Alaxala AX2200S Series Configuration Manual

page of 493

/ 493
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

AX2200S/AX1250S/AX1240S Software Manual

Configuration Guide Vol. 1

For Version 2.4

AX1240S-S001X-60

Table of Contents

Summary of Contents for Alaxala AX2200S Series

Page 1 AX2200S/AX1250S/AX1240S Software Manual Configuration Guide Vol. 1 For Version 2.4 AX1240S-S001X-60...
Page 2 OS-LT4, OS-LT3 and OS-LT2, and by optional licenses.  Export restrictions In the event that any or all ALAXALA products (including technologies, programs and services) described or contained herein are controlled under any of applicable export control laws and regulations (including the Foreign...
Page 3 For version 2.4 (Edition 7) Summary of amendments Location and title Changes  Addition of series A description of AX2200S series switches was added.  2 Switch Configuration A description of AX2200S series switches was added.  3 Capacity Limit A description of AX2200S series switches was added.
Page 4 For version 2.3 (Edition 5) Summary of amendments Location and title Changes  Capacity Limit In (13) Layer 2 authentication functionality, other capacity limits for common authentication methods were changed.  (15) Capacity limits for uplink redundancy were added.  Command Operations In Notes on CLI operation, descriptions in Restrictions on the display of command line completion and Help were changed.
Page 5 In addition to the above changes, minor editorial corrections were made. For version 2.2 (Edition 3) Summary of amendments Location and title Changes  Capacity Limit Capacity limits for login security and RADIUS were added.  Capacity limits for the Ring Protocol were added. ...
Page 6 Location and title Changes  Login Security and RADIUS Due to the addition of authentication RADIUS server information, descriptions about selecting RADIUS servers and restoring RADIUS servers were moved to Chapter 5. Overview of Layer 2 Authentication in the Configuration Guide Vol. 2. ...
Page 7: Intended Readers
Unless otherwise noted, this manual describes the functions applicable to the AX2200S, AX1250S, and AX1240S. Model-specific functions are indicated as follows: [AX2200S]: The information following this label applies only to the AX2200S series. [AX1250S]: The description applies to AX1250S series switches.
Page 8 Preface Abbreviations used in the manual Alternating Current ACKnowledge ADSL Asymmetric Digital Subscriber Line Application Level Gateway ANSI American National Standards Institute Address Resolution Protocol Autonomous System Auxiliary Border Gateway Protocol BGP4 Border Gateway Protocol - version 4 BGP4+ Multiprotocol Extensions for Border Gateway Protocol - version 4 bit/s Bits per second (can also appear as bps) BPDU Bridge Protocol Data Unit...
Page 9 Preface CIDR Classless Inter-Domain Routing Committed Information Rate CIST Common and Internal Spanning Tree CLNP ConnectionLess Network Protocol CLNS ConnectionLess Network System CONS Connection Oriented Network System Cyclic Redundancy Check CSMA/CD Carrier Sense Multiple Access with Collision Detection CSNP Complete Sequence Numbers PDU Common Spanning Tree Destination Address Direct Current...
Page 10 Preface Memory Card Message Digest 5 Medium Dependent Interface MDI-X Medium Dependent Interface crossover Maintenance association End Point Management Information Base Maintenance domain Intermediate Point Maximum Receive Unit MSTI Multiple Spanning Tree Instance MSTP Multiple Spanning Tree Protocol Maximum Transfer Unit Not AcKnowledge Network Access Server Network Address Translation...
Page 11 1 TB (terabyte) is 1024 bytes. Conventions: The terms "Switch" and "switch" The term Switch (upper-case "S") is an abbreviation for any or all of the following models:  AX2200S series switch  AX1250S series switch  AX1240S series switch The term switch (lower-case "s") might refer to a Switch, another type of switch from the...
Page 12 Preface...
Page 13: Table Of Contents
Contents Preface .............................. I Part 1: Overview and Capacity Limits of the Switch ..............1 1. Overview of the Switch....................... 1 1.1 Overview of the Switch ...................... 2 1.2 Features of the Switch ...................... 3 2. Switch Configuration ........................7 2.1 Range of Switch models ....................
Page 14 Contents 6.4.4 Adding, changing, and deleting configuration entries .......... 69 6.4.5 Saving to the configuration file ................70 6.4.6 Ending configuration editing (exit command)............71 6.4.7 Notes on configuration editing ................71 6.5 Configuration operations ....................72 6.5.1 Transferring files using FTP ................. 72 6.5.2 Transferring files using a memory card ..............
Page 15 Contents 10.1.3 Checking the switch status ................110 10.1.4 Displaying and stopping display of the operation log on the monitor ....112 10.1.5 Viewing logged data ................... 112 10.1.6 Functions that use system function resources [AX1250S] [AX1240S] ....112 10.2 Backing up and restoring device information ..............113 10.2.1 List of operation commands ................
Page 16 Contents 13.2.5 Shutting down a port ..................161 13.2.6 Setting the link-down detection timer ..............161 13.2.7 Flow control settings ..................162 13.2.8 Automatic MDIX functionality settings ..............162 13.2.9 Using jumbo frames ................... 163 13.3 Operations common to all Ethernet interfaces ..............165 13.3.1 List of operation commands ................
Page 17 Contents 14.2 Configuration of the basic link aggregation functionality ..........219 14.2.1 List of configuration commands ................. 219 14.2.2 Configuring static link aggregation ..............219 14.2.3 Configuration of LACP link aggregation ............. 220 14.2.4 Configuration of a port channel interface ............221 14.2.5 Deleting a channel group ...................
Page 18 Contents 17.4.1 List of configuration commands ................. 262 17.4.2 Configuring a port VLAN ..................262 17.4.3 Configuring native VLANs for trunk ports ............263 17.5 Description of protocol VLANs ..................265 17.5.1 Overview ......................265 17.5.2 Distinguishing protocols ..................265 17.5.3 Protocol ports and trunk ports ................
Page 19 Contents 19.3.3 Notes on PVST+ usage ..................309 19.4 PVST+ configuration ....................... 310 19.4.1 List of configuration commands ................. 310 19.4.2 Configuring PVST+ .................... 310 19.4.3 Configuring PVST+ topologies ................311 19.4.4 Configuring PVST+ parameters ................. 312 19.5 PVST+ operation ......................315 19.5.1 List of operation commands ................
Page 20 Contents 20.2.3 Fault monitoring methods .................. 358 20.2.4 Switching communication paths................. 358 20.3 Overview of single ring operation ..................359 20.3.1 Normal ring operation ..................359 20.3.2 Operation when a fault is detected ..............359 20.3.3 Operation when recovery is detected ..............361 20.4 Overview of multi-ring operation ..................
Page 21 Contents 23.2 Configuration of DHCP snooping ..................419 23.2.1 List of configuration commands ................. 419 23.2.2 Configuration procedure for DHCP snooping ............ 419 23.2.3 Basic configuration (when DHCP snooping is performed via a Layer 3 switch) 420 23.2.4 When connecting a DHCP relay agent to the Switch ........423 23.2.5 Setting the rate of DHCP packet reception ............
Page 22 Contents 26.3.4 Checking the route to the destination ..............461 26.3.5 Checking ARP information ................. 461 26.3.6 Checking the routing table ................. 461 Appendix ............................463 A. Relevant standards ........................464 A.1 TELNET/FTP ........................464 A.2 RADIUS ..........................464 A.3 NTP ........................... 464 A.4 Ethernet ..........................
Page 23: Part 1: Overview And Capacity Limits Of The Switch
Part 1: Overview and Capacity Limits of the Switch Overview of the Switch This chapter describes the features of the Switch. 1.1 Overview of the Switch 1.2 Features of the Switch...
Page 24: Overview Of The Switch
Product concept The AX2200S series, AX1250S series, and AX1240S series switches are compact LAN switches that have various forms of functionality including rich authentication functionality. They are very suitable for establishing a floor or workgroup LAN.
Page 25: Features Of The Switch
1 Overview of the Switch 1.2 Features of the Switch (1) Unified lineup  Providing low-end switches  The Switches cover network edges as low-end Ethernet Layer 2 switches and provide consistent connectively, operability, and interoperability throughout the AX series. Gigabit Ethernet Layer 2 switch [AX2200S] Fast Ethernet Layer 2 switch [AX1250S] [AX1240S] (2) Support for a wide range of high-speed VLAN functionality...
Page 26 1 Overview of the Switch addresses.  Advanced and fine-grained packet filtering  Hardware-based high-performance filtering processes  Partial specification of L2, L3, or L4 headers  RADIUS-based switch login and password authentication can be set. (4) Hardware-based, advanced QoS delivered via Ethernet ...
Page 27 1 Overview of the Switch  Users can easily back up the configuration and save error information.  Simplified maintenance In the manuals for this series of switches, MC refers to an SD memory card, which appears in the description of operations and display items for an SD memory card.
Page 28 1 Overview of the Switch  LEDs can be set to blink or turn on in normal brightness when consoles are connected to the switches, ports are in the link-up state, and SD memory cards are inserted. The settings can be also changed so that LEDs automatically turn off after operations are completed.
Page 29: Switch Configuration
Switch Configuration This chapter describes all the Switch models, including their configurations and appearance. 2.1 Range of Switch models 2.2 Switch components...
Page 30: Range Of Switch Models
2 Switch Configuration 2.1 Range of Switch models These Switches are 1U size box-type Ethernet switches. AX2200S series switches are equipped with a maximum of 24 10BASE-T, 100BASE-TX, and 1000BASE-T ports. AX1250S series switches are equipped with a maximum of 24 10BASE-T and 100BASE-TX ports.
Page 31: External View
2 Switch Configuration 2.1.1 External view External views of the models are shown below. (1) AX2200S series Figure 2-1 AX2230S-24T model (1) Memory card slot (2) CONSOLE port (3) 10BASE-T/100BASE-TX/1000BASE-T Ethernet ports (4) SFP slots Figure 2-2 AX2230S-24P model (1) Memory card slot...
Page 32 2 Switch Configuration (2) AX1250S Series Figure 2-3 AX1250S-24T2C model (1) Memory card slot (2) CONSOLE port (3) 10BASE-T/100BASE-TX/1000BASE-T Ethernet ports (4) SFP slot (5) 10BASE-T/100BASE-TX Ethernet ports (3) AX1240S Series Figure 2-4 AX1240S-24T2C model (1) Memory card slot (2) CONSOLE port (3) 10BASE-T/100BASE-TX/1000BASE-T Ethernet ports (4) SFP slot (5) 10BASE-T/100BASE-TX Ethernet ports...
Page 33 2 Switch Configuration Figure 2-5 AX1240S-24P2C model (1) Memory card slot (2) CONSOLE port (3) 10BASE-T/100BASE-TX/1000BASE-T Ethernet ports (4) SFP slot (5) 10BASE-T/100BASE-TX Ethernet ports Figure 2-6 AX1240S-48T2C model (1) Memory card slot (2) CONSOLE port (3) 10BASE-T/100BASE-TX/1000BASE-T Ethernet ports (4) SFP slot (5) 10BASE-T/100BASE-TX Ethernet ports...
Page 34: Switch Components
2.2.1 Hardware The models of this Switch are designed under a uniform architecture. The following figures show the hardware configuration. (1) AX2200S series Figure 2-7 Hardware configuration (AX2230S-24T model) Figure 2-8 Hardware configuration (AX2230S-24P model) The device chassis includes the main board, a power supply (PS) unit, and a fan.
Page 35 2 Switch Configuration (a) Main board The main board consists of the CPU subunit, SW subunit, memory card (MC), flash subunit, PHY subunit, and PoE subunit.  CPU (central processing unit) subunit Switch-wide management, PHY subunit control, and protocol processing are performed by software.
Page 36 2 Switch Configuration (2) AX1250S Series Figure 2-9 Hardware configuration (AX1250S-24T2C model) The Switch chassis includes the main board and a power supply (PS) unit. (a) Main board The main board consists of the CPU subunit, SW subunit, memory card (MC), flash subunit, PHY subunit, and Sub-CPU subunit.
Page 37 2 Switch Configuration (3) AX1240S Series Figure 2-10 Hardware configuration (AX1240S-24T2C model) Figure 2-11 Hardware configuration (AX1240S-24P2C model)
Page 38 2 Switch Configuration Figure 2-12 Hardware configuration (AX1240S-48T2C model) The device chassis includes the main board, a power supply (PS) unit, and a fan. (a) Main board The main board consists of the SW subunit, memory card (MC), flash subunit, PHY subunit, Sub-CPU subunit, and PoE subunit.
Page 39: Software
2 Switch Configuration (c) FAN (AX1240S-24P2C and AX1240S-48T2C models) The Switch is equipped with fans that cool the inside of the Switch. 2.2.2 Software The following table describes which model of the Switch supports which software. Table 2-2 Which model supports which software Model Software Description...
Page 40 2 Switch Configuration...
Page 41: Capacity Limit
Capacity Limit This chapter describes the capacity limits for the Switch. 3.1 Line and module capacities 3.2 Capacity limits...
Page 42: Line And Module Capacities
3 Capacity Limit 3.1 Line and module capacities 3.1.1 Maximum number of lines The following table describes the maximum number of lines that each model can accommodate. Table 3-1 Maximum number of lines Model Ethernet 10/100BA 10/100BA 10/100/1000BASE-T 100BASE 1000BAS SE-TX SE-TX 1000BAS...
Page 43: Installed Memory
Memory cannot be expanded for the Switch. Table 3-2 Amount of memory installed on the main board, and capacity of the internal flash memory and memory card Item AX2200S series AX1250S Series AX1240S Series Capacity of the memory...
Page 44: Capacity Limits
3 Capacity Limit 3.2 Capacity limits (1) Login Security and RADIUS The following tables describe the maximum number of remote operation terminal logins allowed to the Switch, and the maximum number of RADIUS server information registrations. Table 3-3 Maximum number of remote operation terminal logins allowed to the Switch Model telnet All models...
Page 45 AX1240S-48T2C 12,800 Note: ALAXALA Networks Corporation recommends that you configure no more than 256 VLANs. The number of VLANS across all ports on the switch is the number of VLANs configured on each port added together for all the ports on the switch. For example, in a 24-port switch, if 200 VLANs are configured on ports 1 to 10, and one VLAN is configured on ports 11 to 24, the total per-port VLANs per switch will be 2014.
Page 46 3 Capacity Limit (a) Protocol VLAN A protocol-based VLAN identifies protocols based on the values of the Ethernet-Type, LLC SAP, and SNAP type fields in an Ethernet frame. The following table describes the number of discrete protocols that can be configured on a switch. Table 3-8 Maximum number of discrete protocols in a protocol-based VLAN Model Per port...
Page 47 3 Capacity Limit Table 3-12 Capacity limits for a Single-instance Spanning Tree Model Number of applicable VLAN ports VLAN ports VLANs (when PVST+ also used All models 1,024 This is the total number of ports configured in each VLAN incorporated in the Spanning Tree Protocol (the product of the VLAN count and port count).
Page 48 3 Capacity Limit Legend n/a: Not applicable The maximum recommended number of VLANs for a switch. A maximum of 256 VLANs are available for this Switch. However, a maximum of 255 VLANS are available for VLAN groups because the control VLAN needed for each ring accounts for one VLAN.
Page 49 3 Capacity Limit (8) IGMP snooping and MLD snooping The following table shows the capacity limits for IGMP/MLD snooping. Multicast MAC addresses learned in IGMP/MLD snooping are registered in the MAC address table. The following table shows the number of multicast MAC addresses that can be registered. Table 3-17 Capacity limits of IGMP/MLD snooping Item Maximum number...
Page 50 3 Capacity Limit Table 3-19 Maximum number of IPv4 addresses that can be set for a switch by a configuration command Model Maximum number of IPv4 addresses that can be set by a configuration command (per switch) All models (10) Maximum number of partner devices The following describes the maximum number of partner devices that the Switch can communicate with over a connected LAN.
Page 51 3 Capacity Limit (a) Number of filter entries on the receiving side The table below describes the maximum number of filter entries that can be set when you select the layer2-1 or layer2-2 flow detection mode for the receiving side. The flow detection condition depends on the selected mode.
Page 52 3 Capacity Limit (13) Layer 2 authentication functionality The following table describes the number of terminals to be authenticated for the entire Switch. Table 3-24 Number of terminals to be authenticated for the entire Switch Authentication mode Authentication type Number of terminals Entire system per authentication type...
Page 53 3 Capacity Limit When the number of authentication-failed terminals exceeds the maximum number, the terminal with the oldest update date is deleted so that the new failed terminal can be registered. (a) IEEE802.1X The following table describes the capacity limits for IEEE 802.1X. Table 3-26 Maximum number of terminals that can be authenticated for IEEE 802.1X Authentication mode Port-based...
Page 54 3 Capacity Limit The number of registered servers with the RADIUS account functionality is determined by the authentication RADIUS server setting (IEEE 802.1X authentication RADIUS server or general-use RADIUS server setting). Number of static entries in the MAC address table Maximum number of MAC addresses that can be registered due to the configuration's MAC VLAN capacity limits (b) Web Authentication...
Page 55 3 Capacity Limit Table 3-29 Capacity limits for Web authentication Item Maximum number Number of registered Switch default authentication method groups Authentication method list Number of registered Web authentication RADIUS servers Registered users in the internal Web authentication DB Total size of files that can be specified in Web authentication page switching 256 KB/device Number of registered Web authentication page 5/device...
Page 56 3 Capacity Limit (c) MAC-based Authentication The following table describes the capacity limits for MAC-based authentication.000 Table 3-30 Maximum number of MAC-based authentication terminals Authentication Port-based Per-VLAN Entire system mode Maximum Limit on Maximum Limit on Maximum Limit on number of number of number of terminals...
Page 57 3 Capacity Limit (14) Secure Wake-on-LAN [OP-WOL] The following table describes the capacity limits for the Secure Wake-on-LAN functionality. Table 3-32 Capacity limits for the Secure Wake-on-LAN functionality Item Maximum number Maximum number of users who can use the secure Wake-on-LAN function concurrently Maximum number of terminals that can be registered in the internal DB used to register the terminal that sends the startup command...
Page 58 3 Capacity Limit (16) IEEE 802.3ah/UDLD The following table describes the capacity limits for IEEE 802.3ah/UDLD. Table 3-35 Capacity limits for IEEE 802.3ah/UDLD Model Maximum number of link monitoring information items All models Maximum physical ports for the device (17) L2 Loop Detection The following table describes the transmission rates for L2 loop detection frames.
Page 59 3 Capacity Limit limits of the total number of CFM ports and total number of remote MEPs change if you change the CCM transmission interval. The following table describes the capacity limits for total CFM ports and total remote MEPs according to the set CCM transmission interval.
Page 60 3 Capacity Limit (19) Neighboring device information (LLDP) The following table describes the capacity limits for storing adjacent device information (LLDP). Table 3-41 Capacity limits for storing adjacent device information (LLDP) Model Item Maximum capacity AX2230S-24T LLDP neighboring device information AX2230S-24P AX1250S-24T2C LLDP neighboring device information...
Page 61: Part 2: Operation Management
Part 2: Operation Management Login Procedures This chapter describes how to start and stop the Switches, and how to log in and log out. This chapter also provides an overview of management tasks, and describes operation terminals and their configuration in a network. 4.1 Terminal-based management 4.2 Starting the switch 4.3 Login and logout...
Page 62: Terminal-Based Management
4 Login Procedures 4.1 Terminal-based management 4.1.1 Operation terminals A console or remote operation terminal is required to operate the Switch. A console is a terminal connected via RS232C, and a remote operation terminal is a terminal connected via an IP network. The Switch also supports network management by an SNMP manager over an IP network.
Page 63: Connection Characteristics
4 Login Procedures If you want to use a console with a communication speed other than 9600 bps (1200, 2400, 4800, or 19200 bps), change the communication speed on the Switch side using the line console speed operation command. Then change the speed of the terminal software so that it is the same as the Switch speed.
Page 64: Overview Of Operation Management Functionality
4 Login Procedures (1) Serial port The serial port is for console connections. Because you can log in via this port without performing any configuration settings, you can log in to the Switch immediately after deployment, and then enter the initial settings. (2) Communication port Using the communication port, you can log in to the Switch from a remote operation terminal or manage the network via an SNMP manager.
Page 65: Starting The Switch
