.1.2 to=jack@garrettcom.com Magnum6K25(smtp)## from=support@garrettcom.com subject=test body=hello...
Page 266: Highlighted Fields Are The Ones To Change As Described
When using the serial connectivity with applications such as Hyper terminal etc. it may be necessary to optimize the character delays so that the FIFO buffer used in the GarrettCom Magnum 6K family of switches is not overrun. The important parameters to set for any serial connectivity software is to set the line delay to be 500 milliseconds and the character delay to be 50 milliseconds.
Page 267: Banner Message
Some users may inadvertently connect to the switch. It would be fair top warn them that they have accessed a secure device and it is only appropriate to terminate the connection. Responsible users will follow the directive, much like a “No Trespassing”...
Page 268: Miscellaneous Commands
<After the session is terminated, a new session is opened up using telnet to display the effects of changing the MOTD on the switch> telnet switch C:> Copyright (c) 2001-2005 GarrettCom, Inc All rights reserved. This is a secure device. Unauthorized access is prohibited. Please disconnect if you are an unauthorized user. Thanks. Magnum-6K Version 14.0 Login 140 –...
Page 269 Syntax show history – show the last 25 commands executed – if less than 25 commands are executed, only those commands executed are s If the user logs out or if the switch times out – the history is erased. The history count restarts when the user logs in again Syntax <Up-ar...
Page 270: Prompt
M A G N U M S W I T C H E S , t history ? Magnum 6K 5# set history : Set Histo ry Size Usage set history size=<1-100> Groups: All. set history size=100 Magnum 6K25# History Size is Set show history Magnum6K25# 1 : show version...
Page 271: Ping
M A G N U M S W I T C H E S , $$ : $ Character $r : New Line $b : Space ew examples on h ow the system prompt can be setup is shown below. snmp Magnum 6K25#...
Page 272: Ftp Modes
M A G N U M S W I T C H E S , 143 – Using the ping command IGURE Many devices do not respond to ping or block ping commands. Make sure that the target device does respond or the network does allow the ping packets to ropagate through.
Page 273: System Events
M A G N U M S W I T C H E S , System Events All events occurring on the Magnum 6K family of switches are logged. The events can be as shown below Code escription Emergency (or Fatal) system is unusable – called “fatal” in show log command Alert: action must be taken immediately Critical: critical conditions...
Page 274 M A G N U M S W I T C H E S , The system events can be sent to a Syslog server using the Syslog capabilities in MNS-6K-SECURE. G centralize the logs. show log Magnum6K2 # DATE TIME -------- --------...
Page 275 Do you wish to export the event logs? [ 'Y' or 'N'] Successfully uploaded the event log file. Magnum6K25# 146 – Using exportlog to export the event log information IGURE In the table below, the following acronyms are used for Severity: Emergency;...
Page 276 Network Stack not yet configured DEVICE IP address a.b.c.d configured DEVICE subnetmask a.b.c.d configured DEVICE Default gateway a.b.c.d configured DEVICE Switch rebooted by user DEVICE No saved system logs DEVICE Timezone set to x DEVICE Country set to x (no DST) DEVICE...
Page 277 M A G N U M S W I T C H E S , Subsystem RMON Alarm : internal error , unable to get memory RMON Alarm : internal error, unable to get memory for alarm entry RMON History : internal error, unable to get memory for history control entry RMON History : internal error, unable to get memory for history data...
Page 278: Mac Address Table
M A G N U M S W I T C H E S , Subsystem TCP/IP Duplicate IP a.b.c.d sent from MAC address XXXXXX TCP/IP Unable to allocate memory for an ICMP packet TCP/IP IP packet from a.b.c.d , with checksum error dropped TCP/IP Bad IP fragments from a.b.c.d dropped TCP/IP...
Page 279: List Of Commands In This Chapter
MAC address 00:0c:F1:B9:D1:DC (#2 above) appears with this MAC address in the DST field, the packet will be sent to port number 3. Also notice that there are other MAC addresses associated with port #3, indicating that the port has a hub or a switch connected to it.
Page 280 M A G N U M S W I T C H E S , Syntax show smtp <config|recipients> - recipients displays the currently configured recipients of email alerts Syntax add id=<1-5> email=<email-addr> [traps=<all|none|S|R|E>] [events=<all|none|I|A|C|F|D>] [ip=<ip-addr>] [port=<1-65535>] id – [mandatory] the recipient ID - range from 1 to 5. MNS-6K allows a maximum of 5 recipients email –...
Page 281 Syntax ping <ipaddress> [count=<1-999>] [timeout=<1-256>] – use the ping command to test connectivity Syntax set prompt <prompt string> - set the prompt for switch. The prompt has predefined variables. These are $n : System Name; $c : System Contact; $l : System Location; $i : System IP;...
Page 282: Appendix 1 - Command Listing By Chapter
Syntax save – save changes made to the configuration Syntax reboot – restart the switch – same effect as physically turning off the power Syntax show setup – show setup parameters Syntax show config – show setup parameters configured Syntax enable <user-name>...
Page 283: Chapter 3 - Ip Address And System Information
– do not set the IP address automatically auto - the switch will first look for a DHCP server. If a DHCP server is not found, it will then look for a BootP server. If that server is not found, the switch will check to see if the switch had a pre-configured IP address.
Page 284 - valid with type=bootp only. This option allows the switch to load the configuration file from the BootP server. This is useful when a new switch is put on a network and the specific configurations are loaded from a centralized BootP server Syntax telnet <enable|disable>...
Page 285 The modules are system, event, port, bridge, stp, ps, mirror, sntp, vlan, gvrp and snmp Syntax show session – display telnet sessions active on the switch Syntax kill session id=<session> - kill a specific telnet session Syntax set ftp mode=<normal|passive>...
Page 286 This can also perform the task of exporting a configuration file or uploading a new image to the switch [host=<hostname>] [ip=<ipaddress>] [file=<filename>] – parameters associated with tftp server for proper communications with the server Syntax xmodem <get|put>...
Page 287: Chapter 4 - Ipv6
Syntax show timezone – shows the system timezone Syntax show date – shows the system date Syntax show uptime – shows the amount of time the switch has been operational Syntax show config [module=<module-name>] – displays the configuration Syntax set secrets <hide|show> - sets the system parameter to display or hide the passwords Syntax kill config [save=module-name] –...
Page 288: Chapter 6 - Sntp Server
Syntax allow mac=<address|list|range> port=<num|list|range> - specify a specific MAC address or MAC address list Syntax learn port=<number-list> <enable|disable> - learn MAC addresses connected to the Magnum 6K switch Syntax show port-security – display port security settings Syntax action port=<num|list|range> <none|disable|drop> - action to perform in case of breach...
Page 289 M A G N U M S W I T C H E S , Syntax signal port=<num|list|range> <none|log|trap|logandtrap> - port to monitor and signal to send in case of breach of port security Syntax ps <enable|disable> - enable or disable port security Syntax remove mac=<all|address|list|range>...
Page 290: Chapter 8 - Access Using Radius
Syntax authserver [ip=<ip-addr>] [udp=<num>] [secret=<string>] define the RADIUS server – use UDP socket number if the RADIUS authentication is on port other than 1812 Syntax auth <enable|disable> enables or disables the 802.1x authenticator function on MNS-6K switch Syntax setport port=<num|list|range> [status=<enable|disable>] [control=<auto|forceauth|forceunauth>] [initialize=<assert|deassert>] setting the...
Page 291: Chapter 9 - Access Using Tacacs
Default value is 30. Values can be from 1 to 65535 seconds Syntax reauth port=<num|list|range> [status=<enable|disable>] [period=<10-86400>] set values on how the authenticator (Magnum 6K switch) does the re-authentication with the supplicant or port – [mandatory] – ports to be configured status –...
Page 292: Chapter 10 - Port Mirroring And Setup
Syntax show flowcontrol – display flow control buffers Syntax backpressure rxthreshold=<value> - configure backpressure buffers Syntax show backpressure – display backpressure buffers Syntax broadcast-protect <enable|disable> - protect switch from broadcast storms Syntax rate-threshold port=<port|list|range> rate=<frames/sec> - change the allowed broadcast rate threshold Chapter 11 - VLAN Syntax set vlan type=<tag|none>...
Page 293: Chapter 12 - Spanning Tree Protocol (Stp)
Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0- 255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 Syntax cost port=<number|list|range>...
Page 294: Chapter 13 - Rapid Spanning Tree Protocol
Chapter 13 – Rapid Spanning Tree Protocol Syntax set stp type=<stp|rstp> - Set the switch to support RSTP or change it back to STP. Need to save and reboot the switch after this command Syntax rstp – enter the RSTP configuration mode Syntax rstp <enable|disable>...
Page 295: Chapter 14 - S-Ring And Link-Loss-Learn
Syntax priority [port=<number|list|range>] value=<0-255 | 0-65535> - specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0- 255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 Syntax cost port=<number|list|range>...
Page 296: Chapter 15 - Dual-Homing
M A G N U M S W I T C H E S , Syntax lll del port=<port|list|range> - disable LLL on the list of specified ports Syntax show lll – display the status of LLL Syntax rstp – STP Configuration mode Syntax rstp <enable|disable>...
Page 297: Chapter 17 - Quality Of Service
Syntax set-weight weight=<0-7> - sets the port priority weight for All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7 Syntax show-portweight - display the weight settings on a port Syntax show qos [type=<port|tag|tos>] [port=<port|list|range>] –...
Page 298: Chapter 19 - Gvrp
Syntax show-port – display the port characteristics for IGMP Syntax show-router – displays detected IGMP-enabled router ports Syntax set-leave <enable|disable> - enables or disables the switch to immediately process a host sending a leave message rather that wait for the timer to expire Syntax set-querier <enable|disable>...
Page 299: Chapter 20 - Snmp
Syntax mgrip <add|delete> ip=<IPaddress> - adds or deletes a management station, specified by the IP address, which can query SNMP variables from the switch. This is done to protect the switch from being polled by unauthorized managers. Maximum of five stations allowed.
Page 300 M A G N U M S W I T C H E S , Syntax authtrap <enable|disable> - enables or disables authentication traps generation Syntax show-authtrap - displays the current value of authentication trap status. Syntax deftrap community=<string> - defines the default community string to be used when sending traps. When user does not specify the trap community name when setting a trap station using the “trap”...
Page 301: Chapter 21 - Miscellaneous Commands
M A G N U M S W I T C H E S , to 5 users to be added. Right now, the MNS-6K agent only support noauth and auth-md5 for v3 authentication and auth-des for priv authentication Syntax show-user [id=<id>] - display all or specific view entries - id is optional and is the number corresponding to the view entry number in the table Syntax rmon –...
Page 302 M A G N U M S W I T C H E S , Syntax smtp – configure the SNMP alerts to be sent via email Syntax show smtp <config|recipients> - recipients displays the currently configured recipients of email alerts Syntax add id=<1-5>...
Page 303 Syntax ping <ipaddress> [count=<1-999>] [timeout=<1-256>] – use the ping command to test connectivity Syntax set prompt <prompt string> - set the prompt for switch. The prompt has predefined variables. These are $n : System Name; $c : System Contact; $l : System Location; $i : System IP;...
Page 304: Appendix 2 - Commands Sorted Alphabetically
APPENDIX 2 - Commands sorted alphabetically Command !<n> <command string> <TAB> <Down-arrow> <first character of the command> <TAB> <TAB> <Up-arrow> access action port=<num|list|range> <none|disable|drop> add event=<event-id|list|range|all> id=<1-5> email=<email-addr> [traps=<all|none|S|R|E>] [events=<all|none|I|A|C|F|D>] [ip=<ip-addr>] [port=<1-65535>] add id=<vlan Id> [name=<vlan name>] port=<number|list|range> [forbid=<number|list|range>] [<mgt|nomgt>] add user=<name>...
Page 305 Don’t forget to use the “save” command to save the key define the RADIUS server enables or disables authentication traps generation configure parameters for EAP over RADIUS configure backpressure buffers protect switch from broadcast storms changing the user privilege level...
Page 306 M A G N U M S W I T C H E S , Command clear <history|log [1..5 |informational |activity |critical |fatal |debug] |terminal |arp|portstats|addr] clear log [fatal |alert| crit|error| warn| note|info|debug] clear-reserveip ip=<ip> climode <script|console|show> com2sec <add|delete> id=<id> [secname=<name>] [source=<source>] [community=<community>] <Enter>...
Page 307 M A G N U M S W I T C H E S , Command del event=<event-id|list|range|all> del port=<number|list|range> delete id=<1-5> delete user=<name> deny ip=<ipaddress> mask=<netmask> service=<name|list> device dhcpsrv <start|stop> dualhome dualhome <enable|disable> dualhome add port1=<port#> port2=<port#> dualhome add primary=<port#> secondary=<port#>...
Page 308 – optional type field. This is useful to specify whether a log file or host file is uploaded or downloaded. This can also perform the task of exporting a configuration file or uploading a new image to the switch [host=<hostname>] [ip=<ipaddress>] [file=<filename>] [user=<user>] [pass=<password>] –...
Page 309 RMON history group and the community string associated with the group IGMP configuration mode enable or disable IGMP on the switch to set IP address on the switch resets the system configuration. The module_name option does not reset the specific module parameters.
Page 310 The default is enabled adds or deletes a management station, specified by the IP address, which can query SNMP variables from the switch. This is done to protect the switch from being polled by unauthorized managers. Applicable for SNM v1 only.
Page 311 Description configure port mirror settings configure port security settings specifies the port or switch level priority. When a port(s) are specified the priority is associated with ports and their value is 0-255. If no ports are specified, then the switch (bridge) priority is specified and its value is 0-65535 specifies the port or switch level priority.
Page 312 Syslog server. Note use the “syslog” command to use this command > enable or disable the log messages being sent to a syslog server. Note use the “syslog” command to use this command assign the boot mode for the switch...
Page 313 MNS allows you to enter the Banner message set or change password set the prompt for switch. The prompt has predefined variables. These are $n : System Name; $c : System Contact; $l : System Location; $i : System IP; $m : System MAC;...
Page 314 G U I D E Description Set the switch to support RSTP or change it back to STP. Need to save and reboot the switch after this command sets the time set the display time in the 12/24 hour mode...
Page 315 M A G N U M S W I T C H E S , Command setport port=<num|list|range> [status=<enable|disable>] [control=<auto|forceauth|forceunauth> ] [initialize=<assert|deassert>] setport port=<port#|list|range> [name=<name>] [speed=<10|100>] [duplex=<half|full>] [auto=<enable|disable>] [flow=<enable|disable>] [bp=<enable|disable>] [status=<enable|disable>] set-ports port=<port|list|range> state=<learn|block|disable> set prompt <prompt string> The length of the prompt is limited to 60 characters.
Page 316 Default value is 10 seconds. The Range can be from 2 to 270 seconds. Restrictions apply to the maximum value because of an internal calculation that is dependent on the value of the Query Interval. enables or disables a switch as IGMP querier setup the SNTP server...
Page 317 All the ports. Once the weight is set, all the ports will be the same weight across the switch. The valid value for weight is 0-7 upload and download information using sftp...
Page 318 M A G N U M S W I T C H E S , Command show address-table show active-stp Show active-snmp show alarm show auth <config|ports> show backpressure show config show console show date show dhcpsrv <config|status|leases> show dns show dualhome show flowcontrol show ftp...
Page 319 Description display the hosts table entries IGMP operation status display all trusted hosts shows the IP parameters set in the switch displays the status and other relevant LACP information display the status of LLL display logs and specific types of logs...
Page 320 For displaying the telnet setting use show console show the status of S-Ring regardless of whether STP is enabled or disabled (default) this command lists the switch’s full STP configuration, including general settings and port settings display the RSTP or STP parameters...
Page 321 VLANs (including dynamic VLANs) on the switch port to monitor and signal to send in case of breach of port security configure the SNMP alerts to be sent via email...
Page 322 Note as discussed earlier, you can create multiple s-rings on a switch remove the switch from S-ring topology by eliminating the end ports on the switch start the learning process to discover the ring and the ports which make up the s-ring “set snmp”...
Page 323 M A G N U M S W I T C H E S , Command start vlan=<name|number|list|range> static vlan=<VID> statistics def-owner=<string> comm=<string> stp <enable|disable> sync [hour=<0-24>] [min=<0-59>] syslog syslog <enable|enable> tacplus <enable|disable> [ order=<tac,local | local,tac>] tacserver <add|delete> id=<num> [ip=<ip-addr>] [port=<tcp- port>] [encrypt=<enable|disable>]...
Page 324 M N S - 6 K U S E R G U I D E Description telnet from the switch. The IP address can be an IPv4 address or an IPv6 address change the STP Forward Delay, Hello timer and Aging timer values...
Page 325 M A G N U M S W I T C H E S , Command user <add|delete> id=<id> [username=<name>] [usertype=<readonly|readwrite>] [authpass=<pass-phrase>] [privpass=<pass-phrase>] [level=<noauth|auth|priv>] [subtree=<oid>] useraccess user=<name> service=<telnet|web> <enable|disable> useraccess user=<name> group=<list> type=<read|write> <enable|disable> useraccess groups view <add|delete> id=<id> [viewname=<name>] [type=<included|excluded>] [subtree=<oid>] [mask=<hex-string>] vlan <enable | disable>...
Page 326 M A G N U M S W I T C H E S , M N S - 6 K U S E R G U I D E Intentionally left blank...
Page 327: Appendix 3 - Daylight Savings
APPENDIX 3 - Daylight Savings No time like the present... Daylight Savings Time Magnum6K Switches provide a way to automatically adjust the system clock for Daylight Savings Time (DST) changes. In addition to the value "none" (no time changes), there are fifteen pre- defined settings, a few examples are: •...
Page 328 D A Y L I G H T S A V I N G S T I M E Australia, Belgium, Canada, Chile, Cuba, Egypt, France, Finland, Germany, Greece, Iraq, Italy, London, Namibia, Portugal, Russia, Spain, Sweden, Switzerland, Syria, USA Note –...
Page 329: Appendix 4 - Browser Certificates
The browser will typically catch that and will warn a user about accessing the site. The rest of the sections below will describe how to use the browsers with GarrettCom self signed certificates.
Page 330: Using Mozilla Firefox (Ver. 3.X)
B R O W S E R C E R T I F I C A T E S Using Mozilla Firefox (ver. 3.x) Mozilla Firefox version 3.x ensures that the user validate the certificate before it allows the user to proceed to the site when the address (URL) does not match the information in the self signed certificate.
Page 331 B R O W S E R C E R T I F I C A T E S 150 – Mozilla Firefox tries to warn the user again about the dangers of sites with improper IGURE certificates Once the “Add Exception” button is displayed, make sure you click on it.
Page 332 Notice that the browser points out that valid sites such as banks, online web stores, government sites, secure sites etc. will not ask you to do that. Since the GarrettCom MNS- 6K is a self signed authenticated “site”, it is a good idea to proceed with this step and click...
Page 333: Exception. The Locations To Do Those Are Identified In This Figure
C E R T I F I C A T E S 152 – Here, you can view the certificate, permanently make an exception and confirm the IGURE exception. The locations to do those are identified in this figure The self signed certificate from GarrettCom is shown in the next figure.
Page 334: Using Internet Explorer (Ver 7.X)
B R O W S E R C E R T I F I C A T E S 153 – Self signed certificate from GarrettCom Inc for MNS-6K IGURE Once accepted, the user does not need to go through these steps again.
Page 335: Using Other Browsers
B R O W S E R C E R T I F I C A T E S 154 – Using IE 7 IGURE Using Other Browsers There are many other browsers such as Opera, Safari which are also widely used. There are similar mechanisms built into these browsers to inspect the certificate and create an exception.
Page 336: Appendix 5 - Updating Mns-6K Software
APPENDIX 5 – Updating MNS-6K Software Keep up to date... The steps required to update the MNS-6K software on your Magnum switch are listed. Intentionally left blank APPENDIX...
Page 337: Getting Started
8) Serial port – if your PC does not have a serial port, you may want to invest in a USB to serial converter. This is again available from LANstore or from GarrettCom. Alternately a USB to serial cable can also be used. This cable is available also available from LAN store or GarrettCom Inc.
Page 338: Selecting The Proper Version
The first step is to ensure that you have the proper version of the MNS-6K software. To access the proper software, you will require access to the GarrettCom web site (and ftp site) through a network which does not block ftp file transfers. If your site blocks ftp file transfer traffic, please contact your system administrator to figure out how to access the GarrettCom site to download the necessary software.
Page 339 2) Once the connection is established, use the user login as m6kuser and the password as m6kuser – see Figure 1. If you have previously established a different login/password for the GarrettCom site, that login name and password can be used as well. Intentionally left blank for image continuity – image shown on next page ftp://www.garrettcom.com...
Page 340 M N S - 6 K – S T E P 155 – Accessing the GarrettCom site for download. IGURE Note – if the browser does not support the login prompt, you can type in the user name and password on the URL as follows: ftp://m6kuser:m6kuser@ftp.garrettcom.com...
Page 341: Release Notes
U P D A T I N G M N S - 6 K – S T E P 156 – Select the proper version to use after successful login IGURE 4) Navigate to the folder MNS-6K. See Figure 3. (There are other folders with additional software, MIBs as well as additional useful information for the Magnum-6K switches which you may want to use later.) From the MNS-6K folder download the latest ‘Release Notes’...
Page 342: Next Steps
6) Make sure you remember where the files are stored as these files will be needed for the next step. Next steps 1) Access the GarrettCom Magnum 6K switch. The access can be over the console port using the null modem cable or through the network using telnet. This is described in step 2.
Page 343: Preparing To Load The Software
2. Preparing to load the software Backup your existing configuration….. nce the MNS-6K software is downloaded from the GarrettCom site, it is strongly recommended that the existing configuration of the switch is preserved before the MNS-6K software upgrade is performed. This section will show you how to save the existing configuration and prepare you for loading the configuration.
Page 344: Network Access
Magnum 6K switch (or DNS name associated with the switch) to be upgraded. Access the Magnum 6K switch by using the telnet command. For example, if the switch has the IP address 192.168.10.11 the command is as shown in Figure 6 below.
Page 345: Serial Connection
2) TFTP server 3) FTP server As a good practice, GarrettCom recommends that you should have all these capabilities available on your local computer if you plan to upgrade additional switches as well as switches in the future. The command used for saving the existing configuration of the Magnum 6K switch is ‘saveconf’...
Page 346: Configuration Is Saved. Click On Receive. This Starts The File Transfer
U P D A T I N G S O F T W A R E 162 – Invoke the “Receive File” to start the Xmodem transfer program. In the figure above IGURE the Windows XP based HyperTerminal screen is shown Once the “Receive File”...
Page 347: Network Access
To save using TFTP or FTP first ensure that you have the FTP or TFTP server set up and the switch can ‘ping’ the TFTP or the FTP server. For ftp services, make sure the server can support anonymous login or make sure the login password information is available.
Page 348: Next Steps
Next steps 1) Upload the updated MNS-6K software and reboot the switch. This is described in step 3. 2) (Optional step) Reload the saved configuration. This is described in step 4.
Page 349: Loading The Mns-6K Software
Load the new version of the MNS-6K image….. T this stage, the Magnum MNS-6K software has been downloaded from the GarrettCom site, and the configuration saved. The Magnum-6K switch is now ready to upload the new MNS-6K software image. Before loading the MNS-6K software It will be necessary for the Magnum 6K switch to be reset or re-booted after the new MNS-6K software is loaded.
Page 350: Serial Connection
U P D A T I N G S O F T W A R E Serial Connection Prerequisites - make sure the directory and the file name of the MNS-6K software image downloaded in steps 1 and 2 is known. To use the serial connection to update the MNS-6K image, the command dialog is shown below: show version Magnum6K25#...
Page 351: Network Access
1 and 2 is known. To upgrade using TFTP or FTP, ensure that the FTP or TFTP server is set up and the switch can ‘ping’ the TFTP or the FTP server and vice-versa. Ensure that the server has access to the MNS-6K software image downloaded in step 2.
Page 352: Next Steps
(The switch will now reboot. Reconnect and login. Verify the MNS-6K software was upgraded. Note – as discussed in step 1, the switch may need a boot code update. After a reboot, the switch awaits a “Y” or “N” on whether the boot code should be updated. If no answer is given, the default is not to update the boot code (or a “N”).
Page 353: Optional Step) Restoring The Configuration
Magnum 6K switch and finally, if required, the configuration can be restored using the instructions in this step. If the Magnum 6K switch is updated over the network, it maybe necessary to update the boot code.
Page 354: Updating Boot Code Over The Network
1 – selecting the proper Version 3.0), the boot code will be updated. At boot up time, the Magnum 6K switch identifies that there is a new version of the boot code and asks if the new boot code should be loaded...
Page 355 U P D A T I N G S O F T W A R E – S T E P Intentionally left blank...
Page 356: Index
I N D E X Index !!, 302 !<n>, 302 802.1d, 147, 151, 159, 160, 162, 165, 172, 293 802.1q, 230 802.1Q, 132, 147 802.1w, 159, 160, 165, 175 802.1x, 106, 107, 108, 109, 114, access, 46, 61, 102, 103, 104, 250, action, 91, 92, 95, 104, 287 action port, 91 add, 30, 37, 94, 135, 138, 145,...
Page 357 I N D E X com2sec, 244, 248, 254, 299 community, 243, 253, 298, 305 community string, 239 config, 56, 57, 81, 82, 83, 284, 285, 286, 307, 324 config startip, 81, 83, 286 configure, 70, 104, 134, 285, 287 configure access, 42, 70, 285 CoS, 207 cost, 150, 152, 156, 158, 166, 170,...
Page 358 I N D E X 223, 224, 227, 228, 240, 241, 244, 249, 252, 254, 255, 267, 281, 297, 299, 300, 304, 307, 308, 315, 318, 319, 322, 324 group add, 249 GSSAPI, 46 gvrp, 236, 297 GVRP, 230, 232 GVRP BPDUs, 230 help, 34, 37, 282 Helsinki University of Technology,...
Page 359 I N D E X MIB, 109, 215, 239, 244, 251, 254, mode, 221, 227, 229 mode L2, 227 mode normal, 228 modes of operation, 25 MOMENTARY, 256, 257, 258, 259, more, 62, 70 MOTD, 266 NAS, 116 NTLM, 46 oldconf, 56, 57, 284, 285, 307, 324 OPEN, 184 OpenSSH, 46...
Page 360 I N D E X RFC 2273, 242 RFC 2274, 242 RFC 2275, 242 RFC 3164, 96, 97, 272 RFC 3315, 77 RFC 3396, 77 RFC 4251, 45 RFC 4252, 46 RFC 4253, 45 RFC 4254, 46 RFC 4256, 46 RFC 4391, 77 RFC 4541, 221 RFC 821, 260...
Page 361 I N D E X set serial, 50, 68, 283 set snmp, 242, 244, 253, 298 set stp, 151, 161, 172, 183, 185, 186, 293, 294, 295 set time, 52, 68, 283 set timeformat, 53, 68, 283 set timezone, 52, 68, 283 set vlan, 134, 145, 291 set-forbid, 236, 237, 298 set-leave, 225, 228, 297...
Page 362 I N D E X show active-snmp, 242, 244, 246, 253, 298 show active-stp, 151, 162, 167, 172, 183, 185, 186, 293, 294, 295 show active-vlan, 138 show address-table, 277, 278 show alarm, 258, 259, 260, 300 show auth config, 110 show auth ports, 111 show backpressure, 126, 127, 131, show broadcast-protect, 129, 130...
Page 363 I N D E X show-com2sec, 248 show-deftrap, 243, 247, 253, 299 show-forbid, 236, 237, 298 show-forceversion, 166, 168, 169, 172, 293 show-group, 223, 228, 244, 249, 254, 297, 299 show-port, 112, 113, 136, 142, 144, 146, 224, 228, 292, show-portweight, 209, 212, 213, show-router, 224, 225, 228, 297 show-stats, 113, 115, 290...
Page 364 I N D E X 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 198, 210, 257, 259, 260, 292, 293, 294, 295, 307, 309, 313, 317, 319, 322, stp enable, 151, 154 STP Path cost, 165 Stratum, 85, 86 supplicant, 106, 108, 109, 110, 114, 115, 289, 290...

This manual is also suitable for:

Mns-6k-secure 14.1.4

GarrettCom MNS-6K 4.1.4 Cli User's Manual

Conventions Followed

Getting Started

IP Address and System Information

FIGURE 25 - Reviewing the Console Parameters - Note Telnet Is Enabled

FIGURE 29 - Use of DNS

FIGURE 30 - Querying the Serial Port Settings

FIGURE 27 - Managing and Viewing Multiple Telnet Sessions

Displaying Specific Modules Using the 'Show Config

Ipv6

DHCP Server

SNTP Server

Access Considerations

Access Using RADIUS

FIGURE 70 - Securing the Network Using Port Access

Access Using TACACS

FIGURE 72 - TACACS Packet Format

FIGURE 73 - Configuring TACACS

10 - Port Mirroring and Setup

FIGURE 74 - Enabling Port Mirroring

FIGURE 75 - Port Setup

FIGURE 76 - Setting up Back Pressure and Flow Control on Ports

11 - Vlan

FIGURE 81 - Configuring Vlans on Magnum 6K Switch

Spanning Tree Protocol (STP)

FIGURE 83 - Viewing STP Configuration

FIGURE 84 - STP Port Status Information

FIGURE 85 - Enabling STP

FIGURE 86 - Configuring STP Parameters

Rapid Spanning Tree Protocol (RSTP)

FIGURE 87 - Enabling RSTP and Reviewing the RSTP Variables

FIGURE 88 - Reviewing the RSTP Port Parameters

Figure 89 - Path Cost as Defined in IEEE 802.1D (STP) and 802.1W (RSTP)

FIGURE 91 - Configuring RSTP on MNS-6K

S-Ring™ and Link-Loss-Learn™ (LLL)

15 - Dual-Homing

Link Aggregation Control Protocol (LACP)

FIGURE 112 - the Network for the 'Show Lacp' Command Listed below

FIGURE 113 - LACP Information over a Network

17 - Quality of Service

FIGURE 114 - Tos and DSCP

FIGURE 117 - Qos Configuration and Setup

18 - Igmp

FIGURE 118 - IGMP Concepts - Advantages of Using IGMP

FIGURE 119 - IGMP Concepts - Isolating Multicast Traffic in a Network

FIGURE 122 - Enabling IGMP and Query the Status of IGMP

FIGURE 123 - Displaying IGMP Groups

FIGURE 124 - Configuring IGMP

FIGURE 125 - Adding Broadcast Groups Using the Group Command

FIGURE 126 - Setting IGMP-L2

19 - Gvrp

FIGURE 127 - GVRP Operation - See Description below

FIGURE 129 - Port Settings for GVRP Operations

FIGURE 131 - Converting a Dynamic VLAN to a Static VLAN

20 - Snmp

FIGURE 134 - Configuring SNMP - most of the Command here Are SNMP V3 Commands

FIGURE 135 - Configuring RMON Groups

21 - Miscellaneous Commands

APPENDIX 1 - Command Listing by Chapter

Chapter 2 - Getting Started

Chapter 3 - IP Address and System Information

Chapter 4 - Ipv6

Chapter 5 - DHCP Server

Chapter 6 - SNTP Server

Chapter 7 - Access Considerations

Chapter 8 - Access Using Radius

Chapter 9 - Access Using TACACS

Chapter 10 - Port Mirroring and Setup

Chapter 11 - VLAN

Chapter 12 - Spanning Tree Protocol (STP)

Chapter 13 - Rapid Spanning Tree Protocol

Chapter 14 - S-Ring and Link-Loss-Learn

Chapter 15 - Dual-Homing

Chapter 16 - Link Aggregation Control Protocol (LACP)295

Chapter 17 - Quality of Service

Chapter 18 - IGMP

Chapter 19 - GVRP

Chapter 20 - SNMP

Chapter 21 - Miscellaneous Commands

APPENDIX 2 - Commands Sorted Alphabetically