Allied Telesis AT-GS950/16PS User Manual Download Page 291 | Manualshive

Page: 291 / 386

background image

AT-GS950/16PS Switch Web Interface User’s Guide

291

Overview

The DHCP Snooping feature provides security by inspecting ingress
packets for the correct IP and MAC address information. The DHCP
Snooping feature defines the AT-GS950/16PS ports as either trusted or
untrusted. With DHCP Snooping enabled, two network security issues are
addressed:



All ingress DHCP packets are examined on the
untrusted ports and only authorized packets are
passed through the switch. Unwanted ingress DHCP
packets are discarded. See "Unauthorized DHCP
Servers" below.



DHCP ingress packets on an untrusted port are
inspected to insure that the source IP Address and
MAC Address combination in each packet is valid
when compared to the DHCP Snooping Binding Table.
If match is not found, the packet is discarded.

Trusted Ports

By definition, trusted ports inherently trust all ingress Ethernet traffic.
There is no checking or testing on ingress packets for this type of port. A
trusted port connects to a DHCP server in one of the following ways:



Directly to the legitimate trusted DHCP Server



A network device relaying DHCP messages to and
from a trusted server



Another trusted source such as a switch with DHCP
Snooping enabled.

Untrusted Ports

The Ethernet traffic on an untrusted port is inherently not trusted. The
ingress packets are consequently tested against specific criteria to
determine if they can be forwarded through the switch or should be
immediately discarded. Untrusted ports are connected to DHCP clients
and to traffic that originates outside of the LAN.

Unauthorized

DHCP Servers

Normally in a network, a single DHCP server exists in a local area network
(LAN). The DHCP server supplies network configuration information to
individual devices on the network including the assigned IP address for
each host. A trusted DHCP server is connected to a trusted port on the
switch.

It is possible that another unauthorized and unwanted DHCP server could
be connected to the network. This situation can occur if a client on the
network happens to enable a DHCP server application on his workstation
of if someone outside the network attempts to send DHCP packets to your
network. These situations pose a security risk.

«
...
289
290
291
292
293
...
»

Summary of Contents for AT-GS950/16PS

Page 1: ...613 001779 Rev A AT GS950 16PS Gigabit Ethernet PoE Switch AT GS950 16PS Switch Web Interface User s Guide AT S112 1 00 010...

Page 2: ...espective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein i...

Page 3: ...an IP Address List Entry 33 User Name and Password Configuration 34 Add New User Name and Password 34 Modify User Name and Password 35 Delete User Name and Password 36 User Interface Configuration 37...

Page 4: ...94 Create a Port Trunk 97 Modify a Port Trunk 99 Disable a Port Trunk 101 Chapter 7 LACP Port Trunks 103 Overview 104 System Priority 105 Port Priority Value 106 General Guidelines 107 Group Status 10...

Page 5: ...hapter 15 Quality of Service and Cost of Service 175 Overview 176 Packet Priority 176 Egress Queue vs Packet Priority Mapping 177 Prioritizing Untagged Packets 178 Scheduling 178 Mapping CoS Prioritie...

Page 6: ...trol Configuration 217 Overview 218 Classifier 219 Creating a Classifier 219 Modifying a Classifier 221 Deleting a Classifier 222 Profile Action 224 Creating a Profile Action 224 Modifying Profile Act...

Page 7: ...Destination MAC Filter 279 Overview 279 Destination MAC Filter Configuration 279 Delete Destination MAC Filter 280 Chapter 22 Power Over Ethernet PoE 283 Overview 284 Power Sourcing Equipment PSE 284...

Page 8: ...33 Chapter 27 Cable Diagnostics 335 Chapter 28 Rebooting the AT GS950 16PS 337 Switch Reboot 338 Configure Factory Default Values 340 Password Protection of Factory Reset 342 Disabling Factory Default...

Page 9: ...nning Tree Configuration Page 80 Figure 26 AT GS950 16PS MSTP Port Configuration Page 83 Figure 27 MSTP VLAN Mapping Page 86 Figure 28 MSTP Port Settings Page 88 Figure 29 AT GS950 16PS Topology Infor...

Page 10: ...80 Example of Profile Action Entry 225 Figure 81 Modify Profile Action Page 226 Figure 82 Create In Profile Action Page Example 227 Figure 83 Example of In Profile Action Entry 228 Figure 84 Modify In...

Page 11: ...re Upgrade via HTTP Page 326 Figure 127 Firmware Upgrade via TFTP Page 328 Figure 128 Configuration File Upload Download via HTTP Page 329 Figure 129 Result Page 330 Figure 130 File Download with HTTP...

Page 12: ...Figures 12...

Page 13: ...ppings Priority Levels to Priority Queues 177 Table 5 Example of Weighted Round Robin Priority 179 Table 6 IEEE Powered Device Classes 284 Table 7 PoE Port Priorities 285 Table 8 Traffic Comparison Op...

Page 14: ...List of Tables 14...

Page 15: ...50 16PS Gigabit Ethernet PoE Switch The AT S112 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application T...

Page 16: ...tions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you tha...

Page 17: ...s learn about RMAs and contact Allied Telesis technical experts USA and EMEA phone support Select the phone number that best fits your location and customer type Hardware warranty information Learn ab...

Page 18: ...Preface 18...

Page 19: ...19 Section I Getting Started This section contains the following chapters Chapter 1 Starting a Web Browser Session on page 21 Chapter 2 System Configuration on page 27...

Page 20: ...20...

Page 21: ...arting using and quitting a web browser management session on the AT GS950 16PS switch This chapter includes the following sections Establishing a Remote Connection to the Web Browser Interface on pag...

Page 22: ...iguration from a DHCP server refer to DHCP Client Configuration on page 45 Whether you use the pre assigned IP address or assign a new one you must set your local PC to the same subnet as the switch T...

Page 23: ...e is displayed See Figure 3 Note To change the user name and password refer to User Name and Password Configuration on page 34 Figure 3 AT GS950 16PS Switch Information Page The main menu appears on t...

Page 24: ...lays the front of the switch Ports are green that have a link to an end node Ports without a link are grey The AT GS950 16PS switch front panel page is shown in Figure 4 Figure 4 Front Panel Page A we...

Page 25: ...25 Web Browser Tools You can use the web browser tools to move around the management pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s...

Page 26: ...Chapter 1 Starting a Web Browser Session 26 Quitting a Web Browser Management Session To exit a web browser management session close the web browser...

Page 27: ...onfiguration on page 32 User Name and Password Configuration on page 34 User Interface Configuration on page 37 System Time on page 39 SSL Settings on page 42 DHCP and ATI Web Discovery Tool on page 4...

Page 28: ...an also help to avoid performing a configuration procedure on the wrong switch To set a switch s administration information perform the following procedure 1 From the main menu on the left side of the...

Page 29: ...s System Contact Specifies the name of the network administrator responsible for managing the switch This contact name is optional and may contain up to 30 characters 4 Click Apply 5 From the main men...

Page 30: ...orm the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP Setup The IP Setup Page is displayed...

Page 31: ...ick Apply Note Changing the IP address ends your management session To resume managing the device enter the new IP address of the switch in the web browser s URL field as shown in Figure 1 on page 20...

Page 32: ...ify IP address that has already been created it must first be deleted and them re created using the following procedures Create an IP Access List To create a list of accessible IP addresses perform th...

Page 33: ...f the page select Save Configuration to Flash to permanently save your changes Delete an IP Address List Entry To delete an IP address from the IP Access List perform the following procedure 1 From th...

Page 34: ...assword on page 36 Add New User Name and Password The default User Name and Password is manager and friend both without the quotes To configure new User Name and Password information perform the follo...

Page 35: ...n the left side of the page click the System folder The System folder expands 2 From the System folder select Administration The Administration Page is shown in Figure 8 on page 34 3 Identify the user...

Page 36: ...xpands 2 From the System folder select Administration The Administration Page is shown in Figure 8 on page 34 3 Identify the user name that you want to delete and click Delete The user name is removed...

Page 37: ...tion only The Web Server cannot be disabled SNMP Interface To enable or disable the AT GS950 16PS SNMP interface perform the following procedure 1 From the main menu on the left side of the page click...

Page 38: ...on to Flash to permanently save your changes User Interface Timeout To set the Web Idle Timeout perform the following procedure 1 From the main menu on the left side of the page click the System folde...

Page 39: ...g System Time on page 39 Setting SNTP on page 40 Setting Daylight Savings Parameters on page 41 Manually Setting System Time To set the system time manually perform the following procedure 1 From the...

Page 40: ...side of the page click the System folder The System folder expands 2 From the System folder select System Time The System Time Page is displayed See Figure 11 on page 39 3 Use the pull down menu to se...

Page 41: ...See Figure 11 on page 39 3 In the Daylight Savings Time Status field select Enabled 4 Specify the Month Day Hour and Minute when Daylight Savings will take effect in the From time fields 5 Specify the...

Page 42: ...sions that use the secure HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted When operating in...

Page 43: ...ch Web Interface User s Guide 43 4 Click Apply The SSL setting that you have selected is now active 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently...

Page 44: ...r When the DHCP feature is enabled a DHCP server automatically assigns an IP address which is not advertised over the network As a consequence you do not know what IP address has been assigned to the...

Page 45: ...new IP address can be discovered using the ATI Discovery Tool See DHCP and ATI Web Discovery Tool on page 44 for more information To activate or deactivate the DHCP client on the switch perform the fo...

Page 46: ...s enabled the software reverts to the previously saved IP address value when the switch is power cycled or rebooted If no IP address has been previously saved the IP address value reverts to 192 168 1...

Page 47: ...r The System folder expands 2 From the System folder select System The DHCP Auto Configuration Settings Page is shown in Figure 13 Figure 13 DHCP Auto Configuration Settings Page 3 From the Auto Confi...

Page 48: ...h Information Page is displayed See Figure 14 Figure 14 AT GS950 16PS Switch Information Page The Switch Information Page displays the following information System Up For The number of days hours and...

Page 49: ...the system IP address Refer to Configuration of IP Address Subnet Mask and Gateway Address on page 30 to manually assign an IP address or DHCP Client Configuration on page 45 to activate the DHCP clie...

Page 50: ...e vital information about system activity that can help in the identification and solutions of system problems To configure the System log perform the following procedure 1 From the main menu on the l...

Page 51: ...ting of 0 0 0 0 no server is specified 7 In the Facility field enter the Facility local from the pull down menu The choices range from local0 through local7 8 Select the Logging Level This parameter s...

Page 52: ...Chapter 2 System Configuration 52...

Page 53: ...79 Chapter 6 Static Port Trunking on page 93 Chapter 7 LACP Port Trunks on page 103 Chapter 8 Port Mirroring on page 113 Chapter 9 Loopback Protection on page 119 Chapter 10 MAC Address Table on page...

Page 54: ...54...

Page 55: ...hat explains how to view and change the port settings This chapter includes the following sections Overview on page 56 Displaying and Configuring Ports on page 57 Note To permanently save your new set...

Page 56: ...s of an AT GS950 16PS switch You can display and modify the settings of all the ports on one web page The port characteristics that are displayed are Trunk Group Number Port type Link Status Admin Sta...

Page 57: ...icates ports 1 through 16 on the AT GS950 16PS switch You cannot change this parameter Note You can use the All row value in the Port column to set the Admin Status Mode Jumbo Flow Ctrl EAP Pass and B...

Page 58: ...This parameter applies to the All row only and i Indicates that the Admin Status field must be set individually for each port Enabled This parameter indicates the port is able to send and receive Ethe...

Page 59: ...is configured for 10Mbps operation in full duplex mode 1000 Half This parameter i Indicates the port is configured for 1000Mbps operation in half duplex mode 100 Half This parameter i Indicates the po...

Page 60: ...idually Enabled This parameter indicates that the port is able to send and receive EAP packets Disabled This parameter indicates that the port is disabled and is not able to send or receive EAP packet...

Page 61: ...r include Overview on page 62 Basic STP and RSTP Configuration on page 70 Configure RSTP Port Settings on page 73 Spanning Tree Topology on page 78 For detailed information about STP refer to IEEE Std...

Page 62: ...th in case a main link fails Where the two protocols differ is in the time each takes to complete the process referred to as convergence When a change is made to the network topology such as the addit...

Page 63: ...e bridge priority number in the AT S112 Management software You can designate which switch on your network as the root bridge by giving it the lowest bridge priority number You may also consider which...

Page 64: ...nto blocking state Path cost is determined by evaluating port costs Every port on a bridge participating in STP has a cost associated with it The cost of a port on a bridge is typically based on port...

Page 65: ...if a topology change is made before all bridges have been notified and that could adversely impact network performance To forestall the formation of temporary data loops during topology changes a por...

Page 66: ...ot whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been an...

Page 67: ...igure 18 Edge Port Mixed STP and RSTP Networks RSTP IEEE 802 1w is fully compliant with STP IEEE 802 1d Your network can consist of bridges running both protocols STP and RSTP in the same network can...

Page 68: ...hes One link consisting of untagged ports connect each VLAN If STP or RSTP is activated on the switches two of the links are disabled As a direct result two VLANs are disconnected between the bridges...

Page 69: ...re 20 STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports refer to Chapter 13 VLAN Overview on page 150 T T T T T T Ports blocked by STP Blocked Data Link...

Page 70: ...of the page select Bridge The Bridge folder expands 2 From the Bridge folder select the Spanning Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the RSTP folder The...

Page 71: ...t RSTP or STP compatible and then click Apply at the top of the page In the middle section of the page the following fields are listed Note You cannot change these fields Root Port The active port on...

Page 72: ...idges have the same bridge priority You cannot change this parameter Bridge Priority The priority number for the bridge in hexadecimal format This number is used to determine the root bridge for RSTP...

Page 73: ...he RSTP folder The RSTP folder expands 4 From the RSTP folder select the RSTP Basic Port The AT GS950 16PS RSTP Basic Port Configuration Page is displayed See Figure 22 for a partial view of this page...

Page 74: ...s state is not strictly part of STP However a network administrator can manually disable a port Role Indicates one of the following port roles Disabled The Disabled Port role is assigned if the port i...

Page 75: ...igure one two or all of the following settings STP Status Priority and Port Cost 7 Click Apply 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save...

Page 76: ...port during the convergence process The port in the listening state processes BPDUs and awaits new information that would cause the port to return to the blocking state Learning While the port does no...

Page 77: ...ology or not True The port is connected to an edge device and the port will always be in a forwarding state False The port is not connected to an edge device Admin OperPtoP Indicates if the port is co...

Page 78: ...s contains status information only and there are no parameters to configure The following information is displayed about the ports Port Indicates ports 1 through 16 on the AT GS950 16PS switch Trunk T...

Page 79: ...ind an overview and configuration guidelines for this feature in MSTP Overview on page 349 When you configure MSTP the information should be entered in order on the following web pages Multiple Spanni...

Page 80: ...anning Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the MSTP folder The MSTP folder expands 4 From the MSTP folder select MSTP The Multiple Spanning Tree Configu...

Page 81: ...tical to the regional names specified on other switches in the same MSTP region See Multiple Spanning Tree Regions on page 358 for more information Region Revision The parameter indicates the region s...

Page 82: ...It is decremented by 1 each time it is retransmitted by the next bridge When the Hop Count value reaches zero the bridge drops the BPDU packet Its range is 6 40 hops Transmit Hold Count The Transmit...

Page 83: ...r a partial view of this page Figure 26 AT GS950 16PS MSTP Port Configuration Page You may choose a port and configure its MSTP parameters on this page The following information is displayed Port Indi...

Page 84: ...ing MSTP supports a built in protocol migration mechanism that enables it to inter operate with legacy 802 1D switches True The switch is able to inter operate with 802 1D BPDU packets False This swit...

Page 85: ...t cannot process receive transmit TCN BPDUs False The port can process receive transmit TCN BPDU packets 5 Once you have configured the parameters click Apply in the Action column 6 If you choose to c...

Page 86: ...the Spanning Tree folder select the MSTP folder The MSTP folder expands 4 From the MSTP folder select MSTP VLAN Mapping The MSTP VLAN Mapping Page is displayed See Figure 27 Figure 27 MSTP VLAN Mappi...

Page 87: ...t delete the instance and then redefine it Refer to Create VLAN Mapping to MST Instance on page 86 for more information Delete MST Instance 1 In the Action column of the table click on Delete for the...

Page 88: ...age The following information is displayed Port Indicates ports 1 through 16 on the AT GS950 10PS switch You can select the All row to apply the same settings to all ports on your switch for the Port...

Page 89: ...terface User s Guide 89 6 If you choose to change the MSTP port settings for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to pe...

Page 90: ...on Page is displayed See Figure 29 Figure 29 AT GS950 16PS Topology Information Page The following information displayed on this page shows the current status of MSTP for each port Port Indicates port...

Page 91: ...dge type port See Point to Point and Edge Ports on page 66 for more information Role Indicates the port s role which may be Disabled Root Designated Backup or Alternate See the parameter definitions d...

Page 92: ...Chapter 5 Multiple Spanning Tree Protocol 92...

Page 93: ...view on page 94 Create a Port Trunk on page 97 Modify a Port Trunk on page 99 Disable a Port Trunk on page 101 Note For information about Link Aggregation Control Protocol LACP port trunking see Chapt...

Page 94: ...sufficient to handle the traffic load A static port trunk consists of two to eight ports on the switch that function as a single virtual link between the switch and another device A static port trunk...

Page 95: ...ating a static trunk Allied Telesis recommends setting static port trunks between Allied Telesis networking devices to ensure compatibility A static trunk can contain up to eight ports The ports of a...

Page 96: ...be members of more than one VLAN The ports of a static trunk can be either untagged or untagged members of the same VLAN The switch selects a port in the trunk to handle broadcast packets and packets...

Page 97: ...ich can severely limited the effective bandwidth of your network To create a port trunk perform the following procedure 1 Select the Bridge folder The Bridge folder expands 2 From the Bridge folder se...

Page 98: ...l not broadcast LACPDU packets but it will respond to them This setting disables the LACP feature for the trunk Manual Enables static port trunking and disables the LACP feature for the trunk Disable...

Page 99: ...Config folder expands 4 From the Trunk Config folder select Trunking The Trunking Page is shown in Figure 31 on page 97 5 Click the status of the port trunk you want to modify and change the status t...

Page 100: ...tic Port Trunking 100 9 Configure the port trunk on the other switch with the same parameters 10 Connect the Ethernet cables between trunk ports on the AT GS950 16PS switch and the trunk ports on the...

Page 101: ...t trunk perform the following procedure 1 Disconnect all of the Ethernet cables from the ports of the trunk 2 Select the Bridge folder The Bridge folder expands 3 From the Bridge folder select the Tru...

Page 102: ...Chapter 6 Static Port Trunking 102...

Page 103: ...s Overview on page 104 System Priority on page 105 Port Priority Value on page 106 General Guidelines on page 107 Group Status on page 109 Port Priority Configuration on page 112 Note For information...

Page 104: ...s 1 to 4 as the active ports and ports 5 and 6 as reserve If an active port loses its link the switch automatically activates one of the reserve ports to maintain maximum bandwidth of the trunk The ma...

Page 105: ...e problem and deciding whose LACP settings take precedence This is the function of the system LACP priority value This value is used whenever the devices encounter a conflict creating a trunk the lowe...

Page 106: ...the next highest priority is automatically activated to take its place The selection of the active links in an aggregate trunk is dynamic and changes as links are added removed lost or reestablished...

Page 107: ...nconsecutive for example ports 2 4 6 8 A port can belong to only one aggregator at a time A port cannot be a member of an aggregator and a static trunk at the same time The ports of an aggregate trunk...

Page 108: ...upport in a trunk If the number is less than eight the maximum number for the AT GS950 16PS switch you should assign the other vendor s device a higher system LACP priority than your AT GS950 16PS swi...

Page 109: ...older The Bridge folder expands 2 From the Bridge folder select the Trunk Config folder The Trunk Config folder expands 3 From the Trunk Config folder select LACP Group Status The LACP Group Status Pa...

Page 110: ...ort Trunk on page 97 to configure Trunk ID 1 as Active with ports 3 4 and 5 The LACP Group Status Page is updated This configuration is shown in Figure 33 before the Ethernet cables are connected Figu...

Page 111: ...witch Web Interface User s Guide 111 Figure 34 LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a...

Page 112: ...a partial view of this page Figure 35 AT GS950 16PS Port Priority Page The System Priority is a preassigned value that you cannot alter This value applies to the switch See System Priority on page 105...

Page 113: ...ess and egress traffic on a port by having the traffic copied to another port This chapter contains the following sections Overview on page 114 Port Mirroring Configuration on page 115 Disable Port Mi...

Page 114: ...he mirroring port Observe the following guidelines when you create a port mirror You can select more than one source port at a time However the more ports you mirror the less likely the mirroring port...

Page 115: ...uration parameters become active on the page Disable This parameter de activates the Port Mirroring feature and the rest of the configuration parameters become inactive on the page 4 Click Mirroring P...

Page 116: ...Chapter 8 Port Mirroring 116 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Page 117: ...elect Mirroring The Mirroring page is shown in Figure 36 on page 115 3 From the Status field select Disable and click Apply Port mirroring is immediately disabled on the switch and the parameters on t...

Page 118: ...Chapter 8 Port Mirroring 118...

Page 119: ...e same port are connected then this feature detects this condition and disables the port for a pre configured amount of time This chapter contains the following topics Configuration on page 120 Status...

Page 120: ...iew of the AT GS950 16PS Loopback Detection Page is displayed See Figure 37 Figure 37 AT GS950 16PS Loopback Detection Page 3 For the Loopback Detection State field a the top of the page select one of...

Page 121: ...gs parameters becomes active 6 In the table at the bottom of the page select one of the Loopback Detection State choices from the pull down menu Ignore This parameter indicates that the setting in the...

Page 122: ...Rx pairs connected Disabled This status indicates that the port does not have the Tx to Rx pairs connected The Disabled state will be reset to Normal after two conditions are both met The loopback con...

Page 123: ...ections Overview on page 124 Static Unicast MAC Address Configuration on page 126 Static Multicast Address Configuration on page 130 Modify Static Multicast Address on page 133 Delete Static Multicast...

Page 124: ...by manually configuring the switch with the AT S112 Management Software There are two reasons to enter static MAC addresses You may want to enter end nodes the switch does not learn in its normal dyna...

Page 125: ...AT GS950 16PS Switch Web Interface User s Guide 125 predefined ports entered in the MAC table without any configuration delays or loss of data...

Page 126: ...1Q VLAN ID parameter Port Based VLAN Configuration on page 164 regarding the Port Based VLAN Index parameter To add a static MAC address to the switch perform the following procedure 1 From the main...

Page 127: ...Assign the MAC address a Port Member or members by selecting the check box beside each port number Note You can assign a maximum limit of 256 static unicast addresses on the switch 6 Click Add The Sta...

Page 128: ...8 on page 126 3 Select Modify next to the static MAC address that you want to change The Modify Static Unicast Address Page is displayed See Figure 40 Figure 40 Modify Static Unicast Address Page 4 In...

Page 129: ...select the Bridge folder 2 From the Bridge folder select Static Unicast The Static Unicast Address Table Page is displayed See Figure 38 on page 126 3 Select delete next to the static unicast address...

Page 130: ...N ID parameter Port Based VLAN Configuration on page 164 regarding the Port Based VLAN Index parameter To add a static MAC address to the switch perform the following procedure 1 From the main menu on...

Page 131: ...0 5E 7F FF FF 5 Assign the MAC address a Group Member or members by selecting the check box beside each port number Note You can assign a maximum limit of 256 static multicast addresses on the switch...

Page 132: ...Chapter 10 MAC Address Table 132 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Page 133: ...Figure 41 on page 130 3 Select Modify next to the static MAC address that you want to change The Modify Static Multicast Address Page is displayed See Figure 43 Hello Figure 43 Modify Static Multicast...

Page 134: ...ridge folder 1 From the Bridge folder select Static Multicast The Static Multicast Address Table Page is displayed See Figure 41 on page 130 2 Select delete next to the static multicast address that y...

Page 135: ...s for working with IGMP Snooping in the web interface The following topics are discussed Overview on page 136 IGMP Snooping Configuration on page 138 Note To permanently save your new settings or any...

Page 136: ...router ports where host nodes are located There are three versions of IGMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a mem...

Page 137: ...t Such flooding of packets can negatively impact network performance The AT GS950 16PS switch maintains a list of multicast groups through an adjustable time out value which controls how frequently it...

Page 138: ...k Config folder select IGMP Snooping The IGMP Snooping Page is displayed See Figure 44 Figure 44 IGMP Snooping Page 4 To enable or disable IGMP Snooping on the switch select Enable or Disable from the...

Page 139: ...odes that are active members of multicast groups To set a static Multicast Group Address see Static Multicast Address Configuration on page 130 Figure 45 IGMP Snooping Page with MAC Addresses 10 To di...

Page 140: ...Chapter 11 IGMP Snooping 140...

Page 141: ...feature The following topics are discussed Overview on page 142 Configuration on page 144 Ingress Rate Limiting on page 146 Egress Rate Limiting on page 148 Note To permanently save your new settings...

Page 142: ...nation Lookup Failure DLF setting is concerned with comparing the destination MAC address of a packet received by the switch to the forwarding database When the AT GS950 16PS switch receives a packet...

Page 143: ...it is as follows Bandwidth 64Kbps x rate limit The rate limit parameter is an integer ranging from 1 to 15625 Egress Rate Limiting The Egress Rate Limiting feature restricts the traffic to a pre confi...

Page 144: ...PS Storm Control page is displayed See Figure 46 for a partial view of this page Figure 46 AT GS950 16PS Storm Control Page 4 To enable or disable the DLF field select Enable or Disable from the DLF p...

Page 145: ...ition in Overview on page 142 9 Click Apply 10 To set the Threshold field use the pull down menu next to the port that you want to change Select Low Medium or High which correspond to the following va...

Page 146: ...Rate Limiting The AT GS950 16PS Ingress Rate Limiting page is displayed See Figure 47 for a partial view of this page Figure 47 AT GS950 16PS Ingress Rate Limiting Page 4 To set the Bandwidth field o...

Page 147: ...AT GS950 16PS Switch Web Interface User s Guide 147 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Page 148: ...e Limiting page is displayed See Figure 48 for a partial view of this page Figure 48 AT GS950 16PS Egress Rate Limiting Page To set the Bandwidth field enter a number in the range of 1 to 15625 You ca...

Page 149: ...gn Ports to a VLAN Mode on page 155 Tagged VLAN Configuration on page 157 Port Based VLAN Configuration on page 164 Modify a Port Based VLAN on page 165 Delete a Port Based VLAN on page 165 Note The V...

Page 150: ...ys within the separate logical LAN segment of the VLAN The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic that is not destined for t...

Page 151: ...at form an independent traffic domain This type of VLAN is independent of the header information including VLAN tags in a frame Traffic generated by the end nodes of a VLAN remains within the VLAN and...

Page 152: ...s type of VLAN membership is determined by tag information within the frames that are received on a port and the VLAN configuration of each port The VLAN information within an Ethernet frame is referr...

Page 153: ...for Voice VLAN on page 257 Packet transmission from a tagged port differs from packet transmission from an untagged port When a packet is transmitted from a tagged port the tagged information within t...

Page 154: ...ere is a summary of the rules to observe when you create a tagged VLAN Assign a unique name to each tagged VLAN Each tagged VLAN must be assigned a unique VLAN ID If a particular VLAN spans multiple s...

Page 155: ...he default VLAN is permanent and must have at least one untagged port assigned to it at any time To assign ports to a 802 1Q Tagged VLAN or Port Based VLAN perform the following procedure 1 From the m...

Page 156: ...on click Restore Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration the Restore button will not be active for those port assignments 7...

Page 157: ...VLAN the frame is discarded You can create and delete tagged VLANs by following the procedures in the following sections Create a Tagged VLAN Modify a Tagged VLAN on page 158 Delete a Tagged VLAN on...

Page 158: ...is only an untagged member of VLAN 1 and not a tagged member of another VLAN Disable This parameter disables Management VLAN on this VLAN If you change this parameter from Enable to Disable the Manag...

Page 159: ...ged VLAN An example of a tagged VLAN Index 2 Sales VLAN is shown in the table at the bottom of Figure 51 on page 159 Figure 51 Example of AT GS950 16PS Tagged VLAN Page 4 In the VLAN Action column cli...

Page 160: ...connected to a Tagged Member port you may loose your connection to the AT S112 Management software Disable This parameter disables Management VLAN on this VLAN If you change this parameter from Enable...

Page 161: ...9 4 In the VLAN Action column select Delete next to the VLAN that you want to delete A confirmation prompt is displayed 5 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot d...

Page 162: ...the PVID parameter see the Port VLAN Identifier section in VLAN Overview on page 150 4 Set the Acceptable Frame Type to one of the following choices from the pull down menu All This selection allows...

Page 163: ...the selected port 6 Click Apply The port configuration becomes effective 7 If you need to configure other ports of the switch for the VLAN Port Settings repeat steps 4 through 7 8 From the main menu o...

Page 164: ...Create a Port Based VLAN To create a port based VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder...

Page 165: ...idge The Bridge folder expands 2 From the Bridge folder select VLAN The VLAN folder expands 3 From the VLAN folder select Port Based VLAN An example VLAN Index 2 Sales VLAN is shown in the table at th...

Page 166: ...Action column click Delete next to the VLAN that you want to delete A confirmation prompt is displayed 5 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot delete the Defaul...

Page 167: ...167 Chapter 14 GVRP This chapter contains the following sections Overview and Guidelines on page 168 General Configuration on page 169 Port Settings on page 170 Time Settings on page 172...

Page 168: ...mic VLANs To be detected by GVRP a VLAN must have at least one active node or have at least one port with a valid link to an end node GVRP cannot detect a VLAN that does not have any active nodes or v...

Page 169: ...GVRP folder select GVRP Global Configuration The GVRP Global Configuration Page is displayed See Figure 56 Figure 56 GVRP Global Configuration Page 4 From the GVRP Status field select one of the follo...

Page 170: ...efines the GVRP status of the port From the Dynamic Vlan Status field select one of the following choices from the pull down menu Ignore This parameter indicates that the setting in the All row does n...

Page 171: ...tion is de active for the port row selected 5 Once you have configured the parameters click Apply for the affected port 6 If you want to configure GVRP for other ports repeat steps 4 and 5 7 From the...

Page 172: ...must be greater than GARPJoinTimer x2 10 and the GARPLeaveAllTimer must be greater than GARPLeaveTimer 10 The acceptable input values are multiples of 10 If you try to enter a value that is not a mult...

Page 173: ...Note To ensure compatibility between network devices you need to configure the same values for the GARP Join Timer GARP Leave Timer and GARP Leave All Timer on all participating GVRP devices in your n...

Page 174: ...Chapter 14 GVRP 174...

Page 175: ...Associate DSCP Classes to Egress Queues on page 183 Queue Scheduling Algorithm on page 185 Note Before mapping the QoS Priorities and the egress Queues you must disable the Jumbo frame parameter on ea...

Page 176: ...manage the flow of traffic through a switch by having the switch ports give higher priority to some packets such as delay sensitive traffic over other packets This is referred to as prioritizing traff...

Page 177: ...levels and the four egress queues of a switch port You can change these mappings For example you might decide that packets with a priority of 6 and 7 need to be handled by egress queue Q3 and packets...

Page 178: ...a mechanism for knowing the order in which it should handle the packets in its four egress queues For example if all the queues contain packets should the packets in queue Q3 the highest priority queu...

Page 179: ...et number of packets from each queue in a round robin fashion so that each has a chance to transmit traffic Normally the higher the queue s priority the more packets are transmitted in as the algorith...

Page 180: ...rameter definition in Displaying and Configuring Ports on page 57 Note When Jumbo frames are enabled COS can not be enabled To configure CoS mapping perform the following procedure 1 From the main men...

Page 181: ...hange click on the Queue 0 1 2 or 3 radio button that applies to your configuration 5 After you have completed this mapping process select Enable in the QoS Status field 6 Click Apply 7 From the main...

Page 182: ...orm the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select QoS The QoS folder expands 3 From the QoS folder s...

Page 183: ...efault queue for all DSCP values is 0 To assign the queue mappings to the DSCP values perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder...

Page 184: ...ty of Service and Cost of Service 184 5 After you have completed this mapping process click Apply 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently sa...

Page 185: ...igure 62 Figure 62 Scheduling Algorithm Page 4 In the Scheduling Algorithm list select the algorithm one of the following Strict Priority The port transmits all packets out of higher priority queues b...

Page 186: ...Chapter 15 Quality of Service and Cost of Service 186...

Page 187: ...r 17 SNMPv3 on page 201 Chapter 18 Access Control Configuration on page 217 Chapter 19 RMON on page 245 Chapter 20 Voice VLAN on page 257 Chapter 21 Security on page 267 Chapter 22 Power Over Ethernet...

Page 188: ...188...

Page 189: ...ollowing sections SNMPv1 and SNMPv2c Overview on page 190 Trap Receiver Attributes on page 191 SNMPv1 and SNMPv2c User and Group Names on page 193 SNMP Community Strings on page 196 SNMP Traps on page...

Page 190: ...and loading new configurations via the agent in the managed equipment The NMS and agent communicate with each other using variables organized into pre defined hierarchies called Management Informatio...

Page 191: ...use traps to monitor activities on the switch Trap receivers are the typically SNMP management stations that you want to receive the traps sent by the switch You specify a trap receiver by its IP add...

Page 192: ...Chapter 16 SNMPv1 and v2c 192 Activate SNMP Interface The SNMP interface is activated by default If you want to de activate it or re activate it go to User Interface Configuration on page 37...

Page 193: ...use the string and what the string allows a network management station to do on the switch The AT S112 Management Software does not provide any default community strings You must first define an SNMP...

Page 194: ...Auth Protocol Priv Protocol and password fields are intended for SNMPv3 configurations only and are not used for SNMPv1 or v2c configurations 6 Click Add See Figure 64 for an example of the SNMP User...

Page 195: ...e 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select SNMP User Group The SNMP User Group Page is displayed See Figure 63 on...

Page 196: ...c community string do the following 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Community Table The Community Table P...

Page 197: ...table entry See SNMPv1 and SNMPv2c User and Group Names on page 193 Delete SNMP Community Strings Use the following procedure to delete a community name of an SNMP community from the Community Table...

Page 198: ...NMP folder The SNMP folder expands 2 From the SNMP folder select Trap Management The Trap Management Page is displayed See Figure 67 Figure 67 Trap Management Page 3 Enable trap management by selectin...

Page 199: ...n menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modify a Trap Host Table Entry If you need to modify an SNMP Trap entry you must first delete th...

Page 200: ...click Delete next to the entry in the table that you want to remove The Host table entry is removed from the table No confirmation message is displayed 5 From the main menu on the left side of the pag...

Page 201: ...s the following sections Overview on page 202 SNMPv3 User and Group Names on page 206 SNMPv3 View Names on page 209 SNMPv3 View Table on page 212 SNMPv3 Traps on page 215 Note To permanently save your...

Page 202: ...ewed by specific users In this way you restrict which MIBs a user can display and modify In addition you can restrict the types of messages or traps the user can send A trap is a type of SNMP message...

Page 203: ...5 or SHA If you assign a DES privacy protocol to a user then you are also required to assign a privacy password If you choose to not assign a privacy value then SNMPv3 messages are sent in plain text...

Page 204: ...btree view and enables you to restrict a MIB view to a specific row of the OID MIB table You need a thorough understanding of the OID MIB table to define a subtree mask SNMPv3 Configuration Process Th...

Page 205: ...User s Guide 205 5 Finally the traps can be defined on the Trap Management page based on the Community or User Name See Figure 70 for an illustration of how the user configuration tables are linked Fi...

Page 206: ...P User Group The SNMP User Group page is displayed See Figure 63 on page 193 Note There are no default User Names or Group Names defined for SNMPv3 3 Type a new User Name Enter a name up to 31 charact...

Page 207: ...User Group page See Figure 71 Figure 71 SNMP User Group SNMPv3 Example 11 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modifying...

Page 208: ...Group The SNMP User Group Page is displayed See Figure 63 on page 193 3 In the Action column of the table click Delete for the User Name and Group Name that you want to remove 4 From the main menu on...

Page 209: ...e you can create an SNMPv3 View name you must defined a Group Name using the SNMP User Group page See Creating SNMPv3 User and Group Names on page 206 Use this procedure to create SNMPv3 View Names 1...

Page 210: ...ection is the appropriate selection when no Auth Protocol or Priv Protocol no encryption are selected on the SNMP User Group page AuthNoPriv Choose this selection when encryption has been enabled but...

Page 211: ...mes This procedure explains how to delete an entry on the SNMP Group Access Table page 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP...

Page 212: ...on page 212 Modifying SNMPv3 View Table Entries on page 213 Deleting SNMPv3 View Table Entries on page 213 Creating SNMPv3 View Table Entries This procedure explains how to create entries in the SNMPv...

Page 213: ...w Table page you must first delete the entry and then re enter it For information about how to delete an entry in this table see Deleting SNMPv3 View Table Entries For information about how to create...

Page 214: ...Chapter 17 SNMPv3 214 3 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Page 215: ...AT GS950 16PS Switch Web Interface User s Guide 215 SNMPv3 Traps The creation modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1 v2 See SNMP Traps on page 198...

Page 216: ...Chapter 17 SNMPv3 216...

Page 217: ...feature and the procedures to create modify and delete a Access Control configuration This chapter contains the following sectio Overview on page 218 Classifier on page 219 Profile Action on page 224...

Page 218: ...s be sure to configure the QoS parameters The QoS entries may have a direct affect on each policy s behavior For more information see Chapter 15 Quality of Service and Cost of Service on page 175 Befo...

Page 219: ...ions Creating a Classifier next Modifying a Classifier on page 221 Deleting a Classifier on page 222 Creating a Classifier To create a classifier perform the following procedure 1 From the main menu o...

Page 220: ...Destination MAC Mask ranging from 1 48 VLAN ID A unique number identifying a VLAN ranging from 1 to 4000 802 1p Priority 802 1p priority level of the frame ranging from 0 to 7 Ether Type Indicates the...

Page 221: ...er table entry is shown in Figure 77 Figure 77 Create Classifier Example Page 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modi...

Page 222: ...Classifier Page 4 Change the parameters as required Note See Creating a Classifier on page 219 for the definitions of each parameters 5 Click Apply The modified classifier entry is displayed in the t...

Page 223: ...3 From the Create Classifier page identify which classifier table entry that want to delete and click the Delete link in the Action column You are prompted with a verification message 4 Click on the...

Page 224: ...e 227 and Creating a Out Profile Action on page 231 for more information You can create modify or delete a Profile Action by following the procedures in the following sections Creating a Profile Actio...

Page 225: ...us table If you do not see you new entry you may need to navigate to another page of the table with the First Page Previous Page Next Page and Last Page buttons located below the table An example of a...

Page 226: ...menu on the left side of the page select Save Configuration to Flash to permanently save your changes Deleting a Profile Action To delete a profile action entry perform the following procedure 1 From...

Page 227: ...ng an In Profile Action next Modifying an In Profile Action on page 229 Deleting an In Profile Action on page 230 Creating an In Profile Action To create an in profile action perform the following pro...

Page 228: ...ps ingress packets that conform to the specified Profile Action ID Permit This selection allows ingress packets that conform to the specified Profile Action ID to be processed by the switch Note You m...

Page 229: ...ontrol Config folder select In Profile Action An example of the Create In Profile Action page with a In Profile Action table entry is shown in Figure 83 on page 228 3 Select the table entry that you w...

Page 230: ...e Action An example of the Create In Profile Action page with a In Profile Action table entry is shown in Figure 83 3 From the Create In Profile Action page identify which In Profile action table entr...

Page 231: ...Action To create a Out Profile Action perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands...

Page 232: ...to the specified Profile Action ID to be processed by the switch Note You must enter a selection for Deny Permit field even if the Profile Action ID that you have entered ignores both the Policed DSC...

Page 233: ...Config folder select Out Profile Action An example of the Create Out Profile Action page with a Out Profile Action table entry is shown in Figure 86 on page 232 3 Select the table entry that you want...

Page 234: ...n example of the Create Out Profile Action page with a Out Profile Action table entry is shown in Figure 86 on page 232 3 From the Create Out Profile Action page identify which Out Profile action tabl...

Page 235: ...e page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List The Create Port List page is displayed in Figure 88 Fig...

Page 236: ...side of the page select Save Configuration to Flash to permanently save your changes Modify Port List To modify a Port List entry perform the following procedure Note Before you can modify an entry y...

Page 237: ...edure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List An exa...

Page 238: ...Profile Action on page 231 for more information Port List Index See Create Port List on page 235 for more information You can create modify or delete a Policy by following the procedures in the follow...

Page 239: ...policies applied to specific ports see Policy Sequence Status on page 243 In Profile Action Index The In Profile Action Index is a unique number within the range of 1 65535 This field is mandatory and...

Page 240: ...n entry you must first enter a Policy see Create Policy on page 238 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2...

Page 241: ...ameters 5 Click Apply The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page 6 From the main menu on the left side of the page select Save Configuratio...

Page 242: ...ble entry is shown in Figure 92 on page 240 3 From the Create Policy page identify which Policy table entry that want to delete and click the Delete button in the Action column You are prompted with a...

Page 243: ...Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Policy Sequence The Policy Sequence page is displayed in Figure 94 Figure 94 Policy...

Page 244: ...Chapter 18 Access Control Configuration 244...

Page 245: ...hapter 19 RMON This chapter contains the following sections Overview on page 246 Enable and Disable RMON on page 247 Port Statistics on page 248 Histories on page 250 Events on page 252 Alarms on page...

Page 246: ...s group is used to collect histories of port statistics to identify traffic trends or patterns For information about configuring a History group refer to Histories on page 250 Event group This group i...

Page 247: ...ons on how to configure SNMP on your switch refer to Chapter 16 SNMPv1 and v2c on page 189 or Chapter 17 SNMPv3 on page 201 Perform the following procedure to activate RMON 1 From the main menu on the...

Page 248: ...ge is displayed See Figure 97 Figure 97 Ethernet Statistics Configuration Page 3 The following fields are listed Index This parameter specifies the ID number of the new group The range is 1 to 65535 P...

Page 249: ...Figure 98 Ethernet Statistics Configuration Example 5 If you want to configure RMON statistics for other ports repeat steps 3 and 4 6 From the main menu on the left side of the page select Save Confi...

Page 250: ...kets in a group the more snapshots it can store Perform the following procedure to configure RMON history 1 From the main menu on the left side of the page click the RMON folder The RMON folder expand...

Page 251: ...an interval of sixty seconds Owner This parameter is used to identify the person who created an entry It is primarily intended for switches that are managed by more than one person and is an optional...

Page 252: ...y 1 From the main menu on the left side of the page click the RMON folder The RMON folder expands 2 From the RMON folder select Event The RMON Event Configuration Page is displayed See Figure 101 Figu...

Page 253: ...person and is an optional field 4 Once you have configured the parameters click Add Your entry appears in the table at the bottom of the page See Figure 102 Figure 102 RMON Event Configuration Exampl...

Page 254: ...MON statistics group configured if it is to have an alarm When you create an alarm you specify the port to which it is to be assigned not by the port number but rather by the ID number of the port s s...

Page 255: ...t the event is monitoring Sample type This parameter defines the type of change that has to occur to trigger the alarm on the monitored statistic There are two choices from the pull down menu DELTA va...

Page 256: ...ies the event index for the falling threshold Its range is 1 to 65535 This field is mandatory and must match an Event Index that you previously entered in Events on page 252 Owner This parameter is us...

Page 257: ...d delete a voice VLAN configuration This chapter contains the following sections Overview on page 258 General Guidelines on page 261 Configuration on page 262 OUI Setting on page 265 Note To permanent...

Page 258: ...t the voice data packets are processed before other types of data so that the voice quality is maintained as the voice data passes through the AT GS950 16PS switch Note For more information about how...

Page 259: ...or untagged ports that will serve as the voice VLAN uplink downlink By default a tagged or untagged port is a static member of a tagged VLAN Note See Create a Tagged VLAN on page 157 for more informa...

Page 260: ...ave the port VLAN ID PVID configured to be the same as the voice VLAN ID This insures that all untagged packets entering the port are switched within the voice VLAN as the voice data passes through th...

Page 261: ...ember ports of a tagged VLAN are static and cannot have the voice VLAN Auto Detection feature enabled IP phones that are not VLAN aware should be connected to Static tagged ports of the voice VLAN The...

Page 262: ...h To configure a voice VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select Voice VLAN The Voi...

Page 263: ...dicates the amount of time in hours after the last IP phone s OUI was received on a port after which this port will be removed from the voice VLAN The range is 1 to 120 hours COS This parameter is CoS...

Page 264: ...have the voice VLAN Auto Detection feature enabled The Status column displays Static for the member ports See Dynamic Auto Detection vs Static Ports on page 259 for more information 8 Click Apply in t...

Page 265: ...e VLAN OUI Setting The Voice VLAN OUI Setting Page is displayed See Figure 106 Figure 106 Voice VLAN OUI Setting Page 4 Enter a text description that helps you identify the manufacturer s OUI in the U...

Page 266: ...u on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select Voice VLAN The Voice VLAN folder expands 3 From the Voice VLAN folder select Voice VLAN OUI Setti...

Page 267: ...chapter includes the following sections Port Access Control on page 268 RADIUS Client on page 273 Dial in User Local Authentication on page 276 Destination MAC Filter on page 279 Note To permanently s...

Page 268: ...dual from connecting a computer to a port or using an unattended workstation to access your network resources Only those users to whom you have assigned a user name and password are able to use the sw...

Page 269: ...0 to 9 a to z and A to Z Spaces are allowed Specifying an NAS ID is optional Port Access Control This parameter enables or disables Port Access Control Select one of the following choices from the pul...

Page 270: ...he pull down menu choices are as follows 802 1x 802 1x is specified as the authentication mode This setting applies to configuration for either RADIUS or Dial In User authentication For configuration...

Page 271: ...have to periodically reauthenticate after the initial authentication Reauthentication is still required if there is a change to the status of the link between a client and the switch or the switch is...

Page 272: ...t to the authorized state Transmission Period Sets the switch to client retransmission time for EAP request frames The range is 1 to 65535 seconds Quiet Period Sets the number of seconds that authenti...

Page 273: ...work access from a network device to an authentication protocol server The AT S112 Management software comes with RADIUS client software You can use the client software together with 802 1x port based...

Page 274: ...ndard Radius Client Configuration To configure the RADIUS client perform the following procedure 1 From the main menu on the left side of the page select the Security folder The Security folder expand...

Page 275: ...AT GS950 16PS Switch Web Interface User s Guide 275 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Page 276: ...se the user name and password combinations are entered with an optional VLAN when they are defined Based on these entries the authentication process of a supplicant is done locally by the AT S112 Mana...

Page 277: ...will be ignored 6 Click the Add button The Dial in User page is refreshed See Figure 111 Figure 111 Dial In User Page Example 7 To permanently save these settings in the configuration file select Sav...

Page 278: ...ash from the main menu to permanently save your changes Delete a Dial in User To delete a dial in user perform the following procedure 1 From the main menu on the left side of the page select the Secu...

Page 279: ...e prevents the switch from forwarding it and drops the packet You may want to block access to a device within your organization For instance you may not want users on the Sales group switch to have ac...

Page 280: ...s the Destination MAC Filter Page is updated with the MAC address 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete Destinati...

Page 281: ...81 3 Select the Delete button next to the MAC address that you want to delete The MAC address is removed from the MAC address table 4 From the main menu on the left side of the page select Save Config...

Page 282: ...Chapter 21 Security 282...

Page 283: ...procedures to configure the PoE feature on each port The sections in this chapter include Overview on page 284 PoE Configuration on page 286 Note To permanently save your new settings or any changes t...

Page 284: ...er network devices is referred to as power sourcing equipment PSE The AT GS950 16PS switch is a PSE device which provides DC power to the network cable and functions as a central power source for othe...

Page 285: ...on the port number in ascending order For example when all of the ports in the switch are set to the low priority level and the power requirements are exceeded on the switch port 1 has the highest pri...

Page 286: ...er Over Ethernet Configuration Page The Power Over Ethernet Configuration page displays the PoE status and allows you to configure PoE feature with the following parameters Port Indicates the port wit...

Page 287: ...y Low High or Critical For more details see Port Prioritization on page 285 Power mW Indicates the Power in milliwatts that the port is supplying power to the PD Voltage V Indicates the Voltage in vol...

Page 288: ...Chapter 22 Power Over Ethernet PoE 288...

Page 289: ...289 Chapter 23...

Page 290: ...g configuration This chapter contains the following sections Overview on page 291 General Configuration on page 294 VLAN Setting on page 296 Trusted and Untrusted Port Configuration on page 298 Bindin...

Page 291: ...the following ways Directly to the legitimate trusted DHCP Server A network device relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enable...

Page 292: ...on untrusted ports do not accept DHCP packets originating form a DHCP server and immediately drop them when they are detected The DHCP packets types that are not accepted are DHCPOFFER and DHCPACK How...

Page 293: ...etwork device relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enabled Untrusted ports are connected to DHCP clients and to traffic that o...

Page 294: ...is parameter activates the DHCP Snooping feature on the AT GS950 16PS switch Disabled This parameter de activates the DHCP Snooping feature on the AT GS950 16PS switch 4 From the Pass Through Option 8...

Page 295: ...The AT S112 Management Software does not save a backup copy of the Binding Table to flash 7 Select an interval of time for the Database Update Interval field The range of this interval is 600 to 8640...

Page 296: ...xpands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings page is displayed See Figure 116 Figure 116 DHCP Snooping VLAN Settings Page 3 In the VLAN ID field enter a VLAN ID that h...

Page 297: ...AN ID do the following 1 From the main menu on the left side of the page select DHCP Snooping The DHCP Snooping folder expands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings pa...

Page 298: ...usted Interfaces A partial view of the AT GS950 16PS Trusted Interfaces page is displayed See Figure 117 Figure 117 AT GS950 16PS Trusted Interfaces Page 3 From the Trust column select one of the foll...

Page 299: ...igure 118 Trusted Interfaces Page Example 5 If you choose to configure other switch ports as trusted or untrusted repeat steps 3 and 4 6 From the main menu on the left side of the page select Save Con...

Page 300: ...DHCP Snooping Binding Database on the AT GS950 16PS switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network 1 From th...

Page 301: ...namically assigned IP address from the DHCP server automatically populates the table on the Binding Database page You must enter statically assigned IP Addresses and their corresponding fields at the...

Page 302: ...assigned See Static IP Addresses on page 300 for more information Lease Time This parameter is the time that IP address assignment by the DHCP server is valid If the Page field located below the tabl...

Page 303: ...cted devices on the network and to store data that is learned about other devices This chapter provides the following information Overview on page 304 Global Configuration on page 305 Neighbors Inform...

Page 304: ...protocol That is the information transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not sol...

Page 305: ...ystem Information The LLDP port settings are on the bottom of the page 3 See Figure 121 for an example of a partial view of this page A partial view of the AT GS950 16PS LLDP Global Settings Page is d...

Page 306: ...be set to either enabled or disabled without affecting LLDP 4 Click the Apply button to the right of the either the Enable or Disable radio buttons The LLDP setting that you have selected is now activ...

Page 307: ...is macAddress You cannot change this parameter Chassis ID This parameter lists the MAC Address of the switch You cannot change this parameter System Name This parameter lists the System Name of the s...

Page 308: ...data packets To change the settings of all the ports to the same state select a state setting next to All In the Port column 3 In the Action column click the Apply button that corresponds to the port...

Page 309: ...hat the LLDP information is received from them Port This parameter specifies the AT GS950 16PS local port number where the LLDP information was received Chassis ID Subtype This parameter describes the...

Page 310: ...Chapter 24 LLDP 310...

Page 311: ...switch and its ports This chapter includes the following sections Overview on page 312 Traffic Comparison Statistics on page 313 Error Group Statistics on page 316 Historical Status Charts on page 31...

Page 312: ...affic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports You can select 12 statistic types and 12 colors for each port This chart is described in Tra...

Page 313: ...d 12 colors for each port To display traffic comparison statistics perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart...

Page 314: ...Discards Pkts Measures the number of inbound discarded packets in packets per second Inbound Errors Pkts s Measures the number of inbound errors in packets per second Outbound Octets Bytes s Measures...

Page 315: ...ect Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the traffic comparison graph select Draw 7 Fr...

Page 316: ...lay error group statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select Error Group The...

Page 317: ...nds 15 seconds 30 seconds 5 To select the color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Gree...

Page 318: ...ay historical status charts statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select His...

Page 319: ...kets per second Inbound Errors Pkts Measures the number of inbound errors in packets per second Outbound Octets Bytes Measures the number of outbound octet bits in bytes per second Outbound Unicast Pa...

Page 320: ...color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the...

Page 321: ...tion contains the following chapters Chapter 26 Software Configuration Updates on page 323 Chapter 27 Cable Diagnostics on page 335 Chapter 28 Rebooting the AT GS950 16PS on page 337 Chapter 29 Pingin...

Page 322: ...322...

Page 323: ...325 Upgrade Firmware Image via TFTP on page 327 Upload or Download a Configuration File via HTTP on page 329 Download or Upload a Configuration File via TFTP on page 332 Note For information about ho...

Page 324: ...theAT S112 Management software or upload or download your configuration file Using a web browser via HTTP Using a TFTP server To perform one of these operations using HTTP you only need to have acces...

Page 325: ...subnet mask assigned either manually or via DHCP For instructions on how to set the IP address and subnet mask on a switch see Configuration of IP Address Subnet Mask and Gateway Address on page 30 To...

Page 326: ...necessary Firmware File Enter the path and the firmware file name or click the Browse button and select the file name 4 To begin the upgrade process on the switch click Apply The software begins to do...

Page 327: ...ew AT S112 image file on the TFTP server Start the TFTP server software before you begin the download procedure Caution Downloading a new version of management software onto the switch causes the devi...

Page 328: ...e new software Image File Name The full name of the AT S112 file including the file extension you are downloading Retry Count The number of times the firmware upgrade is retried The range is 1 20 4 To...

Page 329: ...To enable a DHCP client see DHCP Client Configuration on page 45 To upload or download an AT S112 configuration file onto the switch using a web browser perform the following procedure 1 From the menu...

Page 330: ...new configuration file is different than the one you currently have in your browser URL you will loose connectivity with the AT S112 Management software on the AT GS950 16PS switch after the new conf...

Page 331: ...ct the Download button Select this button to download a configuration file from the switch to your PC The following window shown in Figure 130 is displayed Figure 130 File Download with HTTP 2 Click S...

Page 332: ...the following procedure 1 From the menu on the left side of the home page select the Tools folder The Tools folder expands 2 From the Tools folder select the Config File Upload Download folder The Co...

Page 333: ...r the new configuration file is loaded If this is the case you can identify the new IP address by using the ATI Web Discovery Tool See DHCP and ATI Web Discovery Tool on page 44 for more information C...

Page 334: ...Chapter 26 Software Configuration Updates 334...

Page 335: ...iguration file select Save Configuration to Flash from the main menu on the left side of the page To do these cable diagnostics perform the following procedure 1 From the main menu on the left side of...

Page 336: ...one pair of wires and another pair within the cable Cable Fault Distance This parameter specifies the distance from the switch port to the cable fault Cable Length This parameter specifies the length...

Page 337: ...iginal factory default settings There are two ways to accomplish this Press the front panel ecofriendly button for more than 10 seconds and release it Reboot the switch in the AT S112 management softw...

Page 338: ...e your changes All configuration parameters that have not been previously saved are lost After the switch is reboots they are reset to the values stored in the flash memory Caution This procedure caus...

Page 339: ...y Note Two additional options are available in the Reboot Type field The procedures for these options are described in Configure Factory Default Values 5 Click Apply The switch immediately begins to r...

Page 340: ...er part of the page to the Reboot section 4 In the Reboot Type field use the pull down menu to select one of the following options Normal This setting reloads all configuration parameters that are sav...

Page 341: ...ay settings are managed by the DHCP server 5 Click Apply The switch begins the reboot process You must wait approximately two minutes for the switch to complete the reboot process before you can re es...

Page 342: ...disabled However you can still reset the switch via the management software without affecting the switch s configuration The factory default reset can be enabled again by using the password that you...

Page 343: ...entering a password See Figure 134 Figure 134 Factory Default Reset Reboot Page with Password Entry 5 In the New Password field enter a password of up to 12 characters in length It is case sensitive T...

Page 344: ...choose to Enable it perform the following procedure 1 From the main menu on the left side of the page select the Tools folder The Tools folder expands 2 From the Tools folder select Reboot The Factor...

Page 345: ...ult Reset Reboot Page is displayed with the Factory Default Reset field Enabled See Figure 133 on page 338 In the Reboot section the Reboot Type field now includes the options presented in its pull do...

Page 346: ...Chapter 28 Rebooting the AT GS950 16PS 346...

Page 347: ...he switch through which the node is communicating with the switch must be an untagged or tagged member of the Default VLAN To ping a network device perform the following procedure 1 From the main menu...

Page 348: ...s click Show Ping Results A sample Ping Test Results Page is displayed See Figure 138 Figure 138 Ping Test Results Page The following information is displayed Destination IP Address Indicates the IP a...

Page 349: ...TI on page 352 General Guidelines on page 355 VLAN and MSTI Associations on page 356 Ports in Multiple MSTIs on page 357 Multiple Spanning Tree Regions on page 358 Associating VLANs to MSTIs on page 3...

Page 350: ...tagged ports which can handle traffic from multiple VLANs simultaneously The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resu...

Page 351: ...the following concepts and guidelines Like STP and RSTP you must activate this MSTP protocol on a switch and then configure the protocol parameters Note The implementation of MSTP in the management s...

Page 352: ...16PS switches each containing the two VLANs Sales and Production The ports of each VLAN on each switch are connected with a direct link using untagged ports If the switches were running STP or RSTP on...

Page 353: ...e VLANs Assigned to an MSTI A MSTI can contain more than one VLAN This is illustrated in Figure 141 on page 354 where there are two AT GS950 16PS switches with four VLANs There are two MSTIs each cont...

Page 354: ...the VLAN parts is made with tagged not untagged ports so that they can carry traffic from more than one virtual LAN Referring again to Figure 141 the tagged link in MSTI 1 is carrying traffic for both...

Page 355: ...one MSTI at a time A switch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTI s This is possible because a p...

Page 356: ...of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to only one insta...

Page 357: ...red to as generic parameters These are set just once on a port and apply to all the MSTI s where the port is a member One of these parameters is the external path cost which sets the operating cost of...

Page 358: ...e used to keep track of the revision level of a region s configuration For example you might use this value to maintain the number of times you revise a particular MSTP region It is important that eac...

Page 359: ...ndary port and the bridge connected to the port as belonging to another region The same is true for any ports connected to bridges running the single instance spanning tree STP Those ports are also co...

Page 360: ...ge for an entire bridged network MSTI priority is used only to determine the regional root for a particular MSTI The range for this parameter is the same as the RSTP bridge priority from 0 to 61 440 i...

Page 361: ...a regional root for locating loops in the instance MSTIs can share the same regional root or have different roots A regional root is determined by the MSTI Bridge Priority value and a bridge s MAC add...

Page 362: ...f it was assigned to an MSTI because only CIST is active outside of a region As mentioned earlier every MSTI must have a root bridge referred to as a regional root in order to locate loops that might...

Page 363: ...AN and has been assigned to MSTI ID 10 and port 8 is a member of VLAN 3 assigned to MSTI ID 10 The BPDUs transmitted by port 8 to switch B indicate that the port is a member of both CIST 0 and MSTI 15...

Page 364: ...sure that loop detection is based on MSTI not CIST 1 3 5 7 9 11 13 15 AT GS950 16PSGigabit Ethernet PoE Switch plus 1 3 5 7 9 11 13 15R 2 4 6 8 10 12 14 16R 15 16 1 3 5 7 2 4 6 8 9 11 13 15R 10 12 14...

Page 365: ...ged member of two different VLANs both associated to MSTI 12 If both switches were a part of the same region there would be no problem because the ports reside in different spanning tree instances How...

Page 366: ...The two regions share three VLANs Accounting Sales and Presales You can group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 12 a...

Page 367: ...STI and the forwarding state for another spanning tree instance A network can contain any number of regions and a region can contain any number of AT GS950 16PS switches The AT GS950 16PS switch can b...

Page 368: ...Appendix A MSTP Overview 368...

Page 369: ...6 1 4 1 207 1 4 203 System Name none 0 15 characters System Location none 0 30 characters System Contact none 0 30 characters System IP Setup IP Address 192 168 1 1 IPv4 address in xxx xxx xxx xxx he...

Page 370: ...ode Local Time SNTP Local Time Date Setting YYYY MM DD 2009 1 1 Time Setting HH MM SS 1 00 00 SNTP Primary Server 0 0 0 0 IPv4 address in xxx xxx xxx xxx format SNTP Secondary Server 0 0 0 0 IPv4 addr...

Page 371: ...tatus Disabled Enabled Disabled Time Stamp Enabled Enabled Disabled Messages Buffered Size 50 1 200 Syslog Server IP 0 0 0 0 IPv4 address in xxx xxx xxx xxx format Facility local0 local0 local 7 Loggi...

Page 372: ...TP Compatible RSTP Bridge Priority 0x8000 0x0000 0xF000 step 0x1000 Bridge Hello Time 2 seconds 1 10 seconds Bridge Maximum Age 20 seconds 6 40 seconds Bridge Forward Delay 15 seconds 4 30 seconds Por...

Page 373: ...onds Maximum Hop Count 20 6 40 Transient Hold Count 3 1 10 MSTP Instance ID none 1 31 Mapped VLAN none Path Cost 20000 1 200 000 000 Priority 128 0 240 16 steps PointToPoint Status Auto Auto ForceTrue...

Page 374: ...68 32768 System ID MAC Address of AT GS950 16PS switch Port Priority 0 0 255 Bridge Mirroring Mirroring Status Disabled Enabled Disabled Mirroring Port All 1 16 Ingress Mirrored Port All 1 16 All 1 16...

Page 375: ...D 1 4000 Port Based VALN Index ID 1 52 Group MAC Address none 01 00 5E 00 01 00 01 00 5E 7F FF FF Group Member All 1 16 Static Multicast group number 256 entries shared with IGMP Snooping Bridge IGMP...

Page 376: ...Status Disabled Enabled Disabled VLAN Mode All ports 802 1Q Tagged VLAN 802 1Q Tagged VLAN or Port Based VLAN on any port Tagged VLAN ID none 2 4000 Tagged VLAN Name none 0 32 characters Tagged Manag...

Page 377: ...inTime 200 milli seconds 10 1073741810 milli seconds GarpLeaveTime 600 milli seconds 30 2147483630 milli seconds GarpLeaveAllTime 10000 milli seconds 40 2147483640 milli seconds Bridge QoS QoS Status...

Page 378: ...Version v1 v1 v2c v3 encrypted not checked not checked checked Auth Protocol MD5 MD5 SHA Password none Priv Protocol DES DES none Password none SNMP Community Table Community Name none User Name View...

Page 379: ...63 Protocol none 1 255 Source IP Address none IPv4 address in xxx xxx xxx xxx hex format Source IP Mask Length none 1 32 Destination IP Address none IPv4 address in xxx xxx xxx xxx hex format Destinat...

Page 380: ...port 1 ports 1 16 NAS ID Nas1 1 16 characters Authentication Method RADIUS RADIUS Local Port Number port 1 ports 1 16 Policy Index none 1 65535 Classifier Index none 1 65535 Policy Sequence none 1 64...

Page 381: ...larms Falling Event Index none 1 65535 Alarms Owner none Event Index Nas1 1 65535 Event Description none Event Type None None Log SNMP Trap Log and Trap Event Community none Event Owner none Voice VLA...

Page 382: ...DIUS Accounting Port 1813 1 65535 RADIUS Shared Secret none 1 20 characters Destination MAC Filter MAC Address none Rule 1 Not support Multicast Mac address 01 xx xx xx xx xx 2 Not support VRRP Mac ad...

Page 383: ...none xx xx xx xx xx xx hex format Binding Database IP Address none IPv4 address in xxx xxx xxx xxx hex format Binding Database VLAN none Binding Database Port port 1 All 1 16 Binding Database Type Dy...

Page 384: ...Historical Status Statistics Inbound Octet Rate Bytes s 12 statistics Historical Status Auto Refresh 5 seconds 5 10 15 30 seconds Historical Status Port 1 ports 1 16 Historical Status Color Green 12 c...

Page 385: ...39 characters special characters are dependent on OS file name limitation Cable Diagnostics Port 1 ports 1 16 LED ECO Mode Disable Enable Disable Reboot Factory Default Reset Enable Enabled Disabled R...

Page 386: ...Appendix B AT GS950 16PS Default Parameters 386...

Reviews:

No comments

Related manuals for AT-GS950/16PS

Brand: GE Pages: 6

Brand: Paradyne Pages: 16

Brand: ICP DAS USA Pages: 8

Brand: Conceptronic Pages: 230

Brand: Cowfish Technologies Pages: 38

Brand: Dahua Pages: 113

Brand: Fluke Pages: 102

Brand: Wave wifi Pages: 3

DUAL Nx56/64 1200142L1#

Brand: ADTRAN Pages: 48

Sporlan Division SCS-PB Series

Brand: Parker Pages: 10

Brand: Avaya Pages: 2

GigaVUE H Series

Brand: Gigamon Pages: 55

Brand: Waveshare Pages: 27

Brand: Waveshare Pages: 23

Brand: Umniah Pages: 12

TransPort WR44 v2

Brand: Digi Pages: 32

RouterBOARD 493

Brand: 4gon Pages: 2

Brand: KTI Networks Pages: 21

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands