Dell PowerConnect 54 Series User Manual Download Page 20 | Manualshive

Page: 20 / 416

background image

20

Introduction

Port Based Authentication (802.1x)

Port based authentication enables authenticating system users on a per-port basis via an external server. Only
authenticated and approved system users can transmit and receive data. Ports are authenticated via the
Remote Authentication Dial In User Service (RADIUS) server using the Extensible Authentication Protocol
(EAP).
For more information, see "Configuring Port Based Authentication" on page 216.

Locked Port Support

Locked Port increases network security by limiting access on a specific port only to users with specific
MAC addresses. These addresses are either manually defined or learned on that port. When a frame is seen
on a locked port, and the frame source MAC address is not tied to that port, the protection mechanism is
invoked.
For more information, see "Configuring Port Security" on page 224.

RADIUS Client

RADIUS is a client/server-based protocol. A RADIUS server maintains a user database, which contains per-
user authentication information, such as user name, password and accounting information.
For more information, see "Configuring RADIUS Global Parameters" on page 155.

SSH

Secure Shell (SSH) is a protocol that provides a secure, remote connection to a device. SSH version 1 is
currently available. The SSH server feature enables an SSH client to establish a secure, encrypted
connection with a device. This connection provides functionality that is similar to an inbound telnet
connection. SSH uses RSA Public Key cryptography for device connections and authentication.

provides centralized security for validation of users accessing the device. provides a
centralized user management system, while still retaining consistency with RADIUS and other
authentication processes.
For more information, see "Defining Settings" on page 150.

Access Control Lists (ACL)

Access Control Lists

(ACL) allow network managers to define classification actions and rules for specific

ingress ports. Packets entering an ingress port, with an active ACL, are either admitted or denied entry and
the ingress port is disabled. If they are denied entry, the user can disable the port.
For more information, see "ACL Overview" on page 227.

«
...
18
19
20
21
22
...
»

Summary of Contents for PowerConnect 54 Series

Page 1: ...w w w d e l l c o m s u p p o r t d e l l c o m Dell PowerConnect 54xx Systems User Guide ...

Page 2: ...er whatsoever without the written permission of Dell Inc is strictly forbidden Trademarks used in this text Dell Dell OpenManage the DELL logo Inspiron Dell Precision Dimension OptiPlex PowerConnect PowerApp PowerVault Axim DellNet and Latitude are trademarks of Dell Inc Microsoft and Windows are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other ...

Page 3: ...uality of Service Features 17 Device Management Features 18 Security Features 19 Locked Port Support 20 Additional CLI Documentation 21 2 Hardware Description 23 Device Port Configurations 23 PowerConnect 54xx Series Systems Front Panel Port Description 23 PowerConnect Back Panel Port Description 24 Device Ports 24 Physical Dimensions 25 LED Definitions 25 Port LEDs 25 System LEDs 26 Hardware Comp...

Page 4: ...evice to a Power Supply 33 Port Connections Cables and Pinout Information 34 RJ 45 Connections for 10 100 1000BaseT Ports 34 Port Default Settings 35 Auto Negotiation 35 MDI MDIX 36 Flow Control 36 Back Pressure 36 Switching Port Default Settings 36 4 Starting and Configuring the Device 37 Configure the Terminal 38 Booting the Device 38 Initial Configuration 41 Advanced Configuration 45 Retrieving...

Page 5: ...h TFTP Server 52 5 Using Dell OpenManage Switch Administrator 55 Understanding the Interface 55 Device Representation 56 Using the Switch Administrator Buttons 57 Information Buttons 57 Device Management Buttons 58 Starting the Application 58 Accessing the Device Through the CLI 59 Console Connection 59 Telnet Connection 59 Using the CLI 60 Command Mode Overview 60 User EXEC Mode 60 Privileged EXE...

Page 6: ...efining Default Gateways 104 Defining IP Interfaces 106 Defining DHCP IP Interface Parameters 109 Configuring Domain Name Systems 111 Defining Default Domains 113 Mapping Domain Host 115 Configuring ARP 117 Running Cable Diagnostics 121 Viewing Copper Cable Diagnostics 121 Viewing Optical Transceiver Diagnostics 124 Managing Device Security 127 Defining Access Profiles 127 Adding an Access Profile...

Page 7: ...efining SNMP Access Control 179 Defining SNMP Groups 180 Displaying the Access Table 180 Removing SNMP Groups 181 Defining SNMP Access Control Using CLI Commands 181 Assigning SNMP User Security 181 Adding Users to a Group 183 Displaying the User Security Model Table 183 Deleting an User Security Model Table Entry 184 Defining Communities 185 Defining Notification Filters 189 Adding SNMP Filters 1...

Page 8: ...cation 221 Authenticating Users 222 Configuring Port Security 224 ACL Overview 227 Defining MAC Based Access Control Lists 233 Defining ACL Binding 237 Configuring DHCP Snooping 240 Defining DHCP Snooping on VLANs 243 Defining Trusted Interfaces 244 Adding Interfaces to the DHCP Snooping Database 246 Configuring Ports 249 Defining Port Parameters 250 Configuring Load Balancing 256 Enabling Storm C...

Page 9: ...st Forwarding Support 328 Adding Bridge Multicast Address Members 331 Assigning Multicast Forward All Parameters 335 IGMP Snooping 339 8 Viewing Statistics 345 Viewing Tables 345 Viewing Utilization Summary 345 Viewing Counter Summary 346 Viewing Interface Statistics 347 Viewing Etherlike Statistics 349 Viewing GVRP Statistics 353 Viewing EAP Statistics 356 Viewing RMON Statistics 360 Viewing RMON...

Page 10: ...th Settings 388 Defining Queue Settings 391 Mapping CoS Values to Queues 394 Mapping DSCP Values to Queues 395 10 Device Specifications 399 Port and Cable Specifications 399 Port Specifications 399 Operating Conditions 400 Physical Device Specifications 400 Device Memory Specifications 400 Feature Specifications 401 VLAN 401 Quality of Service 401 Layer 2 Multicast 401 Device Security 401 Addition...

Page 11: ...s have two versions 5424 has 24 Gigabit Ethernet ports and 5448 has 48 Gigabit Ethernet ports There are also four SFP fiber ports that are designated as combo port alternatives to the last four Ethernet ports The combo ports are single ports with two physical connections When one is connected the other is disabled The following figures illustrate the PowerConnect 54xx series systems front and back...

Page 12: ...detection between crossed and straight through cables Standard wiring for end stations is Media Dependent Interface MDI and the standard wiring for hubs and switches is known as Media Dependent Interface with Crossover MDIX For information on configuring MDI MDI for ports or Link Aggregate Groups LAGs see Defining Port Parameters on page 250 or Configuring Load Balancing on page 256 Flow Control S...

Page 13: ...that the quality of voice does not deteriorate if the IP traffic is received unevenly For more information see Configuring Voice VLANs on page 316 Guest VLAN Guest VLAN provides limited network access to unauthorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled the port receives limited network access MAC Address Supported Features MAC Address...

Page 14: ... Snooping Internet Group Membership Protocol IGMP Snooping examines IGMP frame contents when they are forwarded by the device from work stations to an upstream Multicast router From the frame the device identifies work stations configured for Multicast sessions and which Multicast routers are sending Multicast frames For more information see IGMP Snooping on page 339 Port Mirroring Port mirroring ...

Page 15: ...ged LANs the services provided in VLANs and the protocols and algorithms involved in the provision of these services An important requirement included in this standard is the ability to mark frames with a desired Class of Service CoS tag value 0 7 QinQ QinQ tagging allows network managers to add an additional tag to previously tagged packets Customer VLANs are configured using QinQ Adding addition...

Page 16: ...AG Settings on page 285 IEEE 802 1w Rapid Spanning Tree Spanning Tree can take 30 60 seconds for each host to decide whether its ports are actively forwarding traffic Rapid Spanning Tree RSTP detects uses of network topologies to enable faster convergence without creating forwarding loops For more information see Configuring Rapid Spanning Tree on page 287 STP Root Guard Root guard restricts the i...

Page 17: ...ries For more information see Mapping Domain Host on page 115 TCP Transport Control Protocol TCP connections are defined between 2 ports by an initial synchronization exchange TCP ports are identified by an IP address and a 16 bit port number Octets streams are divided into TCP packets each carrying a sequence number BootP and DHCP Clients Dynamic Host Configuration Protocol DHCP enables additiona...

Page 18: ...from any web browser The system contains an Embedded Web Server EWS which serves HTML pages through which the system can be monitored and configured The system internally converts web based input into configuration commands MIB variable settings and other management related settings Configuration File Download and Upload PowerConnect device configuration is stored in a configuration file The Confi...

Page 19: ...oute enables discovering IP routes that packets were forwarded along during the forwarding process The CLI Traceroute utility can be executed from either the user exec or privileged modes 802 1ab LLDP MED The Link Layer Discovery Protocol allows network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi vendor environments LLDP disc...

Page 20: ...formation such as user name password and accounting information For more information see Configuring RADIUS Global Parameters on page 155 SSH Secure Shell SSH is a protocol that provides a secure remote connection to a device SSH version 1 is currently available The SSH server feature enables an SSH client to establish a secure encrypted connection with a device This connection provides functional...

Page 21: ...connected to end users or DHCP Servers and untrusted interfaces located beyond the network firewall For more information see Configuring DHCP Snooping on page 240 Additional CLI Documentation The CLI Reference Guide which is available on the Documentation CD provides information about the CLI commands used to configure the device The document provides information including the CLI description synt...

Page 22: ...22 Introduction ...

Page 23: ...oth Half and Full Duplex modes There are four SFP fiber ports which are designated as Combo ports 21 24 45 48 A Combo port is a single logical port with two physical connections Only one physical connection can be active at a time so either the copper ports or the equivalent fiber ports 21 24 can be active but they cannot both be active simultaneously The upper row of ports are marked by odd numbe...

Page 24: ...d etc The default baud rate is 9600 bps The baud rate can be configured from 2400 bps up to 38400 bps Figure 2 3 Console Port Combo Ports A combo port is a single logical port with two physical connections A RJ 45 connection for Twisted Pair copper cabling A SFP connection for various fiber based modules Only one of the two physical connections of a combo port may be used at any one time Port feat...

Page 25: ...ED and the duplex mode is indicated on the right LED Figure 2 4 RJ 45 Copper based 10 100 1000 BaseT LEDs The RJ 45 LED indications are described in the following table Table 2 1 RJ 45 Copper based 10 100 1000BaseT LED Indications LED Color Description Left LED Green Static The port is linked at 1000 Mbps Green Flashing The port is transmitting or receiving data at 1000 Mbps Orange Static The port...

Page 26: ...hermal conditions and diagnostics Figure 2 6 illustrates the system LEDs Figure 2 6 System LEDs The following table describes the system LED indications Table 2 2 SFP Port LED Indications LED Color Description SFP Green Static The port is currently up Green Flashing The port is currently transmitting or receiving data OFF The port is currently down Table 2 3 System LED Indications LED Color Descri...

Page 27: ...t converts standard 220 110V AC 50 60 Hz to 5V DC at 5A 12V DC at 3A The unit automatically senses the available voltage rating 110 or 220V and no setting is required The AC power supply unit uses a standard AC220 110V connector LED indicator is on the front panel and indicates whether the AC unit is connected Fan FAN Green Static The device fans are operating normally Red Static One or more fans ...

Page 28: ...ont panel and indicates whether DC unit is connected When the device is connected to a different power source the probability of failure in the event of a power outage decreases Reset Button The reset button located on the front panel manually resets the device Ventilation System The device uses a fan system for cooling Fan operational status can be verified by observing the LEDs that indicate if ...

Page 29: ...may cause electrical shock These components are to be serviced by trained service technicians only Ensure that the power cable extension cable and or plug is not damaged Ensure that the device is not exposed to water Ensure that the device is not exposed to radiators and or heat sources Ensure that the cooling vents are not blocked Do not push foreign objects into the device as it may cause a fire...

Page 30: ...emperature range is 0 to 45ºC 32 to 113ºF at a relative humidity of 10 to 90 non condensing Verify that water or moisture cannot enter the unit casing Unpacking Package Contents While unpacking the device ensure that the following items are included The device An AC power cable RS 232 crossover cable Self adhesive rubber pads Rack mount kits for rack installation Documentation CD Unpacking the Dev...

Page 31: ...re mounting the device in a rack or cabinet CAUTION When mounting multiple devices into a rack mount the devices from the bottom up 1 Place the supplied rack mounting bracket on one side of the device ensuring the mounting holes on the device line up to the mounting holes on the rack mounting bracket Figure 3 1 illustrates where to mount the brackets Figure 3 1 Connection Rack Mounting Brackets 2 ...

Page 32: ...rovides a Console port that enables a connection to a terminal desktop system running terminal emulation software for monitoring and configuring the device The Console port connector is a male DB 9 connector implemented as a data terminal equipment DTE connector To use the Console port the following is required VT100 compatible terminal or a desktop or portable system with a serial port and runnin...

Page 33: ...ks 3 Connect the female connector of the RS 232 crossover cable directly to the device Console port and tighten the captive retaining screws The device Console port is located on the back panel Figure 3 2 Connecting to PowerConnect 54xx Series Systems Console Port Connecting a Device to a Power Supply 1 Using a 5 foot 1 5 m standard power cable with safety ground connected connect the power cable ...

Page 34: ...s The 10 100 1000BaseT ports are copper twisted pair ports To establish a link for the twisted pair ports Tx pair on one cable end must be connected to the Rx pair on the other cable end and vice versa If the cabling is done such that Tx on one end is wired to Tx on the other end and Rx is wired to Rx a link is not established When selecting cables to connect the device ports to their networking p...

Page 35: ... a mechanism established between two link partners to enable a port to advertise its transmission rate duplex mode and flow control the flow control by default is disabled abilities to its partner The ports then both operate at the highest common denominator between them If connecting a NIC that does not support auto negotiation or is not set to auto negotiation both the device switching port and ...

Page 36: ...mode By default this feature is disabled It can be enabled per port The flow control mechanism allows the receiving side to signal to the transmitting side that transmission must temporarily be halted to prevent buffer overflow Back Pressure The device supports back pressure for ports configured to half duplex mode By default this feature is disabled It can be enabled per port The back pressure me...

Page 37: ...his product The release notes can be downloaded from www support dell com Figure 4 1 Installation and Configuration Flow Connect Device and Console Power On Susepnd Bootup Yes Press Esc Startup Menu Special Functions Reboot No Loading Program from flash to RAM Enter Wizard Yes No Initial Configuration IP Address Subnet mask Users Basic Security Configuration Wizard Configuration Process Advanced C...

Page 38: ...s delivered with a default configuration The device is not configured with a default user name and password To boot the device perform the following 1 Ensure that the device Serial port is connected to an ASCII terminal or the serial connector of a desktop system running terminal emulation software 2 Locate an AC power receptacle 3 Switch off the AC power receptacle 4 Connect the device to the AC ...

Page 39: ...eparing to decompress The boot process runs approximately 90 seconds The auto boot message displayed at the end of POST see the last lines indicates that no problems were encountered during boot During boot the Startup menu can be used to run special procedures To enter the Startup menu press Esc or Enter within the first two seconds after the auto boot message is displayed If the system boot proc...

Page 40: ...I LOADCONFIG Loading startup configuration Device configuration CPLD revision 07 Slot 1 PowerConnect 5448 Unit Standalone Run eeprom code for asic 0 Run eeprom code for asic 1 Tapi Version v1 3 3 1 Core Version v1 3 3 1 01 Jan xxxx 01 01 59 INIT I InitCompleted Initialization task is completed 01 Jan xxxx 01 02 00 SNMP I CDBITEMSNUM Number of running configuration items loaded 0 01 Jan xxxx 01 02 ...

Page 41: ...prompt is displayed on the screen of a VT100 terminal device The initial device configuration is through the Console port After the initial configuration the device can be managed either from the already connected Console port or remotely through an interface defined during the initial configuration If this is the first time the device has booted up or if the configuration file is empty because th...

Page 42: ...swer this question within 60 seconds Y N Y Y You can exit the Setup Wizard at any time by entering ctrl Z If you enter N the Setup Wizard exits If there is no response within 60 seconds the Setup Wizard automatically exits and the CLI console prompt appears If you enter Y the Setup Wizard provides interactive guidance through the initial device configuration NOTE If there is no response within 60 ...

Page 43: ...nage from any Management Station 0 0 0 0 Enter the following SNMP community string for example Dell_Network_Manager IP address of the Management System A B C D or wildcard 0 0 0 0 to manage from any Management Station NOTE IP addresses and masks beginning with zero cannot be used Press Enter Wizard Step 2 The following is displayed Now we need to setup your initial privilege Level 15 user account ...

Page 44: ...rd Step 4 The following is displayed Finally setup the default gateway Please enter the IP address of the gateway from which this network is reachable e g 192 168 1 1 Default gateway A B C D 0 0 0 0 Enter the default gateway Press Enter The following is displayed as per the example parameters described This is the configuration information that has been collected SNMP Interface Dell_Network_Manage...

Page 45: ...HCP and BOOTP the configuration received from these servers includes the IP address and may include subnet mask and default gateway Retrieving an IP Address From a DHCP Server When using the DHCP protocol to retrieve an IP address the device acts as a DHCP client When the device is reset the DHCP command is saved in the configuration file but not the IP address To retrieve an IP address from a DHC...

Page 46: ... the DHCP server NOTE When copying configuration files avoid using a configuration file that contains an instruction to enable DHCP on an interface that connects to the same DHCP server or to one with an identical configuration In this instance the device retrieves the new configuration file and boots from it The device then enables DHCP as instructed in the new configuration file and the DHCP ins...

Page 47: ...OOTP server The following example illustrates the process console enable console delete startup config Startup file was deleted console reload You haven t saved your changes Are you sure you want to continue y n n This command will reset the whole system and disconnect your current session Do you want to continue y n n the switch reboots To verify the IP address enter the show ip interface command...

Page 48: ...uthentication login default line console config aaa authentication enable default line console config line console console config line login authentication default console config line enable authentication default console config line password george When initially logging on to a device through a terminal session enter george at the password prompt When changing a device s mode to enable enter geo...

Page 49: ...the following commands console config ip http authentication local console config username admin password user1 level 15 Configuring an Initial HTTPS Password To configure an initial HTTPS password enter the following commands console config ip https authentication local console config username admin password user1 level 15 Enter the following commands once when configuring to use a terminal a Tel...

Page 50: ...ut must be entered immediately after the POST test To enter the Startup menu 1 Turn the power on and watch for the auto boot message SYSTEM RESET Performing the Power On Self Test POST UART Channel Loopback Test PASS Testing the System SDRAM PASS Boot1 Checksum Test PASS Boot2 Checksum Test PASS Flash Image Validation Test PASS BOOT Software Version 1 0 0 20 Built 22 Jan xxxx 15 09 28 Processor Fi...

Page 51: ...he corrupted files update or upgrade the system software To download software from the Startup menu 1 From the Startup menu press 1 The following prompt appears Downloading code using XMODEM 2 When using the HyperTerminal click Transfer on the HyperTerminal Menu Bar 3 In the Filename field enter the file path for the file to be downloaded 4 Ensure that the Xmodem protocol is selected in the Protoc...

Page 52: ...nloading device software system and boot images through a TFTP server The TFTP server must be configured before beginning to download the software System Image Download The device boots and runs when decompressing the system image from the flash memory area where a copy of the system image is stored When a new image is downloaded it is saved in the other area allocated for the other system image c...

Page 53: ...ess is in progress Each symbol corresponds to 512 bytes transferred successfully A period indicates that the copying process is timed out Many periods in a row indicate that the copying process failed 6 Select the image for the next boot by entering the boot system command After this enter show bootvar to verify that the copy indicated as a parameter in the boot system command is selected for the ...

Page 54: ...re version is currently running on the device The following is an example of the information that appears console sh ver SW version 1 0 0 42 date 22 Jul xxxx time 13 42 41 Boot version 1 0 0 18 date 01 Jun xxxx time 15 12 20 HW version 00 00 01 date 01 May xxxx time 12 12 20 4 Enter copy tftp tftp address file name boot to copy the boot image to the device The following is an example of the inform...

Page 55: ...g views Tree View Located on the left side of the home page the tree view provides an expandable view of the features and their components Device View Located on the right side of the home page the device view provides a view of the device an information or table area and configuration instructions Figure 5 1 Switch Administrator Components Table 5 1 lists the interface components with their corre...

Page 56: ...ed to hide the feature s components By dragging the vertical bar to the right the tree area can be expanded to display the full name of a component 2 The device view provides information about device ports current configuration and status table information and feature components Depending on the option selected the area at the bottom of the device view displays other device information and or dial...

Page 57: ... help as well as information about the OpenManage Switch Administrator interfaces Component Name Port Indicators Green The port is currently enabled Red An error has occurred on the port Blue The port is currently disabled Table 5 3 Information Buttons Button Description Support Opens the Dell Support page at support dell com Help Online help containing information to assist in configuring and man...

Page 58: ...ering a password For information about recovering a lost password see Password Recovery NOTE Passwords are both case sensitive and alpha numeric 4 Click OK The Dell PowerConnect OpenManage Switch Administrator home page opens Table 5 4 Device Management Buttons Button Description Apply Changes Applies changes to the device Add Adds information to tables or dialogs Telnet Starts a Telnet session Qu...

Page 59: ...hen the Console prompt displays type enable and press Enter 3 Configure the device and enter the necessary commands to complete the required tasks 4 When finished exit the session with the quit or exit command NOTE If a different user logs into the system in the Privilege EXEC command mode the current user is logged off and the new user is logged in Telnet Connection Telnet is a terminal emulation...

Page 60: ...leged EXEC mode provides access to the device global configuration For specific global configurations within the device enter the next level Global Configuration mode A password is not required The Global Configuration mode manages the device configuration on a global level The Interface Configuration mode configures the device at the physical interface level Interface commands which require subco...

Page 61: ...r Ctrl Z The following example illustrates accessing privileged EXEC mode and then returning to the User EXEC mode console enable Enter Password console console disable console Use the exit command to move back to a previous mode For example from Interface Configuration mode to Global Configuration mode and from Global Configuration mode to Privileged EXEC mode Global Configuration Mode Global Con...

Page 62: ... config vlan Port Channel Mode The Port Channel mode contains commands for configuring Link Aggregation Groups LAG The following is an example of the Port Channel mode prompt Console config interface port channel 1 Console config if Interface Mode The Interface mode contains commands that configure the interface The Global Configuration mode command interface ethernet is used to enter the interfac...

Page 63: ...ent access class mlist SSH Public Key The SSH Public Key mode contains commands to manually specify other device SSH public keys The Global Configuration mode command crypto key pubkey chain ssh is used to enter the SSH Public Key chain Configuration mode The following example enters the SSH Public Key chain configuration mode Console config crypto key pubkey chain ssh Console config pubkey chain ...

Page 64: ...64 Using Dell OpenManage Switch Administrator ...

Page 65: ...k System in the tree view Figure 6 1 System Defining General Device Information The General page contains links to pages for configuring device parameters Viewing Device Information The Asset page contains parameters for configuring general device information including the system name location and contact the system MAC Address System Object ID date time and System Up Time To open the Asset page c...

Page 66: ... Service Tag Specifies the service reference number used when servicing the device Asset Tag 0 16 Characters Specifies the user defined device reference Serial No Specifies the device serial number Date DD MMM YY Specifies the current date The format is day month year for example 10 NOV 02 is November 10 2002 Time HH MM SS Specifies the time The format is hour minute second for example 20 12 03 is...

Page 67: ...ivalent CLI commands for viewing and setting fields displayed in the Asset page Table 6 1 Asset CLI Commands CLI Command Description hostname name Specifies or modifies the device host name snmp server contact text Sets up a system contact snmp server location text Enters information on where the device is located clock set hh mm ss day month year Manually sets the system clock and date show clock...

Page 68: ...set tag 1qwepot Console clock set 13 32 00 7 Dec 2004 Console show clock 13 32 00 UTC 0 Dec 7 2004 No time source DELL Switch show system System Description Kenan 24 System Up Time days hour min sec 0 00 04 17 System Contact spk System Name RS1 System Location R D System MAC Address 00 10 b5 f4 00 01 Sys Object ID 1 3 6 1 4 1 674 10895 3000 Type PowerConnect 5400 Main Power Supply Status ok Redund...

Page 69: ...h 12th October The first Sunday in March or after 9th March China China does not operate Daylight Saving Time Canada From the first Sunday in April until the last Sunday of October Daylight Saving Time is usually regulated by provincial and territorial governments Exceptions may exist in certain municipalities Cuba From the last Sunday of March to the last Sunday of October Cyprus Last weekend of ...

Page 70: ... weekend of March until the last weekend of October Romania Last weekend of March until the last weekend of October Russia From the 29th March until the 25th October Serbia Last weekend of March until the last weekend of October Slovak Republic Last weekend of March until the last weekend of October South Africa South Africa does not operate Daylight Saving Time Spain Last weekend of March until t...

Page 71: ...The field format is Day Month Year for example 04 May 2050 Local Time Defines the system time The field format is HH MM SS for example 21 15 03 Time Zone Offset The difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 while the local time in New York is GMT 5 There are two types of daylight settings either by a specific date in a particular ...

Page 72: ...ured DST begins Time The time at which DST begins The field format is Hour Minute for example 05 30 To Defines the time that DST ends in countries other than USA or Europe in the format DayMonthYear in one field and time in another For example DST ends on the 23rd March 2008 12 00 am the two fields will be 23Mar08 and 12 00 The possible field values are Date The date at which DST ends The possible...

Page 73: ...very year The possible field range is Jan Dec Time The time at which DST ends every year The field format is Hour Minute for example 05 30 Selecting a Clock Source 1 Open the Time Synchronization page 2 Define the Clock Source field 3 Click Apply Changes The Clock source is selected and the device is updated Defining Local Clock Settings 1 Open the Time Synchronization page 2 Define the Recurring ...

Page 74: ...lay purposes clock summer time Configures the system to automatically switch to summer time Daylight Savings Time clock summer time recurring usa eu week day month hh mm week day month hh mm offset offset zone acronym Configures the system to automatically switch to summer time according to the USA and European standards clock summer time date date month year hh mm date month year hh mm offset off...

Page 75: ... operating normally for the specified unit Not Present The power supply is not present for the specified unit Fan The device fan status The possible field values are The fans are operating normally for the specified unit The fans are not operating normally for the specified unit Not Present The fans are not present for the specified unit Viewing System Health Information Using the CLI Commands The...

Page 76: ... System General Versions in the tree view DELL Switch show system System Description Ethernet Routing Switch System Up Time days hour min sec 0 00 04 17 System Contact spk System Name DELL Switch System Location R D System MAC Address 00 10 b5 f4 00 01 Sys Object ID 1 3 6 1 4 1 674 10895 3000 Type PowerConnect 5400 Power Supply Status Main OK Redundant OK FAN Status 1 OK 2 OK DELL Switch ...

Page 77: ...device Displaying Device Versions Using the CLI The following table summarizes the equivalent CLI commands for viewing fields displayed in the Versions page The following is an example of the CLI commands Table 6 4 Versions CLI Commands CLI Command Description show version Displays system version information Console show version SW version x xxx date 23 Jul xxxx time 17 34 19 Boot version x xxx da...

Page 78: ... Reset page click System General Reset in the tree view Figure 6 6 Reset Resetting the Device 1 Open the Reset page 2 Click reset A confirmation message displays 3 Click OK The device is reset After the device is reset a prompt for a user name and password displays 4 Enter a user name and password to reconnect to the Web Interface Resetting the Device Using the CLI The following table summarizes t...

Page 79: ...Stratum 0 time source is used Stratum 1 time servers provide primary network time standards Stratum 2 The time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Information received from SNTP servers is evaluated based on the Time level and server type SNTP time definitions are asse...

Page 80: ...dcast server MD5 Message Digest 5 Authentication safeguards switch synchronization paths to SNTP servers MD5 is an algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication Click System SNTP in the tree view to open the SNTP page Defining SNTP Global Parameters The SNTP G...

Page 81: ...ds are all enabled the system time is set according the Unicast server time information Poll Unicast Servers Sends SNTP Unicast forwarding information to the SNTP server when enabled Defining SNTP Global Parameters Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Global Settings page The following is an example of the CLI comman...

Page 82: ...open the SNTP Authentication page Figure 6 8 SNTP Authentication SNTP Authentication Enables authenticating an SNTP session between the device and an SNTP server when enabled Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 characters Authentication Key 1 8 Characters Specifies the key used for authentication Trust...

Page 83: ... Click Apply Changes The SNTP Authentication Key is added and the device is updated Displaying the Authentication Key Table 1 Open the SNTP Authentication page 2 Click Show All The Authentication Key Table opens Figure 6 10 Authentication Key Table Deleting the Authentication Key 1 Open the SNTP Authentication page 2 Click Show All The Authentication Key Table opens 3 Select an Authentication Key ...

Page 84: ...abling SNTP servers as well as adding new SNTP servers In addition the SNTP Servers page enables the device to request and accept SNTP traffic from a server To open the SNTP Servers page click System SNTP SNTP Servers in the tree view Table 6 7 SNTP Authentication CLI Commands CLI Command Description sntp authenticate Defines authentication for received Network Time Protocol traffic from servers s...

Page 85: ... SNTP server providing SNTP system time information The possible field values are Primary The primary server provides SNTP information Secondary The backup server provides SNTP information Status The operating SNTP server status The possible field values are Up The SNTP server is currently operating normally Down The SNTP server is currently not operating normally Unknown The SNTP server status is...

Page 86: ...llowing table summarizes the equivalent CLI commands for setting fields displayed in the Add SNTP Server page Table 6 8 SNTP Server CLI Commands The following is an example of the CLI commands Displaying the SNTP Server Table 1 Open the SNTP Servers page 2 Click Show All The SNTP Servers Table opens CLI Command Description sntp server ip address hostname poll key keyid Configures the device to use...

Page 87: ...s page 2 Click Show All The SNTP Servers Table opens 3 Select an SNTP Server entry 4 Select the Remove check box 5 Click Apply Changes The entry is removed and the device is updated Defining SNTP Servers Settings Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the SNTP Servers page Table 6 9 SNTP Server CLI Commands CLI Command Descript...

Page 88: ...tp status Clock is synchronized stratum 4 reference is 176 1 1 8 Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server Preference Status Last response Offset mSec Delay mSec 176 1 1 8 Primary Up AFE252C1 6DBDDFF2 7 33 117 79 176 1 8 179 Secondary Unknown AFE21789 643287C9 8 98 189 19 Anycast server Server Preference Status Last response Offset Delay mSec mSec VLAN ...

Page 89: ...pdates Whether SNTP server updates are enabled for this interface Remove Removes SNTP from a specific interface when selected Adding an SNTP Interface 1 Open the SNTP Broadcast Interface Table page 2 Click Add The Add SNTP Interface page opens Figure 6 14 Add SNTP Interface Page 3 Define the relevant fields 4 Click Apply Changes The SNTP interface is added and the device is updated ...

Page 90: ...ntp client enable Enables the Simple Network Time Protocol SNTP client on an interface show sntp configuration Shows the configuration of the Simple Network Time Protocol SNTP Console show sntp configuration Polling interval 7200 seconds MD5 Authentication keys 8 9 Authentication is required for synchronization Trusted Keys 8 9 Unicast Clients Polling Enabled Server Polling Encryption Key 176 1 1 ...

Page 91: ...y determines the set of event logging devices that are sent per each event logging The following table contains the Log Severity Levels Log Severity Levels The Global Log Parameters page contains fields for defining which events are recorded to which logs It contains fields for enabling logs globally and parameters for defining log parameters The Severity log messages are listed from the highest s...

Page 92: ...orts are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a single port is offline Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Notice Provides device information Informational Provides device information Debug Provides debugging messages When a severity level is s...

Page 93: ...age logging logging ip address hostname port port severity level facility facility description text Logs messages to a syslog server For a list of the Severity levels see Log Severity Levels on page 91 logging console level Limits messages logged to the console based on severity logging buffered level Limits syslog messages displayed from an internal buffer RAM based on severity logging file level...

Page 94: ... the RAM Log Table Severity Specifies the log severity Description The user defined log description Removing Log Information 1 Open the RAM Log Table 2 Click Clear Log The log information is removed from the RAM Log Table and the device is updated Viewing and Clearing the RAM Log Table Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing and clearing fields...

Page 95: ...NIT I Startup Cold Startup 01 Jan 2000 01 01 36 LINK W Down g24 01 Jan 2000 01 01 36 LINK W Down g23 01 Jan 2000 01 01 36 LINK W Down g22 01 Jan 2000 01 01 36 LINK W Down g21 01 Jan 2000 01 01 36 LINK W Down g20 01 Jan 2000 01 01 36 LINK W Down g19 01 Jan 2000 01 01 36 LINK W Down g18 01 Jan 2000 01 01 36 LINK W Down g17 01 Jan 2000 01 01 36 LINK W Down g13 1 Jan 2000 01 01 36 LINK W Down g2 01 Ja...

Page 96: ...mber in the Log File Table Log Time Specifies the time at which the log was entered in the Log File Table Severity Specifies the log severity Description The log message text Displaying the Log File Table Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing and setting fields displayed in the Log File Table Table 6 13 Log File Table CLI Commands CLI Command...

Page 97: ...pped 1 messages were not logged 01 Jan 2000 01 12 01 COPY W TRAP The copy operation was completed successfully 01 Jan 2000 01 11 49 LINK I Up g21 01 Jan 2000 01 11 49 2SWPHY I CHNGCOMBOMEDIA Media changed from copper media to fiber media 1000BASE SX on port g21 01 Jan 2000 01 11 48 2SWPHY I CHNGCOMBOMEDIA Media changed from fiber media to copper media on port g21 01 Jan 2000 01 11 48 LINK W Down g...

Page 98: ...elds User Name Contains a user defined device user name list Login History Status Indicates if password history logs are enabled on the device Login Time Indicates the time the selected user logged on to the device User Name Indicates the user that logged on to the device Protocol Indicates the means by which the user logged on to the device Location Indicates the IP address of the station from wh...

Page 99: ... commands Table 6 14 Log File Table CLI Commands CLI Command Description show users login history Displays password management history information console show users login history Login Time Username Protocol Location Jan 1 2005 23 58 17 Anna HTTP 172 16 1 8 Jan 1 2005 07 59 23 Errol HTTP 172 16 0 8 Jan 1 2005 08 23 48 Amy Serial Jan 1 2005 08 29 29 Alan SSH 172 16 0 8 Jan 1 2005 08 42 31 Bob HTTP...

