Cisco Linksys SFE2000 Administration Manual Download Page 58

Page: 58 / 410

Configuring Device Security

Defining Authentication

Cisco Small Business SFE/SGE Managed Switches Administration Guide

•

Secure HTTP — Configures the device Secure HTTP settings.

Optional Methods

— Lists available authentication methods.

Local

— Authenticates the user at the device level. The device checks

the user name and password for authentication. No authentication
method can be added under

Local

RADIUS

—

Remote Authorization Dial-In User Service

(RADIUS)

servers provide additional security for networks.

—

Terminal Access Controller Access Control System

() provides centralized security user access validation.

None

— Indicates that no authentication method is used to authenticate

the device. No authentication method can be added under

None

Selected Methods

— Selects authentication methods from the methods

offered in the Optional methods area.

•

HTTP — Configures the device HTTP settings.

Optional Methods

— Lists available authentication methods.

Local

— Authenticates the user at the device level. The device checks

the user name and password for authentication. No authentication
method can be added under

Local

RADIUS

—

Remote Authorization Dial-In User Service

(RADIUS)

servers provide additional security for networks.

—

Terminal Access Controller Access Control System

() provides centralized security user access validation.

None

— Indicates that no authentication method is used to authenticate

the device. No authentication method can be added under

None

Selected Methods

— Selects authentication methods from the methods

offered in the Optional methods area.

STEP 2

Define the relevant fields.

STEP 3

Click Apply. The authentication profile is defined, the device is updated.

Summary of Contents for Linksys SFE2000

Page 1: ...Cisco Small Business SFE SGE Managed Switches ADMINISTRATION GUIDE ...

Page 2: ... id i Z jbVc CZildg VgZ igVYZbVg h0 8 Vc c i Z LVn LZ Ldg A kZ EaVn VcY AZVgc VcY 8 hXd HidgZ VgZ hZgk XZ bVg h0 VcY 6XXZhh GZ higVg 6 gdcZi 6hncXDH 7g c c i Z BZZi c Id Ndj 8ViVanhi 8896 889E 88 88 E 88C6 88CE 88HE 88KE 8 hXd i Z 8 hXd 8Zgi ZY ciZgcZildg meZgi ad d 8 hXd DH 8 hXd EgZhh 8 hXd HnhiZbh 8 hXd HnhiZbh 8Ve iVa i Z 8 hXd HnhiZbh ad d 8 hXd Jc in 8daaVWdgVi dc L i dji A b iVi dc i Zg Vhi...

Page 3: ...on 7 Logging Off of the Device 7 The About Page 7 Chapter 2 Managing Device Information 9 Defining System Information 9 Managing Stacking 11 Understanding Switch Operating Modes 11 Configuring a Stack 12 Stack Membership 14 Defining Stacking Unit ID 15 Adding Replacing and Removing Stacking Members Examples 21 Managing Stacks 23 Viewing Device Health 25 Resetting the Device 26 Defining Bonjour 27 ...

Page 4: ...ning RADIUS 55 Defining Access Methods 60 Defining Access Profiles 61 Defining Profile Rules 65 Defining Traffic Control 72 Defining Storm Control 73 Defining Port Security 76 Defining 802 1X 80 Defining 802 1X Properties 81 Defining Port Authentication 82 Defining Authentication 87 Defining Authenticated Hosts 91 Defining Access Control 92 Defining MAC Based ACL 92 Defining IP Based ACL 100 Defin...

Page 5: ...tion VLAN Settings 148 Chapter 5 Configuring Ports 151 Configuring Ports Settings for Layer 2 Enabled Devices 151 Configuring Ports Settings for Layer 3 Enabled Devices 157 157 Chapter 6 Configuring VLANs 163 Defining VLAN Properties 164 Modifying VLANs 166 Defining VLAN Membership 167 Modifying VLAN Membership 169 Assigning Ports to Multiple VLANs 170 Defining GVRP Settings 173 Modifying GVRP Set...

Page 6: ... 210 Defining DHCP Relay Layer 2 212 Defining DHCP Relay Interfaces 214 Defining DHCP Relay Layer 3 216 ARP 218 Defining IP Routing 221 Domain Name System 224 Defining DNS Servers 224 Mapping DNS Hosts 226 Chapter 8 Defining Address Tables 230 Defining Static Addresses 230 Defining Dynamic Addresses 233 Chapter 9 Configuring Multicast Forwarding 235 IGMP Snooping 235 Modifying IGMP Snooping 237 De...

Page 7: ...anning Tree 263 Defining MSTP Properties 263 Defining MSTP Instance to VLAN 265 Defining MSTP Instance Settings 266 Defining MSTP Interface Settings 267 Chapter 11 Configuring Quality of Service 273 Defining General Settings 274 Defining CoS 274 Defining QoS Queue 276 Mapping CoS to Queue 278 Mapping DSCP to Queue 279 Configuring Bandwidth 280 Configuring VLAN Rate Limit 282 Defining Advanced QoS ...

Page 8: ...ng Station Management 320 Defining SNMP Filter Settings 327 Chapter 13 Managing System Files 329 Firmware Upgrade 330 Save Configuration 331 Copy Files 333 Active Image 335 Chapter 14 Managing Power over Ethernet Devices 336 Defining PoE Settings 336 Chapter 15 Managing Device Diagnostics 340 Viewing Integrated Cable Tests 340 Performing Optical Tests 344 Configuring Port Mirroring 345 Modifying P...

Page 9: ...atistics 365 Viewing EAP Statistics 367 Managing RMON Statistics 369 Viewing RMON Statistics 370 Resetting RMON Statistics Counters 372 Configuring RMON History 372 Defining RMON History Control 372 Viewing the RMON History Table 375 Defining RMON Events Control 377 Viewing the RMON Events Logs 380 Defining RMON Alarms 381 Managing QoS Statistics 387 Viewing Policer Statistics 387 Viewing Aggregat...

Page 10: ...face and includes the following topics Starting the Application Understanding the Interface Using the Cisco Management Buttons Using Screen and Table Options Logging Off of the Device The About Page Starting the Application To open the User Interface STEP 1 Open a web browser STEP 2 Enter the device s IP address in the address bar and press Enter An Enter Network Password Page opens ...

Page 11: ...fields are empty Enter a Username and Password and click Log In The default user name is admin The default password is admin Passwords are alpha numeric and case sensitive While the system is verifying the login attempt the Login Progress Indicator appears The indicator dots rotate clockwise to indicate that the system is still working If the login attempt is successful the System Information Page...

Page 12: ...the following message appears Invalid Username or Password Please try again If the login attempt fails due to another problem one of the following error messages appears Login failed since too many users are logged in Login failed due to PC configuration problems There is no response from the server Understanding the Interface The Interface Components Page displays the interface components with th...

Page 13: ...ew provides easy navigation through the configurable device features The main branches expand to provide the subfeatures 2 Device View The device view provides information about device ports current configuration and status table information and feature components The device view also displays other device information and dialog boxes for configuring parameters 3 Device Information Area The Device...

Page 14: ...topics Adding Device Information Modifying Device Information Deleting Device Information Adding Device Information User defined information can be added to specific interface pages by opening a new Add page To add information to tables or interface pages STEP 1 Open an interface page STEP 2 Click the Add button An add page opens for example the Add SNTP Server Page Device Management Buttons Butto...

Page 15: ...ly The configuration information is saved and the device is updated Modifying Device Information STEP 1 Open the interface page STEP 2 Select a table entry STEP 3 Click the Edit Button A Modify page opens for example the Edit RMON Events Page opens Edit RMON Events Page STEP 4 Define the fields STEP 5 Click Apply The fields are modified and the information is saved to the device ...

Page 16: ...ed You have been logged out as a result of being inactive for 10 minutes Use the fields to login The Enter Network Password Page opens and after login the application returns to the System Information Page In all logout instances a message is displayed on the Enter Network Password Page to indicate the logged out state To intentionally log out click Logout in the top right corner of any screen The...

Page 17: ...Getting Started The About Page Cisco Small Business SFE SGE Managed Switches Administration Guide 8 1 The About Page ...

Page 18: ...rmation for defining both basic and advanced system information This section contains the following topics Defining System Information Managing Stacks Viewing Device Health Resetting the Device Defining Bonjour TCAM Utilization Defining System Information The System Information Page contains parameters for configuring general device information To open the System Information Page ...

Page 19: ...ocation where the system is currently running The field range is up to 0 160 characters System Contact Defines the name of the contact person The field range is up to 0 160 characters System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity System Up Time Displays the amount of time that has elapsed since the last device reset ...

Page 20: ...he possible field values are Standalone Indicates the device operates as a stand alone device after the system is reset Stack Indicates the device operates as a Stacked unit after the system is reset Managing Stacking This section contains information for understanding and configuring stacking Configuring a Stack Stack Membership Defining Stacking Unit ID Adding Replacing and Removing Stacking Mem...

Page 21: ...t operating in Stacking mode which is not connected to any other units may operate as a stack of one The following device ports of each unit in a stack mode are reserved as stacking links and cannot be used for regular network connections SFE2000 Default stacking ports G1 G2 Configurable stacking port G3 GBIC 1 G4 GBIC 2 SGE2000 Default stacking ports 12 GBIC 3 24 GBIC 4 SFE2010 Default stacking p...

Page 22: ... units are either shut down or reset to Unit ID 0 by the Master unit Automatic Unit ID Assignment The Master unit applies automatic numbering to units with Unit ID 0 These units include new factory units units reset to factory default mode by the system administrator pressing the reset button on the switch or units automatically reset to Unit ID 0 by the Master unit during Unit ID Conflict Resolut...

Page 23: ...e and port number which is part of both the configuration commands and the configuration files Configuration files are managed only from the Master unit This includes Saving to the FLASH Uploading Configuration files to an external TFTP Server Downloading Configuration files from an external TFTP Server The Backup Master is a stacking member that receives a copy of the Stacking Master Configuratio...

Page 24: ...n the following order Unit 3 Unit 5 Unit 1 Unit 4 Unit 2 It is recommended that a stack of new factory default switches be initially configured in the automatic mode This ensures that a group of factory delivered switches can be easily configured as a stack After the initial setup of the stack the Unit ID mode for a stack member may be changed Master enabled Units and Force Master Unit 1 and Unit ...

Page 25: ...or units with Unit ID 0 proceeds as follows A Unit ID is assigned from the available valid unique Unit IDs starting with the lowest available Unit ID If two or more units are queued to receive Unit IDs the units are assigned Unit IDs starting with the unit with the lowest MAC address Manual Unit ID Assignment The system administrator can assign a specific valid Unit ID to a stack member manually A...

Page 26: ...ually configure all the ports of the new Unit 3 Unit ID Conflict Resolution If two or more stacking members have the same valid Unit ID the Master attempts to resolve the conflict by awarding the contested Unit ID to one of the units For stacking members that are not granted the unit ID the Stacking Master either Automatically resets the Unit ID to 0 The Stacking members become eligible to be reas...

Page 27: ...re contending for the same Unit ID the Master decides as follows If one unit is manually numbered and the other unit is automatically numbered the manually numbered unit retains its Unit ID and the automatically numbered unit is reset to Unit ID 0 If both units are automatically numbered the unit with the lower MAC address retains its Unit ID and the other unit is reset to Unit ID 0 If both units ...

Page 28: ... effectively shut down The stack remains in this inoperable state until either a new Master enabled unit is connected to the stack or a current stack unit is manually reset to factory default mode by pressing the reset switch on the front panel of the switch and holding it down for at least ten seconds Master Election Selection Rules If there are two or more candidates for Master Election the Stac...

Page 29: ...s the Master Election becomes the Master unit If there is a single runner up unit that unit becomes the Backup unit If there is a tie for the runner up position then the tie is resolved by applying the Unit ID Conflict Resolution rules Recommended Procedures for Building a Stack To avoid possible Unit ID conflicts and device shutdowns Cisco recommends that the following procedures be adopted when ...

Page 30: ...Election However after being assigned to be Unit 1 it becomes a Master enabled unit and will be a candidate in the next Master Election For instance if the stack is reset it will win the Master Election and become the Master unit while the present Master unit Unit 2 will become the Backup unit Removing or replacing stack members incorrectly may result in an inoperable unit or stack as illustrated ...

Page 31: ...been reset the Master unit retains the original stack configuration file Also Unit 4 retains its stacking configuration information when its mode is changed from Stack to stand alone and restores that information when returning to Stack mode A stack is initially configured and all units are manually numbered The units are connected in a chain topology as follows Unit 2 Unit 5 Unit 1 Unit 3 Unit 4 ...

Page 32: ...pology as follows Unit 8 Unit 5 Unit 1 Unit 3 Unit 4 Unit 6 Unit 7 Unit 2 Unit 1 is the Master and Unit 2 is the Backup Unit 3 fails What happens The failure of Unit 3 disconnects Units 4 6 7 and 2 from the Master unit Backup Unit 2 senses the loss of the Master and automatically becomes the Master of a stack comprised of Units 2 4 6 and 7 Unit 1 remains the Master of the now reduced stack consist...

Page 33: ...master is selected automatically by software Force Master The unit is forced to be master of the stack Note that only Unit 1 or Unit 2 can be the stack master Unit No Displays the stacking member unit number for which the stacking parameters are displayed Model Name Displays the model name of ports supported by the system Unit No After Reset Indicates the new unit number of the stacking member aft...

Page 34: ...ealth Page opens Health Page The Health Page contains the following fields Unit No Indicates the number of stack member for which the device information is displayed Power Supply Status Displays the power supply status The internal power supply is displayed as PS in the interface while the redundant power supply is displayed as RPS If the status is displayed as Not Present this indicates that a re...

Page 35: ...g the device This prevents the current device configuration from being lost If a Master unit and or a backup Master unit is removed from the stack and the user wishes to configure one of the member units Units 3 8 to be a backup Master the user must reset the unit and configure a new unit number to stack using the Unit number selection process The following resets the device Restart Reboot Resets ...

Page 36: ...etworks Bonjour s multicast Domain Name System mDNS service allows the device to publish device services by sending and receiving UDP packets only to the following multicast address 224 0 0 251 and to port number 5353 The Bonjour Page contains information for enabling disabling Bonjour on the device specifying a Service Type and the related port used for publishing devices over the network A Servi...

Page 37: ...isco specific Service Type HTTP HTTPS and Other Other allows for additional Service Types to be added manually To define Bonjour STEP 1 Click System Admin Bonjour The Bonjour Page opens Bonjour Page The Bonjour Page contains the following fields Bonjour State Enables Bonjour thereby allowing the Switch to publish device services via Bonjour using the mDNS service The possible field values are Enab...

Page 38: ...tent served over HTTP HTTPS Specifies the Service Type selected is secured HTTP which is published using the default http TCP port 443 Other Indicates a user defined Service Type to be added Service Type Displays the selected Service Type defined in the Service Type field Port Defines the selected port used for the relevant Service Type The port number for _csbdp HTTP and HTTPS Service Types are p...

Page 39: ...ules that may be allocated by all applications on the device is 1024 Some applications allocate rules upon their initiation Additionally applications that initialize during system boot use some of their rules during the startup process The following table lists all applications that can allocate TCAM rules Each allocation has its specific allocation policy ...

Page 40: ... LAG Feature is activated by default Allocation done only during initialization IP Subnet VLAN Port 0 255 2 or 4 Rules are duplicated for both IP and MAC based VLANs Protocol Based VLAN Port 0 No limit 1 or 2 Rules are duplicated for both IP and MAC based VLANs MAC Based VLAN Port 0 432 1 or 2 Rules are duplicated for both IP and MAC based VLANs DHCP Snooping Device 2 device No limit 8 TCAM entrie...

Page 41: ...tches Administration Guide 32 2 TCAM Utilization Page The TCAM Utilization Page contains the following fields TCAM Utilization Indicates the percentage of the available TCAM resources which are used For example if more ACLs and policy maps are defined the system uses more TCAM resources ...

Page 42: ...d cannot provide time services to other systems This section provides information for configuring the system time and includes the following topics Defining System Time Defining SNTP Settings Defining SNTP Authentication Defining System Time The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock If the system time is k...

Page 43: ...e system date The field format is for example Local Time Indicates the system time The field format is HH MM SS for example 21 15 03 Time Zone Offset Indicates the difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 while the local time in New York is GMT 5 There are two types of daylight settings either by a specific date in a particular y...

Page 44: ...t DST ends in countries other than USA or Europe in the format in one field and time in another For example DST ends on the 23rd March 2008 12 00 am the two fields will be 23Mar08 and 12 00 Recurring Select if the DST period in countries other than USA or European is constant from year to year The possible field values are From Indicates the day and time that DST begins each year For example DST b...

Page 45: ...eld range is Jan Dec Time The time at which DST ends every year The field format is Hour Minute for example 05 30 STEP 2 Define the relevant fields STEP 3 Click Apply The Time Settings are defined and the device is updated Defining SNTP Settings The SNTP Settings Page contains information for enabling SNTP servers as well as adding new SNTP servers In addition the SNTP Settings Page enables the de...

Page 46: ...dress Up to eight SNTP servers can be defined Poll Interval Defines the interval in seconds at which the SNTP server is polled for system time information By default the poll interval is 1024 seconds Encryption Key ID Indicates the Key Identification used to communicate between the SNTP server and device The range is 1 4294967295 Preference The SNTP server providing SNTP system time information Th...

Page 47: ...e sntp client is currently looking for sntp server Last Response Indicates the last time a response was received from the SNTP server Offset Indicates the difference in minutes between DST and the local standard time The default time is 60 minutes Delay Indicates the amount of time it takes to reach the SNTP server STEP 2 Click the Add button The Add SNTP Server Page opens Add SNTP Server Page The...

Page 48: ...P Server is added and the device is updated Defining SNTP Authentication The SNTP Authentication Page provides parameters for performing authentication of the SNTP server STEP 1 Click System System Management Time SNTP Authentication The SNTP Authentication Page opens SNTP Authentication Page The SNTP Authentication Page contains the following fields Enable SNTP Authentication Indicates if authent...

Page 49: ...Indicates the encryption key used Unicast Anycast or elected Broadcast to authenticate the SNTP server STEP 2 Click the Add button The Add SNTP Authentication Page opens Add SNTP Authentication Page The Add SNTP Authentication Page contains the following fields Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 chara...

Page 50: ...ing Access Methods Defining Traffic Control Defining 802 1X Defining Access Control Defining DoS Prevention Defining DHCP Snooping Defining Dynamic ARP Inspection Passwords Management This section contains information for defining passwords Passwords are used to authenticate users accessing the device By default a single user name is defined admin with the password admin An additional user name pa...

Page 51: ...swords Management User Authentication The User Authentication Page opens User Authentication Page The User Authentication Page contains the following fields User Name Displays the user name STEP 2 Click the Add button The Add Local User Page opens Add Local User Page The Add Local User Page contains the following fields User Name Displays the user name ...

Page 52: ...lected Profile Name Modifying the Local User Settings STEP 1 Click Security Suite Passwords Management User Authentication The User Authentication Page opens STEP 2 Click the Edit Button The Edit Local User Page opens Edit Local User Page The Edit Local User Page contains the following fields User Name Displays the user name Password Specifies the new password The password is not displayed As it e...

Page 53: ... Defining TACACS Defining RADIUS Defining Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication User authentication can be performed locally or on an external server User authentication occurs in the order the methods are selected If the first authentication method is not available the next selected method is used For example if the ...

Page 54: ...entication method order is RADIUS Local the system first attempts to authenticate the user on a RADIUS server If there is no available RADIUS server then authentication is attempted on the local data base Note that if the RADIUS server is available but authentication fails then the user is denied access The possible field values are Local Authenticates the user at the device level The device check...

Page 55: ... attempts to authenticate the user on a RADIUS server If there is no available RADIUS server then authentication is attempted on the local data base Note that if the RADIUS server is available but authentication fails then the user is denied access The possible field values are Local Authenticates the user at the device level The device checks the user name and password for authentication No optio...

Page 56: ...ntains the following fields Profile Name Displays the Authentication profile name Authentication Methods Defines the user authentication methods The possible field values are Local Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server None Indic...

Page 57: ...e selected is the order by which the authentication methods are used The Mapping Profiles Page contains parameters for mapping authentication methods To map authentication profiles STEP 1 Click Security Suite Authentication Mapping Profiles The Mapping Profiles Page opens Mapping Profiles Page The Mapping Profiles Page contains the following fields Console Indicates that Authentication profiles ar...

Page 58: ... under None Selected Methods Selects authentication methods from the methods offered in the Optional methods area HTTP Configures the device HTTP settings Optional Methods Lists available authentication methods Local Authenticates the user at the device level The device checks the user name and password for authentication No authentication method can be added under Local RADIUS Remote Authorizatio...

Page 59: ... login and via user names and user defined passwords Authorization Performed at login Once the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS server The TACACS default parameters are user...

Page 60: ...tion key for TACACS server The key must match the encryption key used on the TACACS server Timeout for Reply Displays the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds The following parameters are configured for each TACACS server Host IP Address Displays the TACACS Server IP address Priority Displays the order i...

Page 61: ...ield values are Connected Indicates there is currently a connection between the device and the TACACS server Not Connected Indicates there is no current connection between the device and the TACACS server STEP 2 Click the Add button The Add TACACS Server Page opens Add TACACS Server Page The Add TACACS Server Page contains the following fields Host IPv4 Address Defines the TACACS Server IP address...

Page 62: ...ue is used which is an empty string Authentication Port Defines the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Defines the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds User Defined Allows the user to define the Timeout for Reply value Use Default Uses the default...

Page 63: ...ption key used on the TACACS server Authentication Port Defines the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Defines the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Status Displays the connection status between the device and the TACACS server The possible fie...

Page 64: ...on method for web access The default parameters are user defined and are applied to newly defined RADIUS servers If new default parameters are not defined the system default values are applied to newly defined RADIUS servers To define RADIUS STEP 1 Click Security Suite Authentication RADIUS The RADIUS Page opens RADIUS Page The RADIUS Page contains the following fields Radius Accounting Defines th...

Page 65: ...IP addresses Priority Indicates the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Source IP Address Displays the Authentication port s IP address Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port...

Page 66: ...s that the RADIUS server is used for authenticating user name and passwords 802 1X Indicates that the RADIUS server is used for 802 1X authentication All Indicates that the RADIUS server is used for authenticating user name and passwords and 802 1X port authentication STEP 2 Click the Add button The Add RADIUS Server Page opens Add RADIUS Server Page The Add RADIUS Server Page contains the followi...

Page 67: ...sts sent to RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query or switching to the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time minutes that a RA...

Page 68: ... RADIUS Server Page The Edit RADIUS Server Page contains the following fields IP Address Defines the RADIUS Server IP address Priority Displays the server priority The possible values are 0 65535 where 1 is the highest value The RADIUS Server priority is used to configure the server query order Source IP Address Defines the source IP address that is used for communication with RADIUS servers Authe...

Page 69: ...es Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login Indicates that the RADIUS server is used for authenticating user name and passwords 8...

Page 70: ...he device management methods include All Telnet Secure Telnet SSH HTTP Secure HTTP HTTPS SNMP Management access to different management methods may differ between user groups For example User Group 1 can access the switch module only via an HTTPS session while User Group 2 can access the switch module via both HTTPS and Telnet sessions The Access Profile Page contains the currently configured acce...

Page 71: ... Access Profiles The Access Profiles Page opens Access Profiles Page The Access Profiles Page contains the following fields Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters Current Active Access Profile Defines the access profile currently active STEP 2 Click the Add button The Add Access Profile Page opens ...

Page 72: ...r communication on the same network only Global Unicast Indicates the IPv6 address is a global Unicast IPV6 type which is visible and reachable from different subnets Link Local Interface Displays the VLAN ID on which IPv6 is configured Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters Rule Priority Defines the rule priority When the packet...

Page 73: ...the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Interface Defines the interface on which the access profile is defined The possible field values are Port Specifies the port on which the access profile is defined LAG Specifies the LAG on which the access prof...

Page 74: ... and the device is updated Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the switch module and by which methods Users can also be blocked from accessing the device Rules are composed of filters including Rule Priority Interface Management Method IP Address Prefix Length Forwarding Action To define profile rules ...

Page 75: ...ups are either granted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis Interface Indicates the interface type to which the rule applies The possible field values are Port Attaches the rule to the selected port LAG Attaches the rule to the selected LAG VLAN Attaches the rule to the selected VLAN Mana...

Page 76: ...vice Secure HTTP SSL Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Source IP Address Defines the interface ...

Page 77: ... the IPv6 Type The possible field values are Link Local Indicates the IPv6 address is link local that uniquely identifies hosts on a single network link A Link local address has a prefix of FE80 The link local addresses are not routable and can be used for communication on the same network only Global Unicast Indicates the IPv6 address is a global Unicast IPV6 type which is visible and reachable f...

Page 78: ...ce using SNMP meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP SSL Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted...

Page 79: ...are Permit Permits access to the device Deny Denies access to the device This is the default STEP 3 Define the relevant fields STEP 4 Click Apply The profile rule is added and the device is updated Modifying Profile Rules STEP 1 Click Security Suite Access Method Profile Rules The Profile Rules Page opens STEP 2 Click the Edit button The Edit Profile Rule Page opens Edit Profile Rule Page The Edit...

Page 80: ...nted permission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field v...

Page 81: ...ile is defined Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Network Mask Determines what subnet the source IP Address belongs to in the network Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address Action Defines the actio...

Page 82: ...sages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm Control is enabled per port by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the f...

Page 83: ...lobits per second at which unknown packets are forwarded For FE ports the rate is 70 100 000 Kbps For GE ports the rate is 35 000 100 000 Kbps Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Unknown Unicast Multicast Broadcast Co...

Page 84: ...ssible field values are Unknown Unicast Multicast Broadcast Counts Unknown Unicast Broadcast and Multicast traffic together This option is available on GE ports only On FE devices this option can only be set globally for the device from the Storm Control Page Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Broadcast Rate Threshold Di...

Page 85: ...ort or learned on that port up to the point when it is locked When a packet is received on a locked port and the packet source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving at a locked port are either Forwarded Discarded with no trap Disc...

Page 86: ...e LAG number on which port security is configured Interface Displays the port or LAG name Interface Status Indicates the port security status The possible field values are Unlocked Indicates the port is currently unlocked This is the default value Locked Indicates the port is currently locked Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected i...

Page 87: ...tatus field In addition the Limited Dynamic Lock mode is selected The possible range is 1 128 The default is 1 Action Indicates the action to be applied to packets arriving on a locked port The possible field values are Discard Discards packets from any unlearned source This is the default value Forward Forwards packets from an unknown source without learning the MAC address Shutdown Discards pack...

Page 88: ...g Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field In order to change the Learning Mode the Lock Interface must be set to Unlocked Once the mode is changed the Lock Interface can be reinstated The possible field values are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked regardle...

Page 89: ...ctivated or until the device is reset Enable Trap Enables traps when a packet is received on a locked port The possible field values are Checked Enables traps Unchecked Disables traps Trap Frequency Displays the amount of time in seconds between traps The default value is 10 seconds STEP 3 Modify the relevant fields STEP 4 Click Apply Port security is modified and the device is updated Defining 80...

Page 90: ...llowing topics Defining 802 1X Properties Defining Port Authentication Defining Authentication Defining Authenticated Hosts Defining 802 1X Properties The 802 1X Properties Page provides parameters for enabling port authentication and selecting the authentication method To define port based authentication STEP 1 Click Security Suite 802 1X Properties The 802 1X Properties Page opens 802 1X Propert...

Page 91: ... the user at the RADIUS server None No authentication method is used to authenticate the port Guest VLAN Specifies whether the Guest VLAN is enabled on the device The possible field values are Checked Enables using a Guest VLAN for unauthorized ports If a Guest VLAN is enabled the unauthorized port automatically joins the VLAN selected in the VLAN List field Unchecked Disables use of a Guest VLAN ...

Page 92: ...configuration from the specified table entry To Entry Number s Assigns the copied port authentication configuration to the specified table entry Unit Number Displays the stacking member for which the port authentication parameters are displayed Port Displays the list of interfaces User Name Displays the user name Current Port Control Displays the current port authorization state Guest VLAN Display...

Page 93: ...that the switch remains in the quiet state following a failed authentication exchange Range 0 65535 Resending EAP Specifies the number of seconds that the switch waits for a response to an EAP request identity frame from the supplicant client before resending the request Max EAP Requests Indicates the total amount of EAP requests sent If a response is not received after the defined period the auth...

Page 94: ...s the port on which port based authentication is enabled User Name Displays the user name Current Port Control Displays the current port authorization state Admin Port Control Defines the admin port authorization state The possible field values are Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchan...

Page 95: ...on the device MAC Only If enabled causes the port to transition to the authorized or unauthorized state based on the supplicant s MAC address 802 1x MAC Enables 802 1x MAC Authentication on the device In the case of 802 1x MAC 802 1x takes precedence Enable Periodic Reauthentication Permits port reauthentication during the specified Reauthentication Period see below The possible field values are C...

Page 96: ...ount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays the number of seconds that lapses before EAP requests are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Specifies the number of seconds that lapses before the switch resends a requ...

Page 97: ...es the Host Authentication mode The possible field values are Single Only the authorized host can access the port Multiple Host Multiple hosts can be attached to a single 802 1x enabled port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all attached clients are denied access to the network Multi Session ...

Page 98: ... either not linked or is down The possible field values are Unauthorized Indicates that either the port control is Force Unauthorized and the port link is down or the port control is Auto but a client has not been authenticated via the port Force Authorized Indicates that the port control is Forced Authorized and clients have full port access Single host Lock Indicates that the port control is Aut...

Page 99: ...off message is received all attached clients are denied access to the network Multi Session Enables number of specific authorized hosts to get access to the port Filtering is based on the source MAC address Action on Violation Defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Discar...

Page 100: ... 4 Click Apply The settings are defined and the device is updated Defining Authenticated Hosts The Authenticated Hosts Page contains a list of authenticated users STEP 1 Click Security Suite 802 1X Authenticated Hosts The Authenticated Hosts Page opens Authenticated Hosts Page The Authenticated Hosts Page contains the following fields User Name Lists the supplicants that were authenticated and are...

Page 101: ...ntrol Lists ACL allow network managers to define classification actions and rules for specific ingress ports Your switch supports up to 256 ACLs Packets entering an ingress port with an active ACL are either admitted or denied entry If they are denied entry the user can disable the port ACLs are composed of Access Control Entries ACEs that are made of the filters that determine traffic classificat...

Page 102: ... ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 Source MAC Address Defines the source MAC address to match the ACE Source MAC Mask Defines the source MAC mask to match the ACE Destination MAC Address Defines the destination MAC address to match the ACE Destination MAC Mask Defines the destination MAC mask to the whic...

Page 103: ...ictions for forwarding Possible field values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Edit Interface Settings Page STEP 2 To remove an ACL click the Delete ACL button STEP 3 To remove an ACE rule click ...

Page 104: ...le the 2nd 4th and 6th octets are ignored Dest MAC Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Wildcard Mask Indicates the destination MAC Address wildcard mask Wildcards are used to mask all or part of a destination MAC Address Wildcard masks specify which octets are used and which octets are ignored A wildcard mask of ff ff ff ff ff ff indica...

Page 105: ...efine the relevant fields STEP 6 Click Apply The MAC Based ACL is defined and the device is updated Adding Rule to MAC Based ACL STEP 1 Select an existing ACL STEP 2 Click the Add Rule button The Add MAC Based Rule Page opens Add MAC Based Rule Page The Add MAC Based Rule Page contains the following fields ACL Name Displays the user defined MAC based ACLs New Rule Priority Indicates the ACE priori...

Page 106: ... MAC Address wildcard mask Wildcards are used to mask all or part of a destination MAC Address Wildcard masks specify which octets are used and which octets are ignored A wildcard mask of ff ff ff ff ff ff indicates that no octet is important A wildcard of 00 00 00 00 00 00 indicates that all the octets are important For example if the destination MAC address 09 00 07 A9 B2 EB and the wildcard mas...

Page 107: ...e contains the following fields ACL Name Displays the user defined MAC based ACLs Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Source MAC Address MAC Address Matches the source MAC address from which packets are addressed to the ACE Wildcard Mask Indicates the source MAC Address wildcard mask Wildcards are used to mask all or p...

Page 108: ... 00 00 00 indicates that all the octets are important For example if the destination IP address 09 00 07 A9 B2 EB and the wildcard mask is 00 ff 00 ff 00 ff the 1st 3rd and 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4095 Inner VLAN Matches the ACE to the inner VLAN ID of a...

Page 109: ...ge contains the following fields ACL Name Displays the user defined IP based ACLs Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol The possible field values are ICMP Internet Control Message Protocol ICMP The ICMP allows the gateway or destination host to communicate with the sou...

Page 110: ...rantee their delivery HMP Host Mapping Protocol HMP Collects network information from various networks hosts HMP monitors hosts spread over the internet as well as hosts in a single network RDP Remote Desktop Protocol RDP Allows a clients to communicate with the Terminal Server over the network IDPR Matches the packet to the Inter Domain Policy Routing IDPR protocol IPV6 Internet Routing Protocol ...

Page 111: ...ternative to source routing PIM Matches the packet to Protocol Independent Multicast PIM L2TP Matches the packet to Layer 2 Internet Protocol L2IP ISIS Intermediate System Intermediate System ISIS Distributes IP routing information throughout a single Autonomous System in IP networks ANY Matches the protocol to any protocol Source Port Defines the TCP UDP source port to which the ACE is matched Th...

Page 112: ...P Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The o...

Page 113: ... 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 TCP Flags Filters packets by TCP flag Filtered packets are either forwarded or dropped Filtering...

Page 114: ...he last eight bits are used Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard Mask Defines the destination IP address of the wildcard mask Traffic Class Indicates the traffic class to which the packets are matched Select either Match DSCP or Match IP Precedence Match DSCP Matches the packet to the DSCP tag value The possible field ran...

Page 115: ...Based ACL Page The Edit IP Based ACL Page contains the following fields ACL Name Displays the user defined IPv6 based ACLs New Rule Priority Indicates the rule priority which determines which rule is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol For a list of available protocols see the Protocol field description in the IPv6 Based ACL Page above So...

Page 116: ... Address Matches the source port IP address from which packets are addressed to the ACE Wildcard Mask Defines the source IP address wildcard mask Wildcard masks specify which bits are used and which bits are ignored A wildcard mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example if the source IP address 149 36 184 19...

Page 117: ...tions are as follows Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page STEP 3 Define the relevant fields STEP 4 Click Apply The IP Based ACL is modified and the device is updated Defining Rules...

Page 118: ...DP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 TCP Flags Filters packets by TCP flag Filtered packets are either forwarded or dropped Filtering packets by TCP fl...

Page 119: ...her the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forw...

Page 120: ... field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 TCP Flags Filters packets by TCP flag Filtered packets are either fo...

Page 121: ...to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL criteria Deny Drops pa...

Page 122: ...h rule is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol ICMP Internet Control Message Protocol ICMP The ICMP allows the gateway or destination host to communicate with the source host For example to report a processing error IGMP Internet Group Management Protocol IGMP Allows hosts to notify their local switch or router that they want to receive tr...

Page 123: ...sts spread over the internet as well as hosts in a single network RDP Remote Desktop Protocol RDP Allows a clients to communicate with the Terminal Server over the network IDPR Matches the packet to the Inter Domain Policy Routing IDPR protocol IPV6 Internet Routing Protocol version 6 IPv6 Provides a newer version of the Internet Protocol and follows IP version 4 IPv4 IPv6 increases the IP address...

Page 124: ... Internet Protocol L2IP ISIS Intermediate System Intermediate System ISIS Distributes IP routing information throughout a single Autonomous System in IP networks ANY Matches the protocol to any protocol Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field r...

Page 125: ...cedence value is used to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the network administrator or packet is assigned rate limiting restrictions for forwarding The options are as follows Permit Forwards packets which meet the ACL ...

Page 126: ...e above Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field r...

Page 127: ...fic class to which the packet is matched Select either Match DSCP or Match IP Precedence Match DSCP Matches the packet to the DSCP tag value Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets...

Page 128: ...cates the rule priority which determines which rule is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol For a list of available protocols see the Protocol field description in the IPv6 Based ACL Page above Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Se...

Page 129: ...rt IP address to which packets are addressed to the ACE Prefix Length Matches the IP route prefix for the destination IP The prefix length must be preceded by a forward slash Traffic Class Indicates the traffic class to which the packet is matched Select either Match DSCP or Match IP Precedence Match DSCP Matches the packet to the DSCP tag value Match IP Precedence Matches the packet IP Precedence...

Page 130: ... ACL is assigned on a port or a LAG flows from that ingress interface that do not match the ACL are matched to the default rule which is Drop unmatched packets To bind ACLs to an interface STEP 1 Click Security Suite Access Control ACL Binding The ACL Binding Page opens ACL Binding Page The ACL Binding Page contains the following fields Copy From Entry Number Copies the ACL binding configuration f...

Page 131: ... settings are defined and the device is updated Modifying ACL Binding STEP 1 Click Security Suite Access Control ACL Binding The ACL Binding Page opens STEP 2 Click the Edit button The Edit ACL Binding Page opens Edit ACL Binding Page The Edit ACL Binding Page contains the following fields Interface Indicates the interface to which the ACL is bound Select MAC Based ACL Indicates the MAC based ACL ...

Page 132: ...hat allows administrators to match discard and redirect packets based on packet header values Packets which are redirected are analyzed for viruses and Trojans DoS enables network managers to Deny packets that contain reserved IP addresses Prevent TCP connections from a specific interface Discard echo requests from a specific interface Discard IP fragmented packets from a specific interface The Do...

Page 133: ...isabled Disables DoS security on the device This is the default value Denial of Service Protection Indicates if any of the services listed below are enabled If the service protection is disabled the Stacheldraht Distribution Invasor Trojan and Back Orifice Trojan fields are disabled Stacheldraht Distribution Discards TCP packets with source TCP port equal to 16660 Invasor Trojan Discards TCP packe...

Page 134: ...in the configured network Martian addresses include any address within the following ranges 0 0 0 0 8 Except 0 0 0 0 32 as a Source Address Addresses in this block refer to source hosts on this network 127 0 0 0 8 Used as the Internet host loopback address 192 0 2 0 24 Used as the TEST NET in documentation and example codes 224 0 0 0 4 As a Source IP Address Used in IPv4 Multicast address assignme...

Page 135: ...es Indicates that packets arriving from Martian addresses are dropped Enabled is the default value When enabled the following IP addresses are included 0 0 0 0 8 except 0 0 0 0 32 127 0 0 0 8 192 0 2 0 24 224 0 0 0 4 240 0 0 0 4 except 255 255 255 255 32 IP Address Displays the IP addresses for which DoS attack is enabled Mask Displays the Mask for which DoS attack is enabled STEP 2 To remove a Ma...

Page 136: ...ination IP STEP 4 Define the relevant fields STEP 5 Click Apply The Martian Addresses are defined and the device is updated Defining DHCP Snooping DHCP Snooping is a DHCP security feature that provides network security by filtering untrusted DHCP messages and by building and maintaining a DHCP snooping binding database also referred to as a DHCP snooping binding table DHCP snooping acts like a fir...

Page 137: ... DHCP Snooping Properties The DHCP Snooping Properties Page contains parameters for enabling DHCP Snooping on the device To define the DHCP Snooping general properties STEP 1 Click Security Suite DHCP Snooping Properties The DHCP Snooping Properties Page opens DHCP Snooping Properties Page The DHCP Snooping Properties Page contains the following fields Enable DHCP Snooping Indicates if DHCP Snoopi...

Page 138: ...er matches the client hardware address as appears in the DHCP Header This is the default value Backup Database Indicates if the DHCP Snooping Database learning and update is enabled All changes to the binding storage file are implemented only if the device s system clock is synchronized with the SNTP Server The possible field values are Checked Enables backing up of the allotted IP address in the ...

Page 139: ... Snooping VLAN Settings Page contains the following fields VLAN ID Indicates the VLAN to be added to the Enabled VLAN list Enabled VLANs Contains a list of VLANs for which DHCP Snooping is enabled STEP 2 Modify the relevant fields STEP 3 Click Apply The settings are defined and the device is updated Defining Trusted Interfaces The Trusted Interfaces Page allows network managers to define Trusted i...

Page 140: ...ge The Trusted Interfaces Page contains the following fields Ports of Unit Displays the ports which can be defined as trusted LAGs Displays the LAGs which can be defined as trusted Trusted Interface Table Interface Contains a list of existing interfaces Trust Indicates whether the interface is a Trusted interface STEP 2 Select either Ports or LAGs STEP 3 In the table select an interface and click ...

Page 141: ...xisting interfaces Trust Status Indicates whether the interface is a Trusted Interface Enable Interface is in trusted mode Disable Interface is in untrusted mode STEP 4 Define the fields STEP 5 Click Apply The Trusted Interfaces configuration is defined and the device is updated Binding Addresses to the DHCP Snooping Database The Binding Database Page contains parameters for querying and adding IP...

Page 142: ... of the following fields as a query filter Query By MAC Address Indicates the MAC addresses recorded in the DHCP Database The Database can be queried by MAC address IP Address Indicates the IP addresses recorded in the DHCP Database The Database can be queried by IP address VLAN Indicates the VLANs recorded in the DHCP Database The Database can be queried by VLAN Interface Contains a list of inter...

Page 143: ...sible field values are Static Indicates the IP address is static Dynamic Indicates the IP address is defined as a dynamic address in the DHCP database Learned Indicates the IP address is dynamically defined by the DHCP server This field appears as a read only field in the table Lease Time Displays the lease time The Lease Time defines the amount of time the DHCP Snooping entry is active Addresses ...

Page 144: ...e per 1 IP Source Guard address entry If the number of IP Source Guard entries exceeds the number of available TCAM rules new IP source guard addresses remain inactive IP Source Guard cannot be configured on routed ports If IP Source Guard and MAC address filtering is enabled on a port Port Security cannot be activated on the same port If a port is trusted filtering of static IP addresses can be c...

Page 145: ... device Enable Indicates that IP Source Guard is enabled for the device Disable Indicates that IP Source Guard is disabled for the device STEP 2 Enable or Disable use of IP Source Guard on the device STEP 3 Click Apply The IP Source Guard configuration is modified and the device is updated Defining IP Source Guard Interface Settings In the IP Source Guard Interface Settings Page IP Source Guard ca...

Page 146: ...resses can be configured although IP Source Guard is not active in that condition If a port s status changes from untrusted to trusted the static IP address filtering entries remain but become inactive STEP 1 Click Security Suite DHCP Snooping IP Source Guard Interface Settings The IP Source Guard Interface Settings Page opens IP Source Guard Interface Settings Page The IP Source Guard Interface S...

Page 147: ...disabled on the interface This is the default value STEP 2 Click Edit The Edit Interface Settings Page opens Edit Interface Settings Page STEP 3 Modify the fields STEP 4 Click Apply The new IP Source Guard Interface configuration is added and the device is updated Querying the IP Source Binding Database The IP Source Guard Binding Database Page enables network managers to query and view informatio...

Page 148: ...icates the IP Address format The possible values are Version 6 or Version 4 Insert Inactive Indicates the IP Source Guard Database uses the TCAM resources for managing the database The device can try to activate inactive addresses in various time intervals Retry Frequency Try to activate inactive addresses at a specified interval The possible values are 10 600 seconds Never Never try to activate i...

Page 149: ...t interface status The possible field values are Active Indicates the interface is currently active Inactive Indicates the interface is currently inactive IP Address Indicates IP address of the interface VLAN Indicates if the address is associated with a VLAN MAC Address Displays the MAC address of the interface Type Displays the IP address type The possible field values are Dynamic Indicates the ...

Page 150: ...into the subnet Packets are classified as Trusted Indicates that the interface IP and MAC address are recognized and recorded in the ARP Inspection List Trusted packets are forward without ARP Inspection Untrusted Indicates that the packet arrived from an interface that does not have a recognized IP and MAC addresses The packet is checked for Source MAC Compares the packet s source MAC address in ...

Page 151: ...on contains the following topics Defining ARP Inspection Properties Defining ARP Inspection Trusted Interfaces Defining ARP Inspection List Assigning ARP Inspection VLAN Settings Defining ARP Inspection Properties The ARP Inspection Properties Page provides parameters for enabling and setting global Dynamic ARP Inspection parameters as well as defining ARP Inspection Log parameters To define ARP I...

Page 152: ...s Page contains the following fields Enable ARP Inspection Enables ARP Inspection on the device The possible field values are Checked Enables ARP Inspection on the device Unchecked Disables ARP Inspection on the device This is the default value ARP Inspection Validate Enables ARP Inspection Validation on the device The possible field values are Checked Enables ARP Inspection Validation on the devi...

Page 153: ...le range is 0 86400 seconds 0 seconds specifies immediate transmissions of Syslog messages The default value is 5 seconds Never Log is never updated STEP 2 Define the relevant fields STEP 3 Click Apply The ARP Inspection Properties are defined and the device is updated Defining ARP Inspection Trusted Interfaces The ARP Inspection Trusted Interfaces Page allows network managers to define trusted an...

Page 154: ...d LAGs Specifies the LAG for which the Trusted Interface settings are displayed Interface Displays the name or number of the interface on which ARP Inspection Trust mode can be enabled Trust Enables or disables ARP Inspection Trust mode on the interface The possible field values are Enabled Indicates the port or LAG is a trusted interface and ARP inspection is not performed on the ARP requests rep...

Page 155: ...the fields STEP 4 Click Apply The Trusted Interface s configuration is modified and the device is updated Defining ARP Inspection List The ARP Inspection List Page provides information for creating static ARP Binding Lists ARP Binding Lists contain the List Name IP address and MAC address which are validated against ARP requests and replies To add an ARP Inspection List entry ...

Page 156: ...of existing user defined ARP Inspection Lists Add Defines a new ARP Inspection List The list s name can contain up to 32 characters Delete Removes the selected list Only lists that were added by the New box above can be removed To remove a list the user selects the list name and selects this field s check box Static ARP Table IP Address Specifies IP address included in ARP Binding Lists which is c...

Page 157: ...e users assign static ARP Inspection Lists to enabled VLANs When a packet passes through an untrusted interface which is enabled for ARP Inspection the device performs the following checks in order Determines if the packet s IP address and MAC address exist in the static ARP Inspection list If the addresses match the packet passes through the interface If the device does not find a matching IP add...

Page 158: ... following fields VLAN ID A user defined VLAN ID to add to the Enabled VLANs list Enabled VLANs Contains a list of VLANs in which ARP Inspection is enabled Enabled VLAN Table VLAN ID Indicates the VLAN which is bound to the ARP Inspection List List Name Displays names of static ARP Inspection Lists that were assigned to VLANs These lists are defined in the ARP Inspection List Page STEP 2 Select th...

Page 159: ...he Add VLAN Settings Page contains the following fields Bind List Name Select a static ARP Inspection List to assign to the VLAN These lists are defined in the ARP Inspection List Page To VLAN Select the VLAN which includes the specified ARP Inspection List STEP 3 Define the fields STEP 4 Click Apply The VLAN Settings are modified and the device is updated ...

Page 160: ...or Layer 2 Enabled Devices Configuring Ports Settings for Layer 3 Enabled Devices Configuring Ports Settings for Layer 2 Enabled Devices The Port Settings Page varies depending on whether the device is in Layer 2 or Layer 3 mode definable on the device through the CLI interface Layer 2 devices support Private VLAN Edge which can be enabled for individual ports on the Edit Port Page The Port Settin...

Page 161: ... the specified table entry To Entry Number s Assigns the copied port configuration to the specified table entry Unit Number Indicates the stacking member for which the ports are defined Interface Displays the port number Port Type Displays the port type The possible field values are 1000M Copper copper cable 1000M ComboC combo port with copper cable 3 1000M ComboF combo port with optic fiber cable...

Page 162: ...e supports transmission between the device and the client in only one direction at a time PVE Indicates that this port is protected by an uplink so that the forwarding decisions are overwritten by those of the port that protects it PVE is supported in Layer 2 mode LAG Defines if the port is part of a Link Aggregation Group LAG STEP 2 To copy the settings from one interface to another enter the spe...

Page 163: ...cription Specifies the port s user defined name Port Type Displays the port type The possible field values are 1000M Copper copper cable 1000M ComboC combo port with copper cable 3 1000M ComboF combo port with optic fiber cable Fiber Indicates the port has a fiber optic port connection Admin Status Indicates whether the port is currently operational or non operational The possible field values are...

Page 164: ...field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half Indicates that the interface supports transmission between the device and the client in only one direction at a time Current Duplex Mode Displays the port current duplex mode Auto Negotiation Enables Auto Negotiation on the port Auto Negotiation enables ...

Page 165: ...Enables or disables flow control or enables the auto negotiation of flow control on the port Select from Enable Disable Auto Negotiation Current Flow Control Displays the current Flow Control setting Select from Enable Disable Auto Negotiation MDI MDIX Displays the Media Dependent Interface MDI Media Dependent Interface with Crossover MDIX status on the port Hubs and switches are deliberately wire...

Page 166: ...ick Apply The Port Settings are modified and the device is updated Configuring Ports Settings for Layer 3 Enabled Devices To define port settings Layer 3 STEP 1 Click Bridging Port Management Port Settings The Port Settings Page opens Port Settings Page The Port Settings Page contains the following fields Copy From Entry Number Copies the port configuration from the specified table entry ...

Page 167: ...connected Port Speed Displays the current port speed Duplex Mode Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half...

Page 168: ...ngs The Port Settings Page opens STEP 2 Define the Unit number STEP 3 Click a specific entry s Edit button The Edit Port Page opens Edit Port Page The Edit Port Page contains the following fields Port Displays the port number Description Specifies the port s user defined name Port Type Displays the port type The possible field values are 1000M Copper copper cable ...

Page 169: ...Admin Duplex Defines the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half Indicates that the interface supports transmission b...

Page 170: ...ure Enables Back Pressure mode on the port Back Pressure mode is used with Half Duplex mode to disable ports from receiving messages The Back Pressure mode is configured for ports currently in the Half Duplex mode Current Back Pressure Displays the Back Pressure mode on the port Flow Control Enables or disables flow control or enables the auto negotiation of flow control on the port Select from En...

Page 171: ...nistration Guide 162 5 MDI Use for end stations Current MDI MDIX Displays the current MDI MDIX setting LAG Defines if the port is part of a Link Aggregation LAG STEP 4 Define the relevant fields STEP 5 Click Apply The Port Settings are modified and the device is updated ...

Page 172: ... PVID Port VID configured at the ingress port VLANs function at layer 2 All traffic unicast broadcast multicast of a VLAN stays within the VLAN Devices attached to different VLANs cannot have direct connectivity at the Ethernet MAC layer to each other Devices from different VLANs can have communication with each other only through layer 3 routers An IP router for example is required to route IP tr...

Page 173: ...ps Defining a Protocol Port Defining VLAN Properties The VLAN Properties Page provides information and global parameters for configuring and working with VLANs To define VLAN properties STEP 1 Click Bridging VLAN Management Properties The VLAN Properties Page opens VLAN Properties Page The VLAN Properties Page contains the following fields VLAN ID Displays the VLAN ID VLAN Name Displays the user d...

Page 174: ...bled Disables unauthorized users to use the VLAN Disabled Enables unauthorized users from using the VLAN STEP 2 Click the Add button The Add VLAN Range Page opens Add VLAN Range Page The Add VLAN Range Page allows network administrators to define and configure new VLANs and contains the following fields VLAN Specifies that a specific VLAN is to be defined The possible field values are VLAN ID Defi...

Page 175: ...Page opens STEP 2 Click Edit The Edit VLAN Page opens Edit VLAN Page The Edit VLAN Page contains information for enabling VLAN guest authentication and includes the following fields VLAN ID Displays the VLAN ID VLAN Name Defines the VLAN name Disable Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Checked Enables unauthorized users to use t...

Page 176: ...VLAN VLAN Members Ports included in the VLAN STEP 3 Define the relevant fields STEP 4 In the Port List select the ports to include in the VLAN and click the adjacent right arrow The selected ports then appear in the VLAN Members list STEP 5 Click Apply The VLAN Settings are defined and the device is updated Defining VLAN Membership The Port to VLAN Page contains a table that maps VLAN parameters t...

Page 177: ...elects the VLAN ID VLAN Name Displays the VLAN name VLAN Type Indicates the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GVRP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Ports of Unit Indicates that ports on the specified stacking member are described in the page LAGs Indicates that LAGs are describe...

Page 178: ...interface from the VLAN However the interface can be added to the VLAN through GARP Forbidden Denies the interface VLAN membership even if GARP indicates the port is to be added Modifying VLAN Membership STEP 2 Click the Edit button The Edit Edit Interface Status Page opens Edit Interface Status Page The Edit Interface Status Page contains the following fields VLAN ID Displays the VLAN ID VLAN Nam...

Page 179: ...LANs By default all ports are assigned to VLAN 1 as untagged port member All intermediate VLAN aware devices carrying VLAN traffic along the path between any end nodes must be either configured with the VLAN port memberships manually by an operator or dynamically learnt from GVRP The untagged port membership configured between two VLAN aware devices that have no other VLAN aware device in between ...

Page 180: ...t number Mode Indicates the port mode The possible values are General The port can be tagged and untagged with members of one or more VLANs full 802 1Q mode Access The port belongs to a single untagged VLAN When a port is in Access mode the packet types which are accepted on the port packet type cannot be designated Also it is not possible to enable disable ingress filtering on an access port Trun...

Page 181: ...y assigned to the port and click Remove VLANs Specifies the VLAN in which the port is a member LAG if the port is a member of a LAG the LAG number is displayed A member of a LAG cannot be configured to a VLAN but that same LAG can be configured to a VLAN STEP 3 In the VLAN To Port table click Join VLAN in the relevant port entry The Join VLAN To Port Screen opens Join VLAN To Port Screen STEP 4 De...

Page 182: ...ge ports mapping without having to individually configure each bridge and register VLAN membership The Global System LAG information displays the same field information as the ports but represents the LAG GVRP information To define GVRP STEP 1 Click Bridging VLAN Management GVRP Settings The GVRP Settings Page opens GVRP Settings Page The GVRP Settings Page contains the following fields GVRP Globa...

Page 183: ...Enables GVRP on the selected interface Disabled Disables GVRP on the selected interface Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enabled Enables Dynamic VLAN creation on the interface Disabled Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the devic...

Page 184: ...sables GVRP on the selected interface Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enable Enables Dynamic VLAN creation on the interface Disable Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP ...

Page 185: ...rriving to the device are tagged by the ports PVID The varies depending on whether the device is in Layer 2 or Layer 3 mode definable on the device through the CLI interface Layer 2 devices support Multicast TV VLAN which can be enabled for individual ports on the Edit VLAN Ports Page STEP 1 Click Bridging VLAN Management Interface Settings The VLAN Interface Setting Page opens VLAN Interface Sett...

Page 186: ...nable disable ingress filtering on an access port Trunk The port can be member of one or more VLANs It is an untagged member of at most one VLAN and is a tagged member of all other VLANs it is a member of Customer The port can be a member of one or more double tagged Multicast TV VLAN s Refer to Define Customer VLAN using Q in Q for details PVID Assigns a VLAN ID to untagged packets The possible v...

Page 187: ...he Edit button The Edit VLAN Ports Page opens Edit VLAN Ports Page The Edit VLAN Ports Page contains the following fields Interface The port or LAG associated with this VLAN interface configuration VLAN Mode Indicates the port mode Possible values are General The port can be tagged and untagged with members of one or more VLANs full 802 1Q mode Access The port belongs to a single untagged VLAN Whe...

Page 188: ...agged and untagged packets are accepted on the port Admit Tag Only Indicates that only tagged packets are accepted on the port Ingress Filtering Ingress filtering discards packets which do not include an ingress port The possible values are Enable Ingress filtering is activated on the port Disable Ingress filtering is not activated on the port Multicast TV VLAN Indicates if a Multicast TV VLAN is ...

Page 189: ...e additional tag is inserted into packets received from the customer ports before the packets are transmitted into Multicast TV VLAN through the service provider network The VLAN Interface Setting Page provides parameters defining VLANs supporting QinQ To define VLANs supporting QinQ STEP 1 Click Bridging VLAN Management Interface Setting The VLAN Interface Setting Page opens STEP 2 For the releva...

Page 190: ...ssions for each subscriber VLAN IGMP snooping is supported for those transmissions Any VLAN can be a Multicast TV VLAN A port assigned to a Multicast TV VLAN Joins the Multicast TV VLAN Packets passing through egress ports in the Multicast TV VLAN are untagged The port s Frame Type parameter is set to Admit All allowing untagged packets see Defining VLAN Interface Settings The Multicast TV VLAN co...

Page 191: ...face Defines the VLAN to which the ports are assigned Customer Port Members Defines the ports already assigned to the Multicast TV VLAN Customer Ports Lists the ports available for assigning to the Multicast TV VLAN STEP 2 Define the ports which are members of the Multicast TV VLAN Select ports from the Customer Ports list and click the left arrow button to move the ports to the Customer Ports Mem...

Page 192: ...ed to the Multicast VLAN the VLAN can participate in IGMP snooping To map CPE VLANs STEP 1 Click Bridging VLAN Management CPE VLAN Mapping The CPE VLAN Mapping Page opens CPE VLAN Mapping Page The CPE VLAN Mapping Page contains the following fields CPE VLAN Indicates the CPE VLAN which is mapped to the Multicast TV VLAN Multicast TV VLAN Indicates the Multicast TV VLAN which is mapped to the CPE V...

Page 193: ...pped to the Multicast TV VLAN Multicast TV VLAN Defines the Multicast TV VLAN which is mapped to the CPE VLAN STEP 3 Define the mapping STEP 4 Click Apply CPE VLAN Mapping is modified and the device is updated Defining Protocol Groups The Protocol Group Page contains information defining protocol names and the VLAN Ethernet type Interfaces can be classified as a specific protocol based interface P...

Page 194: ... Layer 2 The Protocol Group Page Layer 2 opens Protocol Group Page The Protocol Group Page contains the following fields Frame Type Displays the packet type Protocol Value Displays the User defined protocol name Group ID Hex Defines the Protocol group ID to which the interface is added Range is 1 2147483647 STEP 2 Click the Add Button The Add Protocol Group Page opens ...

Page 195: ...s are as follows Protocol Value The possible values are IP IPX IPv6 or ARP Ethernet Based Protocol Value Specify the value in hexadecimal format Group ID Defines the Protocol group ID to which the interface is added STEP 3 Define the relevant fields STEP 4 Click Apply The Protocol Group is added and the device is updated Modifying Protocol Groups The Edit Protocol Group Page provides information f...

Page 196: ...lue Displays the User defined protocol value Group ID Hex Defines the Protocol group ID to which the interface is added The possible value range is 1 2147483647 in hexadecimal format STEP 3 Define the relevant fields STEP 4 Click Apply The Protocol group is modified and the device is updated Defining a Protocol Port The Protocol Port Page adds interfaces to Protocol groups Protocol ports are suppo...

Page 197: ... Interface Port or LAG number added to a protocol group Protocol Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID Protocol ports can either be attached to a VLAN ID or a VLAN name STEP 2 Click the Add Button The Add Protocol Port to VLAN Page opens The Add Protocol Port to ...

Page 198: ...ds Interface Port or LAG number added to a protocol group Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID VLAN Name Attaches the interface to a user defined VLAN Name STEP 3 Define the relevant fields STEP 4 Click Apply The protocol ports are mapped to VLANs and the device...

Page 199: ...Addressing The IP Addressing section contains the topics Managing IPv6 Defining IPv4 Interface Layer 2 Defining IPv4 Interface Layer 3 Enabling ARP Proxy Layer 3 Defining UDP Relay Layer 3 Defining DHCP Relay Layer 2 Defining DHCP Relay Interfaces Defining DHCP Relay Layer 3 ARP Defining IP Routing Managing IPv6 The Internet Protocol version 6 IPv6 is a network layer protocol for packet switched i...

Page 200: ...The transition mechanism enables IPv6 only hosts to reach IPv4 services and to allow isolated IPv6 hosts and networks to reach the IPv6 Internet over the IPv4 infrastructure The tunneling mechanism implemented is ISATAP This protocol treats the IPv4 network as a virtual IPv6 local link with mappings from each IPv4 address to a link local IPv6 address The switch detects IPv6 frames by the IPv6 ethe...

Page 201: ...ossible field values are Link Local Indicates the IPv6 address is link local Global Unicast Indicates the IPv6 address is global Unicast IPv6 Address Indicates the IPv6 address assigned to the interface Up to five IP addresses can be set per interface with the limitation that up to 128 addresses can be set per system The address must be a valid IPv6 address specified in hexadecimal using 16 bit va...

Page 202: ...e Indicates the interface to which the address is added The possible field value is VLAN Indicates the VLAN for which the address is added IPv6 Type Displays the IPv6 Type The possible field values are Link Local Indicates the IPv6 address is link local Global Unicast Indicates the IPv6 address is global Unicast IPv6 Address Indicates the IPv6 address assigned to the interface Up to five IP addres...

Page 203: ...k Unlike IPv4 the IPv6 Default Gateway can have multiple IPv6 addresses which may include up to one user defined static address and multiple dynamic addresses learned via router solicitation message The user configured Default Gateway has a higher precedence over automatically advertised addresses The IPv6 Default Gateway IP address is configured as a Link Local IPv6 type in order to maintain uniq...

Page 204: ... IP Address of the Default Gateway Interface Specifies the outgoing interface through which the Default Gateway can be reached which is the VLAN ID on which the IPv6 interface is defined Type Specifies the means by which the default gateway was configured Possible field values are Static Indicates the default gateway is user defined Dynamic Indicates the default gateway is dynamically configured S...

Page 205: ...d unicast Neighbor Solicitation probes are being sent to verify reachability STEP 2 Click the Add button The Add Static Default Gateway Page opens The Add Static Default Gateway Page provides information for adding a static Default Gateway Add Static Default Gateway Page The Add Static Default Gateway Page contains the following fields Supported IP Format Indicates the supported IP version is IPv6...

Page 206: ...tomatically generated Link Local IPv6 address is assigned to the interface and the interface becomes active When defining ISATAP tunnels note the following IPv6 Link Local address is assigned to the ISATAP interface The initial IP address is assigned to the interface and the interface state becomes Active If a ISATAP interface is active the ISATAP router IPv4 address is resolved via DNS by using I...

Page 207: ...he possible field values are Enable Enables ISATAP tunnel on the device Disable Disables ISATAP tunnel on the device This is the default value Tunnel Router s Domain Name Specifies a global string that represents a specific automatic tunnel router domain name The default value is ISATAP Use Default Selecting the check box that returns settings to default Query Interval 10 3600 Specifies the interv...

Page 208: ...o default ISATAP Robustness 10 20 Specifies the number of DNS Query Router Solicitation refresh messages that the device sends The range is 1 20 seconds The default is 3 Use Default Selecting the check box that returns settings to default STEP 2 Define the relevant fields STEP 3 Click Apply The ISATAP tunnel is defined and the device is updated Viewing IPv6 Neighbors Information The IPv6 Neighbors...

Page 209: ...e field values are Static Only Deletes the static IPv6 address entries from the IPv6 Neighbor Table Dynamic Only Deletes the dynamic IPv6 address entries from the IPv6 Neighbor Table All Static and Dynamic Deletes the static and dynamic address entries IPv6 address entries from the IPv6 Neighbor Table Interface Indicates the neighboring IPv6 interface type The possible field values are VLAN Displa...

Page 210: ...nown to be reachable Stale Indicates the previously known neighbor is no longer reachable No action is taken to verify its reachability until traffic need to be sent Delay Indicates the previously known neighbor is no longer reachable The Interface is in Delay state for a predefined Delay Time that if no reachability confirmation is received the state will change to Probe Probe Indicates the neigh...

Page 211: ...s Dynamic Shows dynamic neighbor discovery cache entries STEP 3 Click the Add button The Add IPv6 Neighbors Page opens The Add IPv6 Neighbors Page provides information for adding a static default gateway Add IPv6 Neighbors Page The Add IPv6 Neighbors Page contains the following fields Interface Indicates the neighboring IPv6 interface type The possible field values are VLAN Displays the neighborin...

Page 212: ...ns IPv6 Routes Table Page The IPv6 Routes Table Page contains the following fields Clear Table Deletes the entries in the IPv6 Routes Table The possible field values are Static Only Deletes the static IPv6 address entries from the IPv6 Routes Table Dynamic Only Deletes the dynamic IPv6 address entries from the IPv6 Routes Table All Dynamic and Static Deletes the static and dynamic address entries ...

Page 213: ...essing The IP address and default gateway can be either dynamically or statically configured In Layer 2 a static IP address is configured on the IPv4 Interface Page The Management VLAN is set to VLAN 1 by default but can be modified When the system is in stacking mode with a Backup Master present configure the IP address as a static address This prevents disconnecting from the network during a Sta...

Page 214: ...faces STEP 1 Click System System Management IP Addressing IPv4 Interface The IPv4 Interface Page opens IPv4 Interface Page The IPv4 Interface Page contains the following fields Supported IP Format Displays the supported IP format Version 4 Get Dynamic IP from DHCP Server Retrieves the IP addresses using DHCP Static IP Address Permanent IP addresses are defined by the administrator IP addresses are...

Page 215: ...teway IP address Active Default Gateway Active default gateway s IP Address Remove User Defined Removes the selected IP address from the interface The possible field values are Checked Removes the IP address from the interface Unchecked Maintains the IP address assigned to the Interface STEP 2 Click Apply The IP Interface settings are defined and the device is updated Defining IPv4 Interface Layer...

Page 216: ...face Page opens IPv4 Interface Page The IPv4 Interface Page contains the following fields IP Address Displays the currently configured IP address Mask Displays the currently configured IP address mask Interface Displays the interface used to manage the device STEP 2 Click the Add button The Add IP Interface Page opens Add IP Interface Page The Add IP Interface Page contains the following fields ...

Page 217: ...nly when the IPV6 Static IP Address is defined as an Global IPv6 Address STEP 3 Define the relevant fields STEP 4 Click Apply The new IP interface configuration is defined and the device is updated Modifying IP Interface Settings STEP 1 Click System System Management IP Addressing IP Interface The IPv4 Interface Page opens STEP 2 Click the Edit button The Edit IP Interface Page opens Edit IP Inter...

Page 218: ...erts IP addresses into physical addresses The ARP Proxy Page allows network managers to enable ARP Proxy on the switch This section is applicable to Layer 3 devices only STEP 1 Click System System Management IP Addressing ARP Proxy The ARP Proxy Page opens ARP Proxy Page The ARP Proxy Page contains the following field ARP Proxy Defines the ARP Proxy status The possible values are Enable Enables th...

Page 219: ...ervers on different networks This section is applicable to Layer 3 devices only To define UDP Relay STEP 1 Click System System Management IP Addressing UDP Relay The Defining UDP Relay Page opens Defining UDP Relay Page The Defining UDP Relay Page contains the following fields Source IP Interface Indicates the input IP interface that relays UDP packets If this field is 255 255 255 255 UDP packets ...

Page 220: ... opens UDP Port Number Acronym Application 7 Echo Echo 11 SysStat Active User 15 NetStat Netstat 17 Quote Quote of the day 19 CHARGEN Character Generator 20 FTP data FTP Data 21 FTP FTP 37 Time Time 42 NAMESERVE Host Name Server 43 NICNAME Who is 53 DOMAIN Domain Name Serve 69 FTP Trivial File Transfer 111 SUNRPC Sun Microsystems Rpc 123 NTP Network Time 123 NTP Network Tim 137 NetBiosNameService ...

Page 221: ...dress The IP interface that receives UDP packet relays If this field is 0 0 0 0 UDP packets are discarded If this field is 255 255 255 255 UDP packets are flooded to all IP interfaces STEP 3 Define the relevant fields STEP 4 Click Apply The UDP Relay Settings are defined and the device is updated Defining DHCP Relay Layer 2 The DHCP Server Page enables users to establish a DHCP configuration with ...

Page 222: ...2 Indicates if DHCP Option 82 with data insertion is enabled on the device DHCP with Option 82 attaches authentication messages to the packets sent from the host DHCP passes the configuration information to hosts on a TCP IP network This permits network administrators to limit address allocation to authorized hosts DHCP with Option 82 can be enabled only if DHCP snooping is enabled The possible fi...

Page 223: ... following field Support IP Format Provides the supported IP format Version 6 or Version 4 DHCP Server IP Address Defines the IP address assigned to the DHCP server STEP 3 Define the relevant fields STEP 4 Click Apply The DHCP Server is defined and the device is updated Defining DHCP Relay Interfaces Enabling Relay functionality provides multiple interfaces to be configured for establishing a DHCP...

Page 224: ...nterfaces Page opens DHCP Interfaces Page The DHCP Interfaces Page contains the following fields Interface Displays the interface selected for relay functionality Check Box Removes DHCP relay from an interface The possible field values are Checked Removes the selected DHCP Relay interface Unchecked Maintains the selected DHCP Relay interface STEP 2 Click the Add button The Add DHCP Interface Page ...

Page 225: ...3 Select the Interface on which to define a DHCP Relay STEP 4 Click Apply A DHCP Relay Interface is defined and the device is updated Defining DHCP Relay Layer 3 The DHCP Server Page enables users to establish a DHCP configuration with multiple DHCP servers to ensure redundancy IP Addresses are controlled and distributed one by one to avoid overloading the device The DHCP servers act as a DHCP rel...

Page 226: ...dicates if DHCP Option 82 with data insertion is enabled on the device DHCP with Option 82 attaches authentication messages to the packets sent from the host DHCP passes the configuration information to hosts on a TCP IP network This permits network administrators to limit address allocation to authorized hosts DHCP with Option 82 can be enabled only if DHCP snooping is enabled The possible field ...

Page 227: ...orted IP format Version 6 or Version 4 DHCP Server IP Address Defines the DHCP server IP address STEP 3 Specify the IP address of the server STEP 4 Click Apply DHCP is enabled and the device is updated ARP The Address Resolution Protocol ARP is the method for finding a host s Link Layer MAC address when only its Internet Layer IP address is known The ARP table is used to maintain a correlation bet...

Page 228: ...leted from the table The range is 1 40000000 where zero indicates that entries are never cleared from the cache The default value is 60 000 seconds Clear ARP Table Entries Indicates the type of ARP entries that are cleared on all devices The possible values are All All ARP entries are cleared Dynamic Only dynamic ARP entries are cleared Static Only static ARP entries are cleared None ARP Entries a...

Page 229: ...ing fields Supported IP Format Indicates the IP address format supported by the host The possible field values are Version 4 Indicates that the host supports IPv4 addresses only VLAN Indicates the ARP enabled interface IPv4 Address Indicates the station IP address which is associated with the MAC address filled in below MAC Address Indicates the station MAC address which is associated in the ARP t...

Page 230: ...AC Address Indicates the station MAC address which is associated in the ARP table with the IP address Status Defines the ARP Table entry status Possible field values are Dynamic Indicates the ARP entry is learned dynamically Static Indicates the ARP entry is a static entry STEP 3 Define the relevant fields STEP 4 Click Apply The ARP Settings are modified and the device is updated Defining IP Routi...

Page 231: ...ies the IP route prefix length for the destination IP address preceded by a forward slash the prefix length Next Hop Indicates the next hop s IP address or IP alias on the route Route Type Defines the route type The possible field values are Reject Rejects the route and stops routing to the destination network via all gateways Remote Indicates the route is a remote path Metric Indicates the admini...

Page 232: ...fix Length Defines the IP route prefix for the destination IP The prefix length must be preceded by a forward slash Next Hop Defines the next hop s IP address or IP alias on the route Route Type Defines the route type The possible field values are Reject Rejects the route and stops routing to the destination network via all gateways Remote Indicates the route is a remote path Metric 1 255 Defines ...

Page 233: ...ipexample com is translated into 192 87 56 2 DNS servers maintain databases of domain names and their corresponding IP addresses The Domain Name System contains the following windows Defining DNS Servers Mapping DNS Hosts Defining DNS Servers The DNS Servers Page contains fields for enabling and activating specific DNS servers To enable a DNS server STEP 1 Click System System Management IP Address...

Page 234: ...amic The IP address is dynamically created Static The IP address is a static IP address Remove Removes DNS servers The possible field values are Checked Removes the selected DNS server Unchecked Maintains the current DNS server list DNS Server Details DNS Server Displays the DNS server s IP address up to four DNS servers can be defined Active Server Specifies the DNS server that is currently activ...

Page 235: ...Pv6 link local interface is defined as a VLAN used ISATAP Indicates that the IPv6 link local interface is defined as a virtual IPv6 local link via ISATAP DNS Server IP Address Enter the DNS server s IP address Set DNS Server Active Defines active status of the new DNS Server The possible values are Checked This new server becomes the active DNS Server Unchecked This new server is not the active DN...

Page 236: ... Host Mapping Page The Host Mapping Page contains the following fields Host Names Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters IP Address Displays the DNS host IP address STEP 2 Click the Add button The Add Host Name Page opens The Add Host Name Page provides informatio...

Page 237: ...nk local Global Unicast Indicates the IPv6 address is global Unicast Link Local Interface Indicates the IPv6 link local interface The possible field values are VLAN Indicates that VLAN is the IPv6 link local interface ISATAP Indicates that the IPv6 link local interface is defined as a virtual IPv6 local link via ISATAP Host Name Displays a user defined default domain name When defined the default ...

Page 238: ...ce The address must be a valid IPv6 address specified in hexadecimal using 16 bit values between colons IP Address 4 optional Indicates the fourth IPv6 network assigned to the interface The address must be a valid IPv6 address specified in hexadecimal using 16 bit values between colons STEP 3 Define the relevant fields STEP 4 Click Apply The DNS Host settings are defined and the device is updated ...

Page 239: ... to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN Static addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased This section contains information for defining both static and dynamic Forwarding Database entries and inc...

Page 240: ...ess to which the entry refers Interface Displays the interface to which the entry refers Port The specific port number to which the forwarding database parameters refer LAG The specific LAG number to which the forwarding database parameters refer Status Displays how the entry was created The possible field values are Permanent The MAC address is permanent Delete on Reset The MAC address is deleted...

Page 241: ...e specific LAG number to which the forwarding database parameters refer MAC Address Displays the MAC address to which the entry refers VLAN ID Displays the VLAN ID number to which the entry refers VLAN Name Displays the VLAN name to which the entry refers Status Displays how the entry was created The possible field values are Permanent The MAC address is permanent Delete on Reset The MAC address i...

Page 242: ...Dynamic Page contains parameters for querying information in the Dynamic MAC Address Table including the interface type MAC addresses VLAN and table storing The Dynamic MAC Address table contains information about the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic MAC Address table The Dynamic MAC Address table contains address parame...

Page 243: ...ery By section select the preferred option for sorting the addresses table Interface Specifies the interface for which the table is queried The query can search for specific ports or LAGs MAC Address Specifies the MAC address for which the table is queried VLAN ID Specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table ...

Page 244: ...red Multicast Settings IGMP Snooping When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines Which ports want to join which Multicast groups Which ports have Multicast routers generating IGMP queries Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group i...

Page 245: ...Filtering is enabled The possible field values are Checked Enables IGMP Snooping on the device Unchecked Disables IGMP Snooping on the device VLAN ID Specifies the VLAN ID IGMP Snooping Status Indicates if IGMP snooping is enabled on the specific VLAN The possible field values are Enabled IGMP Snooping is enabled on the VLAN Disabled IGMP Snooping is not enabled on the VLAN Host Timeout Indicates ...

Page 246: ...r an Immediate Leave value The default timeout is 10 seconds STEP 2 Define the relevant fields STEP 3 Click Apply The IGMP Snooping Parameters are updated and the device is updated Modifying IGMP Snooping STEP 1 Click Bridging Multicast IGMP Snooping The IGMP Snooping Page opens STEP 2 Click the Edit button The Edit IGMP Snooping Page Edit IGMP Snooping Page The Edit IGMP Snooping Page contains th...

Page 247: ... host waits after requesting to leave the IGMP group and not receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an Immediate Leave value The default timeout is 10 seconds STEP 3 Define the relevant fields STEP 4 Click Apply The device is updated ...

Page 248: ...e Checked Enables Multicast Filtering on the device Unchecked Disables Multicast Filtering on the device VLAN ID Specifies the VLAN ID Bridge Multicast Address Identifies the Multicast group MAC address or IP address Ports Displays the Multicast Group status of all of the specified stacking member s ports LAGs Displays the Multicast Group status of all of the device s LAGs Interface Displays the i...

Page 249: ...p Page opens Add Multicast Group Page The Add Multicast Group Page contains the following fields VLAN ID Displays the VLAN ID Bridge Multicast IP Address Displays the IP address attached to the Multicast Group Bridge Multicast MAC Address Displays the MAC address attached to the Multicast Group STEP 3 Define the relevant fields STEP 4 Click Apply The Multicast Group is added and the device is upda...

Page 250: ...ace Displays the interface attached to the Multicast Group Interface Status Defines the interface status The options are as follows Static Attaches the interface to the Multicast group as static member in the Static Row The interface has joined the Multicast group statically in the Current Row Forbidden Forbidden interfaces are not included the Multicast group even if IGMP Snooping designated the ...

Page 251: ... ports can only receive Multicast transmissions they cannot initiate a Multicast TV transmission Multicast TV source ports must be a Multicast VLAN members IGMP messages are used to indicate which ports are requesting to join or leave the Multicast group The Multicast TV VLAN IGMP Snooping Mapping Page allows network managers to map IGMP snooping to VLANs To define IGMP Snooping mapping STEP 1 Cli...

Page 252: ... following fields VLAN Defines the Multicast TV VLAN on which to enable IGMP Snooping Multicast Group Defines the Multicast group IP address on which to enable IGMP Snooping STEP 3 Define the fields STEP 4 Click Apply IGMP Snooping is enabled on the specified Multicast TV VLAN and the device is updated Defining Multicast TV Membership The Multicast TV Membership Page allows network managers to dis...

Page 253: ...Indicates the port on which Multicast TV transmissions are received Transceiver Ports Indicates the source port from which the Multicast TV transmission originates The source port is learned through the IGMP messages STEP 2 Select a Multicast TV VLAN to view STEP 3 Click Apply The ports that belong to the selected VLAN are displayed in the table Defining Multicast Forwarding The Multicast Forward ...

Page 254: ...ulticast Forwarding status of all of the device s LAGs Interface Indicates the port or LAG whose Multicast forwarding configuration is described Interface Status Displays the interface status The options are as follows Static Attaches the port to the Multicast group as static member Forbidden Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a M...

Page 255: ...luded the Multicast group even if IGMP snooping designated the interface to join a Multicast group Excluded The interface is not part of a Multicast group Dynamic Attaches the interface or LAG dynamically to the Multicast group STEP 3 Define the relevant fields STEP 4 Click Apply The device is updated Defining Unregistered Multicast Settings Multicast frames are generally forwarded to all ports in...

Page 256: ... VLAN it is a member of or will be a member of To define unregistered Multicast settings STEP 1 Click Bridging Multicast Unregistered Multicast The Unregistered Multicast Page opens Unregistered Multicast Page The Unregistered Multicast Page contains the following fields Ports Indicates the port for which the unregistered Multicast parameters are displayed EtherChannels Specifies the EtherChannel ...

Page 257: ...aged Switches Administration Guide 248 9 Filtering Enables filtering of Unregistered Multicast frames to the selected VLAN interface STEP 2 Click Edit The Edit Unregistered Multicast Page opens STEP 3 Define the Unregistered Multicast field STEP 4 Click Apply The settings are saved and the device is updated ...

Page 258: ...between end stations avoiding and eliminating loops Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops Multiple STP Provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition Multiple STP transmits packets assigned to different VLANs through different MST regions MST re...

Page 259: ...al Settings area contains device level parameters Spanning Tree State Indicates if STP is enabled on the device The possible field values are Enable Enables STP on the device This is the default value Disable Disables STP on the device STP Operation Mode Indicates the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the defa...

Page 260: ...nning STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The default value is 32768 The bridge priority value is provided in increments of 4096 For example 4096 8192 12288 etc The range is 0 to 61440 Hello Time Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a root bridge waits between conf...

Page 261: ...l amount of STP state changes that have occurred Last Topology Change Indicates the amount of time that has elapsed since the bridge was initialized or reset and the last topographic change occurred The time is displayed in a day hour minute second format for example 2 days 5 hours 10 minutes and 4 seconds STEP 2 Define the relevant fields STEP 3 Click Apply STP is enabled and the device is update...

Page 262: ...o which the STP interface setting are copied Ports Display the STP Interface settings of the specified stacking member s ports LAGs Display the STP Interface settings of device LAGs Port Indicates the port or LAG on which STP is enabled STP Indicates if STP is enabled on the port The possible field values are Enable Indicates that STP is enabled on the port Disable Indicates that STP is disabled o...

Page 263: ...able Enables BPDU guard on the selected port or LAG Disable Disables BPDU guard on the selected port or LAG This is the default value Port State Displays the current STP state of a port If enabled the port state determines what forwarding action is taken on traffic Possible port states are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC ad...

Page 264: ...forward traffic when a path being rerouted Priority Priority value of the port The priority value influences the port choice when a bridge has two ports connected in a loop The priority range is between 0 240 The priority value is provided in increments of 16 Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge Designated Port ID Indicates the selected po...

Page 265: ...ields Port Selects the port number on which Spanning Tree is configured STP Enables or disables STP on the port The possible field values are Enable Enables STP on the port Disable Disables STP on the port Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link ...

Page 266: ...n is taken on traffic Possible port states are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening Indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning Indic...

Page 267: ...wer cost are less likely to be blocked if STP detects loops Forward Transitions Indicates the number of times the port has changed from the Blocking state to Forwarding state LAG Indicates the LAG to which the port belongs If a port is a member of a LAG the LAG settings override the port settings STEP 3 Define the relevant fields STEP 4 Click Apply The interface settings are modified and the devic...

Page 268: ...tting are copied Ports Display the RSTP configurations of the specified stacking member s ports LAGs Display the RSTP configurations of device LAGs Interface Indicates the port or LAG for which the STP settings are displayed Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets...

Page 269: ... the forwarding state The possible field values are Enable Fast Link is enabled Disable Fast Link is disabled Auto Fast Link mode is enabled a few seconds after the interface becomes active Port Status Indicates the RSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled on the port Blocking Indicates that the port is currently blocked and c...

Page 270: ...ck Bridging Spanning Tree RSTP The RSTP Page opens STEP 2 Click the Edit button The Edit Rapid Spanning Tree Page opens Edit Rapid Spanning Tree Page The Edit Rapid Spanning Tree Page contains the following fields Interface Specifies whether Rapid STP is enabled on a port or LAG Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values ar...

Page 271: ...Fast Link is enabled Disable Fast Link is disabled Auto Fast Link mode is enabled a few seconds after the interface becomes active Port State Indicates the RSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled on the port Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening Indic...

Page 272: ...levant fields STEP 4 Click Apply The device is updated Defining Multiple Spanning Tree MSTP provides differing load balancing scenarios For example while port A is blocked in one STP instance the same port is placed in the Forwarding State in another STP instance The MSTP Properties page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops T...

Page 273: ...unsigned 16 bit number that identifies the revision of the current MST configuration The revision number is required as part of the MST configuration The possible field range 0 65535 Max Hops Indicates the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port information is aged out The possible field range is 1 40 The field default i...

Page 274: ... region to which the device belongs is defined A configuration consists of the name revision and region to which the device belongs The VLAN screen enables mapping VLANs to MSTP Instances STEP 1 Click Bridging Spanning Tree MSTP Instance to VLAN The Instance to VLAN Page opens Instance to VLAN Page The Instance to VLAN Page contains the following fields VLAN Indicates the VLAN for which the MSTP i...

Page 275: ...vice belongs is defined A configuration consists of the name revision and region to which the device belongs Network Administrators can define MSTP Instances settings using the MSTP Instance Settings Page STEP 1 Click Bridging Spanning Tree MSTP Instance Settings The MSTP Instance Settings Page opens MSTP Instance Settings Page The MSTP Instance Settings Page contains the following fields Instance...

Page 276: ...ted instance s root port Root Path Cost Indicates the selected instance s path cost Bridge ID Indicates the priority and MAC address of the selected instance Remaining Hops Indicates the number of hops remaining to the next destination STEP 2 Define the relevant fields STEP 3 Click Apply The MSTP Instance configuration is defined and the device is updated Defining MSTP Interface Settings Network A...

Page 277: ...ngs are displayed The possible field values are Port Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed Port State Indicates the MSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled on the port Blocking Indicates that the port is currently blocked and cannot forward...

Page 278: ... STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated Indicates the port or LAG via which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when...

Page 279: ...Settings page Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state Remain Hops Indicates the hops remaining to the next destination STEP 2 Click the Interface Table button The MSTP Interface Table Page opens MSTP Interface Table Page The MSTP Interface Table Page contains the following fields Instance Defines the VLAN group to which the int...

Page 280: ...ype Indicates if the port is a point to point port or a port connected to a hub The possible field values are Boundary Port Indicates the port is a boundary port A Boundary port attaches MST bridges to LAN in an outlying region If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port Indicates the port is a master ...

Page 281: ...hat the port is in Forwarding mode The port can forward traffic and learn new MAC addresses Designated Cost Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings page Designated Bridge ID Indicates the bridge ID number that connects the link or shared LAN to the root Designated Port ID Indicates the Port ID number on the designated b...

Page 282: ...rmining the allocation of network resources to different handling classes including The assignment of network traffic to a particular hardware queue The assignment of internal resources Traffic shaping The terms Class of Service CoS and QoS are used in the following context CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as...

Page 283: ... class to which they belong as defined by the classification mechanism Traffic Class Handling Attributes Applies QoS CoS mechanisms to different classes including Bandwidth Management The Quality of Service section contains the following topics Defining General Settings Defining QoS Basic Mode Defining General Settings The QoS General Settings section contains the following Defining CoS Defining Q...

Page 284: ...uration of the ports on the specified stacking member are described in the page LAGs Indicates that the CoS configuration of the LAGs are described in the page Interface Indicates the interface for which the CoS information is displayed Default CoS Displays the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 Restore ...

Page 285: ...e Priority Page contains the following fields Interface Indicates whether the interface is a port or LAG Set Default User Priority Defines the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 STEP 3 Modify the Interface priority STEP 4 Click Apply The Interface priority is set and the device is updated Defining QoS Qu...

Page 286: ... settings are displayed The possible field range is 1 4 WRR Weight Displays the WRR weight assigned to the queue by the user of WRR Bandwidth Indicates the amount of bandwidth assigned to the queue These values represent the of the WRR Weight configured by the user of WRR Bandwidth Indicates the amount of bandwidth assigned to the queue These values represent the of the WRR Weight configured by th...

Page 287: ... to Queue Page The Cos to Queue Page contains the following fields Restore Defaults Restores all queues to the default CoS settings Class of Service Specifies the CoS VLAN CoS priority tag values where zero is the lowest and 7 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported where Queue 4 is the highest and Que...

Page 288: ...ty of Service General DSCP to Queue The DSCP to Queue Page opens DSCP to Queue Page The DSCP to Queue Page contains the following fields DSCP In Indicates the Differentiated Services Code Point DSCP value in the incoming packet The following values are reserved and cannot be changed 3 11 19 27 35 43 51 and 59 Queue Defines the traffic forwarding queue to which the DSCP priority is mapped STEP 2 De...

Page 289: ...allowed on egress interfaces On GE ports traffic shape for burst traffic CbS can also be defined STEP 1 Click Quality of Service General Bandwidth The Bandwidth Page opens Bandwidth Page The Bandwidth Page contains the following fields Ports of Unit Indicates that the bandwidth settings of the ports on the specified stacking member are described in the page LAG Indicates that the bandwidth setting...

Page 290: ...e field values are For FE ports the rate is 64 62 500 Kbps For GE ports the rate is 64 1 000 000 Kbps CbS Defines Committed Burst Size CbS as the queue shaping type CbS is supported only on GE interfaces The possible field value is 4096 16 769 020 bytes Modifying Bandwidth Settings STEP 2 Click the Edit button The Edit Bandwidth Page opens Edit Bandwidth Page The Edit Bandwidth Page contains the f...

Page 291: ...on the interface Unchecked Disables ingress rate limiting on the interface Ingress Rate Limit Defines the amount of bandwidth assigned to the interface For FE ports the rate is 62 100 000 Kbps For GE ports the rate is 62 1 000 000 Kbps STEP 3 Modify the relevant fields STEP 4 Click Apply The bandwidth settings are modified and the device is updated Configuring VLAN Rate Limit Rate limiting per VLA...

Page 292: ...VLAN Rate Limit Page The VLAN Rate Limit Page contains the following fields VLAN Indicates the VLAN on which the Rate Limit is applied Rate Limit Defines the maximum rate CIR in kbits per second bps that forwarding traffic is permitted in the VLAN Burst Size Defines the maximum burst size CbS in bytes that forwarding traffic is permitted through the VLAN STEP 2 Click the Add button The Add VLAN Ra...

Page 293: ...es the maximum rate CIR in kbits per second bps that forwarding traffic is permitted in the VLAN Burst Size CbS Defines the maximum burst size CbS in bytes that forwarding traffic is permitted through the VLAN STEP 3 Define the relevant fields STEP 4 Click Apply The VLAN Rate Limit is added and the device is updated Modifying the VLAN Rate Limit STEP 1 Click Quality of Service General VLAN Rate Li...

Page 294: ...nd the device is updated Defining Advanced Mode Defining Advanced QoS Mode Advanced QoS mode provides rules for specifying flow classification and assigning rule actions that relate to bandwidth management The rules are defined in classification control lists CCL CCLs are set according to the classification defined in the ACL and they cannot be defined until a valid ACL is defined When CCLs are de...

Page 295: ...er queue can be applied The Advanced Mode section contains the following topics Configuring DSCP Mapping Defining Class Mapping Defining Aggregate Policer Configuring Policy Table Defining Policy Binding Configuring DSCP Mapping The DSCP Mapping Page enables mapping Differentiated Services Code Point DSCP values from incoming packets to DSCP values in outgoing packets The DSCP values can be modifi...

Page 296: ...Page opens DSCP Mapping Page The DSCP Mapping Page contains the following fields DSCP In Indicates the DSCP value in the incoming packet which will be mapped to an outgoing packet DSCP Out Sets a mapped DSCP value in the outgoing packet for the corresponding incoming packet STEP 2 Define the relevant mapping STEP 3 Click Apply DSCP incoming values are mapped to DSCP outgoing values and the device ...

Page 297: ... or a MAC based ACL Class Map B is assigned to packets based on both an IP based and a MAC based ACL STEP 1 Click Quality of Service Advanced Mode Class Mapping The Class Mapping Page opens Class Mapping Page The Class Mapping Page contains the following fields Class Map Name Selects an existing Class Map by name ACL1 Contains a list of the user defined ACLs Match Criteria used to match IP address...

Page 298: ... addresses and or MAC addresses with an ACL s address The possible field values are And Both the MAC based and the IP based ACL must match a packet Or Either the MAC based or the IP based ACL must match a packet MAC ACL Matches packets to MAC based ACLs first then matches packets to IP based ACLs Preferred ACL Defines if packets are first matched to an IP based ACL or a MAC based ACL The possible ...

Page 299: ...e specified Class policies can be configured in a policy map only if the classes have defined match criteria An aggregate policer can be applied to multiple classes in the same policy map but an aggregate policer cannot be used across different policy maps Define an aggregate policer if the policer is shared with multiple classes Policers in one port cannot be shared with other policers in another...

Page 300: ... CIR value None Forwards packets exceeding the defined CIR value STEP 2 Click the Add button The Add QoS Aggregate Policer Page opens Add QoS Aggregate Policer Page The Add QoS Aggregate Policer Page contains the following fields Aggregate Policer Name Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second Ingress Committed Burst Size CS Defi...

Page 301: ... Page opens Edit QoS Aggregate Policer Page The Edit QoS Aggregate Policer Page contains the following fields Aggregate Policer Name Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second Ingress Committed Burst Size CS Defines the CS in bytes per second Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are D...

Page 302: ... Policy Table Page QoS policies are set up and assigned to interfaces To set up QoS policies STEP 1 Click Quality of Service Advanced Mode Policy Table The Policy Table Page opens Policy Table Page The Policy Table Page contains the following field Policy Name Displays the user defined policy name STEP 2 Click the Add button The Add QoS Policy Profile Page opens ...

Page 303: ...onfiguration manually The possible field values are DSCP In the New Value box the possible values are 0 63 CoS In the New Value box the possible values are 0 7 This is applicable only for the GE device Queue In the New Value box the possible values are 1 4 This is applicable only for the GE device Trust CoS DSCP Determines the queue to which the packet is assigned dependent on the CoS tag and DSCP...

Page 304: ...eld is only relevant when the Police value is Single Ingress Committed Burst Size CS Defines the CS in bytes This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Out of Profile DSCP Remarks pack...

Page 305: ... box the possible values are 0 63 CoS In the New Value box the possible values are 0 7 Police Enables Policer functionality Type Policer type for the policy Possible values are Aggregate Configures the class to use a configured aggregate policer selected from the drop down menu An aggregate policer is defined if the policer is shared with multiple classes Traffic from two different ports can be co...

Page 306: ...en the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Out Of Profile DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value STEP 3 Define the relevant fields ST...

Page 307: ...Policy Binding Page contains the following fields Interface Displays the interface to which the entry refers Policy Name Displays a Policy name associated with the interface STEP 2 Click the Add button The Add QoS Policy Binding Page opens Add QoS Policy Binding Page The Add QoS Policy Binding Page contains the following fields Interface Displays the interface to which the entry refers Policy Name...

Page 308: ... Edit button The Edit QoS Policy Binding Page opens Edit QoS Policy Binding Page The Edit QoS Policy Binding Page contains the following fields Interface Displays the interface to which the entry refers Policy Name Displays the Policy name associated with the interface STEP 3 Define the relevant fields STEP 4 Click Apply The QoS policy binding is defined and the device is updated Defining QoS Basi...

Page 309: ...rust Mode determines the queue to which the packet is assigned Possible values are CoS Sets trust mode to CoS on the device The CoS mapping determines the packet queue DSCP Sets trust mode to DSCP on the device The DSCP mapping determines the packet queue Always Rewrite DSCP Rewrites the packet DSCP tag according to the QoS DSCP Rewriting configuration Always Rewrite DSCP can only be selected if t...

Page 310: ...Click Quality of Service Advanced Mode DSCP Mapping The DSCP Mapping Page opens DSCP Mapping Page The DSCP Mapping Page contains the following fields DSCP In Indicates the DSCP value in the incoming packet DSCP Out Indicates the DSCP value in the outgoing packet STEP 2 Define the relevant fields STEP 3 Click Apply The device is updated ...

Page 311: ...raps mechanism to SNMPv1 and SNMPv2 PDUs In addition User Security Model USM is defined for SNMPv3 and includes Authentication Provides data integrity and data origin authentication Privacy Protects against disclosure message content Cipher Block Chaining CBC is used for encryption Either authentication is enabled on an SNMP message or both authentication and privacy are enabled on a SNMP message ...

Page 312: ...Configuring SNMP Security The Security section contains the following topics Defining the SNMP Engine ID Defining SNMP Views Defining SNMP Users Defining SNMP Groups Defining SNMP Communities Defining the SNMP Engine ID The Engine ID Page provides information for defining the device engine ID The Engine ID must be defined before SNMPv3 is enabled Select a default Engine ID that is comprised of Ent...

Page 313: ...ing Each byte in hexadecimal character strings consists of two hexadecimal digits Each byte can be separated by a period or a colon Use Default Uses the device generated Engine ID The default Engine ID is based on the device MAC address and is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number Fifth octet Set to 3 to indicate the MAC address that follows Last 6 o...

Page 314: ...Only R O access to Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID To define SNMP views STEP 1 Click System SNMP Security Views The SNMP Views Page opens SNMP Views Page The SNMP Views Page contains the following fields View Name Displays the user defined views The options are as follows Default Displays ...

Page 315: ... Defines the user defined view name Object ID Subtree Indicates the device feature OID included or excluded in the selected SNMP view The options to select the Object are as follows Select from List Select the Subtree from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list Insert Enables a Subtree not included ...

Page 316: ...ts STEP 1 Click System SNMP Security Users The SNMP Users Page opens SNMP Users Page The SNMP Users Page contains the following fields User Name Displays the user defined user name to which access control rules are applied The field range is up to 30 characters Group Name User defined SNMP group to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page Engine ID Indicat...

Page 317: ...t the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive inform messages Group Name Contains a list of SNMP groups to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page Authentication Method Indicates the Authentication method used The possible field values a...

Page 318: ... Key Defines the Privacy Key LSB If only authentication is required 16 20 bytes are defined If both privacy and authentication are required 36 40 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits This field is available if the Authentication Method is a key Modifying SNMP Users The Edit SNMP User Page provides information for assigning SNMP access control privi...

Page 319: ...ys are entered to define the authentication key If only authentication is required 16 bytes are defined If both privacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon This field is available if the Authentication Method is a key Privacy Key Defines the Privacy Key LSB If onl...

Page 320: ...SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2 SNMPv2 is defined for the group SNMPv3 SNMPv3 is defined for the group Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are No Authentication Indicates that neither the Authentication nor the Privacy security le...

Page 321: ... opens Add SNMP Group Profile Page The Add SNMP Group Profile Page allows network managers to define new SNMP Group profiles The Add SNMP Group Profile Page contains the following fields Group Name Defines the user defined group to which privileges are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 S...

Page 322: ...Define the relevant fields STEP 4 Click Apply The SNMP Community is defined and the device is updated Modifying SNMP Group Profile Settings STEP 1 Click System SNMP Security Groups The SNMP Groups Page opens STEP 2 Click the Edit Button The Edit SNMP Group Profile Page opens Edit SNMP Group Profile Page The Edit SNMP Group Profile Page contains the following fields Group Name Displays the user def...

Page 323: ...authenticated Privacy Encrypts SNMP message Operation Defines the group access rights The options for Read Write and Notify operations are as follows Default Defines the default group access rights DefaultSuper Defines the default group access rights for administrator STEP 3 Define the relevant fields STEP 4 Click Apply The SNMP Group Profile is modified and the device is updated Defining SNMP Com...

Page 324: ...s Management Station Displays the management station IP address for which the basic SNMP community is defined Community String Displays the password used to authenticate the management station to the device Access Mode Displays the access rights of the community View Name Displays the SNMP view The SNMP Communities Advanced Table area contains the following fields Management Station Displays the m...

Page 325: ...e possible values are Indicates the device supports IPv6 Indicates the device supports IPv4 IPv6 Address Type Indicates the supported IPv6 The possible field values are Link Local Indicates IPv6 address is a Link Local Global IndicatesIPv6 address is global Link Local Interface Indicates the Link Local Interface The possible field values are VLAN Indicate the VLAN is defined as the ISATAP Indicate...

Page 326: ...write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the community View Name Contains a list of user defined SNMP views Advanced Enables SNMP Advanced mode for a selected community and contains the following field Group Name Defines advanced SNMP communities group names STE...

Page 327: ...ommunity and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuratio...

Page 328: ...s section contains the following topics Defining Trap Settings Configuring Station Management Defining SNMP Filter Settings Defining Trap Settings The Trap Settings Page contains parameters for defining SNMP notification parameters STEP 1 Click System SNMP Trap Management Trap Settings The Trap Settings Page opens Trap Settings Page The Trap Settings Page contains the following fields ...

Page 329: ...otifications STEP 2 Define the relevant fields STEP 3 Click Apply The SNMP Trap settings are defined and the device is updated Configuring Station Management The Station Management Page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services Identifying Management Trap Targets ...

Page 330: ...ation Recipient table area contains the following fields Recipients IP Indicates the IP address to which the traps are sent Notification Type Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent Community String Identifies the community string of the trap manager Notification Version Determines the trap type The possible field ...

Page 331: ...ndicates traps are sent Inform Indicates informs are sent User Name Displays the SNMP user names Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authentication Indicates the packet is authenticated Privacy Indicates the packet is both authenticated and encrypted UDP Por...

Page 332: ... following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks The Add SNMP Notification Recipient Page contains the following fields Supported IP Format Indicates the supported IP version The possible values are Indicates the device supports IPv6 Indicates the device supports IPv4 VLANthe VLAN is defined as the Local Lin...

Page 333: ...nt area contains the following fields SNMPv3 Enables SNMPv3 as the Notification version If SNMPv3 is enabled the User Name and Security Level fields are enabled for configuration User Name Defines the user to whom SNMP notifications are sent Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenti...

Page 334: ...ication Recipient Page is divided into four areas Notification Recipient SNMPv1 2 Notification Recipient SNMPv3 Notification Recipient and UDP Port Notification Recipient STEP 1 Click System SNMP Security Trap Management Station Management STEP 2 Click the Edit button The Edit SNMP Notification Recipient Page opens Edit SNMP Notification Recipient Page The Edit SNMP Notification Recipient Page con...

Page 335: ...s the following fields SNMPv3 Enables SNMPv3 as the Notification version If SNMPv3is enabled the User Name and Security Level fields are enabled for configuration User Name Defines the user to whom SNMP notifications are sent Security Level SNMP v3 Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated no...

Page 336: ... aspect The Filter Settings Page also allows network managers to filter notifications STEP 1 Click System SNMP Trap Management Filter Settings The Filter Settings Page opens Filter Settings Page The Filter Settings Page contains the following fields Filter Name Contains a list of user defined notification filters Object ID Subtree Displays the OID for which notifications are sent or blocked If a f...

Page 337: ...notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List There are two configuration options Select from List Select the OID from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree u...

Page 338: ...re added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file Backup Configuration File...

Page 339: ...racters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ The Firmware Upgrade Page contains parameters for downloading system files STEP 1 Click Admin File Management Firmware Upgrade The Firmware Upgrade Page opens Firmware Upgrade Page The Firmware Upgrade Page contains the following fields U Specifies that firmware is downloaded for a firmware upgrade B Indicates the file...

Page 340: ... Local Interface TFTP Server Specifies the TFTP Server IP Address from which files are downloaded Source File Specifies the file to be downloaded This field is applicable for upgrades only Destination File Specifies the name of the file after it is downloaded Save As Download to Master Only Downloads the file to the Stacking Master only Download to all Units Downloads the file to all stacking memb...

Page 341: ...tion against system shutdown or for maintenance of a specific operating state File names cannot contain slashes or the leading letter of the file name should not be a period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ In the Save Configuration Page define the parameters of the system configuratio...

Page 342: ... must be identical to ensure proper operation of the stack There are two different ways to update images across the stack Image can be updated prior to connecting a unit to the stack This is the recommended method Upgrade master and copy master image to units across the stack These steps can be done from the Menu Based CLI or from the web interface Copy image from TFTP to master Change active imag...

Page 343: ...ossible field values are Source Copies the current Stacking Master s firmware Destination Unit Defines the stacking member to which the firmware is downloaded Copy Configuration Indicates the device configuration file to copy and the intended usage of the copied file Running Startup or Backup Source File Name Indicates the type of configuration file to copy from the device Destination File Name In...

Page 344: ...ement Active Image The Active Image Page opens Active Image Page The Active Image Page contains the following fields Unit No Indicates the unit number for which the Image file is selected Active Image Indicates the Image file which is currently active on the device After Reset The Image file which is active after the device is reset The possible field values are Image 1 Activates Image file 1 afte...

Page 345: ...ces are devices which receive power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports Guard Band protects the device from exceeding the maximum power level For example if 400W is maximum power level and the Guard Band is 20W if the total system power consumption exceeds 380W no additional PoE components can be added The accumulated ...

Page 346: ...Status Indicates whether PoE is enabled or disabled on the port The possible values are Enable Enables PoE on the port This is the default setting Disable Disables PoE on the port Priority Indicates the PoE port priority The possible values are Critical High and Low The default is Low Power Allocation mW Indicates the power in milliwatts allocated to the port The range is 3 400 15 400 Power Consum...

Page 347: ...Unchecked Disables PoE on the port Power Priority Level Determines the port priority if the power supply is low The port power priority is used if the power supply is low The field default is low For example if the power supply is running at 99 usage and port 1 is prioritized as high but port 3 is prioritized as low port 1 is prioritized to receive power and port 3 may be denied power The possible...

Page 348: ...ge occurrences Denied Counter Indicates times the powered device was denied power Absent Counter Indicates the times the power supply was stopped to the powered device because the powered device was no longer detected Invalid Signature Counter Indicates the times an invalid signature was received Signatures are the means by which the powered device identifies itself to the PSE Signature are genera...

Page 349: ...rroring Viewing CPU Utilization Viewing Integrated Cable Tests The Copper Ports Page contains fields for performing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error that occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a co...

Page 350: ... results Possible values are No Cable Indicates that a cable is not connected to the port Open Cable Indicates that a cable is connected on only one side Short Cable Indicates that a short has occurred in the cable OK Indicates that the cable passed the test Cable Fault Distance Indicates the distance from the port where the cable error occurred Last Update Indicates the last time the cable tests ...

Page 351: ...fields Port Specifies port to which the cable is connected Test Result Displays the cable test results Possible values are OK Indicates that a cable passed the test No Cable Indicates that a cable is not connected to the port Open Cable Indicates that a cable is connected on only one side Short Cable Indicates that a short has occurred in the cable Cable Fault Distance Indicates the distance from ...

Page 352: ...ains the following fields Cable Status Displays the cable status Speed Indicates the speed at which the cable is transmitting packets Link Status Displays the current link status Pair The pair of cables under test Distance to Fault Indicates the distance between the port and where the cable error occurred Status Displays the cable status Cable length Displays the cable length Channel Displays the ...

Page 353: ...is present Optical Test Page The Optical Test Page contains the following fields Port Displays the port number on which the cable is tested Temperature Displays the temperature C at which the cable is operating Voltage Displays the voltage at which the cable is operating Current Displays the current at which the cable is operating Output Power Indicates the rate at which the output power is transm...

Page 354: ...rt mirroring can be used as diagnostic tool and or a debugging feature Port mirroring also enables switch performance monitoring Network administrators configure port mirroring by selecting a specific port to copy all packets and different ports from which the packets are copied To enable port mirroring STEP 1 Click Admin Diagnostics Port Mirroring The Port Mirroring Page opens Port Mirroring Page...

Page 355: ... the port is currently monitored The possible field values are Active Indicates the port is currently monitored NotReady Indicates the port is not currently monitored STEP 2 Click the Add button The Add Port Mirroring Page opens Add Port Mirroring Page The Add Port Mirroring Page contains the following fields Source Port Defines the port from which traffic is to be analyzed Type Indicates the port...

Page 356: ...oring Page opens Edit Port Mirroring Page The Edit Port Mirroring Page contains the following fields Source Port Indicates the port from which traffic is to be analyzed Type Defines the port mode configuration for port mirroring The possible field values are RxOnly Defines the port mirroring on receiving ports This is the default value TxOnly Defines the port mirroring on transmitting ports Tx and...

Page 357: ...rce utilization information The possible field values are Enabled Enables viewing CPU utilization information This is the default value Disabled Disables viewing the CPU utilization information Refresh Rate Amount of time that passes before the statistics are refreshed The possible field values are No Refresh Indicates that the CPU utilization statistics are not refreshed 15 Sec Indicates that the...

Page 358: ...stration Guide 349 15 60 Sec Indicates that the CPU utilization statistics are refreshed every 60 seconds Usage Percentages Graph s y axis indicates the percentage of the CPU s resources consumed by the device Time Graph s x axis indicates the time in 15 30 60 second intervals that usage samples are taken ...

Page 359: ...rity determines the set of event logging devices that are sent per each event logging This section contains the following Enabling System Logs Viewing the Device Memory Logs Viewing the Flash Logs Viewing Remote Logs Enabling System Logs In the Log Settings Page define the levels of event severity that are recorded to the system event logs The event severity levels are listed on this page in desce...

Page 360: ...abled globally in the device Severity The following are the available severity levels Emergency The system is not functioning Alert The system needs immediate attention Critical The system is in a critical state Error A system error has occurred Warning A system warning has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information D...

Page 361: ...ypes will be sent to the Logging file kept in FLASH memory After restart this log is not deleted STEP 2 Define the relevant fields STEP 3 Click Apply The device is updated Viewing the Device Memory Logs The Memory Page contains all system log entries in chronological order that are saved in RAM Cache After restart these log entries are deleted To open the Memory Page STEP 1 Click Admin Logs Memory...

Page 362: ...essage Logs Message Logs can be cleared from the Memory Page To clear the Memory Page STEP 1 Click Admin Logs Memory The Memory Page opens STEP 2 Click the Clear Logs button The message logs are cleared Viewing the Flash Logs The Flash Page contains information about log entries saved to the Log File in FLASH including the time the log was generated the event severity and a description of the log ...

Page 363: ... Page The Flash Page contains the following fields Log Index Displays the log entry number Log Time Displays the time at which the log entry was generated Severity Displays the event severity Description Displays the log message text Clearing Flash Logs Flash Logs can be cleared from the Flash Page To clear the Flash Page STEP 2 Click Clear Logs The message logs are cleared ...

Page 364: ...P Port Defines the UDP port to which the server logs are sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same fac...

Page 365: ...le all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operation...

Page 366: ...ocal Interface Indicates the Link Local Interface The possible field values are Indicates Link Local interface ISATAP Indicates a ISATAP tunnel is a Link Local interface Log Server IP Address Specifies the server to which logs can be sent UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined applica...

Page 367: ...xample all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an opera...

Page 368: ...er If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Severity to Include Indicates the minimum severity level for logs that are sent to the server For example if Notice is ...

Page 369: ...tioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides debugging messages STEP 3 Defin...

Page 370: ...ng Ethernet Statistics Managing RMON Statistics Managing QoS Statistics Viewing Ethernet Statistics The Ethernet section contains the following Defining Ethernet Interface Viewing Etherlike Statistics Viewing GVRP Statistics Viewing EAP Statistics Defining Ethernet Interface The Ethernet Interface Page contains statistics for both received and transmitted packets The Ethernet Interface Page is div...

Page 371: ...ues are Port Defines the specific port for which Ethernet statistics are displayed LAG Defines the specific LAG for which Ethernet statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Ethernet statistics are refreshed every 15 seconds 30 Sec Indicates that the Ethernet stat...

Page 372: ...r of packets with errors The Transmit Statistics area contains the following fields Total Bytes octets Displays the number of octets transmitted on the interface since the page was last refreshed This number includes bad packets and FCS octets but excludes framing bits Unicast Packets Displays the number of good Unicast packets transmitted on the interface since the page was last refreshed Multica...

Page 373: ...atistics are displayed The possible field values are Port Defines the specific port for which Etherlike statistics are displayed LAG Defines the specific LAG for which Etherlike statistics are displayed Refresh Rate Defines the amount of time that passes before the Etherlike statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15...

Page 374: ...he number of oversized packets over 1518 octets received on the interface since the page was last refreshed Internal MAC Receive Errors Displays the number of internal MAC received errors on the selected interface Received Pause Frames Displays the number of received paused frames on the selected interface Transmitted Pause Frames Displays the number of paused frames transmitted from the selected ...

Page 375: ... statistics are displayed Port Indicates if port statistics are displayed LAG Indicates if LAG statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 Sec In...

Page 376: ...llowing fields Invalid Protocol ID Displays the device GVRP Invalid Protocol ID statistics Invalid Attribute Type Displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length Displays the device GVRP Invalid Attribute Length statistics Invalid Event Displays the device GVRP Invalid Events stati...

Page 377: ...e port which is polled for statistics Refresh Rate Defines the amount of time that passes before the EAP statistics are refreshed The possible field values are 15 Sec Indicates that the EAP statistics are refreshed every 15 seconds 30 Sec Indicates that the EAP statistics are refreshed every 30 seconds 60 Sec Indicates that the EAP statistics are refreshed every 60 seconds Frames Receive Indicates...

Page 378: ...s transmitted via the port Request Frames Transmit Indicates the number of EAP Request frames transmitted via the port Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version Indicates the protocol vers...

Page 379: ...N Statistics Page opens RMON Statistics Page The RMON Statistics Page contains the following fields Interface Indicates the interface for which statistics are displayed The possible field values are Ports of Unit Defines the specific port for which RMON statistics are displayed LAG Defines the specific LAG for which RMON statistics are displayed Refresh Rate Defines the amount of time that passes ...

Page 380: ...ign Errors Displays the number of CRC and Align errors that have occurred on the interface since the page was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the page was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed ...

Page 381: ...STEP 3 Click the Reset Counters button The RMON statistics counters are cleared Configuring RMON History This section contains the following topics Defining RMON History Control Viewing the RMON History Table Defining RMON History Control The RMON History Control Page contains information about samples of data taken from ports For example the samples may include interface definitions or polling pe...

Page 382: ...eld values are Ports Specifies the port from which the RMON information was taken LAGs Specifies the LAG from which the RMON information was taken Sampling Interval Indicates the time in seconds that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes Sampling Requested Displays the number of samples to be saved The field range is 1 65535 Th...

Page 383: ...AG from which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples to save Sampling Interval Indicates the time in seconds that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes STEP 3 Define the...

Page 384: ... which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples to save Sampling Interval Indicates the time in seconds that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes STEP 3 Define the releva...

Page 385: ...History Control Table page Owner Displays the RMON station or user that requested the RMON information The field rang is 0 20 characters Sample No Indicates the sample number from which the statistics were taken Drop Events Indicates the number of dropped packets due to lack of network resources during the sampling interval This may not represent the exact number dropped packets but rather the num...

Page 386: ...shed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the page was last refreshed Jabbers Displays the total number of received packets that were longer than ...

Page 387: ...ty string Description Displays the event description Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap Time Displays the date and time that the event occurred Owner Displays the device or user that defined the event The Add button adds the configured RMON eve...

Page 388: ...fined event description Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap Owner Displays the device or user that defined the event STEP 3 Define the relevant fields STEP 4 Click Apply The RMON event is added and the device is updated Modifying RMON Event Log ...

Page 389: ... the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap Owner Displays the device or user that defined the event STEP 3 Define the relevant fields STEP 4 Click Apply The event control settings are modified and the device is updated Viewing the RMON Events Logs The RMON Events Lo...

Page 390: ...try number Log No Displays the log number Log Time Displays the time when the log entry was entered Description Displays the log entry description To return to the RMON Events Page click the RMON Events Control button Defining RMON Alarms The RMON Alarms Page contains fields for setting network alarms Network alarms occur when a network problem or event is detected Rising and falling thresholds ge...

Page 391: ...MON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port LAG Displays the RMON statistics for the selected LAG Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtract...

Page 392: ...d on top of the graph bars Each monitored variable is designated a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value thr...

Page 393: ...nter Name Displays the selected MIB variable Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Rising Threshold Displays the rising counter value that triggers the rising threshold alarm ...

Page 394: ... activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm The falling counter value that triggers the falling threshold alarm Rising and Falling The rising and falling counter values that trigger the alarm Interval Defines the alarm i...

Page 395: ...variable Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Rising Threshold Displays the rising counter value tha...

Page 396: ...w value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm The falling counter value that triggers the falling threshold alarm Rising and Falling The rising and falling counter values that trigger the alarm Interval Defines the alarm interval time in seconds Owner Displays the device or user that defined the alarm STEP...

Page 397: ...interface port or LAG for which Policer statistics are displayed The possible field values are Ports Displays the Policer statistics for the selected port LAGs Displays the Policer statistics for the selected LAG Policy Displays the policy for which the statistics are displayed Class Map Displays the class map for which the statistics are displayed In Profile Bytes Displays the total number in pro...

Page 398: ...he packets were received In profile bytes Displays the total number of in profile packets that were received Out of profile bytes Displays the total number of out of profile packets that were received Resetting Aggregate Policer Statistics Counters STEP 1 Click Quality of Service QoS Statistics Aggregated Policer The The window contains the following fields opens STEP 2 Click Clear Counters The Ag...

Page 399: ...rfaces and all queues with a high DP Set 2 Displays the statistics for Set 2 Set 2 contains all interfaces and all queues with a low DP Port Displays the port for which the queue statistics are displayed Queue Displays the queue from which packets were forwarded or tail dropped Drop Precedence Displays the drop precedence assigned to the packets forwarded or tail dropped for which statistics are d...

Page 400: ...he possible field values are Unit No Selects the unit number Port Selects the port on the selected unit number for which statistics are displayed All Ports Specifies that statistics are displayed for all ports Queue Selects the queue for which statistics are displayed Drop Precedence Selects the drop precedence assigned to the packets forwarded or tail dropped for which statistics are displayed ST...

Page 401: ...siness SFE SGE Managed Switches Administration Guide 392 17 Resetting Queues Statistics Counters STEP 1 Click Quality of Service QoS Statistics Queues Statistics The Queues Statistics Page opens Click Clear Counters The Queues statistics counters are cleared ...

Page 402: ...e same media type A VLAN is not configured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control modes All ports in the LAG have the same priority All ports in the LAG have the s...

Page 403: ...en ports are removed from the LAG the original port configuration is applied to the ports To define LAG management STEP 1 Click Bridging Port Management LAG Management The LAG Management Page opens LAG Management Page The LAG Management Page contains the following fields LAG Displays the LAG number Name Displays the LAG name Link State Displays the link operational status Member Displays the ports...

Page 404: ...STEP 1 Click Bridging Port Management LAG Management The LAG Management Page opens STEP 2 Click the Edit button The Edit LAG Membership Page opens Edit LAG Membership Page The Edit LAG Membership Page contains the following fields LAG Displays the LAG number LAG Name Displays the LAG name LACP Indicates that LACP is enable on the LAG Unit Number Displays the stacking member for which LAG informati...

Page 405: ...port flexibility and provide link redundancy The LAG Settings Page contains fields for configuring parameters for configured LAGs The device supports up to eight ports per LAG and eight LAGs per system The LAG Settings Page varies depending on whether the device is in Layer 2 or Layer 3 mode definable on the device through the CLI interface Layer 2 devices support Private VLAN Edge which can be en...

Page 406: ...onfigured speed at which the LAG is operating Auto Negotiation Displays the current Auto Negotiation setting Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate and flow control abilities to its partner Flow Control Displays the current Flow Control setting Flow control may be enabled disabled or be in auto negotiation mode Flow control o...

Page 407: ...Enables or disables traffic forwarding through the selected LAG Current LAG Status Indicates if the LAG is currently operating Reactivate Suspended LAG Reactivates a port if the LAG has been disabled through the locked port security option or through Access Control List configurations Operational Status Indicates whether the LAG is currently operational or non operational Admin Auto Negotiation En...

Page 408: ...s the admin advertisement status The LAG advertises its capabilities to its neighbor LAG to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement The neighbor LAG the LAG to which the selected interface is connected advertises its capabilities to the LAG to start the negotiation process The possible values are those spec...

Page 409: ...trol Protocol LACP on the relevant links Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed To define LACP STEP 1 Click Bridging Port Management LACP The LACP Page opens LACP Page The LACP Page contains fields for configuring LACP LAGs LACP System Priority Indicates the global LACP priority value The possible range is 1 65535 The de...

Page 410: ...value This is the default value Modify LACP Parameter Settings STEP 2 Click the Edit button The Edit LACP Page opens Edit LACP Page The Edit LACP Page contains the following fields Port Defines the port number to which timeout and priority values are assigned LACP Port Priority Defines the LACP priority value for the port The field range is 1 65535 LACP Timeout Administrative LACP timeout The poss...

Search results

Summary of Contents for Linksys SFE2000

Reviews:

Related manuals for Linksys SFE2000

Brands by name

Popular brands

Cisco Linksys SFE2000, Administration Manual

Search results

Summary of Contents for Linksys SFE2000

Reviews:

Related manuals for Linksys SFE2000

Brands by name

Popular brands