background image

Communication Between VLANs

87

Creating New VLANs

88

VLANs: Tagged and Untagged Membership

88

VLAN Configuration Examples

89

Using Untagged Connections

89

Using 802.1Q Tagged Connections

90

9

U

SING

 W

EBCACHE

 S

UPPORT

What is Webcache Support?

93

Benefits of Webcache Support

93

How Webcache Support Works

94

Cache Health Checks

95

Webcache Support Example

96

Important Considerations

97

10

U

SING

 A

UTOMATIC

 IP C

ONFIGURATION

How Your Switch Obtains IP Information

100

How Automatic IP Configuration Works

100

Automatic Process

101

Important Considerations

102

Server Support

102

Event Log Entries and Traps

102

11

M

AKING

 Y

OUR

 N

ETWORK

 S

ECURE

Port Security

104

What is Network Login?

105

How Network Login Works

106

Important Considerations

107

What is Disconnect Unauthorized Device (DUD)?

107

How DUD Works

107

What is Switch Management Login?

108

Benefits of RADIUS Authentication

109

How RADIUS Authentication Works

109

Important Considerations

111

What is RADIUS?

112

Summary of Contents for 3C17203 - SuperStack 3 Switch 4400

Page 1: ...http www 3com com Part No DUA1720 3BAA04 Published January 2003 SuperStack 3 Switch Implementation Guide Generic guide for units in the SuperStack 3 Switch 4400 Series 3C17203 3C17204 3C17205 3C17206 ...

Page 2: ...ny portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo and SuperStack are registered trademarks of 3Com Corporation Intel and Pentium are registered t...

Page 3: ... Automatic IP Configuration 17 Port Security 17 Power Management 18 Aggregated Links 18 Auto negotiation 18 Multicast Filtering 19 Resilient Links 20 Spanning Tree Protocol and Rapid Spanning Tree Protocol 20 Switch Database 21 Traffic Prioritization 21 Roving Analysis 21 RMON 22 Webcache Support 22 Broadcast Storm Control 22 VLANs 22 Configuration Save and Restore 23 2 OPTIMIZING BANDWIDTH Port F...

Page 4: ...Your Switch 41 IGMP Multicast Filtering 42 4 USING RESILIENCE FEATURES Resilience Feature Overview 46 What are Resilient Links 46 Spanning Tree Protocol STP 47 Rapid Spanning Tree Protocol RSTP 48 What is STP 48 How STP Works 50 STP Requirements 50 STP Calculation 51 STP Configuration 52 STP Reconfiguration 52 How RSTP Differs to STP 52 STP Example 52 STP Configurations 54 Default Behavior 56 RSTP...

Page 5: ...uring Traffic Prioritization 72 Important QoS Considerations 72 Default QoS Configurations 74 Example QoS Configurations 75 Other Configuration Examples and Guidelines 76 7 STATUS MONITORING AND STATISTICS Roving Analysis Port 77 Roving Analysis and Your Switch 77 RMON 78 What is RMON 78 The RMON Groups 78 Benefits of RMON 79 RMON and the Switch 80 Alarm Events 81 The Default Alarm Settings 81 The...

Page 6: ...s 97 10 USING AUTOMATIC IP CONFIGURATION How Your Switch Obtains IP Information 100 How Automatic IP Configuration Works 100 Automatic Process 101 Important Considerations 102 Server Support 102 Event Log Entries and Traps 102 11 MAKING YOUR NETWORK SECURE Port Security 104 What is Network Login 105 How Network Login Works 106 Important Considerations 107 What is Disconnect Unauthorized Device DUD...

Page 7: ...ion Rules for Gigabit Ethernet 123 Configuration Rules for Fast Ethernet 124 Configuration Rules with Full Duplex 125 B NETWORK CONFIGURATION EXAMPLES Simple Network Configuration Examples 128 Segmentation Switch Example 128 Collapsed Backbone Switch Example 129 Desktop Switch Example 130 Advanced Network Configuration Examples 131 Improving the Resilience of Your Network 131 Enhancing the Perform...

Page 8: ...GLOSSARY INDEX ...

Page 9: ...ng knowledge of local area network LAN operations and familiarity with communication protocols that are used to interconnect LANs For detailed descriptions of the Web interface operations and the Command Line Interface CLI commands that you require to manage the Switch please refer to the Management Interface Reference Guide supplied in HTML format on the CD ROM that accompanies your Switch or on ...

Page 10: ...ample To change your password use the following syntax system password password In this example you must supply a password for password Commands The word command means that you must enter the command exactly as shown and then press Return or Enter Commands appear in bold Example To display port information enter the following command bridge port detail The words enter and type When you see the wor...

Page 11: ...erStack 3 Switch Management Quick Reference Guide This guide contains a list of the features supported by the Switch a summary of the Web interface and Command Line Interface commands for the Switch Release Notes These notes provide information about the current software release including new features modifications and known problems There are other publications you may find useful such as Documen...

Page 12: ...entation Guide Part number DUA1720 3BAA04 Page 25 Please note that we can only respond to comments and questions about 3Com product documentation at this e mail address Questions related to technical support or sales should be directed in the first instance to your network supplier Product Registration You can now register your SuperStack 3 Switch on the 3Com Web site http www 3com com register ...

Page 13: ...Using Resilience Features Chapter 5 Using the Switch Database Chapter 6 Using Traffic Prioritization Chapter 7 Status Monitoring and Statistics Chapter 8 Setting Up Virtual LANs Chapter 9 Using Webcache Support Chapter 10 Using Automatic IP Configuration Chapter 11 Making Your Network Secure Chapter 12 Power Management and Control ...

Page 14: ...14 ...

Page 15: ...red by the Switch and to change and monitor the way it works you have to access the management software that resides on the Switch This is known as managing the Switch Managing the Switch can help you to improve its efficiency and therefore the overall performance of your network There are several different methods of accessing the management software to manage the Switch These methods are explain...

