manualshive.com logo in svg

Dell PowerConnect 35 SERIES, User Manual

Get the most out of your Dell PowerConnect 35 SERIES with our comprehensive User Manual. It's available for free download on manualshive.com, ensuring you have all the information you need to optimize your networking experience. Explore advanced features, troubleshoot effectively, and unlock the full potential of your device with our user-friendly manual.

Share
Download
background image

Configuring Switch Information

273

Configuring Port Security

Network security can be enhanced by limiting access on a specific port only to users with specific 
MAC addresses. The MAC addresses can be dynamically learned, up to that point, or they can be 
statically configured. Locked port security monitors both received and learned packets that are received 
on specific ports. Access to the locked port is limited to users with specific MAC addresses. 
These addresses are either manually defined on the port, or learned on that port up to the point when it 
is locked. When a packet is received on a locked port, and the packet’s source MAC address is not tied to 
that port (either it was learned on a different port, or it is unknown to the system), the protection 
mechanism is invoked, and can provide various options. Unauthorized packets arriving to a locked port 
are either:

Forwarded

Discarded with no trap

Discarded with a trap

The port is shut down

Locked port security also enables storing a list of MAC addresses in the configuration file. 
The MAC address list can be restored after the device has been reset.

In order to enable port security, enable the 

Multiple Hosts

 feature on the required ports. 

Disabled ports are activated from the

 Port Security

 page. The 

Ports

 page provides links for configuring 

port functionality including advanced features such as storm control and port mirroring, and for 
performing virtual port tests. 

To open the

 

Port Security

 

page, click 

Switch 

 Network Security 

 Port Security

Figure 7-7.

Port Security

Summary of Contents for PowerConnect 35 SERIES

Page 1: ...w w w d e l l c o m s u p p o r t d e l l c o m Dell PowerConnect 35xx Systems User s Guide ...

Page 2: ...served Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell the DELL logo Dell OpenManage and PowerConnect are trademarks of Dell Inc Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Other trademarks and trad...

Page 3: ...hing from the Stack Master to the Backup Stack Master 17 Features Overview 17 IP Version 6 IPv6 Support 17 Power over Ethernet 17 Head of Line Blocking Prevention 18 Flow Control Support IEEE 802 3X 18 Back Pressure Support 18 Virtual Cable Testing VCT 18 MDI MDIX Support 18 Auto Negotiation 18 MAC Address Supported Features 19 Layer 2 Features 20 VLAN Supported Features 21 Spanning Tree Protocol ...

Page 4: ...utton 36 Reset Button 37 Ventilation System 37 3 Installing the PowerConnect 3524 P and PowerConnect 3548 P 39 Site Preparation 39 Unpacking 39 Package Contents 39 Unpacking the Device 40 Mounting the Device 40 Installing in a Rack 40 Installing on a Flat Surface 41 Installing the Device on a Wall 42 Connecting to a Terminal 43 Connecting a Device to a Power Supply 43 Installing a Stack 44 Overvie...

Page 5: ...up Procedures 59 Startup Menu Procedures 59 Software Download Through TFTP Server 63 Port Default Settings 65 Auto Negotiation 66 MDI MDIX 66 Flow Control 66 Back Pressure 66 Switching Port Default Settings 67 5 Using Dell OpenManage Switch Administrator 69 Starting the Application 69 Understanding the Interface 69 Device Representation 71 Using the Switch Administrator Buttons 72 Information Butt...

Page 6: ...ing SNTP Global Settings 103 Defining SNTP Authentication Methods 105 Defining SNTP Servers 107 Defining SNTP Interfaces 111 Managing Logs 113 Defining Global Log Parameters 114 Viewing the RAM Log Table 118 Viewing the Log File Table 120 Viewing the Device Login History 121 Modifying Remote Log Server Definitions 123 Defining IP Addressing 128 Configuring the Internet Protocol Version 6 IPv6 129 ...

Page 7: ...ining Enable Passwords 194 Defining TACACS Settings 196 Configuring RADIUS Settings 200 Configuring LLDP and MED 205 Defining LLDP Properties 207 Configuring LLDP Using CLI Commands 208 Defining LLDP Port Settings 208 Defining LLDP MED Network Policy 211 Defining LLDP MED Port Settings 213 Viewing the LLDP Neighbors Information 217 Defining SNMP Parameters 219 Defining SNMP Global Parameters 220 D...

Page 8: ...nfiguring DHCP Snooping 288 Defining DHCP Snooping Global Parameters 289 Defining DHCP Snooping on VLANs 291 Defining Trusted Interfaces 292 Adding Interfaces to the DHCP Snooping Database 294 Configuring Ports 297 Defining Port Configuration 297 Defining LAG Parameters 304 Enabling Storm Control 308 Defining Port Mirroring Sessions 312 Configuring Address Tables 315 Defining Static Addresses 315 ...

Page 9: ...Aggregating Ports 382 Defining LACP Parameters 383 Defining LAG Membership 385 Multicast Forwarding Support 387 Defining Multicast Global Parameters 387 Adding Bridge Multicast Address Members 389 Assigning Multicast Forward All Parameters 394 IGMP Snooping 396 Unregistered Multicast 401 8 Viewing Statistics 405 Viewing Tables 405 Viewing Utilization Summary 405 Viewing Counter Summary 407 Viewing...

Page 10: ...437 Viewing the CPU Utilization 438 Viewing CPU Utilization Using CLI Commands 440 9 Configuring Quality of Service 441 Quality of Service QoS Overview 441 CoS Services 442 Configuring QoS Global Settings 443 Defining QoS Interface Settings 445 Defining Bandwidth Settings 446 Mapping CoS Values to Queues 448 Mapping DSCP Values to Queues 450 10 Glossary 453 A Device Feature Interaction Information...

Page 11: ...3548P PowerConnect 3524 The PowerConnect 3524 provides 24 10 100Mbps ports plus two SFP ports and two Copper ports which can be used to forward traffic in a stand alone device or as stacking ports when the device is stacked The device also provides one RS 232 console port The PowerConnect 3524 is a stackable device but also operates as a stand alone device PowerConnect 3524P The PowerConnect 3524P...

Page 12: ...vides multiple switch management through a single point as if all stack members are a single unit All stack members are accessed through a single IP address through which the stack is managed The stack is managed from a Web based interface SNMP Management Station Command Line Interface CLI PowerConnect 3524 P and PowerConnect 3548 P devices support stacking up to eight units per stack or can opera...

Page 13: ...erated but no stack management action is required However the stacking link or stacking member must be repaired to ensure the stacking integrity After the stacking issues are resolved the device can be reconnected to the stack without interruption and the Ring topology is restored Stacking Failover Topology If a failure occurs in the stacking topology the stack reverts to Stacking Failover Topolog...

Page 14: ...bers are present and one has been manually configured as the Stack Master the manually configured member is elected as Stack Master If two Master enabled units are present and neither has been manually configured as the Master the one with the longer up time is elected as the Stack Master If two Master enabled units are present and both have been manually configured as the Master the one with the ...

Page 15: ...Added Units are Removed Units are reassigned Unit IDs Units toggle between Stacking Mode and Stand alone Mode Each time the system reboots the Startup Configuration file in the Master unit is used to configure the stack If a stack member is removed from the stack and then replaced with a unit with the same Unit ID the stack member is configured with the original device configuration Only ports whi...

Page 16: ...me The remaining ports receive the default port configuration Figure 1 5 PowerConnect 3524 P port replaces PowerConnect 3548 P port If a PowerConnect 3524 P replaces PowerConnect 3548 P the PowerConnect 3524 P 24 FE ports receives the first 24 FE PowerConnect 3548 P port configuration The GE port configurations remain the same Same Configuration Same Configuration Same Configuration Same Configura...

Page 17: ...ack Master and the Backup Master and continues running on the Backup Master Features Overview This section describes the device features For a complete list of all updated device features see the latest software version Release Notes IP Version 6 IPv6 Support The device functions as an IPv6 compliant Host as well as an IPv4 Host also known as dual stack This allows device operation in a pure IPv6 ...

Page 18: ... so that it is unavailable for additional traffic For information on configuring Flow Control for ports or LAGs see Defining Port Configuration or Defining LAG Parameters Virtual Cable Testing VCT VCT detects and reports copper link cabling occurrences such as open cables and cable shorts For more information on testing cables see Running Cable Diagnostics MDI MDIX Support The device automatically...

Page 19: ...LAN on page 374 Guest VLAN Guest VLAN provides limited network access to unauthorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled the port receives limited network access MAC Address Supported Features MAC Address Capacity Support The device supports up to 8K MAC addresses The device reserves specific MAC addresses for system use Static MAC E...

Page 20: ...ing Internet Group Membership Protocol IGMP Snooping examines IGMP frame contents when they are forwarded by the device from work stations to an upstream Multicast router From the frame the device identifies work stations configured for Multicast sessions and which Multicast routers are sending Multicast frames IGMP Querier simulates the behavior of a multicast router this allows snooping of the l...

Page 21: ...VRP provides IEEE 802 1Q compliant VLAN pruning and dynamic VLAN creation on 802 1Q trunk ports When GVRP is enabled the device registers and propagates VLAN membership on all ports that are part of the active underlying Spanning Tree Protocol Features on page 21 topology For more information see Configuring GVRP Parameters Private VLAN Edge Ports can be assigned to Private VLAN Edge PVE groups A ...

Page 22: ...balancing scenario Packets assigned to various VLANs are transmitted along different paths within MSTP Regions MST Regions Regions are one or more MSTP bridges by which frames can be transmitted The standard lets administrators assign VLAN traffic to unique paths For more information see Configuring the Spanning Tree Protocol Link Aggregation Link Aggregation Up to eight Aggregated Links may be de...

Page 23: ...mation on SNMP Alarms and Traps see Defining SNMP Parameters SNMP Versions 1 2 and 3 Simple Network Management Protocol SNMP over the UDP IP protocol controls access to the system a list of community entries is defined each of which consists of a community string and its access privileges There are 3 levels of SNMP security read only read write and super Only a super user can access the community ...

Page 24: ... system sends notifications of significant events in real time and keeps a record of these events for after the fact usage For more information on Syslog see Managing Logs SNTP The Simple Network Time Protocol SNTP assures accurate network Ethernet Switch clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server Time sources are established by Stra...

Page 25: ... integrity It relies upon certificates and public and private keys Port Based Authentication 802 1x Port based authentication enables authenticating system users on a per port basis via an external server Only authenticated and approved system users can transmit and receive data Ports are authenticated via the Remote Authentication Dial In User Service RADIUS server using the Extensible Authentica...

Page 26: ...nformation on Password Management see Managing Passwords Access Control Lists ACL Access Control Lists ACL allow network managers to define classification actions and rules for specific ingress ports Packets entering an ingress port with an active ACL are either admitted or denied entry and the ingress port is disabled If they are denied entry the user can disable the port For more information see...

Page 27: ...t 3524 front panel Figure 2 1 PowerConnect 3524 Front Panel The front panel contains 24 RJ 45 ports number 1 24 The upper row of ports is marked with odd numbers 1 23 and the lower row of ports is marked with even numbers 2 24 In addition the front panel also contains ports G1 G2 which are fiber ports and ports G3 G4 which are copper ports Ports G3 G4 can either be used as stacking ports or used t...

Page 28: ...panel contains an RPS connector console port and power connector PowerConnect 3548 Port Description The PowerConnect 3548 device is configured with the following ports 48 FE ports RJ 45 ports designated as 10 100Base T ports 2 Fiber ports Designated as 1000Base X SFP ports 2 Gigabit ports Designated as 1000Base T ports Console port RS 232 Console based port The following figure illustrates the Pow...

Page 29: ...The Reset button does not extend beyond the unit s front panel surface so reset by pressing it accidentally is prevented On the front panel are all the device LEDs The following figure illustrates the PowerConnect 3548 back panel Figure 2 4 PowerConnect 3548 Back Panel The back panel contains an RPS connector console port and power connector SFP Ports The Small Form Factor Plugable SFP ports are f...

Page 30: ...at indicate the status of links power supplies fans and system diagnostics Port LEDs Each 10 100 1000 Base T port and 10 100 Base T port has two LEDs The speed LED is located on the left side of the port while the link duplex activity LED is located on the right side The following figure illustrates the 10 100 Base T port LEDs on The PowerConnect 3524 P and PowerConnect 3548 P switches Figure 2 6 ...

Page 31: ... 100BaseT LED Indications LED Color Description Link Activity Speed Green Static The port is running at 100 Mbs Green Flashing The port is either transmitting or receiving data at 100 Mbps Amber Static The port is running at 10 Mbs Yellow Flashing The port is either transmitting or receiving data at 10 Mbps OFF The port is currently not operating FDX Green Static The port is currently operating in...

Page 32: ...ion about Power over Ethernet see Managing Power over Ethernet Amber Static An overload or short has occurred on the Powered Device For more information about Power over Ethernet faults see Managing Power over Ethernet Amber Flashing The powered device power conception exceeds the predefined power allotment For more information about Power over Ethernet power allotments see Managing Power over Eth...

Page 33: ...ndications are described in the following table System LEDs The system LEDs of The PowerConnect 3524 P and PowerConnect 3548 P devices provide information about the power supplies fans thermal conditions and diagnostics The following figure illustrates the system LEDS Figure 2 9 System LEDs Table 2 4 SFP Port LED Indications LED Color Description Link Activity Green Static A link is established Gr...

Page 34: ...edundant power supply is not plugged in Redundant Power Supply RPS models 3524P and 3548P Green Static The RPS is currently operating OFF The redundant power supply has failed or is not plugged in Diagnostics DIAG Green Flashing The system diagnostic test is currently in progress Green Static The system diagnostic test passed successfully Red Static The system diagnostic test failed OFF The system...

Page 35: ...oE device AC Power Supply Unit The AC power supply unit operates from 90 to 264 VAC 47 to 63 Hz The AC power supply unit uses a standard connector LED indicator is on the front panel and indicates whether the AC unit is connected DC Power Supply Unit The PowerConnect 3524 and PowerConnect 3548 switches connect to an external RPS 600 unit to provide a redundant power option No configuration is requ...

Page 36: ...ce is booted in stand alone mode To select a Unit ID for the device reboot the device The Stack Master receives the Unit ID of 1 or 2 If both Unit 1 and Unit 2 are present the unit that is not elected functions as the Backup Master Stack members receive a separate Unit ID 3 8 For example if there are four units in a stack the Master unit is either 1 or 2 the backup Master is either 1 or 2 dependin...

Page 37: ...er unit is reset the remain stacking members are not reset The single reset circuit of the switch is activated by power up or low voltage conditions Ventilation System The PowerConnect 3524 P and PowerConnect 3548 P switches with the PoE feature have five built in fans The non PoE PowerConnect 3524 and PowerConnect 3548 devices have two built in fans Operation can be verified by observing the LED ...

Page 38: ...38 Hardware Description ...

Page 39: ...cking that the LEDs on the front panel are illuminated PoE Models The RPS is currently installed by checking that the PoE LEDs on the front panel are illuminated Clearance There is adequate frontal clearance for operator access Allow clearance for cabling power connections and ventilation Cabling The cabling is routed to avoid sources of electrical noise such as radio transmitters broadcast amplif...

Page 40: ...age Report any damage immediately Mounting the Device The following mounting instructions apply to The PowerConnect 3524 P and PowerConnect 3548 P devices The Console port is on the back panel The power connectors are positioned on the back panel Connecting a Redundant Power Supply RPS is optional but is recommended The RPS connector is on the back panel of the devices Installing in a Rack WARNING...

Page 41: ...into the 48 26 cm 19 inch rack ensuring that the rack mounting holes on the device line up to the mounting holes on the rack 5 Secure the unit to the rack with the rack screws not provided Fasten the lower pair of screws before the upper pair of screws Ensure that the ventilation holes are not obstructed Installing on a Flat Surface The device must be installed on a flat surface if it is not insta...

Page 42: ...tion for Mounting on a Wall 2 Insert the supplied screws into the rack mounting holes and tighten with a screwdriver 3 Repeat the process for the wall mounting bracket on the other side of the device 4 Place the device on the wall in the location where the device is being installed 5 On the wall mark the locations where the screws to hold the device must be prepared 6 Drill holes and place all plu...

Page 43: ...necting to a Terminal 1 Connect an RS 232 crossover cable to the ASCII terminal or the serial connector of a desktop system running terminal emulation software 2 Connect the female DB 9 connector at the other end of the cable to the device serial port connector Front Panel Drilled Holes Wall Drilled Holes ...

Page 44: ...or After connecting the device to a power source confirm that the device is connected and operating correctly by examining the LEDs on the front panel Installing a Stack Overview Each device can operate as a stand alone device or can be a member in a stack Up to eight devices or up to 384 ports are supported per stack All stacks must have a Master unit and may have a Master Backup unit with any ot...

Page 45: ...ice accessories To stack the devices together insert a standard Category 5 cable into port G3 in the uppermost device in the stack and into port G4 of the device immediately below it in the stack Repeat this process until all devices are connected Connect the bottommost device s port G3 in the stack to port G4 of the uppermost device in the stack Figure 3 5 Stacking Cable Diagram NOTE In stacking ...

Page 46: ... Backup Master unit and unit ID 3 to 8 are for Member units Unit ID Selection Process The unit ID selection process is as follows 1 Ensure that the stand alone Master device Console port is connected to a VT100 terminal device or VT100 terminal emulator via the RS 232 crossover cable 2 Locate an AC power receptacle 3 Deactivate the AC power receptacle 4 Connect the device to the AC receptacle 5 Ac...

Page 47: ... page 54 NOTE Before proceeding read the release notes for this product Download the release notes from the Dell Support website at support dell com NOTE It is recommended that you obtain the most recent revision of the user documentation from the Dell Support website at support dell com Connecting to the Device To configure the device the device must be connected to a console However if the devic...

Page 48: ...talled With Windows 2000 Service Pack 2 the arrow keys function properly in HyperTerminal s VT100 emulation Go to www microsoft com for information on Windows 2000 service packs 8 Connect the female connector of the RS 232 crossover cable directly to the device Console port on the Master unit stand alone device and tighten the captive retaining screws The PowerConnect 35xx Series Systems Console p...

Page 49: ...g read the release notes for this product Download the release notes from support dell com Figure 4 1 Installation and Configuration Flow Connect Device and Console Power On Suspend Bootup Yes Press Esc Startup Menu Special Functions Reboot No Loading Program from flash to RAM Enter Wizard Yes No Initial Configuration IP Address Subnet mask Users Basic Security Configuration Wizard Configuration P...

Page 50: ... the Console port After the initial configuration the device can be managed either from the already connected Console port or remotely through an interface defined during the initial configuration If this is the first time the device has booted up or if the configuration file is empty because the device has not been configured the user is prompted to use the Setup Wizard The Setup Wizard provides ...

Page 51: ...p Wizard at any time by entering ctrl Z If you enter N the Setup Wizard exits If there is no response within 60 seconds the Setup Wizard automatically exits and the CLI console prompt appears If you enter Y the Setup Wizard provides interactive guidance through the initial device configuration NOTE If there is no response within 60 seconds and there is a BootP server on the network an address is r...

Page 52: ...o manage from any Management Station 0 0 0 0 Enter the following SNMP community string for example Dell_Network_Manager IP address of the Management System A B C D or wildcard 0 0 0 0 to manage from any Management Station NOTE IP addresses and masks beginning with zero cannot be used Press Enter Wizard Step 2 The following is displayed Now we need to setup your initial privilege Level 15 user acco...

Page 53: ...wing is displayed Finally setup the default gateway Please enter the IP address of the gateway from which this network is reachable e g 192 168 1 1 Default gateway A B C D 0 0 0 0 Enter the default gateway Press Enter The following is displayed as per the example parameters described This is the configuration information that has been collected SNMP Interface Dell_Network_Manager 0 0 0 0 User Acco...

Page 54: ...and BOOTP the configuration received from these servers includes the IP address and may include subnet mask and default gateway Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address the device acts as a DHCP client When the device is reset the DHCP command is saved in the configuration file but the IP address is not To retrieve an IP address from a DHCP...

Page 55: ...on to enable DHCP on an interface that connects to the same DHCP server or to one with an identical configuration In this instance the device retrieves the new configuration file and boots from it The device then enables DHCP as instructed in the new configuration file and the DHCP instructs it to reload the same file again NOTE If you configure a DHCP IP address this address is dynamically retrie...

Page 56: ...e BOOTP server The following example illustrates the process console enable console delete startup config Startup file was deleted console reload You haven t saved your changes Are you sure you want to continue y n n This command will reset the whole system and disconnect your current session Do you want to continue y n n the device reboots To verify the IP address enter the show ip interface comm...

Page 57: ...swords For more information see Security Management and Password Configuration on page 56 Configuring an Initial Terminal Password To configure an initial terminal password enter the following commands console config aaa authentication login default line console config aaa authentication enable default line console config line console console config line login authentication default console config...

Page 58: ...device s mode to enable enter jones Configuring an Initial HTTP Password To configure an initial HTTP password enter the following commands console config ip http authentication local console config username admin password user1 level 15 Configuring an initial HTTPS password To configure an initial HTTPS password enter the following commands console config ip https authentication local console con...

Page 59: ...n Please log in console show banner login console banner exec Successfully logged in console show banner exec Startup Procedures Startup Menu Procedures The procedures called from the Startup menu cover software download flash handling and password recovery The diagnostics procedures are for use by technical support personnel only and are not disclosed in the document You can enter the Startup men...

Page 60: ...lection is made within 35 seconds default the device times out This default value can be changed through CLI NOTE Technical support personnel only can operate the Diagnostics Mode option 4 For this reason Enter Diagnostics Mode is not described in this guide Download Software option 1 The software download procedure is performed when a new version must be downloaded to replace the corrupted files ...

Page 61: ...NMP I CDBITEMSNUM Number of running configuration items loaded 0 01 Jan xxxx 01 01 19 SNMP I CDBITEMSNUM Number of startup configuration items loaded 0 01 Jan xxxx 01 01 20 Box I SFP PRESENT CHNG unit_id 1 SFP 0 status is not present 01 Jan xxxx 01 01 20 Box I SFP PRESENT CHNG unit_id 1 SFP 1 status is not present 2 When using the HyperTerminal click Transfer on the HyperTerminal Menu Bar 3 In the...

Page 62: ...ter config as the name of the flash file The configuration is erased and the device reboots 4 Repeat the device initial configuration Password Recovery option 3 If a password is lost the Password Recovery procedure can be called from the Startup menu The procedure enables entry to the device once without password To recover a lost password when entering the local terminal only 1 From the Startup m...

Page 63: ...osen otherwise To download a system image through the TFTP server 1 Ensure that an IP address is configured on one of the device ports and pings can be sent to a TFTP server 2 Make sure that the file to be downloaded is saved on the TFTP server the arc file 3 Enter the show version command to verify which software version is currently running on the device The following is an example of the inform...

Page 64: ...s is timed out Many periods in a row indicate that the copying process failed 6 Select the image for the next boot by entering the boot system command After this command enter the show bootvar command to verify that the copy indicated as a parameter in the boot system command is selected for the next boot The following is an example of the information that appears console boot system image 2 conso...

Page 65: ... verify which software version is currently running on the device The following is an example of the information that appears console show version SW version 1 0 0 30 date 27 Jan xxxx time 13 42 41 Boot version 1 0 0 05 date 27 Jan xxxx time 15 12 20 HW version 4 Enter the copy tftp tftp address file name boot command to copy the boot image to the device The following is an example of the informat...

Page 66: ...attempting to operate in half duplex MDI MDIX The device supports auto detection of straight through and crossed cables on all switching 10 100 1000BaseT ports The feature is part of the Auto negotiation and is enabled when Auto negotiation is enabled When the MDI MDIX Media Dependent Interface with Crossover is enabled the automatic correction of errors in cable selection is possible thus making ...

Page 67: ...s Table 4 1 Port Default Settings Function Default Setting Port speed and mode 10 100BaseT copper auto negotiation 100 Mbps full duplex 10 100 1000BaseT copper SFP auto negotiation1000 Mbps full duplex Port forwarding state Enabled Port tagging No tagging Flow Control Off disabled on ingress Back Pressure Off disabled on ingress ...

Page 68: ...68 Configuring PowerConnect 3524 P and 3548 P ...

Page 69: ...e address bar and press Enter 3 When the Log In window displays enter a user name and password NOTE Passwords are both case sensitive and alpha numeric 4 Click OK The Dell OpenManage Switch Administrator home page displays Understanding the Interface The home page contains the following views Tree view Located on the left side of the home page the tree view provides an expandable view of the featu...

Page 70: ...r to the right the tree area can be expanded to display the full name of a component 2 The device view provides information about device ports current configuration and status table information and feature components Depending on the option selected the area at the bottom of the device view displays other device information and or dialogs for configuring parameters 3 The components list contains a...

Page 71: ...rConnect Port and Stacking Indicators NOTE The Port LEDs are not reflected in PowerConnect front panel in the OpenManage Switch Administrator LED status can only be determined by viewing the actual device However the Stacking LEDs reflect the Stacking port status For more information about LEDs see LED Definitions Component Description Port Indicators Green The port is currently enabled Red An err...

Page 72: ...to assist in configuring and managing the device The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays when Help is clicked About Contains the version and build number and Dell copyright information Log Out Opens the Log Out window Table 5 4 Device Management Buttons Button Description Apply Changes Applies set changes to th...

Page 73: ...evice is connected to the device prior to beginning using CLI commands For information about configuring an initial IP Address see Initial Configuration on page 50 NOTE Ensure that the software has been downloaded to the device before using the CLI to remotely access the device Terminal Connection 1 Power on the device and wait until the startup is complete 2 When the Console prompt displays type ...

Page 74: ...list of commands available for that particular command mode In each mode a specific command is used to navigate from one command mode to another During the CLI session initialization the CLI mode is the User EXEC mode Only a limited subset of commands are available in the User EXEC mode This level is reserved for tasks that do not change the terminal configuration and is used to access configurati...

Page 75: ...ting parameters Passwords are displayed on the screen and are case sensitive To access and list the Privileged EXEC mode commands 1 At the prompt type enable and press Enter 2 When a password prompt displays enter the password and press Enter The Privileged EXEC mode prompt displays as the device host name followed by For example console To list the Privileged EXEC commands type a question mark at...

Page 76: ...st name followed by config and the pound sign console config To list the Global Configuration commands enter a question mark at the command prompt To return from Global Configuration mode to Privileged EXEC mode type the exit command or use the Ctrl Z key combination The following example illustrates how to access Global Configuration mode and return back to the Privileged EXEC mode console consol...

Page 77: ...h software and resetting the switch To open the System page Click a link below to access on line help for the indicated screen Click System in the tree view Figure 6 1 System This section contians the following topics Defining General Switch Information on page 78 Configuring SNTP Settings on page 101 Managing Logs on page 113 Defining IP Addressing on page 128 Running Cable Diagnostics on page 16...

Page 78: ...wing Switch Asset Information on page 78 Asset on page 78 Defining System Time Settings on page 84 Viewing System Health Information on page 90 Managing Power over Ethernet on page 92 Viewing Version Information on page 98 Managing Stack Members on page 99 Resetting the Device on page 100 Viewing Switch Asset Information Asset The Asset page contains parameters for configuring and viewing general ...

Page 79: ...address Sys Object ID The vendor s authoritative identification of the network management subsystem contained in the entity Date The current date The format is day month year for example 15 FEB 07 is February 15 2007 Time Indicates the time The format is hour minute second for example 20 12 21 is eight twelve and twenty one seconds in the evening System Up Time Specifies the amount of time since t...

Page 80: ...ommands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Asset page Table 6 1 Asset CLI Commands CLI Command Description hostname name Indicates or modifies the device host name snmp server contact text Sets up a system contact snmp server location text Enters information on where the device is located clock set hh mm ss day month year Manu...

Page 81: ...config snmp server contact Dell_Tech_Supp dell config snmp server location New_York dell config exit Console config snmp server host 10 1 1 1 management 2 Console clock set 13 32 00 7 Mar 2002 Console show clock 15 29 03 Jun 17 2002 console show system id Service tag Serial number 51 Asset tag console show system System Description Ethernet Switch System Up Time days hour min sec 0 00 00 57 System...

Page 82: ...OK console show system id Unit Serial number Asset tag Service tag 1 893658972 mkt 1 89788978 2 893658973 mkt 2 89788979 3 893658974 mkt 3 89788980 4 893658975 mkt 4 89788981 5 893658976 mkt 5 89788982 6 893658977 mkt 6 89788983 7 893658978 mkt 7 89788984 8 893658979 mkt 8 89788985 console show system Unit Type 1 PowerConnect 3524 2 PowerConnect 3524 3 PowerConnect 3524 4 PowerConnect 3524P 5 Powe...

Page 83: ...OK 3 OK 4 OK 5 OK OK 6 OK OK 7 OK OK 8 OK OK Unit Fan1 Fan2 Fan3 Fan4 Fan5 1 OK OK 2 OK OK 3 OK OK 4 OK OK 5 OK OK OK OK OK 6 OK OK OK OK OK 7 OK OK OK OK OK 8 OK OK OK OK OK Unit Temperature Celsius Temperature Sensor Status 1 30 OK 2 30 OK 3 30 OK 4 30 OK 5 30 OK 6 30 OK 7 30 OK 8 30 OK ...

Page 84: ...he 3rd Saturday in March During the period of Daylight Saving Time Brazilian clocks go forward one hour in most of the Brazilian southeast Chile Easter Island 9th March 12th October The first Sunday in March or after 9th March China China does not operate Daylight Saving Time Canada From the first Sunday in April until the last Sunday of October Daylight Saving Time is usually regulated by provinc...

Page 85: ... Sunday in October until the first Sunday on or after 15th March Norway Last weekend of March until the last weekend of October Paraguay From 6th April until 7th September Poland Last weekend of March until the last weekend of October Portugal Last weekend of March until the last weekend of October Romania Last weekend of March until the last weekend of October Russia From the 29th March until the...

Page 86: ...ld values Local Specifies that the system time is not set by an external source SNTP Specifies that the system time is set via an SNTP server For more information see Configuring SNTP Settings on page 104 Local Settings Date Defines the system date The field format is DD MMM YY for example 04 May 07 Local Time Defines the system time The field format is HH MM SS for example 21 15 03 Time Zone Offs...

Page 87: ...To fields must be defined Time Set Offset 1 1440 Indicates the difference in minutes between DST and the local standard time The default time is 60 minutes From Defines the time that DST begins in countries other than USA or Europe in the format DayMonthYear in one field and time in another For example DST begins on the 25th October 2007 5 00 am the two fields will be 25Oct07 and 5 00 The possible...

Page 88: ...00 am The possible field values are Day The day of the week at which DST ends every year The possible field range is Sunday Saturday Week The week within the month at which DST ends every year The possible field range is 1 5 Month The month of the year in which DST ends every year The possible field range is Jan Dec Time The time at which DST ends every year The field format is Hour Minute for exa...

Page 89: ... time Configures the system to automatically switch to summer time Daylight Savings Time clocksummer timerecurring usa eu week day month hh mm week day month hh mm offset offset zone acronym Configures the system to automatically switch to summer time according to the USA and European standards clock summer time date date month year hh mm date month year hh mm offset offset zone acronym Configures...

Page 90: ...d values are Checked The power supply is operating normally Unchecked The power supply is not operating normally Not Present The power supply is currently not present Fan Status The non PoE devices have two fans while the PoE devices have five fans Each fan is denoted as fan plus the fan number in the interface The possible field values are Checked The fan is operating normally Unchecked The fan i...

Page 91: ... for viewing fields displayed on the System Health page The following is an example of the system health CLI command Celsius Fahrenheit 0 32 5 41 10 50 15 59 20 68 25 77 30 86 35 95 40 104 Table 6 4 System Health CLI Command CLI Command Description show system unit unit Displays system information console show system Unit Type 1 PowerConnect 3524 Unit Main Power Supply Redundant Power Supply 1 OK ...

Page 92: ...are devices which receive power from the PowerConnect power supplies for example IP phones Powered Devices are connected to the PowerConnect device via Ethernet ports Powered devices are connected via either all PowerConnect 3524P s 24 FE ports or all PowerConnect 3548P s 48 FE ports To open the Power Over Ethernet page click System General Power over Ethernet in the tree view Fan1 Fan2 Fan3 Fan4 ...

Page 93: ...Configuring System Information 93 Figure 6 5 Power Over Ethernet The Power Over Ethernet page contains the following sections Global Port Settings ...

Page 94: ...the device This is the default value Port Settings Select a Port Indicates the specific interface for which PoE parameters are defined and assigned to the powered interface connected to the selected port PoE Admin Status Indicates the device PoE mode The possible field values are Auto Enables the Device Discovery protocol and provides power to the device using the PoE module The Device Discovery P...

Page 95: ...ned a power consumption level of 44 to 12 95 Watts Class 1 0 44 3 8 Indicates that the port is assigned a power consumption level of 44 to 3 8 Watts Class 2 3 84 6 49 Indicates that the port is assigned a power consumption level of 3 84 to 6 49 Watts Class 3 6 49 12 95 Indicates that the port is assigned a power consumption level of 6 49 to 12 95 Watts Powered Device 0 24 characters Provides a use...

Page 96: ...mmands for viewing fields displayed on the Power Over Ethernet page Table 6 5 System Health CLI Commands CLI Command Description power inline auto never Configures the administrative mode of the inline power on an interface power inline powered device pd type Adds a description of the powered device type power inline priority critical high low Configures the priority of the interface from the poin...

Page 97: ...sable 3 Off 1 Watts 0 Watts 0 95 Disable 4 Off 1 Watts 0 Watts 0 95 Disable 5 Off 1 Watts 0 Watts 0 95 Disable 6 Off 1 Watts 0 Watts 0 95 Disable 7 Off 1 Watts 0 Watts 0 95 Disable 8 Off 1 Watts 0 Watts 0 95 Disable Port Powered Device State Status Prior ity Class 1 e1 Auto Searching low class0 1 e2 Auto Searching low class0 1 e3 Auto Searching low class0 1 e4 Auto Searching low class0 1 e5 Auto S...

Page 98: ...s page click System General Versions in the tree view Figure 6 7 Versions The Versions page contains the following fields Unit No Indicates the unit number for which the device versions are displayed Software Version The current software version running on the device Boot Version The current Boot version running on the device Hardware Version The current device hardware version ...

Page 99: ...anagers to switch stack control between unit 1 and unit 2 in the stack To open the Stack Management page click System General Stack Management in the tree view Figure 6 8 Stack Management Switch Stack Control from Unit 1 to Unit 2 Enables switching from the current stack Master to the backup Master unit Table 6 6 Versions CLI Commands CLI Command Description show version Displays system version in...

Page 100: ...Stack Management page Resetting the Device The Reset page enables the device to be reset from a remote location Save all changes to the Startup Configuration file before resetting the device This prevents the current device configuration from being lost For more information about saving Configuration files see Copy Files on page 239 To open the Reset page click System General Reset in the tree vie...

Page 101: ... is an example of the CLI command Configuring SNTP Settings The switch supports the Simple Network Time Protocol SNTP SNTP assures accurate network switch clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server SNTP operates only as a client and cannot provide time services to other systems The switch can poll the following server types for the s...

Page 102: ...is used for polling a server for which the IP address is known SNTP servers that are configured on the device are the only ones that are polled for synchronization information T1 T4 are used to determine server time This is the preferred method for synchronizing device time as it is most secure If this method is selected SNTP information is accepted only from SNTP servers defined on the device usi...

Page 103: ... from the SNTP server that responded first MD5 Message Digest 5 Authentication safeguards device synchronization paths to SNTP servers MD5 is an algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication To open the SNTP page click System SNTP in the tree view to open the ...

Page 104: ...f the Receive Broadcast Servers Updates Receive Anycast Servers Updates and the Receive Unicast Servers Updates fields are all enabled the system time is set according the Unicast server time information Poll Unicast Requests Sends SNTP Unicast server time information requests to the SNTP server when enabled Defining SNTP Global Settings 1 Open the SNTP Global Settings page 2 Define the fields 3 C...

Page 105: ...between the device and an SNTP server Enable Authenticates SNTP sessions between the device and SNTP server Disable Disables authenticating SNTP sessions between the device and SNTP server Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 Authentication Key up to 8 Characters The key used for authentication Trusted ...

Page 106: ...entication Key page opens Figure 6 12 Add Authentication Key 3 Define the fields 4 Click Apply Changes The SNMP authentication key is added and the device is updated Displaying the Authentication Key Table 1 Open the SNTP Authentication page 2 Click Show All The Authentication Key Table opens Figure 6 13 Authentication Key Table ...

Page 107: ...owing is an example of the CLI commands Defining SNTP Servers You can enable SNTP servers as well as add new SNTP servers from the SNTP Servers page To open the SNTP Servers page click System SNTP Servers in the tree view Table 6 10 SNTP Authentication CLI Commands CLI Command Description sntp authenticate Defines authentication for received Simple Network Time Protocol SNTP traffic from servers s...

Page 108: ...tion The possible field values are Primary The primary server provides SNTP information Secondary The backup server provides SNTP information Status The operating SNTP server status The possible field values are Up The SNTP server is currently operating normally Down Indicates that a SNTP server is currently not available For example the SNTP server is currently not connected or is currently down ...

Page 109: ...version 6 is supported IPv4 IP version 4 is supported IPv6 Address Type When the server supports IPv6 see previous parameter this specifies the type of static address supported The possible values are Link Local A Link Local address that is non routable and used for communication on the same network only Global A globally unique IPv6 address visible and reachable from different subnets Link Local ...

Page 110: ...ers Table Modifying an SNTP Server 1 Open the SNTP Servers page 2 Click Show All The SNTP Servers Table opens 3 Select an SNTP Server entry 4 Modify the relevant fields 5 Click Apply Changes The SNTP Server information is updated Deleting the SNTP Server 1 Open the SNTP Servers page 2 Click Show All The SNTP Servers Table opens 3 Select an SNTP Server entry 4 Select the Remove check box 5 Click Ap...

Page 111: ...rfaces The SNTP Broadcast Interface Table page contains SNTP interface information To open the SNTP Broadcast Interface Table page click System SNTP Interface Settings Figure 6 17 SNTP Broadcast Interface Table Table 6 11 SNTP Server CLI Commands CLI Command Description sntp server ipv4 address ipv6 address hostname poll key keyid Configures the device to use SNTP to request and accept SNTP traffi...

Page 112: ...terface entry Unchecked Maintains the SNTP interface entry Adding an SNTP Interface 1 Open the SNTP Broadcast Interface Table page 2 Click Add The Add SNTP Interface page opens Figure 6 18 Add SNTP Interface 3 Define the relevant fields 4 Click Apply Changes The SNTP interface is added and the device is updated Defining SNTP Interface Settings Using CLI Commands The following table summarizes the ...

Page 113: ...ewing the RAM Log Table on page 118 Viewing the Log File Table on page 120 Viewing the Device Login History on page 121 Modifying Remote Log Server Definitions on page 123 console show sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 8 En...

Page 114: ...d to the specified logging location Alert The second highest warning level An alert log is saved if there is a serious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device...

Page 115: ...the lowest To open the Logs Global Parameters page click System Logs Global Parameters in the tree view Figure 6 19 Logs Global Parameters The Logs Global Parameters page contains the following parameters Logging Enables or disables device global logs for Cache File and Server Logs Console logs are enabled by default Log Authentication Events Enables or disables generating logs when users are auth...

Page 116: ... remain functional Error A device error has occurred for example a copy operation has failed Warning The lowest level of a device warning For example the device is functioning but a port link is currently down Notice Provides important device information Informational Provides device information For example a port is currently up Debug Provides debugging messages The Global Log Parameters page als...

Page 117: ... level Limits syslog messages displayed from an internal buffer RAM based on severity logging file level Limits syslog messages sent to the logging file based on severity clear logging Clears logs clear logging file Clears messages from the logging file show syslog servers Displays the syslog servers settings console config logging on console config logging console errors console config logging bu...

Page 118: ...ch the log was entered into the RAM Log Table Severity Indicates the log severity Description Description of the log entry Removing Log Information 1 Open the RAM Log Table 2 Click Clear Log The log information is removed from the RAM Log Table and the device is updated Viewing and Clearing the RAM Log Table Using the CLI Commands The following table summarizes the equivalent CLI commands for view...

Page 119: ...lete Rename Enabled Management ACL Deny Enabled 01 Jan 2000 09 23 34 Box I PS STAT CHNG PS 1 status is operational 01 Jan 2000 09 23 29 Box W PS STAT CHNG PS 1 status is not operational 01 Jan 2000 09 22 44 Box I PS STAT CHNG PS 1 status is operational 01 Jan 2000 09 22 39 Box W PS STAT CHNG PS 1 status is not operational 01 Jan 2000 09 10 34 Box I PS STAT CHNG PS 1 status is operational 01 Jan 20...

Page 120: ...lds Log Index The log number in the Log File Table Log Time Indicates the time at which the log was entered in the Log File Table Severity Indicates the log severity Description The log message text Displaying the Log File Table Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Log File Table Table 6 16 Log File Table ...

Page 121: ...onsole show logging file Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 62 Logged 62 Displayed 200 Max File Logging Level debug File Messages 11 Logged 51 Dropped SysLog server 12 1 1 2 Logging warning Messages 14 Dropped SysLog server 1 1 1 1 Logging info Messages 0 Dropped 01 Jan 2000 01 12 01 COPY W TRAP The copy operation was ...

Page 122: ... Indicates the time the selected user logged on to the device User Name Indicates the user that logged on to the device Protocol Indicates the means by which the user logged on to the device Location Indicates the IP address of the station from which the device was accessed Viewing Login History 1 Open the Login History page 2 Select a user in the User Name field 3 Click Apply Changes The login in...

Page 123: ...y events are automatically selected to appear in the log When a security level is not selected no lower severity events appear in the log For example if Warning is selected all severity levels higher and including Warning will appear in the log Additionally no events with a lower security level than Warning will be listed To open the Remote Log Server Settings page click System Logs Remote Server ...

Page 124: ... possible range is 1 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility level is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible fi...

Page 125: ...sible values are IPv6 IP version 6 is supported IPv4 IP version 4 is supported IPv6 Address Type When the server supports IPv6 see previous parameter this specifies the type of static address supported The possible values are Link Local A Link Local address that is non routable and used for communication on the same network only Global A globally unique IPv6 address visible and reachable from diff...

Page 126: ... Click Add The Add a Log Server page opens Figure 6 24 Add a Log Server The Add a Log Server page contains the additional field New Log Server IP Address Defines the IP address of the new Log Server 3 Define the fields 4 Click Apply Changes The server is defined and added to the Available Servers list ...

Page 127: ...ect the Remove check box to remove the server s 5 Click Apply Changes The Log Servers Table entry is removed and the device is updated Working with Remote Server Logs Using the CLI Commands The following table summarizes the equivalent CLI command for working with remote log servers Table 6 18 Remote Log Server CLI Commands CLI Command Description logging ipv4 address ipv6 addres hostname port por...

Page 128: ... Name Systems on page 154 console enable console configure console config logging 10 1 1 1 severity critical console config end console show logging Logging is enabled Console Logging Level debug Console Messages 5 Dropped Buffer Logging Level debug Buffer Messages 16 Logged 16 Displayed 200 Max File Logging Level error File Messages 0 Logged 209 Dropped SysLog server 31 1 1 2 Logging error Messag...

Page 129: ...s and removes the leading zeros IPv6 Prefixes While unicast IPv6 addresses written with their prefix lengths are permitted in practice their prefix lengths are always 64 bits and therefore are not required to be expressed Any prefix that is less than 64 bits is a route or address range that is summarizing a portion of the IPv6 address space For every assignment of an IP address to an interface the...

Page 130: ...ult gateway Unchecked Maintains the default gateway Selecting a Device s IPv4 Gateway 1 Open the IPv4 Default Gateway page 2 Type an IP address in the User Defined field 3 Select the Active check box 4 Click Apply Changes The device s Default Gateway is selected and the device is updated Removing a Device s IPv4 Default Gateway Device 1 Open the IPv4 Default Gateway page 2 Select the Remove User D...

Page 131: ...Pv4 Interface Parameters page contains fields for assigning IP parameter to interfaces To open the IP Interface Parameters page click System IP Addressing IPv4 Interface Parameters in the tree view Figure 6 27 IPv4 Interface Parameters Table 6 19 Default Gateway CLI Commands CLI Command Description ip default gateway ip address Defines a default gateway no ip default gateway Removes a default gate...

Page 132: ...face Unchecked Maintains the selected interface Adding an IPv4 IP Interface 1 Open the IPv4 Interface Parameters page 2 Click Add The Add a Static IPv4 Interface page opens Figure 6 28 Add a Static IPv4 Interface In addition to the parameters on the IP Interface Parameters page the Add a Static IP Interface page contains the following parameter Network Mask Indicates the subnetwork mask of the IP ...

Page 133: ...ck Apply Changes The selected IP address is deleted and the device is updated Defining IPv4 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IPv4 Interfaces Parameters page Table 6 20 IPv4 Interface Parameters CLI Commands CLI Command Description ip address ip address mask prefix length Sets an IP address no ip address ip ...

Page 134: ...en the DHCP IPv4 Interface page click System IP Addressing DHCP IPv4 Interface in the tree view Figure 6 30 DHCP IPv4 Interface console config interface vlan 1 console config if ip address 92 168 1 123 255 255 255 0 console config if no ip address 92 168 1 123 console config if end console show ip interface vlan 1 Gateway IP Address Activity status 192 168 1 1 Active IP address Interface Type 192 ...

Page 135: ...ected removes DHCP clients Checked Removes the selected DHCP client Unchecked Maintains the selected DHCP client Adding DHCP Clients 1 Open the DHCP IPv4 Interface page 2 Click Add The Add DHCP IPv4 Interface page opens Figure 6 31 Add DHCP IPv4 Interface 3 Complete the information on the page 4 Click Apply Changes The DHCP Interface is added and the device is updated Modifying a DHCP IPv4 Interfa...

Page 136: ...is deleted and the device is updated Defining DHCP IPv4 Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for defining DHCP clients The following is an example of the CLI command Table 6 21 DHCP IPv4 Interface CLI Commands CLI Command Description ip address dhcp hostname host name To acquire an IP address on an Ethernet interface from the Dynamic Host Configu...

Page 137: ... When selected removes the IPv6 attributes of the interface DAD Attempts Defines the number of consecutive neighbor solicitation messages that are sent on an interface while Duplicate Address Detection DAD is performed on unicast IPv6 addresses on this interface New addresses remain in a tentative state while duplicate address detection is performed A field value of 0 disables duplicate address de...

Page 138: ...ample a rate limit interval of 100 ms and a bucket size of 10 messages translates to 100 ICMP error messages per second Default is 100 ICMP error messages per second this corresponds to the default interval of 100 ms multiplied by the default bucket size of 10 IPv6 Address Indicates the IPv6 address assigned to the interface The address must be a valid IPv6 address specified in hexadecimal using 1...

Page 139: ...ld values Tentative Indicates the system is in process of IPv6 address duplication verification Duplicate Indicates the IPv6 address is being used by an another host on the network The duplicated IPv6 address is suspended and is not used for sending or receiving any traffic Active Indicates the IPv6 address is set to active Remove When selected removes the address from the table Adding an IPv6 Int...

Page 140: ...opens Figure 6 35 Add IPv6 Address 3 Complete the fields on the page 4 Click Apply Changes The new address is added and the device is updated Modifying IPv6 Interface Parameters 1 Open the IPv6 Interface page 2 Select an interface in the Interface drop down menu 3 Modify the required fields 4 Click Apply Changes The parameters are modified and the device is updated ...

Page 141: ...ables the generation of Internet Control Message Protocol for IPv6 ICMPv6 unreachable messages for any packets arriving on a specified interface show ipv6 interface ethernet interface number vlan vlan id port channel number Displays the usability status of interfaces configured for IPv6 ipv6 nd dad attempts attempts number Configures the number of consecutive neighbor solicitation messages that ar...

Page 142: ...her precedence over an automatically advertised router When removing an IP interface all of its default gateway IP addresses are removed Dynamic IP addresses cannot be removed An Alert message appears once a user attempts to insert more than one user defined address An Alert message appears when attempting to insert a none Link Local type address console show ipv6 interface vlan 1 Number of ND DAD...

Page 143: ...he Link Local IPv6 address of the default gateway Interface Specifies the outgoing interface through which the default gateway can be reached Interface refers to any Port LAG VLAN and or Tunnel Type Specifies the means by which the default gateway was configured The possible field values are Static Indicates the default gateway is user defined Dynamic Indicates the default gateway is dynamically c...

Page 144: ...chable and traffic has recently been sent to the default gateway Rather than probe the default gateway immediately however there is a delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation Probe Indicates that the default gateway is no longer known to be reachable and unicast Neighbor Solicitation probes are being sent to verify ...

Page 145: ...P address is represented using the 64 bit prefix 0 5EFE w x y z where 5EFE is the ISATAP identifier and w x y z is a public or private IPv4 address Thus a Link Local address will be represented as FE80 5EFE w x y z Once the last IPv4 address is removed from the interface the ISATAP IP interface state becomes inactive and is represented as Down however the Admin state remains enabled When defining ...

Page 146: ...Selecting the check box returns settings to default Domain Name Query Interval Specifies the interval between DNS Queries before the IP address of the ISATAP router is known for the automatic tunnel router domain name The range is 10 3600 seconds The default is 10 seconds Use Default Selecting the check box returns settings to default ISATAP Router Solicitation Interval Specifies the interval betw...

Page 147: ...ess ipv4 address interface Sets the local source IPv4 address of a tunnel interface tunnel isatap query interval seconds Configures the interval between DNS Queries before the IP address of the ISATAP router is known for the automatic tunnel router domain name tunnel isatap solicitation interval seconds Configures the interval between ISATAP router solicitations messages when there is no active IS...

Page 148: ...e active neighbors paths The device supports a total of up to 256 neighbors obtained either statically or dynamically When removing an IPv6 interface all neighbors learned statically and dynamically are removed To open the IPv6 Neighbors page click System IP Addressing IPv6 Neighbors in the tree view Figure 6 39 IPv6 Neighbors Interface Displays the interface on which IPv6 Interface is defined Int...

Page 149: ...k layer address of the neighbor has not yet been determined Reachable Indicates that the neighbor is known to have been reachable recently within tens of seconds ago Stale Indicates that the neighbor is no longer known to be reachable but until traffic is sent to the neighbor no attempt is made to verify its reachability Delay Indicates that the neighbor is no longer known to be reachable and traf...

Page 150: ...ying Neighbor Parameters 1 Open the IPv6 Neighbors page 2 Select an IP address in the IPv6 Address drop down menu 3 Modify the required fields 4 Click Apply Changes The parameters are modified and the device is updated Deleting Neighbors 1 Open the IPv6 Neighbors page 2 Click Show All The IPv6 Neighbors Table opens Figure 6 41 IPv6 Neighbors Table ...

Page 151: ...ommands for setting fields displayed in the IPv6 Neighbors page The following is an example of the CLI commands Table 6 25 IPv6 Neighbors Parameters CLI Commands CLI Command Description ipv6 neighbor ipv6_addr hw_addr ethernet interface number vlan vlan id port channel number Configures a static entry in the IPv6 neighbor discovery cache show ipv6 neighbors static dynamic ipv6 address ipv6 address...

Page 152: ...ange is 5 128 Interface Displays the interface that is used to forward the packet Interface refers to any Port LAG or VLAN Next Hop Defines the address to which the packet is forwarded on the route to the Destination address typically the address of a neighboring router This can be either a Link Local or Global IPv6 address Metric Indicates the value used for comparing this route to other routes w...

Page 153: ...ss hostname size packet_size ttl max ttl count packet_count timeout time_out source ip address tos tos Discovers the routes that IPv6 packets will actually take when traveling to their destination show ipv6 route Displays the current state of the ipv6 routing table Console show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the brackets is the metric S 0 via fe80 77 ...

Page 154: ...ing specific DNS servers To open the Domain Naming System DNS page click System IP Addressing Domain Naming System DNS in the tree view Figure 6 43 Domain Naming System DNS The Domain Naming System DNS page contains the following fields DNS Status Enables or disables translating DNS names into IP addresses DNS Server Contains a list of DNS servers DNS servers are added from the Add DNS Server page...

Page 155: ...A globally unique IPv6 address visible and reachable from different subnets Link Local Interface When the server supports an IPv6 Link Local address see previous parameter this specifies the the Link Local interface The possible values are VLAN1 The IPv6 interface is configured on VLAN1 ISATAP The IPv6 interface is configured on ISATAP tunnel Adding a DNS Server 1 Open the Domain Naming System DNS...

Page 156: ...how All The DNS Server Table opens Figure 6 45 DNS Server Table Removing DNS Servers 1 Open the Domain Naming System DNS page 2 Click Show All The DNS Server Table page opens 3 Select a DNS Server Table entry 4 Select the Remove checkbox 5 Click Apply Changes The selected DNS server is deleted and the device is updated ...

Page 157: ...ame Table 6 27 DNS Server CLI Commands CLI Command Description ip name server server address Sets the available name servers Up to eight name servers can be set no ip name server server address Removes a name server ip domain name name Defines a default domain name that the software uses to complete unqualified host names clear host name Deletes entries from the host name to address cache show hos...

Page 158: ...the selected domain name Unchecked Maintains the selected domain name Defining DNS Domain Names Using the CLI Commands The following table summarizes the CLI commands for configuring DNS domain names The following is an example of the CLI commands Table 6 28 DNS Domain Name CLI Commands CLI Command Description ip domain name name Defines a default domain name that the software uses to complete unq...

Page 159: ...Host Name Mapping page contains the following fields Host Name Contains a Host Name list Host Names are defined in the Add Host Name Mapping page Each host provides one IP address IP Address X X X X Provides an IP address that is assigned to the specified host name Type The IP address type The possible field values are Dynamic The IP address is created dynamically Static The IP address is a static...

Page 160: ...able and used for communication on the same network only Global A globally unique IPv6 address visible and reachable from different subnets Link Local Interface When the server supports an IPv6 Link Local address see previous parameter this specifies the the Link Local interface The possible values are VLAN1 The IPv6 interface is configured on VLAN1 ISATAP The IPv6 interface is configured on ISATA...

Page 161: ... Mapping Table entry is deleted and the device is updated Mapping IP addresses to Domain Host Names Using the CLI Commands The following table summarizes the equivalent CLI commands for mapping Domain Host names to IP addresses Table 6 29 Domain Host Name CLI Commands CLI Command Description ip host name address Defines the static host name to address mapping in the host cache no ip host name Remo...

Page 162: ...onverts IP addresses into physical addresses and maps the IP address to a MAC address ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known To open the ARP Settings page click System IP Addressing ARP in the tree view Figure 6 50 ARP Settings console config ip host accounting abc com 176 10 23 1 ...

Page 163: ...on to activate the fields for ARP settings on a single Ethernet devices Interface The interface number of the port LAG or VLAN that is connected to the device IP Address The station IP address which is associated with the MAC address filled in below MAC Address The station MAC address which is associated in the ARP table with the IP address Status The ARP Table entry status Possible field values a...

Page 164: ...le 6 30 ARP Settings CLI Commands CLI Command Description arp ip_addr hw_addr ethernet interface number vlan vlan id port channel number Adds a permanent entry in the ARP cache arp timeout seconds Configures how long an entry remains in the ARP cache clear arp cache Deletes all dynamic entries from the ARP cache show arp Displays entries in the ARP Table no arp Removes an ARP entry from the ARP Ta...

Page 165: ...ntains fields for performing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error which occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are te...

Page 166: ...ure that both ends of the copper cable are connected to a device 2 Open the Integrated Cable Test for Copper Cables page 3 Select an interface to test 4 Click Test Now The copper cable test is performed and the results are displayed on the Integrated Cable Test for Copper Cables page Displaying Virtual Cable Test Results Table This screen displays the results of tests that have been previously run...

Page 167: ...be performed only when the link is present Finisar transceivers do not support transmitter fault diagnostic testing Fiber Optic analysis feature works only on SFPs that support the digital diagnostic standard SFF 872 To open the Optical Transceiver Diagnostics page click System Diagnostics Optical Transceiver Diagnostics in the tree view Table 6 31 Copper Cable Test CLI Commands CLI Command Descri...

Page 168: ...he cable is operating Output Power The rate at which the output power is transmitted Input Power The rate at which the input power is transmitted Transmitter Fault Indicates if a fault occurred during transmission Loss of Signal Indicates if a signal loss occurred in the cable Data Ready The transceiver has achieved power up and data is ready Displaying the Optical Transceiver Diagnostics Test Res...

Page 169: ... Fiber Optic Cable Tests Using CLI Commands The following table contains the CLI command for performing fiber optic cable tests The following is an example of the CLI command Table 6 32 Fiber Optic Cable Test CLI Commands CLI Command Description show fiber ports optical transceiver interface detailed Displays the optical transceiver diagnostics Console show fiber ports optical transceiver detailed...

Page 170: ... RADIUS Settings on page 200 Defining Access Profiles The Access Profiles page contains fields for defining profiles and rules for accessing the device Access to management functions can be limited to user groups which are defined by ingress interfaces and source IP address or source IP subnets Management access can be separately defined for each type of management access method including Web HTTP...

Page 171: ...ted active management of the device is performed using the console connection only Current Active Access Profile The access profile that is currently active Set Access Profile Active Activates an access profile Remove Removes an access profile from the Access Profile Name list Checked Removes the access profile Unchecked Maintains the access profile Activating a Profile 1 Open the Access Profiles ...

Page 172: ...les for an Access Profile 1 Open the Access Profiles page 2 Click Add Profile The Add an Access Profile page opens Figure 6 56 Add an Access Profile The Add an Access Profile page contains the following additional fields Access Profile Name 1 32 Characters User defined name for the access profile The Access Profile name can contain up to 32 characters Rule Priority 1 65535 The rule priority When t...

Page 173: ... device Interface The interface type to which the rule applies This is an optional field This rule can be applied to a selected port LAG or VLAN by selecting the check box then selecting the appropriate option button and interface Enable Source IP Address Check this parameter to restrict conditions based on the source IP address When unchecked the source IP address cannot be entered into a configu...

Page 174: ... is updated Adding Rules to Access Profile The first rule must be defined to beginning matching traffic to access profiles 1 Open the Access Profile page 2 Click Add Rule to Profile The Add an Access Profile Rule page opens Figure 6 57 Add an Access Profile Rule 3 Complete the fields 4 Click Apply Changes The rule is added to the access profile and the device is updated ...

Page 175: ...rule which meets the rule criteria 1 Open the Access Profiles page 2 Click Show All The Profile Rules Table page opens Figure 6 58 Profile Rules Table Removing a Rule 1 Open the Access Profiles page 2 Click Show All The Profile Rules Table page opens 3 Select a rule 4 Select the Remove check box 5 Click Apply Changes The selected rule is deleted and the device is updated ...

Page 176: ... vlan id port channel number service service Sets port permitting conditions for the management access list and the selected management method deny ethernet interface number vlan vlan id port channel number service service Sets port denying conditions for the management access list and the selected management method deny ip source ipv4 address ipv6 address prefix length mask mask prefix length eth...

Page 177: ...ser database is empty the user is then authenticated via the RADIUS server If the authentication fails using the first method the authentication process ends console config management access list mlist console config macl permit ethernet 1 e1 console config macl permit ethernet 1 e2 console config macl deny ethernet 1 e3 console config macl deny ethernet 1 e4 console config macl exit console confi...

Page 178: ...efault and Console Default Profile names cannot include blank spaces Optional Methods User authentication methods The possible options are None No user authentication occurs Local User authentication occurs at the device level The device checks the user name and password for authentication RADIUS User authentication occurs at the RADIUS server For more information see Configuring RADIUS Settings T...

Page 179: ... arrows The authentication occurs in the order the authentication methods are listed 4 Click Apply Changes The user authentication profile is updated to the device Adding an Authentication Profile 1 Open the Authentication Profiles page 2 Click Add The Add Authentication Profile page opens Figure 6 60 Add Authentication Profile 3 Configure the profile 4 Click Apply Changes The authentication profi...

Page 180: ... 3 Select an authentication profile 4 Select the Remove check box 5 Click Apply Changes The selected authenticating profile is deleted Configuring an Authentication Profile Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Authentication Profiles page Table 6 34 Authentication Profile CLI Commands CLI Command Description aaa authentic...

Page 181: ...methods For example console users can be authenticated by Authentication Method List 1 while Telnet users are authenticated by Authentication Method List 2 To open the Select Authentication page click System Management Security Select Authentication in the tree view Figure 6 62 Select Authentication console config aaa authentication login default radius local enable none console config no aaa auth...

Page 182: ...ng an Authentication List to Console Sessions 1 Open the Select Authentication page 2 Select an Authentication Profile in the Console field 3 Click Apply Changes Console sessions are assigned an Authentication List Applying an Authentication Profile to Telnet Sessions 1 Open the Select Authentication page 2 Select an Authentication Profile in the Telnet field 3 Click Apply Changes Telnet sessions ...

Page 183: ...cates the authentication method list when accessing a higher privilege level from a remote Telnet Console or SSH login authentication default list name Indicates the login authentication method list for a remote Telnet Console or SSH ip http authentication method1 method2 Indicates authentication methods for HTTP servers ip https authentication method1 method2 Indicates authentication methods for ...

Page 184: ...everal additional times number of times is configurable During the remaining logins an additional warning message displays informing the user that the password must be changed immediately If the password is not changed users are locked out of the system and can only log in using the console Password warnings are logged in the Syslog file If a privilege level is redefined the user must also be re d...

Page 185: ...Re use Indicates the amount of times a password is changed before the password can be reused Possible field values are 1 10 Enable Login Attempts 1 5 When checked enables locking a user out of the device when a faulty password is used more than a user defined number of times For example if this field is checked configured to 5 and a user attempts to log on five times with an incorrect password the...

Page 186: ...ord length password history number Defines the amount of times a password is changed before the password can be reused password lock out number Defines the number of times a faulty password is entered before the user is locked out of the device show password configuration Displays password management information show users accounts Displays the userd account console show passwords configuration Mi...

Page 187: ...ree view Figure 6 64 Active Users The Active Users page contains the following fields Name List of user names logged into the device Protocol The management method by which the user is connected to the device Location The user s IP address Line Password Aging Password Expiry date Lockout Telnet SSH Console console show users accounts Username Privilege Password Aging Password Expiry Date Lockout n...

Page 188: ...r viewing active users connected to the device Table 6 37 Active Users CLI Commands The following example shows an example of the CLI command CLI Command Description show users Displays information about active users console show users Username Protocol Location Bob Serial John SSH 172 16 0 1 Robert HTTP 172 16 0 8 Betty Telnet 172 16 1 7 ...

Page 189: ...s Access Level User access level The lowest user access level is 1 and 15 is the highest user access level Users with access level 15 are Privileged Users and only they can access and use the OpenManage Switch Administrator Password 0 159 Characters User defined password Confirm Password Confirms the user defined password Aging 1 365 Indicates the amount of time in days that elapses before a passw...

Page 190: ...user s access rights Unchecked Maintain the specified user s access suspension Remove Removes users from the User Name list Checked Removes the selected user Unchecked Maintains the selected user Assigning Access Rights to a User 1 Open the Local User Database page 2 Select a user in the User Name field 3 Define the fields 4 Click Apply Changes The user access rights and passwords are defined and ...

Page 191: ...ivate suspended users from the Local User Table Deleting Users 1 Open the Local User Database page 2 Select a User Name 3 Select the Remove check box 4 Click Apply Changes The selected user is deleted and the device is updated Assigning Users Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Local User Database page Table 6 38 Local U...

Page 192: ...sswords The Line Password page contains fields for defining line passwords for management methods To open the Line Password page click System Management Security Line Passwords in the tree view Figure 6 68 Line Password console config username bob password lee level 15 console set username bob active ...

Page 193: ...ny failed authentication attempts since the user last logged in successfully status Locked Reactivate Locked Line Reactivates the line password for a Console Telnet Secure Telnet session Access rights can be suspended after unsuccessfully attempting to log in Checked Reactivates the line password Unchecked Maintains locked password Defining Line Passwords for Console Sessions 1 Open the Line Passw...

Page 194: ...m Management Security Enable Passwords in the tree view Figure 6 69 Enable Password The Enable Password page contains the following fields Select Enable Access Level Access level associated with the enable password The lowest user access level is 1 and 15 is the highest user access level Users with access level 15 are Privileged Users and only they can access and use the OpenManage Switch Administ...

Page 195: ...ded User Reactivates the specified user s access rights Access rights can be suspended after unsuccessfully attempting to login Checked Reactivate the specified user s access rights Unchecked Maintain the specified user s access suspension Defining a New Enable Password 1 Open the Enable Password page 2 Define the fields 3 Click Apply Changes The new Enable password is defined and the device is up...

Page 196: ...es TACACS provides the following services Authentication Provides authentication during login and via user names and user defined passwords Authorization Performed at login Once the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network integrity through encrypted protoco...

Page 197: ...cted There is currently a connection between the device and the TACACS server Not Connected There is not currently a connection between the device and the TACACS server Single Connection Maintains a single open connection between the device and the TACACS server when selected Use Default Uses the default value for the parameter The TACACS default parameters are user defined defaults The default se...

Page 198: ...es The TACACS server is added and the device is updated Displaying the TACACS Table 1 Open the TACACS Settings page 2 Click Show All The TACACS Table opens Figure 6 72 TACACS Table Removing a TACACS Server 1 Open the TACACS Table page 2 Click Show All The TACACS Table opens 3 Select a TACACS Table entry ...

Page 199: ...ingle connection port port number timeout timeout key key string source source priority priority Indicates a TACACS host tacacs server key key string Indicates the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS daemon Range 0 128 characters tacacs server timeout timeout Indicates the tim...

Page 200: ...defined RADIUS servers provide a centralized authentication method for Telnet Access Secure Shell Access Web Access Console Access To open the RADIUS Settings page click System Management Security RADIUS in the tree view console show tacacs Device Configuration IP address Status Port Single Connection TimeOut Source IP Priority 12 1 1 2 Not Connected 49 Yes 1 12 1 1 1 1 Global values TimeOut 5 Dev...

Page 201: ...servers are queried Authentication Port 0 65535 Identifies the authentication port The authentication port is used to verify the RADIUS server authentication Number of Retries 1 10 Indicates the number of transmitted requests sent to RADIUS server before a failure occurs The possible field values are 1 10 Timeout for Reply 1 30 Indicates the amount of the time in seconds the device waits for an an...

Page 202: ...lt Timeout for Reply 1 30 Indicates the default amount of the time in seconds the device waits for an answer from the RADIUS server before timing out The default is 5 seconds Default Dead time 0 2000 Indicates the default amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 Default Key String 0 128 Characters The Default Key string used for authentica...

Page 203: ...he Add RADIUS Server page opens Figure 6 74 Add RADIUS Server 3 Define the fields 4 Click Apply Changes The new RADIUS server is added and the device is updated Displaying the RADIUS Server List 1 Open the RADIUS Settings page 2 Click Show All The RADIUS Servers List opens Figure 6 75 RADIUS Servers List ...

Page 204: ...ce ip source Specifies the source IPv4 address that will be used for the IPv4 communication with RADIUS servers radius server source ipv6 source Specifies the source IPv6 address that will be used for the IPv6 communication with RADIUS servers radius server retransmit retries Specifies the number of times the software searches the list of RADIUS server hosts radius server deadtime deadtime Configu...

Page 205: ... multiple advertisement sets are sent in the packet Type Length Value TLV field LLDP devices must support chassis and port ID advertisement as well as system name system ID system description and system capability advertisements This section includes the following topics Defining Global LLDP Properties Defining LLDP Port Settings Defining Media Endpoint Discovery Network Policy Defining LLDP MED P...

Page 206: ...nected to what PC Automatically deploys policies over networks for QoS Policies Voice VLANs Provides Emergency Call Service E 911 via IP Phone location information Provides troubleshooting information LLDP MED send network managers alerts for Port speed and duplex mode conflicts QoS policy misconfigurations This section contians the following topics Defining LLDP Properties on page 207 Configuring...

Page 207: ...ch LLDP advertisement updates are sent The possible field range is 5 32768 seconds The default value is 30 seconds Hold Multiplier 2 10 Specifies the hold time to be sent in the LLDP update packets as a multiple of the timer value The possible field range is 2 10 The field default is 4 Reinitializing Delay 1 10 Specifies the minimum time in seconds an LLDP port will wait before reinitializing LLDP...

Page 208: ...ort Settings page click System LLDP MED Port Settings in the tree view Table 6 43 LLDP Properties CLI Commands CLI Command Description lldp enable global Enables enable Link Layer Discovery Protocol lldp hold multiplier number Specifies the time that the receiving device should hold a Link Layer Discovery Protocol LLDP packet before discarding it lldp reinit delay Seconds Specifies the minimum tim...

Page 209: ...ceiving LLDP packets only Tx Rx Enables transmitting and receiving LLDP packets This is the default value Disable Indicates that LLDP is disabled on the port Available TLVs Contains a list of available TLVs that can be advertised by the port The possible field values are Port Description Advertises the port description System Name Advertises the system name System Description Advertises the system...

Page 210: ...ory TLVs plus optional TLVs that are moved by user from the Avalable set of TLVs The LLDP Port Table page displays the LLDP Port Configuration To open the LLDP Port Table click Security LLDP Port Settings Show All in the tree view Figure 6 78 LLDP Port Table Table 6 44 LLDP Port settings CLI Commands The following is an example of the CLI commands CLI Command Description clear lldp rx interface Re...

Page 211: ...ation Voice Signaling Indicates that the network policy is defined for a Voice Signaling application Guest Voice Indicates that the network policy is defined for a Guest Voice application Guest Voice Signaling Indicates that the network policy is defined for a Guest Voice Signaling application Softphone Voice Indicates that the network policy is defined for a Softphone Voice application Video Conf...

Page 212: ...network application The range is 0 7 DSCP Value Defines the DSCP value assigned to the network policy The range is 0 63 Adding an MED Network Policy 1 Open the MED Network Policy page 2 Click Add The Add Network Policy page opens Figure 6 80 Add Network Policy 3 Define the fields 4 Click Apply Changes The new network policy is added and the device is updated Displaying the MED Network Policy Table...

Page 213: ... MED Port Settings in the tree view The MED Port Settings opens Figure 6 82 MED Port Settings The MED Port Settings page contains the following fields Port Displays the port on which LLDP MED is enabled or disabled Enable LLDP MED Indicates if LLDP MED is enabled on the selected port The possible field values are Checked Enables LLDP MED on the port Unchecked Disables LLDP MED on the port This is ...

Page 214: ...rt Location Coordinate 16 Bytes in Hex Displays the device s location map coordinates 16 bytes in hex Location Civic Address 6 160 Bytes in Hex Displays the device s civic or street address location for example 414 23rd Ave E The possible field value are 6 160 bytes in hex Location ECS ELIN 10 25 Bytes in Hex Displays the device s ECS ELIN location The field range is 10 25 bytes in hex Modifying M...

Page 215: ...yed Auto Negotiation Status The auto negotiation status of the port The possible field values are Enabled Auto negotiation is enabled on the port Disabled Auto negotiation is disabled on the port Advertised Capabilities The port capabilities advertised for the port MAU Type Indicates the media attachment unit type System Name The system name advertised System Description The system description adv...

Page 216: ...t Voice Signaling Softphone Voice Video Conferencing Streaming Video Video Signaling Flags Displays the VLAN tagging status for the application type The possible field values are Tagged The packets are tagged Untagged The packets are not tagged VLAN ID Displays the VLAN number for the application type User Priority Displays the VLAN number for the application type DSCP Value Defines the DSCP value...

Page 217: ...information received from neighboring device LLDP advertisements To open the Neighbors Information page click System LLDP MED Neighbors Information in the tree view Figure 6 85 Neighbors Information Port Displays the port number for which neighbouring information is displayed Device ID Displays the neighboring device ID System Name Displays the name of the neighboring system Port ID Displays the n...

Page 218: ... ports are removed Clearing the Table 1 Open the Neighbors Information page 2 Click Clear Neighbors Table The table is cleared Viewing the Details of the LLDP MED Information Advertised by a Neighbor Device 1 Open the Neighbors Information page 2 Click the Details button next to the desired entry The Details Neighbors Information page appears Figure 6 86 Details Neighbors Information ...

Page 219: ...gents are controlled by access strings SNMPv1 and v2 are enabled by default SNMP v3 SNMP v3 also applies access control and a new traps mechanism to SNMPv1 and SNMPv2 PDUs In addition a User Security Model USM is defined for SNMPv3 which includes Authentication Provides data integrity and data origin authentication Privacy Protects against disclosure message content Cipher Block Chaining CBC is us...

Page 220: ...n contians the following topics Defining SNMP Global Parameters on page 220 Defining SNMP View Settings on page 223 Defining SNMP Access Control on page 227 Assigning SNMP User Security on page 230 Defining SNMP Communities on page 234 Defining SNMP Notification Filters on page 238 Defining SNMP Notification Recipients on page 240 Defining SNMP Global Parameters The SNMP Global Parameters page per...

Page 221: ...ing the same Engine ID Use Default Select to use the device generated Engine ID The default Engine ID is based on the device MAC address and is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number 674 Fifth octet Set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device SNMP Notifications Enables or disables the router sending SNMP n...

Page 222: ...ement Protocol traps when authentication fails show snmp Checks the status of SNMP communications snmp server engine ID local engineid string default Indicates the local device engine ID The field values is a hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon The Engine ID must be defined before SNMPv3 is enabled ...

Page 223: ...s to Multicast groups Feature access is granted via the MIB name or MIB Object ID The Up and Down arrows allow navigating through the MIB tree and MIB branches To open the SNMPv3 View Settings page click System SNMP View Settings in the tree view Version 1 2 notifications Target Address Type Community Version Udp Port Filter name To Sec Retries Version 3 notifications Target Address Type Username ...

Page 224: ... maximum of 30 alphanumeric characters New Object ID Subtree Indicates the device feature OID included or excluded in the selected SNMP view Selected from List Select the device feature OID by using the Up and Down buttons to scroll through a list of all device OIDs Insert Specify the device feature OID View Type Indicates if the defined OID branch will be included or excluded in the selected SNMP...

Page 225: ...age 2 Click Add The Add A View page opens Figure 6 89 Add A View 3 Define the field 4 Click Apply Changes The SNMP View is added and the device is updated Displaying the View Table 1 Open the SNMPv3 View Settings page 2 Click Show All The View Table page opens Figure 6 90 View Table ...

Page 226: ...MP View CLI Commands CLI Command Description snmp server view view name oid tree included excluded Creates or updates a view entry show snmp views viewname Displays the configuration of views Console config snmp server view user1 1 included Console config end Console show snmp views Name OID Tree Type user1 iso included Default iso included Default snmpVacmMIB excluded Default usmUser excluded Def...

Page 227: ...To open the Access Control Group page click System SNMP Access Control in the tree view Figure 6 91 Access Control Group The Access Control Group contains the following fields Group Name The user defined group to whom access control rules are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is d...

Page 228: ...ration Defines the group access rights The possible field values are Read The management access is restricted to read only and changes cannot be made to the assigned SNMP view Write The management access is read write and changes can be made to the assigned SNMP view Notify Sends traps for the assigned SNMP view Defining SNMP Groups 1 Open the Access Control Group page 2 Click Add The Add an Acces...

Page 229: ...s Control Using CLI Commands The following table summarizes the equivalent CLI commands for defining fields displayed in the Access Control Group page The following is an example of the CLI commands Table 6 48 SNMP Access Control CLI Commands CLI Command Description snmp server group groupname v1 v2 v3 noauth auth priv read readview write writeview notify notifyview Configure a new Simple Network ...

Page 230: ...iew Figure 6 94 SNMPv3 User Security Model USM The SNMPv3 User Security Model USM page contains the following fields User Name Contains a list of user defined user names The field range is up to 30 alphanumeric characters Engine ID Indicates either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database Group Nam...

Page 231: ...hentication Key MD5 16 SHA 20 hexa chars Defines the HMAC MD5 96 or HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined for MD5 If both privacy and authentication are required 32 bytes are defined for MD5 Each byte in hexadecimal character strings is two hexadecimal digits Each byt...

Page 232: ...r Name page opens Figure 6 95 Add SNMPv3 User Name 3 Define the relevant fields 4 Click Apply Changes The user is added to the group and the device is updated Displaying the User Security Model Table 1 Open the SNMPv3 User Security Model USM page 2 Click Show All The User Security Model Table opens Figure 6 96 User Security Model Table ...

Page 233: ...arizes the equivalent CLI commands for defining fields displayed in the SNMPv3 User Security Model USM page The following is an example of the CLI commands Table 6 49 SNMPv3 User CLI Commands CLI Command Description snmp server user username groupname remote engineid string auth md5 password auth sha password auth md5 key md5 des key auth sha key sha des key Configures a new SNMP V3 user show snmp...

Page 234: ...Communities are defined only for SNMP v1 and SNMP v2 To open the SNMP Community page click System SNMP Communities in the tree view Figure 6 97 SNMP Community The SNMP Community page contains the following fields SNMP Management Station The management station IP address for which the SNMP community is defined Community String Functions as a password and used to authenticate the management station ...

Page 235: ...possible field value is Group Name Specifies the name of the group when working in SNMP Advanced mode Remove Removes a community from the specified device Checked Removes the community Unchecked Maintains the community in the specified device When defining a new SNMP community the following additional parameters are available Supported IP Format Specifies the IP format supported by the community T...

Page 236: ...efining a New Community 1 Open the SNMP Community page 2 Click Add The Add SNMP Community page opens Figure 6 98 Add SNMP Community 3 Complete the relevant fields 4 Click Apply Changes The new community is saved and the device is updated ...

Page 237: ...ewing fields displayed in the SNMP Community The following is an example of the CLI commands Table 6 50 SNMP Community CLI Commands CLI Command Description snmp server community community ro rw su ipv4 address ipv6 address view view name Sets up the community access string to permit access to the SNMP protocol snmp server community group community group name ipv4 address ipv6 address Sets up commu...

Page 238: ...0 Notification Filter The Notification Filter page contains the following fields Notification Filter Name The user defined notification filter New Object ID Tree The OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List Notificati...

Page 239: ...2 Click Add The Add Filter page opens Figure 6 101 Add Filter 3 Define the relevant fields 4 Click Apply Changes The new filter is added and the device is updated Displaying the Filter Table 1 Open the Notification Filter page 2 Click Show All The Filter Table opens Figure 6 102 Filter Table ...

Page 240: ...ecipients page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks Table 6 51 SNMP Notification Filter CLI Commands CLI Command Description snmp server fi...

Page 241: ...n Recipient in the tree view Figure 6 103 Notification Recipients The Notification Recipients page contains the following fields Recipient IP Indicates the IP address to whom the traps are sent Notification Type The notification sent The possible field values are Trap Traps are sent Inform Informs are sent ...

Page 242: ...ypted Authentication The packet is authenticated Privacy The packet is both authenticated and encrypted UDP Port 1 65535 The UDP port used to send notifications The default is 162 Filter Name Includes or excludes SNMP filters Checked Includes SNMP filters Unchecked Excludes SNMP filters Timeout 1 300 The amount of time seconds the device waits before resending informs The default is 15 seconds Ret...

Page 243: ...fferent subnets Link Local Interface When the server supports an IPv6 Link Local address see previous parameter this specifies the the Link Local interface The possible values are VLAN1 The IPv6 interface is configured on VLAN1 ISATAP The IPv6 interface is configured on ISATAP tunnel Adding a new Trap Recipients 1 Open Notification Recipients page 2 Click Add The Add Notification Recipients page o...

Page 244: ...105 Notification Recipients Tables Deleting Notification Recipients 1 Open Notification Recipients page 2 Click Show All The Notification Recipients Tables page opens 3 Select a notification recipient in either the SNMPV1 2 Notification Recipient or SNMPv3 Notification Recipient Tables 4 Check the Remove checkbox 5 Click Apply Changes The recipient is deleted and the device is updated ...

Page 245: ...t seconds retries retries Creates or updates a notification recipient receiving notifications in SNMP version 1 or 2 snmp server v3 host ip address hostname username traps informs noauth auth priv udp port port filter filtername timeout seconds retries retries Creates or updates a notification recipient receiving notifications in SNMP version 3 show snmp Shows the current SNMP configuration consol...

Page 246: ...guration file are copied to the Running Configuration file and applied to the device During the session all new commands are added to the commands existing in the Running Configuration file To update the Startup Configuration file before powering down the device the Running Configuration file must be copied to the Startup Configuration file Image Files System file images are saved in two Flash Fil...

Page 247: ...om Server page contains fields for downloading system image and Configuration files from the TFTP server or HTTP client to the device To open the File Download from Server page click System File Management File Download in the tree view Figure 6 106 File Download from Server ...

Page 248: ...e file is downloaded If Firmware Download is selected the Configuration Download fields are grayed out Configuration Download The Configuration file is downloaded If Configuration Download is selected the Firmware Download fields are grayed out Download via TFTP Enables initiating an image upload via the TFTP server Download via HTTP Enables initiating an image upload via the HTTP server Firmware ...

Page 249: ...m Server page 2 Define the file type to download 3 Define the fields 4 Click Apply Changes The software is downloaded to the device To activate the selected Image file reset the device For information on resetting the device see Switching Between Stack Masters Downloading Files Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the File Do...

Page 250: ... contains fields for uploading the software to the TFTP server from the device The Image file can also be uploaded from the File Upload to Server page To open the File Upload to Server page click System File Management File Upload in the tree view Figure 6 107 File Upload to Server ...

Page 251: ...k Local address see previous parameter this specifies the the Link Local interface The possible values are VLAN1 The IPv6 interface is configured on VLAN1 ISATAP The IPv6 interface is configured on ISATAP tunnel Firmware Upload The Firmware file is uploaded If Firmware Upload is selected the Configuration Upload fields become unavailable Configuration Upload The Configuration file is uploaded If C...

Page 252: ...uration files only appears if the user had created backup configuration files For example if the user copied the running configuration file to a user defined configuration file called BACKUP SITE 1 this list appears on the File Upload to Server page and the BACKUP SITE 1 configuration file appears in the list Uploading Files 1 Open the File Upload to Server page 2 Define the file type to upload 3 ...

Page 253: ...les The Active Image file for each unit in a stacking configuration can be individually selected To open the Active Images page click System File Management Active Images in the tree view Figure 6 108 Active Images console copy image tftp 10 6 6 64 uploaded ros Copy 4234656 bytes copied in 00 00 33 hh mm ss 01 Jan 2000 07 30 42 COPY W TRAP The copy operation was completed successfully ...

Page 254: ...ct an Image file for a specific unit in the After Reset field 3 Click Apply Changes The Image file is selected The Image file reloads only after the next reset The currently selected Image file continue to run until the next device reset Working with the Active Image File Using CLI Commands The following table summarizes the equivalent CLI commands for viewing fields displayed in the Active Images...

Page 255: ...ted copies either the running startup or backup configuration file of the Master file to the destination file Source Indicates the type of file to be copied to the destination file Select either the Running Configuration or Startup Configuration Destination Indicates the destination configuration file to which the source file is copied Select My First Backup or Startup Configuration New File Name ...

Page 256: ...sing CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Copy Files page The following is an example of the CLI commands Table 6 56 Copy Files CLI Commands CLI Command Description copy source url destination url Copies any file from a source to a destination delete startup config Deletes the startup config file delete url Deletes a file from ...

Page 257: ...File Name Indicates the file currently stored in the file management system Size Indicates the file size Modified Indicates the date the file was last modified Permission Indicates the permission type assigned to the file The possible field values are Read Only Indicates a read only file Read Write Indicates a read write file Remove Deletes the file Checked Removes the specified file from the file...

Page 258: ...Size Data Size Modified 3 txt rw 524288 523776 22 Feb 2005 18 49 27 setup rw 524288 95 22 Feb 2005 15 58 19 setup2 rw 524288 95 22 Feb 2005 15 58 35 image 1 rw 4325376 4325376 06 Feb 2005 17 55 32 image 2 rw 4325376 4325376 06 Feb 2005 17 55 31 test txt rw 524288 95 22 Feb 2005 12 16 44 aaafile prv 131072 06 Feb 2005 19 09 02 syslog1 sys r 262144 22 Feb 2005 18 49 27 syslog2 sys r 262144 22 Feb 20...

Page 259: ...ge 259 Configuring General Settings The General Settings page provides information for defining general device parameters To open the General Settings page click System Advanced Settings General Settings in the tree view Figure 6 111 General Settings The General Settings page contains the following information Attribute The general setting attribute Current The currently configured value After Res...

Page 260: ...ivalent CLI commands for setting fields displayed in the General Settings page The following is an example of the CLI commands Table 6 58 General Settings CLI Commands CLI Command Description logging buffered size number Sets the number of syslog messages stored in the internal buffer RAM console config logging buffered size 300 ...

Page 261: ...ss Tables on page 315 Configuring GARP on page 321 Configuring the Spanning Tree Protocol on page 325 Configuring VLANs on page 351 Configuring Voice VLAN on page 374 Aggregating Ports on page 382 Multicast Forwarding Support on page 387 Configuring Network Security Use the Network Security page to set network security through both access control lists and locked ports To open the Network Security...

Page 262: ...to 802 1x that allows allows network access to devices such as printers and IP phones that do not have the 802 1X supplicant capability MAC authentication uses the MAC address of the connecting device to grant or deny network access Advanced Port Based Authentication Advanced Port Based Authentication Enables multiple hosts to be attached to a single port Requires only one host to be authorized fo...

Page 263: ...ut the Guest VLAN is enabled the port receives limited network access For example a network administrator can use Guest VLANs to deny network access via port based authentication but grant Internet access to unauthorized users The Port Based Authentication page allows network managers to configure port based authentication To open the Port Based Authentication page click Switch Network Security Po...

Page 264: ...default VLAN List Contains a list of VLANs The Guest VLAN is selected from the VLAN list Interface Parameters Interface Contains an interface list for which port based authentication is enabled User Name Indicates the supplicant user name Admin Interface Control Defines the port authorization state The possible field values are Auto Enables port based authentication on the device The interface mov...

Page 265: ... a new VLAN is configured on the RADIUS server Guest VLAN If enabled indicates that unauthorized users connected to this interface can access the Guest VLAN Enable Enables unauthorized users to access the guest VLAN Disable Prevents unauthorized users from accessing the guest VLAN Periodic Reauthentication Reauthenticates the selected port periodically The reauthentication period is defined in the...

Page 266: ... 2 Click Show All The Port Based Authentication Table opens Figure 7 2 Port Based Authentication Table In addition to the fields in the Port Based Authentication Table also displays the following fields Unit No Selects a stacking member Copy Parameters from Port No Copies parameters a the selected port Copying parameters in the Port Based Authentication Table 1 Open the page 2 Click Show All The P...

Page 267: ... seconds Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange dot1x timeout re authperiod seconds Sets the number of seconds between re authentication attempts dot1x timeout server timeout seconds Sets the time for the retransmission of packets to the authentication server dot1x timeout supp timeout seconds Sets the time for the retransmi...

Page 268: ...ports and VLANs For more information on Advanced Port Based Authentication see Advanced Port Based Authentication To open the Multiple Hosts click Switch Network Security Multiple Hosts Figure 7 3 Multiple Hosts Console show dot1x Interface Admin Mode Oper Mode Reauth Control Reauth Period Username 1 e1 Auto Authorized Ena 3600 Bob 1 e2 Auto Authorized Ena 3600 John 1 e3 Auto Unauthorized Ena 3600...

Page 269: ...nlearned source This is the default value Shutdown Discards the packet from any unlearned source and shuts down the port Ports remain shut down until they are activated or the switch is reset Traps Enables or disables sending traps to the host if a violation occurs Enable Enables sending traps Disable Disables sending traps Trap Frequency 1 1000000 Defines the time period in seconds by which traps...

Page 270: ... based authentication as displayed in the Multiple Hosts page The following is an example of the CLI Command Table 7 2 Multiple Hosts CLI Commands CLI Command Description dot1x multiple hosts Allows multiple hosts clients on an 802 1X authorized port that has the dot1x port control interface configuration command set to auto dot1x single host violation forward discard discard shutdown trap seconds...

Page 271: ...he following fields User Name List of users authorized via the RADIUS Server Port The port number s used for authentication per user name Session Time The amount of time the user was logged on to the device The field format is Day Hour Minute Seconds for example 3 days 2 hours 4 minutes 39 seconds Authentication Method The method by which the last session was authenticated The possible field value...

Page 272: ...Commands The following table summarizes the equivalent CLI commands for authenticating users as displayed in the Authenticated Users page The following is an example of the CLI commands console show dot1x users Port Username Session Time Auth Method MAC Address 1 e11 gili 00 09 27 Remote 00 80 c8 b9 dc 1d Table 7 3 Add User Name CLI Commands CLI Command Description show dot1x users username userna...

Page 273: ... port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving to a locked port are either Forwarded Discarded with no trap Discarded with a trap The port is shut down Locked port security also enables storing a list of MAC addresses in the configuration file The MAC address list can b...

Page 274: ... the port Both relearning and aging MAC addresses are enabled Max Entries 1 128 Specifies the number of MAC address that can be learned on the port The Max Entries field is enabled only if Locked is selected in the Set Port field In addition the Limited Dynamic Lock mode is selected The default is 1 Action on Violation The action to be applied to packets arriving on a locked port The possible fiel...

Page 275: ...pens Locked Ports are defined in the Port Security Table Figure 7 8 Port Security Table The Port Security Table contains the additional following fields Unit No Specifies the stacking unit for which locked port information is displayed Copy Parameters from The port from which parameters will be copied and assigned to the selected unit number ...

Page 276: ...e 277 Defining MAC Based Access Control Lists on page 283 Defining ACL Binding on page 286 Table 7 4 Port Security CLI Commands CLI Command Description shutdown Disables interfaces set interface active ethernet interface port channel port channel number Reactivates an interface that is shutdown due to port security reasons port security learning disabled dynamic Defines the locked port type port s...

Page 277: ... received the packet is dropped ACLs are composed of access control entries ACEs that are made of the filters that determine traffic classifications Each ACE is a rule and there are 256 rules available But rules are not only used for user configuration purposes they are also used for features like DHCP Snooping Protocol Group VLAN and PVE so not all 256 will be available for ACEs It is expected th...

Page 278: ...or Gateway Protocol IGP Allows for routing information exchange between gateways in an autonomous network UDP User Datagram Protocol UDP Communication protocol that transmits packets but does not guarantee their delivery HMP Host Mapping Protocol HMP Collects network information from various networks hosts HMP monitors hosts spread over the internet as well as hosts in a single network RDP Remote ...

Page 279: ...nd which bits are ignored A wildcard of 0 0 0 0 indicates that all the bits are important Destination IP Address Matches the destination port IP address to which packets are addressed to the ACE Wildcard masks specify which bits are used and which bits are ignored A wildcard of 0 0 0 0 indicates that all the bits are important TCP Flags Sets the indicated TCP flag that can be triggered To use TCP ...

Page 280: ...g action The possible field values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Adding ACEs to IP based ACLs 1 Open the Network Security IP Based ACL page 2 Select an ACL 3 Edit the relevant fields 4 Click Apply Changes Adding IP based A...

Page 281: ...The ACEs Associated with IP ACL opens Figure 7 11 ACEs Associated with IP ACL Removing an IP based ACL 1 Open the Network Security IP Based ACL page 2 Click Show All The ACEs Associated with IP ACL Table opens 3 Check the Remove ACL checkbox 4 Click Apply Changes Removing an IP based ACE 1 Open the Network Security IP Based ACL page 2 Click Show All The ACEs Associated with IP ACL Table opens 3 Ch...

Page 282: ...n port dscp number ip precedence number flags list of flags permit udp any source source wildcard any source port any destination destination wildcard any destination port dscp number ip precedence number To set conditions to allow a packet to pass a named IP access list use the permit command in access list configuration mode deny disable port any protocol any source source wildcard any destinati...

Page 283: ...ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 Source Address Matches the source MAC address to which packets are addressed to the ACE Wildcard masks specify which bits are used and which bits are ignored A wildcard of 0 0 0 0 indicates that all the bits are important Destination Address Matches the destination MAC address to which packets are addresse...

Page 284: ...d values are Permit Forwards packets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Adding ACEs to IP based ACLs 1 Open the Network Security MAC Based ACL page 2 Select an ACL 3 Edit the relevant fields 4 Click Apply Changes Adding MAC based ACLs 1 Open the MAC Based...

Page 285: ... Click Show All The ACEs Associated with MAC Based ACL opens Removing a MAC based ACL 1 Open the Network Security MAC Based ACL page 2 Click Show All The ACEs Associated with MAC ACL Table opens 3 Check the Remove ACL checkbox 4 Click Apply Changes Removing a MAC based ACE 1 Open the Network Security MAC Based ACL page 2 Click Show All The ACEs Associated with MAC ACL Table opens 3 Check the Remov...

Page 286: ...n IP Based or MAC Based ACL Table 7 6 MAC Based ACL CLI Commands CLI Command Description mac access list access list name no mac access list access list name To define a Layer 2 access list and to place the device in MAC access list configuration mode use the mac access list command in global configuration mode To remove the access list use the no form of this command permit any source source wild...

Page 287: ...tween Interfaces 1 Open the Network Security ACL Binding page 2 Click Show All The ACL Bindings Table opens 3 In the Copy Parameters from field select a Port or LAG from which you want to copy ACL settings 4 In the table check the Copy to checkbox for each entry to which you want to copy the settings 5 Click Apply Changes Removing ACL Bindings 1 Open the Network Security ACL Binding page 2 Click S...

Page 288: ...e outside the network or from an interface beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall The DHCP Snooping Table contains the untrusted interfaces MAC address IP address Lease Time VLAN ID and interface information The DHCP section contains the following topics Defining DHCP Snooping Properties Defining DHCP Snooping on VLANs De...

Page 289: ...e To define DHCP global parameters click Switch DHCP Snooping Global Parameters Figure 7 15 Global Parameters DHCP Snooping Status Indicates if DHCP Snooping is enabled on the device The possible field values are Enable Enables DHCP Snooping on the device Disable Disables DHCP Snooping on the device This is the default value Verify MAC Address Indicates if MAC addresses are verified The possible f...

Page 290: ...mand to return to the default setting ip dhcp snooping verify no ip dhcp snooping verify Use the ip dhcp snooping verify global configuration command to configure the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address Use the no form of this command to configure the switch to not verify the MAC addresses ip dhcp snooping database ...

Page 291: ... on the device To enable DHCP Snooping on VLANs To define DHCP snooping on VLANS click Switch DHCP Snooping VLAN Settings Figure 7 16 VLAN Settings VLAN ID The VLAN on which DHCP snooping can be enabled Enabled VLANs Contains a list of VLANs on which DHCP snooping is enabled Console show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs 2 7 18 DHCP snooping d...

Page 292: ...terfaces receive packets only from within the network or the network firewall To define Trusted interfaces click Switch DHCP Snooping Trusted Interface Figure 7 17 Trusted Interfaces Interface Indicates the port or LAG on which DHCP Snooping Trust mode is enabled Trust Status Indicates if the DHCP Snooping Trust mode is enabled on the port or LAG The possible field values are Enable Indicates that...

Page 293: ... Click Show All The Trusted Interfaces Table opens 3 In the Unit and Copy from fields select a Port or LAG from which you want to copy settings 4 In the table check the Copy to checkbox for each entry to which you want to copy the settings 5 Click Apply Changes Designating Interfaces as Trusted Untrusted 1 Open the Trusted Interfaces page 2 Click Show All The Trusted Interfaces Table opens 3 In th...

Page 294: ...s parameters for querying and adding IP addresses to the DHCP Snooping Database To open the Binding Database page click Switch DHCP Snooping Binding Database Figure 7 19 Binding Database Table 7 10 DHCP Snooping Trusted Interfaces CLI Commands CLI Command Description ip dhcp snooping trust no ip dhcp snooping trust Use the ip dhcp snooping trust interface configuration command to configure a port ...

Page 295: ...VLAN ID Displays the VLAN ID to which the IP address is attached in the DHCP Snooping Database Type Displays the IP address binding type The possible field values are Static which indicates that the IP address was statically configured and Dynamic which indicates that the IP address was dynamically configured Lease Time Displays the lease time The Lease Time defines the amount of time the entry is...

Page 296: ...rt channel port channel number expiry seconds no ip dhcp snooping binding mac address vlan id Use the ip dhcp snooping binding privileged EXEC command to configure the DHCP snooping binding database and to add binding entries to the database Use the no form of this command to delete entries from the binding database clear ip dhcp snooping database Use the clear ip dhcp snooping database privileged...

Page 297: ... 304 Enabling Storm Control on page 308 Defining Port Mirroring Sessions on page 312 Defining Port Configuration Use the Port Configuration page to define port parameters If port configuration is modified while the port is a LAG member the configuration change is only effective after the port is removed from the LAG To open the Port Configuration page click Switch Ports Port Configuration in the t...

Page 298: ...rameters are defined Description 0 64 Characters A brief interface description such as Ethernet Port Type The type of port Admin Status Enables or disables traffic forwarding through the port Up Traffic is enabled through the port Down Traffic is disabled through the port Current Port Status Specifies whether the port is currently operational or non operational ...

Page 299: ...ts transmission between the device and the client in both directions simultaneously Half Indicates that the interface supports transmission between the device and the client in only one direction at a time Current Duplex Mode The synchronized port duplex mode Auto Negotiation Auto Negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duplex mode...

Page 300: ...uncrossed cables Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are match up properly When two hubs switches are connected to each other or two end stations are connected to each other a crossover cable is used ensure that the correct pairs are c...

Page 301: ...dialog 4 Click Apply Changes The port parameters are saved to the device Displaying and Modifying Multiple Port Configurations 1 Open the Port Configuration page 2 Click Show All The Port Configuration Table opens Figure 7 22 Port Configuration Table 3 Define the available fields for the relevant port 4 Click Apply Changes The port parameters are saved to the device ...

Page 302: ...lex half full Configures the full half duplex operation of a given ethernet interface when not using auto negotiation negotiation capability1 capability2 capability5 Enables auto negotiation operation for the speed and duplex parameters of a given interface back pressure Enables Back Pressure on a given interface flowcontrol auto on off Configures the Flow Control on a given interface mdix on auto...

Page 303: ...onsole config if flowcontrol on console config if mdix auto console config if end console show interfaces configuration ethernet 1 e3 Port Type Duplex Speed Neg Flow Control Admin State Back Pressure Mdix Mode 1 e3 100 Full 100 Enabled On Up Enable Auto Console show interfaces status Port Type Duplex Speed Neg Flow Control Link State Back Pressure Mdix Mode 1 e3 100 Full 100 Auto On Up Enable On 1...

Page 304: ...Ports LAG Configuration in the tree view Figure 7 23 Ports LAG Configuration The Ports LAG Configuration page contains the following fields LAG The LAG number LAG Mode Type of LAG The possible field values are Static The ports comprise a single logical port for high speed connections between networking devices LACP Link Aggregate Control Protocol LACP enabled LAGs can exchange information with oth...

Page 305: ...otiation setting Admin Advertisement Defines the auto negotiation setting the LAG advertises The possible field values are Max Capability Indicates that all LAG speeds and Duplex mode settings are accepted 10 Full Indicates that the LAG advertises for a 10 mbps speed LAG and full duplex mode setting 100 Full Indicates that the LAG advertises for a 100 mbps speed LAG and full duplex mode setting 10...

Page 306: ...ng LAG Parameters 1 Open the Ports LAG Configuration page 2 Select a LAG in the LAG field 3 Define the fields 4 Click Apply Changes The LAG parameters are saved to the device Modifying LAG Parameters 1 Open the Ports LAG Configuration page 2 Select a LAG in the LAG field 3 Modify the fields 4 Click Apply Changes The LAG parameters are saved to the device Displaying and Modifying Multiple LAG Confi...

Page 307: ... of a given ethernet interface when not using auto negotiation negotiation capability1 capability2 capability5 Enables interface speed auto negotiation operation back pressure Enables Back Pressure on a given interface flowcontrol auto on off Configures the Flow Control on a given interface show interfaces configuration ethernet interface port channel port channel number Displays the configuration...

Page 308: ...ets are transmitted The system measures the incoming Broadcast Unicast and Multicast frame rate separately on each port and discard frames when the rate exceeds a user defined rate console config interface port channel 2 console config if no negotiation console config if speed 100 console config if flowcontrol on console config if exit console config interface port channel 3 console config if shut...

Page 309: ... Broadcast packet types to be forwarded Disable Disables Broadcast packet types to be forwarded Broadcast Mode Specifies the Broadcast mode currently enabled on the device or stack The possible field values are Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Broadcast Rate Threshold 70 1000000 The maximum rate Kbits sec at which unkn...

Page 310: ...lds in the Storm Control page the Storm Control Settings Table contains the following additional fields Unit No Indicates the stacking member for which the Storm Control information is displayed Copy Parameters from Port Indicates the specific port from which Storm Control parameters are copied Copy To Copies the Storm Control parameters to the selected ports Copying Parameters in the Storm Contro...

Page 311: ... CLI commands Table 7 14 Storm Control CLI Commands CLI Command Description port storm control include multicast Enables the device to count Multicast Unicast and Broadcast packets together port storm control broadcast enable Enables broadcast storm control port storm control broadcast rate Configures the maximum broadcast rate show ports storm control port Displays the storm control configuration...

Page 312: ...nd mirrors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port Monitored port cannot operate faster than the monitoring port All the RX TX packets should be monitored to the same port The following restrictions apply to ports configured to be destination ports Ports cannot be configured as a source port Ports cannot be a LAG member IP in...

Page 313: ...ied Transmit Packets Defines the how the packets are mirrored The possible field values are Untagged Mirrors packets as untagged vlan packets This is the default value Tagged Mirrors packets as tagged vlan packets Source Ports Source Port Defines the port number from which port traffic is mirrored Type Indicates if the mirrored packets are RX TX or both RX and TX The possible field values are RxOn...

Page 314: ...Type fields 4 Click Apply Changes The new source port is defined and the device is updated Deleting a Copied Port from a Port Mirroring Session 1 Open the Port Mirroring page 2 In the Source Ports table select the port s Remove check box 3 Click Apply Changes The selected port mirroring session is deleted and the device is updated Configuring a Port Mirroring Session Using CLI Commands The followi...

Page 315: ...e manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased To open the Address Tables page click Switch Address Tables in the tree view This section contians the following topics Defining Static Addresses on page 315 Viewing Dynamic Addresses on page 318 Defining Static Addresses The Static MAC A...

Page 316: ...sible values are Secure Used for defining static MAC Addresses for Locked ports Permanent The MAC address is permanent Delete on Reset The MAC address is deleted when the device is reset Delete on Timeout The MAC address is deleted when a timeout occurs To prevent Static MAC addresses from being deleted when the Ethernet device reset ensure the port attached to the MAC address is locked Remove Rem...

Page 317: ... MAC Address Table and the device is updated Modifying a Static Address Setting in the Static MAC Address Table 1 Open the Static MAC Address page 2 Select an interface 3 Modify the fields 4 Click Apply Changes The static MAC address is modified and the device is updated Removing a Static Address from the Static Address Table 1 Open the Static MAC Address page 2 Choose an interface 3 Click Show Al...

Page 318: ...able page also contains information about the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic Address list The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports Table 7 16 Static Address CLI Commands CLI Command Description bridge address mac address permanent delete on reset...

Page 319: ...namic Address Table before it is timed out if no traffic from the source is detected The default value is 300 seconds Clear Table Clears the Dynamic Address table Checked Clears the Dynamic Address table Unchecked Maintains the Dynamic Address table Query By In the Query By section select the preferred option for sorting the Dynamic Addresses Table Port Specifies the interface for which the table ...

Page 320: ...ery The Dynamic Address Table is queried and the results are displayed Sorting the Dynamic Address Table 1 Open the Dynamic Address Table 2 From the Address Table Sort Key drop down menu select whether to sort addresses by address VLAN ID or interface 3 Click Query The Dynamic Address Table is sorted Querying and Sorting Dynamic Addresses Using CLI Commands The following table summarizes the equiv...

Page 321: ... to three times the join time The leave all time must be greater than the leave time Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on the Layer 2 connected devices GARP application does not operate successfully To open the GARP page click Switch GARP in the tree view This section contians the following topics Defining GARP Timers on page 322...

Page 322: ... Timer 10 2147483640 Time lapse in milliseconds that the device waits before leaving its GARP state Leave time is activated by a Leave All Time message sent received and cancelled by the Join message received Leave time must be greater than or equal to three times the join time The default value is 600 msec GARP Leave All Timer 10 2147483640 Time lapse in milliseconds that all devices wait before ...

Page 323: ... the Port or LAG drop down menu The definitions for this interface are copied to the selected interfaces See step 4 4 Select the Copy to check box to define the interfaces to which the GARP timer definitions copied from Copy Parameters from field are copied or click Select All to copy the definitions to all ports or LAGs 5 Click Apply Changes The parameters are copied to the selected ports or LAGs...

Page 324: ...nd Description garp timer join leave leaveall timer_value Adjusts the GARP application join leave and leaveall GARP timer values console config interface ethernet 1 e1 console config if garp timer leave 900 console config if end console show gvrp configuration ethernet 1 e11 GVRP Feature is currently Disabled on the device Maximum VLANs 223 Port s GVRP Registration Dynamic VLAN Timers milliseconds...

Page 325: ...TP see Defining Rapid Spanning Tree Multiple STP Provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition Multiple STP transmits packets assigned to different VLANs through different MST regions MST regions act as a single bridge if MSTP is enabled on the device However if RSTP is enabled on the neighboring device and the local device uses STP RSTP...

Page 326: ...panning Tree on the device The possible field values are Enable Enables Spanning Tree Disable Disables Spanning Tree STP Operation Mode Indicates the STP mode by which STP is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value Rapid STP Enables Rapid STP on the device Multiple STP Enables Multiple STP on the device ...

Page 327: ... with the lowest priority value becomes the Root Bridge The default value is 32768 The port priority value is provided in increments of 4096 For example 4096 8192 12288 etc Hello Time 1 10 Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a root bridge waits between configuration messages The default is 2 seconds Max Age 6 40 Specifies the device Maximum Age Ti...

Page 328: ... parameters are modified and the device is updated Defining STP Global Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for defining STP global parameters as displayed in the Spanning Tree Global Settings page Table 7 19 STP Global Parameter CLI Commands CLI Command Description spanning tree Enables spanning tree functionality spanning tree mode stp rstp mst...

Page 329: ...onsole config spanning tree mode rstp console config spanning tree priority 12288 console config spanning tree hello time 5 console config spanning tree max age 12 console config spanning tree forward time 25 console config exit console show spanning tree Spanning tree enabled mode MSTP Default port cost method short Gathering information MST 0 Vlans Mapped 16 4094 CST Root ID Priority 20480 Addre...

Page 330: ...1 e8 enabled 128 8 100 DSBL Dsbl No P2p Intr 1 e9 enabled 128 9 100 DSBL Dsbl No P2p Intr 1 e10 enabled 128 10 100 DSBL Dsbl No P2p Intr 1 e11 enabled 128 11 19 DSBL Desg Yes P2p Intr console show spanning tree active Spanning tree enabled mode MSTP Default port cost method short Gathering information MST 0 Vlans Mapped 16 4094 CST Root ID Priority 20480 Address 00 30 ab 00 00 08 Path Cost 4 Root ...

Page 331: ...page click Switch Spanning Tree Port Settings in the tree view Figure 7 36 STP Port Settings Name State Prio Nbr Cost Sts Role PortFast Type 1 e5 enabled 128 2 19 FRW Desg Yes P2p Intr 1 e7 enabled 128 7 19 DSCR Altn No P2p Bound STP 1 e11 enabled 128 11 19 FRW Desg Yes P2p Intr 1 e15 enabled 128 15 19 FRW Desg No P2p Intr 1 e22 enabled 128 22 19 FRW Desg Yes P2p Intr ...

Page 332: ...bled on the port The port forwards traffic while learning MAC addresses Blocking The port is currently blocked and cannot be used to forward traffic or learn MAC addresses Blocking is displayed when Classic STP is enabled Listening The port is currently in the listening mode The port cannot forward traffic nor can it learn MAC addresses Learning The port is currently in the learning mode The port ...

Page 333: ... bridge priority and the MAC Address of the designated bridge Designated Port ID The designated port s priority and interface Designated Cost Cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Number of times the port has changed from the Forwarding state to Blocking LAG The LAG to which the port is atta...

Page 334: ...ng tree on a specific port spanning tree cost cost Configures the spanning tree cost contribution of a port spanning tree port priority priority Configures port priority show spanning tree ethernet interface port channel port channel number instance instance id Displays spanning tree configuration spanning tree portfast Enables Fast Link mode spanning tree guard root Enables root guard on all span...

Page 335: ...128 15 Port cost 19 Type P2p configured Auto Internal Port Fast No configured No Designated bridge Priority 32768 Address 00 00 00 16 00 64 Designated port id 128 15 Designated path cost 4 Guard root Disabled Number of transitions to forwarding state 2 BPDU sent 483 received 1037 console show spanning tree ethernet 1 e15 instance 12 Port 1 e15 enabled State discarding Role alternate Port id 128 15...

Page 336: ... modify STP settings STP Enables or disables STP on the LAG The possible field values are Enable Indicates that STP is enabled on the LAG Disable Indicates that STP is disabled on the LAG Fast Link Enables Fast Link mode for the LAG If Fast Link mode is enabled for a LAG the LAG State is automatically placed in the Forwarding state when the LAG is up Fast Link mode optimizes the time it takes for ...

Page 337: ...orwarding traffic Role Indicates the LAG role assigned by the STP algorithm that provides STP paths The possible field values are Root Provides the lowest cost path to forward packets to root switch Designated Indicates that the via which the designated switch is attached to the LAN Alternate Provides an alternate LAG to the root switch from the root interface Backup Provides a backup path to the ...

Page 338: ...er of times the LAG State has changed from the Forwarding state to a Blocking state Modifying the LAG STP Parameters 1 Open the Spanning Tree LAG Settings page 2 Select a LAG from the Select a LAG drop down menu 3 Modify the fields as desired 4 Click Apply Changes The STP LAG parameters are modified and the device is updated Displaying the STP LAG Table 1 Open the STP LAG Settings page 2 Click Sho...

Page 339: ... in the tree view Table 7 21 STP LAG Settings CLI Commands CLI Command Description spanning tree Enables spanning tree spanning tree disable Disables spanning tree on a specific LAG spanning tree cost cost Configures the spanning tree cost contribution of a LAG spanning tree guard root Enables root guard on all spanning tree instances on the interface spanning tree port priority priority Configure...

Page 340: ...vides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled Indicates the port is not participating in the Spanni...

Page 341: ...cilities are negotiated as needed by the LCP the originating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link ...

Page 342: ...example of the CLI commands Table 7 22 RSTP Settings CLI Command CLI Command Description spanning tree link type point to point shared Overrides the default link type setting spanning tree mode stp rstp mstp Configure the spanning tree protocol currently running clear spanning tree detected protocols ethernet interface port channel port channel number Restarts the protocol migration process show s...

Page 343: ... STP instance the same port is placed in the Forwarding State in another STP instance In addition packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Trees Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted To open the MSTP Settings page click Switch Spanning Tree MSTP Settings in the tree view ...

Page 344: ...The field default is 20 hops IST Master Indicates the Internal Spanning Tree Master ID The IST Master is the instance 0 root Instance ID Defines the MSTP instance the field range is 1 15 Included VLANs Displays VLANs mapped to the selected instance Each VLAN belongs to one instance Bridge Priority 0 61440 Specifies the selected spanning tree instance device priority The field range is 0 61440 in s...

Page 345: ...7 23 MSTP Instances CLI Commands CLI Command Description spanning tree mst configuration Enters MST Configuration mode instance instance id add remove vlan vlan range Maps VLANs to the MST instance name string Sets the configuration name revision value Sets the configuration revision number spanning tree mst instance id port priority priority Sets the priority of a port spanning tree mst instance ...

Page 346: ...ays the current or pending MST region configuration console config spanning tree mst configuration console config mst instance 1 add vlan 10 20 console config mst name region1 console config mst revision 1 console config spanning tree mst configuration console config mst instance 2 add vlan 21 30 console config mst name region1 console config mst revision 1 console config mst show pending Pending ...

Page 347: ...evice Possible field range is 0 15 Interface Assigns either ports or LAGs to the selected MSTP instance Port State Indicates whether the port is enabled or disabled in the specific instance Type Indicates whether MSTP treats the port as a point to point port or a port connected to a hub and whether the port is internal to the MST region or a boundary port A Master port provides connectivity from a...

Page 348: ...nes the interface priority for specified instance The default value is 128 Path Cost Indicates the port contribution to the Spanning Tree instance The possible range is 1 200 000 000 Default Path Cost Indicates if the default path cost is used The possible values are Checked Default path cost is used Unchecked Path cost is user defined Designated Bridge ID The bridge ID number that connects the li...

Page 349: ...e summarizes the equivalent CLI commands for defining MSTP interfaces as displayed in the Spanning Tree MSTP Interface Settings page Table 7 24 MSTP Interface CLI Commands CLI Command Description spanning tree mst instance id cost cost Sets the path cost of the port for MST calculations spanning tree mst instance id priority priority Sets the device priority for the specified ST instance show span...

Page 350: ...iguration Gathering information Current MST configuration Name Gili Revision 65000 Instance Vlans Mapped State 0 16 4094 enabled 1 1 enabled 2 2 enabled 3 3 enabled 4 4 enabled 5 5 enabled 6 6 enabled 7 7 enabled 8 8 enabled 9 9 enabled 10 10 enabled 11 11 enabled 12 12 enabled 13 13 enabled 14 14 enabled 15 15 enabled ...

Page 351: ...tion between VLAN groups VLAN tagging attaches a 4 byte tag to packet headers The VLAN tag indicates to which VLAN the packet belongs VLAN tags are attached to the VLAN by either the end station or by the network device VLAN tags also contains VLAN network priority information QinQ tagging allows network managers to add an additional tag to previously tagged packets Customer VLANs are configured u...

Page 352: ...1 is the default VLAN and cannot be deleted from the system To open the VLAN Membership page click Switch VLAN VLAN Membership in the tree view Figure 7 46 VLAN Membership The VLAN Membership page contains the following fields Show VLAN Lists and displays specific VLAN information according to VLAN ID or VLAN name VLAN Name 0 32 Characters The user defined VLAN name Status The VLAN type Possible v...

Page 353: ...ecked Removes the VLAN Unchecked Maintains the VLAN in the VLAN Membership Table Adding New VLANs 1 Open theVLAN Membership page 2 Click Add The Create New VLAN page opens Figure 7 47 Create New VLAN 3 Enter the VLAN ID and name 4 Click Apply Changes The new VLAN is added and the device is updated Modifying VLAN Membership Groups 1 Open theVLAN Membership page 2 Select a VLAN from the Show VLAN dr...

Page 354: ...rt a value 4 Click Apply Changes The port is assigned to the VLAN group and the device is updated Deleting a VLAN 1 Open the VLAN Membership page 2 Click the VLAN ID or VLAN Name option button and select a VLAN from the drop down menu 3 Select the Remove VLAN check box 4 Click Apply Changes The selected VLAN is deleted and the device is updated Table 7 25 VLAN Port Membership Table Port Control De...

Page 355: ... a VLAN name string Adds a name to a VLAN console config vlan database console config vlan vlan 1972 console config vlan end console config interface vlan 1972 console config if name Marketing console config if end Table 7 27 Port to VLAN Group Assignments CLI Commands CLI Command Description switchport general acceptable frame types tagged only Discards untagged frames at ingress switchport forbi...

Page 356: ...fig vlan end console config interface vlan 23 console config if name Marketing console config if end console config interface ethernet 1 e8 console config if switchport mode access console config if switchport access vlan 23 console config if end console config interface ethernet 1 e9 console config if switchport mode trunk console config if switchport mode trunk allowed vlan add 23 25 console con...

Page 357: ... Port The port number included in the VLAN Port VLAN Mode The port mode Possible values are Customer The port belongs to VLANs When a port is in Customer mode the added tag provides a VLAN ID to each customer ensuring private and segregated network traffic General The port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The port belongs to a single unta...

Page 358: ...he port Admit All Both tagged and untagged packets are accepted on the port Ingress Filtering Ingress filtering discards packets that are destined to VLANs of which the specific port is not a member Enable Ingress filtering is activated on the port Disable Ingress filtering is not activated on the port Current Reserved VLAN The VLAN currently designated by the system as the reserved VLAN Reserve V...

Page 359: ...efining VLAN LAGs Settings The VLAN LAG Settings page provides parameters for managing LAGs that are part of a VLAN VLANs can either be composed of individual ports or of LAGs Untagged packets entering the device are tagged with the LAGs ID specified by the PVID To open the VLAN LAG Settings page click Switch VLAN LAG Settings in the tree view Figure 7 50 VLAN LAG Settings ...

Page 360: ...agged packets The possible field values are 1 4095 VLAN 4095 is defined as per standard and industry practice as the Discard VLAN Packets classified to this VLAN are dropped Frame Type Packet type accepted by the LAG The possible values are Admit Tag Only Only tagged packets are accepted by the LAG Admit All Tagged and untagged packets are both accepted by the LAG Ingress Filtering Enables or disa...

Page 361: ...le 7 28 LAG VLAN Assignments CLI Commands CLI Command Description switchport mode access trunk general Configures a LAG VLAN membership mode switchport trunk native vlan vlan id Defines the port as a member of the specified VLAN and the VLAN ID as the LAG default VLAN ID PVID switchport general pvid vlan id Configure the LAG VLAN ID PVID when the interface is in general mode switchport general all...

Page 362: ...ides the same functionality as MAC to VLAN Assignment but does so in a standard way console config interface port channel 1 console config if switchport mode access console config if switchport access vlan 2 console config if exit console config interface port channel 2 console config if switchport mode general console config if switchport general allowed vlan add 2 3 tagged console config if swit...

Page 363: ... MAC to VLAN Figure 7 52 Bind MAC to VLAN The Bind MAC to VLAN page contains the following fields MAC Address Indicates the MAC Address which is bound to the VLAN Bind to VLAN Indicates the VLAN to which the MAC address is bound The possible values are 1 4094 Displaying the MAC to VLAN Table 1 Open the Bind MAC to VLAN page 2 Click Show All The MAC to VLAN Table opens Figure 7 53 MAC to VLAN Table...

Page 364: ...nsole config vlan mac to vlan 0060 704c 73ff 123 console config vlan exit console config exit console show vlan mac to vlan MAC Address VLAN 0060 704c 73ff 123 Defining VLAN Protocol Groups The Protocol Group page provides parameters for configuring frame types to specific protocol groups To open the Protocol Group page click Switch VLAN Protocol Group in the tree view Table 7 29 Binding MAC addre...

Page 365: ...e Ethernet protocol group type Protocol Group ID 1 65535 The VLAN Group ID number Remove Indicates whether to remove frame to protocol group mapping if the protocol group to be removed is not configured on this protocol port Checked Removes the protocol group mapping Unchecked Maintains the protocol group mapping Assigning a Protocol to a Group 1 Open the Protocol Group page 2 Click Add The Assign...

Page 366: ...omplete the fields on the page 3 Click Apply Changes The VLAN protocol group parameters are defined and the device is updated Removing Protocols From the Protocol Group Table 1 Open the Protocol Group page 2 Click Show All The Protocol Group Table opens Figure 7 56 Protocol Group Table 3 Select Remove for the protocol groups that need to be removed 4 Click Apply Changes The protocol is removed and...

Page 367: ...otocol groups To open the Protocol Port page click Switch VLAN Protocol Port in the tree view Figure 7 57 Protocol Port Interface Port or LAG number added to a protocol group Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table CLI Command Description map protocol protocol encapsulation protocols group group Maps a protocol to a prot...

Page 368: ...rface from its protocol group Checked Removes the selected interface Unchecked Maintains the selected interface Adding a New Protocol Port to a VLAN Protocol ports can be defined only on ports that are defined as General in the VLAN Port Settings page 1 Open the Protocol Port page 2 Click Add The Assign Protocol Port To VLAN page opens Figure 7 58 Assign Protocol Port To VLAN 3 Complete the fields...

Page 369: ...nformation among VLAN aware bridges GVRP allows VLAN aware bridges to automatically learn VLANs to bridge ports mapping without having to individually configure each bridge and register VLAN membership To ensure the correct operation of the GVRP protocol it is advised to set the maximum number of GVRP VLANs equal to a value which significantly exceeds the sum of The number of all static VLANs both...

Page 370: ...s the following fields Global Parameters GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the selected device Disable Disables GVRP on the selected device GVRP is disabled by default Port Parameters Interface Specifies port or LAG for editing GVRP settings GVRP State Indicates if GVRP is enabled on the interface The possible field v...

Page 371: ... Enables GVRP registration on the interface Disabled Disables GVRP registration on the interface Enabling GVRP on the Device 1 Open the GVRP Global Parameters page 2 Select Enable in the GVRP Global Status field 3 Click Apply Changes GVRP is enabled on the device Enabling VLAN Registration Through GVRP 1 Open the GVRP Global Parameters page 2 Select Enable in the GVRP Global Status 3 Select Enable...

Page 372: ...ich parameters will be copied and assigned to other interfaces Configuring GVRP Using CLI Commands The following table summarizes the equivalent CLI commands for configuring GVRP as displayed in the GVRP Global Parameters page Table 7 32 GVRP Global Parameters CLI Commands CLI Command Description gvrp enable global Enables GVRP globally gvrp enable interface Enables GVRP on an interface gvrp vlan ...

Page 373: ...RP statistics clear gvrp statistics ethernet interface port channel port channel number Clears all the GVRP statistics information Table 7 32 GVRP Global Parameters CLI Commands continued CLI Command Description console config gvrp enable console config interface ethernet 1 e1 console config if gvrp enable console config if gvrp vlan creation forbid console config if gvrp registration forbid conso...

Page 374: ...nfigured with VLAN mode as enabled ensuring that tagged packets are used for all communications If the IP phone s VLAN mode is disabled the phone uses untagged packets The phone uses untagged packets while retrieving the initial IP address through DHCP The phone eventually use the Voice VLAN and start sending tagged packets This section contains the following topics Defining Voice VLAN Properties ...

Page 375: ...ority Remark CoS Indicates that the Remark CoS is always enabled Voice VLAN Aging Time Indicates the amount of time after the last IP phone s OUI is aged out for a specific port The port will age out after the bridge and voice aging time The default time is one day The field format is Day Hour Minute The aging time starts after the MAC Address is aged out from the Dynamic MAC Address table The def...

Page 376: ...command in global configuration mode To return to default use the no form of this command voice vlan aging timeout minutes no voice aging timeout To set the voice VLAN aging timeout use the voice vlan aging timeout command in global configuration mode To return to default use the no form of this command voice vlan enable Use the voice vlan enable interface configuration command to enable automatic...

Page 377: ... VLAN To open the Voice VLAN Port Setting page click Switch Voice VLAN Port Setting in the tree view Figure 7 63 Voice VLAN Port Setting 00 0F E2 Huawei 3COM Voice VLAN VLAN ID 8 CoS 6 Remark Yes Interface Enabled Secure Activated 1 e1 Yes Yes Yes 1 e2 Yes Yes Yes 1 e3 Yes Yes Yes 1 e4 Yes Yes Yes 1 e5 No No 1 e6 No No 1 e7 No No 1 e8 No No 1 e9 No No ...

Page 378: ...C Address of the IP phones OUI was added manually to a port LAG in the Voice VLAN the user cannot add it to the Voice VLAN in Auto mode only in Manual mode Voice VLAN Port LAG Security Indicates if port LAG security is enabled on the Voice VLAN Port Security ensures that packets arriving with an unrecognized OUI are dropped Enable Enables port security on the Voice VLAN Disable Disables port secur...

Page 379: ...s the Organizationally Unique Identifiers OUIs associated with the Voice VLAN The first three bytes of the MAC Address contain a manufacturer identifier While the last three bytes contain a unique station ID Using the OUI network managers can add specific manufacturer s MAC addresses to the OUI table Once the OUIs are added all traffic received on the Voice VLAN ports from the specific IP phone wi...

Page 380: ...Aolynk 00 60 B9 Philips and NEC AG phone 00 D0 1E Pingtel phone 00 E0 75 Polycom Veritel phone 00 E0 BB 3COM phone Description Provides an OUI description up to 32 characters Remove Removes OUI from the Telephony OUI List The possible field values are Checked Removes the selected OUI Unchecked Maintains the current OUIs in the Telephony OUI List This is the default value Restore Default OUIs Resto...

Page 381: ... OUI Page 3 Fill in the fields 4 Click Apply Changes The OUIs is added Removing OUIs 1 Open the Voice VLAN OUI page 2 Check the Remove checkbox next to teach OUI to be removed 3 Click Apply Changes The selected OUIs are removed Restoring Default OUIs 1 Open the Voice VLAN OUI page 2 Click Restore Default OUIs The default OUIs are restored ...

Page 382: ...tagged modes All ports in the LAG have the same back pressure and flow control modes All ports in the LAG have the same priority All ports in the LAG have the same transceiver type The device supports up to eight LAGs and eight ports in each LAG Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG Ports added to a LAG lose their individual port config...

Page 383: ...for configuring LACP LAGs Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed Aggregated Links can be manually setup or automatically established by enabling Link Aggregation Control Protocol LACP on the relevant links To open the LACP Parameters page click Switch Link Aggregation LACP Parameters in the tree view Figure 7 67 LACP Par...

Page 384: ...the LACP Parameters page 2 Complete the LACP System Priority field 3 Click Apply Changes The parameters are defined and the device is updated Defining Link Aggregation Port Parameters 1 Open the LACP Parameters page 2 Complete the fields in the Port Parameters area 3 Click Apply Changes The parameters are defined and the device is updated Displaying the LACP Parameters Table 1 Open the LACP Parame...

Page 385: ...essage is generated However as this is the only port in the LAG the entire LAG operates with the port s settings instead of the LAG s defined settings Use the LAG Membership page to assign ports to LAGs To open the LAG Membership page click Switch Link Aggregation LAG Membership in the tree view Table 7 36 LACP Parameters CLI Commands CLI Command Description lacp system priority value Configures t...

Page 386: ...toggle the button under the port number to assign either the LACP or the static LAG 4 Click Apply Changes The port is added to the LAG or LACP and the device is updated Adding Ports to LAGs Using CLI Commands The following table summarizes the equivalent CLI commands for assigning ports to LAGs as displayed in the LAG Membership page Table 7 37 LAG Membership CLI Commands CLI Command Description c...

Page 387: ...t groups Filtering L2 Multicast Packets Forwards Layer 2 packets to interfaces If Multicast filtering is disabled Multicast packets are flooded to all relevant ports To open the Multicast Support page click Switch Multicast Support in the tree view This section contians the following topics Defining Multicast Global Parameters on page 387 Adding Bridge Multicast Address Members on page 389 Assigni...

Page 388: ... fields Bridge Multicast Filtering Enables or disables bridge Multicast filtering Disabled is the default value Enable Enables bridge multicast filtering on the device Disable Disables bridge multicast filtering on the device IGMP Snooping Status Enables or disables IGMP Snooping on the device Disabled is the default value IGMP Snooping can be enabled only if Global Parameters is enabled Enable En...

Page 389: ...service group in the Ports and LAGs tables The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group Ports can be added either to existing groups or to new Multicast service groups The Bridge Multicast Group page permits new Multicast service groups to be created The Bridge Multicast Group page also assigns ports to a specific Multicast service address gr...

Page 390: ...out the Multicast group address Bridge Multicast Address Identifies the Multicast group MAC address IP address Remove Indicates whether to remove a Bridge Multicast address Checked Removes the selected Bridge Multicast address Unchecked Maintains the selected Bridge Multicast address Ports Port that can be added to a Multicast service LAGs LAGs that can be added to a Multicast service ...

Page 391: ...cted Multicast group 5 Toggle a port to F to forbid adding specific Multicast addresses to a specific port 6 Click Apply Changes The bridge Multicast address is assigned to the Multicast group and the device is updated Table 7 39 IGMP Port LAG Members Table Control Settings Port Control Definition D The port LAG has joined the Multicast group dynamically in the Current Row S Attaches the port to t...

Page 392: ... Changes The LAG is assigned to the Multicast group and the device is updated Managing Multicast Service Members Using CLI Commands The following table summarizes the equivalent CLI commands for managing Multicast service members as displayed in the Bridge Multicast Group page Table 7 40 Multicast Service Member CLI Commands CLI Command Description bridge multicast address mac multicast address ip...

Page 393: ... Ports 1 0100 5e02 0203 static 1 e11 1 e12 19 0100 5e02 0208 static 1 e11 16 19 0100 5e02 0208 dynamic 1 e11 12 Forbidden ports for multicast addresses Vlan MAC Address Ports 1 0100 5e02 0203 1 e8 19 0100 5e02 0208 1 e8 console show bridge multicast address table format ip Vlan IP Address Type Ports 1 224 239 130 2 2 3 static 1 e11 1 e12 19 224 239 130 2 2 8 static 1 e11 16 19 224 239 130 2 2 8 dy...

Page 394: ...lticast Forward All page click Switch Multicast Support Bridge Multicast Forward All page in the tree view Figure 7 73 Bridge Multicast Forward All The Bridge Multicast Forward All page contains the following fields VLAN ID Identifies a VLAN Ports Ports that can be added to a Multicast service LAGs LAGs that can be added to a Multicast service The Bridge Multicast Forward All Switch Port Control S...

Page 395: ... Multicast Routers Using CLI Commands The following table summarizes the equivalent CLI commands for managing LAGs and ports attached to Multicast routers as displayed on the Bridge Multicast Forward All page Table 7 41 Bridge Multicast Forward All Switch Port Control Settings Table Port Control Definition D Attaches the port to the Multicast router or switch as a dynamic port S Attaches the port ...

Page 396: ...Snooping page click Switch Multicast Support IGMP Snooping in the tree view Figure 7 74 IGMP Snooping Console config interface vlan 1 Console config if bridge multicast forward all add ethernet 1 e3 Console config if end Console show bridge multicast filtering 1 Filtering Enabled VLAN Forward All Port Static Status 1 e11 Forbidden Filter 1 e12 Forward Forward s 1 e13 Forward d ...

Page 397: ...ed out The default time is 260 seconds Multicast Router Timeout 1 2147483647 Time before aging out a Multicast router entry The default value is 300 seconds Leave Timeout 0 2147483647 Time in seconds after a port leave message is received before the entry is aged out User defined enables a user definable timeout period and Immediate Leave specifies an immediate timeout period The default timeout i...

Page 398: ...mp snooping leave time out time out immediate leave Configures the leave time out ip igmp snooping querier enable no ip igmp snooping querier enable Enables Internet Group Management Protocol IGMP querier on a specific VLAN Use the no form of this command to disable ip igmp snooping querier address ip address no ip igmp snooping querier address Defines the source IP address that the IGMP Snooping ...

Page 399: ... Console config if ip igmp snooping host time out 300 Console config if ip igmp snooping mrouter time out 200 Console config if exit Console config interface vlan 1 Console config if ip igmp snooping leave time out 60 Console config if exit Console config exit Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes g1 g2 Console show ip igmp snooping interface 10...

Page 400: ...abled IGMP snooping querier address admin IGMP snooping querier address oper 172 16 1 1 IGMP snooping querier version admin 3 IGMP snooping querier version oper 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled Console show ip igmp snooping mrouter VLAN Ports 1 g1 ...

Page 401: ...Unregistered Multicast groups are the groups that are not known to the device All unregistered Multicast frames are still forwarded to all ports on the VLAN After a port has been set to Forwarding Filtering then this port s configuration is valid for any VLAN it is a member of or will be a member of To open the Unregistered Multicast page click Switch Multicast Support Unregistered Multicast in th...

Page 402: ...Multicast Table The Unregistered Multicast Table displays the following additional fields Unit No Selects a stacking member Copy from Copies parameters from the selected item Copying Unregistered Multicast Settings Between Interfaces 1 Open the Unregistered Multicast page 2 Click Show All The Unregistered Multicast Table opens 3 In the Copy Parameters from field select the interface from which to ...

Page 403: ...e following is an example of the CLI commands Table 7 44 Unregistered Multicast CLI Commands CLI Command Description bridge multicast unregistered Configures the forwarding state of unregistered multicast addresses show bridge multicast unregistered Displays the unregistered multicast filtering configuration Console show bridge multicast unregistered Port Unregistered 1 1 Forward 1 2 Filter 1 3 Fi...

Page 404: ...404 Configuring Switch Information ...

Page 405: ...o open the page click Statistics Table in the tree view This section contians the following topics Viewing Utilization Summary on page 405 Viewing Counter Summary on page 407 Viewing Interface Statistics on page 408 Viewing Etherlike Statistics on page 411 Viewing GVRP Statistics on page 414 Viewing EAP Statistics on page 418 Viewing EAP Statistics Using the CLI Commands on page 419 Viewing Utiliz...

Page 406: ...terface The interface number Interface Status Status of the interface Interface Utilization Network interface utilization percentage based on the duplex mode of the interface The range of this reading is from 0 to 200 The maximum reading of 200 for a full duplex connection indicates that 100 of bandwidth of incoming and outgoing connections is used by the traffic travelling through the interface T...

Page 407: ...rface statistics are refreshed The possible field values are 15 Sec Indicates that the interface statistics are refreshed every 15 seconds 30 Sec Indicates that the interface statistics are refreshed every 30 seconds 60 Sec Indicates that the interface statistics are refreshed every 60 seconds No Refresh Indicates that the interface statistics are not refreshed automatically Interface The interfac...

Page 408: ...packets with errors on the interface Global System LAGs Provides a counter summary for global system LAGs Viewing Interface Statistics The Interface Statistics page contains statistics for both received and transmitted packets The fields for both received and transmitted packets are identical To open the Interface Statistics page click Statistics RMON Table Views Interface Statistics in the tree v...

Page 409: ...elected interface Multicast Packets Amount of Multicast packets received on the selected interface Broadcast Packets Amount of Broadcast packets received on the selected interface Packets with Errors Number of errors packets received on the selected interface Transmit Statistics Total Bytes Octets Amount of octets transmitted from the selected interface Unicast Packets Amount of Unicast packets tr...

Page 410: ... Interface Statistics CLI Commands CLI Command Description show interfaces counters ethernet interface port channel port channel number Displays traffic seen by the physical interface console enable console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts 1 e1 0 0 0 0 1 e2 0 0 0 0 1 e3 0 0 0 0 1 e4 0 0 0 0 1 e5 0 0 0 0 1 e6 0 0 0 0 1 e7 0 0 0 0 1 e8 0 0 0 0 1 e9 0 0 0 0 1...

Page 411: ...tics are displayed for a port or LAG Refresh Rate Amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh In...

Page 412: ... Frames Number of transmitted paused errors on the selected interface Displaying Etherlike Statistics for an Interface 1 Open the Etherlike Statistics page 2 Select an interface in the Interface field Resetting Etherlike Statistics 1 Open the Etherlike Statistics page 2 Click Reset All Counters The Etherlike Statistics counters are reset Viewing Etherlike Statistics Using the CLI Commands The foll...

Page 413: ...892 1289 987 8 Port OUT Octets OutUcastPkts OutMcastPkts OutBcastPkts 1 e1 9188 9 8 0 FCS Errors 8 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal MAC Tx Errors 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 ...

Page 414: ...nterface Specifies whether statistics are displayed for a port or LAG Refresh Rate Amount of time that passes before the GVRP statistics are refreshed The possible field values are 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 Sec Indicates that the GVRP statistics are refreshed every 60 seconds ...

Page 415: ...alid Attribute Length statistics Invalid Event Device GVRP Invalid Events statistics Displaying GVRP Statistics for a Port 1 Open the GVRP Statistics page 2 Select an interface in the Interface field The GVRP statistics for the selected interface are displayed Resetting GVRP Statistics 1 Open the GVRP Statistics page 2 Click Reset All Counters The GVRP statistics counters are reset Viewing GVRP St...

Page 416: ... Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA 1 e1 0 0 0 0 0 0 0 0 0 0 0 0 1 e2 0 0 0 0 0 0 0 0 0 0 0 0 1 e3 0 0 0 0 0 0 0 0 0 0 00 0 ...

Page 417: ...vent Port INVPROT INVATYP INVAVAL INVPLEN INVALEN INVEVENT 1 e1 0 0 0 0 0 0 1 e2 0 0 0 0 0 0 1 e3 0 0 0 0 0 0 1 e4 0 0 0 0 0 0 sLE Leave Empty Sent sLA Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA 1 e1 0 0 0 0 0 0 0 0 0 0 0 0 1 e2 0 0 0 0 0 0 0 0 0 0 0 0 1 e3 0 0 0 0 0 0 0 0 0 0 0 0 1 e4 0 0 0 0 0 0 0 0 0 0 0 0 1 e5 0 0 0 0 0 0 0 0 0 0 0 0 1 e6 0 0 0 0 0 0 0 0 0 0 0 0 ...

Page 418: ...the following fields Port Indicates the port which is polled for statistics Refresh Rate Amount of time that passes before the EAP statistics are refreshed The possible field values are 15 Sec Indicates that the EAP statistics are refreshed every 15 seconds 30 Sec Indicates that the EAP statistics are refreshed every 30 seconds 60 Sec Indicates that the EAP statistics are refreshed every 60 second...

Page 419: ...ames that have been received on this port Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version Indicates the protocol version number attached to the most recently received EAPOL frame Last Frame Source Indicates the source MAC address attached to the most recently received EAPOL frame Displaying EAP statistics ...

Page 420: ...istory Table on page 425 Defining Device RMON Events on page 428 Viewing the RMON Events Log on page 430 Defining RMON Device Alarms on page 431 Viewing RMON Statistics Group Use the RMON Statistics page view information about device utilization and errors that occurred on the device To open the RMON Statistics page click Statistics RMON RMON Statistics in the tree view console show dot1x statisti...

Page 421: ...refreshed Received Bytes Octets Number of bytes received on the selected interface Received Packets Number of packets received on the selected interface Broadcast Packets Received Number of good Broadcast packets received on the interface since the device was last refreshed This number does not include multicast packets Multicast Packets Received Number of good Multicast packets received on the in...

Page 422: ...Number of jabbers packets longer than 1632 octets received on the interface since the device was last refreshed Collisions Number of collisions received on the interface since the device was last refreshed Frames of xx Bytes Number of xx byte frames transmitted and received on the interface since the device was last refreshed Viewing Interface Statistics 1 Open the RMON Statistics page 2 Select an...

Page 423: ...ling periods To open the RMON History Control page click Statistics RMON RMON History Control in the tree view Figure 8 8 RMON History Control console show rmon statistics ethernet 1 e1 Port 1 e1 Dropped 8 Octets 878128 Packets 978 Broadcast 7 Multicast 1 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 98 65 to 127 Octets 0 128 to 255 Octets 0 256 t...

Page 424: ...ible values are 1 3600 seconds The default is 1800 seconds 30 minutes Remove When checked removes the History Control Table entry Adding a History Control Entry 1 Open the RMON History Control page 2 Click Add The Add History Entry page opens 3 Complete the fields in the dialog 4 Click Apply Changes The entry is added to the History Control Table Modifying a History Control Table Entry 1 Open the ...

Page 425: ... compiled during a single sample To open the RMON History Table click Statistics RMON RMON History Table in the tree view Figure 8 9 RMON History Table Table 8 6 RMON History CLI Commands CLI Command Description rmon collection history index owner ownername buckets bucket number interval seconds Enables and configures RMON on an interface show rmon collection history ethernet interface port channe...

Page 426: ...al CRC Align Errors The number of packets received during the sampling session with a length 64 1632 octets However the packets has a bad packet Check Sequence FCS with an integral number of octets or a bad FCS with a non integral number Undersize Packets The number of packets received less than 64 octets long during the sampling session Oversize Packets The number of packets received more than 16...

Page 427: ...CLI Command Description show rmon history index throughput errors other period seconds Displays RMON Ethernet statistics history console enable console show rmon history 1 throughput Sample Set 5Owner cli Interface 24 interval 10 Requested samples 50 Granted samples 50 Maximum table size 270 Time Octets PacketsBroadcast Multicast 09 Mar 2003 18 29 32 00 00 0 09 Mar 2003 18 29 42 00 00 0 09 Mar 200...

Page 428: ...the following fields Event Entry Indicates the event Community Community to which the event belongs Description User defined event description Type Describes the event type Possible values are Log Event type is a log entry Trap Event type is a trap Log and Trap Event type is both a log entry and a trap None There is no event Time Time when the event occurred Owner The device or user that defined t...

Page 429: ... Entries A single event entry can be removed from the RMON Events Control page by checking the Remove check box on that page 1 Open the RMON Events Control page 2 Click Show All The RMON Events Table page opens 3 Check the Remove checkbox for the event s that needs to be deleted and then click Apply Changes The table entry is deleted and the device is updated Defining Device Events Using the CLI C...

Page 430: ...e 8 11 RMON Events Log The RMON Events Log page contains the following fields Event The RMON Events Log entry number Log No The log number Log Time Time when the log entry was entered Description Describes the log entry console config rmon event 1 log console config exit console show rmon events Index Description Type Community Owner Last Time Sent 1 Errors Log CLI Jan 18 2002 23 58 17 2 High Broa...

Page 431: ...lem or event is detected Rising and falling thresholds generate events For more information about events see Viewing the RMON Events Log To open the RMON Alarms page click Statistics RMON RMON Alarms in the tree view Table 8 9 Device Event Definition CLI Commands CLI Command Description show rmon log event Displays the RMON logging table console config rmon event 1 log Console show rmon log Maximu...

Page 432: ...od for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the values directly with the thresholds at the end of the sampling interval Rising Threshold 0 2147483647 The rising counter value that triggers the rising ...

Page 433: ... The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color The field default is 20 Startup Alarm The trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Interval 1 2147483647 sec Alarm interval time The field default is 100 seconds Owner Device or u...

Page 434: ...ect an entry in the Alarm Entry drop down menu 3 Check the Remove check box 4 Click Apply Changes The entry is deleted and the device is updated Defining Device Alarms Using the CLI Commands The following table contains the CLI commands for defining device alarms Table 8 10 Device Alarm CLI Commands CLI Command Description rmon alarm index MIB_Object_ID interval rthreshold fthreshold revent fevent...

Page 435: ... section contians the following topics Viewing Port Statistics on page 436 Viewing LAG Statistics on page 437 Viewing the CPU Utilization on page 439 Viewing CPU Utilization Using CLI Commands on page 440 console config rmon alarm 1000 1 3 6 1 2 1 2 2 1 10 1 360000 1000000 1000000 10 20 Console show rmon alarm table Index OID Owner 11 3 6 1 2 1 2 2 1 10 1 CLI 21 3 6 1 2 1 2 2 1 10 1 Manager 31 3 6...

Page 436: ...s are displayed Interface Statistics Selects the interface statistics to display Etherlike Statistics Selects the Etherlike statistics to display RMON Statistics Selects the RMON statistics to display GVRP Statistics Selects the GVRP statistics type to display Refresh Rate Amount of time that passes before the statistics are refreshed Displaying Port Statistics 1 Open the Port Statistics page 2 Se...

Page 437: ...w Figure 8 15 LAG Statistics Table 8 11 Port Statistic CLI Commands CLI Command Description show interfaces counters ethernet interface port channel port channel number Displays traffic seen by the physical interface show rmon statistics ethernet interface port channel port channel number Displays RMON Ethernet statistics show gvrp statistics ethernet interface port channel port channel number Dis...

Page 438: ...te from the Refresh Rate drop down menu 4 Click Draw The graph for the selected statistic is displayed Viewing LAG Statistics Using the CLI Commands The following table contains the CLI commands for viewing LAG statistics Table 8 12 LAG Statistic CLI Commands CLI Command Description show interfaces counters ethernet interface port channel port channel number Displays traffic seen by the physical i...

Page 439: ...resources consumed by each stacking member Each stacking member is assigned a color on the graph To open the CPU Utilization page click Statistics RMON Charts CPU Utilization in the tree view Figure 8 16 CPU Utilization The CPU Utilization page contains the following information Refresh Rate Amount of time that passes before the statistics are refreshed ...

Page 440: ...ommands for viewing CPU utilization The following is an example of the CLI commands Figure 8 17 CPU Utilization CLI Commands CLI Command Description show cpu utilization To display the CPU utilization Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes 3 ...

Page 441: ...e while other traffic can be assigned a lower priority queue The result is an improved traffic flow for traffic with high demand QoS is defined by Classification Specifies which packet fields are matched to specific values All packets matching the user defined specifications are classified together Action Defines traffic management where packets being forwarded are based on packet information and ...

Page 442: ...sensitive applications are always forwarded Strict Priority SP allows the prioritization of mission critical time sensitive traffic over less time sensitive applications For example under Strict Priority voice over IP traffic can be prioritized so the IP traffic is forwarded before FTP or e mail SMTP traffic Weighted Round Robin Ensures that a single application does not dominate the device forwar...

Page 443: ...lobal Settings page contains the following sections QoS Settings Queue Settings QoS Settings Quality of Service Enables or disables managing network traffic using Quality of Service Trust Mode Determines which packet fields are used to classify packets entering the device When no rules are defined the traffic containing the predefined CoS or DSCP packet field is mapped according to the selected tr...

Page 444: ...k Apply Changes Trust mode is enabled on the device Enabling Trust Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Global Settings page The following is an example of the CLI commands This section contians the following topics Defining QoS Interface Settings on page 445 Defining Bandwidth Settings on page 446 Mapping CoS Values to Que...

Page 445: ... or LAG to configure Disable Trust Mode on Interface Disables Trust mode on the specified interface This setting overrides the Trust mode configured on the device globally Set Default CoS For Incoming Traffic To Sets the default CoS tag value for untagged packets The CoS tag values are 0 7 The default value is 0 Assigning QoS settings for an interface 1 Open the Interface Settings page 2 Select an...

Page 446: ...ess interface Modifying queue scheduling affects the queue settings globally Queue shaping can be based per queue and or per interface Shaping is determined by the lower specified value The queue shaping type is selected in the Bandwidth Settings Page click Quality of Service CoS Global Parameters Bandwidth Settings in the tree view Figure 9 3 Bandwidth Settings Table 9 4 QoS Interface CLI Command...

Page 447: ...tes the Ingress traffic limit status for the interface Checked The Ingress traffic limit is enabled Not Checked The Ingress traffic limit is disabled Ingress Rate Limit Defines the Ingress traffic limit for the interface Assigning bandwidth settings for an interface 1 Open the Bandwidth Settings page 2 Select an interface in the Interface field 3 Define the fields 4 Click Apply Changes The bandwid...

Page 448: ...or classifying CoS settings to traffic queues To open the CoS to Queue page click Quality of Service QoS Mapping CoS to Queue in the tree view Figure 9 5 CoS to Queue Table 9 5 Bandwidth Settings CLI Commands CLI Command Description traffic shape committed rate committed burst no traffic shape Set shaper on egress port Use no form in order to disable the shaper rate limit rate no rate limit Limit ...

Page 449: ...ue to a Queue 1 Open the CoS to Queue page 2 Select a CoS entry 3 Define the queue number in the Queue field 4 Click Apply Changes The CoS value is mapped to an egress queue and the device is updated Assigning CoS Values to Queues Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the CoS to Queue page The following is an example of the CLI ...

Page 450: ...apping DSCP to Queue in the tree view Figure 9 6 DSCP to Queue The DSCP to Queue page contains the following fields DSCP In The values of the DSCP field within the incoming packet Queue The queue to which packets with the specific DSCP value is assigned The values are 1 4 where 1 is the lowest value and 4 is the highest Restore Defaults Restores the device factory defaults for mapping CoS values t...

Page 451: ...d the value is assigned an egress queue Assigning DSCP Values Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the DSCP to Queue page The following is an example of the CLI commands Table 9 7 DSCP Value to Queue CLI Commands CLI Command Description qos map dscp queue dscp list to queue id Modifies the DSCP to queue mapping console config q...

Page 452: ...452 Configuring Quality of Service ...

Page 453: ...ion actions and rules for specific ingress ports Aggregated VLAN Groups several VLANs into a single aggregated VLAN Aggregating VLANs enables routers to respond to ARP requests for nodes located on different sub VLANs belonging to the same Super VLAN Routers respond with their MAC address ARP Address Resolution Protocol A protocol that converts IP addresses into physical addresses ASIC Application...

Page 454: ...d amount of time For digital switch modules bandwidth is defined in Bits per Second bps or Bytes per Second Bandwidth Assignments The amount of bandwidth assigned to a specific application user or interface Baud The number of signaling elements transmitted each second Best Effort Traffic is assigned to the lowest priority queue and packet delivery is not guaranteed Boot Version The boot version Bo...

Page 455: ...out broadcast storms see Defining LAG Parameters on page 304 C CDB Configuration Data Base A file containing a device s configuration information Class of Service Class of Service CoS Class of Service is the 802 1p priority scheme CoS provides a method for tagging packets with priority information A CoS value between 0 7 is added to the Layer II header of packets where zero is the lowest priority ...

Page 456: ...ommunication for example a telephone Two parties can transmit information at the same time Half Duplex Mode Permits asynchronous communication for example a walkie talkie Only one party can transmit information at a time Dynamic VLAN Assignment DVA Allows automatic assignment of users to VLANs during the RADIUS server authentication When a user is authenticated by the RADIUS server the user is aut...

Page 457: ...igher speed device s that is that the higher speed device refrains from sending packets Fragment Ethernet packets smaller than 576 bits Frame Packets containing the header and trailer information required by the physical medium G GARP General Attributes Registration Protocol Registers client stations into a Multicast domain Gigabit Ethernet Gigabit Ethernet transmits at 1000 Mbps and is compatible...

Page 458: ... examines IGMP frame contents when they are forwarded by the device from work stations to an upstream Multicast router From the frame the device identifies work stations configured for Multicast sessions and which Multicast routers are sending Multicast frames Image File System images are saved in two Flash sectors called images Image 1 and Image 2 The active image stores the active copy while the...

Page 459: ...sing because there is less information to process Layer 4 Establishes a connections and ensures that all data arrives to their destination Packets inspected at the Layer 4 level are analyzed and forwarding decisions based on their applications LLDP MED Link Layer Discovery Protocol Media Endpoint Discovery LLDP allows network managers to troubleshoot and enhance network management by discovering a...

Page 460: ... 2 is inserted in the first minute of a ten minute cycle and Unit 1 is inserted in fifth minute of the same cycle the units are considered the same age MD5 Message Digest 5 An algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication MDI Media Dependent Interface A cable ...

Page 461: ...fy it P Packets Blocks of information for transmission in packet switched systems PDU Protocol Data Unit A data unit specified in a layer protocol consisting of protocol control information and layer user data PING Packet Internet Groper Verifies if a specific IP address is available A packet is sent to another IP address and waits for a reply Port Physical ports provide connecting components that...

Page 462: ...agers to decide how and what network traffic is forwarded according to priorities application types and source and destination addresses Query Extracts information from a database and presents the information for use R RA RADIUS Advertisement RD RADIUS Discovery RS Router Solicitation RADIUS Remote Authentication Dial In User Service A method for authenticating system users and tracking connection...

Page 463: ...ded SNMP agents SNMP agents gather network activity and device status information and send the information back to a workstation SNTP Simple Network Time Protocol SNTP assures accurate network switch clock time synchronization up to the millisecond SoC System on a Chip An ASIC that contains an entire system For example a telecom SoC application can contain a microprocessor digital signal processor...

Page 464: ...es packets are transmitted and received in the order their sent Telnet Terminal Emulation Protocol Enables system users to log in and use resources on remote networks TFTP Trivial File Transfer Protocol Uses User Data Protocol UDP without security features to transfer files Trap A message sent by the SNMP that indicates that system event has occurred Trunking Link Aggregation Optimizes port usage ...

Page 465: ...ver a large geographical area Wildcard Mask Specifies which IP address bits are used and which bits are ignored A wild switch module mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important ...

Page 466: ...466 Glossary ...

Page 467: ...s Back Pressure Support Bridge Multicast Filtering No feature interaction restrictions or limitations Cable Tests No feature interaction restrictions or limitations Community ports Community ports have restricted functionality with Locked Ports DHCP Snooping No Restrictions or limitations DNS No Restrictions or limitations Duplex Mode Flow Control No feature interaction restrictions or limitations...

Page 468: ...tiple Spanning Tree cannot function with Ingress Filtering Port Based Authentication Port based authentication has limited or restricted functionality with 802 1 Single Locked Ports MAC Based VLANs Ingress Ports Port Mirroring No feature interaction restrictions or limitations However this feature has several guidelines for configuring Storm Control For all the feature guidelines see Defining Port...

Page 469: ...eature interaction restrictions or limitations Static MAC No feature interaction restrictions or limitations Storm Control No feature interaction restrictions or limitations System Logs No feature interaction restrictions or limitations System Time Synchronization No feature interaction restrictions or limitations Voice VLAN Voice VLAN has restricted functionality with GVRP Feature Feature Notes ...

Page 470: ...470 Device Feature Interaction Information ...

Page 471: ...165 167 CBC 219 CIDR 455 Cipher Block Chaining 219 CLI 12 24 Command Line Interface 12 24 Command Mode Overview 74 Communities 234 Configuration file 248 Console 116 CoS 445 Critical 114 116 D Debug 114 116 Default Gateway 129 130 Default Gateway IPv6 142 Default settings 256 Defining device information 78 Device installation 40 Device representation 71 Device view 70 DHCP 23 Dimensions 30 DNS 24 ...

Page 472: ...HTTPS 170 I ICMP 458 IDRP 458 IEEE 458 IEEE 802 1d 458 IEEE 802 1p 458 IEEE 802 1Q 458 IEEE 802 1Q 21 IGMP 458 IGMP Snooping 458 iles 246 Image 458 Image files 253 Informational 114 116 Ingress 458 IP 458 IP addresses 131 IP Version 6 IPv6 129 ISATAP Tunnel 145 L L2TP 459 LACP 383 LAGs 336 385 394 459 LCP 341 LEDs 30 Light Emitting Diodes 30 Line 178 Line Passwords 192 Link aggregation 383 Link Co...

Page 473: ... over Ethernet 11 17 92 Power supplies 35 90 PPP 462 Profiles 170 Protocol 365 Protocol VLAN Edge 462 PVE 462 PVID 357 360 Q QinQ 351 QoS 441 443 446 462 Quality of Service 441 462 R RADIUS 178 200 202 203 212 214 217 462 RAM logs 116 Rapid Spanning Tree Protocol 339 463 Rapid STP 342 345 349 Remote Authentication Dial In User Service 25 Remote Authentication Dial In User Service 462 Remote Author...

Page 474: ...flectometry 165 Topology 13 Traps 240 Tree view 69 Trivial File Transfer Protocol 464 Trust 444 445 Tunnel ISATAP 145 U UDP 464 Understanding the interface 69 Unicast 101 102 104 Unit failure 12 Unit IDs 13 Uploading files 250 User Data Protocol 464 User Security Model 219 USM 219 V Ventilation System 37 Virtual Local Area Networks 464 VLAN 351 352 355 357 360 394 464 VLAN ID 320 VLAN membership 3...

Reviews:

No comments

Related manuals for PowerConnect 35 SERIES

GE SE-100E Instructions Manual preview
SE-100E
Brand: GE Pages: 20
Hama S2100 Operating Instruction preview
S2100
Brand: Hama Pages: 18
B&K HD6 User Manual preview
HD6
Brand: B&K Pages: 28
B&K HD6 Getting Started Manual preview
HD6
Brand: B&K Pages: 2
Patton electronics 6511RC User Manual preview
6511RC
Brand: Patton electronics Pages: 104
Contemporary Controls EISK5-100T/H Installation Manual preview
EISK5-100T/H
Brand: Contemporary Controls Pages: 4
ATEN CN8000 KVM on the NET Quick Start Manual preview
CN8000 KVM on the NET
Brand: ATEN Pages: 2
N-Tron 709FX Series User Manual & Installation Manual preview
709FX Series
Brand: N-Tron Pages: 196
TAXON TOOLS Scart Switch Manual preview
Scart Switch
Brand: TAXON TOOLS Pages: 9
Cable Electronics HSW44C Plus Instruction Manual preview
HSW44C Plus
Brand: Cable Electronics Pages: 16
GE USB 2.0 7-Port Hub HO97916 Instruction Manual preview
USB 2.0 7-Port Hub HO97916
Brand: GE Pages: 19
Net Optics iBYPASS 40G Quick Install Manual preview
iBYPASS 40G
Brand: Net Optics Pages: 20
Digital Home System DHS-LIT-SWP-DHS Quick Installation Manual preview
DHS-LIT-SWP-DHS
Brand: Digital Home System Pages: 2
Efapel 40214 Instructions Manual preview
40214
Brand: Efapel Pages: 44
Datavideo SEB-1200 Instruction Manual preview
SEB-1200
Brand: Datavideo Pages: 90
Danfoss RT 30AW Installation Manual preview
RT 30AW
Brand: Danfoss Pages: 2
Network Technologies KVM Switch Installation And Operation Manual preview
KVM Switch
Brand: Network Technologies Pages: 46
H3C PSR450-12A Manual preview
PSR450-12A
Brand: H3C Pages: 40

Brands by name

Popular brands

Load more brands