4 Login Procedures 4.2 Starting the switch This section describes how to start and stop a Switch. 4.2.1 Workflow from starting to stopping the Switch The figure below shows the workflow from starting to stopping the Switch. For the hardware setup procedure, see the Hardware Instruction Manual.
Page 66: Starting A Switch
4 Login Procedures 4.2.2 Starting a switch The following table describes the procedures for starting and restarting the Switch. Table 4-4 Start and restart procedures Start method Description Procedure Power on Starts the Switch from the powered-off status. Turn the power switch on. Manual restart Resets the Switch after a failure.
Page 67: Login And Logout
Figure 4-4 Login window login: operator Password: ...1 Copyright (c) 2006-2012 ALAXALA Networks Corporation. All rights reserved. > ...2 Password: is displayed only when a password has been set. If a password has been set and you enter the password, the character string of the entered password is not displayed.
Page 68 4 Login Procedures...
Page 69: Command Operations
Command Operations This chapter describes how to specify commands on the Switch. 5.1 Command input mode 5.2 CLI operations 5.3 Notes on CLI operation...
Page 70: Command Input Mode
5 Command Operations 5.1 Command input mode 5.1.1 List of operation commands The following table lists and describes the operation commands related to command input mode transitions. Table 5-1 List of operation commands Command name Description enable Changes the command input mode from user mode to administrator mode.
Page 71 5 Command Operations Figure 5-1 Overview of mode transitions In the following situations, characters appear in front of the CLI prompt to show where you are: When you set a host name using the hostname configuration command, that host name appears in front of the prompt. If you edit the running configuration but have not saved it as the startup configuration file, an exclamation mark ( ) appears in front of the prompt.
Page 72: Cli Operations
5 Command Operations 5.2 CLI operations 5.2.1 Entry completion By pressing the Tab key on the command line, you can complete a partially entered command name or file name, which simplifies command input. The following figure shows an example of simplified command input using this functionality. Figure 5-4 Simplified command input using entry completion (config)# in[Tab] (config)# interface...
Page 73: Entry-Error Detection Functionality
5 Command Operations 5.2.3 Entry-error detection functionality If you enter a command or parameter incorrectly, an error message appears on the next line. For details on error messages, see 36. Error Messages on Configuration Editing in the Configuration Command Reference manual. Input errors when you press the Tab key or type a question mark are indicated in the same manner.
Page 74: History Functionality
5 Command Operations 5.2.5 History functionality The history functionality allows you to easily re-execute a command entered in the past, and to change part of the command before execution. The following figure shows some examples of using the history functionality. Figure 5-9 Simplified command input using the history functionality >...
Page 75: Paging
5.2.7 Keyboard command functionality Available keys depend on the terminal application and terminal settings. ALAXALA Networks Corporation recommends that you use the key combinations listed in the following table (in which keys whose specification is clearly defined in VT100 are used) for operation.
Page 76 5 Command Operations Keyboard Action of the Switch ESC + B Moves one word backward. ESC + F Moves one word forward. ESC + D Deletes from the cursor position to the end of the word.
Page 77: Notes On Cli Operation
5 Command Operations 5.3 Notes on CLI operation (1) Restrictions after login If an operation terminal crashes, the user's logged-in status is sometimes retained in the Switch. If this happens, wait for the user to be automatically logged out (2) Restrictions on the display of command line completion and Help Some commands have restrictions on command line completion and Help display.
Page 78 5 Command Operations Figure 5-11 Example of when more than one parameter (enclosed with [ ]) with no fixed character string keyword is entered (dhcp-config)# lease 360 [?] <Time hour> - [0-23] <Time min> - [0-59] <Time sec> - [0-59] <cr>...
Page 79 5 Command Operations (d) Restrictions on the number of characters for a command or parameter displayed in Help If a command or parameter has 24 or more characters, only the beginning 24 characters are displayed in Help. Figure 5-14 Example of when the number of characters displayed in Help is restricted (config)# switchport-backup startup-active-port-sel - Specify the mode of active port selection pattern at startup...
Page 80 5 Command Operations Figure 5-16 Example of <cr> shown when a command input is incomplete (example for ip access-list extended) (config-ext-nacl)# permit ip any host <PARAMs:input format> - [<Seq>] permit <Protocol> {<Src IPv4> <Src IPv4 wildc ard> | host <Src IPv4> | any} [*1] {<Dst IPv4> <Dst I Pv4 wildcard>...
Page 81 5 Command Operations (4) Setting of the console (RS232C) Use the console with the terminal operation mode set to VT100 and with the terminal size set to 80 characters/line × 24 lines.
Page 82 5 Command Operations...
Page 83: Configuration
Configuration The configuration and operating conditions of the Switch must be set to match the network environment. This chapter describes what you need to know when setting the configuration. 6.1 Configuration 6.2 Overview of editing a running configuration 6.3 Mode transitions when entering configuration commands 6.4 Configuration editing procedures 6.5 Configuration operations...
Page 84: Configuration
6 Configuration 6.1 Configuration Both at deployment and during operation, the administrator will need to perform configuration settings relating to the connected network and the operating conditions of the Switch. The switch configuration is not predefined at initial deployment. 6.1.1 Configuration at startup When you power on the Switch, the startup configuration file in internal flash memory is read and operation commences according to the file contents.
Page 85: Overview Of Editing A Running Configuration
6 Configuration 6.2 Overview of editing a running configuration You will need to edit the running configuration at initial deployment and after changing the network configuration. Editing at deployment must be performed on the console. The figure below shows the workflow. For details, see 6.4 Configuration editing procedures. Figure 6-2 Workflow when editing a running configuration...
Page 86: Mode Transitions When Entering Configuration Commands
6 Configuration 6.3 Mode transitions when entering configuration commands Edit configurations in the appropriate executable configuration mode. To edit a level-2 configuration, you must first switch from global configuration mode to a level-2 configuration mode using a mode transition command. You can then execute the required configuration commands.
Page 87 6 Configuration Figure 6-3 Overview of configuration mode transition...
Page 88: Configuration Editing Procedures
6 Configuration 6.4 Configuration editing procedures 6.4.1 Lists of configuration commands and operation commands The following table describes the configuration commands for editing and working with configurations. Table 6-1 List of configuration commands Command name Description Ends configuration command mode and returns you to administrator mode. exit Returns to the previous mode.
Page 89: Starting Configuration Editing (Configure Command And Configure Terminal Command)
6 Configuration 6.4.2 Starting configuration editing (configure command and configure terminal command) To edit a configuration, first execute the enable command to switch to administrator mode. Then enter the configure command or configure terminal command. The prompt changes , allowing you to edit the running configuration. The following figure shows an (config)# example of starting editing of a running configuration.
Page 90 6 Configuration (2) Displaying and checking configuration entries Using the show command in configuration mode, you can display and check configuration entries before or after they have been edited. Figure 6-6 Displaying all configuration entries to Figure 6-9 Displaying information for a specified interface in interface mode show examples of displayed configuration entries.
Page 91: Adding, Changing, And Deleting Configuration Entries
6 Configuration Display information about all fastethernet interfaces in the running configuration. Figure 6-8 Displaying information for a specified interface (config)# show interface fastethernet 0/1 ...1 interface fastethernet 0/1 switchport mode access switchport access vlan 100 (config)# Display interface 0/1 in the running configuration. Figure 6-9 Displaying information for a specified interface in interface mode (config)# interface fastethernet 0/1 ...1 (config-if)# show...
Page 92: Saving To The Configuration File
6 Configuration Move to VLAN 100 configuration mode. Change VLAN 100 from the active status to the inactive status. Move to Ethernet interface 0/1 configuration mode. Remove VLAN ID 100 from the defined accessed VLANs. Figure 6-11 Example of disabling and reinstating functionality (config)# interface fastethernet 0/1 !(config-if)# shutdown ...1...
Page 93: Ending Configuration Editing (Exit Command)
6 Configuration Change the configuration. Save to the startup configuration file. Figure 6-15 Example of saving the configuration (copy command) # configure ...1 (config)# ...2 !(config)# end ...3 !# copy running-config startup-config ...4 Do you wish to copy from running-config to startup-config? (y/n) :y Start editing the running configuration.
Page 94: Configuration Operations
6 Configuration 6.5 Configuration operations This section describes operations such as configuration backups and file transfers. 6.5.1 Transferring files using FTP Use the FTP protocol to transfer files between the Switch and a remote terminal. (1) Transferring a backup configuration file to the Switch Transfer the backup configuration file saved on the PC to the Switch by using the FTP protocol, and copy it to the startup configuration file by using the operation command.
Page 95: Transferring Files Using A Memory Card
6 Configuration Figure 6-18 Operations on the console screen: Copying the startup configuration file to the RAMDISK (copy command) > enable # copy startup-config ramdisk backup.cnf On your PC, open the command prompt window. Move to the directory in which the backup configuration file is to be stored, and log in to the Switch by using the FTP protocol.
Page 96: Notes On Applying A Backup Configuration File
6 Configuration Figure 6-21 Copying a backup configuration file on the Switch to a memory card (copy command) > enable # copy startup-config ramdisk backup.cnf ...1 # copy ramdisk backup.cnf mc backup.cnf ...2 Copy the startup configuration file to the RAMDISK. Copy the backup configuration file on the RAMDISK to a memory card.
Page 97: Remote Login
Remote Login This chapter describes remote access to the Switch from a remote operation terminal. 7.1 Description 7.2 Configuration 7.3 Operation...
Page 98: Description
7 Remote Login 7.1 Description To log in to the Switch from a remote operation terminal via the communication port, you must first configure the connection in the Switch, including configuring a VLAN and setting its IP address. At initial deployment, no VLANs, IP addresses, or other settings are defined. Log in from the console to set up the connection.
Page 99: Configuration
7 Remote Login 7.2 Configuration 7.2.1 List of configuration commands The following table describes configuration commands related to terminal connections and remote operations. Table 7-1 List of configuration commands Command name Description ftp-server Permits access from remote operation terminals using FTP. line vty Permits Telnet remote access to a switch.
Page 100: Permitting Login By Using The Telnet Protocol
7 Remote Login (config)# Switches to interface configuration mode for VLAN ID 100. Sets IPv4 address 192.168.1.1 and subnet mask 255.255.255.0 for VLAN ID 100. 7.2.3 Permitting login by using the Telnet protocol Points to note The switch's IP address must be assigned before you can use this procedure. Configure the Switch so that remote login is allowed via Telnet.
Page 101: Operation
7 Remote Login 7.3 Operation 7.3.1 List of operation commands The following table describes operation commands related to terminal connections and remote operations. Table 7-2 List of operation commands Command name Description set exec-timeout Specifies the length of time until the user is automatically logged out. set terminal pager Enables or disables paging.
Page 102 7 Remote Login...
Page 103: Login Security And Radius
Login Security and RADIUS This chapter describes login control, login security, and RADIUS for the Switch. 8.1 Setting login security 8.2 Description of RADIUS 8.3 Configuring RADIUS 8.4 RADIUS operations...
Page 104: Setting Login Security
8 Login Security and RADIUS 8.1 Setting login security 8.1.1 Lists of configuration commands and operation commands The following table describes the configuration commands related to login security. Table 8-1 List of configuration commands Command name Description aaa authentication login Specifies the authentication method to be used at remote login.
Page 105: Changing The Login User
8 Login Security and RADIUS minutes). You can change the auto-logout time by using the set exec-timeout operation command. Login from a remote operation terminal (via Telnet) also supports one-time password authentication using the SecurID mechanism engineered by RSA Security. For details on the one-time password authentication, see 14 One-time Password Authentication [OP-OTP] in the Configuration Guide Vol.
Page 106: Setting The Maximum Number Of Concurrent Users
8 Login Security and RADIUS Figure 8-4 Example of configuring permission for FTP access (config)# ftp-server (config)# 8.1.6 Setting the maximum number of concurrent users Using the line vty configuration command, you can enable login to the Switch from a remote operation terminal.
Page 107 8 Login Security and RADIUS Notes  An access list for use by the Switch does not depend on the settings of the flow detection mode.  IP addresses that meet the permit conditions are permitted remote login. IP addresses that meet the deny conditions are not permitted remote login. ...
Page 108: Description Of Radius
8 Login Security and RADIUS 8.2 Description of RADIUS 8.2.1 Overview of RADIUS RADIUS (Remote Authentication Dial In User Service) is a protocol that provides authentication and accounting services to a Network Access Server (NAS). A NAS is a device, such as a remote access server or router, that operates as a client of a RADIUS server.
Page 109 8 Login Security and RADIUS (1) Scope of RADIUS authentication RADIUS authentication can be used for the following operations:  Telnet access from a remote terminal (IPv4)  FTP access from a remote terminal (IPv4) RADIUS authentication cannot be used for the following operation: ...
Page 110: Authentication Using Radius
8 Login Security and RADIUS Table 8-4 Description of supported RADIUS attributes Attribute name Attrib Packet types Description value User-Name Access-Request The name of the user being authenticated. User-Password Access-Request The password of the user being authenticated, sent in encrypted form Login (value = 1), Ignored when attached to Service-Type Access-Request...
Page 111 8 Login Security and RADIUS Figure 8-7 Correlation diagram of authentication method configuration You can specify these authentication methods singly or in combination, which allows the user to be authenticated by the next specified method if authentication by the first specified method fails.
Page 112 8 Login Security and RADIUS If authentication fails when using the first specified method when end-by-reject is set, authentication is not performed using the next specified method. The entire authentication process is terminated at the first denial and is treated as a failure. The next specified method is used for authentication only when authentication fails due to an inability to communicate, for example if the RADIUS server does not respond.
Page 113: Connecting To Radius Servers
8 Login Security and RADIUS Use no more than 8 characters for a user ID, and no more than 16 characters for a password. 8.2.4 Connecting to RADIUS servers (1) Switch identification on the RADIUS server side The RADIUS server uses the sender IP address of the request packet to identify the RADIUS client.
Page 114 8 Login Security and RADIUS Figure 8-10 Relationship between the RADIUS server group information and the general-use RADIUS server information For the IP address, port number for authentication, and port number for accounting that are set for the RADIUS server group, use the same value with the general-use RADIUS server information (set by the radius-server host configuration command).
Page 115: Configuring Radius
8 Login Security and RADIUS 8.3 Configuring RADIUS 8.3.1 List of configuration commands The following table lists and describes the configuration commands related to RADIUS. Table 8-5 Configuration commands (RADIUS) Command name Description aaa group server radius Configures a RADIUS server group. server Configures a RADIUS server host in the RADIUS server group.
Page 116 8 Login Security and RADIUS The usual setup for remote access must be completed in advance. Command examples (config)# aaa authentication login default group radius local Specifies RADIUS authentication and local password authentication in that order as the login authentication methods. (config)# aaa authentication login end-by-reject Configures the settings so that the authentication process ends when denied by RADIUS authentication and local authentication is not performed.
Page 117: Configuring A Radius Server Group
8 Login Security and RADIUS than one method, specify either of them and specify local 8.3.3 Configuring a RADIUS server group Points to note Configure a RADIUS server group to be used for authentication. Set addresses to be used in a RADIUS server group from the addresses of the RADIUS servers set by the radius-server host configuration command...
Page 118 8 Login Security and RADIUS has been set or the radius-server key command has been configured).
Page 119: Radius Operations
8 Login Security and RADIUS 8.4 RADIUS operations 8.4.1 List of operation commands The following table lists and describes the operation commands related to RADIUS. Table 8-6 List of operation commands Command name Description show radius-server Displays the effective RADIUS server information set on the Switch. clear radius-server Changes the RADIUS server to which an authentication request is sent, to the initially set RADIUS server.
Page 120 8 Login Security and RADIUS IP address Port Timeout Retry Remain * 192.168.11.1 1813 <web-auth> [Authentication] IP address Port Timeout Retry Remain * 192.168.0.254 1812 [Accounting] IP address Port Timeout Retry Remain * 192.168.0.254 1813 <ra-group-1> [Authentication] IP address Port Timeout Retry Remain...
Page 121: Time Settings And Ntp
9 Time Settings and NTP Time Settings and NTP This chapter describes the tasks involved in deploying and managing the Switch. 9.1 Setting and checking the time 9.2 Configuration 9.3 Operation...
Page 122: Setting And Checking The Time
9 Time Settings and NTP 9.1 Setting and checking the time 9.1.1 Supported specifications Set the clock time at first deployment of the Switch. Time information is used in the Switch's log entries and in timestamps when files are created. Set the correct time when you begin using the Switch.
Page 123 9 Time Settings and NTP Table 9-2 Mode to be enabled when multiple modes are set (Y: the mode is set, N: the mode is not set) Unicast Multicast Broadcast Mode to be enabled Unicast Unicast Unicast Unicast Multicast Multicast Broadcast (1) Regularly requesting the time from the specified NTP server (Unicast mode) In this mode, set the address of the NTP server from which the Switch...
Page 124: Notes On Changing The Time
9 Time Settings and NTP (2) Obtaining the time from a multicast message (Multicast mode) In Multicast mode, the Switch receives the multicast time distribution from the NTP server, and updates the local time based on the obtained time information. Figure 9-3 Time acquisition in Multicast mode (3) Obtaining the time from a broadcast message (Broadcast mode) In Broadcast mode, the Switch receives the broadcast time distribution from...
Page 125: Configuration
9 Time Settings and NTP 9.2 Configuration 9.2.1 List of configuration commands The following table describes the commands used to configure time settings and NTP. Table 9-3 List of configuration commands Command name Description clock timezone Sets the time zone. ntp client server Sets the address of the NTP server from which time information can be obtained.
Page 126: Regularly Obtaining Time Information From The Ntp Server
9 Time Settings and NTP 9.2.3 Regularly obtaining time information from the NTP server Using the NTP client functionality, the Switch regularly obtains time information from the NTP server. Points to note You can set the address of the NTP server from which the Switch requests time information.
Page 127: Operation
9 Time Settings and NTP 9.3 Operation 9.3.1 List of operation commands The following table describes the operation commands related to time settings and NTP. Table 9-4 List of operation commands Command name Description set clock Displays and sets the date and time. set clock ntp Manually obtains time information from the NTP server.
Page 128 9 Time Settings and NTP...
Page 129: Device Management
Device Management This chapter describes the tasks involved in deploying and managing the Switch. 10.1 Settings related to status display and system operation 10.2 Backing up and restoring device information 10.3 Compatibility between AX2200S and AX1200S series switches 10.4 Failure recovery...
Page 130: Settings Related To Status Display And System Operation
10 Device Management 10.1 Settings related to status display and system operation 10.1.1 Lists of configuration commands and operation commands The following tables describe the configuration commands and operation commands needed to manage the Switch. Table 10-1 List of configuration commands Command name Description system fan mode...
Page 131: Checking The Software Version
10 Device Management Table 10-3 Operation commands (memory card and RAMDISK check) Command name Description show mc Displays the memory card format and card usage. show mc-file Displays the names and sizes of the files on the memory card. show ramdisk Displays the RAMDISK format and usage.
Page 132: Checking The Switch Status
10 Device Management 10.1.3 Checking the switch status Using the show system operation command, you can view the switch's activity status, installed memory, and other information. An example is shown below: Figure 10-2 Checking the switch status > show system Date 2012/07/06 10:11:19 UTC System: AX1240S-48T2C Ver.
Page 133 10 Device Management IPv4 Port 0/1-50 0/64 VLAN 0/64 > You can check the status of the fan and of the power supply unit, the temperature, and the total operating hours using the show environment operation command. The operation mode of the fan can be set by using the system fan mode configuration command.
Page 134: Displaying And Stopping Display Of The Operation Log On The Monitor
10 Device Management 10.1.4 Displaying and stopping display of the operation log on the monitor By setting the trace-monitor operation command, you can make the Switch display, on the monitor, operating information and failure information as operation logs on the operation terminal (console).
Page 135: Backing Up And Restoring Device Information
10 Device Management 10.2 Backing up and restoring device information When a Switch fault occurs or a Switch is replaced, you can restore the Switch by restoring the device information from a backup file. Carry out the tasks described in 10.2.2 Target information to be backed up and restored. You can also restore all information manually, but we do not recommend this because the Switch handles a wide variety of operating information which is complicated to manage and cannot be fully restored.
Page 136 10 Device Management Device information type Remarks command Web authentication database Internal Web authentication DB Registered HTML files for Web authentication pages Custom file set for the basic Web authentication page (Registered custom file set for the authentication page) Custom file set for the individual Web authentication page Certificate for Web authentication MAC-based authentication database...
Page 137: Compatibility Between Ax2200S And Ax1200S Series Switches
10.3.1 Compatibility between AX2200S and AX1200S series switches AX2200S series switches and AX1250S/AX1240S series switches have compatibility in some device information as shown in the following table. Table 10-8 Compatibility of device information between AX2200S series switches and AX1250S/AX1240S series switches AX2200S →...
Page 138 10 Device Management AX1250S/AX1240S command Change from AX1230S deny (ip access-list extended) The input format has been changed. deny (ip access-list standard) deny (mac access-list extended) permit (ip access-list extended) permit (ip access-list standard) permit (mac access-list extended) qos (ip qos-flow-list) qos (mac qos-flow-list) monitor session ip qos-flow-list...
Page 139: Compatibility Of Device Information Between Ax1250S Series Switches And Ax1240S Series Switches
10 Device Management 10.3.3 Compatibility of device information between AX1250S series switches and AX1240S series switches The table below shows the compatibility of device information between AX1250S series switches and AX1240S series switches.  The left side of an arrow (→) indicates the device on which the backup file was created.
Page 140: Compatibility Of Device Information Between Ax1250S/Ax1240S Series Switches And Ax1230S Series Switches
10 Device Management →: Restore destination of the created file Commands that are not supported on AX1250S series switches cannot be read. Cannot be restored by the restore operation command. 10.3.4 Compatibility of device information between AX1250S/AX1240S series switches and AX1230S series switches The table below shows the compatibility of device information between AX1250S and AX1240S series switches and AX1230S series switches.
Page 141 10 Device Management Device information type AX1230S→ AX1250S/AX1240S →AX1230S AX1250S/AX1240S Secure Wake-on-LAN terminal information database [OP-WOL] Secure Wake-on-LAN user authentication database [OP-WOL] Legend: Y: Compatible. N: Not compatible. R: With some restrictions --: Not supported and not be included in the backup file. →: Restore destination of the created file Commands that are not supported in AX1230S series switches cannot be read.
Page 142 10 Device Management When you restore the internal Web authentication DB on an AX1230S series switch, note the behaviors below. Note the following, also when you restore a backup file created by using the store web-authentication operation command: The internal Web authentication DB cannot be read to an AX1230S series switch if the DB has an entry with a user ID of 17 characters or more.
Page 143: Failure Recovery
10 Device Management 10.4 Failure recovery 10.4.1 Error locations and recovery processing Recovery processing differs according to the nature of the problem. The following table describes error locations and the recovery performed. Table 10-14 Error locations and recovery processing Error Switch response Recovery processing Scope of effect...
Page 144 10 Device Management on the console terminal to collect device status information, and then restore the Switch. When executing the operation command while automatic restoration show tech-support is disabled, only display to the console terminal is permitted. Therefore, do not specify the ramdisk page option in this command.
Page 145: Power Saving Functionality
Power Saving Functionality This chapter describes functionality and settings on the Switch for saving power. 11.1 Description of the power saving functionality 11.2 Power control configuration 11.3 Power control operation...
Page 146: Description Of The Power Saving Functionality
11 Power Saving Functionality 11.1 Description of the power saving functionality You can reduce power consumption of the Switch by using power saving functionality to put the Switch in sleep mode during the scheduled period, such as at night or during long holidays.
Page 147: Led Behavior
100BASE-FX [AX1250S] or 1000BASE-X port: SFP port 11.1.2 LED behavior This configuration function controls LED behavior in two steps for AX2200S series switches or in three steps for AX1250S and AX1240S series switches. Also, LED behavior can be automatically changed if you set a trigger for automatic operation in the Switch's configuration.
Page 148 11 Power Saving Functionality LED behavior setting configured by the system port-led configuration command Normal brightness (enable) Off (disable) LED type Device status LED status Brightness LED status Brightness status status Initial state Orange Regular Orange Regular Partial fault Blinking red Regular Blinking red Regular...
Page 149 11 Power Saving Functionality LED type Device Brightn Brightn Brightn status status status status status status status Available for Green Regular Green Reduce Blinking Reduce operation green at brightne long brightne intervals Under Blinking Regular Blinking Regular Blinking Regular preparation green green green...
Page 150 11 Power Saving Functionality LED behavior setting configured by the system port-led configuration command Normal brightness Power saving Off (disable) (enable) brightness (economy) LED type Device Brightn Brightn Brightn status status status status status status status Failed Gigabitethernet or SFP ports Fastethernet ports (2) Trigger for LED automatic operation By using the...
Page 151 11 Power Saving Functionality Figure 11-1 Transitions of automatic LED operation [AX2200S] Figure 11-2 Transitions of automatic LED operation [AX1250S] [AX1240S] The trigger for automatic operation depends on Table 11-4 Trigger for automatic operation and the resulting behavior. Transition conditions include trigger for automatic operation and timer control.
Page 152 11 Power Saving Functionality Conditions for transition to Off Timer control is used for transition to Off. LEDs transition to Off 60 seconds after the last transition to normal brightness. [AX2200S] Timer control is used for transition to Off. LEDs transition to Off 10 seconds after the last transition to power saving brightness.
Page 153 11 Power Saving Functionality Table 11-5 LEDs subject to the control of automatic operation and the scope of behavior [AX2200S] LED type LED behavior type and the Behavior scope of automatic operation Normal brightness Always turns on with normal brightness. LINK/ T/R Turned-on status changes depending on the two step...
Page 154: Port Power Saving
11 Power Saving Functionality LEDs for Fastethernet ports 11.1.3 Port power saving When Ethernet ports are inactive, this functionality lowers the power on the ports and reduces the power consumption Port power saving does the following:  Power saving for ports in the link-down status (Fastethernet and Gigabitethernet ports) ...
Page 155: Sleep Mode [Ax1250S] [Ax1240S]
11 Power Saving Functionality (2) Extended power saving for Gigabitethernet ports [AX1250S] [AX1240S] Extended power saving is enabled when is set for both Gigabitethernet ports on shutdown the Switch regardless of the power-control port cool-standby configuration command setting. Extended power saving reduces power consumption more than the setting by the power-control port cool-standby configuration command.
Page 156: Cooling Fan Control (Semi-Fanless Operation) [Ax1240S]
11 Power Saving Functionality 11.1.5 Cooling fan control (Semi-fanless operation) [AX1240S] Semi-fanless operation stops the fans in an environment that is determined to be acceptable by internal temperature monitoring and in which forced cooling of the device is not required. It also turns on the fans to start forced cooling (semi-fanless operation) when the ambient temperature is too high.
Page 157 11 Power Saving Functionality (1) Specifiable power saving functionality To set up power saving functions, specify the function and the period when it is to apply. The power saving functions available for user-defined power saving are listed below. To schedule power saving, select one or more of the functionalities according to your requirements to determine the combination of functionalities to be run at the same time.
Page 158 11 Power Saving Functionality (2) Start mode for the scheduling functionality You can use the set power-control schedule operation command to select either of the following two modes as the start mode for the scheduling functionality:  Schedule-enabled mode In this mode, both settings for a normal time range and a scheduled time range are applied.
Page 159 11 Power Saving Functionality (a) Enabling power control by date and time Specify the start and end dates and times for implementing power control. Example: From April 2 to April 5, 2009, the business system will have a reduced workload. In line with this expectation, schedule power control from 20:00 on April 1 to 8:00 on April 6, 2009.
Page 160 11 Power Saving Functionality (b) Enabling power control by day of the week and time Specify the start and end days of the week and times for implementing power control. Example: The office is closed every Saturday and Sunday, and the business system has a reduced workload on these two days.
Page 161 11 Power Saving Functionality (c) Enabling power control by daily time range Specify the start time and end time for implementing power control. Example: Normal office hours are from 8:30 to 17:00 every day, so the business system needs to operate at normal power from 8:00 to 20:00. Schedule power control from 20:00 every day to 8:00 the following day.
Page 162 11 Power Saving Functionality (d) Disabling power control by specific date and time You can disable power control for a specified time during a scheduled time range. Specify the start and end times for disabling the functionality. You can specify particular dates or days of the week, or certain times every day.
Page 163: Notes When The Power Saving Functionality Is Used
11 Power Saving Functionality 11.1.7 Notes when the power saving functionality is used (1) When port power saving is used [AX1250S] [AX1240S] Port power saving takes from 3 to 5 seconds to place ports in the link-up status. (2) Scheduling power control To use the same power saving functionality during a normal time range and a scheduled time range, perform the setting for both periods.
Page 164 11 Power Saving Functionality If sleep mode is set, the Switch switches to the sleep state when the scheduled execution time arrives. As a result, the following command settings are not applied:  schedule-power-control port-led  schedule-power-control port cool-standby  schedule-power-control shutdown interface (5) Interoperability of sleep mode and DHCP snooping [AX1250S] [AX1240S] If both sleep mode and DHCP snooping are enabled, set the time the Switch stays in sleep...
Page 165: Power Control Configuration
11 Power Saving Functionality 11.2 Power control configuration 11.2.1 List of configuration commands The following table describes the configuration commands for implementing power control. Table 11-11 List of configuration commands Command name Description For setting a normal time For setting a scheduled time range range system port-led...
Page 166: Led Behavior Setting
11 Power Saving Functionality 11.2.2 LED behavior setting (1) LED behavior setting Points to note In this setting, you set a Switch's LED behavior to power saving brightness. Command examples (config)# system port-led economy Sets the Switch's LED behavior to power saving brightness. Notes Power saving brightness is not supported by AX2200S.
Page 167: Setting Power Saving Based On Scheduling
11 Power Saving Functionality 11.2.5 Setting power saving based on scheduling This functionality operates under the power saving settings for sleep mode or for operations other than sleep mode.  Sleep mode (such as the year-end and New Year holidays, and other long holidays) [AX1250S] [AX1240S] ...
Page 168 11 Power Saving Functionality (2) Setting power saving for LED behavior and link-down ports during scheduled time range Points to note You can set LED behavior to Off, power saving for link-down ports, and blocking of unused ports. The following table describes the operating status before the configuration is set (normal time range) and after the configuration is set (scheduled time rage).
Page 169: Power Control Operation
11 Power Saving Functionality 11.3 Power control operation 11.3.1 List of operation commands The following table describes the operation commands for implementing power control. Table 11-13 List of operation commands Command name Description show power-control port Display the status of port power saving control. show power-control schedule Displays the operating status of the scheduling functionality.
Page 170: Displaying The Operating Status Of The Schedule
11 Power Saving Functionality 11.3.5 Displaying the operating status of the schedule Display the current status of the power saving schedule and the dates and times the power saving schedule has been enabled by using the show power-control schedule operation command.
Page 171: Software Management
Software Management This chapter describes how to update, back up, and restore the Switch's software. For further details, see the Software Update Guide. 12.1 List of operation commands 12.2 Software update...
Page 172: List Of Operation Commands
12 Software Management 12.1 List of operation commands The following table describes the operation commands related to software management. Table 12-1 List of operation commands Command name Description ppupdate Updates the software to a newer version. The newer version can be copied from a memory card to the RAMDISK or downloaded via FTP or a similar method.
Page 173: Software Update
12 Software Management 12.2 Software update Software update means updating an older version of your software to a later version. To update the software, copy the update file from a memory card to the RAMDISK on the Switch and execute the ppupdate operation command, or transfer the update file from a remote operation terminal, such as a PC, to the Switch and execute the...
Page 174 12 Software Management...
Page 175: Part 3: Network Interfaces
Part 3: Network Interfaces Ethernet This chapter describes Ethernet as used with the Switch. 13.1 Information common to all Ethernet interfaces 13.2 Configuration common to all Ethernet interfaces 13.3 Operations common to all Ethernet interfaces 13.4 Description of Fastethernet [AX1250S] [AX1240S] 13.5 Configuration of Fastethernet [AX1250S] [AX1240S] 13.6 Description of Gigabitethernet (RJ45) 13.7 Configuration of Gigabitethernet (RJ45)
Page 176: Information Common To All Ethernet Interfaces
13.1.1 Network configuration example The figure below shows an example of a typical Ethernet configuration that uses Switches. The AX2200S series switches for gigabit Ethernet and AX1250S/AX1240S series switches for fast Ethernet serve as line concentrators which connect the terminals on the floor.
Page 177: Control On The Mac And Llc Sublayers
13 Ethernet 13.1.3 Control on the MAC and LLC sublayers The following figure shows frame formats. Figure 13-2 Frame formats (1) MAC sublayer frame format (a) Preamble and SFD field The Preamble and SFD field contains a 64-bit binary number. The first 62 bits are repetitions of 10, and the last two bits are 11 (1010...1011).
Page 178: Mac Address Of The Switch
13 Ethernet (a) DSAP field The DSAP field indicates the destination service access point to which the LLC information section will be sent. (b) SSAP field The SSAP field indicates the source service access point from which the LLC information section was sent.
Page 179: Order Of Ethernet Frames
13 Ethernet (2) Functionality that uses a device MAC address The following table shows the types of functionality that use the device MAC address. Table 13-2 Functionality that uses a device MAC address Functionality Purpose VLAN MAC addresses of VLAN interfaces LACP for link aggregation Device identifier Spanning Tree Protocol...
Page 180 13 Ethernet (2) Order change of frames due to priority control Priority control based on CoS values is enabled by default on the Switch. Therefore, if received frames have different CoS values, the order of those frames might change. Figure 13-4 Order change of frames due to priority control...
Page 181: Configuration Common To All Ethernet Interfaces
13 Ethernet 13.2 Configuration common to all Ethernet interfaces 13.2.1 List of configuration commands The following table describes the configuration commands common to all Ethernet interfaces. Table 13-3 List of configuration commands Command name Description bandwidth Sets the port bandwidth. description Sets a supplementary description of the port.
Page 182: Setting Ethernet Interface Ports [Ax2200S]
(config)# interface gigabitethernet 0/1 (config-if)# exit Specifies the setting for the Gigabitethernet port 0/1. In the setting examples below, interface fastethernet is specified. For AX2200S series switches, however, use interface gigabitethernet instead. 13.2.3 Setting Ethernet interface ports [AX1250S] [AX1240S] Points to note To configure Ethernet, specify the interface port number, and then move to config-if mode to set up the information.
Page 183: Shutting Down A Port
13 Ethernet 13.2.5 Shutting down a port Points to note Configuring an Ethernet interface might require the execution of multiple commands. In such a case, if the port enters a link-up state before the configuration is complete, the Switch cannot communicate as expected. Therefore, we recommend that you shut down the port first, and then after the configuration is complete, exit the port from the shutdown state.
Page 184: Flow Control Settings
13 Ethernet (config-if)# link debounce time 5000 (config-if)# exit Sets the link-down detection timer value to 5000 milliseconds. Notes Using a link-down detection timer can prevent a link from becoming unstable. However, if a fault occurs, the time required for the interface to settle in the link-down status is longer.
Page 185: Using Jumbo Frames
13 Ethernet (1) Setting fixed MDI Points to note To configure MDI-X to always be used instead of automatic MDIX, disable automatic MDIX for the port. The following shows a configuration example for a Fastethernet port. Command examples (config)# interface fastethernet 0/24 Specifies the setting for port 0/24.
Page 186 13 Ethernet (2) Setting the MTU for all ports Points to note If you set 4096 octets as the MTU for the all ports on a Switch, jumbo frames without VLAN tags up to 4110 octets and jumbo frames with VLAN tags up to 4114 octets can be sent and received.
Page 187: Operations Common To All Ethernet Interfaces
13 Ethernet 13.3 Operations common to all Ethernet interfaces 13.3.1 List of operation commands The following table describes the operation commands common to Ethernet. Table 13-4 List of operation commands Command name Description show interfaces Displays Ethernet information. show port Displays Ethernet information in list format.
Page 188: Description Of Fastethernet [Ax1250S] [Ax1240S]
13 Ethernet 13.4 Description of Fastethernet [AX1250S] [AX1240S] A Fastethernet port uses a 10BASE-T or 100BASE-TX twisted pair cable (UTP). This section describes a 10BASE-T or 100BASE-TX interface. 13.4.1 Functionality (1) Connection interface: 10BASE-T or 100BASE-TX (a) Automatic 10BASE-T/100BASE-TX recognition (auto-negotiation) 10BASE-T and 100BASE-TX support connection methods that use automatic recognition (auto-negotiation) and fixed settings.
Page 189 13 Ethernet Settings on the Settings on the Switch remote device Method Interface Fixed settings Auto- negotiation 10BASE-T 10BASE-T 100BASE-TX 100BASE-TX half full duplex half duplex full duplex duplex full duplex Auto- 10BASE-T 10BASE-T 10BASE-T negotiati half duplex half duplex half duplex 10BASE-T 10BASE-T...
Page 190 13 Ethernet remote device when sending on the remote device must be regulated. When the Switch receives a pause packet, it regulates sending to the remote device. Flow control can be configured separately for sending and receiving packets. This functionality operates even if only one of them is configured.
Page 191 13 Ethernet Table 13-8 Flow control operation determined by the auto-negotiation result Switch Remote device Result of Flow control operation auto-negotiat ion on the Switch Send pause Receive Send pause Receive Pause packet packet pause packet pause sending sending packet packet regulated regulated...
Page 192 13 Ethernet Table 13-9 MDI and MDI-X pin mappings RJ45 MDI-X 100BASE-TX 10BASE-T 100BASE-TX 10BASE-T Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused For the 10BASE-T and 100BASE-TX cables, separate signal lines are used for sending (TD) and reception (RD).
Page 193 13 Ethernet See the format of frames in 13.1.3 Control on the MAC and LLC sublayers. (6) Notes when 10BASE-T or 100BASE-TX is connected  Make sure that the transmission speed and the duplex mode (full or half) settings on the local and remote devices are the same.
Page 194: Configuration Of Fastethernet [Ax1250S] [Ax1240S]
13 Ethernet 13.5 Configuration of Fastethernet [AX1250S] [AX1240S] 13.5.1 Configuring ports (1) Setting the transmission speed and duplex mode You can set the transmission speed and duplex mode used for communication between the Switch and a remote device. By default, the transmission speed and duplex mode are determined automatically by auto-negotiation.
Page 195: Flow Control Settings
13 Ethernet Notes Make sure that you set a valid combination for the transmission speed and duplex mode. If you use auto-negotiation, you must set auto-negotiation for both the transmission speed and the duplex mode. If you use fixed settings, you must use fixed settings for both the transmission speed and the duplex mode.
Page 196: Description Of Gigabitethernet (Rj45)
13 Ethernet 13.6 Description of Gigabitethernet (RJ45) A Gigabitethernet (RJ45) port uses a 10BASE-T, 100BASE-TX, or 1000BASE-T twisted pair cable (UTP). This section describes the 10BASE-T, 100BASE-TX, and 1000BASE-T interface. 13.6.1 Functionality (1) Connection interface: 10BASE-T, 100BASE-TX, and 1000BASE-T (a) Automatic recognition (auto-negotiation) of 10BASE-T, 100BASE-TX, and 1000BASE-T 10BASE-T, 100BASE-TX, and 1000BASE-T support connection methods that use automatic recognition (auto-negotiation) and fixed settings.
Page 197 13 Ethernet Settings on the remote Settings on the Switch device Method Interface Fixed settings Auto- negotiation 10BASE-T 10BASE-T 100BASE-TX 100BASE-TX half full duplex half duplex full duplex duplex half duplex half duplex 100BASE-T 100BASE-TX full duplex full duplex 1000BASE- half duplex 1000BASE- full duplex...
Page 198 13 Ethernet Settings on the remote Settings on the Switch device Method Interface Fixed settings Auto- negotiation 10BASE-T 10BASE-T 100BASE-TX 100BASE-TX half full duplex half duplex full duplex duplex 1000BASE- 1000BASE- full duplex full duplex 1000BASE- 1000BASE- full duplex full duplex and half duplex 10/100/1000...
Page 199 13 Ethernet Table 13-12 Flow control for sending on the switch Pause-packet send Pause-packet receive Flow control operation setting on the Switch setting on the remote device Enabled Sending on the remote device is regulated. Disabled Sending on the remote device is not regulated.
Page 200 13 Ethernet Table 13-14 Flow control operation determined by the auto-negotiation result Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sendin sending packet packet packet packet packet...
Page 201 13 Ethernet Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sendin sending packet packet packet packet packet packet regulated regulat on the ed on remote device? Switch...
Page 202 13 Ethernet Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sendin sending packet packet packet packet packet packet regulated regulat on the ed on remote device? Switch...
Page 203 13 Ethernet Note 2: For the 1000BASE-T cable, because all eight pins are used for both sending and reception (simultaneous bi-directional communication), the signal names are different from other cables. indicates a bi-directional data signal. BI_Dx (5) Jumbo frames Jumbo frame support allows a switch to forward frames whose total field size from DA (in the MAC header) to DATA is larger than 1518 octets.
Page 204: Automatic Sfp Recognition (Selection Of Media Type) [Ax1250S] [Ax1240S]
13 Ethernet Table 13-17 Order of changing line speed Down-shift Phase Configuration (speed parameter setting) Remar functionality auto auto 10 auto 10 auto 1000, 100 1000 auto 100, auto 10 10 100 10 100 10 100 1000 1000 10 100 10 100 --: A down-shift operation is not performed.
Page 205: Configuration Of Gigabitethernet (Rj45)
13 Ethernet 13.7 Configuration of Gigabitethernet (RJ45) 13.7.1 Configuring ports (1) Setting the transmission speed and duplex mode You can set the transmission speed and duplex mode used for communication between the Switch and a remote device. By default, the transmission speed and duplex mode are determined automatically by auto-negotiation.
Page 206: Flow Control Settings
13 Ethernet (config-if)# no shutdown (config-if)# exit Notes Make sure that you set a valid combination for the transmission speed and duplex mode. If you use auto-negotiation, you must set auto-negotiation for both the transmission speed and the duplex mode. If you use fixed settings, you must use fixed settings for both the transmission speed and the duplex mode.
Page 207 13 Ethernet Command examples (config)# interface range gigabitethernet 0/25-26 (config-if-range)# shutdown (config-if-range)# media-type rj45 Disables automatic media detection, and sets that a 10BASE-T, 100BASE-TX, or 1000BASE-T interface is used. (config-if-range)# no shutdown (config-if-range)# exit (3) Setting the media to SFP Points to note You must configure this setting if you choose to use SFP as the fixed media type.
Page 208: Description Of Gigabitethernet (Sfp)
13 Ethernet 13.8 Description of Gigabitethernet (SFP) A Gigabitethernet (SFP) port uses a 100BASE-FX or 1000BASE-X optical fiber cable. This section describes a 100BASE-FX or 1000BASE-X optical fiber interface. 13.8.1 Functionality 100BASE-FX or 1000BASE-X optical fiber interfaces are described below. (1) Connection interface: 100BASE-FX [AX1250S] The 100BASE-FX interface is supported.
Page 209 13 Ethernet (2) Connection interface: 1000BASE-X The 1000BASE-SX, 1000BASE-SX2, 1000BASE-LX, 1000BASE-LH, and 1000BASE-BX interfaces are supported. The transmission speed and duplex mode settings are fixed at 1000 Mbit/s and full duplex. 1000BASE-SX: This Ethernet interface is used for short-distance connections (550m max.
Page 210 13 Ethernet Table 13-19 Connection specifications for transmission speed and duplex mode (full or half) Settings on the remote device Settings on the Switch Method Interface Fixed settings Auto-negotiation 1000BASE 1000BASE full duplex full duplex Fixed settings 1000BASE half duplex 1000BASE 1000BASE full duplex...
Page 211 13 Ethernet Table 13-20 Flow control for sending on the switch Pause-packet send Pause-packet receive Flow control operation setting on the Switch setting on the remote device Enabled Sending on the remote device is regulated. Disabled Sending on the remote device is not regulated.
Page 212 13 Ethernet Table 13-22 Flow control operation determined by the auto-negotiation result Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sending sending packet packet packet packet packet...
Page 213 13 Ethernet Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sending sending packet packet packet packet packet packet regulate regulated d on the on the Switch? remote device?
Page 214 13 Ethernet Switch Remote device Result of Flow control auto-negotiation on operation the Switch Send Receive Send Receive Send Receive pause pause pause pause pause pause sending sending packet packet packet packet packet packet regulate regulated d on the on the Switch? remote device?
Page 215: Notes On Using Sfp
13 Ethernet (5) Jumbo frames Jumbo frame support allows a switch to forward frames whose total field size from DA (in the MAC header) to DATA is larger than 1518 octets. For details about frame formats, see 13.1.3 Control on the MAC and LLC sublayers. For details about the format of tagged frames, see the format of tagged frames in 17.5 VLAN tags.
Page 216 13 Ethernet (3) Notes on a 1000BASE-X connection  Only a connection by using auto-negotiation or a fixed connection in full-duplex mode is supported.  Make sure that the remote device (such as a switching hub) uses auto-negotiation or the fixed full-duplex mode setting. ...
Page 217: Configuration Of Gigabitethernet (Sfp)
13 Ethernet 13.9 Configuration of Gigabitethernet (SFP) 13.9.1 Setting 100BASE-FX ports [AX1250S] For a port for which 100BASE-FX is used, specify the transmission speed, full duplex, and media type. Points to note Configure as follows: transmission speed of 100 Mbit/s, full duplex, and a media type of SFP Command examples (config)# interface gigabitethernet 0/26...
Page 218: Flow Control Settings
13 Ethernet (config-if)# no shutdown (config-if)# exit Notes If you set a transmission speed of 1000 Mbit/s, always make sure that duplex full (full duplex). If the speed duplex settings are not specified correctly, auto-negotiation is used to establish a connection. 13.9.3 Flow control settings For details, see 13.2.7 Flow control settings.
Page 219: Description Of Poe [Ax2200S] [Ax1240S]
It can supply a maximum of 30.0 W of power. An AX2200S series switch can supply a maximum of 60.0 W of power. PoE is used for network devices installed at locations where external power is not readily available.
Page 220 Operates within system 2. (1) Power control for entirely Switch An AX2200S series switch controls the maximum amount of power that can be supplied by the entire Switch by means of two power supply systems: system 1 (for ports 0/1 to 0/4) and system 2 (for ports 0/1 to 0/4).
Page 221 13 Ethernet Table 13-26 Power control for each system Syst Applica Maximum power control operations Remarks ble port  0/1 to 0/4 For system 1, the maximum amount of power to System 1 default be supplied set by the configuration is allocated. 61.6 [W] ...
Page 222: Allocating Power Supplied By Poe [Ax1240S]
13 Ethernet 13.10.3 Allocating power supplied by PoE [AX1240S] (1) Capacity limits The following table describes the amount of power that the Switch can supply by using PoE, and the maximum number of PDs that can connect concurrently to (can receive power from) the switch.
Page 223: Setting Behavior Of When The Maximum Power Supply Is Exceeded
If more than one port has the same setting, the port with the lower port number is given priority. For an AX2200S series switch, the priority set for each port is used, and power supply to the ports that have a higher priority within system 1 or system 2 take precedence.
Page 224 This function secures power supply to the ports that have already been connected, without depending on the priority set for each port. For an AX2200S series switch, powered ports take precedence over other ports in the same system (system 1 or system 2).
Page 225 13 Ethernet (3) Relationship between the configuration and the powered port The following table describes the relationship between the priority setting by the configuration and the priority of powered port Table 13-28 Relationship between the configuration and the powered port Priority of powered port Priority setting by the Behavior of the port...
Page 226: Resuming And Stopping Power Supply, And The Port Status
13 Ethernet 13.10.5 Resuming and stopping power supply, and the port status (1) Resuming and stopping power supply by using an operation command You can use the activate power inline operation command to resume power supply to the Switch ports for which power supply has been stopped. However, the configuration of ports, execution of operation commands, and behavior of power saving schedule affect power control.
Page 227 13 Ethernet Table 13-30 Operation commands and the effect on power supply control Target Port setting Operation Effect on power Remarks commands supply control Switch None Not supported Port no shutdown inactivate interface power Other than inline never activate interface inactivate power Link-down due to power inline...
Page 228 13 Ethernet Table 13-31 Port status and the triggers of status transition Port status Trigger of status transition Port status after transition off (when no PD is A PD is connected (power supply is started). connected) inactivate power inline operation inact command is executed.
Page 229: Notes On Poe Usage
13 Ethernet Port status Trigger of status transition Port status after transition shutdown inact configuration command is set. activate power inline operation off (when no PD is command is executed. connected) on (when a PD is connected) A PD is disconnected. inact A PD is connected.
Page 230 Switch. (3) Connecting a device using Pre.STD AX2200S series switches do not support connection to a device using Pre.STD. For AX1240S series switches, use a straight cable to connect a PD that supports Pre.STD. A connection cannot be established by using a crossover cable.
Page 231: Configuration Of Poe [Ax2200S] [Ax1240S]
13.11.2 Setting the maximum amount of power that can be supplied for system 1 [AX2200S] An AX2200S series switch has two systems, system 1 and system 2, and you can set the maximum amount of power that can be supplied for the whole of system 1 in the configuration.
Page 232: Setting Port Priority
13 Ethernet Notes When this command is set or deleted, the new setting is applied after the Switch is restarted. 13.11.3 Setting port priority The Switch uses PoE with three priority levels. If the amount of available power is insufficient, a port with a lower priority level loses power earlier. If you do not want the Switch to supply power to specific ports, you can stop the supply of power to those ports.
Page 233: Allocating Power That Can Be Supplied To Each Port
13 Ethernet Moves from configuration command mode to administrator mode, and saves the settings. @# reload Restart OK? (y/n): y After the configuration setting is saved, is displayed in front of the prompt. Use the reload operation command to restart the Switch. Notes When this command is set or deleted, the new setting is applied after the Switch is restarted.
Page 234: Operation Of Poe [Ax2200S] [Ax1240S]
13 Ethernet 13.12 Operation of PoE [AX2200S] [AX1240S] The following table describes the list of operation commands for PoE. Table 13-33 List of operation commands Command name Description show power inline Displays PoE information. activate power inline Manually resumes the supply of power. inactivate power inline Manually stops the supply of power.
Page 235 13 Ethernet 0/21 off high 0/22 off high 0/23 off high 0/24 on high 15400 53.8 > Figure 13-8 Example of displaying the status of PoE power supply [AX1240S] > show power inline Please wait a little. Date 2012/07/03 20:46:06 UTC System Wattage: Threshold(W) 370.0...
Page 236 13 Ethernet...
Page 237: Link Aggregation
Link Aggregation This chapter describes link aggregation and its use. 14.1 Description of the basic link aggregation functionality 14.2 Configuration of the basic link aggregation functionality 14.3 Description of the link aggregation extended functionality 14.4 Configuration of the link aggregation extended functionality 14.5 Operation for link aggregation...
Page 238: Description Of The Basic Link Aggregation Functionality
14 Link Aggregation 14.1 Description of the basic link aggregation functionality 14.1.1 Overview Link aggregation is functionality that connects devices by establishing multiple links between the Ethernet ports of each device, and that treats these links as one virtual link. The virtual link is called a channel group.
Page 239: Mac Address Of The Channel Group
14 Link Aggregation Item Supported specifications Remarks Transmission speed between Only the same speed is used. A slow line is detached. ports Duplex mode Only full-duplex mode is supported. Legend: --: Not applicable A line that is slower than the maximum speed of link-up lines. 14.1.4 MAC address of the channel group A protocol such as the Spanning Tree Protocol requires the MAC address of a channel group.
Page 240 14 Link Aggregation Figure 14-2 Examples of configurations in which link aggregation is not possible (2) About configuring link aggregation To use link aggregation, the settings of the connected devices must match. If the settings of connected devices do not match, a communication loop might occur. When you configure link aggregation, first, change the status of the ports to link-down.
Page 241: Configuration Of The Basic Link Aggregation Functionality
14 Link Aggregation 14.2 Configuration of the basic link aggregation functionality 14.2.1 List of configuration commands The following table describes the commands used to configure the basic link aggregation functionality. Table 14-3 List of configuration commands Command name Description channel-group lacp system-priority Sets the LACP system priority for each channel group.
Page 242: Configuration Of Lacp Link Aggregation
14 Link Aggregation 14.2.3 Configuration of LACP link aggregation (1) Setting the channel group Points to note For LACP link aggregation, use the channel-group mode configuration command to specify the channel group number, and set either active passive mode in Ethernet interface configuration mode.
Page 243: Configuration Of A Port Channel Interface
14 Link Aggregation (config-if)# exit Sets the LACP port priority level of port 0/1 to (4) Setting the LACPDU sending interval Points to note Set the interval at which the remote device sends LACPDUs to the Switch. The Switch receives LACPDUs at the set interval. For the LACPDU sending interval, set long (30 seconds) or...
Page 244 14 Link Aggregation Table 14-4 Related commands for a port channel interface Functionality Command VLAN switchport mode switchport access switchport protocol switchport trunk switchport mac Spanning Tree Protocol spanning-tree portfast spanning-tree bpdufilter spanning-tree bpduguard spanning-tree guard spanning-tree link-type spanning-tree port-priority spanning-tree cost spanning-tree vlan port-priority spanning-tree vlan cost...
Page 245 14 Link Aggregation Functionality Command dot1x reauthentication dot1x timeout reauth-period dot1x timeout tx-period dot1x timeout supp-timeout dot1x timeout server-timeout dot1x timeout keep-unauth dot1x timeout quiet-period dot1x max-req dot1x ignore-eapol-start dot1x supplicant-detection dot1x force-authorized dot1x force-authorized vlan Uplink redundancy switchport backup interface switchport backup flush request transmit L2 Loop Detection loop-detection...
Page 246: Deleting A Channel Group
14 Link Aggregation (config)# interface port-channel 3 Switches channel group 3 to port channel interface configuration mode. (config-if)# switchport mode trunk (config-if)# exit Sets channel group 3 as a trunk port. (3) Shutdown of a port channel interface Points to note When shutdown is set for a port channel interface, communication over all ports...
Page 247 14 Link Aggregation Sets shutdown for port 0/1 to place the port in the link-down status so that the port can be removed safely from the channel group. (config-if)# no channel-group (config-if)# exit Deletes the channel group settings from port 0/1. (2) Deleting an entire channel group Points to note You can delete an entire channel group.
Page 248: Description Of The Link Aggregation Extended Functionality
14 Link Aggregation 14.3 Description of the link aggregation extended functionality 14.3.1 Standby link functionality (1) Description The standby link functionality replaces a faulty port with a standby port in the same channel group to maintain the number of active ports in the channel group. This functionality can prevent a reduction of available bandwidth if a fault occurs.
Page 249 14 Link Aggregation In link-not-down mode, sending from standby links (standby ports) stops, but the status of the standby links (standby ports) does not change to link-down. Because the standby links are in the link-up status, monitoring of faults can also be performed for these standby ports.
Page 250: Configuration Of The Link Aggregation Extended Functionality
14 Link Aggregation 14.4 Configuration of the link aggregation extended functionality 14.4.1 List of configuration commands The following table describes the commands used to configure the link aggregation extended functionality. Table 14-6 List of configuration commands Command name Description channel-group lacp Sets the system priority for a channel group.
Page 251 14 Link Aggregation Adds port 0/1 to channel group 5, and sets the port priority value to . Note that a smaller port priority value indicates a higher priority. Therefore, a port with the port priority value of 300, which is larger than the default value of 128, is selected for a standby link earlier than a port with the default priority.
Page 252: Operation For Link Aggregation
14 Link Aggregation 14.5 Operation for link aggregation 14.5.1 List of operation commands The following table describes the operation commands for link aggregation. Table 14-7 List of operation commands Command name Description show channel-group Displays link aggregation information. show channel-group statistics Displays the statistics for data packets sent and received for link aggregation.
Page 253 14 Link Aggregation information for each port is displayed. In the command execution result, Status indicates the communication status of a port. The following figure shows an example of executing the show channel-group detail operation command. Figure 14-5 Example of executing the show channel-group detail command >...
Page 254 14 Link Aggregation...
Page 255: Part 4: Layer 2 Switching
Part 4: Layer 2 Switching Layer 2 Switching Overview This chapter provides an overview of the Layer 2 switch functionality used to forward data over Layer 2 of the OSI model for the Switch. 15.1 Overview 15.2 Supported functions 15.3 Compatibility between Layer 2 switch functionality and other functionality...
Page 256: Overview
15 Layer 2 Switching Overview 15.1 Overview 15.1.1 MAC address learning When a Layer 2 switch receives a frame, it registers the source MAC address in a MAC address table. Each entry in the MAC address table contains the MAC address and port on which the frame was received, as well as an aging timer.
Page 257: Supported Functions
15 Layer 2 Switching Overview 15.2 Supported functions The table below describes the Layer 2 switch functionality supported by the Switch. Some types of functionality can be combined, but others cannot. The limitations regarding functionality combinations are shown below. Table 15-1 Supported Layer 2 switch functionality Supported functions Overview of authentication VLAN functionality MAC address learning...
Page 258: Compatibility Between Layer 2 Switch Functionality And Other Functionality
15 Layer 2 Switching Overview 15.3 Compatibility between Layer 2 switch functionality and other functionality When the Layer 2 switch functionality is used, other functionality might be restricted or disabled. The following table lists the restrictions regarding combinations of functionality. Note that only functionality with compatibility restrictions is shown in the table.
Page 259 15 Layer 2 Switching Overview Functionality used Functionality Available Inter-port relay Spanning Tree Protocol Partial blocking functionality DHCP snooping IGMP snooping MLD snooping GSRP aware See 5 Overview of Layer 2 Authentication in the Configuration Guide Vol. 2. See 18.3.2 Notes on using the inter-port relay blocking functionality. Table 15-3 Restrictions on Spanning Tree Protocols Functionality used Functionality...
Page 260 15 Layer 2 Switching Overview Functionality used Functionality Available Single Spanning Tree PVST+ Loop guard Ring Protocol Layer 2 Authentication Partial Uplink redundancy Partial See 5 Overview of Layer 2 Authentication in the Configuration Guide Vol. 2. Spanning Tree Protocols are forcibly disabled for ports that have been set to the primary port or secondary port of uplink redundancy.
Page 261 15 Layer 2 Switching Overview Functionality used Functionality Available MLD Snooping Default VLAN See 5 Overview of Layer 2 Authentication in the Configuration Guide Vol. 2...
Page 262 15 Layer 2 Switching Overview...
Page 263: Mac Address Learning
MAC Address Learning This chapter describes the MAC address learning functionality and its use. 16.1 Description of MAC address learning 16.2 MAC address learning configuration 16.3 MAC address learning operation...
Page 264: Description Of Mac Address Learning
16 MAC Address Learning 16.1 Description of MAC address learning The Switch performs Layer 2 switching, in which frames are forwarded to specific ports based on destination MAC address. Forwarding frames to specific ports according to their destination MAC address can prevent unnecessary traffic caused by unicast frame flooding.
Page 265: Clearing The Mac Address Table
16 MAC Address Learning statically by user specification. One port or channel group can be specified for a unicast MAC address. When a unicast MAC address is statically registered, dynamic learning is not performed for the address. Already learned entries are deleted from the MAC address table and registered as static entries.
Page 266: Notes
16 MAC Address Learning Trigger Description Route switched by the Ring "The Switch runs as a transit node." Protocol The MAC address table is cleared when the flush control frame sent from the master node when the path is switched is received. The MAC address table is cleared when the maintenance time for waiting for the flush control frame times out.
Page 267 16 MAC Address Learning Setting of Layer 2 authentication Setting of the aging time for the Aging operation MAC address table Operat Aging time The aging time is set to 0 seconds. One of the following authentication methods is enabled: IEEE802.1X ...
Page 268: Mac Address Learning Configuration
16 MAC Address Learning 16.2 MAC address learning configuration 16.2.1 List of configuration commands The following table describes the commands used to configure MAC address learning. Table 16-5 List of configuration commands Command name Description mac-address-table aging-time Sets the aging time for MAC address learning. mac-address-table static Sets a static entry.
Page 269 16 MAC Address Learning (2) Static entries specifying a link aggregation as the output destination Points to note The following shows an example in which a link aggregation is specified as the output destination. Command examples (config)# mac-address-table static 0012.e200.1122 vlan 10 interface port-channel 5 Sets the output destination for frames for the destination MAC address 0012.e200.1122 to channel group 5 on VLAN 10.
Page 270: Mac Address Learning Operation
16 MAC Address Learning 16.3 MAC address learning operation 16.3.1 List of operation commands The following table describes the operation commands for MAC address learning. Table 16-6 List of operation commands Command name Description show mac-address-table Displays information about the MAC address table. learning-counter When the parameter is specified, the learning...
Page 271 16 MAC Address Learning Date 2008/11/17 15:02:38 UTC Port Count 0/10 >...
Page 272 16 MAC Address Learning...
Page 273: Vlans
VLANs VLAN functionality divides a switch internally into virtual groups. This chapter describes VLANs and their use. 17.1 Description of the basic VLAN functionality 17.2 Configuration of the basic VLAN functionality 17.3 Description of port VLANs 17.4 Configuring port VLANs 17.5 Description of protocol VLANs 17.6 Configuration of protocol VLANs 17.7 Description of MAC VLANs...
Page 274: Description Of The Basic Vlan Functionality
17 VLANs 17.1 Description of the basic VLAN functionality This section provides an overview of VLANs. 17.1.1 VLAN type The following table describes the types of VLAN supported by the Switch. Table 17-1 Supported VLAN types Item Overview Port VLAN Divides a VLAN group by port.
Page 275: Default Vlan
17 VLANs Table 17-3 VLAN availability by port Port type VLAN type Port VLAN Protocol VLAN MAC VLAN Access port Protocol port MAC port Trunk port Legend Y: Can be used, N: Cannot be used (2) Native VLAN for ports Ports other than access ports (protocol ports, MAC ports, and trunk ports) might receive frames that do not match the port setup, such as when an IPv6 frame is received after the protocol port was set for only the IPv4 protocol.
Page 276 17 VLANs Table 17-4 Priority Port type Priority Access port Port VLAN Protocol port Protocol VLAN > port VLAN (native VLAN) MAC port VLAN Tag > MAC VLAN > port VLAN (native VLAN) Trunk port VLAN tag > port VLAN (native VLAN) Tagged frames can also be handled, depending on the configuration.
Page 277: Vlan Tags
17 VLANs Figure 17-1 Algorithm for determining the VLAN 17.1.5 VLAN tags (1) Overview VLAN tagging based on the IEEE 802.1Q standard, in which IDs called tags are inserted into Ethernet frames, can be used to configure multiple VLANs on one port. VLAN tags are used on the trunk port or MAC port.
Page 278 17 VLANs Figure 17-2 Tagged-frame format The following table describes the fields for VLAN tags. Table 17-5 VLAN tag fields field Description Conditions for the Switch TPID (Tag Protocol An Ether Type value indicating that the The Switch does not support setting of IEEE 802.1Q VLAN tag continues TPIDs, so it operates with TPIDs fixed to 0x8100.
Page 279: Notes On Vlan Usage
17 VLANs 17.1.6 Notes on VLAN usage (1) Notes on use with other functionality For details, see 15.3 Compatibility between Layer 2 switch functionality and other functionality. (2) Using VLAN 1 If, on VLAN 1 on the Switch, reception of frames is overloaded by broadcast frames, response to a ping command on another VLAN might be affected.
Page 280: Configuration Of The Basic Vlan Functionality
17 VLANs 17.2 Configuration of the basic VLAN functionality 17.2.1 List of configuration commands The following table describes the commands used to configure basic VLAN functionality. Table 17-6 List of configuration commands Command name Description name Sets a VLAN name. state Sets the VLAN status (started/stopped).
Page 281: Configuring Ports
17 VLANs then switches to VLAN configuration mode for VLANs 100 to 200. (config-vlan)# state suspend (config-vlan)# exit Stops in batch mode the port VLANs created with VLAN IDs 100 to 200. 17.2.3 Configuring ports Points to note Use the Ethernet interface configuration mode and port channel interface configuration mode to set the port type.
Page 282 17 VLANs Creates VLANs 10 to 20, 100, and 200 to 300. This sequence of commands also switches to the Ethernet interface configuration mode for port 0/1, and sets it as a trunk port. At this point, port 0/1 does not belong to any VLAN. (config-if)# switchport trunk allowed vlan 10-20 Sets VLANs 10 to 20 for port 0/1.
Page 283: Description Of Port Vlans
17 VLANs 17.3 Description of port VLANs A port VLAN divides a VLAN into groups by port. 17.3.1 Access ports and trunk ports A port VLAN allocates a single VLAN to a single port. The ports used for a port VLAN are set as access ports.
Page 284: Configuring Port Vlans
17 VLANs 17.4 Configuring port VLANs 17.4.1 List of configuration commands The following table describes the commands used to configure port VLANs. Table 17-7 List of configuration commands Command name Description switchport access Sets the access port VLAN. switchport mode Sets the port type (access or trunk).
Page 285: Configuring Native Vlans For Trunk Ports
17 VLANs (2) Setting access ports When a single VLAN is set to a single port and untagged frames are handled, it is set as an access port. Points to note Set a port for the access port and the VLANs handled by the access port. Command examples (config)# interface fastethernet 0/1 Switches to the Ethernet interface configuration mode for port 0/1.
Page 286 17 VLANs When the VLAN ID of a native VLAN is specified by the switchport trunk allowed vlan configuration command, the VLAN handles untagged frames on the trunk port. The native VLAN is VLAN 1 (the default VLAN) unless explicitly specified otherwise in the configuration.
Page 287: Description Of Protocol Vlans
17 VLANs 17.5 Description of protocol VLANs 17.5.1 Overview A protocol VLAN divides VLANs by protocol. Different VLANs can be configured for each protocol, such as IPv4 and IPv6. Multiple protocols can be set for the same protocol VLAN. The figure below shows an example protocol VLAN configuration. In the following example, VLANs A and B are configured with the IPv4 protocol, and VLAN C is configured with the IPv6 protocol.
Page 288: Protocol Ports And Trunk Ports
17 VLANs 17.5.3 Protocol ports and trunk ports Protocol ports identify the protocol for untagged frames. Ports used as protocol VLANs set a protocol port. Different VLANs over multiple protocols can be assigned to a protocol port. Trunk ports are used to connect multiple protocol VLANs to another LAN switch. Note that because trunk ports distinguish VLANs by their VLAN tag, they do not distinguish according to protocol.
Page 289: Configuration Of Protocol Vlans
17 VLANs 17.6 Configuration of protocol VLANs 17.6.1 List of configuration commands The following table describes the commands used to configure protocol VLANs. Table 17-9 List of configuration commands Command name Description protocol Sets the protocol for identifying VLANs in protocol VLANs. switchport mode Sets the port type (protocol or trunk).
Page 290 17 VLANs before creating a protocol VLAN. A protocol name and a protocol value are set for a protocol. Multiple protocol values can be associated with a single name. Because the IPv4 protocol requires that both an IPv4 EtherType value and an ARP EtherType value are specified at the same time, two protocol values are associated with IPv4.
Page 291: Configuring Native Vlan For Protocol Ports
17 VLANs (config-if-range)# switchport mode protocol-vlan (config-if-range)# switchport protocol vlan 10 (config-if-range)# exit Sets ports 0/1 and 0/2 as protocol ports. Then, sets VLAN 10. (config)# interface range fastethernet 0/3-4 (config-if-range)# switchport mode protocol-vlan (config-if-range)# switchport protocol vlan 20 (config-if-range)# exit Sets ports 0/3 and 0/4 as protocol ports.
Page 292 17 VLANs that do not match the protocol set on the protocol port. The native VLAN is VLAN 1 (the default VLAN) unless explicitly set otherwise in the configuration. If status suspend is set for a native VLAN, frames that do not match the set protocol are not forwarded.
Page 293: Description Of Mac Vlans
17 VLANs 17.7 Description of MAC VLANs 17.7.1 Overview MAC VLANs divide VLAN groups by source MAC address. MAC addresses can be registered with VLANs by configuration, or dynamically through the Layer 2 authentication functionality. MAC VLANs can be set to allow communication only with terminals permitted to connect by registering MAC addresses of permitted terminals during configuration, or by registering MAC addresses authenticated using the Layer 2 authentication functionality.
Page 294: Linkage With The Layer 2 Authentication Functionality
17 VLANs Figure 17-10 Switches connected by MAC ports 17.7.3 Linkage with the Layer 2 authentication functionality (1) Dynamically registering MAC addresses in a MAC VLAN MAC VLANs can link with the Layer 2 authentication functionality to dynamically registered MAC addresses with a VLAN. The following are types of the Layer 2 authentication functionality that can be linked: ...
Page 295: Optional Functionality Of Mac Ports
17 VLANs (2) Automatic VLAN assignment for a MAC port To set a VLAN for a MAC port, use the configuration command to swithcport mac vlan configure the setting, or use automatic assignment by using the Layer 2 authentication functionality. Automatic VLAN assignment operates with the following Layer 2 authentication methods: ...
Page 296 17 VLANs Forwarding destination Handling of tagged frames dot1q vlan VLANs specified by Tagged frames are sent. MAC ports (3) Notes on using the optional functionality (a) Exclusive setting of VLANs VLANs can be specified exclusively in the configuration commands below. A VLAN ID that has already been specified by one command cannot be specified by the other commands.
Page 297: Configuration Of Mac Vlans
17 VLANs 17.8 Configuration of MAC VLANs 17.8.1 List of configuration commands The following table describes the commands use to configure MAC VLANs. Table 17-12 List of configuration commands Command name Description mac-address Sets the MAC address, by configuration, for terminals belonging to VLANs for a MAC VLAN.
Page 298 17 VLANs Figure 17-11 Example MAC VLAN settings (1) Creating MAC VLANs and registering MAC addresses Points to note You can create a MAC VLAN. When a VLAN is created, a VLAN ID and the mac-based parameter are specified. As shown here, the MAC address belonging to the VLAN is also set. VLANs are registered for each terminal from A to C in the example configuration.
Page 299 17 VLANs Notes When MAC addresses are registered for MAC VLANs, the same MAC address cannot be registered for multiple VLANs. (2) Setting MAC ports Points to note The MAC port set for distinguishing VLANs by source MAC address for the MAC VLAN handles untagged frames.
Page 300: Configuring Native Vlans For Mac Ports
17 VLANs 17.8.3 Configuring native VLANs for MAC ports Points to note Native VLANs are set to handle untagged frames that do not match the MAC addresses registered for MAC VLANs on a MAC port. Only port VLANs can be set for native VLANs.
Page 301 17 VLANs Figure 17-12 Setting example of forwarding tagged frames on a MAC port Points to note The example below shows how to configure a MAC port and to configure the same port to handle tagged and untagged frames. For a MAC VLAN, set the MAC address of the terminal.
Page 302 17 VLANs Configures VLAN 10 as the VLAN that handles a tagged frame on a MAC port. (config-if)# switchport mac vlan 50 (config-if)# exit Configures VLAN 50 as the VLAN that handles untagged frames on a MAC port. Notes Note the following when using the switchport mac dot1q vlan configuration command:...
Page 303: Vlan Operation
17 VLANs 17.9 VLAN operation 17.9.1 List of operation commands The following table describes the VLAN operation commands. Table 17-13 List of operation commands Command name Description show vlan Displays information about VLANs. show vlan mac-vlan Displays the MAC addresses registered for MAC VLANs. 17.9.2 Checking VLAN status (1) Checking the status of VLAN settings You can check VLAN information with the...
Page 304 17 VLANs Description: PROT-VLAN0030 Spanning Tree: None(-) AXRP RING ID: AXRP VLAN group: IGMP snooping: MLD snooping: Untagged(0) Tagged(0) VLAN ID: 51 Type: MAC based Status: Up Learning: On BPDU Forwarding: EAPOL Forwarding: Router Interface Name: VLAN0051 IP Address: Source MAC address: 0012.e294.aadc(System) Description: VLAN0051 Spanning Tree: None(-) AXRP RING ID:...
Page 305 17 VLANs 0/23(ChGr:8) Down - Tagged 0/24(ChGr:8) Forwarding Tagged 0/25 Forwarding Tagged VLAN ID: 4094 Type: Port based Status: Up Learning: On BPDU Forwarding: EAPOL Forwarding: Router Interface Name: VLAN4094 IP Address: 192.168.0.150/24 Source MAC address: 0012.e294.aadc(System) Description: VLAN4094 Spanning Tree: None(-) AXRP RING ID:200 AXRP VLAN group:2 IGMP snooping:...
Page 306 17 VLANs 4094 Up 3/ 11 VLAN4094 Port AXRP (-) AXRP (C:Control-VLAN) S:IGMP/MLD snooping 4:IPv4 address configured > (5) Checking MAC addresses registered for MAC VLANs You can use the show vlan mac-vlan operation command to check the MAC addresses registered for MAC VLANs.
Page 307: Extended Vlan Functionality
Extended VLAN Functionality This chapter describes the VLAN extended functionality and its use. 18.1 Description of L2 protocol frame transparency functionality 18.2 Configuring the L2 protocol frame transparency functionality 18.3 Description of the inter-port relay blocking functionality 18.4 Configuration of the inter-port relay blocking functionality 18.5 Operation for the VLAN extended functionality...
Page 308: Description Of L2 Protocol Frame Transparency Functionality
18 Extended VLAN Functionality 18.1 Description of L2 protocol frame transparency functionality 18.1.1 Overview L2 protocol frame transparency functionality forwards Layer 2 protocol frames. The frames that are forwarded include Spanning Tree BPDUs, and EAPOL for IEEE 802.1X. Usually, protocol frames for these layers are not forwarded. The frames forwarded are handled as simple multicast frames on the Switch, and are not used as protocols by the Switch.
Page 309: Configuring The L2 Protocol Frame Transparency Functionality
18 Extended VLAN Functionality 18.2 Configuring the L2 protocol frame transparency functionality 18.2.1 List of configuration commands The following table describes the commands used to configure the L2 protocol frame transparency functionality. Table 18-1 List of configuration commands Command name Description l2protocol-tunnel eap Forwards EAPOL frames for IEEE 802.1X.
Page 310: Description Of The Inter-Port Relay Blocking Functionality
18 Extended VLAN Functionality 18.3 Description of the inter-port relay blocking functionality 18.3.1 Overview The inter-port relay blocking functionality blocks communication on all specified ports. This can improve security when applied to connections with servers for which only access from specific ports is allowed, and connections with terminals for which direct communication is to be blocked.
Page 311 18 Extended VLAN Functionality Functionality Operation DHCP snooping Operating DHCP snooping on a port that is blocking communication disables the inter-port relay blocking for DHCP frames (and ARP frames when dynamic ARP inspection is valid), so that these frames are forwarded. IGMP Snooping Operating IGMP snooping on a port that is blocking communication disables the inter-port relay blocking for IGMP frames, so that these frames are forwarded.
Page 312: Configuration Of The Inter-Port Relay Blocking Functionality
18 Extended VLAN Functionality 18.4 Configuration of the inter-port relay blocking functionality 18.4.1 List of configuration commands The following table describes the command used to configure the inter-port relay blocking functionality. Table 18-3 List of configuration commands Command name Description switchport isolation Blocks forwarding to the specified port.
Page 313: Changing Blocked Ports
18 Extended VLAN Functionality Switches to the Ethernet interface configuration mode for port 0/1. (config-if)# switchport isolation interface fastethernet 0/2,0/4 (config-if)# exit Blocks forwarding from ports 0/2 and 0/4 on port 0/1. This setting blocks one-way forwarding of transmissions to port 0/1. (config)# interface fastethernet 0/2 (config-if)# switchport isolation interface fastethernet 0/1 (config-if)# exit...
Page 314: Operation For The Vlan Extended Functionality
18 Extended VLAN Functionality 18.5 Operation for the VLAN extended functionality 18.5.1 List of operation commands The following table describes the operation command for the VLAN extended functionality. Table 18-4 List of operation commands Command name Description show vlan Checks the status of the settings for the VLAN extended functionality.
Page 315 18 Extended VLAN Functionality Description: VLAN4094 Spanning Tree: None(-) AXRP RING ID:200 AXRP VLAN group:2 IGMP snooping: MLD snooping: Port Information Forwarding Tagged 0/14 Down - Untagged 0/17(ChGr:8) Down - Tagged 0/18(ChGr:8) Down - Tagged 0/19(ChGr:8) Down - Tagged 0/20(ChGr:8) Down - Tagged 0/21(ChGr:8)
Page 316 18 Extended VLAN Functionality...
Page 317: Spanning Tree Protocol
Spanning Tree Protocol This chapter describes the Spanning Tree functionality and its use. 19.1 Overview of Spanning Tree Protocols 19.2 Configuration of the Spanning Tree operating mode 19.3 Description of PVST+ 19.4 PVST+ configuration 19.5 PVST+ operation 19.6 Description of Single Spanning Tree 19.7 Configuration of Single Spanning Tree 19.8 Operation for Single Spanning Tree 19.9 Description of Multiple Spanning Tree...
Page 318: Overview Of Spanning Tree Protocols
19 Spanning Tree Protocol 19.1 Overview of Spanning Tree Protocols 19.1.1 Overview The Spanning Tree Protocol is a Layer 2 loop prevention protocol. The Spanning Tree Protocol can be used to make Layer 2 networks redundant, and prevent loops. The following figure provides an overview of a network with a Spanning Tree Protocol applied.
Page 319: Spanning Tree Protocols And Rapid Spanning Tree Protocols
19 Spanning Tree Protocol Model name Build unit Overview Multiple Spanning Tree Per-MST-instance This kind of Spanning Tree Protocol is built by groups of multiple VLANs, called MST instances. If multiple VLANs belong to a single port, different tree build results are applied to each MST instance. The Switch allows the above Spanning Tree Protocols to be used as standalone or together.
Page 320 19 Spanning Tree Protocol Status Status overview Transition to the next status Blocking Status in which communication is not possible. In this 20 seconds (variable) or status, MAC address learning is not performed. This is the until BPDU reception status after link-up or of ports after topology stabilization and blocking.
Page 321: Configuration Components For Spanning Tree Topologies
19 Spanning Tree Protocol 19.1.4 Configuration components for Spanning Tree topologies Designing a Spanning Tree topology involves roles for bridges and ports, as well as parameters used to determine these roles. The following explains usage for these configuration components and topology designs. (1) Bridge role The table below describes bridge roles.
Page 322: Designing Spanning Tree Topologies
19 Spanning Tree Protocol (4) Path cost A value corresponding to the communication speed of each port on a switch is called the path cost. The total value of the port costs for all intermediate ports from a designated bridge to the root bridge is called the root path cost. If there are multiple paths to the root bridge, the root path cost is that of the shortest path.
Page 323: Stp Compatibility Mode
19 Spanning Tree Protocol (1) Selecting the root bridge by bridge IDs The switch with the lowest bridge ID is chosen as the root bridge. Normally, you set the bridge priority of the switch that you want to be the root bridge to the lowest value (highest priority).
Page 324 19 Spanning Tree Protocol corresponding port on the Switch because the port keeps pace with the remote port during this mode. Combinations of Spanning Tree Protocols that can be used on the Switch and the partner switch are shown in the following figure. Figure 19-5 Relationship of the switch operations in STP compatibility mode Under STP compatibility mode operation, high-speed transitions can no longer be performed on the corresponding port, requiring more time for communication to be...
Page 325: Notes Common To Spanning Tree Protocols
19 Spanning Tree Protocol 19.1.7 Notes common to Spanning Tree Protocols (1) CPU overloading If the CPU is overloaded, the BPDUs sent and received by the Switch are discarded, a timeout message might be output, the topology might change, and communication might be temporarily cut off.
Page 326: Configuration Of The Spanning Tree Operating Mode
19 Spanning Tree Protocol 19.2 Configuration of the Spanning Tree operating mode The following explains settings for the Spanning Tree operating mode. If the Switch is started without a configuration being set, it runs in the operating mode. pvst 19.2.1 List of configuration commands The following table describes the commands used to configure the spanning-tree operating mode.
Page 327 19 Spanning Tree Protocol Sets the Spanning Tree operating mode to pvst . PVST+ is automatically run for port VLANs. (config)# spanning-tree vlan 10 mode rapid-pvst Changes the operating mode of VLAN 10 to Rapid PVST+. Other port VLANs are run using PVST+, and VLAN 10 is run using Rapid PVST+.
Page 328 19 Spanning Tree Protocol Command examples (config)# spanning-tree mode mst Runs Multiple Spanning Tree. (4) Stopping Spanning Tree Protocols Points to note If Spanning Tree Protocols are not used, disable can be set to stop all Spanning Tree Protocols on the Switch. Command examples (config)# spanning-tree disable Stops all Spanning Tree operation.
Page 329: Description Of Pvst
19 Spanning Tree Protocol 19.3 Description of PVST+ PVST+ builds a tree for each VLAN. These trees can be used for load balancing. In addition, access ports can be used to connect with switches running on Single Spanning Tree. 19.3.1 Using PVST+ to balance load When Single Spanning Tree is used in a network that has redundant paths between switches, such as Switch A and Switch B in the figure below, access from each terminal to the server is concentrated on port 1 between Switches A and B.
Page 330 19 Spanning Tree Protocol configuration has the following advantages:  Problems that occur on an edge switch do not result in topology changes for other edge switches.  Load balancing can be performed among core switches. Single Spanning Tree is connected by access ports. The figure below shows a configuration example.
Page 331: Notes On Pvst+ Usage
19 Spanning Tree Protocol 19.3.3 Notes on PVST+ usage (1) Notes on use with other functionality For details, see 15.3 Compatibility between Layer 2 switch functionality and other functionality. (2) VLAN 1 (default VLAN) PVST+ and Single Spanning Tree Single Spanning Tree and VLAN 1 PVST+ cannot be run at the same time. When Single Spanning Tree is run, the VLAN 1 PVST+ is stopped.
Page 332: Pvst+ Configuration
19 Spanning Tree Protocol 19.4 PVST+ configuration 19.4.1 List of configuration commands The following table describes the commands used to configure PVST+. Table 19-9 List of configuration commands Command name Description spanning-tree cost Sets the path cost for a port. spanning-tree pathcost method Sets the margin of values used for path costs for a port.
Page 333: Configuring Pvst+ Topologies
19 Spanning Tree Protocol Notes  PVST+ runs automatically when nothing is displayed for the configuration. no spanning-tree vlan configuration command can be used to stop it, and the configuration can be checked to make sure it has stopped.  The maximum number of port VLANs on which PVST+ can run is 250.
Page 334: Configuring Pvst+ Parameters
19 Spanning Tree Protocol Command examples (config)# interface fastethernet 0/1 (config-if)# spanning-tree cost 100 (config-if)# exit Sets the path cost of port 0/1 to 100. (config)# spanning-tree pathcost method long (config)# interface fastethernet 0/1 (config-if)# spanning-tree vlan 10 cost 200000 (config-if)# exit Sets long (32-bit value) path costs to be used, and then changes port 0/1 for VLAN 10 to have a cost value of 200000.
Page 335 19 Spanning Tree Protocol max-age ≥ 2 x (hello-time + 1). When a parameter is changed, parameters must be adjusted on all switches comprising the Spanning Tree Protocol. (1) Setting BPDU sending intervals A short BPDU sending interval makes topology changes easier to detect. A longer interval requires more time to detect a topology change, but can reduce BPDU traffic and the load on the Spanning Tree program for the Switch.
Page 336 19 Spanning Tree Protocol (4) Setting status transition times For timer-based operation in PVST+ mode or Rapid PVST+ mode, the port status transitions at a fixed time interval. For the PVST+ mode, it transitions from Blocking to Listening, Learning, and then Forwarding, and for the Rapid PVST+ mode, it transitions from Discarding to Learning and then Forwarding.
Page 337: Pvst+ Operation
19 Spanning Tree Protocol 19.5 PVST+ operation 19.5.1 List of operation commands The following table describes the operation commands for PVST+. Table 19-11 List of operation commands Command name Description show spanning-tree Displays Spanning Tree information. show spanning-tree statistics Displays statistics about Spanning Tree Protocols. clear spanning-tree statistics Clears statistics about Spanning Tree Protocols.
Page 338: Description Of Single Spanning Tree
19 Spanning Tree Protocol 19.6 Description of Single Spanning Tree Single Spanning Tree creates topologies in which all switches are targets. 19.6.1 Overview Single Spanning Tree and one Spanning Tree Protocol can be used to avoid loops on all VLANs, and can handle more VLANs than PVST+ controlling individual VLANs. The figure below shows a network configuration based on Single Spanning Tree.
Page 339: Notes On Single Spanning Tree Usage
19 Spanning Tree Protocol Item VLAN Single Spanning Tree 251st and subsequent port VLANs target VLAN no spanning-tree VLANs for which PVST+ is stopped (specified by the vlan configuration command) Default VLANs (port VLANs with a VLAN ID of 1) Protocol VLANs MAC VLANs 19.6.3 Notes on Single Spanning Tree usage...
Page 340: Configuration Of Single Spanning Tree
19 Spanning Tree Protocol 19.7 Configuration of Single Spanning Tree 19.7.1 List of configuration commands The following table describes the commands used to configure Single Spanning Tree. Table 19-13 List of configuration commands Command name Description spanning-tree cost Sets the path cost for a port. spanning-tree pathcost method Sets the margin of values used for path costs for a port.
Page 341: Configuring Topologies For Single Spanning Tree
19 Spanning Tree Protocol 19.7.3 Configuring topologies for Single Spanning Tree (1) Setting bridge priority The bridge priority is a parameter for determining the root bridge. When a topology is designed, the highest priority is set for the switch to be used for the root bridge, and the second highest priority is set for the switch to be used next for the root bridge if a fault occurs on the root bridge.
Page 342: Configuring Single Spanning Tree Parameters
19 Spanning Tree Protocol (config)# spanning-tree pathcost method long (config)# interface fastethernet 0/1 (config-if)# spanning-tree single cost 200000 (config-if)# exit Sets long (32-bit value) path costs to be used, and then changes the port 0/1 for Single Spanning Tree to have a cost value of 200000. The path cost is 200000 on port 0/1 for only Single Spanning Tree, with other PVST+ using the same port running at 100.
Page 343 19 Spanning Tree Protocol requires more time to detect a topology change, but can reduce BPDU traffic and the load on the Spanning Tree program for the Switch. Points to note When no value is set, BPDUs are sent at two-second intervals. Normally, this setting is not required.
Page 344 19 Spanning Tree Protocol Points to note If no value is set, 15 seconds is used for the status transition time. When changing this parameter to a shorter time, make sure that the relationship between the BPDU maximum enabled time (max-age) and sending interval (hello-time) satisfies the following: 2 x (forward-time - 1) ≥...
Page 345: Operation For Single Spanning Tree
19 Spanning Tree Protocol 19.8 Operation for Single Spanning Tree 19.8.1 List of operation commands The following table describes the operation commands for Single Spanning Tree. Table 19-15 List of operation commands Command name Description show spanning-tree Displays Spanning Tree information. show spanning-tree statistics Displays statistics about Spanning Tree Protocols.
Page 346 19 Spanning Tree Protocol 0/25 Down Status:Disabled Role:- LoopGuard 0/26 Down Status:Disabled Role:- LoopGuard ChGr:1 Status:Learning Role:Designated RootGuard ChGr:8 Down Status:Disabled Role:- RootGuard >...
Page 347: Description Of Multiple Spanning Tree
19 Spanning Tree Protocol 19.9 Description of Multiple Spanning Tree 19.9.1 Overview The following explains the features of Multiple Spanning Tree. MST instances can be used to perform load balancing. MST regions can be used to divide large network configurations into smaller configurations, to simplify network design.
Page 348 19 Spanning Tree Protocol instance ID, and VLAN correspondence must be the same. These are set by configuration. Trees are built separately between MST regions and within MST regions, and the topology within an MST region can be built per MST instance. The following explains Spanning Tree Protocols that run both between MST regions and within MST regions.
Page 349: Designing Networks For Multiple Spanning Tree
19 Spanning Tree Protocol Figure 19-13 Overview of Multiple Spanning Tree 19.9.2 Designing networks for Multiple Spanning Tree (1) Configuring load balancing for each MST instance Multiple Spanning Tree allows load balancing to be performed for each MST instance. The figure below shows an example configuration for load balancing.
Page 350 19 Spanning Tree Protocol Figure 19-14 Load balancing configuration for Multiple Spanning Tree (2) Designing networks based on MST regions Network design becomes more complicated as network configurations grow larger, but MST regions can be used to divide them into smaller configurations to simplify network design, such as by implementing load balancing for each MST region.
Page 351: Compatibility With Other Spanning Tree Protocols
19 Spanning Tree Protocol Figure 19-15 Network configuration by MST region 19.9.3 Compatibility with other Spanning Tree Protocols (1) Compatibility with Single Spanning Tree Multiple Spanning Tree can be used with STP or Rapid STP when run with Single Spanning Tree.
Page 352: Notes On Multiple Spanning Tree Usage
19 Spanning Tree Protocol 19.9.4 Notes on Multiple Spanning Tree usage (1) Notes on use with other functionality For details, see 15.3 Compatibility between Layer 2 switch functionality and other functionality. (2) MST regions The range of VLANs that can be handled by the Switch and other switches might differ. To handle such switches as the same MST region, make sure that the corresponding VLANs belong to MST instance 0.
Page 353: Configuration Of Multiple Spanning Tree
19 Spanning Tree Protocol 19.10 Configuration of Multiple Spanning Tree 19.10.1 List of configuration commands The following table describes the commands used to configure Multiple Spanning Tree. Table 19-17 List of configuration commands Command name Description instance Sets VLANs belonging to Multiple Spanning Tree MST instances.
Page 354: Configuring Topologies For Multiple Spanning Tree
19 Spanning Tree Protocol Enables Multiple Spanning Tree and starts CIST operation. Notes When the no spanning-tree mode configuration command is used to delete operating mode settings for Multiple Spanning Tree, the default operating mode of is used. In this case, PVST+ operation starts automatically on the port VLAN. pvst (2) Setting regions and instances Points to note...
Page 355 19 Spanning Tree Protocol Command examples (config)# spanning-tree mst 0 root priority 4096 (config)# spanning-tree mst 20 root priority 61440 Sets the bridge priority of the CIST (instance 0) to 4096, and the bridge priority of instance 20 to 61440. (2) Setting path costs for each instance The path cost is a parameter for determining communication paths.
Page 356: Configuring Multiple Spanning Tree Parameters
19 Spanning Tree Protocol Notes When link aggregation is used, the default value for the path costs of a channel group is not the total of all ports in the channel group, but the speed of a single port. (3) Setting port priority for each instance The port priority is set to determine which port is used when a Spanning Tree Protocol is used to make connections between two switches redundant, and the path costs are the same value for both.
Page 357 19 Spanning Tree Protocol increase load on the Spanning Tree program due to an increase in BPDU traffic. If setting this parameter shorter than the default value (two seconds) causes timeout messages to be output and the topology to change frequently, change it back to the default value.
Page 358 19 Spanning Tree Protocol (5) Setting status transition times For timer-based operation, the port status transitions at a fixed time interval from Discarding to Learning, and then Forwarding. The time required for these status transitions can be set. A small value can be set to transition more quickly to the Forwarding status. Points to note If no value is set, 15 seconds is used for the status transition time.
Page 359: Operation For Multiple Spanning Tree
19 Spanning Tree Protocol 19.11 Operation for Multiple Spanning Tree 19.11.1 List of operation commands The following table describes the operation commands for Multiple Spanning Tree. Table 19-19 List of operation commands Command name Description show spanning-tree Displays Spanning Tree information. show spanning-tree statistics Displays statistics about Spanning Tree Protocols.
Page 360 19 Spanning Tree Protocol The Switch supports VLAN IDs of 1 to 4094, but VLAN IDs used for region settings are 1 to 4095 according to the standard. 1 to 4095 are explicitly displayed to make it possible to check the instances to which the VLAN IDs supported by the standard, 1 to 4095, belong.
Page 361: Description Of Common Spanning Tree Functionality
19 Spanning Tree Protocol 19.12 Description of common Spanning Tree functionality 19.12.1 PortFast (1) Overview PortFast is functionality for ports for which a terminal is connected and loops are known in advance not to occur. PortFast is not subject to Spanning Tree topology calculations, allowing communication immediately after link-up.
Page 362: Bpdu Filter
19 Spanning Tree Protocol the BPDU guard functionality is applied, when a BPDU is received, the port becomes inactive, instead of running as a Spanning Tree target port. Ports put in the inactive status can be released using the activate operation command.
Page 363 19 Spanning Tree Protocol Figure 19-17 Problems that occur during unidirectional link faults Loop guard functionality transitions the status of a port for which BPDU reception has been cut off to a non-transferrable status until another BPDU is received. When BPDU reception starts, operation resumes as a normal Spanning Tree target port.
Page 364 19 Spanning Tree Protocol PortFast Configuration definition Loop guard operation Functiona lity Configuration for each port Configuration for each switch (spanning-tree guard) (spanning-tree loopguard default) Root guard is set (root) No command specified command specified No command specified Disabled Loop guard is set (loop) (Priority is given to the configuration for each port.) Guard disabled (none)
Page 365: Root Guard
19 Spanning Tree Protocol functionality must be enabled on switches between both ports, and the ports must be linked up again. 19.12.4 Root guard (1) Overview Unintended topologies might occur if a switch is accidentally connected or a setting is changed somewhere where the network is not managed.
Page 366 19 Spanning Tree Protocol Table 19-22 Operating conditions of root guard Configuration definition Root guard operation Configuration for each port Configuration for each switch (spanning-tree guard) (spanning-tree loopguard default) Loop guard is set (loop) (Priority is given to the configuration of each port.) Guard disabled (none) Root guard is set (root) No command specified...
Page 367: Configuration Of The Common Spanning Tree Functionality
19 Spanning Tree Protocol 19.13 Configuration of the common Spanning Tree functionality 19.13.1 List of configuration commands The following table describes the commands used to configure common Spanning Tree functionality. Table 19-23 List of configuration commands Command name Description spanning-tree bpdufilter Sets BPDU filter functionality for each port.
Page 368: Setting Bpdu Filters
19 Spanning Tree Protocol (config)# interface fastethernet 0/3 (config-if)# switchport mode trunk (config-if)# spanning-tree portfast trunk (config-if)# exit Specifies port 0/3 for the trunk port, so that PortFast functionality is applied. It is not applied by default to the trunk port. The trunk parameter needs to be specified to specify each port.
Page 369: Configuring Loop Guards
19 Spanning Tree Protocol Points to note BPDU filter functionality can be set for each interface. Command examples (config)# interface fastethernet 0/1 (config-if)# spanning-tree bpdufilter enable (config-if)# exit Sets BPDU filter functionality for port 0/1. 19.13.4 Configuring loop guards When a unidirectional link fault occurs, such as when a one-way line is cut, and BPDU reception is cut off, a loop might have occurred.
Page 370: Configuring Link Types
19 Spanning Tree Protocol VLANs are set to be blocked. When Multiple Spanning Tree is running, only ports for corresponding instances are set to be blocked, but if the corresponding port is a boundary port, ports for all instances are set to be blocked. Command examples (config)# interface fastethernet 0/1 (config-if)# spanning-tree guard root...
Page 371: Operation For Common Spanning Tree Functionality
19 Spanning Tree Protocol 19.14 Operation for common Spanning Tree functionality 19.14.1 List of operation commands The following table describes the operation command for common Spanning Tree functionality. Table 19-24 List of operation commands Command name Description show spanning-tree Displays Spanning Tree information. 19.14.2 Checking the status of common Spanning Tree functionality Use the show spanning-tree detail...
Page 372 19 Spanning Tree Protocol Priority:36862 MAC address:0012.e2c4.2772 Designated Bridge Priority:36862 MAC address:0012.e2c4.2772 Root Cost:0 Port ID Priority:128 Number:20 Message Age Timer:2(0)/20 >...
Page 373: Description Of The Ring Protocol
Description of the Ring Protocol This chapter describes the Autonomous Extensible Ring Protocol. The Autonomous Extensible Ring Protocol (abbreviated hereafter to Ring Protocol) is a Layer 2 network redundancy protocol for ring topologies. 20.1 Overview of the Ring Protocol 20.2 Basic Ring Protocol principles 20.3 Overview of single ring operation 20.4 Overview of multi-ring operation 20.5 Multi-fault monitoring functionality for the Ring Protocol...
Page 374: Overview Of The Ring Protocol
20 Description of the Ring Protocol 20.1 Overview of the Ring Protocol 20.1.1 Overview The Ring Protocol is a Layer 2 network redundancy protocol that detects faults in networks in which switches are connected in rings, and performs high-speed path switching accordingly.
Page 375: Features
20 Description of the Ring Protocol 20.1.2 Features (1) Ethernet-based ring networks The Ring Protocol is an Ethernet-based network redundancy protocol. Whereas conventional ring networks typically use dual-link fiber optics such as with FDDI, the Ring Protocol can be used to build ring networks using Ethernet. The following figure shows an example Ring Protocol application.
Page 376 20 Description of the Ring Protocol Figure 20-3 Example Ring Protocol application (part 2) (2) Simple operation method Networks using the Ring Protocol have a simple configuration consisting of one master node and other transit nodes. Ring status monitoring (for faults and fault restoration) and path switching operations are primarily performed by the master node, and the other transit nodes switch paths according to instructions from the master node.
Page 377: Supported Specifications
20 Description of the Ring Protocol 20.1.3 Supported specifications The following table describes the items and specifications supported by the Ring Protocol. Table 20-1 Items and specifications supported by the Ring Protocol Item Description Applicable Layer 2 layer Layer 3 Ring Single ring configuration...
Page 378: Basic Ring Protocol Principles
20 Description of the Ring Protocol 20.2 Basic Ring Protocol principles 20.2.1 Network configuration The following shows the basic network configurations when the Ring Protocol is used, and the positions of the Switches. (1) Single ring configuration The following figure shows the single ring configuration and the positions of the Switches. Figure 20-4 Single ring configuration A single ring configuration consisting of one master node and multiple transit nodes is called a single ring configuration.
Page 379: Control Vlan
20 Description of the Ring Protocol Figure 20-5 Multi-ring configuration Each node in the ring runs as a single independent ring. Therefore, ring fault detection and recovery detection are performed independently by each ring. (3) Multi-ring configurations with shared links The figure below shows the positions of the Switches in a multi-ring configuration with shared links.
Page 380: Fault Monitoring Methods
20 Description of the Ring Protocol frames is used to restrict the range for sending control frames. These VLANs are called control VLANs, and the same VLAN is used for all nodes constituting a ring. Because control VLANs use a single common VLAN for each ring, in a multi-ring configuration, different VLANs need to be used in neighboring rings.
Page 381: Overview Of Single Ring Operation
20 Description of the Ring Protocol 20.3 Overview of single ring operation 20.3.1 Normal ring operation The following figure shows normal operation for a single ring. Figure 20-7 Normal ring operation (1) Master node operation To prevent fault misdetection due to one-way link faults, health check frames are sent from two ring ports.
Page 382 20 Description of the Ring Protocol Figure 20-8 Operation during a ring fault (1) Master node operation A fault is determined to have occurred when health check frames in both directions are not received within the pre-determined time. Switching operation is performed as follows on the master node that detects the fault: 1.
Page 383: Operation When Recovery Is Detected
20 Description of the Ring Protocol MAC address table entries allows paths to be switched quickly. 20.3.3 Operation when recovery is detected The following figure shows operation when recovery from a ring fault is detected for a single ring. Figure 20-9 Operation during fault recovery (1) Master node operation When a ring fault has been detected, and a health check frame sent by the current node is received, recovery from the ring fault is determined, and the following restoration...
Page 384 20 Description of the Ring Protocol (2) Transit node operation The following operations are performed on a transit node that receives a flush control frame sent from a master node: 5. Flush control frames are transferred. Any received flush control frames are transferred to the next node. 6.
Page 385: Overview Of Multi-Ring Operation
20 Description of the Ring Protocol 20.4 Overview of multi-ring operation The following explains multi-ring configurations, focusing on those with shared links. For details about multi-ring configurations without shared links, because operation is the same as for single rings, see 20.3 Overview of single ring operation. In this section, HC is used to refer to a health check frame, HC(M) is used to refer to a health check frame sent by the master node, and HC(S) is used to refer to a health check frame sent by a shared node.
Page 386 20 Description of the Ring Protocol link non-monitoring ring placed at both ends of the shared link. Of the two ring ports, these health check frames are sent from the ring port that is not a shared link. This means that when a fault occurs on a shared link, even though the master node of the shared link non-monitoring ring can no longer receive the health check frames it sent itself, fault detection can be prevented while health check frames can be received from the terminal...
Page 387: Operation For Shared Link Faults And Restoration
20 Description of the Ring Protocol Figure 20-12 Normal operation for shared link monitoring rings (a) Master node operation To prevent fault misdetection due to one-way link faults, health check frames (HC(M)s) are sent from two ring ports. Monitoring is performed to check that HC(M)s in both directions are received within the pre-determined time.
Page 388 20 Description of the Ring Protocol Figure 20-13 Operation during shared link faults (a) Master node operation for shared link monitoring rings When a fault occurs on a shared link, the master node can no longer receive HC(M)s from both directions, and a ring fault is detected. As with a single ring, the following fault operations are performed for the master node detecting the fault: 1.
Page 389: Operation For Faults And Restoration Other Than For Shared Links In A Shared Link Non-Monitoring Ring
20 Description of the Ring Protocol Figure 20-14 Operation during shared link recovery (a) Master node operation for shared link monitoring rings When a ring fault has been detected, and the master node receives an HC(M) it sent itself, it determines that recovery from the ring fault has occurred. As with a single ring, the following restoration operations are performed: 1.
Page 390 20 Description of the Ring Protocol Figure 20-15 Operation during a ring fault other than for shared links on shared link non-monitoring rings (a) Master node operation for shared link non-monitoring rings The master node of a shared link non-monitoring ring detects a ring fault when it receives neither the two-way HC(M) sent by itself nor the HC(S) sent by a shared node.
Page 391: Faults And Restoration Other Than For Shared Links In A Shared Link Monitoring Ring
20 Description of the Ring Protocol Figure 20-16 Operation for recovery from a ring fault other than for shared links in a shared link non-monitoring ring (a) Master node operation for shared link non-monitoring rings When a ring fault has been detected, and either the master node receives an HC(M) that it sent itself, or an HC(S) sent by shared nodes are received from both directions, recovery from the ring fault is determined.
Page 392 20 Description of the Ring Protocol Figure 20-17 Operation during ring faults other than for shared links in a shared link monitoring ring (a) Master node operation for shared link monitoring rings When a fault occurs in a shared link monitoring ring, the master node can no longer receive HC(M)s from both directions, and detects a ring fault.
Page 393 20 Description of the Ring Protocol Figure 20-18 Operation for recovery from a ring fault other than for shared links in a shared link monitoring ring (a) Master node operation for shared link monitoring rings When a ring fault has been detected, and the master node receives an HC(M) it sent itself, it determines that recovery from the ring fault has occurred.
Page 394: Multi-Fault Monitoring Functionality For The Ring Protocol
20 Description of the Ring Protocol 20.5 Multi-fault monitoring functionality for the Ring Protocol 20.5.1 Overview The Multi-fault monitoring functionality monitors multi-faults for shared link monitoring rings on multi-ring configurations with shared links, and switches paths to shared link non-monitoring rings when a multi-fault is detected. Here, the shared link non-monitoring ring used for path switching is called a backup ring.
Page 395: Basic Configuration For The Multi-Fault Monitoring Functionality
20 Description of the Ring Protocol 20.5.2 Basic configuration for the multi-fault monitoring functionality The multi-ring configurations with shared links to which the multi-fault monitoring functionality can be applied are those in which the shared link non-monitoring rings used as the backup ring and the shared link monitoring ring are associated one-to-one.
Page 396: Operation When Multi-Faults Occur
20 Description of the Ring Protocol The following figure gives an overview of multi-fault monitoring operation. Figure 20-21 Overview of multi-fault monitoring operation (1) Operation for each node in a shared link monitoring ring For details about master node and transit node operation in a shared link monitoring ring, because operation is the same as that for multi-rings, see (2) Shared link monitoring rings in 20.4.1 Normal ring operation.
Page 397 20 Description of the Ring Protocol Figure 20-22 Operation during shared link faults (a) Operation for each node in a shared link monitoring ring 1. A ring fault is detected because HC(M)s are not received. The master node can no longer receive HC(M)s from both directions, and detects a ring fault.
Page 398 20 Description of the Ring Protocol Figure 20-23 Operation when multi-faults occur (a) Operation for each node in a shared link monitoring ring 1. A multi-fault is detected for the shared link monitoring ring. Shared nodes can no longer receive multi-fault monitoring frames for both ring ports, and a multi-fault is detected.
Page 399: Operation During Multi-Fault Recovery
20 Description of the Ring Protocol (a) Operation for each node in a backup ring 1. A ring fault is detected due to no reception of HC(S)s. The master node receives neither HC(M)s sent by itself from both directions nor HC(S)s sent by shared nodes, and detects a ring fault.
Page 400 20 Description of the Ring Protocol (b) Operation for each node in a backup ring 2. HC(S) sending is restarted. The shared node that detected multi-fault recovery starts sending backup ring HC(S)s again. (2) Switchback operation from backup rings The following figure shows switchback operation from a backup ring. Figure 20-26 Switchback from backup rings (a) Operation for each node in a backup ring 1.
Page 401 20 Description of the Ring Protocol Figure 20-27 Operation during recovery from a shared link fault (a) Operation for each node in a shared link monitoring ring 1. Ring restoration is detected due to HC(M) reception. When the master node receives an HC(M) sent by itself, it determines that recovery from the ring fault has occurred, and performs restoration.
Page 402: Ring Protocol Network Design
20 Description of the Ring Protocol 20.6 Ring Protocol network design 20.6.1 Using VLAN mappings (1) VLAN mappings and VLANs for data transfer When multiple ring IDs are set for a single switch, such as in a multi-ring configuration, the same VLAN needs to be set multiple times for each ring ID.
Page 403: Prohibited Ring Protocol Configurations
20 Description of the Ring Protocol (forwarding-delay-time) and the reception hold time for flush control frames (forwarding-shift-time) Set a smaller value for the forwarding transition time for the control VLAN forwarding-delay-time ) than the value for the reception hold time for flush control frames for the data transfer VLAN ( forwarding-shift-time ).
Page 404: Notes On Ring Protocol Usage
20 Description of the Ring Protocol 20.7 Notes on Ring Protocol usage (1) Notes on use with other functionality For details, see 15.3 Compatibility between Layer 2 switch functionality and other functionality. (2) VLANs used for control VLANs Ring Protocol control frames are tagged frames. Therefore, set VLANs used for control VLANs in allowed vlan (native VLANs cannot be used) for trunk ports.
Page 405 20 Description of the Ring Protocol (8) When multi-faults occur within a network When multiple faults occur between different nodes in the same ring (a multi-fault), because the master node was already performing fault detection for the first fault, the second and subsequent faults are not detected.
Page 406 20 Description of the Ring Protocol...
Page 407: Settings And Operation For The Ring Protocol
Settings and Operation for the Ring Protocol This chapter explains example settings for the Ring Protocol. 21.1 Configuration 21.2 Operation...
Page 408: Configuration
21 Settings and Operation for the Ring Protocol 21.1 Configuration To use the Ring Protocol functionality, axrp axrp vlan-mapping mode control-vlan vlan-group , and axrp-ring-port need to be set. Set the appropriate configuration for all nodes. 21.1.1 List of configuration commands The following table describes the configuration commands used to configure the Ring Protocol on the Switch.
Page 409: Configuring Ring Ids
21 Settings and Operation for the Ring Protocol (3) Setting the mode and port Perform ring configuration settings and settings related to the placement of the Switch within a ring. If the combination of settings contains a conflict, the Ring Protocol functionality will not operate properly.
Page 410: Setting Vlan Mappings
21 Settings and Operation for the Ring Protocol command). If the ring port of a transit node is changed to the forwarding status before the master node detects restoration from an incorrect setting, a loop might occur temporarily. Command examples (config)# axrp 1 (config-axrp)# control-vlan 2 forwarding-delay-time 10 (config-axrp)# exit...
Page 411: Configuring A Vlan Group
21 Settings and Operation for the Ring Protocol 21.1.6 Configuring a VLAN group Points to note VLAN mappings can be assigned to a VLAN group so that the VLAN IDs can be made to belong to the VLAN group used for the Ring Protocol. As many as two VLAN groups can be set for a single ring.
Page 412: Configuring Modes And Ring Ports (For Multi-Ring Configurations With Shared Links)
21 Settings and Operation for the Ring Protocol (1) Transit node Points to note The operating mode can be set for the Switch to transit mode in a ring. The Ethernet interface or port channel interface can be specified for a ring port. Set two ring ports for each ring.
Page 413 21 Settings and Operation for the Ring Protocol Figure 21-3 Multi-ring configurations with shared links (basic configuration) (a) Transit nodes for shared link monitoring rings This is the same as transit nodes for a single ring. For details, see (1) Transit node in 21.1.7 Settings for modes and ring ports (for single rings and multi-ring configurations without shared links).
Page 414 21 Settings and Operation for the Ring Protocol Figure 21-4 Multi-ring configurations with shared links (extended configuration) (a) Nodes (transit) within shared links for shared link non-monitoring rings Points to note The operating mode for the Switch can be set the operating mode for the Switch to transit mode in a ring.
Page 415: Setting Various Parameters
21 Settings and Operation for the Ring Protocol (config-if)# exit (config)# interface fastethernet 0/2 (config-if)# axrp-ring-port 1 shared (config-if)# exit Switches to the interface mode for ports 0/1 and 0/2, and sets the target interface as the shared link port for ring ID 1. 21.1.9 Setting various parameters (1) Disabling the Ring Protocol functionality Points to note...
Page 416 21 Settings and Operation for the Ring Protocol Command examples (config)# axrp 1 Switches to axrp configuration mode for ring ID 1. (config-axrp)# multi-fault-detection vlan 20 (config-axrp)# exit Sets VLAN 20 as the multi-fault monitoring VLAN. Notes Set the multi-fault monitoring VLAN on all nodes in shared link monitoring rings to which the multi-fault monitoring functionality is applied.
Page 417: Operation
21 Settings and Operation for the Ring Protocol 21.2 Operation 21.2.1 List of operation commands The following table describes the operation commands for the Ring Protocol. Table 21-2 List of operation commands Command name Description show axrp Displays Ring Protocol information. show port Displays the usage status of the Ring Protocol for a port.
Page 418 21 Settings and Operation for the Ring Protocol Ring ID:2 Name:O-Ring Oper State:enable Mode:Transit Control VLAN ID:20 Forwarding Shift Time (sec):15 Last Forwarding:flush request receive VLAN Group ID:1 VLAN ID:200 Ring Port:0/25 Role:- State:forwarding Ring Port:0/26 Role:- State:forwarding VLAN Group ID:2 VLAN ID:- Ring Port:- Role:-...
Page 419: Using The Ring Protocol With Spanning Tree Protocols/Gsrp
Using the Ring Protocol with Spanning Tree Protocols/GSRP This chapter explains how to use the Ring Protocol on the same switch as a Spanning Tree Protocol or GSRP. 22.1 Using the Ring Protocol with Spanning Tree Protocols 22.2 Using the Ring Protocol with GSRP...
Page 420: Using The Ring Protocol With Spanning Tree Protocols
22 Using the Ring Protocol with Spanning Tree Protocols/GSRP 22.1 Using the Ring Protocol with Spanning Tree Protocols The Switch cannot use the Ring Protocol together with a Spanning Tree Protocol. However, if a switch that can use the Ring Protocol together with a Spanning Tree Protocol (such as AX2400S, AX3600S, and AX6700S series switches) exists in the ring, the Switch can be in the ring configuration as a transit node.
Page 421 22 Using the Ring Protocol with Spanning Tree Protocols/GSRP Figure 22-2 Example of using the Ring Protocol together with a Spanning Tree Protocol and the positions of the Switches (multi-ring configuration) The Switches only perform forwarding of virtual link control frames (described below) and clearing of MAC address table entries.
Page 422: Using The Ring Protocol With Gsrp
22 Using the Ring Protocol with Spanning Tree Protocols/GSRP 22.2 Using the Ring Protocol with GSRP The Switch cannot use the Ring Protocol together with GSRP. However, if a switch that can use the Ring Protocol together with GSRP (such as AX2400S, AX3600S, and AX6700S series switches) exists in the ring, the Switch can be in the ring configuration as a transit node.
Page 423 22 Using the Ring Protocol with Spanning Tree Protocols/GSRP Figure 22-4 Example of the Ring Protocol and GSRP being used together and the positions of the Switches (when direct links are not used on a ring network) The Switches only perform forwarding of virtual link control frames described below and clearing of the MAC address table.
Page 424 22 Using the Ring Protocol with Spanning Tree Protocols/GSRP...
Page 425: Dhcp Snooping
DHCP Snooping This chapter describes the DHCP snooping functionality and how to use it. 23.1 Description of the DHCP snooping functionality 23.2 Configuration of DHCP snooping 23.3 DHCP snooping operation...
Page 426: Description Of The Dhcp Snooping Functionality
23 DHCP Snooping 23.1 Description of the DHCP snooping functionality DHCP snooping monitors the DHCP packets that pass through the Switch to restrict access from untrusted terminals.  With DHCP snooping, clients whose IP addresses have been assigned by DHCP servers and terminals with fixed IP addresses are registered for management in a binding database.
Page 427 23 DHCP Snooping Figure 23-2 Relationship between the functionality and behavior of the binding database The following table cross-references functionality details and explains the settings. Table 23-1 Supported functionality of DHCP snooping Item Functionality Settings reference reference alit Monitoring DHCP packets See 23.1.1.
Page 428: Monitoring Dhcp Packets
23 DHCP Snooping Item Functionality Settings reference reference alit Limiting the rate of DHCP packet reception See 23.1.4. See 23.2.5. Dynamic ARP inspection Basic inspection See 23.1.5. See 23.2.6. Optional inspection See 23.1.5. See 23.2.6. Limiting the rate of ARP packet reception See 23.1.5.
Page 429 23 DHCP Snooping Figure 23-3 DHCP snooping port types The Switch monitors DHCP packets for terminals connected to untrusted ports, and excludes the following types of access:  Suppressing IP address release requests from terminals not registered in the DB The Switch discards IP address release requests received on untrusted ports from terminals not registered in the DB.
Page 430 23 DHCP Snooping Figure 23-4 Overview of DHCP packet monitoring When you use the ip dhcp snooping configuration command to enable DHCP snooping, all the ports are untrusted by default. Set the port to which an authorized DHCP server is connected as a trusted port.
Page 431: Terminal Filtering
23 DHCP Snooping Item Dynamic registration Static registration Information to be Terminal MAC MAC address of a DHCP MAC addresses of terminals registered address. client with fixed-IP addresses Terminal IP address IP address handed out by the IP addresses of terminals DHCP server with fixed-IP addresses IP addresses in the following ranges are available for...
Page 432 23 DHCP Snooping Figure 23-5 Overview of terminal filtering (example of terminal filtering for source IP addresses and source MAC addresses) This discards packets with source IP addresses and source MAC addresses that have not been registered in the binding database. (2) Permitting communication by a terminal with a fixed-IP address You can permit communication by a terminal with a fixed-IP address (such as a department server) connected to an untrusted port, by statically registering terminal information in the...
Page 433: Forwarding Dhcp Packets With Option 82
23 DHCP Snooping 23.1.3 Forwarding DHCP packets with Option 82 In a configuration with a DHCP relay agent, such as a Layer 3 switch, placed between the Switch and a DHCP client, the DHCP relay agent might add Option 82 information to DHCP packets sent from the DHCP client.
Page 434: Dynamic Arp Inspection Functionality
23 DHCP Snooping DHCP packets exceeds the specified reception rate, this function discards the excess DHCP packets. You can set the reception rate by using the ip dhcp snooping limit rate configuration command. If the reception rate is not set, it has no limit. The rate of DHCP packet reception is limited only on untrusted ports, not on trusted ports.
Page 435 23 DHCP Snooping by the ip arp inspection trust configuration command) (2) Basic inspection of dynamic ARP inspection In the basic inspection, the Switch checks whether the information in the ARP packets received on untrusted ports matches the entries in the binding database. The following figure shows the basic inspection of dynamic ARP inspection.
Page 436 23 DHCP Snooping Figure 23-9 Relationship between a basic inspection and an optional inspection of dynamic ARP inspection (a) Source MAC address specification (src-mac check) This inspection item checks if the source MAC address and the sender MAC address of a received ARP packet are the same.
Page 437: Saving A Binding Database
23 DHCP Snooping Fields of an ARP packet src-mac check dst-mac check ip check Reque Reply Reque Reply Reque Reply Ethernet Destinatio header Source ARP header Sender Target Legend: Y: Subject to inspection --: Not subject to inspection (4) Limiting the rate of ARP packet reception If the dynamic ARP inspection is enabled, ARP packets that are received on ports belonging to VLANs subject to dynamic ARP inspections and that exceed the configured reception rate are discarded.
Page 438 23 DHCP Snooping (2) Saving when the wait-to-write time expires The timer for the wait-to-write time is triggered by one of the following save events. The binding database is saved to the specified location when the timer expires.  A dynamic binding database is registered, updated, or deleted. ...
Page 439: Notes On Using Dhcp Snooping
23 DHCP Snooping Operation Save location Activation triggers terminal. copy-config Executed from an OAN. (4) Save location for the binding database The binding database can be saved to internal flash memory or to a memory card. The save location must be specified in the configuration. In both cases, all entries are saved when the database is saved, and they are overwritten each time the database is subsequently saved.
Page 440 23 DHCP Snooping (2) Using the dynamic ARP inspection functionality To use the dynamic ARP inspection, you need to set the following DHCP snooping configurations to generate the binding database.  Configuration command ip dhcp snooping : Enables DHCP snooping. ...
Page 441: Configuration Of Dhcp Snooping
23 DHCP Snooping 23.2 Configuration of DHCP snooping 23.2.1 List of configuration commands The following table describes the commands used to configure DHCP snooping. Table 23-6 List of configuration commands Command name Description ip arp inspection limit rate Sets the ARP packet reception rate (the number of ARP packets that can be received per second) on the applicable port.
Page 442: Basic Configuration (When Dhcp Snooping Is Performed Via A Layer 3 Switch)
23 DHCP Snooping Figure 23-11 Configuration procedure for DHCP snooping 23.2.3 Basic configuration (when DHCP snooping is performed via a Layer 3 switch) This subsection describes the basic configuration for using DHCP snooping. In a configuration where a DHCP server and a department server are connected via a Layer 3 switch, set the port connecting to the Layer 3 switch as a trust port.
Page 443 23 DHCP Snooping Figure 23-12 Configuration example where DHCP snooping is performed via a Layer 3 switch (1) Enabling DHCP snooping Points to note Enable DHCP snooping on the entire Switch and configure the following:  Set the VLANs on which DHCP snooping is to be enabled. ...
Page 444 23 DHCP Snooping (2) Setting a trusted port Points to note Set the interface that uses the port to which a DHCP server is connected (port to which the Layer 3 switch is connected in the figure of configuration example) as a trusted port.
Page 445: When Connecting A Dhcp Relay Agent To The Switch
23 DHCP Snooping Figure 23-13 Configuration example when connecting terminals with a fixed IP address You can configure DHCP snooping as described in 23.2.3 Basic configuration (when DHCP snooping is performed via a Layer 3 switch). In the example here, the terminal with a fixed IP address is connected to an untrusted port, and must therefore be registered in the binding database.
Page 446 23 DHCP Snooping Figure 23-14 Example configuration when a DHCP relay agent is connected under the Switch You can configure DHCP snooping as described in 23.2.3 Basic configuration (when DHCP snooping is performed via a Layer 3 switch). In this example, because the DHCP relay agent sends DHCP packets with Option 82, you need to set the Switch so that it permits forwarding of the packets with Option 82 on untrusted ports to which the DHCP relay agent is connected.
Page 447: Setting The Rate Of Dhcp Packet Reception
23 DHCP Snooping Notes If this is not set, the DHCP relay agent cannot be connected to an untrusted port because the source MAC address is checked. (3) Setting the binding database for which forwarding of ARP packets is to be permitted on untrusted ports Points to note To forward ARP packets sent from a DHCP relay agent connected to an untrusted...
Page 448 23 DHCP Snooping inspection) Points to note Of the VLANs for which DHCP snooping is enabled, set the VLAN IDs of the VLANs to be used for dynamic ARP inspection. ARP packets received in the specified VLANs are subject to the basic inspection. Command examples (config)# ip arp inspection vlan 2 Sets VLAN ID 2 as a VLAN subject to dynamic ARP inspection.
Page 449: Setting How To Save The Binding Database
Before you set a memory card as the save location, make sure a card is already inserted in the memory card slot on the Switch. In addition, use memory cards manufactured by ALAXALA (AX-F2430-SD128). (2) Setting the wait-to-write time Points to note The following example sets the wait-to-write time used when a binding database is saved.
Page 450 23 DHCP Snooping next save event.
Page 451: Dhcp Snooping Operation
23 DHCP Snooping 23.3 DHCP snooping operation 23.3.1 List of operation commands The following table describes the operation commands for DHCP snooping. Table 23-7 List of operation commands Command name Description show ip arp inspection statistics Displays the dynamic ARP inspection statistics. clear ip arp inspection statistics Clears the dynamic ARP inspection statistics.
Page 452: Checking Dynamic Arp Inspection
23 DHCP Snooping The following figure shows the results of executing the show ip dhcp snooping binding operation command. Figure 23-16 Result of executing show ip dhcp snooping binding > show ip dhcp snooping binding Date 2008/11/13 13:09:31 UTC Agent URL: flash Last succeeded time: 2008/11/13 13:07:34 UTC Total Bindings: 14 MAC Address...
Page 453 23 DHCP Snooping Port VLAN Forwarded Dropped ( Rate over DB unmatch Invalid ) 15 ( 883 ( ChGr2 53 (...
Page 454 23 DHCP Snooping...
Page 455: Description Of Igmp Snooping And Mld Snooping
Description of IGMP Snooping and MLD Snooping IGMP snooping and MLD snooping are functionality that control multicast traffic within a VLAN for Layer 2 switching. This chapter explains IGMP snooping and MLD snooping. 24.1 Overview of IGMP snooping and MLD snooping 24.2 Functionality supported for IGMP snooping and MLD snooping 24.3 IGMP Snooping 24.4 MLD Snooping...
Page 456: Overview Of Igmp Snooping And Mld Snooping
24 Description of IGMP Snooping and MLD Snooping 24.1 Overview of IGMP snooping and MLD snooping This section gives an overview of multicast, IGMP snooping, and MLD snooping. 24.1.1 Overview of multicast When the same information is sent by unicast to multiple recipients, the load increases for both the sender and the network because the sender replicates and sends data for each recipient.
Page 457 24 Description of IGMP Snooping and MLD Snooping multicast is used on a network to which a Layer 2 switch is connected, unnecessary multicast traffic might be sent to ports that have no multicast traffic recipients. IGMP snooping and MLD snooping monitor IGMP or MLD messages and forward multicast traffic to ports to which recipients are connected.
Page 458: Functionality Supported For Igmp Snooping And Mld Snooping
24 Description of IGMP Snooping and MLD Snooping 24.2 Functionality supported for IGMP snooping and MLD snooping The following table lists the IGMP snooping and MLD snooping functionality supported by the Switch. Table 24-2 Supported functions Item Support Remarks Interface type Full Ethernet support Only Ethernet V2 frame formats Supported IGMP version...
Page 459: Igmp Snooping
24 Description of IGMP Snooping and MLD Snooping 24.3 IGMP Snooping The following explains IGMP snooping functionality and its operation. The format and timers for IGMP messages sent and received by the Switch conform to RFC 2236. When IGMP snooping is used, the MAC address control method is used to control forwarding for multicast traffic.
Page 460: Connections With Multicast Routers
24 Description of IGMP Snooping and MLD Snooping is received from any port, the entry itself is deleted. If the Switch does not receive an IGMP Report (membership request) message within 260 seconds, it deletes the corresponding entries. (2) Layer 2 forwarding for IPv4 multicast packet Layer 2 forwarding within VLANs receiving IPv4 multicast packets is performed based on MAC address.
Page 461 24 Description of IGMP Snooping and MLD Snooping monitored because no response is received from recipient hosts. This functionality enables the IGMP snooping functionality even when no multicast routers exist in the VLAN. The Switch sends an IGMP Query message every 125 seconds. In order to use the IGMP querier functionality, an IP address must be set for VLANs using the IGMP snooping functionality.
Page 462: Mld Snooping
24 Description of IGMP Snooping and MLD Snooping 24.4 MLD Snooping The following explains MLD snooping functionality and its operation. The format and established values for MLD messages sent and received by the Switch conform to RFC 2710. Also, the format and set values for MLD version 2 (abbreviated hereafter to MLDv2) messages conform to RFC 3810.
Page 463: Connections With Multicast Routers
24 Description of IGMP Snooping and MLD Snooping representative querier otherwise). If there is no response, only that port is deleted from the entries (forwarding of multicast traffic to this port is suppressed). If no group members are left in all ports in the VLAN, the entry itself is deleted. However, when an MLDv2 Report message whose multicast address record type is BLOCK_OLD_SOURCES is received, Group-Specific Query messages are sent and entry deletion processing is performed only when a querier has been set for the...
Page 464: Mld Querier Functionality
24 Description of IGMP Snooping and MLD Snooping Table 24-5 Operation for each MLDv2 message MLDv2 message type Transfer port within the VLAN Rema Version2 Multicast Listener Query Forwarded to all ports. Version2 Membership Request Forwarded only to multicast router ports. Report Multicast Listener Report...
Page 465: Notes On Igmp Snooping And Mld Snooping Usage
24 Description of IGMP Snooping and MLD Snooping 24.5 Notes on IGMP snooping and MLD snooping usage (1) Notes on use with other functionality For details, see 15.3 Compatibility between Layer 2 switch functionality and other functionality. (2) Control packet flooding Because multicast traffic that is subject to suppression by IGMP snooping or MLD snooping is data traffic, flooding needs to be performed within a VLAN so that the routing protocol and other control packets can be received by all routers and all hosts.
Page 466 24 Description of IGMP Snooping and MLD Snooping Protocol Multicast group address 230.0.0.0/24 230.128.0.0/24 231.0.0.0/24 231.128.0.0/24 232.0.0.0/24 232.128.0.0/24 233.0.0.0/24 233.128.0.0/24 234.0.0.0/24 234.128.0.0/24 235.0.0.0/24 235.128.0.0/24 236.0.0.0/24 236.128.0.0/24 237.0.0.0/24 237.128.0.0/24 238.0.0.0/24 238.128.0.0/24 239.0.0.0/24 239.128.0.0/24 When addresses shown in the above table are used for multicast group addresses, multicast data bound for corresponding multicast group addresses will be forwarded to all ports in the VLAN.
Page 467 24 Description of IGMP Snooping and MLD Snooping with the router might change due to topology changes by a Spanning Tree Protocol, a multicast router port must be set for all ports that might connect with the router. (b) Connections between Layer 2 switches On VLANs that contain only multiple Layer 2 switches, a multicast router port must be set for ports connecting to Layer 2 switches handling multicast traffic transmission hosts.
Page 468 24 Description of IGMP Snooping and MLD Snooping...
Page 469: Settings And Operation For Igmp Snooping And Mld Snooping
Settings and Operation for IGMP Snooping and MLD Snooping IGMP snooping and MLD snooping are functions that use Layer 2 to control multicast traffic within a VLAN. This chapter explains how to set and use IGMP snooping and MLD snooping. 25.1 Configuration of IGMP snooping 25.2 IGMP snooping operation 25.3 Configuration of MLD snooping...
Page 470: Configuration Of Igmp Snooping
25 Settings and Operation for IGMP Snooping and MLD Snooping 25.1 Configuration of IGMP snooping 25.1.1 List of configuration commands The following table describes the commands used to configure IGMP snooping. Table 25-1 List of configuration commands Command name Description no ip igmp ip igmp snooping (global) Suppresses IGMP snooping for the Switch when...
Page 471 25 Settings and Operation for IGMP Snooping and MLD Snooping specify the settings below for the VLAN interface configuration mode of the corresponding VLAN. The following shows an example where the multicast router is connected to the Ethernet interface on port 0/1 within the target VLAN. Command examples (config)# interface vlan 2 (config-if)# ip igmp snooping mrouter interface fastethernet 0/1...
Page 472: Igmp Snooping Operation
25 Settings and Operation for IGMP Snooping and MLD Snooping 25.2 IGMP snooping operation 25.2.1 List of operation commands The following table describes the operation commands for IGMP snooping. Table 25-2 List of operation commands Command name Description show igmp-snooping Displays IGMP snooping information.
Page 473 25 Settings and Operation for IGMP Snooping and MLD Snooping Date 2008/11/14 15:59:41 UTC Total Groups: 15 VLAN counts: 3 VLAN 3253 Group counts: 5 Group Address MAC Address 230.0.0.11 0100.5e00.000b Port-list: 0/13 230.0.0.10 0100.5e00.000a Port-list: 0/13 230.0.0.14 0100.5e00.000e Port-list: 0/13 230.0.0.13 0100.5e00.000d Port-list: 0/13...
Page 474: Configuration Of Mld Snooping
25 Settings and Operation for IGMP Snooping and MLD Snooping 25.3 Configuration of MLD snooping 25.3.1 List of configuration commands The following table describes the commands used to configure MLD snooping. Table 25-3 List of configuration commands Command name Description no ipv6 mld ipv6 mld snooping (global) Suppresses MLD snooping for the Switch when...
Page 475: Configuring Multicast Router Ports
25 Settings and Operation for IGMP Snooping and MLD Snooping 25.3.4 Configuring multicast router ports Points to note When a multicast router is connected within a VLAN for which MLD snooping is set, specify the settings below for the VLAN interface configuration mode of the corresponding VLAN.
Page 476: Mld Snooping Operation
25 Settings and Operation for IGMP Snooping and MLD Snooping 25.4 MLD snooping operation 25.4.1 List of operation commands The following table describes the operation commands for MLD snooping. Table 25-4 List of operation commands Command name Description show mld-snooping Displays MLD snooping information.
Page 477 25 Settings and Operation for IGMP Snooping and MLD Snooping list of forwarding destination ports. Figure 25-5 Results of executing the show mld-snooping group command > show mld-snooping group Date 2008/11/14 17:22:05 UTC Total Groups: 3 VLAN counts: 3 VLAN 3001 Group counts: 1 Group Address MAC Address Version...
Page 478 25 Settings and Operation for IGMP Snooping and MLD Snooping...
Page 479: Part 5: Ip Interfaces
Part 5: IP Interfaces IPv4 Interfaces This chapter describes IPv4 interfaces and explains how to use them. 26.1 Description 26.2 Configuration 26.3 Operation...
Page 480: Description
26 IPv4 Interfaces 26.1 Description You can set IPv4 addresses for VLANs so that the Switch can use SNMP, Telnet, and FTP communications for management use. To allow the Switch to communicate to other subnets, static routes must be configured for the subnets. Also, the Switch detects duplication of IPv4 addresses set for VLAN interfaces.
Page 481: Configuration
26 IPv4 Interfaces 26.2 Configuration 26.2.1 List of configuration commands The following table shows the configuration commands used to configure IPv4 interfaces. Table 26-2 List of configuration commands Command name Description ip address Specifies an IPv4 address for an interface. ip route Specifies IPv4 static routes.
Page 482: Operation
26 IPv4 Interfaces 26.3 Operation 26.3.1 List of operation commands The following table shows the operation commands related to the IPv4 interface. Table 26-3 List of operation commands Command name Description show ip interface Displays the status of IPv4 interfaces. show ip arp Displays the information in the ARP entries.
Page 483: Checking The Route To The Destination
26 IPv4 Interfaces Figure 26-3 Results of executing the ping command (when the destination is unreachable) > ping 192.168.0.1 Pinging 192.168.0.1 with 46 bytes of data Request Timeout Request Timeout Request Timeout Request Timeout --- 192.168.0.1 Ping Statistics --- Packets: sent 4, received 0, lost 4 (100.% loss) >...
Page 484 26 IPv4 Interfaces 192.168.4.0/24 192.168.4.10 VLAN4094 Connected 192.168.5.0/24 192.168.5.10 VLAN3005 Connected 192.168.54.0/24 192.168.54.100 VLAN3254 Connected 192.168.55.0/24 192.168.55.100 VLAN3255 Connected >...
Page 485: Appendix
Appendix A. Relevant standards...
Page 486: Relevant Standards
A. Relevant standards A. Relevant standards A.1 TELNET/FTP Table A-1 Relevant standards and recommendations for TELNET/FTP Name (month and year Title issued) RFC 854 (May 1983) TELNET PROTOCOL SPECIFICATION RFC 855 (May 1983) TELNET OPTION SPECIFICATIONS RFC 959 (October 1985) FILE TRANSFER PROTOCOL (FTP) A.2 RADIUS Table A-2 Relevant standard and recommendation for RADIUS...
Page 487: Link Aggregation
A. Relevant standards Type Standards Model name IEEE802.3af Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer IEEE802.3at/D3.1 Specifications Amendment: Data Terminal Equipment (DTE)Power via Media Dependent Interface (MDI). A.5 Link aggregation Table A-5 Relevant standard for link aggregation Standards Model name IEEE802.3ad...
Page 488: Igmp Snooping And Mld Snooping
A. Relevant standards A.8 IGMP snooping and MLD snooping Table A-8 Relevant standards and recommendation for IGMP snooping and MLD snooping Name (month and year issued) Title draft-ietf-magma-snoop-12.txt IGMP and MLD snooping switches (August 2005) A.9 IPv4 interface Table A-9 Relevant standards and recommendations for IP version 4 Name (month and year Title issued)
Page 489: Index
checking the switch status, 110 Index checking the time, 105 checking the up/down state of an IPv4 interface, checking VLAN extended functionality, 292 abbreviated-command execution, 51 checking VLAN status, 281 access ports and trunk ports, 261 clearing the MAC address table, 243 adding, changing, and deleting configuration command input mode, 48 entries, 69...
Page 490 Index mode, 304 [AX1240S], 134 configuration of the standby link functionality, creating protocol VLANs, 267 configuration operations, 72 configuration procedure for DHCP snooping, deleting a channel group, 224 description of common Spanning Tree configures an interface., 459 functionality, 339 configuring description of Fastethernet [AX1250S] L2 protocol frame transparency functionality, [AX1240S], 166...
Page 491 Index limiting the rate of DHCP packet reception, 411 line and module capacities, 20 Entry-error detection functionality, 51 link aggregation, 215, 465 error locations and recovery processing, 121 link aggregation configuration, 216 Ethernet, 153, 464 linkage with the Layer 2 authentication configurations common to all interfaces, 159 functionality, 272 information common to all interfaces, 154...
Page 492 Index notes on regarding port VLAN usage, 261 permitting login from a remote operation notes on Ring Protocol usage, 382 terminal, 83 notes on Single Spanning Tree usage, 317 physical interfaces, 154 notes on updating the software, 151 port allocation for sending frames, 217 notes on using DHCP snooping, 417 port power saving, 132 notes on using link aggregation, 217...
Page 493 Index [AX1240S], 160 starting configuration editing (configure setting Ethernet interface ports [AX2200S], 160 command and configure terminal command), setting forwarding of tagged frames on a MAC port, 278 starting the switch, 43 setting how to save the binding database, 427 STP compatibility mode, 301 setting login security, 82 supported functionality, 124...

This manual is also suitable for:

Ax1250s series Ax1240s series

Alaxala AX2200S Series Configuration Manual

Part 1: Overview and Capacity Limits of the Switch

1 Overview of the Switch

2 Switch Configuration

3 Capacity Limit

Part 2: Operation Management

4 Login Procedures

5 Command Operations

6 Configuration

7 Remote Login

8 Login Security and RADIUS

9 Time Settings and NTP

10 Device Management

11 Power Saving Functionality

12 Software Management

Part 3: Network Interfaces

13 Ethernet

14 Link Aggregation

Part 4: Layer 2 Switching

15 Layer 2 Switching Overview

16 MAC Address Learning

17 Vlans

18 Extended VLAN Functionality

Quick Links

Related Manuals for Alaxala AX2200S Series

Summary of Contents for Alaxala AX2200S Series