Home
/
Allied Telesis
/
AT-9400
/
User Manual

Allied Telesis AT-9400, User Manual

Share

Page: 593 / 668

Allied Telesis AT-9400 User Manual Download Page 593

AT-S63 Management Software Menus User’s Guide

Section IX: Management Security

593

General Steps for Configuring the Web Server for Encryption

There are several procedures you need to perform in order to implement
HTTPS and web browser encryption on the switch. This section is here to
provide you with the general steps you need to do and the procedures for
performing them. There is a section for configuring the web server with a
self-signed certificate and another for a public or private CA certificate.

General Steps for

a Self-signed

Certificate

Below are the general steps for setting up the web server with a self-
signed certificate.

1. Set the switch’s date and time. You must do this before you create a

certificate because the date and time are stamped in the digital
document. For instructions, refer to “Setting the System Time” on
page 38.

2. Create a public and private key pair, as explained in “Creating an

Encryption Key” on page 596.

3. Create a self-signed certificate using the key pair, as explained in

“Creating a Self-signed Certificate” on page 612.

4. Add the certificate to the certificate database, as explained in “Adding

a Certificate to the Database” on page 616.

5. Configure the web server on the switch by activating HTTPS and

specifying the key pair used to create the certificate as the active key.
This step is explained in “Configuring the Web Server” on page 590.

General Steps for

a Public or

Private CA

Certificate

Below are the steps for setting up the web server with a public or private
CA certificate. This requires generating an enrollment request.

1. Set the switch’s date and time. You must do this before you create the

enrollment request. The date and time at stamped in the request. The
instructions for this are in “Setting the System Time” on page 38.

2. Create a public and private key pair, as explained in “Creating an

Encryption Key” on page 596.

3. Generate an enrollment request, as explained in “Generating an

Enrollment Request” on page 627.

4. Upload the enrollment request from the switch’s file system onto your

management station or a TFTP server, as explained in “Uploading a
System File” on page 190.

5. Submit the enrollment request to the public or private CA.

«
...
591
592
593
594
595
...
»

Summary of Contents for AT-9400

Page 1: ...613 001025 Rev A Management Software AT S63 Menus User s Guide For Stand alone AT 9400 Switches Version 2 2 0 for AT 9400 Layer 2 Switches Version 3 2 0 for AT 9400 Basic Layer 3 Switches ...

Page 2: ...arks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever includ...

Page 3: ...System Time Manually 39 Setting the System Time from an SNTP or NTP Server 40 Rebooting the Switch 43 Configuring the Console Startup Mode 45 Configuring the Console Timer 46 Configuring the Telnet Server 47 Setting the Baud Rate of the Serial Terminal Port 48 Pinging a Remote System 49 Returning the AT S63 Management Software to the Factory Default Values 50 Displaying Hardware and Software Infor...

Page 4: ... 113 Changing the Aging Time 114 Chapter 6 Static Port Trunks 115 Creating a Static Port Trunk 116 Modifying a Static Port Trunk 120 Deleting a Static Port Trunk 123 Chapter 7 LACP Port Trunks 125 Enabling or Disabling LACP 126 Setting the LACP System Priority 128 Creating an Aggregator 129 Modifying an Aggregator 132 Deleting an Aggregator 134 Displaying LACP Port and Aggregator Status 135 Chapte...

Page 5: ...ng a System File from a Local Management Session 184 Downloading a System File from a Remote Management Session 187 Uploading a System File 190 Guidelines 190 Uploading a System File from a Local Management Session 191 Uploading a System File from a Remote Management Session 194 Chapter 11 Event Logs and the Syslog Client 197 Working with the Event Logs 198 Enabling or Disabling the Event Logs 198...

Page 6: ...rvice Defense 280 Chapter 17 Power Over Ethernet 283 Setting the PoE Threshold 284 Configuring PoE Port Settings 286 Displaying PoE Status and Settings 288 Section III IGMP Snooping MLD Snooping and RRP Snooping 293 Chapter 18 IGMP Snooping 295 Configuring IGMP Snooping 296 Enabling or Disabling IGMP Snooping 300 Displaying a List of Host Nodes 301 Displaying a List of Multicast Routers 303 Chapte...

Page 7: ...get Parameters Table Entry 389 Modifying an SNMPv3 Target Parameters Table Entry 390 Configuring the SNMPv3 Community Table 398 Creating an SNMPv3 Community Table Entry 399 Deleting an SNMPv3 Community Table Entry 402 Modifying an SNMPv3 Community Table Entry 403 Displaying SNMPv3 Table Menus 408 Displaying the Display SNMPv3 User Table Menu 408 Displaying the Display SNMPv3 View Table Menu 410 Di...

Page 8: ...65 Resetting MSTP to the Defaults 468 Section VI Virtual LANs 469 Chapter 24 Port based and Tagged VLANs 471 Creating a Port based or Tagged VLAN 472 Example of Creating a Port based VLAN 477 Example of Creating a Tagged VLAN 479 Modifying a Port based or Tagged VLAN 481 Displaying VLANs 485 Deleting a Port based or Tagged VLAN 487 Deleting All VLANs 490 Displaying PVIDs 492 Enabling or Disabling ...

Page 9: ...802 1x Port based Network Access Control 569 Setting Port Roles 570 Enabling or Disabling 802 1x Port based Network Access Control 572 Configuring Authenticator Port Parameters 573 Configuring Supplicant Port Parameters 579 Displaying the Port Access Parameters 582 Configuring RADIUS Accounting 584 Section IX Management Security 587 Chapter 32 Web Server 589 Configuring the Web Server 590 General ...

Page 10: ... 36 TACACS and RADIUS Protocols 639 Enabling or Disabling Server based Management Authentication 640 Configuring the TACACS Client 642 Displaying the TACACS Settings 644 Configuring the RADIUS Client 645 Displaying RADIUS Status and Settings 648 Chapter 37 Management Access Control List 651 Enabling or Disabling the Management ACL 652 Creating an ACE 654 Modifying an ACE 656 Deleting an ACE 658 Di...

Page 11: ...g Menu 92 Figure 26 SNMP Configuration Menu 94 Figure 27 Configure SNMPv1 SNMPv2c Community Menu 96 Figure 28 Modify SNMP Community Menu 99 Figure 29 Display SNMP Community Menu 104 Figure 30 MAC Address Tables Menu 106 Figure 31 Display Unicast MAC Addresses Menu 106 Figure 32 Display All Menu Unicast MAC Addresses 107 Figure 33 Display All Menu Multicast MAC Addresses 108 Figure 34 MAC Addresses...

Page 12: ...r Details Menu Page 2 230 Figure 78 Access Control Lists ACL Menu 232 Figure 79 Create ACL Menu 233 Figure 80 Modify ACL Menu 235 Figure 81 Destroy ACL Menu 237 Figure 82 Show ACLs Menu 240 Figure 83 Display ACL Details Menu 241 Figure 84 Class of Service CoS Menu 244 Figure 85 Configure Port COS Priorities Menu 245 Figure 86 Map CoS Priority to Egress Queue Menu 247 Figure 87 Configure Egress Sch...

Page 13: ...t Address Table Menu 377 Figure 139 Configure SNMPv3 Target Parameters Table Menu 386 Figure 140 Modify SNMPv3 Target Parameters Table Menu 391 Figure 141 Configure SNMPv3 Community Table Menu 400 Figure 142 Modify SNMPv3 Community Table Menu 404 Figure 143 Display SNMPv3 Table Menu 409 Figure 144 Display SNMPv3 User Table Menu 409 Figure 145 Display SNMPv3 View Table Menu 410 Figure 146 Display S...

Page 14: ...LAN Menu 541 Figure 202 Show VLANs Menu with MAC Address based VLANs 542 Figure 203 Detail Information Display 543 Figure 204 Configure Interface Menu 548 Figure 205 Create Interface Menu 549 Figure 206 Modify Interface Menu 552 Figure 207 Port Security Menu 562 Figure 208 Configure Port Security Menu 1 562 Figure 209 Configure Port Security Menu 2 564 Figure 210 Display Port Security Menu 566 Fig...

Page 15: ...l SSH Menu 634 Figure 237 Show Server Information Menu 637 Figure 238 Authentication Configuration Menu 640 Figure 239 TACACS Client Configuration Menu 642 Figure 240 TACACS Client Configuration Menu 644 Figure 241 RADIUS Client Configuration 645 Figure 242 RADIUS Server Configuration 646 Figure 243 Show Status Menu 648 Figure 244 Management ACL Configuration Menu 652 Figure 245 Modify Management ...

Page 16: ...Figures 16 ...

Page 17: ...rt Priority Value Increments 427 Table 7 STP Auto Detect Port Costs 427 Table 8 STP Auto Detect Port Trunk Costs 427 Table 9 RSTP Auto Detect Port Costs 434 Table 10 RSTP Auto Detect Port Trunk Costs 435 Table 11 Auto External Path Costs 459 Table 12 Auto External Path Trunk Costs 459 Table 13 RSTP Auto Detect Port Costs 461 Table 14 RSTP Auto Detect Port Trunk Costs 462 Table 15 GVRP Counters 504...

Page 18: ...Tables 18 ...

Page 19: ...his documentation contains certain cryptographic functionality and its export is restricted by U S law As of this writing it has been submitted for review as a retail encryption item in accordance with the Export Administration Regulations 15 C F R Part 730 772 promulgated by the U S Department of Commerce and conditionally may be exported in accordance with the pertinent terms of License Exceptio...

Page 20: ...ng on page 137 Section II Advanced Operations Chapter 9 File System on page 145 Chapter 10 File Downloads and Uploads on page 167 Chapter 11 Event Logs and the Syslog Client on page 197 Chapter 12 Classifiers on page 219 Chapter 13 Access Control Lists on page 231 Chapter 14 Class of Service on page 243 Chapter 15 Quality of Service on page 251 Chapter 16 Denial of Service Defenses on page 279 Cha...

Page 21: ...ANs on page 521 Chapter 28 MAC Address based VLANs on page 533 Section VII Internet Protocol Routing Chapter 29 Internet Protocol Version 4 Routing Interfaces on page 547 Section VIII Port Security Chapter 30 MAC Address based Port Security on page 561 Chapter 31 802 1x Port based Network Access Control on page 569 Section IX Management Security Chapter 32 Web Server on page 589 Chapter 33 Encrypt...

Page 22: ...nstructions on installing or managing a stand alone AT 9400 Switch refer to AT 9400 Gigabit Ethernet Switch Installation Guide PN 613 000987 AT S63 Management Software Menus User s Guide PN 613 001025 AT S63 Management Software Command Line User s Guide PN 613 001024 AT S63 Management Software Web Browser User s Guide PN 613 001026 For instructions on installing or managing a stack of AT 9400 Basi...

Page 23: ...t time There you will find a variety of basic information about the unit and the management software like the two levels of manager access levels and the different types of management sessions The AT S63 Management Software Features Guide is also your resource for background information on the features of the switch You can refer there for the relevant concepts and guidelines when you configure a ...

Page 24: ...Preface 24 Starting a Management Session For instructions on how to start a local or remote management session on the AT 9400 Switch refer to the Starting an AT S63 Management Session Guide ...

Page 25: ...the following conventions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that performing or omitting a specific action may result in bodily injury ...

Page 26: ...es The installation and user guides for all Allied Telesis products are available in portable document format PDF on our web site at www alliedtelesis com You can view the documents online or download them onto a local workstation or server ...

Page 27: ... select the appropriate tab Returning Products Products for return or repair must be assigned Return Materials Authorization RMA numbers A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact the Allied Telesis Technical Support group at www alliedtelesis com support rma aspx Sales and Corporate Information You ...

Page 28: ...Preface 28 ...

Page 29: ...3 Management Software The chapters include Chapter 1 Basic Switch Parameters on page 31 Chapter 2 Port Parameters on page 61 Chapter 3 Enhanced Stacking on page 85 Chapter 4 SNMPv1 and SNMPv2c on page 93 Chapter 5 MAC Address Table on page 105 Chapter 6 Static Port Trunks on page 115 Chapter 7 LACP Port Trunks on page 125 Chapter 8 Port Mirroring on page 137 ...

Page 30: ...30 Section I Basic Operations ...

Page 31: ... Switch on page 43 Configuring the Console Startup Mode on page 45 Configuring the Console Timer on page 46 Configuring the Telnet Server on page 47 Setting the Baud Rate of the Serial Terminal Port on page 48 Pinging a Remote System on page 49 Returning the AT S63 Management Software to the Factory Default Values on page 50 Displaying Hardware and Software Information on page 52 Displaying System...

Page 32: ...the switch To assign a name location and contact to a switch perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 Figure 1 System Administration Menu 2 From the System Administration menu type 2 to select System Configuration Allied Telesis AT 9424Ts AT S63 Marketing User Manager 11 20 02 02 Mar 2005 System ...

Page 33: ...xclamation points and asterisks The default is no name This parameter is optional 6 Location This parameter specifies the location of the switch for example 4th Floor rm 402B The location can be from 1 to 20 characters The location can include spaces and special characters such as dashes and asterisks The default is no location This parameter is optional 7 Administrator This parameter specifies th...

Page 34: ...Parameters 34 Section I Basic Operations dashes and asterisks The default is no name This parameter is optional 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 35: ...d on page 35 Resetting the Manager Password on page 37 The first procedure allows you to change the manager or operator password The second procedure allows you to bypass the manager password in the event you lose or forget it Changing the Manager or Operator Password To change the manager or operator password perform the following procedure 1 From the Main Menu type 5 to select System Administrat...

Page 36: ...d 6 When prompted re enter the new password 7 Type 2 to select Set Operator Password The following prompt is displayed Enter New Operator Password 8 Type the current operator password the default is friend and press Return Note A password can be from 0 to 16 alphanumeric characters Passwords are case sensitive You should not use spaces or special characters such as asterisks or exclamation points ...

Page 37: ...nager password perform the following procedure 1 Establish a local management session with the switch 2 Reboot the switch Refer to Rebooting the Switch on page 43 for instructions 3 When the switch displays Press Ctrl B to go to Boot prompt type S or s The switch without acknowledging the key input continues with the process of initializing the management software 4 At the completion of the initia...

Page 38: ...e Protocol SNTP The AT S63 Management Software is shipped with the client version of this protocol You can configure the AT S63 Management Software to obtain the current date and time from an SNTP or Network Time Protocol NTP server located on your network or the Internet For instructions refer to Setting the System Time from an SNTP or NTP Server on page 40 SNTP is a reduced version of the NTP Ho...

Page 39: ...m Time The following prompt is displayed Enter new system time hh mm ss 5 Enter a new time for the system in the following format hours minutes and seconds all separated by colons The following prompt is displayed Enter new system date dd mm yyyy 6 Enter a new date for the system Use two numbers to specify the day and month Use four numbers to specify the year Separate the values with hyphens For ...

Page 40: ... Server and enter the IP address of an SNTP or NTP server Note If the local interface on the switch is obtaining its IP address and subnet mask from a DHCP server you can configure the server to provide the interface with an IP address of an NTP or SNTP server If you configured the server to provide this address then you do not need to enter it here and you can skip ahead to step 5 The following p...

Page 41: ...e 6 to select Poll Interval to specify the time interval between queries to the SNTP server The following prompt is displayed Enter interval to poll SNTP server 60 to 1200 600 Note Selection 7 Last Delta reports the last adjustment that had to be applied to the system time the drift in the system clock between two successive queries to the SNTP server You cannot change this value 11 Enter the numb...

Page 42: ...his is a read only field Option U Update System Time allows you to prompt the switch to poll the SNTP or NTP server for the current time and date You can use this selection to update the time and date immediately rather than wait for the switch s next polling period This selection has no effect if you set the date and time manually 14 After making changes type R until you return to the Main Menu T...

Page 43: ...ation file Some packet traffic may be lost You must reestablish your management session after the switch finishes reloading its software to continue managing the unit To reboot the switch perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page 32 2 From the System Administration menu type 9 to select Sy...

Page 44: ...167 Ping a Remote System item 3 is described in Pinging a Remote System on page 49 Reset to Factory Defaults item 4 is described in Returning the AT S63 Management Software to the Factory Default Values on page 50 3 From the System Utilities menu type 5 to select Reboot the switch The following prompt is displayed The switch is about to reboot Do you want to proceed Yes No 4 Type Y to reboot the s...

Page 45: ...nu is shown in Figure 7 Figure 7 Console Serial Telnet Configuration Menu 3 Type 1 to toggle Console Startup Mode between Menu and CLI When the mode is set to Menu management sessions start with the Main Menu When the mode is set to CLI management sessions start with the command line interface prompt The default is CLI 4 After making changes type R until you return to the Main Menu Then type S to ...

Page 46: ... your management station when you step away from your system while you are configuring a switch The default for the console timeout value is 10 minutes To adjust the console timer perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page 32 2 From the System Administration menu type 3 to select Console Se...

Page 47: ...in Figure 1 on page 32 2 From the System Administration menu type 3 to select Console Serial Telnet Configuration The Console Serial Telnet Configuration menu is shown in Figure 7 on page 45 3 To enable or disable the Telnet server from the Console Serial Telnet Configuration menu type 4 to toggle Telnet Server between Enabled and Disabled The default is enabled Note Disable Telnet access if you a...

Page 48: ...tion The Console Serial Telnet Configuration menu is shown in Figure 7 on page 45 3 From the Console Serial Telnet Configuration menu type 3 to select Console Baud Rate The following prompt is displayed Supported baud rates are 1200 2400 4800 9600 19200 38400 57600 or 115200 Enter new baud rate value 1200 to 115200 4 Type the desired baud rate value and press Return The default setting is 9600 bps...

Page 49: ... member of the switch s management VLAN This restriction no longer applies The switch can ping a device from any local subnet provided the subnet has a routing interface To instruct the switch to ping a network device perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page 32 2 From the System Administr...

Page 50: ...ter the contents of the active boot configuration file To reset the file back to the default settings you must reestablish your management session after the switch reboots and then select Save Configuration changes Otherwise the switch reverts back to the previous configuration the next time you reset the switch Note The AT S63 Management Software default values are listed in the AT S63 Management...

Page 51: ...settings as the unit reboots Caution The switch does not forward traffic while it initializes its operating software a process that takes from 20 seconds to several minutes to complete depending on the number and complexity of commands in the boot configuration file Some packet traffic may be lost You must reestablish your management session if you want to continue managing the switch To overwrite...

Page 52: ...switch You cannot change this parameter Model Name Model name of the AT 9400 Switch You cannot change this setting Serial Number Serial number of the switch You cannot change this setting IP Address IP address of the local interface Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 27 Jun 2006 System Information MAC Address 00 30 84 00 00 00 IP Address 149 35 19 155 Model Name AT 9...

Page 53: ...tation or a syslog server when the switch s local interface and the remote device are on different subnets The default value is 0 0 0 0 Note For instructions on how to configure the routing interfaces on the switch including the local interface refer to Chapter 29 Internet Protocol Version 4 Routing Interfaces on page 547 System Up Time The number of days hours minutes and seconds the switch has b...

Page 54: ...Chapter 1 Basic Switch Parameters 54 Section I Basic Operations information about selection U Uplink Information refer to Displaying Uplink Port Information on page 57 ...

Page 55: ...rom the System Information menu type H to select System Hardware Status Note Menu selection U Uplink Information is described in Displaying Uplink Port Information on page 57 The information in the System Hardware Status menu varies depending on the model of the switch The example in Figure 9 is from an AT 9424T GB switch Figure 9 System Hardware Information Menu Allied Telesis AT 9424T GB AT S63 ...

Page 56: ...em 1 8V Power System 2 5 V Power System 3 3 V Power System 5 V Power System 12 V Power The current voltage of the six power supplies in the switch System Temperature Celsius The overall system temperature System Fan Speed The system fan speed Main PSU RPS The status of the main power supply unit PSU and the redundant power supply RPS 4 Return to the Main Menu ...

Page 57: ...u is shown in Figure 10 Figure 10 Uplink Information Menu The Uplink Information menu displays the status of the GBIC SFP uplink ports ports 23 and 24 If a GBIC or an SFP transceiver is installed in one of the slots the display shows Present Not Present indicates that no GBIC or SFP transceiver is installed in that slot Note The Uplink Information menu only indicates that a GBIC or an SFP is inser...

Page 58: ...elds for an SFP Figure 11 GBIC SFP Information Menu Page 1 5 Type N for Next Page to view more information Allied Telesis AT 9424T GB AT S63 Marketing User Manager 11 20 02 02 Mar 2005 GBIC SFP 2 Information Transceiver Identifier SFP Extended Transceiver Identifier Function defined by serial ID Connector Type LC Encoding Algorithm 8B20B Nominal Bit Rate 2100M Bits sec Link Length Supported for 9 ...

Page 59: ...or an SFP transceiver is installed and the transceiver vendor Allied Telesis AT 9424T GB AT S63 Marketing User Manager 11 20 02 02 Mar 2005 GBIC SFP 2 Information Vendor Name ATI Vendor OUI 00 30 d3 Vendor Part Number AT MG8SX Vendor Product Revision 1 Vendor Serial Number A02103E040500070 Upper Bit Rate Margin 0 Lower Bit Rate Margin 0 Manufacturing Date Code 040527 Gigabit Ethernet Compliance Co...

Page 60: ...Chapter 1 Basic Switch Parameters 60 Section I Basic Operations ...

Page 61: ...atus on page 62 Configuring Port Parameters on page 65 Configuring Head of Line Blocking on page 69 Configuring Flow Control and Back Pressure on page 71 Configuring Port Filtering on page 73 Setting Up Rate Limiting on page 75 Resetting a Port on page 77 Forcing Port Renegotiation on page 78 Resetting the Port Configuration to the Default Settings on page 79 Displaying Port Statistics on page 80 ...

Page 62: ...Port Configuration 1 Port Configuration 2 Port Status 3 Port Statistics 4 Port Trunking and LACP 5 Port Security 6 Port Mirroring R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Port Status Port Link Neg MDIO Speed Duplex PVID PortType 17 Up Auto MDI 1000 Full 12 10 100 1000Base T 18 Up Auto MDI 100 Full 12 10 100 1000Bas...

Page 63: ...nk Neg The status of Auto Negotiation on the port Possible values are Auto Indicates that the port is using Auto Negotiation to set operating speed and duplex mode Manual Indicates that the operating speed and duplex mode have been set manually MDIO The operating configuration of the port Possible values are Auto MDI MDI X The status Auto indicates that the port automatically determines the approp...

Page 64: ...Chapter 2 Port Parameters 64 Section I Basic Operations Port Type The port type ...

Page 65: ... 5 7 22 as a range for example 18 23 or both for example 1 5 14 22 The Port Configuration menu is shown in Figure 15 Figure 15 Port Configuration Port Menu Note If you are configuring multiple ports and the ports have different settings the Port Configuration menu displays the settings of the lowest numbered port After you have configured the settings of the port all its settings are copied to the...

Page 66: ...em has been fixed you can enable the port again to resume normal operation You might also want to disable a port that is not being used to secure it from unauthorized connections Possible settings for this parameter are Enabled The port receives and forwards packets This is the default setting Disabled The port does not receive or forward packets Note Option 2 HOL Blocking Prevention is described ...

Page 67: ...can result in a mismatch if the end node is operating at a fixed duplex mode of full duplex To avoid this problem when connecting an end node with a fixed duplex mode of full duplex to a switch port disable Auto Negotiation on the port and set the port s speed and duplex mode manually When a twisted pair port is set to Auto Negotiation the MDI MDI X setting for the port is locked at auto MDI MDI X...

Page 68: ...uplex mode the only available setting for this item is Auto The port automatically sets its MDI MDI X setting If you disable Auto Negotiation on a port and set a port s speed and duplex mode manually the auto MDI MDI X feature is also disabled A port where Auto Negotiation has been disabled defaults to MDI X Disabling Auto Negotiation may require that you manually configure a port s MDI MDI X sett...

Page 69: ...a switch Port D is receiving packets from two ports 50 of the ingress traffic on port A and 100 of the ingress traffic on port B Not only is port A unable to forward packets to port D because the latter s egress queues are filled with packets from port B but it is also unable to forward traffic to port C because its ingress queue has frames destined to port D that it is unable to forward Figure 16...

Page 70: ... Port Configuration The following prompt is displayed Enter port list 3 Enter the number of the port to be configured You can configure more than one port at a time You can specify the ports individually for example 5 7 22 as a range for example 18 23 or both for example 1 5 14 22 The Port Configuration menu is shown in Figure 15 on page 65 4 From the Port Configuration menu type 2 to select HOL B...

Page 71: ...ch operating in half duplex mode needs to stop an end node from transmitting data it forces a collision A collision on an Ethernet network occurs when two end nodes attempt to transmit data using the same data link at the same time A collision causes the end nodes to stop sending data When a switch port needs to stop a half duplex end node from transmitting data it forces a collision on the data l...

Page 72: ... bytes The range is 1 to 7935 The default is 7935 cells 7 Type 3 to select Back Pressure Half Duplex Status which enables or disables back pressure on a port Possible settings are Disabled The port does not use back pressure This is the default setting Enabled The port uses back pressure 8 Type 4 to select Back Pressure Threshold This selection specifies the threshold for backpressure The threshol...

Page 73: ...u type 1 to select Port Configuration The Port Configuration menu is shown in Figure 13 on page 62 2 From the Port Configuration menu type 1 to select Port Configuration The following prompt is displayed Enter port list 3 Enter the number of the port to be configured The Port Configuration menu is shown in Figure 15 on page 65 4 From the Port Configuration menu type 4 to select Filtering The Filte...

Page 74: ...abled 7 Type 3 to toggle Unknown Multicast Ingress Filtering between Disabled and Enabled 8 Type 4 to toggle Unknown Multicast Egress Filtering between Disabled and Enabled 9 Type 5 to toggle Broadcast Ingress Filtering between Disabled and Enabled 10 Type 6 to toggle Broadcast Egress Filtering between Disabled and Enabled 11 After making changes type R until you return to the Main Menu Then type ...

Page 75: ...Enter port list 3 Enter the number of the port to be configured The Port Configuration menu is shown in Figure 15 on page 65 4 From the Port Configuration menu type 5 to select Rate Limiting The Rate Limiting menu is shown in Figure 19 Figure 19 Rate Limiting Menu 5 To control unknown unicast packets do the following a From the Rate Limiting menu type 1 to toggle Unknown Unicast Rate Limiting Stat...

Page 76: ...ed the feature type 4 to select Multicast Rate The following prompt is displayed Enter the Rate Limit packets second 0 to 262143 c Enter a number for the rate limit 7 To control broadcast packets do the following a Type 5 to toggle Broadcast Rate Limiting Status between Enabled and Disabled b If you enabled the feature type 6 to select Broadcast Rate The following prompt is displayed Enter the Rat...

Page 77: ...ype 1 to select Port Configuration The Port Configuration menu is shown in Figure 13 on page 62 2 From the Port Configuration menu type 1 to select Port Configuration The following prompt is displayed Enter port list 3 Enter the number of the port you want to reset You can reset more than one port at a time You can specify the ports individually for example 5 7 22 as a range for example 18 23 or b...

Page 78: ...Main Menu type 1 to select Port Configuration The Port Configuration menu is shown in Figure 13 on page 62 2 From the Port Configuration menu type 1 to select Port Configuration The following prompt is displayed Enter port list 3 Enter the number of the port to renegotiate its speed and duplex mode You can reset more than one port at a time You can specify the ports individually for example 5 7 22...

Page 79: ...ort Configuration menu is shown in Figure 13 on page 62 2 From the Port Configuration menu type 1 to select Port Configuration The following prompt is displayed Enter port list 3 Enter the number of the port to be reset to its default settings You can reset more than one port at a time You can specify the ports individually for example 5 7 22 as a range for example 18 23 or both for example 1 5 14...

Page 80: ...to select Port Statistics The Port Statistics menu is shown in Figure 20 Figure 20 Port Statistics Menu 3 From the Port Statistics menu type 1 to select Display Port Statistics The following prompt is displayed Enter port list 4 Enter the port whose statistics you want to view You can specify more than one port at a time Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005...

Page 81: ...d from the port Mcast Frames Rx Number of multicast frames received by the port Mcast Frames Tx Number of multicast frames transmitted from the port Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display Port Statistics Port 6 Bytes Rx 983409801 Bytes Tx 965734443 Frames Rx 815423 Frames Tx 691396 Bcast Frames Rx 107774 Bcast Frames Tx 1853 Mcast Frames Rx 11429 Mcas...

Page 82: ...ber of receive errors No of Tx Errors Number of transmit errors Undersize Frames Number of frames that were less than the minimum length specified by IEEE 802 3 64 bytes including the CRC received on the port Oversize Frames Number of frames exceeding the maximum specified by IEEE 802 3 1518 bytes including the CRC received on the port Fragments Number of undersized frames frames with alignment er...

Page 83: ... following procedure 1 From the Main Menu type 1 to select Port Configuration The Port Configuration menu is shown in Figure 13 on page 62 2 From the Port Configuration menu type 3 to select Port Statistics The Port Statistics menu is shown in Figure 20 on page 80 3 Type 2 to select Clear Statistics The statistics are reset to 0 and the statistics gathering starts again ...

Page 84: ...Chapter 2 Port Parameters 84 Section I Basic Operations ...

Page 85: ...xplains the enhanced stacking feature The sections in this chapter include Setting a Switch s Enhanced Stacking Status on page 86 Selecting a Switch in an Enhanced Stack on page 88 Returning to the Master Switch on page 91 Displaying the Enhanced Stacking Status on page 92 ...

Page 86: ...dependently either locally or remotely Note The default setting for a switch is slave Note You cannot change the stacking status of a switch through enhanced stacking You must access the switch directly either through a local or remote session to change its stacking status To adjust a switch s enhanced stacking status perform the following procedure 1 From the Main Menu type 8 to select Enhanced S...

Page 87: ...ype 1 to select Switch State The following prompt is displayed Enter new setup M S U 3 Type M to change the switch to a master switch S to make it a slave switch or U to make the switch unavailable Press Return A change to the status is immediately activated on the switch 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 88: ...ing menu is shown in Figure 22 on page 86 2 From the Enhanced Stacking menu type 2 to select Stacking Services Note Item 2 Stacking Services is only displayed on master switches The Stacking Services menu is shown in Figure 23 Figure 23 Stacking Services Menu 3 From the Stacking Services menu type 1 to select Get Refresh List of Switches Allied Telesis AT 9424Ts AT S63 Marketing User Manager 11 20...

Page 89: ...aster switch to another AT 9400 Switch in the enhanced stack as explained in Uploading the AT S63 Image File Switch to Switch on page 176 Item 5 Load Configuration File allows you to upload a configuration file from a master switch to another AT 9400 Switch as explained in Uploading an AT S63 Configuration File Switch to Switch on page 179 4 To manage a new switch type 3 to select Access Switch Al...

Page 90: ...er the switch number 1 to 24 5 Type the number of the switch in the list you want to manage 6 Enter the appropriate username and password for the switch The command line interface of the selected switch is displayed You now can manage the switch Any management tasks you perform affect only the selected switch ...

Page 91: ...ging a slave switch return to the Main Menu of the switch and type Q for Quit This returns you to the Stacking Services menu on the master switch where you started the management session You can either select another switch from the list to manage or to manage the master switch type R twice to return to the master switch s Main Menu ...

Page 92: ...he Main Menu type 8 to select Enhanced Stacking The Enhanced Stacking menu is shown in Figure 25 Figure 25 Enhanced Stacking Menu The menu shows the enhanced stacking status of the switch you selected Allied Telesis AT 9424Ts AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Enhanced Stacking 1 Switch State M aster S lave U navailable Slave R Return to Previous Menu Enter your selection ...

Page 93: ...and delete SNMPv1 and SNMPv2c community strings Sections in the chapter include Enabling or Disabling SNMP Management on page 94 Setting the Authentication Failure Trap on page 95 Creating an SNMP Community String on page 96 Modifying a Community String on page 99 Deleting a Community String on page 103 Displaying the SNMP Community Strings on page 104 ...

Page 94: ...e the SNMP Status option between its two settings of Enabled and Disabled When set to Disabled the default you cannot manage the switch using SNMP When set to Enabled you can manage the switch using SNMP A change to the SNMP status is immediately activated on the switch 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Allied Telesis A...

Page 95: ...IP address is not assigned Given the importance of this trap to the protection of your switch the management software allows you to disable and enable it separately from the other traps If you enable it the switch will send this trap if either of the above events occur If you disable it the switch will not send this trap The default is disabled If you enable this trap be sure to add one or more IP...

Page 96: ...c Community Menu The table in the menu lists the current community strings on the switch and their attributes The columns in the table are defined here Community Name The name of a community string Access Mode The access mode of a community string A string with a Read Only access mode permits the viewing of the MIB objects on the switch A string with a Read Write access mode permits both viewing a...

Page 97: ...mmunity string The name can be from one to fifteen alphanumeric characters Spaces are allowed The following prompt is displayed Enter Access Mode R Read Only W Read Write 6 Specify the access mode for the new SNMP community string If you specify Read the community string will only allow you to view the MIB objects on the switch If you specify Read Write the community string will allow you to both ...

Page 98: ...string can have up to eight IP addresses of trap receivers But you can assign only one initially with this procedure To add additional IP addresses refer to Modifying a Community String on page 99 If you do not want to add a IP address of a trap receiver to the community string leave this field blank by pressing Return The AT S63 Management Software creates the new community string and adds it to ...

Page 99: ...MPv1 SNMPv2c Community menu type 3 to select Modify SNMP Community The Modify SNMP Community menu is shown in Figure 28 Figure 28 Modify SNMP Community Menu This menu lists the current community strings on the switch and their attributes For attribute definitions refer to Creating an SNMP Community String on page 96 Allied Telesis AT 9424Ts AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Modify...

Page 100: ...prompt Otherwise just press Return A community string can have a maximum of eight IP addresses but you can add only one at a time with this procedure This prompt is displayed Enter Trap Receiver IP Addr d If you want the switch to send traps to a trap receiver enter the IP address of the receiver at this prompt Otherwise just press Return The community string is modified and the Modify SNMP Config...

Page 101: ...ng prompt is displayed Enter SNMP Community Name b Enter the community string you want to modify Community strings are case sensitive The following prompt is displayed Enter Access Mode R Read Only W Read Write c Type R to change the string s status to Read only or W for Read Write This confirmation prompt is displayed Do you want to change this Community Access Mode Y N Yes No d Type Y to change ...

Page 102: ...osed status can only be used from management workstations whose IP addresses are assigned to the community string To use the option do the following a From the Modify SNMP Community menu type 5 to select Set Community Open Status The following prompt is displayed Enter SNMP Community Name b Enter the community string you want to modify Community strings are case sensitive The following prompt is d...

Page 103: ...uration menu type 3 to select Configure SNMPv1 SNMPv2c Community The Configure SNMPv1 SNMPv2c Community menu is shown in Figure 27 on page 96 4 From the Configure SNMPv1 SNMPv2c Community menu type 2 to select Delete SNMP Community This prompt is displayed Enter Trap Receiver IP Addr 5 Enter the community string to be deleted Community strings are case sensitive A confirmation prompt is displayed ...

Page 104: ...NMPv2c Community The Display SNMPv1 SNMPv2c Community menu is shown in Figure 29 Figure 29 Display SNMP Community Menu For attribute definitions refer to Creating an SNMP Community String on page 96 Allied Telesis AT 9424Ts AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv1 SNMPv2c Community Community Name Access Mode Status OpenAcc Manager IP Addr Trap Receiver IP Private125 Read W...

Page 105: ... also explains how to add static MAC addresses to the table This chapter contains the following sections Displaying the MAC Address Tables on page 106 Adding Static Unicast and Multicast MAC Addresses on page 110 Deleting Unicast and Multicast MAC Addresses on page 112 Deleting All Dynamic MAC Addresses on page 113 Changing the Aging Time on page 114 ...

Page 106: ...MAC Addresses or 4 to select Display Multicast MAC Addresses The Display Unicast MAC Addresses menu is shown in Figure 31 The Display Multicast MAC Addresses menu contains the same selections Figure 31 Display Unicast MAC Addresses Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 MAC Address Tables 1 MAC Address Aging Time 300 second s 2 MAC Addresses Configuratio...

Page 107: ...c unicast MAC address Port The port where the address was learned or assigned The MAC address with port 0 is the address of the switch VLAN ID The ID number of the VLAN where the port is an untagged member Type The type of the address static or dynamic Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display All Page 1 Total Number of MAC Addresses 121 MAC Address Port...

Page 108: ...s belong to different groups The other selections on the menu are 2 Display Static This selection displays only the static addresses assigned to the ports on the switch 3 Display Dynamic This selection displays only the dynamic addresses learned on the ports on the switch 4 Display by Port This selection displays the dynamic and static MAC addresses of a particular port When you select this option...

Page 109: ... When you use the Display Specified MAC selection you specify the MAC address and the AT S63 Management Software automatically locates the port on the switch where the device is connected 6 Display by VLAN ID Displays all the static and dynamic addresses learned on the tagged and untagged ports of a specific VLAN When you select this option you are prompted for the VLAN ID number of the VLAN You c...

Page 110: ...2 to select MAC Addresses Configuration The MAC Addresses Configuration menu is shown in Figure 34 Figure 34 MAC Addresses Configuration Menu 3 From the MAC Addresses Configuration menu type 1 to select Add static MAC address The following prompt is displayed Please enter MAC address 4 Enter the static unicast or multicast MAC address in the following format XXXXXX XXXXXX After you have specified ...

Page 111: ...tion is located as well as the ports where the host nodes are connected Assigning the address only to the port where the multicast application is located will prevent the forwarding of the multicast packets to the host nodes You can specify the ports individually e g 1 4 5 as a range e g 11 14 or both e g 15 17 22 24 The following prompt is displayed Please enter VLAN ID 1 to 4094 1 6 Enter the VL...

Page 112: ...Configuration menu type 2 to select Delete MAC Address The following prompt is displayed Please enter a MAC address 4 Enter the unicast or multicast MAC address to be deleted in the following format XXXXXX XXXXXX After you have entered the MAC address the following prompt is displayed Please enter VLAN ID 1 to 4094 1 5 Enter the VLAN ID of the port where the address was assigned or learned The MAC...

Page 113: ...he MAC Address Tables menu type 2 to select MAC Addresses Configuration The MAC Addresses Configuration menu is shown in Figure 34 on page 110 3 From the MAC Addresses Configuration menu type 3 to select Delete All Dynamic MAC Addresses The following prompt is displayed All learned MAC non static addresses will be deleted Do you want to continue Yes No 4 Type Y to delete the addresses or N to canc...

Page 114: ...ocedure 1 From the Main Menu type 4 to select MAC Address Tables The MAC Address Tables menu is shown in Figure 30 on page 106 2 From the MAC Address Tables menu type 1 to select MAC Address Aging Time The following prompt is displayed Enter MAC address aging time 8 to 1048575 3 Enter a new value in seconds The range is 0 to 1048575 seconds The default is 300 seconds 5 minutes The value 0 disables...

Page 115: ...Static Port Trunks This chapter contains the procedures for managing static port trunks Sections in the chapter include Creating a Static Port Trunk on page 116 Modifying a Static Port Trunk on page 120 Deleting a Static Port Trunk on page 123 ...

Page 116: ...orrect for the end node to which the trunk will be connected When you create the trunk the AT S63 Management Software copies the settings of the lowest numbered port in the trunk to the other ports so that all the settings are the same You should also check to be sure that the ports are untagged members of the same VLAN You cannot create a trunk of ports that are untagged members of different VLAN...

Page 117: ...MAC Source MAC address DST MAC Destination MAC address SRC DST MAC Source address destination MAC address SRC IP Source IP address DST IP Destination IP address SRC DST IP Source address destination IP address Status The operating status of the trunk If the trunk has established a link with the other device the status will be UP If the trunk has not establish a link or the ports in the trunk are d...

Page 118: ...e a unique name 3 Trunk Method Specifies the load distribution method The possible settings are SRC MAC Source MAC address DST MAC Destination MAC address SRC DST MAC Source address destination MAC address SRC IP Source IP address trunking DST IP Destination IP address trunking SRC DST IP Source address destination IP address The default is SRC DST MAC 4 Port Range Specifies the ports of the trunk...

Page 119: ... port trunk is now active on the switch 7 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes 8 Configure the ports on the remote switch for port trunking 9 Connect the cables to the ports of the trunk on the switch The port trunk is ready for network operations ...

Page 120: ...nk Therefore you should check to see if its settings are appropriate prior to adding it If you are adding a port and the port will not be the lowest numbered port in the trunk its settings will be changed to match the settings of the existing ports in the trunk If you are adding a port to a static trunk you should check to be sure that the new port is an untagged member of the same VLAN as the oth...

Page 121: ...3 Trunk Method Specifies the load distribution method The possible settings are SRC MAC Source MAC address DST MAC Destination MAC address SRC DST MAC Source address destination MAC address SRC IP Source IP address trunking DST IP Destination IP address trunking SRC DST IP Source address destination IP address The default is SRC DST MAC 4 Port Range Specifies the ports of the trunk A trunk can con...

Page 122: ...nk The modifications to the port trunk are activated on the switch 7 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes 8 Reconnect the cables to the ports of the trunk on the switch The modified port trunk is ready for network operations ...

Page 123: ...n 2 From the Port Menu type 4 to select Port Trunking and LACP The Port Trunking and LACP menu is shown in Figure 35 on page 116 3 From the Port Trunking and LACP menu type 1 to select Static Port Trunking The Static Port Trunking menu is shown in Figure 36 on page 117 4 Type D to select Delete Trunk The following prompt is displayed Enter Trunk ID 1 to 6 5 Enter the ID number of the trunk to be d...

Page 124: ...Chapter 6 Static Port Trunks 124 Section I Basic Operations ...

Page 125: ...anaging LACP port trunks Sections in the chapter include Enabling or Disabling LACP on page 126 Setting the LACP System Priority on page 128 Creating an Aggregator on page 129 Modifying an Aggregator on page 132 Deleting an Aggregator on page 134 Displaying LACP Port and Aggregator Status on page 135 ...

Page 126: ...s connected to the aggregate trunk ports Otherwise a network loop might occur resulting in a broadcast storm and poor network performance To enable or disable LACP perform the following procedure 1 From the Main Menu type 1 to select Port Configuration 2 From the Port Configuration menu type 4 to select Port Trunking and LACP The Port Trunking and LACP menu is shown in Figure 35 on page 116 3 Type...

Page 127: ... User s Guide Section I Basic Operations 127 4 Type 1 to toggle LACP Status between Disabled and Enabled The default is disabled 5 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 128: ... procedure 1 From the Main Menu type 1 to select Port Configuration 2 From the Port Configuration menu type 4 to select Port Trunking and LACP The Port Trunking and LACP menu is shown in Figure 35 on page 116 3 Type 2 to select LACP Configuration The LACP IEEE 8023ad Configuration menu is shown in Figure 39 on page 126 4 Type 2 to select Priority The following prompt is displayed Enter Priority 0x...

Page 129: ...ur network topology Data loops can result in broadcast storms and poor network performance Note Before creating an aggregator verify that the ports that will be members of the aggregator are set to Auto Negotiation or 1000 Mbps full duplex Aggregate trunks do not support half duplex mode 1 From the Main Menu type 1 to select Port Configuration 2 From the Port Configuration menu type 4 to select Po...

Page 130: ...ered in hexadecimal The range is 1 to FFFF Note When you create a new aggregator you can specify either the aggregator s name or adminkey but not both If you specify a name the adminkey is based on the operator key of the lowest numbered port in the aggregator If you specify an adminkey the default name is DEFAULT_AGG followed by the port number of the lowest numbered port in the aggregator For ex...

Page 131: ... C to select Create Aggregator The aggregator is created on the switch 7 If LACP is not enabled on the switch perform the procedure Enabling or Disabling LACP on page 126 and activate the protocol 8 Configure LACP on the other network device 9 Connect the cables to the ports of the aggregator on both the switch and the other network device The aggregator and its aggregate trunk s are now ready for...

Page 132: ...oops in your network topology which can result in broadcast storms and poor network performance To modify an aggregator perform the following procedure 1 From the Main Menu type 1 to select Port Configuration 2 From the Port Configuration menu type 4 to select Port Trunking and LACP The Port Trunking and LACP menu is shown in Figure 35 on page 116 3 Type 2 to select LACP Configuration The LACP IEE...

Page 133: ...e load distribution method Possible settings are SRC MAC Source MAC address DST MAC Destination MAC address SRC DST MAC Source address destination MAC address SRC IP Source IP address trunking DST IP Destination IP address trunking SRC DST IP Source address destination IP address The default is SRC DST MAC 4 Port Range Specifies the aggregator ports An aggregator can contain any number of ports on...

Page 134: ...nfiguration 2 From the Port Configuration menu type 4 to select Port Trunking and LACP The Port Trunking and LACP menu is shown in Figure 35 on page 116 3 Type 2 to select LACP Configuration The LACP IEEE 8023ad Configuration menu is shown in Figure 39 on page 126 4 Type 5 to select Delete Aggregator The following prompt is displayed Enter Aggregator Name Max up to 20 alphanumeric characters 5 Ent...

Page 135: ... Status Figure 42 is an example of the LACP IEEE 802 3ad Port Status menu The information in this window is for viewing purposes only For definitions refer to the IEEE 802 3ad standard Figure 42 LACP IEEE 802 3ad Port Status Menu Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 LACP IEEE 802 3ad Port Status Port 01 Aggregator Sales server ACTOR PARTNER Actor Port 06 Pa...

Page 136: ... Figure 43 LACP IEEE 802 3ad Aggregator Status Menu Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 LACP IEEE 802 3ad Aggregator Status Aggregator 1 Sales server Adminkey 0x0050 Oper Key 0x1405 Speed 100 Mbps Distribution Mode SRC DST MAC Ports configured 5 8 Ports in LAGID 5 8 Aggregated Port 5 8 R Return to Previous Menu Enter your selection ...

Page 137: ...g This chapter contains the procedures for creating and deleting a port mirror Sections in the chapter include Creating a Port Mirror on page 138 Disabling a Port Mirror on page 140 Modifying a Port Mirror on page 141 Displaying the Port Mirror on page 142 ...

Page 138: ...r Enable E Disable D 4 Type E to enable the feature New options are added to the Port Mirroring menu as shown in Figure 45 Figure 45 Port Mirroring Menu 2 5 Type 2 to select Mirror To Destination Port Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Port Mirroring 1 Enable Disable Disabled R Return to Previous Menu Enter your selection Allied Telesis AT 9448T SP AT S63...

Page 139: ...the ports You can identify the ports individually for example 3 7 10 as a range for example 5 11 or both for example 2 4 11 14 Entering none removes all ingress source ports 8 To mirror the egress transmitted traffic from one or more ports do the following a Type 4 to select Egress Mirror Port The following prompt is displayed Egress Mirror Ports 1 24 or None b Enter the ports Entering none remove...

Page 140: ...t Mirroring menu is shown in Figure 45 on page 138 3 From the Port Mirroring Menu type 1 to select Enable Disable The following prompt is displayed Enter Enable E Disable D 4 Type D to disable the feature Port mirroring on the switch is now disabled You can disconnect the network analyzer from the destination port and use the port for normal network operations 5 To permanently save your change ret...

Page 141: ... the network analyzer will be located You can specify only one destination port 5 If you want to mirror the ingress received traffic on one or more ports type 3 to select Ingress Rx Mirror Source Ports The following prompt is displayed Ingress Mirror Ports 1 24 or None 6 Enter the ports You can identify the ports individually for example 3 7 10 as a range for example 5 11 or both for example 2 4 1...

Page 142: ...about the port mirror Enable Disable The port mirroring status Enabled or Disabled Mirror To Destination Port The port that functions as the destination port Ingress Rx Mirror Source Port The port s whose ingress received traffic is mirrored Egress Tx Mirror Source Port The port s whose egress transmitted traffic is mirrored Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar ...

Page 143: ...sing the AT S63 Management Software The chapters include Chapter 9 File System on page 145 Chapter 10 File Downloads and Uploads on page 167 Chapter 11 Event Logs and the Syslog Client on page 197 Chapter 12 Classifiers on page 219 Chapter 13 Access Control Lists on page 231 Chapter 14 Class of Service on page 243 Chapter 15 Quality of Service on page 251 Chapter 16 Denial of Service Defenses on p...

Page 144: ...144 Section II Advanced Operations ...

Page 145: ...e file system to select which boot configuration file you want the switch to use the next time the device is reset or power cycled This chapter contains the following sections Working with Boot Configuration Files on page 146 Copying a System File on page 154 Renaming a System File on page 156 Deleting a System File on page 158 Displaying System Files on page 159 Working with Flash Memory on page ...

Page 146: ...es that are to have similar configurations One way to do this with switches that support compact flash cards is to copy the configuration file from flash memory on the master switch onto the compact flash card Then take the compact flash card to other switches and copy the configuration file from the compact flash card into the switch s flash memory The procedures in this section explain how to cr...

Page 147: ...re 47 Figure 47 File Operations Menu Note Item 9 Format Flash Drive and item F Display Flash Information are described in Working with Flash Memory on page 162 Item C Display Compact Flash Information and item D Compact Flash Directory Configuration are described in Working with the Compact Flash Card on page 164 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 File Op...

Page 148: ...ed Enter the file name 7 Enter the same file name you entered in Step 5 This makes your new boot configuration file the active file on the switch Any changes you now make to the switch s parameter settings are saved to this file The file name is now displayed following selection 1 in the File Operations menu The file name should be followed by Exist meaning that the file exists in the switch s fil...

Page 149: ... Changes from the Main Menu Note the following before performing this procedure To view the name of the currently active configuration file display the File Operations menu The name of the file is displayed in option 1 Boot Configuration File in the menu The file to be selected as the new active configuration file must already exist in the switch s file system or on a flash memory card for those s...

Page 150: ...e them If you reset the switch it uses the BOOT CFG file to configure its settings To be able to save configuration changes again you must assign a new active boot configuration file To select the active boot configuration file for the switch perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 9 to select System Uti...

Page 151: ...booting the Switch on page 43 To overwrite the settings in the configuration file with the switch s current settings return to the Main Menu and type S to select Save Configuration Changes Viewing a Boot Configuration File Use the following procedure to view the contents of a boot configuration file To display the names of the boot configuration files on the switch see Displaying System Files on p...

Page 152: ...le using a text editor on your management station To edit the file you must first upload it from the switch to your management station You cannot edit a boot configuration file directly on the switch After you edit the file you can download it to the switch and make it the active boot configuration file For instructions on how to upload a boot configuration file from a switch to your management st...

Page 153: ... commands for a particular function For example the VLAN Configuration section should only contain commands for creating VLANs or for setting the VLAN mode Each command must start flush left To comment out a command so that the switch does not perform it precede the command with the pound symbol You should test the commands manually by entering them at a command line prompt before inserting them i...

Page 154: ...u want to store the file This is explained in Changing the Current Flash Card Directory on page 166 The following procedure does not allow you to specify a directory path The default location is the root of the flash card Files with the extension UKF are encryption key pairs These files cannot be copied renamed or deleted from the file system To copy a system file perform the following procedure 1...

Page 155: ...witch12 cfg Enter the destination file name switch12_backup cfg This example creates a copy of a configuration file called sw24 cfg located on a flash memory card and assigns it the name sw24_bk cfg Enter the source file name cflash sw24 cfg Enter the destination file name cflash sw24_bk cfg This example copies the configuration file sw_sales cfg from the switch s file system to a flash memory car...

