manualshive.com logo in svg

Cisco SFE2000P, Reference Manual

The Cisco SFE2000P is a high-performance network switch with Power over Ethernet capabilities. For detailed specifications and setup instructions, you can easily download the datasheet and user manual for free from our website. Empower your network with this reliable and efficient product.

Share
Download
background image

84

Chapter 4: Configuring Device Security

Defining Access Control

SGE2000/SGE2000P Gigabit Ethernet Switch Reference Guide

Chapter

4

Match IP Precedence

 — Matches the packet IP Precedence value to the ACE. Either the DSCP 

value or the IP Precedence value is used to match packets to ACLs. The possible field range is 0-7.

Action

 — Indicates the action assigned to the packet matching the ACL. Packets are forwarded or 

dropped. In addition, the port can be shut down, a trap can be sent to the network administrator, or 
packet is assigned rate limiting restrictions for forwarding. The options are as follows:

Permit

 — Forwards packets which meet the ACL criteria.

Deny

 — Drops packets which meet the ACL criteria.

Shutdown

 — Drops packet that meets the ACL criteria, and disables the port to which the 

packet was addressed. Ports are reactivated from the 

Port Management

 page.

Defining ACL Binding

When an ACL is bound to an interface, all the ACE rules that have been defined are applied to the selected 
interface. Whenever an ACL is assigned on a port or a LAG flows from that ingress interface that do not 
match the ACL are matched to the default rule, which is Drop unmatched packets. 

1. Click 

Security Suite 

Access Control 

ACL Binding

. The 

ACL Binding Page

 opens

ACL Binding Page

The 

ACL Binding Page 

contains the following fields: 

Copy From Entry Number

 — Indicates the ports/LAGs from which the ACL are copied.

To Entry Number(s)

 — Indicates the ports/LAGs to which the ACL are copied.

Ports 

— Displays the ports bound by the ACL.

Summary of Contents for SFE2000P

Page 1: ...LINKSYS ONE COMMUNICATIONS SOLUTION SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide December 2007 ...

Page 2: ...s the Cisco Systems logo the Linksys Logo and the Linksys One logo are registered trademarks of Cisco Systems Inc All other trademarks mentioned in this document are the property of their respective owners Document Revision History Revision Date Description 1 0 December 2007 Added switch stacking information ...

Page 3: ...Stack 14 Adding Units to a Running Stack 14 Building Manually Configured Stacks 14 Building a New Stack 14 Adding Units to a Running Stack 14 Understanding Stack Resiliency 15 Understanding Advanced Stacking 15 Unit IDs 15 Stack Master 15 Stack Backup Master 15 Stack Members 16 Master Enabled Units 16 Unit ID Allocation 16 Stack Unit Startup Process 17 Master Discovery Process 17 Master Election P...

Page 4: ...ice Security 37 Passwords Management 38 Defining User Authentication 38 Defining Authentication 40 Defining Profiles 40 Mapping Profiles 42 Defining TACACS 43 Defining RADIUS 47 Defining Access Method 51 Defining Access Profiles 51 Defining Profile Rules 54 Defining Traffic Control 60 Defining Storm Control 60 Defining Port Security 62 Defining 802 1x 66 Defining 802 1X Properties 67 Defining Port...

Page 5: ...onfiguring IP Addressing 129 IP Interface 129 ARP Proxy 132 UDP Relay 133 DHCP Relay 136 ARP 137 Defining IP Routing 140 Chapter 8 Defining Address Tables 143 Defining Static Addresses 144 Defining Dynamic Addresses 146 Chapter 9 Configuring Multicast Forwarding 149 IGMP Snooping 149 Defining Multicast Bridging Groups 152 Defining Multicast Forwarding 155 Chapter 10 Configuring Spanning Tree 157 D...

Page 6: ...ing DSCP to Queue 205 Configuring Bandwidth 205 Defining Advanced Mode 208 Configuring DSCP Mapping 208 Defining Class Mapping 209 Defining Aggregate Policer 211 Configuring Policy Table 214 Defining Policy Binding 217 Defining QoS Basic Mode 219 Chapter 13 Managing System Files 221 File Management Overview 221 Firmware Upgrade 222 Save Configuration 223 Copy Files 224 Active Image 225 Chapter 14 ...

Page 7: ...s 249 Viewing EAP Statistics 249 Managing RMON Statistics 252 Viewing RMON Statistics 253 Resetting RMON Statistics Counters 254 Configuring RMON History 255 Defining RMON History Control 255 Viewing the RMON History Table 258 Configuring RMON Events 259 Defining RMON Events Control 259 Viewing the RMON Events Logs 262 Defining RMON Alarms 263 Chapter 17 Managing Device Diagnostics 269 Viewing Int...

Page 8: ...6 Contents SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Contents ...

Page 9: ...e Logging Off The Device Starting the Application This section contains information for starting the Linksys User Interface Note By default the IP address of the device is assigned dynamically The IP address can be changed It is recommended to configure the IP address statically if the system is in stack mode in order to prevent the user from disconnecting from the network in the event of master s...

Page 10: ...lt password and can be configured without entering a password Passwords are both case sensitive and alpha numeric 4 Click Login The Embedded Web System Home Page opens Note If you have logged in automatically via the Service Router user interface the Tree and Device views appear and allow you to navigate through the various areas of the web interface However the following page will appear within t...

Page 11: ...3 Chapter 1 Getting Started Starting the Application SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 1 Embedded Web System Home Page ...

Page 12: ...gurable device features The main branches expand to provide the subfeatures 2 Device View The device view provides information about device ports current configuration and status table information and feature components The device view also displays other device information and dialog boxes for configuring parameters 3 Table Area The Table area enables navigating through the different device featu...

Page 13: ...n explanation of the Linksys user interface buttons including both management buttons and task icons Using the Linksys Management Buttons Provides instructions for adding modifying and deleting device parameters Device Representation The Linksys home page displays a graphical representation of the device Device Representation The Linksys home page contains a graphical SFE2000 and SFE2000P front pa...

Page 14: ...od of configuring device information and include the following Device Management Buttons Button Name Button Description Apply Applies changes to the device Clear All Counters Clears statistic counters Clear Logs Clears log files Add Opens an Add page Delete Removes entries from tables Reset the settings of Selected Port to Default Resets the settlings of a selected port to the default settings Tes...

Page 15: ...eting Device Information Adding Device Information User defined information can be added to specific EWS pages by opening a new Add page To add information to tables or EWS pages 1 Open an EWS page 2 Click the Add button An add page opens for example the Add SNTP Server Page Add SNTP Server 3 Define the fields 4 Click Apply The configuration information is saved and the device is updated Modifying...

Page 16: ...ide Chapter 1 Edit Interface Priority 4 Define the fields 5 Click Apply The fields are modified and the information is saved to the device Deleting Device Information 1 Open the EWS page 2 Select a table row 3 Check the Remove checkbox 4 Click the Delete button The information is deleted and the device is updated ...

Page 17: ...General Reset The Reset page opens Reset Page 2 Click the Reset button Each unit can be reset individually Resetting the stack master results in resetting the entire stack If the master unit is reset the device is reset and a prompt for a user name and password is displayed 3 Enter a user name and password to reconnect to the Web Interface if the stack is not part of a full Linksys One system If t...

Page 18: ...10 Chapter 1 Getting Started Logging Off The Device SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 1 ...

Page 19: ...owing topics Understanding the Device Zoom View Defining General System Information Managing Stacks Understanding the Device Zoom View The Zoom Page is the main window used for viewing the devices either in stand alone mode or operating in a stack To open the Zoom Page 1 Click the System System Management Zoom The Zoom Page opens Zoom Page The Zoom Page contains the following port indicators Green...

Page 20: ...em is currently running The field range is up to 0 160 Characters System Contact Defines the name of the contact person The field range is up to 0 160 Characters System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity System Up Time Displays the amount of time that has elapsed since the last device reset The system time is dis...

Page 21: ...even if physically connected to a stack Stack Indicates the device operates as a Stacked unit after the system is reset A switch operating in stack mode is not an independent unit but a member of an organized group of switches known as a stack A stack consists of one Stack Master control switch one Master Backup switch and up to six Stack Member switches In some cases a unit in stack mode that is ...

Page 22: ...t will be added by restoring them to the factory default mode Connect the units physically to the stack 2 Power the units on After a short interval they will become members of the stack Building Manually Configured Stacks You can manually configure stacks including choosing a specific unit as the Stack Master You must assign a unique Unit ID from 1 to 8 to each stack member Building a New Stack 1 ...

Page 23: ...Backup Master units to the redundant power supply Understanding Advanced Stacking To understand advanced stacking you must understand Unit IDs and how they are allocated and the stack unit startup process Unit IDs Each unit in a stack has an assigned unique Unit ID number The following sections describe the Unit IDs and their characteristics Stack Master The unit assigned the Unit ID number 1 serv...

Page 24: ...nit ID of 3 through 8 can only become a Stack Master or a Backup Master if they are manually configured by the system administrator or if they are reset to the factory default mode Unit ID Allocation Units are shipped from the factory without an assigned Unit ID and must be assigned a unique Unit ID before they can operate as part of a stack Unit ID numbers are assigned to units in one of two ways...

Page 25: ...t with the Stack Master is made These units will not participate in the Master Election process and if no Stack Master is present the units are effectively shut down The Stack Master and all other stack units carry out a continuous process of Master Discovery by frequently exchanging stack control messages This allows units to know if another unit fails or becomes unreachable Master Election Proce...

Page 26: ...cate Unit IDs The Stack Master changes the Unit IDs of units that have a duplicate current Unit ID provided that there are available unused Unit IDs In a merged stack if the Stack Master unit remains as the Stack Master units that were in its group will keep their unit IDs Members of other groups are renumbered If the conflict occurs after the units reboot the conflict is resolved as follows If bo...

Page 27: ...onfigured the stack enters normal operational mode If a change is made to the system configuration the change is stored by the Stack Master and is copied to the Backup Master if one exists You can use the command line interface CLI or GUI to configure the stack units Setting the Unit s Operational Mode Use the GUI to set the unit s operational mode to standalone or stack This configuration takes e...

Page 28: ... is forced to be master of the stack Note that only units with the Unit ID of 1 or 2 can be the stack master Stacking Ports After Reset Allows the user to decide what cable type is in use The possible values are Combo Ports Indicates that the combo port is used as the stacking port Copper Ports Indicates that the copper port is used as the stacking port Unit No Displays the current Stacking Master...

Page 29: ...ster discovers that the unit is no longer responding during the Master Discovery process The Stack Master directs all other stack members to route unit to unit traffic around the failed unit using the ring topology of the stacking connections Concurrently the Stack Master notifies the system administrator of the failure by sending SYSLOG messages and SNMP traps Because all traffic has been routed ...

Page 30: ...on relevant to that Unit ID to the incoming unit If the incoming unit already has an assigned Unit ID and that Unit ID conflicts with a unit ID in the current stack the Stack Master allocates a new Unit ID to the incoming unit giving it the lowest available Unit ID However if the incoming unit has a manually assigned Unit ID the Stack Master cannot change it If the incoming unit cannot be assigned...

Page 31: ... in stack mode performs the Master Discovery process and may participate in the Master Election process If the incoming unit has a Unit ID of 1 or 2 it is a master enabled unit it initiates the Master Election process However because the running stack Backup Master has a longer runtime if it has been running for more than 10 minutes it remains the Stack Master and the incoming unit does not become...

Page 32: ...o the Stack Master routes around the missing units The Master Discovery Master Election and Unit ID Allocation Duplicate Unit ID Conflict Resolution processes occur with the following results Any configuration information contained in the Stack Master that is relevant to the units which remained in the split group remains unchanged Topology information the information for each unit on how to send ...

Page 33: ...oth continue to work as they did previously but with fewer units No unit ID changes are performed in each of the partial stacks If each part of the stack has a Stack Master for example one contains the original Stack Master and one contains the Backup Master and are operating as two separate stacks both Stack Masters contain the same configuration and use the same IP address Neither the Stack Mast...

Page 34: ... is enabled the unit that is configured as the forced unit is selected as the Stack Master System Up Time Up time is measured by quantities of 10 minute intervals If the number of 10 minute intervals is higher for one of the units this unit is selected as the Stack Master Lowest Unit ID If both units have the same up time measured in intervals of 10 minutes the unit with the lowest unit ID is sele...

Page 35: ...ame time the following occurs 1 A Stack Master is elected following the Master Discovery and Master Election processes 2 All other units are shut down When a running group of units is added to an existing stack and each one of the stack groups has an elected Stack Master and the total of existing units and inserted units exceeds the maximum allowed number of units 8 in a stack The Master Detection...

Page 36: ...connected to the other units stacking links will not pass any traffic and the Stack Master will consider them as failed stacking links and route all traffic around them Viewing Device Health The Health Page displays physical device information including information about the device s power and ventilation sources 1 Click System System Management Health The Health Page opens Health Page The Health ...

Page 37: ...GE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 2 Fan Status The fan status The device has five fans Each fan is denoted as fan plus the fan number in the interface The possible field values are OK The fan is operating normally Fail The fan is not operating normally ...

Page 38: ...30 Chapter 2 Managing Device Information Stack Troubleshooting and Maintenance SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 2 ...

Page 39: ...power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports Guard Band protects the device from exceeding the maximum power level For example if 400W is maximum power level and the Guard Band is 20W if the total system power consumption exceeds 380W no additional PoE components can be added The accumulated PoE components power consumpti...

Page 40: ...es the PoE ports priority The possible values are Critical High and Low The default is Low Power Allocation 3000 15400 milliwatts Indicates the power allocated to the port The range is 3000 15400 milliwatts Mode Indicates if the port is enabled to work on PoE The possible field values are On Indicates the device is delivering power to the interface Off Indicates the device is not delivering power ...

Page 41: ...umption level of 44 to 12 95 Watts 0 44 3 8 Indicates that the port is assigned a power consumption level of 44 to 3 8 Watts 3 84 6 49 Indicates that the port is assigned a power consumption level of 3 84 to 6 49 Watts 6 49 12 95 Indicates that the port is assigned a power consumption level of 6 49 to 12 95 Watts 2 Click the Edit button The Edit PoE Settings Page opens Edit PoE Settings Page The E...

Page 42: ...Watts 6 49 12 95 Indicates that the port is assigned a power consumption level of 6 49 to 12 95 Watts Overload Counter Indicates the total power overload occurrences Short Counter Indicates the total power shortage occurrences Denied Counter Indicates times the powered device was denied power Absent Counter Indicates the times the power supply was stopped to the powered device because the powered ...

Page 43: ...rching Indicates that the device is currently searching for a powered device Searching is the default PoE operational status Fault Indicates that the device has detected a fault on the powered device For example the powered device memory could not be read 3 Define the relevant fields 4 Click Apply The PoE Settings are defined and the device is updated ...

Page 44: ...36 Chapter 3 Managing Power over Ethernet Devices DefiningPoE System Information SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 3 ...

Page 45: ...net Switch Reference Guide Chapter 4 Configuring Device Security The Security Suite contains the following sections Passwords Management Defining Authentication Defining Access Method Defining Traffic Control Defining 802 1x Defining Access Control Defining DOS Prevention ...

Page 46: ...ote By default a single user name is defined admin with no password An additional user name password is configured for use in the Linksys One system Defining User Authentication 1 Click Security Suite Passwords Management User Authentication The User Authentication Page Opens User Authentication Page The User Authentication Page contains the following fields User Name Displays the user name 2 Clic...

Page 47: ... field Modifying the Local User Settings 1 Click Security Suite Passwords Management User Authentication The User Authentication Page Opens 2 Click the Edit Button The Local User Settings Page opens Local User Settings Page The Local User Settings Page contains the following fields User Name Displays the user name Password Specifies the new password The password is not displayed As it entered an c...

Page 48: ...ecurity Suite Authentication Profiles The Profiles Page opens Profiles Page The Profiles Page contains the following fields Profile Name Displays the Profile name defined for the Login Table Methods Specifies the authentication method used for port authentication The possible field values are Local Authenticates the user at the device level The device checks the user name and password for authenti...

Page 49: ...system first attempts to authenticate the user on a RADIUS server If there is no available RADIUS server then authentication is attempted on the local data base Note that if the RADIUS server is available but authentication fails then the user is denied access The possible field values are Local Authenticates the user at the device level The device checks the user name and password for authenticat...

Page 50: ... 3 Define the relevant fields 4 Click Apply The authentication profile is defined and the device is updated Mapping Profiles 1 Click Security Management Security Suite Authentication The Mapping Profiles Page opens Mapping Profiles Page The Mapping Profiles Page contains the following fields Console Indicates that Authentication profiles are used to authenticate console users Telnet Indicates that...

Page 51: ...s used to authenticate the port Selected Methods Selects authentication methods from the methods offered in the Optional methods area None Indicates that the authentication method is localized 2 Define the relevant fields 3 Click Apply Mapping Profiles is defined and the device is updated Defining TACACS The devices provide Terminal Access Controller Access Control System TACACS client support TAC...

Page 52: ...and the TACACS server times out The field range is 1 30 seconds Host IP Address Displays the TACACS Server IP address Priority Displays the order in which the TACACS servers are used The default is 0 Authentication Port Displays the port number through which the TACACS session occurs The default is port 49 Single Connection Maintains a single open connection between the device and the TACACS serve...

Page 53: ...ver The key must match the encryption key used on the TACACS server Authentication Port Displays the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Displays the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Single Connection Maintains a single open connection between ...

Page 54: ...thentication Port Displays the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Displays the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Status Displays the connection status between the device and the TACACS server The possible field values are Connected There is cur...

Page 55: ...e Authentication The RADIUS Page opens RADIUS Page The RADIUS Page contains the following fields Default Retries Provides the default retries Default Timeout for Reply Provides the device default Timeout for Reply Default Dead Time Provides the device default Dead Time Default Key String Provides the device default Default Key String Source IP Address Provides the device default Timeout for Reply ...

Page 56: ...ust match the RADIUS encryption Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login Indicates that the RADIUS server is used for authenticating user name and passwords 802 1X Indicates that the RADIUS server is used for 802 1X auth...

Page 57: ...enticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is Login The possible field values are Login Indicates that the RADIUS server is used for...

Page 58: ... for an answer from the RADIUS server before retrying the query or switching to the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The Dead Time default is 0 minutes Key String Defines the default key string used for authenticating and encrypting all RAD...

Page 59: ... accessing and managing the device The device management methods include All Telnet Secure Telnet SSH HTTP Management access to different management methods may differ between user groups For example User Group 1 can access the switch module only via an HTTPS session while User Group 2 can access the switch module via both HTTPS and Telnet sessions The Access Profile Page contains the currently co...

Page 60: ...fields Access Profile Name Defines the access profile name The access profile name can contain up to 32 characters Current Active Access Profile Defines the access profile currently active Remove Removes the selected access profile The possible field values are Checked Removes the selected access profile Unchecked Maintains the access profiles 2 Click the Add button The Add Access Profile Page ope...

Page 61: ...field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to...

Page 62: ... of bits that comprise the source IP address prefix or the network mask of the source IP address Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default 3 Define the relevant fields 4 Click Apply The access profile is added and the device is updated Defining Profile Rules Access profiles c...

Page 63: ...es as packets are matched on a first fit basis Interface Indicates the interface type to which the rule applies The possible field values are Port Attaches the rule to the selected port LAG Attaches the rule to the selected LAG VLAN Attaches the rule to the selected VLAN Management Method Defines the management method for which the rule is defined Users with this access profile can access the devi...

Page 64: ...e device using SNMP meeting access profile criteria are permitted or denied access to the device Source IP Address Defines the interface source IP address to which the rule applies Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address Action Defines the action attached to the rule The possible field values are Permit Permit...

Page 65: ...ected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting acces...

Page 66: ...d in the Profile Rules Page Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria ar...

Page 67: ...ofile is defined VLAN Specifies the VLAN on which the access profile is defined Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Network Mask Determines what subnet the source IP Address belongs to in the network Prefix Length Defines the number of bits that comprise the source IP address prefix or t...

Page 68: ... Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm Control is enabled per all ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broad...

Page 69: ...be forwarded Broadcast Rate Threshold The maximum rate packets per second at which unknown packets are forwarded The rate is 3 500 1 000 000 kbits sec Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic 2 Define the relevant fields 3...

Page 70: ...ally configured Locked port security monitors both received and learned packets that are received on specific ports Access to the locked port is limited to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port up to the point when it is locked When a packet is received on a locked port and the packet source MAC address is not tied to that...

Page 71: ... or LAG name Interface Status Indicates the port security status The possible field values are Unlocked Indicates the port is currently unlocked This is the default value Locked Indicates the port is currently locked Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Interface Status field The possible field values are Classic Lock Locks...

Page 72: ...ard Discards packets from any unlearned source This is the default value Shutdown Discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset Trap Enables traps when a packet is received on a locked port The possible field values are Enable Enables traps Disable Disables traps Trap Frequency Sec The amount of time in ...

Page 73: ...to Unlocked Once the mode is changed the Lock Interface can be reinstated Max Entries Specifies the number of MAC addresses that can be learned on the port The Max Entries field is enabled only if Locked is selected in the Interface Status field In addition the Limited Dynamic Lock mode is selected The default is 1 Action on Violation Indicates the action to be applied to packets arriving on a loc...

Page 74: ... to the authenticated port requesting to access the system services Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the supplicant is authorized to access system services Port based authentication creates two access states Controlled Access Permits communication between the suppl...

Page 75: ...n the device Disable Disables port based authentication on the device Authentication Method Defines the user authentication methods The possible field values are RADIUS Authenticates the user at the RADIUS server RADIUS none Authenticates the user at the RADIUS server if one is available otherwise it assigns no authentication method None Assigns no authentication method to the authentication profi...

Page 76: ...ort Authentication The 802 1X Properties Page opens 802 1X Port Authentication Page The 802 1X Port Authentication Page contains the following fields Copy From Entry Number Indicates the row number from which port authentication parameters are copied To Entry Number s Indicates the row number to which port authentication parameters are copied Unit Number Displays the stacking member for which the ...

Page 77: ...nge Range 0 65535 Resending EAP Specifies the number of seconds that the switch waits for a response to an EAP request identity frame from the supplicant client before resending the request Max EAP Requests The total amount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays t...

Page 78: ...st VLAN is enabled the unauthorized port automatically joins the VLAN selected in the VLAN List field Disable Disables port based authentication on the device This is the default Enable Periodic Reauthentication Permits immediate port reauthentication Reauthentication Period Specifies the number of seconds in which the selected port is reauthenticated Range 300 4294967295 The field default is 3600...

Page 79: ...isplays the number of seconds that lapses before EAP requests are resent to the supplicant Range 1 65535 The field default is 30 seconds Server Timeout Specifies the number of seconds that lapses before the switch resends a request to the authentication server Range 1 65535 The field default is 30 seconds Termination Cause Indicates the reason for which the port authentication was terminated 3 Mod...

Page 80: ...bled for Multiple Hosts The possible field values are Trap Frequency Defines the time period by which traps are sent to the host The Trap Frequency 1 1000000 field can be defined only if multiple hosts are disabled The default is 10 seconds Status Indicates the host status If there is an asterisk the port is either not linked or is down The possible field values are Unauthorized Indicates that eit...

Page 81: ... applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Forward Forwards the packet Discard Discards the packets This is the default value DiscardDisable Discards the packets and shuts down the port The ports remains shut down until reactivated or until the device is reset Enable Traps Indicates if traps are ena...

Page 82: ...sts the supplicants that were authenticated and are permitted on each port Port Displays the port number Session time Displays the amount of time in seconds the supplicant was logged on the port Authentication Method Displays the method by which the last session was authenticated The possible field values are Remote 802 1x authentication is not used on this port port is forced authorized None The ...

Page 83: ... allows a MAC based ACL to be defined ACEs can be added only if the ACL is not bound to an interface To define the MAC Based ACL 1 Click Security Suite Access Control MAC Based ACL The MAC Based ACL Page opens MAC Based ACL Page The MAC Based ACL Page contains the following fields ACL Name Displays the user defined MAC based ACLs Remove ACL Deletes the selected ACL Deny Following Destination MAC A...

Page 84: ...e IP address 14 36 18 19 1 1 and the wildcard mask is 255 36 184 00 00 00 the middle two bits of the IP address are used while the last three bits are ignored Destination Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Mask Indicates the destination MAC Address wild card mask Wildcards are used to mask all or part of a destination IP Address Wild c...

Page 85: ...efine the relevant fields 4 Click Apply The MAC Based ACL is defined and the device is updated Adding Rule to MAC Based ACL 1 Select an existing ACL 2 Click the Add Rule button The Add Rule Page opens Add Rule Page 3 Define the relevant fields 4 Click Apply The ACL Rule is defined and the device is updated Defining IP Based ACL The Defining IP Based ACL page contains information for defining IP Ba...

Page 86: ...d on a specific protocol Any Matches the protocol to any protocol IDRP Matches the packet to the Inter Domain Routing Protocol IDRP IDPR Matches the packet to the Inter Domain Policy Routing Protocol IDPR RVSP Matches the packet to the ReSerVation Protocol RSVP AH Indicates that the Authentication Header AH protocol is used to classify network flows EIGRP Indicates that the Enhanced Interior Gatew...

Page 87: ...ask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Mask Defines the destination IP address wildcard mask Select either Match DSCP or Match IP DCSP Matches the packets DSCP value IP Prec Matches the packet IP Precedence value to the ACE Eit...

Page 88: ...ield is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 TCP Flags Filters packets by TCP flag Filtered packets are either forwarded or dropped Filtering packets by TCP flags increases packet control which increases network security The possible field values are ICMP Indicates if ICMP packets are permitted on the network...

Page 89: ...L criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page 3 Define the relevant fields 4 Click Apply The IP Based ACL is defined and the device is updated Defining Rules Associated with IP ACL 1 Click Security Suite Access Control IP Based ACL The IP Based ACL Page opens 2 Click the ACL Rule button The Rules Associated with IP ACL Page o...

Page 90: ...efines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Actio...

Page 91: ...field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 TCP Flags Filters packets by TCP flag Filtered packets are either forwarded or dropped Filtering packets by TCP flags increases packet control which increases network security The possible field values are ICMP Indicates if ICMP packets are permitted on the networ...

Page 92: ...Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meets the ACL criteria and disables the port to which the packet was addressed Ports are reactivated from the Port Management page Defining ACL Binding When an ACL is bound to an interface all the ACE rules that have been defined are applied to the selected interface Whenever an ACL is assigned on a port or a LAG flows from ...

Page 93: ...curity Suite Access Control ACL Binding The ACL Binding Page opens 2 Click the Edit button The Bind ACL Page opens Bind ACL Page The Bind ACL Page contains the following fields Interface Indicates the interface to which the ACL is bound Select ACL Indicates the ACL which is bound the interface 3 Define the relevant fields 4 Click Apply ACL binding is defined and the device is updated Defining DOS ...

Page 94: ...e Denial of Service Protection Indicates if service is enabled If the service protection is disabled the Stacheldraht Distribution Invasor Trojan and Back Office Trojan fields are disabled Stacheldraht Distribution Discard TCP packets with source TCP port equal to 16660 Invasor Trojan Discard TCP packets with destination TCP port equal to 2140 and source TCP port equal to 1024 Back Office Trojan D...

Page 95: ...e contains the following fields IP Address Displays the IP addresses for which DOS attack is enabled Mask Displays the Mask for which DOS attack is enabled 2 Click the Add button The Add Martian Addresses Page opens Add Martian Addresses Page The Add Martian Addresses Page contains the following fields Include Reserved Martian Addresses Indicates that packets arriving from Martian addresses are dr...

Page 96: ...2 0 24 224 0 0 0 4 240 0 0 0 4 except 255 255 255 255 32 IP Address Enter the IP addresses for which DOS attack is enabled Mask Enter the Mask for which DOS attack is enabled Prefix Length Defines the IP route prefix for the destination IP 3 Define the relevant fields 4 Click Apply The martian addresses are added and the device is updated ...

Page 97: ... Configuring LACP Defining Port Settings The Port Settings Page contains fields for defining port parameters To define port settings 1 Click Bridging Port Management Port Settings The Port Settings Page opens Port Settings Page The Port Settings Page contains the following fields Copy from Entry Number Copies port information from the selected port to Entry Number s Copies port information to the ...

Page 98: ...his field cannot be configured on LAGs The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half Indicates that the interface supports transmission between the device and the client in only one direction at a time PVE Indicates that this port is protected by an uplink so that the forwarding decisio...

Page 99: ...ough the port Current Port Status Displays the port connection status Reactivate Suspended Port Reactivates a port if the port has been disabled through the locked port security option Operational Status Defines whether the port is currently operational or non operational Admin Speed The configured rate for the port The port type determines what speed setting options are available You can designat...

Page 100: ...ort is advertising a 10 mbps speed and full Duplex mode setting 100 Half Indicates that the port is advertising a 100 mbps speed and half Duplex mode setting 100 Full Indicates that the port is advertising a 100 mbps speed and full Duplex mode setting 1000 Indicates that the port is advertising a 1000 mbps speed and full Duplex mode setting Current Advertisement The port advertises its capabilitie...

Page 101: ...operly When two hubs or switches are connected to each other or two end stations are connected to each other a crossover cable is used to ensure that the correct pairs are connected The possible field values are MDIX Use for hubs and switches Auto Use to automatically detect the cable type MDI Use for end stations Current MDI MDIX Displays the current MDI MDIX setting LAG Defines if the port is pa...

Page 102: ...orts within a LAG must be the same media type A VLAN is not configured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control modes All ports in the LAG have the same priority All...

Page 103: ... LAG Displays the LAG number Name Displays the LAG name Link State Displays the link operational status Member Displays the ports configured to the LAG 2 Define the relevant fields 3 Click Apply Lag Management is defined and the device is updated Modifying Lag Membership 1 Click Bridging Port Management Lag Management The Lag Management Page opens 2 Click the Edit button The Edit LAG Membership Pa...

Page 104: ...defined 3 Define the relevant fields 4 Click Apply The Lag membership is defined and the device is updated Defining LAG Settings Link Aggregated Groups optimize port usage by linking a group of ports together to form a single aggregated group Link aggregated groups multiply the bandwidth between the devices increase port flexibility and provide link redundancy The Lag Settings Page contains fields...

Page 105: ...o Entry Number s Indicates the ports to which the port QoS information is copied LAG Displays the LAG Id number Description Displays the user defined port name Type The port types that comprise the LAG Status Indicates if the LAG is currently operating Speed The configured speed at which the LAG is operating Auto Negotiation The current Auto Negotiation setting Flow Control The user designated Flo...

Page 106: ...isabled through the locked port security option Operational Status Defines whether the LAG is currently operational or non operational Admin Auto Negotiation Enables or disables Auto Negotiation on the LAG Auto negotiation is a protocol between two link partners that enables a LAG to advertise its transmission rate duplex mode and flow control the flow control default is disabled abilities to its ...

Page 107: ...erface is connected advertises its capabilities to the LAG to start the negotiation process The possible values are those specified in the Admin Advertisement field Admin Speed The configured speed at which the LAG is operating Current LAG Speed The current speed at which the LAG is operating Admin Flow Control Enables or disables flow control or enables the auto negotiation of flow control on the...

Page 108: ...stacking member for which LACP information is defined Port Defines the port number to which timeout and priority values are assigned Port Priority Defines the LACP priority value for the port The field range is 1 65535 LACP Timeout Administrative LACP timeout The possible field values are Short Defines a short timeout value Long Defines a long timeout value This is the default value Modify LACP Pa...

Page 109: ... the port number to which timeout and priority values are assigned LACP Port Priority Defines the LACP priority value for the port The field range is 1 65535 LACP Timeout Administrative LACP timeout The possible field values are Short Defines a short timeout value Long Defines a long timeout value This is the default value 3 Define the relevant fields 4 Click Apply The LACP Parameters settings are...

Page 110: ...102 Chapter 5 Configuring Device Interfaces Configuring LACP SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 5 ...

Page 111: ...fic within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLA...

Page 112: ...e following fields VLAN ID Displays the VLAN ID VLAN Name Displays the user defined VLAN name Type Displays the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field ...

Page 113: ...s Page opens Authentication VLAN Settings Page The Authentication VLAN Settings Page contains information for enabling VLAN guest authentication and includes the following fields VLAN ID Displays the VLAN ID VLAN Name Displays the VLAN name Disable Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Enable Enables unauthorized users to use the ...

Page 114: ...ains the following fields VLAN ID Displays the VLAN ID VLAN Name Displays the VLAN name VLAN Type Indicates the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Port Indicates that ports are indicated in the page LAG Indicates that LAGs are indicated in th...

Page 115: ...Denies the interface VLAN membership even if GARP indicates the port is to be added 2 Define the relevant fields 3 Click Apply VLAN membership is defined and the device is updated Modifying VLAN Membership 1 Click Bridging VLAN Management Membership The VLAN Membership Page opens 2 Click the Edit button The Edit VLAN Membership Page opens Edit VLAN Membership Page The Edit VLAN Membership Page con...

Page 116: ...g Page The VLAN Interface Setting Page contains the following fields Port Indicates that ports are indicated in the page LAG Indicates that LAGs are indicated in the page Of Unit Displays the stacking member for which the VLAN parameters are displayed Interface The port number included in the VLAN Interface VLAN Mode Indicates the port mode Possible values are General The port belongs to VLANs and...

Page 117: ...ch do not include an ingress port 2 Define the relevant fields 3 Click Apply The VLAN Interface Settings are defined and the device is updated Modifying VLAN Interface Settings 1 Click Bridging VLAN Management Interface Setting The VLAN Interface Setting Page opens 2 Click the Edit button The VLAN Interface Settings Page opens VLAN Interface Settings Page The VLAN Interface Settings Page contains ...

Page 118: ...to the Discard VLAN are dropped Frame Type Packet type accepted on the port Possible values are Admit Tag Only Indicates that only tagged packets are accepted on the port Admit All Indicates that both tagged and untagged packets are accepted on the port Ingress Filtering Enables or disables Ingress filtering on the port Ingress filtering discards packets which do not include an ingress port 3 Defi...

Page 119: ...mation as the ports but represent the LAG GVRP information 1 Click Bridging VLAN Management GVRP Settings The GVRP Settings Page opens GVRP Settings Page The GVRP Settings Page contains the following fields GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the selected device Disable Disables GVRP on the selected device Copy from Ent...

Page 120: ...istration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device 2 Define the relevant fields 3 Click Apply The GVRP Settings are defined and the device is updated Modifying GVRP Settings 1 Click Bridging VLAN Management GVRP Settings The GVRP Settings Page op...

Page 121: ...n is enabled on the interface The possible field values are Enable Enables Dynamic VLAN creation on the interface Disable Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device 3 Define the rele...

Page 122: ...This setting is relevant only in Layer 2 mode 1 Click Bridging VLAN Management Protocol Group The Protocol Group Page opens Protocol Group Page The Protocol Group Page contains the following fields Frame Type Displays the packet type Possible field values are Ethernet RFC1042 and LLC Other Protocol Value Displays the User defined protocol name Group ID Hex Defines the Protocol group ID to which th...

Page 123: ... as follows Protocol Value The value is entered in Hex format Ethernet Based Protocol Value The value is selected as either IP IPX IPv6 or ARP Group ID Hex Defines the Protocol group ID to which the interface is added 3 Define the relevant fields 4 Click Apply The Protocol Group is added and the device is updated Modifying Protocol Groups The Edit Protocol Group Page provides information for confi...

Page 124: ...is updated Protocol Port The Protocol Port Page adds interfaces to Protocol groups To define the protocol port 1 Click Bridging VLAN Management Protocol Port The Protocol Port Page opens Protocol Port Page The Protocol Port Page contains the following fields Interface Port or LAG number added to a protocol group Protocol Group ID Protocol group ID to which the interface is added Protocol group IDs...

Page 125: ...otocol Port to VLAN Page contains the following fields Interface Port or LAG number added to a protocol group Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID VLAN Name Attaches the interface to a user defined VLAN Name 3 Define the relevant fields 4 Click Apply The protoco...

Page 126: ...118 Chapter 6 Configuring VLANs Protocol Port SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 6 ...

Page 127: ...00 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 7 Configuring IP Information This section provides information for defining device IP addresses and includes the following topics Domain Name System Configuring Layer 2 Configuring Layer 3 ...

Page 128: ...resses The Domain Name System contains the following windows Defining DNS Server Host Mapping Defining DNS Server The DNS Servers Page contains fields for enabling and activating specific DNS servers To enable a DNS client 1 Click System System Management Domain Name System DNS Servers The DNS Servers Page opens DNS Servers Page The DNS Servers Page contains the following fields Enable DNS Enables...

Page 129: ...server list DNS Server Displays the DNS server s IP address Active Server Specifies the DNS server that is currently active 2 Click the Add button The Add DNS Server Page opens Add DNS Server Page The Add DNS Server Page allows system administrators to define new DNS servers The Add DNS Server Page page contains the following fields DNS Server Displays the DNS server s IP address DNS Server Curren...

Page 130: ...m Management Domain Name System Host Mapping The Host Mapping Page opens Host Mapping Page The Host Mapping Page contains the following fields Host Names Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters IP Address Displays the DNS host IP address 2 Click the Add button The ...

Page 131: ...age contains the following fields Host Name Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters IP Address Displays the DNS host IP address 3 Define the relevant fields 4 Click Apply The DNS Host settings are defined and the device is updated ...

Page 132: ...tatic address This prevents disconnecting from the network during a Stacking Master switchover This section provides information for configuring Layer 2 features and includes the following topics Configuring IP Addressing Defining IP Routing Configuring IP Addressing The IP Addressing subsection contains the following pages IP Interface ARP IP Interface The IP Interface Page contains fields for as...

Page 133: ...Address Indicates the IP address Network Mask Displays the currently configured IP address mask Prefix Length Specifies the number of bits that comprise the source IP address prefix or the network source IP address mask User Defined Default Gateway Defines the default gateway IP address Active Default Gateway Indicates if the default gateway is active Remove User Defined Removes the selected IP ad...

Page 134: ...t Defines the amount of time seconds that pass between ARP requests about an ARP table entry After this period the entry is deleted from the table The range is 1 40000000 where zero indicates that entries are never cleared from the cache The default value is 60 000 seconds Clear ARP Table Entries Indicates the type of ARP entries that are cleared on all devices The possible values are None ARP ent...

Page 135: ...he Add ARP button The ARP Settings Page opens ARP Settings Page The ARP Settings Page contains the following fields Interface Indicates the interface connected to the device IP Address Indicates the station IP address which is associated with the MAC address filled in below MAC Address Indicates the station MAC address which is associated in the ARP table with the IP address 3 Define the relevant ...

Page 136: ...s Indicates the station IP address which is associated with the MAC address filled in below MAC Address Indicates the station MAC address which is associated in the ARP table with the IP address Status Indicates the ARP Table entry status Possible field values are Dynamic Indicates the ARP entry was learned dynamically Static Indicates the ARP entry is a static entry 3 Define the relevant fields C...

Page 137: ...ith the next hop of 0 0 0 0 The Default Route is defined in the IP Routing Page This section provides information for configuring Layer 3 features and includes the following topics Configuring IP Addressing Defining IP Routing Configuring IP Addressing The IP Addressing subsection contains the following pages IP Interface ARP Proxy UDP Relay DHCP Relay ARP IP Interface The IP Interface Page contai...

Page 138: ...lly or added dynamically Remove Removes the selected IP address from the interface The possible field values are Checked Removes the IP address from the interface Unchecked Maintains the IP address assigned to the Interface A table containing the IP Interface configurations is displayed containing the following fields IP Address Defines the system IP address Mask Displays the currently configured ...

Page 139: ...ce IP Address Defines the source IP Address Static IP Address Defines the system IP address Network Mask Displays the currently configured IP address mask Prefix Length Specifies the number of bits that comprise the source IP address prefix or the network source IP address mask Modifying IP Interfaces 1 Click System System Management IP Addressing IP Interface The IP Interface Page opens 2 Click t...

Page 140: ...at comprise the source IP address prefix or the network source IP address mask Interface Defines the system IP address Type Indicates if the IP address has been configured statically or added dynamically 3 Modify the relevant fields 4 Click Update The IP Interface Settings are modified and the device is updated ARP Proxy The Address Resolution Protocol ARP is a TCP IP protocol that converts IP add...

Page 141: ...equests for located nodes If disabled the device responds with its own MAC address 2 Enable ARP Proxy 3 Click Apply Arp Proxy is enabled and the device is updated UDP Relay The UDP Relay allows UDP packets to reach other networks This feature enables browsing from workstations to servers on different networks The UDP Relay Page contains the following fields 1 Click System System Management IP Addr...

Page 142: ...P packets from all interfaces are relayed The following address ranges are 0 0 0 0 to 0 255 255 255 127 0 0 0 to 127 255 255 255 UDP Destination Port Indicate the destination UDP port ID number of the relayed UDP packets The following table lists UDP Port allocations UDP Port Number UDP Port Number Acronym Application 7 Echo Echo 11 SysStat Active User 15 NetStat Netstat 17 Quote Quote of the day ...

Page 143: ...P interface that relays UDP packets If this field is 255 255 255 255 UDP packets from all interfaces are relayed The following address ranges are 0 0 0 0 to 0 255 255 255 43 NICNAME Who is 53 DOMAIN Domain Name Serve 69 FTP Trivial File Transfer 111 SUNRPC Sun Microsystems Rpc 123 NTP Network Time 123 NTP Network Tim 137 NetBiosNameService NT Server to StationConnections 138 NetBiosDatagramService...

Page 144: ...d the device is updated DHCP Relay The DHCP Relay Page provides information for establishing a DHCP configuration with multiple DHCP servers to ensure redundancy IP Addresses are controlled and distributed one by one to avoid overloading the device 1 Click System System Management IP Addressing DHCP Relay The DHCP Relay Page opens DHCP Relay Page The DHCP Relay Page contains the following fields D...

Page 145: ...is allows local DHCP Servers to respond first 3 Define the relevant field 4 Click Apply THe DHCP Server is added and the device is updated ARP The Address Resolution Protocol ARP is a TCP IP protocol that converts IP addresses into physical addresses The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address The ARP table can be filled in statically b...

Page 146: ... seconds Clear ARP Table Entries Indicates the type of ARP entries that are cleared on all devices The possible values are None ARP entries are not cleared All All ARP entries are cleared Dynamic Only dynamic ARP entries are cleared Static Only static ARP entries are cleared Interface Indicates the interface connected to the device IP Address Indicates the station IP address which is associated wi...

Page 147: ... Interface Indicates the interface connected to the device IP Address Indicates the station IP address which is associated with the MAC address filled in below MAC Address Indicates the station MAC address which is associated in the ARP table with the IP address 3 Define the relevant fields 4 Click Apply The ARP Settings are defined and the device is updated Modifying ARP Settings 1 Click System S...

Page 148: ... below MAC Address Indicates the station MAC address which is associated in the ARP table with the IP address Status Indicates the ARP Table entry status Possible field values are Dynamic Indicates the ARP entry was learned dynamically Static Indicates the ARP entry is a static entry 3 Define the relevant fields 4 Click Apply The ARP Settings are modified and the device is updated Defining IP Rout...

Page 149: ...he destination IP The prefix length must be preceded by a forward slash Next Hop Indicates the next hop s IP address or IP alias on the route Route Type Defines the route type The possible field values are Reject Rejects the route and stops routing to the destination network via all gateways Remote Indicates the route is a remote path Metric Indicates the administrative distance to the next hop Th...

Page 150: ...ion IP The prefix length must be preceded by a forward slash Next Hop Indicates the next hop s IP address or IP alias on the route Route Type Defines the route type The possible field values are Reject Rejects the route and stops routing to the destination network via all gateways Remote Indicates the route is a remote path Metric Indicates the administrative distance to the next hop The range is ...

Page 151: ...d as packets from sources arrive at the device Addresses are associated with ports by learning the ports from the frames source address Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN Static addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no tr...

Page 152: ...age opens Static Page The Static Page contains the following fields VLAN ID Displays the VLAN ID number to which the entry refers MAC Address Displays the MAC address to which the entry refers Interface Displays the interface to which the entry refers Port The specific port number to which the forwarding database parameters refer LAG The specific LAG number to which the forwarding database paramet...

Page 153: ...abase parameters refer LAG The specific LAG number to which the forwarding database parameters refer MAC Address Displays the MAC address to which the entry refers VLAN ID Displays the VLAN ID number to which the entry refers VLAN Name Displays the VLAN name to which the entry refers Status Displays how the entry was created The possible field values are Permanent The MAC address is permanent Dele...

Page 154: ...ic MAC Address table contains information about the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic MAC Address table The Dynamic MAC Address table contains address parameters by which packets are directly forwarded to the ports The Dynamic Address Table can be sorted by interface VLAN and MAC Address 1 Click Bridging Address Tables Dy...

Page 155: ...e MAC address for which the table is queried VLAN ID Specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by address VLAN or interface 2 Define the relevant fields 3 Click Apply Dynamic addressing is defined and the device is updated ...

Page 156: ...148 Chapter 8 Defining Address Tables Defining Dynamic Addresses SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 8 ...

Page 157: ...GMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines Which ports want to join which Multicast groups Which ports have Multicast routers generating IGMP queries Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This res...

Page 158: ... Specifies the VLAN ID IGMP Snooping Status Indicates if IGMP snooping is enabled on the VLAN The possible field values are Enable Enables IGMP Snooping on the VLAN Disable Disables IGMP Snooping on the VLAN Host Timeout Indicates the amount of the time the Host waits to receive a message before it times out The default value is 260 seconds MRouter Timeout Indicates the amount of the time the Mult...

Page 159: ...e contains the following fields VLAN ID Specifies the VLAN ID IGMP Status Enable Indicates if IGMP snooping is enabled on the VLAN The possible field values are Enable Enables IGMP Snooping on the VLAN Disable Disables IGMP Snooping on the VLAN Auto Learn Indicates if Auto Learn is enabled on the device If Auto Learn is enabled the devices automatically learns where other Multicast groups are loca...

Page 160: ... displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group Ports can be added either to existing groups or to new Multicast service groups The Multicast Group Page permits new Multicast service groups to be created The Multicast Group Page also assigns ports t...

Page 161: ...s The options are as follows Static Attaches the port to the Multicast group as static member in the Static Row The port LAG has joined the Multicast group statically in the Current Row Forbidden Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group Non The port is not part of a Multicast group 2 Click the Add button The Add Multic...

Page 162: ...lays the port attached to the Multicast Group Interface Status Displays the interface status The options are as follows Static Attaches the port to the Multicast group as static member in the Static Row The port LAG has joined the Multicast group statically in the Current Row Forbidden Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicas...

Page 163: ... Forward Page opens Multicast Forward Page The Multicast Forward Page contains the following fields VLAN ID Displays the VLAN ID Ports Indicates the port number on which Multicast service is configured LAGs Indicates the LAG number on which Multicast service is configured Of Unit Displays the stacking member for which the Multicast service parameters are displayed Interface Displays the port attac...

Page 164: ...g 1 Click Bridging Multicast Forward The Multicast Forward Page opens 2 Click the Edit button The Edit Multicast Forward All Page opens Edit Multicast Forward All Page The Edit Multicast Forward All Page contains the following fields VLAN ID Displays the VLAN ID Interface Displays the port or LAG attached to the Multicast Group Interface Status Displays the interface status 3 Define the relevant f...

Page 165: ...ncy The device supports the following Spanning Tree versions Classic STP Provides a single path between end stations avoiding and eliminating loops Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops Multiple STP Provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition...

Page 166: ...ies Page opens STP Properties Page The STP Properties Page contains the following fields The Global Settings area contains the following fields Spanning Tree State Indicates if STP is enabled on the device The possible field values are Enable Enables STP on the device This is the default value Disable Disables STP on the device STP Operation Mode Indicates the STP mode by which STP is enabled on t...

Page 167: ...ime Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a root bridge waits between configuration messages The default is 2 seconds The range is 1 to 10 seconds Max Age Specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds a bridge waits before sending configuration messages The default max age is 20 seconds The range ...

Page 168: ... Settings Page contains the following fields Ports Indicates the port number on which Spanning Tree is configured LAGs Indicates the LAG number on which Spanning Tree is configured Of Unit Displays the stacking member for which the Spanning Tree parameters are displayed Port Indicates the port or LAG on which STP is enabled STP Indicates if STP is enable on the port The possible field values are E...

Page 169: ... forward traffic and learn new MAC addresses Port Role Displays the port role assigned by the STP algorithm to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to the root switch Designated The port or LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface...

Page 170: ...t fields 3 Click Apply STP is enabled on the interface and the device is updated Modifying Interface Settings 1 Click Bridging Spanning Tree Interface Settings The Interface Settings Page opens 2 Click the Edit button The Interface Settings Page opens Interface Settings Page The Interface Settings Page contains the following fields Ports Indicates the port number on which Spanning Tree is configur...

Page 171: ...is in Forwarding mode The port can forward traffic and learn new MAC addresses Speed Indicates the speed at which the port is operating Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Default Path Cost Indicates the default path cost Priority Priority value of the port The...

Page 172: ...e without creating forwarding loops 1 Click Bridging Spanning Tree RSTP The RSTP Page opens RSTP Page The RSTP Page contains the following fields Ports Indicates the port number on which RSTP is configured LAGs Indicates the LAG number on which RSTP is configured Of Unit Displays the stacking member for which the RSTP parameters are displayed Interface Displays the port or LAG on which Rapid STP i...

Page 173: ...ce Rapid STP Indicates that Rapid STP is enabled on the device Multiple STP Indicates that Multiple STP is enabled on the device Fast Link Indicates if Fast Link is enabled or disabled for the port or LAG If Fast Link is enabled for a port the port is automatically placed in the forwarding state Port Status Indicates if RSTP is enabled on the interface The possible field values are Enable Indicate...

Page 174: ...ard the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled Indicates the port is not participating in the Spanning Tree Mode Indicates the current Spanning Tree mode The Spanning Tree mode is selected in the Global STP page The possible fie...

Page 175: ...ilities are negotiated as needed by the LCP the originating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link o...

Page 176: ...lancing scenarios For example while port A is blocked in one STP instance the same port is placed in the Forwarding State in another STP instance The MSTP Properties page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops The MSTP section contains the following pages Defining MSTP Properties Instance to VLAN Instance Settings Interface Set...

Page 177: ...n Name Provides a user defined STP region name Revision Defines unsigned 16 bit number that identifies the revision of the current MST configuration The revision number is required as part of the MST configuration The possible field range 0 65535 Max Hops Indicates the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port information ...

Page 178: ...nce to VLAN The Instance to VLAN Page opens Instance to VLAN Page The Instance to VLAN Page contains the following fields VLAN Indicates the VLAN for which the MSTP instance ID is defined Instance ID Indicates the MSTP instance ID assigned to the VLAN Instance Settings Network Administrators can define MSTP Instances settings using the MSTP Instance Settings Page 1 Click Bridging Spanning Tree MST...

Page 179: ... one instance Bridge Priority Specifies the selected spanning tree instance device priority The field range is 0 61440 Designated Root Bridge ID Indicates the ID of the bridge with the lowest path cost to the instance ID Root Port Indicates the selected instance s root port Root Path Cost Indicates the selected instance s path cost Bridge ID Indicates the bridge ID of the selected instance Remaini...

Page 180: ...5 Interface Displays the interface for which the MSTP settings are displayed The possible field values are Port Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed Port State Indicates whether the port is enabled for the specific instance The possible field values are Enable Enables the port for the specific instance Disable ...

Page 181: ...p by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled Indicates the port is not participating in the Spanning Tree Mode Indicates the current Spanning Tree mode The Spanning Tree mode is selected in the Global STP page The possible field values are Classic STP Indicates that Classic STP is enabled on the device Rapid STP In...

Page 182: ...ates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated Indicates the port or LAG via which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated...

Page 183: ...tribution to the Spanning Tree instance The range should always be 1 200 000 000 Port State Indicates whether the port is enabled for the specific instance The possible field values are Enable Enables the port for the specific instance Disable Disables the port for the specific instance Forwarding Enables forwarding all multicast packets on a port Designated Cost Indicates that the default path co...

Page 184: ...176 Chapter 10 Configuring Spanning Tree Defining Multiple Spanning Tree SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 10 ...

Page 185: ...on User Security Model USM is defined for SNMPv3 and includes Authentication Provides data integrity and data origin authentication Privacy Protects against disclosure message content Cipher Bock Chaining CBC is used for encryption Either authentication is enabled on an SNMP message or both authentication and privacy are enabled on a SNMP message However privacy cannot be enabled without authentic...

Page 186: ...1 Click System SNMP Security Engine IP The Engine ID Page opens Engine ID Page The Engine ID Page contains the following fields Local Engine ID 10 64 Hex characters Indicates the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings consists of two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined ...

Page 187: ...the MAC address that follows Last 6 octets MAC address of the device Defining SNMP Views SNMP Views provide access or block access to device features or feature aspects For example a view can be defined that states that SNMP Group A has Read Only R O access to Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ...

Page 188: ...ng and configuring new SNMP view The Add SNMP View Page contains the following fields View Name Displays the user defined views The options are as follows Default Displays the default SNMP view for read and read write views DefaultSuper Displays the default SNMP view for administrator views Subtree ID Tree Indicates the device feature OID included or excluded in the selected SNMP view The options ...

Page 189: ...work managers to assign access rights to specific device features or feature aspects 1 Click System SNMP Security Users The SNMP Users Page opens SNMP Users Page The SNMP Users Page contains the following fields User Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters Group Name Displays the user defined group to which access contro...

Page 190: ...e Contains a list of user defined SNMP groups SNMP groups are defined in the SNMP Group Profile page Authentication Method Indicates the Authentication method used The possible field values are MD5 Key Users are authenticated using the HMAC MD5 algorithm SHA Key Users are authenticated using the HMAC SHA 96 authentication level MD5 Password The HMAC MD5 96 password is used for authentication The u...

Page 191: ...od or colon Define SNMP Groups The SNMP Groups Profile Page provides information for creating SNMP groups and assigning SNMP access control privileges to SNMP groups Groups allow network managers to assign access rights to specific device features or features aspects 1 Click System SNMP Security Groups The SNMP Groups Profile Page opens SNMP Groups Profile Page The SNMP Groups Profile Page contain...

Page 192: ...ricted to read only and changes cannot be made to the assigned SNMP view Write The management access is read write and changes can be made to the assigned SNMP view Notify Sends traps for the assigned SNMP view 2 Click the Add button The Add SNMP Group Profile Page opens Add SNMP Group Profile Page The Add SNMP Group Profile Page allows network managers to define new SNMP Group profiles The Add SN...

Page 193: ... to 30 characters Security Model Defines the SNMP version attached to the group Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only Operation Defines the group access rights The options for each operation Read Write and Notify are as follows Default Defines the default group access rights DefaultSuper Defines the default group access rights for admi...

Page 194: ...n IP address for which the basic SNMP community is defined Community String Displays the password used to authenticate the management station to the device Access Mode Displays the access rights of the community View Name Displays the user defined SNMP view The SNMP Communities Advanced Table area contains the following fields Management Station Displays the management station IP address for which...

Page 195: ...station to the device Basic Enables SNMP Basic mode for a selected community and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to...

Page 196: ...Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the communit...

Page 197: ...ng Trap Settings 1 Click System SNMP Security Trap Management Trap Settings The Trap Settings Page opens Trap Settings Page The Trap Settings Page contains the following fields Enable SNMP Notification Specifies whether the device can send SNMP notifications The possible field values are Enable Enables SNMP notifications Disable Disables SNMP notifications Enable Authentication Notification Specif...

Page 198: ...gement Page The Station Management Page contains two areas the SNMPv1 2 Notification Recipient and the SNMPv3 Notification Recipient table The SNMPv1 2 Notification Recipient table area contains the following fields Recipients IP Indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Ind...

Page 199: ...e Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent User Name Displays the SNMP Communities Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authentication Indicates the packet is authenticated Pri...

Page 200: ...ss Control Checks The Add SNMP Notification Recipient Page contains the following fields Recipient IP Indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent The SNMPv1 2 Notification Recipient area contains the following fields SNMPv1 2 Enables SNMPv1 2 as the ...

Page 201: ...icated Privacy Indicates the packet is both authenticated and encrypted The UDP Port Notification Recipient area contains the following fields UDP Port Displays the UDP port used to send notifications The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the amount of time seconds the device waits before re sending informs T...

Page 202: ...ent Either SNMPv1 2 or SNMPv3 can be enabled at any one time but not both at the same time If SNMPv1 2 is enabled the Community String and Notification Version fields are enabled for configuration Community String SNMP v1 2 Identifies the community string of the trap manager Notification Version SNMP v1 2 Determines the trap type The possible field values are SNMP V1 Indicates SNMP Version 1 traps...

Page 203: ...vacy Indicates the packet is both authenticated and encrypted The UDP Port Notification Recipient area contains the following fields UDP Port Displays the UDP port used to send notifications The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the amount of time seconds the device waits before re sending informs The default...

Page 204: ...s Filter Name Contains a list of user defined notification filters Object ID Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List there are two configuration options Select from List Select the OID from the l...

Page 205: ...cations are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List there are two configuration options Select from List Select the OID from the list provided Object ID Enter an OID not offered in the Select from List option Filter Type Indicates whether informs o...

Page 206: ...198 Chapter 11 Configuring SNMP Defining Trap Management SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 11 ...

Page 207: ...context CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 802 1p service that classifies flows according to their Layer 2 priority as set in the VLAN header QoS refers to Layer 2 traffic and above QoS handles per flow settings even within a single t...

Page 208: ...apter 12 Defining General Settings Defining Advanced Mode Defining QoS Basic Mode The section also contains the following pages Configuring Policy Table Defining General Settings The QoS General Settings section contains the following pages Defining CoS Defining Queue Mapping CoS to Queue Mapping DSCP to Queue Configuring Bandwidth ...

Page 209: ...de Indicates if QoS is enabled on the interface The possible values are Advanced Enables Advanced mode QoS on the interface Basic Enables QoS on the interface Disable Disables QoS on the interface Ports Displays the ports CoS configuration LAGs Displays the LAGs CoS configuration Of Unit Displays the stacking member for which the CoS parameters are displayed Interface Indicates the interface for w...

Page 210: ... Priority Page opens Edit Interface Priority Page The Edit Interface Priority Page contains the following fields Interface Indicates the port or LAG name Set Default User Priority Defines the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 3 Modify the Interface priority 4 Click Apply The Interface priority is set an...

Page 211: ...ased strictly on the queue priority WRR Indicates that traffic scheduling for the selected queue is based strictly on the WRR Queue Displays the queue for which the queue settings are displayed The possible field range is 1 4 WRR Weight Displays the WRR weights to queues of WRR Bandwidth Displays the amount of bandwidth assigned to the queue These values are fixed and are not user defined 2 Define...

Page 212: ...e contains the following fields Restore Defaults Restores all queues to the default CoS settings Class of Service Specifies the CoS VLAN CoS priority tag values where zero is the lowest and 8 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported where Queue 4 is the highest and Queue 1 is the lowest 2 Define the rel...

Page 213: ...ing packet Queue Maps the DSCP value to the selected queue 2 Define the relevant fields 3 Click Apply DSCP to queues are mapped and the device is updated Configuring Bandwidth The Bandwidth Page allows network managers to define the bandwidth settings for a specified egress interface Modifying queue scheduling affects the queue settings globally The Bandwidth page is not used with the Service mode...

Page 214: ... rate limiting is defined on the interface The possible field values are Enable Enables ingress rate limiting on the interface Disable Disables ingress rate limiting on the interface Rate Limit Defines the amount of bandwidth assigned to the interface The possible field values are 62 1000000 Kbps Committed Information Rate CIR Defines CIR as the queue shaping type The possible field value is 64 1 ...

Page 215: ...tes if rate limiting is enabled on the interface Committed Information Rate CIR Defines CIR as the queue shaping type The possible field value is 4096 1 000 000 Kbs Note This field is not supported on FE ports Committed Burst Size CbS Defines CBS as the queue shaping type The possible field value is 4096 16 769 020 bits Ingress Rate Limit Status Indicates if rate limiting is defined on the interfa...

Page 216: ...plied in the sequence they appear within the policy Only a single policy can be attached to a port In advanced QoS mode ACLs can be applied directly to an interface However a policy and ACL cannot be simultaneously applied to an interface After assigning packets to a specific queue services such as configuring output queues for the scheduling scheme or configuring output shaping for burst size CIR...

Page 217: ...g fields DSCP In Indicates the Differentiated Services Code Point value in the incoming packet DSCP Out Indicates the Differentiated Services Code Point value in the outgoing packet Defining Class Mapping The Defining Class Mapping page enables mapping DSCP values from incoming packets to DSCP values in outgoing packets 1 Click Quality of Service Advanced Class Mapping The Class Mapping Page opens...

Page 218: ...he user defined ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are And Both the MAC based and the IP based ACL must match a packet Or Either the MAC based or the IP based ACL must match a packet ACL2 Contains a list of the user defined ACLs 2 Click he Add button The Add QoS Class Map Page opens Add QoS Class Map Page The Add QoS ...

Page 219: ...IP based ACLs first then matches packets to MAC based ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are And Both the MAC based and the IP based ACL must match a packet Or Either the MAC based or the IP based ACL must match a packet MAC ACL Matches packets to MAC based ACLs first then matches packets to IP based ACLs 3 Define the...

Page 220: ...packets exceeding the defined CIR value 2 Click the Add button The Add QoS Aggregate Policer Page opens Add QoS Aggregate Policer Page The Add QoS Aggregate Policer Page contains the following fields Aggregate Policer Name Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second This field is only relevant when the Police value is Single Ingres...

Page 221: ...mmitted Information Rate CIR Defines the CIR in bits per second This field is only relevant when the Police value is Single Ingress Committed Burst Size CBS Defines the CBS in bytes per second This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are...

Page 222: ...ble Page opens Policy Table Page The Policy Table Page contains the following fields Policy Name Displays the user defined policy name 2 Click the Add button The Add QoS Policy Profile Page opens Add QoS Policy Profile Page The Add QoS Policy Profile Page contains the following fields New Policy Name Displays the user defined policy name Class Map Displays the user defined class maps which can be ...

Page 223: ...can be configured for policing purposes An aggregate policer can be applied to multiple classes in the same policy map but cannot be used across different policy maps Single Configures the class to use manually configured information rates and exceed actions Aggregate Policer Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second This field i...

Page 224: ... QoS Settings By designating trust it is possible to trust only incoming traffic with certain DSCP values Set Manually configures the Trust Police Enables Policer functionality Type Policer type for the policy Possible values are Aggregate Configures the class to use a configured aggregate policer selected from the drop down menu An aggregate policer is defined if the policer is shared with multip...

Page 225: ...ckets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards packets exceeding the defined CIR value 2 Define the relevant fields 3 Click Apply The QoS policy profile is defined and the device is updated Defining Policy Binding 1 Click Quality of Service Advanced Policy Binding The Policy Binding Page opens Policy Binding Page The Pol...

Page 226: ...lds 4 Click Apply The QoS Policy Binding is defined and the device is updated Modifying QoS Policy Binding Settings 1 Click Quality of Service Advanced Policy Binding The Policy Binding Page opens 2 Click the Edit button The Edit QoS Policy Binding Page opens Edit QoS Policy Binding Page The Edit QoS Policy Binding Page contains the following fields Interface Displays the interface to which the en...

Page 227: ...ains the following fields Trust Mode Displays the trust mode If a packet s CoS tag and DSCP tag and TCP UDP mapping are mapped to different queues the Trust Mode determines the queue to which the packet is assigned Possible values are CoS Sets trust mode to CoS on the device The CoS mapping determines the packet queue DSCP Sets trust mode to DSCP on the device The DSCP mapping determines the packe...

Page 228: ...ng DSCP values from incoming packets to DSCP values in outgoing packets The DSCP Mapping Page contains the following fields DSCP In Indicates the Differentiated Services Code Point value in the incoming packet DSCP Out Indicates the Differentiated Services Code Point value in the outgoing packet 3 Define the DSCP mappings 4 Click Apply The DSCP mappings are defined and the device is updated ...

Page 229: ... are added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file Backup Configuration Fi...

Page 230: ...n upgrade function Backup Specifies the firmware upgrade is a backup function File Type Specifies the destination file type to which to the file is downloaded The possible field values are Software Image Downloads the Image file Boot Code Downloads the Boot file TFTP Server Specifies the TFTP Server IP Address from which files are downloaded Source File Specifies the file to be downloaded Destinat...

Page 231: ...ontains the following fields Upgrade Specifies the firmware upgrade is an upgrade function Backup Specifies the firmware upgrade is a backup function File Type Specifies the Configuration file to be saved TFTP Server Specifies the TFTP Server IP Address from which file is downloaded Source File Specifies the file to be downloaded Destination File Specifies the saved file name 2 Define the relevant...

Page 232: ...Upgrade master and copy master image to units across the stack These steps can be done from the Menu Based CLI or from the web interface a Copy image from TFTP to master b Change active image on master c Reboot master d Copy from master to rest of units e Change active of rest of units f Reload only rest of units and not master NOTE If there is a backup master in the stack it takes over as master ...

Page 233: ...are Indicates the Stacking Master configuration file to copy The possible field values are Source Copies the current Stacking Master s firmware Destination Unit Defines the stacking member to which the firmware is downloaded Copy Configuration Indicates the device configuration to be copied Source File Name Indicates the configuration file copied Destination File Name Defines the stacking member t...

Page 234: ... which the Image file is selected Active Image Indicates the Image file which is currently active on the unit After Reset The Image file which is active on the unit after the device is reset The possible field values are Image 1 Activates Image file 1 after the device is reset Image 2 Activates Image file 2 after the device is reset 2 Define the relevant fields 3 Click Apply Active image is define...

Page 235: ...ge mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event logging This section contains the following pages Enabling System Logs Viewing the Device Memory Logs Viewing the Flash Logs Viewing Remote Logs Enabling System...

Page 236: ...te attention Critical The system is in a critical state Error A system error has occurred Warning A system warning has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support Console Provides information about logs saved to the ...

Page 237: ...in RAM Cache To open the Memory Page 1 Click Admin Logs Memory The Memory Page opens Memory Page The Memory Page contains all system logs in a chronological order that are saved in RAM Cache The Memory Page contains the following fields Log Index Displays the log number Log Time Displays the time at which the log was generated Severity Displays the log severity Description Displays the log message...

Page 238: ...nd a description of the log message The Message Log is available after reboot To view the Flash Logs 1 Click Admin Logs Flash The Flash Page opens Flash Page The Flash Page contains the following fields Log Index Displays the log number Log Time Displays the time at which the log was generated Severity Displays the log severity Description Displays the log message text Clearing Message Logs Messag...

Page 239: ...ort to which the server logs are sent The possible range is 1 to 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The fi...

Page 240: ...re sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Minimum Severity Indicates the minimum s...

Page 241: ... logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Severity to Include Indicates the...

Page 242: ...234 Chapter 14 Managing System Logs Viewing the Device Memory Logs SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 14 ...

Page 243: ...assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The device operates only as an SNTP client and cannot provide time services to other systems This section provides information for configuring different system time aspects including Defining System Time Defining SNTP Settings Defining SNTP Authentication ...

Page 244: ...Indicates the source used to set the system clock The possible field values SNTP Sets the system time is set via an SNTP server Local Settings Sets that the system time is not set by an external source This is the default value Date Indicates the system date The field format is Day Month Year for example 04 May 2050 Local Time Indicates the system time The field format is HH MM SS for example 21 1...

Page 245: ...31 Month The month of the year in which DST begins The possible field range is Jan Dec Year The year in which the configured DST begins Time The time at which DST begins The field format is Hour Minute for example 05 30 To Indicates the time that DST ends in countries other than USA or Europe in the format DayMonthYear in one field and time in another For example DST ends on the 23rd March 2008 12...

Page 246: ...urday Week The week within the month at which DST ends every year The possible field range is 1 5 Month The month of the year in which DST ends every year The possible field range is Jan Dec Time The time at which DST ends every year The field format is Hour Minute for example 05 30 2 Define the relevant fields 3 Click Apply The Time Settings are defined and the device is updated Defining SNTP Set...

Page 247: ... are Primary The primary server provides SNTP information Secondary The backup server provides SNTP information In progress The SNTP server is currently sending or receiving SNTP information Unknown The progress of the SNTP information currently being sent is unknown For example the device is currently looking for an interface Status The operating SNTP server status The possible field values are U...

Page 248: ...olls the selected SNTP server for system time information Encryption Key ID Indicates the Key Identification used to communicate between the SNTP server and device The range is 1 4294967295 3 Define the relevant fields 4 Click Apply The SNTP Server is added and the device is updated Defining SNTP Authentication The SNTP Authentication Page provides parameters for defining the means by which the SN...

Page 249: ...ible field values are Checked Authenticates SNTP sessions between the device and SNTP server Unchecked Disables authenticating SNTP sessions between the device and SNTP server Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 characters Authentication Key Displays the key used for authentication Trusted Key Indicate...

Page 250: ...Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 characters Authentication Key Displays the key used for authentication Trusted Key Indicates the encryption key used Unicast Anycast or elected Broadcast to authenticate the SNTP server 3 Define the relevant fields 4 Click Apply The SNTP Authentication is defined and...

Page 251: ...et Statistics Managing RMON Statistics Viewing Ethernet Statistics The Ethernet section contains the following pages Defining Ethernet Interface Viewing Etherlike Statistics Viewing GVRP Statistics Viewing EAP Statistics Defining Ethernet Interface The Interface Page contains statistics for both received and transmitted packets The Interface Page is divided into three areas General Information Rec...

Page 252: ...asses before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Ethernet statistics are refreshed every 15 seconds 30 Sec Indicates that the Ethernet statistics are refreshed every 30 seconds 60 Sec Indicates that the Ethernet statistics are refreshed every 60 seconds No Refresh Indicates that the Ethernet statistics are not refreshed The Receive Statist...

Page 253: ...shed This number includes bad packets and FCS octets but excludes framing bits Unicast Packets Displays the number of good Unicast packets transmitted on the interface since the device was last refreshed Multicast Packets Displays the number of good Multicast packets transmitted on the interface since the device was last refreshed Broadcast Packets Displays the number of good broadcast packets tra...

Page 254: ...the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Etherlike statistics are not ...

Page 255: ...ys the number of internal MAC received errors on the selected interface Receive Pause Frames Displays the number of received paused frames on the selected interface Transmitted Pause Frames Displays the number of paused frames transmitted from the selected interface Resetting Etherlike Statistics Counters 1 Click Statistics Ethernet Etherlike The Etherlike Page opens 2 Click the Clear Counters but...

Page 256: ...ics are displayed LAG Indicates LAG statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 Sec Indicates that the GVRP statistics are refreshed every 60 sec...

Page 257: ... ID statistics Invalid Attribute Type Displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length Displays the device GVRP Invalid Attribute Length statistics Invalid Events Displays the device GVRP Invalid Events statistics Resetting GVRP Statistics Counters 1 Click Statistics GVRP Statistics...

Page 258: ... are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Etherlike statistics are not refreshed Frames Receive Indicates the number of valid EAPOL f...

Page 259: ...est Frames Transmit Indicates the number of EAP Request frames transmitted via the port Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version Indicates the protocol version number attached to the most...

Page 260: ...tatistics SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 16 Managing RMON Statistics The RMON section contains the following pages Viewing RMON Statistics Configuring RMON History Configuring RMON Events Viewing the RMON Events Logs ...

Page 261: ...evice The RMON Viewing RMON Statistics page contains the following fields Interface Indicates the device for which statistics are displayed The possible field values are Port Defines the specific port for which RMON statistics are displayed LAG Defines the specific LAG for which RMON statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are re...

Page 262: ...received on the interface since the device was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed Jabbers Display...

Page 263: ...or example the samples may include interface definitions or polling periods To view RMON history information 1 Click Statistics RMON History The RMON History Control Page opens RMON History Control Page The RMON History Control Page contains the following fields History Entry No Number automatically assigned to the table entry number Source Interface Displays the interface from which the history s...

Page 264: ...N History Page The Add RMON History Page contains the following fields New History Entry Number automatically assigned to the table entry number Source Interface Displays the interface from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken LAG Specifies the port from which the RMON information was taken Owner Displa...

Page 265: ...rface Displays the interface from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken LAG Specifies the port from which the RMON information was taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples...

Page 266: ...s the number of dropped packets due to lack of network resources during the sampling interval This may not represent the exact number dropped packets but rather the number of times dropped packets were detected Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits R...

Page 267: ...on the interface since the device was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms...

Page 268: ...gs Description Displays the user defined event description Type Describes the event type Possible values are None Indicates that no event occurred Log Indicates that the event is a log entry Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap Time Displays the time that the event occurred Owner Displays the device or user that defined the ev...

Page 269: ...ription Type Describes the event type Possible values are None Indicates that no event occurred Log Indicates that the event is a log entry Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap Owner Displays the device or user that defined the event 3 Define the relevant fields 4 Click Apply The RMON event is added and the device is updated M...

Page 270: ...bes the event type Possible values are None Indicates that no event occurred Log Indicates that the event is a log entry Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap Owner Displays the device or user that defined the event 3 Define the relevant fields 4 Click Apply The event control settings are modified and the device is updated View...

Page 271: ...entry number Log No Displays the log number Log Time Displays the time when the log entry was entered Description Displays the log entry description Defining RMON Alarms The RMON Alarms Page contains fields for setting network alarms Network alarms occur when a network problem or event is detected Rising and falling thresholds generate events To set RMON alarms 1 Click Statistics RMON Alarms The R...

Page 272: ...MON statistics for the selected LAG Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the value...

Page 273: ...e falling threshold alarm The Events Table is displayed in the RMON Events page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Interval Defines the alarm interval time in seconds Owner Displays the device or user that defined the alarm 2 Click the Add button The Add RMON Alarm...

Page 274: ... rising threshold alarm The Events Table is displayed in the RMON Events page Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm...

Page 275: ...er value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the values directly with the thresholds at the end of the sampling interval Rising Th...

Page 276: ... Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Interval Defines the alarm interval time in seconds Owner Display...

Page 277: ...ing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error that occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in...

Page 278: ...he port where the cable error occurred Last Update Indicates the last time the port was tested Cable Length Indicates the approximate cable length This test can only be performed when the port is up and operating at 1 Gbps 2 Click the Advanced button The Copper Cable Extended Feature Page opens Copper Cable Extended Feature Page The Copper Cable Extended Feature Page contains the following fields ...

Page 279: ...Define the relevant fields 4 Click Apply The advanced copper cable settings are defined and the device is updated Performing Optical Tests The Optical Test Page allows network managers to perform tests on Fiber Optic cables Optical transceiver diagnostics can be performed only when the link is present During the port test the port moves to a down state Optical Test Page The Optical Test Page conta...

Page 280: ...roring Configuring Port Mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as diagnostic tool and or a debugging feature Port mirroring also enables switch performance monitoring Network administrators configure port mirroring by selecting a specific port to copy all packets and differen...

Page 281: ...tReady Indicates the port is not currently monitored 2 Click the Add button The Add Port Mirroring Page opens Add Port Mirroring Page The Add Port Mirroring Page contains the following fields Source Port Defines the port to which traffic is mirrored Type Indicates the port mode configuration for port mirroring The possible field values are RxOnly Defines the port mirroring on receiving ports This ...

Page 282: ...hich traffic is mirrored Type Indicates the port mode configuration for port mirroring The possible field values are RxOnly Defines the port mirroring on receiving ports This is the default value TxOnly Defines the port mirroring on transmitting ports Tx and Rx Defines the port mirroring on both receiving and transmitting ports 3 Define the relevant fields 4 Click Apply The Port mirroring is modif...

Page 283: ...lowing fields CPU Utilization Displays CPU resource utilization information The possible field values are Enabled Enables viewing CPU utilization information This is the default value Disabled Disables viewing the CPU utilization information Refresh Rate Amount of time that passes before the statistics are refreshed Usage Percentages Indicates the percentage of the CPU s resources consumed by the ...

Page 284: ...276 Chapter 17 Managing Device Diagnostics SGE2000 SGE2000P Gigabit Ethernet Switch Reference Guide Chapter 17 ...

Page 285: ...t linksys com Belgium support be linksys com Czech Republic support cz linksys com Denmark support dk linksys com Finland support fi linksys com France support fr linksys com Germany support de linksys com Greece support gr linksys com English only Hungary support hu linksys com Ireland support ie linksys com Italy support it linksys com Netherlands support nl linksys com Norway support no linksys...

Page 286: ...ail Address Asia Pacific asiasupport linksys com English only Latin America support portuguese linksys com or support spanish linksys com Middle East Africa support mea linksys com English only South Africa support ze linksys com English only UAE support ae linksys com English only U S and Canada support linksys com In Europe E mail Address ...

Reviews:

No comments

Related manuals for SFE2000P

GE Evolution Series E9000 User Manual preview
Evolution Series E9000
Brand: GE Pages: 44
GE PACSystems RX7i Cpu Programmer'S Reference Manual preview
PACSystems RX7i
Brand: GE Pages: 469
GE GuardSwitch 300 Series Instructions preview
GuardSwitch 300 Series
Brand: GE Pages: 2
GE GuardSwitch 300 Series Instruction preview
GuardSwitch 300 Series
Brand: GE Pages: 2
GE Masoneilan VariPak 28001 Instruction Manual preview
Masoneilan VariPak 28001
Brand: GE Pages: 24
Rane DR1 Dimensions And Specifications preview
DR1
Brand: Rane Pages: 2
K'Nex Education 79018 User Manual preview
79018
Brand: K'Nex Education Pages: 56
L. G. B. 51099 Instructions preview
51099
Brand: L. G. B. Pages: 2
L-Acoustics LA4X Product Information preview
LA4X
Brand: L-Acoustics Pages: 36
Z3 Technology Z3-DM8107-SDI-RPS User Manual preview
Z3-DM8107-SDI-RPS
Brand: Z3 Technology Pages: 73
Z-Wave Control4 Setup Manual preview
Control4
Brand: Z-Wave Pages: 14
Z-Wave.Me KFOB2 Quick Start preview
KFOB2
Brand: Z-Wave.Me Pages: 4
Zodiac SIROCCO2 Spare Parts/Accessories Instructions Manual preview
SIROCCO2
Brand: Zodiac Pages: 12
National Instruments 73 Series Getting Started preview
73 Series
Brand: National Instruments Pages: 34
Fox FOX203 Instruction Manual preview
FOX203
Brand: Fox Pages: 5
Hunter 99112 Installation preview
99112
Brand: Hunter Pages: 2
Tektronix 73A-541 User Manual preview
73A-541
Brand: Tektronix Pages: 112
Adaptec ACB-2310 Installation Manual preview
ACB-2310
Brand: Adaptec Pages: 2

Brands by name

Popular brands

Load more brands