manualshive.com logo in svg

Allied Telesis AT-GS950/24, User Manual

The Allied Telesis AT-GS950/24 is a high-performance network switch designed for businesses. To ensure seamless setup and configuration, a comprehensive User Manual has been provided. You can effortlessly download the manual for free from our website, manualshive.com, to maximize the full potential of this remarkable product.

Share
Download
background image

Chapter 18: Security

246

Port Access Control

This section contains information and configuration procedures for the 
Port-based Access Control. This section includes the following sections: 

“Overview” on page 246

“Port Access Control Configuration” on page 247

Note

After configuring the Port-based Network Access Control, you can 
choose to use either the local authentication server in the AT-S109 
Version 1.1.0  for 802.1x authentication or a remote RADIUS server 
for 802.1x authentication. See “Dial-in User - Local Authentication” 
on page 254 or “RADIUS Client” on page 251.

Overview

Port-based Network Access Control (IEEE 802.1x) is used to control who 
can send traffic through and receive traffic from a switch port. With this 
feature, the switch does not allow an end node to send or receive traffic 
through a port until the user of the node logs on by entering a user name 
and password.

This feature can prevent an unauthorized individual from connecting a 
computer to a port or using an unattended workstation to access your 
network resources. Only those users to whom you have assigned a user 
name and password are able to use the switch to access the network.

This feature can be used with one of two authentication methods:

The RADIUS authentication protocol requires that a remote 
RADIUS server is present on your network. The RADIUS server 
performs the authentication of the user name and password 
combinations. See “Port Access Control Configuration” on 
page 247 and “RADIUS Client” on page 251 for more information.

The Dial-in User (local) authentication method allows you to set up 
the authentication parameters internally in the switch without an 
external server. In this case, the user name and password 
combinations are entered in the associated with an optional VLAN 
when they are defined. Based on these entries, the authentication 
process is done locally by the AT-S109 Version 1.1.0  using a 
standard EAPOL transaction.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions 
is the only supported authentication server for this feature. 

Summary of Contents for AT-GS950/24

Page 1: ...613 001490 Rev A AT GS950 24 Gigabit Ethernet Smart Switch AT GS950 24 Web Users Guide AT S109 Version 1 1 0 1 00 043 ...

Page 2: ...respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesis Inc be liable for any incidental special indirect or consequential damages whatsoever including but not limited to lost profits ari...

Page 3: ... List Configuration 28 Create an IP Access List 28 Delete an IP Address List Entry 30 System Time 31 Manually Setting System Time 31 Setting SNTP 32 Setting Daylight Savings Parameters 33 DHCP and ATI Web Discovery Tool 34 DHCP Client Configuration 35 DHCP Auto Configuration 37 System Management Information 38 User Name and Password Configuration 40 Add New User Name and Password 40 Modify User Na...

Page 4: ...sed VLAN 92 Delete a Port Based VLAN 92 Chapter 6 GVRP 95 Overview and Guidelines 96 General Configuration 97 Port Settings 98 Time Settings 100 Chapter 7 Voice VLAN 103 Overview 104 CoS with Voice VLAN 104 Organization Unique Identifier OUI 104 Dynamic Auto Detection vs Static Ports 105 General Guidelines 107 Configuration 108 OUI Setting 111 Create OUI Setting 111 Modify OUI Setting 112 Delete O...

Page 5: ...xample 164 Port Priority Configuration 166 Chapter 12 Quality of Service CoS 167 Overview 168 Packet Priority 168 Egress Queue vs Packet Priority Mapping 169 Prioritizing Untagged Packets 170 Scheduling 170 Mapping CoS Priorities to Egress Queues 173 Associate Ports to CoS Priorities 175 Associate DSCP Classes to Egress Queues 176 Queue Scheduling Algorithm 177 Chapter 13 Access Control Configurat...

Page 6: ...onfiguration 222 Modify Static Multicast Address 224 Delete Static Multicast Address 225 Chapter 16 DHCP Snooping 227 Overview 228 Trusted Ports 228 Untrusted Ports 228 Unauthorized DHCP Servers 228 DHCP with Option 82 229 General Guidelines 230 General Configuration 231 VLAN Setting 233 Create VLAN Setting 233 Modify VLAN Setting 234 Delete VLAN Setting 234 Trusted and Untrusted Port Configuratio...

Page 7: ... and Group Names 270 SNMPv1 v2 Community Strings 271 Create SNMPv1 v2 Community Strings 271 Modify SNMPv1 v2 Community Strings 272 Delete SNMPv1 v2 Community Strings 272 SNMP Traps 273 Create Trap Host Table Entry 273 Modify Trap Host Table Entry 274 Delete Trap Host Table Entry 274 Chapter 21 Simple Network Management Protocol SNMPv3 275 SNMPv3 Overview 276 SNMPv3 Authentication Protocols 276 SNM...

Page 8: ...load or Upload a Configuration File via TFTP 320 Configuration File Upload 320 Configuration File Download 321 Chapter 25 Loopback Protection 323 Configuration 324 Status 326 Chapter 26 Cable Diagnostics 327 Appendix A MSTP Overview 329 Overview 330 Multiple Spanning Tree Instance MSTI 332 Resolving VLAN Fragmentation 332 Multiple VLANS Assigned to an MSTI 333 General Guidelines 335 VLAN and MSTI ...

Page 9: ...igure 25 AT GS950 24 Tagged VLAN Page 83 Figure 26 Example of AT GS950 24 Tagged VLAN Page 85 Figure 27 AT GS950 24 Modify VLAN Page 85 Figure 28 AT GS950 24 VLAN Port Setting Page 89 Figure 29 Port Based VLAN Page 91 Figure 30 AT GS950 24 Modify Port based VLAN 92 Figure 31 GVRP Global Configuration Page 97 Figure 32 AT GS950 24 Port Settings Page 98 Figure 33 AT GS950 24 GVRP Time Setting Page 1...

Page 10: ... 210 Figure 79 AT GS950 24 Ingress Rate Limiting Page 212 Figure 80 AT GS950 24 Egress Rate Limiting Page 214 Figure 81 AT GS950 24 Static Unicast Address Table Page 218 Figure 82 AT GS950 24 Static Multicast Address Table Page 222 Figure 83 General Settings Page 231 Figure 84 DHCP Snooping VLAN Settings Page 233 Figure 85 AT GS950 24 Trusted Interfaces Page 235 Figure 86 AT GS950 24 Binding Datab...

Page 11: ...Figure 116 AT GS950 24 Loopback Detection Page 324 Figure 117 Cable Diagnostics Page 327 Figure 118 VLAN Fragmentation with STP or RSTP 332 Figure 119 MSTP Example of Two Spanning Tree Instances 333 Figure 120 Multiple VLANs in a MSTI 334 Figure 121 Multiple Spanning Tree Region 339 Figure 122 CIST and VLAN Guideline Example 1 343 Figure 123 CIST and VLAN Guideline Example 2 344 Figure 124 Spannin...

Page 12: ...Figures 12 ...

Page 13: ...to Priority Queues 169 Table 4 Customized Mappings Priority Levels to Priority Queues 169 Table 5 Example of Weighted Round Robin Priority 172 Table 6 Traffic Comparison Options 304 Table 7 Historical Status Options 309 Table 8 Regional Bridge Priority Value Increments 340 Table 9 AT S109 Version 1 1 0 Management Software Default Settings 349 ...

Page 14: ...List of Tables 14 ...

Page 15: ...Gigabit Ethernet Smart Switch The AT S109 Version 1 1 0 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application This preface contains the following sections Where to Find Web based Product Information on page 16 Contacting Allied Telesis on page 17 ...

Page 16: ... Web based Product Information The product guides are available for all Allied Telesis products in portable document format PDF on our web site Management software updates are also available Go to www alliedtelesis com support ...

Page 17: ...dware warranty information refer to the Allied Telesis web site at www alliedtelesis com support warranty Returning Products Products for return or repair must first be assigned a return materials authorization RMA number A product sent to Allied Telesis without an RMA number will be returned to the sender at the sender s expense To obtain an RMA number contact the Allied Telesis Technical Support...

Page 18: ...Preface 18 ...

Page 19: ...starting using and quitting a web browser management session on the AT GS950 24 switch This chapter includes the following sections Establishing a Remote Connection to the Web Browser Interface on page 20 Web Browser Tools on page 23 Quitting a Web Browser Management Session on page 24 ...

Page 20: ...h to obtain its IP configuration from a DHCP server refer to DHCP Client Configuration on page 35 Whether you use the pre assigned IP address or assign a new one you must set your local PC to the same subnet as the switch To start a web browser management session perform the following procedure 1 Start your web browser 2 In the URL field of the browser enter 192 168 1 1 This is the default IP addr...

Page 21: ... AT GS950 24 Switch Information page is displayed See Figure 3 Note To change the user name and password refer to User Name and Password Configuration on page 40 Figure 3 AT GS950 24 Switch Information Page The main menu appears on the left side and is common for all of the management pages discussed in this manual It consists of the following folders and web pages Switch Info Front Panel System P...

Page 22: ... displays the front of the switch Ports are green that have a link to an end node Ports without a link are grey The AT GS950 24 switch front panel page is shown in Figure 4 Figure 4 AT GS950 24 Front Panel Page A web browser management session remains active even if you link to other sites You can return to the management web pages anytime as long as you do not quit your browser session or the man...

Page 23: ...eb Browser Tools You can use the web browser tools to move around the management pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s Bookmark feature to save the link to the switch ...

Page 24: ...Chapter 1 Starting a Web Browser Session 24 Quitting a Web Browser Management Session To exit a web browser management session close the web browser ...

Page 25: ...overy Tool on page 34 DHCP Client Configuration on page 35 DHCP Auto Configuration on page 37 System Management Information on page 38 User Name and Password Configuration on page 40 User Interface Configuration on page 43 System Information Display on page 45 Switch Reboot on page 47 Pinging a Remote System on page 54 SSL Settings on page 56 System Log Configuration on page 58 Note To permanently...

Page 26: ...perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP Setup The IP Setup Page is displayed See Figure 5 Figure 5 IP Setup Page 3 Change the IP configuration parameters by observing or entering new information in the following fields System MAC Address This parameter displays the MAC add...

Page 27: ...pply Note Changing the IP address ends your management session To resume managing the device enter the new IP address of the switch in the web browser s URL field as shown in Figure 1 on page 20 5 After you log on to the switch with the new IP address select Save Configuration to Flash from the main menu on the left side of the page to save the new IP address to memory Caution If you do not select...

Page 28: ...IP Address List Entry on page 30 Note To modify IP address that has already been created it must first be deleted and them re created using the following procedures Create an IP Access List To create a list of accessible IP addresses perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP...

Page 29: ...AT GS950 24 Web Interface User Guide 29 Note You can add up to 10 IP address to the IP Access List table ...

Page 30: ...eft side of the page select Save Configuration to Flash to permanently save your changes Delete an IP Address List Entry To delete an IP address from the IP Access List perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP Access List The IP Access List Page is displayed See Figure 6 on...

Page 31: ...llowing sections Manually Setting System Time on page 31 Setting SNTP on page 32 Setting Daylight Savings Parameters on page 33 Manually Setting System Time To set the system time manually perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select System Time The System Time Page is displayed S...

Page 32: ...cedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select System Time The System Time Page is displayed See Figure 7 on page 31 3 Use the pull down menu to set the Clock Mode parameter to SNTP 4 Enter the IP address of the SNTP Primary Server The format is xxx xxx xxx xxx 5 Enter the IP address of the SNTP Secondary S...

Page 33: ...Figure 7 on page 31 3 In the Daylight Savings Time Status field select Enabled 4 Specify the Month Day Hour and Minute when Daylight Savings will take effect in the From time fields 5 Specify the Month Day Hour and Minute when Daylight Savings will end in the To time fields 6 Using the pull down menu specify the Daylight Savings offset in the DST Offset field You can select either 1 hr or 1 2 hr 7...

Page 34: ...owser When the DHCP feature is enabled a DHCP server automatically assigns an IP address which is not advertised over the network As a consequence you do not know what IP address has been assigned to the switch Note The new IP address assignment from the DHCP server may take one to two minutes before the process is completed Fortunately there is an ATI Web Discovery Tool available that resolves th...

Page 35: ...P address can be discovered using the ATI Discovery Tool See DHCP and ATI Web Discovery Tool on page 34 for more information To activate or deactivate the DHCP client on the switch perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP Setup The IP Setup Page is shown in Figure 5 on page...

Page 36: ...nabled the software reverts to the previously saved IP address value when the switch is power cycled or rebooted If no IP address has been previously saved the IP address value reverts to 192 168 1 1 If you enable DHCP and then save your configuration you are saving the DHCP setting Enabled The next time the switch boots up it will use the DHCP process to establish the IP address used to manage th...

Page 37: ...e System folder expands 2 From the System folder select System The DHCP Auto Configuration Settings Page is shown in Figure 8 Figure 8 DHCP Auto Configuration Settings Page 3 From the Auto Configuration State field select one of the following choices from the pull down menu Enable The DHCP Auto Configuration feature is active Note You must enable the DHCP client so that this feature can operate wi...

Page 38: ...It can also help to avoid performing a configuration procedure on the wrong switch To set a switch s administration information perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select Management The Management Page is displayed See Figure 9 for the AT GS950 24 Management Page Figure 9 AT GS9...

Page 39: ...tem Contact Specifies the name of the network administrator responsible for managing the switch This contact name is optional and may contain up to 30 characters 4 Click Apply 5 From the main menu on the left side of the page click on Switch Info The Switch Information page is displayed See AT GS950 24 Switch Information Page on page 21 for more information 6 From the main menu on the left side of...

Page 40: ...Name and Password on page 42 Add New User Name and Password The default User Name and Password is manager and friend both without the quotes To configure new User Name and Password information perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select Administration The Administration Page is d...

Page 41: ...left side of the page click the System folder The System folder expands 2 From the System folder select Administration The Administration Page is shown in Figure 10 on page 40 3 Identify the user name that you want to change and click Modify in the Action column The Modify Administration Page is displayed See Figure 11 Note The default user name cannot be modified or deleted The default password c...

Page 42: ...r expands 2 From the System folder select Administration The Administration Page is shown in Figure 10 on page 40 3 Identify the user name that you want to delete and click Delete The user name is removed from the Administration table Note The default user name cannot be modified or deleted The default password can be modified 4 From the main menu on the left side of the page select Save Configura...

Page 43: ...n only The Web Server cannot be disabled SNMP Interface To enable or disable the AT GS950 24 SNMP interface perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select User Interface The User Interface Page is displayed See Figure 12 Figure 12 User Interface Page 3 Choose Enable or Disable from ...

Page 44: ...ration to Flash to permanently save your changes User Interface Timeout To set the Web Idle Timeout perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select User Interface The User Interface Page is displayed See Figure 12 on page 43 3 Refer to the bottom portion of the web page Enter the Web...

Page 45: ...witch Information Page is displayed See Figure 13 Figure 13 AT GS950 24 Switch Information Page The Switch Information Page displays the following information System Up For The number of days hours and minutes that the switch has been running since it was last rebooted Runtime Image The version number of the runtime firmware Boot Loader The version number of the bootloader firmware Hardware Inform...

Page 46: ...system IP address Refer to Configuration of IP Address Subnet Mask and Gateway Address on page 26 to manually assign an IP address or DHCP Client Configuration on page 35 to activate the DHCP client Subnet Mask This parameter displays the subnet mask for the switch Refer to Configuration of IP Address Subnet Mask and Gateway Address on page 26 to manually assign a subnet mask or DHCP Client Config...

Page 47: ... listed in AT GS950 24 Default Parameters on page 349 Password Protection of Factory Reset If your switch is located in a controlled environment such as a locked switching closet or limited access equipment room it may be desirable to have the ability to easily reset the switch to factory defaults at any time by using either the front panel ecofriendly switch or the AT S109 Version 1 1 0 managemen...

Page 48: ... Version 1 1 0 Management software configuration from flash memory Insure that your current configuration is saved before rebooting the switch by selecting Save Configuration to Flash from the main menu on the left side of the page to permanently save your changes All configuration parameters that have not been previously saved are lost After the switch is reboots they are reset to the values stor...

Page 49: ...the AT S109 Version 1 1 0 Management software and configuration parameters This process takes approximately two minutes to complete You can not manage the device during the reboot After the reboot is finished you can log in again if you want to continue to manage the switch Configure Factory Default Values This procedure returns all AT S109 Version 1 1 0 Management software parameters to their fac...

Page 50: ...ection Factory Default Resets all switch parameters to the factory default settings including the IP address subnet mask and gateway address Caution This setting will cause the IP address to be reset to 192 168 1 1 You will loose connectivity with the switch management software after the reboot is completed and you can login again with this IP address Factory Default Except IP Address Resets all s...

Page 51: ...part of the page You will find a field called Factory Default Reset This selection allows you to reset the switch configuration to the factory default settings given in MSTP Overview on page 329 by using the Reboot procedures outlined in Configure Factory Default Values on page 49 4 To disable the factory default reset feature select Disable on the pull down menu of the Factory Default Reset field...

Page 52: ...physical front panel ecoFriendly button 8 Click Accept on the message The Factory Default Reset page changes and displays the Factory Default Reset feature as Disabled See Figure 16 Figure 16 Factory Default Reset Disabled Page 9 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Enabling Factory Default Reset If the Factory Default ...

Page 53: ...Page with Password Entry 5 Enter the same password that you defined when you previously set the Factory Default Reset field to Disable 6 Click Apply The initial Factory Default Reset Reboot Page is displayed with the Factory Default Reset field Enabled See Figure 14 on page 49 In the Reboot section the Reboot Type field now includes the options presented in its pull down menu for returning the swi...

Page 54: ...d or tagged member of the Default VLAN To ping a network device perform the following procedure 1 From the main menu on the left side of the page select the Tools folder The Tools folder expands 2 From the Tools folder select Ping The Ping Test Configuration Page is displayed See Figure 18 Figure 18 Ping Test Configuration Page 3 Configure the following parameters Destination IP Address The IP add...

Page 55: ...Figure 19 Ping Test Results Page The following information is displayed Destination IP Address Indicates the IP address of the unit that receives the ping Pass Indicates the percentage of times the ping passed Average Time Indicates the time in milliseconds the ping was received 6 Click Back to Ping Test to return to the Ping Test Configuration Page ...

Page 56: ... sessions that use the secure HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted When operating in this mode only the AT GS950 24 switch and the web browser are able to decipher the packets sent and received between them Configuring SSL To enable or disable the SSL protocol feature perform the ...

Page 57: ... Web Interface User Guide 57 4 Click Apply The SSL setting that you have selected is now active 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 58: ...vide vital information about system activity that can help in the identification and solutions of system problems To configure the System log perform the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select System Log Configuration The System Log Configuration Page is displayed See Figure 21 Figure 2...

Page 59: ...of 0 0 0 0 no server is specified 7 In the Facility field enter the Facility local from the pull down menu The choices range from local0 through local7 8 Select the Logging Level This parameter specifies what level of event messages will be logged into the System log Your choices are as follows 0 Emergency The system is unusable 1 Alert Action must be taken immediately 2 Critical Critical conditio...

Page 60: ...Chapter 2 Basic Switch Configuration 60 ...

Page 61: ...re that explains how to view and change the port settings This chapter includes the following sections Overview on page 62 Display and Configure Ports on page 63 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 62: ...ics of an AT GS950 24 switch You can display and modify the settings of all the ports on one web page The port characteristics that are displayed are Trunk Group Number Port type Link Status Admin Status Duplex Mode Jumbo frame Flow control EAP Pass BPDU frame These characteristics are described in the next section ...

Page 63: ...table The parameters are defined as follows Port Specifies the port number The All value indicates ports 1 through 24 on the AT GS950 24 switch You cannot change this parameter Note You can use the All row value in the Port column to set the Admin Status Mode Jumbo Flow Ctrl EAP Pass and BPDU fields to the same values for all ports at the same time In the All row when you select Ignore Enable or D...

Page 64: ... the port to resume normal operation after the problem has been fixed You can also disable an unused port to secure it from unauthorized connections The possible values are Ignore This parameter applies to the All row only and i Indicates that the Admin Status field must be set individually for each port Enabled This parameter indicates the port is able to send and receive Ethernet frames Disabled...

Page 65: ...50 24 Web Interface User Guide 65 Note When QoS is enabled on a port the Jumbo frame parameter can not be enabled To enable or disable QoS see Mapping CoS Priorities to Egress Queues and CoS Page on page 173 ...

Page 66: ...ration in full duplex mode 1000 Half This parameter i Indicates the port is configured for 1000Mbps operation in half duplex mode 100 Half This parameter i Indicates the port is configured for 100Mbps operation in half duplex mode 10 Half This parameter i Indicates the port is configured for 10Mbps operation in half duplex mode When selecting a Mode setting the following points apply When a twiste...

Page 67: ...at the port is able to send and receive EAP packets Disabled This parameter indicates that the port is disabled and is not able to send or receive EAP packets BPDU This parameter reflects the current BPDU setting on the port The possible values are Ignore This parameter indicates that the All setting does not apply to the BPDU field In other words each port is set individually Enabled This paramet...

Page 68: ...Chapter 3 Port Configuration 68 ...

Page 69: ...gress and egress traffic on a port by having the traffic copied to another port This chapter contains the following sections Overview on page 70 Port Mirroring Configuration on page 71 Disable Port Mirroring on page 73 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 70: ...he mirroring port Observe the following guidelines when you create a port mirror You can select more than one source port at a time However the more ports you mirror the less likely the mirroring port is able to handle all the traffic For example if you mirror the traffic of six heavily active ports the destination port is likely to drop packets meaning that it does not provide an accurate mirror ...

Page 71: ...on parameters become active on the page Disable This parameter de activates the Port Mirroring feature and the rest of the configuration parameters become inactive on the page 4 Click Mirroring Port and from the pull down menu select the port 5 For the source port select the port s whose ingress egress or both ingress and egress traffic you want to monitor A check in a box indicates the Ingress or...

Page 72: ...Chapter 4 Port Mirroring 72 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 73: ...t Mirroring The Mirroring page is shown in Figure 23 on page 71 3 From the Status field select Disable and click Apply Port mirroring is immediately disabled on the switch and the parameters on the web page become inactive You can now use the mirroring port for regular network operations 4 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your c...

Page 74: ...Chapter 4 Port Mirroring 74 ...

Page 75: ...sign Ports to a VLAN Mode on page 81 Tagged VLAN Configuration on page 83 Port Based VLAN Configuration on page 91 Modify a Port Based VLAN on page 92 Delete a Port Based VLAN on page 92 Note The Voice VLAN feature is not covered in this section For more information see Voice VLAN on page 103 Note To permanently save your new settings or any changes to the configuration file select Save Configurat...

Page 76: ...se traffic stays within the separate logical LAN segment of the VLAN The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic that is not destined for them It also frees up bandwidth within all the logical workgroups In addition because each VLAN constitutes a separate broadcast domain broadcast traffic remains within the VLAN and is no...

Page 77: ...dependent traffic domain This type of VLAN is independent of the header information including VLAN tags in a frame Traffic generated by the end nodes of a VLAN remains within the VLAN and does not cross over to the end nodes of other VLANs unless there is an interconnection device such as a router or Layer 3 switch A port based VLAN is a group of ports on the switch that form a logical Ethernet se...

Page 78: ...d by tag information within the frames that are received on a port and the VLAN configuration of each port The VLAN information within an Ethernet frame is referred to as a tag and is contained in a tagged header for the frame A tag which follows the source and destination addresses in a frame contains the VLAN ID of the VLAN to which the frame belongs IEEE 802 3ac standard This number uniquely id...

Page 79: ...ithin the packet is maintained when it is transmitted to the next network device If the packet is transmitted from an untagged port the VLAN tag information is removed from the packet before it is transmitted to the next network device The IEEE 802 1Q standard describes how tagging information within a packet is used to forward or discard traffic throughout the switch If the incoming packet has a ...

Page 80: ...unique name to each tagged VLAN Each tagged VLAN must be assigned a unique VLAN ID If a particular VLAN spans multiple switches each part of the VLAN on the different switches must be assigned the same VLAN ID A tagged port can be a member of multiple VLANs The AT GS950 24 Gigabit Ethernet Smart Switch can support up to 255 tagged VLANs per switch ...

Page 81: ...efault VLAN is permanent and must have at least one untagged port assigned to it at any time To assign ports to a 802 1Q Tagged VLAN or Port Based VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select VLAN The VLAN folder expands 3 From the VLAN folder select VLAN Mode The VLAN Mode Page is dis...

Page 82: ...on click Restore Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration the Restore button will not be active for those port assignments 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 83: ...LAN the frame is discarded You can create and delete tagged VLANs by following the procedures in the following sections Create a Tagged VLAN Modify a Tagged VLAN on page 84 Delete a Tagged VLAN on page 87 Create a Tagged VLAN To create a tagged VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder sel...

Page 84: ...is only an untagged member of VLAN 1 and not a tagged member of another VLAN Disable This parameter disables Management VLAN on this VLAN If you change this parameter from Enable to Disable the Management VLAN is still enabled on the DefaultVLAN Note The Management VLAN is always Enabled on the untagged ports of the DefaultVLAN It cannot be disabled on the DefaultVLAN 7 To assign ports to the VLAN...

Page 85: ... the bottom of Figure 26 on page 85 Figure 26 Example of AT GS950 24 Tagged VLAN Page 4 In the VLAN Action column click Modify in the row of the VLAN that you want to change The Modify VLAN Page is displayed see Figure 27 Figure 27 AT GS950 24 Modify VLAN Page 5 You cannot modify the VLAN ID on this web page If you want to delete the VLAN ID go to Delete a Tagged VLAN on page 87 for more informati...

Page 86: ...Chapter 5 Virtual LANs 86 6 To change the VLAN Name type a new VLAN Name in the VLAN Name field For more information about this field refer to VLAN Name on page 77 ...

Page 87: ...atically Note The Management VLAN is always Enabled on the DefaultVLAN and cannot be disabled 8 To change the port selections click on the port numbers labeled either Static Tagged or Static Untagged 9 Click Apply 10 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete a Tagged VLAN To delete a tagged VLAN perform the following ...

Page 88: ...hapter 5 Virtual LANs 88 Note You cannot delete the Default VLAN which has a VID of 1 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 89: ...anation of the PVID parameter see the Port VLAN Identifier section in VLAN Overview on page 76 4 Set the Acceptable Frame Type to one of the following choices from the pull down menu All This selection allows all incoming ingress frames presented to the port to enter the switch Tagged This selection allows only tagged frames presented to the port to enter the switch Untagged frames are discarded a...

Page 90: ... port 6 Click Apply The port configuration becomes effective 7 If you need to configure other ports of the switch for the VLAN Port Settings repeat steps 4 through 7 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 91: ...ate a port based VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select VLAN The VLAN folder expands 3 From the VLAN folder select Port Based VLAN The Port Based VLAN Page is displayed See Figure 29 Figure 29 Port Based VLAN Page 4 To assign a VLAN Index type a VLAN ID in the VLAN Index field Ch...

Page 92: ...the VLAN Action column click Modify next to the VLAN that you want to change The Modify Port based VLAN Page is displayed See Figure 30 Figure 30 AT GS950 24 Modify Port based VLAN 5 To change the name of the VLAN type a new name in the VLAN Name field Enter a value of up to 32 characters For more information about this field refer to VLAN Name on page 77 6 To assign ports to the VLAN click on the...

Page 93: ...age is shown in Figure 29 on page 91 4 In the VLAN Action column click Delete next to the VLAN that you want to delete A confirmation prompt is displayed 5 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot delete the Default VLAN which has a VID of 1 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 94: ...Chapter 5 Virtual LANs 94 ...

Page 95: ...95 Chapter 6 GVRP This chapter contains the following sections Overview and Guidelines on page 96 General Configuration on page 97 Port Settings on page 98 Time Settings on page 100 ...

Page 96: ...mic VLANs To be detected by GVRP a VLAN must have at least one active node or have at least one port with a valid link to an end node GVRP cannot detect a VLAN that does not have any active nodes or valid port links Resetting the switch erases all dynamic GVRP VLANs and dynamic GVRP port assignments The dynamic assignments are relearned by the switch as PDUs arrive on the ports from other switches...

Page 97: ...folder select GVRP Global Configuration The GVRP Global Configuration Page is displayed See Figure 31 Figure 31 GVRP Global Configuration Page 4 From the GVRP Status field select one of the following choices from the pull down menu Enable The GVRP feature is active Disable The GVRP feature is inactive 5 Click Apply The GVRP setting that you have selected is now active 6 From the main menu on the l...

Page 98: ...r defines the GVRP status of the port From the Dynamic Vlan Status field select one of the following choices from the pull down menu Ignore This parameter indicates that the setting in the All row does not apply to the Dynamic Vlan Status field In other words each port is set individually Enable The Dynamic Vlan is activated for the port row selected Disable The Dynamic Vlan is de active for the p...

Page 99: ...is de active for the port row selected 5 Once you have configured the parameters click Apply for the affected port 6 If you want to configure GVRP for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 100: ... 10 The acceptable input values are multiples of 10 If you try to enter a value that is not a multiple of 10 the value will be rounded down 4 The following fields are listed for each port Port This parameter displays the ports on the switch GarpJoinTime This parameter is the GARP Join Timer Its range is 10 1073741810 milli seconds GarpLeaveTime This parameter is the GARP Leave Timer Its range is 3...

Page 101: ...he GARP Join Timer GARP Leave Timer and GARP Leave All Timer on all participating GVRP devices in your network 5 Once you have configured the parameters click Apply for the affected port 6 If you want to configure the GVRP timers for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 102: ...Chapter 6 GVRP 102 ...

Page 103: ... delete a voice VLAN configuration This chapter contains the following sections Overview on page 104 General Guidelines on page 107 Configuration on page 108 OUI Setting on page 111 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 104: ...t the voice data packets are processed before other types of data so that the voice quality is maintained as the voice data passes through the AT GS950 24 switch Note For more information about how to configure these CoS parameters see Mapping CoS Priorities to Egress Queues on page 173 and Queue Scheduling Algorithm on page 177 Organization Unique Identifier OUI Each IP phone manufacturer can be ...

Page 105: ...agged or untagged ports that will serve as the voice VLAN uplink downlink By default a tagged or untagged port is a static member of a tagged VLAN Note See Create a Tagged VLAN on page 83 for more information about configuring a tagged VLAN with Not Member and Static ports The ports that you choose to configure as dynamic Auto Detection ports must be connected directly to an IP phone When you init...

Page 106: ...gured to be the same as the voice VLAN ID This will insure that all untagged packets entering the port are switched within the voice VLAN as the voice data passes through the AT GS950 24 switch If the IP phone s that you are installing cannot be configured with a VLAN ID then the switch ports should be configured as Static tagged ports within the voice VLAN Note Link Layer Discovery Protocol for M...

Page 107: ...c and cannot have the voice VLAN Auto Detection feature enabled IP phones that are not VLAN aware should be connected to Static tagged ports of the voice VLAN The voice VLAN uplink downlink port s must be configured as Static tagged or tagged ports Any Static tagged members of the voice VLAN are required to have the port VLAN ID PVID configured to be the same as the voice VLAN ID The Organization ...

Page 108: ... 24 switch To configure a voice VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select Voice VLAN The Voice VLAN folder expands 3 From the Voice VLAN folder select Voice VLAN Settings A partial view of the AT GS950 24 Voice VLAN Setting Page is displayed See Figure 34 Figure 34 AT GS950 24 Voice...

Page 109: ...es the amount of time in hours after the last IP phone s OUI was received on a port after which this port will be removed from the voice VLAN The range is 1 to 120 hours COS This parameter is CoS priority level assigned to the voice data packets received on each voice VLAN port Note For the COS priority to be effective QoS must be Enabled See Mapping CoS Priorities to Egress Queues on page 173 for...

Page 110: ...have the voice VLAN Auto Detection feature enabled The Status column displays Static for the member ports See Dynamic Auto Detection vs Static Ports on page 105 for more information 8 Click Apply in the Action column of the table 9 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 111: ... See Figure 35 Figure 35 Voice VLAN OUI Setting Page 4 Enter a text description that helps you identify the manufacturer s OUI in the User Defined OUI Description field This parameter can be up to 20 characters in length 5 Enter the MAC address in the User Defined OUI Telephony OUI field of one of the IP phones with the manufacturer s OUI described in step 4 6 Click Add The new OUI entry is displa...

Page 112: ...lder expands 2 From the Bridge folder select Voice VLAN The Voice VLAN folder expands 3 From the Voice VLAN folder select Voice VLAN OUI Setting The Voice VLAN OUI Setting Page is displayed See Figure 35 on page 111 4 To delete a specific OUI that had already been entered in the table at the bottom of the page click on Delete in the Action column of the table The specific OUI will be deleted from ...

Page 113: ...g Delay and Topology Changes on page 117 Mixed STP and RSTP Networks on page 119 Spanning Tree and VLANs on page 120 Basic STP and RSTP Configuration on page 123 Configure RSTP Port Settings on page 126 Spanning Tree Topology on page 131 For detailed information about STP refer to IEEE Std 802 1D For detailed information about RSTP refer to IEEE Std 802 1w Note To permanently save your new setting...

Page 114: ...case a main link fails Where the two protocols differ is in the time each takes to complete the process referred to as convergence When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to prevent data loops or activated to maintain communications between the various network s...

Page 115: ...he bridge priority number in the AT S109 Version 1 1 0 Management software You can designate which switch on your network as the root bridge by giving it the lowest bridge priority number You may also consider which bridge should function as the backup root bridge in the event you need to take the primary root bridge off line and assign that bridge the second lowest bridge identifier number The br...

Page 116: ...ocking state Path cost is determined by evaluating port costs Every port on a bridge participating in STP has a cost associated with it The cost of a port on a bridge is typically based on port speed The faster the port the lower the port cost The exception to this is the ports on the root bridge where all ports have a port cost of 0 Path cost is the sum of the port costs between a bridge and the ...

Page 117: ...oop could occur if a topology change is made before all bridges have been notified and that could adversely impact network performance To forestall the formation of temporary data loops during topology changes a port designated to change from blocking to forwarding passes through two additional states listening and learning before it begins to forward frames The amount of time a port spends in the...

Page 118: ...not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes The frequency with which the root bridge sends out a BPDU is called the hello time This is a value that you can set i...

Page 119: ...o it either directly or through another device connected to that port In this configuration since the port has no STP or RSTP devices connected to it it will always forward network traffic Figure 37 illustrates a port functioning as an edge port Figure 37 Edge Port Mixed STP and RSTP Networks RSTP IEEE 802 1w is fully compliant with STP IEEE 802 1d Your network can consist of bridges running both ...

Page 120: ... Chapter 9 Multiple Spanning Tree Protocol on page 133 The single spanning tree encompasses all ports on the switch If the ports are divided into different VLANs the spanning tree crosses the VLAN boundaries This can pose a problem in networks containing multiple VLANs that span two bridges and are connected with untagged ports In this situation spanning tree blocks a data link because it detects ...

Page 121: ... ports when you plan to have STP or RSTP enabled on your network If each port connecting the two bridges is a tagged member of all three VLANs then traffic for each of the VLANs can still flow through one the data links if the other two are blocked by Spanning Tree The second and third data links act as redundant links in case the primary unblocked data link becomes disabled See Figure 39 for an e...

Page 122: ...Chapter 8 STP and RSTP 122 Figure 39 STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports refer to Chapter 5 VLAN Overview on page 76 ...

Page 123: ...main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select the Spanning Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the RSTP folder The RSTP folder expands 4 Form the RSTP folder select RSTP The Rapid Spanning Tree Configuration Page is displayed See Figure 40 Figure 40 Rapid Spanning Tree Configuration Pag...

Page 124: ...TP compatible and then click Apply at the top of the page In the middle section of the page the following fields are listed Note You cannot change these fields Root Port The active port on the switch that is communicating with the root bridge If the switch is the root bridge for the LAN then there is no root port and the root port parameter is set to 0 Root Path Cost The sum of all the root port c...

Page 125: ...t bridge when two or more bridges have the same bridge priority You cannot change this parameter Bridge Priority The priority number for the bridge in hexadecimal format This number is used to determine the root bridge for RSTP The bridge with the lowest priority number is selected as the root bridge If two or more bridges have the same priority value that is the lowest value of all the other brid...

Page 126: ... select the RSTP folder The RSTP folder expands 4 From the RSTP folder select the RSTP Basic Port A partial view of the AT GS950 24 RSTP Basic Port Configuration Page is displayed See Figure 41 Figure 41 AT GS950 24 RSTP Basic Port Configuration Page This page displays the following information about the ports Port Indicates ports 1 through 24 on the AT GS950 24 switch Use the All row to apply the...

Page 127: ...rt for incoming BPDUs that indicate the port should return to the blocking state to prevent a loop Disabled This state is not strictly part of STP However a network administrator can manually disable a port Role Indicates one of the following port roles Disabled The Disabled Port role is assigned if the port is not operational or is excluded from the active topology by management or it is a networ...

Page 128: ... Apply for the port you are configuring 6 To configure all of the ports to the same settings in the All row configure one two or all of the following settings STP Status Priority and Port Cost 7 Click Apply 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Configure the Advanced RSTP Port Settings To configure the advanced RSTP po...

Page 129: ...n the blocking state by the Spanning Tree algorithm The port s state may change to the forwarding state if the other links in use fail and the Spanning Tree algorithm determines the port may transition to the forwarding state Listening This state occurs on a port during the convergence process The port in the listening state processes BPDUs and awaits new information that would cause the port to r...

Page 130: ...t a Root or a Designated Port is an Alternate Port if that Bridge is not the Designated Bridge for the attached LAN Admin OperEdge Indicates if a port is connected to an edge device in the network topology or not True The port is connected to an edge device and the port will always be in a forwarding state False The port is not connected to an edge device Admin OperPtoP Indicates if the port is co...

Page 131: ...ion Page This page is contains status information only and there are no parameters to configure The following information is displayed about the ports Port Indicates ports 1 through 24 on the AT GS950 24 switch Trunk The trunk of which the port is a member Link Status Whether the link on the port is up or down Designated Root The designated root bridge to which the switch s root port is actively c...

Page 132: ...Chapter 8 STP and RSTP 132 ...

Page 133: ...nd an overview and configuration guidelines for this feature in MSTP Overview on page 329 When you configure MSTP the information should be entered in order on the following web pages Multiple Spanning Tree Configuration on page 134 VLAN Mapping on page 137 Port Configuration on page 139 Port Settings on page 142 Topology Information on page 144 ...

Page 134: ...ng Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the MSTP folder The MSTP folder expands 4 From the MSTP folder select MSTP The Multiple Spanning Tree Configuration Page is displayed See Figure 44 on page 134 Figure 44 Multiple Spanning Tree Configuration Page The MSTP Configuration page allows you to configure the MSTP parameters as well as to view current se...

Page 135: ...er switches in the same MSTP region See Multiple Spanning Tree Regions on page 338 for more information Region Revision The parameter indicates the region s revision and must be identical to the regional names specified on other switches in the same MSTP region See Multiple Spanning Tree Regions on page 338 for more information Dynamic Path Cost Calculation This parameter is either True or False W...

Page 136: ... time it is retransmitted by the next bridge When the Hop Count value reaches zero the bridge drops the BPDU packet Its range is 6 40 hops Transmit Hold Count The Transmit Hold Count specifies the maximum number of BPDUs that the bridge can send per second Its range is 1 10 5 Once you have configured the parameters click Apply 6 From the main menu on the left side of the page select Save Configura...

Page 137: ...older expands 4 From the MSTP folder select MSTP VLAN Mapping The MSTP VLAN Mapping Page is displayed See Figure 45 Figure 45 MSTP VLAN Mapping Page Create VLAN Mapping to MST Instance 1 Enter the MSTP Instance ID You can enter any number of MSTP IDs up to the maximum MSTP ID See Multiple Spanning Tree Configuration on page 134 for more information 2 Enter an existing VLAN ID in the ADD VLAN field...

Page 138: ...AN Mapping to MST Instance on page 137 for more information Delete MST Instance 1 In the Action column of the table click on Delete for the MST Instance that want to delete The instance is deleted along with the mapped associations to the VLANs that are listed 2 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 139: ...6 AT GS950 24 MSTP Port Configuration Page You may choose a port and configure its MSTP parameters on this page The following information is displayed Port Indicates ports 1 through 24 on the AT GS950 24 switch Use the All row to apply the same settings for the Point to Point Status Edge Port MSTP Status Protocol Migration AutoEdge Status Restricted Role Restricted TCN fields to all the ports on y...

Page 140: ...with legacy 802 1D switches True The switch is able to inter operate with 802 1D BPDU packets False This switch can only operate with RSTP and MSTP packets Hello Time The Hello Time is frequency with which the root bridge sends out a BPDU See Hello Time and Bridge Protocol Data Units BPDU on page 118 for more information AutoEdge Status This parameter allows the switch to detect if the port functi...

Page 141: ...ess receive transmit TCN BPDU packets 5 Once you have configured the parameters click Apply in the Action column 6 If you choose to change the MSTP port configuration for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 142: ...this page The following information is displayed Port Indicates ports 1 through 24 on the AT GS950 24 switch Use the All row to apply the same settings for the Port State field to all the ports on your switch MSTP Instance ID Indicates the MSTP Instance that associated with this port Port State This parameter activates or deactivates the port Select one of the following choices from the pull down ...

Page 143: ...face User Guide 143 6 If you choose to change the MSTP port settings for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 144: ...Topology Information Page The following information displayed on this page shows the current status of MSTP for each port Port Indicates ports 1 through 24 on the AT GS950 24 switch Designated Root The designated root bridge to which the switch s root port is actively connected Root Priority This parameter specifies the priority used in determining the regional root for a particular MSTI For more ...

Page 145: ...nt and Edge Ports on page 118 for more information Role Indicates the port s role which may be Disabled Root Designated Backup or Alternate See the parameter definitions described for Role under Configure the Basic RSTP Port Settings on page 126 for more information Port State Indicates the ports spanning tree state which may be Blocking Listening Learning Forwarding Disabled See the parameter def...

Page 146: ...Chapter 9 Multiple Spanning Tree Protocol 146 ...

Page 147: ...view on page 148 Create a Port Trunk on page 151 Modify a Port Trunk on page 153 Disable a Port Trunk on page 155 Note For information about Link Aggregation Control Protocol LACP port trunking see Chapter 11 LACP Port Trunks on page 157 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the ...

Page 148: ...insufficient to handle the traffic load A static port trunk consists of two to eight ports on the switch that function as a single virtual link between the switch and another device A static port trunk improves performance by distributing the traffic across multiple ports between the devices and enhances reliability by reducing the reliance on a single physical link A static trunk is easy to confi...

Page 149: ...port trunks between Allied Telesis networking devices to ensure compatibility A static trunk can contain up to eight ports The ports of a static trunk must be of the same medium type They can be all twisted pair ports or all fiber optic ports but not a combination of the two The ports of a trunk can be either consecutive for example Ports 2 through 4 or nonconsecutive for example ports 3 5 and 7 B...

Page 150: ...trunk can be either untagged or untagged members of the same VLAN The switch selects a port in the trunk to handle broadcast packets and packets of unknown destination The switch makes this choice based on a hash algorithm depending upon the source and destination MAC addresses ...

Page 151: ...es prior to configuring the ports can create loops in your network topology Loops can result in broadcast storms which can severely limited the effective bandwidth of your network To create a port trunk perform the following procedure 1 Select the Bridge folder The Bridge folder expands 2 From the Bridge folder select the Trunk Config folder The Trunk Config folder expands 3 From the Trunk Config ...

Page 152: ...DU LACP Data Unit packets This setting enables the LACP feature for the trunk Passive The specific aggregator will not broadcast LACPDU packets but it will respond to them This setting disables the LACP feature for the trunk Manual Enables static port trunking and disables the LACP feature for the trunk Disable Disables the static port trunk and disables the LACP feature for the trunk 6 Click Appl...

Page 153: ...fig folder expands 4 From the Trunk Config folder select Trunking The Trunking Page is shown in Figure 50 on page 151 5 Click the status of the port trunk you want to modify and change the status to one of the following options Disable Disables the port trunk Active The aggregator will broadcast and respond to LACPDU LACP Data Unit packets This setting enables the LACP feature Passive The aggregat...

Page 154: ...Static Port Trunking 154 9 Configure the port trunk on the other switch with the same parameters 10 Connect the Ethernet cables between trunk ports on the AT GS950 24 switch and the trunk ports on the other switch ...

Page 155: ...nk perform the following procedure 1 Disconnect all of the Ethernet cables from the ports of the trunk 2 Select the Bridge folder The Bridge folder expands 3 From the Bridge folder select the Trunk Config folder The Trunk Config folder expands 4 From the Trunk Config folder select Trunking The Trunking Page is shown in Figure 50 on page 151 5 To disable a port trunk select Disable from the pull do...

Page 156: ...Chapter 10 Static Port Trunking 156 ...

Page 157: ...ctions System Priority on page 159 Port Priority Value on page 159 General Guidelines on page 161 Group Status on page 163 Port Priority Configuration on page 166 Note For information about port trunking see Chapter 10 Static Port Trunking on page 147 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the lef...

Page 158: ...is using ports 1 to 4 as the active ports and ports 5 and 6 as reserve If an active port loses its link the switch automatically activates one of the reserve ports to maintain maximum bandwidth of the trunk The main component of an LACP trunk is an aggregator which manages a group of ports on the switch On the AT GS950 24 the ports assigned to a trunk group are automatically assigned to an aggrega...

Page 159: ...rity to determine which ports are active and which are in the standby mode in situations where the number of ports in the aggregate trunk exceeds the highest allowed number of active ports This parameter is a value in a range of 1 to 255 based on the port number For instance the priority values for ports 2 and 11 are 002 and 011 respectively The lower the number the higher the priority Ports with ...

Page 160: ...ports and second the port must be receiving LACPDU packets from the other device A port functioning in the standby mode does not forward network traffic However it continues to send LACPDU packets If a port that is part of an aggregator does not receive LACPDU packets it functions as a normal Ethernet port and forwards network packets along with LACPDU packets Note You can adjust the value of a po...

Page 161: ...and a static trunk at the same time The ports of an aggregate trunk must be untagged members of the same VLAN Twisted pair ports must be set to Auto Negotiation or 1000 Mbps full duplex mode LACP trunking is not supported in half duplex mode 1000Base X fiber optic ports must be set to full duplex mode You can create an aggregate trunk of transceivers with 1000Base X fiber optic ports Only those po...

Page 162: ... s device a higher system LACP priority than your AT GS950 24 switch This can help avoid a conflict between the devices if some ports are placed in the standby mode when the devices create the trunk For background information refer to System Priority on page 159 LACPDU packets are transmitted as untagged packets ...

Page 163: ... The Bridge folder expands 2 From the Bridge folder select the Trunk Config folder The Trunk Config folder expands 3 From the Trunk Config folder select LACP Group Status The LACP Group Status Page is displayed See Figure 51 Figure 51 LACP Group Status Page Note Go to Create a Port Trunk on page 151 to directly change the parameters on this page ...

Page 164: ...Port Trunk on page 151 to configure Trunk ID 1 as Active with ports 3 4 and 5 The LACP Group Status Page is updated This configuration is shown in Figure 52 before the Ethernet cables are connected Figure 52 LACP Group Status Page with No Cables Connected 4 Physically connect the network cables between the switch and a second LACP device which is pre configure with an LACP activated trunk of three...

Page 165: ...24 Web Interface User Guide 165 Figure 53 LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a Link Up status ...

Page 166: ...isplayed See Figure 54 Figure 54 AT GS950 24 Port Priority Page The System Priority is a preassigned value that you cannot alter This value applies to the switch See System Priority on page 159 The System ID is a MAC address value assigned to the switch You cannot change this value 4 To set the port priority select a value from 0 to 255 in the Priority column for the port you want to alter For mor...

Page 167: ...cheduling Algorithm on page 177 Note Before mapping the QoS Priorities and the egress Queues you must disable the Jumbo frame parameter on each port See the Jumbo parameter definition in Displaying and Configuring Ports on page 47 on page 129 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of...

Page 168: ...w of traffic through a switch by having the switch ports give higher priority to some packets such as delay sensitive traffic over other packets This is referred to as prioritizing traffic The various aspects of CoS are Packet Priority next Egress Queue vs Packet Priority Mapping on page 169 Prioritizing Untagged Packets on page 170 Scheduling on page 170 Packet Priority CoS applies primarily to t...

Page 169: ...levels and the four egress queues of a switch port You can change these mappings For example you might decide that packets with a priority of 6 and 7 need to be handled by egress queue Q3 and packets with a priority of 2 and 3 should be handled in Q1 The result is shown in Table 4 Table 3 Default Mappings Priority Levels to Priority Queues IEEE 802 1p Priority Level Port Priority Queue 0 Q0 1 Q0 2...

Page 170: ...it should handle the packets in its four egress queues For example if all the queues contain packets should the packets in queue Q3 the highest priority queue be processed through the switch before moving on to the other queues or should it instead just do a few packets from each queue in a sequential fashion and if so how many This control mechanism is referred to as the scheduling algorithm Sche...

Page 171: ...AT GS950 24 Web Interface User Guide 171 never be transmitted from the switch because the algorithm might never have time to process the packets waiting in the lower priority queues ...

Page 172: ...mally the higher the queue s priority the more packets are transmitted in as the algorithm cycles through the queues in turn This method guarantees that every queue receives some attention from the port for transmitting packets Table 5 shows the WRR settings for the number of packets transmitted from each queue These values are permanent and you cannot be change these values Table 5 Example of Wei...

Page 173: ...eter definition in Display and Configure Ports on page 63 Note When Jumbo frames are enabled COS can not be enabled To configure CoS mapping perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select QoS The QoS folder expands 3 From the QoS folder select CoS The CoS Page is displayed See Figure 55 Figur...

Page 174: ...click on the Queue 0 1 2 or 3 radio button that applies to your configuration 5 After you have completed this mapping process select Enable in the QoS Status field 6 Click Apply 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 175: ...s perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select QoS The QoS folder expands 3 From the QoS folder select Port Priority A partial view of the AT GS950 24 Port Priority Page page is shown in Figure 56 Figure 56 AT GS950 24 Port Priority Page 4 For each port whose priority you want to change sel...

Page 176: ...he following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select QoS The QoS folder expands 3 From the QoS folder select DSCP The DSCP Class Mapping Page page is shown in Figure 57 Figure 57 DSCP Class Mapping Page 4 For each DSCP In value that is relevant to your configuration select a queue 0 3 in the Queue column 5 ...

Page 177: ...e 58 Figure 58 Scheduling Algorithm Page 4 In the Scheduling Algorithm list select the algorithm one of the following Strict Priority The port transmits all packets out of higher priority queues before transmitting any from the lower priority queues WRR Weighted RoundRobin The port transmits a set number of packets from each queue in a round robin fashion so that each has a chance to transmit traf...

Page 178: ...Chapter 12 Quality of Service CoS 178 ...

Page 179: ...l policies be sure to configure the QoS parameters The QoS entries may have a direct affect on each policy s behavior For more information see Chapter 12 Quality of Service CoS on page 167 Before a policy can be defined you need to specify certain ACL configuration information This information must be entered sequentially on the following web pages Classifier on page 180 Profile Action on page 185...

Page 180: ...g sections Create Classifier next Modify Classifier on page 182 Delete Classifier on page 183 Create Classifier To create a classifier perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Classifier The Create Classifier page is displayed in F...

Page 181: ...he Destination MAC Mask ranging from 1 48 VLAN ID A unique number identifying a VLAN ranging from 1 to 4000 802 1p Priority 802 1p priority level of the frame ranging from 0 to 7 Ether Type Indicates the protocol of the ethernet frame protocol ranging from 0000 to FFFF DSCP The DSCP Differentiated Services Code Point value in the IP header ranging from 0 63 Protocol Indicates the packet protocol r...

Page 182: ...y 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modify Classifier To modify the entries for a Classifier perform the following procedure Note You must enter a classifier before you can modify it See Create Classifier on page 180 for more information 1 From the main menu on the left side of the page select the Access Control Co...

Page 183: ...pply The modified classifier entry is displayed in the table at the bottom of the page of the Create Classifier page 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete Classifier To delete a classifier entry perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config fol...

Page 184: ...Delete button in the Action column You will be prompted with a message saying Do you want to delete classifier xxxx where xxxx is the classifier index 4 Click on the OK button The classifier entry is deleted from the classifier table 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 185: ... on page 189 and Create Out Profile Action on page 193 for more information You can create modify or delete a Profile Action by following the procedures in the following sections Create Profile Action next Modify Profile Action on page 186 Delete Profile Action on page 187 Create Profile Action To create a profile action perform the following procedure 1 From the main menu on the left side of the ...

Page 186: ...us table If you do not see you new entry you may need to navigate to another page of the table with the First Page Previous Page Next Page and Last Page buttons located below the table An example of a Profile Action table entry is displayed in Figure 63 Figure 63 Example of Profile Action Entry 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save...

Page 187: ...the bottom of the page of the Create Profile Action page 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete Profile Action To delete a profile action entry perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From ...

Page 188: ... Configuration 188 4 Click on the OK button The profile action entry is deleted from the profile action table 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 189: ...1 Delete In Profile Action on page 192 Create In Profile Action To create an in profile action perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select In Profile Action The Create In Profile Action page is displayed in Figure 65 Figure 65 Create ...

Page 190: ...o the specified Profile Action ID to be processed by the switch Note You must enter a selection for Deny Permit field even if the Profile Action ID that you have entered ignores both the Policed DSCP and Policed CoS fields 6 Click Add The In Profile Action entry is added to the status table If you do not see you new entry you may need to navigate to another page of the table with the First Page Pr...

Page 191: ...e In Profile Action page with a In Profile Action table entry is shown in Figure 66 on page 190 3 Select the table entry that you want to modify and click the modify link in the Action column The Modify In Profile Action page will be displayed See Figure 67 on page 191 Figure 67 Modify In Profile Action Page 4 Change the parameters as required Note See Create In Profile Action on page 189 for the ...

Page 192: ...ofile Action page with a In Profile Action table entry is shown in Figure 66 3 From the Create In Profile Action page identify which In Profile action table entry that want to delete and click the Delete button in the Action column You will be prompted with a message saying Do you want to delete In Profile Action xx where xx is the classifier index 4 Click on the OK button The In Profile action en...

Page 193: ...ofile Action To create a Out Profile Action perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Out Profile Action The Create Out Profile Action page is displayed in Figure 68 Figure 68 Create Out Profile Action Page 3 Enter a number in the O...

Page 194: ... the switch Note You must enter a selection for Deny Permit field even if the Profile Action ID that you have entered ignores both the Policed DSCP and Policed CoS fields 6 Click Add The Out Profile Action entry is added to the status table If the Page field located below the table displays a page number and you do not see your new entry then there are multiple pages of the table that you can navi...

Page 195: ...ut Profile Action page with a Out Profile Action table entry is shown in Figure 69 on page 194 3 Select the table entry that you want to modify and click the modify link in the Action column The Modify Out Profile Action page will be displayed See Figure 70 Figure 70 Modify Out Profile Action Page 4 Change the parameters as required Note See Create In Profile Action on page 189 for the definitions...

Page 196: ...ction page with a Out Profile Action table entry is shown in Figure 69 on page 194 3 From the Create Out Profile Action page identify which Out Profile action table entry that want to delete and click the Delete button in the Action column You will be prompted with a message saying Do you want to delete Out Profile Action xx where xx is the classifier index 4 Click on the OK button The Out Profile...

Page 197: ...page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List The Create Port List page is displayed in Figure 71 Figure 71 Create Port List Page 3 Enter a number in the Port List Index field The Index must be a unique number within the range of 1 65535 This field is mandatory Note The Port List Index is a required pa...

Page 198: ...nu on the left side of the page select Save Configuration to Flash to permanently save your changes Modify Port List To modify a Port List entry perform the following procedure Note Before you can modify an entry you must first enter a Port List see Create Port List on page 197 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folde...

Page 199: ...u on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List An example of the Create Port List page with a Port List table entry is shown in Figure 72 on page 198 3 From the Create Port List page identify which Port List table entry that want to delete and click the Delete button in the Act...

Page 200: ...e Action on page 193 for more information Port List Index See Create Port List on page 197 for more information You can create modify or delete a Policy by following the procedures in the following sections Create Policy next Modify Policy on page 202 Delete Policy on page 203 Create Policy To create an Policy perform the following procedure 1 From the main menu on the left side of the page select...

Page 201: ...ndatory and must match a In Profile Action Index that has been previously entered on the Create In Profile Action page See the In Profile Action table described in Create In Profile Action on page 189 for more information Out Profile Action Index The Out Profile Action Index is a unique number within the range of 1 65535 This field is mandatory and must match a Out Profile Action Index that has be...

Page 202: ...entry you must first enter a Policy see Create Policy on page 200 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Policy An example of the Create Policy page with a Policy table entry is shown in Figure 75 3 Select the table entry that you want to modify and click the m...

Page 203: ...olicy entry is displayed in the table at the bottom of the page of the Create Policy page 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete Policy To delete a Policy entry perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folde...

Page 204: ...icy page identify which Policy table entry that want to delete and click the Delete button in the Action column You will be prompted with a message saying Do you want to delete Policy xxxxx where xxxxx is the classifier index 4 Click on the OK button The Policy entry is deleted from the Policy table 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently...

Page 205: ...edure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Policy Sequence The Policy Sequence page is displayed in Figure 77 Figure 77 Policy Sequence Page 3 Select the switch port from the Select Port pull down menu that you want to view 4 Click either the Display by Index...

Page 206: ...Chapter 13 Access Control Configuration 206 ...

Page 207: ...h feature The following topics are discussed Overview on page 208 Configuration on page 210 Ingress Rate Limiting on page 212 Egress Rate Limiting on page 214 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 208: ...ilure The Destination Lookup Failure DLF setting is concerned with comparing the destination MAC address of a packet received by the switch to the forwarding database When the AT GS950 24 switch receives a packet it scans the forwarding database and looks for a match to the destination MAC address in the received packet If the MAC address is not present then the packet is flooded according to the ...

Page 209: ...s as follows Bandwidth 64Kbps x rate limit The rate limit parameter is an integer ranging from 1 to 15625 Egress Rate Limiting The Egress Rate Limiting feature restricts the traffic to a pre configured data rate that can flow out of a port This data rate limit can be configured in 64 Kbps increments within a range from 64 Kbps to 1000 Mbps The formula for calculating the bandwidth limit for the 10...

Page 210: ...A partial view of the AT GS950 24 Storm Control page is displayed See Figure 78 Figure 78 AT GS950 24 Storm Control Page 4 To enable or disable the DLF field select Enable or Disable from the DLF pull down menu next to the port that you want to change You can select the ALL row to set all of the ports to the same setting Note For more information about the Destination Lookup Failure DLF setting se...

Page 211: ... in Overview on page 208 9 Click Apply 10 To set the Threshold field use the pull down menu next to the port that you want to change Select Low Medium or High which correspond to the following values Low Specifies 450 to 550 packets per second Medium Specifies 880 to 1 000 packets per second High Specifies 2 200 to 2 500 packets per second 11 You can select the ALL row to set all of the ports to t...

Page 212: ...der select Ingress Rate Filtering A partial view of the AT GS950 24 Ingress Rate Limiting page is displayed See Figure 79 Figure 79 AT GS950 24 Ingress Rate Limiting Page 4 To set the Bandwidth field on the AT GS950 24 switch enter a number in the range of 1 15625 Note See Ingress Rate Limiting on page 209 for calculating the bandwidth limit set by the Bandwidth field You can select the ALL row to...

Page 213: ...AT GS950 24 Web Interface User Guide 213 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 214: ...ew of the AT GS950 24 Egress Rate Limiting page is displayed See Figure 80 Figure 80 AT GS950 24 Egress Rate Limiting Page To set the Bandwidth field enter a number in the range of 1 to 15625 You can select the ALL row to set all of the ports to the same setting Note See Egress Rate Limiting on page 209 for calculating the bandwidth limit set by the Bandwidth field 4 To enable or disable egress ra...

Page 215: ...sections Overview on page 216 Static Unicast MAC Address Configuration on page 218 Static Multicast Address Configuration on page 222 Modify Static Multicast Address on page 224 Delete Static Multicast Address on page 225 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 216: ...static MAC address by manually configuring the switch with the AT S109 Version 1 1 0 Management software There are two reasons to enter static MAC addresses You may want to enter end nodes the switch does not learn in its normal dynamic learning process Or you want a MAC address to remain permanently in the table even when the end node is inactive Static multicast addresses are a subset of the sta...

Page 217: ...AT GS950 24 Web Interface User Guide 217 allows the multicast stream to be forwarded immediately to those predefined ports entered in the MAC table without any configuration delays or loss of data ...

Page 218: ...er select Static Unicast The Static Unicast Address Table Page is displayed See Figure 81 Figure 81 AT GS950 24 Static Unicast Address Table Page Before continuing you must create an 802 1Q VLAN ID s or a Port Based VLAN Index s For information about defining these parameters go to Tagged VLAN Configuration on page 83 regarding the 802 1Q VLAN ID parameter Port Based VLAN Configuration on page 91 ...

Page 219: ...In the Group MAC Address field enter a unicast MAC address 5 Assign the MAC address a Port Member or members by selecting the check box beside each port number Note You can assign a maximum limit of 256 static unicast addresses on the switch 6 Click Add The Static Unicast Address Table is updated with the new MAC Address 7 From the main menu on the left side of the page select Save Configuration t...

Page 220: ... displayed See Figure 81 on page 218 3 Select Modify next to the static MAC address that you want to change The Modify Static Unicast Address Page is displayed not shown here 4 In the Group Member row select the check boxes for the ports that you want to include or remove in the Group Member area Selected ports are indicated with a check mark Note To restore the original group member ports click R...

Page 221: ...ct the Bridge folder 2 From the Bridge folder select Static Unicast The Static Unicast Address Table Page is displayed See Figure 81 on page 218 3 Select delete next to the static unicast address that you want to remove The static unicast address is removed from the Static Unicast Address Table Page 4 From the main menu on the left side of the page select Save Configuration to Flash to permanently...

Page 222: ...2 AT GS950 24 Static Multicast Address Table Page Before continuing you must create an 802 1Q VLAN ID s or a Port Based VLAN Index s For information about defining these parameters go to Tagged VLAN Configuration on page 83 regarding the 802 1Q VLAN ID parameter Port Based VLAN Configuration on page 91 regarding the Port Based VLAN Index parameter 3 Select either the 802 1Q VLAN ID or Port Based V...

Page 223: ...n assign a maximum limit of 256 static multicast addresses on the switch 6 Click Add The Static Multicast Address Table is updated with the new MAC Address Note The Group MAC Address values that you enter on the Static Multicast Address Table Page are also displayed on the IGMP Snooping Page For more information see IGMP Snooping Configuration on page 242 7 From the main menu on the left side of t...

Page 224: ...ge is displayed See Figure 82 on page 222 3 Select Modify next to the static MAC address that you want to change The Modify Static Multicast Address Page is displayed not shown 4 In the Group Member row select the check boxes for the ports that you want to include or remove in the Group Member area 5 Selected ports are indicated with a check mark Note To restore the original group member ports cli...

Page 225: ...the Bridge folder 1 From the Bridge folder select Static Multicast The Static Multicast Address Table Page is displayed See Figure 82 on page 222 2 Select delete next to the static multicast address that you want to remove The static multicast address is removed from the Static Multicast Address Table Page 3 From the main menu on the left side of the page select Save Configuration to Flash to perm...

Page 226: ...Chapter 15 MAC Address Table 226 ...

Page 227: ...228 Trusted Ports on page 228 Untrusted Ports on page 228 Unauthorized DHCP Servers on page 228 DHCP with Option 82 on page 229 General Guidelines on page 230 General Configuration on page 231 VLAN Setting on page 233 Trusted and Untrusted Port Configuration on page 235 Binding Database on page 236 Note To permanently save your new settings or any changes to the configuration file select Save Conf...

Page 228: ...ice relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enabled Untrusted Ports The Ethernet traffic on an untrusted port is inherently not trusted The ingress packets are consequently tested against specific criteria to determine if they can be forwarded through the switch or should be immediately discarded Untrusted ports are connected t...

Page 229: ...ng form a DHCP server and immediately drop them when they are detected The DHCP packets types that are not accepted are DHCPOFFER and DHCPACK However untrusted ports do accept both DHCP DISCOVER and DHCPREQUEST packets sent from DHCP clients This behavior allows DHCP clients to respond to a trusted DHCP server and not respond to a DHCP server that is untrusted DHCP with Option 82 You can configure...

Page 230: ...e relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enabled Untrusted ports are connected to DHCP clients and to traffic that originates outside of the local area network The VLANs to which the DHCP Snooping feature applies must be specified in the DHCP Snooping VLAN Setting configuration Any static IP addresses on the network must be ma...

Page 231: ...he AT GS950 24 switch Disabled This parameter de activates the DHCP Snooping feature on the AT GS950 24 switch 4 From the Pass Through Option 82 field select one of the following choices from the pull down menu Enable Allows an Option 82 packet to be passed through the AT GS950 24 switch without being altered Disable Blocks an Option 82 packet from passing through the AT GS950 24 switch 5 From the...

Page 232: ...ng Table to flash 7 Select an interval of time for the Database Update Interval field The range of this interval is 600 to 86400 seconds 8 From the DHCP Option 82 Insertion field select one of the following choices from the pull down menu Enable The AT S109 Version 1 1 0 Management software inserts the DHCP Option 82 information into the DHCP packets Disable The AT S109 Version 1 1 0 Management so...

Page 233: ...e DHCP Snooping folder expands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings page is displayed See Figure 84 Figure 84 DHCP Snooping VLAN Settings Page 3 In the VLAN ID field enter a VLAN ID that has been pre defined See Tagged VLAN Configuration on page 83 for information about configuring VLANs 4 Click Add The new VLAN ID entry is displayed in the table on the page 5 If ...

Page 234: ...n the left side of the page select DHCP Snooping The DHCP Snooping folder expands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings page is displayed See Figure 84 on page 233 3 To delete a specific VLAN ID that had already been entered in the table click on Delete in the Action column of the table The specific VLAN ID will be deleted from the table 4 From the main menu on the...

Page 235: ...es page is displayed See Figure 85 Figure 85 AT GS950 24 Trusted Interfaces Page 3 From the Trust column select one of the following choices from the pull down menu Disable This parameter defines the port as untrusted for the DHCP Snooping feature Enable This parameter defines the port as trusted for the DHCP Snooping feature 4 Click Apply for the port The port is now configured for you selection ...

Page 236: ... 24 switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network 1 From the main menu on the left side of the page select DHCP Snooping The DHCP Snooping folder expands 2 From the DHCP Snooping folder select Binding Database A partial view of the AT GS950 24 Binding Database page is displayed See Figure 86 Figure 86 AT GS...

Page 237: ...rmation MAC Address This parameter shows the host s MAC Address VLAN ID This parameter shows the host s VLAN ID of which the DHCP client is a member IP Address This parameter is the IP Address assigned by the DHCP server to the DHCP client Port This parameter is the port number where the DHCP client is connected Type This parameter indicates the following Learned The host IP Address is dynamically...

Page 238: ...Chapter 16 DHCP Snooping 238 ...

Page 239: ...es for working with IGMP Snooping in the web interface The following topics are discussed Overview on page 240 IGMP Snooping Configuration on page 242 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 240: ...o router ports where host nodes are located There are three versions of IGMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a member of a multicast group In version 1 it stops sending reports If a router does not receive a report from a host node after a predefined length of time referred to as a time out value it assumes tha...

Page 241: ...uch flooding of packets can negatively impact network performance The AT GS950 24 switch maintains a list of multicast groups through an adjustable time out value which controls how frequently it expects to see reports from end nodes that want to remain members of multicast groups and by processing leave requests Note By default IGMP snooping is disabled on the switch ...

Page 242: ... the page select the Bridge folder The Bridge folder expands 2 From the Bridge folder select IGMP Snooping The IGMP Snooping Page is displayed See Figure 87 Figure 87 IGMP Snooping Page 3 To enable or disable IGMP Snooping on the switch select Enable or Disable 4 To set the age out timer type the number of seconds you want the switch to wait before it purges an inactive dynamic MAC address The ran...

Page 243: ...des that are active members of multicast groups To set a static Multicast Group Address see Static Multicast Address Configuration on page 222 Figure 88 IGMP Snooping Page with MAC Address 7 To display ports that are members of the multicast group address click on the MAC address 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 244: ...Chapter 17 IGMP Snooping 244 ...

Page 245: ... chapter includes the following sections Port Access Control on page 246 RADIUS Client on page 251 Dial in User Local Authentication on page 254 Destination MAC Filter on page 257 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 246: ...ndividual from connecting a computer to a port or using an unattended workstation to access your network resources Only those users to whom you have assigned a user name and password are able to use the switch to access the network This feature can be used with one of two authentication methods The RADIUS authentication protocol requires that a remote RADIUS server is present on your network The R...

Page 247: ...S ID is optional Port Access Control This parameter enables or disables Port Access Control Select one of the following choices from the pull down menu Enable The Port Access Control feature is activated Disable The Port Access Control feature is de activated Authentication Method This parameter indicates the authentication method used by the switch Select one of the following choices RADIUS This ...

Page 248: ...rt to the 802 1X port based authenticator role Ports begin in the unauthorized state forwarding only EAPOL frames until a client has successfully logged on Forced Authorized Sets a port to Forced Authorized port control Ports that are set to the force authorized state transition to the authorized state without any authentication exchanges required The ports transmit and receive traffic normally wi...

Page 249: ...orward packets through the port without being authentication Enabled The Piggyback Mode is Enabled Disabled The Piggyback Mode is Disabled VLAN Assignment This parameter allows Enabled The VLAN Assignment is Enabled Disabled The VLAN Assignment is Disabled Secure VLAN This field is inactive Guest VLAN ID This parameter specifies the VLAN ID that is designated as a Guest VLAN The range is 0 to 4000...

Page 250: ...o 10 Re authentication Period Specifies the time interval for reauthentication of clients on an authenticator port The range is 1 to 65535 seconds Server Timeout Sets the length of time the switch waits for a response from the authentication server The range is 1 to 65535 seconds 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 251: ...from a network device to an authentication protocol server The AT S109 Version 1 1 0 Management software comes with RADIUS client software You can use the client software together with 802 1x port based access control To control which end users and end nodes can send packets through the switch you can configure the RADIUS client at Radius Client Configuration on page 252 General Guidelines The fol...

Page 252: ... refer to the RFC 2865 standard Radius Client Configuration To configure the RADIUS client perform the following procedure 1 From the main menu on the left side of the page select the Security folder The Security folder expands 2 From the Security folder select RADIUS The RADIUS Page is displayed See Figure 90 Figure 90 RADIUS Page 3 To enter the RADIUS server s IP address enter the address in the...

Page 253: ...AT GS950 24 Web Interface User Guide 253 7 Click Apply to save your changes 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 254: ...ame and password combinations are entered with an optional VLAN when they are defined Based on these entries the authentication process of a supplicant is done locally by the AT S109 Version 1 1 0 Management software using a standard EAPOL EAP over LAN transaction Dial in User Configuration The procedures in this section describe how to create delete and modify dial in users See the following proc...

Page 255: ... settings for a dial in user perform the following procedure 1 From the main menu on the left side of the page select the Security folder The Security folder expands 2 From the Security folder Dial in User The Dial in User page is displayed See Figure 91 3 In the list of dial in users highlight the user you want to modify The user s information is displayed in fields above 4 In the User Name or Pa...

Page 256: ...ty folder The Security folder expands 2 From the Security folder Dial in User The Dial in User page is displayed See Figure 91 on page 255 3 In the list of dial in users highlight the user you want to delete 4 Click Delete 5 To permanently save these settings in the configuration file select Save Configuration to Flash from the main menu to permanently save your changes ...

Page 257: ...t If the destination MAC address matches a MAC address set in the filter the software prevents the switch from forwarding it and drops the packet You may want to block access to a device within your organization For instance you may not want users on the Sales group switch to have access to a server on the Accounting group switch You can enter the MAC address of the Accounting server as a destinat...

Page 258: ...ently save your changes Delete Destination MAC Filter To delete a MAC address from the Destination MAC Filter perform the following procedure 1 From the main menu on the left side of the page select the Security folder The Security folder expands 2 From the Security folder select Destination MAC Filter The Destination MAC Filter Page is shown in Figure 92 on page 258 3 Select delete next to the MA...

Page 259: ... network that are also using the protocols and to store the information that is learned about other devices This chapter contains the following sections Overview on page 260 Global Configuration on page 261 Neighbors Information on page 264 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of t...

Page 260: ...protocol That is the information transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not solicit responses and received advertisements do not solicit acknowledgements LLDP cannot solicit any information from other devices LLDP operates over physical ports only For example it can be configured...

Page 261: ...rt States on page 263 Enable Disable LLDP To enable or disable the LLDP feature perform the following procedure 1 From the main menu on the left side of the page click the LLDP folder The LLDP folder expands 2 From the LLDP folder select LLDP Global Settings A partial view of the AT GS950 24 LLDP Global Settings Page is displayed See Figure 93 Figure 93 AT GS950 24 LLDP Global Settings Page ...

Page 262: ...nterval which is the interval between regular transmissions of LLDP advertisements The range is 1 10 seconds LLDP Reinit Delay Sets the reinitialization delay which is the number of seconds that must elapse after LLDP is disabled on a port before it can be reinitialized The range is 1 10 seconds LLDP TX Delay Sets the value of the transmission delay timer which is the minimum time interval between...

Page 263: ... Refer to the lower section of Figure 93 on page 261 for the LLDP port states 2 In the State column select one of the following states from a specific port s pull down menu Disabled LLDP is disabled on the port The port can not receive or transmit LLDP data packets Enabled LLDP is enabled on the port The port can receive and transmit LLDP data packets RxOnly LLDP is enabled on the port The port ca...

Page 264: ...nformation is received from them Port This parameter specifies the AT GS950 24 local port number where the LLDP information was received Chassis ID Subtype This parameter describes the Chassis ID subtype of the neighboring network device which is reporting the LLDP information Chassis ID This parameter is the neighboring device s chassis ID Port ID Subtype This parameter describes the Port ID subt...

Page 265: ...hapter contains the following sections SNMPv1 and SNMPv2c Overview on page 266 Trap Receiver Attributes on page 267 SNMPv1 v2 User and Group Names on page 269 SNMPv1 v2 Community Strings on page 271 SNMP Traps on page 273 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 266: ...e of querying status modifying existing configurations and loading new configurations via the agent in the managed equipment The NMS and agent communicate with each other using variables organized into pre defined hierarchies called Management Information Bases or MIBs To manage a switch using an SNMP application program you must do the following Activate SNMP management on your switch See User In...

Page 267: ...e traps to monitor activities on the switch Trap receivers are the typically SNMP management stations that you want to receive the traps sent by the switch You specify a trap receiver by its IP address which is assigned to a specific community string The community string name is included when the switch sends a trap The management station may use the community string as a verification of the trap ...

Page 268: ...imple Network Management Protocol SNMPv1 and v2c 268 Activate SNMP Interface The SNMP interface is activated by default If you want to de activate it or re activate it go to User Interface Configuration on page 43 ...

Page 269: ... who can use the string and what the string will allow a network management station to do on the switch The AT S109 Version 1 1 0 Management software does NOT provide any default community strings You must first define an SNMP User and Group Name on the SNMP User Group page and then define a Community Name on the SNMP Community Table page Create SNMP v1 v2 User and Group Names To create an SNMP Us...

Page 270: ... Modify SNMPv1 v2 User and Group Names If you need to modify an entry in the SNMP User Group page you must first delete the entry and then re enter it For information about how to delete an entry in this table see Delete SNMPv1 v2 User and Group Names For information about how to create a new entry in this table see Create SNMP v1 v2 User and Group Names on page 269 Delete SNMPv1 v2 User and Group...

Page 271: ...Strings 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Community Table The Community Table Page is displayed See Figure 96 Figure 96 Community Table Page 3 Enter a new Community Name Enter a name up to 31 characters in length 4 Enter a User Name View Policy that has been previously defined Note This name must be the sa...

Page 272: ...r and Group Names on page 269 Delete SNMPv1 v2 Community Strings Use the following procedure to delete a community name of an SNMP community in the Community Table 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Community Table The Community Table Page is shown in Figure 96 on page 271 3 To delete a Community Name click...

Page 273: ...anagement The Trap Management Page is displayed See Figure 97 Figure 97 Trap Management Page 3 Enter the Host IP Address for the management device that is to receive the SNMP traps The IP address must be in the xxx xxx xxx xxx format 4 Enter the SNMP Version v1 or v2c that is configured for the host management device 5 Enter a Community Name that you have previously defined in the SNMP Community t...

Page 274: ...p see SNMP Traps on page 273 Delete Trap Host Table Entry Use the following procedure to delete a Host table entry 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Trap Management 3 The Trap Management Page is displayed See Figure 97 on page 273 4 To delete an entry in the host table click Delete next to the entry in the...

Page 275: ...77 SNMPv3 Configuration Process on page 278 SNMPv3 User and Group Names on page 280 Create SNMPv3 User and Group Names on page 280 Modify SNMPv3 User and Group Names on page 281 Delete SNMPv3 User and Group Names on page 281 SNMPv3 View Names on page 282 Create SNMPv3 View Names on page 282 Modify SNMPv3 View Names on page 283 Delete SNMPv3 View Names on page 283 Note To permanently save your new ...

Page 276: ... the Management Information Bases MIB that a user can view In this way you restrict which MIBs a user can display and modify In addition you can restrict the types of messages or traps the user can send A trap is a type of SNMP message After you have created a user you define SNMPv3 message notification This consists of determining where messages are sent and what types of messages can be sent Thi...

Page 277: ... 1 0 Management software In SNMPv3 protocol terminology privacy is equivalent to encryption Currently the DES protocol is the only encryption protocol supported The DES privacy protocol requires the authentication protocol to be configured as either MD5 or SHA If you assign a DES privacy protocol to a user then you are also required to assign a privacy password If you choose to not assign a privac...

Page 278: ... mask is analogous to the relationship between an IP address and a subnet mask The switch uses the subnet mask to determine which portion of an IP address represents the network address and which portion represents the node address In a similar way the subtree mask further refines the subtree view and enables you to restrict a MIB view to a specific row of the OID MIB table You need a thorough und...

Page 279: ... User Name Note The Community Strings do not have a default value defined and are initially blank 5 Finally the traps can be defined on the Trap Management page based on the Community or User Name See Figure 99 for an illustration of how the user configuration tables are linked Figure 99 SNMP V3 Table Relationships ...

Page 280: ...User Group The SNMP User Group page is displayed See Figure 95 on page 269 Note There are no default User Names or Group Names defined for SNMPv3 3 Type a new User Name Enter a name up to 31 characters in length 4 Type a new Group Name Enter a name up to 31 characters in length 5 From the SNMP Version pull down menu select v3 The encryption check box becomes active 6 Check the encryption check box...

Page 281: ...o modify an entry in the SNMP User Group page you must first delete the entry and then re enter it For information about how to delete an entry in this table see Delete SNMPv3 User and Group Names on page 281 For information about how to create a new entry in this table see Create SNMPv3 User and Group Names on page 280 Delete SNMPv3 User and Group Names This procedure explains how to delete and e...

Page 282: ...ew Names on page 283 Create SNMPv3 View Names This procedure explains how to create SNMPv3 View Names 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Group Access Table The Group Access Table page is displayed See Figure 100 Figure 100 SNMP Group Access Table 3 Enter the Group Name Note This entry must be pre defined on...

Page 283: ...selection 9 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modify SNMPv3 View Names If you need to modify an entry in the SNMP Group Access page you must first delete the entry and then re enter it For information about how to delete an entry in this table see Delete SNMPv3 View Names on page 283 For information about how to crea...

Page 284: ...Chapter 21 Simple Network Management Protocol SNMPv3 284 4 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 285: ...g the procedures in the following sections Create View table entries Modify View table entries Delete View table entries Create SNMPv3 View Table Entries This procedure explains how to create entries in the SNMPv3 View Table 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select View Table The SNMP View Table page is displayed...

Page 286: ... then re enter it For information about how to delete an entry in this table see Delete SNMPv3 View Table Entries For information about how to create a new entry in this table see Create SNMPv3 View Table Entries on page 285 Delete SNMPv3 View Table Entries 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select View Table The ...

Page 287: ...AT GS950 24 Web Interface User Guide 287 SNMPv3 Traps The creation modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1 v2 See SNMP Traps on page 273 ...

Page 288: ...Chapter 21 Simple Network Management Protocol SNMPv3 288 ...

Page 289: ...Chapter 22 RMON This chapter contains the following sections Overview on page 290 Enable and Disable RMON on page 291 Port Statistics on page 292 Histories on page 293 Events on page 295 Alarms on page 297 ...

Page 290: ...is group is used to collect histories of port statistics to identify traffic trends or patterns For information about configuring a History group refer to Histories on page 293 Event group This group is used with alarms to define the actions of the switch when packet statistic thresholds are crossed For information about configuring an Event group refer to Events on page 295 Alarm group This group...

Page 291: ...h refer to Chapter 20 Simple Network Management Protocol SNMPv1 and v2c on page 265 or Chapter 21 Simple Network Management Protocol SNMPv3 on page 275 Perform the following procedure to activate RMON 1 From the main menu on the left side of the page click the RMON folder The RMON folder expands 2 From the RMON folder select Basic Settings The RMON Basic Settings Page is displayed See Figure 102 F...

Page 292: ...llowing fields are listed Index This parameter specifies the ID number of the new group The range is 1 to 65535 Port This parameter specifies the port where you want to monitor the statistical information of the Ethernet traffic Owner This parameter is used to identify the person who created an entry It is primarily intended for switches that are managed by more than one person and is an optional ...

Page 293: ...re Perform the following procedure to configure RMON history 1 From the main menu on the left side of the page click the RMON folder The RMON folder expands 2 From the RMON folder select History The History Control Configuration Page is displayed See Figure 104 Figure 104 History Control Configuration Page 3 The following fields are listed Index This parameter specifies the ID number of the new gr...

Page 294: ...s parameter is used to identify the person who created an entry It is primarily intended for switches that are managed by more than one person and is an optional field 4 Once you have configured the parameters click Add Your entry will appear in the table at the bottom of the page 5 If you want to configure additional RMON histories for other ports repeat steps 3 and 4 6 From the main menu on the ...

Page 295: ... RMON folder expands 2 From the RMON folder select Event The RMON Event Configuration Page is displayed See Figure 105 Figure 105 RMON Event Configuration Page 3 The following fields are listed Index This parameter specifies the ID number of the new group The range is 1 to 65535 Description This parameter specifies a text description of the event that you are configuring Type This parameter specif...

Page 296: ...s click Add Your entry will appear in the table at the bottom of the page 5 If you want to configure additional RMON events repeat steps 3 and 4 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 297: ...st have an RMON statistics group configured if it is to have an alarm When you create an alarm you specify the port to which it is to be assigned not by the port number but rather by the ID number of the port s statistics group As explained in Port Statistics on page 292 statistics groups are also used to remotely view port statistics in the RMON portion of the MIB tree RMON event An event specifi...

Page 298: ...ic There are two choices from the pull down menu DELTA value and ABSOLUTE value The DELTA setting compares a threshold against the difference between the current and previous values of the statistic while the ABSOLUTE setting compares a threshold against the current value of the statistic Rising Threshold This parameter specifies a specific value or threshold level of the monitored statistic When ...

Page 299: ...d is mandatory and must match an Event Index that you previously entered in Events on page 295 Owner This parameter is used to identify the person who created an entry It is primarily intended for switches that are managed by more than one person and is an optional field 4 Once you have configured the parameters click Apply Your entry will appear in the table at the bottom of the page 5 If you wan...

Page 300: ...Chapter 22 RMON 300 ...

Page 301: ... switch and its ports This chapter includes the following sections Overview on page 302 Traffic Comparison Statistics on page 303 Error Group Statistics on page 306 Historical Status Charts on page 308 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 302: ...n The Traffic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports You can select 12 statistic types and 12 colors for each port This chart is described in Traffic Comparison Statistics on page 303 Error Group The Error Group chart displays the discard and error counts for a specified port and is described in Error Group Statistics on page 306 Histo...

Page 303: ...of the ports You can select 12 statistic types and 12 colors for each port To display traffic comparison statistics perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select Traffic Comparison The Traffic Comparison Page opens as shown in Figure 107 Figure 107 Traffic Comparison Page ...

Page 304: ...st and multicast packets in packets per second Inbound Discards Pkts Measures the number of inbound discarded packets in packets per second Inbound Errors Pkts s Measures the number of inbound errors in packets per second Outbound Octets Bytes s Measures the rate of outbound octet bits in bytes per second Outbound Unicast Packets Pkts Measures the number of outbound unicast packets in packets per ...

Page 305: ...Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the traffic comparison graph select Draw 7 From the menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 306: ...play error group statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select Error Group The Error Group Chart Page is displayed in Figure 108 Figure 108 Error Group Chart Page 3 Select a port number from the pull down menu next to Port ...

Page 307: ...5 seconds 30 seconds 5 To select the color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the Error Group Chart select Draw 7 From the menu on the left side of the page select Save Configuration to Flash to permanently save your changes ...

Page 308: ...o display historical status charts statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select Historical Status The Historical Status Chart Page is displayed in Figure 109 Figure 109 Historical Status Chart Page 3 To view historical statistics click on the arrow next to Statistics and sele...

Page 309: ...per second Inbound Errors Pkts Measures the number of inbound errors in packets per second Outbound Octets Bytes Measures the number of outbound octet bits in bytes per second Outbound Unicast Packets Pkts Measures the number of outbound unicast packets in packets per second Outbound Non unicast Packets Pkts Measures the number of outbound non unicast such as broadcast and multicast packets packet...

Page 310: ...e color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the history group chart select Add 7 Click Draw 8 To draw the historical group chart select Draw 9 From the menu on the left side of the page select Save Configuration to Flash to permanently save your ...

Page 311: ... 313 Upgrade Firmware Image via TFTP on page 315 Download or Upload a Configuration File via HTTP on page 317 Download or Upload a Configuration File via TFTP on page 320 Note For information about how to obtain new releases of the AT S109 Version 1 1 0 Management software refer to Management Software Updates on page 17 Note To permanently save your new settings or any changes to the configuration...

Page 312: ...e theAT S109 Version 1 1 0 Management software or upload or download your configuration file Using a web browser via HTTP Using a TFTP server To perform one of these operations using HTTP you only need to have access to an Internet browser However to perform one of these operations using TFTP you must have access to an TFTP server In addition you can save a configuration file from your AT GS950 24...

Page 313: ...ress and subnet mask assigned either manually or via DHCP For instructions on how to set the IP address and subnet mask on a switch see Configuration of IP Address Subnet Mask and Gateway Address on page 26 To enable a DHCP client see DHCP Client Configuration on page 35 Caution Downloading a new version of management software onto the switch causes the device to reset Some network traffic may be ...

Page 314: ...necessary Firmware File Enter the path and the firmware file name or click the Browse button and select the file name 4 To begin the upgrade process on the switch click Apply The software begins to download onto the switch immediately This process takes a few minutes After the software download is complete the switch initializes the software and reboots You will lose your web browser connection to...

Page 315: ...to the new AT S109 Version 1 1 0 image file on the TFTP server Start the TFTP server software before you begin the download procedure Caution Downloading a new version of management software onto the switch causes the device to reset Some network traffic may be lost during the reset process This procedure assumes that you have already obtained the software and have stored it on the computer from w...

Page 316: ...ftware Image File Name The full name of the AT S109 Version 1 1 0 file including the file extension you are downloading Retry Count The number of times the firmware upgrade is retried The range is 1 20 4 To activate your changes on the switch click Apply The software immediately begins to download onto the switch This process takes a few minutes After the software download is complete the switch i...

Page 317: ...P address and subnet mask on a switch see Configuration of IP Address Subnet Mask and Gateway Address on page 26 To enable a DHCP client see DHCP Client Configuration on page 35 To download or upload an AT S109 Version 1 1 0 configuration file onto the switch using a web browser perform the following procedure 1 From the menu on the left side of the home page select the Tools folder The Tools fold...

Page 318: ...ly begins to upload to your PC Configuration File Download To download an AT S109 Version 1 1 0 configuration file onto the switch perform the following procedure 1 If you are downloading a configuration file to your switch from a PC click the Browse button under the Select File field and select the path and file name See Figure 112 on page 317 The path and file name will be displayed 2 Select the...

Page 319: ...0 Management software on the AT GS950 24 switch after the new configuration file is loaded If this is the case you can identify the new IP address by using the ATI Web Discovery Tool See DHCP and ATI Web Discovery Tool on page 34 for more information 3 The Results page will be displayed indicating that the file has been successfully downloaded See Figure 114 Figure 114 Result Page 4 Click on the R...

Page 320: ...he menu on the left side of the home page select the Tools folder The Tools folder expands 2 From the Tools folder select the Config File Upload Download folder The Config File Upload Download folder expands 3 From the Config File Upload Down folder select via TFTP The Configuration Upload Download via TFTP Page is displayed See Figure 115 Figure 115 Configuration Upload Download via TFTP Page 4 E...

Page 321: ...arameter 2 Select the Download button to download a configuration file onto the switch Caution If you are downloading a configuration file the file will be implemented immediately after download A short interruption in network service will be experienced while the new configuration file is loaded The Results page will be displayed indicating that the file has been successfully downloaded See Figur...

Page 322: ...Chapter 24 Management Software Updates 322 ...

Page 323: ...he same port are connected then this feature detects this condition and disables the port for a pre configured amount of time This chapter contains the following topics Configuration on page 324 Status on page 326 Note To permanently save your new settings or any changes to the configuration file select Save Configuration to Flash from the main menu on the left side of the page ...

Page 324: ...l view of the AT GS950 24 Loopback Detection Page is displayed See Figure 116 Figure 116 AT GS950 24 Loopback Detection Page 3 For the Loopback Detection State field a the top of the page select one of the following radio buttons Enabled This selection enables the Loopback Detection feature across the switch This state must be enabled for the individual port Loopback Detection State is effective D...

Page 325: ...arameters becomes active 6 In the table at the bottom of the page select one of the Loopback Detection State choices from the pull down menu Ignore This parameter indicates that the setting in the All row does not apply to the Loopback Detection State field In other words each port is set individually Enabled This selection enables the Loopback Detection feature for each port This state must be en...

Page 326: ...o Rx pairs connected Disabled This status indicates that the port does not have the Tx to Rx pairs connected The Disabled state will be reset to Normal after two conditions are both met The loopback condition does not exist anymore The specified Recovery Time has elapsed Note If the Recover Time is set to 0 the port recovery is disabled until it is manually reset It can be reset by re configuring ...

Page 327: ... Configuration to Flash from the main menu on the left side of the page To do these cable diagnostics perform the following procedure 1 From the main menu on the left side of the page click the Tools folder The Tools folder expands 2 From the Tools folder select Cable Diagnostics The Cable Diagnostics page is displayed See Figure 117 Figure 117 Cable Diagnostics Page 3 Select the Port number from ...

Page 328: ...ther pair within the cable Cable Fault Distance This parameter specifies the distance from the switch port to the cable fault Cable Length This parameter specifies the length of the cable connected to the switch port Note If length is displayed as N A it means the cable length is Not Available This is due to the port being unable to obtain cable length either because its link speed is 10M or 100M ...

Page 329: ...MSTI on page 332 General Guidelines on page 335 VLAN and MSTI Associations on page 336 Ports in Multiple MSTIs on page 337 Multiple Spanning Tree Regions on page 338 Associating VLANs to MSTIs on page 343 VLANs Across Different Regions on page 345 Summary of Guidelines on page 347 Note To configure the MSTP feature on the AT GS950 24 switch go to Multiple Spanning Tree Protocol on page 133 for mor...

Page 330: ... tagged ports which can handle traffic from multiple VLANs simultaneously The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resulting in reduced network performance Another approach is to use the Multiple Spanning Tree Protocol MSTP feature This spanning tree shares many of the same characteristics as RSTP in that it features...

Page 331: ...following concepts and guidelines Like STP and RSTP you must activate this MSTP protocol on a switch and then configure the protocol parameters Note The implementation of MSTP in the management software complies fully with the new IEEE 802 1s standard and should be interoperable with any other vendor s fully compliant 802 1s implementation ...

Page 332: ...er of VLANs but a VLAN can belong to only one MSTI at a time Resolving VLAN Fragmentation Following are several examples of how MSTP can be applied Figure 118 illustrates two AT GS950 24 switches each containing the two VLANs Sales and Production The ports of each VLAN on each switch are connected with a direct link using untagged ports If the switches were running STP or RSTP one of these two lin...

Page 333: ...n different MSTIs both links remain active enabling the VLANs to forward traffic over their respective direct link Figure 119 MSTP Example of Two Spanning Tree Instances Multiple VLANS Assigned to an MSTI A MSTI can contain more than one VLAN This is illustrated in Figure 120 on page 334 where there are two AT GS950 24 switches with four VLANs There are two MSTIs each containing two VLANs MSTI 1 c...

Page 334: ... the VLAN parts is made with tagged not untagged ports so that they can carry traffic from more than one virtual LAN Referring again to Figure 120 the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs between the two switches while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs ...

Page 335: ...TI at a time A switch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTI s This is possible because a port can be in different MSTP states for different MSTI s simultaneously For example a port can be in the MSTP blocking state for one MSTI and the forwarding state for another spanning tree instance For furt...

Page 336: ... of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to only one instance at a time but an instance can contain any number of VLANs ...

Page 337: ...o as generic parameters These are set just once on a port and apply to all the MSTI s where the port is a member One of these parameters is the external path cost which sets the operating cost of a port connected to a device outside its region A port even if it belongs to multiple MSTI s can have only one external path cost Another generic parameter designates a port as an edge port or a point to ...

Page 338: ...d to keep track of the revision level of a region s configuration For example you might use this value to maintain the number of times you revise a particular MSTP region It is important that each bridge in a region has the same region revision number However it is practically not important that you maintain this number The bridges of a particular region must also have the same VLANs The names of ...

Page 339: ...on the ports A port that receives a MSTP BPDU from another bridge with regional information different from its own is considered to be a boundary port and the bridge connected to the port as belonging to another region The same is true for any ports connected to bridges running the single instance spanning tree STP Those ports are also considered as part of another region ...

Page 340: ...bridge for an entire bridged network MSTI priority is used only to determine the regional root for a particular MSTI The range for this parameter is the same as the RSTP bridge priority from 0 to 61 440 in sixteen increments of 4 096 To set the parameter you select the increment that represents the desired MSTI priority value according to Table 8 MST Region Guidelines Following are several points ...

Page 341: ...gional root for locating loops in the instance MSTIs can share the same regional root or have different roots A regional root is determined by the MSTI Bridge Priority value and a bridge s MAC address The regional root of a MSTI must be in the same region as the MSTI ...

Page 342: ...n if it was assigned to an MSTI because only CIST is active outside of a region As mentioned earlier every MSTI must have a root bridge referred to as a regional root in order to locate loops that might exist within the instance CIST must also have a regional root However the CIST regional root communicates with the other MSTP regions and single instance spanning trees in the bridged network The C...

Page 343: ...d has been assigned to MSTI ID 10 and port 8 is a member of VLAN 3 assigned to MSTI ID 10 The BPDUs transmitted by port 8 to switch B indicate that the port is a member of both CIST 0 and MSTI 15 while the BPDUs from port 1 indicate the port is a member of the CIST 0 and MSTI 10 Figure 122 CIST and VLAN Guideline Example 1 At first glance it might appear that because both ports belong to CIST a lo...

Page 344: ...determining whether a loop exists The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0 Switch B would block port 3 to cancel the loop To avoid this issue always assign all VLANs on a switch including the Default VLAN to an MSTI This guarantees that all ports on the switch have an MSTI ID and helps to ensure that loop detection is base...

Page 345: ...a different region Port 7 in switch A is a boundary port It is an untagged member of the Accounting VLAN which has been associated with MSTI 4 Port 6 is a tagged and untagged member of two different VLANs both associated to MSTI 12 If both switches were a part of the same region there would be no problem because the ports reside in different spanning tree instances However in this example the swit...

Page 346: ... Software Engineering Project Management Hardware Engineering The two regions share three VLANs Accounting Sales and Presales You could group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 12 and in Region 2 you could group them into MSTI 16 After they are grouped you can connect the VLANs across the regions using a link of unt...

Page 347: ...and the forwarding state for another spanning tree instance A network can contain any number of regions and a region can contain any number of AT GS950 24 switches The AT GS950 24 switch can belong to only one region at a time A region can contain any number of VLANs All of the bridges in a region must have the same configuration name revision level VLANs and VLAN to MSTI associations An MSTI cann...

Page 348: ...Appendix A MSTP Overview 348 ...

Page 349: ...stem Description AT GS950 24 System Object ID 1 3 6 1 4 207 1 4 167 System Name none 0 15 characters System Location none 0 30 characters System Contact none 0 30 characters System IP Setup IP Address 192 168 1 1 IPv4 address in xxx xxx xxx xxx hex format except 127 0 0 1 Subnet Mask 255 255 255 0 IPv4 address in xxx xxx xxx xxx hex format except 127 0 0 1 Default Gateway Address 0 0 0 0 IPv4 addr...

Page 350: ... 10 Minutes 3 60 Minutes System System Time Clock Mode Local Time SNTP Local Time Date Setting YYYY MM DD 2009 1 1 Time Setting HH MM SS 1 00 00 SNTP Primary Server 0 0 0 0 IPv4 address in xxx xxx xxx xxx format SNTP Secondary Server 0 0 0 0 IPv4 address in xxx xxx xxx xxx format SNTP Poll Interval 1 Minute 1 60 Minutes Time Zone GMT 09 00 Osaka Sapporo Tokyo GMT 12 00 to GMT 13 00 Daylight Saving...

Page 351: ...uration Syslog Status Disabled Enabled Disabled Time Stamp Enabled Enabled Disabled Messages Buffered Size 50 1 200 Syslog Server IP 0 0 0 0 IPv4 address in xxx xxx xxx xxx format Facility local0 local0 local 7 Logging Level info 0 Emergency level 1 Alert level 2 Critical level 3 Error level 4 Debug level 5 Notification level 6 Informational level 7 Debug Physical Interface Table 9 AT S109 Version...

Page 352: ...ol Version RSTP STP Compatible RSTP Bridge Priority 0x8000 0x0000 0xF000 step 0x1000 Bridge Hello Time 2 seconds 1 10 seconds Bridge Maximum Age 20 seconds 6 40 seconds Bridge Forward Delay 15 seconds 4 30 seconds Port STP Status Disabled Enabled Disabled Port Priority 2 0 240 16 steps Port Path Cost 2 1 200 000 000 Admin OperEdge False True False Admin OperPtoP False True False Migration False Tr...

Page 353: ...Forward Delay 15 Seconds 4 30 Seconds Maximum Hop Count 20 6 40 Transient Hold Count 3 1 10 MSTP Instance ID none 1 31 Mapped VLAN none Path Cost 20000 1 200 000 000 Priority 128 0 240 16 steps PointToPoint Status Auto Auto ForceTrue ForceFalse Edge Port False True False MSTP Status Enable Enable Disable Protocol Migration False True False Table 9 AT S109 Version 1 1 0 Management Software Default ...

Page 354: ...32768 System ID MAC Address of AT GS950 24 switch Port Priority 0 0 255 Bridge Mirroring Mirroring Status Disabled Enabled Disabled Mirroring Port port 1 1 24 ports 1 8 ports Ingress Mirrored Port 24 ports ports 1 24 ports 1 8 ports Egress Mirrored Port 24 ports ports 1 24 ports 1 8 ports Bridge Loopback Detection State Disabled Enabled Disabled Interval 2 seconds 1 32767 seconds Recover Time 60 s...

Page 355: ...roup MAC Address none 01 00 5E 00 01 00 01 00 5E 7F FF FF Group Member 24 ports ports Static Multicast group number 256 entries shared with IGMP Snooping Bridge IGMP Snooping IGMP Snooping Status Disabled Enabled Disabled IGMP Snooping Age Out Timer 280 seconds 280 420 seconds Bridge Storm Control Storm Control DLF Disabled Enabled Disabled Storm Control Broadcast Control Status Disabled Enabled D...

Page 356: ...LAN or Port Based VLAN on any port Tagged VLAN ID none 2 4000 Tagged VLAN Name none 0 32 characters Tagged Management VLAN Enabled on DefaultVLAN Disabled on all other VLANs Always Enabled on Default VLAN Enabled Disabled on all other VLANs Port Based VLAN Index none 1 52 Port Based VLAN Name none 0 32 characters Port Based Port Not Member Group Member or Not Member for each port Port Settings PVI...

Page 357: ...47483630 milli seconds GarpLeaveAllTime 10000 milli seconds 40 2147483640 milli seconds Bridge QoS QoS Status Disabled Enabled Disabled Queue for Traffic Classes 0 0 3 Port Priority 0 0 7 DSCP Mapping Queue 0 0 3 Scheduling Algorithm Strict Priority Strict Priority Weighted RoundRobin SNMP View Table View Name ReadWrite Subtree OID 1 OID Mask 1 View Type included included excluded SNMP Group Acces...

Page 358: ...none Password none SNMP Community Table Community Name none User Name View Policy none SNMP Trap Management Trap Enabled Enabled Disabled Host IP Address 0 0 0 0 IPv4 address in xxx xxx xxx xxx format SNMP Version v1 v1 v2c v3NoAuthNoPriv v3AuthNoPriv v3AuthPriv Community Name User Name none Access Control Configuration Classifier Index none 1 65535 Source MAC Address none xx xx xx xx xx xx hex fo...

Page 359: ...dress in xxx xxx xxx xxx hex format Destination IP Mask Length none 1 32 Source Layer 4 Port none 1 65535 Destination Layer 4 Port none 1 65535 Profile Action Index none 1 72 Policed DSCP none 0 63 Policed CoS none 0 7 In Profile Action Index none 1 65535 In Profile Action Deny Permit Permit Permit Deny Out Profile Action Index none 1 65535 Out Profile Action Deny Permit Permit Permit Deny Out Pro...

Page 360: ...ndex none 1 65535 Policy Sequence none 1 64 RMON RMON Status Disable Disable Enable Statistics Index none 1 65535 Statistics Port none Statistics Owner none History Index none 1 65535 History Port none History Buckets Requested none 1 50 History Interval none 1 3600 seconds History Owner none Alarms Index none 1 65535 Alarms Interval none 1 to 2147483647 seconds Alarms Variable none Alarms Sample ...

Page 361: ... Trap Log and Trap Event Community none Event Owner none Voice VLAN Voice VLAN Disabled Enabled Disabled VLAN ID 1 Aging Time 1 Hour 1 120 Hours COS 0 0 7 Auto Detection Disabled Enabled Disabled User defined OUI Description none User defined OUI Telephone none xx xx xx xx xx xx hex format Security Port Access Control NAS ID Nas1 1 23 characters Port Access Control Disabled Disabled Enabled Table ...

Page 362: ... none Rule 1 Not support Multicast Mac address 01 xx xx xx xx xx 2 Not support VRRP Mac address 00 00 5E xx xx xx 3 First 4 bit must be zero 4 Address cannot be all zero 5 Cannot add CPU MAC 6 Up to 128 MAC Address entries DHCP Snooping General Setting DHCP Snooping Disabled Enabled Disabled General Setting Pass Through Option 82 Disabled Enabled Disabled General Setting Verify MAC Address Enabled...

Page 363: ...ng Database Port port 1 1 24 ports 1 8 ports Binding Database Type Dynamic Dynamic Static Binding Database Lease Time none 10 4 294 967 295 seconds LLDP LLDP Disabled Enabled Disabled Message TX Hold Multiplier 4 2 10 Message TX Interval 30 5 32768 LLDP Reinit Delay 2 1 10 LLDP TX Delay 2 1 8192 Global Settings Port State Enabled Enabled Disabled Statistics Chart Traffic Comparison Statistics Inbo...

Page 364: ...s Historical Status Port 1 port 1 24 Historical Status Color Green 12 colors Tools Firmware Upgrade via HTTP Firmware File none Firmware Upgrade via TFTP TFTP Server IP 0 0 0 0 IPv4 address in xxx xxx xxx xxx hex format except 127 0 0 1 Firmware Upgrade via TFTP Image File Name none 1 30 characters special characters are dependent on OS file name limitation Firmware Upgrade via TFTP Retry Count 5 ...

Page 365: ...limitation Cable Diagnostics Port 1 port 1 24 LED ECO Mode Disable Enable Disable Reboot Factory Default Reset Enable Enabled Disabled Reboot selection Normal Normal Factory Default Factory Default Except IP Ping Destination IP Address 0 0 0 0 IPv4 address in xxx xxx xxx xxx hex format Ping Timeout Value 3 seconds 1 5 seconds Ping Number of Ping Requests 10 1 10 times Table 9 AT S109 Version 1 1 0...

Page 366: ...Appendix A AT GS950 24 Default Parameters 366 ...

Reviews:

No comments

Related manuals for AT-GS950/24

Abus TVVR36500 User Manual preview
TVVR36500
Brand: Abus Pages: 60
ZyXEL Communications P-336M Specifications preview
P-336M
Brand: ZyXEL Communications Pages: 2
Vaisala TERMBOX-1200 User Manual preview
TERMBOX-1200
Brand: Vaisala Pages: 32
TRENDnet TEG-S51SFP Quick Installation Manual preview
TEG-S51SFP
Brand: TRENDnet Pages: 10
Billion BiPAC 7301VGP User Manual preview
BiPAC 7301VGP
Brand: Billion Pages: 120
Swann NVRx-7300 series Quick Start Manual preview
NVRx-7300 series
Brand: Swann Pages: 9
Dahua Technology NVR2104/2108HS-W-4KS2 1U User Manual preview
NVR2104/2108HS-W-4KS2 1U
Brand: Dahua Technology Pages: 363
MICRADIGITAL F5D7630uk4A-E Speci?Cations preview
F5D7630uk4A-E
Brand: MICRADIGITAL Pages: 2
Thecus N2520 series User Manual preview
N2520 series
Brand: Thecus Pages: 130
InHand IR615-S Series User Manual preview
IR615-S Series
Brand: InHand Pages: 69
EMC VNX5300 Block Hardware Information Manual preview
VNX5300 Block
Brand: EMC Pages: 88
ZyXEL Communications Prestige 643 User Manual preview
Prestige 643
Brand: ZyXEL Communications Pages: 191
Ubiquiti airCube Configuring And Installing preview
airCube
Brand: Ubiquiti Pages: 2
Digital Watchdog Compressor DW-CP04 User Manual preview
Compressor DW-CP04
Brand: Digital Watchdog Pages: 73
IEI Technology PUZZLE-5030 User Manual preview
PUZZLE-5030
Brand: IEI Technology Pages: 119
TDT VR2020 Series Initial Start-Up Manual preview
VR2020 Series
Brand: TDT Pages: 8
KTI Networks KGS-2421 Installation Manual preview
KGS-2421
Brand: KTI Networks Pages: 25
Magma ExpressBox4 1U Quick Installation Manual preview
ExpressBox4 1U
Brand: Magma Pages: 2

Brands by name

Popular brands

Load more brands