Page 156: ...on or select another active boot configuration file For instructions on how to change the active boot configuration file see Setting the Active Boot Configuration File on page 149 To rename a system file perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 9 to select System Utilities 3 From the System Utilities menu...

Page 157: ... any key Press any key to return to the File Operations menu Examples The following examples illustrate how to rename files in a switch s flash memory and on a compact flash card This example renames the file eventlog11 log in the switch s flash memory to apr12_events log Enter the source file name eventlog11 log Enter the destination file name apr12_events log This example renames the file sw24 c...

Page 158: ...er to Changing the Current Flash Card Directory on page 166 Files with the extension UKF are encryption key pairs These files cannot be copied renamed or deleted from the file system To delete a key pair from the switch refer to Deleting an Encryption Key on page 600 To delete a system file perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the Syste...

Page 159: ... type 9 to select System Utilities 3 From the System Utilities menu type 1 to select File Operations The File Operations menu is shown in Figure 47 on page 147 4 From the File Operations Menu type 8 to select List Files The following prompt is displayed Enter file name pattern to list 5 Enter a boot configuration file name or pattern using the wildcard Below are examples of how to use the wildcard...

Page 160: ...ash memory or cflash for compact flash card Size Size of the file in bytes Last Modified The time the file was created or last modified in the following date and time format month day year hours minutes seconds Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 List Files File Name Device Size Bytes Last Modified default cfg flash 805 01 10 2002 12 01 16 boot cfg flash 1...

Page 161: ... Files The following prompt is displayed Enter file name pattern to list 5 To list only the files on the compact flash card enter cflash The system displays files on the compact flash card as shown in Figure 50 Figure 50 List Files Menu for a Compact Flash Card Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 List Files File Name Device Size Bytes Last Modified dcim cf...

Page 162: ...stration menu type 9 to select System Utilities 3 From the System Utilities menu type 1 to select File Operations The FIle Operations menu is shown in Figure 47 on page 147 4 From the File Operations menu type F to select Display Flash Information The Display Flash Information menu is shown in Figure 51 Figure 51 Display Flash Information Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manag...

Page 163: ... while the switch initializes the AT S63 Management Software To format the flash memory perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 9 to select System Utilities 3 From the System Utilities menu type 1 to select File Operations The FIle Operations menu is shown in Figure 47 on page 147 4 From the File Operati...

Page 164: ...9 to select System Utilities 3 From the System Utilities menu type 1 to select File Operations The FIle Operations menu is shown in Figure 47 on page 147 4 From the File Operations menu type C to select Display Compact Flash Information The Display Compact Flash Information menu is shown in Figure 52 Figure 52 Display Compact Flash Information Menu Allied Telesis AT 9424T SP AT S63 Marketing User ...

Page 165: ...ing the Current Flash Card Directory on page 166 Number of files The number of files in the current directory Number of directories The number of directories on the compact flash card Bytes used The number of bytes used in the current directory The Card Information section contains the following information Hardware detected Whether or not a compact flash card is inserted in the slot Serial Number...

Page 166: ...s menu type 1 to select File Operations The FIle Operations menu is shown in Figure 47 on page 147 4 From the File Operations menu type D to select Set Change Compact Flash Directory The Set Change Compact Flash Directory menu is shown in Figure 53 Figure 53 Set Change Compact Flash Directory Menu 5 From the Set Change Compact Flash Directory menu type 1 to select Current Directory The following p...

Page 167: ...n file from the file system in the switch The procedures in this chapter are Downloading the AT S63 Image File onto a Switch on page 168 Uploading the AT S63 Image File Switch to Switch on page 176 Uploading an AT S63 Configuration File Switch to Switch on page 179 Downloading a System File on page 182 Uploading a System File on page 190 Note For instructions on how to obtain the latest version of...

Page 168: ...fic may be lost Guidelines The following guidelines apply to both Xmodem and TFTP downloads These procedures download a new AT S63 image file into the application block portion of the switch s flash memory The application block is the area of flash memory reserved for the active AT S63 image file on a switch and is separate from the file system Alternatively you can download the image file into th...

Page 169: ...started the local management session You cannot use Xmodem to download a new image file to a switch accessed through enhanced stacking The new AT S63 image file must be stored on the computer or terminal connected to the RS232 terminal port on the switch The following guidelines apply to a TFTP download The switch must have a routing interface on the local subnet from where it reaches the TFTP ser...

Page 170: ...n Figure 1 on page 32 3 From the System Administration menu type 9 to select System Utilities The System Utilities menu is shown in Figure 6 on page 43 4 From the System Utilities menu type 2 to select Downloads and Uploads The Downloads and Uploads menu is shown in Figure 54 Figure 54 Downloads and Uploads Menu 5 From the Downloads and Uploads menu type 1 to select Download Application Image Boot...

Page 171: ... file already in the application block on the switch If the new image file has an earlier or the same version number as the file in the switch s application block it cancels the update process If the new image file has a newer version number the switch writes the file to the application block portion of flash memory and then resets Caution The switch does not forward any network traffic while writ...

Page 172: ...oad a file using the Hilgraeve HyperTerminal program 10 From the HyperTerminal main window select Send File from the Transfer menu as shown in Figure 55 Figure 55 HyperTerminal Window The Send File window is shown in Figure 56 Figure 56 Send File Window 11 Click Browse and specify the location and file to be downloaded onto the switch 12 Click in the Protocol field and select as the transfer proto...

Page 173: ...st the file already in the application block on the switch If the new image file has an earlier or the same version number as the file in the switch s application block it cancels the update process If the new image file has a newer version number the switch writes the file to the application block portion of flash memory and then resets Caution The switch does not forward network traffic while wr...

Page 174: ...Administration The System Administration menu is shown in Figure 1 on page 32 3 From the System Administration menu type 9 to select System Utilities The System Utilities menu is shown in Figure 6 on page 43 4 From the System Utilities menu type 2 to select Downloads and Uploads The Downloads and Uploads menu is shown in Figure 54 on page 170 5 From the Downloads and Uploads menu type 1 to select ...

Page 175: ...image file has an earlier or the same version number as the file in the switch s application block it cancels the update process If the new image file has a newer version number the switch writes the file to the application block portion of flash memory and then resets Caution The switch does not forward any network traffic while writing the image to flash and during the reset process This can tak...

Page 176: ...S63 image file on a switch and is separate from the file system Alternatively if you prefer to store the image file in the switch s file system with plans to transfer it to the application block at a later time refer to Downloading a System File on page 182 To transfer an image file from the file system to the application block use the LOAD command in the command line interface The current configu...

Page 177: ... Note The 2 Stacking Services selection is only available on a master switch The Stacking Services menu is shown in Figure 23 on page 88 3 From the Stacking Services menu type 1 to select Get Refresh List of Switches The master switch polls the subnet for other enhanced stacking switches in the same enhanced stack and displays the switches in the Stacking Services menu 4 Type 4 to select Download ...

Page 178: ...oad is complete After receiving the file a switch compares the version numbers of the new and existing image files If the new image file has the same or an earlier version number as the file in the application block it cancels the update process If the new image file has a newer version number the switch writes the file to the application block portion of flash memory and then resets Caution The s...

Page 179: ...itches from having the same IP addresses on their routing interfaces Any routing interfaces already defined on the switch that receives the configuration file from the master switch are not retained If you choose to upload another configuration file from the master switch s file system the entire file without any modification is transferred to the other switch This type of upload should be perform...

Page 180: ...of Switches The master switch polls the subnet for other enhanced stacking switches in the same enhanced stack and displays the switches in the Stacking Services menu 4 Type 5 to select Load Configuration File The following prompt is displayed Remote switches will reboot after load is complete Do you want to load the last saved master configuration Yes No 5 If you want to upload the master switch ...

Page 181: ...ed Do you want confirmation before downloading each switch Yes No 8 If you answer Yes to this prompt the management software prompts you with a confirmation message before uploading the file to a switch If you answer No the management software does not display a confirmation prompt The management software begins the upload A switch after receiving the configuration file automatically designates it...

Page 182: ...u can also use these procedures to store an AT S63 image file in the switch s file system However placing an image file in the file system does not make it the active image file on the switch and it will take up a large portion of the file system To be active the file must be stored in the switch s application block which is a separate part of flash memory from the file system To download an AT S6...

Page 183: ...nfiguration file onto a switch of a different model for example AT 9408LC SP to AT 9424T SP Undesirable switch behavior may result You cannot download a private encryption key onto a switch but you can download a public key However because the switch can only use those encryption keys that it has generated itself Allied Telesis recommends against downloading any keys onto the switch These guidelin...

Page 184: ... in Figure 6 on page 43 3 From the System Utilities menu type 2 to select Downloads and Uploads The Downloads and Uploads menu is shown in Figure 54 on page 170 4 From the Downloads and Uploads menu type 3 to select Download a File The following prompt is displayed Download Method Protocol X Xmodem T TFTP 5 To download a system file using Xmodem go to Step 6 To download a file using TFTP do the fo...

Page 185: ... the Active Boot Configuration File on page 149 If you downloaded a CA certificate refer to Adding a Certificate to the Database on page 616 This completes the procedure for downloading a file into the switch s file system or flash memory card from a local management session using TFTP 6 To download a file using Xmodem type X at the prompt displayed in Step 5 The following prompt is displayed Loca...

Page 186: ... the Hilgraeve HyperTerminal program 10 From the HyperTerminal main window select Send File from the Transfer menu as shown in Figure 58 Figure 58 HyperTerminal Window The Send File window is shown in Figure 59 Figure 59 Send File Window 11 Click Browse and specify the location and system file to be downloaded onto the switch 12 Click in the Protocol field and select as the transfer protocol eithe...

Page 187: ...fer to Adding a Certificate to the Database on page 616 This completes the procedure for downloading a file into the switch s file system or flash memory card from a local management session using Xmodem Downloading a System File from a Remote Management Session Review Guidelines on page 182 before performing this procedure To download a system file onto a switch from a remote management session u...

Page 188: ...to the switch s file system The following prompt is displayed Local File Name 8 Enter a name for the system file This is the name that the switch will store the file as in its file system To store the file on a flash memory card in the switch rather than the file system precede the name with cflash The following message is displayed Getting the file from Remote TFTP Server Please wait 9 If you hav...

Page 189: ...ment Software Menus User s Guide Section II Advanced Operations 189 This completes the procedure for downloading a file into the switch s file system or flash memory card from a remote management session using TFTP ...

Page 190: ...that you can modify it with a text editor at your management workstation Or you might have created a CA certificate enrollment request on the switch and need to upload it prior to submitting it to a CA Note The certificate enrollment request and the public encryption key are supported only on the version of AT S63 management software that features SSL and PKI security Guidelines This section conta...

Page 191: ... procedure The switch must have a routing interface on the local subnet from where it reaches the TFTP server The switch uses the IP address of the interface as its source address when sending packets to the TFTP server For switches without a routing interface you can download the file from a local management session of the switch using Xmodem Uploading a System File from a Local Management Sessio...

Page 192: ...ollowing message is displayed Local File Name d Enter the name of the system file in the switch s file system that you want to upload to the TFTP server You can specify only one file You cannot use wildcards in the file name If the file is stored on a flash memory card precede the name with cflash The following message is displayed Sending the file to Remote TFTP Server Please wait After the switc...

Page 193: ...oad utility Do you wish to continue Yes No Note Please select 1K Xmodem protocol for faster download Note The transfer protocol must be Xmodem or 1K Xmodem 9 Type Y for Yes The following message is displayed Use Hyper Terminal s Transfer Receive File option to select Protocol Note Please select 1K Xmodem protocol for faster upload 10 Begin the file transfer Steps 11 through 14 illustrate how you w...

Page 194: ...sr for an CA certificate enrollment request The switch uploads the file from the switch to your computer This completes the procedure for uploading a file from the switch from a local management session using Xmodem Uploading a System File from a Remote Management Session Review Guidelines on page 190 before performing this procedure To upload a system file from the switch using a remote managemen...

Page 195: ...ure to give it the same extension as the original file name for example cfg for a configuration file and csr for an CA certificate enrollment request The following message is displayed Local File Name 8 Enter the name of the system file on the switch that you want to upload to the TFTP server You can specify only one file You cannot use wildcards in the file name If the file is stored on a flash m...

Page 196: ...Chapter 10 File Downloads and Uploads 196 Section II Advanced Operations ...

Page 197: ...g Client This chapter describes how to monitor the activity of a switch by viewing the event messages in the event logs and sending the messages to a syslog server Sections in the chapter include Working with the Event Logs on page 198 Configuring Log Outputs on page 209 ...

Page 198: ...is enabled Note Allied Telesis recommends setting the switch s date and time if you enable the event logs Otherwise event messages will not have the correct time and date For instructions refer to Setting the System Time on page 38 To enable or disable the event logs perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu ty...

Page 199: ...hanges To display the events in a log go to the next procedure Displaying an Event Log To view the events in an event log perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 8 to select Event Log The Event Log menu is shown in Figure 63 on page 198 3 To specify the event log whose events you want to view type 2 to s...

Page 200: ... and event ID An example of Full mode is shown in Figure 65 on page 204 6 To display events of a selected severity type 5 to select Display Severity The following prompt is displayed Enter Severity levels to display ALL E Error W Warning I Information D Debug The possible options are ALL All messages of the following types are displayed This is the default E Error Only error messages are displayed...

Page 201: ...hose events that were generated by specific modules Table 1 lists of modules Table 1 AT S63 Modules Module Name Description ALL All modules ACL Access control list CFG Switch configuration CLASSIFIER Classifiers used by ACL and QoS CLI Command line interface commands DOS Denial of service defense ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event logs FILE File system GARP GARP GVRP HTTP W...

Page 202: ...C Real time clock SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree Rapid Spanning and Multiple Spanning Tree protocols SYSTEM Hardware status manager and operator log in and log off events TACACS TACACS authentication protocol TELNET Telnet TFTP TFTP TIME System time and SNTP VLAN Port based and tagged VLANs and multiple VLAN modes WATCHDOG Watchdog timer Tab...

Page 203: ...m contains two parts The first part is the name of the module Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Event Log S Date Time Event I 02 24 04 12 31 02 ssh SSH server disabled I 02 24 04 12 31 02 garp GARP initialized I 02 24 04 12 31 02 ptrunk Trunk initialization succeeded Temporary Memory Log Events 1 10 of 340 P Previous Page N Next Page F First Page L Last ...

Page 204: ...ent Source File Line Number The AT S63 software source file name and the line number in that source file that produced the event 9 Type the following to scroll through the event log P Previous page N Next page F First page L Last page To clear the events in a log go to Clearing an Event Log on page 206 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Event Log S Date T...

Page 205: ... System Administration 2 From the System Administration menu type 8 to select Event Log The Event Log menu is shown in Figure 63 on page 198 3 From the Event Log menu type L to select Configure Log Outputs The Configure Log Outputs menu is shown in Figure 67 on page 210 4 From the Configure Log Outputs menu type 2 to select Modify Log Output The following prompt is displayed Enter output ID to mod...

Page 206: ... or to upload to your management workstation The file is saved as an ASCII file To save the event log as a file in the file system perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 8 to select Event Log The Event Log menu is shown in Figure 63 on page 198 3 Configure options 2 to 6 in the Event Log menu to specify...

Page 207: ...s The File Operations menu is displayed as shown in Figure 47 on page 147 11 From the File Operations menu type 7 to select View File The following prompt is displayed Enter file name to view 12 Type the file name with the log file name extension and press Return A sample log file saved in full mode is shown in Figure 66 Figure 66 Sample Log File View Allied Telesis AT 9424T SP AT S63 Marketing Us...

Page 208: ...Chapter 11 Event Logs and the Syslog Client 208 Section II Advanced Operations 13 To upload the file to your management station refer to Uploading a System File on page 190 ...

Page 209: ...o send Observe the following guidelines when using this feature You can define up to 19 log output definitions The event log feature on the switch must be enabled in order for the switch to send events to a syslog server For instructions refer to Enabling or Disabling the Event Logs on page 198 The local subnet on the switch where the syslog server is a member must have a routing interface The swi...

Page 210: ...t have already been created is shown in Figure 67 Figure 67 Configure Log Outputs Menu Output 0 is the event log in permanent memory and Output 1 is the log in temporary memory 4 From the Configure Log Outputs menu type 1 to select Create Log Output The following prompt is displayed Enter output type 1 SYSLOG 5 Enter 1 for Syslog the only available selection Allied Telesis AT 9424T SP AT S63 Marke...

Page 211: ... Server IP Address The following prompt is displayed Enter server IP address 9 Type the IP address of the syslog server 10 Type 3 to toggle Output Status between the following options Enabled Enables the syslog output definition When enabled the switch sends events to the specified syslog server Disabled Disables the syslog output definition When disabled which is the default the switch does not s...

Page 212: ...that you can use to help group entries on the syslog server according to the module or switch that produced them This grouping can help you determine which events belong to which device when a syslog server is collecting events from several network devices You can specify only one facility level There are two approaches to using this parameter The first is to use the 0 DEFAULT setting which is bas...

Page 213: ...CAL7 Each setting represents a predefined RFC 3164 numerical code The code mappings are listed in Table 4 9 Clock daemon Time based modules TIME system time and SNTP RTC 22 Local use 6 Physical interface and data link modules PCFG PMIRR PTRUNK STP VLAN 23 Local use 7 SYSTEM events related to major exceptions 16 Local use 0 All other modules and events Table 4 Numerical Code and Facility Level Mapp...

Page 214: ...mpaired W Warning Only warning messages are displayed These messages indicate that an issue may require manager attention I Information Only informational messages are displayed Informational messages display useful information that you can ignore during normal operation D Debug Debug messages provide detailed high volume information that is intended only for technical support personnel You can se...

Page 215: ...log output definition perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 8 to select Event Log The Event Log menu is shown in Figure 63 on page 198 3 From the Event Log menu type L to select Configure Log Outputs The Configure Log Outputs menu is shown in Figure 67 on page 210 4 From the Configure Log Outputs menu ...

Page 216: ...ion perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 8 to select Event Log The Event Log menu is shown in Figure 63 on page 198 3 From the Event Log menu type L to select Configure Log Outputs The Configure Log Outputs menu is shown in Figure 67 on page 210 4 From the Configure Log Outputs menu type 3 to select M...

Page 217: ...4 to select View Log Output Details The following prompt is displayed Enter output ID to view 0 to 20 5 Enter the number of the log output that you want to view The Syslog Output Configuration menu for the selected output is displayed An example is shown in Figure 70 Figure 70 Syslog Output Configuration Menu for Selected Output ID To modify the log output configuration refer to Modifying a Log Ou...

Page 218: ...Chapter 11 Event Logs and the Syslog Client 218 Section II Advanced Operations ...

Page 219: ...classifiers and how you can create classifiers to define traffic flows The sections in this chapter include Creating a Classifier on page 220 Modifying a Classifier on page 224 Deleting a Classifier on page 226 Deleting All Classifiers on page 227 Displaying Classifiers on page 228 ...

Page 220: ... 7 to select Security and Services The Security and Services menu is shown in Figure 71 Figure 71 Security and Services Menu 2 From the Security and Services menu type 1 to select Classifier Configuration Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Security and Services 1 Classifier Configuration 2 Port Access Control 802 1x 3 Denial of Service DoS 4 Access Contro...

Page 221: ... 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Classifier Configuration 1 Create Classifier 2 Modify Classifier 3 Destroy Classifier 4 Show Classifiers P Purge Classifiers R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Create Classifier 01 Classifier ID 2 02 Description 03 Dst MAC 04 Src MAC 05 Eth Format 0...

Page 222: ... number The range is 1 to 9999 The default is the lowest available number Item 2 allows you to assign a description to a classifier You should assign a description to each classifier A description helps you identify the different classifiers on the switch A description can be up to fifteen alphanumeric characters including spaces An example of a description is IP traffic flow 6 Adjust the new valu...

Page 223: ...Create Classifier The switch creates the classifier If any of the settings are incompatible the system displays an error message 9 To create more classifiers repeat this procedure starting with step 3 10 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes 11 To add classifiers to an ACL refer to Creating an ACL on page 232 To add classifiers to a...

Page 224: ... Classifier Configuration menu is shown in Figure 72 on page 221 3 From the Classifier Configuration menu type 2 to select Modify Classifier The prompt similar to the following is displayed Available Classifier s 1 12 Enter Classifier ID 1 to 9999 1 4 Enter the ID number of the classifier you want to modify The Modify Classifier window is displayed This window is identical to the Create Classifier...

Page 225: ...this process starting with step 3 8 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes 9 To add the modified classifier to an ACL refer to Creating an ACL on page 232 or Modifying an ACL on page 235 To add it to a QoS policy refer to Managing Flow Groups on page 252 ...

Page 226: ...s menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 1 to select Classifier Configuration The Classifier Configuration menu is shown in Figure 72 on page 221 3 From the Classifier Configuration menu type 3 to select Destroy Classifier The following prompt is displayed Enter Classifier ID 1 to 9999 1 4 Enter the ID number of the classifier you want to delete The detai...

Page 227: ...e To delete all classifiers from the switch perform the following procedure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 1 to select Classifier Configuration The Classifier Configuration menu is shown in Figure 72 on page 221 3 From the Classifier Configuration menu type P to ...

Page 228: ...lect Show Classifiers An example of the Show Classifiers menu is shown in Figure 75 Figure 75 Show Classifiers Menu The Show Classifiers menu displays the current classifiers in a table with the following columns of information ID The classifier s ID number Description The description of the classifier Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show Classifiers N...

Page 229: ...s for a classifier For example if Number of References for a classifier is 5 and the Number of Active Associations is 3 two of the ACL or QoS policy assignments for the classifier have not been assigned to a switch port 4 To view the details of a classifier type D to select Detail Classifier Display The following prompt is displayed Enter Classifier ID 1 to 9999 1 5 Enter the ID number of the clas...

Page 230: ... Classifier Details Menu Page 2 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display Classifier Details 11 Src IP Addr 12 Src IP Mask 13 Dst IP Addr 14 Dst IP Mask 15 TCP Src Port 16 TCP Dst Port 17 UDP Src Port 18 UDP Dst Port 19 TCP Flags P Previous Page U Update Display R Return to Previous Menu Enter your selection ...

Page 231: ...rol Lists This chapter explains how to manage access control lists ACL This chapter contains the following sections Creating an ACL on page 232 Modifying an ACL on page 235 Deleting an ACL on page 237 Deleting All ACLs on page 239 Displaying ACLs on page 240 ...

Page 232: ...m the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 4 to select Access Control Lists The Access Control Lists ACL menu is shown in Figure 78 Figure 78 Access Control Lists ACL Menu 3 From the Access Control Lists ACL menu type 1 to select Create ACL Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar ...

Page 233: ... in the classifiers to be assigned to the ACL or 1 if the packets are to be accepted The default setting is Deny 8 Type 4 to select Classifier List from the Create ACL menu and when prompted enter the classifiers to be assigned to the ACL The prompt includes the ID numbers of the classifiers on the switch You can assign more than one classifier to an ACL Separate multiple classifiers with a comma ...

Page 234: ...n one port When entering multiple ports you can list the ports individually e g 2 5 7 as a range e g 8 12 or both e g 1 4 6 8 10 Type C to select Create ACL The ACL is created on the switch and immediately activated on the specified ports 11 To create additional ACLs repeat this procedure starting with step 3 12 To permanently save your change return to the Main Menu and type S to select Save Conf...

Page 235: ...vices menu type 4 to select Access Control Lists The Access Control Lists ACL menu is shown in Figure 78 on page 232 3 From the Access Control Lists ACL menu type 2 to selection Modify ACL The following prompt is displayed Available ACL s 0 15 Enter ACL ID 0 to 255 0 4 Enter the ID number of the ACL you want to modify You can modify only one ACL at a time The Modify ACL window is displayed with th...

Page 236: ...sifiers on the switch You can assign more than one classifier to an ACL Separate multiple classifiers with a comma for example 2 4 7 The order in which you specify the classifiers is not important When entering classifiers keep in mind the action you specified for this ACL in step 7 The action and the traffic flows defined by the classifiers should correspond For instance an ACL with an action of ...

Page 237: ...3 to selection Destroy ACL The following prompt is displayed Available ACL s 0 15 Enter ACL ID 0 to 255 0 4 Enter the ID number of the ACL you want to modify You can modify only one ACL at a time The Destroy ACL window is displayed with the specifications of the selected ACL You can use this window to confirm that you are deleting the correct ACL An example of the window is shown in Figure 81 Figu...

Page 238: ...Advanced Operations A deleted ACL is immediately removed from the switch 6 To delete additional ACLs repeat this procedure starting with step 3 7 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 239: ... Security and Services 2 From the Security and Services menu type 4 to select Access Control Lists The Access Control Lists ACL menu is shown in Figure 78 on page 232 3 From the Access Control Lists ACL menu type P to selection Purge ACLs Caution No confirmation prompt is displayed All ACLs are immediately deleted from the switch 4 To permanently save your change return to the Main Menu and type S...

Page 240: ...is menu is for viewing purposes only To modify an ACL refer to Modifying an ACL on page 235 The columns in the display are explained here ACL ID The ACL s ID number Description The description of the ACL Active The status of the ACL An ACL is deemed active if it is assigned to at least one port An ACL is deemed inactive if it is not assigned to any ports Allied Telesis AT 9424T SP AT S63 Marketing...

Page 241: ...n The description of the ACL Action The action of the ACL An active of Permit means that the port s where the ACL is assigned accepts those packets that meet the criteria of the ACL s classifiers An action of Deny means that the port s discards the packets provided that the packets do not also meet the criteria of a classifier of a Permit ACL assigned to the same port Classifier List The classifie...

Page 242: ...Chapter 13 Access Control Lists 242 Section II Advanced Operations ...

Page 243: ...s chapter contains the procedures for configuring Class of Service CoS Sections in the chapter include Configuring CoS on page 244 Mapping CoS Priorities to Egress Queues on page 247 Configuring Egress Scheduling on page 248 Displaying Port CoS Priorities on page 250 ...

Page 244: ...in tagged frames A temporary priority level applies only while a frame traverses the switching matrix Tagged frames which can contain a priority level leave the switch with the same priority level they had when they entered the switch To configure CoS for a port perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 5 ...

Page 245: ...to 7 for the untagged frames received on the port For example to assign a temporary priority level of 4 to the ingress untagged packets enter 4 The default is 0 If you perform Step 7 and override the priority level in ingress tagged packets this temporary priority value will also apply to those packets as well 7 If you are configuring a tagged port and you want the switch to ignore the priority ta...

Page 246: ...when it entered The default for this parameter is No meaning that the priority level of tagged frames is determined by the priority level specified in the frames themselves 8 Type C to select Configure Port COS Priorities A change to a port CoS setting is immediately activated on the port 9 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 247: ... 86 Figure 86 Map CoS Priority to Egress Queue Menu 4 Type the number of the CoS priority whose queue assignment you want to change This toggles the queue value through the possible queue settings For example to direct all tagged packets with a CoS priority of 5 to egress queue Q3 you would toggle 6 until the CoS 5 Priority Queue value reads Q3 5 If desired repeat Step 3 to change the queue assign...

Page 248: ...e 87 Figure 87 Configure Egress Scheduling Menu 4 Type 1 to toggle Scheduling Mode between its two possible settings The default setting is Strict Priority If you select Strict Priority skip the next step Options 2 through 9 in the menu do not apply to Strict Priority scheduling 5 If you select Weighted Round Robin Priority as the scheduling method select menu options 2 through 9 and specify the m...

Page 249: ...s User s Guide Section II Advanced Operations 249 The default value of 1 for each queue gives all egress queues the same weight 6 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 250: ...identifier of the VLAN where the port is an untagged member The Priority column displays the temporary priority level assigned to ingress untagged packets on the port The Override Priority column indicates whether the priority level in ingress tagged frames is being used or not If No the override is deactivated and the port is using the priority levels contained within the frames If Yes the overri...

Page 251: ...Operations 251 Chapter 15 Quality of Service This chapter describes Quality of Service QoS Sections in the chapter include Managing Flow Groups on page 252 Managing Traffic Classes on page 261 Managing Policies on page 271 ...

Page 252: ...ure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 6 to select Quality of Service The Quality of Service QoS menu is shown in Figure 89 Figure 89 Quality of Service QoS menu 3 From the Quality of Service QoS menu type 1 to select Flow Group Configuration Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Quality of ...

Page 253: ...group on the switch must have a unique number The range is 0 to 1023 The default is 0 This parameter is required Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Flow Group Configuration 1 Create Flow Group 2 Modify Flow Group 3 Destroy Flow Group 4 Show Flow Groups R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Marketing User Manager ...

Page 254: ... value in the packets with the new value specified in option 4 Priority If set to No which is the default the packets retain their preexisting priority level 6 ToS Specifies a replacement value to write into the Type of Service ToS field of IPv4 packets The range is 0 to 7 A new ToS value can be set at all three levels flow group traffic class and policy A ToS value specified in a flow group overr...

Page 255: ... Services menu type 6 to select Quality of Service The Quality of Service QoS menu is shown in Figure 89 on page 252 3 From the Quality of Service QoS menu type 1 to select Flow Group Configuration The Flow Group Configuration menu is shown in Figure 90 on page 253 4 From the Flow Group Configuration menu type 2 to select Modify Flow Group The following prompt is displayed Available Flow Group s 0...

Page 256: ...fic class go to Managing Traffic Classes on page 261 9 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes Deleting a Flow Group To delete a flow group perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 6 to select Quality of Service The Quality of Service QoS men...

Page 257: ...y Flow Group Menu 6 Type D to delete the flow group The flow group is deleted from the switch The group is removed from any traffic classes to which it is assigned 7 To delete another flow group repeat this procedure starting with step 4 8 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes Displaying Flow Groups To display flow groups perform th...

Page 258: ...escription of the flow group Parent Traffic Class ID The ID number of the traffic class to which the flow group is assigned A flow group can belong to only one traffic class at a time Active The status of the flow group If the flow group is part of a QoS policy that is assigned to one or more ports the flow group is deemed active If the flow group has not been assigned to a policy or if the policy...

Page 259: ...up Detail Menu The Display Flow Group Details menu provides the following information Flow Group ID The flow group s ID number Description The flow group s description DSCP value The replacement value to write into the DSCP TOS field of the packets Priority The new user priority value for the packets Remark Priority Replaces the user priority value in the packets with the Priority value Allied Tel...

Page 260: ...iority field with the value in the ToS priority field on IPv4 packets If set to No which is the default the packets retain their preexisting 802 1p priority level Move Priority to ToS If set to Yes replaces the value in the ToS priority field with the value in the 802 1p priority field on IPv4 packets If set to No which is the default the packets retain their preexisting ToS priority level Classif...

Page 261: ... the Security and Services menu type 6 to select Quality of Service The Quality of Service QoS menu is shown in Figure 89 on page 252 3 From the Quality of Service QoS menu type 2 to select Traffic Class Configuration The Traffic Class Configuration menu is shown in Figure 96 Figure 96 Traffic Class Configuration Menu 4 From the Traffic Class Configuration menu type 1 to select Create Traffic Clas...

Page 262: ...xceeds the maximum bandwidth specified in option 6 There are two possible exceed actions drop and remark If drop is selected traffic exceeding the bandwidth is discarded If remark is selected the packets are forwarded after replacing the DSCP value with the new value specified in option 4 Exceed Remark Value The default is drop 4 Exceed Remark Value Specifies the DSCP replacement value for traffic...

Page 263: ...ed up to the nearest Mbps value when this traffic class is assigned to a policy on a 10 100 port and up to the nearest 8 Mbps value when assigned to a policy on a gigabit port for example on a gigabit port 1 Mbps is rounded to 8 Mbps and 9 is rounded to 16 Note If this option is set to 0 zero all traffic that matches that traffic class is dropped However an access control list can be created to ma...

Page 264: ...t size without also specifying a maximum bandwidth serves no function 8 Priority Specifies the priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned Priority values range from 0 to 7 with 0 being the lowest priority and 7 being the highest priority Incoming frames are mapped into one of eight Class of Service CoS queues based on the priority v...

Page 265: ...s procedure starting with step 3 To assign the traffic class to a policy go to Managing Policies on page 271 8 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes Modifying a Traffic Class To modify a traffic class perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu typ...

Page 266: ...hat already has a value causes the parameter to revert to its default value 7 Type M to select Modify Traffic Class 8 To modify another traffic class repeat this procedure starting with step 4 To assign the traffic class to a policy go to Managing Policies on page 271 9 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes Allied Telesis AT 9424T S...

Page 267: ...e Traffic Class es 0 7 Enter Traffic Class ID 0 to 511 0 5 Enter the ID number of the traffic class you want to delete You can delete only one traffic class at a time The selected traffic class is displayed in the Destroy Traffic Class menu An example is shown in Figure 99 You can use the menu to verify that you are deleting the correct traffic class Figure 99 Destroy Traffic Class Menu 6 Type D t...

Page 268: ...Quality of Service The Quality of Service QoS menu is shown in Figure 89 on page 252 3 From the Quality of Service QoS menu type 2 to select Traffic Class Configuration The Traffic Class Configuration menu is shown in Figure 96 on page 261 4 From the Traffic Class Configuration menu type 4 to select Show Traffic Classes The Show Traffic Classes menu is shown in Figure 100 Figure 100 Show Traffic C...

Page 269: ...to any ports the traffic class is deemed inactive 5 To display the specifics of a traffic class type D to select Display Traffic Class Details 6 When prompted enter the ID number of the traffic class you want to view You can display only one traffic class at a time An example of the Display Traffic Class Details menu is shown in Figure 101 Figure 101 Display Traffic Class Details Menu Allied Teles...

Page 270: ...y The priority value in the IEEE 802 1p tag control field that traffic belonging to this traffic class is assigned Remark Priority Replaces the user priority value in the packets with the Priority value ToS Specifies a replacement value to write into the Type of Service ToS field of IPv4 packets The range is 1 to 7 Move ToS to Priority If set to yes replaces the value in the 802 1p priority field ...

Page 271: ...ces 2 From the Security and Services menu type 6 to select Quality of Service The Quality of Service QoS menu is shown in Figure 89 on page 252 3 From the Quality of Service QoS menu type 3 to select Policy Configuration The Policy Configuration menu is shown in Figure 102 Figure 102 Policy Configuration Menu 4 From the Policy Configuration menu type 1 to select Create Policy Allied Telesis AT 942...

Page 272: ...ackets are remarked If None is specified the function is disabled The default is None 4 DSCP value Specifies a replacement value to write into the DSCP TOS field of the packets The range is 0 to 63 A new DSCP value can be set at all three levels flow group traffic class and policy A DSCP value specified in a flow group overrides a DSCP value specified at the traffic class or policy level A DSCP va...

Page 273: ...Port Mirroring on page 137 9 Traffic Class List Specifies the traffic classes to be assigned to the policy The specified traffic classes must already exist Separate multiple IDs with commas e g 4 11 13 A Redirect Port Specifies the port where the classified traffic from the ingress port is redirected B Ingress Port List Specifies the ingress ports to which the policy is to be assigned Ports can be...

Page 274: ...menu type 2 to select Modify Policy The following prompt is displayed Available Policy ies 0 4 Enter Policy ID 0 to 255 0 5 Enter the ID number of the policy you want to modify You can modify only one policy at a time The selected policy is displayed in the Modify Policy menu An example is shown in Figure 104 Figure 104 Modify Policy Menu 6 Modify the settings as needed For parameter definitions r...

Page 275: ...ion Changes Deleting a Policy To delete a policy perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 6 to select Quality of Service The Quality of Service QoS menu is shown in Figure 89 on page 252 3 From the Quality of Service QoS menu type 3 to select Policy Configuration The Policy Configuration menu is shown in ...

Page 276: ...nfiguration menu type 4 to select Show Policies The Show Policies menu is shown in Figure 105 Figure 105 Show Policies Menu The Show Policies menu provides the following information ID The policy s ID number Description A description of the policy Active The status of the policy A policy that is assigned to one or more ports is deemed active while a policy that is not assigned to any ports is deem...

Page 277: ...cy ID The policy ID number Description The policy description Remark DSCP Whether the ingress DSCP value is overwritten If All is specified all packets are remarked If None is specified the function is disabled The default is None DSCP value The replacement value to write into the DSCP TOS field of the packets Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display Po...

Page 278: ...Priority to ToS If set to yes replaces the value in the ToS priority field with the value in the 802 1p priority field on IPv4 packets If set to No which is the default the packets retain their preexisting ToS priority level Send to Mirror Port Copies the traffic that meets the criteria of the classifiers to a destination mirror port If you set this to yes you must specify the destination port by ...

Page 279: ...perations 279 Chapter 16 Denial of Service Defenses This chapter contains the procedure for configuring the switch s defense mechanisms against denial of service DoS attacks Configuring Denial of Service Defense on page 280 ...

Page 280: ... the Land defense you must also specify an uplink port To do this complete the following steps Otherwise go to step 4 a Type 1 to select LAN IP Subnet The LAN IP Subnet menu is shown in Figure 108 Figure 108 LAN IP Subnet Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Denial of Service DoS 1 LAN IP Subnet 2 SYN Flood Configuration 3 Smurf Configuration 4 Land Co...

Page 281: ...ivating the Land defense type 3 to select Uplink Port The following prompt is displayed Enter the Uplink Port for the LAN 0 to 24 Enter the number of the port connected to the device e g DSL router that leads outside your network You can specify only one uplink port e Type R to return to the Denial of Service DoS Configuration menu and continue with the next step 4 Type the number of the DoS attac...

Page 282: ...ptions defense mechanisms You can use this option to mirror the traffic examined by a defense mechanism to another port on the switch To use this feature you must activate port mirroring on the switch and specify a destination mirror port as explained in Creating a Port Mirror on page 138 Mirroring traffic is not required 7 Repeat this procedure starting with Step 3 to configure other DoS defenses...

Page 283: ... procedures for configuring Power over Ethernet PoE on the AT 924T POE Switch Sections in the chapter include Setting the PoE Threshold on page 284 Configuring PoE Port Settings on page 286 Displaying PoE Status and Settings on page 288 Note This chapter applies only to the AT 924T POE Switch ...

Page 284: ... type 6 to select Advanced Configuration 2 From the Advanced Configuration menu type 4 to select Power Over Ethernet PoE Configuration menu The Power Over Ethernet Configuration menu is shown in Figure 110 Figure 110 Power Over Ethernet Configuration Menu 3 From the Power Over Ethernet Configuration menu type 1 to select PoE Global Configuration The PoE Global Configuration menu is shown in Figure...

Page 285: ...ot be changed 4 From the PoE Global Configuration menu type 1 to select Power Threshold The following prompt is displayed Enter percentage of power limit threshold 1 to 100 95 Enter the new threshold as a percentage of the total available PoE power on the switch The new threshold is immediately activated on the switch 5 After making the change type R until you return to the Main Menu Then type S t...

Page 286: ...o select PoE Port Configuration The following prompt is displayed Enter port list 4 Enter the port you want to configure You can specify more than one port at a time The PoE Port Configuration menu is shown in Figure 112 Figure 112 PoE Port Configuration Menu If you are configuring multiple ports the management software displays the settings of the lowest numbered port 5 To enable or disable PoE o...

Page 287: ...belong to only one priority level at a time The default is Low 7 To change the maximum amount of power the port can supply to the device type 3 to select Power Limit and enter a new value in milliwatts The default value is 15 400 mW A change to a parameter value is immediately activated on the switch 8 After making your changes type R until you return to the Main Menu Then type S to select Save Co...

Page 288: ...Power Over Ethernet PoE Configuration menu The Power Over Ethernet Configuration menu is shown in Figure 110 on page 284 3 From the Power Over Ethernet Configuration menu type 3 to select PoE Status The PoE Status menu is shown in Figure 113 Figure 113 PoE Status Menu The selections are defined below Allied Telesis AT 924T POE AT S63 Production Switch User Manager 11 20 02 02 Jan 2008 PoE Status 1...

Page 289: ...ge of the total amount of power available which for the AT 924T POE switch is 380 W Min Shutdown Voltage The minimum threshold voltage at which the switch shuts down PoE If the power supply in the switch experiences a problem and the output voltage drops below this value the switch shuts down PoE on all ports This value is not adjustable Max Shutdown Voltage The maximum threshold voltage at which ...

Page 290: ... Consumed Power The amount of power in milliwatts currently consumed by the powered device connected to the port If the port is not connected to a powered device this value will be 0 zero Power Status Whether power is being supplied to the device ON means that the port is providing power to a powered device OFF means the device is not a powered device or PoE has been disabled on the port Allied Te...

Page 291: ... means that the port is providing power to a powered device OFF means the device is not a powered device PoE has been disabled on the port or no device is connected to the port Power Consumed The amount of power in milliwatts currently consumed by the powered device connected to the port If the port is not connected to a powered device this value will be 0 zero Power Limit The maximum amount of po...

Page 292: ...drawn by the powered device 4 PoE Device Information This selection displays the hardware and firmware version numbers of the PoE chipset used in the switch This selection is intended for troubleshooting purposes and displays the following window Figure 117 PoE Device Information Allied Telesis AT 924T POE AT S63 Production Switch User Manager 11 20 02 02 Jan 2008 PoE Device Information MCU Device...

Page 293: ...his section contain overview information on IGMP snooping MLD snooping and RRP snooping The chapters also explain how to configure these features from the menus interface of the AT S63 Management Software The chapters include Chapter 18 IGMP Snooping on page 295 Chapter 19 MLD Snooping on page 305 Chapter 20 RRP Snooping on page 315 ...

Page 294: ...294 Section III IGMP Snooping MLD Snooping and RRP Snooping ...

Page 295: ...to activate and configure the Internet Group Management Protocol IGMP snooping feature on the switch Sections in the chapter include Configuring IGMP Snooping on page 296 Enabling or Disabling IGMP Snooping on page 300 Displaying a List of Host Nodes on page 301 Displaying a List of Multicast Routers on page 303 ...

Page 296: ...onfiguration Note For information on option 1 RRP Snooping Configuration refer to Chapter 20 RRP Snooping on page 315 For information on option 3 MLD Snooping Configuration refer to Chapter 19 MLD Snooping on page 305 For information on option 4 Power Over Ethernet PoE Configuration refer to Chapter 17 Power Over Ethernet on page 283 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 0...

Page 297: ...additional multicast packets out the port where the host node is connected Multiple Host Ports Intermediate The Multi Host setting is appropriate if there is more than one host node connected to a switch port such as when a port is connected to an Ethernet hub to which multiple host nodes are connected With this setting selected the switch continues sending multicast packets out a port even after ...

Page 298: ...l the router is assumed to be no longer active on the port The actual timeout may be ten seconds less that the specified value For example a setting of 25 seconds can result in the switch classifying a host node or multicast router as being inactive after just 15 seconds A setting of 10 seconds or less can result in the immediate timeout of an inactive host node or router 4 Maximum IGMP Multicast ...

Page 299: ...ction 6 View IGMP Multicast Hosts List is described in Displaying a List of Host Nodes on page 301 Selection 7 View IGMP Multicast Routers List is described in Displaying a List of Multicast Routers on page 303 4 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 300: ... Configuration menu type 2 to select IGMP Snooping Configuration The IGMP Snooping Configuration menu is shown in Figure 119 on page 297 3 From the IGMP Snooping Configuration menu type 1 to select IGMP Snooping Status The following prompt is displayed IGMP Snooping Status E Enabled D Disabled 4 Type E to enable IGMP or D to disable it The default setting is disabled A change to the status of IGMP...

Page 301: ...om the IGMP Snooping Configuration menu type 6 to select View IGMP Multicast Hosts List The View IGMP Multicast Host List menu is shown in Figure 120 Figure 120 View IGMP Multicast Hosts List Menu The View IGMP Multicast Hosts List menu displays a table with the following columns of information Multicast Group The multicast address of the group Allied Telesis AT 9424T SP AT S63 Marketing User Mana...

Page 302: ...witch where the host node is connected If the host node is connected to the switch through a trunk the trunk ID number not the port number is displayed HostIP The IP address of the host node connected to the port IGMP Ver The version of IGMP used by the host Exp Time The number of seconds remaining before the host is timed out if no further IGMP reports are received from it ...

Page 303: ...ed Configuration menu type 2 to select IGMP Snooping Configuration The IGMP Snooping Configuration menu is shown in Figure 119 on page 297 3 From the IGMP Snooping Configuration menu type 7 to select View IGMP Multicast Routers List The View IGMP Multicast Routers List menu is shown in Figure 121 Figure 121 View IGMP Multicast Routers List Menu The View IGMP Multicast Routers List menu displays a ...

Page 304: ...MP Snooping 304 Section III IGMP Snooping MLD Snooping and RRP Snooping switch learned the router on a port trunk the trunk ID number not the port number is displayed Router IP The IP address of the multicast router ...

Page 305: ...lains how to activate and configure Multicast Listener Discovery MLD snooping on the switch Sections in the chapter include Configuring MLD Snooping on page 306 Enabling or Disabling MLD Snooping on page 309 Displaying a List of Host Nodes on page 310 Displaying a List of Multicast Routers on page 312 ...

Page 306: ...node per switch port or multiple host nodes per port The possible settings are Single Host Port Edge The Single Host Port setting is appropriate when there is only one host node connected to each port on the switch This setting causes the switch to immediately stop sending multicast packets out a switch port when a host node signals its desire to leave a multicast group by sending a leave request ...

Page 307: ...ode is a node that has not sent an MLD report during the specified time interval The range is from 0 second to 86 400 seconds 24 hours The default is 260 seconds If you set the timeout to zero 0 the host never times out and the timeout interval is essentially disabled This parameter also specifies the time interval used by the switch in determining whether a multicast router is still active The sw...

Page 308: ...lection 6 View MLD Multicast Hosts List is described in Displaying a List of Host Nodes on page 310 Selection 7 View MLD Multicast Routers List is described in Displaying a List of Multicast Routers on page 312 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Your changes are activated immediately on the switch ...

Page 309: ... Advanced Configuration menu type 3 to select MLD Snooping Configuration The MLD Snooping Configuration menu is shown in Figure 122 on page 306 3 From the MLD Snooping Configuration menu type 1 to select MLD Snooping Status The following prompt is displayed MLD Snooping Status E Enabled D Disabled 4 Type E to enable MLD or D to disable it The default setting is disabled A change to the status of M...

Page 310: ...ooping Configuration menu type 6 to select View MLD Multicast Hosts List The View MLD Multicast Host List menu is shown in Figure 123 Figure 123 View MLD Multicast Hosts List Menu The View MLD Multicast Hosts List menu displays a table with the following columns of information Multicast Group The multicast address of the group VLAN The VID of the VLAN where the port is an untagged member Port Trun...

Page 311: ...P Snooping 311 node is connected to the switch through a trunk the trunk ID number not the port number is displayed HostIP The IP address of the host node connected to the port Exp Time The number of seconds remaining before the host is timed out if no further MLD reports are received from it ...

Page 312: ...296 2 From the Advanced Configuration menu type 3 to select MLD Snooping Configuration The MLD Snooping Configuration menu is shown in Figure 122 on page 306 3 From the MLD Snooping Configuration menu type 7 to select View MLD Multicast Routers List The View MLD Multicast Routers List menu is shown in Figure 124 Figure 124 View MLD Multicast Routers List Menu The View MLD Multicast Routers List me...

Page 313: ...oping MLD Snooping and RRP Snooping 313 Port Trunk ID The port on the switch where the multicast router is connected If the switch learned the router on a port trunk the trunk ID number not the port number is displayed Router IP The IP address of the multicast router ...

Page 314: ...Chapter 19 MLD Snooping 314 Section III IGMP Snooping MLD Snooping and RRP Snooping ...

Page 315: ...Section III IGMP Snooping MLD Snooping and RRP Snooping 315 Chapter 20 RRP Snooping The section in this chapter explains how to configure RRP snooping Enabling or Disabling RRP Snooping on page 316 ...

Page 316: ...guration menu type 1 to toggle the setting between Enabled and Disabled The default setting is disabled A change to the status of RRP snooping is immediately activated on the switch If you activate the feature the switch flushes all dynamic MAC addresses from the MAC address table and immediately begins to relearn the addresses as it receives packets from the end nodes 4 To permanently save your c...

Page 317: ...SNMPv3 The chapter in this section contains overview information on SNMPv3 The chapter also explains how to configure this feature from the menus interface of the AT S63 Management Software The chapter is Chapter 21 SNMPv3 on page 319 ...

Page 318: ...318 Section IV SNMPv3 ...

Page 319: ...Pv3 Entities on page 320 Configuring the SNMPv3 User Table on page 321 Configuring the SNMPv3 View Table on page 331 Configuring the SNMPv3 Access Table on page 340 Configuring the SNMPv3 SecurityToGroup Table on page 356 Configuring the SNMPv3 Notify Table on page 364 Configuring the SNMPv3 Target Address Table on page 372 Configuring the SNMPv3 Target Parameters Table on page 385 Configuring the...

Page 320: ...ddress Table on page 372 Configuring the SNMPv3 Target Parameters Table on page 385 Configuring the SNMPv3 Community Table on page 398 The SNMPv3 User View Access and SecurityToGroup tables are concerned with setting up a user determining authentication and privacy and associating a user to a security group The SNMPv3 Notify Target Address and Target Parameters tables are concerned with message no...

Page 321: ...vacy protocol Privacy password There are three functions you can perform with the SNMPv3 User Table Creating an SNMPv3 User Table Entry next Deleting an SNMPv3 User Table Entry on page 325 Modifying an SNMPv3 User Table Entry on page 326 Creating an SNMPv3 User Table Entry To create an entry in the SNMPv3 User Table perform the following procedure 1 From the Main Menu type 5 to select System Admin...

Page 322: ...Table 1 SNMP Engine 80 00 00 CF 31 00 30 84 FD 57 DA 2 Configure SNMPv3 User Table 3 Configure SNMPv3 View Table 4 Configure SNMPv3 Access Table 5 Configure SNMPv3 SecurityToGroup Table 6 Configure SNMPv3 Notify Table 7 Configure SNMPv3 Target Address Table 8 Configure SNMPv3 Target Parameters Table 9 Configure SNMPv3 Community Table R Return to Previous Menu Enter your selection Allied Telesis AT...

Page 323: ...cks the message digest With the MD5 selection you can configure a Privacy Protocol S SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA select...

Page 324: ...NONE you are prompted for the Storage Type Go to Step 13 If you select DES the following prompt is displayed Enter Privacy Password 10 Enter a privacy password of up to 32 alphanumeric characters You are prompted to re enter the password The following prompt is displayed Enter Storage Type V Volatile N NonVolatile 11 Select one of the following storage types for this table entry V Volatile Select ...

Page 325: ...orm the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 2 to select Configure SNMPv3 User Table The SNMPv3 User Table is shown in Figure 127 on page 322 3 From t...

Page 326: ...page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 2 to select Configure SNMPv3 User Table The SNMPv3 User Table is shown in Figure 127 on page 322 3 From the SNMPv3 User Table type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 User Table is shown in Figure 128 Figure 128 Modify SNMPv3 U...

Page 327: ... can configure a Privacy Protocol S SHA This value represents the SHA authentication protocol With this selection users are authenticated with the SHA authentication protocol after a message is received This algorithm generates the message digest The user is authenticated when the authentication protocol checks the message digest With the SHA selection you can configure a Privacy Protocol N None T...

Page 328: ...l if you have configured the Authentication Protocol with the MD5 or SHA values 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 2 to select Configure SNMPv3 User Table The SNMPv3 Us...

Page 329: ...aracters The following prompt is displayed Re enter Authentication password 8 Re enter the password 9 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying the Storage Type To modify the Storage Type in an SNMPv3 User Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through...

Page 330: ...g changes to an SNMPv3 User Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 User Table to nonvolatile memory After making changes to an SNMPv3 User Table entry with a NonVolatile storage type the S Save Configuration Changes option appears ...

Page 331: ...umn or row of the table AT S63 supports the Internet subtree of the OID table There are three functions you can perform with the SNMPv3 User Table Creating an SNMPv3 View Table Entry next Deleting an SNMPv3 View Table Entry on page 334 Modifying an SNMPv3 View Table Entry on page 335 Creating an SNMPv3 View Table Entry To create an entry in the SNMPv3 View Table perform the following procedure 1 D...

Page 332: ...NMPv3 View Table entry The following prompt is displayed Enter View Subtree OID format Text Name 5 Enter the subtree that this view will or will not be permitted to display You can enter either a numeric value in hex format or the equivalent text name For example the OID hex format for TCP IP is 1 3 6 1 2 1 6 The text format is for TCP IP is Allied Telesis AT 9424T SP AT S63 Marketing User Manager...

Page 333: ...e the View Subtree parameter as MIB ifEntry 0 3 has the following value 1 3 6 1 2 1 2 2 1 0 3 To restrict the user s view to the third row all columns of the ifEntry MIB enter the following value for the Subtree Mask parameter ff bf The following prompt is displayed Enter View Type I Included E Excluded 7 Enter one of the following view types I Included Enter this value to permit the View Name to ...

Page 334: ...ry from the SNMPv3 View Table After you delete an SNMPv3 View Table entry there is no way to undelete or recover the entry To delete an entry in the SNMPv3 View Table perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in F...

Page 335: ...on page 337 Modifying a Storage Type on page 338 Modifying a Subtree Mask To modify the Subtree Mask parameter in an SNMPv3 View Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 Fr...

Page 336: ... display You can enter either a numeric value in hex format or the equivalent text name For example the OID hex format for TCP IP is 1 3 6 1 2 1 6 The text format is for TCP IP is tcp The following prompt is displayed Enter Subtree Mask Hex format 7 Enter a Subtree Mask in hexadecimal format Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Modify SNMPv3 View Table View...

Page 337: ...ter the following value for the Subtree Mask parameter ff bf 8 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying a View Type To modify the View Type parameter in an SNMPv3 View Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Tab...

Page 338: ...e to not permit the View Name to see the subtree specified above 8 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying a Storage Type To modify the Storage Type parameter in an SNMPv3 View Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv...

Page 339: ...latile Select this storage type if you do not want the ability to save an entry in the SNMPv3 View Table to the configuration file After making changes to an SNMPv3 View Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 View Table to the conf...

Page 340: ...is procedure you will need to configure entries in the View Table These values are used to configure the Read Write and Notify View parameters in this procedure See Configuring the SNMPv3 View Table on page 331 There are three functions you can perform with the SNMPv3 Access Table Creating an SNMPv3 Access Table Entry next Deleting an SNMPv3 Access Table Entry on page 344 Modifying an SNMPv3 Acces...

Page 341: ...p Name Security Model and Security Level parameter values However unique group names allow you to more easily distinguish the groups There are four default values for this field defaultV1GroupReadOnly defaultV1GroupReadWrite defaultV2cGroupReadOnly defaultV2cGroupReadWrite These values are reserved for SNMPv1 and SNMPv2c implementations Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 2...

Page 342: ...ticate SNMPv3 entities users and encrypt messages The following prompt is displayed Enter Security Level N NoAuthNoPriv A AuthNoPriv P AuthPriv 6 Select one of the following security levels N NoAuthNoPriv This option represents no authentication and no privacy protocol Select this security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privac...

Page 343: ...hat you configured with the View Name parameter in the SNMPv3 View Table A Write View Name allows the users assigned to this Security Group to write or modify the information in the specified View Table This value does not need to be unique The following prompt is displayed Enter Notify View Name 9 Enter a value that you configured with the View Name parameter in the SNMPv3 View Table A Notify Vie...

Page 344: ...try from the SNMPv3 Access Table After you delete an SNMPv3 Access Table there is no way to undelete or recover the entry To delete an entry in the SNMPv3 Access Table perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in ...

Page 345: ...security level if you do not want to authenticate SNMP entities and you do not want to encrypt messages using a privacy protocol This security level provides the least security Note If you have selected SNMPv1 or SNMPv2c N NoAuthNoPriv is the only security level you can select A AuthNoPriv This option represents authentication but no privacy protocol Select this security level if you want to authe...

Page 346: ...d with the View Name parameter in the SNMPv3 View Table This is the only way to associate a Group Name with these Views See Creating an SNMPv3 View Table Entry on page 331 See the following procedures Modifying the Read View Name on page 346 Modifying the Write View Name on page 349 Modifying the Notify View Name on page 351 Modifying the Storage Type on page 353 Modifying the Read View Name To mo...

Page 347: ... for this Group Name You cannot change the value of the Security Model parameter Select one of the following SNMP protocols 1 v1 Select this value to associate the Group Name with the SNMPv1 protocol 2 v2c Select this value to associate the Group Name with the SNMPv2c protocol Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Modify SNMPv3 Access Table Group Name sales ...

Page 348: ... users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol P AuthPriv This option represents authentication and the privacy protocol Select this security level to encrypt messages using a privacy protocol and authenticate SNMP entities This level provides the greatest level of security Yo...

Page 349: ...m the Configure SNMPv3 Access Table type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Table menu is shown in Figure 132 on page 347 4 To modify the Write View Name parameter type 2 to select Set Write View Name The following prompt is displayed Enter Group Name 5 Enter a Group Name that was previously configured The following prompt is displayed Enter Security Model 1 v1 2 v2c 3 v3 6 En...

Page 350: ...level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol P AuthPriv This option represents authentication and the privacy protocol Select this security level to encrypt messages using a privacy protocol and authenticate SNMP entities This level prov...

Page 351: ...m the Configure SNMPv3 Access Table type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Table menu is shown in Figure 132 on page 347 4 To modify the Notify View Name parameter type 3 to select Set Notify View Name The following prompt is displayed Enter Group Name 5 Enter a Group Name that was previously configured The following prompt is displayed Enter Security Model 1 v1 2 v2c 3 v3 6 ...

Page 352: ...rity level if you want to authenticate SNMP users but you do not want to encrypt messages using a privacy protocol You can select this value if you configured the Security Model parameter with the SNMPv3 protocol P AuthPriv This option represents authentication and the privacy protocol Select this security level to encrypt messages using a privacy protocol and authenticate SNMP entities This level...

Page 353: ...m the Configure SNMPv3 Access Table type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Table menu is shown in Figure 132 on page 347 4 To modify the Storage Type parameter type 4 to select Set Storage Type The following prompt is displayed Enter Group Name 5 Enter a Group Name that was previously configured The following prompt is displayed Enter Security Model 1 v1 2 v2c 3 v3 6 Enter th...

Page 354: ...onfigured the Security Model parameter with the SNMPv3 protocol P AuthPriv This option represents authentication and the privacy protocol Select this security level to encrypt messages using a privacy protocol and authenticate SNMP entities This level provides the greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol The follow...

Page 355: ...enus User s Guide Section IV SNMPv3 355 allowing you to save your changes Allied Telesis recommends this storage type 9 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 356: ... For each User Name you can assign A Security Model SNMPv1 SNMPv2c SNMPv3 A Group Name A Storage Type There are three functions you can perform with the SNMPv3 Access Table Creating an SNMPv3 SecurityToGroup Table Entry next Deleting an SNMPv3 SecurityToGroup Table Entry on page 359 Modifying an SNMPv3 SecurityToGroup Table Entry on page 360 Creating an SNMPv3 SecurityToGroup Table Entry To create...

Page 357: ...e 321 The following prompt is displayed Enter Security Model 1 v1 2 v2c 3 v3 5 Select the SNMP protocol that was configured for this User Name Choose from the following 1 v1 Select this value to associate the Group Name with the SNMPv1 protocol 2 v2c Select this value to associate the Group Name with the SNMPv2c protocol Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005...

Page 358: ... the ability to save an entry in the SNMPv3 SecurityToGroup Table to the configuration file After making changes to an SNMPv3 SecurityToGroup Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 SecurityToGroup Table to the configuration file Af...

Page 359: ...2 From the Configure SNMPv3 Table menu type 5 to select Configure SNMPv3 SecurityToGroup Table The SNMPv3 SecurityToGroup Table is shown in Figure 133 on page 357 Note To display a Group Name and its associated parameters from the Configure SNMPv3 SecurityToGroup Table menu type N to display the Next Page and P to display the previous page 3 From the SNMPv3 SecurityToGroup Table type 2 to select D...

Page 360: ...le entry See the following procedures Modifying the Group Name on page 360 Modifying the Storage Type on page 362 Modifying the Group Name To modify the Group Name in an SNMPv3 SecurityToGroup Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Con...

Page 361: ...played Enter Security Model 1 v1 2 v2c 3 v3 6 Enter the Security Model configured for this User Name You cannot change the value of the Security Model parameter Select one of the following SNMP protocols 1 v1 Select this value if this User Name is configured with the SNMPv1 protocol 2 v2c Select this value to associate the User Name with the SNMPv2c protocol Allied Telesis AT 9424T SP AT S63 Marke...

Page 362: ...re SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 5 to select Configure SNMPv3 SecurityToGroup Table The Configure SNMPv3 SecurityToGroup Table is shown in Figure 131 on page 341 3 From the Configure SNMP...

Page 363: ... entry V Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 SecurityToGroup Table to the configuration file After making changes to an SNMPv3 SecurityToGroup Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in ...

Page 364: ...SNMPv3 Target Address Table menu As a result the Notify Tag parameter assigns a Target IP address to the Notify Table internally There are three functions you can perform with the Configure SNMPv3 Notify Table menu Creating an SNMPv3 Notify Table Entry next Deleting an SNMPv3 Notify Table Entry on page 366 Modifying an SNMPv3 Notify Table Entry on page 367 Creating an SNMPv3 Notify Table Entry To ...

Page 365: ...owing prompt is displayed Enter Notify Tag 5 Enter the name of the Notify Tag Enter a name of up to 32 alphanumeric characters The following prompt is displayed Enter Notify Type T Trap I Inform 6 Enter one of the following message types T Trap Indicates this notify table is used to send traps With this message type the switch does not expects a response from the host Allied Telesis AT 9424T SP AT...

Page 366: ...torage type the S Save Configuration Changes option appears on the Main Menu allowing you to save your changes Allied Telesis recommends this storage type Note The Row Status parameter is a read only field The Active value indicates the SNMPv3 Notify Table entry takes effect immediately 8 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes...

Page 367: ...nges type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying an SNMPv3 Notify Table Entry This section describes how to modify parameters in an SNMPv3 Notify Table entry See the following procedures Modifying a Notify Tag on page 367 Modifying a Notify Type on page 369 Modifying a Storage Type on page 370 Modifying a Notify Tag To modify the Notify Tag p...

Page 368: ...ollowing prompt is displayed Enter Notify Name 5 Enter a Notify Name The following prompt is displayed Enter Notify Tag 6 Enter the new Notify Tag Enter an alphanumeric value of up to 32 characters 7 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Modify SNMP...

Page 369: ...From the Configure SNMPv3 Notify Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Notify Table is shown in Figure 136 on page 368 4 To modify the Notify Type type 2 to select Set Notify Type The following prompt is displayed Enter Notify Name 5 Enter a Notify Name The following prompt is displayed Enter Notify Type T Trap I Inform 6 Enter one of the following message types T...

Page 370: ...he Storage Type type 3 to select Set Storage Type The following prompt is displayed Enter Notify Name 5 Enter a Notify Name The following prompt is displayed Enter Storage type V Volatile N NonVolatile 6 Select one of the following storage types for this table entry V Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Notify Table to the configuration f...

Page 371: ...AT S63 Management Software Menus User s Guide Section IV SNMPv3 371 7 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 372: ...of Retries Tag List Target Parameters Storage Type The values for the Tag List parameter are configured with the Notify Tag parameter in the Configure SNMPv3 Notify Table See Creating an SNMPv3 Notify Table Entry on page 364 There are three functions you can perform with the Configure SNMPv3 Target Address Table menu Creating an SNMPv3 Target Address Table Entry next Deleting an SNMPv3 Target Addr...

Page 373: ... Address 5 Enter the IP address of the host Use the following format for an IP address XXX XXX XXX XXX The following prompt is displayed Enter UDP Port 0 to 65535 162 6 Enter a UDP port You can enter a UDP port in the range of 0 to 65 535 The default UDP port is 162 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Configure SNMPv3 Target Address Table Target Addr Name ...

Page 374: ...orm message The Retries parameter applies to Inform messages only The range is 0 to 255 retries The default is 3 retries The following prompt is displayed Enter Tag List 9 Enter a Tag List This list consists of a tag or list of tags you configured in a Configure SNMPv3 Notify Table entry with the Notify Tag parameter See Creating an SNMPv3 Notify Table Entry on page 364 Enter a Tag List of up to 2...

Page 375: ...Address Table entry will take effect immediately 12 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Deleting an SNMPv3 Target Address Table Entry You may want to delete an entry from the SNMPv3 Target Address Table After you delete an SNMPv3 Target Address Table entry there is no way to undelete or recover the entry To delete an entry ...

Page 376: ...ing procedures Modifying a Target IP Address on page 376 Modifying the Target Address UDP Port on page 378 Modifying the Target Address Timeout on page 379 Modifying the Target Address Retries on page 380 Modifying the Target Address Tag List on page 381 Modifying the Target Parameters Field on page 382 Modifying the Storage Type on page 383 Note You cannot modify the Target Address Name parameter...

Page 377: ...P manager or host that manages the SNMP activity on your switch You can enter a name of up to 32 alphanumeric characters The following prompt is displayed Enter IP Address 6 Enter the IP address of the host Allied Telesis AT 9424T SP AT S63 Marketing User Manager11 20 02 02 Mar 2005 Modify SNMPv3 Target Address Table Target Addr Name host451 Timeout 1500 Target Parameters SNMPmanagerPC Retries 3 I...

Page 378: ... menu type 7 to select Configure SNMPv3 Target Address Table The Configure SNMPv3 Target Address Table menu is shown in Figure 137 on page 373 3 From the Configure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page 377 4 To change the Target Address UDP Port type 2 to select Set Target Address UDP P...

Page 379: ...rget Address Table The Configure SNMPv3 Target Address Table menu is shown in Figure 137 on page 373 3 From the Configure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page 377 4 To modify the Target Address Timeout type 3 to select Set Target Address Timeout The following prompt is displayed Enter ...

Page 380: ...NMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 7 to select Configure SNMPv3 Target Address Table The Configure SNMPv3 Target Address Table menu is shown in Figure 137 on page 373 3 From the Configure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page ...

Page 381: ...Configure SNMPv3 Target Address Table menu is shown in Figure 137 on page 373 3 From the Configure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page 377 4 To modify the Target Address Tag List type 5 to select Set Target Address TagList The following prompt is displayed Enter Target Address Name 5 ...

Page 382: ...able menu is shown in Figure 137 on page 373 3 From the Configure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page 377 4 To modify the Target Parameters field type 6 to select Set Target Parameters The following prompt is displayed Enter Target Address Name 5 Enter a previously configured Target A...

Page 383: ...gure SNMPv3 Target Address Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Address Table menu is shown in Figure 138 on page 377 4 To modify the Storage Type type 7 to select Set Storage Type The following prompt is displayed Enter Target Address Name 5 Enter a previously configured Target Address Name This is the name of the SNMP manager or host that manages the SNM...

Page 384: ... configuration file After making changes to an SNMPv3 Target Address entry with a NonVolatile storage type the S Save Configuration Changes option appears on the Main Menu allowing you to save your changes Allied Telesis recommends this storage type 7 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 385: ...rameter configured in the SNMPv3 User Table menu View Name parameter configured in the SNMPv3 View Table menu Group Name Security Model and Security Level parameters configured in the SNMPv3 Access Table User Name Security Model and Group Name configured in the SNMPv3 SecurityToGroup Table When you enter user security information in an SNMPv3 Target Parameters Table entry the information must matc...

Page 386: ...ers Table menu The Configure SNMPv3 Target Parameters Table menu is shown in Figure 139 Figure 139 Configure SNMPv3 Target Parameters Table Menu 3 To create an SNMPv3 Target Parameters Table type 1 to select Create SNMPv3 Table Entry The following prompt is displayed Enter Target Parameters Name 4 Enter a name of the Target Parameters Enter a value of up to 32 alphanumeric characters Allied Telesi...

Page 387: ... Select one of the following SNMP protocols as the Security Model for this Security Name or User Name 1 v1 Select this value to associate the Security Name or User Name with the SNMPv1 protocol 2 v2c Select this value to associate the Security Name or User Name with the SNMPv2c protocol 3 v3 Select this value to associate the Security Name or User Name with the SNMPv3 protocol The SNMPv3 protocol ...

Page 388: ...e greatest level of security You can select this value if you configured the Security Model parameter with the SNMPv3 protocol The following prompt is displayed Enter Storage Type V Volatile N NonVolatile 8 Select one of the following storage types for this table entry V Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Target Parameters Table to the c...

Page 389: ...v3 Table menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 8 to select Configure SNMPv3 Target Parameters Table The Configure SNMPv3 Parameters Table menu is shown in Figure 139 on page 386 Note To display a Group Name and its associated parameters from the Configure SNMPv3 SecurityToGroup Table menu type N to display the Next Page and P to display the previous pa...

Page 390: ...ng parameters in an SNMPv3 Target Parameters Table entry must match those configured in the corresponding table entry User Name parameter in the SNMPv3 User Table View Name parameter in the SNMPv3 View Table Group Name Security Model and Security Level parameters in the SNMPv3 Access Table User Name Security Model Group Name parameters in the SNMPv3 SecurityToGroup Table See the following procedur...

Page 391: ... menu is shown in Figure 126 on page 322 2 From the Configure SNMPv3 Table menu type 8 to select Configure SNMPv3 Target Address Table The Configure SNMPv3 Target Parameters Table menu is shown in Figure 139 3 From the Configure SNMPv3 Target Parameters Table menu type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Target Parameters Table menu is shown in Figure 140 Figure 140 Modify SNMP...

Page 392: ...he Security or User Name you have selected the value of the Security Model parameter in an SNMPv3 Target Parameter Table entry must match the value of the Security Model parameter in the SNMPv3 Access Table entry Caution If the values of the Security Model parameter in the SNMPv3 User Table and the SNMPv3 Target Parameter Table entry do not match notification messages are not generated on behalf o...

Page 393: ...ed as the Security Model for this Security Name or User Name 1 v1 Select this value if this User Name is associated with the SNMPv1 protocol 2 v2c Select this value if this User Name is associated with the SNMPv2c protocol 3 v3 Select this value if this User Name is associated with the SNMPv3 protocol 7 After making changes type R until you return to the Main Menu Then type S to select Save Config...

Page 394: ...a previously configured Target Parameters Name Enter a value of up to 32 alphanumeric characters The following prompt is displayed Enter Security Level N NoAuthNoPriv A AuthNoPriv P AuthPriv 6 Enter the Security Level Select one of the following Security Levels Note The value you configure for the Security Level must match the value configured for the User Name in the Configure SNMPv3 User Table m...

Page 395: ...l You can modify the Message Process Model for SNMPv1 and SNMPv2c protocol configurations only When you configure the SNMPv3 protocol the Message Process Model is automatically assigned to the SNMPv3 protocol To modify the Message Process Model parameter in an SNMPv3 Target Parameter Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through...

Page 396: ...figuration Changes Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Target Parameter Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 126 on page 322 2 From the Configure...

Page 397: ...e After making changes to an SNMPv3 Target Parameters Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Target Parameters Table to the configuration file After making changes to an SNMPv3 Target Parameters Table entry with a NonVolatile stora...

Page 398: ...340 SNMPv3 SecurityToGroup Table See Creating an SNMPv3 SecurityToGroup Table Entry on page 356 SNMPv3 Notify Table See Configuring the SNMPv3 Notify Table on page 364 SNMPv3 Target Address Table See Creating an SNMPv3 Target Address Table Entry on page 372 SNMPv3 Target Parameters Table See Creating an SNMPv3 Target Parameters Table Entry on page 386 Note that you do not create an entry in the SN...

Page 399: ...v3 Target Parameters Table menu Creating an SNMPv3 Community Table Entry next Deleting an SNMPv3 Community Table Entry on page 402 Modifying an SNMPv3 Community Table Entry on page 403 Creating an SNMPv3 Community Table Entry To create an entry in the Configure SNMPv3 Community Table menu perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in C...

Page 400: ...Community Name 5 Enter a Community Name of up to 64 alphanumeric characters The value of the Community Name parameter acts as a password for the SNMPv3 Community Table entry This parameter is case sensitive Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel Allied Telesis AT 9424T SP AT S63 Marketing User Manag...

Page 401: ...rameter links an SNMPv3 Community Table entry with an entry in the SNMPv3 Target Address Table The following prompt is displayed Enter Storage type V volatile N NonVolatile 8 Select one of the following storage types for this table entry V Volatile Select this storage type if you do not want the ability to save an entry in the SNMPv3 Community Table to the configuration file After making changes t...

Page 402: ...h 3 in Configuring the SNMPv3 User Table on page 321 Or from the Main Menu type 5 5 5 The Configure SNMPv3 Table menu is shown in Figure 127 on page 322 2 From the Configure SNMPv3 Table menu type 9 to select Configure SNMPv3 Community Table The Configure SNMPv3 Community Table menu is shown in Figure 141 on page 400 3 To delete an entry in the SNMPv3 Community Table type 2 to select Delete SNMPv3...

Page 403: ...Modifying the Community Name on page 403 Modifying the Security Name on page 405 Modifying the Transport Tag on page 405 Modifying the Storage Type on page 406 Modifying the Community Name To modify the Community Name parameter in an SNMPv3 Community Table entry perform the following procedure 1 Display the Configure SNMPv3 Table menu by performing steps 1 through 3 in Configuring the SNMPv3 User ...

Page 404: ...s case sensitive Enter a value of up to 64 alphanumeric characters Note Allied Telesis recommends that you select SNMP Community Names carefully to ensure these names are known only to authorized personnel 7 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Mod...

Page 405: ...ble type 3 to select Modify SNMPv3 Table Entry The Modify SNMPv3 Community Table menu is shown in Figure 142 on page 404 4 To change the Security Name type 2 to select Set Security Name The following prompt is displayed Enter Community Index 5 Enter the Community Index of the Security Name you want to change The following prompt is displayed Enter Security Name 6 Enter the new Security Name Enter ...

Page 406: ...Tag you want to change The following prompt is displayed Enter Transport Tag 6 Enter the new value for the Transport Tag Enter a name of up to 32 alphanumeric characters 7 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying the Storage Type To modify the Storage Type parameter in an SNMPv3 Community Table entry perform the follow...

Page 407: ...atile Select this storage type if you do not want the ability to an entry in the SNMPv3 Community Table to the configuration file After making changes to an SNMP Community Table entry with a Volatile storage type the S Save Configuration Changes option does not appear on the Main Menu N NonVolatile Select this storage type if you want the ability to save an entry in the SNMPv3 Community Table to t...

Page 408: ...laying the Display SNMPv3 Target Parameters Table Menu on page 413 Displaying the Display SNMPv3 Community Table Menu on page 414 Displaying the Display SNMPv3 User Table Menu This section describes how to display the Display SNMPv3 User Table menu For information about the SNMPv3 User Table see Creating an SNMPv3 User Table Entry on page 321 To display the Display SNMPv3 User Table menu perform t...

Page 409: ...play SNMPv3 User Table 2 Display SNMPv3 View Table 3 Display SNMPv3 Access Table 4 Display SNMPv3 SecurityToGroup Table 5 Display SNMPv3 Notify Table 6 Display SNMPv3 Target Address Table 7 Display SNMPv3 Target Parameters Table 8 Display SNMPv3 Community Table R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv...

Page 410: ...erforming steps 1 through 3 in Displaying the Display SNMPv3 User Table Menu on page 408 Or from the Main menu type 5 5 6 2 From the Display SNMPv3 Table menu type 2 to select Display SNMPv3 View Table The Display SNMPv3 View Table menu is shown in Figure 145 Figure 145 Display SNMPv3 View Table Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv3 View ...

Page 411: ...urityToGroup Table Menu This section describes how to display the Display SNMPv3 SecurityToGroup Table menu For more information about the parameters in the SNMPv3 SecurityToGroup Table menu see Creating an SNMPv3 SecurityToGroup Table Entry on page 356 To display the Display SNMPv3 SecurityToGroup Table menu perform the following procedure 1 Display the Display SNMPv3 Table menu by performing ste...

Page 412: ...he Main menu type 5 5 6 2 From the Display SNMPv3 Table menu type 5 to select Display SNMPv3 Notify Table The Display SNMPv3 Notify Table menu is shown in Figure 147 Figure 148 Display SNMPv3 Notify Table Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv3 SecurityToGroup Table Security Model v3 Security Name praveen Group Name hardwareengineering Stor...

Page 413: ...Menu Displaying the Display SNMPv3 Target Parameters Table Menu This section describes how to display the Display SNMPv3 Target Parameters Table menu For information about the SNMPv3 Target Parameters Table parameters see Creating an SNMPv3 Target Parameters Table Entry on page 386 To display the Display SNMPv3 Target Parameters Table menu perform the following procedure 1 Display the Display SNMP...

Page 414: ...ity Table menu perform the following procedure 1 Display the Display SNMPv3 Table menu by performing steps 1 through 3 in Displaying the Display SNMPv3 User Table Menu on page 408 Or from the Main menu type 5 5 6 2 From the Display SNMPv3 Table menu type 8 to select Display SNMPv3 Community Table Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv3 Target Pa...

Page 415: ...splay SNMPv3 Community Table Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display SNMPv3 Community Table Community Index atiindex14 Community Name sunnyvale Security Name hoa Transport Tag sampletag14 Storage Type NonVolatile Row Status Active U Update Display R Return to Previous Menu Enter your selection ...

Page 416: ...Chapter 21 SNMPv3 416 Section IV SNMPv3 ...

Page 417: ...ifferent spanning tree protocols supported on the AT 9400 Switch The chapters also explain how to configure the spanning tree protocols from the menu interface of the AT S63 Management Software The chapters include Chapter 22 Spanning Tree and Rapid Spanning Tree Protocols on page 419 Chapter 23 Multiple Spanning Tree Protocol on page 439 ...

Page 418: ...418 Section V Spanning Tree Protocols ...

Page 419: ... Spanning Tree Protocol RSTP The chapter also contains procedures on how to adjust the STP and RSTP bridge and port parameters The sections in this chapter include Enabling or Disabling a Spanning Tree Protocol on page 420 Configuring STP on page 422 Configuring RSTP on page 430 The Multiple Spanning Tree Protocol is described in Chapter 23 Multiple Spanning Tree Protocol on page 439 ...

Page 420: ...in Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu is shown in Figure 152 Figure 152 Spanning Tree Configuration Menu Note Do not enable spanning tree on the switch until after you have selected an activate spanning tree protocol and configured the settings If you want to disable spanning tree go to step 5 2 To change the active version of spanning tree on th...

Page 421: ...ibed in Chapter 23 Multiple Spanning Tree Protocol on page 439 Note After you have configured the spanning tree parameters perform steps 5 through 7 to enable spanning tree 5 To enable or disable spanning tree type 1 to select Spanning Tree Status The following prompt is displayed Enter new value E Enable D Disable 6 Type E to enable spanning tree or D to disable it The default is disabled 7 After...

Page 422: ...tings This section contains the procedure for configuring a bridge s STP settings Caution The default STP parameters are adequate for most networks Changing them without prior experience and an understanding of how STP works might have a negative effect on your network You should consult the IEEE 802 1d standard before changing any of the STP parameters To configure the bridge settings perform the...

Page 423: ... bridge This number is used to determine the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the bridge with the numerically lowest MAC address becomes the root bridge When a root bridge goes offline the bridge with the next priority number automatically takes over as the root bridge This parameter c...

Page 424: ...which stored bridge protocol data units BPDUs are deleted by the bridge All bridges in a bridged LAN use this aging time to test the age of stored configuration messages called bridge protocol data units BPDUs For example if you use the default value 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds When you select a value for maximum ...

Page 425: ...gement session on the switch which is functioning as the root bridge and change its bridge priority value 8 Root Path Cost The cost of the path from the current switch to the root switch of the spanning tree domain If the current switch is the root switch root path cost will be 0 This value cannot be changed and is only displayed when RSTP is activated on the switch 4 After making changes type R u...

Page 426: ...enter the same port number here as you entered in the previous step To configure a range of ports enter the last port of the range The Configure STP Port Settings menu is shown in Figure 155 Figure 155 Configure STP Port Settings Menu 7 Adjust the following parameters as needed Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 STP Port Parameters 1 Configure STP Port Se...

Page 427: ...t bridge for that LAN The range is 0 to 65 535 The default setting is Automatic Update which sets port cost depending on the speed of the port Table 9 lists the STP port costs with Auto Detect Table 8 lists the STP port costs with Auto Detect when a port is part of a port trunk Table 6 Port Priority Value Increments Increment Bridge Priority Increment Bridge Priority 0 0 8 128 1 16 9 144 2 32 10 1...

Page 428: ...on page 423 3 From the STP menu type P to select STP Port Parameters The STP Port Parameters menu is shown in Figure 154 on page 426 4 From the STP Port Parameters menu type 2 to select Display STP Port Configuration The Display STP Port Configuration menu is shown in Figure 156 Figure 156 Display STP Port Configuration Menu 1000 Mbps 2 Table 8 STP Auto Detect Port Trunk Costs Port Speed Port Cost...

Page 429: ...e The number is used as a tie breaker when two or more ports have equal costs to the root bridge Resetting STP to the Default Settings To reset STP to the default settings perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu is shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to sele...

Page 430: ...figuring RSTP Bridge Settings This section contains the procedure for configuring a bridge s RSTP settings Caution The default RSTP parameters are adequate for most networks Changing them without prior experience and an understanding of how RSTP works might have a negative effect on your network You should consult the IEEE 802 1w standard before changing any of the RSTP parameters To configure the...

Page 431: ...DU packets If you select Force STP Compatible the bridge operates in RSTP using the RSTP parameter settings but it sends only STP BPDU packets out the ports 2 Bridge Priority The priority number for the bridge This number is used in determining the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value the ...

Page 432: ...uration messages called bridge protocol data units BPDUs For example if you use the default 20 all bridges delete current configuration messages after 20 seconds This parameter can be from 6 to 40 seconds The default is 20 seconds When you select a value for maximum age observe the following rules MaxAge must be greater than 2 x HelloTime 1 MaxAge must be less than 2 x ForwardingDelay 1 6 Bridge I...

Page 433: ...e 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The RSTP menu is shown in Figure 153 on page 423 3 From the Spanning Tree Configuration menu type 3 to select STP Configuration The STP menu is shown in Figure 153 on page 423 4 From the STP menu type P to select RSTP Port Parameters The RSTP Port Parameters menu is shown in Figure 158 Figure 158 RSTP Port...

Page 434: ... The default value is 8 priority value 128 For a list of the increments refer to Table 6 on page 427 2 Port Cost The spanning tree algorithm uses the cost parameter to decide which port provides the lowest cost path to the root bridge for that LAN The range is 0 to 20 000 000 The default setting is Automatic Update which sets port cost depending on the speed of the port Table 9 lists the RSTP port...

Page 435: ...continues to transmit STP BPDUs indefinitely Type C to reset the MSTP port to transmit RSTP BPDUs 9 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Displaying the RSTP Port Configuration To display the RSTP port configuration perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning ...

Page 436: ...le settings are Yes No and Auto Detect Cost Port cost of the port The default is Auto Update Priority The number used as a tie breaker when two or more ports have equal costs to the root bridge Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display RSTP Port Configuration Port Edge Port Point to Point Cost Priority 1 Yes Auto Detect Auto Update 128 2 Yes Auto Detect ...

Page 437: ...ay RSTP Port State menu is shown in Figure 161 Figure 161 Display RSTP Port State Menu The Display RSTP Port State menu displays a table that contains the following information Port The port number State The RSTP state of the port The possible states for a port connected to another device running RSTP are Discarding and Forwarding Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 0...

Page 438: ...least cost path to the root switch This port connects the LAN to the root switch P2P Whether or not the port is functioning as a point to point port The possible settings are Yes and No Version Whether the port is operating in RSTP mode or STP compatible mode Port Cost The port cost of the port Resetting RSTP to the Default Settings To reset RSTP to the default settings perform the following proce...

Page 439: ...ng the CIST Priority on page 445 Displaying the CIST Priority on page 447 Creating Deleting and Modifying MSTI IDs on page 449 Adding Removing and Modifying VLAN Associations to MSTI IDs on page 452 Configuring MSTP Port Settings on page 457 Displaying the MSTP Port Configuration on page 463 Displaying the MSTP Port State on page 465 Resetting MSTP to the Defaults on page 468 Spanning Tree Protoco...

Page 440: ...0 2 To change the active version of spanning tree on the switch type 2 to select Active Protocol Version The following prompt is displayed Enter new value S STP R RSTP M MSTP 3 Type M to select MSTP Note A change to the active spanning tree is automatically saved on the switch 4 To enable or disable spanning tree type 1 to select Spanning Tree Status The following prompt is displayed Enter new val...

Page 441: ...irst number is the configured value on the switch for the parameter and the second is the value the switch obtained from the root bridge and is actually using for the parameter The switch displays only the configured values for these parameters if multiple spanning tree is not enabled on the switch Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 MSTP Configuration 1 F...

Page 442: ...logy changes If the bridge transitions too soon not all links may have yet adapted to the change possibly resulting in a network loop The range is 4 to 30 seconds The default is 15 seconds This setting applies only to ports running in the STP compatible mode 4 Max Age The length of time after which stored bridge protocol data units BPDUs are deleted by the bridge This parameter applies only if the...

Page 443: ...y a slash To change the switch s priority value refer to Configuring the CIST Priority on page 445 The MAC address of the switch cannot be changed 9 Root Identifier The bridge identifier of the root bridge of the CIST spanning tree domain The identifier consists of the root switch s bridge or CIST priority value and MAC address separated by a slash If this MAC address is the same as the current br...

Page 444: ...Chapter 23 Multiple Spanning Tree Protocol 444 Section V Spanning Tree Protocols 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 445: ... field in the menu displays the current value for this MSTP parameter This number is used in determining the root bridge of the network spanning tree This number is analogous to the RSTP bridge priority value The bridge in the network with the lowest priority number is selected as the root bridge If two or more bridges have the same bridge or CIST priority values the bridge with the numerically lo...

Page 446: ...4096 0 to 15 5 Enter the increment that represents the new CIST priority value The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority For a list of the increments refer to Table 6 Port Priority Value Increments on page 427 6 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 447: ...gure 164 MSTI Menu The MSTI menu displays a table that contains the following columns of information MSTI Lists the MSTI IDs existing on the switch Priority Specifies the MSTI priority value for the MSTI The steps in this procedure explain how you can assign this value when you create an MSTI ID and how to modify the value for an existing MSTI ID Regional Root ID Identifies the regional root for t...

Page 448: ... Specifies the path cost from the bridge to the regional root If the bridge is the regional root the value is 0 Associated VLANs Specifies the VIDs of the VLANs that have been associated with the MSTI ID The table does not include the CIST The table is empty if no MSTI IDs have been created ...

Page 449: ... to select MSTI menu The MSTI menu is shown in Figure 164 on page 447 4 Type 1 to select Create MSTI The following prompt is displayed Enter the MSTI ID to be created 1 to 15 5 Enter the new MSTP ID The MSTI ID range is from 1 to 15 You can specify only one MSTI ID at a time The following prompt is displayed Success Do you want to associate VLANs with this MSTI ID Yes No 6 If you want to associate...

Page 450: ...TI The following prompt is displayed Enter the MSTI ID to be deleted 1 to 15 5 Enter the MSTP IDs that you want to delete The range is 1 to 15 You cannot delete CIST which has a value of 0 All VLANs associated with a deleted MSTP ID are returned to CIST 6 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Modifying an MSTI ID To change th...

Page 451: ...value will be multiplied by 4096 0 to 15 8 6 Enter a new MSTI priority number for this MSTI on the bridge This parameter is used in selecting a regional root for the MSTI The range is 0 zero to 61 440 in increments of 4 096 with 0 being the highest priority This parameter is used in selecting a regional root for the MSTI For a list of the increments refer to Table 5 Bridge Priority Value Increment...

Page 452: ...stance which has a MSTI ID of 0 An MSTI can contain any number of VLANs This section contains the following procedures Adding or Removing a VLAN from an MSTI ID next Associating a VLAN to an MSTI ID on page 453 Removing a VLAN from an MSTI ID on page 454 Associating VLANs to an MSTI ID and Deleting All Associated VLANs on page 455 Clearing VLAN to MSTI Associations on page 456 Adding or Removing a...

Page 453: ...sociate a VLAN to an MSTP ID perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu is shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The MSTP menu is shown in Figure 162 on page 441 3 From the MSTP menu type M to select MSTI menu The MSTI menu is ...

Page 454: ...e 485 The MSTI ID retains any VLANs already associated with it when new VLANs are added 8 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Removing a VLAN from an MSTI ID To remove a VLAN from an MSTP ID perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu...

Page 455: ...sociate VLANs to an MSTP ID while deleting all VLANs that are already associated with it perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu is shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The MSTP menu is shown in Figure 162 on page 441 3 Fro...

Page 456: ...clear VLAN to MSTI associations perform the following procedure 1 From the Main Menu type 3 to select Spanning Tree Configuration The Spanning Tree Configuration menu is shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The MSTP menu is shown in Figure 162 on page 441 3 From the MSTP menu type M to select MSTI menu The MSTI menu ...

Page 457: ...be set independently for each MSTI where a port is a member These parameters are Internal path cost Priority To set these parameters refer to Configuring MSTI specific Port Parameters on page 460 Configuring Generic MSTP Port Settings To configure the external path cost of a port or to designate whether the port is an edge or point to point port perform the following procedure 1 From the Main Menu...

Page 458: ... the last port of the range To configure just one port enter the same port here as in Step 5 The Configure MSTP Port Settings menu is shown in Figure 167 Figure 167 Configure MSTP Port Settings Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 MSTP Port Parameters 1 Configure Generic Port Settings 2 Configure Per Spanning Tree Port Settings 3 Display MSTP Port Conf...

Page 459: ...setting when the port is not a member of a trunk Table 12 lists the MSTP port costs with the Auto setting when the port is part of a port trunk 2 Point to Point This parameter defines whether the port is functioning as a point to point port 3 Edge Port This parameter defines whether the port is functioning as an edge port 8 After making changes type R until you return to the Main Menu Then type S ...

Page 460: ...in Figure 162 on page 441 3 From the MSTP menu type P to select MSTP Port Parameters The MSTP Port Parameters menu is shown in Figure 166 on page 458 4 Type 2 to select Configure Per Spanning Tree Port Settings The following prompt is displayed Enter Spanning Tree CIST MSTI List 5 Enter the ID number of the CIST or MSTI where the VLAN containing the port whose settings you want to configure has be...

Page 461: ...y Value Increments on page 427 2 Port Internal Path Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region The range is 0 to 200 000 000 The default setting is 0 Auto Update which sets port cost depending on the speed of the port Default values are 2 000 000 for 10 Mbps ports 200 000 for a 100 Mbps ports and 20 000 for one gigabit ports Table 13 l...

Page 462: ...the RSTP port costs with Auto Detect when the port is part of a port trunk 9 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes Table 14 RSTP Auto Detect Port Trunk Costs Port Speed Port Cost 10 Mbps 20 000 100 Mbps 20 000 1000 Mbps 2 000 ...

Page 463: ...nu is shown in Figure 166 on page 458 4 From the MSTP Port Parameters menu type 3 to select Display MSTP Port Configuration The Display MSTP Port Configuration menu is shown in Figure 169 Figure 169 Display MSTP Port Configuration Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display MSTP Port Configuration Cost Port Edge Port Point to Point External Internal P...

Page 464: ...External or Internal Port Cost External Port Cost The port cost of the port if the port is connected to a bridge which is a member of another MSTP region or is running STP or RSTP Internal Port Cost The port cost of the port if the port is connected to a bridge which is part of the same MSTP region If the setting is Auto Update the port cost is set automatically depending on the speed of the port ...

Page 465: ...shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The MSTP menu is shown in Figure 162 on page 441 3 From the MSTP menu type P to select MSTP Port Parameters The MSTP Port Parameters menu is shown in Figure 166 on page 458 4 From the MSTP Port Parameters menu type 4 to select Display MSTP Port State The following prompt is displa...

Page 466: ...acket Forwarding Normal operation Disabled The port has been disabled Role The MSTP role of the port The possible roles are Root The port that is connected to the root switch directly or through other switches with the least path cost Alternate The port offers an alternate path in the direction of the root switch Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Display...

Page 467: ...ort connects the LAN to the root switch Master Similar to the root port When the port is a boundary port the MSTI port roles follow the CIST port roles The MSTI port role is called master when the CIST role is root P2P Whether or not the port is functioning as a point to point port The possible settings are Yes No and Auto Detect Version Whether the port is operating in MSTP mode or STP compatible...

Page 468: ...nning Tree Configuration menu is shown in Figure 152 on page 420 2 From the Spanning Tree Configuration menu type 3 to select Configure Active Protocol The MSTP menu is shown in Figure 162 on page 441 3 From the MSTP menu type D to select Reset MSTP to Defaults The following message is displayed Do you want to reset MSTP configuration to default Yes No 4 Enter Y for Yes or N for No and press Retur...

Page 469: ...ch The chapters also explain how to configure these features from the menu interface of the AT S63 Management Software The chapters include Chapter 24 Port based and Tagged VLANs on page 471 Chapter 25 GARP VLAN Registration Protocol on page 495 Chapter 26 Multiple VLAN Modes on page 515 Chapter 27 Protected Ports VLANs on page 521 Chapter 28 MAC Address based VLANs on page 533 ...

Page 470: ...470 Section VI Virtual LANs ...

Page 471: ...n This chapter contains the following sections Creating a Port based or Tagged VLAN on page 472 Example of Creating a Port based VLAN on page 477 Example of Creating a Tagged VLAN on page 479 Modifying a Port based or Tagged VLAN on page 481 Displaying VLANs on page 485 Deleting a Port based or Tagged VLAN on page 487 Deleting All VLANs on page 490 Displaying PVIDs on page 492 Enabling or Disablin...

Page 472: ...igure VLANs Note The switch must be operating in the user configured VLAN mode to support port based and tagged VLANs To change a switch s VLAN mode refer to Selecting a VLAN Mode on page 516 Selection 6 Configure GARP GVRP is described in Chapter 25 GARP VLAN Registration Protocol on page 495 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 VLAN Configuration 1 Ingres...

Page 473: ...teen alphanumeric characters in length The name should reflect the function of the nodes that will be a part of the VLAN for example Sales or Accounting The name cannot Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Configure VLANs 1 Create VLAN 2 Modify VLAN 3 Delete VLAN 4 Reset to Default VLAN R Return to Previous Menu Enter your selection Allied Telesis AT 9424T ...

Page 474: ...ans multiple switches than the VID value for the VLAN should be the same on each switch For example if you are creating a VLAN called Sales that spans three switches you should assign the Sales VLAN on each switch the same VID value Note A VLAN must have a VID It is important to note that the switch is only aware of the VIDs of the VLANs that exist on the device and not those that might already be...

Page 475: ...g 2 3 5 as a range e g 7 9 or both e g 2 5 7 9 Note Option 6 Protected Ports in the Create VLAN menu is not used to create port based or tagged VLANs It should be left in the No default setting This option is used to create protected ports VLANs as explained in Chapter 27 Protected Ports VLANs on page 521 11 Type C to select Create VLAN The following message is displayed SUCCESS Press any key to c...

Page 476: ... current untagged VLAN assignment For example if you are creating a new VLAN on a switch that contains only the Default_VLAN the untagged ports of the new VLAN are automatically removed from the Default_VLAN Note Tagged ports are not removed from any current VLAN assignments because tagged ports can belong to more than one VLAN at a time ...

Page 477: ...onfigure VLANs menu type 1 to select Create VLAN The Create VLAN menu is shown in Figure 173 on page 473 4 From the Create VLAN menu type 1 to select VLAN Name and enter Sales 5 Type 2 to select VLAN ID VID and enter 2 This is the VID value for the new VLAN 6 Type 3 to toggle VLAN Type to Port Based Note Option 4 Tagged Ports is left empty because this VLAN will not contain any tagged ports 7 Type...

Page 478: ...Chapter 24 Port based and Tagged VLANs 478 Section VI Virtual LANs The new Sales VLAN has now been created ...

Page 479: ... 473 3 From the Configure VLANs menu type 1 to select Create VLAN The Create VLAN menu is shown in Figure 173 on page 473 4 From the Create VLAN menu type 1 to select VLAN Name and enter Engineering 5 Type 2 to select VLAN ID VID and enter 3 This is the VID value for the new VLAN 6 Type 3 to toggle VLAN Type to Port Based 7 Type 4 to select Tagged Ports and enter 2 10 These are the tagged ports of...

Page 480: ...Chapter 24 Port based and Tagged VLANs 480 Section VI Virtual LANs The new Engineering VLAN has now been created ...

Page 481: ...shown in Figure 172 on page 473 3 From the Configure VLANs menu type 2 to select Modify VLAN The Modify VLAN menu is shown in Figure 174 Figure 174 Modify VLAN Menu Note Selection 2 Change GARP VLAN is described in Chapter 25 GARP VLAN Registration Protocol on page 495 Selection 3 Change MAC Associations is explained in Chapter 28 MAC Address based VLANs on page 533 4 From the Modify VLAN menu typ...

Page 482: ... as asterisks or exclamation points When you change a VLAN s name observe the following guidelines A VLAN s new name cannot be the same as the name of another VLAN on the same switch For example if the switch already contains a VLAN called Sales you cannot change an existing VLAN s name to Sales You cannot change the name of the Default_VLAN Note A VLAN must have a name 2 VLAN ID VID This is the V...

Page 483: ... untagged ports If you want to remove all untagged ports from the VLAN enter 0 zero for this value You cannot change the name of the Default_VLAN nor can you directly remove untagged ports from the Default_VLAN Instead you must assign the port as an untagged port to another VLAN An untagged port removed from a VLAN is automatically returned to the Default_VLAN as an untagged port Note Selection 6 ...

Page 484: ... the port has been moved to For information on how to add static MAC addresses refer to Adding Static Unicast and Multicast MAC Addresses on page 110 For instructions on how to delete addresses refer to Deleting Unicast and Multicast MAC Addresses on page 112 8 Press any key The Modify VLAN menu in Figure 174 on page 481 is displayed again 9 Repeat this procedure starting with Step 4 to modify oth...

Page 485: ...w VLANs Menu Note Selection D Detail Information Display only applies to MAC address based VLANs The Show VLANs menu displays a table that contains the following columns of information VID The VLAN ID Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show VLANs VID VLAN Name VLAN Type Protocol Member Port s 1 Default_VLAN Port Based Untagged Configured 20 24 Actual 20 2...

Page 486: ...he VLAN when the VLAN was created or modified Actual The current untagged ports of the VLAN If you are not using 802 1x Port based Network Access Control both the Configured and Actual untagged ports of a VLAN will always be the same If you are using 802 1x and you assigned a Guest VLAN to an authenticator port or you associated an 802 1x supplicant to a VLAN on the authentication server it is pos...

Page 487: ...eleted from the MAC address table For instructions refer to Deleting Unicast and Multicast MAC Addresses on page 112 Note To delete a VLAN you need to know its VID To view VLAN VIDs refer to Displaying VLANs on page 485 To delete a VLAN perform the following procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the ...

Page 488: ...N Menu 6 Type D to delete the VLAN or R to cancel the procedure If you select to delete the VLAN the following confirmation prompt is displayed Are you sure you want to delete this VLAN Yes No 7 Type Y to delete the VLAN or N to cancel the procedure Press Return If you select Yes the VLAN is deleted and the following message is displayed SUCCESS Please make sure to manually delete any static multi...

Page 489: ...s User s Guide Section VI Virtual LANs 489 8 Press any key 9 Repeat this procedure starting with Step 4 to delete other VLANs 10 To permanently save your changes return to the Main Menu and type S to select Save Configuration Changes ...

Page 490: ...table For instructions refer to Deleting Unicast and Multicast MAC Addresses on page 112 To return all ports to the default VLAN perform the following procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 3 to select Configure VLANs The Configure VLANs menu is shown in Figure 172 on ...

Page 491: ... except for the Default_VLAN because the VLANs have been deleted Those addresses should be deleted from the MAC address table For instructions on how to delete addresses refer to Deleting All Dynamic MAC Addresses on page 113 5 Press any key 6 To permanently save your changes return to the Main Menu and type S to select Save Configuration Changes ...

Page 492: ...Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 5 to select Show PVIDs The Show PVIDs menu is shown in Figure 179 Figure 179 Show PVIDs Menu The PVID column displays the current PVID value for each switch port Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show PVIDs Port PVID 01 22 02 22 03 1 04 1 ...

Page 493: ...frame As an example assume that a tagged frame with a VID of 4 is received on a port that is a member of a VLAN also with a VID of 4 In this case the port accepts the frame because both the frame and the port belong to the same VLAN If the frame and port belong to different VLANs the frame is discarded How do the egress rules apply when ingress filtering is disabled First any tagged frame is accep...

Page 494: ...om the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 1 to select Ingress Filtering Status The following prompt is displayed Enter Ingress Filtering Status E Enable D Disable 3 Type E to activate ingress filtering or D to disable the feature on the switch A change to the status of ingress filterin...

Page 495: ...ing sections Configuring GVRP on page 496 Enabling or Disabling GVRP on a Port on page 498 Converting a Dynamic GVRP VLAN on page 500 Displaying the GVRP Port Configuration on page 501 Displaying GVRP Counters on page 502 Displaying the GVRP Database on page 507 Displaying the GIP Connected Ports Ring on page 509 Displaying the GVRP State Machine on page 511 ...

Page 496: ...ect Configure GARP GVRP The GARP GVRP menu is shown in Figure 180 Figure 180 GARP GVRP Menu Note Selection 8 Configure GARP GVRP is not shown in the VLAN Configuration menu when the VLAN mode is multiple VLANs 3 From the GARP GVRP menu type 1 to select GVRP Status The following prompt is displayed Enter your new value E Enabled D Disabled Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11...

Page 497: ...VRP Join Timer The following prompt is displayed Enter new value in centi seconds 10 to 60 20 8 Enter a new value for the Join Timer field in centi seconds which are one hundredths of a second The default is 20 centiseconds If you change this field it must be in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer 9 Type 4 to select GVRP Leave Timer ...

Page 498: ...ollowing procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 6 to select Configure GARP GVRP The GARP GVRP menu is shown in Figure 180 on page 496 3 From the GARP GVRP menu type P to select GVRP Port Parameters The GVRP Port Parameters menu is shown in Figure 181 Figure 181 GVRP Po...

Page 499: ...0 to 1 0 7 Type 0 to select Normal or 1 to select None A setting of Normal means the port processes and propagates GVRP information This is the default setting A setting of None prevents the port from processing GVRP information and from transmitting PDUs 8 To permanently save your changes return to the Main Menu and type S to select Save Configuration Changes Allied Telesis AT 9424T SP AT S63 Mar...

Page 500: ...2 2 From the VLAN Configuration menu type 4 to select Configure VLANs Note If selection 4 Configure VLANs is not displayed in the menu the switch is running a multiple VLAN mode To change a switch s VLAN mode refer to Selecting a VLAN Mode on page 516 The Configure VLAN menu is shown in Figure 172 on page 473 3 From the Configure VLAN menu type 2 to select Modify VLAN The Modify VLAN menu is shown...

Page 501: ...he GVRP Port Parameters menu type 2 to select Display GVRP Port Configuration The Display GVRP Port Configuration menu is shown in Figure 183 Figure 183 Display GVRP Port Configuration Menu The Display GVRP Port Configuration menu provides the following information Mode Normal A list of ports that process and propagate GVRP information Mode None A list of ports that do not process GVRP information...

Page 502: ...e GARP GVRP menu is shown in Figure 180 on page 496 3 From the GARP GVRP menu type O to select Other GVRP Parameters The Other GVRP Parameters menu is shown in Figure 184 Figure 184 Other GVRP Parameters Menu 4 From the Other GARP Port Parameters menu type 1 to select Display GVRP Counters Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Other GVRP Parameters 1 Display...

Page 503: ...n Figure 186 The information in both menus is for display purposes only Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 GVRP Counters Receive Transmit Total GARP Packets 41 Total GARP Packets 166 Invalid GARP Packets 0 Discarded GARP Disabled 0 GARP Disabled 0 Port Not Listening 0 Port Not Sending 3117 Invalid Port 0 Invalid Protocol 0 Invalid Format 0 Database Full 0...

Page 504: ...us Menu Enter your selection Table 15 GVRP Counters Parameter Meaning Receive Total GARP Packets Total number of GARP PDUs received by this GARP application Transmit Total GARP Packets Total number of GARP PDUs transmitted by this GARP application Receive Invalid GARP Packets Number of invalid GARP PDUs received by this GARP application Receive Discarded GARP Disabled Number of received GARP PDUs ...

Page 505: ...ber of GARP PDUs discarded because the database for the GARP application was full that is the maximum number of attributes for the GARP application is in use Receive GARP Messages LeaveAll Number of GARP LeaveAll messages received by the GARP application Transmit GARP Messages LeaveAll Number of GARP LeaveAll messages transmitted by the GARP application Receive GARP Messages JoinEmpty Total number...

Page 506: ...d for all attributes in the GARP application Receive GARP Messages Empty Total number of GARP Empty messages received for all attributes in the GARP application Transmit GARP Messages Empty Total number of GARP Empty messages transmitted for all attributes in the GARP application Receive GARP Messages Bad Message Number of GARP messages that had an invalid Attribute Type value an invalid Attribute...

Page 507: ... Port Parameters menu is shown in Figure 184 on page 502 4 From the Other GARP Port Parameters menu type 2 to select Display GVRP Database The GVRP Database menu is shown in Figure 187 Figure 187 GVRP Database Menu The GVRP Database menu displays a table that contains the following columns of information GARP Application Identifies the GARP application that is GVRP GID index Value of the GID index...

Page 508: ...utes have been registered is displayed VLAN ID The VLAN ID Used Indicates whether the GID index is currently being used by any port in the GARP application The definition of used is whether the Applicant and Registrar state machine for the GID index are in a non initialized state that is not in Vo Mt state The value of this parameter is either Yes or No ...

Page 509: ...meters menu The Other GARP Parameters menu is shown in Figure 184 on page 502 4 From the Other GARP Port Parameters menu type 3 to select Display GIP Connected Ports Ring The GIP Connected Ports Ring menu is shown in Figure 188 Figure 188 GIP Connected Ports Ring Menu The GIP Connected Ports Ring menu displays the following information GARP Application Identifies the GARP application that is GVRP ...

Page 510: ...tance associated with the GIP context Connected Ring The ring of connected ports Only ports presently in the spanning tree Forwarding state are eligible for membership in the GIP connected ring If no ports exist in the GIP connected ring No ports are connected is displayed If the GARP application has no ports No ports have been assigned is displayed ...

Page 511: ...ure GARP GVRP The GARP GVRP menu is shown in Figure 180 on page 496 3 From the GARP GVRP menu type O to select Other GVRP Parameters menu The Other GVRP Parameters menu is shown in Figure 184 on page 502 4 From the Other GVRP Parameters menu type 4 to Display GVRP State Machine The GVRP State Machine menu page 1 is shown in Figure 189 Figure 189 GVRP State Machine Menu page 1 5 Enter a VLAN ID All...

Page 512: ...Machine State Machine for VLAN 1 Port App Reg Port App Reg Port App Reg Port App Reg 1 Aa Fix 2 Aa Fix 3 Vo Mt 4 Vo Fix 5 VO Fix 6 Vo Fix 7 VO Mt 8 Vo Fix 9 Vo Fix 10 Vo Fix 11 Vo Mt 12 Vo Fix 13 Vo Fix 14 Vo Fix 15 Vo Mt 16 Vo Fix 17 Aa Fix 18 Vo Fix 19 Vo Mt 20 Vo Fix 21 Vo Mt 22 Vo Mt 23 Aa FIx 24 Aa Fix U Update Display R Return to Previous Menu Enter your selection Table 16 GVRP State Machine...

Page 513: ...ember Va Very Anxious Active Member Aa Anxious Active Member Qa Quiet Active Member La Leaving Active Member App Continued Non Participant Management state Von Very Anxious Observer Aon Anxious Observer Qon Quiet Observer Lon Leaving Observer Vpn Very Anxious Passive Member Apn Anxious Passive Member Qpn Quiet Passive Member Van Very Anxious Active Member Aan Anxious Active Member Qan Quiet Active...

Page 514: ...cular port One of Mt Empty Lv3 Leaving substate 3 final Leaving substate Lv2 Leaving substate 2 Lv1 Leaving substate 1 Lv Leaving substate initial Leaving substate In In Fix Registration Fixed For Registration Forbidden The initialized state for the Registrar is Mt Table 16 GVRP State Machine Parameters Continued Parameter Meaning ...

Page 515: ...Section VI Virtual LANs 515 Chapter 26 Multiple VLAN Modes This chapter contains the following sections Selecting a VLAN Mode on page 516 Displaying VLAN Information on page 518 ...

Page 516: ...the following procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 2 to select VLANs Mode The following prompt is displayed Enter VLAN Mode U UserConfig M Multiple Q 802 1Q Multiple VLANs 3 Select one of the following VLAN modes Q 802 1Q Multiple VLAN mode M Non 802 1Q compliant mul...

Page 517: ...ement Software Menus User s Guide Section VI Virtual LANs 517 The new VLAN mode is now active on the switch 5 To permanently save your changes return to the Main Menu and type S to select Save Configuration Changes ...

Page 518: ...iguration menu multiple VLAN mode is shown in Figure 191 Figure 191 VLAN Configuration Menu Multiple VLAN Mode 2 From the VLAN Configuration menu type 5 to select Show Multiple VLANs Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 VLAN Configuration 1 Ingress Filtering Status Enabled 2 VLANs Mode Multiple VLANs 3 Management VLAN 1 Default_VLAN 4 Configure VLANs 5 Show...

Page 519: ...e of the VLAN Untagged Port The untagged ports that are part of the VLAN Uplink Port The uplink port for the VLAN VLAN ID The VLAN ID Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show Multiple VLANs Name Untagged Port Uplink Port VLAN ID Client_1 1 24 1 Client_2 1 24 1 Client_3 1 24 1 Client_4 1 24 1 Client_5 1 24 1 Client_6 1 24 1 Client_7 1 24 1 Client_8 1 24 1 N...

Page 520: ...Chapter 26 Multiple VLAN Modes 520 Section VI Virtual LANs ...

Page 521: ...Ns This chapter explains protected ports VLANs It contains the following sections Creating a Protected Ports VLAN on page 522 Modifying a Protected Ports VLAN on page 525 Displaying a Protected Ports VLAN on page 528 Deleting a Protected Ports VLAN on page 530 ...

Page 522: ...s the default setting Port Based 4 Type 1 to select VLAN Name The following prompt is displayed Enter new value 5 Type a name for the new protected ports VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflect the function of the nodes that will be a part of the protected ports VLAN for example InternetGroups The name cannot contain spaces or special char...

Page 523: ...that VID number is already being used by another VLAN on the network To prevent inadvertently using the same VID for two different VLANs you should keep a list of all your network VLANs and their VID values Note A VLAN must have a VID 8 If the VLAN will contain tagged ports type 4 to select Tagged Ports and specify the ports You can specify the ports individually e g 2 3 5 as a range e g 7 9 or bo...

Page 524: ... 7 9 or both e g 2 5 7 9 The following prompt is displayed Enter Group Number 15 Enter a group number for the port s Each group on a switch must be given a unique group number The range is 1 to 256 16 If there are unassigned ports in the VLAN the prompt in Step 13 is displayed again showing the unassigned ports You must repeat Steps 14 and 15 creating additional groups until all of the ports in th...

Page 525: ...dd untagged ports the ports must be untagged members of the Default_VLAN or a port based or tagged VLAN They can not be members of another protected ports VLAN An untagged port removed from a VLAN is automatically returned to the Default_VLAN Note You need to know the VID of a VLAN to modify it To view VLAN VIDs refer to Displaying a Protected Ports VLAN on page 528 To modify a protected ports VLA...

Page 526: ...t be changed 4 Tagged Ports Use this selection to specify the tagged ports of the VLAN You can specify the ports individually e g 2 3 5 as a range e g 7 9 or both e g 2 5 7 9 The new list of tagged ports replaces the existing list To retain tagged ports you must include them in the new list 5 Untagged Ports Use this selection to specify the untagged ports of the VLAN You can specify the ports indi...

Page 527: ...he VLAN This can be a small as one port or as many as all the remaining ports of the VLAN You can specify the ports of the group individually e g 2 3 5 as a range e g 7 9 or both e g 2 5 7 9 The following prompt is displayed Enter Group Number 10 Enter a group number for the port s Each group on a switch must be given a unique group number The range is 1 to 256 11 If there are unassigned ports in ...

Page 528: ...re 195 Show VLANs Menu 3 To view additional information about a protected ports VLAN type D to select Detail Information Display The following prompt is displayed Enter new value 4 Enter the VID of a protected ports VLAN Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show VLANs VID VLAN Name VLAN Type Protocol Member Port s 1 Default_VLAN Port Based Untagged Configur...

Page 529: ... The groups are listed by group number followed by the port numbers For example in Figure 196 the uplink port for the VLAN is port 24 and Group 1 consists of ports 8 and 11 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show VLANs VID VLAN Name VLAN Type Protocol Untagged U Tagged T 3 Production Protected U 8 19 Protected T 24 Group Ports Uplink 24 1 8 11 2 12 15 3 1...

Page 530: ...2 on page 473 3 From the Configure VLANs menu type 3 to select Delete VLAN The Delete VLAN menu is shown in Figure 197 Figure 197 Delete VLAN Menu 4 Type 1 to select VLAN ID VID The following prompt is displayed Enter new value 2 to 4094 5 Enter the VID of the VLAN to be deleted You can specify only one VID at a time Note You cannot delete the Default_VLAN which has a VID of 1 Allied Telesis AT 94...

Page 531: ...e any static multicast MAC address es entries for this VLAN Press any key to continue All untagged ports in the deleted VLAN are returned to the Default_VLAN as untagged ports Any static addresses assigned to the ports of the VLAN are now obsolete Those addresses should be deleted from the MAC address table For instructions on how to delete addresses refer to Deleting Unicast and Multicast MAC Add...

Page 532: ...Chapter 27 Protected Ports VLANs 532 Section VI Virtual LANs ...

Page 533: ...s for creating MAC address based VLANs Sections in the chapter include Creating a MAC Address based VLAN on page 534 Adding and Deleting MAC Addresses on page 536 Adding and Deleting Egress Ports on page 538 Deleting a MAC Address based VLAN on page 540 Displaying MAC Address based VLANs on page 542 ...

Page 534: ...lect Configure VLANs The Configure VLANs menu is shown in Figure 172 on page 473 3 From the Configure VLANs menu type 1 to select Create VLAN The Create VLAN menu is shown in Figure 173 on page 473 4 Type 1 to select VLAN Name The following prompt is displayed Enter new value 5 Type a name for the new VLAN The name can be from one to fifteen alphanumeric characters in length The name should reflec...

Page 535: ...ugh 24 the AT S63 Management Software still uses VID 2 as the default value when you create the first VLAN on the new switch even though that VID number is already being used by another VLAN on the network You should keep a list of all your network VLANs and their VID values to prevent inadvertently using the same VID for two different VLANs 8 Type 3 to toggle VLAN Type to display MAC Based This i...

Page 536: ...n delete it For instructions refer to Adding and Deleting Egress Ports on page 538 To add or delete MAC addresses from a MAC address based VLAN perform the following procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 3 to select Configure VLANs The Configure VLANs menu is shown in...

Page 537: ...Address based VLANs on page 542 The following prompt is displayed Please enter MAC address 7 Enter the MAC address to add to or delete from the VLAN You can enter the address in either of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx The MAC address is added to or deleted from the VLAN 8 To add or delete more MAC addresses repeat this procedure starting with step 5 9 To permanently save ...

Page 538: ...resses on page 536 To add or delete egress ports from a MAC address perform the following procedure 1 From the Main Menu type 2 to select VLAN Configuration The VLAN Configuration menu is shown in Figure 171 on page 472 2 From the VLAN Configuration menu type 3 to select Configure VLANs The Configure VLANs menu is shown in Figure 172 on page 473 3 From the Configure VLANs menu type 2 to select Mod...

Page 539: ...of the following formats xx xx xx xx xx xx or xxxxxxxxxxxx The following prompt is displayed Please enter port number s 8 Enter the egress port for the address You can specify more than one port You can specify the ports individually e g 2 4 15 as a range e g 11 15 or both e g 2 4 11 17 If you are adding an egress port the port is immediately added to the MAC address If you are deleting an egress ...

Page 540: ...o select Configure VLANs The Configure VLANs menu is shown in Figure 172 on page 473 3 From the Configure VLANs menu type 3 to select Delete VLAN The Delete VLAN menu is shown in Figure 200 Figure 200 Delete VLAN Menu 4 From the Delete VLAN menu type 1 to select VLAN ID VID The following prompt is displayed Enter new value 2 to 4094 5 Enter the VID of the VLAN you want to delete You can specify on...

Page 541: ...N or N to cancel the procedure Press Return If you select Yes the VLAN is deleted and the following message is displayed SUCCESS Please make sure to manually delete any static multicast MAC address es entries for this VLAN Press any key to continue 8 Press any key 9 Repeat this procedure starting with Step 4 to delete other VLANs 10 To permanently save your changes return to the Main Menu and type...

Page 542: ...ased VLANs The Show VLANs menu displays a table that contains the following columns of information VID The VLAN ID VLAN Name Name of the VLAN VLAN Type The VLAN type The possible settings are Port Based The VLAN is a port based or tagged VLAN Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show VLANs VID VLAN Name VLAN Type Protocol Member Port s 1 Default_VLAN Port B...

Page 543: ...esses and egress ports of a MAC address based VLAN type D to select Detail Information Display The following prompt is displayed Enter VLAN ID 2 to 4094 2 4 Enter the VID of the VLAN The Detail Information Display menu is shown in Figure 203 Figure 203 Detail Information Display Allied Telesis AT 9448T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Detail Information Display VID VLAN Name V...

Page 544: ...Chapter 28 MAC Address based VLANs 544 Section VI Virtual LANs The lower portion of the display lists the MAC addresses of the VLAN and the egress ports ...

Page 545: ...nternet Protocol Routing The chapter in this section contains the procedures for managing routing interfaces of the Internet Protocol version 4 IPv4 packet routing feature The chapter is Chapter 29 Internet Protocol Version 4 Routing Interfaces on page 547 ...

Page 546: ...546 Section VII Internet Protocol Routing ...

Page 547: ...g a Routing Interface on page 554 Displaying the IP Address of the Local Interface on page 555 Setting the Default Route or Default Gateway on page 556 Setting the Local Interface on page 557 Setting the ARP Cache Timeout on page 558 Note The IPv4 packet routing feature consists of three components routing interfaces static routes and the Router Information Protocol RIP The menus interface support...

Page 548: ...onfiguration menu type I to select Configure Interface The Configure Interface menu lists the current routing interfaces on the switch An example is shown in Figure 204 Figure 204 Configure Interface Menu The columns in the table are Interface The name of an interface An interface name consists of VLAN followed the ID number VID of its VLAN assignment and an interface number separated by a dash Al...

Page 549: ...he Create Interface menu is shown in Figure 205 Figure 205 Create Interface Menu 5 Type 1 to select Interface Name The following prompt is displayed Enter Interface Name 6 Enter a name for the new interface An interface name consists of VLAN followed by the ID VID of the VLAN where the interface is to be assigned and an interface number separated by a dash e g vlan4 0 The VLAN must already exist o...

Page 550: ...et mask for the static address of the interface The default values are Class A address 255 0 0 0 Class B address 255 255 0 0 Class C address 255 255 255 0 The three values listed above are the only supported values because the value of a byte in a mask must be either 255 or 0 11 Type C to select Create Interface The following prompt is displayed Interface Created Successfully Press any key to cont...

Page 551: ...he menus interface That task must be performed from the command line interface using the SET IP INTERFACE command You cannot change the name of a routing interface The only way to change the VID or interface number of an interface is to delete the interface and recreate it To modify a routing interface perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 Fr...

Page 552: ...ps 8 and 9 if you selected DHCP or BOOTP in step 7 8 To change the subnet mask of a static IP address type 3 to select Subnet Mask The following prompt is displayed Enter Subnet Mask 9 Enter a new subnet mask for the static address of the interface The default values are Class A address 255 0 0 0 Class B address 255 255 0 0 Class C address 255 255 255 0 The three values listed above are the only s...

Page 553: ...is displayed Interface Modified Successfully Press any key to continue 11 Press any key The modifications are immediately implemented on the routing interface 12 To modify another routing interface repeat this procedure starting with step 4 13 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 554: ...evice s ability to function as the master switch Deleting the local interface of a switch during a remote Telnet or SSH management session immediately ends the session if you accessed the switch directly i e not through enhanced stacking To continue managing the switch you must start a local management session using the Terminal Port on the unit To delete a routing interface perform the following ...

Page 555: ...s described in Setting the ARP Cache Timeout on page 558 Selection T Configure System Time is described in Setting the System Time on page 38 Items 1 through 4 in the menu display the IP settings for the routing interface designated as the local interface on the switch There will be no IP settings if no interface has been designated as the local interface 1 Eth0 Interface This parameter displays t...

Page 556: ...uses this address as the next hop to reaching a remote network device such as a remote management workstation or a syslog server when the switch s local interface and the remote device are on different subnets To set the default route or default gateway of the switch perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu ty...

Page 557: ... Administration 2 From the System Administration menu type 2 to select System Configuration 3 From the System Configuration menu type I to select Configure Interface The Configure Interface menu is shown in Figure 204 on page 548 4 From the Configure Interface menu type E to select Set eth0 Interface The following prompt is displayed Enter Interface Name 5 Enter the name of the interface e g vlan2...

Page 558: ...The timer prevents the ARP table from becoming full with inactive entries An entry that is not used for the length of the timeout period is designated as inactive and is deleted from the table To set the ARP cache timeout value perform the following procedure 1 From the Main Menu type 5 to select System Administration 2 From the System Administration menu type 2 to select System Configuration 3 Ty...

Page 559: ...tion on the port security features of the AT 9400 Switch The chapters also explain how to configure these features from the menu interface of the AT S63 Management Software The chapters include Chapter 30 MAC Address based Port Security on page 561 Chapter 31 802 1x Port based Network Access Control on page 569 ...

Page 560: ...560 Section VIII Port Security ...

Page 561: ...rned or manually added to the switch s MAC address table to control which end nodes can forward packets through the device The sections in this chapter include Configuring MAC Address Port Security on page 562 Displaying Port Security Levels on page 566 Note This type of port security does not apply to ports located on optional GBIC SFP or XFP modules ...

Page 562: ...pt is displayed Enter Port List 4 Enter the port where you want to set MAC address port security You can specify one port or a range or ports for example 4 8 The Configure Port Security menu is shown in Figure 208 Figure 208 Configure Port Security Menu 1 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Port Security 1 Configure Port Security 2 Display Port Security R ...

Page 563: ...ic MAC addresses You must enter the static MAC addresses of the nodes with frames the port is to accept after you have activated this security mode on a port locked Sets the switch to the Locked security mode The port stops learning new dynamic MAC addresses The port forwards frames based on static MAC addresses and those dynamic addresses it has already learned 7 Do one of the following If you se...

Page 564: ...es you want the port to be able to learn The range is 1 to 255 The default is 100 9 To set the intrusion action for the port do the following a Type 3 to select Intruder Action The following prompt is displayed Enter intrusion action N Discard T Trap D Disable b Select the desired intrusion action N Discard The port discards invalid frames This is the default T Trap The port discards invalid frame...

Page 565: ... set to trap or disable This option does not apply when intrusion action is set to discard If this option is set to No when intrusion action is set to trap or disable the port discards invalid packets but it does not send an SNMP trap or disable the port If you want the switch to send a trap and or disable the port be sure to sent this option to Yes 11 To permanently save your change return to the...

Page 566: ... in Figure 210 Figure 210 Display Port Security Menu The Display Port Security menu displays a table that contains the following columns of information Port The number of the port Security Mode The active security mode on the port Threshold The maximum number of dynamic MAC addresses the port learns It only applies when a port is operating in the Limited security mode Allied Telesis AT 9424T SP AT...

Page 567: ...nvalid frames sends a trap and disables the port Note Though this is not reflected in the Display Port Security menu ports operating in the Secure or Locked security mode discard all invalid frames Participating This column applies only when the intrusion action for a port operating in the Limited security mode is set to trap or disable This option does not apply when intrusion action is set to No...

Page 568: ...Chapter 30 MAC Address based Port Security 568 Section VIII Port Security ...

Page 569: ...ecurity by restricting access to the network ports on the switch Sections are as follows Setting Port Roles on page 570 Enabling or Disabling 802 1x Port based Network Access Control on page 572 Configuring Authenticator Port Parameters on page 573 Configuring Supplicant Port Parameters on page 579 Displaying the Port Access Parameters on page 582 Configuring RADIUS Accounting on page 584 ...

Page 570: ...wn in Figure 211 Figure 211 Port Access Control 802 1X Menu 3 From the Port Access Control menu type 3 to select Configure Port Access Role The following prompt is displayed Enter port list 4 Enter the port whose role you want to change You can configure more than one port at a time You can specify ports individually for example 5 7 22 as a range for example 18 23 or both for example 1 5 14 22 All...

Page 571: ...nected to a supplicant type A to set the port s role to Authenticator If the port is connected to an authenticator type S to set the port s roles to Supplicant 7 Repeat this procedure starting with Step 3 to configure the role of the other ports on the switch After you have set port roles go to Configuring Authenticator Port Parameters on page 573 and Configuring Supplicant Port Parameters on page...

Page 572: ...ters on page 579 To enable or disable 802 1x Port based Network Access Control perform the following procedure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 2 to select Port Access Control 802 1X The Port Access Control 802 1X menu is shown in Figure 211 on page 570 3 From the ...

Page 573: ...ess Control 802 1X The Port Access Control 802 1X menu is shown in Figure 211 on page 570 3 From the Port Access Control menu type 4 to select Configure Authenticator The Configure Authenticator menu is shown in Figure 213 Figure 213 Configure Authenticator Menu 4 From the Configure Authenticator menu type 1 to select Configure Authenticator Port Access Parameters The following prompt is displayed...

Page 574: ...ntication The authenticator port extracts the source MAC address from the initial frames received from a supplicant and automatically sends the address as both the username and password of the supplicant to the authentication server Supplicant nodes must have 802 1x client software for this authentication method Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Configur...

Page 575: ...from a supplicant The switch requests the identity of the client and begins relaying authentication messages between the client and the authentication server Each client that attempts to access the network is uniquely identified by the switch using the client s MAC address This is the default setting Force authorized Disables IEEE 802 1X port based authentication and causes the port to transition ...

Page 576: ...r port uses the VLAN assignments returned by a RADIUS server Options are Enabled Specifies that the authenticator port is to use the VLAN assignment returned by the RADIUS server when a supplicant logs on This is the default setting The port automatically moves to the designated VLAN after the supplicant successfully logs on Disabled Specifies that the authenticator port ignore any VLAN assignment...

Page 577: ...kets from or to the same client until the client logs in This is the default Note This parameter is only available when the authenticator s mode is set to Single When set to Multiple a port does not forward ingress or egress broadcast or multicast packets until at least one client has logged on D Piggyback Mode This parameter controls who can use the switch port in cases where there are multiple c...

Page 578: ...Chapter 31 802 1x Port based Network Access Control 578 Section VIII Port Security 8 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 579: ...ess Control 802 1X menu is shown in Figure 211 on page 570 3 From the Port Access Control menu type 5 to select Configure Supplicant The Configure Supplicant menu is shown in Figure 213 Figure 215 Configure Supplicant Menu 4 From the Configure Supplicant menu type 1 to select Configure Authenticator Port Access Parameters The following prompt is displayed Enter port list 5 Enter the supplicant por...

Page 580: ... The default value is 60 3 Max Start Max start is the maximum number of times the supplicant sends EAPOL Start frames before assuming that there is no authenticator present The range is 1 to 10 The default is 3 4 Start Period The start period is the time period in seconds between successive attempts by the supplicant to establish contact with an authenticator when there is no reply The range is 1 ...

Page 581: ...entication server for verification when the port logs on to the network The password can be from 1 to 16 alphanumeric characters A to Z a to z 1 to 9 Do not use spaces or special characters such as asterisks or exclamation points The password is case sensitive 7 Repeat this procedure starting with Step 4 to configure additional supplicant ports on the switch 8 After making changes type R until you...

Page 582: ...rom the Port Access Control menu type 6 to select Display Port Access status The Display Port Access Status menu is shown in Figure 217 Figure 217 Display Port Access Status Menu The Display Port Access Status menu displays a table that contains the following columns of information Port Port number Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2006 Display Port Access St...

Page 583: ...her a port is configured as an authenticator or a supplicant The State field can have the following values for an authenticator port Aborting Authenticated Authenticating Connecting Disconnected Force_Auth Force_Unauth Held Initialize The State field can have the following values for a supplicant port Acquired Authenticated Authenticating Connecting Disconnected Held Logoff Additional Info This fi...

Page 584: ...rm the following procedure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 2 to select Port Access Control 802 1X The Port Access Control 802 1X menu is shown in Figure 211 on page 570 3 From the Port Access Control 802 1X menu type 7 to select Configure Accounting The RADIUS Acc...

Page 585: ...o the RADIUS server The options are Start_Stop The switch sends accounting information whenever a client logs on or logs off the network This is the default Stop The switch sends accounting information only when a client logs off 5 Update Status This parameter controls whether the switch is to send interim accounting updates to the RADIUS server The default is disabled If you enable this feature u...

Page 586: ...Chapter 31 802 1x Port based Network Access Control 586 Section VIII Port Security ...

Page 587: ...ers also explain how to configure these features from the menu interface of the AT S63 Management Software The chapters include Chapter 32 Web Server on page 589 Chapter 33 Encryption Keys on page 595 Chapter 34 PKI Certificates and SSL on page 611 Chapter 35 Secure Shell SSH on page 633 Chapter 36 TACACS and RADIUS Protocols on page 639 Chapter 37 Management Access Control List on page 651 ...

Page 588: ...588 Section IX Management Security ...

Page 589: ...erver The chapter provides an overview of the web server feature and procedures for configuring the server It contains the following sections Configuring the Web Server on page 590 General Steps for Configuring the Web Server for Encryption on page 593 ...

Page 590: ...ecure mode until those steps have been completed For instructions refer to Chapter 33 Encryption Keys on page 595 and Chapter 34 PKI Certificates and SSL on page 611 For an overview of all the steps see General Steps for Configuring the Web Server for Encryption on page 593 To change an HTTP or HTTPS setting you must perform the entire procedure For example to change the port number for HTTP you m...

Page 591: ...mode This setting activates the SSL protocol on the web server When you choose HTTPS the following prompt is displayed Enter SSL Key ID 2 Enter an SSL Key ID Enter the ID number of an encryption key on the switch To view the encryption key IDs refer to Creating an Encryption Key on page 596 The encryption key and its certificate must already exist on the switch and the certificate must be in the c...

Page 592: ...2 Section IX Management Security The default port number for HTTP is 80 The default port number for HTTPS is 443 1 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 593: ...pair as explained in Creating a Self signed Certificate on page 612 4 Add the certificate to the certificate database as explained in Adding a Certificate to the Database on page 616 5 Configure the web server on the switch by activating HTTPS and specifying the key pair used to create the certificate as the active key This step is explained in Configuring the Web Server on page 590 General Steps ...

Page 594: ... or a TFTP server as explained in Downloading a System File on page 182 7 Add the certificates to the certificate database as explained in Adding a Certificate to the Database on page 616 8 Configure the web server on the switch by activating HTTPS and specifying the key pair used to create the enrollment request as the active key This step is explained in Configuring the Web Server on page 590 ...

Page 595: ...g with relevant guidelines For additional information refer to the Technical Overview section The sections in this chapter include Creating an Encryption Key on page 596 Deleting an Encryption Key on page 600 Modifying an Encryption Key on page 601 Exporting an Encryption Key on page 602 Importing an Encryption Key on page 605 Displaying the Encryption Keys on page 608 For an overview of the proce...

Page 596: ... From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 7 to select Keys Certificate Configuration The Keys Certificate Configuration menu is shown in Figure 221 Figure 221 Keys Certificate Configuration Menu 3 From the Keys Certificates Configuration menu type 2 to select Key Management ...

Page 597: ...T S63 Marketing User Manager 11 20 02 02 Mar 2005 Key Management ID Algorithm Length Digest Description 1 RSA Private 512 642C6FC8 Marketing Switch key 1 2 RSA Private 512 5333E64F Marketing Switch key 2 1 Create Key 2 Delete Key 3 Modify Key 4 Export Key to File 5 Import Key from File N Next Page U Update Display R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Mar...

Page 598: ...y valid value within the range For SSH host and server key pairs the two keys must be created separately and be of different lengths of at least one increment 256 bits apart The recommended length is 768 bits for the server key and 1024 bits for the host key 9 Type 4 to select Key Description The following prompt is displayed Enter new Description 10 Enter a description for the key For instance th...

Page 599: ...is procedure This type of change is automatically saved by the management software To create a self signed certificate using the new encryption key go to Creating a Self signed Certificate on page 612 To create an enrollment request go to Generating an Enrollment Request on page 627 If you created server and host keys for SSH encryption go to Configuring SSH on page 634 to configure the SSH server...

Page 600: ...dure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 7 to select Keys Certificate Configuration The Keys Certificate Configuration menu is shown in Figure 221 on page 596 3 From the Keys Certificates Configuration menu type 2 to select Key Management The Key Management menu is sh...

Page 601: ... 2 to select Key Management The Key Management menu is shown in Figure 222 on page 597 4 From the Key Management menu type type 3 to select Modify Key The following prompt is displayed Enter Key Id to modify 0 to 65535 0 5 Enter the ID of the key whose description you want to modify The following prompt is displayed Enter new Description 6 Enter the new description for the key The description can ...

Page 602: ...n upload it onto the SSH management session for incorporation in your SSH client software You should not use this procedure to export a public key being used for SSL Typically an SSL public key only has value when incorporated into a certificate or enrollment request To export a public key into the file system perform the following procedure 1 From the Main Menu type 7 to select Security and Servi...

Page 603: ...oring files Select this option for SSL configuration This is the default SSH A format for a Secure Shell SSH environment Select this option for a SSH server or client 8 Type 4 to select Key File Name The following prompt is displayed Enter filename key 9 Specify the file name of the key The file name can be from one to eight alphanumeric characters not including the extension Spaces are allowed Th...

Page 604: ...Please wait Done 11 Press any key to return to the Key Management menu To view the public key in the switch s file system refer to Displaying System Files on page 159 Returning to the Main Menu to save your changes is not necessary with this procedure This type of change is automatically saved by the management software ...

Page 605: ...ey Management menu If you are unsure how to display the menu perform steps 1 to 3 in Creating an Encryption Key on page 596 To import a public key perform the following procedure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 From the Security and Services menu type 7 to select Keys Certificate Configuration The Keys C...

Page 606: ...e 7 Type 3 to select Key File Format to choose the format of the key The possible options are HEX An internal format for storing files Select this option for SSL configuration This is the default SSH A format for a Secure Shell SSH environment Select this option for a SSH server or client 8 Type 4 to select Key File Name The following prompt is displayed Enter filename key 9 Specify the file name ...

Page 607: ... 159 10 Type 5 to select Import Key From File to import a key to the switch from an external file The following message is displayed Key Import in Progress Please wait Done After you receive this message the key is added to the Key Management database See the Key Management menu in Figure 222 on page 597 Returning to the Main Menu to save your changes is not necessary with this procedure This type...

Page 608: ...elect Key Management The Key Management Menu is shown in Figure 226 Figure 226 Key Management Menu The Key Management menu displays a table that contains the following columns of information ID The identification number of the key Algorithm The algorithm used in creating the encryption This is always RSA Private Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Key Mana...

Page 609: ...63 Management Software Menus User s Guide Section IX Management Security 609 Length The length of the key in bits Digest The CRC32 value of the MD5 digest of the public key Description The key s description ...

Page 610: ...Chapter 33 Encryption Keys 610 Section IX Management Security ...

Page 611: ...tes along with relevant guidelines For additional information refer to the Technical Overview section This chapter contains the following sections Creating a Self signed Certificate on page 612 Adding a Certificate to the Database on page 616 Modifying a Certificate on page 619 Deleting a Certificate on page 622 Viewing a Certificate on page 624 Generating an Enrollment Request on page 627 Install...

Page 612: ...ons refer to Creating an Encryption Key on page 596 During this procedure you are prompted to enter the ID number of the encryption key pair to be used to create the certificate If you have forgotten the ID number of the key refer to Creating an Encryption Key on page 596 to view key ID numbers To create a self signed certificate perform the following procedure 1 From the Main Menu type 7 to selec...

Page 613: ...d to the database The switch s web server can only use a certificate if it is in the database Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Public Key Infrastructure PKI Configuration 1 Maximum Number of Certificates 256 2 X509 Certificate Management 3 Generate Enrollment Request R Return to Previous Menu Enter your selection Allied Telesis AT 9424T SP AT S63 Market...

Page 614: ... certificate The following prompt is displayed Enter certificate name 24 char max 7 Enter a file name for the certificate This is the file name under which the certificate will be stored in the AT S63 file system The name can be up to 24 alphanumeric characters Spaces are allowed Note The AT S63 Management Software automatically adds a cer extension to the filename 8 Type 2 to select Key Pair ID T...

Page 615: ...serial number 0 to 2147483647 0 12 Enter a value between 0 and 2 147 483 647 Self signed certificates are usually assigned a serial number of 0 13 Type 5 to select Subject DN and enter a distinguished name for the certificate Do not enclose the distinguished name in quotes Note If you did not enter a distinguished name in step 2 then you need to enter one here A certificate must have a distinguish...

Page 616: ...ates Configuration menu is shown in Figure 221 on page 596 3 From the Keys Certificate menu type 3 to select Public Key Infrastructure PKI Configuration The Public Key Infrastructure PKI Configuration menu is shown in Figure 227 on page 613 4 From the Public Key Infrastructure PKI Configuration menu type 2 to select X509 Certificate Management The X509 Certificate Management menu is shown in Figur...

Page 617: ...es you have verified the certificate is from a trusted CA This is the default Untrusted This value indicates the certificate is from an untrusted CA either because you have not verified the CA or have verified the CA is untrusted Note This parameter has no affect on the operation of a certificate The parameter is included only for informational purposes when the certificate is displayed in the cer...

Page 618: ...d a self signed certificate and gave it the name webserver127 the filename of the certificate would be webserver127 cer If you have forgotten the filename of the certificate refer to Displaying System Files on page 159 12 Type 5 to select Add Certificate to add the certificate to the certificate database The AT S63 Management Software adds the certificate to the database a process that requires on...

Page 619: ...ity and Services 2 From the Security and Services menu type 7 to select Keys Certificates Configuration The Keys Certificates Configuration menu is shown in Figure 221 on page 596 3 From the Keys Certificate menu type 3 to select Public Key Infrastructure PKI Configuration The Public Key Infrastructure PKI Configuration menu is shown in Figure 227 on page 613 4 From the Public Key Infrastructure P...

Page 620: ...you have verified the CA is untrusted 8 Type 3 to select Type The possible settings are EE The certificate was issued by a CA such as VeriSign This is the default CA The certificate belongs to a CA Self This certificate is a self signed certificate The switch treats this type of certificate as its own 9 Type 4 to select Modify Certificate Your changes are implement in the certificate The following...

Page 621: ...AT S63 Management Software Menus User s Guide Section IX Management Security 621 10 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 622: ...rent certificate For instructions refer to Configuring the Web Server on page 590 To delete a certificate from the certificate database perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 7 to select Keys Certificates Configuration The Keys Certificates Configuration menu is shown in Figure 221 on page 596 3 From th...

Page 623: ...AT S63 Management Software Menus User s Guide Section IX Management Security 623 7 To permanently save your change return to the Main Menu and type S to select Save Configuration Changes ...

Page 624: ...es Configuration 3 From the Keys Certificate menu type 3 to select Public Key Infrastructure PKI Configuration The Public Key Infrastructure PKI Configuration menu is shown in Figure 227 on page 613 4 From the Public Key Infrastructure PKI Configuration menu type 2 to select X509 Certificate Management The X509 Certificate Management menu is shown in Figure 228 on page 613 5 From the X509 Certific...

Page 625: ...tificate The source for self signed certificates created by the switch is COMMAND Version The version of X 509 that the certificate complies with Serial Number The certificate s serial number Signature Alg The signature algorithm of the certificate Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 View Certificate Details Certificate Details Name Switch12 State Trusted ...

Page 626: ...ished name of the subject of the certificate Issuer The distinguished name of the issuer of the certificate MD5 Fingerprint The MD5 algorithm This value provides a unique sequence for each certificate consisting of 16 bytes SHA1 Fingerprint The Secure Hash Algorithm This value provides a unique sequence for each certificate consisting of 20 bytes Allied Telesis AT 9424T SP AT S63 Marketing User Ma...

Page 627: ...Encryption Key on page 596 For a review of all the steps to creating an enrollment request and downloading a certificate from a CA onto a switch refer to General Steps for a Public or Private CA Certificate on page 593 To generate an enrollment request perform the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security and Services menu type 7 to select ...

Page 628: ... if you enter certificate75 as the enrollment request name the enrollment request s filename will be certificate75 csr 9 Type 2 to select KeyPair ID The following prompt is displayed Enter keypair ID 0 to 65535 0 10 Enter a KeyPair ID between 0 and 65 535 11 Type 3 to toggle the Format selection between the following options DER Creates the certificate in a binary format This is the default PEM Cr...

Page 629: ...rollment request is now stored in the AT S63 file system To see the file refer to Displaying System Files on page 159 13 Press any key to return to the Public Key Infrastructure PKI Configuration menu 14 To submit the request to a CA upload it from the file system on the switch to your management station or to an FTP server on your network For instructions refer to Uploading a System File on page ...

Page 630: ...eated the encryption key pair and enrollment request Do not install the certificate on any other switch To install CA certificates on a switch perform the following procedure 1 Download the certificates from your management station or FTP server to the AT S63 file system on the switch For instructions refer to Downloading a System File on page 182 2 Load the certificates into the certificate datab...

Page 631: ...the following procedure 1 From the Main Menu type 7 to select Security and Services 2 From the Security Configuration menu type 7 to select Keys Certificates Configuration The Keys Certificates Configuration menu is shown in Figure 221 on page 596 Selection 1 Maximum Number of Certificates shows the current setting 3 To change the maximum number of certificates type 1 to select Maximum Number of C...

Page 632: ... sessions is used to speed up a connection By increasing the number of sessions you increase HTTPS performance However increasing the number of sessions also increases the memory requirements The default is 50 4 Type 2 to select Session Cache Timeout to increase or decrease the timer that determines when the session cache times out The following prompt is displayed Enter Cache timeout value 1 to 6...

Page 633: ...r contains overview information about the Secure Shell SSH protocol as well a procedure for configuring this protocol on a switch using a local or Telnet management session It contains the following sections Configuring SSH on page 634 Displaying SSH Information on page 637 ...

Page 634: ...mit SSH client connections Note Allied Telesis recommends disabling the Telnet server before you enable SSH Otherwise the security functions provided by SSH are lost See Configuring the Telnet Server on page 47 To configure the SSH protocol perform the following procedure 1 From the Main Menu type 7 to select Security and Services The Security and Services menu is shown in Figure 71 on page 220 2 ...

Page 635: ...he server key to expire The following prompt is displayed Enter Server Key Expiry Time 0 to 5 0 This timer determines how often the server key is regenerated A server key is regenerated for security purposes A server key is only valid for the time period configured in the Server Key Expiry Expiration Time timer Allied Telesis recommends you set this field to 1 With this setting a new key is genera...

Page 636: ...hile you are configuring the protocol This is the default Note When there are active SSH connections you cannot disable the SSH server If you attempt to disable the SSH server when it is in this state you receive a warning message Note Allied Telesis recommends disabling the Telnet server before you enable SSH Otherwise the security provided by SSH is lost 8 After making changes type R to until yo...

Page 637: ...rmation Menu The Show Server Information menu provides the following information Versions Supported The versions of SSH which are supported by the AT S63 Management Software Server Status Whether or not the SSH server is enabled or disabled Server Port The well known port for SSH The default is port 22 Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show Server Inform...

Page 638: ...me in seconds until a SSH server is released from an incomplete connection with a SSH client Authentication Available Authentication method available Currently password authentication is the only supported method Ciphers Available SSH ciphers that are available on the switch MACs Available Message Authorization Code MAC that is used to validate incoming SSH messages to the server Two algorithms ar...

Page 639: ... for the two authentication protocols TACACS and RADIUS Sections in the chapter include Enabling or Disabling Server based Management Authentication on page 640 Configuring the TACACS Client on page 642 Displaying the TACACS Settings on page 644 Configuring the RADIUS Client on page 645 Displaying RADIUS Status and Settings on page 648 ...

Page 640: ...with the switch This procedure does not affect 802 1x port based access control To control that feature refer to Enabling or Disabling 802 1x Port based Network Access Control on page 572 To enable or disable server based management authentication perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page ...

Page 641: ...802 1x port based access control feature described in Chapter 31 802 1x Port based Network Access Control on page 569 When Option 1 is set to disabled the default setting the switch uses the default manager and operator accounts When set to enabled the switch seeks its manager accounts from a TACACS or RADIUS authentication server The following prompt is displayed Server Based User Authentication ...

Page 642: ...pe 3 to select TACACS Configuration The TACACS Client Configuration menu is shown in Figure 239 Figure 239 TACACS Client Configuration Menu 4 Adjust the following parameters as necessary 1 TAC Server 1 2 TAC Server 2 3 TAC Server 3 Use these parameters to specify the IP addresses of up to three network servers containing TACACS server software After you have entered an IP address you will see the ...

Page 643: ...ryption secret rather then entering the same secret when you enter the IP addresses you can use this option to enter the secret just once The maximum length is 39 characters 5 TAC Timeout This parameter specifies the maximum amount of time the switch waits for a response from a TACACS server before assuming the server is not responding If the timeout expires and the server has not responded the sw...

Page 644: ...n Figure 240 Figure 240 TACACS Client Configuration Menu The TACACS Client Configuration menu provides the following information TAC Server 1 TAC Server 2 TAC Server 3 The IP addresses of the TACACS servers TAC Global Secret Global encryption secret if all the servers use the same one The maximum length is 39 characters TAC Timeout The maximum amount of time the switch waits for a response from a ...

Page 645: ... RADIUS servers This option is useful if you will be entering more than one RADIUS server and all the servers share the same encryption key The maximum length is 39 characters The default is ATI Global Server Timeout period This parameter specifies the maximum amount of time the switch waits for a response from a RADIUS server before assuming that the server does not respond If the timeout expires...

Page 646: ...Key Use this option to specify the encryption key for the RADIUS server If you are using the RADIUS client software to support 802 1x port based network access control but not new manager accounts no further steps are required after you configure the parameters in the RADIUS Server Configuration menu You can return to the main menu and type S to select Save Configuration Changes However if you are...

Page 647: ...AT S63 Management Software Menus User s Guide Section IX Management Security 647 6 To activate the feature perform the procedure Enabling or Disabling Server based Management Authentication on page 640 ...

Page 648: ... 3 From the Authentication Configuration menu type 4 to select RADIUS Configuration The RADIUS Client Configuration menu is shown in Figure 241 on page 645 4 From the RADIUS Client Configuration menu type 6 to select Show Status The Show Status menu is shown in Figure 243 Figure 243 Show Status Menu Allied Telesis AT 9424T SP AT S63 Marketing User Manager 11 20 02 02 Mar 2005 Show Status Global Co...

Page 649: ...ollowing columns of information Server IP Address IP address of the RADIUS server Auth Port UDP port of the RADIUS protocol Encryption Key Encryption key for the RADIUS server Auth Req Number of authentication requests the switch has made to the RADIUS server Auth Resp Number of responses that the switch has received back from the server ...

Page 650: ...Chapter 36 TACACS and RADIUS Protocols 650 Section IX Management Security ...

Page 651: ...curity 651 Chapter 37 Management Access Control List Sections in this chapter include Enabling or Disabling the Management ACL on page 652 Creating an ACE on page 654 Deleting an ACE on page 658 Displaying the ACEs on page 659 ...

Page 652: ...ession For instructions on how to add ACEs refer to Creating an ACE on page 654 To enable or disable the Management ACL perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page 32 2 From the System Administration menu type 7 to select Management ACL The Management ACL Configuration menu is shown in Figur...

Page 653: ...ote If you activate the feature while managing the switch from a Telnet management session your management session will end and you will not be able to reestablish it if the management ACL does not contain an ACE that specifies your management workstation 4 After making changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 654: ...y Every ACE must have a unique number The range is 1 to 256 The following prompt is displayed Enter the IP address 5 Enter the IP address of a specific management station for example 149 11 11 11 or a subnet for example 149 11 11 0 The following prompt is displayed Enter the Mask 6 Enter a mask that indicates the parts of the IP address the switch should filter on A binary 1 indicates the switch s...

Page 655: ...rmits Telnet management Web Permits web browser management Ping Permits the management workstation to ping the switch All Permits all of the above You can specify more than one by separating the selections with a comma for example Telnet Ping The new ACE is added to the ACL 8 After making your changes type R until you return to the Main Menu Then type S to select Save Configuration Changes ...

Page 656: ...on page 652 3 From the Management ACL Configuration menu type 3 to select Modify Management ACL Entry The following prompt is displayed Enter the entry ID 1 to 256 1 4 Enter the identification number of the ACE you want to modify You can modify one ACE at a time The specifications of the selected ACE are displayed in the Modify Management ACL Entry window An example of the window is shown in Figur...

Page 657: ...entry s ID number For information on an entry s IP address network mask and applications refer to steps 5 6 and 7 in the procedure Creating an ACE on page 654 6 After entering your changes type M to select Modify Management ACL Entry Your changes are immediately implemented on the switch 7 After making your changes type R until you return to the Main Menu Then type S to select Save Configuration C...

Page 658: ... To delete an ACE perform the following procedure 1 From the Main Menu type 5 to select System Administration The System Administration menu is shown in Figure 1 on page 32 2 From the System Administration menu type 7 to select Management ACL The Management ACL Configuration menu is shown in Figure 244 on page 652 3 From the Management ACL Configuration menu type 4 to select Delete Management ACL ...

Page 659: ...isplay All Management ACL Entries menu is shown in Figure 246 Figure 246 Display All Management ACL Entries Menu The menu provides the following information about the ACEs ID The entry s identification number IP Address The IP address of a management station or a subnet Mask The parts of the IP address the switch is filtering on Application The application that the management station is permitted ...

Page 660: ...Chapter 37 Management Access Control List 660 Section IX Management Security ...

Page 661: ...d rate terminal port 48 boot configuration file See configuration file bridge forwarding delay Multiple Spanning Tree Protocol MSTP 442 Rapid Spanning Tree Protocol RSTP 432 Spanning Tree Protocol STP 424 bridge hello time Multiple Spanning Tree Protocol MSTP 442 Rapid Spanning Tree Protocol RSTP 432 Spanning Tree Protocol STP 424 bridge identifier Multiple Spanning Tree Protocol MSTP 443 Rapid Sp...

Page 662: ...configuring 280 mirror port 282 DER certificate format 628 DER certificates format 615 distinguished name configuring 612 615 document conventions 25 DoS See Denial of Service DoS defense downloading files 168 182 duplex mode 68 dynamic GVRP VLAN converting 500 E edge port Multiple Spanning Tree Protocol MSTP 459 Rapid Spanning Tree Protocol RSTP 435 edge port parameter 459 egress ports adding 538...

Page 663: ...l IGMP snooping configuring 296 disabling 300 displaying host nodes 301 multicast routers 303 enabling 300 host topology 297 host router timeout value 298 maximum multicast groups 298 router ports 298 intrusion action displaying 566 selecting 564 IP Options attack 280 L Land attack 280 Link Aggregation Control Protocol LACP port trunk adminkey parameter 130 aggregator creating 129 deleting 134 mod...

Page 664: ...ree Instance MSTI MSTI ID associating to VLANs 455 creating 449 deleting 450 list 447 modifying 450 removing a VLAN association 455 port priority 447 Multiple Spanning Tree Protocol MSTP activating 440 associating VLANs to MSTI IDs 452 bridge forwarding delay 442 bridge hello time 442 bridge identifier 443 bridge max age 442 bridge settings configuring 441 configuration name 443 edge port 459 forc...

Page 665: ...ings displaying 648 status displaying 648 RADIUS accounting configuring 584 Rapid Spanning Tree Protocol RSTP bridge forwarding delay 432 bridge hello time 432 bridge max age 432 bridge parameters configuring 430 bridge priority 431 disabling 420 edge port configuring 435 enabling 420 force version 431 MCHECK 435 point to point port configuring 435 port configuration displaying 435 port cost 434 p...

Page 666: ...v3 Target Parameters Table entry creating 386 deleting 389 displaying 413 modifying message process model 395 security level 393 security model 392 storage type 396 user name 390 SNMPv3 User Table entry creating 321 deleting 325 displaying 408 modifying authentication protocol 326 authentication protocol password 326 privacy protocol 328 privacy protocol password 328 SNMPv3 View Table entry 337 cr...

Page 667: ...ports adding to VLAN 475 483 deleting from VLAN 483 tagged VLAN creating 472 creating example 479 deleting 487 490 displaying 485 modifying 481 target IP address 364 Teardrop attack 280 Telnet server enabling or disabling 47 NULL character 47 terminal port baud rate setting 48 TFTP downloading and uploading files 168 traffic class creating 261 deleting 267 displaying 268 modifying 265 U unavailabl...

Page 668: ...Index 668 ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands