background image

DES-6500 Chassis-based Layer 3 Ethernet Switch Manual 

19 

Ethernet Technology 

Fast Ethernet 

The growing importance of LANs and the increasing complexity of desktop computing applications are fueling the need 
for high performance networks. A number of high-speed LAN technologies are proposed to provide greater bandwidth and 
improve client/server response times. Among them, Fast Ethernet, or 100BASE-T, provides a non-disruptive, smooth 
evolution from 10BASE-T technology.  

100Mbps Fast Ethernet is a standard specified by the IEEE 802.3 LAN committee. It is an extension of the 10Mbps 
Ethernet standard with the ability to transmit and receive data at 100Mbps, while maintaining the Carrier Sense Multiple 
Access with Collision Detection (CSMA/CD) Ethernet protocol.  

Gigabit Ethernet Technology 

Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and support for 
CSMA/CD protocol, full duplex, flow control, and management objects, but with a tenfold increase in theoretical 
throughput over 100Mbps Fast Ethernet and a one hundred-fold increase over 10Mbps Ethernet. Since it is compatible with 
all 10Mbps and 100Mbps Ethernet environments, Gigabit Ethernet provides a straightforward upgrade without wasting a 
company's existing investment in hardware, software, and trained personnel. 

The increased speed and extra bandwidth offered by Gigabit Ethernet are essential to coping with the network bottlenecks 
that frequently develop as computers and their busses get faster and more users use applications that generate more traffic. 
Upgrading key components, such as your backbone and servers to Gigabit Ethernet can greatly improve network response 
times as well as significantly speed up the traffic between your subnetworks.  

Gigabit Ethernet enables fast optical-fiber connections to support video conferencing, complex imaging, and similar data-
intensive applications. Likewise, since data transfers occur 10 times faster than Fast Ethernet, servers outfitted with Gigabit 
Ethernet NIC's are able to perform 10 times the number of operations in the same amount of time. 

In addition, the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost-effective method to take advantage 
of today’s and tomorrow's rapidly improving switching and routing internetworking technologies.  

Switching Technology 

Another key development pushing the limits of Ethernet technology is in the field of switching technology. A switch 
bridges Ethernet packets at the MAC address level of the Ethernet protocol transmitting among connected Ethernet or Fast 
Ethernet LAN segments. 

Switching is a cost-effective way of increasing the total network capacity available to users on a local area network. A 
switch increases capacity and decreases network loading by making it possible for a local area network to be divided into 
different segments, which are not competing with each other for network transmission capacity, and therefore decreasing 
the load on each segment. 

The Switch acts as a high-speed selective bridge between the individual segments. Traffic that needs to go from one 
segment to another (from one port to another) is automatically forwarded by the Switch, without interfering with any other 
segments (ports). This allows the total network capacity to be multiplied, while still maintaining the same network cabling 
and adapter cards. 

For Fast Ethernet or Gigabit Ethernet networks, a switch is an effective way of eliminating problems of chaining hubs 
beyond the "two-repeater limit." A switch can be used to split parts of the network into different collision domains, for 
example, making it possible to expand your Fast Ethernet network beyond the 205-meter network diameter limit for 
100BASE-TX networks. Switches supporting both traditional 10Mbps Ethernet and 100Mbps Fast Ethernet are also ideal 
for bridging between existing 10Mbps networks and new 100Mbps networks. 

Switching LAN technology is a marked improvement over the previous generation of network bridges, which were 
characterized by higher latencies.  Routers have also been used to segment local area networks, but the cost of a router and 
the setup and maintenance required make routers relatively impractical. Today's switches are an ideal solution to most 
kinds of local area network congestion problems. 

Summary of Contents for TM DES-6500

Page 1: ...D Link DES 6500 Modular Layer 3 Chassis based Ethernet Switch Firmware Release 2 5 Manual...

Page 2: ...ssion of D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered tr...

Page 3: ...0BASE T 100BASE TX 1000BASE T Switch module 17 DES 6509 12 port Mini GBIC SFP switch module 17 DES 6508 16 port 10BASE T 100BASE TX Fast Ethernet Switch module 18 DES 6506 Patch Panel 18 DES 6511 Powe...

Page 4: ...roduction 35 Logging on to the Web Manager 35 Web based User Interface 36 Areas of the User Interface 36 Web Pages 37 Configuring the Switch 38 Switch Information 39 Switch IP Settings 39 Setting the...

Page 5: ...Port based VLANs 73 VLAN Segmentation 73 VLAN and Trunk Groups 74 Protocol VLANs 74 VLAN Entry 75 GVRP Settings 78 Traffic Control 80 Port Security 81 Port Lock Entries 82 QoS 84 The Advantages of Qo...

Page 6: ...Capability 130 Initializing Ports for Port Based 802 1x 131 Initializing Ports for MAC Based 802 1x 132 Reauthenticate Port s for Port Based 802 1x 133 Reauthenticate Port s for MAC based 802 1x 134...

Page 7: ...ter Settings 186 VRRP Authentication Settings 189 Security Management 191 Security IP 191 User Account Management 191 Admin and User Privileges 192 Secure Shell SSH 194 SSH Configuration 194 SSH Algor...

Page 8: ...245 IGMP Snooping Group 246 IGMP Snooping Forwarding 247 Browse Router Port 248 Port Access Control 249 Authenticator State 249 Authenticator Diagnostics 251 Authenticator Session Statistics 254 Auth...

Page 9: ...ement SIM Overview 277 SIM Using the Web Interface 278 Topology 280 Tool Tips 282 Right Click 283 Group Icon 283 Commander Switch Icon 284 Member Switch Icon 285 Candidate Switch Icon 285 Menu Bar 287...

Page 10: ...DES 6500 Chassis based Layer 3 Ethernet Switch Manual 9 Cables and Connectors 308 Appendix D 309 Cable Lengths 309 Glossary 310 Warranties and Registration 312 International Offices 349...

Page 11: ...rroring and configuring the Spanning Tree Section 7 Management A discussion of the security features of the Switch including Security IP User Accounts and Access Authentication Control Section 8 SNMP...

Page 12: ...copy command Boldface Typewriter Font Indicates commands and responses to prompts that must be typed exactly as printed in the manual Initial capital letter Indicates a window name Names of keys on t...

Page 13: ...environment If the system gets wet see the appropriate section in your troubleshooting guide or contact your trained service provider Do not push any objects into the openings of your system Doing so...

Page 14: ...nsure that all casters and or stabilizers are firmly connected to the system Avoid sudden stops and uneven surfaces General Precautions for Rack Mountable Products Observe the following precautions fo...

Page 15: ...onnected Completed power and safety ground wiring must be inspected by a qualified electrical inspector An energy hazard will exist if the safety ground cable is omitted or disconnected Protecting Aga...

Page 16: ...ed and the DES 6500 chassis allows the installation of a redundant power supply for maximum flexibility and reliability The DES 6511 redundant power supplies operate in a current sharing mode with aut...

Page 17: ...ress rate control Efficient self learning and address recognition mechanism enables forwarding rate at wire speed Support port based enable and disable Address table Supports up to 16K MAC addresses p...

Page 18: ...th IEEE802 3u 100BASE FX IEEE 802 3x compliant Flow Control support for Full duplex DES 6505 8 port 1000BASE SX SC Gigabit Ethernet Switch module 8 1000BASE SX SC Gigabit Ethernet ports Fully complian...

Page 19: ...pport auto negotiation Back pressure Flow Control support for Half duplex mode IEEE 802 3x compliant Flow Control support for Full duplex DES 6506 Patch Panel A patch panel supporting 24 port RJ45 10...

