GigaX3112 Series
User Manual
Layer 3 Managed Switch
Page 1: ...GigaX3112 Series User Manual Layer 3 Managed Switch ...
Page 2: ...erchantability or fitness for a particular purpose In no event shall ASUS its directors officers employees or agents be liable for any indirect special incidental or consequential damages including damages for loss of profits loss of business loss of use or data interruption of business and the like even if ASUS has been advised of the possibility of such damages arising from any defect or error in...
Page 3: ...ent does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures Re orient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment to an outlet on a circuit different from that t...
Page 4: ...538 USA Fax 1 502 933 8713 E mail tmd1 asus com Web site usa asus com Technical Support Telephone General 1 502 995 0883 Notebook 1 877 918 ASUS 2787 Fax 1 502 933 8713 Support e mail tsd asus com ASUS COMPUTER GmbH Germany and Austria Address Harkort Str 25 D 40880 Ratingen Germany Telephone 49 2102 95990 Fax 49 2102 959911 Online contact www asuscom de sales Technical Support Telephone 49 2102 9...
Page 5: ... Part 1 Installing the hardware 8 3 1 1 Installing the switch on a flat surface 8 3 1 2 Mounting the switch on a rack 8 3 2 Part 2 Setting up the switch 8 3 2 1 Connect the console port 8 3 2 2 Connect to the computers or a LAN 9 3 2 3 Attach the RPS module 9 3 2 4 Attach the power adapter 9 3 3 Part 3 Basic switch setting for management 10 3 3 1 Setting up through the console port 10 3 3 2 Setting...
Page 6: ...tus 21 4 5 1 2 Current Roots 22 4 5 1 3 Bridge Parameters 23 4 5 1 4 Port Parameters 23 4 5 2 Link aggregation static 24 4 5 3 LACP 26 4 5 4 Mirroring 27 4 5 5 Static multicast 28 4 5 6 IGMP snooping 28 4 5 7 Traffic control 30 4 5 8 Dynamic addresses 30 4 5 9 Static addresses 31 4 5 10 VLAN Configuration 32 4 5 11 GVRP 33 4 5 12 QoS and CoS 34 4 5 12 1 802 1p Priority 34 4 5 12 2 CoS queue mapping ...
Page 7: ...2 4 6 5 Multicast Route 42 4 6 5 1 M Route 42 4 6 5 2 DVMRP 43 4 6 6 VRRP 44 4 7 SNMP 46 4 7 1 Community table 46 4 7 2 Host table 46 4 7 3 Trap setting 47 4 7 4 SNMPv3 VGU Table 47 4 7 4 1 VACM View 47 4 7 4 2 VACM Group 48 4 7 4 3 USM User 49 4 8 Filter pages 50 4 8 1 Filter set 50 4 8 2 Filter attach 52 4 9 Security 53 4 9 1 Port Access Control 53 4 9 2 Dial In User 55 4 9 3 RADIUS 56 4 9 4 Por...
Page 8: ...lf Test 63 5 1 1 Boot ROM command mode 63 5 1 2 Boot ROM commands 64 5 2 Login and logout 65 5 3 CLI commands 66 5 3 1 User account 66 5 3 1 1 Add user 66 5 3 1 2 Delete user 66 5 3 2 Backup and Restore 66 5 3 2 1 Backup start up configuration file 66 5 3 2 2 Restore start up configuration file 66 5 3 3 System Management Configuration 67 5 3 3 1 Firmware upgrade 67 5 3 3 2 configure terminal 67 5 3 3 3 ...
Page 9: ...0 5 3 3 18 Delete a new user account 70 5 3 4 Physical interface commands 70 5 3 4 1 Interface mode 70 5 3 4 2 Interface duplex 70 5 3 4 3 Interface flow control 71 5 3 4 4 Show L2 interface 71 5 3 5 IP interface 71 5 3 5 1 show vlan name string 71 5 3 5 2 Create a vlan entry 71 5 3 5 3 interface vlan VLAN ID 72 5 3 5 4 ip address 72 5 3 5 5 ip helper address 72 5 3 5 6 ip ospf 72 5 3 5 7 ip pim 72...
Page 10: ...10 5 spanning tree enable and disable 75 5 3 11 Link Aggregation 75 5 3 11 1 trunk aggregation group 75 5 3 11 2 trunk load balancing 75 5 3 11 3 show aggregation link trunk 75 5 3 12 LACP 76 5 3 12 1 clear lacp counters 76 5 3 12 2 lacp aggregation link trunk 76 5 3 12 3 disable lacp aggregation link trunk 76 5 3 12 4 lacp port priority 76 5 3 12 5 lacp system priority 76 5 3 13 Mirroring 77 5 3 ...
Page 11: ...rol 79 5 3 17 Dynamic Addresses 79 5 3 17 1 clear dynamic mac address 79 5 3 17 2 aging time 79 5 3 17 3 no aging time 80 5 3 17 4 show mac address table aging time 80 5 3 18 Static Addresses 80 5 3 18 1 add static mac address 80 5 3 18 2 show mac address table 80 5 3 19 VLAN 80 5 3 19 1 show vlan name string 80 5 3 19 2 vlan vid 81 5 3 19 3 name string 81 5 3 19 4 access vlan 81 5 3 19 5 allowed ...
Page 12: ...mp server host 83 5 3 23 Filter 84 5 3 23 1 deny any host 84 5 3 23 2 filter set 84 5 3 23 3 filter conditions 84 5 3 23 4 filter attach 84 5 3 24 Port Access Control 84 5 3 24 1 default system authentication control 84 5 3 24 2 dot1x default 85 5 3 24 3 dot1x guest vlan 85 5 3 24 4 dot1x initialize interface 85 5 3 24 5 dot1x max req 85 5 3 24 6 dot1x port control 86 5 3 25 Dial in User 86 5 3 25 1 ...
Page 13: ...witchport port security aging 88 5 4 Miscellaneous commands 88 6 IP addresses network masks and subnets 89 6 1 IP addresses 89 6 1 1 Structure of an IP address 89 6 2 Subnet masks 90 7 Troubleshooting 92 7 1 Diagnosing problems using IP utilities 92 7 1 1 ping 92 7 1 2 nslookup 93 7 2 Replacing defective fans 94 Fan specifications 95 7 3 Simple fixes 96 8 Glossary 98 9 Index 104 ...
Page 14: ...T auto sensing Gigabit Ethernet switching ports Two Gx3112 or twelve Gx3112F small form factor SFP Gigabit interface converter GBIC slots Automatic MDI MDIX support for 10 100 1000BASE T ports Compliant with 802 3z and 802 3ab specifications 802 1D transparent bridge STP RSTP MSTP 16K MAC address cache with hardware assisted aging 802 3x flow control 802 1Q based tagged VLAN up to 4096 VLANs 802 1p ...
Page 15: ...nt VRRP DVMRP PIM DM RMON support 4 groups 1 2 3 9 SNMP v1 v2 v3 MIB II Enterprise MIB for PSU fan and system temperature voltage Telnet SSH remote login TFTP for firmware update and configuration backup Cisco Like CLI Web GUI LEDs for port link status LEDs system redundant power supply RPS and fan status ...
Page 16: ...indicated 1 2 2 Typography Italics are used to present the parameters for the command line interpreter Boldface type text is used for items you select from menus and drop down lists and text strings you type when prompted by the program 1 2 3 Symbols This document uses the following icons to call your attention to specific instructions or explanations Provides clarification or additional informati...
Page 17: ... L3 managed switch AC Power cord Null modem cable for console interface DB9 Rack installation kit two brackets with six 6 32 screws USB cable for console interface Installation CD ROM Quick installation guide Figure 1 GigaX3112 L3 managed switch package contents STATU S SPEED DUPLE X SYSTEM RPS FAN 11 9 7 5 3 1 12 10 8 6 4 2 11 12 USB CONS OLE RS 23 2 1 3 5 7 9 11 2 4 6 8 10 12 ...
Page 18: ...s a good redundant power supply Amber ON The PSU is abnormal and the switch is powered by RPS OFF No power at all system LED is also off RPS does not work properly or not installed system LED is on 3 FAN Green ON Both fans are working properly Amber ON Both or either one of the fans stopped 4 10 100 1000 port status Green ON Link RJ 45 or SFP is present port is enabled Flashing Data is being trans...
Page 19: ... power cord 2 RPS Redundant Power Supply connector 3 FAN1 FAN2 Replaceable system fans No Label Color Status Description 6 Duplex status Green ON Full duplex Amber ON Simplex 7 Console USB USB port for console 8 Console RS232 RS 232 serial port for console 2 3 Rear panel The switch rear panel contains the swappable fans and power connections ...
Page 20: ...ion 100 240V AC 2 5A 50 60Hz 65 watts Redundant Power Supply RPS Input Output 100 240V AC 1 8A 50 60Hz 12V DC 12 5A Environmental Ranges Operating Storage Temperature 0 to 40 C 32 to 122 F 25 70 C 40 to 158 F Humidity 15 to 90 0 to 95 Altitude up to 10 000 ft 3 000m 40 000 ft 12 000m Replaceable Fans Dimensions Voltage and Current Speed 40 x 40 x 20 mm 12VDC 0 13A 8200RPM ...
Page 21: ...g the hardware 3 1 1 Installing the switch on a flat surface The switch should be installed on a level surface that can support the weight of the switches and their accessories Attach four rubber pads on the marked location on the bottom of the switch 3 1 2 Mounting the switch on a rack Attach brackets to each side of the switch and make the posts insert to the switch Insert and tighten two screws ...
Page 22: ...Connect to the power cord to a grounded power outlet 3 2 4 Attach the power adapter Connect the AC power cord to the POWER receptacle on the back of the switch and plug the other end of the power cord into a wall outlet or a power strip Check the front LED indicators with the description in Table 4 If the LEDs light up as described the switch hardware is working properly Note STATUS SPEED DUPLEX S...
Page 23: ...E6 0 or higher version Command Line Interface use console port to manage the switch 3 3 1 Setting up through the console port Use the supplied crossover RS 232 cable to connect to the console port on the front right corner of the switch This port is a male DB 9 connector implemented as a data terminal equipment DTE connection Tighten the retaining screws on the cable to secure it on the connector ...
Page 24: ...pe ip address 192 168 1 1 24 Type end it will return to previous level with prompt ASUS Type write memory the changes will be applied and written to configuration file Type reboot If the switch has to be managed across networks then a default gateway or a static route entry is required Follow these steps to assign a default gateway or static route entry to the switch Entering ASUS Type show running ...
Page 25: ...ur network Contact your network administrator to obtain a valid IP for the switch If you wish to change the default IP address of the switch follow section 3 3 1 to change the IP address If Java Runtime Environment is not installed on your PC Your PC will automatically downloads and installs it It means that your PC should be able to reach the web site If the Internet is not available you should p...
Page 26: ...This is normal You have to retype the new IP address in the address location box and press Enter The WEB link returns A login window appears immediately after you click OK See the figures on the next page Note that the GigaX 3112 and GigaX 3112F models have the same web interface except for the front panel image on top of the screen see figures on the next page The following sections show only Gx311...
Page 27: ...llowing in the web address or location box and press Enter http 192 168 1 1 This is the factory default IP address for the switch A login screen displays as shown in Figure 8 Figure 8 Configuration manager login screen Enter your user name and password then click OK Use the following defaults the first time you log into the program You can change the password at any time through CLI interface see s...
Page 28: ...ame has a switch logo and front panel as shown in Figures 10 and 11 This frame remains on the top of the browser window all the times and updates the LED status periodically See Table 4 for the LED definitions See Table 5 for the color status description Figure 10 Top frame GigaX 3112F Figure 11 Top frame GigaX 3112 Figure 12 Port Selection Panel GigaX 3112F ...
Page 29: ...nt but port is disabled manually or by spanning tree Clicking on the port icon of the switch displays the port configuration in the lower right frame The left frame a menu frame as shown in Figure 14 contains all the features available for switch configuration These features are grouped into categories e g System Bridge etc You can click on any of these to display a specific configuration page Figure...
Page 30: ...button and icon used in the application Table 6 Commonly used buttons and icons Button Icon Function Stores any changes you have made on the current page Re displays the current page with updated statistics or settings Modifies the existing configuration in the system e g a static route or a filter ACL rule and etc Clears all input fields and waiting for new settings Adds the existing configuration to ...
Page 31: ... editable System Contact editable System Location editable To save any changes and make it effective immediately click OK Use Reload to refresh the setting as shown in Figure 15 Figure 15 Management page 4 3 2 IP Setup The IP Setup page contains the following information IP Address IP address for the switch Network Mask Network mask for this network Default Gateway Default gateway for this network...
Page 32: ...are Version shows the current running firmware version This number will be updated after the firmware update Enter the TFTP server IP address and firmware file name Click Upgrade to update the switch firmware See Figure 17 for reference For example TFTP Server 192 168 1 155 File Name 3112Single v10 img Clicking the upload button loads the assigned firmware to the switch then reboot system after a su...
Page 33: ...le disable DHCP snooping function Snooping assign the selected port to be untrusted or trusted port Select the corresponding port number and configure the port setting then click on the Modify button The field you change will update the content of the display window However the new settings do not take effect until the Save Configuration is executed Runtime Status Window displays the following infor...
Page 34: ...5 1 1 STP Status The first page STP Status can disable or enable STP There are three modes STP RSTP and MSTP can be enabled If MSTP is enabled the following four attributes are enabled at the same time Region Name An alphanumeric configuration name Revision A configuration revision number Instance ID A STP instance you can configure MSTP on your switch to map multiple VLANs into a single STP instance...
Page 35: ... 2 Current Roots It shows the information of current root bridge which include MAC Address of root bridge Priority of root bridge Maximum age of root bridge Hello timer of root bridge Forwarding delay timer of root bridge Path cost of root bridge Figure 21 Spanning tree Current Roots ...
Page 36: ...e current configuration for each port You can select a port then edit it Click Modify to change the port setting for spanning tree The following fields are available Instance ID MSTP Only a spanning tree instance you can configure MSTP on your switch to map multiple VLANs into a single STP instance Priority sets the port priority in the switch Low numeric value indicates a high priority The port wit...
Page 37: ...elect the group members The port can be removed from the group by clicking the selected port again Click OK to make the setting send to the connected switch Click Reload to refresh the settings to current value To make the configuration effective go to Save Configuration page and click Save You have to check the runtime link speed and duplex mode to make sure the trunk is physically active Go to Phy...
Page 38: ...n full duplex force mode then the link partner MUST have the same setting Otherwise the link aggregation could operate abnormally All the ports in the link aggregation group MUST have the same VLAN setting All the ports in the link aggregation group are treated as a single logical link That is if any member changes an attribute the others will change also For example a trunk group consists of port...
Page 39: ...tion Port Selection Criterion the algorithm to distribute packets among the ports of the link aggregation group according to source MAC address destination MAC address source and destination MAC address source IP address destination IP address or source and destination IP address Trunk ID a number to identify the trunk group besides the group name Port these port icons are listed the same way as o...
Page 40: ...Mirror Mode Enables or disables the mirror function for the selected group Stack ID For standalone switch only ID 1 is available Monitor Port Receives the copies of all the traffics in the selected mirrored ports The monitor port can not belong to any link aggregation group The monitor port can not operate as a normal switch port It does not switch packets or do address learning Click OK to make th...
Page 41: ...ice Click OK to make the setting send to the switch HTTP server Click Reload to refresh the settings to current value Figure 27 Static multicast GigaX 3112F 4 5 6 IGMP snooping IGMP snooping helps reduce the multicast traffics on the network by allowing the IGMP snooping function to be turned on or off The first part provides the following settings Enable IGMP Snooping Globally enable IGMP snooping ...
Page 42: ...es the following settings Status If global snooping is enabled you can enable or disable VLAN snooping Immediate leave When you enable IGMP Immediate Leave processing the switch immediately removes a port when it detects an IGMP version 2 leave message on that port You should use the Immediate Leave feature only when there is a single host present on every port in the VLAN Immediate Leave is suppo...
Page 43: ...nd to the switch HTTP server Click Reload to refresh the settings to current value Figure 29 Traffic control 4 5 8 Dynamic addresses This page displays the result of dynamic MAC address lookup by port VLAN ID or specified MAC address The dynamic address is the MAC address learned by switch it will age out from the address table if the address is not learned again during the age time User can set the...
Page 44: ...ly ID 1 is available Port Selection select the port which the MAC belongs Click on the Add when you create a new static MAC address by the above information Then you will see the new added entry shows in the address window You can remove the existed address by selecting the entry with the mouse then clicking on Remove The Modify button updates the existed MAC address entries Click OK to save effec...
Page 45: ...gged blank type This port is not a member of the VLAN group If one untagged port belongs to two or more VLAN groups at the same time it will confuse the switch and cause flooding traffics To prevent it the switch only allows one untagged port belongs to one VLAN at the same time If you want to assign an untagged port from one VLAN to another you have to remove it from the original VLAN or change it ...
Page 46: ...ort Mode enables disables GVRP on the individual 802 1Q trunk port GVRP must be configured on both sides of the trunk to work correctly Registration By default GVRP ports are in normal registration mode These ports use GVRP join messages from neighboring switches to prune the VLANs running across the 802 1Q trunk link If the device on the other side is not capable of sending GVRP messages or if you...
Page 47: ...fore the other queues are serviced You can use the strict priority queue for mission critical and time sensitive traffic There are three options First Come First Service the first come frame has the highest priority High First Packetʼs priority depends on its CoS value Weighted Round Robin WRR If WRR scheduling algorithm is enabled the ratio of the weights is the ratio of frequency in which the WRR ...
Page 48: ...ict priority scheduler That is each CoS value can map into one of the eight queues The queue eight has the highest priority to transmit the packets Click OK to save the configuration To make the configuration effective go to the Save Configuration page then click Save The CoS values range from 0 for low priority to 7 for high priority Figure 36 CoS Queue Mapping ...
Page 49: ...ill be assigned to this CoS value in the VLAN tagged Click on Modify to change the content in the port list window Click on OK to save the configuration To make the configuration effective go to Save Configuration page and click Save Figure 37 QoS Bandwidth 4 6 L3 Switch This function offers L3 interface and route entry configuration 4 6 1 Interface This function allows users to know the L3 interfac...
Page 50: ...to deliver IP addresses appropriate to each subnet With Windows 2000ʼs DHCP server you do this by setting up a separate DHCP realm for each VLAN Not all DHCP servers have this capability If your existing DHCP server works only with flat LANs youʼll likely have to upgrade to a more sophisticated package Figure 38 L3 Interface Configuration Special Note It is strong recommended that each interface sho...
Page 51: ...will see the new added entry shows in the list window You can remove the selected route by clicking Remove The route added and removed will be stored in configuration file immediately Figure 39 Configure Static Route 4 6 3 RIP This function is used to switch on off RIP routing protocol Clicking will enable configuration of Passive Interfaces and RIP version 1 2 both When RIP is turned on the switch...
Page 52: ...ntinue advertise other interfaces of routing updates And routing updates from other routers on that interface continue to be received and processed Passive Interface Used to enable disable passive interface function for a specific L3 interface Figure 41 RIP Passive Interface 4 6 3 3 RIP Version ASUS L3 switch can support RIPv1 RIPv2 or Both Incoming Packet Used to specify RIP version for the interp...
Page 53: ... Clicking will enable configuration of Interfaces and Virtual Link 4 6 4 1 Basic You can use OSPF basic command to add L3 interface to specific OSPF area IP Address All active L3 interfaces are displayed you can select any one to configure it as OSPF interface Area Specify area ID for a specific L3 interface Figure 43 OSPF Configuration ...
Page 54: ...for a network Transmit Delay Set the estimated number of seconds to wait before sending a link update packet Hello Interval Set the number of seconds between two hello packet 10 seconds is set as default value Dead Interval Set the number of seconds after the last hello packet was received before declare its neighbor OSPF router is down 40 seconds is set as default value Retransmit Interval Specif...
Page 55: ...icast Route feature It offers two different methods including DVMRP and PIM DM to establish multicast route And IGMP will be automatically enabled disabled with Multicast Route Protocol It allows hosts to communicate with their interest and desire data destined to a specific multicast group Multicast route protocol uses this information to build and maintain multicast distributed tree 4 6 5 1 M Rou...
Page 56: ...tting Figure 46 M Route Configuration 4 6 5 2 DVMRP This function is used to configure DVMRP Network DVMRP is Enable or disable DVMRP for specific network Select the corresponding Network Address to configure parameters then click on the Modify button The field you changed will update the content in the display window To save any changes and make it effective immediately click OK Use Reload to refresh...
Page 57: ...ilure inherent in the static default routed environment VRRP specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN The VRRP router controlling the IP address es associated with a virtual router is called the Master and forwards packets sent to these IP addresses The election process provides dynamic fail over in the forwardin...
Page 58: ...outer The value of 255 decimal is reserved for the router that owns the IP addresses associated with the virtual router The value of 0 zero is reserved for Master router to indicate it is releasing responsibility for the virtual router The range 1 254 decimal is available for VRRP routers backing up the virtual router Advertisement Interval Time interval between ADVERTISEMENTS seconds Default is 1...
Page 59: ...the privilege to do set action write access by checking the box Click OK to save the configuration permanently or Reload to refresh the page Figure 50 Community table 4 7 2 Host table This page links host IP address to the community name that is entered in Community Table page Type an IP address and select the community name from the drop down list Click OK to save the configuration permanently or ...
Page 60: ...4 7 4 1 VACM View VACM View is used to view the information of SNMPV3 VACM Group View Name enter the security group name View Type enter the View Type that the View belongs Included or Excluded when View Subtree matches the Oid in the SNMPv3 message View Subtree enter the View Subtree that the View belongs The Subtree is the Oid to match the Oid in the SNMPv3 message The match is good when the sub...
Page 61: ...p Report Security Model enter the Security Model Name that the Group belongs Any is suitable for v1 v2 v3 USM is SNMPv3 related Security level enter the Security level Name that the Group belongs Only NoAuth AuthNopriv AuthPriv can be chosen Click on the Add when you create a new VACM group entry by the above information Then you will see the new added entry shows in the group window You can remov...
Page 62: ...ity Group belong Only NoPriv DES can be chosen If the NoPriv is chosen there is no need to enter password Priv Password enter the password that the Priv Protocol belongs The password needs at least 8 characters or digits Security level enter the Security level Name that the Group belongs Only NoAuth AuthNopriv AuthPriv can be chosen Click on the Add when you create a new USM User entry by the abov...
Page 63: ...Name then add it You also can check the IP Filter and give an ID Name then clicking on Add Click OK to save the configuration permanently or Reload to refresh the page Please click OK before editing Click on a filter set to select the set you want to edit or remove Second click on Edit to enter the rule page or click on Remove to remove the filter set You have to follow the rules to make a valid filte...
Page 64: ...s the rule donʼt care the MAC value In IP rule setup you can enter any of the 5 types source IP destination IP protocol source application port and destination application port The Action field determines if the packet should be dropped or forwarding when it matches the rule If a packet matches two rules with different action the packet will follow the rule showed first in the rule list Figure 57 Fi...
Page 65: ...ttach page to attach a filter set to ingress ports Click OK to save the configuration To make the configuration effective go to the Save Configuration page then click Save or click on Reload to refresh the page To attach a filter set to ports Attach to all ports the filter set applies to all the ports of the system Attach to certain ports you can specify the ingress ports to be applied Detach from all p...
Page 66: ...h also supports dynamic VALN assignment through 802 1x authentication process The VLAN information for the users ports should be configured in the authentication server properly before enabling this feature 4 9 1 Port Access Control Port Access Control is used to configure various 802 1x parameters 802 1x uses either RADIUS server or local database to authenticate port users The first part is the Br...
Page 67: ...tication Time If Reauthentication is enabled this is the time period the switch uses to re send authentication request to the port user see above Quiet Period If authentication failed the switch waits upon this time period before sending another authentication request to the port user Retransmission Time If the port user failed to respond to authentication request from the switch the switch waits ...
Page 68: ...e Password Password for the new user Confirm Password Enter the password again Vlan ID Specify the VLAN ID assigned to the 802 1x authenticated clients Please click Add to add the new user Click Modify when youʼre done with the modifications Click Remove when you want to remove the selected user Click OK to make the settings permanent Click Reload to refresh the settings to current value ...
Page 69: ...ntication Server Port The port number for the RADIUS server is listening to Authentication Server Key The key is used for communications between GigaX and the RADIUS server Confirm Authentication Key Re type the key entered above The VLAN of the RADIUS server connected to the switch must be the same as the VLAN of the system management interface Click OK to make the settings permanent Click Reload ...
Page 70: ...ses 4 9 4 1 Port Configuration The page is used to configure port security configuration First you must select a port by clicking it from the following table Then begin to set the port configuration Please click when youʼre done with the modifications Admin Enable or disable port security feature Violation Mode It decides the port behavior when security violation happens If Shutdown is selected the por...
Page 71: ...r the specified time period Click OK to make the settings permanent Click Reload to refresh the settings to current value Figure 63 Port Security 4 9 4 2 Port Status This page shows the current port status MAC address counts static MAC address counts and violation count Port has five statuses NoOper This indicates port security on the port is configured to disabled SecureUp This indicates port securi...
Page 72: ...re MAC Address offers three functions for user management Query You can select a port by Port Selection field After click Query button it will show all MAC addresses on this port Add User can select some port by Port Selection field and input a MAC address to add on MAC Address field After push Add button the MAC address will add on the selected port and the type of the MAC is static Remove You can ...
Page 73: ...tistics or ports by selecting Color Finally click on Draw to let the browser to draw the graphic chart Each new Draw will reset the statistics display 4 10 1 Traffic comparison This page shows the one statistics item for all the ports in one graphic chart Specify the statistics item to display and click the Draw the browser will show you the update data and refresh the graphic periodically Figure 6...
Page 74: ...Group Chart 4 10 3 Historical status You can display information for different ports and statistics items in this chart Since this shows the history of the statistics information the line chart keeps the old data even it is refreshed Figure 68 Historical status ...
Page 75: ...after a successful save Sometimes you may want to reset the switch configuration you can click on to reset the configuration file to factory default Of course a system reboot will follow this restoration process You will lose all the configurations when you choose to restore the factory default configurations Note Figure 69 Save configuration ...
Page 76: ... useful when you are not familiar with the CLI commands All the CLI commands are case sensitive 5 1 Power On Self Test POST is executing during the system booting time It tests system memory LED and hardware chips on the switchboard It displays system information as the result of system test and initialization You can ignore the information until the prompt ASUS login appears Figure 70 CLI interfa...
Page 77: ...boot ROM commands command The current settings will be displayed command with new setting The current setting will be replaced by specified new setting Table 7 Boot ROM commands Command Parameters Usage Notes baudrate Baud Rate 9600 38400 57600 115200 You have to set up the terminal emulator with the same baud rate to make the work ...
Page 78: ...et of the CPU serverip IP address xxx xxx xxx xxx set tftp server IP address slot slot 1 2 auto select boot slot to boot tftpboot filename Example 3112single img load image via network using TFTP protocol version none none print monitor version 5 2 Login and logout To enter the CLI mode you have to give a valid user name and password As the first time login you can enter admin as the user name witho...
Page 79: ...ing userʼs password CLI Syntax add user user name password Example ASUS add admin 123 5 3 1 2 Delete user Delete an existing user CLI Syntax delete user user name Example ASUS delete user admin 5 3 2 Backup and Restore 5 3 2 1 Backup start up configuration file Backup the start up configuration file Quagga conf of the switch to TFTP server CLI Syntax copy startup config tftp URL Example ASUS copy start...
Page 80: ...erminal Use the write configuration command on the switch to configuration CLI Syntax configure terminal Example ASUS configure terminal 5 3 3 3 enable Entering enable mode and turn on privileged mode command CLI Syntax enable Example ASUS enable 5 3 3 4 disable Turning off privileged mode and back to user mode CLI Syntax disable Example ASUS disable 5 3 3 5 end This command let user end current mode ...
Page 81: ...the detail information of contact about the switch This is an RFC 1213 defined MIB object in System Group and provides contact information on the managed node CLI Syntax snmp server contact DWORD Example config snmp server contact fae loop com tw If you put the contact description in the contact description field the switch contact will change to the new one 5 3 3 10 System Location Displays the phy...
Page 82: ... 20 121 24 5 3 3 12 Default Gateway Displays the IP address of the default gateway This field is necessary if the switch network contains one or more routers CLI Syntax ip route A B C D M A B C D INTERFACE Example config ip route 0 0 0 0 0 192 168 1 2 5 3 3 13 reboot Use this command to reboot the system CLI Syntax reboot Example reboot 5 3 3 14 reload default config file Use this command to copy a d...
Page 83: ...RD Example delete user tony 5 3 4 Physical interface commands 5 3 4 1 Interface mode Use the auto negotiation configuration command on the switch to set auto negotiation status of the port CLI Syntax auto negotiation Example config interface gi1 0 2 config if auto negotiation This example shows how to use the auto negotiation configuration command on the switch to enable auto negotiation mode 5 3 4 2...
Page 84: ...terface status CLI Syntax show l2_interfaces IFNAME Example ASUS show l2_interface gi1 0 2 5 3 5 IP interface 5 3 5 1 show vlan name string Use the show vlan user EXEC command to display the parameters for all configured VLANs or one VLAN if the VLAN ID or name is specified on the switch CLI Syntax show vlan name string Example ASUS show vlan VLAN1 Note The vlan1 is for system purpose for example ...
Page 85: ...e Please keep in mind which you are configuring 5 3 5 5 ip helper address This command is used to enable the function of DHCP relay for specific interface CLI Syntax ip helper address A B C D Example config if ip helper address 192 168 1 180 5 3 5 6 ip ospf This command is used to setup OSPF interface parameters CLI Syntax ip ospf Example config if ip ospf 5 3 5 7 ip pim This command is used to setup ...
Page 86: ... 3 version RIP can be configured to process either Version 1 or Version 2 packets the default mode is Version 2 CLI Syntax version 1 2 Example config router version 1 5 3 6 4 network Set the RIP enable interface by network The interfaces which have addresses matching with network are enabled CLI Syntax network A B C D M Example config router network 35 0 0 0 8 5 3 7 OSPF 5 3 7 1 router ospf Enable o...
Page 87: ...ting PIM DM 5 3 9 VRRP Enable or disable the function of VRRP for specific IP interface CLI Syntax standby VRID 1 255 ip a b c d m Example config if standby 1 ip 192 168 1 1 24 5 3 10 Spanning Tree 5 3 10 1 clear spanning tree counters Use the clear spanning tree counters configuration command on the switch to clear spanning tree statistics CLI Syntax clear spanning tree counters Example ASUS clear s...
Page 88: ...e aggregation link trunk group configuration command on the switch to configure trunk aggregation group CLI Syntax aggregation link trunk STACKID group 1 32 PORTLIST Example ASUS aggregation link runk 1 group 1 1 2 5 3 11 2 trunk load balancing Use the aggregation link trunk group configuration command on the switch to configure trunk load balancing by using source based or destination based forwardi...
Page 89: ...1 set group 1 1 2 5 3 12 3 disable lacp aggregation link trunk This command sets the Link Aggregation Control Protocol LACP operation add set or disable for the trunk group ports on the switch CLI Syntax lacp aggregation link trunk STACKID disable 1 12 Example ASUS lacp aggregation link trunk 1 disable 2 5 3 12 4 lacp port priority This command sets the port priority for the Link Aggregation Contr...
Page 90: ...r To show current mirror features CLI Syntax Show mirror Example ASUS show mirror 5 3 13 4 no mirror This command resets the source interfacesʼ received or transmitted traffic or both the destination interface CLI Syntax no mirror SRCIFLIST rx tx both Example config no mirror gi1 0 1 gi1 0 4 rx 5 3 14 Static Multicast 5 3 14 1 mac address table multicast Use the ac address table multicast configurat...
Page 91: ...ll VLANs Use the command in privileged EXEC mode to display specific multicast entries CLI Syntax show mac address table multicast Example ASUS show mac address table multicast 5 3 15 IGMP Snooping 5 3 15 1 default ip igmp snooping This command sets ip igmp snooping feature to default CLI Syntax default ip igmp snooping Example config default ip igmp snooping 5 3 15 2 ip igmp snooping This command s...
Page 92: ... used by broadcast dlf multicast CLI Syntax show storm control IFNAME broadcast dlf multicast Example ASUS show storm control gi1 0 1 broadcast 5 3 17 Dynamic Addresses 5 3 17 1 clear dynamic mac address Use the write configuration command on the switch stack or standalone switch to clear dynamic L2 MAC addresses in the database CLI Syntax clear mac address table dynamic address MAC_ADDR Example co...
Page 93: ... table The MAC address added by this way will not age out from the address table We call it static address CLI Syntax mac address table static MAC_ADDR vlan VLANID interface IFNAME Example config mac address table static 0000 1111 2222 1 gi1 0 2 5 3 18 2 show mac address table It shows static and dynamic mac address CLI Syntax show mac address table Example ASUS show mac address table 5 3 19 VLAN 5...
Page 94: ...ce fa1 0 2 config if switchport access vlan 1 5 3 19 5 allowed VLANs Use the switchport trunk allowed vlan configuration command on the switch to add or remove the allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode CLI Syntax switchport trunk allowed vlan add remove VLANLIST Example config interface fa1 0 2 config if switchport trunk allowed vlan a...
Page 95: ...ration IFNAME status CLI Syntax show gvrp configuration IFNAME Example ASUS show gvrp configuration gi1 0 1 5 3 20 5 show gvrp statistics To show gvrp statistics IFNAME status CLI Syntax show gvrp statistics IFNAME Example ASUS show gvrp statistics gi1 0 1 5 3 21 CoS QoS 5 3 21 1 queue cos map Use the queue cos map configuration command on the switch to set which Cos queue a given priority should map...
Page 96: ...coming packets CLI Syntax qos egress bandwidth LIMIT_RATE BURST_RATE Example config int gi1 0 2 config if qos egress bandwidth 100 10 5 3 22 SNMP 5 3 22 1 show rmon statistics To show rmon statistics IFNAME status CLI Syntax show rmon statistics IFNAME Example ASUS show rmon statistics gi1 0 1 5 3 22 2 show snmp server community To show snmp server community CLI Syntax show snmp server community Exa...
Page 97: ...nfiguration mode CLI Syntax mac access list extended WORD Example config mac access list extended mac_acl_1 5 3 23 3 filter conditions This command specify one or more conditions denied or permitted to decide if the packet is forwarded or dropped CLI Syntax permit deny any any Example config permit any any 5 3 23 4 filter attach This command is used to assign filter rule for specific port CLI Syntax mac ...
Page 98: ... Use the dot1x initialize privileged EXEC command on the switch to manually return the specified 802 1X enabled interface to an unauthorized state before initiating a new authentication session on the interface CLI Syntax dot1x initialize interface IFNAME Example config dot1x initialize interface gi1 0 1 5 3 24 5 dot1x max req Use the dot1x max req interface configuration command on the switch to set...
Page 99: ...sword Add user into local radius database CLI Syntax dot1x username WORD password WORD Example config dot1x username test password 12345 5 3 25 2 show dot1x user Show dot1x dial in user CLI Syntax show dot1x username Example ASUS show dot1x test 5 3 26 RADIUS 5 3 26 1 RADIUS settings This command sets the radius server ip radius key and radius port for 802 1X configuration CLI Syntax dot1x radius se...
Page 100: ...LI Syntax clear port security dynamic address MAC interface IFNAME Example ASUS clear port security dynamic ASUS clear port security dynamic address 0023 1313 2313 ASUS clear port security dynamic interface gi1 0 1 5 3 27 3 switchport port security This command used to set the port security configuration and MAC addresses CLI Syntax switchport port security mac address MAC maximum VALUE violation p...
Page 101: ...config if switchport port security aging time 20 config if switchport port security aging type absolute 5 4 Miscellaneous commands show monitor shows the environment variable like temperature fan speed and voltage show sysleds shows the three system LEDS SYSTEM RPS and FAN show modelname shows the model name of switch show version shows the hardware boot rom and firmware version ping ping remote host...
Page 102: ...ot fifty six dot zero dot two eleven 6 1 1 Structure of an IP address IP addresses have a hierarchical design similar to that of telephone numbers For example a 7 digit telephone number starts with a 3 digit prefix that identifies a group of thousands of telephone lines and ends with four digits that identify one specific line in that group Similarly IP addresses contain two kinds of information Netwo...
Page 103: ...uch as a business or government agency Class C networks are the smallest only able to hold 254 hosts at most but the total possible number of class C networks exceeds 2 million 2 097 152 to be exact LANs connected to the Internet are usually class C networks Some important notes regarding IP addresses The class can be determined easily from field1 field1 1 126 Class A field1 128 191 Class B field1 192...
Page 104: ...he remaining 7 bits in field4 for its host IDs which range from 0 to 127 instead of the usual 0 to 255 for a class C address Similarly to split a class C network into four subnets the mask is 255 255 255 192 or 11111111 11111111 11111111 11000000 The two extra bits in Field 4 can have four values 00 01 10 11 so there are four subnets Each subnet uses the remaining six bits in field4 for its host IDs...
Page 105: ...et A ping command sends a message to the computer that you specify If the computer receives the message it sends messages in reply To use it you must know the IP address of the computer with which you are trying to communicate On Windows based computers you can execute a ping command from the Start menu Click the Start button and then click Run In the Open text box type a statement such as the fol...
Page 106: ...can use the nslookup command to determine the IP address associated with an Internet site name You specify the common name and the nslookup command looks up the name on your DNS server usually located with your ISP If that name is not an entry in your ISPʼs DNS table the request is then referred to another higher level server and so on until the entry is found The server then returns the associate...
Page 107: ...urn off the power of the switch when you remove the fan module on the rear side of the switch When any one of the switch fans located on the rear panel becomes defective you can easily replace it following these steps Unlock the fan module by loosening the thumbscrew that secures it to the rear panel Figure 75 Loosening the thumbscrew Carefully pull the module out as shown Figure 76 Removing the f...
Page 108: ...an cables are connected to the correct fan connector FAN 1 is on the left side when you are facing the rear panel Insert the fan module to the switch chassis until it fits in place Make sure that the fan power cables are not caught between the fan module and chassis Secure the fan module to the chassis with the thumbscrew Check around the fan module to make sure no cable is caught between the chass...
Page 109: ... switch hub PC and to the switch Make sure the PC and or hub switch is turned on 2 Verify if your cable is sufficient for your network requirements A 1000 Mbps network 1000BaseTx should use cables labeled Cat 5 10Mbit sec cables may tolerate lower quality cables Network Access PC cannot access another host in the same network 1 Check the Ethernet cabling is good and the LED is green 2 If the port L...
Page 110: ...e using Internet Explorer v6 0 or later 2 Ping the switch IP address to see if the link is stable If some ping packets fail check your network setup to make sure a valid setting Changes to Configuration are not being retained Be sure to click on Save button in the Save Configuration page to save any changes Console Interface Cannot show the texts on the terminal emulator 1 The factory default baud ...
Page 111: ...240 is 1101000 1 10111111 00000100 11110000 in binary See also bit IP address network mask bit Short for binary digit a bit is a number that can have two values 0 or 1 See also binary bps bits per second CoS Class of Service Defined in 802 1Q the value range is from 0 to 7 broadcast To send data to all computers on a network download To transfer data in the downstream direction i e from the Interne...
Page 112: ...the others Multicasting to an IGMP group can be used to simultaneously update the address books of a group of mobile computer users or to send company newsletters to a distribution list IGMP Snooping Snoop the IGMP packets on each port and associate the port with a layer 2 muticast group Internet The global collection of interconnected networks used for both private and business communications int...
Page 113: ...d Roving Analysis allow you to attach a network analyzer to one port and use it to monitor the traffics of other ports on the switch network A group of computers that are connected together allowing them to communicate with each other and share resources such as software files etc A network can be small such as a LAN or very large such as the Internet network mask A network mask is a sequence of bit...
Page 114: ...s in to the companyʼs intranet is a remote user RJ 45 Registered Jack Standard 45 The 8 pin plug used in transmitting data over phone lines Ethernet cabling usually uses this type of connector RMON Remote Monitoring Extensions to SNMP provide comprehensive network monitoring capabilities routing Forwarding data between your network and the Internet on the most efficient route based on the dataʼs de...
Page 115: ... transfers TFTP is easier to use than File Transfer Protocol FTP but not as capable or secure Trunk Two or more ports are combined as one virtual port also called as Link Aggregation TTL Time To Live A field in an IP packet that limits the life span of that packet Originally meant as a time duration the TTL is usually represented instead as a maximum hop count each router that receives a packet de...
Page 116: ...Microsoft Internet Explorer See also HTTP web site WWW Web page A web site file typically containing text graphics and hyperlinks cross references to the other pages on that web site as well as to pages on other web sites When a user accesses a web site the first page that is displayed is called the home page See also hyperlink web site Web site A computer on the Internet that distributes informati...
Page 117: ...er pages 50 Filter set 50 Filtering rule 98 Firmware upgrade page 20 FTP 99 Hardware connections 9 Historical status page 61 Host 99 Host ID 89 90 Host table page 46 HTTP 99 ICMP 99 IGMP 99 IGMP Snooping 99 IGMP snooping page 28 Internet 99 troubleshooting access to 96 Intranet 99 IP addresses 99 explained 89 ISP 100 LAN 100 LEDs 100 troubleshooting 96 Link aggregation page 24 Login and logout 65 ...
Page 118: ...page 62 SNMP 101 SNMP pages 46 47 Spanning tree page 21 22 Static address page 31 Static multicast page 28 Statistics chart pages 60 61 STP 101 Subnet 101 Subnet mask See Network mask Subnet masks 90 System commands 67 68 69 70 Tagged VLAN page 33 TCP IP 102 Telnet 102 TFTP 102 Traffic comparison page 60 90 Traffic control page 30 Trap setting page 47 Troubleshooting 96 Trunk 102 TTL 102 Twisted pai...