Page 100: ...able Servers Contains a list of servers to which logs can be sent UDP Port 1 65535 The UDP port to which the logs are sent for the selected server The possible range is 1 65535 The default value is 514 Facility Defines a user defined application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first...

Page 101: ... The second highest warning level An alert log is saved if there is a serious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occurred for example if a sing...

Page 102: ...og Server page opens Figure 6 20 Add a Log Server New Log Server IP Address Defines the IP address of the new Log Server 3 Define the fields 4 Click Apply Changes The server is defined and added to the Available Servers list Displaying the Remote Log Servers Table 1 Open the Remote Log Server Settings page 2 Click Show All ...

Page 103: ...e the server s 5 Click Apply Changes The Remote Log Servers Table entry is removed and the device is updated Working with Remote Server Logs Using the CLI Commands The following table summarizes the equivalent CLI command for working with remote server logs Table 6 15 Remote Log Server CLI Commands CLI Command Description logging ip address hostname port port severity level facility facility descr...

Page 104: ...ne of the IP interfaces To open the Default Gateway page click System IP Addressing Default Gateway in the tree view console enable console configure console config logging 10 1 1 1 severity critical Console show logging Logging is enabled Console Logging Level debug Console Messages 5 Dropped Buffer Logging Level debug Buffer Messages 16 Logged 16 Displayed 200 Max File Logging Level error File M...

Page 105: ...he Default Gateway drop down list when selected Selecting a Gateway Device 1 Open the Default Gateway page 2 Select an IP address in the Default Gateway drop down list 3 Select the Active check box 4 Click Apply Changes The gateway device is selected and the device is updated Removing a Default Gateway Device 1 Open the Default Gateway page 2 Select the Remove check box to remove default gateways ...

Page 106: ... Interface Parameters page contains fields for assigning IP parameters to interfaces To open the IP Interface Parameters page click System IP Addressing Interface Parameters in the tree view Figure 6 22 IP Interface Parameters Table 6 16 Default Gateway CLI Commands CLI Command Description ip default gateway ip address Defines a default gateway no ip default gateway Removes a default gateway Conso...

Page 107: ...e from the IP Address drop down menu Adding an IP Interface 1 Open the IP Interface Parameters page 2 Click Add The Add a Static Interface page opens Figure 6 23 Add a Static Interface 3 Complete the fields on the page Network Mask specifies the subnetwork mask of the source IP address 4 Click Apply Changes The new interface is added and the device is updated Modifying IP Address Parameters 1 Open...

Page 108: ...d the device is updated Defining IP Interfaces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the IP Interface Parameters page Table 6 17 IP Interface Parameters CLI Commands CLI Command Description ip address ip address mask prefix length Sets an IP address no ip address ip address Removes an IP address show ip interface ethernet inte...

Page 109: ...System IP Addressing DHCP IP Interface in the tree view To open the DHCP IP Interface page Figure 6 25 DHCP IP Interface Console config interface vlan 1 Console config if ip address 131 108 1 27 255 255 255 0 Console config if no ip address 131 108 1 27 Console config if exit console show ip interface vlan 1 Output Gateway IP Address Activity status 192 168 1 1 Active IP address Interface Type 192...

Page 110: ...ying a DHCP IP Interface 1 Open the DHCP IP Interface page 2 Modify the fields 3 Click Apply Changes The entry is modified and the device is updated Deleting a DHCP IP Interface 1 Open the DHCP IP Interface page 2 Click Show All The DHCP Client Table opens 3 Select a DHCP client entry 4 Select the Remove check box 5 Click Apply Changes The selected entry is deleted and the device is updated Defini...

Page 111: ...ng IP addresses The Domain Naming System DNS page contains fields for enabling and activating specific DNS servers To open the Domain Naming System DNS page click System IP Addressing Domain Name System in the tree view Figure 6 26 Domain Naming System DNS DNS Status Enables or disables translating DNS names into IP addresses DNS Server Contains a list of DNS servers DNS servers are added in the A...

Page 112: ...stem DNS page 2 Click Add The Add DNS Server page opens Figure 6 27 Add DNS Server 3 Define the relevant fields 4 Click Apply Changes The new DNS server is defined and the device is updated Displaying the DNS Servers Table 1 Open the Domain Naming System DNS page 2 Click Show All The DNS Server Table opens Figure 6 28 DNS Server Table Removing DNS Servers 1 Open the Domain Naming System DNS page 2...

Page 113: ... names To open the Default Domain Name page click System IP Addressing Default Domain Name in the tree view Table 6 19 DNS Server CLI Commands CLI Command Description ip name server server address Sets the available name servers Up to eight name servers can be set no ip name server server address Removes a name server ip domain name name Defines a default domain name that the software uses to comp...

Page 114: ...s The following table summarizes the CLI commands for configuring DNS domain names The following is an example of the CLI commands Table 6 20 DNS Domain Name CLI Commands CLI Command Description ip domain name name Defines a default domain name that the software uses to complete unqualified host names no ip domain name Disable the use of the Domain Name System DNS show hosts name Displays the defa...

Page 115: ...6 30 Host Name Mapping Host Name Contains a Host Name list Host Name are defined in the Add Host Name Mapping page Each host provides up to eight IP address The field values for the Host Name field are IP Address X X X X Provides up to eight IP addresses that are assigned to the specified host name Type The IP address type The possible field values are Dynamic The IP address was created dynamicall...

Page 116: ...k Apply Changes The IP address is mapped to the Host Name and the switch device is updated Displaying the Hosts Name Mapping Table 1 Open the Host Name Mapping page 2 Click Show All The Hosts Name Mapping Table opens Figure 6 32 Hosts Name Mapping Table Removing Host Name from IP Address Mapping 1 Open the Host Name Mapping page 2 Click Show All 3 The Host Mapping Table opens 4 Select a Host Mappi...

Page 117: ...protocol that converts IP addresses into physical addresses The static entries can be defined in the ARP Table When static entries are defined a permanent entry is entered and used to translate IP addresses to MAC addresses To open the ARP Settings page click System IP Addressing ARP in the tree view Table 6 21 Domain Host Name CLI Commands CLI Command Description ip host name address1 address2 ad...

Page 118: ...e is 60000 seconds Clear ARP Table Entries The type of ARP entries that are cleared on all devices The possible values are None ARP entries are not cleared All All ARP entries are cleared Dynamic Only dynamic ARP entries are cleared Static Only static ARP entries are cleared ARP Entry Select this option to activate the fields for ARP settings on a single device Interface The interface number of th...

Page 119: ...n selected removes an ARP entry Adding a Static ARP Table Entry 1 Open the ARP Settings page 2 Click Add The Add ARP Entry page opens Figure 6 34 Add ARP Entry Page 3 Select an interface 4 Define the fields 5 Click Apply Changes The ARP Table entry is added and the device is updated Displaying the ARP Table 1 Open the ARP Settings page 2 Click Show All The ARP Table opens Figure 6 35 ARP Table Pag...

Page 120: ... following table summarizes the equivalent CLI commands for setting fields displayed in the ARP Settings page Table 6 22 ARP Settings CLI Commands CLI Command Description arp ip_addr hw_addr ethernet interface number vlan vlan id port channel number Adds a permanent entry in the ARP cache arp timeout seconds Configures how long an entry remains in the ARP cache clear arp cache Deletes all dynamic ...

Page 121: ... Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test The cable length returned is an approximation in the ranges of up to 50 meters 50m 80m 80m 110m 110m 120m or more than 120m The dev...

Page 122: ...A fiber cable is connected to the port Cable Fault Distance The distance from the port where the cable error occurred Last Update The last time the port was tested Approximate Cable Length The approximate cable length This test can only be performed when the port is up and operating at 1 Gbps Performing a Cable Test 1 Ensure that both ends of the copper cable are connected to a device 2 Open the I...

Page 123: ... of the CLI commands Table 6 23 Copper Cable Test CLI Commands CLI Command Description test copper port tdr interface Performs VCT tests show copper port tdr interface Shows results of last VCT tests on ports show copper port cable length interface Displays the estimated copper cable length attached to a port console enable Console test copper port tdr g3 Cable is open at 100 meters Console show c...

Page 124: ...6 37 Optical Transceiver Diagnostics Port The port to which the fiber cable is connected Temperature The temperature in Celsius at which the cable is operating Voltage The voltage at which the cable is operating Current The current at which the cable is operating Output Power The rate at which the output power is transmitted Input Power The rate at which the input power is transmitted Transmitter ...

Page 125: ... received power in milliwatts TX Fault Transmitter fault Finisair transceivers do not support the transmitter fault diagnostic testing LOS Loss of signal Data Ready The transceiver has archived power up and data is ready N A Not Available N S Not Supported W Warning E Error Fiber Optic analysis feature works only on SFPs that support the digital diagnostic standard SFF 4872 Performing Fiber Optic ...

Page 126: ...oltage Volt Current mA Output mWatt Input mWatt TX Fault LOS g1 W OK E OK OK OK OK g2 OK OK OK OK OK E OK g3 Copper Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power Input Power Measured RX received power Tx Fault Transmitter fault LOS Loss of signal ...

Page 127: ...P subnets Management access can be separately defined for each type of management access method including Web HTTP Secure web HTTPS Telnet Secure Telnet and SNMP Access to different management methods may differ between user groups For example User Group 1 can access the device only via an HTTPS session while User Group 2 can access the device via both HTTPS and Telnet sessions Management Access L...

Page 128: ...e list when selected Activating a Profile 1 Open the Access Profiles page 2 Select an Access Profile in the Access Profile field 3 Select the Set Access Profile Active check box 4 Click Apply Changes The Access Profile is activated Adding an Access Profile Rules act as filters for determining rule priority the device management method interface type source IP address and network mask and the devic...

Page 129: ...ting the check box and selecting the appropriate option button and interface Assigning an access profile to an interface denies access via other interfaces If an access profile is not assigned to any interface the device can be accessed by all interfaces Source IP Address The interface source IP address for which the rule applies This is an optional field and indicates that the rule is valid for a...

Page 130: ...o the access profile and the device is updated Viewing the Profile Rules Table The order in which rules appear in the Profile Rules Table is important Packets are matched to the first rule which meets the rule criteria 1 Open the Access Profiles page 2 Click Show All The Profile Rules Table Page opens Figure 6 41 Profile Rules Table Page ...

Page 131: ...the management access list permit ip source ip address mask mask prefix length ethernet interface number vlan vlan id port channel number service service Sets port permitting conditions for the management access list and the selected management method deny ethernet interface number vlan vlan id port channel number service service Sets port denying conditions for the management access list and the ...

Page 132: ... ethernet g9 Console config macl deny ethernet g2 Console config macl deny ethernet g10 Console config macl exit Console config management access class mlist Console config exit Console show management access list mlist permit ethernet g1 permit ethernet g9 Note all other access implicitly denied Console show management access class Management access class is enabled using access list mlist ...

Page 133: ...al and RADIUS options are selected the user is authenticated first locally If the local user database is empty the user is then authenticated via the RADIUS server If an error occurs during the authentication the next selected method is used To open the Authentication Profiles page click System Management Security Authentication Profiles in the tree view Figure 6 42 Authentication Profiles Authent...

Page 134: ...The user authentication occurs at the TACACS server Restore Default Restores the default user authentication method on the device Selecting an Authentication Profile 1 Open the Authentication Profiles page 2 Select a profile in the Authentication Profile Name field 3 Select the authentication method using the navigation arrows 4 Click Apply Changes The user authentication profile is updated to the...

Page 135: ...selected authenticating profile is deleted Configuring an Authentication Profile Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Authentication Profiles page The following is an example of the CLI commands Table 6 26 Authentication Profile CLI Commands CLI Command Description aaa authentication login default list name method1 method...

Page 136: ...s can be applied to Management Access methods For example console users can be authenticated by Authentication Method Lists 1 while Telnet users are authenticated by Authentication Method List 2 To open the Select Authentication page click System Management Security Select Authentication in the tree view Figure 6 45 Select Authentication ...

Page 137: ...s at the RADIUS server TACACS Authentication occurs at the TACACS server Applying an Authentication List to Console Sessions 1 Open the Select Authentication page 2 Select an Authentication Profile in the Console field 3 Click Apply Changes Console sessions are assigned an Authentication List Applying an Authentication Profile to Telnet Sessions 1 Open the Select Authentication page 2 Select an Au...

Page 138: ...ces Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Select Authentication page Table 6 27 Select Authentication CLI Commands CLI Command Description enable authentication default list name Specifies the authentication method list when accessing a higher privilege level from a remote Telnet or console login authentication default lis...

Page 139: ...us local Console config ip https authentication radius local Console config exit Console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None Line Login Method ListEnable Method List Console Console_LoginConsole_Enable TelnetDefaultDefault SSHDefaultDefault...

Page 140: ... has expired users can login three additional times During the three remaining logins an additional warning message displays informing the user that the password must be changed immediately If the password is not changed users are locked out of the system and can only log in using the console Password warnings are logged in the Syslog file If a privilege level is redefined the user must also be re...

Page 141: ...ith an incorrect password the device locks the user out on the sixth attempt Possible field values are 1 5 Defining Password Management 1 Open the Password Management page 2 Define the fields 3 Click Apply Changes Password management is defined and the device is updated Password Management Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in...

Page 142: ... History Disabled History hold time no limit Lockout control disabled Enable Passwords Level Password Aging Password Expiry date Lockout 1 15 Line Passwords Line Password Aging Password Expiry date Lockout Telnet SSH Console console show users accounts Username Privilege Password Aging Password Expiry Date Lockout nim 15 39 18 Feb 2005 ...

Page 143: ... The user s login name Protocol The protocol being used to access the device Location IP address of the computer being used to access the device Defining the Local User Databases The Local User Database page contains fields for defining users passwords and access levels To open the Local User Database page click System Management Security Local User Database in the tree view ...

Page 144: ...defined password Aging 1 365 Indicates the amount of time in days that elapses before a password is aged out when selected Expiry Date Indicates the expiration date of the user defined password Lockout Status Specifies the number of failed authentication attempts since the user last logged in successfully when the Enable Login Attempts checkbox is selected in the Password Management page Specifies...

Page 145: ... user access rights and passwords are defined and the device is updated Defining a New User 1 Open the Local User Database page 2 Click Add The Add User page opens Figure 6 49 Add a User 3 Define the fields 4 Click Apply Changes The new user is defined and the device is updated Displaying the Local User Table 1 Open the Local User Database page 2 Click Show All The Local User Table opens ...

Page 146: ...base page 2 Click Show All The Local User Table opens 3 Select a User Name 4 Select the Remove check box 5 Click Apply Changes The selected user is deleted and the device is updated Assigning Users Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Local User Database page Table 6 29 Local User Database CLI Commands CLI Command Descrip...

Page 147: ...sswords The Line Password page contains fields for defining line passwords for management methods To open the Line Password page click System Management Security Line Passwords in the tree view Figure 6 51 Line Password console config username bob password lee level 15 console set username bob active ...

Page 148: ... is selected in the Password Management page Specifies LOCKOUT when the user account is locked Reactivate Locked Line for Console Telnet Secure Telnet Reactivates the line password for a Console Telnet Secure Telnet session when selected Access rights can be suspended after unsuccessfully attempting to log in Defining Line Passwords for Console Sessions 1 Open the Line Password page 2 Define the C...

Page 149: ...ity Enable Passwords in the tree view Figure 6 52 Enable Password The Enable Password page contains the following fields Select Enable Access Level Access level associated with the enable password Possible field values are 1 15 Password 0 159 characters The current enable password Confirm Password Confirms the new enable password The password appears in the format Aging 1 365 Indicates the amount ...

Page 150: ...TACACS Settings The devices provide Terminal Access Controller Access Control System TACACS client support TACACS provides centralized security for validation of users accessing the device TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services Authentication Provides authentication...

Page 151: ...he device and the TACACS server This key must match the encryption used on the TACACS server Authentication Port 0 65535 The port number through which the TACACS session occurs The default is port 49 Timeout for Reply 1 30 Sec The amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Status The connection status between ...

Page 152: ...ess used for the TACACS session between the device and the TACACS server Key String 0 128 Characters The default authentication and encryption key for TACACS communication between the device and the TACACS server Timeout for Reply 1 30 The default time that passes before the connection between the device and the TACACS times out Adding a TACACS Server 1 Open the TACACS Settings page 2 Click Add Th...

Page 153: ...ion TACACS server host ip address hostname single connection port port number timeout timeout key key string source source priority priority Specifies a TACACS host no TACACS server host ip address hostname Deletes a TACACS host tacacs server key key string Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server This key must match the...

Page 154: ...an example of the CLI commands Console show tacacs Router Configuration IP address Status Port Single Connection TimeOut Source IP Priority 12 1 1 2 Not Connected 49 Yes 1 12 1 1 1 1 Global values TimeOut 5 Router Configuration Source IP 0 0 0 0 console ...

Page 155: ...ss To open the RADIUS Settings page click System Management Security RADIUS in the tree view Figure 6 56 RADIUS Settings IP Address The list of Authentication Server IP addresses Priority 1 65535 Specifies the server priority The possible values are 1 65535 where 1 is the highest value This is used to configure the order in which servers are queried Authentication Port Identifies the authenticatio...

Page 156: ...lied to each host The following fields set the RADIUS default values Default Timeout for Reply 1 30 Specifies the default amount of the time in seconds the device waits for an answer from the RADIUS server before timing out Default Retries 1 10 Specifies the default number of transmitted requests sent to RADIUS server before a failure occurs Default Dead time 0 2000 Specifies the default amount of...

Page 157: ...IUS server is added and the device is updated Displaying the RADIUS Server List 1 Open the RADIUS Settings page 2 Click Show All The Show all RADIUS Servers page opens Figure 6 58 Show all RADIUS Servers Modifying the RADIUS Server Settings 1 Open the RADIUS Settings page 2 Click Show All The RADIUS Servers List page opens ...

Page 158: ...3 RADIUS Settings CLI Commands CLI Command Description radius server timeout timeout Sets the default interval for which a device waits for a server host to reply radius server retransmit retries Specifies the default number of times the software searches the list of RADIUS server hosts radius server deadtime deadtime Configures unavailable default servers to be skipped radius server key key strin...

Page 159: ...store discovered information Device discovery information includes Device Identification Device Capabilities Device Configuration Console config radius server timeout 5 Console config radius server retransmit 5 Console config radius server deadtime 10 Console config radius server key dell server Console config radius server host 196 210 100 1 auth port 1645 timeout 20 Console show radius servers P...

Page 160: ...increases network flexibility by allowing different IP systems to co exist on a single network LLDP Provides detailed network topology information including what device are located on the network and where the devices are located For example what IP phone is connect to what port what software is running on what switch and with port is connected to what PC Automatically deploys policies over networ...

Page 161: ...ault value is 30 seconds Hold Multiplier 2 10 Indicates the amount of time that LLDP packets are held before the packets are discarded The possible field range is 2 10 seconds The field default is 4 seconds Reinitializing Delay 1 10 Indicates the amount of time that passes between disabling LLDP and when reinitializing begins The possible field range is 1 10 seconds The field default is 2 seconds ...

Page 162: ...ort Settings page click System LLDP MED Port Settings in the tree view Table 6 34 LLDP Properties CLI Commands CLI Command Description lldp enable global Enables enable Link Layer Discovery Protocol lldp hold multiplier number Specifies the time that the receiving device should hold a Link Layer Discovery Protocol LLDP packet before discarding it lldp reinit delay Seconds Specifies the minimum tim...

Page 163: ...ble Indicates that LLDP is disabled on the port Available TLVs Contains a list of available TLVs that can be advertised by the port The possible field values are Port Description Advertises the port description System Name Advertises the system name System Description Advertises the system description System Capabilities Advertises the system capabilities Tx Optional TLVs Contains a list of option...

Page 164: ...he LLDP Port Configuration To open the LLDP Port Table click Security LLDP Port Settings Show All in the tree view Figure 6 61 LLDP Port Table Table 6 35 LLDP Port settings CLI Commands The following is an example of the CLI commands CLI Command Description clear lldp rx interface Restarts the LLDP RX state machine and clearing the neighbors table lldp optional tlv tlv1 tlv2 tlv5 Specifies which o...

Page 165: ...ation Voice Signaling Indicates that the network policy is defined for a Voice Signaling application Guest Voice Indicates that the network policy is defined for a Guest Voice application Guest Voice Signaling Indicates that the network policy is defined for a Guest Voice Signaling application Softphone Voice Indicates that the network policy is defined for a Softphone Voice application Video Conf...

Page 166: ...ty assigned to the network application DSCP Value Defines the DSCP value assigned to the network policy The possible field value is 1 64 Adding an MED Network Policy 1 Open the MED Network Policy page 2 Click Add The Add Network Policy page opens Figure 6 63 Add Network Policy 3 Define the fields 4 Click Apply Changes The new network policy is added and the device is updated Displaying the MED Net...

Page 167: ...Defining LLDP MED Port Settings The MED Port Settings contains parameters for assigning LLDP network policies to specific ports To open the MED Port Settings page click System LLDP MED Port Settings in the tree view The MED Port Settings opens Figure 6 65 MED Port Settings ...

Page 168: ...cy attached to the port Location Advertises the port s location Network Policy Available Network Policy Contains a list of network policies that can be assigned to a port Location Coordinate Displays the device s location map coordinates Location Civic Address 6 160 Displays the device s civic or street address location for example 414 23rd Ave E The possible field value are 6 160 characters Locat...

Page 169: ...ation page contains the following fields Port The port for which detailed information is played Auto Negotiation Status The auto negotiation status of the port The possible field values are Enabled Auto negotiation is enabled on the port Disabled Auto negotiation is disabled on the port Advertised Capabilities The port capabilities advertised for the port ...

Page 170: ...work Policy The port s LLDP Network Policy for each of the following application types Voice Voice Signaling Guest Voice Guest Voice Signaling Softphone Voice Video Conferencing Streaming Video Video Signaling LLDP MED Location The port s advertised LLDP location Coordinates Displays the device s location map coordinates Civic Address Displays the device s civic or street address location for exam...

Page 171: ...ilities Removing a port from the table 1 Open the Neighbors Information page 2 Check the Remove checkbox of each port to be removed 3 Click Apply Changes The ports are removed Clearing the table 1 Open the Neighbors Information page 2 Click Clear Neighbors Table The table is cleared View the details of the LLDP MED information advertised by a neighbor device 1 Open the Neighbors Information page 2...

Page 172: ...information on the fields refer to the Details Advertise Information page above Table 6 36 LLDP Neighbors Information CLI Commands CLI Command Description show lldp neighbors interface Displays information about neighboring devices discovered using Link Layer Discovery Protocol LLDP ...

Page 173: ... to access the information over the network Access rights to the SNMP agents are controlled by access strings To communicate with the device the Embedded Web Server submits a valid community string for authentication To open the SNMP page click System SNMP in the tree view This section contains information for managing the SNMP configuration Defining SNMP Global Parameters The SNMP Global Paramete...

Page 174: ...the device MAC address and is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number 674 Fifth octet Set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device SNMP Notifications Enables or disables the router sending SNMP notifications Authentication Notifications Enables or disables the router sending SNMP traps when authentication fa...

Page 175: ...w snmp Checks the status of SNMP communications snmp server engine ID local engineid string default Indicates the local device engine ID The field values is a hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon The Engine ID must be defined before SNMPv3 is enabled Console config snmp server enable traps Console co...

Page 176: ...s granted via the MIB name or MIB Object ID The Up and Down arrows allow navigating through the MIB tree and MIB branches To open the SNMPv3 View Settings page click System SNMP View Settings in the tree view Figure 6 71 SNMPv3 View Settings View Name Contains a list of user defined views The view name can contain a maximum of 30 alphanumeric characters The possible field values are Version 3 noti...

Page 177: ... and Down buttons to scroll through a list of all device OIDs Insert Specify the device feature OID View Type Indicates if the defined OID branch will be included or excluded in the selected SNMP view Adding a View 1 Open the SNMPv3 View Settings page 2 Click Add The Add a View page opens Figure 6 72 Add a View 3 Define the field 4 Click Apply Changes The SNMP View is added and the device is updat...

Page 178: ...ure 6 74 SNMP View CLI Commands CLI Command Description snmp server view view name oid tree included excluded Creates or updates a view entry show snmp views viewname Displays the configuration of views Console config snmp server view user1 1 included Console config end Console show snmp views Name OID Tree Type user1 iso included Default iso included Default snmpVacmMIB excluded Default usmUser e...

Page 179: ...ned group to whom access control rules are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2 SNMPv2 is defined for the group SNMPv3 SNMPv3 is defined for the group Security Level The security level attached to the group Security levels apply to SNMPv3 only The poss...

Page 180: ...and changes can be made to the assigned SNMP view Notify Sends traps for the assigned SNMP view Defining SNMP Groups 1 Open the Access Control Group page 2 Click Add The Add an Access Control Group page opens Figure 6 76 Add an Access Control Group 3 Define the fields in the Add an Access Control Group page 4 Click Apply Changes The group is added and the device is updated Displaying the Access Ta...

Page 181: ...ssigning SNMP User Security The User Security Model USM page enables assigning system users to SNMP groups as well as defining the user authentication method To open the User Security Model USM page click System SNMP User Security Model in the tree view Figure 6 77 SNMP Access Control CLI Commands CLI Command Description snmp server group groupname v1 v2 v3 noauth auth priv read readview write wri...

Page 182: ...Group page Authentication Method The authentication method used to authenticate users The possible field values are MD5 Key Users are authenticated using the HMAC MD5 algorithm SHA Key Users are authenticated using the HMAC SHA 96 authentication level MD5 Password Indicates that HMAC MD5 96 password is used for authentication The user should enter a password SHA Password Users are authenticated us...

Page 183: ...16 hexa characters If only authentication is required 20 bytes are defined If both privacy and authentication are required 16 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon Remove When checked removes users from a specified group Adding Users to a Group 1 Open the User Security Model page 2 Click Add The Add Us...

Page 184: ... following table summarizes the equivalent CLI commands for defining fields displayed in the User Security Model page The following is an example of the CLI commands Table 6 38 SNMP User CLI Commands CLI Command Description snmp server user username groupname remote engineid string auth md5 password auth sha password auth md5 key md5 des key auth sha key sha des key Configures a new SNMP V3 user s...

Page 185: ...on IP addresses Community String Functions as a password and used to authenticate the selected management station to the device Basic Access Mode Defines the access rights of the community The possible field values are Read Only The management access is restricted to read only for all MIBs except the community table for which there is no access Read Write The management access is read write for al...

Page 186: ...w Community 1 Open the SNMP Community page 2 Click Add The Add SNMP Community page opens Figure 6 82 Add SNMP Community 3 Select one of the following SNMP Management Station Defines an SNMP community for a specific management station A value of 0 0 0 0 specifies all management stations All Defines an SNMP community for all management stations 4 Define the remaining fields 5 Click Apply Changes The...

Page 187: ...e is updated Configuring Communities Using CLI Commands The following table summarizes the equivalent CLI commands for setting fields displayed in the Community Table page Table 6 39 SNMP Community CLI Commands CLI Command Description snmp server community string ro rw su ip address Sets up the community access string to permit access to SNMP protocol snmp server host ip address hostname community...

Page 188: ... public_3 ro 3 3 3 3 console config snmp server host 1 1 1 1 public_1 1 console config snmp server host 2 2 2 2 public_2 2 console config console show snmp Community String Community Access IP address public_1 super 1 1 1 1 public_2 readwrite 2 2 2 2 public_3 readonly 3 3 3 3 Traps are enabled Authentication failure trap is enabled Trap Rec Address Trap Rec Community Version System Contact 345 678...

Page 189: ...Notification Filter Name The user defined notification filter New Object ID Subtree The OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List Notification Filter Type Indicates whether informs or traps are sent regarding the OID t...

Page 190: ...e is updated Displaying the Filter Table 1 Open the Notification Filter page 2 Click Show All The Filter Table opens Figure 6 86 Filter Table Removing a Filter 1 Open the Notification Filter page 2 Click Show All The Filter Table opens 3 Select a Filter Table entry 4 Check the Remove checkbox The filter entry is deleted and the device is updated ...

Page 191: ...n filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To open the Notification Recipients page click System SNMP Notification Recipient in the tree view Table 6 40 SNMP Notification Filter CLI Commands CLI Command Description snmp server filter filter name oid tree included excluded Creates o...

Page 192: ... sent SNMPv1 2 SNMP versions 1 and 2 are enabled for the selected recipient Define the following fields for SNMPv1 and SNMPv2 Community String 1 20 Characters Identifies the community string of the trap manager Notification Version Determines the trap type The possible field values are SNMPv1 SNMP Version 1 traps are sent SNMPv2 SNMP Version 2 traps are sent SNMPv3 SNMPv3 is used to send and recei...

Page 193: ...end notifications The default is 162 Filter Name Includes or excludes SNMP filters Timeout 1 300 The amount of time seconds the device waits before resending informs The default is 15 seconds Retries 1 255 The amount of times the device resends an inform request The default is 3 Remove Notification Recipient When checked removes selected notification recipients Adding a new Trap Recipients 1 Open ...

Page 194: ...ients page 2 Click Show All The Notification Recipients Tables page opens 3 Select a notification recipient in either the SNMPV1 2 Notification Recipient or SNMPv3 Notification Recipient Tables 4 Check the Remove checkbox 5 Click Apply Changes The recipient is deleted and the device is updated Configuring SNMP Notification Recipients Using CLI Commands The following table summarizes the equivalent...

Page 195: ...ving notifications in SNMP version 1 or 2 snmp server v3 host ip address hostname username traps informs noauth auth priv udp port port filter filtername timeout seconds retries retries Creates or updates a notification recipient receiving notifications in SNMP version 3 show snmp Shows the current SNMP configuration console config snmp server host 172 16 1 1 private console show snmp Community St...

Page 196: ...tup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file Backup Configuration Files Contains backup copies of the device configuration A Backup file is generated when the Running Configuration file or the Startup file is copied to the Backup file The commands copied into the file replace the ex...

Page 197: ...onfiguration file is downloaded If Configuration Download is selected the Firmware Download fields are grayed out Download via TFTP Enables initiating an image download via the TFTP server Download via HTTP Enables initiating an image download via the HTTP server Firmware Download Server IP Address The Server IP Address from which the firmware files are downloaded Source File Name 1 64 Characters ...

Page 198: ...kup file The image file overwrites the non active image It is recommended to designate that the non active image will become the active image after reset and then to reset the device following the download During the image file download a dialog box opens which displays the download progress The window closes automatically when the download is complete Each indicates that ten packets were successf...

Page 199: ...s for uploading the software from the device to the TFTP server To open the File Upload to Server page click System File Management File Upload in the tree view Figure 6 90 File Upload to Server console copy running config tftp 11 1 1 2 pp txt Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss ...

Page 200: ... which the Configuration file is uploaded Destination File Name 1 64 Characters Indicates the Configuration file path to which the file is uploaded Transfer File Name The software file to which the configuration is uploaded This list of user defined configuration files only appears if the user created backup configuration files For example if the user copied the running configuration file to a use...

Page 201: ...iles can be copied and deleted from the Copy Files page To open the Copy Files page click System File Management Copy Files in the tree view Table 6 43 File Upload CLI Commands CLI Command Description copy source url destination url snmp Copies any file from a source to a destination console copy image tftp 10 6 6 64 uploaded ros Copy 4234656 bytes copied in 00 00 33 hh mm ss 01 Jan 2000 07 30 42 ...

Page 202: ...g Configuration New File Name Indicates the name of the newly created backup configuration file Restore Configuration Factory Defaults When selected specifies that the factory configuration default files should be reset When unselected maintains the current configuration settings Copying Files 1 Open the Copy Files page 2 Define the Copy Configuration fields 3 Click Apply Changes The file is copie...

Page 203: ...CLI Command Description copy source url destination url snmp Copies any file from a source to a destination delete startup config Deletes the startup config file Console copy tftp 172 16 101 101 file1 image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss Console delete startup config Console copy running config startup config 01 Jan 2000 01 55...

Page 204: ...Files on File System page contains the following fields File Name Indicates the file currently stored in the file management system Size Indicates the file size Modified Indicates the date the file was last modified Permission Indicates the permission type assigned to the file The possible field values are Read Only Indicates a read only file Read Write Indicates a read write file Remove Deletes t...

Page 205: ...ew Table 6 45 Copy Files CLI Commands CLI Command Description dir Display list of files on a flash file system console dir Directory of flash File Name Permis sion Flash Size Data Size Modified 3 txt rw 524288 523776 22 Feb 2005 18 49 27 setup rw 524288 95 22 Feb 2005 15 58 19 setup2 rw 524288 95 22 Feb 2005 15 58 35 image 1 rw 4325376 4325376 06 Feb 2005 17 55 32 image 2 rw 4325376 4325376 06 Feb...

Page 206: ...When the Log entries are full the log is cleared and the Log file is restarted Jumbo Frames Enables or disables the Jumbo Frames feature Jumbo Frames enable the transportation of identical data in fewer frames This ensures less overhead lower processing time and fewer interrupts Viewing RAM Log Entries Counter Using the CLI Commands The following table summarizes the equivalent CLI commands for se...

Page 207: ... you can then set the queueing to strict priority or WRR and then map the CoS or DSCP to the desired queue You set the queueing in the Qos Queue Settings page and you map to queues in the QoS CoS to Queue or DSCP to Queue pages Be careful when setting QoS parameters For example if you set the queueing to WRR and set a low weight iSCSI traffic will be dropped whenever there is an overload To open t...

Page 208: ...y enable iSCSI awareness use the iscsi enable command in global configuration mode To disable iSCSI awareness use the no form of this command iscsi cos up vpt dscp dscp remark bandwidth flow bandwidth burstsize flow burstsize no iscsi cos To set the quality of service profile that will be applied to iSCSI flows use the iscsi cos command To return to default use the no form of this command iscsi ag...

Page 209: ...r aging out 10 min ISID 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172 16 1 3 49154 172 16 1 20 30001 172 16 1 4 49155 172 16 1 21 30001 172 16 1 5 49156 172 16 1 22 30001 Session 2 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 Time started 23 Jul 2002 21 04 50 Time for aging out 2 min ISID 22 Initiator Initiator Target Target IP address TCP port IP address IP...

Page 210: ...s Table click System iSCSI Optimization iSCSI Targets in the tree view Figure 6 96 iSCSI Targets Table TCP Port The TCP port used by the target for iSCSI communications IP Address The IP address of the target Target Name The name of the target Remove Used to remove targets from the table Adding Targets 1 Open the iSCSI Targets Table 2 Click Add The Add iSCSI Target page opens Figure 6 97 Add iSCSI...

Page 211: ...ut iSCSI communications going through the device To open the iSCSI Sessions page click System iSCSI Optimization iSCSI Sessions in the tree view Figure 6 98 iSCSI Targets Table CLI Commands CLI Command Description iscsi target port tcp port 1 tcp port 2 tcp port 8 address ip address name targetname To configure iSCSI port s target address and name use the iscsi target port command in global config...

Page 212: ...of the initiator ISID The iSCSI session ID When you click Details the following additional information is shown for the session Session Life Time The time since the first frame of the session Aging Time The time left until the session ages out and is removed Initiators Targets IP Address TCP Port The IP address and TCP port used by each initiator and target in the session ...

Page 213: ...Sessions CLI Commands CLI Command Description show iscsi sessions detailed To display the iSCSI sessions use the show iscsi sessions privileged EXEC command Console show iscsi sessions iSCSI enabled iSCSI vpt 5 remark Session aging time 60 min Maximum number of sessions 256 iSCSI targets and TCP ports TCP Target IP Name Port Address 860 3260 5000 30001 172 16 1 1 iqn 1993 11 com disk vendor diskar...

Page 214: ...214 Configuring System Information ...

Page 215: ...includes Authenticators Specifies the port that is authenticated before permitting system access Supplicants Specifies host connected to the authenticated port requesting to access the system services Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to acces...

Page 216: ...ables multiple hosts to be attached to a single port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all attached clients are denied network access Guest VLANs Provides limited network access to unauthorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled...

Page 217: ...isable Disables port based authentication on the device Authentication Method The Authentication method used The possible field values are None No authentication method is used to authenticate the port RADIUS Port authentication is performed using the RADIUS server RADIUS None Port authentication is performed first using the RADIUS server If the port is not authenticated then no authentication met...

Page 218: ...authentication Period 300 4294967295 field Reauthentication Period 300 4294967295 Indicate the time span in which the selected port is reauthenticated The field value is in seconds The field default is 3600 seconds Reauthenticate Now Permits immediate port reauthentication when selected Authentication Server Timeout 1 65535 Defines the amount of time that lapses before the device resends a request...

Page 219: ...eters in the Port Based Authentication Table 1 Open the Port Based Authentication page 2 Click Show All The Port Based Authentication Table opens 3 Select the interface in the Copy Parameters from field 4 Select an interface in the Port Based Authentication Table 5 Select the Copy to check box to define the interfaces to which the Port based authentication parameters are copied 6 Click Apply Chang...

Page 220: ...on of the client dot1x timeout quiet period seconds Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange dot1x timeout re authperiod seconds Sets the number of seconds between re authentication attempts dot1x timeout server timeout seconds Sets the time for the retransmission of packets to the authentication server dot1x timeout supp time...

Page 221: ...d to packets arriving in single host mode from a host whose MAC address is not the client supplicant MAC address The Action on Single Host Violation field can be defined only if the Multiple Hosts field is defined as Disable The possible field values are Forward Forwards the packets from an unknown source however the MAC address is not learned Discard Discards the packets from any unlearned source...

Page 222: ...es the equivalent CLI commands for enabling the advanced port based authentication as displayed in the Multiple Hosts page Authenticating Users The Authenticated Users page displays user port access lists The User Access Lists are defined in the Add User Name page To open the Authenticated Users page click Switch Network Security Authenticated Users Table 7 2 Multiple Hosts CLI Commands CLI Comman...

Page 223: ...ay Hour Minute Seconds for example 3 days 2 hours 4 minutes 39 seconds Authentication Method The method by which the last session was authenticated The possible field values are Remote The user was authenticated from a remote server None The user was not authenticated MAC Address The client supplicant MAC address Displaying the Authenticated Users Table 1 Open the Add User Name page 2 Click Show A...

Page 224: ...ed on a locked port and the packet s source MAC address is not tied to that port either it was learned on a different port or is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving to a locked port are either Forwarded Discarded with no trap Discarded with a trap The ingress port is disabled Locked port security also enables stori...

Page 225: ...le field values are Classic Lock The port will not learn new IP addresses A computer with a different address cannot connect to the network via the port Limited Dynamic Lock The port will learn a limited number of new IP addresses and then lock Max Entries 1 128 The number of new IP addresses the port will learn before being locked if set to Limited Dynamic Lock Learning Mode Action on Violation T...

Page 226: ...to Locked ports The default value is 10 seconds Defining a Locked Port 1 Open the Port Security page 2 Select an interface type and number 3 Define the fields 4 Click Apply Changes The locked port is added to the Port Security Table and the device is updated Displaying the Locked Port Table 1 Open the Port Security page 2 Click Show All The Port Security Table opens Locked Ports can also be define...

Page 227: ...gers to define classification actions and rules for specific ingress ports Packets entering an ingress port with an active ACL are either admitted or denied entry and the ingress port is disabled If they are denied entry the user can disable the port Table 7 4 Port Security CLI Commands CLI Command Description shutdown Disables interfaces set interface active ethernet interface port channel port c...

Page 228: ... Each ACE is a rule and there are 1 024 rules available But rules are not only used for user configuration purposes they are also used for features like iSCSI and PVE so not all 1 024 will be available for ACEs It is expected that you will have at least 600 rules available To define IP based ACLs click Switch Network Security IP Based ACL I Figure 7 9 Network Security IP Based ACL ACL Name User de...

Page 229: ... Protocol HMP Collects network information from various networks hosts HMP monitors hosts spread over the internet as well as hosts in a single network RDP Remote Desktop Protocol RDP Allows a clients to communicate with the Terminal Server over the network IDPR Matches the packet to the IDPR protocol IPV6 Matches the packet to the IPV6 protocol IPV6 ROUTE Matches the packet to the IPV6 Route prot...

Page 230: ...ight bits of the IP address are ignored while the last eight bits are used TCP Flags Sets the indicated TCP flag that can be triggered To use TCP flags check the TCP Flag checkbox and then set the desired flag s ICMP Specifies an ICMP message type for filtering ICMP packets You can choose from the list type it in or select Any for all ICMP message types This field is available only when ICMP is se...

Page 231: ...based ACLs 1 Open the IP Based ACL page 2 Click Add The Network Security IP Based ACL page opens Figure 7 10 Add IP Based ACL 3 Define the relevant fields 4 Click Apply Changes The IP based protocol is defined and the device is updated Displaying the ACEs Associated with IP based ACLs 1 Open the Network Security IP Based ACL page 2 Click Show All The ACEs Associated with IP ACL opens ...

Page 232: ...ated with IP ACL Table opens 3 Check the Remove checkbox next to an ACE 4 Click Apply Changes Configuring IP Based ACLs with CLI Commands The following table summarizes the equivalent CLI commands for configuring IP Based ACLs Table 7 5 IP Based ACL CLI Commands CLI Command Description ip access list access list name no ip access list access list name To define an IPv4 access list and to place the...

Page 233: ...ard any destination port dscp number ip precedence number To set conditions to allow a packet to pass a named IP access list use the permit command in access list configuration mode deny disable port any protocol any source source wildcard any destination destination wildcard dscp number ip precedence number fragments deny icmp disable port any source source wildcard any destination destination wi...

Page 234: ...ample if the source address 149 36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the address are ignored while the last eight bits are used Destination Address Matches the destination MAC address to which packets are addressed to the ACE Wildcard masks specify which bits are used and which bits are ignored A wildcard of 0 0 0 0 indicates that all the bits are important For...

Page 235: ...kets which meet the ACL criteria Deny Drops packets which meet the ACL criteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Adding ACEs to IP based ACLs 1 Open the Network Security MAC Based ACL page 2 Select an ACL 3 Edit the relevant fields 4 Click Apply Changes Adding MAC based ACLs 1 Open the MAC Based ACL page 2 Click Add The Networ...

Page 236: ... Click Show All The ACEs Associated with MAC Based ACL opens Removing a MAC based ACL 1 Open the Network Security MAC Based ACL page 2 Click Show All The ACEs Associated with MAC ACL Table opens 3 Check the Remove ACL checkbox 4 Click Apply Changes Removing a MAC based ACE 1 Open the Network Security MAC Based ACL page 2 Click Show All The ACEs Associated with MAC ACL Table opens 3 Check the Remov...

Page 237: ...st name no mac access list access list name To define a Layer 2 access list and to place the device in MAC access list configuration mode use the mac access list command in global configuration mode To remove the access list use the no form of this command permit any source source wildcard any destination destination wildcard vlan vlan id cos cos cos wildcard ethtype eth type inner vlan vlan id To...

Page 238: ...gs Figure 7 14 Network Security ACL Binding 2 In the Select an ACL field select an IP Based or MAC Based ACL 3 In the Bind ACL to an Interface field select a port or LAG 4 Click Apply Changes The ACL is bound to the interface Displaying the ACL Bindings Table 1 Open the Network Security ACL Binding page 2 Click Show All The ACL Bindings Table opens ...

Page 239: ...page 2 Click Show All The ACL Bindings Table opens 3 In the table check the Remove checkbox for each binding you want to remove 4 Click Apply Changes Configuring ACL Bindings with CLI Commands The following table summarizes the equivalent CLI commands for configuring ACL Bindings Table 7 7 ACL Bindings CLI Commands CLI Command Description service acl input acl name no service acl input To control ...

Page 240: ...rom an interface outside the network or from an interface beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall The DHCP Snooping Table contains the untrusted interfaces MAC address IP address Lease Time VLAN ID and interface information The DHCP section contains the following topics Defining DHCP Snooping Properties Defining DHCP Snoop...

Page 241: ... untrusted port source MAC address matches the client s MAC address Disable Disables verifying that an untrusted port source MAC address matches the client s MAC address This is the default value Save Binding Database to File Indicates if the DHCP Snooping Database is saved to file The possible field values are Enable Enables saving the database to file This is the default value Disable Disables s...

Page 242: ...port that the source MAC address in a DHCP packet matches the client hardware address Use the no form of this command to configure the switch to not verify the MAC addresses ip dhcp snooping database no ip dhcp snooping database Use the ip dhcp snooping database global configuration command to configure the DHCP snooping binding file Use the no form of this command to delete the binding file ip dh...

Page 243: ...ooping is enabled on the device To define DHCP snooping on VLANS click Switch DHCP Snooping VLAN Settings Figure 7 17 VLAN Settings VLAN ID The VLAN on which DHCP snooping can be enabled Enabled VLANs Contains a list of VLANs on which DHCP snooping is enabled Console show ip dhcp snooping DHCP snooping is enabled DHCP snooping is configured on following VLANs 2 7 18 DHCP snooping database enabled ...

Page 244: ...terfaces receive packets only from within the network or the network firewall To define Trusted interfaces click Switch DHCP Snooping Trusted Interface Figure 7 18 Trusted Interfaces Interface Indicates the port or LAG on which DHCP Snooping Trust mode is enabled Trust Status Indicates if the DHCP Snooping Trust mode is enabled on the port or LAG The possible field values are Enable Indicates that...

Page 245: ... Click Show All The Trusted Interfaces Table opens 3 In the Unit and Copy from fields select a Port or LAG from which you want to copy settings 4 In the table check the Copy to checkbox for each entry to which you want to copy the settings 5 Click Apply Changes Designating Interfaces as Trusted Untrusted 1 Open the Trusted Interfaces page 2 Click Show All The Trusted Interfaces Table opens 3 In th...

Page 246: ...s parameters for querying and adding IP addresses to the DHCP Snooping Database To open the Binding Database page click Switch DHCP Snooping Binding Database Figure 7 20 Binding Database Table 7 10 DHCP Snooping Trusted Interfaces CLI Commands CLI Command Description ip dhcp snooping trust no ip dhcp snooping trust Use the ip dhcp snooping trust interface configuration command to configure a port ...

Page 247: ...attached in the DHCP Snooping Database Type Displays the IP address binding type The possible field values are Static which indicates that the IP address was statically configured and Dynamic which indicates that the IP address was dynamically configured Lease Time Displays the lease time The Lease Time defines the amount of time the entry is active in the DHCP Database Entries whose lease times a...

Page 248: ... snooping binding mac address vlan id Use the ip dhcp snooping binding privileged EXEC command to configure the DHCP snooping binding database and to add binding entries to the database Use the no form of this command to delete entries from the binding database clear ip dhcp snooping database Use the clear ip dhcp snooping database privileged EXEC command to clear the DHCP binding database show ip...

Page 249: ...nality pages including advanced features such as Storm Control and Port Mirroring To open the Ports page click Switch Ports Console show ip dhcp snooping binding Update frequency 1200 Total number of binding 2 Mac Address IP Address Lease sec Type VLAN Interface 0060 704C 73FF 10 1 8 1 7983 snooping 3 1 21 0060 704C 7BC1 10 1 8 2 92332 snooping s 3 1 22 ...

Page 250: ...iew Figure 7 22 Port Configuration Port The port number for which port parameters are defined Description 0 64 Characters A brief interface description such as Ethernet Port Type The type of port Admin Status Enables or disables traffic forwarding through the port The new port status is displayed in the Current Port Status field Current Port Status Specifies whether the port is currently operation...

Page 251: ...urrent Auto Negotiation The currently configured Auto Negotiation setting Admin Advertisement The speed that the port advertises Options include Maximum Capacity 10 MB Half Duplex 10 MB Full Duplex 100 MB Half Duplex 100 MB Full Duplex and 1000 MB Full Duplex Current Advertisement The port advertises its speed to its neighbor port to start the negotiation process The possible field values are thos...

Page 252: ...rom other ports within the same VLAN Defining Port Parameters 1 Open the Port Configuration page 2 Select a port in the Port Field 3 Define the remaining fields 4 Click Apply Changes The port parameters are saved to the device Modifying Port Parameters 1 Open the Port Configuration page 2 Select a port in the Port Field 3 Modify the remaining fields 4 Click Apply Changes The port parameters are sa...

Page 253: ...n not using auto negotiation autobaud Sets the line for automatic baud rate detection duplex half full Configures the full half duplex operation of a given ethernet interface when not using auto negotiation negotiation Enables auto negotiation operation for the speed and duplex parameters of a given interface back pressure Enables Back Pressure on a given interface flowcontrol auto on off rx tx Co...

Page 254: ...f negotiation Console config if back pressure Console config if flowcontrol on Console config if mdix auto Console config if exit Console config exit Console show interfaces configuration ethernet g5 Port Type Duplex Speed Neg Flow Control Admin State Back Pressure Mdix Mode g5 1G Full 100 Enabled On Up Enable Auto console console show interfaces status ethernet g5 Port Type Duplex Speed Neg Flow ...

Page 255: ...arameters for configured LAGs The device supports up to eight ports per LAG and eight LAGs per system For information about Link Aggregated Groups and assigning ports to LAGs refer to Aggregating Ports To open the LAG Configuration page click Switch Ports LAG Configuration in the tree view If port configuration is modified while the port is a LAG member the configuration change is only effective a...

Page 256: ...are Layer 2 Enables load balancing based on static and dynamic MAC addresses Layer 3 Enables load balancing based on source and destination IP addresses Layer 2 3 Enables load balancing based on static and dynamic MAC addresses and source and destination IP addresses LAG The LAG number LAG Mode Whether the LAG is static or LACP Description 0 64 Characters Provides a user defined description of the...

Page 257: ...ity 10 MB Half Duplex 10 MB Full Duplex 100 MB Full Duplex and 1000 MB Full Duplex Current Advertisement The port advertises its speed to its neighbor port to start the negotiation process The possible field values are those specified in teh Admin Advertisement field Neighbor Advertisement Indicates the neighboring port s advertisement settings The field values are identical to the Admin Advertise...

Page 258: ...r configuring LAGs as displayed in the LAG Configuration page Table 7 13 LAG Configuration CLI Commands CLI Command Description interface port channel port channel number Enters the interface configuration mode of a specific port channel port channel load balance layer 2 layer 2 3 layer 2 3 4 Configures the load balancing policy of the port channeling description string Adds a description to an in...

Page 259: ...faces configuration ethernet interface port channel port channel number Displays the configuration for all configured interfaces show interfaces status ethernet interface port channel port channel number Displays the status for all configured interfaces show interfaces description ethernet interface port channel port channel number Displays the description for all configured interfaces show interf...

Page 260: ...n each port and discard frames when the rate exceeds a user defined rate The Storm Control page provides fields for enabling and configuring Storm Control To open the Storm Control page click Switch Ports Storm Control in the tree view console config if channel group 1 mode on console config if exit console config interface range e g21 24 console config if channel group 1 mode on console config if...

Page 261: ...roadcast traffic Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Rate Threshold 3 5 1000M The maximum rate Kbits Sec at which unknown packets are forwarded The range is 3 5 1000M Enabling Storm Control on the Device 1 Open the Storm Control page 2 Select an interface on which to implement storm control 3 Define the fields 4 Click Sho...

Page 262: ...ackets together with broadcast packets port storm control broadcast enable Enables broadcast storm control port storm control broadcast rate rate Configures the maximum broadcast rate show ports storm control ethernet interface Displays the storm control configuration console enable console configure Console config port storm control include multicast Console config port storm control broadcast ra...

Page 263: ...the following Monitored port cannot operate faster than the monitoring port All the RX TX packets should be monitored to the same port The following restrictions apply to ports configured to be destination ports Ports cannot be configured as a source port Ports cannot be a LAG member IP interfaces are not configured on the port GVRP is not enabled on the port The port is not a VLAN member Only one...

Page 264: ...ndicates if the port is currently monitored Active or not monitored Ready Remove When selected removes the port mirroring session Adding a Port Mirroring Session 1 Open the Port Mirroring page 2 Click Add The Add Source Port page opens 3 Select the destination port from the Destination Port drop down menu 4 Select the source port from the Source Port drop down menu 5 Define the Type field 6 Click ...

Page 265: ...ble summarizes the equivalent CLI commands for configuring a Port Mirroring session as displayed in the Port Mirroring page The following is an example of the CLI commands Table 7 15 Port Mirroring CLI Commands CLI Command Description port monitor src interface rx tx Starts a port monitoring session Console config interface ethernet g1 Console config if port monitor g8 Console show ports monitor S...

Page 266: ...atic addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased To open the Address Tables page click Switch Address Table in the tree view Defining Static Addresses The Static MAC Address page contains a list of static MAC addresses Static Address can be added and removed from the St...

Page 267: ...ick Add The Add Static MAC Address page opens 3 Complete the fields 4 Click Apply Changes The new static address is added to the Static MAC Address Table and the device is updated Modifying a Static Address in the Static MAC Address Table 1 Open the Static MAC Address page 2 Modify the fields 3 Click Apply Changes The static MAC address is modified and the device is updated Removing a Static Addre...

Page 268: ...on bridge address mac address ethernet interface port channel port channel number permanent delete on reset delete on timeout secure Adds a static MAC layer station source address to the bridge table show bridge address table vlan vlan ethernet interface port channel port channel number Displays entries in the bridge forwarding database Console show bridge address table Aging time is 300 sec vlan ...

Page 269: ... the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic Address list The Current Address Table contains dynamic address parameters by which packets are directly forwarded to the ports To open the Dynamic Address Table click Switch Address Table Dynamic Addresses Table in the tree view Figure 7 30 Dynamic Address Table Address Aging 10 630...

Page 270: ...c Address Table is sorted Redefining the Aging Time 1 Open the Dynamic Address Table 2 Define the Aging Time field 3 Click Apply Changes The aging time is modified and the device is updated Querying the Dynamic Address Table 1 Open the Dynamic Address Table 2 Define the parameter by which to query the Dynamic Address Table Entries can be queried by Port MAC Address or VLAN ID 3 Click Query The Dyn...

Page 271: ... Sort CLI Commands CLI Command Description bridge aging time seconds Sets the address table aging time show bridge address table vlan vlan ethernet interface port channel port channel number Displays classes of dynamically created entries in the bridge forwarding database Console config bridge aging time 250 Console config exit Console show bridge address table Aging time is 250 sec vlan mac addre...

Page 272: ...not operate successfully To open the GARP page click Switch GARP in the tree view Defining GARP Timers The GARP Timers page contains fields for enabling GARP on the device To open the GARP Timers page click Switch GARP GARP Timers in the tree view Figure 7 31 GARP Timers Interface Determines if enabled on a port or on a LAG GARP Join Timer 10 2147483640 Time in milliseconds that PDUs are transmitt...

Page 273: ...rom field 4 Select an interface in either the Port or LAG drop down menu 5 The definitions for this interface is copied to the selected interfaces See step 6 6 Select the Copy to check box to define the interfaces to which the GARP timer definitions are copied or click Select All to copy the definitions to all ports or LAGs 7 Click Apply Changes The parameters are copied to the selected port ports...

Page 274: ... stations avoiding and eliminating loops For more information on configuring Classic STP see Defining STP Global Settings on page 276 Rapid STP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops For more information on configuring Rapid STP see Configuring Rapid Spanning Tree on page 287 To open the Spanning Tree pages click Switc...

Page 275: ...ree view Figure 7 32 STP Global Settings Spanning Tree State Enables or disables Spanning Tree on the device The possible field values are Enable Enables Spanning Tree Disable Disables Spanning Tree STP Operation Mode The STP mode by which STP is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value Rapid STP Enables Rapid STP o...

Page 276: ...o Time indicates the amount of time in seconds a root bridge waits between configuration messages The default is 2 seconds Max Age 6 40 Specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds a bridge waits before sending configuration messages The default max age is 20 seconds Forward Delay 4 30 Specifies the device forward delay time The Forward Delay T...

Page 277: ...ng tree Enables spanning tree functionality spanning tree mode stp rstp mstp Configures the spanning tree protocol spanning tree priority priority Configures the spanning tree priority spanning tree hello time seconds Configures the spanning tree bridge Hello Time which is how often the device broadcasts Hello messages to other switches spanning tree max age seconds Configures the spanning tree br...

Page 278: ...onsole show spanning tree Spanning tree enabled mode RSTP Default port cost method short Root ID Priority 12288 Address 00 e8 00 b4 c0 00 This switch is the root Hello Time 5 sec Max Age 15 sec Forward Delay 25 sec Number of topology changes 5 last change occurred 00 05 28 ago Times hold 1 topology change 40 notification 5 hello 5 max age 15 forward delay 25 Interfaces Name State Prio Nbr Cost Sts...

Page 279: ...t on which STP is enabled STP Enables or disables STP on the port Fast Link When selected enables Fast Link mode for the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link mode optimizes the time it takes for the STP protocol to converge STP convergence can take 30 60 seconds in large networks Root Guard Wh...

Page 280: ...ckets to the root switch Designated Indicates the port or LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two...

Page 281: ...ess likely to be blocked if STP detects loops Forward Transitions The number of times the port has changed from the Blocking state to the Forwarding state LAG The LAG to which the port is attached Enabling STP on a Port 1 Open the STP Port Settings page 2 Select Enabled in the STP Port Status field 3 Define the Fast Link Path Cost and the Priority fields 4 Click Apply Changes STP is enabled on the...

Page 282: ...d Description spanning tree disable Disables spanning tree on a specific port spanning tree cost cost Configures the spanning tree cost contribution of a port spanning tree port priority priority Configures port priority spanning tree portfast Enables PortFast mode show spanning tree ethernet interface port channel port channel number Displays spanning tree configuration spanning tree guard root E...

Page 283: ...panning tree port priority 96 console config if exit console config exit console show spanning tree ethernet g5 Port g5 disabled State disabled Port id 96 5 Type P2p configured Auto STP Designated bridge Priority 32768 Designated port id 96 5 Number of transitions to forwarding state 0 BPDU sent 0 received 0 console Role disabled Port cost 35000 Port Fast No configured No Address 00 e8 00 b4 c0 00...

Page 284: ...or more information see Defining LAG Membership on page 327 STP Enables or disables STP on the LAG Fast Link Enables Fast Link mode for the LAG If Fast Link mode is enabled for a LAG the LAG State is automatically placed in the Forwarding state when the LAG is up Fast Link mode optimizes the time it takes for the STP protocol to converge STP convergence can take 30 60 seconds in large networks Roo...

Page 285: ...h to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disabled The port is not participating in the Spanning Tree Path Cost 1 200000000 Amount the LAG contribu...

Page 286: ...s faster convergence may be possible The Rapid Spanning Tree Protocol RSTP detects and uses of network topologies that provide faster convergence of the spanning tree without creating forwarding loops Table 7 21 STP LAG Settings CLI Commands CLI Command Description spanning tree Enables spanning tree spanning tree disable Disables spanning tree on a specific LAG spanning tree cost cost Configures ...

Page 287: ...hm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated The port or LAG via which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports ...

Page 288: ...ta link After a link is established and optional facilities are negotiated as needed by the LCP the originating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communication...

Page 289: ...ed along different paths within Multiple Spanning Trees Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted To open the MSTP Settings page click Switch Spanning Tree MSTP Settings in the tree view Table 7 22 RSTP Settings CLI Command CLI Command Description spanning tree link type point to point shared Overrides the default link type settin...

Page 290: ...The revision number is required as part of the MST configuration The possible field range is 0 65535 Max Hops 1 40 Defines the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port information is aged out The possible field range is 1 40 The field default is 20 hops IST Master Indicates the Internal Spanning Tree Master ID The IST Mas...

Page 291: ...nge is 0 61440 Designated Root Bridge ID Indicates the ID of the bridge with the lowest path cost to the instance ID Root Port Indicates the selected instance s root port Root Path Cost Indicates the selected instance s path cost Bridge ID Indicates the bridge ID of the selected instance Remaining Hops Indicates the number of hops remaining to the next destination Displaying the MSTP Instance Tabl...

Page 292: ...vision number spanning tree mst instance id port priority priority Sets the priority of a port spanning tree mst instance id priority priority Sets the device priority for the specified spanning tree instance spanning tree mst max hops hop count Sets the number of hops in an MST region before the BPDU is discarded and the information held for a port is aged spanning tree mst instance id cost cost ...

Page 293: ...nstance Port State Indicates whether the port is enabled or disabled in the specific instance Type Indicates whether MSTP treats the port as a point to point port or a port connected to a hub and whether the port is internal to the MSTP region or a boundary port If the port is a boundary port it also indicates whether the device on the other side of the link is working in RSTP or STP mode Role Ind...

Page 294: ...specified the field value range is 1 65 535 Default Path Cost If the Long path cost method was specified in the STP Global Settings page the default path cost values are Ethernet 10 Mbps 2 000 000 Fast Ethernet 100 Mbps 200 000 Gigabit Ethernet 1000 Mbps 20 000 Port Channel 20 000 If the Short path cost method was specified the default path cost values are Ethernet 10 Mbps 100 Fast Ethernet 100 Mb...

Page 295: ...ast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN tagging attaches a tag to packet headers The VLAN tag indicates to which VLAN the packet belongs VLAN tags are attached to the packet by either the end station or by the network device VL...

Page 296: ... open the VLAN Membership page click Switch VLAN VLAN Membership in the tree view Figure 7 40 VLAN Membership Page Show VLAN Lists and displays specific VLAN information according to VLAN ID or VLAN name VLAN Name The user defined VLAN name Status The VLAN type Possible values are Dynamic The VLAN was dynamically created through GVRP Static The VLAN is user defined Default The VLAN is the default ...

Page 297: ...d Modifying VLAN Membership Groups 1 Open the VLAN Membership page 2 Select a VLAN from the Show VLAN drop down menu 3 Modify the fields as desired 4 Click Apply Changes The VLAN membership information is modified and the device is updated Deleting VLAN Membership Groups 1 Open the VLAN Membership page 2 Select a VLAN in the Show VLAN field 3 Select the Remove VLAN check box 4 Click Apply Changes ...

Page 298: ... in the VLAN Port Membership Table Table 7 24 VLAN Membership Group CLI Commands CLI Command Description vlan database Enters the interface configuration VLAN mode vlan vlan range Creates a VLAN name string Adds a name to a VLAN console config vlan database console config vlan vlan 1972 console config vlan exit console config interface vlan 1972 console config if name Marketing console config if e...

Page 299: ...ssigning ports to VLAN groups Table 7 26 Port to VLAN Group Assignments CLI Commands CLI Command Description switchport general acceptable frame types tagged only Discards untagged frames at ingress switchport forbidden vlan add vlan list remove vlan list Forbids adding specific VLANs to the port switchport mode customer access trunk general Configures the VLAN membership mode of a port switchport...

Page 300: ...face ethernet g8 Console config if switchport mode access Console config if switchport access vlan 23 Console config if exit Console config interface ethernet g9 Console config if switchport mode trunk Console config if swithport mode trunk allowed vlan add 23 25 Console config if exit Console config interface ethernet g10 Console config if switchport mode general Console config if switchport gene...

Page 301: ...exit Console config interface ethernet e5 Console config if switchport mode customer Console config if switchport customer vlan 100 Console config if exit Console config interface ethernet e10 Console config if switchport mode trunk Console config if switchport trunk allowed vlan add 100 Console config if exit Console show interfaces switchport ethernet 1 e5 Port 1 e5 Port Mode Customer Gvrp Statu...

Page 302: ...ion Forbidden VLANS Classification rules Protocol based VLANs Mac based VLANs Subnet based VLANs console Vlan Name Egress rule Port Membership Type 100 100 Untagged Static Vlan Name Group ID Vlan ID Group ID Vlan ID Group ID Vlan ID ...

Page 303: ...AN is user defined as tagged or untagged full 802 1Q mode Access The port belongs to a single untagged VLAN When a port is in Access mode the packet types which are accepted on the port cannot be designated Ingress filtering cannot be enabled disabled on an access port Trunk The port belongs to VLANs in which all ports are tagged except for one port that can be untagged Customer The port belongs t...

Page 304: ...rrent Reserve VLAN The VLAN currently designated by the system as the reserved VLAN Reserve VLAN for Internal Use The VLAN selected by the user to be the reserved VLAN if not in use by the system Assigning Port Settings 1 Open the VLAN Port Settings page 2 Select the port to which settings need to be assigned from the Port drop down menu 3 Complete the remaining fields on the page 4 Click Apply Ch...

Page 305: ...t VLAN ID PVID when the interface is in general mode switchport general allowed vlan add vlan list tagged untagged Adds or removes VLANs from a general port switchport general acceptable frame types tagged only Discards untagged packets at ingress switchport general ingress filtering disable Disables port ingress filtering shutdown Disables interfaces set interface active ethernet interface port c...

Page 306: ...AN mode Possible values are General The LAG belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The LAG belongs to a single untagged VLAN Trunk The LAG belongs to VLANs in which all ports are tagged except for an optional single native VLAN PVID Assigns a VLAN ID to untagged packets The possible field values are 1 4095 VLAN 4095 is defined as per standard a...

Page 307: ...ick Show All The VLAN LAG Table opens Assigning LAGs to VLAN Groups Using CLI Commands The following table summarizes the equivalent CLI commands for assigning LAGs to VLAN groups as displayed in the VLAN LAG Setting page Table 7 29 LAG VLAN Assignments CLI Commands CLI Command Description switchport mode access trunk general Configures a port VLAN membership mode switchport trunk native vlan vlan...

Page 308: ...tchport mode general console config if switchport general allowed vlan add 2 3 tagged console config if switchport general pvid 2 console config if switchport general acceptable frame type tagged only console config if switchport general ingress filtering disable console config if exit console config interface port channel 3 console config if switchport mode trunk console config if switchport trun...

Page 309: ...Other Protocol Value User defined protocol name Ethernet Based Protocol Value The Ethernet protocol group type The possible field values are IP IPX and IPV6 Protocol Group ID The VLAN Group ID number Remove When selected removes frame to protocol group mapping if the protocol group to be removed is not configured on this protocol port Adding a Protocol Group 1 Open the Protocol Group page 2 Click ...

Page 310: ...that need to be removed 4 Click Apply Changes The protocol is removed and the device is updated Defining VLAN Protocol Groups Using CLI Commands The following table summarizes the equivalent CLI commands for configuring Protocol Groups The following example maps ip arp protocol to group 213 Table 7 30 VLAN Protocol Groups CLI Commands CLI Command Description map protocol protocol encapsulation pro...

Page 311: ...col Group Table VLAN ID 1 4095 Attaches the interface to a user defined VLAN ID The VLAN ID is defined on the Create a New VLAN page Protocol ports can either be attached to a VLAN ID or a VLAN nameVLAN 4095 is the discard VLAN Adding a New Protocol Port Protocol ports can be defined only on ports that are defined as General in the VLAN Port Settings page 1 Open the Protocol Port page 2 Click Add ...

Page 312: ...rrect operation of the GVRP protocol it is advised to set the maximum number of GVRP VLANs equal to a value which significantly exceeds the sum of The number of all static VLANs both currently configured and expected to be configured The number of all dynamic VLANs participating in GVRP both currently configured initial number of dynamic GVRP VLANs is 128 and expected to be configured The GVRP Glo...

Page 313: ...gh GVRP GVRP Registration The GVRP Registration status Enabling GVRP on the Device 1 Open the GVRP Global Parameters page 2 Select Enable in the GVRP Global Status field 3 Click Apply Changes GVRP is enabled on the device Enabling VLAN Registration Through GVRP 1 Open the GVRP Global Parameters page 2 Select Enable in the GVRP Global Status field for the desired interface 3 Select Enable in the GV...

Page 314: ...ration forbid De registers all dynamic VLANs and prevents dynamic VLAN registration on the port show gvrp configuration ethernet interface port channel port channel number Displays GVRP configuration information including timer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP show gvrp error statistics ethernet interface port channel port channel number Dis...

Page 315: ... VLAN secure mode Voice VLAN also provides QoS to VoIP ensuring that the quality of voice does not deteriorate if the IP traffic is received unevenly The system supports one Voice VLAN console config gvrp enable console config interface ethernet g1 console config if gvrp enable console config if gvrp vlan creation forbid console config if gvrp registration forbid console config if end console show...

Page 316: ...s the following topics Defining Voice VLAN Properties Page Defining Voice VLAN Port Settings Defining OUIs Defining Voice VLAN Global Parameters The Voice VLAN Global Parameters page contains parameters that apply to all Voice VLANs on the device To open the Voice VLAN Global Parameters page click Switch Voice VLAN Global Parameters in the tree view Figure 7 48 Voice VLAN Global Parameters Voice V...

Page 317: ...d the device is updated Defining Voice VLAN Global Parameters Using CLI Commands The following table summarizes the equivalent CLI command for defining Voice VLAN global parameters Table 7 33 Voice VLAN Global Parameters CLI Commands CLI Command Description voice vlan id vlan id no voice vlan id To enable the voice VLAN and to configure the voice VLAN ID use the voice vlan id command in global con...

Page 318: ...e click Switch Voice VLAN Port Setting in the tree view Switch show voice vlan Aging timeout 1440 minutes OUI table MAC Address Prefix Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Siemens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM Voice VLAN VLAN ID 8 CoS 6 Remark Yes Interface Enabled Secure Activated 1 1 Yes Yes Yes 1 2 Yes Yes Yes 1 3 Yes Yes Yes 1 4 Yes Ye...

Page 319: ...VLAN if the IP phone s MAC address with an OUI prefix is aged out and exceeds the defined If the MAC Address of the IP phones OUI was added manually to a port LAG in the Voice VLAN the user cannot add it to the Voice VLAN in Auto mode only in Manual mode Voice VLAN Port LAG Security Indicates if port LAG security is enabled on the Voice VLAN Port Security ensures that packets arriving with an unre...

Page 320: ...port settings Defining OUIs The Voice VLAN OUI page lists the Organizationally Unique Identifiers OUIs associated with the Voice VLAN The first three bytes of the MAC Address contain a manufacturer identifier While the last three bytes contain a unique station ID Using the OUI network managers can add specific manufacturer s MAC addresses to the OUI table Once the OUIs are added all traffic receiv...

Page 321: ...eritel 00 D0 1E Pingtel 00 01 E3 Simense 00 60 B9 NEC Philips 00 0F E2 H3C Description Provides an OUI description up to 32 characters Remove Removes OUI from the Telephony OUI List The possible field values are Checked Removes the selected OUI Unchecked Maintains the current OUIs in the Telephony OUI List This is the default value Restore Default OUIs Restores OUIs to the factory defaults ...

Page 322: ...estoring Default OUIs 1 Open the Voice VLAN OUI page 2 Click Restore Default OUIs The default OUIs are restored Defining Voice VLAN OUIs Using CLI Commands The following table summarizes the equivalent CLI command for defining Voice VLAN OUIs Table 7 35 Voice VLAN OUIs CLI Commands CLI Command Description voice vlan oui table add mac address prefix description text remove mac address prefix no voi...

Page 323: ... Link Aggregation Control Protocol LACP LAGs LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them The following guidelines should be followed when adding ports to a LAG There is no Layer 3 interface defined on the port The port does not belong to any VLAN The port does not...

Page 324: ...rameters in the tree view Figure 7 53 LACP Parameters LACP System Priority 1 65535 The LACP priority value for global settings The possible range is 1 65535 The default value is 1 Select a Port The port number to which timeout and priority values are assigned LACP Port Priority 1 65535 LACP priority value for the port LACP Timeout Administrative LACP timeout The possible field values are Short Spe...

Page 325: ...P Parameters page The following is an example of the CLI commands Table 7 36 LACP Parameters CLI Commands CLI Command Description lacp system priority value Configures the system priority lacp port priority value Configures the priority value for physical ports lacp timeout long short Assigns an administrative LACP timeout show lacp ethernet interface parameters statistics protocol state Displays ...

Page 326: ...the LAG Membership page click Switch Link Aggregation LAG Membership in the tree view Figure 7 54 LAG Membership LACP Aggregates the port to a LAG using LACP LAG Adds a port to a LAG and indicates the specific LAG to which the port belongs Configuring a Port to a LAG or LACP 1 Open the LAG Membership page 2 In the LAG row the second row toggle the button to a specific number to aggregate or remove...

Page 327: ...icast filtering for 256 Multicast groups Filtering L2 Multicast Packets Enables forwarding of Layer 2 packets to interfaces If Multicast filtering is disabled Multicast packets are flooded to all relevant ports To open the Multicast Support page click Switch Multicast Support in the tree view Table 7 37 LAG Membership CLI Commands CLI Command Description interface port channel port channel number ...

Page 328: ...ting IGMP queries and what routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issues an IGMP report specifying that Multicast group This results in the creation of the Multicast filtering database The Multicast Global Parameters page contains fields for enabling IGMP Snooping on the device To open the Multicast Global Parameters page ...

Page 329: ...lowing table summarizes the equivalent CLI commands for enabling Multicast forwarding and IGMP Snooping as displayed on the Multicast Global Parameters page The following is an example of the CLI commands Table 7 38 Multicast Forwarding and Snooping CLI Commands CLI Command Description bridge multicast filtering Enables filtering of Multicast addresses ip igmp snooping Enables Internet Group Membe...

Page 330: ...permits new Multicast service groups to be created The Bridge Multicast Group page also assigns ports to a specific Multicast service address group To open the Bridge Multicast Group page click Switch Multicast Support Bridge Multicast Address in the tree view Figure 7 56 Bridge Multicast Group VLAN ID Identifies a VLAN and contains information about the Multicast group address Bridge Multicast Ad...

Page 331: ...a port to S to join the port to the selected Multicast group 5 Toggle a port to F to forbid adding specific Multicast addresses to a specific port 6 Click Apply Changes The bridge Multicast address is assigned to the Multicast group and the device is updated D The port LAG has joined the Multicast group dynamically in the Current Row S Attaches the port to the Multicast group as static member in t...

Page 332: ... Changes The LAG is assigned to the Multicast group and the device is updated Managing Multicast Service Members Using CLI Commands The following table summarizes the equivalent CLI commands for managing Multicast service members as displayed in the Bridge Multicast Group page Table 7 39 Multicast Service Member CLI Commands CLI Command Description bridge multicast address mac multicast address ip...

Page 333: ...onfig if switchport general allow vlan add 8 console config interface vlan 8 console config if exit Console config if bridge multicast address 0100 5e02 0203 add ethernet g1 g2 Console config if exit Console config exit Console show bridge multicast address table Vlan MAC Address Type Ports 1 0100 5e02 0203 static g1 g2 19 0100 5e02 0208 static g1 8 19 0100 5e02 0208 dynamic g9 11 Forbidden ports ...

Page 334: ...re forwarded to the appropriate port or VLAN To open the Bridge Multicast Forward All page click Switch Multicast Support Bridge Multicast Bridge Multicast Forward All page in the tree view Console show bridge multicast address table format ip Vlan IP Address Type Ports 1 224 239 130 2 2 3 static g1 g2 19 224 239 130 2 2 8 static g1 8 19 224 239 130 2 2 8 dynamic g9 11 Forbidden ports for multicas...

Page 335: ...st Forward All Router Port Control Settings Table contains the settings for managing router and port settings Table 7 40 Bridge Multicast Forward All Router Port Control Settings Table Port Control Definition D Attaches the port to the Multicast router or switch as a dynamic port S Attaches the port to the Multicast router or switch as a static port F Forbidden Blank The port is not attached to a ...

Page 336: ...witch Managing LAGs and Ports Attached to Multicast Routers Using CLI Commands The following table summarizes the equivalent CLI commands for managing LAGs and ports attached to Multicast routers as displayed on the Bridge Multicast Forward All page Table 7 41 CLI Commands for Managing LAGs and Ports Attached to Multicast Routers CLI Command Description show bridge multicast filtering vlan id Disp...

Page 337: ...ig if switchport general allow vlan add 8 Console config if exit console config interface vlan 8 Console config if bridge multicast address 0100 5e02 0203 add ethernet g1 9 Console config if exit Console config interface VLAN 1 Console config if bridge multicast forward all add ethernet g8 Console config if end Console show bridge multicast filtering 1 Filtering Enabled VLAN Forward All Port Stati...

Page 338: ...the layer 2 multicast domain even though there is no multicast router Querier IP Address IP address of the IGMP Querier Use either use the VLAN s IP Interface address or define a unique IP address which will be used as a source address of Querier Host Timeout 1 2147483647 Time before an IGMP snooping entry is aged out The default time is 260 seconds Multicast Router Timeout 1 2147483647 Time befor...

Page 339: ...ooping Table Configuring IGMP Snooping with CLI Commands The following table summarizes the equivalent CLI commands for configuring IGMP Snooping on the device Table 7 42 IGMP Snooping CLI Commands CLI Command Description ip igmp snooping Enables Internet Group Membership Protocol IGMP snooping ip igmp snooping mrouter learn pim dvmrp Enables automatic learning of Multicast router ports in the con...

Page 340: ...e source IP address that the IGMP Snooping querier would use Use the no form of this command to return to default show ip igmp snooping groups vlan vlan id address ip multicast address Displays the Multicast groups learned by IGMP snooping show ip igmp snooping interface vlan id Displays IGMP snooping configuration show ip igmp snooping mrouter interface vlan id Displays information about dynamica...

Page 341: ... if ip igmp snooping host time out 300 Console config if ip igmp snooping mrouter time out 200 Console config if exit Console config interface vlan 1 Console config if ip igmp snooping leave time out 60 Console config if exit Console config exit Console show ip igmp snooping groups Vlan IP Address Querier Ports 1 224 239 130 2 2 3 Yes g1 g2 19 224 239 130 2 2 8 Yes g9 11 Console show ip igmp snoop...

Page 342: ...abled IGMP snooping querier address admin IGMP snooping querier address oper 172 16 1 1 IGMP snooping querier version admin 3 IGMP snooping querier version oper 2 IGMP host timeout is 300 sec IGMP Immediate leave is disabled IGMP leave timeout is 10 sec IGMP mrouter timeout is 300 sec Automatic learning of multicast router ports is enabled Console show ip igmp snooping mrouter VLAN Ports 1 g1 ...

Page 343: ...Configuring Device Information 343 ...

Page 344: ...344 Configuring Device Information ...

Page 345: ... displaying statistics in a chart form To open the page click Statistics Table in the tree view Viewing Utilization Summary The Utilization Summary page contains statistics for interface utilization To open the page click Statistics Table Views Utilization Summary in the tree view Figure 8 1 Utilization Summary Refresh Rate The amount of time that passes before the interface statistics are refresh...

Page 346: ...ackets received on the interface Error Packets Received Number of packets with errors received on the interface Global System LAG Current LAG trunk performance Viewing Counter Summary The Counter Summary page contains statistics for port utilization in numeric sums as opposed to percentages To open the Counter Summary page click Statistics RMON Table Views Counter Summary in the tree view Figure 8...

Page 347: ...k performance Viewing Interface Statistics The Interface Statistics page contains statistics for both received and transmitted packets The fields for both received and transmitted packets are identical To open the Interface Statistics page click Statistics RMON Table Views Interface Statistics in the tree view Figure 8 3 Interface Statistics Interface Specifies whether statistics are displayed for...

Page 348: ...ckets transmitted on the selected interface Broadcast Packets Number of Broadcast packets transmitted on the selected interface Packets with Errors Number of error packets transmitted from the selected interface Displaying Interface Statistics 1 Open the Interface Statistics page 2 Select an interface in the Interface field The interface statistics are displayed Resetting Interface Statistics Coun...

Page 349: ...e Views Etherlike Statistics in the tree view Console enable Console show interfaces counters Port InOctets InUcastPkts InMcastPkts InBcastPkts g1 183892 1289 987 8 g2 0 0 0 0 g3 123899 1788 373 19 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts g4 9188 9 8 0 g5 0 0 0 0 g6 8789 27 8 0 Ch InOctets InUcastPkts InMcastPkts InBcastPkts 1 27889 928 0 78 Ch OutOctets OutUcastPkts OutMcastPkts OutB...

Page 350: ... frames received on the selected interface Late Collisions Number of late collision frames received on the selected interface Excessive Collisions Number of excessive collisions received on the selected interface Oversize Packets Number of oversize packet errors on the selected interface Internal MAC Receive Errors Number of internal MAC received errors on the selected interface Receive Pause Fram...

Page 351: ...1 Open the Etherlike Statistics page 2 Click Reset All Counters The Ethernetlike statistics are reset Viewing Etherlike Statistics Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing etherlike statistics Table 8 2 Etherlike Statistics CLI Commands CLI Command Description show interfaces counters ethernet interface port channel port channel number Displays ...

Page 352: ...g1 183892 1289 987 8 Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts g1 9188 9 8 0 FCS Errors 8 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Internal MAC Tx Errors 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 ...

Page 353: ...istics Interface Specifies whether statistics are displayed for a port or LAG Refresh Rate Amount of time that passes before the interface statistics are refreshed Join Empty Device GVRP Join Empty statistics Empty Device GVRP Empty statistics Leave Empty Device GVRP Leave Empty statistics Join In Device GVRP Join In statistics Leave In Device GVRP Leave In statistics Leave All Device GVRP Leave a...

Page 354: ...s page 2 Select an interface in the Interface field The interface s GVRP statistics are displayed Resetting GVRP Statistics 1 Open the GVRP Statistics page 2 Click Reset All Counters The GVRP counters are reset Viewing GVRP Statistics Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing GVRP statistics Table 8 3 GVRP Statistics CLI Commands CLI Command Desc...

Page 355: ...y Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn sLE sLA g1 0 0 0 0 0 0 0 0 0 0 0 0 g2 0 0 0 0 0 0 0 0 0 0 0 0 g3 0 0 0 0 0 0 0 0 0 0 0 0 g4 0 0 0 0 0 0 0 0 0 0 0 0 g5 0 0 0 0 0 0 0 0 0 0 0 0 g6 0 0 0 0 0 0 0 0 0 0 0 0 g7 0 0 0 0 0 0 0 0 0 0 0 0 g8 0 ...

Page 356: ...lick Statistics RMON Table Views EAP Statistics in the tree view Console show gvrp error statistics GVRP error statistics Legend INVPROT Invalid Protocol Id INVPLEN Invalid PDU Length INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event Port INVPROT INVATYP INVAVAL INVALEN INVEVENT g1 0 0 0 0 0 g2 0 0 0 0 0 g3 0 0 0 0 0 g4 0 0 0 0 0...

Page 357: ...The number of EAPOL Logoff frames that have been received on the port Respond ID Frames Receive The number of EAP Resp Id frames that have been received on the port Respond Frames Receive The number of valid EAP Response frames received on the port Request ID Frames Transmit The number of EAP Requested ID frames transmitted via the port Request Frames Transmit The number of EAP Request frames tran...

Page 358: ... interface in the Interface field The interface EAP statistics are displayed Resetting the EAP Statistics 1 Open the EAP Statistics page 2 Click Reset All Counters to reset the counter The EAP statistics are reset Viewing EAP Statistics Using the CLI Commands The following table summarizes the CLI commands for viewing EAP statistics Table 8 4 GVRP Statistics CLI Commands CLI Command Description sh...

Page 359: ... statistics ethernet g1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0008 3b79 8787 ...

Page 360: ...the RMON page click Statistics RMON RMON in the tree view Viewing RMON Statistics Group The RMON Statistics Group page contains fields for viewing information about device utilization and errors that occurred on the device To open the RMON Statistics Group page click Statistics RMON RMON Statistics in the tree view Figure 8 7 RMON Statistics Group ...

Page 361: ...ce the device was last refreshed CRC Align Errors Number of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Number of oversized packets over 1518 octets received on the interface since the device was last refr...

Page 362: ...r polling periods To open the RMON History Control page click Statistics RMON History Control in the tree view Table 8 5 RMON Statistics CLI Commands CLI Command Description show rmon statistics ethernet interface port channel port channel number Displays RMON Ethernet statistics console enable Console show rmon statistics ethernet g1 Port g1 Dropped 8 Octets 878128 Packets 978 Broadcast 7 Multica...

Page 363: ...default value is 50 Current No of Samples in List The current number of samples taken Sampling Interval 1 3600 Indicates in seconds the time that samples are taken from the ports The possible values are 1 3600 seconds The default is 1800 seconds 30 minutes Remove When selected removes the History Control Table entry Adding a History Control Entry 1 Open the RMON History Control page 2 Click Add Th...

Page 364: ...ing GVRP statistics The following is an example of the CLI commands Viewing the RMON History Table The RMON History Table contains interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To open the RMON History Table click Statistics RMON RMON History Table in the tree view Table 8 6 RMON History CLI Commands CLI Command Desc...

Page 365: ...ived during the sampling session with a length of 64 1518 octets a bad Frame Check Sequence FCS and with an integral number of octets or a bad FCS with a non integral number Undersize Packets The number of packets received less than 64 octets long during the sampling session Oversize Packets The number of packets received more than 1518 octets long during the sampling session Fragments The number ...

Page 366: ...ce RMON Events The RMON Events Control page contains fields for defining RMON events To open the RMON Events Control page click Statistics RMON RMON Events Control in the tree view Table 8 7 RMON History Control CLI Commands CLI Command Description show rmon history index throughput errors other period seconds Displays RMON Ethernet statistics history console enable Console show rmon history 1 thr...

Page 367: ... event type Possible values are Log Event type is a log entry Trap Event type is a trap Log and Trap Event type is both a log entry and a trap None There is no event Time Time when the event occurred for example 29 March 2004 at 11 00am is displayed as 29 03 2004 11 00 00 Owner The device or user that defined the event Remove When selected removes the event from the RMON Events Table ...

Page 368: ...ries 1 Open the RMON Events Control page 2 Click Show All The Events Table page opens 3 Select Remove for the event s that need to be deleted and then click Apply Changes The selected table entry is deleted and the device is updated NOTE A single event entry can be removed from the RMON Events Control page by selecting the Remove check box on that page Defining Device Events Using the CLI Commands...

Page 369: ...view Figure 8 11 RMON Events Log Event The RMON Events Log entry number Log No The log number Log Time Time when the log entry was entered Description Describes the log entry console enable console config console config rmon event 1 log console config exit Console show rmon events Index Description Type Community Owner Last time sent 1 Errors Log CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap ...

Page 370: ...w rmon log event Displays the RMON logging table console enable console config console config rmon event 1 log console config exit Console show rmon log Maximum table size 500 Event Description Time 1 Errors Jan 18 2002 23 48 19 1 Errors Jan 18 2002 23 58 17 2 High Broadcast Jan 18 2002 23 59 48 Console show rmon log Maximum table size 500 800 after reset Event Description Time 1 Errors Jan 18 200...

Page 371: ... Indicates a specific alarm Interface The interface for which RMON statistics are displayed Counter Name The selected MIB variable Counter Value The value of the selected MIB variable Sample Type Specifies the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The diffe...

Page 372: ... be saved using the same mechanism Falling Threshold The falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on the bottom of the graph bars Each monitored variable is designated a color Startup Alarm The trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value thr...

Page 373: ...ge 2 Select an entry in the Alarm Entry drop down menu 3 Select the Remove check box 4 Click Apply Changes The selected entry is deleted and the device is updated Defining Device Alarms Using the CLI Commands The following table summarizes the equivalent CLI commands for defining device alarms Table 8 10 Device Alarm CLI Commands CLI Command Description rmon alarm index variable interval rthreshol...

Page 374: ...ort Statistics The Port Statistics page contains fields for opening statistics in a chart form for port elements To open the Port Statistics page click Statistics Charts Ports in the tree view console enable console config Console config rmon alarm 1000 dell 360000 1000000 1000000 10 20 Console show rmon alarm table Index OID Owner 1 1 3 6 1 2 1 2 2 1 1 0 1 CLI 2 1 3 6 1 2 1 2 2 1 1 0 1 Manager 3 ...

Page 375: ...e Port Statistics page 2 Select the statistic type to open 3 Select the desired refresh rate from the Refresh Rate drop down menu 4 Click Draw The graph for the selected statistic is displayed Viewing Port Statistics Using the CLI Commands The following table summarizes the equivalent CLI commands for viewing port statistics Table 8 11 Port Statistic CLI Commands CLI Command Description show inter...

Page 376: ...iew show gvrp statistics ethernet interface port channel port channel number Displays GVRP statistics show gvrp error statistics ethernet interface port channel port channel number Displays GVRP error statistics Table 8 11 Port Statistic CLI Commands CLI Command Description Console show interfaces description ethernet g1 Port Description g1 Management_port g2 R D_port g3 Finance_port Ch Descriptio...

Page 377: ... Selects the type of RMON statistics to open GVRP Statistics Selects the type of GVRP statistics to open Refresh Rate Amount of time that passes before the statistics are refreshed Displaying LAG Statistics 1 Open the LAG Statistics page 2 Select the statistic type to open 3 Select the desired refresh rate from the Refresh Rate drop down menu 4 Click Draw The graph for the selected statistic is di...

Page 378: ...plays RMON Ethernet statistics show gvrp statistics ethernet interface port channel port channel number Displays GVRP statistics show gvrp error statistics ethernet interface port channel port channel number Displays GVRP error statistics Console show gvrp statistics GVRP statistics rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rL...

Page 379: ... member is assigned a color on the graph To open the CPU Utilization page click Statistics RMON Charts CPU Utilization in the tree view Figure 8 16 CPU Utilization The CPU Utilization page contains the following information g2 0 0 0 0 0 0 0 0 0 0 0 0 g3 0 0 0 0 0 0 0 0 0 0 0 0 g4 0 0 0 0 0 0 0 0 0 0 0 0 g5 0 0 0 0 0 0 0 0 0 0 0 0 g6 0 0 0 0 0 0 0 0 0 0 0 0 g7 0 0 0 0 0 0 0 0 0 0 0 0 g8 0 0 0 0 0 0...

Page 380: ... table summarizes the equivalent CLI commands for viewing CPU utilization The following is an example of the CLI commands Figure 8 17 CPU Utilization CLI Commands CLI Command Description show cpu utilization To display the CPU utilization Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes 3 ...

Page 381: ...Viewing Statistics 381 ...

Page 382: ...382 Viewing Statistics ...

Page 383: ...iority queue The result is an improved traffic flow for traffic with high demand QoS is defined by Classification Specifies which packet fields are matched to specific values All packets matching the user defined specifications are classified together Action Defines traffic management where packets being forwarded are based on packet information and packet field values such as VLAN priority VPT an...

Page 384: ...trict Priority voice over IP traffic is forwarded before FTP or e mail SMTP traffic The strict priority queue is emptied before the traffic in the remaining queues in forwarded Weighted Round Robin Ensures that a single application does not dominate the device forwarding capacity Weighted Round Robin WRR forwards entire queues in a Round Robin order Queue priorities are defined by the queue length...

Page 385: ...ettings in the tree view Figure 9 1 CoS Settings Cos Mode Enables or disables managing network traffic using Quality of Service Trust Mode Determines which packet fields to use for classifying packets entering the device When no rules are defined the traffic containing the predefined packet field CoS or DSCP is mapped according to the relevant trust modes table Traffic not containing a predefined ...

Page 386: ...CLI commands Defining QoS Interface Settings The Interface Settings page contains fields for defining per interface if the selected Trust mode is to be activated The default priority for incoming untagged packets is also selected in the Interface Settings page click Quality of Service CoS Global Parameters Interface Settings in the tree view Table 9 3 CoS Setting CLI Commands CLI Command Descripti...

Page 387: ... globally Set Default CoS For Incoming Traffic To Sets the default CoS tag value untagged packets The CoS tag values are 0 7 The default value is 0 Assigning QoS CoS settings for an interface 1 Open the Interface Settings page 2 Select an interface in the Interface field 3 Define the fields 4 Click Apply Changes The CoS settings are assigned to the interface Displaying the QoS Interface Settings T...

Page 388: ...pecified egress interface Modifying queue scheduling affects the queue settings globally Queue shaping can be based per queue and or per interface Shaping is determined by the lower specified value The queue shaping type is selected in the Bandwidth Settings Page click Quality of Service CoS Global Parameters Bandwidth Settings in the tree view Table 9 4 CoS Interface CLI Commands CLI Command Desc...

Page 389: ... limit for the interface Committed Burst Size CBS Defines the Egress CBS traffic limit for the interface Ingress Rate Limit Status Indicates the Ingress traffic limit status for the interface Checked The Ingress traffic limit is enabled Not Checked The Ingress traffic limit is disabled Ingress Rate Limit Defines the Ingress traffic limit for the interface Assigning bandwidth settings for an interf...

Page 390: ...he CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the Bandwidth Settings page Table 9 5 Bandwidth Settings CLI Commands CLI Command Description traffic shape committed rate committed burst no traffic shape Sets shaper on egress port Use no form in order to disable the shaper rate limit rate no rate limit Limits the rate of incoming traffic Use no ...

Page 391: ...eue Settings Queues The Queue number Strict Priority Specifies if traffic scheduling is based strictly on the queue priority The default is enabled WRR Specifies if traffic scheduling is based on the Weighted Round Robin WRR weights to egress queues WRR Weights The WRR weight assigned to each queue WRR Percentage The WRR percentage of each queue Defining the Queue Settings 1 Open the QoS Queue Set...

Page 392: ...I commands Table 9 6 Queue Settings CLI Commands CLI Command Description wrr queue bandwidth weight1 weight2 weight_n Assigns Weighted Round Robin WRR weights to egress queues show qos interface ethernet interface number queuing Displays interface QoS data Console config wrr queue bandwidth 10 20 30 40 Console config exit Console exit Console show qos interface ethernet g1 queueing Ethernet g1 wrr...

Page 393: ...0 Console config exit Console exit Console show qos interface ethernet g1 queueing Ethernet g1 wrr bandwidth weights and EF priority qid weights Ef Priority 1 125 Disable N A 2 125 Disable N A 3 125 Disable N A 4 125 Disable N A Cos queue map Cos qid 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 ...

Page 394: ...f Service Specifies the CoS priority tag values where zero is the lowest and 7 is the highest Queue The traffic forwarding queue to which the CoS priority is mapped Eight traffic priority queues are supported Restore Defaults Restores the device factory defaults for mapping CoS values to a forwarding queue Mapping a CoS value to a Queue 1 Open the CoS to Queue Mapping Table page 2 Select a CoS ent...

Page 395: ...e DSCP to Queue page provides fields for defining output queue to specific DSCP fields For the list of the DSCP default queue settings see DSCP to Queue Mapping Table Default Values on page 384 To open the DSCP to Queue page click Quality of Service CoS Global Parameters DSCP to Queue in the tree view Table 9 7 CoS to Queue Settings CLI Commands CLI Command Description wrr queue cos map queue id c...

Page 396: ...ets with the specific DSCP value is assigned The values are 1 8 where one is the lowest value and eight is the highest Mapping a DSCP value and assigning priority queue 1 Open the DSCP to Queue page 2 Select a value in the DSCP In column 3 Define the Queue fields 4 Click Apply Changes The DSCP is overwritten and the value is assigned a forwarding queue ...

Page 397: ...gning DSCP Values Using the CLI Commands The following table summarizes the equivalent CLI commands for configuring fields in the DSCP to Queue page The following is an example of the CLI commands Table 9 8 DSCP Value to Queue CLI Commands CLI Command Description qos map dscp queue dscp list to queue id Modifies the DSCP to queue mapping Console config qos map dscp queue 33 40 41 to 1 ...

Page 398: ...398 Configuring Quality of Service ...

Page 399: ... port types as well as a description of the port types Table 10 1 Port Specifications Device Specification PowerConnect 5400 24 GE ports or 48 GE ports 4 SFP ports RS 232 Console port Port Types RJ 45 10 Base T 100 Base T 1000 Base T SFP Supports Standard Small Form Factor Gigabit Plug Transceivers Port Settings Auto negotiation for speed duplex mode and flow control Back Pressure Head of Line Blo...

Page 400: ...ing temperatures and humidity Table 10 3 Physical Device Specifications Device Memory Specifications This section details the device memory specifications Table 10 4 Device Memory Specifications Feature Specification Operating Temperature 0 to 45 C 32 to 113 F Operating Humidity 10 90 non condensing Feature Specification Unit Size 19 Width 1U Height Ventilation Two fans per unit Memory Type Amount...

Page 401: ... Mode DSCP Adjustable Weighted Round Robin WRR Adjustable Strict Queue Scheduling Layer 2 Multicast Dynamic Multicast Support upto 256 Multicast groups supported in IGMP Snooping or static Multicast Device Security Switch access password protection Port based MAC Address alert and lock down RADIUS remote authentication for switch management access TACACS Management access filtering via Management ...

Page 402: ...anagement Interface CLI Accessibility via Telnet SNMPv1 and SNMP v2 are supported 4 RMON Groups Supported TFTP Transfers of Firmware and Configuration Files Dual Firmware Images On Board Multiple Configuration File Upload Download Supported Statistics for Error Monitoring and Performance Optimization BootP DHCP IP Address Management Supported Syslog Remote Logging Capabilities SNTP Support Layer 3...

Page 403: ...ts for nodes located on different sub VLANs belonging to the same Super VLAN Routers respond with their MAC address ARP Address Resolution Protocol A TCP IP protocol that converts IP addresses into physical addresses ASIC Application Specific Integrated Circuit A custom chip designed for a specific application Asset Tag Specifies the user defined device reference Authentication Profiles Sets of ru...

Page 404: ...ocol Data Unit Provide bridging information in a message format BPDUs are sent across device information with in Spanning Tree configuration BPDU packets contain information on ports addresses priorities and forwarding costs Bridge A device that connect two networks Bridges are hardware specific however they are protocol independent Bridges operate at Layer 1 and Layer 2 levels Broadcast Domain De...

Page 405: ...tion CPUs are composed of a control unit and an ALU D DHCP Client An Internet host using DHCP to obtain configuration parameters such as a network address DSCP DiffServe Code Point DSCP DSCP provides a method of tagging IP packets with QoS priority information Domain A group of computers and devices on a network that are grouped with common rules and procedures Duplex Mode Permits simultaneous tra...

Page 406: ...to communicate with higher speed devices that is that the higher speed device refrains from sending packets Fragment Ethernet packets smaller than 576 bits Frame Packets containing the header and trailer information required by the physical medium G GARP General Attributes Registration Protocol Registers client stations into a Multicast domain Gigabit Ethernet Gigabit Ethernet transmits at 1000 Mb...

Page 407: ...opy Ingress Port Ports on which network traffic is received IP Internet Protocol Specifies the format of packets and there addressing method IP addresses packets and forwards the packets to the correct port IP Address Internet Protocol Address A unique address assigned to a network device with two or more interconnected LANs or WANs IPX Internetwork Packet Exchange Transmits connectionless communi...

Page 408: ...rver M MAC Address Media Access Control Address The MAC Address is a hardware specific address that identifies each network node MAC Address Learning MAC Address Learning characterizes a learning bridge in which the packet s source MAC address is recorded Packets destined for that address are forwarded only to the bridge interface on which that address is located Packets addressed to unknown addre...

Page 409: ...et switched systems PDU Protocol Data Unit A data unit specified in a layer protocol consisting of protocol control information and layer user data PING Packet Internet Groper Verifies if a specific IP address is available A packet is sent to another IP address and waits for a reply Port Physical ports provide connecting components that allow microprocessors to communicate with peripheral equipmen...

Page 410: ...n File Contains all Startup file commands as well as all commands entered during the current session After the device is powered down or rebooted all commands stored in the Running Configuration file are lost S Segmentation Divides LANs into separate LAN segments for bridging and routing Segmentation eliminates LAN bandwidth limitations Server A central computer that provides services to other com...

Page 411: ...Used to mask all or part of an IP address used in a subnet address Switch Filters and forwards packets between LAN segments Switches support any packet protocol type T TCP IP Transmissions Control Protocol Enables two hosts to communicate and exchange data streams TCP guarantees packet delivery and guarantees packets are transmitted and received in the order their sent Telnet Terminal Emulation Pr...

Page 412: ...geographical area Wildcard Mask Specifies which IP address bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important For example if the destination IP address 149 36 184 198 and the wildcard mask is 255 36 184 00 the first two bits of the IP address are used while the last two bits...

Page 413: ...DR 405 Class of Service 15 CLI 19 CLI Examples 63 Command Line Interface 19 Command Mode Overview 60 Communities 187 Community table 185 Configuring ARP 115 Console 92 137 CoS 15 387 Critical 92 101 D DC unit 27 28 Debug 92 101 Default Gateway 104 105 Default settings 202 Defining device information 65 Device installation 31 32 Device representation 56 Device view 55 56 DHCP 17 Dimensions 25 DNS 1...

Page 414: ... HMP 406 HOL 406 HTTP 127 HTTPS 127 I ICMP 407 IDRP 407 IEEE 407 IEEE 802 1d 407 IEEE 802 1p 407 IEEE 802 1Q 407 IEEE 802 1Q 15 IGMP 407 iles 196 Image 407 Image 1 407 Image 2 407 Informational 92 101 Ingress 407 Interface mode 62 Internetwork Packet Exchange 407 IP 407 IP addresses 106 IPM 407 IPX 407 iSCSI 207 ISIS 407 J Jumbo frames 407 L L2TP 407 LACP 325 LAG 256 407 LAGs 335 LCP 289 Leds 25 L...

Page 415: ... 409 Network security 215 Notice 92 101 O OSPF 409 P Package Contents 30 Package contents 30 Passwords 58 150 PDU 409 PING 409 Port 24 Port aggregation 324 Port LEDs 25 Ports 56 249 375 Power supplies 27 PPP 409 Profiles 127 Protocol 310 PVID 304 307 Q QinQ 296 QoS 383 386 388 410 Quality of Service 383 410 Queue 391 R RADIUS 134 155 158 166 168 410 RAM logs 92 Rapid Spanning Tree Protocol 410 Rap...

Page 416: ...troller Access Control System 150 TFTP 411 Time Domain Reflectometry 121 Transport Control Protocol 17 Tree view 55 Trivial File Transfer Protocol 411 Trunk Configuration Page 257 Trust 386 U UDP 411 Understanding the interface 55 Unicast 79 Uploading files 199 User Data Protocol 411 V Ventilation System 28 Virtual Local Area Networks 412 VLAN 297 299 304 307 335 412 VLAN ID 271 VLAN membership 29...

Reviews:

No comments

Related manuals for PowerConnect 54 Series

Brand: N-Tron Pages: 20

Brand: Omega Engineering Pages: 3

Brand: Eaton Pages: 8

Brand: l-com Pages: 12

AVS-OP-1616-340

Brand: AMX Pages: 1

Brand: INFLUX MEASUREMENTS Pages: 6

Champion KD-2X1

Brand: Key Digital Pages: 12

Brand: LEGRAND Pages: 12

Brand: Optical Systems Design Pages: 20

Brand: WIKA Pages: 8

Brand: Attwood Pages: 2

Brand: Omron Pages: 16

DigiTOOLS VS-41USB

Brand: Kramer Pages: 8

TK-205K - PS/2 KVM Switch

Brand: TRENDnet Pages: 11

Brand: Gomax Pages: 24

Brand: Lantech Pages: 29

Brand: TRENDnet Pages: 2

Brand: Guntermann & Drunck Pages: 8

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands