Page 1 AT-GS950/16 Gigabit Ethernet Switch AT-GS950/16 Web Interface User Guide AT-S114 Version 1.1.0 [1.00.021] 613-001857 Rev A...
Page 2 Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.
Page 3: Table Of Contents
List of Figures ..............................11 List of Tables ..............................15 Preface ................................17 Document Conventions..........................18 Allied Telesis Contact Information......................19 Getting Started ..............................21 Chapter 1 : Starting a Web Browser Session ....................23 Establishing a Remote Connection to the Web Browser Interface ............24 Web Browser Tools............................
Page 4 Contents Bridge Configuration ............................63 Chapter 3 : Port Configuration ........................65 Overview..............................66 Displaying and Configuring Ports ....................... 67 Chapter 4 : STP and RSTP ..........................71 Overview..............................72 Bridge Priority and the Root Bridge...................... 73 Forwarding Delay and Topology Changes................... 75 Mixed STP and RSTP Networks ......................
Page 5 AT-GS950/16 Web Interface User Guide Chapter 11 : IGMP Snooping ........................141 Overview ..............................142 IGMP Snooping Configuration ......................... 144 IGMP Snooping Router Port Modification ....................147 Chapter 12 : Storm Control .......................... 149 Overview ..............................150 Ingress Rate Limiting......................... 151 Egress Rate Limiting .........................
Page 6 Contents Advanced Features ............................207 Chapter 16 : SNMPv1 and v2c ........................209 SNMPv1 and SNMPv2c Overview ......................210 Trap Receiver Attributes...........................211 Activate SNMP Interface ..........................212 SNMPv1 and SNMPv2c User and Group Names ..................213 Create User and Group Names ......................213 Modify User and Group Names......................215 Delete User and Group Names......................215 SNMP Community Strings........................216 Create SNMP Community Strings......................216...
Page 7 AT-GS950/16 Web Interface User Guide Display Specific Policy Information....................255 Chapter 19 : RMON ............................. 257 Overview ..............................258 Enable and Disable RMON ........................259 Port Statistics ............................260 Histories ..............................262 Events ..............................264 Alarms ..............................266 Chapter 20 : Voice VLAN ..........................
Page 8 Chapter 28 : Energy-Efficient Ethernet ......................351 Enable EEE ..............................352 Disable EEE .............................353 Chapter 29 : Rebooting the AT-GS950/16 ....................355 Switch Reboot ............................356 Configure Factory Default Values......................358 Password Protection of Factory Reset .....................360 Disabling Factory Default Reset Feature ...................360 Enabling Factory Default Reset ......................362 Chapter 30 : Pinging a Remote System .......................365...
Page 9 MST Region Guidelines........................378 Common and Internal Spanning Tree (CIST) ..................379 MSTP with STP and RSTP........................ 379 Associating VLANs to MSTIs ........................381 VLANs Across Different Regions ......................383 Summary of Guidelines..........................385 Appendix B: AT-GS950/16 Default Parameters ..................387...
Page 10 Contents...
Page 11: List Of Figures
Figure 41. AT-GS950/16 Mirroring Page ......................... 121 Figure 42. AT-GS950/16 Loopback Detection Page ....................... 126 Figure 43. AT-GS950/16 Static Unicast Address Table Page ..................132 Figure 44. Static Unicast Address Table with Port-Based VLAN Example..............133 Figure 45. Modify Static Unicast Address Page ......................134 Figure 46.
Page 12 Figure 60. AT-GS950/16 VLAN Port Settings Page ......................171 Figure 61. Port-Based VLAN Page ..........................173 Figure 62. Example of AT-GS950/16 Port Based VLAN Page ..................174 Figure 63. Modify Port-Based VLAN Page ........................175 Figure 64. Forwarding Table Mode Page ........................176 Figure 65.
Page 13 Figure 120. Destination MAC Filter Page Example ......................296 Figure 121. General Settings Page ..........................303 Figure 122. DHCP Snooping VLAN Settings Page ......................306 Figure 123. AT-GS950/16 Trusted Interfaces Page ......................308 Figure 124. Trusted Interfaces Page Example ........................ 309 Figure 125. AT-GS950/16 Binding Database Page......................310 Figure 126.
Page 14 Figures...
Page 15: List Of Tables
List of Tables Table 1. Valid Port Priority Values ....................75 Table 2. Default Mappings Priority Levels to Priority Queues ............195 Table 3. Customized Mappings Priority Levels to Priority Queues ..........195 Table 4. Example of Weighted Round Robin Priority ..............197 Table 5.
Page 16 List of Tables...
Page 17: Preface
Preface This guide contains instructions on how to use the AT-S114 Management Software to manage and monitor the AT-GS950/16 Gigabit Ethernet Switch. The AT-S114 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application.
Page 18: Document Conventions
Preface Document Conventions This document uses the following conventions: Note Notes provide additional information. Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data. Warning Warnings inform you that performing or omitting a specific action may result in bodily injury.
Page 19: Allied Telesis Contact Information
AT-GS950/16 Web Interface User Guide Allied Telesis Contact Information If you need assistance with this product, you may contact Allied Telesis technical support by going to the Support & Services section of the Allied Telesis web site at www.alliedtelesis.com/support. You can find links for the following services on this page: ...
Page 20 Preface...
Page 21: Getting Started
Section I Getting Started This section contains the following chapters:  Chapter 1, “Starting a Web Browser Session” on page 23  Chapter 2, “System Configuration” on page 29...
Page 23: Chapter 1 : Starting A Web Browser Session
Chapter 1 Starting a Web Browser Session This chapter contains the procedures for starting, using, and quitting a web browser management session on the AT-GS950/16 switch. This chapter includes the following sections:  “Establishing a Remote Connection to the Web Browser Interface” on page 24 ...
Page 24: Establishing A Remote Connection To The Web Browser Interface
Chapter 1: Starting a Web Browser Session Establishing a Remote Connection to the Web Browser Interface The AT-GS950/16 switch is shipped with a pre-assigned IP address of 192.168.1.1. After your initial login, Allied Telesis suggests that you assign a new IP address to your switch. To manually assign an IP address to the switch, refer to “Configuration of IPv4 Address, Subnet Mask and Gateway...
Page 25: Figure 3. At-Gs950/16 Switch Information Page
The default user name is “manager” and the default password is “friend.” The login name and password are case-sensitive. 4. Press OK. The AT-GS950/16 Switch Information page is displayed. See Figure 3. Note To change the user name and password, refer to “User Name and Password Configuration”...
Page 26: Figure 4. Front Panel Page
Chapter 1: Starting a Web Browser Session  System  Physical Interface  Bridge  SNMP  Access Control  RMON  Voice VLAN  Security  DHCP Snooping  LLDP  Statistics Chart  Tools  Save Settings to Flash 5.
Page 27: Web Browser Tools
AT-GS950/16 Web Interface User Guide Web Browser Tools You can use the web browser tools to move around the management pages. Selecting Back on your browser’s toolbar returns you to the previous display. You can also use the browser’s Bookmark feature to...
Page 28: Quitting A Web Browser Management Session
Chapter 1: Starting a Web Browser Session Quitting a Web Browser Management Session To exit a web browser management session, close the web browser.
Page 29: Chapter 2 : System Configuration
Chapter 2 System Configuration This chapter provides procedures to configure basic system parameters for the AT-GS950/16 switch and contains information for the following sections:  “System Management Information” on page 30  “Configuration of IPv4 Address, Subnet Mask and Gateway Address”...
Page 30: System Management Information
This section explains how to assign a name, location, and contact information for the AT-GS950/16 switch. This information helps in identifying each specific AT-GS950/16 switch among other switches in the same local area network. Entering this information is optional. Note Allied Telesis recommends that you assign a name to the switch.
Page 31 4. Click Apply. 5. From the main menu on the left side of the page, click on Switch Info. The Switch Information page is displayed. See “AT-GS950/16 Switch Information Page” on page 25 for more information. 6. From the main menu on the left side of the page, select Save Settings...
Page 32: Configuration Of Ipv4 Address, Subnet Mask And Gateway Address
Chapter 2: System Configuration Configuration of IPv4 Address, Subnet Mask and Gateway Address This procedure explains how to change the IP address, subnet mask, and gateway address of the switch. Before performing the procedure, note the following:  A gateway address is only required if you want to remotely manage the device from a management station that is separated from the switch by a router.
Page 33 AT-GS950/16 Web Interface User Guide System Subnet Mask - Displays the current subnet mask of the switch. To change the subnet mask, enter a new subnet mask. When DHCP is enabled, you cannot change this parameter. System Default Gateway - Displays the default gateway of the switch.
Page 34: Ipv6 System Configuration
Chapter 2: System Configuration IPv6 System Configuration This procedure explains how to enable IPv6 and configure IPv6 system settings. To enable IPv6 and configure the switch’s IPv6 settings, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder.
Page 35 AT-GS950/16 Web Interface User Guide 5. Change the IPv6 system settings by observing or entering new information in the following fields: IPv6 Unicast Address/Prefix Length - Displays the current IPv6 unicast address and prefix length of the switch. To change the address and prefix length, enter a new IPv6 unicast address and prefix length.
Page 36: Ipv6 Neighbor Configuration
Chapter 2: System Configuration IPv6 Neighbor Configuration You can configure the switch’s IPv6 neighbors manually if a router is unavailable. The procedures in this section describe how to add IPv6 neighbors or remove them from the list and how to find IPv6 neighbors in the list. See the following sections: ...
Page 37: Delete An Ipv6 Neighbor Entry
AT-GS950/16 Web Interface User Guide Figure 9. IPv6 Neighbor Settings Page with Addresses 6. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes. Delete an IPv6 To delete an IPv6 neighbor entry or multiple entries, perform the following...
Page 38: Figure 10. Example Search With Neighbor Ipv6 Address
Chapter 2: System Configuration 2. From the System folder, select IPv6 Neighbor Settings. The IPv6 System Settings Page is displayed. See Figure 9 on page 3. Enter the search criteria using the top row of the table:  To find a specific IPv6 neighbor, do one of the following: Type the IPv6 neighbor address in the Neighbor IPv6 Address field and type an asterisk in the Link Layer MAC Address field.
Page 39: Figure 12. Example Search With Both Addresses
AT-GS950/16 Web Interface User Guide Figure 12. Example Search with Both Addresses  To find all static IPv6 neighbors, type asterisks in the Neighbor IPv6 Address and Link Layer MAC Address fields, then select Static from the drop-down menu under State.
Page 40: Ip Access List Configuration
Chapter 2: System Configuration IP Access List Configuration When the IP Access List feature is enabled, remote access to the AT-S114 management software is restricted to the IP addresses entered into the IP Access List. The procedures in this section describe how to enable or disable the IP Access List feature and how to add or remove IP addresses from the list.
Page 41: Delete An Ip Address List Entry
AT-GS950/16 Web Interface User Guide 3. Enter an IP address one of the IP Address fields: For an IPv4 address, click IPv4, then enter the address using xxx.xxx.xxx.xxx format. For an IPv6 address, click IPv6, then enter the address using xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx format, where each x is a hexadecimal digit representing 4 bits.
Page 42: User Name And Password Configuration
Chapter 2: System Configuration User Name and Password Configuration Password protection is always enabled for access to the AT-S114 Management software. This section explains how to create new user names and passwords and how to modify or delete existing users for the web interface.
Page 43: Modify User Name And Password
AT-GS950/16 Web Interface User Guide 6. To add a password that corresponds to the user name entered in Step 5, enter a password of up to 12 alphanumeric characters in the box next to the Password field. The Password field is case sensitive.
Page 44: Delete User Name And Password
Chapter 2: System Configuration Figure 16. Modify Administration Page 4. To change a password, enter a password of up to 12 alphanumeric characters in the box next to the Password field. 5. To confirm the above password, retype the password in the box next to the Confirm Password field.
Page 45: User Interface Configuration
The Web Server Status is displayed as Enabled for your information only. The Web Server cannot be disabled. SNMP Interface To enable or disable the AT-GS950/16 SNMP interface, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder.
Page 46: User Interface Timeout
Chapter 2: System Configuration Note See Chapter 16, “SNMPv1 and v2c” on page 209 and Chapter 17, “SNMPv3” on page 223 to configure the remaining SNMP parameters. 4. Click Apply under the Web Server Status field. 5. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 47: System Time
AT-GS950/16 Web Interface User Guide System Time The procedures in this section describe how to configure the system time by manually entering the time or through SNTP and how to configure the daylight savings time feature. See the following sections: ...
Page 48: Setting Sntp
Chapter 2: System Configuration 3. Use the pull-down menu to set the Clock Mode parameter to Local time. 4. In the Local Time Settings section, set the Date Setting (YYYY:MM:DD) to the current date in the YYYY:MM:DD format. 5. In the Local Time Settings section, set the Time Settings (HH:MM:SS) to the current time in the HH:MM:SS format.
Page 49: Setting Daylight Savings Parameters
AT-GS950/16 Web Interface User Guide Setting Daylight If you want to configure the switch for daylight savings time, perform the following procedure: Savings Parameters 1. From the main menu on the left side of the page, click the System folder.
Page 50: Ssl Settings
Chapter 2: System Configuration SSL Settings The AT-GS950/16 switch has a web browser server for remote management of the unit with a web browser application from management workstations on your network. By default, the server operates in a non-secure HTTP mode and can be configured to communicate in a secure HTTPS mode with the SSL protocol.
Page 51 AT-GS950/16 Web Interface User Guide 3. From the SSL Settings field, select one of the following choices from the pull-down menu: Enabled - The secure SSL mode is active. You must log into the switch’s management using the HTTPS mode on your browser.
Page 52: Dhcp And Ati Web Discovery Tool
Chapter 2: System Configuration DHCP and ATI Web Discovery Tool The AT-GS950/16 Gigabit Ethernet Smart switch is managed through a web browser interface only. The factory default IP address is 192.168.1.1. The switch does not have a local console connector, which means that you cannot learn what the switch’s management IP address is on a web...
Page 53: Dhcp Client Configuration
AT-GS950/16 Web Interface User Guide DHCP Client Configuration This procedures in this section explain how to activate and deactivate the DHCP client on the AT-GS950/16 switch. See the following sections:  "Activate or Deactivate DCHP for IPv4"  “Activate or Deactivate DCHP for IPv6” on page 54...
Page 54: Activate Or Deactivate Dchp For Ipv6
Chapter 2: System Configuration 5. Use the ATI Web Discovery Tool to find the new IP address assigned to the switch by the DHCP server. See “DHCP and ATI Web Discovery Tool” on page 52 for more information. Note The ATI Web Discovery Tool is available for download on the AT- GS950/16 product page at alliedtelesis.com.
Page 55 AT-GS950/16 Web Interface User Guide To activate or deactivate the DHCP client on the switch for IPv6, perform the following procedure: 1. From the main menu on the left side of the page, click the System folder. The System folder expands.
Page 56: Dhcp Auto Configuration
Chapter 2: System Configuration DHCP Auto Configuration If you need to automatically update the switch’s configuration files via a remote server, the DHCP Auto Configuration feature is available for this purpose via the DHCP server. To configure this feature on the switch, perform the following procedure: Note You must configure your DHCP server to include the configuration file name (option 67) and the server address (option 54).
Page 57: System Information Display
System Information Display The Switch Information page is initially displayed when you first log into the AT-GS950/16 switch. It provides general information about the switch. To view this information, perform the following procedure: 1. From the main menu on the left side of the page, select Switch Info.
Page 58 Chapter 2: System Configuration Hardware Information Section: Version - The hardware version number. DRAM Size - The size of the DRAM, in megabytes. Flash Size - The size of the flash memory, in megabytes. Administration Information Section: Switch Name - This parameter displays the name assigned to the switch.
Page 59 AT-GS950/16 Web Interface User Guide IPv6 Default Gateway - This parameter displays the default gateway IPv6 address. Refer to “IPv6 System Configuration” on page 34 to manually assign a gateway address or “DHCP Client Configuration” on page 53 to activate the DHCP client.
Page 60: System Log Configuration
Chapter 2: System Configuration System Log Configuration The System log is designed to monitor the operation of the AT-GS950/16 switch by recording the event messages it generates during normal operation. These events may provide vital information about system activity that can help in the identification and solutions of system problems.
Page 61 AT-GS950/16 Web Interface User Guide 3. From the Syslog Status field, select one of the following choices from the pull-down menu: Enabled - The System log is active. Disabled - The System log is inactive. 4. From the Time Stamp field, select one of the following choices from the...
Page 62 Chapter 2: System Configuration...
Page 63: Bridge Configuration
Section II Bridge Configuration This section contains the following chapters:  Chapter 3, “Port Configuration” on page 65  Chapter 4, “STP and RSTP” on page 71  Chapter 5, “Multiple Spanning Tree Protocol” on page 87  Chapter 6, “Static Port Trunking” on page 99 ...
Page 65: Chapter 3 : Port Configuration
Chapter 3 Port Configuration This chapter provides a description of the physical characteristics of the ports and a procedure that explains how to view and change the port settings. This chapter includes the following sections:  “Overview” on page 66 ...
Page 66: Overview
Chapter 3: Port Configuration Overview This chapter describes how to display and modify the physical characteristics of an AT-GS950/16 switch. You can display and modify the settings of all the ports on one web page. The port characteristics that are displayed are: ...
Page 67: Displaying And Configuring Ports
This parameter can not be configured on this page. However, for information about configuring a trunk, refer to Chapter 6, “Static Port Trunking” on page 99. Type - Indicates the port type. On the AT-GS950/16, the port type...
Page 68 Chapter 3: Port Configuration is 1000TX for 10/100/1000Base-T twisted-pair ports (1 through 14, 15R and 16R) and 100FX or 1000TX for the SFP ports (15 and 16) for copper or fiber SFP type. Link Status - This parameter indicates the status of the link between the port and the end node connected to the port.
Page 69 AT-GS950/16 Web Interface User Guide Note When QoS is enabled on a port, the Jumbo frame parameter can not be enabled. To enable or disable QoS, see “Mapping CoS Priorities to Egress Queues” on page 198 and “CoS Page” on page 198.
Page 70 Chapter 3: Port Configuration  The only valid setting for the SFP ports is Auto- Negotiation. Flow Control - This parameter reflects the current flow control setting on the port. The switch uses a special pause packet to notify the end node to stop transmitting for a specified period of time.
Page 71: Chapter 4 : Stp And Rstp
Chapter 4 STP and RSTP This chapter provides background information about the Spanning Tree Protocol (STP) and the Rapid Spanning Tree Protocol (RSTP). In addition, there are procedures to configure STP and RSTP. The sections in the chapter include:  “Overview”...
Page 72: Overview
Chapter 4: STP and RSTP Overview The performance of an Ethernet network can be negatively impacted by the formation of a data loop in the network topology. A data loop exists when two or more nodes on a network can transmit data to each other over more than one data path.
Page 73: Bridge Priority And The Root Bridge
AT-GS950/16 Web Interface User Guide Bridge Priority The first task that bridges perform when a spanning tree protocol is activated on a network is the selection of a root bridge. A root bridge and the Root distributes network topology information to the other network bridges and...
Page 74 Chapter 4: STP and RSTP Path Costs and Port Costs After the root bridge has been selected, the bridges determine if the network contains redundant paths and, if one is found, select a preferred path while placing the redundant paths in a backup or blocking state. Where there is only one path between a bridge and the root bridge, the bridge is referred to as the designated bridge, and the port through which the bridge is communicating with the root bridge is referred to as the root...
Page 75: Forwarding Delay And Topology Changes
AT-GS950/16 Web Interface User Guide Table 1. Valid Port Priority Values Port Step Priority Forwarding If there is a change in the network topology due to a failure, removal, or addition of any active components, the active topology also changes. This Delay and may trigger a change in the state of some blocked ports.
Page 76 Chapter 4: STP and RSTP The forwarding delay value is adjustable in the AT-S114 Management software. The appropriate value for this parameter depends on a number of variables; the size of your network is a primary factor. For large networks, you should specify a value large enough to allow the root bridge sufficient time to propagate a topology change throughout the entire network.
Page 77: Figure 24. Point-To-Point Ports
AT-GS950/16 Web Interface User Guide Figure 24. Point-to-Point Ports A port operates as an edge port when it is connected to a network terminal device such as a workstation or a server. An edge port on a bridge should not have any STP or RSTP devices connected to it either directly or through another device connected to that port.
Page 78: Mixed Stp And Rstp Networks
RSTP Networks network can operate together to create a single spanning tree domain. If you decide to activate spanning tree on the switch, Allied Telesis recommends RSTP instead of STP, even when all of other switches in the network are running STP. The AT-GS950/16 switch can combine RSTP with the STP of the other switches.
Page 79: Figure 26. Stp And Vlan Fragmentation With Untagged Ports
AT-GS950/16 Web Interface User Guide Figure 26. STP and VLAN Fragmentation with Untagged Ports You can avoid this problem by connecting the switches using tagged instead of untagged ports when you plan to have STP or RSTP enabled on your network. If each port connecting the two bridges is a tagged...
Page 80: Figure 27. Stp And Vlan Compatibility With Tagged Ports
Chapter 4: STP and RSTP Figure 27. STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports, refer to Chapter 13, “VLAN Overview” on page 158.
Page 81: Stp And Rstp Global Settings
AT-GS950/16 Web Interface User Guide STP and RSTP Global Settings To configure the global (non port-specific) STP and RSTP settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 82 Chapter 4: STP and RSTP The Spanning Tree Protocol Settings page allows you to configure global STP or RSTP protocols, as well as to view current settings of the feature. 4. In the upper portion of the page, you can set the following parameters: Global STP Status - Use this menu to activate or de-activate the STP or RSTP feature on the switch.
Page 83 AT-GS950/16 Web Interface User Guide 5. Once you have configured the parameters, click Apply. Clicking this button activates STP or RSTP and the above parameters on the switch. At the bottom section of the page, the following fields are listed: Note You cannot change these fields.
Page 84: Stp And Rstp Port Settings
Figure 29. Port Settings Page This page displays the following information about the ports: Port - Indicates the port numbers on the AT-GS950/16 switch. You can select the All row to apply the same setting to all ports of your switch.
Page 85 AT-GS950/16 Web Interface User Guide 0 to 200,000,000. A setting of 0 indicates Auto (path cost is based on link negotiation). The path cost is described in “Path Costs and Port Costs” on page 74. External Cost - Applies only to MSTP. For information on MSTP, refer to Chapter 5, “Multiple Spanning Tree Protocol”...
Page 86 Chapter 4: STP and RSTP Auto - Automatically determines whether or not the port is connected to a network device in the network topology. By default, Auto is enabled. ForceTrue - The port is connected to a network device in the network topology.
Page 87: Chapter 5 : Multiple Spanning Tree Protocol
Chapter 5 Multiple Spanning Tree Protocol This chapter provides the procedures for configuring Multiple Spanning Tree Protocol (MSTP). You can find an overview and configuration guidelines for this feature in “MSTP Overview” on page 367. When you configure MSTP, the information should be entered in order on the following web pages: ...
Page 88: Mstp Global Settings
Chapter 5: Multiple Spanning Tree Protocol MSTP Global Settings To configure the MSTP global settings, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 89 AT-GS950/16 Web Interface User Guide 4. In the upper portion of the page, you can set the following parameters: Global STP Status - Use this menu to activate or de-activate the MSTP feature on the switch. From the Global STP Status pull-...
Page 90 Chapter 5: Multiple Spanning Tree Protocol Max Hop Count - The Maximum Hop Count is a parameter set in a BPDU packet when it originates. It is decremented by 1 each time it is retransmitted by the next bridge. When the Hop Count value reaches zero, the bridge drops the BPDU packet.
Page 91: Generic Mstp Port Settings
You may choose a port and configure its MSTP parameters on this page. The following information is displayed: Port - Indicates the port numbers on the AT-GS950/16 switch. You can select the All row to apply the same setting to all ports of your switch.
Page 92 Chapter 5: Multiple Spanning Tree Protocol Blocking - A blocking state does not allow network traffic to be sent or received on a the port, except for BPDU data. A port with a higher path cost to the root bridge than another on the switch will cause a switching loop and is placed in the blocking state by the Spanning Tree algorithm.
Page 93 AT-GS950/16 Web Interface User Guide False - This switch can only operate with RSTP and MSTP packets. The net effect of setting all ports on the switch to True is that it forces the switch into the role of the root bridge regardless of other path costs in the network.
Page 94: Mst Settings
Chapter 5: Multiple Spanning Tree Protocol MST Settings You can create, modify and delete MST instance settings with the procedures in the following sections:  ”Open MST Settings Page”  “Specify Region and Revision Level” on page 94  “Create VLAN Mapping to MST Instance” on page 95 ...
Page 95: Create Vlan Mapping To Mst Instance
AT-GS950/16 Web Interface User Guide See “Multiple Spanning Tree Regions” on page 376 for more information. Revision Level - The parameter indicates the region’s revision and must be identical to the regional names specified on other switches in the same MSTP region. See “Multiple Spanning Tree Regions” on page 376 for more information.
Page 96: Mst Port Settings
You may choose a port and configure its MSTP parameters on this page. The following information is displayed: Port - You can select one of the ports on the AT-GS950/16 switch using the Port drop-down menu. MSTI ID - Indicates the MSTP Instance associated with this port.
Page 97 AT-GS950/16 Web Interface User Guide Role - Indicates whether or not the port is prevented from being a root port. Enabled - The port is prevented from being a root port or a port that is used to communicate with the root bridge.
Page 98: Instance Information
Chapter 5: Multiple Spanning Tree Protocol Instance Information To view MST instance information, perform the following: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select the Spanning Tree folder. The Spanning Tree folder expands.
Page 99: Chapter 6 : Static Port Trunking
Chapter 6 Static Port Trunking This chapter contains a description of port trunking and the procedures for creating, modifying, and deleting a static port trunk. The following topics are discussed:  “Overview” on page 100  “Create a Port Trunk” on page 103 ...
Page 100: Overview
AT-S114 Management software on the switch automatically groups them together. The example in Figure 35 illustrates a static port trunk of four links between two AT-GS950/16 switches. Figure 35. Static Port Trunk Example...
Page 101 General Guidelines Following are the guidelines for creating a static trunk:  Allied Telesis recommends setting static port trunks between Allied Telesis networking devices to ensure compatibility.  A static trunk can contain up to 10 ports.
Page 102 Chapter 6: Static Port Trunking  A port can belong to only one static trunk at a time.  The ports of a static trunk can be configured to be members of more than one VLAN.  The ports of a static trunk can be either untagged or untagged members of the same VLAN.
Page 103: Create A Port Trunk
AT-GS950/16 Web Interface User Guide Create a Port Trunk This procedure explains how to create a static port trunk. Caution Do not connect the cables of a port trunk to the ports on the switch until you have configured the ports on both the switch and the end nodes.
Page 104 8. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes. 9. Configure the port trunk on the other switch. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/16 switch and the trunk ports on the other switch.
Page 105: Modify A Port Trunk
AT-GS950/16 Web Interface User Guide Modify a Port Trunk This procedure explains how to change the status of a port trunk and add or remove ports from a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk.
Page 106 Chapter 6: Static Port Trunking 9. Configure the port trunk on the other switch with the same parameters. 10. Connect the Ethernet cables between trunk ports on the AT-GS950/16 switch and the trunk ports on the other switch.
Page 107: Disable A Port Trunk
AT-GS950/16 Web Interface User Guide Disable a Port Trunk This procedure explains how to disable a port trunk. Caution Before you disable or modify a port trunk, disconnect all of the cables from the ports of the trunk. Leaving the cables connected during the reconfiguration of a trunk can create loops in your network topology.
Page 108 Chapter 6: Static Port Trunking...
Page 109: Chapter 7 : Lacp Port Trunks
AT-GS950/16 Web Interface User Guide Chapter 7 LACP Port Trunks This chapter contains overview information about LACP port trunks and the procedures for setting this feature. This chapter contains the following sections:  “Overview” on page 110  “System Priority” on page 111 ...
Page 110: Overview
The main component of an LACP trunk is an aggregator which manages a group of ports on the switch. On the AT-GS950/16 switch, the ports assigned to a trunk group are automatically assigned to an aggregator.
Page 111: System Priority
AT-GS950/16 Web Interface User Guide System Priority It is possible for two devices interconnected by an aggregate trunk to encounter a conflict when they form the trunk. For example, the two devices might not support the same number of active ports in an aggregate trunk or might not agree on which ports are active and which are in standby mode.
Page 112: Port Priority Value
Chapter 7: LACP Port Trunks Port Priority Value The switch uses a port’s LACP priority to determine which ports are active and which are in the standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active ports.
Page 113: General Guidelines
AT-GS950/16 Web Interface User Guide General Guidelines The following guidelines apply when creating aggregators:  LACP must be activated on both the AT-GS950/16 switch and its partner device.  The other device must be 802.3ad-compliant.  The AT-S114 Management software supports up to eight active ports in an aggregate trunk at a time.
Page 114 If the number is less than eight, the maximum number for the AT-GS950/16 switch, you should assign the other vendor’s device a higher system LACP priority than your AT-GS950/16 switch.
Page 115: Group Status
AT-GS950/16 Web Interface User Guide Group Status To display the LACP Group Status, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands.
Page 116: Configuration Example
Chapter 7: LACP Port Trunks Configuration The following procedure provides an example for an LACP group configuration: Example 1. Use the procedure given in “Create a Port Trunk” on page 103: Configure Trunk ID 1 as Active with ports 1 - 9. The LACP Group Status Page is updated.
Page 117: Figure 39. Lacp Group Status Page With Three Cables Connected
AT-GS950/16 Web Interface User Guide Figure 39. LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link-Up status.
Page 118: Port Priority Configuration
2. From the Bridge folder, select the Trunk Config folder. The Trunk Config folder expands. 3. From the Trunk Config folder, select Port Priority. The AT-GS950/16 Port Priority Page is displayed. See Figure 40 for a partial view of this page. Figure 40. AT-GS950/16 Port Priority Page The System Priority is a preassigned value that you cannot alter.
Page 119: Chapter 8 : Port Mirroring
Chapter 8 Port Mirroring This chapter describes the Port Mirroring feature and the procedure for setting up port mirroring. Port mirroring allows you to unobtrusively monitor the ingress and egress traffic on a port by having the traffic copied to another port.
Page 120: Overview
Chapter 8: Port Mirroring Overview The port mirroring feature allows you to unobtrusively monitor the traffic received and transmitted on one or more ports by copying the traffic to another switch port. You can connect a data analyzer to the port where the traffic is copied and monitor the traffic on the other ports without impacting network performance or speed.
Page 121: Port Mirroring Configuration
AT-GS950/16 Web Interface User Guide Port Mirroring Configuration To configure Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring Page is displayed. See Figure 41.
Page 122 6. Click Apply on the right-hand side of the page. The Port Mirroring configuration is implemented immediately on the AT-GS950/16 switch. You can connect a data analyzer to the mirroring port to monitor the Ethernet traffic on the source port(s).
Page 123: Disable Port Mirroring
AT-GS950/16 Web Interface User Guide Disable Port Mirroring To disable Port Mirroring, perform the following procedure: 1. Select the Bridge folder. The Bridge folder expands. 2. From the Bridge folder, select Mirroring. The Mirroring page is shown in Figure 41 on page 121.
Page 124 Chapter 8: Port Mirroring...
Page 125: Chapter 9 : Loopback Protection
Loopback Protection This chapter explains how to configure the Loopback Protection feature for specific ports on the AT-GS950/16 switch. If the Tx and Rx pairs on the same port are connected, then this feature detects this condition and disables the port for a pre-configured amount of time.
Page 126: Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select Loopback Detection. The AT-GS950/16 Loopback Detection Page is displayed. See Figure 42 for a partial view of this page. Figure 42. AT-GS950/16 Loopback Detection Page 3.
Page 127 Note In the All row when you select Enable or Disable instead of Ignore, the selection applies to all of the AT-GS950/16 switch ports. 7. Click the Apply button in the Action column of the table. 8. Repeat Step 6 and Step 7 for other individual port settings.
Page 128: Status
Chapter 9: Loopback Protection Status The status of the Loopback Detection is given in the Loop Status column of the table at the bottom of the Loopback Detection page. See Figure 42 on page 126. The status is one of the following states: Normal: This status indicates that the port does not have the Tx to Rx pairs connected.
Page 129: Chapter 10 : Mac Address Table
Chapter 10 MAC Address Table This chapter provides a description of the static unicast and multicast MAC address features and the procedures for configuring them. This chapter includes the following sections:  “Overview” on page 130  “Static Unicast MAC Address Configuration” on page 132 ...
Page 130: Overview
Chapter 10: MAC Address Table Overview The AT-GS950/16 switch has a MAC address table with a storage capacity of up to 8,000 entries. The table stores the MAC addresses of the network nodes connected to its ports and the port number where each address is learned.
Page 131 AT-GS950/16 Web Interface User Guide If a multicast address and its associated ports of the switch are predefined within the network design and they will not change over time, then they can be manually entered as static entries into the MAC address table. This...
Page 132: Static Unicast Mac Address Configuration
Static Unicast MAC Address Configuration This procedure explains how to set the static unicast feature for each port on the AT-GS950/16 switch. Before beginning this procedure, you must create either an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: ...
Page 133: Figure 44. Static Unicast Address Table With Port-Based Vlan Example
AT-GS950/16 Web Interface User Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which has not been defined, or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Page 134: Modify Static Unicast Address
Chapter 10: MAC Address Table Modify Static Unicast Address To modify the port assignment of a unicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 135: Delete Static Unicast Address
AT-GS950/16 Web Interface User Guide Delete Static Unicast Address To delete a unicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 136: Static Multicast Address Configuration
Static Multicast Address Configuration This procedure explains how to set the static multicast feature for each port on the AT-GS950/16 switch. Before beginning this procedure, you must create an 802.1Q VLAN ID or a Port-Based VLAN Index. For information about defining these parameters, see: ...
Page 137: Figure 47. Static Multicast Address Table Example
AT-GS950/16 Web Interface User Guide Note An error message is generated when you enter a VLAN ID or VLAN Index which has not been defined, or when you enter a VLAN ID or VLAN Index without also clicking on the respective radio button.
Page 138 Chapter 10: MAC Address Table 7. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 139: Modify Static Multicast Address
AT-GS950/16 Web Interface User Guide Modify Static Multicast Address To modify the port assignment of a multicast MAC address in the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 140: Delete Static Multicast Address
Chapter 10: MAC Address Table Delete Static Multicast Address To delete a multicast MAC address from the MAC address table, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder. 2.
Page 141: Chapter 11 : Igmp Snooping
Chapter 11 IGMP Snooping This chapter contains a description of the IGMP Snooping feature, as well as procedures for working with IGMP Snooping in the web interface. The following topics are discussed:  “Overview” on page 142  “IGMP Snooping Configuration” on page 144 ...
Page 142: Overview
Version 3 adds the ability of host nodes to join or leave specific sources in a multicast group. The IGMP snooping feature on the AT-GS950/16 switch supports IGMP versions 1 and 2. The switch monitors the flow of queries from a router and checks report and leave messages from host nodes to build its own multicast membership lists.
Page 143 Such flooding of packets can negatively impact network performance. The AT-GS950/16 switch maintains a list of multicast groups through an adjustable time-out value, which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups, and by processing leave requests.
Page 144: Igmp Snooping Configuration
Chapter 11: IGMP Snooping IGMP Snooping Configuration This procedure explains how to set IGMP snooping and IGMP Snooping Querier on the switch, and set the IGMP Snooping (V1) age-out timer. To configure IGMP snooping, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 145 AT-GS950/16 Web Interface User Guide 5. To set the Age-Out Timer, type the number of seconds you want the switch to wait before it purges an inactive dynamic MAC address. The range of this parameter is from 280 to 420 seconds.
Page 146: Figure 50. Igmp Snooping Page With Mac Address
Chapter 11: IGMP Snooping Figure 50. IGMP Snooping Page with MAC Address 14. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 147: Igmp Snooping Router Port Modification
AT-GS950/16 Web Interface User Guide IGMP Snooping Router Port Modification This procedure explains how to modify the IGMP snooping router port. To modify the IGMP snooping router port, perform the following procedure: 1. From the main menu on the left side of the page, select the Bridge folder.
Page 148 Chapter 11: IGMP Snooping 5. In the Static Router Port row, select the check boxes for the ports that you want to include or remove in the Static Router Port area. Selected ports are indicated with a check mark. To select all ports, click the All button under Static Router Port. Note To restore the original group member ports, click Restore.
Page 149: Chapter 12 : Storm Control
Chapter 12 Storm Control This chapter contains a description and configuration procedures for the Storm Control (bandwidth) feature. The following topics are discussed:  “Overview” on page 150  “Configuration” on page 152  “Ingress Rate Limiting” on page 154 ...
Page 150: Overview
Each setting can be configured on individual ports or on all of the ports of the AT-GS950/16 switch. Traffic is measured in packets per second. See the following definitions for more information about these settings.
Page 151: Ingress Rate Limiting
AT-GS950/16 Web Interface User Guide Ingress Rate The Ingress Rate Limiting feature restricts the traffic to a pre-configured data rate that can flow into a port. This data rate limit can be configured in Limiting 64 Kbps increments within a range from 64 Kbps to 1000 Mbps. The...
Page 152: Configuration
2. From the Bridge folder, select Bandwidth Control. The Bandwidth Control folder expands. 3. From the Bandwidth Control folder, select Storm Control. The AT-GS950/16 Storm Control page is displayed. See Figure 53 for a partial view of this page. Figure 53. AT-GS950/16 Storm Control Page 4.
Page 153 AT-GS950/16 Web Interface User Guide 6. To enable or disable ingress and egress Broadcast packets, select Enable or Disable from the Broadcast pull-down menu next to the port that you want to change. You can select the All row to set all of the ports to the same setting.
Page 154: Ingress Rate Limiting
The AT-GS950/16 Ingress Rate Limiting page is displayed. See Figure 54 for a partial view of this page. Figure 54. AT-GS950/16 Ingress Rate Limiting Page 4. To set the Bandwidth field on the AT-GS950/16 switch, enter a number in the range from 1 to 15625. Note Refer to “Ingress Rate Limiting”...
Page 155 AT-GS950/16 Web Interface User Guide 5. To enable or disable the ingress rate filter, select Enable or Disable from the Status pull-down menu next to the port that you want to change. You can select the All row to set all of the ports to the same setting.
Page 156: Egress Rate Limiting
Chapter 12: Storm Control Egress Rate Limiting This procedure explains how to set Bandwidth levels and Status for Egress Rate Limiting on each port of the AT-GS950/16 switch. To change the settings of the egress rate limiting feature, perform the following procedure: 1.
Page 157: Chapter 13 : Virtual Lans
Chapter 13 Virtual LANs This chapter contains a description of Virtual Local Area Networks (VLANs) and the procedures for creating, modifying, and deleting both port-based and tagged VLANs. It also describes setting the mode of the MAC address forwarding table, viewing the dynamic forwarding table, configuring private VLANs, and viewing the current VLAN database.
Page 158: Vlan Overview
Chapter 13: Virtual LANs VLAN Overview A virtual LAN (VLAN) is a group of ports on an Ethernet switch that form a logical Ethernet segment via the AT-S114 Management software. The ports of a VLAN form an independent traffic domain where the traffic generated by the nodes of a VLAN remains within the VLAN.
Page 159: Port-Based Vlan Overview
VLAN do not need to be connected to the same switch, so they are not restricted to being in the same physical location. The AT-GS950/16 Gigabit Ethernet Smart Switch supports the following types of VLANs: ...
Page 160: Tagged Vlan Overview
You must assign a unique number to each VLAN in a network. This number is called the Port-Based VLAN Index. This number uniquely identifies a VLAN in the AT-GS950/16 switch and across the network. Each port of a port-based VLAN can belong to as many VLANs as needed.
Page 161 You must assign a unique number to each tagged VLAN in a network. This number is called the tagged VLAN ID. This number uniquely identifies a tagged VLAN in the AT-GS950/16 switch and across the network. VLAN Name To create a tagged VLAN, you must give it a unique name. This name can reflect the function of the network devices that are VLAN members, such as Sales, Production, and Engineering.
Page 162: Private Vlan Overview
 A tagged port can be a member of multiple VLANs.  The AT-GS950/16 Gigabit Ethernet Switch can support up to 255 tagged VLANs per switch. Private VLAN Private VLANs create special broadcast domains in which the traffic of the member ports is restricted to source ports.
Page 163 AT-GS950/16 Web Interface User Guide Forwarding Ports Forwarding ports of a private port VLAN can only forward traffic to, and receive traffic from, a source port, and are prohibited from forwarding traffic to each other. A private port VLAN can have any number of forwarding ports on the switch, up to all the ports, minus the source port.
Page 164: Assign Ports To A Vlan Mode
3. From the VLAN folder, select VLAN Mode. The VLAN Mode Page is displayed. See Figure 56. Figure 56. AT-GS950/16 VLAN Mode Page 4. To add ports to an 802.1Q Tagged VLAN or Port-Based VLAN, select the ports accordingly on the VLAN Mode Page.
Page 165 AT-GS950/16 Web Interface User Guide Note Before you assign a port as a member of a port-based VLAN, you must create the port-based VLAN by following the steps defined in “Port-Based VLAN Configuration” on page 173. 5. Click Apply. 6. If you want to restore the port assignment before saving the configuration, click Restore.
Page 166: Tagged Vlan Configuration
1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Tagged VLAN. The AT-GS950/16 Tagged VLAN Page is displayed. See Figure 57. Figure 57. AT-GS950/16 Tagged VLAN Page...
Page 167 AT-GS950/16 Web Interface User Guide 4. Assign a VLAN ID by entering a VLAN ID in the VLAN ID field. The range for this field is 2 to 4,093. You can create a maximum of 255 tagged VLANs. 5. Assign a name for the VLAN by entering a unique name in the VLAN Name field.
Page 168: Modify A Tagged Vlan
An example of a tagged VLAN is shown in the table at the bottom of Figure 58. Figure 58. Example of AT-GS950/16 Tagged VLAN Page 4. In the VLAN Action column, click Modify in the row of the VLAN that you want to change.
Page 169: Figure 59. At-Gs950/16 Modify Vlan Page
AT-GS950/16 Web Interface User Guide Figure 59. AT-GS950/16 Modify VLAN Page 5. You cannot modify the VLAN ID on this web page. If you want to delete the VLAN ID, go to “Delete a Tagged VLAN” on page 170 for more information.
Page 170: Delete A Tagged Vlan
Chapter 13: Virtual LANs Note The Management VLAN is always Enabled on the DefaultVLAN and cannot be disabled. 8. To change the port selections, click on the port numbers labeled either Static Tagged or Static Untagged. You can also use the All button to select all ports as Static Tagged or Static Untagged.
Page 171: Tagged Vlan Port Settings
2. From the Bridge folder, select VLAN. The VLAN folder expands. 3. From the VLAN folder, select Port Settings. The AT-GS950/16 VLAN Port Settings Page is displayed. See Figure 60 for a partial view of this page. Figure 60. AT-GS950/16 VLAN Port Settings Page 4.
Page 172 Chapter 13: Virtual LANs to the port to enter the switch. Tagged frames are discarded at ingress. 6. For the Ingress Filtering parameter, select one of the following choices from the pull-down menu: Enabled - This enables ingress filtering at the selected port. Disabled - This disables ingress filtering at the selected port.
Page 173: Port-Based Vlan Configuration
AT-GS950/16 Web Interface User Guide Port-Based VLAN Configuration A port-based VLAN is a group of ports on the switch that form a logical Ethernet segment. This type of VLAN is independent of the header information including VLAN tags in a frame.
Page 174: Modify A Port-Based Vlan
An example VLAN is shown in the table at the bottom of the Port- Based VLAN Page. See Figure 62. Figure 62. Example of AT-GS950/16 Port Based VLAN Page 4. In the VLAN Action column, click Modify next to the VLAN that you want to change.
Page 175: Delete A Port-Based Vlan
AT-GS950/16 Web Interface User Guide Figure 63. Modify Port-Based VLAN Page 5. Modify name or port assignments as needed. You cannot modify the Index number from this page. 6. Click Apply. 7. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 176: Select Mac Address Forwarding Table Mode
Chapter 13: Virtual LANs Select MAC Address Forwarding Table Mode After you have configured the VLANs on the switch, you can select one of two modes in which the switch learns MAC addresses: Independent VLAN learning (IVL) or Shared VLAN learning (SVL). IVL is the default mode. For more information on IVL and SVL, refer to the IEEE 802.1Q standard.
Page 177: View Dynamic Forwarding Table
AT-GS950/16 Web Interface User Guide View Dynamic Forwarding Table You can view the MAC addresses the switch has stored in the forwarding table. You can view all of the addresses in the table or only the addresses learned on a particular port.
Page 178 Chapter 13: Virtual LANs MAC Address - MAC address learned by the switch or assigned to the port. Type - Dynamic or Static: Dynamic - MAC address the switch learns automatically and is not stored indefinitely in the table. Static - MAC address assigned manually and remains in the table indefinitely.
Page 179: Private Vlan Configuration
AT-GS950/16 Web Interface User Guide Private VLAN Configuration You can create, modify, and delete private VLANs by following the procedures in the following sections:  “Enable or Disable Private VLAN”  “Create a Private VLAN” on page 180  “Modify a Private VLAN” on page 181 ...
Page 180: Create A Private Vlan
Chapter 13: Virtual LANs 4. Use the State radio buttons to select the Private VLAN state: Enabled - Will activate Private VLAN. The other parameters on the web page will become active. Disabled - Will de-activate Private VLAN. The other parameters on the web page will become inactive and will be greyed out so that data cannot be entered.
Page 181: Modify A Private Vlan
AT-GS950/16 Web Interface User Guide 7. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes. Modify a Private To modify a private VLAN, perform the following procedure: VLAN 1.
Page 182: View Current Vlan Database
Chapter 13: Virtual LANs View Current VLAN Database You can view the currently configured 802.1Q Tagged and Port-Based VLANs on the switch. To view these VLAN configurations, perform the following procedure: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 183 AT-GS950/16 Web Interface User Guide Port-Based VLAN table: VLAN Index - VLAN ID numbers. VLAN Name - VLAN names. VLAN Member - VLAN (untagged) member ports.
Page 184 Chapter 13: Virtual LANs...
Page 185: Chapter 14 : Gvrp
Chapter 14 GVRP This chapter contains the following sections:  “Overview and Guidelines” on page 186  “General Configuration” on page 187  “Port Settings” on page 188  “Time Settings” on page 190...
Page 186: Overview And Guidelines
 The default port setting on the switch for GVRP is active, meaning that the ports participate in GVRP. Allied Telesis recommends disabling GVRP on those ports that are connected to GVRP-inactive devices, meaning devices that do not feature GVRP.
Page 187: General Configuration
AT-GS950/16 Web Interface User Guide General Configuration Perform the following procedure to enable or disable GVRP: 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select GVRP.
Page 188: Port Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Port Settings. The AT-GS950/16 Port Settings Page is displayed. See Figure 69 for a partial view of this page. Figure 69. GVRP Port Settings Page 4.
Page 189 AT-GS950/16 Web Interface User Guide Ignore - This parameter indicates that the setting in the All row does not apply to the Restricted VLAN Registration field. In other words, each port is set individually. Enabled - The Restricted VLAN Registration is activated for the port row selected.
Page 190: Time Settings
2. From the Bridge folder, select GVRP. The GVRP folder expands. 3. From the GVRP folder, select Time Settings. The AT-GS950/16 GVRP Time Settings Page is displayed. See Figure 70 for a partial view of this page. Figure 70. AT-GS950/16 GVRP Time Settings Page...
Page 191 AT-GS950/16 Web Interface User Guide LeaveTime - This parameter is the GARP Leave Timer. Its range is 30 - 2147483630 milli-seconds. This timer must be set in relation to the GVRP Join Timer according to the following equation: GARPLeaveTimer >= (GARPJoinTimer X 2) + 10 LeaveAllTime - This parameter is the GARP Leave Timer.
Page 192 Chapter 14: GVRP...
Page 193: Chapter 15 : Quality Of Service And Class Of Service
Chapter 15 Quality of Service and Class of Service This chapter provides descriptions of both the Quality of Service (QoS) and Class of Service (CoS) features. The following topics are covered:  “Overview” on page 194  “Mapping CoS Priorities to Egress Queues” on page 198 ...
Page 194: Overview
Chapter 15: Quality of Service and Class of Service Overview When a port on an Ethernet switch becomes oversubscribed, its egress queues contain more packets than the port can handle in a timely manner. In this situation, the port may be forced to delay the transmission of some packets, resulting in the delay of packets reaching their destinations.
Page 195: Egress Queue Vs Packet Priority Mapping
AT-GS950/16 Web Interface User Guide Egress Queue vs Each port has four egress queues, labeled Low, Medium, High, Highest. Low is the lowest priority queue and Highest is the highest. A packet in a Packet Priority high-priority egress queue is typically transmitted sooner than a packet in Mapping a low-priority queue.Table 2 lists the default mappings between the eight...
Page 196: Prioritizing Untagged Packets
However, the Untagged Packets AT-GS950/16 switch has a priority associated with each individual ingress port. By default, each port’s priority is Low. You can redefine this parameter as described in “Associate Ports to CoS Priorities” on page 200.
Page 197: Table 4. Example Of Weighted Round Robin Priority
AT-GS950/16 Web Interface User Guide instance, as long as there are packets in the Highest queue, it does not handle any packets in the High queue. The value of this type of scheduling is that high-priority packets are always handled before low-priority packets which is required for voice or video data.
Page 198: Mapping Cos Priorities To Egress Queues
Chapter 15: Quality of Service and Class of Service Mapping CoS Priorities to Egress Queues Before mapping the CoS priorities and the egress queues, you must disable the Jumbo frame parameter on each port. See the Jumbo parameter definition in “Displaying and Configuring Ports” on page 67. Note When Jumbo frames are enabled, CoS cannot be enabled.
Page 199 AT-GS950/16 Web Interface User Guide 4. For each Traffic Class whose queue you want to change, click on the Queue (Low, Medium, High, Highest) radio button that applies to your configuration. 5. After you have completed this mapping process, select Enable in the QoS Status field.
Page 200: Associate Ports To Cos Priorities
2. From the Bridge folder, select QoS. The QoS folder expands. 3. From the QoS folder, select Port Priority. The AT-GS950/16 Port Priority Page page is displayed. See Figure 72 for a partial view of this page. Figure 72. AT-GS950/16 Port Priority Page 4.
Page 201: Associate Dscp Classes To Egress Queues
AT-GS950/16 Web Interface User Guide Associate DSCP Classes to Egress Queues If you choose to use the DSCP tags in your Access Control policy configuration, each DSCP value (0-63) that is relevant to your configuration must be mapped to one of the four egress queues (Low - Highest).
Page 202 Chapter 15: Quality of Service and Class of Service 5. Click Apply under the DSCP Mapping drop-down menu. Note You can disable DSCP class mapping by selecting Disabled from the DSCP Mapping drop-down menu, then clicking Apply under the DSCP Mapping drop-down menu. 6.
Page 203: Queue Scheduling Algorithm
AT-GS950/16 Web Interface User Guide Queue Scheduling Algorithm To change the scheduling algorithm for the egress queues, perform the following procedure. 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands. 2. From the Bridge folder, select QoS.
Page 204: Ipv6 Traffic Class Mapping
Chapter 15: Quality of Service and Class of Service IPv6 Traffic Class Mapping You can create and delete entries for IPv6 traffic class mapping by following the procedures in the following sections:  “Enable or Disable IPv6 Traffic Class Mapping” ...
Page 205: Create Ipv6 Traffic Class Entries
AT-GS950/16 Web Interface User Guide 4. Use the State radio buttons to select the IPv6 Traffic Class Priority state: Enabled - Will activate IPv6 Traffic Class Priority mapping. The other parameters on the web page will become active. Disabled - Will de-activate IPv6 Traffic Class Priority mapping. The other parameters on the web page will become inactive and will be greyed out so that data cannot be entered.
Page 206: Delete An Ipv6 Traffic Class Entry
Chapter 15: Quality of Service and Class of Service Delete an IPv6 To delete an IPv6 traffic class priority entry, perform the following procedure: Traffic Class Entry 1. From the main menu on the left side of the page, select Bridge. The Bridge folder expands.
Page 207: Advanced Features
Section III Advanced Features This section contains the following chapters:  Chapter 16, “SNMPv1 and v2c” on page 209  Chapter 17, “SNMPv3” on page 223  Chapter 18, “Access Control Configuration” on page 241  Chapter 19, “RMON” on page 257 ...
Page 209: Chapter 16 : Snmpv1 And V2C
Chapter 16 SNMPv1 and v2c This chapter contains a description of SNMPv1 and SNMPv2c and the procedures for configuring with these protocols. This chapter contains the following sections:  “SNMPv1 and SNMPv2c Overview” on page 210  “Trap Receiver Attributes” on page 211 ...
Page 210: Snmpv1 And Snmpv2C Overview
In the SNMPv1 and SNMPv2c protocols, the terms agent and manager may be used. An agent is software which runs on managed equipment such as the AT-GS950/16 switch. A manager is a workstation or server that runs the SNMP Network Management System (NMS) software.
Page 211: Trap Receiver Attributes
AT-GS950/16 Web Interface User Guide Trap Receiver Attributes A trap is a message sent by the agent to one or more managers to indicate the occurrence of a particular event on the device. There are numerous events that can trigger a trap. For instance, when the switch reboots or when the Spanning Tree Root Bridge changes.
Page 212: Activate Snmp Interface
Chapter 16: SNMPv1 and v2c Activate SNMP Interface The SNMP interface is activated by default. If you want to de-activate it or re-activate it, go to “User Interface Configuration” on page 45.
Page 213: Snmpv1 And Snmpv2C User And Group Names
AT-GS950/16 Web Interface User Guide SNMPv1 and SNMPv2c User and Group Names SNMPv1 and SNMPv2c User Name and Group Name definitions is the basis for creating SNMP communities. Use the following sections to create and delete User and Group Names: ...
Page 214: Figure 78. Snmp User/Group Page Example
Chapter 16: SNMPv1 and v2c Note If you choose to use the default User and Group Names (ReadOnly and ReadWrite) that are already displayed in the table, proceed to Step 7 below. 3. Type a new User Name. Enter a name up to 32 characters in length. 4.
Page 215: Modify User And Group Names
AT-GS950/16 Web Interface User Guide Modify User and If you need to modify an entry in the SNMP User/Group page, you must first delete the entry and then re-enter it. For information about how to Group Names delete an entry in this table, see “Delete User and Group Names,” next.
Page 216: Snmp Community Strings
Chapter 16: SNMPv1 and v2c SNMP Community Strings A community string has attributes for controlling who can use the string and what the string will allow a network management station to do on the switch. The AT-S114 Management Software does not provide any default community strings.
Page 217: Modify Snmp Community Strings
AT-GS950/16 Web Interface User Guide Note This name must match one of the User Names displayed on the SNMP User/Group page. See “Create User and Group Names” on page 213. If you enter a user name that has not been pre-defined on the SNMP User/Group page, the Community entry is displayed, but the agent/manager communication fails.
Page 218 Chapter 16: SNMPv1 and v2c 4. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 219: Snmp Traps
AT-GS950/16 Web Interface User Guide SNMP Traps A Host IP address is used to specify a management device that needs to receive SNMP traps sent by the switch. This IP address is associated with the SNMP Version and a valid Community Name in the Host table of the switch.
Page 220: Modify A Trap Host Table Entry
Chapter 16: SNMPv1 and v2c 5. Enter the Host IP Address for the management device that is to receive the SNMP traps in one of the Host IP Address fields: For an IPv4 address, click IPv4, then enter the address using xxx.xxx.xxx.xxx format.
Page 221: Delete A Trap Host Table Entry
AT-GS950/16 Web Interface User Guide Delete a Trap Use the following procedure to delete a Host table entry: Host Table Entry 1. From the main menu on the left side of the page, select the SNMP folder. The SNMP folder expands.
Page 222 Chapter 16: SNMPv1 and v2c...
Page 223: Chapter 17 : Snmpv3
Chapter 17 SNMPv3 This chapter contains a description of SNMPv3 and the procedures for configuring this protocol. This chapter contains the following sections:  “Overview” on page 224  “SNMPv3 User and Group Names” on page 228  “SNMPv3 View Names” on page 231 ...
Page 224: Overview
Chapter 17: SNMPv3 Overview The SNMPv3 protocol builds on the existing SNMPv1 and SNMPv2c protocol implementation which is described in Chapter 16 on page 209. In SNMPv3, User-based Security Model (USM) authentication is implemented along with encryption, allowing you to configure a secure SNMP environment.
Page 225: Snmpv3 Privacy Protocol
AT-GS950/16 Web Interface User Guide In addition, you have the option of assigning no user authentication. In this case, no authentication is performed for this user. You may want to make this configuration for someone with super-user capabilities. SNMPv3 Privacy...
Page 226: Snmpv3 Configuration Process
Chapter 17: SNMPv3 In addition, you can define an MIB view that the user can access or an MIB view that the user cannot access. When you want to permit a user to access an MIB view, you include a particular view. When you want to deny a user access to an MIB view, you exclude a particular view.
Page 227: Figure 84. Snmpv3 Table Relationships
AT-GS950/16 Web Interface User Guide 5. Finally, the traps can be defined on the Trap Management page based on the Community or User Name. See Figure 84 for an illustration of how the user configuration tables are linked. Figure 84. SNMPv3 Table Relationships...
Page 228: Snmpv3 User And Group Names
Chapter 17: SNMPv3 SNMPv3 User and Group Names An SNMPv3 User Name and Group Name definition is the basis for all other SNMPv3 tables. You can create and delete View Names by following the procedures in the following sections:  “Creating SNMPv3 User and Group Names”...
Page 229: Modifying Snmpv3 User And Group Names
AT-GS950/16 Web Interface User Guide SHA - The SHA authentication protocol. Users are authenticated with the SHA authentication protocol after a message is received. 8. Enter the password for the Auth-Protocol. 9. Select one of the following choices for the Priv-Protocol field: DES: Specifies DES encryption scrambles the SNMP data so that outside observers are prevented from seeing the data content.
Page 230: Deleting Snmpv3 User And Group Names
Chapter 17: SNMPv3 Deleting SNMPv3 This procedure explains how to delete an entry on the SNMP User/Group page. User and Group Names 1. From the main menu on the left side of the page, select the SNMP folder. The SNMP folder expands. 2.
Page 231: Snmpv3 View Names
AT-GS950/16 Web Interface User Guide SNMPv3 View Names The SNMPv3 View names are defined in the SNMP Group Access table and are based on the User and Group Names.You can create and delete View Names with the following procedures: ...
Page 232 Chapter 17: SNMPv3 3. Enter the Group Name. Note This entry must be pre-defined on the SNMP User/Group page. Refer to “Creating SNMPv3 View Names” on page 231. 4. Enter the Read View Name. This name is an optional field. It can be up to 32 characters in length. 5.
Page 233: Modifying Snmpv3 View Names
AT-GS950/16 Web Interface User Guide Figure 87. SNMP Group Access Table Example for SNMPv3 10. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes. Modifying If you need to modify an entry in the SNMP Group Access page, you must first delete the entry and then re-enter it.
Page 234: Snmpv3 View Table
Chapter 17: SNMPv3 SNMPv3 View Table The SNMPv3 View table specifies the MIB object access criteria for each View Name. If the View Name is not specified on this page, then it has access to all MIB objects. You can specify specific areas of the MIB that can be accessed or denied based on the entries in this table.
Page 235: Modifying Snmpv3 View Table Entries
AT-GS950/16 Web Interface User Guide 5. Enter “1” for the OID Mask. 6. Enter the View Type. Choose from the following: Included: This selection allows the specified MIB object to be included in the view. Excluded: This selection blocks the view of the specified MIB object.
Page 236 Chapter 17: SNMPv3 Note The views corresponding to the ReadOnly and ReadWrite Group Names are default values and cannot be removed. 3. From the main menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 237: Snmpv3 Traps
AT-GS950/16 Web Interface User Guide SNMPv3 Traps The creation, modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1/v2. See “SNMP Traps” on page 219.
Page 238: Snmp Engine Id
Chapter 17: SNMPv3 SNMP Engine ID An SNMP agent has an engine ID to uniquely identify the agent in a device. In addition, the engine ID uniquely identifies MIB objects within a domain. Following the RFC 3411 standard, the engine ID consists of the enterprise ID and the MAC address for the switch.
Page 239 AT-GS950/16 Web Interface User Guide 2. From the SNMP folder, select Engine ID. The SNMP Engine ID Settings page is displayed. See Figure 90 on page 238. 3. Reset the engine ID: To reset the engine ID to the previous setting, click Reset.
Page 240 Chapter 17: SNMPv3...
Page 241: Chapter 18 : Access Control Configuration
Chapter 18 Access Control Configuration This chapter contains a description of the AT-GS950/16 switch’s Access Control Configuration feature and the procedures to create, modify, and delete an Access Control configuration. This chapter contains the following sections.  “Overview” on page 242 ...
Page 242: Overview
Chapter 18: Access Control Configuration Overview Access Control configuration allows you to control different aspects of the Ethernet traffic as it enters the switch ports and is processed through the switch. You can specify which traffic is permitted or denied to flow through the switch by setting up specific filtering criteria at an ingress port.
Page 243: Policy Settings
AT-GS950/16 Web Interface User Guide Policy Settings The Policy Settings page lets you create one or multiple IPv4 and/or IPv6 policies for filtering and policing Ethernet traffic. You can create, modify, or delete a policy by following the procedures in the following sections: ...
Page 244: Figure 92. Ipv4 Policy Settings Page
Chapter 18: Access Control Configuration Figure 92. IPv4 Policy Settings Page To create an IPv6 policy, click Add IPv6. The IPv6 Policy Settings page is displayed. See Figure 93. Figure 93. IPv6 Policy Settings Page...
Page 245 AT-GS950/16 Web Interface User Guide 4. Enter a number in the Policy Index field. The Policy Index must be a unique number within the range of 1 - 65535 which identifies the policy. This field is mandatory. 5. Enter a number in the Policy Sequence field.
Page 246 Chapter 18: Access Control Configuration IPv4 Ether Type - Protocol of the ethernet frame protocol ranging from 0000 - FFFF. Applies to IPv4 only. Protocol - Packet protocol ranging from 0 - 255. IPv4 Source IP Address - Source IPv4 address. Applies to IPv4 only.
Page 247: Change A Policy Status
AT-GS950/16 Web Interface User Guide Replaced-DSCP - DSCP priority level ranging from 0 - 63. To set this parameter, click the Replaced-DSCP radio button and enter the level. Applies to IPv4 only. Rate Control Index - Rate Control index number for Committed Information Rate (CIR) ranging from 1 - 65535.
Page 248: Modify A Policy
Chapter 18: Access Control Configuration 3. From the Policy Settings page, identify which policy whose status you want changed and click the Enable or Disable radio button in the Status column. Enable - If clicked, a message appears requesting whether you want to change the status to Enable.
Page 249: Delete A Policy
AT-GS950/16 Web Interface User Guide 4. Change the parameters as required. You cannot change the policy index number from this page. Note See “Create a Policy” on page 243 for definitions of each parameter. 5. Click Apply. The modified policy entry is displayed in the table at the bottom of the Policy Settings page.
Page 250: Figure 96. Classifier Detail Page
Chapter 18: Access Control Configuration Figure 96. Classifier Detail Page For a description of the displayed settings, refer to “Create a Policy” on page 243.
Page 251: Rate Control Settings
AT-GS950/16 Web Interface User Guide Rate Control Settings The Rate Control Settings page lets you set the Committed Information Rate (CIR) for bandwidth restrictions. The CIR is the fixed bandwidth, in bits per second, for arriving or departing traffic. The CIR can be used when different virtual connections share the same physical path, and certain connections require higher bandwidths than others.
Page 252: Modify The Committed Rate
Chapter 18: Access Control Configuration 5. Click Add. The rate control entry is displayed at the bottom of the table. If you do not see your new entry, you may need to navigate to another page of the table with the First Page, Previous Page, Next Page, and Last Page buttons located below the table.
Page 253: Delete A Rate Control Entry
AT-GS950/16 Web Interface User Guide Delete a Rate To delete a rate control entry, perform the following procedure: Control Entry 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands.
Page 254: Policy Database
Chapter 18: Access Control Configuration Policy Database The Policy Database page displays the status of the order that policies are applied to each port. You can order the display by Policy Index or Sequence number. You can also display detailed information for each policy. You can display a policy’s sequence or detailed information by following the procedures in the following sections: ...
Page 255: Display Specific Policy Information
AT-GS950/16 Web Interface User Guide Display Specific To display information for a specific policy, perform the following procedure: Policy Information 1. From the main menu on the left side of the page, select the Access Control Config folder. The Access Control Config folder expands.
Page 256 Chapter 18: Access Control Configuration...
Page 257: Chapter 19 : Rmon
Chapter 19 RMON This chapter contains the following sections:  “Overview” on page 258  “Enable and Disable RMON” on page 259  “Port Statistics” on page 260  “Histories” on page 262  “Events” on page 264  “Alarms” on page 266...
Page 258: Overview
Chapter 19: RMON Overview The RMON (Remote MONitoring) MIB is used with SNMP applications to monitor the operations of network devices. The switch supports the four RMON MIB groups listed here:  Statistic group— This group is used to view port statistics remotely with SNMP programs.
Page 259: Enable And Disable Rmon
AT-GS950/16 Web Interface User Guide Enable and Disable RMON You can use your SNMP Network Management System (NMS) software and the RMON section of the MIB tree to view the RMON statistics, history and alarms associated with specific ports. Because RMON uses the...
Page 260: Port Statistics
Chapter 19: RMON Port Statistics You can remotely view individual port statistics with RMON by using your SNMP NMS software and the RMON portion of the MIB tree. Perform the following procedure to configure RMON port statistics for a specific port: 1.
Page 261: Figure 103. Ethernet Statistics Configuration Example
AT-GS950/16 Web Interface User Guide Figure 103. Ethernet Statistics Configuration Example 5. If you want to configure RMON statistics for other ports, repeat Step 3 and Step 4. 6. From the main menu on the left side of the page, select Save Settings...
Page 262: Histories
Chapter 19: RMON Histories RMON histories are snapshots of port statistics. They are taken by the switch at predefined intervals and can be used to identify trends or patterns in the numbers or types of ingress packets on the ports on the switch.
Page 263: Figure 105. History Control Configuration Example
AT-GS950/16 Web Interface User Guide snapshot of RMON statistics. Different ports can have different numbers of buckets. The range is 1 to 50 buckets. Interval: This parameter specifies how frequently the switch takes snapshots of the port’s statistics. The range is 1 to 3600 seconds (1 hour).
Page 264: Events
Chapter 19: RMON Events An event specifies the action of the switch when the ingress packet activity on a port crosses a statistical threshold defined in an alarm. The choices are to log a message in the event log of the switch, send an SNMP trap to an SNMP workstation, or both.
Page 265: Figure 107. Rmon Event Configuration Example
AT-GS950/16 Web Interface User Guide Community: This parameter specifies the community where you want to send the SNMP trap. Owner: This parameter is used to identify the person who created an entry. It is primarily intended for switches that are managed by more than one person and is an optional field.
Page 266: Alarms
Chapter 19: RMON Alarms RMON alarms are used to generate alert messages when packet activity on designated ports rises above or falls below specified threshold values. The alert messages can take the form of messages that are entered in the event log on the switch, traps that are sent to your SNMP NMS software, or both.
Page 267: Figure 108. Rmon Alarm Settings Page
AT-GS950/16 Web Interface User Guide 2. From the RMON folder, select Alarm. The RMON Alarm Settings Page is displayed. See Figure 108. Figure 108. RMON Alarm Settings Page 3. The following fields are listed: Index: This parameter specifies the ID number of the new group. The range is 1 to 65535.
Page 268: Figure 109. Rmon Alarm Configuration Example
Chapter 19: RMON monitored statistic becomes less than this threshold level, an alarm event is triggered. The parameter’s range is 1 to 2147483647. Rising Event Index: This parameter specifies the event index for the rising threshold. Its range is 1 to 65535. This field is mandatory and must match an Event Index that you previously entered in “Events”...
Page 269: Chapter 20 : Voice Vlan
Chapter 20 Voice VLAN This chapter contains a description of the AT-GS950/16 switch’s Voice VLAN feature and the procedures to create, modify, and delete a voice VLAN configuration. This chapter contains the following sections:  “Overview” on page 270 ...
Page 270: Overview
CoS with Voice The Voice VLAN CoS parameter maintains the voice quality between the ingress and egress ports of the AT-GS950/16 switch. CoS must be VLAN enabled for the Voice VLAN CoS priority to take effect. The CoS priority level that you configure is applied to voice traffic on all ports of the voice VLAN.
Page 271: Dynamic Auto-Detection Vs Static Ports
IP phone(s) for the same VLAN ID as the AT-GS950/16 switch’s voice VLAN ID. When voice data is detected on one of the “Not Member” ports, the packets from the IP phone will contain the voice VLAN ID so they are switched within the AT-GS950/16 switch’s voice VLAN.
Page 272 (LLDP-MED) is not supported on the AT-GS950/16 switch. Each IP phone that is VLAN aware should be manually configured for the VLAN ID that matches your AT-GS950/16 voice VLAN ID. Each of the AT-GS950/16 voice VLAN ports connected to an IP phone...
Page 273: General Guidelines
On ports that are configured for the voice VLAN Auto- Detection feature, each IP phone must be manually configured per the manufacturer’s instructions for the VLAN ID that matches your AT-GS950/16 voice VLAN  Member ports of a tagged VLAN are static and cannot have the voice VLAN Auto-Detection feature enabled.
Page 274: Configuration
The Voice VLAN folder expands. 2. From the Voice VLAN folder, select Voice VLAN Settings. The AT-GS950/16 Voice VLAN Settings Page is displayed. See Figure 110 for a partial view of this page. Figure 110. AT-GS950/16 Voice VLAN Settings Page...
Page 275 AT-GS950/16 Web Interface User Guide 3. From the Voice VLAN field at the top of the page, select one of the following choices by clicking one of the radio buttons: Enabled - The voice VLAN feature is active. The other parameter fields in the voice VLAN Global Settings section become active and are eligible for data to be entered.
Page 276 Chapter 20: Voice VLAN Note The voice VLAN Auto-Detection feature can only be enabled on “Not Member” ports of the voice VLAN. Member ports cannot have the voice VLAN Auto-Detection feature enabled. The Status column displays Static for the member ports. See “Dynamic Auto-Detection vs Static Ports”...
Page 277: Oui Setting
AT-GS950/16 Web Interface User Guide OUI Setting You can create and delete Voice VLAN OUI Settings by following the procedures in these sections:  “Create OUI Setting”  “Modify OUI Setting” on page 278  “Delete OUI Setting” on page 278...
Page 278: Modify Oui Setting
Chapter 20: Voice VLAN Modify OUI To modify or delete an OUI, it must be first be deleted and then re-entered by following the procedure in “Create OUI Setting” on page 277. Setting Delete OUI To delete an OUI, perform the following procedure: Setting 1.
Page 279: Chapter 21 : Security
Chapter 21 Security This chapter contains information about the Port-based security features and the procedures for setting this feature. This chapter includes the following sections:  “Port Access Control” on page 280  “RADIUS Client” on page 286  “TACACS+” on page 289 ...
Page 280: Port Access Control
Chapter 21: Security Port Access Control This section contains information and configuration procedures for the Port-based Access Control. The following information is provided:  “Port Access Control Overview”  “Port Access Control Configuration” on page 281 Note After configuring the Port-based Network Access Control, you can choose to use the local authentication server in the AT-S114 for 802.1x authentication, a remote RADIUS server for 802.1x authentication, or TACACS+.
Page 281: Port Access Control Configuration
AT-GS950/16 Web Interface User Guide  The Dial-in User (local) authentication method allows you to set up the authentication parameters internally in the switch without an external server. In this case, the user name and password combinations are entered with an optional VLAN when they are defined.
Page 282: Figure 113. Expanded Port Access Control Settings Page
Chapter 21: Security TACACS+: This parameter configures port security for TACACS+ authentication. After completing Step 4 through Step 6, you must configure the “TACACS+” on page 289. Local: This parameter configures port security for local authentication. After completing Step 4 through Step 6, you must configure the parameters for “Dial-in User—...
Page 283 AT-GS950/16 Web Interface User Guide In User authentication. For configuration information, see “RADIUS Client” on page 286, “TACACS+” on page 289, or “Dial-in User— Local Authentication” on page 292. MAC Based: MAC Based authentication mode is specified. For more information about configuring this mode, see “Destination MAC Filter”...
Page 284 Chapter 21: Security Multiple: The port is set to permit multiple clients on an authenticator port. An authenticator mode forwards packets from all clients once one client has successfully logged on. Piggyback Mode: This mode is used in conjunction with the Multiple Supplicant Mode.
Page 285 AT-GS950/16 Web Interface User Guide Re-authentication Period: Specifies the time interval for reauthentication of clients on an authenticator port. The range is 1 to 65535 seconds Server Timeout: Sets the length of time the switch waits for a response from the authentication server. The range is 1 to 65535 seconds.
Page 286: Radius Client
 You must install RADIUS server software on a network server or management station. Authentication protocol server software is not available from Allied Telesis.  The RADIUS server must communicate with the switch through a port that is an untagged member of the Default VLAN and is configured for Forced-Authorized (802.1x) port control.
Page 287: Radius Client Configuration
AT-GS950/16 Web Interface User Guide See “Configuration of IPv4 Address, Subnet Mask and Gateway Address” on page 32.  You must specify the user name and password combinations when configuring the RADIUS server software on the authentication server. Note This guide does not explain how to configure RADIUS server software.
Page 288: Radius Accounting Status
Chapter 21: Security 4. Type the port number in the Server Port field that you want to assign to UDP. You may only assign one port number to this parameter. 5. Type the port number in the Accounting Port field that you want to assign to UDP.
Page 289: Tacacs
AT-GS950/16 Web Interface User Guide TACACS+ You can use the TACACS+ client with 802.1x port-based access control to authenticate which packets are forwarded through the switch. This section explains how to configure TACACS+ on the switch and contains the following sections: ...
Page 290: Tacacs+ Configuration
Chapter 21: Security  The TACACS+ server must communicate with the switch through a port that is an untagged member of the Default VLAN and is configured for Forced-Authorized (802.1x) port control.  If the TACACS+ server is on a different subnet from switch, be sure to specify a System Default Gateway in the IP Setup Page, so that the switch and server can communicate with each other via the gateway.
Page 291 AT-GS950/16 Web Interface User Guide For an IPv6 address, click IPv6, then enter the address using xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx hexadecimal format. 4. Type the port number in the Server Port field that you want to assign to TCP. You may only assign one port number to this parameter.
Page 292: Dial-In User- Local Authentication
Chapter 21: Security Dial-in User— Local Authentication The Dial-in User feature provides the local authentication server for port security when a remote (RADIUS) or TACACS+ server is not available. This section includes the following:  “Dial-In User Overview”  “Dial-in User Configuration” Note To permanently save your new settings or any changes to the configuration file, select Save Settings to Flash from the main...
Page 293: Figure 117. Dial-In User Page
AT-GS950/16 Web Interface User Guide Figure 117. Dial-In User Page 3. In the User Name field, type a name for the user. 4. In the Password field, type a password for the user. 5. In the Dynamic VLAN field, enter the VID of the VLAN which you will allow the user to access.
Page 294 Chapter 21: Security Modify a Dial-in User To modify the settings for a dial-in user, do the following: 1. From the main menu on the left side of the page, select the Security folder. The Security folder expands. 2. From the Security folder, Dial-in User. The Dial-in User page is displayed.
Page 295: Destination Mac Filter
 “Delete Destination MAC Filter” on page 296 Destination MAC The Destination MAC Filter feature prevents the AT-GS950/16 switch from forwarding packets to a specified device. On the Destination MAC Filter Filter Overview page of the AT-S114 Management software, enter the MAC address of the device that you want to filter.
Page 296: Delete Destination Mac Filter
Chapter 21: Security Figure 119. Destination MAC Filter Page 3. To enter the MAC address that you want filtered, enter the MAC address into the MAC Address field. 4. Click the Add button to save your entry. See Figure 120. Figure 120.
Page 297 AT-GS950/16 Web Interface User Guide 3. Select the Delete button next to the MAC address that you want to delete. The MAC address is removed from the MAC address table. 4. From the main menu on the left side of the page, select Save Settings...
Page 298 Chapter 21: Security...
Page 299: Chapter 22 : Dhcp Snooping
AT-GS950/16 Web Interface User Guide Chapter 22 DHCP Snooping This chapter contains a description of the DHCP Snooping feature and the procedures for creating, modifying, and deleting the DHCP Snooping configuration. This chapter contains the following sections:  “Overview” on page 300 ...
Page 300: Overview
The DHCP Snooping feature provides security by inspecting ingress packets for the correct IP and MAC address information. The DHCP Snooping feature defines the AT-GS950/16 ports as either trusted or untrusted. With DHCP Snooping enabled, two network security issues are addressed: ...
Page 301: Dhcp With Option 82
You can configure the AT-GS950/16 to pass DHCP packets containing Option 82 information through the switch without altering the information Option 82 within the packet. You can also configure the AT-GS950/16 switch to insert DHCP Option 82 information directly into the DHCP packets as they pass through the switch.
Page 302: General Guidelines
Chapter 22: DHCP Snooping General Guidelines Here is a summary of the rules to observe when you configure DHCP Snooping:  A trusted port is connected to one of the following: – Directly to the legitimate trusted DHCP Server. – A network device relaying DHCP messages to and from a trusted server.
Page 303: General Configuration
“Configuring DHCP Snooping General Settings” on page 304 Enabling DHCP The following procedure describes how to enable or disable the DHCP Snooping feature on the AT-GS950/16 switch: Snooping 1. From the main menu on the left side of the page, select DHCP Snooping.
Page 304: Configuring Dhcp Snooping General Settings
Flash to activate or de-activate the DHCP Snooping feature on the AT-GS950/16 switch. Configuring The following procedure describes how to configure the DHCP Snooping feature on the AT-GS950/16 switch: DHCP Snooping General Settings 1. From the main menu on the left side of the page, select DHCP Snooping.
Page 305 AT-GS950/16 Web Interface User Guide Enable - The AT-S114 Management software inserts the DHCP Option 82 information into the DHCP packets. Disable - The AT-S114 Management software does not insert the DHCP Option 82 information into the DHCP packets. 8. Click Apply. The values for the DHCP Snooping General Settings take effect.
Page 306: Vlan Setting
Chapter 22: DHCP Snooping VLAN Setting You can create and delete DHCP Snooping VLAN settings by following the procedures in these sections:  "Creating a VLAN"  “Modifying a VLAN” on page 307  “Deleting a VLAN” on page 307 Creating a VLAN To define a VLAN that will be a part of the DHCP Snooping feature, do the following:...
Page 307: Modifying A Vlan
AT-GS950/16 Web Interface User Guide Modifying a To modify a VLAN ID, you must first delete it (by following the procedure outlined in “Deleting a VLAN” on page 307) and then re-enter it by VLAN following the procedure outlined in “Creating a VLAN” on page 306.
Page 308: Trusted And Untrusted Port Configuration
Snooping. The DHCP Snooping folder expands. 2. From the DHCP Snooping folder, select Trusted Interfaces. The AT-GS950/16 Trusted Interfaces page is displayed. See Figure 123 for a partial view of this page. Figure 123. AT-GS950/16 Trusted Interfaces Page 3. From the Trust column, select one of the following choices from the...
Page 309: Figure 124. Trusted Interfaces Page Example
AT-GS950/16 Web Interface User Guide Figure 124. Trusted Interfaces Page Example 5. If you choose to configure other switch ports as trusted or untrusted, repeat Step 3 and Step 4. 6. From the main menu on the left side of the page, select Save Settings...
Page 310: Binding Database
Add button. The following procedure describes how to configure the DHCP Snooping Binding Database on the AT-GS950/16 switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network: 1.
Page 311: Viewing
AT-GS950/16 Web Interface User Guide MAC Address - Enter the host’s MAC Address. IP Address - Enter the static IP Address assigned to the host using one of the IP Address fields: For an IPv4 address, click IPv4, then enter the address using xxx.xxx.xxx.xxx format.
Page 312 Chapter 22: DHCP Snooping VLAN ID - This parameter shows the host’s VLAN ID of which the DHCP client is a member. IP Address - This parameter is the IP Address assigned by the DHCP server to the DHCP client. Port - This parameter is the port number where the DHCP client is connected.
Page 313: Chapter 23 : Lldp
Chapter 23 LLDP Link Layer Discovery Protocol (LLDP) allows Ethernet network devices, such as switches and routers, to receive and transmit device-related information to directly connected devices on the network and to store data that is learned about other devices. This chapter provides the following information: ...
Page 314: Overview
Chapter 23: LLDP Overview The data sent and received by LLDP are useful for many reasons. The switch can discover other devices directly connected to it. Neighboring devices can use LLDP to advertise some parts of their Layer 2 configuration to each other, which may highlight inconsistencies in the neighboring device’s configuration which can then be corrected.
Page 315: Global Configuration
The LLDP port settings are on the bottom of the page. See Figure 127 for a partial view of the LLDP Global Settings page. Figure 127. AT-GS950/16 LLDP Global Settings Page Perform the following procedures to configure the global parameters for LLDP: ...
Page 316: Enabling Or Disabling Lldp
Chapter 23: LLDP Enabling or To enable or disable the LLDP feature, perform the following procedure: Disabling LLDP 1. From the main menu on the left side of the page, click the LLDP folder. The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Settings. 3.
Page 317: Displaying System Information
AT-GS950/16 Web Interface User Guide Displaying To display system information about the switch, do the following: System 1. From the main menu on the left side of the page, click the LLDP folder. Information The LLDP folder expands. 2. From the LLDP folder, select LLDP Global Settings.
Page 318: Neighbors Information
Entity: This parameter is a number assigned to the reporting neighbors in the order that the LLDP information is received from them. Port: This parameter specifies the AT-GS950/16 local port number where the LLDP information was received. Chassis ID Subtype: This parameter describes the Chassis ID subtype of the neighboring network device which is reporting the LLDP information.
Page 319: Chapter 24 : Network Statistics
Chapter 24 Network Statistics The sections in this chapter explain how to display traffic, error, and history statistics about the network traffic on the AT-GS950/16 switch and its ports. This chapter includes the following sections:  “Overview” on page 320 ...
Page 320: Overview
Chapter 24: Network Statistics Overview Statistics provide important information for troubleshooting switch problems at the port level. The AT-S114 Management Software provides a versatile set of statistics charts that you can customize for your needs, including (depending upon the chart) the ports whose statistics you want to view and the color used to draw the chart.
Page 321: Traffic Comparison Statistics
AT-GS950/16 Web Interface User Guide Traffic Comparison Statistics The Traffic Comparison chart allows you to display a specified traffic statistic over all of the ports. You can select 24 statistic types and 12 colors for each port. To display traffic comparison statistics, perform the following procedure: 1.
Page 322: Table 5 Traffic Comparison Options
Chapter 24: Network Statistics Table 5 Traffic Comparison Options Option Definition Inbound Octet Rate (Bytes/s) Measures the rate of inbound octet bits in bytes per second. Inbound Unicast Packet Rate (Pkts/s) Measures the rate of inbound unicast packets in packets per second. Inbound Non-unicast Packet Rate Measures the rate of inbound non-unicast packets in (Pkts/s)
Page 323 AT-GS950/16 Web Interface User Guide Table 5 Traffic Comparison Options (Continued) Option Definition Inbound Errors (Pkts) Measures the number of inbound errors in packets per second. Outbound Octets (Bytes) Measures the number of outbound octet bits in bytes per second.
Page 324: Figure 130. Traffic Comparison Page Example
Chapter 24: Network Statistics 5. To select the color of the Traffic Comparison chart, select Color. Choose one of the following colors:  Green  Blue   Purple  Yellow  Orange  Gray  Light Red  Light Blue ...
Page 325: Error Group Statistics
AT-GS950/16 Web Interface User Guide Error Group Statistics The Error Group chart displays the discard and error counts for a specified port. To display error group statistics for a port, perform the following procedure: 1. Select the Statistics Chart folder.
Page 326 Chapter 24: Network Statistics 4. To select the amount of time before the screen is refreshed, select one of the options below and click Auto Refresh.  5 seconds  10 seconds  15 seconds  30 seconds 5. To select the color of the Error Group chart, select Color. Choose one of the following colors: ...
Page 327: Historical Status Statistics
AT-GS950/16 Web Interface User Guide Historical Status Statistics The Historical Status chart allows you to select from 12 statistics to view for a selection of ports for however long this chart is running on the management workstation. To display historical status statistics for a port, perform the following procedure: 1.
Page 328: Table 6 Historical Status Options
Chapter 24: Network Statistics Table 6 Historical Status Options Option Definition Inbound Octets (Bytes) Measures the number of inbound octet bits in bytes per second. Inbound Unicast Packets (Pkts) Measures the number of inbound unicast packets in packets per second. Inbound Non-unicast Packets (Pkts) Measures the number of inbound non-unicast packets (such as broadcast and multicast...
Page 329 AT-GS950/16 Web Interface User Guide 4. To select the amount of time before the screen is refreshed, select one of the options below and click Auto Refresh.  5 seconds  10 seconds  15 seconds  30 seconds 5. To select the color of the Historical Statistics chart, select Color.
Page 330: Figure 133. Historical Statistics Page Example
Chapter 24: Network Statistics Figure 133. Historical Statistics Page Example 8. From the menu on the left side of the page, select Save Settings to Flash to permanently save your changes.
Page 331: Tools
Chapter 26, “Cable Diagnostics” on page 345  Chapter 27, ”LED ECO Mode” on page 347  Chapter 28, “Energy-Efficient Ethernet” on page 351  Chapter 29, “Rebooting the AT-GS950/16” on page 355  Chapter 30, “Pinging a Remote System” on page 365...
Page 333: Chapter 25 : Software/Configuration Updates
“Download or Upload a Configuration File via TFTP” on page 343 Note For information about how to obtain new releases of the AT-S114 Management Software, see “Allied Telesis Contact Information” on page 19. Note To permanently save your new settings or any changes to the configuration file, select Save Settings to Flash from the main menu on the left side of the page.
Page 334: Overview
Internet browser. However, to perform one of these operations using TFTP, you must have access to a TFTP server. In addition, you can save a configuration file from your AT-GS950/16 switch, which can be downloaded to other AT-GS950/16 switches on your network.
Page 335: Upgrade Firmware Image Via Http
AT-GS950/16 Web Interface User Guide Upgrade Firmware Image via HTTP This section describes how to upgrade a firmware image of the AT-S114 Management Software using HTTP on an Internet server. Before downloading a new version of the AT-S114 Management Software onto the switch with HTTP, note the following: ...
Page 336: Figure 134. Firmware Upgrade Via Http Page
Chapter 25: Software/Configuration Updates 2. From the Firmware Upgrade folder, select via HTTP. The Firmware Upgrade via HTTP Page is displayed. See Figure 134. Figure 134. Firmware Upgrade via HTTP Page 3. Change the Firmware File parameter as necessary: Enter the path and the firmware file name, or click the Browse button and select the file name.
Page 337: Upgrade Firmware Image Via Tftp
AT-GS950/16 Web Interface User Guide Upgrade Firmware Image via TFTP This section describes how to upgrade a firmware image of the AT-S114 Management software using TFTP on a TFTP server. Before downloading a new version of the AT-S114 Management Software onto the switch, note the following: ...
Page 338: Figure 135. Firmware Upgrade Via Tftp Page
Chapter 25: Software/Configuration Updates Figure 135. Firmware Upgrade via TFTP Page The Image Version shows the current version and date of software installed on the switch. 3. Change the following parameters as necessary: TFTP Server IP: The IP address of the TFTP server from which you are downloading the new software: For an IPv4 address, click IPv4, then enter the address using xxx.xxx.xxx.xxx format.
Page 339: Download Or Upload A Configuration File Via Http
AT-GS950/16 Web Interface User Guide Download or Upload a Configuration File via HTTP This section describes how to download or upload a configuration file using HTTP on an Internet server. For example, you can save the switch’s configuration file to your PC, then the saved file can be transferred to other switches.
Page 340: Configuration File Download
Chapter 25: Software/Configuration Updates Configuration To download or save the AT-S114 configuration file from the switch to your PC, perform the following procedure: File Download 1. Click the Backup button. Select this button to download a configuration file from the switch to your PC. The message shown in Figure 137 is displayed.
Page 341: Configuration File Upload
URL, you will loose connectivity with the AT-S114 Management software on the AT-GS950/16 switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool.
Page 342 Chapter 25: Software/Configuration Updates 4. If you cannot access the Configuration File Backup/Restore via HTTP page, refresh the page and log back into the AT-S114 web interface.
Page 343: Download Or Upload A Configuration File Via Tftp
AT-GS950/16 Web Interface User Guide Download or Upload a Configuration File via TFTP This section describes how to download or upload a configuration file using TFTP on a TFTP server. Before you download or upload a configuration file onto the switch using TFTP, note the following: ...
Page 344: Configuration File Upload
URL, you will loose connectivity with the AT-S114 Management software on the AT-GS950/16 switch after the new configuration file is loaded. If this is the case, you can identify the new IP address by using the ATI Web Discovery Tool.
Page 345: Chapter 26 : Cable Diagnostics
Chapter 26 Cable Diagnostics This chapter provides procedures to run cable diagnostics on the cables connected to the switch ports. If a port is selected, a cable must be connected to it for meaningful test results to be displayed. Note To permanently save your new settings or any changes to the configuration file, select Save Settings to Flash from the main menu on the left side of the page.
Page 346 Chapter 26: Cable Diagnostics Port: This parameter displays the port (cable) selected. Test Results: Displays the diagnostic results for each pair in the cable. One of the following cable status parameters is displayed: OK: There is not problem detected with the cable. Open in Cable: There is an open wire within the cable.
Page 347: Chapter 27 : Led Eco Mode
Chapter 27 LED ECO Mode This chapter provides the procedures to enable and disable the LED ECO mode. The LED ECO Mode can be used to conserve additional power on the port LEDs. This eco-friendly feature turns off the port LEDs on the switch to save power when they are not necessary.
Page 348: Enable Led Eco Mode
Chapter 27: LED ECO Mode Enable LED ECO Mode To enable LED ECO Mode, perform the following procedure: 1. From the main menu on the left side of the page, select the Tools folder. The Tools folder expands. 2. From the Tools folder, select LED ECO Mode. The LED ECO Mode page is displayed.
Page 349: Disable Led Eco Mode
AT-GS950/16 Web Interface User Guide Disable LED ECO Mode To disable LED ECO Mode, perform the following procedure: 1. From the main menu on the left side of the page, select the Tools folder. The Tools folder expands. 2. From the Tools folder, select LED ECO Mode.
Page 350 Chapter 27: LED ECO Mode...
Page 351: Chapter 28 : Energy-Efficient Ethernet
Chapter 28 Energy-Efficient Ethernet This chapter provides the procedures to enable and disable the IEEE 802.3az Energy-Efficient Ethernet (EEE) feature. EEE allows for less power consumption during periods of no data activity to reduce overall power consumption, but still retains full network performance.
Page 352: Enable Eee
Chapter 28: Energy-Efficient Ethernet Enable EEE To enable EEE, perform the following procedure: 1. From the main menu on the left side of the page, select the Tools folder. The Tools folder expands. 2. From the Tools folder, select IEEE 802.3az EEE. The IEEE 802.3az EEE page is displayed.
Page 353: Disable Eee
AT-GS950/16 Web Interface User Guide Disable EEE To disable EEE, perform the following procedure: 1. From the main menu on the left side of the page, select the Tools folder. The Tools folder expands. 2. From the Tools folder, select IEEE 802.3az EEE.
Page 354 Chapter 28: Energy-Efficient Ethernet...
Page 355: Chapter 29 : Rebooting The At-Gs950/16
Normal reboot function provided in the AT-S114 management software. Note Alternately, you can reboot the AT-GS950/16 switch by pressing the front panel eco-friendly switch between 5 to 9 seconds. In addition to rebooting the switch in the AT-S114 management software, you have the option to reset the configuration parameters on the switch to the original factory default settings.
Page 356: Switch Reboot
Chapter 29: Rebooting the AT-GS950/16 Switch Reboot The following procedure outlines how to reboot your AT-GS950/16 switch. Caution This procedure reboots the switch and reloads the AT-S114 Management software configuration from flash memory. Insure that your current configuration is saved before rebooting the switch by selecting Save Settings to Flash from the main menu on the left side of the page to permanently save your changes.
Page 357 AT-GS950/16 Web Interface User Guide 4. In the Reboot Type field, select Normal from the pull-down menu. When the switch is rebooted with this selection, all configuration parameters that are saved in flash memory are loaded into the switch’s active memory.
Page 358: Configure Factory Default Values
VLANs on the switch. Note The AT-S114 Management software factory default values are listed in “AT-GS950/16 Default Parameters” on page 387. Caution This procedure causes the switch to reboot. The switch does not forward network traffic during the reboot process. Some network traffic may be lost.
Page 359 AT-GS950/16 Web Interface User Guide address, subnet mask, and gateway settings are managed by the DHCP server. 5. Click Apply. The switch begins the reboot process. You must wait approximately two minutes for the switch to complete the reboot process before you can re-establish your management session and network traffic begins flowing normally again.
Page 360: Password Protection Of Factory Reset
Caution Because you define this password as part of the process of disabling this function, Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it.
Page 361: Figure 149. Factory Default Reset/Reboot Page With Password Entry
Allied Telesis has no knowledge of it. You are responsible for keeping the password in a safe place. If it is lost, Allied Telesis does not have a way to help you recover it. 6. Re-enter the same password in the Confirm Password field.
Page 362: Enabling Factory Default Reset
Chapter 29: Rebooting the AT-GS950/16 remain Enabled on both the switch management software and the physical front panel ecoFriendly button. 8. Click Accept on the message. The Factory Default Reset page changes and displays the Factory Default Reset feature as Disabled. See Figure 150.
Page 363: Figure 151. Factory Default Reset/Reboot Page With Password Entry
AT-GS950/16 Web Interface User Guide Figure 151. Factory Default Reset/Reboot Page with Password Entry 5. Enter the same password that you defined when you previously set the Factory Default Reset field to Disable. 6. Click Apply. The initial Factory Default Reset/Reboot Page is displayed with the Factory Default Reset field Enabled.
Page 364 Chapter 29: Rebooting the AT-GS950/16...
Page 365: Chapter 30 : Pinging A Remote System
Chapter 30 Pinging a Remote System This chapter provides the procedure for pinging a node on your network from the AT-GS950/16 switch. This procedure is useful in determining whether an active link exists between the switch and another network device.
Page 366: Figure 153. Ping Test Results Page
Chapter 30: Pinging a Remote System 3. Configure the following parameters: Destination IP Address - The IP address of the node you want to ping: For an IPv4 address, click IPv4, then enter the address using xxx.xxx.xxx.xxx format. For an IPv6 address, click IPv6, then enter the address using xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx hexadecimal format.
Page 367: Appendix A: Mstp Overview
“Associating VLANs to MSTIs” on page 381  “VLANs Across Different Regions” on page 383  “Summary of Guidelines” on page 385 Note To configure the MSTP feature on the AT-GS950/16 switch, go to “Multiple Spanning Tree Protocol” on page 87 for more information.
Page 368: Overview
Appendix A: MSTP Overview Overview In the AT-GS950/16, STP and RSTP are referred to as single-instance spanning trees that search for physical loops across all VLANs in a bridged network. When loops are detected, the active protocol stops the loops by placing one or more bridge ports in a blocking state.
Page 369 AT-GS950/16 Web Interface User Guide Note The implementation of MSTP in the management software complies fully with the new IEEE 802.1s standard and should be interoperable with any other vendor’s fully compliant 802.1s implementation.
Page 370: Multiple Spanning Tree Instance (Msti)
Untagged Ports Figure 154. VLAN Fragmentation with STP or RSTP Figure 155 on page 371 illustrates the same two AT-GS950/16 switches and the same two virtual LANs. But in this example, the two switches are running MSTP, and the two VLANs have been assigned different spanning tree instances.
Page 371: Multiple Vlans Assigned To An Msti
Multiple VLANs An MSTI can contain more than one VLAN. This is illustrated in Figure 156 on page 372 where there are two AT-GS950/16 switches with four VLANs. There Assigned to an are two MSTIs, each containing two VLANs. MSTI 1 contains the Sales and MSTI Presales VLANs, and MSTI 2 contains the Design and Engineering VLANs.
Page 372: Figure 156. Multiple Vlans In An Msti
Appendix A: MSTP Overview Figure 156. Multiple VLANs in an MSTI In this example, because an MSTI contains more than one VLAN, the links between the VLAN parts are made with tagged (not untagged) ports so that they can carry traffic from more than one virtual LAN. Referring again to Figure 156, the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches, while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs.
Page 373: General Guidelines
AT-GS950/16 Web Interface User Guide General Guidelines Here are the guidelines for MSTIs:  The AT-GS950/16 switch can support up to 31 spanning tree instances, including the CIST.  An MSTI can contain any number of VLANs.  A VLAN can belong to only one MSTI at a time.
Page 374: Vlan And Msti Associations
Appendix A: MSTP Overview VLAN and MSTI Associations Part of the task of configuring MSTP involves assigning VLANs to spanning tree instances. The mapping of VLANs to MSTIs is called associations. A VLAN, either port-based or tagged, can belong to only one instance at a time, but an instance can contain any number of VLANs.
Page 375: Ports In Multiple Mstis
AT-GS950/16 Web Interface User Guide Ports in Multiple MSTIs A port can be a member of more than one MSTI at a time if it is a tagged member of one or more VLANs assigned to different MSTIs. In this circumstance, a port might be have to operate in different spanning tree states simultaneously, depending on the requirements of the MSTIs.
Page 376: Multiple Spanning Tree Regions
Table 7 on page 377 illustrates the concept of regions. It shows one MSTP region consisting of two AT-GS950/16 switches. Each switch in the region has the same configuration name and revision level. The switches also have the...
Page 377: Table 7. Mstp Region
VLAN: Accounting (VID 4) VLAN: Accounting (VID 4) The AT-GS950/16 switch determines regional boundaries by examining the MSTP BPDUs received on the ports. A port that receives an MSTP BPDU from another bridge with regional information different from its own is considered to be a boundary port and the bridge connected to the port as belonging to another region.
Page 378: Mst Region Guidelines
A network can contain any number of regions, and a region can contain any number of switches.  The AT-GS950/16 switch can belong to only one region at a time.  A region can contain any number of VLANs. ...
Page 379: Common And Internal Spanning Tree (Cist)
MSTP regions, and STP and RSTP single- instance spanning trees in the network. MSTP with STP MSTP is fully compatible with STP and RSTP. If a port on the AT-GS950/16 switch running MSTP receives STP BPDUs, the port only sends STP BPDU and RSTP packets.
Page 380 Appendix A: MSTP Overview An MSTP region can be considered as a virtual bridge. The implication is that other MSTP regions, and STP and RSTP single-instance spanning trees, cannot discern the topology or constitution of an MSTP region. The only bridge they are aware of is the regional root of the CIST instance.
Page 381: Associating Vlans To Mstis
BPDU packet. By default, all ports of the AT-GS950/16 switch belong to the CIST instance. So the CIST identification is always included in the BPDU. If the port is also a member of a VLAN that has been assigned to an MSTI, that information is included in the BPDU too.
Page 382: Figure 158. Cist And Vlan Guideline - Example 2
Appendix A: MSTP Overview Figure 158. CIST and VLAN Guideline - Example 2 When port 3 on switch B receives a BPDU, the switch notes the port sending the packet belongs only to CIST 0. Therefore, switch B uses CIST 0 in determining whether a loop exists. The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0.
Page 383: Vlans Across Different Regions
AT-GS950/16 Web Interface User Guide VLANs Across Different Regions Special consideration needs to be taken into account when you connect different MSTP regions or an MSTP region and a single-instance STP or RSTP region. Unless planned properly, VLAN fragmentation can occur between the VLANS of your network.
Page 384: Figure 160. Spanning Regions Without Blocking
Appendix A: MSTP Overview Here is an example. Assume that you have two regions that contain the following VLANS: Region 1 VLANs Region 2 VLANs Accounting Accounting Sales Sales Pre-Sales Pre-Sales Marketing Technical Support Product Management Software Engineering Project Management Hardware Engineering The 2 regions share 3 VLANs: Accounting, Sales, and Presales.
Page 385: Summary Of Guidelines
A network can contain any number of regions, and a region can contain any number of AT-GS950/16 switches.  The AT-GS950/16 switch can belong to only one region at a time.  A region can contain any number of VLANs.
Page 386 Appendix A: MSTP Overview...
Page 387: Appendix B: At-Gs950/16 Default Parameters
Appendix B AT-GS950/16 Default Parameters Table 9 lists the factory default settings for the AT-S114 Management software on the AT-GS950/16 switch. The Parameters reflect the fields found on each web page. Table 9. AT-S114 Management Software Default Settings AT-GS950/16 Parameter...
Page 388 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting IP address none IPv4 address in xxx.xxx.xxx.xxx hex format; except 127.0.0.1 / IPv6 address in xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx hex format IP address entries 10 entries...
Page 389 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Daylight Savings Time Disabled Enabled/Disabled Status From January:01:00:00 (Month:Day:HH:MM) January:01:00:00 (Month:Day:HH:MM) DST Offset 1 hr System/SSL Settings SSL Settings Disabled Enabled/Disabled System/DHCP Auto Configuration Settings...
Page 390 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Physical Interface Port All, 1 - 16 Trunk Type 1000TX Down Up/Down Link Status Enabled Enabled/Disabled Admin Status Mode Auto Auto/10Half/10Full/100Half/100Full/1000Full Enabled...
Page 391 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Bridge/Spanning Tree/MSTP Global MSTP Status Disabled Enabled/Disabled Maximum MST 1 - 31 Instances Bridge Priority 32768 0 - 61440 Configuration Name MAC Address of...
Page 392 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Port State Disable Enable/Disable/Ignore Bridge/Trunk Config/Trunking Trunk Status Disabled Active/Passive/Manual/Disabled Bridge/Trunk Config/LACP Group Status System Priority 32768 32768 System ID MAC Address of...
Page 393 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Port Member All, 1 - 16 Bridge/Static Multicast 802.1Q VLAN ID 1 - 4093 Port-Based VALN ID 1 - 52 Index Group MAC Address...
Page 394 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Ingress Rate Limiting 64 kbps x rate limit where rate limit (1 - 15625) Bandwidth Ingress Rate Limiting Disabled Enabled/Disabled Status Egress Rate Limiting...
Page 395 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Bridge/GVRP GVRP Status Disabled Enabled/Disabled Dynamic Vlan Status Enabled Enabled/Disabled Restricted VLAN Disabled Enabled/Disabled Registration GarpJoinTime 200 milli-seconds 10 - 1073741810 milli-seconds...
Page 396 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting SNMP User/Group User Name none 1 - 32 characters Group Name none 1 - 32 characters SNMP Version v1/v2c/v3 encrypted not checked...
Page 397 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Destination MAC Mask 1 - 48 none Length VLAN ID none 0 - 4093 802.1p Priority none 0 - 7 Ether Type...
Page 398 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting RMON RMON Status Disable Disable/Enable Statistics Index none 1 - 65535 Statistics Port none Statistics Owner none History Index none 1 - 65535...
Page 399 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Event Owner none 1 - 32 characters Voice VLAN Voice VLAN Disabled Enabled/Disabled VLAN ID Aging Time 1 hour 1 - 120 hours...
Page 400 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Maximum Request 2 - 10 Re-authentication 3600 seconds 1 - 65535 seconds Period Server Timeout 30 seconds 1 - 65535 seconds Dial-In User...
Page 401 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Destination MAC none Rule: 1. Does not support Multicast MAC address Filter MAC Address (01:xx:xx:xx:xx:xx) 2. Does not support VRRP MAC address (00:00:5E:xx:xx:xx) 3.
Page 402 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Binding Database port 1 All, 1 - 16 Port Binding Database Dynamic/Static Static Type Binding Database none 10 - 4,294,967,295 seconds Lease Time...
Page 403 AT-GS950/16 Web Interface User Guide Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Historical Status ports 1 - 16 Port Historical Status Green 12 colors Color Tools Firmware Upgrade via none HTTP Firmware File Firmware Upgrade via none IPv4 address in xxx.xxx.xxx.xxx hex format;...
Page 404 Appendix B: AT-GS950/16 Default Parameters Table 9. AT-S114 Management Software Default Settings (Continued) AT-GS950/16 Parameter Specifications Default Setting Reboot selection Normal Normal/Factory Default/Factory Default Except Ping - Destination IP 0.0.0.0 IPv4 address in xxx.xxx.xxx.xxx hex format / Address IPv6 address in...

Allied Telesis AT-GS950/16 User Manual

List of Figures

List of Tables

Preface

Chapter 1 : Starting a Web Browser Session

Chapter 2 : System Configuration

Chapter 3 : Port Configuration

Chapter 4 : STP and RSTP

Chapter 5 : Multiple Spanning Tree Protocol

Chapter 6 : Static Port Trunking

Chapter 7 : LACP Port Trunks

Chapter 8 : Port Mirroring

Chapter 9 : Loopback Protection

Chapter 10 : MAC Address Table

Chapter 11 : IGMP Snooping

Chapter 12 : Storm Control

Chapter 13 : Virtual Lans

Chapter 14 : GVRP

Chapter 15 : Quality of Service and Class of Service

Chapter 16 : Snmpv1 and V2C

Chapter 17 : Snmpv3

Chapter 18 : Access Control Configuration

Quick Links

Related Manuals for Allied Telesis AT-GS950/16

Summary of Contents for Allied Telesis AT-GS950/16