Page 16: ...an encrypted License Key that you must register on the 3Com Web site 2 Visit the following URL on the 3Com Web site http www 3com com register 3 Select Switches 4 Select Switch 4400 SE Enhanced Software Upgrade 5 Enter the Serial Number of your SuperStack 3 Switch 4400 SE unit The Serial Number can be found on the underside of the unit 6 Enter the License Key of the Enhanced Software Upgrade The L...

Page 17: ...wing URL http www 3com com register Switch Features Explained The management software provides you with the capability to change the default state of some of the Switch features This section provides a brief overview of these features their applications are explained in more detail later in this guide For a list of the features supported by your Switch please refer to the Management Quick Referenc...

Page 18: ...reased As the power is supplied over the Ethernet cable it can be backed up by redundant and uninterruptible power supplies Power Management is only available on the Switch 4400 PWR 3C17205 For more information about power management see Chapter 12 Power Management and Control Aggregated Links Aggregated links are connections that allow devices to communicate using up to four links in parallel Agg...

Page 19: ... mode and is implemented using the IEEE Std 802 3 2002 incorporating 802 3x on ports operating in full duplex mode Smart Auto sensing Smart auto sensing allows auto negotiating multi speed ports such as 10 100 Mbps or 100 1000 Mbps to monitor and detect high error rates or problems in the physical interconnection to another port The port reacts accordingly by tuning the link from its higher speed ...

Page 20: ...ore information about resilient links see Chapter 4 Using Resilience Features Spanning Tree Protocol and Rapid Spanning Tree Protocol Spanning Tree Protocol STP and Rapid Spanning Tree Protocol RSTP are bridge based systems that make your network more resilient to link failure and also provide protection from network loops one of the major causes of broadcast storms STP allows you to implement alt...

Page 21: ...t passes through the Switch for example prioritized or discarded Being able to define exactly how you want your Switch to treat selected applications devices users and types of traffic allows you to have more control over your network For more information about traffic prioritization see Chapter 6 Using Traffic Prioritization Roving Analysis Roving analysis is a system that allows you to attach a ...

Page 22: ...eb pages stored locally on the Webcache this allows your network to operate more efficiently and reduces WAN network traffic To make Webcache support available on the SuperStack 3 Switch 4400 SE upgrade the product to the Switch 4400 SE Enhanced Software Upgrade 3C17207 For more information about Webcache Support see Chapter 9 Using Webcache Support Broadcast Storm Control Broadcast Storm Control ...

Page 23: ...this information if you wish before restoring the configuration If the Switch is part of a stack it is the configuration of the stack that is saved and restored You cannot restore the configuration of a single unit in the stack from the saved file you must restore the configuration of the entire stack You must have either the manager or security management access level to be able to save and resto...

Page 24: ...otocol enabled Parameters such as VLANs and Fast Start may be set up as required Other combinations of port settings however are not recommended as Configuration Restore will only perform a best effort restore of the configuration For example LACP automatic aggregations with manually defined ports are restored as manual aggregations with manual ports LACP automatic aggregations with automatic port...

Page 25: ...ration Restore has been completed For detailed descriptions of the Configuration Save and Restore Web interface operations and Command Line Interface CLI commands please refer to the Management Interface Reference Guide supplied in HTML format on the CD ROM that accompanies your Switch ...

Page 26: ...26 CHAPTER 1 SWITCH FEATURES OVERVIEW ...

Page 27: ... Features The default state for all the features detailed below provides the best configuration for most users In normal operation you do not need to alter the Switch from its default state However under certain conditions you may wish to alter the default state of these ports for example if you are connecting to old equipment that does not comply with the IEEE 802 3x standard Duplex Full duplex a...

Page 28: ...ly determine the best port speed duplex mode only at 10 Mbps and 100 Mbps and flow control When auto negotiation is enabled default a port advertises its maximum capabilities these capabilities are by default the parameters that provide the highest performance supported by the port You can modify the capabilities that a port advertises on a per port basis dependant on the type of port You can disa...

Page 29: ...n to the network An SNMP Trap is sent every time a port is down rated to a lower speed Conditions that affect smart auto sensing Smart auto sensing will not operate on links that do not support auto negotiation or on links where one end is at a fixed speed The link will reset to the higher speed of operation when the link is lost or the unit is power cycled Smart auto sensing can only be configure...

Page 30: ...edundancy between two devices switch to switch or switch to server that have full duplex connections operating at the same speed By default LACP is disabled on all Switch ports If LACP is enabled on all Switch ports this means that your Switch will detect if there is more than one connection to another device and will automatically create an aggregated link consisting of those links If a member li...

Page 31: ... and managed via network management Implementing 802 3ad Aggregated Links LACP can be enabled or disabled on a per port basis You can implement 802 3ad aggregated links in three ways Manual Aggregations You can manually add and remove ports to and from an aggregated link via Web or CLI commands However if a port has LACP enabled and if a more appropriate or correct automatic membership is detected...

Page 32: ...If LACP detects at least two active ports sharing the same partner device and if no matching pre configured aggregated links exist LACP will automatically assign a free un configured aggregated link to form an aggregated link with the partner device The aggregated link will inherit its configuration from the first port originally detected against the partner device If you have an existing single p...

Page 33: ...only supports a maximum of four active ports in any individual aggregation Any extra ports will remain in a standby state and may become active if one of the four active ports fails If multiple links are connected between a unit and more than four other devices as shown in Figure 4 only four of the devices will be assigned to aggregated links The remaining devices will each only have one link made...

Page 34: ...sted pair ports within the same aggregated link The member link ports can have different port configurations within the same aggregated link that is auto negotiation port speed and duplex mode However please note the following To be an active participant in an aggregated link the member link ports must operate in full duplex mode If a member link port does not operate in full duplex mode it can st...

Page 35: ...aggregated link configuration To make this configuration work you need to have two aggregated links defined on Switch A one containing the member links for Switch B and the other containing those for Switch C Alternatively if Switches B and C are for example stacked Switch 4400 Series units and their member link ports defined as part of the same aggregated link as shown in Figure 6 the configurati...

Page 36: ...configure the aggregated link at both ends before physically connecting the ports can result in a number of serious network issues such as lost packets and network loops Traffic Distribution and Link Failure on Aggregated Links To maximize throughput all traffic is distributed across the individual links that make up an aggregated link Therefore when a packet is made available for transmission dow...

Page 37: ...regated link between two Switch units To manually set up this configuration 1 Prepare ports 2 4 6 and 8 on the upper Switch for aggregated links To do this a Check that the ports have an identical configuration using your preferred management interface b Add the ports 2 4 6 and 8 on the specified unit to the aggregated link 2 Prepare ports 2 4 6 and 8 on the lower Switch for aggregated links To do...

Page 38: ... on the upper Switch to port 2 on the lower Switch 4 Connect port 4 on the upper Switch to port 4 on the lower Switch 5 Connect port 6 on the upper Switch to port 6 on the lower Switch 6 Connect port 8 on the upper Switch to port 8 on the lower Switch ...

Page 39: ...t A multicast is a packet that is intended for one to many and many to many communication Users explicitly request to participate in the communication by joining an endstation to a specific multicast group If the network is set up correctly a multicast can only be sent to an endstation or a subset of endstations in a LAN or VLAN that belong to the relevant multicast group Multicast group members c...

Page 40: ...ice QoS There are situations where a multicast approach is more logical and efficient than a unicast approach Application examples include distance learning transmitting stock quotes to brokers and collaborative computing A typical use of multicasts is in video conferencing where high volumes of traffic need to be sent to several endstations simultaneously but where broadcasting that traffic to al...

Page 41: ... that wish to join a multicast group and then sets its filters accordingly Query Mode Query mode allows the Switch to function as the Querier if it has the lowest IP address in the subnetwork to which it belongs IGMP querying is disabled by default on the Switch 4400 This helps prevent interoperability issues with core products that may not follow the lowest IP address election method You can enab...

Page 42: ... has more than one IP router then the one with the lowest IP address becomes the querier The Switch can be the IGMP querier and will become so if its own IP address is lower than that of any other IGMP queriers connected to the LAN or VLAN However as the Switch only has an IP address on its default VLAN the Switch will only ever query on the default VLAN VLAN1 Therefore if there are no other queri...

Page 43: ...abling IGMP multicast learning please refer to the Management Interface Reference Guide supplied on your Switch CD ROM If IGMP multicast learning is not enabled then IP multicast traffic is always forwarded that is it floods the network For information about configuring IGMP functionality on an endstation refer to the user documentation supplied with your endstation or the endstation s Network Int...

Page 44: ...44 CHAPTER 3 USING MULTICAST FILTERING ...

Page 45: ...t provide resilience for your network It covers the following topics Resilient Links Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP an enhanced version of the STP feature For detailed descriptions of the Web interface operations and the Command Line Interface CLI commands that you require to manage the Switch please refer to the Management Interface Reference Guide supplied in HTML f...

Page 46: ...f those links fail A resilient link is comprised of a resilient link pair containing a main link and a standby link If the main link fails the standby link quickly and automatically takes over the task of the main link and becomes the active link The resilient link pair is defined by specifying a main port and a standby port at one end of the link During normal operation the main port is enabled a...

Page 47: ...have security enabled Neither of the ports have network login enabled Neither of the ports are part of an aggregated link Neither of the ports belong to another resilient link pair The port state of ports in a resilient link pair cannot be manually changed Spanning Tree Protocol STP The Spanning Tree Protocol STP makes your network more resilient to link failure and also provides a protection from...

Page 48: ...conds RSTP or STP will detect any misconfiguration that may cause a temporary loop and react accordingly If you have Fast Start disabled on a port the Switch will wait for 30 seconds before RSTP or STP lets the port forward traffic Easy deployment throughout a legacy network through backward compatibility it will default to sending 802 1D style BPDU s on a port if it receives packets of this forma...

Page 49: ... creates loops that cause the network to overload Figure 9 A network configuration that creates loops Figure 10 shows the result of enabling STP on the bridges in the configuration STP detects the duplicate paths and prevents or blocks one of them from forwarding traffic so this configuration will work satisfactorily STP has determined that traffic from LAN segment 2 to LAN segment 1 can only flow...

Page 50: ...TP re evaluated the situation and opened the path through Bridge B How STP Works When enabled STP determines the most appropriate path for traffic through a network It does this as outlined in the sections below STP Requirements Before it can configure the network the STP system requires Communication between all the bridges This communication is carried out using Bridge Protocol Data Units BPDUs ...

Page 51: ...st Note that the Root Bridge does not have a Root Port The identity of the bridge that is to be the Designated Bridge of each LAN segment The Designated Bridge is the one that has the lowest Root Path Cost from that segment Note that if several bridges have the same Root Path Cost the one with the lowest Bridge Identifier becomes the Designated Bridge Port Speed Link Type Path Cost 802 1D 1998 Edi...

Page 52: ... SNMP trap destination when the topology of your network changes the first bridge to detect the change sends out an SNMP trap CAUTION Network loops can occur if aggregated links are manually configured incorrectly that is the physical connections do not match the assignment of ports to an aggregated link RSTP and STP may not detect these loops So that RSTP and STP can detect all network loops you ...

Page 53: ...selected as the Designated Bridge Port for LAN Segment 1 Port 1 of Bridges B C X and Y have been defined as Root Ports because they are the nearest to the Root Bridge and therefore have the most efficient path Bridges B and X offer the same Root Path Cost for LAN segment 2 however Bridge B has been selected as the Designated Bridge for the segment because it has a lower Bridge Identifier Port 2 on...

Page 54: ...es both have STP enabled and are connected by two links STP discovers a duplicate path and blocks one of the links If the enabled link breaks the disabled link becomes re enabled therefore maintaining connectivity Configuration 2 Redundancy through Meshed Backbone In this configuration four Switch units are connected in a way that creates multiple paths between each one STP discovers the duplicate...

Page 55: ...How STP Works 55 Figure 13 STP configurations ...

Page 56: ...version 2 0 default settings including RSTP enabled If you connect a new Switch with version 2 0 already loaded to a stack of upgraded units all the upgraded units will assume the default settings of the new Switch that is they will have RSTP enabled by default Fast Start Default Behavior When using the Fast Start feature on version 2 0 or later software note the following A Switch with version 2 ...

Page 57: ...ted using the 802 1Q tagged link between Switch B and Switch C By default this link has a path cost of 100 and is automatically blocked because the other Switch to Switch connections have a path cost of 36 18 18 This means that both VLANs are now subdivided VLAN 1 on Switch units A and B cannot communicate with VLAN 1 on Switch C and VLAN 2 on Switch units A and C cannot communicate with VLAN 2 on...

Page 58: ...58 CHAPTER 4 USING RESILIENCE FEATURES ...

Page 59: ...g Started Guide that accompanies your Switch For detailed descriptions of the Web interface operations and the Command Line Interface CLI commands that you require to manage the Switch please refer to the Management Interface Reference Guide supplied in HTML format on the CD ROM that accompanies your Switch How Switch Database Entries Get Added Entries are added to the Switch Database in one of tw...

Page 60: ...tion is removed from the network its entry is also removed from the database Learned entries are removed from the Switch Database if the Switch is reset or powered down Non aging learned If the aging time is set to 0 seconds all learned entries in the Switch Database become non aging learned entries This means that they are not aged out but they are still removed from the database if the Switch is...

Page 61: ...applications devices users and types of traffic allows you to have more control over your network There are two different categories of rules Application based rules describe how to deal with traffic for a specific application for example Netmeeting or Lotus Notes Device based rules describe how to deal with traffic that flows to and from specific devices for example servers or server farms This c...

Page 62: ...te for the same bandwidth a network can quickly become overloaded resulting in slow response times long latency and application time outs Traffic prioritization is a mechanism that allows you to prioritize data so that time sensitive and system critical data can be transferred smoothly and with minimal delay over a network The benefits of using traffic prioritization are You can control a wide var...

Page 63: ...its priority level for onward transmission across the network or The level of service configured at the Switch for incoming traffic the network administrator configures the Switch to prioritize or discard traffic from applications or devices For example converged network applications such as voice or video conferencing or business critical software such as Oracle may require a high level of servic...

Page 64: ...raffic The Switch employs several methods of classifying identifying traffic These can be based on any combination of fields in the first 64 bytes of the packet and at different levels of the OSI 7 layer model as shown in Table 5 Table 5 Attributes on which incoming traffic can be classified identified OSI Layer and Protocols Summary of Protocols Layer 2 IEEE 802 1D priority EtherType Chatty proto...

Page 65: ... follows the destination MAC address and Source MAC address The IEEE Std 802 1D 1998 Edition priority marking scheme assigns each frame with an IEEE 802 1p priority level between 0 and 7 which determines the level of service that type of traffic should receive Refer to Table 6 for an example of how different traffic types can be mapped to the eight IEEE 802 1p priority levels Table 6 IEEE recommen...

Page 66: ...tiated Services DiffServ Traffic Marking DiffServ is a Layer 3 marking scheme that uses the DiffServ Code Point DSCP field in the IP header to store the packet priority information DSCP is an advanced intelligent method of traffic marking because you can choose how your network prioritizes different types of traffic DSCP uses 64 values that map to user defined service levels allowing you to establ...

Page 67: ...the rules set up by the network administrator Basic Traffic Prioritization Incoming traffic is classified based upon the IEEE 802 1D frame and is assigned to the appropriate priority queue based upon the IEEE 802 1p service level value defined in that packet Service level markings values are defined in the IEEE 802 1Q 4 byte tag and therefore traffic will only contain 802 1p priority markings if t...

Page 68: ...to traffic queue in the Switch is proprietary and is slightly different to the recommended IEEE mapping Figure 15 IEEE 802 1p priority levels and recommended IEEE 802 1D traffic types The number of queues and their mappings to the 8 levels is proprietary and can even vary between Switches from the same vendor You cannot alter the mapping between the IEEE 802 1p priorities and the traffic queues Th...

Page 69: ...f the current applications for example Microsoft Word Lotus Notes and NetMeeting are not QoS aware and do not apply a service level to the traffic that they send Being an intelligent Switch your Switch can use its own rules to classify and mark the traffic If the incoming traffic has pre defined service level markings however the advanced traffic prioritization of your Switch allows you to modify ...

Page 70: ...ket 4 Remarking the 802 1p tag DSCP field or dropping the packet are optional and have to be configured by the network administrator 5 It is the priority associated with the packet that is used to direct it to the appropriate queue This is determined as follows If the packet matches a classifier with a configured service level specifying that the DSCP or 802 1p tag should be re marked then the pac...

Page 71: ...cedence over low priority but in the event that high priority traffic exceeds the link capacity lower priority traffic is not blocked Traffic queues cannot be enabled on a per port basis on the Switch 4400 Configuring Traffic Prioritization on the Switch Your Switch allows you to discard and prioritize applications as well as devices to obtain Quality of Service QoS for your network Configuring tr...

Page 72: ...re stack the QoS configuration defined in the profile will immediately become active Methods of Configuring Traffic Prioritization QoS can be configured on your Switch using 3Com Network Supervisor or via the Command Line Interface CLI The 3Com Network Supervisor application supplied on the CD ROM accompanying your Switch is the main tool for configuring QoS and 3Com recommends that you use this a...

Page 73: ...e recommended configuration for most networks is 10 100 Mbps switching to the desktop Gigabit connections for servers and non blocking Gigabit backbones QoS requires the support of every network device from end to end All devices in the network should support QoS If there is just one section in the data path that does not support QoS it can produce bottlenecks and slowdowns although a performance ...

Page 74: ...ith IP TOS based networks Default QoS Configurations The Switch has some pre configured defaults which are listed in Table 7 and Table 8 Table 7 Default traffic classifiers configured in your Switch Table 8 Default service levels configured in your Switch Classifier Name Classifier Type Protocol Identifier Used in QoS Profile 1 All traffic Basic All traffic None 2 3Com NBX Voice LAN EtherType 0x80...

Page 75: ...witch port Figure 17 University campus QoS network example See Utilizing the Traffic Prioritization Features of Your Network on page 133 for a further network example Some examples of rules that can be set up and added to a QoS profile are shown in Table 9 on page 76 Switch 4400 Endstations on 10 100 Mbps switched connections Student Web Access Blocked Network Games Blocked Lecturer All Traffic Hi...

Page 76: ...lan_ph one pdf correct at time of publication For additional troubleshooting information and technical solutions visit the 3Com Knowledgebase The Knowledgebase has solutions addressing the blocking of network games and the prioritization of video traffic among its topics To find these articles visit the Knowledgebase at http knowledgebase 3com com and search for appropriate keywords Rule Example P...

Page 77: ... it to monitor the traffic of other ports on the Switch The system works by enabling you to define an analysis port the port that is connected to the analyzer and a monitor port the port that is to be monitored Once the pair are defined and you start monitoring the Switch takes all the traffic going in and out of the monitor port and copies it to the analysis port Roving analysis is used when you ...

Page 78: ...ts statistics about a LAN segment or VLAN and transfers the information to a management workstation on request or when a pre defined threshold is crossed The workstation does not have to be on the same network as the Switch and can manage the Switch by in band or out of band connections The RMON Groups The IETF define groups of Ethernet RMON statistics This section describes the four groups suppor...

Page 79: ...eshold and falling threshold Effective use of the Events group saves you time rather than having to watch real time graphs for important occurrences you can depend on the Event group for notification Through the SNMP traps events can trigger other actions therefore providing a way to automatically respond to certain occurrences Benefits of RMON Using the RMON features of your Switch has three main...

Page 80: ...tics No Statistics sessions per VLAN supported on Switch 4400 other than VLAN 1 A new or initialized Switch has one Statistics session per port and one default Statistics session for VLAN 1 History No History sessions per VLAN supported on Switch 4400 other than VLAN 1 A new or initialized Switch has two History sessions per port and one default History session for VLAN 1 These sessions provide th...

Page 81: ...ted in Table 11 The Default Alarm Settings A new or initialized Switch has the following alarm defined for each port Number of errors over 10 seconds The default values and actions for this alarm is given in Table 12 Table 11 Alarm Events Event Action No action Notify only Send Trap Notify and filter port Send Trap Block broadcast and multicast traffic on the port Recovers with the unfilter port e...

Page 82: ...cur You can receive notification via email SMS Short Message Service or pager of the event that has occurred This feature uses an SMTP Simple Mail Transfer Protocol email client to send the notification email The Short Message Service SMS and pager messages are constrained on message size so they are sent to a different email address which creates the message to be displayed and then forwards it o...

Page 83: ...raps continue to be sent in addition to any email notifications you may receive The events that can generate email notification are Unit powers up Fan in the unit fails Unit in the stack fails A link fails or returns to service you can select specific links that you wish to receive messages for for example a mission critical link to a server A resilient link activates A security violation occurs ...

Page 84: ...84 CHAPTER 7 STATUS MONITORING AND STATISTICS ...

Page 85: ...e Guide supplied in HTML format on the CD ROM that accompanies your Switch What are VLANs A VLAN is a flexible group of devices that can be located anywhere in a network but which communicate as if they are on the same physical segment With VLANs you can segment your network without being restricted by physical connections a limitation of traditional network design As an example with VLANs you can...

Page 86: ...ust be updated manually With a VLAN setup if an endstation in VLAN Marketing for example is moved to a port in another part of the network and retains its original subnet membership you only need to specify that the new port is in VLAN Marketing You do not need to carry out any re cabling VLANs provide extra security Devices within each VLAN can only communicate with other devices in the same VLAN...

Page 87: ...llowing information about each VLAN on your Switch before the Switch can use it to forward traffic VLAN Name This is a descriptive name for the VLAN for example Marketing or Management 802 1Q VLAN ID This is used to identify the VLAN if you use 802 1Q tagging across your network The Default VLAN A new or initialized Switch contains a single VLAN the Default VLAN This VLAN has the following definit...

Page 88: ... if a port is in a single VLAN it can be an untagged member but if the port needs to be a member of multiple VLANs tagged membership must be defined Typically endstations for example clients will be untagged members of one VLAN while inter Switch connections will be tagged members of all VLANs The IEEE Std 802 1Q 1998 defines how VLANs operate within an open packet switched network An 802 1Q compl...

Page 89: ...e switch In this network there is no requirement to pass traffic for multiple VLANs across a link All traffic is handled by the single Switch and therefore untagged connections can be used The example shown in Figure 20 illustrates a single Switch connected to endstations and servers using untagged connections Ports 1 2 and 3 of the Switch belong to VLAN 1 ports 10 11 and 12 belong to VLAN 2 VLANs...

Page 90: ...t use 802 1Q tagged connections so that all VLAN traffic can be passed along the links between the Switches 802 1Q tagging can only be used if the devices at both ends of a link support IEEE 802 1Q The example shown in Figure 21 illustrates two Switch units Each Switch has endstations and a server in VLAN 1 and VLAN 2 All endstations in VLAN 1 need to be able to connect to the server in VLAN1 whic...

Page 91: ...he VLANs on Switch 2 Define VLAN 2 VLAN 1 is the default VLAN and already exists 5 Add endstation ports on Switch 2 to the VLANs Place the endstation ports in the appropriate VLANs as untagged members 6 Add port 11 on Switch 2 to the VLANs Add port 11 on Switch 2 as a tagged member of both VLANs 1 and 2 so that all VLAN traffic is passed over the link to Switch 1 7 Check the VLAN membership for bo...

Page 92: ...92 CHAPTER 8 SETTING UP VIRTUAL LANS ...

Page 93: ... is Webcache Support Webcache support is a feature that allows local storage caching of frequently accessed web pages on a Webcache attached to your network This means your network users can access these locally stored web pages without going over a WAN connection The Webcache periodically checks live web pages to find out if the current cached pages are out of date and replaces them accordingly B...

Page 94: ...iple units are configured in this way then the master unit will select the first unit that responds to be the polling unit The polling unit polls for the Webcache using the Webcache health check URL see Cache Health Checks on page 95 for more information When the polling unit receives a response from the Webcache it resolves the Webcache s IP address to a MAC address and a port and passes it to ot...

Page 95: ... health check works as follows 1 The health check requests a factory defined URL from the Webcache every eleven seconds and expects to receive a reply to confirm that the cache is operating normally 2 If a reply is not received from the Webcache the Switch will start polling the Webcache at three second intervals 3 If the Webcache fails three health check attempts the Webcache is deemed to have fa...

Page 96: ...s follows 1 A PC sends a request for a web page in the form of HTTP traffic 2 The Switch receives the request from the PC it detects that the traffic is HTTP and redirects it to the Webcache instead of the WAN 3 The Webcache receives the request If it has the required web page cached it will send it directly back to the requesting PC If it does not have the page cached it will return the request t...

Page 97: ...ack On the Switch 4400 the Webcache must reside on VLAN1 The SuperStack 3 Webcache 1000 3000 can only receive untagged packets therefore it must be connected to an untagged port on the Switch 4400 The Switch 4400 only redirects HTTP requests it recognizes in VLAN1 and sends them untagged to the Webcache The traffic between any two pairs of IP addresses must always be redirected through the same We...

Page 98: ...98 CHAPTER 9 USING WEBCACHE SUPPORT ...

Page 99: ...s For detailed information on setting up your Switch for management see the Getting Started Guide that accompanies your Switch For detailed descriptions of the Web interface operations and the Command Line Interface CLI commands that you require to manage the Switch please refer to the Management Interface Reference Guide supplied in HTML format on the CD ROM that accompanies your Switch For backg...

Page 100: ...ic configuration methods The Switch tries each method in a specified order Manual IP Configuration you can manually input the IP information IP address subnet mask and default gateway If you select an option for no IP configuration the Switch will not be accessible from a remote management workstation on the LAN In addition the Switch will not be able to respond to SNMP requests How Automatic IP C...

Page 101: ...ocol ARP to check to make sure this address is not already in use on the network If not it will allocate this default address to the Switch If this IP address is already in use Auto IP will check once every second for three seconds for an IP address on the 169 254 x y subnet where x 1 254 and y 0 255 Auto IP only uses addresses in the range 169 254 1 0 through to 169 254 254 255 as valid addresses...

Page 102: ...systems Microsoft Windows 2000 Server Microsoft Windows NT4 Server Sun Solaris v2 5 1 If you want DHCP or BOOTP to be the method for automatic configuration make sure that your DHCP or BOOTP servers are operating normally before you power on your Switch Event Log Entries and Traps An event log will be generated and an SNMP trap will be sent if any of the following changes occur in the IP configura...

Page 103: ...ese features and gives examples of how and why you would use them in your network For detailed descriptions of the Web interface operations and the Command Line Interface CLI commands that you require to manage the Switch please refer to the Management Interface Reference Guide supplied in HTML format on the CD ROM that accompanies your Switch ...

Page 104: ...information see What is Disconnect Unauthorized Device DUD on page 107 Network Login When the user has been successfully authorized all network traffic is forwarded through the port without any restrictions For further information see What is Network Login on page 105 Network Login Secure When the user has been successfully authorized only network traffic that is received from the authorized clien...

Page 105: ...he client device is granted access to the network For further information about RADIUS see What is RADIUS on page 112 The client device must be directly connected to the Switch port no intervening switch or hub as the Switch uses the link status to determine if an authorized client device is connected Network Login will not operate correctly if there is a bridge device between the client device an...

Page 106: ...as shown in Figure 23 The Switch does not interpret or store this information Figure 23 Network Login Operation When the client device and RADIUS server have exchanged authentication information the Switch receives either an authentication succeeded or failed message from the server and then configures the port to forward or filter traffic as appropriate If access is granted the Spanning Tree Prot...

Page 107: ...h port may not support the authentication service for example printers You should configure the Switch port to operate in Automatic Learning mode so that network traffic that does not match the MAC address for the client device is filtered You should enable Network Login on all relevant Switch ports Failure to enable authentication on a single port could compromise the security of the entire netwo...

Page 108: ...t Login If you intend to manage the Switch using the Web interface or the Command Line Interface you need to log in with a valid user name and password For further information on managing the Switch see the Setting Up For Management chapter in the Switch 4400 Getting Started Guide The user name and password information can be stored in either a RADIUS server recommended If you enable RADIUS as the...

Page 109: ...in bad configurations and lapses in security RADIUS authentication provides centralized secure access and removes the need to physically visit each network device Changes to user names and passwords require only a single action on the RADIUS database and are reflected immediately The Switch 4400 is fully compliant with the industry standard RADIUS protocol For further information about RADIUS see ...

Page 110: ...ecify the access level required for each user account The configurable attribute values are Monitor 1 the user can view all manageable parameters except special security features but cannot change any manageable parameters Manager 2 the user can access and change the operational parameters but not special security features Administrator 3 the user can access and change all manageable parameters Th...

Page 111: ...uthentication Vendor Specific Attribute VSA The Vendor ID for 3Com is 43 If the Switch is unable to contact the RADIUS server the Command Line Interface automatically reverts to using the local Switch database for user authentication This allows a user with admin access to login to the Switch via the console port and continue to manage it The Web interface and Telnet do not revert to the local dat...

Page 112: ...Transactions between each network device and the server are authenticated by the use of a shared secret Additional security is provided by encryption of passwords to prevent interception by a network snooper RADIUS is defined in the RFCs 2865 and 2866 Remote Authentication Dial in User Service RADIUS and RADIUS Accounting Network Login a method of port based access control and Switch Management Lo...

Page 113: ...ply the power required by the device providing that the total power budget for the Switch would not be exceeded by doing so Benefits of Power over Ethernet A Power over Ethernet Switch combines the functionality of a standard Ethernet Switch with a single power supply that can power multiple devices Using a Power over Ethernet Switch has the following advantages over an unpowered network Reduced C...

Page 114: ...power delivered does not exceed 150 watts When you plan your network you need to calculate the maximum power that you will need and make sure that the Switch is not expected to supply more than its maximum capacity To calculate the power budget for the Switch add together the power requirements of the devices that will be connected at any one time The power requirements of 3Com Power over Ethernet...

Page 115: ...his is the case you may choose to Add additional Power over Ethernet switches This will enable to you guarantee power to each port on the Switch that supplies a Power over Ethernet device The remaining ports can be used to supply networking to those devices that are powered by other means Prioritize Power over Ethernet devices Since the Switch supplies power to the lowest numbered port first you s...

Page 116: ...Ethernet device To ensure that the Switch is able to supply power to each device for which it has guaranteed power the Switch reserves the maximum power that each guaranteed device can draw regardless of whether the device is in use Typically this results in the Switch reserving more power for guaranteed devices than is actually supplied to these devices If the Switch is not able to supply power t...

Page 117: ...thernet information See Introducing the Superstack 3 Switch 4400 in the Getting Started Guide There is a Power over Ethernet fault Push the LED Mode button to change to power mode and see the details of the fault see Table 14 on page 118 or look at the PoE Detail screen in the Web interface see Monitoring Power Usage using the Web Interface on page 118 When the Port LED Status LED lights green pow...

Page 118: ...ower that has been supplied to the device since the meter was last reset If a device had been switched off for part of the time it will register a lower average Peak Power displays the most power supplied to the device since the meter was last reset Current Power displays the power currently being supplied to the device Table 14 Port Status and Port Packet LEDs Power over Ethernet information LED ...

Page 119: ...f the port is active The height of the bar shows the level of power being drawn Gray if the port has been disabled Red if there is a Power over Ethernet fault on the port Problem Solving If a device is not supplied with power after you have connected it to the Switch 4400 PWR check the following The device is Power over Ethernet compliant and is configured to receive its power over Ethernet See th...

Page 120: ...120 CHAPTER 12 POWER MANAGEMENT AND CONTROL ...

Page 121: ...II APPENDICES AND INDEX Appendix A Configuration Rules Appendix B Network Configuration Examples Appendix C IP Addressing Glossary Index ...

Page 122: ...122 ...

Page 123: ...4 ft Category 5 cabling with connections up to 100 m 328 ft The different types of Gigabit Ethernet media and their specifications are detailed in Table 15 Table 15 Gigabit Ethernet cabling Gigabit Ethernet Transceivers Fiber Type Modal Bandwidth MHz km Lengths Supported Specified by IEEE meters 1000BASE LX 1000BASE SX 1000BASE T MM Multimode 62 5 µm MM 50 µm MM 50 µm MM 10 µm SM 62 5 µm MM 62 5 µ...

Page 124: ...ure 26 illustrates the key topology rules and provides examples of how they allow for large scale Fast Ethernet networks Figure 26 Fast Ethernet configuration rules The key topology rules are Maximum UTP cable length is 100 m 328 ft over Category 5 cable A 412 m 1352 ft fiber link is allowed for connecting switch to switch or endstation to switch using half duplex 100BASE FX ...

Page 125: ... to the endstations Configuration Rules with Full Duplex The Switch provides full duplex support for all its ports including Expansion Module ports Full duplex allows packets to be transmitted and received simultaneously and in effect doubles the potential throughput of a link With full duplex the Ethernet topology rules are the same but the Fast Ethernet rules are Maximum UTP cable length is 100 ...

Page 126: ...126 APPENDIX A CONFIGURATION RULES ...

Page 127: ... Configuration Examples Segmentation Switch Example Collapsed Backbone Switch Example Desktop Switch Example Advanced Network Configuration Examples Improving the Resilience of Your Network Enhancing the Performance of Your Network Utilizing the Traffic Prioritization Features of Your Network ...

Page 128: ...an be used in your network Segmentation Switch Example The example in Figure 27 shows how a 10 100 Switch such as the Switch 4400 stack can segment a network of shared 10 Mbps and 100 Mbps connections There is a 10 100 shared segment on each floor and these segments are connected to the Switch which is positioned in the basement Figure 27 Using the Switch 4400 to segment your network ...

Page 129: ...on Examples 129 Collapsed Backbone Switch Example The example in Figure 28 shows how a Switch 4400 stack can act as a backbone for both shared and switched network segments Figure 28 Using the Switch 4400 as a collapsed backbone ...

Page 130: ...Switch 4400 can be used for a group of users that require dedicated 10 Mbps or 100 Mbps connections to the desktop The Switch 4400 stack has a 1000BASE T Module fitted that allows it to provide a Gigabit Ethernet link to a Switch 4900 in the basement Figure 29 Using the Switch 4400 in a desktop environment ...

Page 131: ...witch Improving the Resilience of Your Network Figure 30 shows how you can set up your network to improve its resilience using resilient links Alternatively instead of setting up resilient links you can enable Spanning Tree Protocol STP Aggregated links have also been setup from the Core Switch this increases the bandwidth available for the backbone connection and also provides extra resilience Fi...

Page 132: ...t auto sensing and will therefore pass data across the network at the optimum available speed and duplex mode Flow control will help avoid packet loss during periods of network congestion A Gigabit Ethernet backbone is set up between the Switch 4900 and each Switch in the workgroups to increase the bandwidth and therefore the overall network performance Figure 31 Network set up to enhance performa...

Page 133: ...guration that demonstrates how you can utilize the different types of Quality of Service QoS profiles to ensure a high level of service and prioritization across the network for certain applications users or locations For more information on using QoS see Chapter 6 Using Traffic Prioritization Figure 32 Network set up to utilize traffic prioritization ...

Page 134: ...134 APPENDIX B NETWORK CONFIGURATION EXAMPLES ...

Page 135: ...dress is Advanced Overview Gives a more in depth explanation of IP addresses and the way they are structured Simple Overview To operate correctly each device on your network must have a unique IP address IP addresses have the format n n n n where n is a decimal number between 0 and 255 An example IP address is 192 168 100 8 The IP address can be split into two parts The first part called the netwo...

Page 136: ... Registration Services is the organization responsible for supplying registered IP addresses The following contact information is correct at time of publication World Wide Web site http www internic net Advanced Overview IP addresses are 32 bit addresses that consist of a network part the address of the network where the host is located and a host part the address of the host on that network Figur...

Page 137: ...classes of IP addresses are as follows Class A address Uses 8 bits for the network part and 24 bits for the host part Although only a few Class A networks can be created each can contain a very large number of hosts Class B address Uses 16 bits for the network part and 16 bits for the host part Class C address Uses 24 bits for the network part and 8 bits for the host part Each Class C network can ...

Page 138: ...ns a subnetwork part a subnet mask identifies the bits that constitute the subnetwork address and the bits that constitute the host address A subnet mask is a 32 bit number in the IP address format The 1 bits in the subnet mask indicate the network and subnetwork part of the address The 0 bits in the subnet mask indicate the host part of the IP address as shown in Figure 35 Figure 35 Subnet Maskin...

Page 139: ...0 The number that includes both the Class B natural network mask 255 255 and the subnet mask 255 240 is sometimes called the extended network prefix Continuing with the previous example the subnetwork part of the mask uses 12 bits and the host part uses the remaining 4 bits Because the octets are actually binary numbers the number of subnetworks that are possible with this mask is 4 096 212 and th...

Page 140: ...gments When it receives the IP packets the gateway determines the next network hop on the path to the remote destination and sends the packets to that hop This could either be the remote destination or another gateway closer towards the destination This hop by hop process continues until the IP packets reach the remote destination If manually configuring IP information for the Switch enter the IP ...

Page 141: ...Ethernet over fiber optic cable 802 11af The IEEE specification for Power over Ethernet See Power over Ethernet aging The automatic removal of dynamic entries from the Switch Database which have timed out and are no longer valid Aggregated Links Aggregated links allow a user to increase the bandwidth and resilience between switches by using a group of ports to carry traffic between the switches au...

Page 142: ... packet sent to all devices on a network broadcast storm Multiple simultaneous broadcasts that typically absorb all the available network bandwidth and can cause a network to fail Broadcast storms can be due to faulty network devices cache Stores copies of frequently accessed objects locally to users and serves them to users when requested collision A term used to describe two colliding packets in...

Page 143: ...tion using a networking device Forwarding Database See Switch Database filtering The process of screening a packet for certain characteristics such as source address destination address or protocol Filtering is used to determine whether traffic is to be forwarded and can also prevent unauthorized access to a network or network devices flow control A mechanism that prevents packet loss during perio...

Page 144: ... relevant sections of the IEEE Std 802 1D 1998 Edition IEEE Std 802 1Q 1998 A standard that defines VLAN tagging IEEE Std 802 3ad A standard that defines link aggregation 802 3ad is now incorporated into the relevant sections of the IEEE Std 802 3 2002 IEEE Std 802 3x A standard that defines a system of flow control for ports that operate in full duplex 802 3x is now incorporated into the relevant...

Page 145: ...ernetwork Packet Exchange IPX is a layer 3 and 4 network protocol designed for networks that use Novell Netware IP address Internet Protocol address A unique identifier for a device attached to a network using TCP IP The address is written as four octets separated with periods full stops and is made up of a network section an optional subnet section and a host section Jitter An expression often us...

Page 146: ...the receiver of another device MDI X Medium Dependent Interface Cross over An Ethernet port connection where the internal transmit and receive lines are crossed MIB Management Information Base A collection of information about the management characteristics and parameters of a networking device MIBs are used by the Simple Network Management Protocol SNMP to gather information about the devices on ...

Page 147: ...ir of ports that can be configured so that one takes over data transmission should the other fail See also main port and standby port RMON IETF Remote Monitoring MIB A MIB that allows you to remotely monitor LANs by addressing up to nine different groups of information router A router is a device on your network which is used to forward IP packets to a remote destination An alternative name for a ...

Page 148: ...m a single logical device standby port The port in a resilient link that takes over data transmission if the main port in the link fails STP See Spanning Tree Protocol STP subnet mask A subnet mask is used to divide the device part of the IP address into two further parts The first part identifies the subnet number The second part identifies the device on that subnet switch A device that interconn...

Page 149: ...the local management capabilities of the Switch traffic prioritization A system which allows data that has been assigned a high priority to be forwarded through a switch without being obstructed by other data unicast A packet sent to a single endstation on a network VLAN Virtual LAN A group of location and topology independent devices that communicate as if they are on the same physical LAN VLAN t...

Page 150: ...150 GLOSSARY ...

Page 151: ...tart 56 RSTP 56 default gateway 140 Default VLAN 87 Designated Bridge 51 Designated Bridge Port 52 DHCP 100 Disconnect Unauthorized Device DUD 18 107 E event notification 22 82 Events RMON group 79 80 extended network prefix 139 F Fast Ethernet configuration rules 124 Filter RMON group 79 80 flow control 28 full duplex configuration rules 125 G Gigabit Ethernet configuration rules 123 glossary 141...

Page 152: ...16 power budgets 114 power LEDs 117 power management 18 Power over Ethernet 113 advantages 113 power plan 116 power usage 116 monitoring 118 priority in STP 50 Q QoS see Quality of Service 21 61 Quality of Service 21 61 profiles 72 R RADIUS 108 112 authentication 109 Rapid Spanning Tree Protocol RSTP 20 48 registered IP address obtaining 136 Remote Monitoring See RMON resilient links 46 Restore 23...

Page 153: ...ogy rules for Fast Ethernet 124 topology rules with full duplex 125 traffic prioritization 21 61 62 advanced 69 basic 67 classification 64 default configurations 74 differentiated services 65 66 DiffServ Code Point DSCP 66 example configurations 75 IEEE Std 802 1D 1998 Edition 65 marking 65 queues 71 re marking 67 rules application based 61 rules device based 61 traffic queues 63 V Vendor Specific...

Reviews: