manualshive.com logo in svg

AMX NXA-ENET8-POE+, Instruction Manual, Page: 167 / 283

Share
Download
AMX NXA-ENET8-POE+ Instruction Manual Download Page 167

Security Measures

167

 Instruction Manual - NXA-ENET8-POE+

ARP Inspection

ARP Inspection is a security feature that validates the MAC Address bindings for Address Resolution Protocol packets. It provides 

protection against ARP traffic with invalid MAC-to-IP address bindings, which forms the basis for certain "man-in-the-middle" 

attacks. This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local 

ARP cache is updated or the packet is forwarded to the appropriate destination. Invalid ARP packets are dropped.
ARP Inspection determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database - 

the DHCP snooping binding database (see the 

DHCP Snooping Global Configuration

section on page 178 for more information). 

This database is built by DHCP snooping if it is enabled on globally on the switch and on the required VLANs. ARP Inspection can 

also validate ARP packets against user- configured ARP access control lists (ACLs) for hosts with statically configured addresses 

(see the 

Configuring an ARP ACL

section on page 164).

Command Usage

Enabling & Disabling ARP Inspection



ARP Inspection is controlled on a global and VLAN basis.



By default, ARP Inspection is disabled both globally and on all VLANs.



If ARP Inspection is globally enabled, then it becomes active only on the VLANs where it has been enabled.



When ARP Inspection is enabled globally, all ARP request and reply packets on inspection-enabled VLANs are redirected 

to the CPU and their switching behavior handled by the ARP Inspection engine.



If ARP Inspection is disabled globally, then it becomes inactive for all VLANs, including those where inspection is 

enabled.



When ARP Inspection is disabled, all ARP request and reply packets will bypass the ARP Inspection engine and their 

switching behavior will match that of all other packets.



Disabling and then re-enabling global ARP Inspection will not affect the ARP Inspection configuration of any VLANs.



When ARP Inspection is disabled globally, it is still possible to configure ARP Inspection for individual VLANs. These 

configuration changes will only become active after ARP Inspection is enabled globally again.



The ARP Inspection engine in the current firmware version does not support ARP Inspection on trunk ports.

Configuring Global Settings for ARP Inspection

Use the Security > ARP Inspection (Configure General) page to enable ARP inspection globally for the switch, to validate address 

information in each packet, and configure logging.

Command Usage

ARP Inspection Validation



By default, ARP Inspection Validation is disabled.



Specifying at least one of the following validations enables ARP Inspection Validation globally. Any combination of the 

following checks can be active concurrently.



Destination MAC - Checks the destination MAC address in the Ethernet header against the target MAC address in the 

ARP body. This check is performed for ARP responses. When enabled, packets with different MAC addresses are 

classified as invalid and are dropped.



IP - Checks the ARP body for invalid and unexpected IP addresses. These addresses include 0.0.0.0, 255.255.255.255, 

and all IP multicast addresses. Sender IP addresses are checked in all ARP requests and responses, while target IP 

addresses are checked only in ARP responses.



Source MAC - Checks the source MAC address in the Ethernet header against the sender MAC address in the ARP body. 

This check is performed on both ARP requests and responses. When enabled, packets with different MAC addresses are 

classified as invalid and are dropped.

ARP Inspection Logging



By default, logging is active for ARP Inspection, and cannot be disabled.



The administrator can configure the log facility rate.



When the switch drops a packet, it places an entry in the log buffer, then generates a system message on a rate-controlled 

basis. After the system message is generated, the entry is cleared from the log buffer.



Each log entry contains flow information, such as the receiving VLAN, the port number, the source and destination IP 

addresses, and the source and destination MAC addresses.



If multiple, identical invalid ARP packets are received consecutively on the same VLAN, then the logging facility will only 

generate one entry in the log buffer and one corresponding system message.



If the log buffer is full, the oldest entry will be replaced with the newest entry.

Summary of Contents for NXA-ENET8-POE+

Page 1: ...INSTRUCTION MANUAL NXA ENET8 POE GIGABIT POE ETHERNET SWITCH...

Page 2: ...ience receptacles and the point where they exit from the apparatus 11 ONLY USE attachments accessories specified by the manufacturer 12 USE ONLY with a cart stand tripod bracket or table specified by...

Page 3: ...s device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference rec...

Page 4: ...CHINA COMPLIANCE INFORMATION This appliance is labeled in accordance with European Directive 2012 19 EU concerning waste of electrical and electronic equipment WEEE This label indicates that this pro...

Page 5: ...Port Configuration 18 Port Mirroring 18 Port Trunking 18 Congestion Control 18 Address Table 18 IP Version 4 and 6 18 IEEE 802 1D Bridge 18 Store and Forward Switching 18 Spanning Tree Algorithm 18 V...

Page 6: ...ack Package and Check Contents 23 Install the Chassis 23 Connect AC Power to Power On 24 Verify Switch Operation 24 Make Initial Configuration Changes 24 Through an RJ 45 Port 24 Through the Console P...

Page 7: ...onfiguration Options 38 Panel Display 38 Basic Management Tasks 39 Overview 39 System Information 39 Hardware Software Versions 40 System Capabilities 40 Configuring Support for Jumbo Frames 41 Usage...

Page 8: ...d Usage 66 Displaying Transceiver Data 69 Configuring Transceiver Thresholds 69 Trunk Configuration 71 Command Usage 71 Configuring a Static Trunk 71 Command Usage 71 Configuring a Dynamic Trunk 73 Co...

Page 9: ...Changing the Aging Time 98 Displaying the Dynamic Address Table 98 Clearing the Dynamic Address Table 99 Issuing MAC Address Traps 100 Spanning Tree Algorithm 101 Overview 101 Configuring Loopback Det...

Page 10: ...view 131 Configuring VoIP Traffic 131 Command Usage 131 Configuring Telephony OUI 132 Configuring VoIP Traffic Ports 133 Command Usage 133 Security Measures 134 AAA Authentication Authorization and Ac...

Page 11: ...ring a MAC ACL 163 Configuring an ARP ACL 164 Binding a Port to an Access Control List 165 Showing ACL Hardware Counters 166 ARP Inspection 167 Command Usage 167 Configuring Global Settings for ARP In...

Page 12: ...scovery Protocol 190 Setting LLDP Timing Attributes 190 Configuring LLDP Interface Attributes 191 Configuring LLDP Interface Civic Address 194 Command Usage 194 Displaying LLDP Local Device Informatio...

Page 13: ...Specifying Static Interfaces for a Multicast Router 236 Command Usage 236 Assigning Interfaces to Multicast Services 238 Command Usage 238 Setting IGMP Snooping Status per Interface 239 Command Usage...

Page 14: ...Usage 259 Displaying the DNS Cache 260 Command Usage 260 Dynamic Host Configuration Protocol 260 Specifying a DHCP Client Identifier 260 Command Usage 260 Configuring DHCP Relay Service 261 Command Us...

Page 15: ...Support 278 Class of Service 278 Quality of Service 278 Multicast Filtering 278 IP Routing 278 Additional Features 278 Management Features 279 In Band Management 279 Out of Band Management 279 Softwa...

Page 16: ...For more information see the Connecting to Twisted Pair Copper Ports section on page 30 Port Status LEDs For information on port status LED indicators see the Understanding the Port Status LEDs secti...

Page 17: ...s NXA ENET8 POE Hardware Specifications Ports 8 1000BASE T RJ 45 ports with Auto negotiation 2 Gigabit SFP transceiver slots Network Interface Ports 1 8 RJ 45 connector auto MDI X Ports 9 10 Gigabit S...

Page 18: ...per system DHCP DHCPv6 Client Relay Relay Option 82 Port Configuration Speed duplex mode and flow control Port Mirroring 3 sessions one or more source ports to an analysis port Port Trunking Supports...

Page 19: ...specific ports or use auto negotiation to detect the connection settings used by the attached device Use full duplex mode on ports whenever possible to double the throughput of switch connections Flow...

Page 20: ...node changes moves by remotely configuring VLAN membership for any port rather than having to manually change the network connection Provide data security by restricting all traffic to the originating...

Page 21: ...fault_Config cfg To reset the switch defaults this file should be set as the startup configuration file The following table lists some of the basic system defaults NXA ENET8 POE System Defaults Functi...

Page 22: ...QinQ Tunneling Disabled Traffic Prioritization Ingress Port Priority 0 Queue Mode WRR Queue Weight Queue 0 1 2 3 4 5 6 7 Weight 1 2 4 6 8 10 12 14 Class of Service Enabled IP DSCP Priority Disabled IP...

Page 23: ...sks Follow these tasks to install the switch in your network For full details on each task go to the relevant chapter or section by clicking on the link CAUTION Before installing your switch first rev...

Page 24: ...the System Status LEDs section on page 34 for more information Make Initial Configuration Changes At this point you may need to make a few basic switch configuration changes before connecting to the n...

Page 25: ...29 for more information 1 10 100 1000BASE T RJ 45 Port 2 Twisted pair Cable with RJ 45 Plug Switch Chassis The switch is designed to be installed in a standard 19 inch equipment rack General Installat...

Page 26: ...o not completely fill the rack or cabinet with equipment allow some unused space within the enclosure for better airflow How to Install the Switch in a Rack When rack mounting the switch pay particula...

Page 27: ...nto the rack so that it is aligned with the marked holes 4 The second person should secure the switch in the rack using four rack mounting screws not provided 5 If installing a single switch only go t...

Page 28: ...4 Attach a 6 AWG stranded copper wire to the grounding terminal on the switch The switch chassis is connected internally to 0 V This circuit is connected to the single hole grounding terminal on the r...

Page 29: ...arate piece of equipment Display a copy of your equipment map including meanings of all abbreviations at each equipment rack Understanding the Port Status LEDs The switch includes LED indicators for e...

Page 30: ...twork device PCs servers switches routers or hubs The connection requires an unshielded twisted pair UTP or shielded twisted pair STP cable with RJ 45 connectors at both ends Copper Cabling Guidelines...

Page 31: ...X MDI and MDI X Port Pinouts Pin MDI Signal Name MDI X Signal Name 1 Transmit Data plus TD 52V power Negative Vport Receive Data plus RD GND Positive Vport 2 Transmit Data minus TD 52V power Negative...

Page 32: ...n to indicate that the connection is valid Connecting to SFP Fiber Optic Ports The switch provides four slots for SFP compliant fiber optic transceivers Note that all 1000BASE fiber optic ports operat...

Page 33: ...e fiber terminators are clean You can clean the cable plugs by wiping them gently with a clean tissue or cotton ball moistened with a small amount of ethanol Dirty fiber terminators on fiber optic cab...

Page 34: ...Port The RJ 45 Console port on the front panel of the switch is used to connect a console device to the switch for out of band console configuration The console device can be a PC or workstation runni...

Page 35: ...est The switch also offers a user friendly web based management interface for the configuration of all the unit s features You can make initial configuration changes by connecting a PC directly to one...

Page 36: ...s Any unsaved changes in the currently running configuration will be lost and the only the saved settings in the startup configuration file will be used when the switch reboots Resetting to the Factor...

Page 37: ...ange the settings on any page NOTE If the path between your management station and this switch does not pass through any device that uses the Spanning Tree Algorithm then you can set the switch port a...

Page 38: ...sure to click on the Apply button to confirm the new setting The following table summarizes the web page configuration buttons Panel Display The web agent displays an image of the switch s ports The...

Page 39: ...rd Sets thresholds in terms of CPU usage time and number of packets processed per second Displaying Memory Utilization Shows memory utilization parameters Resetting the System Restarts the switch imme...

Page 40: ...me Configures support for jumbo frames The default setting is disabled Bridge Extension Extended Multicast Filtering Services This switch does not support the filtering of individual multicast address...

Page 41: ...support Multicast Filtering Traffic Classes and Virtual LANs You can access these extensions to display default settings for the key variables The following table displays the options on this page FI...

Page 42: ...flash memory space NOTE The file Factory_Default_Config cfg can be copied to a file server or management station but cannot be used as the destination file name on the switch Perform these steps to c...

Page 43: ...user defined configuration files is limited only by available flash memory space Perform these steps to save the running configuration file 1 Click System File 2 Select Copy from the Action list 3 Sel...

Page 44: ...n file to be used at startup 4 Click Apply To start using the new firmware or configuration settings reboot the system via the System Reset menu Showing System Files Use the System File Show page to s...

Page 45: ...gh ECS2100 series bix was requested However keep in mind that the file systems of many operating systems such as Unix and most Unix like systems FreeBSD NetBSD OpenBSD and most Linux distributions etc...

Page 46: ...ortions of the URL a colon must precede the password and an at symbol must follow the password If the password is omitted then an empty string is the assumed password for the connection host Defines t...

Page 47: ...from a time server SNTP or NTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries You can also manually set the clock If the clock...

Page 48: ...will query the specified time servers The following table displays the options on this page Perform these steps to set the polling interval for SNTP 1 Click System Time 2 Select Configure General fro...

Page 49: ...fy the IP address for up to three SNTP time servers The following table displays the options on this page System Time Options Current Time Shows the current time set on the switch Authentication Statu...

Page 50: ...Time 2 Select Configure Time Server from the Step list 3 Select Show NTP Server from the Action list FIG 35 Specifying SNTP Time Server System Time Options NTP Server IP Address Adds the IPv4 or IPv6...

Page 51: ...tication keys 1 Click System Time 2 Select Configure Time Server from the Step list 3 Select Show NTP Authentication Key from the Action list System Time Options Authentication Key Specifies the numbe...

Page 52: ...Summer Time Use the Summer Time page to set the system clock forward during the summer months also known as daylight savings time In some countries or regions clocks are adjusted through the summer mo...

Page 53: ...our local time when summer time is in effect select the predefined summer time zone appropriate for your location Date Mode Sets the start end and offset times of summer time for the switch on a one t...

Page 54: ...e timeout interval the connection is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input...

Page 55: ...as required 4 Click Apply System Time Options Telnet Status Enables or disables Telnet access to the switch Default Enabled TCP Port Sets the TCP port number for Telnet on the switch Range 1 65535 Def...

Page 56: ...n the buffer until usage time falls below the low watermark Range 40 100 Default 90 Low Watermark If packet flow has been stopped after exceeding the high watermark normal flow will be restored after...

Page 57: ...Utilization Use the System Memory Status page to display memory utilization parameters The following table displays the options on this page To display memory utilization click System then Memory Sta...

Page 58: ...r to system time may need to be refreshed to display the current settings Cancel Cancels the current settings shown in this field System Reload Configuration Reset Mode Restarts the switch immediately...

Page 59: ...ick System Reset 2 Select the required reset mode 3 For any option other than to reset immediately fill in the required parameters 4 Click Apply 5 When prompted confirm that you want reset the switch...

Page 60: ...Basic Management Tasks 60 Instruction Manual NXA ENET8 POE FIG 50 Restarting the Switch Regularly...

Page 61: ...mode or flow control under auto negotiation the required operation modes must be specified in the capabilities list for an interface The 1000BASE T standard does not support forced mode Auto negotiat...

Page 62: ...d refer to the Configuring by Port List section on page 61 for more information on command usage and a description of the options on the page Perform these steps to configure port connection parameter...

Page 63: ...Shows if the port is enabled or disabled Oper Status Indicates if the link is Up or Down Shutdown Reason Shows the reason this interface has been shut down if applicable Some of the reasons for shutti...

Page 64: ...onized data packets FCS Errors A count of frames received on a particular interface that are an integral number of octets in length but do not pass the FCS check This count does not include frames rec...

Page 65: ...8 Byte Packets 1519 1536 Byte Packets The total number of packets including bad packets received and transmitted where the number of octets fall within the specified range excluding framing bits but i...

Page 66: ...Trunk Statistics section on page 63 To configure statistical history sampling use the Displaying Statistical History section on page 66 The following table lists the options on this page FIG 55 Showin...

Page 67: ...entries for a history sample 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show from the Action menu 3 Select an interface from the Port or Trunk list Mode Status Shows the...

Page 68: ...s or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options for Mode 4 Select an interface from the Port or Trunk list 5 Select an sampling entry...

Page 69: ...r and received optical power The switch can display diagnostic information for SFP modules which support the SFF 8472 Specification for Diagnostic Monitoring Interface for Optical Transceivers This in...

Page 70: ...B of the measured power referenced to one milliwatt mW Threshold values for alarm and warning messages can be configured as described below A high threshold alarm or warning message is sent if the cur...

Page 71: ...nnections between devices use the web interface or CLI to specify the trunk on the devices at both ends When using a trunk take note of the following points Finish configuring trunks before you connec...

Page 72: ...5 Set the unit and port for an additional trunk member 6 Click Apply Perform these steps to configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure Genera...

Page 73: ...ACP port admin key matches and 3 the LAG admin key matches if configured However if the LAG admin key is set then the port admin key must be set to the same value for a port to be allowed to join that...

Page 74: ...General Port Port identifier Range 1 10 26 28 52 LACP Status Enables or disables LACP on a port Configure Aggregation Port Actor Partner Port Port number Range 1 10 28 Admin Key The LACP administrati...

Page 75: ...namic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click General 5 Enable LACP on the required ports 6 Click Apply Perform these steps to configure...

Page 76: ...Dynamic Configure Aggregation Port Show Information Counters page to display statistics for LACP protocol messages The following table lists the options on this page FIG 71 Showing Members of a Dynam...

Page 77: ...e Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational...

Page 78: ...Device Configuration Information Partner Admin System ID LAG partner s system ID assigned by the user Partner Oper System ID LAG partner s system ID assigned by the LACP protocol Partner Admin Port N...

Page 79: ...dress is the same for all traffic Source and Destination IP Address All traffic with the same source and destination IP address is output on the same link in a trunk This mode works best for switch to...

Page 80: ...e MAC interface is also powered down to save additional energy If energy is detected the switch immediately turns on both the transmitter and receiver functions and powers up the MAC interface Power s...

Page 81: ...the monitor port The destination port cannot be a trunk or trunk member port Note that Spanning Tree BPDU packets are not mirrored to the target port The following table lists the options on this page...

Page 82: ...session the switch s role Destination the destination port1 whether or not the traffic exiting this port will be tagged or untagged and the RSPAN VLAN Then specify each uplink port where the mirrored...

Page 83: ...d must first be reserved for the RSPAN application using the VLAN Static page see page 142 Uplink Port A port on any switch participating in RSPAN through which mirrored traffic is passed on to or rec...

Page 84: ...rts where security is less likely to be compromised Enabling Traffic Segmentation Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation The following table lists...

Page 85: ...o communicate with any other ports If a downlink port is not configured for the session the assigned uplink ports will operate as normal ports The following table lists the options on this page Perfor...

Page 86: ...ENET8 POE Perform these steps to show the members of the traffic segmentation group 1 Click Interface Traffic Segmentation 2 Select Configure Session from the Step list 3 Select Show from the Action...

Page 87: ...094 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in m...

Page 88: ...ed frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first decides where to forward the frame a...

Page 89: ...table lists the options on this page FIG 90 Modifying Settings for Static VLANs FIG 91 Showing Static VLANs VLAN Static Options VLAN ID of configured VLAN 1 4094 Interface Displays a list of ports or...

Page 90: ...does not affect VLAN independent BPDU frames such as GVRP or STP However they do affect VLAN dependent BPDU frames such as GMRP Membership Type Select VLAN membership for each interface by marking th...

Page 91: ...rface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port or Trunk 4 Enter an interface range 5 Modify the VLAN parameter...

Page 92: ...IP subnet based or protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last Configuring Protocol VLAN Groups Use the VLAN Protocol Configure...

Page 93: ...ype matches the frame is forwarded to the appropriate VLAN If the frame is untagged but the protocol type does not match the frame is forwarded to the default VLAN for this interface The following tab...

Page 94: ...et based or protocol based VLANs are supported concurrently priority is applied in this sequence and then port based VLANs last The following table lists the options on this page FIG 98 Showing the In...

Page 95: ...k to indicate a range of addresses if required 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a value to assign to untagged frames in the P...

Page 96: ...static address table see the Setting Static Addresses section on page 97 will be accepted as authorized to access the network through that interface Dynamic addresses stored in the address table when...

Page 97: ...able The following table lists the options on this page Perform these steps to configure a static MAC address 1 Click MAC Address Static 2 Select Add from the Action list 3 Specify the VLAN the port o...

Page 98: ...entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic...

Page 99: ...the options on this page Perform these steps to clear the entries in the dynamic address table 1 Click MAC Address Dynamic 2 Select Clear Dynamic MAC from the Action list 3 Select the method by which...

Page 100: ...s MAC Notification 2 Select Configure Interface from the Step list 3 Enable MAC notification traps for the required ports 4 Click Apply MAC Address MAC Notification Options Configure Global MAC Notifi...

Page 101: ...t port on each bridging device except for the root device which incurs the lowest path cost when forwarding a packet from that device to the root device Then it selects a designated bridging device fr...

Page 102: ...t see the Configuring Multiple Spanning Trees section on page 113 An MST Region may contain multiple MSTP Instances An Internal Spanning Tree IST is used to connect all the MSTP switches within an MST...

Page 103: ...e the port from the discarding state The following table lists the options on this page Perform these steps to configure loopback detection 1 Click Spanning Tree Loopback Detection 2 Click Port or Tru...

Page 104: ...ng Tree Status Enables disables STA on this switch Default Disabled When spanning tree is enabled globally or enabled on an interface loopback detection is disabled Spanning Tree Type Specifies the ty...

Page 105: ...information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise...

Page 106: ...Configure Global from the Step list 3 Select Configure from the Action list 4 Modify any of the required attributes Note that the parameters displayed for the spanning tree types STP RSTP MSTP varies...

Page 107: ...priority the MST Instance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where the address is taken from the switch system Designated Root The priority and MA...

Page 108: ...16 Admin Path Cost This parameter is used by the STA to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned...

Page 109: ...ically by the Bridge Detection State Machine described in 802 1D 2004 where the edge port state may change dynamically based on environment changes e g receiving a BPDU or not within the required inte...

Page 110: ...2 on SW3 is configured changed to 0 these ports will still have the same root path cost and it will be impossible for i2 to become the root port just by changing its path cost on SW3 For RSTP mode the...

Page 111: ...om the Learning state to the Forwarding state Designated Cost The cost for a packet to travel from this port to the root in the current Spanning Tree configuration The slower the media the higher the...

Page 112: ...settings for STA 1 Click Spanning Tree STA 2 Select Configure Interface from the Step list 3 Select Show Information from the Action list FIG 119 STA Port Roles FIG 120 Displaying Interface Settings f...

Page 113: ...ning tree priority for the selected MST instance on the Spanning Tree MSTP Configure Global Add page 3 Add the VLANs that will share this MSTI on the Spanning Tree MSTP Configure Global Add Member pag...

Page 114: ...t 4 Select an MST ID The attributes displayed on this page are described under the Displaying Global Settings for STA section on page 107 Perform these steps to add additional VLAN groups to an MSTP i...

Page 115: ...d for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the Sp...

Page 116: ...e Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for an interface 5 Click Apply Perform these steps to display MSTP parameters for a port or trunk 1 Click Spannin...

Page 117: ...ts that exceed the acceptable amount of traffic are dropped Rate limiting can be applied to individual ports or trunks When an interface is configured with this feature the traffic rate will be monito...

Page 118: ...trol on the same interface may lead to unexpected results It is therefore not advisable to use both of these features on the same interface The following table lists the options on this page Perform t...

Page 119: ...default port priority for each interface on the switch All untagged packets entering the switch are tagged with the specified default port priority and then sorted into the appropriate priority queue...

Page 120: ...e egress ports by defining scheduling weights for WRR or one of the queuing modes that use a combination of strict and weighted queuing The specified queue mode applies to all interfaces The following...

Page 121: ...ss a queuing problem occurs with a particular application Setting Priority Processing to DSCP or CoS The switch allows a choice between using DSCP or CoS priority processing methods Use the Priority T...

Page 122: ...p can be used to modify one set of DSCP values to match the definition of another domain The mutation map should be applied at the receiving port ingress mutation at the boundary of a QoS administrati...

Page 123: ...t arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to PHB Drop Precedence mapping table is used to generate priority and drop precedence values for internal processing Note tha...

Page 124: ...r any of the CoS CFI combinations 4 Click Apply Perform these steps to show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list Defa...

Page 125: ...NOTE You can configure up to 16 rules per class map You can also include multiple classes in a policy map NOTE You should create a class map before creating a policy map Otherwise you will not be able...

Page 126: ...t 3 Select Show from the Action list Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command ACL Name of an access cont...

Page 127: ...5 Specify type of traffic for this class based on an access list DSCP or IP Precedence value VLAN or CoS value You can specify up to 16 items to match when assigning ingress traffic to a class map 6 C...

Page 128: ...down to the minimum value of 0 else the packet is red and neither Tc nor Te is decremented When a packet of size B bytes arrives at time t the following happens if srTCM is configured to operate in Co...

Page 129: ...Step list 3 Select Show from the Action list Perform these steps to edit the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Add Rule from the Ac...

Page 130: ...policy map and then bind the service policy to the required interface The following table lists the options on this page Perform these steps to bind a policy map to a port 1 Click Traffic DiffServ 2 S...

Page 131: ...ver connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN Alternatively switch ports can be manually con...

Page 132: ...the Action list 4 Enter a MAC address that specifies the OUI for VoIP devices in the network 5 Select a mask from the pull down list to define a MAC address range 6 Enter a description for the devices...

Page 133: ...entified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disa...

Page 134: ...s IP Source Guard and then DHCP Snooping AAA Authentication Authorization and Accounting The authentication authorization and accounting AAA feature provides the main framework for configuring access...

Page 135: ...gin Authentication Servers Use the Security AAA Server page to configure the message exchange parameters for RADIUS or TACACS remote access authentication servers Remote Authentication Dial in User Se...

Page 136: ...ticate logon access via the authentication server Range 1 30 Default 2 Set Key Mark this box to set or modify the encryption key Authentication Key Encryption key used to authenticate logon access for...

Page 137: ...erver 5 To set or modify the authentication key mark the Set Key box enter the key and then confirm it 6 Click Apply Perform these steps to configure the RADIUS or TACACS server groups to use for acco...

Page 138: ...a requested service if no other methods have been defined Range 1 64 characters Note that the method name is only used to describe the accounting method configured on the specified RADIUS or TACACS se...

Page 139: ...Specify the name of the accounting method and server group name 6 Click Apply Server Group Name Displays the accounting server group Interface Displays the port console or Telnet interface to which t...

Page 140: ...onfigure the accounting method applied to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select...

Page 141: ...how Information from the Step list 3 Click Summary Perform these steps to display basic accounting information and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show I...

Page 142: ...d Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 64 characters Server Group Name Specifies...

Page 143: ...lied to local console Telnet or SSH connections 1 Click Security AAA Authorization 2 Select Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Perform these s...

Page 144: ...ese commands are equivalent to those available under Normal Exec command mode in the CLI Level 8 14 provide the same default access privileges including additional commands beyond those provided for L...

Page 145: ...gured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as dynamic entries in the switch secure MAC address table and are removed when the aging time...

Page 146: ...nfiguration for the port When a user attempts to log into the network with a returned dynamic QoS profile that is different from users already logged on to the same port the user is denied access Whil...

Page 147: ...ase of failed authentication and switchport mode is set to Hybrid See the Adding Static Members to VLANs section on page 89 Dynamic VLAN Enables dynamic VLAN assignment for an authenticated port When...

Page 148: ...the Step list 3 Select Add from the Action list 4 Enter a filter ID MAC address and optional mask 5 Click Apply Perform these steps o show the MAC address filter table for MAC authentication 1 Click S...

Page 149: ...by entering a specific address in the MAC Address field specifying a port in the Interface field or setting the address type to static or dynamic in the Attribute field 5 Click Query Security Network...

Page 150: ...onnection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar fo...

Page 151: ...vate password 4 Click Apply Configuring the Secure Shell The Berkeley standard includes remote access tools originally designed for Unix systems Some of these tools have also been implemented for Micr...

Page 152: ...1 19 4 Set the Optional Parameters On the SSH Settings page configure the optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service On...

Page 153: ...switch Default Disabled Version The Secure Shell version number Version 2 0 is displayed but the switch supports management access via either SSH Version 1 5 or 2 0 clients Authentication Timeout Spec...

Page 154: ...h SSH will revert to the interactive password authentication mechanism to complete authentication The following table lists the options on this page FIG 181 Generating the SSH Host Key Pair FIG 182 Sh...

Page 155: ...rom the respective drop down boxes input the TFTP server IP address and the public key source file name 5 Click Apply Perform these steps to display or clear the SSH user s public key 1 Click Security...

Page 156: ...e resources When using compression the 128 ACEs are compressed into one ACE classifying the IP address as 192 168 1 0 24 which requires only n entries in TCAM The above example is an ideal case for co...

Page 157: ...pe The following filter modes are supported IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source or destination IPv4...

Page 158: ...urity ACL Options Type Selects the type of ACLs to show in the Name list Name Shows the names of ACLs matching the selected type Action An ACL can contain any combination of permit or deny rules Addre...

Page 159: ...t Any Source Destination IP Address Source or destination IP address Source Destination Subnet Mask Subnet mask for source or destination address See the description for Subnet Mask on page 158 Source...

Page 160: ...P DSCP priority level Range 0 63 Time Range Name of a time range FIG 189 Configuring an Extended IPv4 ACL Security ACL Options Type Selects the type of ACLs to show in the Name list Name Shows the nam...

Page 161: ...specific host address in the Address field or IPv6 Prefix to specify a range of addresses Options Any Host IPv6 Prefix Default Any Destination Address Type Specifies the destination IP address type Us...

Page 162: ...Header Identifies the type of header immediately following the IPv6 header Range 0 255 Optional Internet layer information is encoded in separate headers that may be placed between the IPv6 header an...

Page 163: ...in any combination of permit or deny rules Source Destination Address Type Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the...

Page 164: ...IP Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to...

Page 165: ...dress e g 11 22 33 44 55 66 If you select IP enter a base address and a hexadecimal bit mask for an address range 9 Enable logging if required 10 Click Apply Binding a Port to an Access Control List A...

Page 166: ...stics for ACL hardware counters 1 Click Security ACL 2 Select Configure Interface from the Step list 3 Select Show Hardware Counters from the Action list 4 Select a port 5 Select ingress or egress tra...

Page 167: ...for individual VLANs These configuration changes will only become active after ARP Inspection is enabled globally again The ARP Inspection engine in the current firmware version does not support ARP I...

Page 168: ...ase determines their validity The following table lists the options on this page Security ARP Inspection Options ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection V...

Page 169: ...tion and adjust the packet inspection rate 4 Click Apply FIG 197 Configuring VLAN Settings for ARP Inspection Security ARP Inspection Options Interface Port or trunk identifier Trust Status Configures...

Page 170: ...ARP packets in the process of ARP inspection rate limit Count of ARP packets exceeding and dropped by ARP rate limiting ARP packets dropped by additional validation IP Count of ARP packets that faile...

Page 171: ...esses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges You...

Page 172: ...amically learned entries are cleared from the address table If port security is enabled and the maximum number of allowed addresses are set to a non zero value any device not in the address table that...

Page 173: ...the client The EAP packet from the RADIUS server contains not only the challenge but the authentication method to be used The client can reject the authentication method and request another depending...

Page 174: ...ings for 802 1x Use the Security Port Authentication Configure Interface Authenticator page to configure 802 1x port settings for the switch as the local authenticator When 802 1x is enabled you need...

Page 175: ...ts the timeout for EAP request frames other than EAP request identity frames If dot1x authentication is enabled on a port the switch will initiate authentication when the port link state comes up It w...

Page 176: ...mber of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recog...

Page 177: ...processed by the switch is 100 packets per second Any DHCP packets in excess of this limit are dropped When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based up...

Page 178: ...igning IP addresses or to set other services or policies for clients It is also an effective tool in preventing malicious network attacks from attached clients on DHCP services such as IP Spoofing Cli...

Page 179: ...in the remote ID sub option for the DHCP snooping agent i e the MAC address of the switch s CPU This attribute can be encoded in Hexadecimal or ASCII IP Address Inserts an IP address in the remote ID...

Page 180: ...are removed Set all ports connected to DHCP servers within the local network or fire wall to trusted state Set all other ports outside the local network or fire wall to untrusted state The following...

Page 181: ...ent Lease Time The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry...

Page 182: ...55 255 255 255 all of which uses a spoofed source address of the intended victim The victim should crash due to the many interrupts required to send ICMP Echo response packets Default Disabled TCP Nul...

Page 183: ...be dropped An entry with same MAC address and a different VLAN ID cannot be added to the binding table Filtering rules are implemented as follows If DHCP snooping is disabled see page 178 IP source gu...

Page 184: ...binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the sam...

Page 185: ...ngs for each port 5 Click Apply Perform these steps to display static bindings for IP Source Guard 1 Click Security IP Source Guard Static Binding 2 Select Configure ACL Table or Configure MAC Table f...

Page 186: ...ing 2 Mark the search criteria and enter the required values 3 Click Query Security IP Source Guard Dynamic Binding Options Query By Port A port on this switch Range 1 10 26 28 52 VLAN ID of a configu...

Page 187: ...you to configure and limit system messages that are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM The following table...

Page 188: ...ng table lists the options on this page FIG 217 Configuring Settings for System Memory Logs FIG 218 Showing Error Messages Logged to System Memory Administration Log Remote Options Remote Log Status E...

Page 189: ...destination email addresses and one or more SMTP servers 3 Click Apply FIG 219 Configuring Settings for Remote Logging of Error Messages Administration Log SMTP Options SMTP Status Enables disables th...

Page 190: ...f it does not transmit updates in a timely manner TTL in seconds is based on the following rule minimum value Transmission Interval Holdtime Multiplier or 65535 Therefore the default TTL is 4 30 120 s...

Page 191: ...SNMP Notification Enables the transmission of SNMP trap notifications about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at th...

Page 192: ...92 Default Enabled VLAN ID The port s default VLAN identifier PVID indicates the VLAN with which untagged or priority tagged frames are associated see the IEEE 802 1Q VLANs section on page 87 Default...

Page 193: ...dvertise in LLDP messages 6 Click Apply MED Location Civic Address Configures information for the location of the attached device included in the MED TLV field of advertised messages including the cou...

Page 194: ...ptions on this page Perform these steps to specify the physical location of the attached device 1 Click Administration LLDP 2 Select Configure Interface from the Step list 3 Select Add CA Type from th...

Page 195: ...s networkAddress Interface name ifName IETF RFC 2863 Locally assigned locally assigned Chassis ID An octet string indicating the specific identifier for the particular chassis in this system System Na...

Page 196: ...ntPhysClass has a value of chassis 3 IETF RFC 2737 Port component EntPhysicalAlias when entPhysicalClass has a value port 10 or backplane 4 IETF RFC 2737 MAC address MAC address IEEE Std 802 2001 Netw...

Page 197: ...ifier for the particular chassis in this system System Name A string that indicates the system s assigned name System Description A textual description of the network entity Port Type Indicates the ba...

Page 198: ...mber in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated with the remote system PSE Power Sourcing Equipment...

Page 199: ...f 0 represents use of the default priority Unknown Policy Flag Indicates that an endpoint device wants to explicitly advertise that this policy is required by the device but is currently unknown VLAN...

Page 200: ...r a maximum length cable based on its current configuration This parameter supports a maximum power required or available value of 102 3 Watts to allow for future expansion Range 0 102 3 Watts Port De...

Page 201: ...Basic Administration Protocols 201 Instruction Manual NXA ENET8 POE FIG 229 Displaying Remote Device Information for LLDP Port Details...

Page 202: ...MIB for any reason Neighbor Entries Dropped Count The number of times which the remote database on this switch dropped an LLDPDU because of insufficient resources Neighbor Entries Age out Count The nu...

Page 203: ...budget Port power can be automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its power budget When a device is connected to...

Page 204: ...tion Power Sets a power budget for the switch Range 50000 740000 milliwatts Default 370000 milliwatts Compatible Mode Allows the switch to detect and provide power to powered devices that were designe...

Page 205: ...ort is not turned on If a device is connected to a critical or high priority port and would cause the switch to exceed its power budget as determined during bootup power is provided to the port only i...

Page 206: ...ation must first submit a valid community string for authentication Access to the switch from clients using SNMPv3 provides additional security features that cover message integrity authentication and...

Page 207: ...d before configuring other parameters 4 Use the Administration SNMP Configure View page to specify read and write access views for the switch MIB tree 5 Use the Administration SNMP Configure User page...

Page 208: ...e remote device where the user resides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and a user on the remote host...

Page 209: ...lists the options on this page FIG 237 Configuring a Remote Engine ID for SNMP FIG 238 Showing Remote Engine IDs for SNMP Administration SNMP Options Add View View Name The name of the SNMP view Rang...

Page 210: ...Perform these steps to show the SNMP views of the switch s MIB database 1 Click Administration SNMP 2 Select Configure View from the Step list 3 Select Show View from the Action list Perform these ste...

Page 211: ...iew The configured view for read access Range 1 32 characters Write View The configured view for write access Range 1 32 characters Notify View The configured view for notifications Range 1 32 charact...

Page 212: ...6 1 4 1 259 6 10 120 2 1 0 45 This notification indicates PSE threshold usage indication is on and the power usage is above the threshold pethMainPowerUsageOffNotification 1 3 6 1 4 1 259 6 10 120 2...

Page 213: ...hanges of the dynamic MAC addresses on the switch lbdDetectionTrap 1 3 6 1 4 1 259 6 10 120 2 1 0 141 This trap is sent when a loopback condition is detected by LBD lbdRecoveryTrap 1 3 6 1 4 1 259 6 1...

Page 214: ...unity Add page to configure up to five community strings authorized for management access by clients using SNMP v1 and v2c For security reasons you should consider removing the default strings The fol...

Page 215: ...notify view The following table lists the options on this page FIG 245 Setting Community Access Strings FIG 246 Showing Community Access Strings Administration SNMP Options User Name The name of user...

Page 216: ...ord must be specified If the security level is authPriv a privacy password must also be specified 5 Click Apply Perform these steps to show local SNMPv3 users 1 Click Administration SNMP 2 Select Conf...

Page 217: ...dentify the source of SNMPv3 inform messages sent from the local switch If the security model is set to SNMPv3 and the security level is authNoPriv or authPriv then an authentication protocol and pass...

Page 218: ...red notification messages page 209 3 Configure the group matching the community string specified on the Configure Trap Add page to include the required notify view page 211 4 Enable trap informs as de...

Page 219: ...2c or v3 traps Notification Type Traps Notifications are sent as trap messages Inform Notifications are sent as inform messages Note that this option is only available for version 2c and 3 hosts Defau...

Page 220: ...rform these steps to show configured trap managers 1 Click Administration SNMP 2 Select Configure Trap from the Step list 3 Select Show from the Action list FIG 253 Configuring Trap Managers SNMPv2c F...

Page 221: ...be logged Based on the default settings used in RFC 3014 a notification log can contain up to 256 entries and the entry aging time is 1440 minutes Information recorded in a notification log and the e...

Page 222: ...ssfully by the SNMP protocol entity as the result of receiving valid SNMP Set Request PDUs Get request PDUs The total number of SNMP Get Request PDUs which have been accepted and processed or generate...

Page 223: ...ts the options on this page Administration RMON Options Index Index to this entry Range 1 65535 Variable The object identifier of the MIB variable to be sampled Only variables of the type etherStatsEn...

Page 224: ...4 Click Alarm 5 Enter an index number the MIB object to be polled etherStatsEntry n n the polling interval the sample type the thresholds and the event to trigger 6 Click Apply Perform these steps to...

Page 225: ...send with trap messages the name of the person who created this event and a brief description of the event 6 Click Apply Administration RMON Options Index Index to this entry Range 1 65535 Type Speci...

Page 226: ...for each sample includes input octets packets broadcast packets multicast packets undersized packets oversize packets fragments jabbers CRC alignment errors collisions drop events and network utilizat...

Page 227: ...for this entry 7 Click Apply Perform these steps to show configured RMON history samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show from the Action list...

Page 228: ...table lists the options on this page Perform these steps to enable regular sampling of statistics on a port 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Add fro...

Page 229: ...is within the absolute time range and one of the periodic time ranges A maximum of eight rules can be configured for a time range The following table lists the options on this page Perform these steps...

Page 230: ...2 Select Add Rule from the Action list 3 Select the name of time range from the drop down list 4 Select a mode option of Absolute or Periodic 5 Fill in the required parameters for the selected mode 6...

Page 231: ...ies the interval at which to transmit loopback detection control frames Range 1 32767 seconds Default 10 seconds Recover Time Specifies the interval to wait before the switch automatically releases an...

Page 232: ...ollowing table lists the options on this page Perform these steps to configure interface settings for LBD 1 Click Administration LBD Configure Interface 2 Make the required configuration changes 3 Cli...

Page 233: ...receive the multicast service The purpose of IP multicast filtering is to optimize a switched network s performance so multicast packets will only be forwarded to those ports containing multicast grou...

Page 234: ...ch page 238 IGMP Snooping with Proxy Reporting The switch supports last leave and query suppression as defined in DSL Forum TR 101 April 2006 When proxy reporting is disabled all IGMP reports received...

Page 235: ...e subscribed to different multicast groups flooding may cause excessive packet loss on the link between the switch and the end host Flooding may be disabled to avoid this causing multicast traffic to...

Page 236: ...ges which use a version different to that currently configured by the IGMP Version attribute Default Disabled IGMP Unsolicited Report Interval Specifies how often the upstream interface should transmi...

Page 237: ...3 Select the VLAN for which to display this information Port or Trunk Specifies the interface attached to a multicast router Show Static Multicast Router VLAN Selects the VLAN for which to display an...

Page 238: ...er control it may be necessary to statically configure a multicast service on the switch First add all the ports attached to participating hosts to a common VLAN and then assign the multicast service...

Page 239: ...ing is enabled These messages are sent unsolicited periodically on all router interfaces on which multicast forwarding is enabled They are sent upon the occurrence of these events Upon the expiration...

Page 240: ...GMP snooping By Host IP The switch will not send out a group specific query when an IGMPv2 v3 leave message is received But will check if there are other hosts joining the multicast group Only when al...

Page 241: ...ce specific query message and starts a timer If no reports are received before the timer expires the group record is deleted and a report is sent to the upstream multicast router A reduced value will...

Page 242: ...P Snooping Interface 2 Select Configure Interface from the Action list 3 Select Port or Trunk interface 4 Enable the required drop functions for any interface 5 Click Apply FIG 283 Showing Interface S...

Page 243: ...until this entry expires Count The number of times this address has been learned by IGMP snooping FIG 285 Showing Multicast Groups Learned by IGMP Snooping Multicast IGMP Snooping Statistics Options V...

Page 244: ...S Query The number of group specific or group and source specific query messages received on this interface Drop The number of times a report leave or query was dropped Packets may be dropped due to...

Page 245: ...g Statistics 2 Select Show VLAN Statistics from the Action list 3 Select a VLAN Perform these steps to display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Stat...

Page 246: ...ing Filter Configure General page to enable IGMP filtering and throttling globally on the switch The following table lists the options on this page Perform these steps to enable IGMP filtering and thr...

Page 247: ...icast IGMP Snooping Filter 2 Select Configure Profile from the Step list 3 Select Show from the Action list Perform these steps to add a range of multicast groups to an IGMP filter profile 1 Click Mul...

Page 248: ...eps to configure IGMP filtering or throttling for a port or trunk 1 Click Multicast IGMP Snooping Filter 2 Select Configure Interface from the Step list 3 Select a profile to assign to an interface th...

Page 249: ...ill act if elected When serving as the querier the switch uses this IPv6 address as the query source address The querier will not start or will disable itself after having started if it detects an IPv...

Page 250: ...uring MLD Snooping and Query Parameters section on page 249 before a multicast router port can take effect The following table lists the options on this page FIG 295 Configuring General Settings for M...

Page 251: ...ticast MLD Snooping Multicast Router 2 Select Show Static Multicast Router from the Action list 3 Select the VLAN for which to display this information Perform these steps to show all the interfaces a...

Page 252: ...r 2 Select Add Static Member from the Action list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an MLD enabled switch or mul...

Page 253: ...e 1 4094 Interface Port or trunk identifier Group Address The IP address for a specific multicast service Type The means by which each group was learned MLD Snooping or Multicast Data Filter Mode The...

Page 254: ...he host does not respond a timeout appears in ten seconds Destination unreachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway...

Page 255: ...es off before a response is returned the trace function prints a series of asterisks and the Request Timed Out message A long sequence of these messages terminating only when the maximum timeout has b...

Page 256: ...ot match the destination IP address in the message However if it does match they write their own hardware address into the destination MAC address field and send the message back to the source hardwar...

Page 257: ...NS is not yet enabled and the switch receives a DHCP packet containing a DNS field with a list of DNS servers then the switch will automatically enabled DNS host name to address translation The follow...

Page 258: ...the servers are queried in the specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled Th...

Page 259: ...e following table lists the options on this page Perform these steps to configure static entries in the DNS table 1 Click IP Service DNS Static Host Table 2 Select Add from the Action list 3 Enter a h...

Page 260: ...g the TFTP server to access for download and the name of the boot file or boot information for NetBIOS Windows Internet Naming Service WINS Specifying a DHCP Client Identifier Use the IP Service DHCP...

Page 261: ...provides an option for sending information about its DHCP clients to the DHCP server specifically the interface on the relay server through which the DHCP client request was received Also known as DH...

Page 262: ...quest packet and the switch then unicasts this packet to the DHCP server If the policy is keep the DHCP request packet s option 82 content will be retained The relay agent address is inserted into the...

Page 263: ...are not carried by the reply sent from the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the server that it is interested in option 66 67 by sending a DHCP request that...

Page 264: ...g via DHCP 1 Click IP Service DHCP Dynamic Provision 2 Mark the Enable box if dynamic provisioning is configured on the DHCP daemon and required for boot up 3 Click Apply IP Service DHCP Dynamic Provi...

Page 265: ...fault IPv4 address for VLAN 1 is set to 192 168 2 10 using the subnet mask 255 255 255 0 To change the switch s default settings to values that are compatible with your network you may need to establi...

Page 266: ...or DHCP server NOTE The switch will also broadcast a request for IP configuration settings on each power reset IP Address Type Specifies a primary or secondary IP address An interface can have only o...

Page 267: ...sing this kind of address cannot be passed by any router outside of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to co...

Page 268: ...prefixes received in IPv6 router advertisement messages and the host portion is automatically generated using the modified EUI 64 form of the interface identifier i e the switch s MAC address If a li...

Page 269: ...ter advertisements and by the router itself ND Reachable Time The amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred Range 0 3600000...

Page 270: ...host portion of the default address is based on the modified EUI 64 Extended Universal Identifier form of the interface identifier i e the physical MAC address Alternatively you can manually configur...

Page 271: ...ield may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length exceeds 64 bits then the bits used in the network portion of the ad...

Page 272: ...6 nodes The interface local multicast address is only used for loopback transmission of multicast traffic Link local multicast addresses cover the same types as used by link local unicast addresses in...

Page 273: ...last ReachableTime interval that the forward path to the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime int...

Page 274: ...ould be found to transmit them to their destination Address Errors The number of input datagrams discarded because the IPv6 address in their IPv6 header s destination field was not a valid address to...

Page 275: ...hable messages received by the interface Packet Too Big Messages The number of ICMP Packet Too Big messages received by the interface Time Exceeded Messages The number of ICMP Time Exceeded messages r...

Page 276: ...s The number of ICMPv6 Group Membership Response messages sent by the interface Group Membership Reduction Messages The number of ICMPv6 Group Membership Reduction messages sent by the interface Multi...

Page 277: ...on this page Perform these steps to show the MTU reported from other devices 1 Click System IPv6 Configuration 2 Select Show MTU from the Action list FIG 330 Showing IPv6 Statistics UDP Show MTU Displ...

Page 278: ...red per port Port Trunking Static trunks Cisco EtherChannel compliant Dynamic trunks Link Aggregation Control Protocol Spanning Tree Algorithm Spanning Tree Protocol STP IEEE 802 1D 2004 Rapid Spannin...

Page 279: ...tags IEEE 802 1Q VLAN IEEE 802 1v Protocol based VLANs IEEE 802 1X Port Authentication IEEE 802 3 2005 Ethernet Fast Ethernet Gigabit Ethernet Link Aggregation Control Protocol LACP Full duplex flow...

Page 280: ...dge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Power Ethernet MIB RFC 3621 Private MIB Q Bridge MIB RFC 2674Q Quality of Service MIB RADIUS Accounting Server MIB...

Page 281: ...access the management agent in the switch through a connection to any port using Telnet a web browser or other network management software tools However you must first configure the switch with a vali...

Page 282: ...n is connected with a valid IP address subnet mask and default gateway Be sure the management station has an IP address in the same subnet as the switch s IP interface to which it is connected If you...

Page 283: ...not assume responsibility for errors or omissions AMX also reserves the right to alter specifications without prior notice at any time The AMX Warranty and Return Policy and related documents can be...

Reviews:

No comments