Page 20: ...mes the number of operations in the same amount of time In addition the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost effective method to take advantage of today s and tomorrow s...

Page 21: ...r Button Description Power This LED will light green after the Switch is powered on to indicate the normal operation of the Switch s power supplies An amber LED will appear to indicate abnormal operat...

Page 22: ...its performance Please follow these guidelines for setting up the Switch Install the Switch on a sturdy level surface that can support the weight of the switch Do not place heavy objects on the Switc...

Page 23: ...ntilation space between the Switch and any other objects in the vicinity Figure 2 1 Prepare Switch for installation on a desktop or shelf Installing the Switch in a Rack The Switch can be mounted in a...

Page 24: ...source outlet After the Switch is powered on the LED indicators will momentarily blink This blinking of the LED indicators represents a reset of the system Power Failure As a precaution in the event...

Page 25: ...tch to End Node End nodes include PCs outfitted with a 10 100 or 1000 Mbps RJ 45 Ethernet Network Interface Card NIC and most routers An end node can be connected to the Switch via a twisted pair UTP...

Page 26: ...e A 100BASE TX hub or switch can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000BASE T switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable...

Page 27: ...s or other switches The topology configurations are endless but be sure that connections coming from the DES 6500 are at a equal or slower speed than the ISP uplink to avoid bottlenecking The copper p...

Page 28: ...0 SNMP Based Management You can manage the Switch with an SNMP compatible console program The Switch supports SNMP version 1 0 version 2 0c and version 3 0 The SNMP agent decodes the incoming SNMP mes...

Page 29: ...mands require administrator level access privileges Read the next section for more information on setting up user accounts See the DES 6500 Command Line Interface Reference Manual on the documentation...

Page 30: ...ccessing the Switch or changing its settings This section tells how to log onto the Switch NOTE The passwords used to access the Switch are case sensitive therefore S is not the same as s When you fir...

Page 31: ...rname and Password fields blank Figure 4 3 Command Prompt NOTE The first user automatically gets Administrator level privileges It is recommended to create at least one Admin level user account for th...

Page 32: ...on file and are not saved when the Switch is rebooted To save all your configuration changes in nonvolatile storage you must use the save command to copy the running configuration file to the startup...

Page 33: ...ted with a specific MIB An additional layer of security is available for SNMP v 3 in that SNMP messages may be encrypted To read more about how to configure SNMP v 3 settings for the Switch read the s...

Page 34: ...serial port as follows Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy yyy Where the x s represent the IP address to be assigned to the...

Page 35: ...ed management Connecting Devices to the Switch After you assign IP addresses to the Switch you can connect devices to the Switch To connect a device to an SFP transceiver port Use your cabling require...

Page 36: ...and can communicate directly with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to access the same internal switching softwa...

Page 37: ...he user interface is divided into three distinct areas as described in the table Figure 5 3 Main Web Manager Screen Area Function Area 1 Select the menu or window to be displayed The folder icons can...

Page 38: ...and Layer 3 IP Networking Security Management Contains screens concerning configurations for Security IP User Accounts Access Authentication Control TACACS Secure Sockets Layer SSL and Secure Shell S...

Page 39: ...ng Tree Forward Filtering VLAN Traffic Control Port Security Port Lock Entries QoS System Log Server System Severity Log SNTP Settings Access Profile Table CPU Interface Filtering Port Access Entity L...

Page 40: ...tem Name System Location and System Contact to aid in defining the Switch to the user s preference NOTE Please check the firmware version of the CPU and line cards of the DES 6500 before upgrading to...

Page 41: ...s how the Switch will be assigned an IP address on the next reboot The IP Address Settings options are Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered...

Page 42: ...network manager or other TCP IP application for example BOOTP TFTP The Switch s default IP address is 10 90 90 90 You can change the default Switch IP address to meet the specification of your network...

Page 43: ...me as defined Choose from the following options 2 Minutes 5 Minutes 10 Minutes 15 Minutes or Never The default setting is 10 minutes Serial Port Baud Rate This field specifies the baud rate for the se...

Page 44: ...rithm that the Switch uses to balance the load across the ports that make up the port trunk group is defined by this definition Choose MAC Source MAC Destination MAC Src Dest IP Source IP Destination...

Page 45: ...uplex half duplex state of the port Auto denotes auto negotiation between 10 and 100 Mbps devices in full or half duplex or 1000 Mbps in Full duplex only The Auto setting allows the port to automatica...

Page 46: ...user may configure these ports to be Auto or 1000Full_N Flow Control Displays the flow control scheme used for the various port configurations Ports configured for full duplex use 802 3x flow control...

Page 47: ...onfigure a mirror port Select the Source Port from where you want to copy frames and the Target Port which receives the copies from the source port Select the Source Direction Ingress Egress or Both a...

Page 48: ...a single link This gives a bandwidth that is a multiple of a single link s bandwidth Link aggregation is most commonly used to link a bandwidth intensive network device or devices such as a server to...

Page 49: ...gure port trunking open the Link Aggregation folder and click on the Link Aggregation Configuration hyperlink in the Configuration folder to bring up the Link Aggregation Group Entries table Figure 6...

Page 50: ...nostics to quickly isolate a bandwidth intensive network device or to have an absolute backup aggregation group that is not under automatic control Master Port Choose the Master Port for the trunk gro...

Page 51: ...ode Active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as ne...

Page 52: ...itch can open or close a port to a specific Multicast group member based on IGMP messages sent from the device to the IGMP host or vice versa The Switch monitors IGMP messages and discontinues forward...

Page 53: ...table without receiving a membership report Default 260 Leave Timer This specifies the maximum amount of time in seconds between the Switch receiving a leave group message from a host and the Switch...

Page 54: ...ays all of the current entries to the Switch s static router port table To modify an entry click the Modify button This will open the Static Router Ports Settings Edit page as shown below Figure 6 14...

Page 55: ...iguration Name field 2 A configuration revision number named here as a Revision Level and found in the STP Bridge Global Settings window and 3 A 4096 element table defined here as a VID List in the MS...

Page 56: ...fore transitioning to a forwarding state In order to allow this rapid transition the protocol introduces two new variables the edge port and the point to point P2P port Edge Port The edge port is a co...

Page 57: ...owing window open the Spanning Tree folder in the Configuration menu and click the STP Bridge Global Settings link Figure 6 15 STP Bridge Global Settings STP compatible Figure 6 16 STP Bridge Global S...

Page 58: ...ed LAN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other switches for permission to become the Root Bridge If it...

Page 59: ...r Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI Multiple Spanning Tree Instance If a configuration name is not set this field will show th...

Page 60: ...on its hyperlinked MSTI ID number in the MST Configuration Identification window which will reveal the following window to configure Figure 6 20 Instance ID Settings window CIST modify The user may c...

Page 61: ...This field is used to specify the VID range from configured VLANs set on the Switch that the user wishes to add to this MSTI ID Supported VIDs on the Switch range from ID number 1 to 4094 This parame...

Page 62: ...rding packets to specified ports when an interface is selected within a STP instance The default setting is 0 auto There are two options 0 auto Selecting this parameter for the internalCost will set q...

Page 63: ...e Switch Instance Status Displays the current status of the corresponding MSTI ID Instance Priority Displays the priority of the corresponding MSTI Instance Type The lowest priority will be the root b...

Page 64: ...Regional Internal Root Bridge This MAC address should be the MAC address of the Switch Internal Root Cost This parameter is set to represent the relative cost of forwarding packets to specified ports...

Page 65: ...he lowest Bridge Identifier it will become the Root Bridge The user may choose a time between 6 and 40 seconds The default value is 20 Forward Delay The Forward Delay can be from 4 to 30 seconds Any p...

Page 66: ...anning tree works in the same way as the switch level spanning tree but the root bridge concept is replaced with a root port concept A root port is a port of the group that is elected based on port pr...

Page 67: ...coexist with standard STP however the benefits of RSTP and MSTP are not realized on a port where an 802 1d network connects to an 802 1w or 802 1s enabled network Migration should be set as yes on po...

Page 68: ...d This must be a unicast MAC address Unit Choose the Switch ID number of the Switch in the switch stack to be modified Port Allows the selection of the port number on which the MAC address entered abo...

Page 69: ...ing MAC address belongs Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Allows the selection of ports that will be members of...

Page 70: ...und robin system is employed on the Switch to determine the rate at which the queues are emptied of packets The ratio used for clearing the queues is 4 1 This means that the highest priority queue Que...

Page 71: ...provide a level of security to your network IEEE 802 1Q VLANs will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging The unta...

Page 72: ...o they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the...

Page 73: ...D but can have as many VIDs as the Switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device bef...

Page 74: ...devices connected to a port are members of the VLAN s the port belongs to whether there is a single computer directly connected to a switch or an entire department On port based VLANs NICs do not need...

Page 75: ...within the protocol assigned VLAN This feature will benefit the administrator by better balancing load sharing and enhancing traffic classification The Switch supports fourteen 14 pre defined protoco...

Page 76: ...in the 802 1Q Static VLANs menu A new menu will appear as shown below to configure the port settings and to assign a unique name and number to the new VLAN See the table below for a description of the...

Page 77: ...for the creation of protocol based VLANs The Switch supports 14 pre configured protocol based VLANs plus one user defined protocol based VLAN where the administrator may configure the settings for the...

Page 78: ...rk Architecture SNA Ethernet II Protocol netBios Using this parameter will instruct the Switch to forward packets to this VLAN if the tag in the packet header is concurrent with this protocol This pac...

Page 79: ...that the port is forbidden from becoming a member of the VLAN dynamically Click Apply to implement changes made Click the Show All Static VLAN Entries link to return to the Current 802 1Q Static VLAN...

Page 80: ...means only VLAN tagged frames will be accepted and Admit_All which means both tagged and untagged frames will be accepted Admit_All is enabled by default PVID The read only field in the GVRP Table sho...

Page 81: ...of this window is to limit too many broadcast multicast or unknown unicast packets folding the network Each port has a counter that tracks the number of broadcast packets received per second and this...

Page 82: ...The following parameters can be set Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified From To A consecutive group of ports may be configured start...

Page 83: ...eset or in other words only addresses that are permanently learned by the Switch can be deleted Once the entry has been defined by entering the correct information into the window above click the unde...

Page 84: ...number of the Switch in the switch stack that has permanently learned the MAC address Port The ID number of the port that has permanently learned the MAC address Type The type of MAC address in the fo...

Page 85: ...apping on the Switch The picture above shows the default priority setting for the Switch Class 6 has the highest priority of the seven priority classes of service on the Switch In order to implement Q...

Page 86: ...ackets sent from each priority queue depends upon the assigned weight For a configuration of 8 CoS queues A H with their respective weight value 8 1 the packets are sent in the following sequence A1 B...

Page 87: ...e group of ports may be configured starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit and Both This setting will determine whether the bandwid...

Page 88: ...he screen shown below Figure 6 43 QoS Scheduling Mechanism and QoS Scheduling Mechanism Table window The Scheduling Mechanism has the following parameters Parameter Description Strict The highest clas...

Page 89: ...Configuration window shown above the DES 6500 switch can implement a combination queue for forwarding packets This combination queue allows for a combination of strict and weight fair weighted round r...

Page 90: ...figuration folder open the QoS folder and click 802 1p Default Priority to view the screen shown below Figure 6 46 Port Default Priority assignment and The Port Priority Table window This page allows...

Page 91: ...ly to set your changes Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single Switch in standalone mode or a group of ports o...

Page 92: ...will enter the combination of transmitting port and allowed receiving ports into the Switch s Traffic Segmentation table The Unit drop down menu at the top of the page allows you to select a switch f...

Page 93: ...he parameters in the following window Figure 6 51 Configure System Log Server Edit The following parameters can be set Parameter Description Index Syslog server settings index 1 4 Server IP The IP add...

Page 94: ...verity Log allows users to configure where and when events occurring on the Switch will be recorded These events are classified by the Switch into the following three categories Information Events cla...

Page 95: ...destination stated above will instruct the Switch to send critical and warning events to the Switch s log and or SNMP agent information Entering this parameter along with the proper destination state...

Page 96: ...ettings Current Time System Boot Time Displays the time when the Switch was initially started for this session Current Time Displays the current time Time Source Displays the source of the time settin...

Page 97: ...e the system clock Time in HH MM SS Enter the current time in hours and minutes if you would like to update the system clock Click Apply to implement your changes Time Zone and DST The following are s...

Page 98: ...rom Day of Week Enter the day of the week that DST will start on From Month Enter the month DST will start on From Time in HH MM Enter the time of day that DST will start on To Which Day Enter the wee...

Page 99: ...is described below in two parts To display the currently configured Access Profiles on the Switch open the Configuration folder and click on the Access Profile Table link This will open the Access Pro...

Page 100: ...sk Enter a MAC address mask for the source MAC address Destination MAC Destination MAC Mask Enter a MAC address mask for the destination MAC address 802 1p Selecting this option instructs the Switch t...

Page 101: ...ddress or Packet Content Mask This will change the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header S...

Page 102: ...ag bits within the packets by checking the boxes corresponding to the flag bits of the TCP field The user may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin finis...

Page 103: ...ch to mask the packet header beginning with the offset value specified value 0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte value 16 31 Enter a val...

Page 104: ...move a previously created rule click the corresponding button Figure 6 60 Access Rule Configuration window IP Configure the following Access Rule Configuration settings for IP Parameter Description Pr...

Page 105: ...have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS secti...

Page 106: ...w IP To configure the Access Rule for Ethernet open the Access Profile Table and click Modify for an Ethernet entry This will open the following screen Figure 6 62 Access Rule Table To remove a previo...

Page 107: ...h to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header Priority 0 7 This parameter is specified if you want to re write the 802 1p def...

Page 108: ...ffff in the packet header The Ethernet type value may be set in the form hex 0x0 0xffff which means the user may choose any combination of letters and numbers ranging from a f and from 0 9999 To view...

Page 109: ...t of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instructs the Switch to examine the packet header Priority This parameter is specif...

Page 110: ...er a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the pac...

Page 111: ...rmine what to do with the frame The entire process is described below CPU Interface Filtering State Settings In the following window the user may globally enable or disable the CPU Interface Filtering...

Page 112: ...acket header and use this as the full or partial criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MAC address Destination MAC Destination MAC Mask Enter a MA...

Page 113: ...ruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide...

Page 114: ...may choose between urg urgent ack acknowledgement psh push rst reset syn synchronize fin finish src port mask Specify a TCP port mask for the source port in hex form hex 0x0 0xffff which you wish to...

Page 115: ...e requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame...

Page 116: ...to implement changes made To establish the rule for a previously created CPU Access Profile In the Configuration folder click the CPU Interface Filtering CPU Interface Filtering State to open the CPU...

Page 117: ...ess or Packet Content Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask instr...

Page 118: ...re 6 77 CPU Interface Filtering Rule Table IP To create a new rule set for an access profile click the Add button A new window is displayed To remove a previously created rule click the corresponding...

Page 119: ...Address IP address or Packet Content Ethernet instructs the Switch to examine the layer 2 part of each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Con...

Page 120: ...e Select Permit to specify that the packets that match the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that do not m...

Page 121: ...a value in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet...

Page 122: ...til authorization is granted The 802 1x Access Control method holds three roles each of which are vital to creating and upkeeping a stable and working Access Control security method Figure 6 84 The th...

Page 123: ...efore access is granted to the Client The second purpose of the Authenticator is to verify the information gathered from the Client with the Authentication Server and to then relay that information ba...

Page 124: ...running software that is compliant with the 802 1x protocol For users running Windows XP that software is included within the operating system All other users are required to attain 802 1x client soft...

Page 125: ...ass through the port The following figure displays a more detailed explanation of how the authentication process is completed between the three roles stated above Figure 6 88 The 802 1x Authentication...

Page 126: ...ort Based Network Access Control Port Based Network Access Control 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client 802 1X Client Network...

Page 127: ...to successfully make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the...

Page 128: ...gs window 802 1X Authenticator Settings To configure the 802 1X authenticator settings click Configuration Port Access Entity 802 1x Authenticator Settings Figure 6 92 Configure 802 1X Authenticator P...

Page 129: ...rized to disable 802 1X and cause the port to transition to the authorized state without any authentication exchange required This means the port transmits and receives normal traffic without 802 1X b...

Page 130: ...itch will retransmit an EAP Request to the client before it times out of the authentication sessions The default setting is 2 ReAuthPeriod A constant that defines a nonzero number of seconds between p...

Page 131: ...y using the Unit pull down menu and then select which ports are to be configured in the From and To fields Next enable the ports by selecting Authenticator from the drop down menu under Capability Cli...

Page 132: ...ing information Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified From and To Select ports to be initialized Port A read only field indicating a p...

Page 133: ...ze Ports MAC based 802 1x To initialize ports first choose the switch in the switch stack by using the Unit pull down menu then the range of ports in the From and To field Then the user must specify t...

Page 134: ...iption Unit Choose the Switch ID number of the Switch in the switch stack to be modified Port The port number of the reauthenticated port MAC Address Displays the physical address of the Switch where...

Page 135: ...ntity PAE System Control Reauthenticate Port s to open the following window Figure 6 99 Reauthenticate Ports MAC based 802 1x To reauthenticate ports first choose the switch in the switch stack by usi...

Page 136: ...rrent RADIUS Server Settings Table window This window displays the following information Parameter Description Succession Choose the desired RADIUS server to configure First Second or Third RADIUS Ser...

Page 137: ...er may globally enable or disable the Distance Vector Multicast Routing Protocol DVMRP function by using the pull down menu PIM DM State The user may globally enable or disable the Protocol Independen...

Page 138: ...r a specified VLAN primary and secondary that set IP interface cannot be changed to another VLAN Application Limitation A multicast router cannot be connected to IP interfaces that are utilizing the I...

Page 139: ...10 96 0 1 Finance 4 10 128 0 0 10 128 0 1 Sales 5 10 160 0 0 10 160 0 1 Backbone 6 10 192 0 0 10 192 0 1 Table 6 5 VLAN Example Assigned IP Interfaces The six IP interfaces each with an IP address li...

Page 140: ...or the IP interface The default IP interface is named System Secondary Click the check box to set the IP interface as a secondary IP interface Secondary interfaces can only be configured if a primary...

Page 141: ...an be used in the OSPF menu below To configure an MD5 Key click the MD5 Key Configuration link to open the following dialog box Figure 6 104 MD5 Key Configuration and Table window The following fields...

Page 142: ...g table lists the allowed values for the routing metrics and the types or forms of the routing information that will be redistributed Route Source Metric Type OSPF 0 to 16 All Internal External ExtTyp...

Page 143: ...ion of one of six methods of calculating the metric value The user may choose between All Internal External ExtType1 ExtType2 Inter E1 Inter E2 See the table above for available metric value types for...

Page 144: ...ered into the table Gateway The corresponding Gateway of the IP address entered into the table Hops Represents the metric value of the IP interface entered into the table This field may read a number...

Page 145: ...ddress that will be a static entry into the Switch s Routing Table Subnet Mask Allows the entry of a subnet mask corresponding to the IP address above Gateway IP Allows the entry of an IP address of a...

Page 146: ...Static ARP Settings link Figure 6 108 Static ARP Settings window To add a new entry click the Add button revealing the following screen to configure Figure 6 109 Static ARP Settings Add window To modi...

Page 147: ...oved from the routing table RIP does not have an explicit method to detect routing loops Many RIP implementations include an authorization mechanism a password to prevent a router from learning errone...

Page 148: ...IP interface to which it is connected Interfaces that use the same subnet mask as the router s network can contain subnetted routes other interfaces cannot The router will then advertise only a single...

Page 149: ...arameters for RIP interface settings The following RIP settings can be applied to each IP interface Parameter Description Interface Name The name of the IP interface on which RIP is to be setup This i...

Page 150: ...authenticate communication between routers on the network State Toggle between Disabled and Enabled to disable or enable this RIP interface on the switch Interface Metric A read only field that denote...

Page 151: ...routing information changes the router generates a link state advertisement This advertisement is a specially formatted packet that contains information about all the link states on the router This li...

Page 152: ...1 0 222 211 10 0 0 10 10 5 5 10 10 Figure 6 115 Constructing a Shortest Path Tree The diagram above shows the network from the viewpoint of Router A Router A can reach 192 213 11 0 through Router B wi...

Page 153: ...change of link state updates and the calculation of the shortest path tree are limited to the area that the router is connected to Routers that have connections to more than one area are called Border...

Page 154: ...m the OSPF packet the key and the key ID This message digest a number is then appended to the packet The key is not exchanged over the wire and a non decreasing sequence number is included to prevent...

Page 155: ...ghbors Adjacencies Adjacent routers go beyond the simple Hello exchange and participate in the link state database exchange process OSPF elects one router as the Designated Router DR and a second rout...

Page 156: ...ubsequent section All OSPF packets except for Hello packets forward link state advertisements Link State Update packets for example flood advertisements throughout the OSPF routing domain OSPF packet...

Page 157: ...n neighbor relationships In addition Hello Packets are multicast on those physical networks having a multicast or broadcast capability enabling dynamic discovery of neighboring routers All routers con...

Page 158: ...address on the network This field is set to 0 0 0 0 if there is no BDR Field Description Neighbor The Router IDs of each router from whom valid Hello packets have been seen within the Router Dead Int...

Page 159: ...se Description packets with a neighboring router a router may find that parts of its topological database are out of date The Link State Request packet is used to request the pieces of the neighbor s...

Page 160: ...s Figure 6 121 Link State Update Packet The body of the Link State Update packet consists of a list of link state advertisements Each advertisement begins with a common 20 byte header the link state a...

Page 161: ...tate advertisements may also be originated The flooding algorithm is reliable ensuring that all routers have the same collection of link state advertisements The collection of advertisements is called...

Page 162: ...ype Advertising Router The Router ID of the router that originated the Link State Advertisement For example in network links advertisements this field is set to the Router ID of the network s Designat...

Page 163: ...r is an endpoint of an active virtual link that is using the described area as a Transit area V is for Virtual link endpoint E bit When set the router is an Autonomous System AS boundary router E is f...

Page 164: ...uired metric for TOS 0 If no additional TOS metrics are given this field should be set to 0 TOS 0 Metric The cost of using this router link for TOS 0 For each link separate metrics may be specified fo...

Page 165: ...n known to the router that belongs to the Autonomous System AS yet is outside the area Type 3 link state advertisements are used when the destination is an IP network In this case the advertisement s...

Page 166: ...nits as the interface costs in the router links advertisements Autonomous Systems External Link Advertisements Autonomous Systems AS link advertisements are Type 5 link state advertisements These adve...

Page 167: ...F General Settings The OSPF General Settings menu allows OSPF to be enabled or disabled on the Switch without changing the Switch s OSPF configuration To view the following window click Configuration...

Page 168: ...For a Stub type choose Enabled or Disabled from the Stub Import Summary LSA drop down menu and determine the Stub Default Cost Click the Add Modify button to add the area ID set to the table To remov...

Page 169: ...t System interface only the System interface settings will appear listed To change settings for in IP interface click on the hyperlinked name of the interface to see the configuration menu for that in...

Page 170: ...e configuration for that area Auth Type This field can be toggled between None Simple and MD5 using the space bar This allows a choice of authorization schemes for OSPF packets that may be exchanged o...

Page 171: ...figuration set to the table click the Add button A new menu appears see below To change an existing configuration click on the hyperlinked Transit Area ID for the set you want to change The menu to mo...

Page 172: ...ds between link state advertisement retransmissions for adjacencies belonging to this virtual link This field is fixed at 5 seconds Click Apply to implement changes made NOTE For OSPF to function prop...

Page 173: ...onfigure the following settings for OSPF Area Aggregation Parameter Description Area ID Allows the entry the OSPF Area ID for which the routing information will be aggregated This Area ID must be prev...

Page 174: ...list for the configuration you want to change and proceed to change the metric or area ID To eliminate an existing configuration click the in the Delete column for the configuration being removed Fig...

Page 175: ...IGMP to see if there is at least one member of a multicast group on a given subnetwork If there are no members on a subnetwork packets will not be forwarded to that subnetwork IGMP Versions 1 and 2 Mu...

Page 176: ...hat there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other subnetworks IGMP version 2 introduces some enh...

Page 177: ...onfigured on the Switch IGMP can be configured as Version 1 2 or 3 by toggling the Version field using the pull down menu The length of time between queries can be varied by entering a value between 1...

Page 178: ...andwidth networks and can be considered as a best effort multicasting protocol DVMRP resembles the Routing Information Protocol RIP but is extended for multicast delivery DVMRP builds a routing table...

Page 179: ...reviously defined IP interface IP Address Displays the IP address corresponding to the IP Interface name entered above Neighbor Timeout Interval 1 65535 This field allows an entry between 1 and 65 535...

Page 180: ...join a multicast delivery group at some point in the future the protocol periodically removes the prune information from its database and floods multicast messages to all interfaces on that branch Th...

Page 181: ...ckets to other routers on the network The default is 30 seconds Join Prune Interval 1 18724 This field allows an entry of between 1 and 18724 seconds This interval also determines the time interval th...

Page 182: ...ient makes a query containing the name the type of answer required and a code specifying whether the domain name system should do the entire name translation or simply return the address of the next D...

Page 183: ...ble State This field can be toggled using the pull down menu between Disabled and Enabled This determines if the static DNS table will be used or not Click Apply to implement changes made DNS Relay St...

Page 184: ...ile for use by a client see the DHCP server and or TFTP server software instructions The user may also cunsult the Upload screen description located in the Maintenance section of this manual If the Sw...

Page 185: ...he BOOTP Relay Table at the bottom of the following window once the user clicks the Add button under the Apply heading The user may add up to four server IPs per IP interface on the Switch Entries may...

Page 186: ...the election protocol will select a virtual router with the highest priority to be the Master router on the LAN This retains the link and the connection is kept alive regardless of the point of failu...

Page 187: ...ave been previously set in the IP Interfaces table Authentication Type Displays the Authentication in use on this Virtual Interface Possible authentication types include No authentication No authentic...

Page 188: ...t owns the IP address associated with the virtual router and is therefore set automatically Advertisement Interval 1 255 Enter a time interval value in seconds for sending VRRP message packets This va...

Page 189: ...ived by a virtual router Possible authentication types include No authentication No authentication has been selected to compare VRRP packets received by a virtual router Simple Text Password A Simple...

Page 190: ...plays the mode for determining the behavior of backup routers set on this VRRP interface True will denote that this will be the backup router if the routers priority is set higher than the master rout...

Page 191: ...ived by a router If the two passwords are not exactly the same the packet will be dropped IP Selecting this parameter will require the user to set a MD5 message digest for authentication in comparing...

Page 192: ...Security IP Management to permit remote stations to manage the Switch If you choose to define one or more designated management stations only the chosen stations as defined by IP address will be allo...

Page 193: ...Delete button To change the password type in the New Password and retype it in the Confirm New Password entry field The level of privilege Admin or User can be viewed in the Access Right field Admin...

Page 194: ...t Add Update Delete User Accounts Yes No View User Accounts Yes No Table 7 1 Admin and User Privileges After establishing a User Account with Admin level privileges be sure to save the changes by open...

Page 195: ...other admin level User Account on the Switch including specifying a password This password is used to logon to the Switch once a secure communication path has been established using the SSH protocol...

Page 196: ...etting is 120 seconds Auth Fail 2 20 Allows the Administrator to set the maximum number of attempts that a user may try to log on to the SSH Server utilizing the SSH authentication After the maximum n...

Page 197: ...gorithms are enabled by default To open the following window click Security Management Secure Shell SSH SSH Authentication Mode and Algorithm Settings Figure 8 6 SSH Algorithms window The following al...

Page 198: ...Authentication Code mechanism utilizing the Secure Hash algorithm The default is Enabled HMAC MD5 Use the pull down to enable or disable the HMAC Hash for Message Authentication Code mechanism utiliz...

Page 199: ...ollowing to set the authorization for users attempting to access the Switch Host Based This parameter should be chosen if the administrator wishes to use a remote SSH server for authentication purpose...

Page 200: ...implement changes made NOTE To set the SSH User Authentication parameters on the Switch a User Account must be previously configured For more information on configuring local User Accounts on the Swi...

Page 201: ...itch The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout...

Page 202: ...able or disable the Authentication Policy on the Switch Response Timeout 1 255 This field will set the time the Switch will wait for a response of authentication from the user The user may set a time...

Page 203: ...ogin Method List and Enable Method List for authentication for users utilizing the Console Command Line Interface application the Telnet application SSH and the Web HTTP application Login Method List...

Page 204: ...lick Security Management Access Authentication Control Authentication Server Group Figure 8 11 Authentication Server Group window This screen displays the Authentication Server Groups on the Switch Th...

Page 205: ...in Figure 8 12 Trinity NOTE The user must configure Authentication Server Hosts using the Authentication Server Hosts window before adding hosts to the list Authentication Server Hosts must be config...

Page 206: ...th each other The maximum supported number of server hosts is 16 To view the following window click Security Management Access Authentication Control Authentication Server Host Figure 8 14 Authenticat...

Page 207: ...server host to reply to an authentication request The default value is 5 seconds Retransmit 1 255 Enter the value in the retransmit field to change how many times the device will resend an authenticat...

Page 208: ...od is used the privilege level will be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a User privilege only If the...

Page 209: ...rver xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server tacacs Adding this parameter will require the user to be authentica...

Page 210: ...host in the server group If no verification is found the Switch will send an authentication request to the second TACACS host in the server group and so on until the list is exhausted At that point th...

Page 211: ...in the next section entitled Local Enable Password none Adding this parameter will require no authentication to access the Switch radius Adding this parameter will require the user to be authenticated...

Page 212: ...onfigure Local Enable Password window To set the Local Enable Password set the following parameters and click Apply Parameter Description Old Local Enable If a password was previously configured for t...

Page 213: ...unt on the Switch or no authentication none Because XTACACS and TACACS do not support the enable function the user must create a special account on the server host which has the username enable and a...

Page 214: ...he user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent a...

Page 215: ...ted ciphersuites leaving the desired one for authentication When the SSL function has been enabled the web will become disabled To manage the Switch through the web based management while utilizing th...

Page 216: ...host using the SSL function A new SSL session is established every time the client and host go through a key exchange Specifying a longer timeout will allow the SSL session to reuse the master key on...

Page 217: ...isticated authentication process that is separated into two parts The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers The second part describes...

Page 218: ...vileged access to the Switch can be restricted with the Management Station IP Address menu SNMP Trap Settings The following window is used to enable or disable SNMP traps on the Switch There are two t...

Page 219: ...use Auth Protocol None Indicates that no authorization protocol is in use MD5 Indicates that the HMAC MD5 96 authentication level will be used SHA Indicates that the HMAC SHA authentication protocol...

Page 220: ...ed by specifying the key in hex form below This method is not recommended Auth Protocol MD5 Specifies that the HMAC MD5 96 authentication level will be used This field is only operable when V3 is sele...

Page 221: ...The SNMP Group created with this table maps SNMP users identified in the SNMP User Table to the views created in the previous menu The following parameters can set Parameter Description View Name Typ...

Page 222: ...een should appear Figure 8 33 SNMP Group Table To delete an existing SNMP Group Table entry click the corresponding under the Delete heading To display the current settings for an existing SNMP Group...

Page 223: ...both centralized and distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 Specifies that the SNMP v...

Page 224: ...g screen Figure 8 36 SNMP Community Table window The following parameters can set Parameter Description Community Name Type an alphanumeric string of up to 32 characters that is used to identify membe...

Page 225: ...n page as shown below Figure 8 38 SNMP Host Table Configuration window The following parameters can set Parameter Description Host IP Address Type the IP address of the remote management station that...

Page 226: ...ring used to identify the SNMP engine on the Switch To display the Switch s SNMP Engine ID open the SNMP Manger folder and click on the SNMP Engine ID link This will open the SNMP Engine ID Configurat...

Page 227: ...witch History Log IGMP Snooping Group IGMP Snooping Forward Browse Router Port Port Access Control Layer 3 Feature CPU Utilization The CPU Utilization displays the percentage of the CPU being used exp...

Page 228: ...icking on a port Click Apply to implement the configured settings The window will automatically refresh with new updated statistics The information is described as follows Parameter Description Time I...

Page 229: ...chassis switch by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of t...

Page 230: ...s received on the Switch To select a port to view these statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down...

Page 231: ...ets Counts the number of packets received on the port Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that wer...

Page 232: ...for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and...

Page 233: ...e is 200 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast C...

Page 234: ...atistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the S...

Page 235: ...rt Packets Counts the number of packets successfully sent on the port Unicast Counts the total number of good packets that were transmitted by a unicast address Multicast Counts the total number of go...

Page 236: ...ollowing graph of error packets received on the Switch To select a port to view these statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the po...

Page 237: ...verSize Counts packets received that were longer than 1518 octets or if a VLAN frame is 1522 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1522 Fragment The number of packets...

Page 238: ...ese statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of...

Page 239: ...ndary LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmissi...

Page 240: ...tics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switc...

Page 241: ...in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excludin...

Page 242: ...ters Description Box ID Displays the slot order in the chassis Type Displays the model name of the corresponding switch in a stack Exist Denotes whether a switch does or does not exist in a stack Prio...

Page 243: ...denoting the current status of the internal power supply Powered will suggest the mechanism is functioning correctly while Not Exist will show the mechanism is not functioning correctly Output Voltag...

Page 244: ...an entry into its forwarding table These entries are then used to forward packets through the Switch To view the MAC Address forwarding table from the Monitoring menu click the MAC Address link Figure...

Page 245: ...h the port is a member MAC Address The MAC address entered into the address table Unit Refers to the Unit of the switch stack from which the MAC address was learned Port The port to which the MAC addr...

Page 246: ...ted SNMP trap receiving stations and to the PC connected to the console manager Click Next to go to the next page of the Switch History Log Clicking Clear will allow the user to clear the Switch Histo...

Page 247: ...ble The user may search the IGMP Snooping Group Table by VID by entering it in the top left hand corner and clicking Search The following field can be viewed Parameter Description VLAN ID The VLAN ID...

Page 248: ...Snooping Forwarding link Figure 9 15 IGMP Snooping Forwarding Table The user may search the IGMP Snooping Forwarding Table by VLAN Name using the top left hand corner Search The following field can be...

Page 249: ...ntly configured as router ports A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S A router port that is dynam...

Page 250: ...tor Statistics Authenticator Session Statistics and Authenticator Diagnostics windows in this section cannot be viewed on the DES 6500 switch unless 802 1x is enabled by port or by MAC address To enab...

Page 251: ...and clicking OK The information on this window is described as follows Parameter Description Auth PAE State The Authenticator PAE State value can be Initialize Disconnected Connecting Authenticating...

Page 252: ...Authenticator Diagnostics window The user can specify a switch in a switch stack using that switch s Unit ID by using the pull down menu in the top left hand corner The user may also select the desire...

Page 253: ...TICATING to ABORTING as a result of an EAPOL Start message being received from the Supplicant EapLogoffWhileAuthenticating Counts the number of times that the state machine transitions from AUTHENTICA...

Page 254: ...sp becomes TRUE causing the state machine to transition from REQUEST to RESPONSE and the response is not an EAP NAK Indicates that the Supplicant can respond to the Authenticator s chosen EAP method B...

Page 255: ...cs window The user can specify a switch in a switch stack using that switch s Unit ID by using the pull down menu in the top left hand corner The user may also select the desired time interval to upda...

Page 256: ...s include 1 Remote Authentic Server The Authentication Server is external to the Authenticator s System 2 Local Authentic Server The Authentication Server is located within the Authenticator s System...

Page 257: ...ure 9 21 Authenticator Statistics window The user can specify a switch in a switch stack using that switch s Unit ID by using the pull down menu in the top left hand corner The user may also select th...

Page 258: ...ramesRx The number of EAP Resp Id frames that have been received by this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by th...

Page 259: ...user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds The default value is one second To clear the current statistics shown click the Cl...

Page 260: ...gth Bad authenticators and unknown types are not included as malformed accounting responses ClientBadAuthenticators The number of RADIUS Accounting Response packets which contained invalid authenticat...

Page 261: ...Access Control RADIUS Authentication Figure 9 23 RADIUS Authentication window The user may also select the desired time interval to update the statistics between 1s and 60s where s stands for seconds...

Page 262: ...of RADIUS Access Challenge packets valid or invalid received from this server ClientAccessResponses The number of malformed RADIUS Access Response packets received from this server Malformed packets i...

Page 263: ...ously described in Section 6 of this manual under Layer 3 IP Networking Browse IP Address Table The Browse IP Address Table may be found in the Monitoring menu in the Layer 3 Feature folder The Browse...

Page 264: ...the Destination Address field along with a proper subnet mask into the Mask field and click Find Figure 9 25 Browse Routing Table window Browse ARP Table The Browse ARP Table window may be found in t...

Page 265: ...the Multicast Group field or a Source IP address and click Find Figure 9 27 Browse IP Multicast Forwarding Table Browse IGMP Group Table The Browse IGMP Group Table window may be found in the Monitor...

Page 266: ...link The OSPF Link State Database Table displays the current link state database in use by the OSPF routing protocol on a per OSPF area basis Figure 9 29 Browse OSPF LSDB Table The user may search for...

Page 267: ...s of this field depend on the advertisement s LS type LS Type Link State ID ____________________________________________ 1 The originating router s Router ID 2 The IP interface address of the network...

Page 268: ...virtual neighbor by using one of the two search options at the top of the screen which are Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch t...

Page 269: ...d its features in relation to the DES 6500 can be found in Section 6 under IP Multicast Routing Protocol Browse DVMRP Routing Table Multicast routing information is gathered and stored by DVMRP in the...

Page 270: ...DVMRP Routing Next Hop Table The DVMRP Routing Next Hop Table contains information regarding the next hop for forwarding multicast packets on outgoing interfaces Each entry in the DVMRP Routing Next H...

Page 271: ...IP Multicast Routing Protocol chapter of Section 6 Configuration PIM Neighbor Address Table The PIM Neighbor Address Table contains information regarding each of a router s PIM neighbors This screen m...

Page 272: ...a particular slot from slot stack if you have properly inserted the line cards in the chassis All indicates all slots in the chassis will download the same firmware Enter the IP address of the TFTP s...

Page 273: ...pload the Switch s settings to a TFTP server click on the TFTP Service folder in the Maintenance folder and then click the Upload Configuration link Figure 10 3 Upload Configuration window Enter the I...

Page 274: ...l the ping program to keep sending ICMP Echo packets to the specified IP address until the program is stopped The user may opt to choose a specific number of times to ping the Target IP Address by cli...

Page 275: ...are made effective clicking the Apply button When this is done the settings will be immediately applied to the switching software in RAM and will immediately take effect Some settings though require...

Page 276: ...DES 6500 Chassis based Layer 3 Ethernet Switch Manual 275 Figure 10 8 Factory Reset to Default Value window...

Page 277: ...volatile RAM before restarting the Switch Clicking the No click box instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered...

Page 278: ...h that is recognized by the CS a member of a SIM group and a Candidate Switch CaS which is a Switch that has a physical link to the SIM group but has not been recognized by the CS as a member of the S...

Page 279: ...ng the Switch to be a MS The CS will then serve as the in band entry point for access to the MS The CS s IP address will become the path to all MS s of the group and the CS s Administrator s password...

Page 280: ...art of its SIM group Choosing this option will also enable the Switch to be configured for SIM Discovery Interval The user may set the discovery protocol interval in seconds that the Switch will send...

Page 281: ...is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that th...

Page 282: ...he devices within the Single IP Management Group are connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander switch Layer 3 commande...

Page 283: ...ration and in viewing device information Setting the mouse cursor over a specific device in the topology window tool tip will display the same information about a specific device as the Tree view does...

Page 284: ...functions depending on the role of the Switch in the SIM group and the icon associated with it Group Icon Figure 11 7 Right Clicking a Group Icon The following options may appear for the user to conf...

Page 285: ...Figure 11 9 Right Clicking a Commander Icon The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SI...

Page 286: ...nd the SIM group in detail Remove from group remove a member from a group Configure launch the web management to configure the Switch Property to pop up a window to display the device information Figu...

Page 287: ...display the Device Name of the switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the...

Page 288: ...ollowing screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the window Figure 11...

Page 289: ...oad to initiate the file transfer Figure 11 18 Firmware Upgrade window Configuration File Backup Restore This screen is used to upgrade configuration files from the Commander Switch to the Member Swit...

Page 290: ...MA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps 1000Mbps 2000Mbps IEEE 802 3z 1000BASE LX DEM 310GT Transceiver IEE...

Page 291: ...mm x 356 mm 1U 19 inch rack mount width Modules 330mm x 281mm x 27 5mm Weight TBD EMI FCC Part 15 Class A ICES 003 Class Canada EN55022 Class A EN55024 Safety CSA International Performance Transmissio...

Page 292: ...6510 R2 50 B12 DES 6504 DES 6505 DES 6507 DES 6508 DES 6509 DES 6510 DES 6512 In the previous table the Runtime Code Version is the earliest firmware version that the corresponding cards listed in th...

Page 293: ...filename 6500rS_2 50 B12 had indicates the firmware is for the line card only while a capital U 6500rU_2 50 B12 had indicates the firmware is for the CPU card only When downloading the firmware be su...

Page 294: ...r_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1X Disabled Jumbo Frame Off Clipaging Enabled Port Mirror Disabled SNTP Disable...

Page 295: ...had unit cpu Command download firmware_fromTFTP 10 48 74 121 c 6500rU_2 50 B12 had unit cpu Connecting to server Done Download firmware Done Do not power off Please wait programming flash Done Saving...

Page 296: ...for both line cards and the CPU the user must download the PROM code to both the CPU and the line cards separately This may be done in any order preferable to the user but two downloads must take pla...

Page 297: ...ok similar to the ones shown below DES 6500 4 show stack_information Command show stack_information Box Prio Prom Runtime H W ID Type Exist rity version version version 1 DES 6505 exist 16 2 00 B20 2...

Page 298: ...2 50 B12 Hardware Version 2A1 Device S N System Name DES 6500_ 3 System Location 7th_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disa...

Page 299: ...e recovered and the chassis should function normally Follow the following steps to guide you through the process Step 1 Execute the show switch command to confirm the CPU firmware status currently set...

Page 300: ...0 4 reset system Command reset system Are you sure you want to proceed with the system reset y n reset all save reboot y Reboot Load Factory Default Configuration Saving all configurations to NV RAM D...

Page 301: ...A1 2 DES 6507 exist 16 2 00 B20 2 50 B12 3A1 3 USR NOT CFG no 4 USR NOT CFG no 5 USR NOT CFG no 6 DES 6507 exist 16 0 00 B16 1 01 B37 2A1 7 USR NOT CFG no 8 USR NOT CFG no Topology STAR Current state...

Page 302: ...ert the DES 6504 DES 6508 DES 6510 DES 6512 line card s into the chassis and check the show stack_information one more time All line cards should now be recognized by the Switch and they should all be...

Page 303: ...Firmware Compatibility table at the beginning of this section for more information on line cards and their supported firmware versions 2 After removing the unsupported line card the user must execute...

Page 304: ...ubnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 2 00 B20 Firmware Version Build 2 00 B20 Hardware Version 2A1 Device S N System Name DES 6500_ 3 System Location 7th_flr_east_cabin...

Page 305: ...STAR Current state MASTER Box Count 6 DES 6500 4 Step 3 Remove unsupported line cards from the chassis in this case the DES 6504 line card for downgrade to 1 20 B09 Next enter the reset system comman...

Page 306: ...510 exist 16 2 00 B20 2 00 B20 0A1 4 USR NOT CFG no 5 DES 6508 exist 16 2 00 B20 2 00 B20 0A1 6 DES 6507 exist 16 2 00 B20 2 00 B20 2A1 7 USR NOT CFG no 8 USR NOT CFG no Topology STAR Current state MA...

Page 307: ...w minutes Please don t power off Success DES 6500 4 Step 6 Once the CPU and all line cards have been downgraded the user may verify that all downloads have been successfully completed by entering the...

Page 308: ...1 20 B09 Hardware Version 2A1 Device S N System Name DES 6500_ 3 System Location 7th_flr_east_cabinet System Contact Julius_Erving_212 555 6666 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disa...

Page 309: ...ts for matching cable pin assignment The following diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Appendix 1 1 The standard RJ 45 port and connector RJ 45 P...

Page 310: ...dia Type Maximum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 8...

Page 311: ...message sent to all destination devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The...

Page 312: ...nt Protocol A protocol originally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many as...

Page 313: ...rdware will be refunded by D Link upon return to D Link of the defective Hardware All Hardware or part thereof that is replaced by D Link or for which the purchase price is refunded shall become the p...

Page 314: ...nts covered in the operating manual for the product and normal maintenance Damage that occurs in shipment due to act of God failures due to power surge and cosmetic damage and Any hardware software fi...

Page 315: ...nited States Copyright Act of 1976 FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are des...

Page 316: ...at is attributable to the Software Except as otherwise agreed by D Link in writing the replacement Software is provided only to the original licensee and is subject to the terms and conditions of the...

Page 317: ...RESULTING FROM THE USE OF THE PRODUCT RELATING TO WARRANTY SERVICE OR ARISING OUT OF ANY BREACH OF THIS LIMITED WARRANTY EVEN IF D LINK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES THE SOLE RE...

Page 318: ...Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warra...

Page 319: ...isuse including failure to operate the product in accordance with specifications or interface requirements c improper handling d failure of goods or services not obtained from D LINK or not subject to...

Page 320: ...lerhafter Bedienung d Versagen von Produkten oder Diensten die nicht von D LINK stammen oder nicht Gegenstand einer zum ma geblichen Zeitpunkt g ltigen Garantie oder Wartungsvereinbarung sind e Fehlge...

Page 321: ...tilisation du produit non conforme ses sp cifications ou aux interfaces requises c d une mauvaise manipulation d d une panne de biens ou de services acquis aupr s d une soci t tierce non D LINK ou qui...

Page 322: ...os requisitos de la interfaz en el funcionamiento del producto c manejo incorrecto d errores en art culos o servicios ajenos a D LINK o no sujetos a una garant a o un contrato de mantenimiento vigente...

Page 323: ...requisiti di connessione c movimentazione impropria d guasto di prodotti o servizi non forniti da D LINK o non soggetti a una garanzia successiva di D LINK o a un accordo di manutenzione e impiego o...

Page 324: ...to Friday 8 00am to 8 00pm EST Saturday 9 00am to 1 00pm EST D Link Technical Support over the Internet http www dlink com au email support dlink com au Tech Support for customers within New Zealand D...

Page 325: ...ebsite Tech Support for customers within South Eastern Asia and Korea D Link South Eastern Asia and Korea Technical Support over the Telephone 65 6895 5355 Monday to Friday 9 00am to 12 30pm 2 00pm 6...

Page 326: ...r customers within India D Link Technical Support over the Telephone 91 22 26526741 91 22 26526696 ext 161 to 167 Monday to Friday 9 30AM to 7 00PM D Link Technical Support over the Internet http ww d...

Page 327: ...the duration of the warranty period on this product Customers can contact D Link technical support through our web site or by phone Tech Support for customers within the Russia D Link Technical Suppor...

Page 328: ...Israel D Link Technical Support over the Telephone 972 971 5701 Sunday to Thursday 9 00am to 5 00pm D Link Technical Support over the Internet http www dlink co il forum e mail support dlink co il Tec...

Page 329: ...ustomers within South Africa and Sub Sahara Region D Link South Africa and Sub Sahara Technical Support over the Telephone 27 12 665 2165 08600 DLINK For South Africa only Monday to Friday 8 30am to 9...

Page 330: ...lvador 800 6137 Monday to Friday 06 00am to 19 00pm Guatemala 1800 300 0017 Monday to Friday 06 00am to 19 00pm Panama 0800 560 0193 Monday to Friday 07 00am to 20 00pm Peru 0800 52049 Monday to Frida...

Page 331: ...330 D Link D Link D Link D Link 095 744 00 99 http www dlink ru email support dlink ru...

Page 332: ...cnico Help Desk Chile Tel fono 800 214422 Lunes a Viernes 08 00 am a 21 00 pm Soporte T cnico Help Desk Colombia Tel fono 01800 7001588 Lunes a Viernes 07 00 am a 20 00 pm Soporte T cnico Help Desk E...

Page 333: ...Link Brasil www dlinkbrasil com br A D Link fornece suporte t cnico gratuito para clientes no Brasil durante o per odo de vig ncia da garantia deste produto Suporte T cnico para clientes no Brasil Te...

Page 334: ...333...

Page 335: ...product U S and Canadian customers can contact D Link technical support through our website or by phone Tech Support for customers within the United States D Link Technical Support over the Telephone...

Page 336: ...eland D Link UK Ireland Technical Support over the Telephone 08456 12 0003 United Kingdom 44 8456 12 0003 Ireland Monday to Friday 8 00 am to 10 00 pm GMT Sat Sun 10 00 am to 7 00 pm GMT D Link UK Ire...

Page 337: ...chnische Unterst tzung ber unsere Website per E Mail oder telefonisch anfordern Web http www dlink de E Mail support dlink de Telefon 49 1805 2787 0 12 Min aus dem Festnetz der Deutschen Telekom Telef...

Page 338: ...e de D Link par notre site internet ou par t l phone Support technique destin aux clients tablis en France Assistance technique D Link par t l phone 0 820 0803 03 Assistance technique D Link sur inter...

Page 339: ...rante el periodo de garant a del producto Los clientes espa oles pueden ponerse en contacto con la asistencia t cnica de D Link a trav s de nuestro sitio web o por tel fono Asistencia T cnica de D Lin...

Page 340: ...sito D Link Supporto tecnico per i clienti residenti in Italia D Link Mediterraneo S r L Via N Bonnet 6 B 20154 Milano Supporto Tecnico dal luned al venerd dalle ore 9 00 alle ore 19 00 con orario co...

Page 341: ...rlands D Link Technical Support over the Telephone 0900 501 2007 Monday to Friday 8 00 am to 10 00 pm D Link Technical Support over the Internet www dlink nl Tech Support for customers within Belgium...

Page 342: ...pomoc techniczn klientom w Polsce w okresie gwarancyjnym produktu Klienci z Polski mog si kontaktowa z dzia em pomocy technicznej firmy D Link za po rednictwem Internetu lub telefonicznie Telefoniczna...

Page 343: ...Link D Link poskytuje sv m z kazn k m bezplatnou technickou podporu Z kazn ci mohou kontaktovat odd len technick podpory p es webov str nky mailem nebo telefonicky Web http www dlink de E Mail support...

Page 344: ...get munkanapokon h tf t l cs t rt kig 9 00 16 00 r ig s p nteken 9 00 14 00 r ig k rhet a 1 461 3001 telefonsz mon vagy a support dlink hu emailc men Magyarorsz gi technikai t mogat s D Link Magyarors...

Page 345: ...sider D Link tilbyr sine kunder gratis teknisk support under produktets garantitid Kunder kan kontakte D Links teknisk support via v re hjemmesider eller p tlf Teknisk Support D Link Teknisk telefon...

Page 346: ...s teknisk support til kunder i Danmark i hele produktets garantiperiode Danske kunder kan kontakte D Link s tekniske support via vores hjemmeside eller telefonisk D Link teknisk support over telefonen...

Page 347: ...st tukea asiakkailleen Tuotteen takuun voimassaoloajan Tekninen tuki palvelee seuraavasti Arkisin klo 9 21 numerosta 0800 114 677 Internetin kautta Ajurit ja lis tietoja tuotteista http www dlink fi S...

Page 348: ...ndarinformation D Link tillhandah ller teknisk support till kunder i Sverige under hela garantitiden f r denna produkt Teknisk Support f r kunder i Sverige D Link Teknisk Support via telefon 0770 33 0...

Page 349: ...348...

Page 350: ...North Ryde NSW 2113 Australia TEL 61 2 8899 1800 FAX 61 2 8899 1868 URL www dlink com au India D Link House Kurla Bandra Complex Road Off CST Road Santacruz East Mumbai 400098 India TEL 91 022 2652669...

Page 351: ...the following questions help us to support your product 1 Where and how will the product primarily be used Home Office Travel Company Business Home Business Personal Use 2 How many employees work at...

Page 352: ...DES 6500 Stackable Gigabit Layer 3 Switch User Guide 351...

Reviews: