manualshive.com logo in svg

Dell PowerConnect 5500 Series, System User'S Manual

Share
Download
Dell PowerConnect 5500 Series System User'S Manual Download Page 1

FILE LOCATION:  C:\Users\gina\Desktop\Checkout_new\Maintenance Projects\Dell 

Contax\sources\CxUGCover.fm

D E LL   C O N F ID E N T IA L  –   P R E L I MI N A RY   1 0 / 3 0/ 1 3   –   FO R  PR O O F   O N LY

Template Last Updated -03/06/2010

Dell PowerConnect 
5500 Series 

System User Guide

Regulatory Models: PowerConnect 5524, 5524P, 5548, 5548P

Summary of Contents for PowerConnect 5500 Series

Page 1: ...new Maintenance Projects Dell Contax sources CxUGCover fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Template Last Updated 03 06 2010 Dell PowerConnect 5500 Series System User Guide Regulatory Models PowerConnect 5524 5524P 5548 5548P ...

Page 2: ...n are trademarks of Advanced Micro Devices Inc Microsoft Windows Windows Server MS DOS and Windows Vista are either trademarks or registered trademarks of Microsoft Corporation in the United States and or other countries Red Hat Enterprise Linux and Enterprise Linux are registered trademarks of Red Hat Inc in the United States and or other countries Novell is a registered trademark and SUSE is a t...

Page 3: ...ts ContentsContents 1 Preface 13 2 Features 15 IP Version 6 IPv6 Support 16 Stack Support 16 Power over Ethernet 16 Green Ethernet 17 Head of Line Blocking Prevention 17 Flow Control Support IEEE 802 3X 17 Back Pressure Support 17 Virtual Cable Testing VCT 18 Auto Negotiation 18 MDI MDIX Support 18 MAC Address Supported Features 18 ...

Page 4: ...orm Control 20 VLAN Supported Features 21 Spanning Tree Protocol Features 22 Link Aggregation 24 Quality of Service Features 24 Device Management Features 25 Security Features 29 Port Profile CLI Macro 31 DHCP Server 32 Protected Ports 32 iSCSI Optimization 32 Proprietary Protocol Filtering 32 3 Hardware Description 35 Device Models 36 Device Structure 36 LED Definitions 40 Power Supplies 44 ...

Page 5: ...w 58 Connecting the Switch to the Terminal 59 Booting the Switch 60 Configuring the Stack 61 Configuration Using the Setup Wizard 61 6 Advanced Switch Configuration 67 Using the CLI 68 Accessing the Device Through the CLI 71 Retrieving an IP Address 72 Security Management and Password Configuration 75 Configuring Login Banners 78 Startup Menu Procedures 80 Software Download 83 7 Using Dell OpenMan...

Page 6: ...tor Buttons 91 Field Definitions 93 Common GUI Features 93 GUI Terms 94 CLI Commands 94 8 Network Security 97 Port Security 98 ACLs 103 ACL Binding 123 Proprietary Protocol Filtering 125 Time Range 127 Dot1x Authentication 132 9 Configuring System Information 155 General Switch Information 156 Time Synchronization 169 Logs 195 IP Addressing 209 Diagnostics 255 Management Security 261 ...

Page 7: ...r 297 SNMP 314 File Management 337 Stack Management 367 sFlow 375 10 Ports 385 Overview 386 Jumbo Frames 389 Green Ethernet Configuration 391 Protected Ports 395 Port Profile 398 Port Configuration 404 LAG Configuration 410 Storm Control 415 Port Mirroring 418 11 Address Tables 423 Overview 424 Static Addresses 425 Dynamic Addresses 428 ...

Page 8: ...imers 433 13 Spanning Tree 435 Spanning Tree Protocol Overview 436 Global Settings 438 STP Port Settings 443 STP LAG Settings 448 Rapid Spanning Tree 451 Multiple Spanning Tree 455 14 VLANs 467 Virtual LAN Overview 468 VLAN Membership 473 Port Settings 476 LAGs Settings 482 Protocol Groups 485 Protocol Port 489 GVRP Parameters 491 Private VLAN 495 Voice VLAN 499 ...

Page 9: ...CP Parameters 512 LAG Membership 515 16 Multicast 517 Multicast Support Overview 518 Global Parameters 520 Bridge Multicast Groups 522 Bridge Multicast Forward All 526 IGMP Snooping 528 Unregistered Multicast 534 Multicast TV VLAN 536 17 LLDP 541 LLDP Overview 542 LLDP Properties 543 LLDP Port Settings 547 MED Network Policy 550 LLDP MED Port Settings 553 Neighbors Information 558 ...

Page 10: ...562 Global Settings 563 Dynamic ARP Inspection List 565 Dynamic ARP Inspection Entries 567 VLAN Settings 569 Trusted Interfaces 571 19 DHCP Snooping 573 DHCP Snooping 574 DHCP Relay 587 20 iSCSI Optimization 595 Optimizing iSCSI Overview 596 Global Parameters 599 iSCSI Targets 602 iSCSI Sessions 604 Configuring iSCSI Using CLI 606 21 Statistics RMON 607 Table Views 608 RMON Components 626 ...

Page 11: ...ance Projects Dell Contax sources Dell_ContaxUG_PrintTOC fm Contents 11 Charts 644 22 Quality of Service 651 QoS Features and Components 652 General 654 QoS Basic Mode 670 QoS Advanced Mode 679 QoS Statistics 699 Glossary 706 Index 721 Revision History 737 ...

Page 12: ...FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources Dell_ContaxUG_PrintTOC fm 12 Contents ...

Page 13: ...guide contains the information needed for installing configuring and maintaining the device through the web based management system called the OpenManage Switch Administrator This guide describes how to configure each system through the web based management system and through CLI commands The CLI Reference Guide which is available on the Documentation CD provides additional information about the C...

Page 14: ...14 Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGPrefix fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 15: ...ntains the following topics IP Version 6 IPv6 Support Stack Support Power over Ethernet Green Ethernet Head of Line Blocking Prevention Flow Control Support IEEE 802 3X Back Pressure Support Virtual Cable Testing VCT Auto Negotiation MDI MDIX Support MAC Address Supported Features Layer 2 Features IGMP Snooping Port Mirroring Broadcast Storm Control VLAN Supported Features Spanning Tree Protocol F...

Page 16: ...rt The system supports up to eight units with two fixed HDMI stacking ports The HDMI ports are 1 3a specification Category 2 High Speed cables 340 MHz 10 2 Gbit s it is recommended to use HDMI cable version 1 4 The stacking feature supports the following features Fast link failover Software auto synch Improved response time to events such as master failover Auto numbering algorithm when choosing u...

Page 17: ...ernet Configuration on page 391 Head of Line Blocking Prevention Head of Line HOL blocking results in traffic delays and frame loss caused by traffic competing for the same egress port resources To prevent HOL blocking the device queues packets and packets at the head of the queue are forwarded before packets at the end of the queue Flow Control Support IEEE 802 3X Flow control enables lower speed...

Page 18: ...iation by providing port advertisement Port advertisement enables the system administrator to configure the port speeds that are advertised For more information see Port Configuration on page 404 or LAG Configuration on page 410 MDI MDIX Support Standard wiring for end stations is known as Media Dependent Interface MDI and standard wiring for hubs and switches is known as Media Dependent Interface...

Page 19: ...revents the Bridging Table from overflowing For more information see Dynamic Addresses on page 428 VLAN Aware MAC Based Switching The device always performs VLAN aware bridging Classic bridging IEEE802 1D in which frames are forwarded based only on their destination MAC address is not performed However a similar functionality can be configured for untagged frames Frames addressed to a destination ...

Page 20: ...enables snooping of the Layer 2 Multicast domain even if there is no Multicast router For more information see IGMP Snooping on page 528 Port Mirroring Port mirroring monitors network traffic by forwarding copies of incoming and outgoing packets from a monitored port to a monitoring port Users specify which target port receives copies of all traffic passing through a specified source port For more...

Page 21: ... Using CLI Commands on page 474 Full 802 1Q VLAN Tagging Compliance IEEE 802 1Q defines an architecture for virtual bridged LANs the services provided in VLANs and the protocols and algorithms involved in the provision of these services For more information see Virtual LAN Overview on page 468 GVRP Support GARP VLAN Registration Protocol GVRP provides IEEE 802 1Q compliant VLAN pruning and dynamic...

Page 22: ...n between ports that share the same Broadcast domain or in other words it creates a point to multipoint Broadcast domain The ports can be located anywhere in the Layer 2 network compared to the Protected Ports feature where the ports must be in the same stack For more information see Private VLAN on page 495 Multicast TV VLAN The Multicast TV VLAN feature provides the ability to supply multicast t...

Page 23: ... traffic Rapid Spanning Tree RSTP detects uses of network topologies to enable faster convergence without creating forwarding loops For more information see Spanning Tree on page 435 IEEE 802 1s Multiple Spanning Tree Multiple Spanning Tree MSTP operation maps VLANs into STP instances MSTP provides a different load balancing scenario Packets assigned to various VLANs are transmitted along differen...

Page 24: ... across links to determine on an ongoing basis the aggregation capability of various links and continuously provides the maximum level of aggregation capability achievable between a given pair of devices LACP automatically determines configures binds and monitors the port binding within the system For more information see Link Aggregation on page 509 BootP and DHCP Clients DHCP enables additional ...

Page 25: ...plied to these flows The switch can set DSCP values and map IPv6 DSCP to egress queues in the same way it does for IPv4 The switch detects IPv6 frames by the IPv6 ether type For more information about Advanced QoS see QoS Advanced Mode on page 679 TCP Congestion Avoidance The TCP Congestion Avoidance feature activates an algorithm that breaks up or prevents TCP global synchronization on a congeste...

Page 26: ...agement related settings Management IP Address Conflict Notification This feature validates the uniqueness of the switch s IP address whether it is assigned manually or through DHCP If the IP address is not unique the switch performs actions according to the address type If the IP address is static see more information about this in IPv4 Interface Parameters on page 210 If the IP address is dynami...

Page 27: ...age software and configuration upload download via USB Remote Monitoring Remote Monitoring RMON is an extension to SNMP that provides comprehensive network traffic monitoring capabilities RMON is a standard MIB that defines MAC layer statistics and control objects enabling real time information to be captured across the entire network For more information see Statistics RMON on page 607 Command Li...

Page 28: ...2 87 56 2 DNS servers maintain domain name databases containing their corresponding IP addresses For more information see Domain Name System on page 242 802 1ab LLDP MED The Link Layer Discovery Protocol LLDP enables network managers to troubleshoot and enhances network management by discovering and maintaining network topologies over multi vendor environments LLDP discovers network neighbors by s...

Page 29: ...thentication Protocol EAP Dynamic VLAN Assignment DVA enables network administrators to automatically assign users to VLANs during the RADIUS server authentication For more information see Dot1x Authentication on page 132 Locked Port Support Locked Port increases network security by limiting access on a specific port to users with specific MAC addresses These addresses are either manually defined ...

Page 30: ...to establish a secure encrypted connection with a device This connection provides functionality that is similar to an inbound telnet connection SSH uses RSA and DSA Public Key cryptography for device connections and authentication For more information see Security Management and Password Configuration on page 75 TACACS TACACS provides centralized security for validation of users accessing the devi...

Page 31: ... Snooping DHCP Snooping expands network security by providing firewall security between untrusted interfaces and DHCP servers By enabling DHCP Snooping network administrators can differentiate between trusted interfaces connected to end users or DHCP servers and untrusted interfaces located beyond the network firewall For more information see DHCP Snooping on page 574 ARP Inspection Dynamic ARP in...

Page 32: ... provides Layer 2 isolation between interfaces Ethernet ports and LAGs that share the same Broadcast domain VLAN with other interfaces For more information see Protected Ports on page 395 iSCSI Optimization iSCSI optimization provides the iSCSI flows with specific priority over other network traffic In addition the feature provides monitoring of iSCSI sessions For more information see iSCSI Optimi...

Page 33: ... DHCP relay agent to send additional client information upon requesting an IP address Option 82 specifies the relaying switch s MAC address the port identifier and the VLAN that forwarded the packet For more information see DHCP Relay on page 587 Identifying a Switch via LED The switch provides the ability to turn on a LED through the GUI interface on a specific unit or on all units in a stack for...

Page 34: ...4 Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGFeatures fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 35: ...ser Guide 35 DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 3 Hardware Description This section describes PowerConnect 5500 hardware It contains the following topics Device Models Device Structure LED Definitions Power Supplies ...

Page 36: ...10 100 1000Mbps Base T ports along with Power over Ethernet PoE support PowerConnect 5548 Provides 48 10 100 1000Mbps Base T ports PowerConnect 5548P with PoE Provides 24 10 100 1000Mbps Base T ports along with Power over Ethernet PoE support Each of these devices provides in addition to the above ports two HDMI ports two SPF ports an RS 232 console port and a USB port as shown in Figure 3 1 NOTE ...

Page 37: ...ing ports are found on the devices 24 48 G Ports Two XG Ports also known as Small Form Factor Plugable SFP Ports These are 10 Gigabit ports designated as 1000Base X SFP The SFP ports are fiber transceivers designated as 10000 Base SX or LX They include TWSI Two Wire Serial Interface and internal EPROM RS 232 Console Port This port is used for a terminal connection for debugging and software downlo...

Page 38: ...ons and LEDs LEDs on Front Panel Figure 3 2 shows the extreme right hand part of the front panel which contains buttons and LEDs in addition to ports Figure 3 2 Button LED Panel These LEDs are described in Table 3 1 and Table 3 2 Reset Button The PowerConnect 5500 switches have a reset button located on the front panel that is used for manual reset reboot of the device The single reset circuit of ...

Page 39: ...nd power connector The back panel of the PoE models shown in Figure 3 4 contains a Modular Power Supply MPS connector Location LED power connector and two fan outlets Figure 3 3 PowerConnect 5524 48 Back Panel Figure 3 4 PowerConnect 5524 48 P Back Panel The elements on the back panel are used as follows Locator LED This LED is lit when the Unit Identification feature is selected See Unit Identifi...

Page 40: ...ions The front panel contains light emitting diodes LEDs that indicate the status of links power supplies fans and system diagnostics These are described below System LEDs The system LEDs of the PowerConnect 5500 devices provide information about the power supplies fans thermal conditions and diagnostics Figure 3 2 shows the location of the system LEDS on the device Table 3 1 describes the meaning...

Page 41: ...er Supply MPS RPS Green Static The MPS RPS is currently operating Red Static The MPS RPS failed Off The MPS RPS is not plugged in Locator Green Flashing Locator function is enabled Green Static Locator function is disabled Master Green Static The device is a master unit Off The device is not a master unit Fan FAN Green Static All device fans are operating normally Red Static One or more of the dev...

Page 42: ...n PoE devices and is labelled PoE in PoE enabled devices as shown in Figure 3 5 Figure 3 5 Giga Port LEDs Table 3 2 describes the LED indications for the Gigabit ports Table 3 2 Giga Port s on non PoE enabled Devices LEDs LED Color Description LNK Green Flashing Link is up and the port is either transmitting or receiving at 1000 Mbs Yellow Flashing Link is up and the port is either transmitting or...

Page 43: ...e port is either transmitting or receiving at 1000 Mbs Flashing amber Link is up and the port is either transmitting or receiving data at 100 Mbps Solid green Solid amber Link is up high speed Link is up at lower speeds Off Port is currently not operating PoE Flashing green There is activity on the port and the PoE is off Flashing amber There is activity on the port and the PoE is on Amber solid T...

Page 44: ...ct MPS 600 unit The PowerConnect 5500 P devices have the following internal power supplies 24 Port non PoE devices 54 Watt 48 Port non PoE devices 100 Watt 24 48 Port PoE devices 600 Watt Operation with both power supply units is regulated through load sharing Power supply LEDs indicate the status of the power supply The AC power supply unit operates from 90 to 264 VAC 47 to 63 Hz The AC power sup...

Page 45: ...tems User Guide 45 DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 4 Stacking Overview This section describes how the Stacking feature of the PowerConnect 5500 series functions It contains the following topics Stack Overview Stack Members and Unit IDs ...

Page 46: ... the following topics Stack Operation Modes Stacking Units Stack Topology Stack Operation Modes All stacks must have a Master unit and may have a Master Backup unit All other units are connected to the stack as members slaves A unit in the stack can be in one of the following modes Stack Master Runs the fully operational software of a switch In addition it runs configures and manages all other uni...

Page 47: ...ation of the stack master If the master unit fails the master backup unit assumes the Master Backup role Stacking Units PowerConnect 5500 series switches use two HDMI 10G ports for stacking To connect the units in the stack 1 Insert one end of an HDMI cable into the left hand HDMI port on the unit at the top of the stack and the other end into the right hand HDMI port of the unit immediately below...

Page 48: ..._new Maintenance Projects Dell Contax sources CxUGStacking fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The results of this process are shown in Figure Figure 4 1 Stacking Ring Topology HDMI Ports Front Panel HDMI Ports Front Panel HDMI Ports Front Panel Front Panel HDMI Ports ...

Page 49: ...red In this case the system automatically switches to a chain topology without any system downtime In chain topology each unit in the stack is connected to neighboring unit except for the last unit which is not connected to any other unit In the chain topology the stack continues to function as long as there is a master or backup enabled unit in each segment of the stack When the ring topology is ...

Page 50: ...set the correct Unit ID as described below 3 Reboot the unit and connect it to the rest of the stack through the stack link Assigning Unit IDs Each unit in the stack has a unique ID that defines the unit s position and function in the stack as shown in Figure 3 2 The unit that is assigned Unit ID 1 is the Master unit by default The unit that is assigned Unit ID 2 is the Master Backup unit When you...

Page 51: ...its Selecting the Master and Master Backup Units A unit is master enabled if it assigned Unit ID 1 and Unit 2 All other units in the stack slaves have unit IDs of 3 8 The stack master assignment is performed during the configuration boot process One master enabled stack member is elected as Master and the other master enabled stack member is selected as Master Backup according to the following dec...

Page 52: ...re is no Master enabled unit in the stack Press the reset button on the unit to be master enabled and assign it a unit ID 1 using the boot menu The user can force a master enabled unit to be the master unit of the stack even if the master election process did not select it This is done by switching over to the backup unit NOTE Two stacking member are considered the same age if they were inserted w...

Page 53: ... Stack Master and the Master Backup results in limited service loss Dynamic tables are relearned if a failure occurs The Running Configuration file is synchronized between Stack Master and the Master Backup and continues running on the Master Backup Replacing Stacking Members If a unit is removed from the stack and replaced with a unit with the same unit ID the stack member is configured with the ...

Page 54: ...dified when units are added removed or reassigned unit IDs Each time the system reboots the Startup Configuration file in the Master unit is used to configure the stack Managing Configuration Files on the Stack The Startup Configuration and Running Configuration file are stored on the stack master Each port in the stack is referenced in the configuration files by its port type and unit ID 0 port n...

Page 55: ...L CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Uploading configuration files to an external TFTP server HTTP client Downloading configuration files from an external TFTP server HTTP client Download upload through the USB port NOTE Stack configuration for all configured ports is saved even if the stack is reset and or the ports are no longer present ...

Page 56: ...6 Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGStacking fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 57: ...escribed in Advanced Switch Configuration on page 67 NOTE Before proceeding further read the release notes for this product You can download the release notes from the Dell Support website at support dell com NOTE We recommend that you obtain the most recent revision of the user documentation from the Dell Support website at support dell com It contains the following topics Configuration Work Flow...

Page 58: ...h to the Terminal on page 59 b Boot the switch as described in the Booting the Switch on page 60 c Assign a unit ID to the switch as described in Assigning Unit IDs on page 50 2 Connect the units in the stack to each other as described in Configuring the Stack on page 61 3 Connect the Master unit to the terminal reboot the unit and the Setup Wizard is run automatically as described in Configuratio...

Page 59: ...inal emulation software 2 Connect the RS 232 cable to the switch console port on the front panel of the switch see Figure 5 1 using an 8 pin RJ 45 male connector Figure 5 1 Front Panel Console Port 3 Set the terminal emulation software as follows a Select the appropriate serial port to connect to the switch b Set the data rate to 9600 baud c Set the data format to 8 data bits 1 stop bit and no par...

Page 60: ... switch is started and checks hardware components to determine if the switch is operational before completely booting If the system detects a critical problem the boot process stops If POST passes successfully a valid executable image is loaded into RAM POST messages are displayed on the terminal and indicate test success or failure The boot process runs for approximately 40 45seconds When the boo...

Page 61: ...rd and configure the switch manually through the CLI The Setup Wizard configures the following fields SNMP Community String and SNMP Management System IP address optional Username and password Management switch IP address IP subnet mask Default gateway IP address NOTE The Setup Wizard assumes the following The PowerConnect switch was never configured before and is in the same state as when you rec...

Page 62: ...witch configuration and gets you up and running easily and quickly You can skip the Setup Wizard and enter CLI mode to manually configure the switch The system will prompt you with a default answer by pressing Enter you accept the default value You must respond to the next question to run the Setup Wizard within 60 seconds otherwise the system will continue with normal operation using the default ...

Page 63: ...and the community string or password that the particular management system uses to access the switch The wizard automatically assigns the highest access level Privilege Level 15 to this account You can use Dell Network Manager or other management interfaces to change this setting later and to add additional management system later For more information on adding management systems see the user docu...

Page 64: ...sword and password confirmation 9 Press Enter The following information is displayed Next an IP address is setup The IP address is defined on the default VLAN VLAN 1 This is the IP address you use to access the Telnet Web interface or SNMP interface for the switch To set up an IP address Please enter the IP address of the device A B C D Please enter the IP subnet mask A B C D or nn 10 Enter the ma...

Page 65: ...please select Y to save the configuration and copy to the start up configuration file If the information is incorrect select N to discard configuration and restart the wizard Y N 14 Enter N to restart the wizard or enter Y to complete the Setup Wizard If you enter Y the following is displayed Configuring SNMP management interface Configuring user account Configuring IP and subnet Thank you for usi...

Page 66: ...owerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUG_InitialConfiguration_gsg fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 67: ...figuration This section describes how to perform various configuration operations through the CLI It includes the following topics Using the CLI Accessing the Device Through the CLI Retrieving an IP Address Security Management and Password Configuration Configuring Login Banners Startup Menu Procedures Software Download ...

Page 68: ...EXEC Mode During CLI session initialization the CLI is in User EXEC mode Only a limited subset of commands is available in User EXEC mode This level is reserved for tasks that do not change the terminal configuration and is used to access configuration sub systems After logging into the device User EXEC command mode is enabled The user level prompt consists of the host name followed by the angle b...

Page 69: ...isplays enter the password and press Enter The Privileged EXEC mode prompt displays as the device host name followed by For example console To list the Privileged EXEC commands type a question mark at the command prompt To return from Privileged EXEC mode to User EXEC mode type disable and press Enter The following example illustrates accessing privileged EXEC mode and then returning to the User E...

Page 70: ...erface Configuration Mode The Interface Configuration mode configures the device at the physical interface level port VLAN or LAG Interface commands that require subcommands have another level called the Subinterface Configuration mode A password is not required to access this level The following example places the CLI in Interface Configuration mode on port 1 0 1 The sntp command is then applied ...

Page 71: ... a prompt Telnet Connection Telnet is a terminal emulation TCP IP protocol RS 232 terminals can be virtually connected to the local device through a TCP IP protocol network Telnet is an alternative to a local login terminal where a remote login is required The device supports up to four simultaneous Telnet sessions All CLI commands can be used over a Telnet session If access is via a Telnet connec...

Page 72: ...is saved in the configuration file but the IP address is not To retrieve an IP address from a DHCP server perform the following steps 1 Select and connect any port to a DHCP server or to a subnet that has a DHCP server on it 2 Type the following commands to use the selected port for receiving the IP address a Assigning dynamic IP Addresses on a port b Assigning a dynamic IP Addresses on a VLAN The...

Page 73: ...d boots from it The device then enables DHCP as instructed in the new configuration file and the DHCP instructs it to reload the same file NOTE If you configure a DHCP IP address this address is dynamically retrieved and the ip address dhcp command is saved in the configuration file In the event of master failure the backup will again attempt to retrieve a DHCP address This could result in one of ...

Page 74: ...s starts sending BOOTP requests The device receives the IP address automatically NOTE When the device reboot begins any input at the ASCII terminal or keyboard automatically cancels the BOOTP process before completion and the device does not receive an IP address from the BOOTP server The following example illustrates the process To display the IP address enter the show ip interface command The de...

Page 75: ...t a password it is recommended to always assign a password If there is no specified password privileged users can access the Web interface with any password NOTE Passwords can be secured by using password management commands to force aging out of passwords or expiration of passwords For more information see Management Security on page 261 Initial Configuration and Password Recovery The system is d...

Page 76: ...uring an Initial Terminal Password To configure an initial terminal password enter the following commands Configuring an Initial Telnet Password To configure an initial Telnet password enter the following commands console config aaa authentication login default line console config aaa authentication enable default line console config line console console config line login authentication default co...

Page 77: ... HTTPS session NOTE In the Web browser enable SSL 2 0 or greater for the page content to be displayed NOTE HTTP and HTTPS services require privilege level 15 access and connect directly to the configuration level access console config aaa authentication login default line console config aaa authentication enable default line console config line ssh console config line login authentication default ...

Page 78: ...and telnet or for all lines They are disabled by default The following types of banners can be defined Message of the Day Banner motd Displayed when the user connects to the device before login The following defines a message of the day for the console console configure console config line console console config line motd banner console config line exit console config banner motd Welcome console d...

Page 79: ...l privileged levels and in all authentication methods The following defines an exec banner for the console console configure console config line console console config line login banner console config line exit console config banner login Please log in console do show banner login Would you like to enable this banner to all lines Y N Y Y Please log in console configure console config line console ...

Page 80: ...lowing sections describe the available Startup menu options NOTE When selecting an option from the Startup menu take time out into account If no selection is made within 10 seconds default the device times out This default value can be changed through the CLI Download Software Option 1 The software download procedure is used to replace corrupted files or upgrade system software when the device doe...

Page 81: ... NOTE After software download the device reboots automatically Erase FLASH File Option 2 In some cases the device Startup Configuration file must be erased If the configuration is erased all parameters configured via CLI web management or SNMP must be reconfigured To erase the device configuration in the Startup Configuration file 1 From the Startup menu select 2 The following message is displayed...

Page 82: ... lost password when entering the local terminal only 1 From the Startup menu select 3 2 Continue the regular startup by logging in without a password 3 Enter a new password or press ESC to exit NOTE To ensure device security reconfigure passwords for applicable management methods Set Terminal Baud Rate Option 4 To set the terminal baud rate 1 Type 4 and press Enter 2 Enter the new baud rate The fo...

Page 83: ...found not compatible it is shutdown A SYSLOG message is sent when a master synchronizes a slave s software System Image Download When the device boots it decompresses the system image from the flash memory area and runs it When a new image is downloaded it is saved in the other area allocated for the other system image copy On the next boot the device decompresses and runs the image from the curre...

Page 84: ...ress file name unit image 4 When the new image is downloaded it is saved in the area allocated for the other copy of system image image 2 as shown in the example The following is an example of the information that appears Exclamation symbols indicate that a copying process is in progress Each symbol corresponds to 512 bytes transferred successfully A period indicates that the copying process is ti...

Page 85: ...he next boot is not selected by entering the boot system command the system boots from the currently active image 6 Enter the reload command The following message is displayed 7 Enter Y The device reboots Boot Image Download Loading a new boot image from the TFTP server or USB port updates the boot image The boot image is loaded when the device is powered on A user has no control over the boot ima...

Page 86: ...wing is an example of the information that appears 3 Enter the reload command The following message is displayed 4 Enter Y The device reboots console show version Unit SW version Boot version HW version 2 1 0 0 24 1 0 0 11 console console copy tftp 50 1 1 7 contax 10014 ros image 01 Oct 2006 11 57 35 COPY I FILECPY Files Copy source URL tftp 50 1 1 7 contax 10014 ros destination URL flash image 01...

Page 87: ...ng Dell OpenManage Administrator This section provides an introduction to the Dell OpenManage Switch Administrator user interface It contains the following topics Starting the Application Understanding the Interface Using the Switch Administrator Buttons Field Definitions Common GUI Features CLI Commands ...

Page 88: ... the home page the tree view provides an expandable view of the features and their components The branches in the tree view can be expanded to view all the components under a specific feature or retracted to hide the feature s components By dragging the vertical bar to the right the tree area can be expanded to display the full name of a component Device View Located in on the top center of the ho...

Page 89: ...rently active Table 7 1 describes the port colors that are displayed and their meaning Table 7 1 Port Colors NOTE For more information about LEDs see LED Definitions on page 40 To configure a port double click on its icon Only ports that are physically present are displayed in the PowerConnect OpenManage Switch Administrator home page and can be configured through the web management system Non pre...

Page 90: ...Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGAdmin fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY gi Giga port te Ten Giga port x Unit ID z Port number ...

Page 91: ...terfaces These are displayed at the top of each page Device Management Icons Table 7 3 describes the device management buttons Table 7 2 Information Buttons Button Description Support Opens the Dell Support page at support dell com About Contains the version and build number and Dell copyright information Logout Opens the Log Out window Table 7 3 Device Management Icons Button Icon Description App...

Page 92: ... C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGAdmin fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Refresh Refreshes device information from the Running Configuration file Table 7 3 Device Management Icons Continued ...

Page 93: ...tered in GUI page to the Running Configuration file Back Go to previous page Cancel Cancel changes entered in GUI page Clear All Counters Delete counters Clear Counters Delete selected counters Clear Log Delete entries from log Clear Statistics Delete statistics Copy parameters from Copy the parameters from a selected row to the selected target rows Copy parameters from port Copy the parameters fr...

Page 94: ...tes that the field is display only CLI Commands There are certain command entry conventions that apply to all commands The following table describes these conventions Table 7 5 Common GUI Elements Telnet Opens a Telnet window This only works in the Explorer 6 and Firefox browsers Button Description In a command line square brackets indicate an optional entry In a command line curly brackets indica...

Page 95: ...rl and F4 Screen Display Indicates system messages and prompts appearing on the console all When a parameter is required to define a range of ports or parameters and all is an option the default for the command is all when no parameters are defined For example the command interface range port channel has the option of either entering a range of channels or selecting all When the command is entered...

Page 96: ...96 Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGAdmin fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 97: ...witching_NetworkSecurity fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 8 Network Security This section describes the various mechanisms for providing security on the switch It contains the following topics Port Security ACLs ACL Binding Proprietary Protocol Filtering Absolute Time Range Time Range Recurrence Dot1x Authentication ...

Page 98: ...s to the locked port is limited to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port before it was locked Limited Dynamic Lock When a packet is received on a locked port and the packet s source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system a protection mechanism which pro...

Page 99: ...ports or LAGs depending on the selected interface type 2 To modify the security parameters for a port select it and click Edit 3 Enter the following fields Interface Select the interface to be configured Current Port Status Displays the current port status Set Port Select to either lock or unlock the port Learning Mode Set the locked port type The Learning Mode field is enabled only if Locked is s...

Page 100: ...Violation Select the action to be applied to packets arriving on a locked port The possible options are Discard Discard the packets from any unlearned source Forward Forward the packets from an unknown source without learning the MAC address Shutdown Discard the packet from any unlearned source and shut down the port Ports remain shutdown until they are reactivated or the device is reset Trap Enab...

Page 101: ... security learning mode Use the no form of this command to restore the default configuration port security forward discard discard shutdown trap seconds no port security Enables port security on an interface Use the no form of this command to disable port security on an interface port security forward discard discard shutdown trap seconds no port security Configures port security on an interface U...

Page 102: ...The following is an example of the CLI commands console show ports security Port Status Learning Action Maximum Trap Frequency gi1 0 1 Disabled Max Addresses 10 gi1 0 2 Disabled Lock 1 gi1 0 3 Disabled Lock 1 gi1 0 4 Disabled Lock 1 gi1 0 5 Disabled Lock 1 gi1 0 6 Disabled Lock 1 gi1 0 7 Disabled Lock 1 gi1 0 8 Disabled Lock 1 gi1 0 9 Disabled Lock 1 gi1 0 10Disabled Lock 1 gi1 0 11Disabled Lock 1...

Page 103: ...d for example a network administrator defines an ACL rule that states that port number 20 can receive TCP packets however if a UDP packet is received the packet is dropped ACLs are composed of Access Control Entries ACEs that are rules that determine traffic classifications Each ACE is a single rule and up to 256 rules may be defined on each ACL and up to 3000 rules globally Rules are not only use...

Page 104: ...NTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY IPv6 based ACL Examines the Layer 3 layer of IPv6 frames MAC Based ACLs To define a MAC based ACL 1 Click Switching Network Security MAC Based ACL to display the MAC Based ACL Summary page Figure 8 2 MAC Based ACL Summary The currently defined MAC based ACLs are displayed 2 To add a new ACL click Add ACL and enter the name of the new ACL ...

Page 105: ...ing MAC based ACLs The following is an example of some of the CLI commands Table 8 2 MAC Based ACL CLI Commands CLI Command Description mac access list extended acl name no mac access list extended acl name Defines an ACL and places the device in MAC extended ACL configuration mode Use the no form of this command to remove the ACL show interfaces access lists Displays access lists applied on inter...

Page 106: ... Select the ACL for which a rule is being created 4 Enter the fields New Rule Priority Enter the priority of the ACE ACEs with higher priority are processed first One is the highest priority Source MAC Address Match the source MAC address from which packets have arrived to this source address In addition to the Source MAC address you can enter a Wildcard Mask that specifies which bits in the sourc...

Page 107: ...ion of 0s and ffs can be used Any Check to indicate that the destination address is not matched VLAN ID Match the packet s VLAN ID to this VLAN ID The possible VLAN IDs are 1 to 4095 CoS Match the packet s CoS value to this CoS value Cos Mask Match the packet s CoS value to one of these CoS values Ether type Match the packet s Ethertype to this one Time Range Name Check to associate a time range w...

Page 108: ...it any source ip address source wildcard any destination destination wildcard eth type 0 aarp amber dec spanning decnet iv diagnostic dsm etype 6000 vlan vlan id cos cos cos wildcard time range time range name Sets permit conditions for an MAC access list in MAC ACL configuration mode deny any source source wildcard any destination destination wildcard eth type 0 aarp amber dec spanning decnet iv ...

Page 109: ... fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY IPv4 Based ACLs To define an IPv4 based ACL 1 Click Switching Network Security IPv4 Based ACL to display the IPv4 Based ACL Summary page Figure 8 4 IPv4 Based ACL Summary The previously defined IPv4 ACLs are displayed 2 To add a new ACL click Add ACL 3 Enter the name of the new ACL Names are case sensitive ...

Page 110: ...Ls The following is an example of some of the CLI commands IPv4 Based ACEs To add a rule to an ACL 1 Click Switching Network Security IPv4 Based ACE to display the IPv4 Based ACE page Figure 8 5 IPv4 Based ACE Summary Table 8 4 IP Based ACL CLI Commands CLI Command Description ip access list extended acl name no ip access list extended acl name Defines an IPv4 access list and places the device in ...

Page 111: ...anagement Protocol IGMP Enables hosts to notify their local switch or router that they want to receive transmissions assigned to a specific multicast group IPinIP IP in IP Encapsulates IP packets to create tunnels between two routers This ensures that IPIP tunnel appears as a single interface rather than several separate interfaces IPIP enables tunnel intranets occur the internet and provides an a...

Page 112: ...ides fast convergence support for variable length subnet mask and supports multiple network layer protocols OSPF The Open Shortest Path First OSPF protocol is a link state hierarchical interior gateway protocol IGP for network routing Layer Two 2 Tunneling Protocol an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks VPNs IPIP IP over IP IPinIP Encapsulates IP pac...

Page 113: ...means the bits are irrelevant Any combination of 0s and ffs can be used Any Check to indicate that the source address is not matched Dest IP Address Enter the destination IP address to which addresses in the packet are compared Wildcard Mask In addition to the Destination MAC address you can enter a mask that specifies which bits in the source address are used for matching and which bits are ignor...

Page 114: ...essage type Any Check to use all IGMP message types Classification Select one of the following matching options Match DSCP 0 63 Matches the packet DSCP value to the ACL Match IP Precedence 0 7 Check to enable matching IP precedence with the packet IP precedence value IP precedence enables marking frames that exceed the CIR threshold In a congested network frames containing a higher DP value are di...

Page 115: ... any icmp type any icmp code dscp number precedence number time range time range name permit igmp any source ip address source wildcard any destination ip address destination wildcard igmp type dscp number precedence number time range time range name permit tcp any source ip address source wildcard any source port port range any destination ip address destination wildcard any destination port port...

Page 116: ...any destination ip address destination wildcard igmp type dscp number precedence number time range time range name disable port log input deny tcp any source ip address source wildcard any source port port range any destination ip address destination wildcard any destination port port range dscp number precedence number match all list of flags time range time range name disable port log input deny...

Page 117: ...ACL Page displays and enables the creation of IPv6 ACLs which check pure IPv6 based traffic IPv6 ACLs do not check IPv6 over IPv4 or ARP packets To define IPv6 based ACLs 1 Click Switching Network Security IPv6 Based ACL to display the IPv6 Based ACL Summary page Figure 8 6 IPv6 Based ACL Summary A list of all of the currently defined IPv6 based ACLs is displayed 2 To add a new ACL click Add ACL 3...

Page 118: ... The following is an example of some of the CLI commands IPv6 Based ACEs To add a rule to an IPv6 based ACL 1 Click Switching Network Security IPv6 Based ACE to display the IPv6 ACE Summary page Figure 8 7 IPv6 Based ACE Summary Table 8 6 IP Based ACL CLI Commands CLI Command Description ipv6 access list access list name no ipv6 access list access list name Defines an IPv6 access list and places t...

Page 119: ...ed and received in the order the are sent UDP User Datagram Protocol UDP Communication protocol that transmits packets but does not guarantee their delivery ICMP Internet Control Message Protocol ICMP The ICMP allows the gateway or destination host to communicate with the source host For example to report a processing error IPV6 Matches the packet to the IPV6 protocol Protocol ID To Match Enter a ...

Page 120: ... indicate that the source address is not matched Dest IP Address Enter the destination IP address to which addresses in the packet are compared The following options are available Prefix Length The number of bits that comprise the destination IP address prefix of the subnetwork Any Check to indicate that the destination address is not matched Traffic Class Select one of the following options Match...

Page 121: ...CLI Commands CLI Command Description permit protocol any source prefix length any destination prefix length dscp number precedence number time range time range name permit icmp any source prefix length any destination prefix length any icmp type any icmp code dscp number precedence number time range time range name permit tcp any source prefix length any source port port range any destination pref...

Page 122: ...ecedence number time range time range name disable port log input deny tcp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number match all list of flags time range time range name disable port log input deny udp any source prefix length any source port port range any destination prefix length any destination ...

Page 123: ...r LAG flows from that ingress or egress interface that do not match the ACL are matched to the default rule which is to Drop unmatched packets To change the default action for unmatched packets to an action other than Drop do the following Add an additional ACE to the ACL with Any in all fields Set its action other than Drop Set the priority to the lowest in the ACL To bind ACLs to interfaces 1 Cl...

Page 124: ...ng CLI Commands The following table summarizes the CLI commands for configuring ACL Bindings The following is an example of some of the CLI commands Table 8 8 ACL Bindings CLI Commands CLI Command Description service acl input acl name1 acl name2 no service acl input Controls access to an interface Use the no form of the command to remove access control show access lists acl name Displays access c...

Page 125: ... packets through an interface These can be enabled for specific ports If a protocol filter is enabled on a port you cannot enable a QoS ACL on this port To configure Proprietary Protocol Filtering 1 Click Switching Network Security Proprietary Protocol Filtering to display the Proprietary Protocol Filtering Summary page Figure 8 9 Proprietary Protocol Filtering Summary A list of the ports and thei...

Page 126: ... a port at the same time To add other protocol filters the command must be negated and then run again with all the required protocol names The following is an example of some of the CLI commands Table 8 9 Protocol Filtering Protocol Destination Address Protocol Type blockcdp 0100 0ccc cccc 0x2000 blockvtp 0100 0ccc cccc 0x2003 blockdtp 0100 0ccc cccc 0x2004 blockudld 0100 0ccc cccc 0x0111 blockpag...

Page 127: ...e range and begins and ends on a recurring basis It is defined in the Time Range Recurrence pages If a time range includes both absolute and recurring ranges the ACL is activated only if both absolute start time and the recurring time range have been reached The ACL is deactivated when either of the time ranges is reached The switch supports a maximum of 10 absolute time ranges All time specificat...

Page 128: ...ute time range 1 Click Switching Network Security Time Range to display the Time Range Summary page Figure 8 10 Time Range Summary The existing Time Ranges are displayed 2 To add a new time range click Add 3 Enter the name of the time range in the Time Range Name field 4 Define the Absolute Start time To begin the Time Range immediately click Immediate To determine at what time in the future the T...

Page 129: ...ermine the time at which the Time Range ends enter values in the Date and Time fields See Configuring Time Ranges Using CLI Commands on page 130 for the CLI commands for creating time ranges Time Range Recurrence To add a recurring time range element to an absolute time range 1 Click Switching Network Security Time Range Recurrence to display the Recurring Time Range Summary page Figure 8 11 Recur...

Page 130: ...y of the week on which the time range occurs 6 If the recurrence is Weekly enter Start Select the Day of the Week and Time on which the time range starts End Select the Day of the Week and Time on which the time range ends Configuring Time Ranges Using CLI Commands The following table summarizes the CLI commands for configuring time ranges Table 8 11 Time Range CLI Commands CLI Command Description...

Page 131: ...riodic list hh mm to hh mm day of the week1 day of the week2 day of the week7 no periodic list hh mm to hh mm day of the week1 day of the week2 day of the week7 periodic list hh mm to hh mm all no periodic list all hh mm to hh mm all Adds a recurring time range to the time range Use the no form of the commands to remove the recurring time range console config time range http allowed console config...

Page 132: ...d and approved system users can transmit and receive data Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol EAP Port Authentication includes Authenticators Specifies the device port that is authenticated before permitting system access Supplicants Specifies the host connected to the authenticated port hat is requesting to access the system services Authenti...

Page 133: ...tion In the Dot1x standard a device can be a supplicant and an authenticator at a port simultaneously requesting and granting port access However this device can only act as an authenticator and does not take on the role of a supplicant The following varieties of Dot1x exist Single session Dot1x A1 Single session Single Host In this mode the switch as an authenticator supports a single Dot1x sessi...

Page 134: ...ice The assigned VLAN must not be the default VLAN and must have been created on the switch The switch must not be configured to use both a DVA and a MAC based VLAN group A RADIUS server must support DVA with RADIUS attributes tunnel type 64 VLAN 13 tunnel media type 65 802 6 and tunnel private group id a VLAN ID Dynamic Policy ACL Assignment The Dynamic Policy ACL Assignment feature enables speci...

Page 135: ...that is configured with a single session Unauthenticated VLAN and Guest VLANs Unauthenticated VLANs and Guest VLANs provide access to services that do not require the subscribing devices or ports to be Dot1x or MAC Based authenticated and authorized An unauthenticated VLAN is a VLAN that allows access by authorized and unauthorized devices or ports You can configure one or more VLAN to be unauthen...

Page 136: ...rt in the Port Based Authentication Interface Settings pages Monitoring Mode Monitoring mode enables providing users who fail authentication with limited network access This enables these users to correct the reason that the authentication failed The following are the main aspects of this feature Enables successful authentications using the returned RADIUS information Provides a mechanism to repor...

Page 137: ...ased Authentication Global To globally configure authentication 1 Click Switching Network Security Dot1 Authentication Port Based Authentication Global to display the Port Based Authentication Global page Figure 8 12 Port Based Authentication Global 2 Enter the following fields Port Based Authentication State Enable disable port based authentication Authentication Method Select an authentication m...

Page 138: ...uest VLAN from the VLAN list Monitoring Mode Enable disable logging authentication attempts Monitoring VLAN Enter the ID of the VLAN to which traffic being monitored is routed after unsuccessful Dot1x authentication Accept Supplicant when Dynamic Policy ACL Assignment Has No Resources If no resources remain in the TCAM the system can either reject disable or allow enable successful authentication ...

Page 139: ...guest vlan no dot1x guest vlan Contains a list of VLANs The guest VLAN is selected from the VLAN List Use the no form of this command to disable access show dot1x Displays 802 1X status for the device console config aaa authentication dot1x default none console config interface vlan 5 console show dot1x 802 1x is disabled Admin Oper Reauth Reauth Username Port Mode Mode Control Period gi1 0 1 Forc...

Page 140: ...play the Port Based Authentication Interface Settings Summary page Figure 8 13 Port Based Authentication Interface Settings Port parameters for the selected unit are displayed 2 Click Edit 3 Select a port for which the authentication parameters apply in the Interface drop down list 4 Enter the parameters User Name Displays the username of the port Admin Interface Control Select the port authorizat...

Page 141: ...ed based on the supplicant MAC address Only eight MAC based authentications can be used on the port 802 1x MAC Both 802 1X and MAC based authentication are performed on the switch The 802 1X authentication takes precedence NOTE For MAC authentication to succeed the RADIUS server supplicant username and password must be the supplicant MAC address The MAC address must be in lower case letters and en...

Page 142: ...N Assignment feature but does so in a standard way Therefore when DVA is available MAC to VLAN Assignment is not available Guest VLAN Enable disable port access to the Guest VLAN If enabled unauthorized users connected to this interface can access the Guest VLAN Dynamic Policy ACL Assignment Enable disable this feature Periodic Reauthentication Select to enable port re authentication attempts afte...

Page 143: ...tication Interface CLI Commands CLI Command Description dot1x port control auto force authorized force unauthorized no dot1x port control Enables manual control of the port authorization state Use the no form of this command to restore the default configuration dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Enables authentication based on the station s MAC address Use...

Page 144: ...e device remains in the quiet state following a failed authentication exchange Use the no form of this command to restore the default configuration dot1x timeout server timeout seconds no dot1x timeout server timeout Sets the time for the retransmission of packets to the authentication server Use the no form of this command to restore the default configuration dot1x timeout supp timeout seconds no...

Page 145: ... unauthorized ports Use the no form of this command to restore the default configuration console config aaa authentication dot1x default none console config interface vlan 5 console config if dot1x auth not req console config vlan database console config vlan vlan 2 console config vlan exit console config interface vlan 2 console config if dot1x guest vlan console show dot1x Interface Admin Mode O...

Page 146: ...1 Click Switching Network Security Dot1 Authentication Monitoring Users to display the Monitoring Users page Figure 8 14 Monitoring Users 2 Select a supplicant that was authenticated on the port The supplicant s information is displayed User Name Name assigned to this port Port Number of port VLAN Port belongs to this VLAN MAC Address Source of traffic Reject Reason Reason that traffic was rejecte...

Page 147: ...FRS MTH DENY First method is deny IPv6WithMAC RADIUS accept message contains filter with IPv6 DIP and MAC addresses IPV6WithNotIP RADIUS accept message contains IPv6 and not IP simultaneously POL BasicMode Policy is not supported in the QoS basic mode POL DEL Policy was deleted by a user POL OVRFL Policy sent by radius server can not be applied because of TCAM overflow RAD APIERR RADIUS API return...

Page 148: ...is an example of the CLI commands Table 8 15 Monitoring Users CLI Commands CLI Command Description show dot1x monitoring result username username Displays the captured information of each interface host on the switch stack console show dot1x monitoring Tom Username Tom Port g1 Quiet period 60 Seconds Tx period 30 Seconds Max req 2 Supplicant timeout 30 Seconds Server timeout 30 Seconds Session Tim...

Page 149: ...iew ports and their authentication information 1 Click Switching Network Security Dot1 Authentication Host Authentication to display the Host Authentication Summary page Figure 8 15 Host Authentication Summary A list of the ports and their authentication modes is displayed The fields are defined on the Edit page with the exception of the following field Single Host Status Displays the host status ...

Page 150: ...pe The options are Single Only a single authorized host can access the port Port Security cannot be enabled on a port in single host mode Multiple Host Multiple hosts can be attached to a single 802 1x enabled port Only the first host must be authorized and then the port is wide open for all who want to access the network If the host authentication fails or an EAPOL logoff message is received all ...

Page 151: ... address is successfully authenticated by the 802 1X mac authentication access control Use the no form of this command to disable the traps dot1x traps mac authentication success no dot1x traps mac authentication success Enables sending traps when MAC address was failed in authentication of the 802 1X MAC authentication access control Use the no form of this command to disable the traps dot1x viol...

Page 152: ...ou to view users that attempted to be authenticated To view ports and their authentication definitions 1 Click Switching Network Security Dot1 Authentication Port Authentication Users to display the Port Authentication Users page Figure 8 16 Port Authentication Users The ports and their authentication definitions are displayed User Name Supplicant names that were authenticated on each port Port Nu...

Page 153: ...one No authentication is applied it is automatically authorized RADIUS Supplicant was authenticated by a RADIUS server MAC Address Displays the supplicant MAC address MAC Address MAC address of user who attempted to be authenticated VLAN VLAN assigned to the user Filter Filter that was applied to the user by receiving the policy ACL name from the RADIUS server Dynamic ACL Assignment 2 Click Detail...

Page 154: ...rt Authentication Users CLI Commands CLI Command Description show dot1x users Displays active 802 1x authenticated users for the device console show dot1x users Port User Session Auth MAC VLAN Filter Name Time Method Address gi1 0 1 Bob 1d 03 08 58 Remote 0008 3b79 8787 3 Port User Session Auth MAC VLAN Filter Name Time Method Address gi1 01 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK gi1 01 Tim 03...

Page 155: ...ng System Information This section describes how to set system parameters such as security features switch software system time logging parameters and more It contains the following topics General Switch Information Time Synchronization Logs IP Addressing Diagnostics Management Security DHCP Server SNMP File Management Stack Management sFlow ...

Page 156: ...bes how to view and set general switch parameters It contains the following topics Asset Information System Health Power over Ethernet Asset Information Use the Asset page to view and configure general device information including the system name location contact system MAC Address System Object ID date time and system up time To configure general device parameters 1 Click System General Asset in ...

Page 157: ...atory This date can also be entered in the Manual Time Settings page If SNTP has been defined but the SNTP server is not available the switch uses the date and time in this field and the Time field Time Enter the current time mandatory This time can also be entered in the Manual Time Settings page If SNTP has been defined but the SNTP server is not available the switch uses the date and time in th...

Page 158: ...nmp server contact text no snmp server contact Configures the system contact sysContact name Use the no form of the command to remove the system contact information snmp server location text no snmp server location Configures the system location string Use the no form of this command to remove the location string hostname name no hostname Specifies the device host name Use the no form of the comma...

Page 159: ...ck System General System Health in the tree view to display the System Health page Figure 9 2 System Health The System Health page displays the following fields Unit No The unit in the stack for which information is displayed Power Supply Status Displays the following columns PS The power status of the internal power unit The possible options are Checked The power supply is operating normally Unch...

Page 160: ... the fans on off according to the temperature The user can set the fans to be constantly on The possible options are Checked The fans are operating normally Unchecked At least one of the fans is not operating normally Fan Admin State On Auto status that user configured in the Edit page Fan Current Level Specifies whether the fan is actually on or off 2 The lower block displays the condition under ...

Page 161: ...er all conditions Table 9 2 Celsius to Fahrenheit Conversion Table Viewing System Health Information Using the CLI Commands The following table summarizes the CLI commands for viewing fields displayed on the System Health page Celsius Fahrenheit 0 32 5 41 10 50 15 59 20 68 25 77 30 86 35 95 40 104 Table 9 3 System Health CLI Command CLI Command Description show system unit unit Displays system inf...

Page 162: ...ering with the network traffic updating the physical network or modifying the network infrastructure Using PoE eliminates the need to Place all network devices next to power sources Deploy double cabling systems significantly decreasing installation costs PoE can be used in any network that deploys relatively low powered devices connected to the Ethernet LAN PDs are devices that receive power from...

Page 163: ...10 30 13 FOR PROOF ONLY Wireless access points IP gateways Audio and video remote monitoring devices PDs are connected to the device via the Gigabit ports Error Conditions Traps are generated when the following occur Status change to port delivering not delivering power to PD Indication that power usage is above the defined threshold Indication that power usage is below the threshold ...

Page 164: ...em General Power over Ethernet in the tree view to display the Power Over Ethernet Summary page Figure 9 3 Power Over Ethernet Summary 2 The PoE global parameters are displayed Power Status The inline power source status On The power supply unit is functioning Off The power supply unit is not functioning Faulty The power supply unit is functioning but an error has occurred for example a power over...

Page 165: ...vering power to PD Indication that power usage is above the defined threshold Indication that power usage is below the threshold NOTE If traps are enabled you must also enable SNMP and configure at least one SNMP notification recipient 4 To view PoE port settings for a unit in the stack select its Unit ID The port PoE parameters are displayed for all ports on the unit The fields displayed in this ...

Page 166: ...r defined description of the PD connected to the port such as Bob Smith s telephone The following fields are displayed on this page PoE Operational Status Whether the port is currently providing power If it is not providing power the reason is displayed Power Consumption The amount of power being consumed by the powered device Overload Counter Total power overload occurrences Short Counter Total p...

Page 167: ...type Use the no version of the command to remove the description Use the no form of this command to restore the default configuration power inline priority critical high low no power inline priority Configures the priority of the interface from the point of view of inline power management Use the no form of this command to restore the default configuration power inline usage threshold no power inl...

Page 168: ...nline gigabitethernet tengigabitethe rnet port number module stack member number Displays PoE configuration information for all interfaces or for a unit in the stack console show power inline Unit Power Nominal Power Consumed Power Usage Threshold Traps 1 Off 1 Watts 0 Watts 0 95 Disable 2 Off 1 Watts 0 Watts 0 95 Disable 3 Off 1 Watts 0 Watts 0 95 Disable 4 Off 1 Watts 0 Watts 0 95 Disable Table ...

Page 169: ...rom an SNTP server This section describes how to set system time and contains the following sections Manual Time Settings Setting System Time and Daylight Savings Time CLI Commands for Setting Manual Time System Time from an SNTP Server Global Settings Clock Source SNTP Global Settings SNTP Authentication SNTP Servers SNTP Interfaces CLI Script for Receiving Time from an SNTP Server Manual Time Se...

Page 170: ...nning of October until the end of March Armenia Last weekend of March until the last weekend of October Austria Last weekend of March until the last weekend of October Bahamas From April to October in conjunction with U S summer hours Belarus Last weekend of March until the last weekend of October Belgium Last weekend of March until the last weekend of October Brazil From the 3rd Sunday in October...

Page 171: ...nd of October Japan Japan does not operate Daylight Saving Time Jordan Last weekend of March until the last weekend of October Latvia Last weekend of March until the last weekend of October Lebanon Last weekend of March until the last weekend of October Lithuania Last weekend of March until the last weekend of October Luxembourg Last weekend of March until the last weekend of October Macedonia Las...

Page 172: ... until the last weekend of October South Africa South Africa does not operate Daylight Saving Time Spain Last weekend of March until the last weekend of October Sweden Last weekend of March until the last weekend of October Switzerland Last weekend of March until the last weekend of October Syria From 31st March until 30th October Taiwan Taiwan does not operate Daylight Saving Time Turkey Last wee...

Page 173: ...s page Figure 9 4 Manual Time Settings 2 Enter the following local settings Date The system date Local Time The system time Time Zone Offset The difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 00 while the local time in New York is GMT 5 00 3 To set Daylight Savings Time DST select the Daylight Savings field and select one of the possib...

Page 174: ...tting in a particular year complete the Daylight Savings area and for a recurring setting complete the Recurring area If Other is selected the From and To fields must be defined either in the Non recurring or Recurring section 4 To enter non recurring DST parameters enter the following fields From The time that DST begins The possible options are DD MMM YY The date month and year at which DST begi...

Page 175: ...ry year Time The time at which DST ends every year CLI Commands for Setting Manual Time The following steps in any order must be completed before setting time manually Set system time Define the time zone in relation to GMT Configure Daylight Savings Time The following table summarizes the CLI commands for setting fields displayed in the Manual Time Setting pages when the clock source is Local Tab...

Page 176: ...year hh mm month date year hh mm offset no clock summer time Configures the system to automatically switch to summer time Daylight Savings Time for a specific period date month year format Use the no form of the command to configure the system not to switch to summer time Daylight Savings Time clock timezone zone hours offset minutes offset Sets the time zone and names it zone for display purposes...

Page 177: ...ipt to Set Manual System Time CLI Description Console clock set 13 32 00 7 Nov 2010 Set the system time console configure console config clock timezone Ohio 2 Set the time zone to GMT plus 2 hours The name of the zone Ohio is purely for documentation purposes This is not mandatory for manual time but is recommended It enables anyone seeing the time to know what that time is in respect to their tim...

Page 178: ...ver Types The switch can accept time information from the following server types Unicast Polling for Unicast information is used for polling a server whose IP address is known This is the preferred method for synchronizing device time as it is most secure Up to eight SNTP servers can be defined If this method is selected SNTP information is accepted only from SNTP servers defined in the SNTP Serve...

Page 179: ...lecting Designated SNTP Server on page 180 Broadcast is the least secure method of receiving time because it is both unsecured and the time information was not specifically requested by the device Anycast is also unsecured but time information packets are only accepted if they were requested Stratums Each SNTP server is characterized by stratums which define the accuracy of its clock The stratum i...

Page 180: ... servers pass the above criteria then the server that sent the first earliest time packet is chosen If a better server is discovered later it is selected to be the designated server at that time Polling You can configure the system to acquire time information in the following ways Enable polling Time information is requested every polling interval Do not enable polling Time information is received...

Page 181: ...MD5 is a variation of MD4 and increases MD4 security MD5 both verifies the integrity of the communication and authenticates the origin of the communication Global Settings Clock Source System time can be set manually or it may be received from an external SNTP server You if wish to set the system time manually you do not to use the Global Settings page because the default is manual local system ti...

Page 182: ...ing table summarizes the CLI commands for setting the clock source The following is an example of the CLI commands SNTP Global Settings If SNTP was selected as the clock source in the Global Settings page you must define the mechanism of setting time from an SNTP server This is done in the SNTP pages described below Table 9 7 Clock Source CLI Command CLI Description clock source sntp no clock sour...

Page 183: ...the SNTP Global Settings page Figure 9 6 SNTP Global Settings 2 Enter the fields Poll Interval 60 86400 Enter the interval in seconds at which the SNTP servers are polled Receive Broadcast Servers Updates Enable disable receiving time information from Broadcast servers Receive Anycast Servers Updates Enable disable receiving time information from Anycast SNTP servers Receive Unicast Servers Update...

Page 184: ...cated Table 9 8 SNTP Global Parameters CLI Commands CLI Command Description sntp client poll timer seconds no sntp client poll timer Sets the polling time for an SNTP client Use the no form of this command to restore the default configuration sntp broadcast client enable no sntp broadcast client enable Enables SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients...

Page 185: ... 7 SNTP Authentication Summary The previously defined authentication keys are displayed 2 Enable disable SNTP Authentication This enables disables authenticating SNTP sessions between the device and an SNTP server 3 Multiple keys can be defined To add a new SNTP authentication key click Add and enter the fields Encryption Key ID 1 4294967295 Enter the number used to identify this SNTP authenticati...

Page 186: ...ng is an example of the CLI commands Table 9 9 SNTP Authentication CLI Commands CLI Command Description sntp authenticate no sntp authenticate Defines authentication for received SNTP traffic from servers Use the no form of this command to disable the feature sntp trusted key key number no sntp trusted key key number Authenticates the identity of a system to which SNTP will synchronize Use the no ...

Page 187: ...er or display SNTP server information 1 Click System Time Synchronization SNTP Servers in the tree view to display the SNTP Servers Summary page Figure 9 8 SNTP Servers Summary The following is displayed for the previously defined servers SNTP Server IP address of server Polling Polls the selected SNTP server for system time information when enabled Encryption Key ID Key Identification used to com...

Page 188: ...own for example the device is currently looking for an interface Last Response The last time a response was received from the SNTP server Offset The estimated offset of the server s clock relative to the local clock in milliseconds The host determines the value of this offset using the algorithm described in RFC 2030 Delay The estimated round trip delay of the server s clock relative to the local ...

Page 189: ...an encryption key and select one of the encryption keys that was defined in the SNTP Authentication pages Defining SNTP Servers Settings Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the SNTP Server pages Table 9 10 SNTP Server CLI Commands CLI Command Description sntp server ipv4 address ipv6 address ipv6 address hostname poll key key id no snt...

Page 190: ...rmation from Anycast servers is enabled you can determine through which interface the Anycast packets are sent and received If no interface is defined Anycast requests are not sent console config sntp server 100 1 1 1 poll key 10 console show sntp status Clock is unsynchronized Unicast servers Server Status Last Response Offset Delay mSec mSec Anycast server Server Interface Status Last Response O...

Page 191: ... SNTP Interface Settings Summary page Figure 9 9 SNTP Interface Settings Summary The following fields are displayed for every interface for which an SNTP interface has been enabled Interface The port LAG or VLAN on which SNTP is enabled Receive Servers Updates Displays whether the interface is enabled to receive updates from the SNTP server 2 To add an interface that can receive SNTP server update...

Page 192: ...ands CLI Command Description sntp client enable gigabitethernet tengigabitethern et port id vlan vlan id port channel LAG number no sntp client enable gigabitethernet tengigabitethern et port number vlan vlan id port channel LAG number Enables the SNTP client on an interface in Global Configuration mode Use the no form of this command to disable the SNTP client sntp client enable no sntp client en...

Page 193: ...config sntp client enable gi1 0 1 console exit console configure console config interface gi1 0 1 console config if sntp client enable console show sntp configuration SNTP port 123 Polling interval 1024 seconds No MD5 authentication keys Authentication is not required for synchronization No trusted keys Unicast Clients Disabled Unicast Clients Polling Disabled Server Polling Encryption Key Broadca...

Page 194: ... seconds console config sntp unicast client enable Enable accepting time from predefined Unicast clients console config sntp unicast client poll Enable polling predefined Unicast clients console config sntp server 10 4 1 3 poll Define the server that will be used as an SNTP server console config exit console show sntp configuration Display SNTP settings console show sntp status Display SNTP server...

Page 195: ... automatically logged such as hardware problems You may enable disable logging the following types of events Authentication Events in the Global Parameters page Copy File Events in the Global Parameters page Management Access Events in the Global Parameters page Login History in the Login History page Event messages have a unique format as per the System Logs SYSLOG protocol recommended message fo...

Page 196: ...rected to the console RAM log flash log file or SYSLOG server or to any combination of these destinations Global Parameters Use the Global Parameters page to enable disable logging for the following logging severity levels Emergency If the device is down or not functioning properly an emergency log message is saved to the specified logging location Alert An alert log is saved if there is a serious...

Page 197: ...specific types of logging and set their destination To configure logging 1 Click System Logs Global Parameters in the tree view to display the Global Parameters page Figure 9 10 Global Parameters 2 Enable disable logging in the Logging drop down list Console logs are enabled by default and cannot be disabled 3 If Logging is enabled select the types of events to be logged in addition to the events ...

Page 198: ...ile Flash memory and remote SYSLOG servers When a severity level is selected all severity levels above the selection are selected automatically Enabling Logs Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the Global Parameters page Table 9 13 Global Log Parameters CLI Commands CLI Command Description logging on no logging Enables error message lo...

Page 199: ...ogging deny Enables Management Access List ACL deny events Use the no form of this command to disable logging management access list events aaa logging login no aaa logging login Enables logging authentication login events Use the no form of this command to disable logging authentication login events console configure console config logging on console config logging console errors console config l...

Page 200: ...g in the tree view to display the RAM Log page Figure 9 11 RAM Log The Max RAM Log Entries 20 400 line which contains the maximum number of RAM log entries permitted is displayed When the log buffer is full the oldest entries are overwritten The Current Setting contains how many entries are currently permitted and you can change this number in the New Setting after reset field The following is dis...

Page 201: ...g table summarizes the CLI commands for setting the size of the RAM log buffer viewing and clearing entries in the RAM log The following is an example of the CLI commands Table 9 14 RAM Log Table CLI Commands CLI Command Description logging buffered size no logging buffered Sets the number of SYSLOG messages stored in the internal buffer RAM Use the no form of this command to cancel using the buff...

Page 202: ...og File in Flash To view and or clear the flash memory log file 1 Click System Logs Log File in the tree view to display the Log File page Figure 9 12 Log File The following is displayed for the existing logs Log Index The log number in the Log file Log Time The time at which the log was entered Severity The log severity Description The log entry text 2 To remove all entries from the log file clic...

Page 203: ...the time a user logged in and the protocol used to log on to the device Table 9 15 Log File Table CLI Commands CLI Command Description show logging file Displays the logging state and the SYSLOG messages stored in the logging file console show logging file Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 62 Logged 62 Displayed 200 M...

Page 204: ...n History page Figure 9 13 Login History The login history for the selected user or all users is displayed 2 Enable disable Login History to File to record login history 3 Select a user or All from the User Name drop down list The login history for this user is displayed in the following fields Login Time The time the selected user logged on to the device User Name The user that logged on to the d...

Page 205: ...Login History page The following is an example of the CLI commands Table 9 16 Login History CLI Commands CLI Command Description aaa login history file no aaa login history file Enables writing to the login history file Use the no form of this command to disable writing to the login history file show users login history username Displays the user s login history console config aaa login history fi...

Page 206: ... Logs Remote Server Settings in the tree view to display the Remote Log Server Summary page Figure 9 14 Remote Log Server Summary The previously defined remote servers are displayed 2 To add a remote log server click Add and enter the fields Supported IP Format Select whether the IPv4 or IPv6 format is supported IPv6 Address Type When the server supports IPv6 this specifies the type of static addr...

Page 207: ...535 Enter the UDP port to which the logs are sent for the selected server Facility Select a user defined application from which system logs are sent to the remote server Only a single facility can be assigned to a single server If a second facility level is assigned the first facility level is overridden All applications defined for a device utilize the same facility on a server Description 0 64 C...

Page 208: ...ds CLI Command Description logging host ipv4 address ipv6 address hostname port port id severity level facility facility description text no logging host ipv4 address ipv6 address hostname Logs messages to a remote server with this IP address Use the no form of this command to delete the SYSLOG server with the specified address from the list of SYSLOGs show syslog servers Displays list of SYSLOG s...

Page 209: ...pping ARP UDP Relay IP Addressing Overview The device functions as an IPv6 compliant host as well as an IPv4 host also known as dual stack This enables device operation in a pure IPv6 network as well as in a combined IPv4 IPv6 network Difference Between IPv4 and IPv6 Addressing The primary difference between IPv4 to IPv6 is the length of network addresses IPv6 addresses are 128 bits whereas IPv4 a...

Page 210: ...iary transition mechanism is required for IPv6 only nodes to communicate with IPv6 nodes over an IPv4 infrastructure The tunneling mechanism implemented is the Intra Site Automatic Tunnel Addressing Protocol ISATAP This protocol treats the IPv4 network as a virtual IPv6 local link with each IPv4 address mapped to a Link Local IPv6 address IPv4 Interface Parameters You can assign IP addresses to th...

Page 211: ...In addition to the above validation procedure every time a switch receives an ARP request with a sender IP address that is equal to its IP address defined on the input interface it sends a SYSLOG message informing of IP duplication containing the sender IP and MAC addresses from the received ARP message To assign an IP address to an interface and to define subnets to which traffic can be routed 1 ...

Page 212: ...IP address prefix of the subnetwork Interface Select the interface for which the IP address is defined Select an interface type Port LAG or VLAN and the specific interface number Defining IPv4 Interfaces Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the IPv4 Interfaces Parameters page Table 9 18 IPv4 Interface Parameters CLI Commands CLI Command...

Page 213: ... 10 5 225 40 27 Set the routing interface with prefix length of 27 console config if ip default gateway 10 5 225 33 Set the address of the default gateway console config if no ip address Remove the address if required Table 9 20 Sample CLI Script to Configure IPv4 Statically on a Port CLI Command Description console config Enter Global Configuration mode console config interface gi1 0 1 Enter Inte...

Page 214: ...e IP address is in use the switch sends a DHCPDECLINE message to the DHCP server and sends another DHCPDISCOVER packet that restarts the process IP address collisions occur when the same IP address is used in the same IP subnet by more than one device Address collisions require administrative actions on the DHCP server and or the devices that collide Up to 32 interfaces ports LAGs and or VLAN on t...

Page 215: ...enance Projects Dell Contax sources CxUGSystemConfig fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY To define the switch as a DHCP client 1 Click System IP Addressing DHCP IPv4 Interface in the tree view to display the DHCP IPv4 Interface Summary page Figure 9 16 DHCP IPv4 Interface Summary ...

Page 216: ... address click Add and select the whether the interface is a port LAG or VLAN in the Interface field Defining DHCP IPv4 Interfaces Using CLI Commands The following table summarizes the CLI commands for setting fields in the DHCP IPv4 Interface pages Table 9 21 DHCP IPv4 Interface CLI Commands CLI Command Description ip address dhcp no ip address dhcp Acquires an IP address on an Ethernet interface...

Page 217: ... CLI Command Description console config Enter Global Configuration mode console config interface vlan 1 Enter VLAN mode for VLAN 1 console config no switchport Enable the port to work as an IP interface Layer 3 mode console config if ip address dhcp Use the DHCP protocol to acquire the IP address console config if no ip address dhcp Remove the address if required Table 9 23 Sample CLI Script to Co...

Page 218: ...s in the IPv4 Static Route table The switch uses the matched route with the longest prefix match To add an IPv4 static route 1 Click System IP Addressing IPv4 Static Routing in the tree view to display the IPv4 Static Routing Summary page Figure 9 17 IPv4 Static Routing Summary 2 Click Add to add a destination and enter the fields Destination IP Prefix Enter the destination IPv4 prefix If all zero...

Page 219: ...e The route is a remote path Metric 1 255 Enter the administrative distance cost to the destination Defining IPv4 Static Routing Using CLI Commands The following table summarizes the CLI commands for configuring IPv4 static routing The following is an example of the CLI command Table 9 24 IPv4 Static Routing CLI Commands CLI Command Description ip routing no ip routing Enables IPv4 Routing Use the...

Page 220: ...pt to Configure Two IP Networks on Two Different VLANSs CLI Command Description console config Enter Global Configuration mode console config vlan database Enter VLAN mode console config vlan vlan 100 150 Create VLANs number 100 to 150 console config vlan exit Exit VLAN mode console config interface gi1 0 1 Enter Interface mode for port 1 on unit 1 console config if switchport access vlan 100 Make...

Page 221: ...fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Figure 9 18 IP Routing Setup IPv6 Interfaces The system supports IPv6 addressable hosts To define IPv6 interfaces 1 Click System IP Addressing IPv6 Interface in the tree view to open the IPv6 Interface Summary page Figure 9 19 IPv6 Interface Summary PC 1 1 1 1 Switch PC 2 1 1 1 VLAN 100 VLAN 150 ...

Page 222: ...al for example a rate limit interval of 100 ms and a bucket size of 10 messages translates to 100 ICMP error messages per second 3 To add a new IPv6 interface click Add IPv6 Interface and enter the fields Interface Select an IPv6 interface to be configured Number of DAD Attempts Enter the number of consecutive neighbor solicitation messages that are sent on an interface while Duplicate Address Det...

Page 223: ...bally unique IPv6 Unicast address visible and reachable from different subnets Global Anycast The IP address is a globally unique IPv6 Anycast address visible and reachable from different subnets IPv6 Address Enter the IPv6 address assigned to the interface The address must be a valid IPv6 address specified in hexadecimal using 16 bit values between colons An example of an IPv6 address is 2031 0 1...

Page 224: ...onfig no ipv6 address autoconfig Enables automatic configuration of IPv6 addresses using stateless auto configuration on an interface Addresses are configured depending on the prefixes received in Router Advertisement messages Use the no form of this command to disable address auto configuration on the interface ipv6 icmp error interval milliseconds bucketsize no ipv6 icmp error interval Configure...

Page 225: ...MP for IPv6 ICMPv6 unreachable messages for packets arriving on a specified interface Use the no form of this command to prevent the generation of unreachable messages ipv6 nd dad attempts attempt Configures the number of consecutive neighbor solicitation messages that are sent on an interface while Duplicate Address Detection DAD is performed on the unicast IPv6 addresses of the interface show ip...

Page 226: ...efault router Dynamic default routers are routers that have sent router advertisements to the switch IPv6 interface When adding or deleting IP addresses the following events occur When removing an IP interface all of its default gateway IP addresses are removed Dynamic IP addresses cannot be removed An alert message is displayed after a user attempts to insert more than one IP address An alert mes...

Page 227: ...he tree view to display the IPv6 Default Gateway Summary page Figure 9 20 IPv6 Default Gateway Summary The previously defined routers are displayed with the following fields IPv6 Default IPv6 Address The router s address Interface The interface on which the router is accessed Type The means by which the default gateway was configured The possible options are Static The default gateway is user defi...

Page 228: ...tely however there is a delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation Probe The default gateway is no longer known to be reachable and Unicast Neighbor Solicitation probes are being sent to verify reachability Unreachable No reachability confirmation was received 2 To add an IPv6 default gateway click Add and enter the f...

Page 229: ...urce IPv4 address is used for setting the tunnel interface identifier according to ISATAP addressing conventions When a tunnel interface is enabled for ISATAP the tunnel source must be set for the interface in order for the interface to become active An ISATAP address is represented using the 64 bit prefix 0 5EFE w x y z where 5EFE is the ISATAP identifier and w x y z is a public or private IPv4 a...

Page 230: ...the ISATAP interface The initial IP address is assigned to the interface and the interface state becomes Active If an ISATAP interface is active the ISATAP router IPv4 address is resolved via DNS by using ISATAP to IPv4 mapping If the ISATAP DNS record is not resolved the ISATAP host name to address mapping is searched in the host name cache When an ISATAP router IPv4 address is not resolved via t...

Page 231: ...IP Addressing IPv6 ISATAP Tunnel in the tree view to display the ISATAP Tunnel page Figure 9 21 IPv6 ISATAP Tunnel 2 Enter the fields ISATAP Status Enable disable the status of ISATAP on the device IPv4 Address Type Enter the source of the IPv4 address used by the tunnel The options are Auto Use the dynamic address None Disable the ISATAP tunnel Manual Use the manual address assigned IPv4 Address ...

Page 232: ...he default setting of a field Defining ISATAP Tunnel Parameters Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the ISATAP Tunnel pages Table 9 29 ISATAP Tunnel CLI Commands CLI Command Description interface tunnel number Enters tunnel interface configuration mode tunnel mode ipv6ip isatap no tunnel mode ipv6ip Configures an IPv6 transition mechan...

Page 233: ...olicitations messages when there is no active ISATAP router Use the no form of this command to restore the default configuration tunnel isatap robustness number no tunnel isatap robustness Configures the number of DNS Query Router Solicitation refresh messages that the device sends Use the no form of this command to restore the default configuration show ipv6 tunnel Displays information on the ISA...

Page 234: ...kup console config ip name server 176 16 1 18 Define DNS server console config interface tunnel 1 Enter tunnel mode console config tunnel tunnel mode ipv6ip isatap Enable tunnel console config tunnel tunnel source auto The system minimum IPv4 address will be used as the source address for packets sent on the tunnel interface console config tunnel do show ipv6 tunnel Display tunnel configuration Ta...

Page 235: ...l ARP feature It enables detecting Link Local addresses within the same subnet and includes a database for maintaining reachability information about active neighbors The device supports a total of up to 64 neighbors obtained statically or dynamically When removing an IPv6 interface all neighbors entered statically or learned dynamically are removed To add an IPv6 neighbor 1 Click System IP Addres...

Page 236: ...nger known to be reachable and traffic has recently been sent to the neighbor Rather than probe the neighbor immediately however there is a delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation Probe The neighbor is no longer known to be reachable and Unicast Neighbor Solicitation probes are being sent to verify reachability 2 T...

Page 237: ...LI commands for setting fields displayed in the IPv6 Neighbors pages Table 9 31 IPv6 Neighbors CLI Commands CLI Command Description ipv6 neighbor ipv6_addr gigabitethernet tengigabitethernet port number vlan vlan id port channel LAG number mac_addr no ipv6 neighbor ipv6_addr gigabitethernet tengigabitethernet port number vlan vlan id port channel LAG number Configures a static entry in the IPv6 ne...

Page 238: ...rces CxUGSystemConfig fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config console config ipv6 neighbor 3000 a31b vlan 1 001b 3f9c 84ea console show ipv6 neighbors dynamic Interface IPv6 Address HW Address State Router VLAN 1 3000 a31b 0001b 3f9c 84ea Reachable Yes ...

Page 239: ...ed to determine the next hop address and the interface used for forwarding Each dynamic entry also has an associated invalidation timer value extracted from Router Advertisements This timer is used to delete entries that are no longer advertised To view IPv6 destinations and how they are reached Click System IP Addressing IPv6 Routes Table in the tree view to display the IPv6 Routes Table page Fig...

Page 240: ...the IPv6 route table This is an administrative distance with the range of 0 255 Life Time The timeout interval of the route if no activity takes place Infinite means the address is never deleted Route Type Specifies whether the destination is directly attached and the means by which the entry was learned The possible options are Local A directly connected route entry Static Manually configured rou...

Page 241: ...Codes L Local S Static I ICMP ND Router Advertisement The number in the brackets is the metric S 0 via fe80 77 0 VLAN 1 Lifetime Infinite ND 0 via fe80 200 cff fe4a dfa8 0 VLAN 1 Lifetime 1784 sec L 2001 64 is directly connected g2 Lifetime Infinite L 2002 1 1 1 64 is directly connected VLAN 1 Lifetime 2147467 sec L 3001 64 is directly connected VLAN 1 Lifetime Infinite L 4004 64 is directly conne...

Page 242: ... numeric IP address for example www ipexample com is translated into 192 87 56 2 DNS servers maintain domain name databases and their corresponding IP addresses To add a DNS server and specify the active DNS server 1 Click System IP Addressing Domain Name System in the tree view to display the Domain Name System Summary page Figure 9 24 Domain Name System Summary The list of previously defined DNS...

Page 243: ...his specifies the Link Local interface The possible options are VLAN The VLAN on which the IPv6 interface is configured ISATAP The IPv6 interface is configured on an ISATAP tunnel DNS Server Enter the IP address of the DNS server being added DNS Server Currently Active Displays the DNS server that is currently active Set DNS Server Active Check to activate the selected DNS server Configuring DNS S...

Page 244: ...the CLI commands clear host Deletes entries from the host name to address cache clear host dhcp name Deletes entries from the host name to address mapping received from DHCP show hosts Displays the default domain name the list of name server hosts the static and the cached list of host names and addresses console config ip domain lookup console config ip name server 176 16 1 18 Table 9 33 DNS CLI ...

Page 245: ...a known domain name This domain name is applied to all unqualified host names To define the default domain name 1 Click System IP Addressing Default Domain Name to display the Default Domain Name page Figure 9 25 Default Domain Name If there is a currently defined default domain name it is displayed 2 Enter the Default Domain Name 1 160 Characters Its Type is displayed and has one of the following...

Page 246: ...I Commands The following table summarizes the CLI commands for configuring the default domain name The following is an example of the CLI commands Table 9 34 Default Domain Name CLI Commands CLI Command Description ip domain name name no ip domain name Defines a default domain name that the software uses to complete unqualified host names The no form of the command disables the use of the Domain N...

Page 247: ...omain Name System pages or statically through the Host Name Mapping page To assign IP addresses to static host names 1 Click System IP Addressing Host Name Mapping in the tree view to display the Host Name Mapping Summary page Figure 9 26 Host Name Mapping Summary The currently defined host names are displayed 2 Click Add to add a new host name Up to four IP addresses can be added 3 For each IP ad...

Page 248: ...TAP The IPv6 interface is configured on an ISATAP tunnel Host Name 1 160 Characters Enter the host name to be associated with the IP address entered below IP Address Enter the IP address of the domain Four addresses can be entered 4 Click Remove to delete a host name All addresses for this host name are deleted at the same time Mapping IP Addresses to Domain Host Names Using the CLI Commands The f...

Page 249: ...e following is an example of the CLI commands ARP The Address Resolution Protocol ARP converts IP addresses into physical MAC addresses ARP enables a host to communicate with other hosts when their IP addresses are known To add an IP MAC address mapping 1 Click System IP Addressing ARP in the tree view to display the ARP Summary page Figure 9 27 ARP Summary console config ip host accounting abc co...

Page 250: ...he possible options are None ARP entries are not cleared All All ARP entries are cleared Dynamic Only learned ARP entries are cleared Static Only static ARP entries are cleared 3 To add a mapping click Add and enter the fields Interface Select an interface to be associated with the addresses IP Address Enter the station IP address which is associated with the MAC address filled in below MAC Addres...

Page 251: ...t entry in the ARP cache no arp ip address Removes an ARP entry from the ARP Table arp timeout seconds Configures how long an entry remains in the ARP cache This command can be used in Global Configuration mode for all interfaces or in Interface Configuration mode for a specific interface clear arp cache Deletes all dynamic entries from the ARP cache show arp Displays entries in the ARP Table show...

Page 252: ...t typically route IP Broadcast packets between IP subnets However if configured the switch can relay specific UDP Broadcast packets received from its IPv4 interfaces to specific destination IP addresses To configure the relaying of UDP packets received from a specific IPv4 interface with a destination UDP port 1 Click System IP Addressing UDP Relay in the tree view to display the UDP Relay Summary...

Page 253: ...BIOS Datagram Server port 138 TACACS Server port 49 Time Service port 37 If Default Services are not selected check the text box and enter a UDP port Destination IP Address Enter the IP address that receives the UDP packet relays If this field is 0 0 0 0 UDP packets are discarded If this field is 255 255 255 255 UDP packets are flooded to all IP interfaces Configuring UDP Relay Using the CLI Comma...

Page 254: ...ce Projects Dell Contax sources CxUGSystemConfig fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config ip helper address all 172 16 9 9 49 53 console config do show ip helper address Interface Helper Address UDP Ports All 172 16 9 9 49 53 ...

Page 255: ...aintenance Projects Dell Contax sources CxUGSystemConfig fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Diagnostics This section describes how to perform cable tests on copper and fiber optic cables It contains the following sections Integrated Cable Test Optical Transceiver Diagnostics ...

Page 256: ...e tested Cables can only be tested when the ports are in the down state with the exception of Approximated Cable Length test This test can only be performed when the port is up and operating at 1 Gbps To perform a cable test and view the results 1 Click System Diagnostics Integrated Cable Test Summary in the tree view to display the Integrated Cable Test Summary page Figure 9 29 Integrated Cable T...

Page 257: ...K The cable passed the test Cable Fault Distance Displays the distance from the port where the cable error occurred Last Update Displays the last time the port was tested Approximate Cable Length Displays the approximate cable length Performing Integrated Cable Tests Using CLI Commands The following table contains the CLI commands for performing integrated cable tests Table 9 38 Integrated Cable T...

Page 258: ...orm factor Pluggable transceiver Some information might not be available for SFPs that do not support the digital diagnostic monitoring standard SFF 8472 The following is the list of the compatible SFPs SFP X3366 1000Base SX Finisar FTLF8519P2BNL U3650 1000Base LX Finisar FTRJ1319P1BTL SFP N743D SR Finisar FTLX8571D3BCL T307D LR Finisar FTLX1471D3BCL C043H LRM Avago AFBR 707SDZ D1 N198M LRM Finisa...

Page 259: ...ptical Transceiver Diagnostics The following fields are displayed for the selected unit Port The port number on which the cable was tested Temperature The temperature C at which the cable is operating Voltage The voltage at which the cable is operating Current The current at which the cable is operating Output Power The rate at which output power is transmitted Input Power The rate at which input ...

Page 260: ...mand for performing fiber optic cable tests The following is an example of the CLI command Table 9 39 Fiber Optic Cable Test CLI Commands CLI Command Description show fiber ports optical transceiver interface gigabitethernet tengigabitethe rnet port number detailed Displays the optical transceiver diagnostics console show fiber ports optical transceiver detailed Port Temp C Voltage Current aM Outp...

Page 261: ... topics Access Profiles Profile Rules Authentication Profiles Select Authentication Active Users Local User Database Line Passwords Enable Password TACACS Password Management RADIUS Access Profiles Access to management functions may be limited to users identified by Ingress interface Port LAG or VLAN Source IP address Source IP subnet Management access may be separately defined for the following t...

Page 262: ... port all VLANs and IP interfaces on that port will be acceptable management traffic sources If you enable management access through a VLAN all ports and IP interfaces on that VLAN will be acceptable If specific IP address es are specified only traffic from the specified IP addresses on the appropriate ports will be accepted Access Profiles Rules Each management access profile is composed of at le...

Page 263: ...urity Access Profiles in the tree view to display the Access Profiles Summary page Figure 9 31 Access Profiles Summary The currently defined access profiles are displayed 2 To activate an access profile select it in the Active Access Profile field If you select Console Only active management of the device can only be performed using the console connection This profile cannot be removed 3 To add a ...

Page 264: ...access profile is applied to HTTPS users SNMP The access profile is applied to SNMP users Interface Check the fields and select the interface type to which the rule applies Enable Source IP Address Check this parameter to restrict access based on the source IP address When this field is not selected the source IP address cannot be entered into a configured rule Supported IP Format Select whether t...

Page 265: ...d for defining an access profile without its rules The CLI commands for defining the rules are described in Defining Access Profile Rules Using CLI Commands on page 267 The following is an example of the CLI commands Table 9 40 Access Profile CLI Commands CLI Command Description management access list name no management access list name Defines an access list for management Use the no form of this...

Page 266: ...se the Profile Rules pages to add additional rules to it To add a rule to a management access profiles 1 Click System Management Security Profile Rules in the tree view to display the Profile Rules Summary page Figure 9 32 Profile Rules Summary 2 Select an access profile name Its rules are displayed in the order that they will be implemented 3 To add a rule to the selected management access profil...

Page 267: ...ngigabitethe rnet port number vlan vlan id port channel LAG number service service Sets port permitting conditions for the management access list and the selected management method deny gigabitethernet tengigabitethe rnet port number vlan vlan id port channel LAG number service service Sets port denying conditions for the management access list and the selected management method deny ip source ipv...

Page 268: ...ement access class console config management access list mlist console config macl permit gi1 0 1 console config macl permit gi1 0 2 console config macl deny gi1 0 3 console config macl deny gi1 0 4 console config macl exit console config management access class mlist console config exit console show management access list mlist permit gi1 0 1 permit gi1 0 2 deny gi1 0 3 deny gi1 0 4 Note all othe...

Page 269: ...ed first locally If the local user database is empty the user is authenticated via the RADIUS server If an error occurs during the authentication the next selected method is used If an authentication method fails or the user has an insufficient privilege level the user is denied access to the switch The switch then stops does not continue and does not attempt to use the next authentication method ...

Page 270: ...iles Summary page Figure 9 33 Authentication Profiles Summary All currently defined authentication profiles are displayed 2 Click Add to add a new authentication profile and enter the fields Profile Name 1 12 Characters Enter the name of the new authentication profile Profile names cannot include blank spaces Authentication Method Optional Methods Select a user authentication methods that can be a...

Page 271: ...S server For more information see TACACS on page 282 None No user authentication occurs Select a method by highlighting it in the Optional Methods list and clicking on the right arrow to move it to the Selected Methods list Configuring an Authentication Profile Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the Authentication Profiles pages The f...

Page 272: ...ss methods for example console users can be authenticated by Authentication Profile 1 while Telnet users can be authenticated by Authentication Profile 2 To assign an authentication profile to a management access method 1 Click System Management Security Select Authentication in the tree view to display the Select Authentication page Figure 9 34 Select Authentication 2 For the Console Telnet and S...

Page 273: ... page Table 9 43 Select Authentication CLI Commands CLI Command Description aaa authentication enable default list name method method2 no aaa authentication enable default list name Indicates the authentication method list when accessing a higher privilege level from a remote Telnet Console or SSH enable authentication default list name no enable authentication Specifies the authentication method ...

Page 274: ... authentication for the console using the default method list that was previously defined The following is an example of the CLI commands that creates an authentication method list for http server access RADIUS and local console config line console console config line enable authentication default console config line login authentication default console config line exit console config ip http auth...

Page 275: ... 13 FOR PROOF ONLY Active Users To view active users on the device Click System Management Security Active Users in the tree view to display the Active Users page Figure 9 35 Active Users The following fields are displayed for all active users Name Active users logged into the device Protocol The management method by which the user is connected to the device Location The user s IP address ...

Page 276: ...Active Users Using CLI Commands The following table summarizes the CLI commands for viewing active users connected to the device The following example shows an example of the CLI command Table 9 44 Active Users CLI Commands CLI Command Description show users Displays information about active users console show users Username Protocol Location Bob Serial John SSH 172 16 0 1 Robert HTTP 172 16 0 8 B...

Page 277: ...users passwords and access levels To add a new user 1 Click System Management Security Local User Database in the tree view to display the Local User Database Summary page Figure 9 36 Local User Database Summary All users are displayed even if they have been suspended If a user has been suspended it can be restored here by selecting the Reactivate Suspended User field 2 To add a user click Add and...

Page 278: ...s whether the user currently has access status Usable or whether the user is locked out due to too many failed authentication attempts since the user last logged in successfully status Locked Reactivate Suspended User Check to reactivate the specified user s access rights Access rights can be suspended after unsuccessfully attempting to login Configuring Local Users Using CLI Commands The followin...

Page 279: ...ne Passwords To add a line password for Console Telnet and Secure Telnet users 1 Click System Management Security Line Passwords in the tree view to display the Line Password page Figure 9 37 Line Password 2 Enter the fields for each type of user separately Password 0 159 Characters Enter the line password for accessing the device Confirm Password Confirm the line password console config username ...

Page 280: ...on attempts since the user last logged in successfully status Locked Reactivate Locked Line Check to reactivate the line password for a Console Telnet Secure Telnet session Access rights can be suspended after a number of unsuccessful attempts to log in Assigning Line Passwords Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the Line Password page...

Page 281: ...ck System Management Security Enable Passwords in the tree view to display the Enable Password page Figure 9 38 Enable Password 2 Enter the fields Select Enable Access Level Select the access level to associate with the enable password The lowest user access level is 1 and 15 is the highest user access level Users with access level 15 are Privileged Users and only they can access and use the OpenM...

Page 282: ...ble summarizes the CLI commands for setting fields displayed in the Enable Password page The following is an example of the CLI commands TACACS The device can act as a Terminal Access Controller Access Control System TACACS client TACACS provides centralized validation of users accessing the device while still retaining consistency with RADIUS and other authentication processes TACACS provides the...

Page 283: ...Security TACACS in the tree view to display the TACACS Summary page Figure 9 39 TACACS Summary The list of currently defined TACACS servers is displayed The parameters for each server is displayed along with its connection status 2 Enter the default parameters for TACACS servers These values are used unless values are added in the TACACS Add or Edit pages Source IP Address The device IP address us...

Page 284: ...and the TACACS server times out 3 To add a TACACS server click Add and enter the fields on the page The fields below are those that were not described on the TACACS Summary page Host IP Address Enter the TACACS server IP address Priority 0 65535 Enter the order in which the TACACS servers are used if several are defined Source IP Address Enter either specific device IP address for the TACACS serve...

Page 285: ...t port number timeout timeout key key string source source priority priority no tacacs server host ip address hostname Configures a TACACS host Use the no form of this command to delete the specified TACACS host tacacs server key key string no tacacs server key Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server Use the no form of ...

Page 286: ...tures that include Minimum password lengths Password expiration dates password aging Prevention of frequent password reuse Lockout of users after failed login attempts Number of repeated characters allowed Number of different character classes required in the password Numeric alphabetic and special characters are all character classes console config tacacs server source ip 172 16 8 1 console show ...

Page 287: ...re according to the user defined expiration date time Ten days prior to password expiration the device displays a password expiration warning message After the password has expired users can log in a few additional times During the remaining logins an additional warning message displays informing the user that the password must be changed If the password is not changed users are locked out of the ...

Page 288: ...o display the Password Management page Figure 9 40 Password Management 2 Check the required fields and enter their values Enable Strong Passwords Check to enable this feature Number of Classes Select a number of character classes The character classes are upper case characters lower case characters digits and punctuation The number of character classes selected indicates how many different types o...

Page 289: ...asswords Before Reuse 1 10 When checked indicates the number of times a password must be changed before the password can be reused Select the number of times Password History Hold Time 1 365 When checked the password history will be deleted after the number of days entered Enter the number of days Password Management Using CLI Commands The following table summarizes the CLI commands for setting fi...

Page 290: ...ory Defines the amount of times a password is changed before the password can be reused password history hold time days no password history hold time Configures the duration that a password is relevant for tracking passwords history Use the no form of this command to return to the default configuration password lockout number no password lockout Defines the number of times a faulty password is ent...

Page 291: ...DIUS servers provide a centralized authentication method for Telnet Access Secure Shell Access Web Access Console Access console config passwords strength minimum character classes 3 Enable that passwords must contain at least three character classes password min length 8 Enable that passwords must contain at least eight characters console config username admin privilege 15 password FGH123 Create ...

Page 292: ... not entered for a specific server Default Retries 1 10 The default number of transmitted requests sent to RADIUS server before a failure occurs Default Timeout for Reply 1 30 The default amount of the time in seconds that the device waits for an answer from the RADIUS server before timing out Default Dead time 0 2000 The default amount of time in minutes that a RADIUS server is bypassed for servi...

Page 293: ...the UDP port number of the RADUS server used for accounting requests Enter 0 if you do not want this server to be used for accounting purposes Usage Type Enter the RADIUS server usage The possible options are Login Used for login authentication and or accounting 802 1x Used for 802 1x authentication and or accounting All Used for all types of authentication and or accounting 4 Enter the following ...

Page 294: ...rt number acct port acct port number timeout timeout retransmit retries deadtime deadtime key key string source ipv4 address ipv6 address priority priority usage login 802 1x all no radius server host ipv4 address ipv6 address hostname Specifies a RADIUS server host Use the no form of the command to delete the specified RADIUS server host radius server timeout timeout no radius server timeout Sets...

Page 295: ...radius server retransmit Specifies the number of times the software searches the list of RADIUS server hosts Use the no form of this command to restore the default configuration radius server deadtime deadtime no radius server deadtime Configures unavailable servers to be skipped Use the no form of this command to restore the default configuration radius server key key string no radius server key ...

Page 296: ...imeout 20 console config radius server key enterprise server console show radius servers IP address Port Port Time Ret Dead Source IP Prio Usage Auth Acct Out rans Time 1 1 1 11 1812 1813 Global Global Global Global 10 all 1 1 1 21 1812 1813 Global Global Global Global 19 all 1 1 1 31 1812 1813 Global Global Global Global 18 all 1 1 1 41 1812 1813 Global Global Global Global 17 all 1 1 1 51 1812 1...

Page 297: ... Pool Excluded Addresses Static Hosts Address Binding DHCP Server Overview A DHCP server uses a defined pool of IP addresses user defined from which it allocates IP addresses to DHCP clients The DHCP server can allocate IP addresses in the following modes Static Allocation The hardware address of a host is manually mapped to an IP address Permanent Allocation An IP address sent to the client throu...

Page 298: ... as a DHCP server pinging capability can be enabled The DHCP server pings an IP address in the address pool before assigning that IP address to a requesting client If the ping is unanswered the DHCP server assumes that the address is not in use and assigns the address to the client To configure the device as a DHCP server 1 Click System DHCP Server DHCP Server Properties in the tree view to displa...

Page 299: ...CP server waits for a ping reply Use Default reverts to the default Ping Timeout Defining DHCP Server Using CLI Commands The following table summarizes the CLI commands for defining the switch as a DHCP server Table 9 52 DHCP Server CLI Commands CLI Command Description ip dhcp server no ip dhcp server Enables the DHCP server feature on the device Use the no form of this command to disable the DHCP...

Page 300: ...NLY The following is an example of the CLI commands ip dhcp ping timeout milliseconds no ip dhcp ping timeout Specifies the time interval during which a DHCP server waits for a ping reply from an address pool Use the no form of this command to restore default values console config ip dhcp ping enable console config ip dhcp ping count 5 Table 9 52 DHCP Server CLI Commands Continued CLI Command Desc...

Page 301: ...d from which the switch will allocate IP addresses to clients Each IP pool has a lease duration To create a pool of IP addresses and define their lease durations 1 Click System DHCP Server Network Pool in the tree view to display the Network Pool Summary page Figure 9 43 Network Pool Summary The previously defined network pools are displayed 2 Click Add to define a new network pool and enter the f...

Page 302: ...ase of 49710 days 23 hours 59 minutes and 59 seconds results in an Out of Range alert Days The duration of the lease in number of days The range is 0 to 49710 days Hours The number of hours in the lease A days value must be supplied before an hours value can be added Minutes The number of minutes in the lease A days value and an hours value must be added before a minutes value can be added Infinit...

Page 303: ...r always tries p node first and uses b node only if p node fails This is the default SNTP Server Enter the IP address of the time server for the DHCP client Next Server Enter the IP address of the next server in the boot process of a DHCP client If the next server in the boot process is not configured the DHCP server uses inbound interface helper addresses as boot servers Next Server Name Enter th...

Page 304: ...ult router list for a DHCP client Use the no form of this command to remove the default router list dns server ip address ip address2 ip address8 no dns server Configures the DNS IP servers available to a DHCP client Use the no form of this command to remove the DNS server list domain name domain no domain name Specifies the domain name for a DHCP client Use the no form of this command to remove t...

Page 305: ...boot process of a DHCP client Use the no form of this command to remove the boot server next server name name no next server name Configures the next server name in the boot process of a DHCP client Use the no form of this command to remove the boot server name bootfile filename no bootfile Specifies the default boot image file name for a DHCP client Use the no form of this command to delete the b...

Page 306: ...a pool may be assigned to clients A single IP address or a range of IP addresses can be excluded To define an excluded address range 1 Click System DHCP Server Excluded Addresses in the tree view to display the Excluded Addresses Summary page Figure 9 44 Excluded Addresses Summary The previously defined excluded IP addresses are displayed 2 To add a range of IP addresses to be excluded click Add a...

Page 307: ...f the CLI commands Table 9 54 Excluding Addresses Using CLI Commands CLI Command Description ip dhcp excluded address low address high address no ip dhcp excluded address low address high address Configures a DHCP address pool on a DHCP Server and enter DHCP Pool Configuration mode Use the no form of this command to remove the address pool show ip dhcp excluded addresses Displays the excluded addr...

Page 308: ... hosts 1 Click System DHCP Server Static Hosts in the tree view to display the Static Hosts Summary page Figure 9 45 Static Hosts Summary The static hosts are displayed 2 To add a static host click Add and enter the fields Host Name Enter the host pool name which can be a string of symbols and an integer IP Address Enter the IP address that was statically assigned to the host Network Mask Enter th...

Page 309: ...rs NetBIOS WINS Server Enter the NetBIOS WINS name server available to a DHCP client NetBIOS Node Type Select how to resolve the NetBIOS name Valid node types are Empty Default value Broadcast IP Broadcast messages are used to register and resolve NetBIOS names to IP addresses Peer to Peer Point to point communications with a NetBIOS name server are used to register and resolve computer names to I...

Page 310: ...ommands for defining static hosts See Table 9 53 for the remaining CLI commands that are common to the Network Pool pages but are used in the context DHCP Pool Host context Table 9 55 Defining Static Hosts Using CLI Commands CLI Command Description ip dhcp pool host no ip dhcp pool host Configures a DHCP static address on a DHCP Server and enters the DHCP Pool Host Configuration mode Use the no fo...

Page 311: ...following is an example of the CLI commands console config ip dhcp pool host station console config dhcp ip host accounting website com 176 10 23 1 console show hosts System Name Default domain Domain name is not configured Name address lookup is enable Name servers Preference order 1 1 1 1 1 1 1 2 1 1 1 3 1 1 1 4 1 1 1 5 Configured host name to address mapping Host IP Address accounting website c...

Page 312: ...tem DHCP Server Address Binding in the tree view to display the Address Binding page Figure 9 46 Address Binding The following fields for the address bindings are displayed IP Address The IP addresses of the client Client Identifier MAC Address A unique identification of the client specified as a MAC Address or in dotted hexadecimal notation e g 01b6 0819 6811 72 Lease Expiration The lease expirat...

Page 313: ... ONLY Permanent The IP address obtained dynamically from the switch is owned by the client permanently unless changes in the network environment connections take place for any reason Dynamic The IP address obtained dynamically from the switch is owned by the client for a specified period of time The IP address is revoked at the end of this period at which time the client must request another IP ad...

Page 314: ...h supports the SNMPv1 SNMPv2 and SNMPv3 SNMP v1 and v2 The SNMP agent maintains a list of variables that are used to manage the switch These variables are stored in the Management Information Base MIB from which they may be presented The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are control...

Page 315: ...ch features Authentication or Privacy Keys are modified in the User Security Model USM SNMPv3 can only be enabled if the Local Engine ID is enabled SNMP Access Rights Access rights in SNMP are managed in the following ways SNMPv1 and SNMPv2 Communities The community name is a password sent by the SNMP management station to the device for authentication purposes A community string is transmitted al...

Page 316: ...oup is operational only when it is associated with an SNMP user Model OIDs The following are the switch model Object IDs OIDs SNMP Global Settings The Engine ID is used by SNMPv3 entities to uniquely identify themselves An SNMP agent is considered an authoritative SNMP engine This means that the agent responds to incoming messages Get GetNext GetBulk Set and sends Trap messages to a manager The ag...

Page 317: ...meters in the tree view to display the Global Parameters page Figure 9 47 Global Parameters The global parameters are displayed 2 Enter the fields Local Engine ID 10 64 Hex Characters Check and enter the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID ...

Page 318: ... switch sending SNMP traps when authentication fails Setting SNMP Global Parameters Using CLI Commands The following table summarizes the CLI commands for setting fields in the Global Parameters page Table 9 56 SNMP Global Parameters Commands CLI Command Description snmp server engine ID local engine id string default no snmp server engine ID local Specifies the local device engine ID The field va...

Page 319: ... entered see Model OIDs on page 316 Each subtree is either included in or excluded from the view being defined snmp server trap authentication no snmp server trap authentication Enables the router to send Simple Network Management Protocol traps when authentication fails Use the no form of this command to disable SNMP failed authentication traps show snmp Checks the status of SNMP communications c...

Page 320: ...e view to display the View Settings Summary page Figure 9 48 View Setting Summary 2 Select a view name Its subtrees are displayed 3 To remove a subtree from an SNMP view click Remove The subtrees of the default views Default DefaultSuper cannot be changed 4 To add a new view click Add and enter a new View Name 1 30 Characters 5 To complete the definition of the view click Edit and select a View Na...

Page 321: ...summarizes the CLI commands for defining fields displayed in the View Settings pages The following is an example of CLI commands Table 9 57 SNMP View CLI Commands CLI Command Description snmp server view view name oid tree included excluded no snmp server view view name oid tree Creates or updates a SNMP server view entry Use the no form of this command to remove an SNMP server view entry show snm...

Page 322: ...n entire group instead of assigning them individually to users Users are created in the User Security Model pages Groups can be defined in any version of SNMP but only SNMPv3 groups can be assigned authentication methods To add an SNMP group and assign it access control privileges 1 Click System SNMP Access Control in the tree view to display the Access Control Summary page Figure 9 49 Access Cont...

Page 323: ...cannot be made to the assigned SNMP view If desired select a view from the drop down list Write The management access is read write and changes can be made to the assigned SNMP view If desired select a view from the drop down list Notify Sends traps for the assigned SNMP view If desired select a view from the drop down list Defining SNMP Access Control Using CLI Commands The following table summar...

Page 324: ...are verified using a local database After a user is authenticated it takes on the attributes of its group and can then access the views permitted to this group A user can only be a member of a single group Before you create an SNMPv3 user create an SNMPv3 group in the Access Control pages When the configuration file is saved SNMP communities users are not saved This means that if you configure ano...

Page 325: ...Summary page Figure 9 50 User Security Model Summary The currently defined users and their groups are displayed 2 To add a user click Add and enter the fields User Name 1 30 Characters Enter a new user name Engine ID Specifies the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 User Database Select either Local or Remote I...

Page 326: ...thod was selected enter the user defined password for a group Authentication Key MD5 16 SHA 20 Hex Characters If the MD5 Key or SHA Key authentication method was selected enter the HMAC MD5 96 or HMAC SHA 96 keys The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined for MD5 If both privacy and authentication are req...

Page 327: ... SNMP Admin In addition you can restrict access to the community to only certain MIB objects using a view Views are defined in the Views Setting pages Advanced Table Access rights to a community are assigned to a group that consists of users A group can have Read Write and Notify access to views Groups are defined in the Access Control pages Table 9 59 SNMP Users CLI Commands CLI Command Descripti...

Page 328: ...nities Summary page Figure 9 51 SNMP Community The Basic and Advanced tables are displayed 2 To add a new community click Add 3 Define the SNMP management station by entering its IP address information Supported IP Format Select whether the IPv4 or IPv6 format is being used IPv6 Address Type When the community supports IPv6 this specifies the type of static address supported The possible options a...

Page 329: ...nd is used to authenticate the management station to the device 4 To associate access mode and views directly with the community enter the fields Basic Check to enable SNMP Basic mode for a selected community Access Mode If Basic is selected specify the access rights of the community The possible options are Read Only Management access is restricted to read only and changes cannot be made to the c...

Page 330: ... feature aspect SNMP notification filters provide the following services Identification of management trap targets Trap filtering Selection of trap generation parameters Table 9 60 SNMP Community CLI Commands CLI Command Description snmp server community community view view name ro rw su ipv4 address ipv6 address mask mask value prefix length prefix value Sets up the community access string to per...

Page 331: ...t in the SNMPv1 2 Notification Recipients pages To add a notification filter 1 Click System SNMP Notification Filters in the tree view to display the Notification Filter Summary page Figure 9 52 Notification Filter Summary 2 The OIDs of the selected filter are displayed 3 If required the notification filter type can be changed by selecting one of the following options Excluded OID traps or informs...

Page 332: ...ns to scroll through a list of all device OIDs or Object ID Specify the device feature OID Filter Type Select whether the defined OID branch will be Included or Excluded in the selected SNMP view Configuring Notification Filters Using CLI Commands The following table summarizes CLI commands for defining fields displayed in the Notification Filter pages Table 9 61 SNMP Notification Filter CLI Comma...

Page 333: ...a link up or down Trap receivers also known as notification recipients are network nodes to which trap messages are sent by the switch A trap receiver entry contains the IP address of the node and the SNMP credentials corresponding to the version that will be included in the trap message When an event arises that requires a trap message to be sent it is sent to every node listed in the trap receiv...

Page 334: ...ts Summary page Figure 9 53 Notification Recipients Summary The previously defined notification recipients are displayed 2 To add a new notification recipient click Add and enter the fields Supported IP Format Select whether the IPv4 or IPv6 format is supported IPv6 Address Type When the recipient supports IPv6 this specifies the type of static address supported The possible options are Link Local...

Page 335: ...cted recipient enter the fields Community String The community string of the trap manager Notification Version The message trap SNMP version v1 or v2 If SNMPv3 is used to send and receive traps enter the fields User Name The user to whom SNMP notifications are sent Security Level The means by which the packet is authenticated The possible options are No Authentication The packet is neither authent...

Page 336: ... host ipv4 address ipv6 address hostname traps informs version 1 2c 3 auth noauth priv community string udp port port filter filtername timeout seconds retries retries no snmp server host ipv4 address ipv6 address hostname traps informs version 1 2c 3 Creates or updates a notification recipient receiving notifications in SNMP version 1 2 or 3 Use the no form of this command to remove the specified...

Page 337: ... extension text These files contain the commands required to configure the device at startup or after reboot The Startup Configuration file is created from the Running Configuration file or can be created from another file Running Configuration File Files with extension text These files contain all Startup Configuration file commands as well as all commands entered during the current session After...

Page 338: ... manually loaded from downloaded or copied to uploaded a TFTP server or a USB drive This can be done in one of the following ways Manually System files can be downloaded using the File Download page and uploaded using the File Upload page Automatically Auto Update Configuration System files can be downloaded automatically as follows Auto Configuration If the Auto Configure feature is enabled in th...

Page 339: ...e assigned to the device See Setup Files on page 339 below Setup Files In addition to placing configuration and image files on the USB key the USB key might also contain a setup file which is a file with a setup extension Setup File Contents A setup file contains one or more lines Each line contains some or all of the following fields MAC Address This indicates to which device the line applies In ...

Page 340: ... Configuration File Name Image File Name flag Examples 0080 c200 0010 192 168 0 10 255 255 255 0 switch X text pc5500 4018 ros This means that the line applies to the device with MAC address 0080 c200 0010 a new IP address of 192 168 0 10 is to be assigned to the device with mask 255 255 255 0 The switch x text is the Startup Configuration file and pc5500 4018 ros is the new image file 0080 c200 0...

Page 341: ...s is the new image file Format C Contains the following 5 fields IP_address IP_mask Configuration File Name Image File Name Flag Example 192 168 0 10 255 255 255 0 switch text pc5500 4018 ros This means that the line applies to any device no MAC address is supplied a new IP address of 192 168 0 10 is to be assigned to the device with mask 255 255 255 0 The switch x text is the Startup Configuratio...

Page 342: ...onfiguration Download at Next Startup has been enabled by the boot host dhcp command or the Startup Configuration file is empty See Performing Auto Update from a USB Drive on page 343 The Auto Update from a TFTP server is triggered if the following conditions are fulfilled The conditions for a USB Auto Update are not fulfilled An IP address of a TFTP server is received from a DHCP server A file na...

Page 343: ... after boot if both of the following conditions are fulfilled There is no DHCP IP interface There is a VLAN without an IP address Preparations for Using Auto Update Configuration from a USB Drive Before Auto Update Configuration from a USB drive can be performed the following steps must be performed 1 Enable Auto Update Configuration in the Auto Update of Configuration Image File page 2 Optional C...

Page 344: ...mat is valid the flag field is empty the line is applied If no line for the specific device was found the setup file is searched for valid lines with formats C or D The first line found is applied 3 Apply the correct line When the correct line in the setup file is found it is applied as follows If the line contains an IP address and IP mask the IP address is configured on the default VLAN If the l...

Page 345: ...n file found on the TFTP server Two methods may be used One file Read described in Auto Configuration One File Read Method on page 345 This method is used if a configuration file is found on the TFTP server Multi file Read described in Auto Configuration Multi File Read Method on page 346 This method is used if a configuration file name is not found on the DHCP server or the configuration file is ...

Page 346: ...HCP Server the switch applies the multi file method to download the configuration file The following steps are performed by the switch The switch gets the hostname as described below If the hostname was provided by the DHCP server this hostname is used If the hostname has not been provided by a DHCP server and if the user has configured the sysName variable its value is used as a hostname If neith...

Page 347: ...and TFTP servers require the following TFTP Server Create a sub directory in the main directory Place a software image file in it Create an indirect file that contains a path and the name of the software version for example indirect contax txt that contains contax contax version ros Copy this file to the TFTP server s main directory DHCP Server Configure the DHCP server with option 20 or 66 This i...

Page 348: ...face on page 214 After reboot this command is not saved in the Startup configuration Preparations described above must be completed on the DHCP server and TFTP servers 1 Click System File Management Auto Update of Configuration Image File in the tree view to display the Auto Update of Configuration Image File page Figure 9 54 Auto Update of Configuration Image File The auto update configuration op...

Page 349: ...fields displayed in the Auto Update of Configuration Image File page Table 9 63 Auto Update of Configuration Image File CLI Commands CLI Command Description boot host auto config no boot host auto config Enables the support of auto configuration via DHCP Use the no form of this command to disable DHCP auto configuration boot host auto update no boot host auto update Enables the support of auto upd...

Page 350: ...terface vlan 1 console config if ip address dhcp console config if 01 Oct 2006 15 19 51 BOOTP_DHCP_CL W DHCPIPCANDIDATE The device is waiting for IP address verification on interface Vlan 1 IP 10 5 225 47 mask 255 255 255 224 DHCP server 10 5 224 25 01 Oct 2006 15 20 03 BOOTP_DHCP_CL I DHCPCONFIGURED The device has been configured on interface Vlan 1 IP 10 5 225 47 mask 255 255 255 224 DHCP server...

Page 351: ...om a USB port or when management computer uses HTTP 1 Click System File Management File Download in the tree view to display the File Download page Figure 9 55 File Download 2 For HTTP enter the IP Format fields for the HTTP server IP address Supported IP Format Select whether IPv4 or IPv6 format is supported IPv6 Address Type When the server supports IPv6 this specifies the type of static address...

Page 352: ...nation file type to which the file is downloaded The possible options are Software Image Downloads the Image file The image file overwrites the non active image It is recommended to designate that the non active image becomes the active image after reset and then to reset the device following the download During the Image file download a dialog box opens that displays the download progress and bro...

Page 353: ...FTP 1 Click System File Management File Download in the tree view to display the File Download page Figure 9 56 File Download 2 Enter the IP Format fields for the TFTP server IP address Supported IP Format Select whether IPv4 or IPv6 format is supported IPv6 Address Type When the server supports IPv6 this specifies the type of static address supported The possible options are Link Local A Link Loc...

Page 354: ... Download Protocol 5 If the Firmware Download option was selected enter the following Server IP Address The IP address of the server from which the firmware file is downloaded Source File Name 1 64 characters The file to be downloaded Destination File Type The destination file type to which the file is downloaded The possible options are Software Image Downloads the Image file The image file overw...

Page 355: ...kup file Enter the filename 7 Click Activate to start the download process Downloading Files Using CLI Commands The following table summarizes the CLI commands for setting fields displayed in the File Download page The following is an example of the CLI command NOTE Each exclamation mark indicates that ten packets were successfully transferred File Upload Software and configuration files can be up...

Page 356: ...gement File Upload in the tree view to display the File Upload page Figure 9 57 File Upload 2 Configuration Upload is selected automatically 3 Select to upload a configuration file when the management computer is using HTTP or from a USB port in Download Protocol 4 Enter the fields Transfer File Name The configuration file to which the configuration is uploaded The possible options are Running Con...

Page 357: ... view to display the File Upload page Figure 9 58 File Upload 2 Enter the IP Format fields for the TFTP server IP address Supported IP Format Select whether IPv4 or IPv6 format is supported IPv6 Address Type When the server supports IPv6 this specifies the type of static address supported The possible options are Link Local A Link Local address that is non routable and used for communication on th...

Page 358: ...IP address to which the software image is uploaded Destination File Name 1 64 Characters The file name to which the file is uploaded 6 If Configuration Upload was selected enter TFTP Server IP Address The TFTP server IP address to which the configuration file is uploaded Destination File Name 1 64 Characters The configuration file name path to which the file is uploaded Transfer File Name The conf...

Page 359: ...lowing table summarizes the CLI commands for setting fields displayed in the File Upload page The following is an example of the CLI commands Table 9 65 File Upload CLI Commands CLI Command Description copy source url destination url Copies any file from a source to a destination console copy image tftp 10 6 6 64 uploaded ros Copy 4234656 bytes copied in 00 00 33 hh mm ss 01 Jan 2000 07 30 42 COPY...

Page 360: ...s is identified as the active image and the other is identified as the inactive image The switch boots from the active image You can switch the inactive image to the active image and then reboot the switch The active image file for each unit in the stack can be individually selected To select the image file to be used after reset 1 Click System File Management Active Images in the tree view to dis...

Page 361: ...ds The following table summarizes the CLI commands for viewing fields displayed in the Active Images The following is an example of the CLI commands Copy Files Firmware and configuration files can be copied between units in the stack Use the Copy Files page to perform the following Copy the firmware on the Master unit to another unit in the stack Copy the master Running Configuration file to the m...

Page 362: ...ctually executes these commands so some of the configuration commands might fail for example when trying to create a VLAN that is already defined on the system Restore configuration factory defaults To copy files 1 Click System File Management Copy Files in the tree view to display the Copy Files page Figure 9 60 Copy Files 2 To copy the firmware from the Master unit to the Backup Master unit or t...

Page 363: ... Configuration file or user created flash files depending on the source configuration file or New File Name 1 64 characters To copy the source file to a user named file enter the name of a file If this option is selected check where the file is stored Flash or USB 4 Select Restore Configuration Factory Defaults to replace the current configuration settings by the factory configuration default sett...

Page 364: ...mmands console delete startup config Delete startup config y n y console 01 Oct 2006 16 10 51 FILE I DELETE File Delete file URL flash startup config console copy running config startup config Overwrite file startup config Yes press any key for no 01 Oct 2006 16 11 47 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 01 Oct 2006 16 12 01 COPY N TRAP The copy ...

Page 365: ...les currently stored on the system including file names file sizes files modifications and file permissions The files system permits managing up to two user defined backup configuration files To view information about files 1 Click System File Management File System in the tree view to display the File System page Figure 9 61 File System 2 Select the File Location The possible options are Flash Fi...

Page 366: ... remaining amount of space currently free Total bytes and free bytes are not available when selecting USB 4 To rename a file click its Rename button Change the File Name Managing Files Using CLI Commands The following table summarizes the CLI command for viewing system files The following is an example of the CLI commands Table 9 68 File Management CLI Command CLI Command Description dir flash usb...

Page 367: ...er and Unit 2 is the backup master All other units act as slaves The entire stack without regard to the stack topology or the number of units in the stack can be managed as a single switch For more information about stacking see Stacking Overview on page 45 The stacking pages described in this section enable the following actions Switching from the Master unit to the Backup Master unit Changing un...

Page 368: ...e Backup Master unit to the Master Unit or set unit IDs 1 Click System Stack Management Stack Unit ID in the tree view to display the Stack Unit ID page Figure 9 62 Stack Unit ID 2 Enter the fields Switch Stack Control from Unit 1 to Unit 2 Check this field to make unit 2 the Master unit Unit ID After Reset Select Auto if you want the system to assign the unit ID after reset Select a number to ass...

Page 369: ...es the CLI commands for setting fields displayed in the Stack Unit ID page The following is an example of the CLI commands Table 9 69 Stack Unit ID CLI Commands CLI Command Description stack master unit no stack master Makes the unit specified be the Master unit Use the no version to restore the default Master unit switch current unit number renumber new unit number Changes the unit ID of a specif...

Page 370: ...nd software versions currently running on the switch Click System Stack Management Versions in the tree view to display the Versions page Figure 9 63 Versions The following fields are displayed Unit ID The unit number for which the device versions are displayed Software Version The current software version running on the device Boot Version The current Boot version running on the device Hardware V...

Page 371: ... Use the Reset page to reset the device from a remote location To reset a unit in the stack 1 If changes were made to the Running Configuration file save them to the Startup Configuration file before resetting the device This prevents the current device configuration from being lost For more information about saving Configuration files see Copy Files on page 361 Table 9 70 Versions CLI Commands CL...

Page 372: ...set in the tree view to display the Reset page Figure 9 64 Reset 3 In the Reset Unit ID field select either the unit ID to be reset or Stack to reset all the units in the stack Resetting the Device Using the CLI The following table summarizes the CLI commands for performing a reset of the device via the CLI Table 9 71 Reset CLI Command CLI Command Description reload slot unit Reloads the operating...

Page 373: ...n Location The Location LED on a unit helps you to discover a specific unit or indeed all the units in a stack To light up the Location LED 1 Click System Stack Management Unit Identification in the tree view to display the Unit Identification page Figure 9 65 Unit Identification console reload You haven t saved your changes Are you sure you want to continue Y N N Y This command will reset the who...

Page 374: ...e units in the stack to light up Identification Duration 2 60 Enter a time interval The Location and Power LED light up for this period of time Setting the Location LED Using the CLI The following table summarizes the CLI commands for setting the Location LED The following is an example of the CLI command Table 9 72 Location LED CLI Commands CLI Command Description system light unit unit number du...

Page 375: ...erfaces simultaneously The sFlow monitoring system consists of an sFlow agent embedded in a switch or router or in a stand alone probe and a central data collector known as the sFlow receiver The sFlow agent uses sampling technology to capture traffic and statistics from the device it is monitoring sFlow datagrams are used to forward the sampled traffic and statistics to an sFlow receiver for anal...

Page 376: ...counter sampling are disabled To enable sFlow sampling 1 Set the IP address of a receiver also known as a collector for sFlow statistics Use the sFlow Receivers Settings page for this 2 Enable flow and or counter sampling direct the samples to a receiving interface and configure the average sampling rate Use the sFlow Interface Settings pages for this 3 View and clear the sFlow statistics counters...

Page 377: ... sFlow receiver parameters 1 Click System sFlow sFlow Receivers Settings in the tree view to display the sFlow Receivers Settings Summary page Figure 9 66 sFlow Receivers Settings Summary The sflow parameters are displayed 2 To add a receiver sflow analyzer click Add and select one of the pre defined sampling definition indices in Index 3 Enter the receiver s address fields Supported IP Format Sel...

Page 378: ... None Disable the ISATAP tunnel ISATAP The IPv6 interface is configured on an ISATAP tunnel IP Address Enter the receiver s IP address 4 Enter the fields Syslog Port Number Port to which SYSLOG message are sent Maximum Header Size Bytes Maximum number of bytes that can be sent to the receiver in a single sample datagram frame Adding an sFlow Receiver Using the CLI Commands The following table summ...

Page 379: ...le config sflow receiver 2 1 1 1 1 port 6343 console show sflow configuration Receivers Index IP Address Port Max Datagram Size 1 0 0 0 0 6343 1400 2 172 16 1 2 6343 1400 3 0 0 0 0 6343 1400 4 0 0 0 0 6343 1400 5 0 0 0 0 6343 1400 6 0 0 0 0 6343 1400 7 0 0 0 0 6343 1400 8 0 0 0 0 6343 1400 Interfaces Interface Flow Counters Max Header Collector Index Sampling Sampling Interval Size Sampling Counte...

Page 380: ...en defined in the sFlow Receiver Settings pages To enable sampling and configure the port from which to collect the sFlow information 1 Click System sFlow sFlow Interface Settings in the tree view to display the sFlow Interface Settings Summary page Figure 9 67 sFlow Interface Settings Summary The sflow interface settings are displayed 2 To associate an sFlow receiver with a port click Add and ent...

Page 381: ...r sample will be taken for each x seconds Counters Sampling Receiver Index Select one of the indices that was defined in the sFlow Receivers Settings pages Configuring sFlow Interfaces Using the CLI Commands The following table summarizes the CLI commands for configuring sFlow interfaces The following is an example of the CLI commands Table 9 74 sflow Interface CLI Commands CLI Command Description...

Page 382: ... Statistics To view sFlow statistics 1 Click System sFlow sFlow Statistics in the tree view to display the sFlow Statistics page Figure 9 68 sFlow Statistics The following sflow statistics per interface are displayed Interface Port for which sample was collected Packets Sampled Number of packets sampled Datagrams Sent to Receiver Number of sFlow sampling packets sent 2 Click Clear Statistics to cl...

Page 383: ...ollowing is an example of the CLI commands Table 9 75 sFlow Statistics CLI Command CLI Command Description show sflow statistics port id Displays sFlow statistics for ports that are enabled for Flow sampling or Counters sampling clear sflow statistics port id Clears sFlow statistics for ports that are enabled for Flow sampling or Counters sampling console show sflow statistics Total sFlow datagram...

Page 384: ... Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSystemConfig fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 385: ...ources CxUGSwitching_Ports fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 10 Ports This section describes how to configure port functionality It contains the following topics Overview Jumbo Frames Green Ethernet Configuration Protected Ports Port Profile Port Configuration LAG Configuration Storm Control Port Mirroring ...

Page 386: ...ties to its partner Both ports then operate at the highest common denominator If connecting a Network Interface Card NIC that does not support auto negotiation or is not set to auto negotiation both the device switching port and the NIC must be manually set to the same speed and duplex mode If the station on the other side of the link attempts to auto negotiate with a device 100BaseT port that is ...

Page 387: ...g PAUSE frames The ports that receives pause frames stops transmitting traffic Flow control on the device works in Receive Only mode meaning that the interfaces with enabled flow control receive PAUSE frames but do not send them When flow control is enabled the system buffers are allocated per port so that if the buffers of one port are consumed other ports will still have their free buffers Back ...

Page 388: ...gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_Ports fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Port tagging No tagging Flow Control On Back Pressure Off Table 10 1 Port Default Settings Continued Function Default Setting ...

Page 389: ...p to 10 Kb in size If Jumbo frames are not enabled the system supports a packet size of up to 1 632 bytes To enable jumbo frames 1 Click Switching Ports Jumbo Frames in the tree view to display the Jumbo Frames page Figure 10 1 Jumbo Frames The current jumbo frames setting is displayed 2 Enable disable jumbo frames in the New Setting after reset field NOTE You must save the configuration and reboo...

Page 390: ... PROOF ONLY Configuring Jumbo Frames Using CLI Commands The following table summarizes the CLI commands for configuring Jumbo frames The following is an example of the CLI commands Table 10 2 Jumbo Frames CLI Commands CLI Command Description port jumbo frame no port jumbo frame Enables jumbo frames on the device Use the no form of this command to disable jumbo frames console config port jumbo fram...

Page 391: ...e power during periods of low link utilization EEE is a hardware feature that is enabled by default and is transparent to users This feature is defined per port regardless of their LAG membership Short Reach Mode Power usage is adjusted to the actual cable length In this mode the VCT Virtual Cable Tester length test is performed to measure cable length If the cable is shorter than a predetermined ...

Page 392: ...lick Switching Ports Green Ethernet Configuration in the tree view to display the Green Ethernet Configuration Summary page Figure 10 2 Green Ethernet Configuration Summary 2 The amount of energy saved from the last switch reboot is displayed in the Cumulative Energy Saved field This value is updated each time there is an event that affects power saving Click Reset to reset its value 3 Enter the f...

Page 393: ... Cable Length Meter Length of cable 5 Click LLDP Interface Details 6 Select a unit in the stack The following is displayed for each port on the unit Port Port number Oper Displays the operational status of Green Ethernet Resolved Tx Timer μsec Integer that indicates the current Tw_sys_tx is supported by the local system Local Tx Timer μsec Indicates the time in micro seconds that the transmitting ...

Page 394: ...reen Ethernet short reach mode green ethernet short reach force no green ethernet short reach force Forces short reach mode on an interface Use the no form of this command to return to the default green ethernet short reach threshold cable length no green ethernet short reach threshold Set the maximum cable length for applying short reach mode Use the no form of this command to return to the defau...

Page 395: ...affic only to uplink ports Community Port A protected port that is associated with a community It can send traffic to other protected ports in the same community and to uplink ports Uplink Port An uplink port is an unprotected port that can send traffic to any port Isolated Port A protected port that does not belong to a community Port Protection is independent of all other features and configurat...

Page 396: ...s and establish their communities 1 Click Switching Ports Protected Ports in the tree view to display the Protected Ports Summary page Figure 10 3 Protected Ports Summary A summary of all the ports and their statuses is displayed 2 Click Edit 3 Select the unit and interface 4 Enter values for the following fields State Select Protected Unprotected to enable disable port protection Community Select...

Page 397: ... Description switchport protected port no switchport protected port Isolates Unicast Multicast and Broadcast traffic on a port at Layer 2 from other protected ports on the same switch Use the no form of this command to disable protection on the port switchport community community no switchport community Associates a protected port with a community Use the no form of this command to return to defau...

Page 398: ...r globally There are two types of port profiles User Defined Enables the user to bundle configurations as a port profile and then apply it to one or more interfaces at a time Up to 20 user defined macros can be supported These can only be defined through CLI commands Built In Pre defined macros that cannot be changed or deleted The device includes the following built in macros Global Desktop Phone...

Page 399: ...and their profiles is displayed 2 To assign the Global profile to the system check Run Global Profile Apply the global profile before applying a built in interface profile 3 To assign a profile to an interface click Edit 4 Select a unit interface and a Assigned Profile The Profile Description is displayed 5 Each profile requires entering various elements of VLAN information Enter the fields accord...

Page 400: ...splays the maximum number of MAC addresses that can be learned on the port Action on Violation Action to be applied to packets arriving on a locked port The possible options are Discard Discard the packets from any unlearned source Forward Forward the packets from an unknown source without learning the MAC address Shutdown Discard the packet from any unlearned source and shut down the port Ports r...

Page 401: ...Link mode is enabled for the port If this is enabled the Port State is automatically placed in the Forwarding state when the port is up BPDU Guard Displays whether BPDU Guard is enabled on the port Miscellaneous fields Policy Name Displays the name of a policy if one is defined on the port Auto Negotiation Displays whether auto negotiation is enabled on the port Auto Negotiation enables a port to ...

Page 402: ...cro brief description interface gigabitethernet tengigabitetherne t port number name macro name Displays the parameters for all configured macros or for one macro on the switch Switch config interface gi1 0 2 Switch config if macro trace dup Applying command duplex full Applying command speed auto Switch config interface gi1 0 2 Switch config if macro apply duplex DUPLEX full SPEED auto Switch con...

Page 403: ...y interswitch Apply the macro Table 10 7 Create an Interface Macro Script CLI Command Description console config console config interface range gi1 0 1 24 Enter Interface mode for ports 1 24 on unit 1 console config if range macro name access_port Enter macro commands one per line End with the character Create a macro called access_port disable spanning tree Enter the commands in the macro disable...

Page 404: ...ed from the LAG To configure a port 1 Click Switching Ports Port Configuration in the tree view to display the Port Configuration Summary page Figure 10 5 Port Configuration Summary All ports on the selected unit and their configuration settings are displayed 2 To modify the port settings click Edit and select a port 3 Enter the following fields Description 1 64 Characters Enter a user identificat...

Page 405: ...e configured rate for the port The port type determines the available speed setting options You can designate Administrative Speed only when port auto negotiation is disabled Current Port Speed Displays the actual synchronized port speed bps Admin Duplex Select the port duplex mode this is only possible if Auto Negotiation is not enabled The options are Full The interface supports transmission bet...

Page 406: ...0 mbps speed port and full duplex mode setting 10000 Full The port advertises for a 10000 mbps speed port and full duplex mode setting Current Advertisement Displays the port advertises its speed to its neighbor port to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement Displays the neighboring port s advertisement se...

Page 407: ...ions are Auto Use to automatically detect the cable type MDIX Use for hubs and switches MDI Use for end stations Current MDI MDIX Displays the current device MDIX settings LAG Displays whether the port is part of a LAG Configuring Ports Using CLI Commands The following table summarizes the CLI commands for configuring ports as displayed in the Port Configuration pages Table 10 8 Port Configuration...

Page 408: ...tiation capability1 capability2 capability5 no negotiation Enables auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable auto negotiation back pressure no back pressure Enables Back Pressure on a given interface Use the no form of this command to disable back pressure flowcontrol auto on off no flowcontrol Configures the flow...

Page 409: ...G number Displays the description for all configured interfaces console config interface gi2 0 1 console config if description RD SW 3 console config if shutdown console config if no shutdown console config if speed 100 console config if duplex full console config if negotiation console config if back pressure console config if flowcontrol on console config if mdix auto console config if end conso...

Page 410: ...pports up to 32 LAGs per system meaning for all units in the stack For information about Link Aggregated Groups LAGs and assigning ports to LAGs see Link Aggregation on page 509 To configure LAGs 1 Click Switching Ports LAG Configuration in the tree view to display the LAG Configuration Summary page Figure 10 6 LAG Configuration Summary The LAG parameters are displayed 2 To configure a LAG click E...

Page 411: ...ch the LAG is operating The possible options are 10M The LAG is currently operating at 10 Mbps 100M The LAG is currently operating at 100 Mbps 1000M The LAG is currently operating at 1000 Mbps 10000 Full The LAG is currently operating at 1000 Mbps Current Speed Displays the speed at which the LAG is currently operating Admin Auto Negotiation Enable disable auto negotiation which is a protocol betw...

Page 412: ...low Control mode is effective on the ports operating in Full Duplex in the LAG The possible options are Enable Enables flow control on the LAG default Disable Disables flow control on the LAG Auto Negotiation Enables the auto negotiation of flow control on the LAG Current Flow Control Displays the current Flow Control setting Configuring LAGs Using CLI Commands The following table summarizes the C...

Page 413: ...peration for the speed and duplex parameters of a LAG Use the no form of this command to disable auto negotiation flowcontrol auto on off no flowcontrol Configures the flow control on a given LAG Use the no form of this command to disable flow control show interfaces configuration port channel LAG number Displays the configuration for the LAGs show interface advertise Displays the LAG s negotiatio...

Page 414: ...The following is an example of the CLI commands console config interface port channel 1 console config if no negotiation console config if speed 100 console config if flowcontrol on console config if exit console config interface port channel 2 console config if shutdown console config if exit console config if end console show interfaces port channel Channel Ports ch1 Inactive gi 1 0 11 13 ch2 Ac...

Page 415: ...the relevant VLAN In this way one ingress frame is turned into many creating the potential for a storm Storm protection provides the ability to limit the number of frames entering the switch and to define the types of frames that are counted towards this limit When a threshold limit is configured on the device the port discards traffic when that threshold is reached The port remains blocked until ...

Page 416: ...shold Broadcast Rate Threshold 3500 1000000 Enter the maximum rate Kbits sec at which unknown packets are forwarded Configuring Storm Control Using CLI Commands The following table summarizes the CLI commands for configuring Storm Control as displayed on the Storm Control pages Table 10 10 Storm Control CLI Commands CLI Command Description storm control include multicast unknown unicast no storm c...

Page 417: ...an example of the CLI commands show ports storm control port Displays the storm control configuration console config interface gi1 0 1 console config if storm control broadcast enable console config if storm control include multicast unknown unicast console show ports storm control gi1 0 1 Port State Rate Kbits Sec Included gi1 0 1 Disabled 8500 Broadcast Table 10 10 Storm Control CLI Commands Con...

Page 418: ...placed in the target port s queues on a first come first served basis and any excess traffic is silently discarded This may mean that the traffic actually seen by any device attached to the target port is an arbitrarily selected subset of the actual traffic going through the source ports Port mirroring is only relevant to physical ports Therefore if you want a LAG to function as the source of a po...

Page 419: ... either with an 802 1q tag or without When the packets are mirrored to a port analyzer they should be transmitted as they are received on the ingress port However in the device the packet is transmitted out of the port analyzer as always tagged or always untagged user configurable regardless of the input encapsulation Source Port Restrictions The following restrictions apply to ports specified as ...

Page 420: ...e tree view to display the Port Mirroring Summary page Figure 10 8 Port Mirroring Summary The previously defined source ports for the selected Destination Port are displayed along with the fields defined in the Add page and their status Status Indicates if the port is currently being monitored Active or not being monitored notReady because of some problem 2 To add a port to be mirrored click Add a...

Page 421: ... of the CLI commands Table 10 11 Port Mirroring CLI Commands CLI Command Description port monitor src interface id rx tx no port monitor src interface id Starts a port monitoring session This must be performed in Interface Configuration mode which is the destination interface Use the no form of this command to stop a port monitoring session show ports monitor Displays the port monitoring status co...

Page 422: ...ell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_Ports fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 423: ...new Maintenance Projects Dell Contax sources CxUGSwitching_AddressTables fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 11 Address Tables This section describes how MAC addresses are handled on the device It contains the following topics Overview Static Addresses Dynamic Addresses ...

Page 424: ...destination stored in one of these tables are forwarded to the associated port MAC addresses are dynamically learned when packets arrive at the device Addresses are associated with ports by learning the source address of the frame Frames addressed to a destination MAC address that is not associated with any port are flooded to all ports of the relevant VLAN In order to prevent the bridging table f...

Page 425: ...is not written to the address table To define a static address 1 Click Switch Address Tables Static Address Table in the tree view to display the Static Address Table Summary page Figure 11 1 Static Address Table A list of the currently defined static addresses is displayed 2 To add a static address click Add 3 Enter the following fields Interface Select a port or LAG for the entry MAC Address Ent...

Page 426: ... ensure that the port attached to the MAC address is locked Configuring Static Addresses Using CLI Commands The following table summarizes the CLI commands for configuring static address parameters as displayed in the Static Address Table pages Table 11 1 Static Address CLI Commands CLI Command Description mac address table static mac address vlan vlan id interface gigabitethernet tengigabitethern...

Page 427: ...m DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config if bridge address 00 60 70 4C 73 FF permanent gi1 0 8 console show mac address table static Aging time is 300 sec VLAN MAC Address Port Type 1 00 60 70 4C 73 FF gi1 0 8 static 1 00 60 70 8C 73 FF gi1 0 8 static 200 00 10 0D 48 37 FF gi1 0 9 static ...

Page 428: ...e the traffic is flooded to all ports in the VLAN of the frame To prevent the table from overflowing and to make room for new addresses an address is deleted from the table if no traffic is received from a dynamic MAC address for a certain period This period of time is called the aging interval To configure dynamic addresses 1 Click Switch Address Tables Dynamic MAC Address in the tree view to dis...

Page 429: ...I commands for configuring static address parameters as displayed in the Dynamic Address Table pages Table 11 2 Dynamic Address CLI Commands CLI Command Description mac address table aging time seconds no mac address table aging time Sets the aging time of the address table Use the no form of this command to restore the default clear mac address table dynamic interface gigabitethernet tengigabitet...

Page 430: ...UGSwitching_AddressTables fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config mac address table aging time 600 console show mac address table dynamic Aging time is 300 sec VLAN MAC Address Port Type 1 00 60 70 4C 73 FF gi1 0 8 dynamic 1 00 60 70 8C 73 FF gi1 0 8 dynamic ...

Page 431: ...ut_new Maintenance Projects Dell Contax sources CxUGSwitching_GARP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 12 GARP This section describes how to configure Generic Attribute Registration Protocol GARP on the device It contains the following topics GARP Overview GARP Timers ...

Page 432: ...ged LAN such as end stations and switches can register and de register attribute values such as VLAN Identifiers with each other In doing so these attributes are propagated to devices in the bridged LAN and these devices form a reachability tree that is a subset of an active topology GARP defines the architecture rules of operation state machines and variables for the registration and deregistrati...

Page 433: ...ect an interface and enter the fields GARP Join Timer 10 2147483640 Enter the time in milliseconds during which Protocol Data Units PDU are transmitted GARP Leave Timer 10 2147483640 Enter the time interval in milliseconds which the device waits before leaving its GARP state Leave time is activated by a Leave All Time message sent received and cancelled by the Join message received Leave time must...

Page 434: ...all timer_value Adjusts the GARP application join leave and leaveall GARP timer val ues show gvrp configuration gigabitethernet tengigabitether net port number vlan vlan id port channel LAG number Displays GVRP configuration infor mation including timer values whether GVRP and dynamic VLAN creation are enabled and which ports are running GVRP console config interface gi1 0 1 console config if garp...

Page 435: ...ll Contax sources CxUGSwitching_STP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 13 Spanning Tree This chapter describes the Spanning Tree Protocol It contains the following topics Spanning Tree Protocol Overview Global Settings STP Port Settings STP LAG Settings Rapid Spanning Tree Multiple Spanning Tree ...

Page 436: ...hen the network topology is naturally tree structured and therefore faster convergence might be possible RSTP is enabled by default Although Classic STP is guaranteed to prevent Layer 2 forwarding loops in a general network topology there might be an unacceptable delay before convergence This means that before convergence each bridge or switch in the network must decide if it should actively forwa...

Page 437: ...nd mitigation This enables a port to be stopped in one instance such as traffic from VLAN A that is causing a loop while traffic can remain active in another domain where no loop was seen such as on VLAN B MSTP provides full connectivity for packets allocated to any VLAN and transmits packets assigned to various VLANs through different multiple spanning tree MST regions MST regions act as a single...

Page 438: ...Switching Spanning Tree Global Settings in the tree view to display the Global Settings page Figure 13 1 Global Settings The currently defined settings are displayed 2 Enter the fields Spanning Tree State Enable Spanning Tree on the device STP Operation Mode Select the STP mode enabled on the device The possible options are Classic STP Enables Classic STP on the device Rapid STP Enables Rapid STP ...

Page 439: ...Long Specifies 1 through 200 000 000 range for port path costs The default path costs assigned to an interface vary according to the selected method Bridge Settings Priority 0 61440 in steps of 4096 Enter the bridge priority value When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The default...

Page 440: ...he total amount of STP state changes that have occurred Last Topology Change The amount of time that has elapsed since the bridge was initialized or reset and the last topographic change occurred Defining STP Global Parameters Using CLI Commands The following table summarizes the CLI commands for defining STP global parameters as displayed in the Global Settings pages Table 13 1 STP Global Paramet...

Page 441: ...ommand to restore the default configuration spanning tree max age seconds no spanning tree max age seconds Configures the spanning tree bridge maximum age Use the no form of this command to restore the default configuration spanning tree forward time seconds no spanning tree forward time Configures the spanning tree bridge forward time which is the amount of time a port remains in the listening an...

Page 442: ...ELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config spanning tree console config spanning tree mode rstp console config spanning tree priority 12288 console config spanning tree hello time 5 console config spanning tree max age 12 console config spanning tree forward time 25 console config exit ...

Page 443: ... to display the STP Port Settings Summary page Figure 13 2 STP Port Settings Summary The ports and their STP settings are displayed 2 To modify STP settings on a port click Edit 3 Select the port and enter the fields STP Enable disable STP on the port Fast Link Check to enable Fast Link mode for the port If this is enabled the Port State is automatically placed in the Forwarding state when the por...

Page 444: ...mode The port cannot forward traffic nor can it learn MAC addresses Learning The port is currently in the learning mode The port cannot forward traffic however it can learn new MAC addresses Forwarding The port is currently in the forwarding mode The port can forward traffic and learn new MAC addresses Role Displays the port role assigned by the STP algorithm that provides STP paths The possible o...

Page 445: ...ridge Designated Port ID Displays the designated port s priority and interface Designated Cost Displays the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Displays the number of times the port has changed from the Forwarding state to Blocking LAG Displays the LAG to which the port is attached Definin...

Page 446: ... Displays spanning tree configuration spanning tree portfast no spanning tree portfast Enables Fast Link mode Use the no form of this command to disable the PortFast mode spanning tree bpduguard enable disable no spanning tree bpduguard Shuts down an interface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore the default configuration spanning tree guard ...

Page 447: ...onsole config if spanning tree cost 35000 console config if spanning tree port priority 96 console config if spanning tree portfast console config if exit console config exit console show spanning tree gi1 0 15 instance 12 Port gi1 0 15 enabled State discarding Role alternate Port ID 128 15 Port cost 19 Type P2p configured Auto Internal Port Fast No configured No Designated bridge Priority 32768 A...

Page 448: ... settings are displayed 2 To modify STP settings on a LAG click Edit 3 Select a LAG from the Select a LAG drop down menu 4 Enter the fields STP Enable disable STP on the LAG Fast Link Check to enable Fast Link mode for the LAG If Fast Link mode is enabled for a LAG the LAG State is automatically placed in Forwarding when the LAG is up Fast Link mode optimizes the time it takes for the STP protocol...

Page 449: ...ard traffic or learn MAC addresses Learning The LAG is in the learning mode and cannot forward traffic but it can learn new MAC addresses Forwarding The LAG is currently in the forwarding mode and it can forward traffic and learn new MAC addresses Broken The LAG is currently malfunctioning and cannot be used for forwarding traffic Role Displays the LAG role assigned by the STP algorithm that provi...

Page 450: ...iority value is given in steps of 16 Designated Bridge ID Displays the priority and the MAC address of the designated bridge Designated Port ID Displays the ID of the selected interface Designated Cost Displays the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Displays the number of times the LAG St...

Page 451: ...s delay provides time to detect possible loops and propagate status changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that enable a faster convergence of the spanning tree without creating forwarding loops To configure RSTP 1 Click Switching Spanning Tree Rapid Spanning Tree in the tree view to display the Rapid Spanning Tree Summary page Figure 13 4 Rapid Spanning Tree...

Page 452: ... the Spanning Tree Mode Displays if RSTP is enabled Fast Link Operational Status Displays if Fast Link is enabled or disabled for the port or LAG If Fast Link is enabled for an interface the interface is automatically placed in the forwarding state The possible options are Enable Fast Link is enabled Disable Fast Link is disabled Auto Fast Link mode is enabled a few seconds after the interface bec...

Page 453: ... link partner using STP still exists and if so whether it has migrated to RSTP or MSTP If it still exists as an STP link the device continues to communicate with it by using STP Otherwise if it has been migrated to RSTP or MSTP the device communicates with it using RSTP or MSTP respectively Defining Rapid STP Parameters Using CLI Commands The following table summarizes the CLI commands for definin...

Page 454: ...L PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands show spanning tree gigabitethernet tengigabiteth ernet port number port channel LAG number Displays spanning tree configuration console config interface gi1 0 5 console config if spanning tree link type shared Table 13 3 Rapid STP Parameters CLI Command Continued CLI Command Description ...

Page 455: ...cts Dell Contax sources CxUGSwitching_STP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Multiple Spanning Tree This section describes Multiple Spanning Tree Protocol MSTP It contains the following topics MSTP Overview MSTP Properties VLAN to MSTP Instance MSTP Instance Settings MSTP Interface Settings ...

Page 456: ...to instances if port A is blocked in one STP instance the same port can be placed in the Forwarding State in another STP instance In addition packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Trees Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted MSTP Properties To set an MSTP region 1 Click...

Page 457: ...r is the instance 0 root Configuring MST Properties Using CLI Commands The following table summarizes the CLI commands for configuring MST properties in the MSTP Properties pages Table 13 4 MSTP Properties CLI Commands CLI Command Description spanning tree mst configuration Enters MST Configuration mode spanning tree mst max hops hop count no spanning tree mst max hops Configures the number of hop...

Page 458: ...ng tree mst configuration console config mst instance 1 add vlan 10 20 console config mst name region1 console config mst revision 1 console config interface gi1 0 1 console config if spanning tree mst 1 port priority 144 console config spanning tree mst max hops 10 console config spanning tree mst configuration console config mst instance 2 add vlan 21 30 console config mst name region1 console c...

Page 459: ...tance in the tree view to display the VLAN to MSTP Instance Summary page Figure 13 6 VLAN to MSTP Instance Summary The MSTP instances and their associated VLANs are displayed 2 To associate a VLAN with an MSTP instance click Edit 3 Select the MSTP instance the VLAN and whether to add or remove the VLAN from the MSTP instance association 4 Enter the fields Select MST Instance ID Select an MST insta...

Page 460: ...rizes the CLI commands for mapping VLANs to MSTP instances The following is an example of the CLI commands Table 13 5 Mapping VLAN to MSTP Instances Using CLI Commands CLI Command Description spanning tree mst configuration Enters MST Configuration mode instance instance id vlan vlan range no instance instance id vlan vlan range Maps VLANs to an MST instance Use the no form of this command to rest...

Page 461: ...Spanning Tree MSTP Instance Settings in the tree view to display the MSTP Instance Settings page Figure 13 7 MSTP Instance Settings The MSTP instances and their associated VLANs are displayed 2 Select an Instance ID 3 Enter the Bridge Priority 0 61440 of this bridge for the selected MSTP instance 4 The following fields are displayed Included VLANs Displays VLANs included in this instance Designate...

Page 462: ...LI Commands The following table summarizes the CLI commands for configuring the fields in the MSTP Instance pages The following is an example of the CLI commands Table 13 6 Configuring MSTP Instances CLI Commands CLI Command Description spanning tree mst configuration Enters MST Configuration mode spanning tree mst instance id priority priority no spanning tree mst instance id priority Configures ...

Page 463: ...ure 13 8 MSTP Interface Settings Summary MSTP interface settings for the selected instance is displayed 2 To set MSTP settings for an interface click Edit 3 Select an instance and enter the fields Interface ID Assign either ports or LAGs to the selected MSTP instance Port State Displays whether the port is enabled or disabled in the specific instance Type Displays whether MSTP treats the port as a...

Page 464: ...ckup path to the designated port Backup ports occur only when two ports are connected in a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled This port is not participating in the Spanning Tree Interface Priority Enter the interface priority for specified instance Path Cost 1 200 000 000 Enter the port contribution to...

Page 465: ...face CLI Commands CLI Command Description spanning tree mst instance id cost cost no spanning tree mst instance id cost Sets the path cost of the port for MST calculations in Interface Configuration mode Use the no form of this command to restore the default configuration spanning tree mst instance id port priority priority Configures the device priority for the specified spanning tree instance in...

Page 466: ...Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_STP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 467: ...ax sources CxUGSwitching_VLAN fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 14 VLANs This chapter describes how VLANs are configured on the device It contains the following topics Virtual LAN Overview VLAN Membership Port Settings LAGs Settings Protocol Groups Protocol Port GVRP Parameters Private VLAN Voice VLAN ...

Page 468: ...software rather than by physically unplugging and moving devices or wires A VLAN can be thought of as a Broadcast domain that exists within a defined set of switches A VLAN consists of a number of end systems either hosts or network equipment such as bridges and routers connected by a single bridging domain The bridging domain is supported on various pieces of network equipment for example LAN swi...

Page 469: ... 3 A forwarding decision is made as a function of the VLAN ID and the destination MAC address 4 The egress rules define whether the frame is to be sent as tagged or untagged Special case VLANs VLAN 1 and VLAN 4095 are special case VLANs VLAN1 Defined as the default VLAN and may only be used as a Ports Default VLAN ID PVID This means that if the VLAN whose VID is the current port s PVID is deleted ...

Page 470: ... VID currently set as the port s PVID All traffic is sent untagged If the VLAN whose VID is set as the current PVID of the port is deleted from the system or deleted from the port the port s PVID will be set to 1 meaning that the port will be made a member of VLAN 1 the default VLAN Ingress filtering is always enabled for ports in Access mode Setting an Access port s PVID to 4095 effectively shuts...

Page 471: ... are silently discarded and no frames are sent untagged Trunk mode ports are intended for switch to switch links where traffic is usually tagged General Ports Ports set to General mode may be members of multiple VLANs Each of these VLANs may be configured to be tagged or untagged This setting applies to transmitted frames Incoming untagged frames are classified into the VLAN whose VID is the curre...

Page 472: ...ENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Acceptable Frame Type The acceptable frame type can be set on a port to accept all frames tagged and untagged tagged only or untagged only This setting takes precedence over all other settings so that if the acceptable frame type is tagged only incoming untagged frames are silently discarded even if the port has a valid PVID ...

Page 473: ...orts up to 2 4094 VLANs Ports are assigned to a VLAN in the Port Settings pages To view the ports in a VLAN and assign various parameters 1 Click Switching VLAN VLAN Membership in the tree view to display the VLAN Membership Summary page Figure 14 2 VLAN Membership Summary The ports in the selected unit VLAN are displayed along with their statuses Each port LAG is labeled with one of the following...

Page 474: ...ed 2 Enter the fields Show VLAN Check one of the possible options VLAN ID Check VLAN ID and select a VLAN ID to view VLAN Name Check VLAN Name and select a VLAN ID to view VLAN Name 0 32 Characters Enter a new VLAN name Status The VLAN type Possible values are Dynamic The VLAN was dynamically created through GVRP Static The VLAN is user defined Authentication Not Required Enable disable authentica...

Page 475: ... of this command to restore the default configuration or delete a VLAN name string Adds a name to a VLAN dot1x auth not req no dot1x auth not req Enables unauthorized devices access to the VLAN Use the no form of this command to disable access to the VLAN console config vlan database console config vlan vlan 1972 console config vlan end console config interface vlan 1972 console config if name Mar...

Page 476: ... have a defined PVID If no other value is configured the default VLAN PVID is used VLAN ID 1 is the default VLAN and cannot be deleted from the system To configure ports on a VLAN 1 Click Switching VLAN Port Settings in the tree view to display the Port Settings Summary page Figure 14 3 Port Settings Summary All interfaces on the selected unit and their settings are displayed 2 To modify the port ...

Page 477: ...ork traffic for that customer Private VLAN Promiscuous The port is a promiscuous port Private VLAN Host The port is an isolated port Current Reserved VLAN Displays the VLAN currently designated by the system as the reserved VLAN Reserve VLAN for Internal Use 1 4094 Check to enter a reserved VLAN and enter its ID If none is required check None PVID 1 4095 Enter a VLAN ID to be added to untagged pac...

Page 478: ...of which the specific port is not a member Native VLAN ID 1 4094 Enter VLAN used for untagged traffic to trunk ports Multicast VLAN ID 1 4094 Enter VLAN used for Multicast TV VLAN traffic on access ports Customer VLAN ID 1 4094 Enter VLAN used for customer ports Assigning Ports to VLAN Groups Using CLI Commands The following table summarizes the CLI commands for assigning ports to VLAN groups Tabl...

Page 479: ...vlan vlan id none no switchport trunk native vlan Defines the native VLAN when the interface is in trunk mode Use the no form of this command to restore the default configuration switchport general allowed vlan add remove vlan list tagged untagged no switchport general allowed vlan Sets the general characteristics when the interface is in general mode Use the no form of this command to reset a gen...

Page 480: ... fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY switchport mode access trunk general private vlan promiscuous host customer no switchport mode Configure the VLAN membership mode of a port Use the no form of this command to restore the default configuration Table 14 2 Port to VLAN Group Assignments CLI Commands Continued CLI Command Description ...

Page 481: ... interface vlan 23 console config if name Marketing console config if end console config interface gi1 0 8 console config if switchport mode access console config if switchport access vlan 23 console config if end console config interface gi1 0 9 console config if switchport mode trunk console config if switchport mode trunk allowed vlan add 23 25 console config if end console config interface gi1...

Page 482: ... the device are tagged with the LAGs ID specified by the PVID To configure LAGS on a VLAN 1 Click Switching VLAN LAG Settings in the tree view to display the VLAN LAG Settings page Figure 14 4 VLAN LAG Settings All LAGs and their settings are displayed 2 To modify the LAG settings click Edit and enter the fields LAG Select the LAG to be modified Switchport Mode Select whether the LAG is in Layer 2...

Page 483: ...egated network traffic for that customer Private VLAN Promiscuous The port is a promiscuous port Private VLAN Host The port is an isolated port Current Reserved VLAN Displays the VLAN currently designated as the reserved VLAN Reserve VLAN for Internal Use 1 4094 Enter the VLAN that is designated as the reserved VLAN after the device is reset or select None PVID 1 4095 Assigns a VLAN ID to untagged...

Page 484: ...dmit Untagged Only Only untagged packets are accepted on the LAG Ingress Filtering Enable disable Ingress filtering by the LAG Ingress filtering discards packets that are destined to VLANs of which the specific LAG is not a member Native VLAN ID 1 4094 Enter VLAN used for untagged traffic to trunk ports or select None Multicast VLAN ID 1 4094 Enter VLAN used for Multicast TV VLAN traffic on access...

Page 485: ...ng traffic from the server to stations in a specific VLAN only Protocol based VLANs are only available on General ports Classification rules are set on a per port basis and may be sensitive to the frame s encapsulation The default encapsulation assumed is Ethernet On each port a user can define associations between groups of data link layer protocols and ports For each group port combination the u...

Page 486: ...is is specifying the Ethernet encapsulation even by default implies IEEE802 encapsulation as per RFC 1042 The following standards are relevant IEEE802 1V defines VLAN assignment by protocol type IETF RFC 10 2 defines a standard for the transmission of IP datagrams over IEEE 802 Networks Defining Protocol Groups Define protocol groups in two steps 1 Define a protocol group by assigning one or more ...

Page 487: ...Protocol Group in the tree view to display the Protocol Group Summary page Figure 14 5 Protocol Group Summary The currently defined protocol groups are displayed 2 To add a new protocol group click Add and enter the fields Frame Type Select a frame type to be accepted in the protocol group Protocol Value Select a protocol name or Ethernet Based Protocol Value 0600 FFFF Enter the Ethernet protocol ...

Page 488: ...commands for defining VLAN Protocol groups The following is a sample of the CLI commands Table 14 3 VLAN Protocol Groups CLI Commands CLI Command Description map protocol protocol encapsulation protocols group group no map protocol protocol encapsulation Maps a protocol to a protocol group Protocol groups are used for protocol based VLAN assignment Use the no form of this command to delete a proto...

Page 489: ...of frames may be assigned to a protocol group which has a port and VLAN associated with it To add an interface to a protocol group 1 Click Switching VLAN Protocol Port in the tree view to display the Protocol Port Summary page Figure 14 6 Protocol Port Summary A list of previously defined protocol groups is displayed 2 To assign an interface to a protocol group click Add and enter the fields Inter...

Page 490: ...me Check and enter a VLAN name Defining Protocol Ports Using CLI Commands The following table summarizes the CLI command for defining protocol ports The following is a sample of the CLI commands Table 14 4 Protocol Port CLI Commands CLI Command Description switchport general map protocols group group vlan vlan id no switchport general map protocols group group Sets a protocol based classification ...

Page 491: ...lly configure each bridge and register VLAN membership To ensure the correct operation of the GVRP protocol it is advised to set the maximum number of GVRP VLANs equal to a value which significantly exceeds The number of all static VLANs both currently configured and expected to be configured The number of all dynamic VLANs participating in GVRP both currently configured initial number of dynamic ...

Page 492: ...mode If you enable it on another type of port GVRP does not function Configuring GVRP Using CLI Commands The following table summarizes the CLI commands for configuring GVRP as displayed in the GVRP Global Parameters page Table 14 5 GVRP Global Parameters CLI Commands CLI Command Description gvrp enable no gvrp enable In Global Configuration mode this command enables GVRP globally In Interface Con...

Page 493: ...imer values whether GVRP and dynamic VLAN creation is enabled and which ports are running GVRP show gvrp error statistics gigabitethernet tengigabitet hernet port number port channel LAG number Displays GVRP error statistics show gvrp statistics gigabitethernet tengigabitet hernet port number port channel LAG number Displays GVRP statistics clear gvrp statistics gigabitethernet tengigabitet hernet...

Page 494: ...d console show gvrp configuration GVRP Feature is currently Disabled on the device Maximum VLANs 4094 Port s GVRP Status Registration Dynamic VLAN Timers milliseconds Creation Join Leave Leave All gi1 0 1 Disabled Normal Enabled 200 600 10000 gi1 0 2 Disabled Normal Enabled 200 600 10000 gi1 0 3 Disabled Normal Enabled 200 600 10000 gi1 0 4 Disabled Normal Enabled 200 600 10000 gi1 0 5 Disabled No...

Page 495: ... network as opposed to protected ports which must be in the same stack The switch ports can be members of a Private VLAN PVLAN in the following membership types Promiscuous ports that can communicate with all ports of the same PVLAN including the isolated ports of the same PVLAN Isolated ports that have complete Layer 2 isolation from the other ports within the same PVLAN but not from the promiscu...

Page 496: ... Private VLAN Summary The previously defined private VLANs are displayed 2 To query by Associated Primary VLAN ID check that field enter a VLAN ID and click Query The associated VLANs are displayed 3 To define a private VLAN click Assign and enter the fields Private VLAN ID Select a VLAN to be assigned Private VLAN Type Select one of the possible options Primary Traffic from promiscuous ports flow...

Page 497: ...min row of ports LAGs The possible options are H Host Isolated Port is isolated P Promiscuous Port is promiscuous C Conditional operational state depends on Port VLAN Mode Port receives the Port VLAN type set in the VLAN Port Settings page See Port Modes on page 470 for a description of the various port modes Configuring Private VLAN Using CLI Commands The following table summarizes the CLI comman...

Page 498: ...o default switchport private vlan host association primary vlan id secondary vlan id no switchport private vlan host association Configures the VLANs of the private vlan host port Use the no form of this command to reset to default show vlan private vlan tag vlan id Displays private VLAN information console show vlan private vlan Primary Secondary Type Ports 20 Primary gi1 0 1 2 20 201 Isolated gi...

Page 499: ...IP phones use one of the following modes both of which are supported by the device Use only tagged packets for all communications Initially use untagged packets while retrieving the initial IP address through DHCP Then the phone uses the Voice VLAN and starts sending tagged VoIP packets Non VoIP traffic is dropped from the Voice VLAN when the device is in Auto Voice VLAN secured mode The Voice VLA...

Page 500: ...Properties in the tree view to display the Properties page Figure 14 9 Properties 2 Enter the fields Voice VLAN State Select Enable to use the Voice VLAN feature on the device Voice VLAN ID Select the VLAN that is to be the voice VLAN Class of Service Select to add a CoS level to untagged packets received on the voice VLAN The possible values are 0 to 7 where 7 is the highest priority 0 is used as...

Page 501: ...VLAN Properties CLI Commands CLI Command Description voice vlan enable no voice vlan enable Enables automatic voice VLAN configuration for a port Use the no form of this command to disable automatic voice VLAN configuration voice vlan id vlan id no voice vlan id Enables the voice VLAN and configures the voice VLAN ID in Global Configuration mode Use the no form of this command to disable voice VLA...

Page 502: ...g is an example of some of the CLI commands console show voice vlan Aging timeout OUI table 1440 minutes MAC Address Prefix Description 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Siemens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Voice VLAN VLAN ID 8 CoS 6 Remark Yes Interface Enabled Secure Activated gi1 0 1 Yes Yes Yes gi1 0 2 Yes Yes Yes gi1 0 3 Yes Ye...

Page 503: ... properties 1 Click Switching VLAN Voice VLAN Port Setting in the tree view to display the Port Setting Summary page Figure 14 10 Voice VLAN Port Setting A list of the ports and their voice VLAN settings is displayed 2 To modify the voice VLAN settings for an interface click Edit and enter the fields Interface Enter the specific port or LAG to which the Voice VLAN settings are applied Voice VLAN M...

Page 504: ...UI was added manually to a port LAG in the voice VLAN the user cannot add it to the Voice VLAN in Auto mode only in Static mode Voice VLAN Auto mode cannot be enabled on an interface if it is already a static member of the defined Voice VLAN This applies also to VLAN switchport interface modes general trunk and so on that are not currently active on a port Therefore before setting Auto mode on an ...

Page 505: ...e specific OUIs of popular VoIP phones manufacturers are stored by default Traffic from each type of IP phone contains the OUI for the phone manufacturer When frames are received in which the source MAC address s first three octets match one of the OUIs in the OUI list the port on which they are received is automatically assigned to the Voice VLAN Table 14 8 Voice VLAN Port Settings CLI Commands C...

Page 506: ...DENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY To view existing OUIs and add new OUIs 1 Click Switching VLAN Voice VLAN OUI in the tree view to display the OUI Summary Figure 14 11 OUI Summary The previously defined OUIs are displayed 2 To add a new OUI click Add and enter the fields Telephony OUI Enter a new OUI Description Enter an OUI description up to 32 characters ...

Page 507: ...ds The following table summarizes the CLI command for defining Voice VLAN OUIs The following is an example of the CLI commands Table 14 9 Voice VLAN OUIs CLI Commands CLI Command Description voice vlan oui table add mac address prefix remove mac address prefix text no voice vlan oui table Configures the voice OUI table Use the no form of this command to restore the default configuration console co...

Page 508: ...Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_VLAN fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 509: ...eckout_new Maintenance Projects Dell Contax sources CxUGSwitching_LAG fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 15 Link Aggregation This section describes link aggregation of ports It contains the following topics Link Aggregation Overview LACP Parameters LAG Membership ...

Page 510: ...links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establishes a LAG between them When you aggregate ports the ports and LAG must fulfill the following conditions All ports within a LAG must be the same media type A VLAN is not configured on the port The port is not assigned to another LAG Auto negotiation mode is not configured on t...

Page 511: ...o the ports The device uses a hash function to assign packets to a LAG member The hash function statistically load balances the aggregated link members The device considers an Aggregated Link to be a single logical port Aggregate ports can be linked into link aggregation port groups Each group comprises ports with the same speed set to full duplex operations Ports in a LAG can contain different me...

Page 512: ... ports allowed the switch activates the highest priority candidate ports from the dynamic LAG To set LACP parameters 1 Click Switching Link Aggregation LACP Parameters in the tree view to display the LACP Parameters page Figure 15 1 LACP Parameters The LACP parameters for all ports are displayed 2 Enter the global LACP System Priority 1 65535 value that determines which candidate ports will become...

Page 513: ...ate Short Fast transmission rate Configuring LACP Parameters Using CLI Commands The following table summarizes the CLI commands for configuring LACP parameters as displayed in the LACP Parameters page Table 15 1 LACP Parameters CLI Commands CLI Command Description lacp system priority value Configures the system priority lacp port priority value Configures the priority value for physical ports lac...

Page 514: ...ENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config lacp system priority 120 console config interface gi1 0 11 console config if lacp port priority 247 console config if lacp timeout long console config if end console show lacp gi1 0 11 statistics Port gi1 0 11 LACP Statistics LACP PDUs sent 2 LACP PDUs received 2 ...

Page 515: ... cannot be configured with the LAG s properties it is not added to the LAG and an error message is generated If the first port joining the LAG cannot be configured with the LAG settings the port is added to the LAG using the port default settings and an error message is generated Since this is the only port in the LAG the entire LAG operates with the port s settings instead of the LAG s defined se...

Page 516: ...or the static LAG 5 In the LAG row the second row toggle the button to a specific number to aggregate or remove the port to that LAG number Adding Ports to LAGs Using CLI Commands The following table summarizes the CLI commands for assigning ports to LAGs as displayed in the LAG Membership pages The following is an example of the CLI commands Table 15 2 LAG Membership CLI Commands CLI Command Desc...

Page 517: ...g_Multicast fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 16 Multicast This chapter describes Multicast support on the device It contains the following topics Multicast Support Overview Global Parameters Bridge Multicast Groups Bridge Multicast Forward All IGMP Snooping Unregistered Multicast Multicast TV VLAN Multicast TV VLAN Mapping ...

Page 518: ...ed to an unregistered Multicast group is received it is handled by a special entry in the Multicast Filtering Database The default setting of this is to flood all such traffic traffic in unregistered Multicast groups The device supports Forwarding L2 Multicast Packets Forwards Layer 2 Multicast packets Layer 2 Multicast filtering is enabled by default and is not user configurable Filtering L2 Mult...

Page 519: ...MP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines Which ports want to join which Multicast groups Which ports have Multicast routers generating IGMP queries What routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that the Multi...

Page 520: ...NLY Global Parameters To enable Multicast filtering and IGMP Snooping 1 Click Switching Multicast Support Global Parameters in the tree view to display the Global Parameters page Figure 16 1 Global Parameters 2 Enter the fields Bridge Multicast Filtering Enable disable Multicast filtering Disabled is the default value IGMP Snooping Status Enable disable IGMP Snooping on the device Disabled is the ...

Page 521: ...snooping as displayed on the Global Parameters page The following is an example of the CLI commands Table 16 1 Multicast Filtering and Snooping CLI Commands CLI Command Description bridge multicast filtering no bridge multicast filtering Enables filtering of Multicast addresses Use the no form of this command to disable multicast address filtering ip igmp snooping no ip igmp snooping Enables Inter...

Page 522: ...roups The Bridge Multicast Group Summary page displays the ports and LAGs attached to a Multicast service group and the manner in which the port or LAG joined it To add and configure a Multicast group 1 Click Switching Multicast Support Bridge Multicast Group in the tree view to display the Bridge Multicast Group Summary page Figure 16 2 Bridge Multicast Group Summary The ports and LAGs in the sel...

Page 523: ...ing method New Bridge IP Multicast Enter a Multicast group IP address New Bridge MAC Multicast Enter a Multicast group MAC address Ports Select the ports to be added to a Multicast service Toggle a port to S to join the port to the selected Multicast group as a static port Toggle a port to F to indicate that it is Forbidden to this service Leave the field empty if it is not involved in the VLAN LA...

Page 524: ... group Use the no form of this command to disable Multicast address filtering bridge multicast forbidden address mac multicast address ip multicast address add remove gigabitethernet tengigabitethe rnet interface list port channel LAG number list no bridge multicast forbidden address mac multicast address Forbids adding a specific Multicast address to specific ports Use the no form of this command...

Page 525: ...ticast fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY VLAN MAC Address Ports 1 0100 5e02 0203 gi1 0 8 19 0100 5e02 0208 gi1 0 8 console show bridge multicast address table format ip VLAN IP Address Type Ports 1 224 239 130 2 2 3 static gi1 0 11 gi1 0 12 Forbidden ports for multicast addresses VLAN IP Address Ports 1 224 239 130 2 2 3 gi1 0 8 ...

Page 526: ...h After IGMP Snooping is enabled Multicast packets are forwarded to the appropriate port or VLAN To attach interfaces to a Multicast service 1 Click Switching Multicast Support Bridge Multicast Forward All in the tree view to display the Bridge Multicast Forward All page Figure 16 3 Bridge Multicast Forward All 2 Select a unit VLAN and click on the ports and LAGs to be attached to the Multicast se...

Page 527: ...uters as displayed on the Bridge Multicast Forward All page The following is an example of the CLI commands Table 16 4 Managing LAGs and Ports Attached to Multicast Routers CLI Commands CLI Command Description show bridge multicast filtering vlan id Displays the Multicast filtering configuration bridge multicast forward all add remove gigabitethernet tengigabitethe rnet interface list port channel...

Page 528: ... be enabled per VLAN to support selective IPv4 Multicast forwarding In this case Bridge Multicast filtering must also be enabled By default a Layer 2 switch forwards Multicast frames to all ports of the relevant VLAN essentially treating the frame as if it were a Broadcast When IGMP Snooping is enabled per VLAN the switch forwards Multicast frames to ports that have registered as Multicast clients...

Page 529: ...lticast domain The switch supports standards based IGMP Querier election when more than one IGMP Querier is present in the domain The speed of IGMP Querier activity should be aligned with the IGMP snooping enabled switches Queries should be sent at a rate that is aligned to the snooping table aging time If queries are sent at a rate lower than the aging time the subscriber cannot receive the Multi...

Page 530: ... be increased Operational Query Robustness Displays the robustness variable sent by the elected querier Query Interval 30 18000 Enter the interval between general queries sent by the querier Operational Query Interval The time interval in seconds between general queries sent by the elected querier Query Max Response Interval 5 20 Enter the amount of time in which a host should respond to a query O...

Page 531: ...ing Using CLI Commands The following table summarizes the CLI commands for configuring IGMP snooping on a VLAN Table 16 5 IGMP Snooping CLI Commands CLI Command Description ip igmp snooping vlan vlan id no ip igmp snooping vlan vlan id Enables IGMP snooping on a specific VLAN Use the no form of this command to disable IGMP snooping on a VLAN interface ip igmp snooping vlan vlan id mrouter learn pi...

Page 532: ...on a VLAN Use the no format of the command to disable IGMP Snooping Immediate Leave processing ip igmp snooping vlan vlan id querier no ip igmp snooping vlan vlan id querier Enables the IGMP querier on a specific VLAN Use the no form of this command to disable the IGMP querier on a VLAN interface ip igmp snooping querier address source ip address no ip igmp snooping querier address Defines the sou...

Page 533: ...s 1 224 239 130 2 2 3 Yes gi1 0 1 gi1 0 2 console show ip igmp snooping interface 1 IGMP Snooping is globaly disabled IGMP Snooping admin Enabled IGMP Snooping oper mode Disabled Routers IGMP version 3 IGMP snooping querier admin disabled IGMP snooping querier oper disabled IGMP snooping querier address admin IGMP snooping querier address oper 10 5 234 232 IGMP snooping robustness admin 2 oper 2 I...

Page 534: ...o be statically enabled This enables the device to forward the Multicast frames from a registered Multicast group only to ports that are registered to that Multicast group Traffic from unregistered Multicast groups which are the groups that are not known to the device can either be filtered or forwarded After a port has been set to Forwarding Filtering its configuration is valid for any VLAN of wh...

Page 535: ...Multicast frames on the selected port or port channel Filtering Enables filtering of unregistered Multicast frames on the selected VLAN interface Configuring Unregistered Multicast Using CLI Commands The following table summarizes the CLI commands for configuring Unregistered Multicast on the device The following is an example of the CLI commands Table 16 6 Unregistered Multicast CLI Commands CLI ...

Page 536: ...bership All static VLANs are permitted to be a Multicast TV VLAN The configuration is performed per port One or more IP Multicast address groups can be associated with a Multicast VLAN The source port must belong to the Multicast VLAN Source and receiver ports do not have to be members of the same VLAN An end port is defined as a receiver port for the Multicast VLAN Receiving ports can belong to a...

Page 537: ...ership in the tree view to display the Multicast TV VLAN Membership page Figure 16 6 Multicast TV VLAN Membership The receiver and transceiver ports in the selected TV VLAN are displayed Displaying Multicast TV VLAN Membership Using CLI Commands The following table summarizes the CLI command for displaying Multicast TV VLAN membership Table 16 7 Multicast TV VLAN Membership CLI Commands CLI Comman...

Page 538: ...cast Group IP address for a TV VLAN 1 Click Switching Multicast Support Multicast TV VLAN Mapping in the tree view to display the Multicast TV VLAN Mapping Summary page Figure 16 7 Multicast TV VLAN Mapping Summary The Multicast Group IP addresses for the selected TV VLAN are displayed 2 To add the Multicast Group IP address for a VLAN click Add and enter the fields VLAN ID Enter a VLAN ID console...

Page 539: ... The following is an example of the CLI commands Table 16 8 Unregistered Multicast CLI Commands CLI Command Description ip igmp snooping vlan vlan id multicast tv ip multicast address count number no ip igmp snooping vlan vlan id multicast tv ip multicast address count number Defines the Multicast IP addresses that are associated with a Multicast TV VLAN Use the no form of this command to remove a...

Page 540: ...l PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_Multicast fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 541: ...ts Dell Contax sources CxUGSwitching_LLDP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 17 LLDP The section describes the Link Layer Discovery Protocol LLDP It contains the following topics LLDP Overview LLDP Properties LLDP Port Settings MED Network Policy LLDP MED Port Settings Neighbors Information ...

Page 542: ...he multiple advertisement message sets are sent in the packet s Type Length Value TLV field LLDP devices must support chassis and port ID advertisements as well as system name system ID system description and system capability advertisements LLDP Media Endpoint Discovery LLDP MED increases network flexibility by enabling various IP systems to co exist on a single network and provides the following...

Page 543: ...and configure LLDP 1 Click System LLDP LLDP Properties in the tree view to display the LLDP Properties page Figure 17 1 LLDP Properties The current LLDP properties are displayed 2 Enter the fields Enable LLDP Enable disable LLDP on the device Updates Interval 5 32768 Enter the rate at which LLDP advertisement updates are sent Hold Multiplier 2 10 Enter the hold time to be sent in the LLDP update p...

Page 544: ...TIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Reinitializing Delay 1 10 Enter the minimum time in seconds that an LLDP port waits before reinitializing LLDP transmission Transmit Delay 1 8192 Enter the amount of time that passes between successive LLDP frame transmissions due to changes in the LLDP local systems MIB To use the default values for any field select Use Default ...

Page 545: ...er Specifies how often the software sends LLDP updates Use the no form of this command to restore the default configuration lldp hold multiplier number no lldp hold multiplier Specifies the time that the receiving device should hold a Link Layer Discovery Protocol LLDP packet before discarding it Use the no form of this command to restore the default configuration lldp reinit seconds no lldp reini...

Page 546: ...Projects Dell Contax sources CxUGSwitching_LLDP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config interface gi1 0 1 console config if lldp run console config lldp timer 30 console config lldp hold multiplier 3 console config lldp reinit 4 ...

Page 547: ...rties it is possible to provide additional types of information to those network devices that support the LLDP To configure LLDP per port 1 Click System LLDP LLDP Port Settings in the tree view to display the LLDP Port Settings Summary page Figure 17 2 LLDP Port Settings Summary LLDP settings for all ports are displayed 2 To modify the LLDP settings for a port click Edit and select the port to be ...

Page 548: ...rsions of the hardware operating system and networking software supported by the switch This value equals the sysDescr object System Capabilities Primary functions of the switch and whether or not these functions are enabled in the switch The capabilities are indicated by two octets Bits 0 through 7 indicate Other Repeater Bridge WLAN AP Router Telephone DOCSIS cable device and station respectivel...

Page 549: ...P Port Settings CLI Commands CLI Command Description lldp transmit no lldp transmit Enables transmitting LLDP on an interface Use the no form of this command to stop transmitting LLDP on an interface lldp receive no lldp receive Enables receiving LLDP on an interface Use the no form of this command to stop receiving LLDP on an interface lldp optional tlv tlv1 tlv2 tlv5 Specifies which optional TLV...

Page 550: ...etwork policy instructs the connected device as to how to send traffic for example a policy can be created for VoIP phones that instructs them to Send voice traffic on VLAN 10 Tag voice traffic with DSCP 63 Transmit data traffic to the switch from the PC connected to the switch through the VoIP phone without modification to traffic sent by the PC typically Untagged For network policies to be imple...

Page 551: ...the tree view to display the MED Network Policy Summary page Figure 17 3 MED Network Policy Summary Previously defined network policies are displayed 2 To add a network policy click Add and enter the fields Network Policy Number Select an available network policy number Application Select the application type of traffic for which the network policy is defined VLAN ID Enter the VLAN ID to which the...

Page 552: ... sent to the switch Configuring MED Network Policies Using CLI Commands The following commands are used to configure MED network policies The following is an example of the CLI commands Table 17 3 LLDP MED Network Policies CLI Commands CLI Command Description lldp med network policy number application vlan id vlan type tagged untagged up priority dscp value no lldp med network policy number Define...

Page 553: ...mmary page Figure 17 4 MED Port Settings Summary 2 Select the unit in the stack All ports on that unit are displayed along with the following fields LLDP MED Status Specifies if LLDP MED is enabled on the selected port Network Policy Specifies whether a network policy is assigned to the port Location Specifies whether the location is advertised PoE Specifies whether PoE is enabled on the port 3 To...

Page 554: ...es in Hex Displays the device s civic or street address location for example 414 23rd Ave E Location ECS ELIN 10 25 Bytes in Hex Displays the device s ECS ELIN location 5 To view MED details for a port click Details and select a port The following fields are displayed for the port Auto Negotiation Status Enabled specifies that auto negotiation is enabled on the port Disabled indicates that it is n...

Page 555: ...ndpoint device Application The following fields are displayed for each possible application type Application Type The application type Flags The VLAN tagging status for the application type Tagged or Untagged VLAN ID The VLAN number for the application type User Priority The user priority for the application type DSCP The DSCP value assigned to the network policy Location Type Displays the port s ...

Page 556: ...twork policy add remove number no lldp med network policy number Attaches or removes an LLDP MED network policy on an interface Use the no form of this command to remove all the LLDP MED network policies from the interface lldp med location coordinate data civic address data ecs elin data no lldp med location coordinate civic address ecs elin configure the LLDP MED for an interface Use the no form...

Page 557: ...ing is an example of the CLI commands console config interface gi1 0 3 console config lldp med location civic address 6162636465 console show lldp med configuration Fast Start Repeat Count 4 Network policy 1 Application type voiceSignaling VLAN ID 1 untagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Location PoE Notif Inventory Policy ications gi1 0 1 Yes Yes Yes No Enabled No gi1 0 2 Ye...

Page 558: ...ng devices The neighbor s information is deleted after timeout Timeout is the maximum interval that can pass without receiving an LLDP PDU from a neighbor The timeout value is computed from the neighbor s Time to Live TLV To view neighbors information 1 Click System LLDP Neighbors Information in the tree view to display the Neighbors Information page Figure 17 5 Neighbors Information The following...

Page 559: ... Advertise Information page and the Green Ethernet Configuration pages the following fields are displayed for the neighbors of the selected port Power Type Port s power type Power Source Port s power source Power Priority Port s power priority Power Value Port s power value in Watts Hardware revision Hardware revision Firmware revision Firmware revision Software revision Software revision Serial n...

Page 560: ...ONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console show lldp neighbors Port Device ID Port ID System Capabili TTL Name ties gi2 0 17 00 75 73 71 72 55 1 e21 0 91 gi2 0 33 00 12 cf 7c 63 a0 1 e1 0 92 gi2 0 33 00 11 22 11 22 33 1 g39 0 107 gi2 0 33 00 aa aa aa aa aa 1 e37 0 106 gi2 0 41 a4 ba db 57 7c 8d g13 O 97 ...

Page 561: ... sources CxUGSwitching_ARP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 18 Dynamic ARP Inspection This section describes dynamic ARP inspection It contains the following topics Dynamic ARP Inspection Overview Global Settings Dynamic ARP Inspection List Dynamic ARP Inspection Entries VLAN Settings Trusted Interfaces ...

Page 562: ...erformed See How DHCP Snooping Works on page 574 for an explanation of the DHCP Snooping database If the IP address is found the packet is valid and is forwarded Packets with invalid ARP Inspection bindings are logged and dropped Ports are classified as follows Trusted Packets are not inspected Untrusted Packets are inspected as described above The following additional validation checks may be con...

Page 563: ...Switching Dynamic ARP Inspection Global Settings in the tree view to display the Global Settings page Figure 18 1 Global Settings 2 Enter the fields Enable ARP Inspection Enable disable ARP inspection ARP Inspection Validate Enable disable the following checking source MAC address destination MAC address and IP addresses against the respective addresses in the ARP body Minimal Syslog Interval 0 86...

Page 564: ...tion Global Settings CLI Commands CLI Command Description ip arp inspection no ip arp inspection Enables ARP inspection Use the no form of this command to disable ARP inspection ip arp inspection validate no ip arp inspection validate Performs specific checks for dynamic ARP inspection Use the no form of this command to restore the default configuration ip arp inspection logging interval seconds i...

Page 565: ...ist and add the first entry to it 1 Click Switching Dynamic ARP Inspection Dynamic ARP Inspection List in the tree view to display the Dynamic ARP Inspection List Summary page Figure 18 2 Dynamic ARP Inspection List Summary The dynamic ARP lists are displayed 2 To create a new list and enter the first address pair in it click Add and enter the fields List Name Create and enter a list name IP Addre...

Page 566: ...es the CLI commands for configuring the fields in the Dynamic ARP Inspection List pages The following is an example of some of the CLI commands Table 18 2 Dynamic ARP Inspection List CLI Commands CLI Command Description ip arp inspection list create name no ip arp inspection list create name Creates a static ARP binding list and enters the ARP list configuration mode Use the no form of this comman...

Page 567: ...age 1 Click Switching Dynamic ARP Inspection Entries Dynamic ARP Inspection Entries in the tree view to display the Dynamic ARP Inspection Entries Summary page Figure 18 3 Dynamic ARP Inspection Entries Summary The dynamic ARP entries for the selected list are displayed 2 To add a new address pair to a list click Add and select the list 3 Enter the fields IP Address Enter the IP address that will ...

Page 568: ...amic ARP Inspection List Entries CLI Commands CLI Command Description ip ip address mac address mac address no ip ip address mac address mac address Creates a static ARP binding Use the no form of this command to delete a static ARP binding show ip arp inspection list Displays the static ARP binding list console config ip arp inspection list create servers console config arp list ip 172 16 1 1 mac...

Page 569: ... defined in the Dynamic ARP Inspection List pages to a VLAN 1 Click Switching Dynamic ARP Inspection Entries VLAN Settings in the tree view to display the VLAN Settings Summary page Figure 18 4 VLAN Settings Summary The VLANs and their associated lists of IP MAC address pairs are displayed 2 To designate a VLAN to be associated with an ARP inspection list click Add VLAN and enter the VLAN ID 3 Cli...

Page 570: ...tings pages The following is an example of some of the CLI commands Table 18 4 Assigning IP MAC Address Pairs to VLANs CLI Commands CLI Command Description ip arp inspection vlan vlan id Enables ARP inspection on a VLAN based on the DHCP Snooping database Use the no form of this command to disable ARP inspection on a VLAN ip arp inspection list assign vlan id name no ip arp inspection list assign ...

Page 571: ...ace beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall To configure an interface to be trusted 1 Click Switching Dynamic ARP Inspection Trusted Interface in the tree view to display the Trusted Interface Summary page Figure 18 5 Trusted Interface Summary The ports on the selected unit and their trusted status are displayed 2 To modif...

Page 572: ...xample of some of the CLI commands Table 18 5 Configuring Trusted Interface Parameters CLI Commands CLI Command Description ip arp inspection trust no ip arp inspection trust Configures an interface trust state that determines if incoming ARP packets are inspected Use the no form of this command to restore the default configuration show ip arp inspection gigabitethernet tengigabit ethernet port nu...

Page 573: ... Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_DHCP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 19 DHCP Snooping This section describes DHCP Snooping and DHCP Relay features It contains the following topics DHCP Snooping DHCP Relay ...

Page 574: ...and untrusted interfaces located beyond the network firewall How DHCP Snooping Works DHCP snooping filters untrusted messages and stores these messages in a database Interfaces are untrusted if the packet is received from an interface outside the network or from an interface beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall The DHCP...

Page 575: ...se DHCPNAK Filter Same as DHCPOFFER Remove entry if exists DHCPDECLINE Check if there is information in the database If the information exists and does not match the interface on which the message was received the packet is filtered Otherwise the packet is forwarded to trusted interfaces only and the entry is removed from database Forward to trusted interfaces only DHCPRELEASE Same as DHCPDECLINE ...

Page 576: ...nding database Limitations The following limitations apply Enabling DHCP snooping uses TCAM resources The switch writes changes to the binding database only when the switch system clock is synchronized with SNTP The switch does not update the Binding database when a station moves to another interface Global Parameters Use the Global Parameters page to Enable disable DHCP snooping globally Determin...

Page 577: ...ng is enabled enter the fields Option 82 Passthrough Enable disable whether to forward enable or filter disable DHCP packets received from untrusted interfaces with option 82 information Verify MAC Address Enable disable MAC addresses verification This determines whether to forward enable or filter disable DHCP packets received from untrusted interfaces whose source MAC address and the DHCP client...

Page 578: ...ption 82 information from an untrusted port Use the no form of this command to return to the default setting ip dhcp snooping verify no ip dhcp snooping verify Configures the switch to verify on an untrusted port that the source MAC address in a DHCP packet matches the client hardware address Use the no form of this command to configure the switch to not verify the MAC addresses ip dhcp snooping d...

Page 579: ...cp snooping console config ip dhcp snooping information option allowed untrusted console config ip dhcp snooping verify console config ip dhcp snooping database console config ip dhcp snooping database frequency 1200 console show ip dhcp snooping DHCP snooping is enabled DHCP snooping database enabled Option 82 on untrusted port is allowed Verification of hwaddr field is enabled DHCP snooping file...

Page 580: ...ice When DHCP snooping is disabled for a VLAN the Binding entries that were collected for that VLAN are removed from the Binding database To enable disable DHCP snooping on a VLAN 1 Click Switching DHCP Snooping VLAN Settings in the tree view to display the VLAN Settings page Figure 19 2 VLAN Settings The list of existing VLANs are displayed in the VLAN ID list 2 Click Add to move the VLANs for wh...

Page 581: ... on VLANs Using CLI Commands The following table summarizes the CLI commands for configuring DHCP snooping on VLANs The following is an example of some of the CLI commands Table 19 3 DHCP Snooping on VLANs CLI Commands CLI Command Description ip dhcp snooping vlan vlan id no ip dhcp snooping vlan id Enables DHCP snooping on a VLAN Use the no form of this command to disable DHCP snooping on a VLAN ...

Page 582: ...rfaces To define a trusted interface 1 Click Switching DHCP Snooping Trusted Interface in the tree view to display the Trusted Interface Summary page Figure 19 3 Trusted Interfaces Summary A list of the interfaces is displayed 2 To change the trust status of an interface click Edit and enter the fields Interface Select a unit and port or LAG Trust Status Enable disable DHCP Snooping Trust mode on ...

Page 583: ...CP snooping entries to the Snooping Binding database can be manually added or deleted These entries are added to the Snooping Binding database and Snooping Binding file if it exists but they are not added to the configuration files A manually added entry can be either dynamic or a static When configuring a dynamic entry an expiration date must be assigned The refresh time in seconds of the binding...

Page 584: ...Database in the tree view to display the Binding Database Summary page Figure 19 4 Binding Database A list of the database entries is displayed 2 To query the database enter query criteria and click Query Database entries matching the query are displayed 3 To add a entry click Add and enter the fields Type Select the entry type The possible options are Static IP address was statically configured D...

Page 585: ...ing database Table 19 5 DHCP Snooping Binding Database CLI Commands CLI Command Description ip dhcp snooping database no ip dhcp snooping database Enables the DHCP Snooping binding database file Use the no form of this command to delete the DHCP Snooping binding database file ip dhcp snooping database update freq seconds no ip dhcp snooping database update freq Enables the DHCP Snooping binding da...

Page 586: ... hernet port number port channel LAG number Displays the DHCP snooping binding database and configuration information for all interfaces or some interfaces on a switch console config ip dhcp snooping database console config ip dhcp snooping update freq 3600 console show ip dhcp snooping binding Update frequency 3600 Total number of binding 2 MAC Address IP Address Lease sec Type VLAN Interface 006...

Page 587: ... them between DHCP servers and clients which reside in different VLANs or IP subnets This functionality is intended to be used when the client ingress VLAN is different than the VLAN on which DHCP servers are connected The switch can relay DHCP messages received from its IPv4 interfaces to one or more configured DHCP servers The switch puts the IPv4 address into the message giaddr before relaying ...

Page 588: ...ddress the port identifier and the VLAN that forwarded the packet Both DHCP snooping and DHCP relay can insert option 82 into traversing packets DHCP snooping with option 82 insertion provides transparent Layer 2 relay agent functionality when the DHCP server is on the same VLAN as the clients Limitations The following limitations exist for DHCP Relay It is not supported on IPv6 It is not relayed ...

Page 589: ...intenance Projects Dell Contax sources CxUGSwitching_DHCP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Option 82 To enable Option82 insertion 1 Click Switching DHCP Relay Option 82 in the tree view to display the Option 82 page Figure 19 5 Option 82 2 Enable disable Option 82 insertion ...

Page 590: ... an example of the CLI command Global Settings To set the DHCP Relay global settings 1 Click Switching DHCP Relay Global Settings in the tree view to display the Global Settings Summary page Figure 19 6 Global Settings Summary The currently define DHCP servers are displayed 2 Enable disable DHCP relay Table 19 6 CLI Option 82 Commands CLI Command Description ip dhcp information option no ip dhcp i...

Page 591: ...I Command Description ip dhcp relay enable no ip dhcp relay enable Enables DHCP relay features on the device Use the no form of this command to disable the DHCP relay agent ip dhcp relay address ip address no ip dhcp relay address ip address Defines the DHCP servers available for the DHCP relay Use the no form of this command to remove servers from the list show ip dhcp relay Displays the server a...

Page 592: ...s NOTE For DHCP Relay to function on an interface it also must be activated globally in the Global Settings page To enable DHCP relay on a port LAG or VLAN 1 Click Switching DHCP Relay Interface Settings in the tree view to display the Interface Settings Summary page Figure 19 7 Interface Settings Summary The currently define DHCP interfaces are displayed 2 To enable DHCP relay on an interface cli...

Page 593: ...mmand Description ip dhcp relay enable no ip dhcp relay enable Enables the DHCP relay features on the interface in Interface Configuration mode Use the no form of this command to disable the DHCP relay agent feature on the interface ip dhcp relay address ip address no ip dhcp relay address Defines a DHCP servers available for DHCP relay Use the no form of this command to remove servers from the li...

Page 594: ...Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxUGSwitching_DHCP fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 595: ...e Projects Dell Contax sources CxUGSwitching_iscsi fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 20 iSCSI Optimization This section describes iSCSI optimization It contains the following topics Optimizing iSCSI Overview Global Parameters iSCSI Targets iSCSI Sessions Configuring iSCSI Using CLI ...

Page 596: ...ers This enables organizations to consolidate storage into data center storage arrays while providing hosts such as database and web servers with the illusion of locally attached disks The targets listen on a well known TCP port or any other TCP port that has been explicitly specified for incoming connections The login process is started when the initiator establishes a TCP connection to the desir...

Page 597: ...application rules DHCP Snooping or ACL can be removed after reset If the target uses redirect messages upon the initiator request and as a result the initiator opens a connection to a different target the new target must be configured as part of the general configuration Only iSCSI flows to targets that use the iSCSI well known port or other explicit user defined configuration are assigned QoS The...

Page 598: ...y opened iSCSI session arrives and there are already four TCP connections the new connection replaces the oldest one within this specific iSCSI session A short flow interruption caused by STP topology change or administrative port down action might cause the TCP connection to reinitiate without closing the iSCSI session If the actual iSCSI session used only one TCP connection the reinitiated one w...

Page 599: ...t priority or WRR and map the CoS or DSCP to the desired queue in the CoS to Queue or DSCP to Queue pages To enable iSCSI and set its QoS parameters 1 Click System iSCSI Optimization Global Parameters in the tree view to display the Global Parameters page Figure 20 1 Global Parameters 2 Enter the fields iSCSI Status Enable disable iSCSI optimization iSCSI COS Status Enable disable the Class of Ser...

Page 600: ...setting the device the Flow Control changes are effective immediately Defining iSCSI Global Parameters Using CLI Commands The following table summarizes the CLI commands for defining fields displayed in the iSCSI Global Parameters pages Table 20 1 iSCSI Global Parameters CLI Commands CLI Command Description iscsi enable no iscsi enable Enables iSCSI awareness Use the no form of the command to disa...

Page 601: ...f the CLI commands console config iscsi enable console config iscsi cos dscp 31 console config iscsi aging time 10 console show iscsi Target iqn 1993 11 com disk vendor diskarrays sn 45678 Session 1 Initiator iqn 1992 04 com os vendor plan9 cdrom 12 storage sys1 xyz Time started 23 Jul 2002 10 04 50 Time for aging out 10 min ISID 11 Initiator Initiator Target Target IP Address TCP Port IP Address ...

Page 602: ... iSCSI target 1 Click System iSCSI Optimization iSCSI Targets in the tree view to display the iSCSI Targets Summary page Figure 20 2 iSCSI Targets Summary The currently defined targets are displayed 2 To add a new target click Add 3 Enter the fields TCP Port TCP port used by the target for iSCSI communications IP Address IP address of the target The IP address 0 0 0 0 is any IP address Target Name...

Page 603: ...ollowing is an example of the CLI commands Table 20 2 iSCSI Targets Table CLI Commands CLI Command Description iscsi target port tcp port 1 tcp port 2 tcp port 8 address ip address name target name no iscsi target port tcp port 1 tcp port 2 tcp port 8 address ip address Configures iSCSI port s target address and name Use the no form of this command to delete an iSCSI target show iscsi sessions Sho...

Page 604: ...ions to various targets 1 Click System iSCSI Optimization iSCSI Sessions in the tree view to display the iSCSI Sessions page Figure 20 3 iSCSI Sessions 2 Select a target and click Details The following is displayed Target Name The name of the target Initiator Name The name of the initiator ISID The iSCSI session ID Session Life Time The amount of time that has passed since the first frame of the s...

Page 605: ...endor diskarrays sn 45678 Initiator iqn 1992 04 com os vendor plan9 cdrom 12 ISID 11 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 ISID 222 Target iqn 103 1 com storage vendor sn 43338 storage tape sys1 xyz Initiator iqn 1992 04 com os vendor plan9 cdrom 12 ISID 44 Initiator iqn 1995 05 com os vendor plan9 cdrom 10 ISID 65 console show iscsi sessions detailed Target iqn 1993 11 com disk vendo...

Page 606: ...LY Configuring iSCSI Using CLI The following is a sample procedure to configure the iSCSI feature using CLI Table 20 4 Sample CLI Script to Configure iSCSI CLI Command Description iscsi enable Enable iSCSI iscsi cos vpt 2 remark Set iSCSI flow to use VPT 2 Layer 2 CoS This VPT value replaces the original VPT in the packet show iscsi sessions Verify that iSCSI is enabled and that the iSCSI flows ar...

Page 607: ...IDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 21 Statistics RMON This section describes many of the statistics available on the device The only exception is the QoS statistics described in Quality of Service on page 651 It contains the following topics Table Views RMON Components Charts ...

Page 608: ...s Dell Contax sources CxUGStatistics fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY Table Views This section displays statistics in table form It contains the following topics Denied ACEs Counters Utilization Summary Counter Summary Interface Statistics Etherlike Statistics GVRP Statistics EAP Statistics ...

Page 609: ... criteria expressed in some ACE To display the denied ACE counters 1 Click Statistics RMON Table Views Denied ACEs Counters in the tree view to display the Denied ACEs Counters page Figure 21 1 Denied ACEs Counters The global number of dropped packets is displayed along with the number of dropped packets on each interface 2 To clear the counters select either a stack unit and port or LAG All ports...

Page 610: ...I Commands The following table contains the CLI commands for viewing denied ACE counters statistics The following is an example of the CLI commands Table 21 1 Denied ACE Counters CLI Commands CLI Command Description show interfaces access lists counters gigabitethernet tengigabite thernet port number port channel LAG number Displays Access List counters console show interfaces access lists counter...

Page 611: ...tilization Summary in the tree view to display the Utilization Summary page Figure 21 2 Utilization Summary 2 Select a unit and port LAG The following fields are displayed Port LAG The port LAG number Interface Status The status of the interface Up Down or Not Present when no port is attached to the LAG Interface Utilization Network interface utilization percentage based on the duplex mode of the ...

Page 612: ... PROOF ONLY Unicast Received Percentage of Unicast packets received on the interface Non Unicast Packets Received Percentage of non Unicast packets received on the interface Error Packets Received Percentage of packets with errors received on the interface 3 Select one of the Refresh Rate options to specify how frequently the statistics should be refreshed The CPU utilization chart is displayed ...

Page 613: ...ansmitted packets on ports as numeric figures and not percentages 1 Click Statistics RMON Table Views Counter Summary in the tree view to display the Counter Summary page Figure 21 3 Counter Summary Counters for the selected units or LAG are displayed 2 Select a port LAG The following fields are displayed Port LAG The interface number Interface Status Status of the interface Up or Down Received Un...

Page 614: ...nicast Packets Number of transmitted Unicast packets from the interface Received Non Unicast Packets Number of received non Unicast packets on the interface Transmitted Non Unicast Packets Number of transmitted non Unicast packets from the interface Received Errors Number of received packets with errors on the interface 3 Select one of the Refresh Rate options to specify how frequently the counter...

Page 615: ...ber of received and transmitted packets on an interface 1 Click Statistics RMON Table Views Interface Statistics in the tree view to display the Interface Statistics page Figure 21 4 Interface Statistics 2 Select a port LAG 3 Select one of the Refresh Rate options to specify how frequently the counters should be refreshed The following fields are displayed Receive Statistics Total Bytes Octets Amo...

Page 616: ...ce Broadcast Packets Number of Broadcast packets received on the selected interface Packets with Errors Number of errors packets received on the selected interface Transmit Statistics Total Bytes Octets Number of octets transmitted from the selected interface Unicast Packets Number of Unicast packets transmitted from the selected interface Multicast Packets Number of Multicast packets transmitted ...

Page 617: ...herlike Statistics in the tree view to display the Etherlike Statistics page Figure 21 5 Etherlike Statistics 2 Select a port LAG The following fields are displayed Frame Check Sequence FCS Errors Number of frames received that are an integral number of octets in length but do not pass the FCS check Single Collision Frames Number of frames that are involved in a single collision and are subsequent...

Page 618: ...um permitted frame size Received Pause Frames Number of MAC Control frames received with a PAUSE operation code Transmitted Pause Frames Number of MAC Control frames transmitted on this interface with a PAUSE operation code 3 Select one of the Refresh Rate options to clears the statistics for the selected interface Viewing Interface Statistics Using the CLI Commands The following table contains th...

Page 619: ...i2 0 2 0 0 0 0 gi2 0 3 0 0 0 0 gi2 0 4 0 0 0 0 gi2 0 5 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gi2 0 1 0 0 0 0 gi2 0 2 0 0 0 0 gi2 0 3 0 0 0 0 gi2 0 4 0 0 0 0 console show interfaces counters gi1 0 1 Port InUcastPkts InMcastPkts InBcastPkts InOctets gi1 0 1 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gi1 0 1 0 0 0 0 Alignment Errors 0 FCS Errors 0 Single Col...

Page 620: ...tistics 1 Click Statistics RMON Table Views GVRP Statistics in the tree view to display the GVRP Statistics page Figure 21 6 GVRP Statistics 2 Select a port LAG The number of received and transmitted packets in the following counters is displayed GVRP Statistics Table Join Empty The number of GVRP Join Empty packets Empty The number of GVRP empty packets Leave Empty The number of GVRP Leave Empty ...

Page 621: ... GVRP Invalid Attribute Value errors Invalid Attribute Length The number of GVRP Invalid Attribute Length errors Invalid Event The number of GVRP Invalid Events errors 3 Select one of the Refresh Rate options to specify how frequently the statistics should be refreshed Viewing GVRP Statistics Using the CLI Commands The following table contains the CLI commands for viewing GVRP statistics Table 21 ...

Page 622: ...The following is an example of the CLI commands console show gvrp statistics GVRP Statistics Legend rJE Join Empty Received rJIn Join In Received rEmp Empty Received rLIn Leave In Received rLE Leave Empty Received rLA Leave All Received sJE Join Empty Sent sJIn Join In Sent sEmp Empty Sent sLIn Leave In Sent sLE Leave Empty Sent sLA Leave All Sent Port rJE rJIn rEmp rLIn rLE rLA sJE sJIn sEmp sLIn...

Page 623: ...tics For information about EAP see Dot1x Authentication on page 132 To display EAP statistics 1 Click Statistics RMON Table Views EAP Statistics in the tree view to display the EAP Statistics page Figure 21 7 EAP Statistics 2 Select a port LAG The following fields are displayed Frames Received The number of valid EAPOL frames received on the port Frames Transmitted The number of EAPOL frames trans...

Page 624: ...es Transmitted The number of EAP Request frames transmitted via the port Invalid Frames Receive The number of unrecognized EAPOL frames received on this port Length Error Frames Receive The number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version The protocol version number attached to the most recently received EAPOL frame Last Frame Source The source MAC...

Page 625: ...ARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console show dot1x statistics gi1 0 1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0008 3b79 8787 ...

Page 626: ...urces CxUGStatistics fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY RMON Components This section describes Remote Monitoring RMON which enables network managers to display network information from a remote location It contains the following topics Statistics History Control History Table Events Control Events Log Alarms ...

Page 627: ...the device 1 Click Statistics RMON RMON Statistics in the tree view to display the Statistics page Figure 21 8 Statistics 2 Select a port LAG The following fields are displayed Received Bytes Octets Number of bytes received on the selected interface Received Packets Number of packets received on the selected interface Broadcast Packets Received Number of good Broadcast packets received on the inte...

Page 628: ...64 octets in length excluding framing bits but including FCS octets which has either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Jabbers Number of packets received longer than 1518 octets excluding framing bits but including FCS octets and having either a bad Frame Check Sequence FCS with an integral n...

Page 629: ...ing the CLI Commands The following table contains the CLI commands for viewing and enabling RMON statistics The following is an example of the CLI commands Table 21 5 Configuring RMON Statistics Using CLI Command CLI Command Description show rmon statistics gigabitethernet tengigabiteth ernet interface port channel LAG number Displays RMON Ethernet statistics console show rmon statistics gi1 0 1 P...

Page 630: ...request a new sample of interface statistics 1 Click Statistics RMON RMON History Control in the tree view to display the History Control Summary page Figure 21 9 History Control Summary Previously defined samples are displayed 2 To add a new entry click Add The New History Entry number which uniquely identifies the sample is displayed 3 Enter the fields for the entry Source Interface Sampled Ethe...

Page 631: ...mands for configuring RMON history control The following is an example of the CLI commands Table 21 6 RMON History Control CLI Commands CLI Command Description rmon collection stats index owner ownername bucket bucket number interval seconds no rmon collection stats index Enables and configures RMON on an interface Use the no form of this command to remove a specified RMON history group of statist...

Page 632: ...stical network samplings Each table entry represents the counter values compiled during a single sample To display RMON statistics for a specified sample 1 Click Statistics RMON RMON History Table in the tree view to display the History Table page Figure 21 10 History Table 2 Select a History Entry No The following fields are displayed Owner RMON station or user that requested the RMON information...

Page 633: ... Align Errors Number of packets received during the sampling session with a length of between 64 1632 octets who had a bad Check Sequence FCS with an integral number of octets or a bad FCS with a non integral number Undersize Packets Number of packets having less than 64 octets received during the sampling session Oversize Packets Number of packets having more than 1632 octets received during the ...

Page 634: ...ds for viewing the RMON history table The following is an example of a CLI command Table 21 7 RMON History Table CLI Commands CLI Command Description show rmon history index throughput errors other period seconds Displays RMON Ethernet statistics history console show rmon history 1 throughput Sample Set 1 Interface 1 0 1 Requested samples 50 Owner CLI Interval 1800 Granted samples 50 Maximum table...

Page 635: ...page An event can be any combination of logs traps If the action includes logging then the events are logged in the Events Log page To define an RMON event 1 Click Statistics RMON RMON Events Control in the tree view to display the Events Control Summary page Figure 21 11 Events Control Summary The currently defined events are displayed Along with the fields described in the Events Control Add pag...

Page 636: ...ions are None No action is taken Log When an alarm occurs a log entry is recorded Trap When an alarm occurs a trap is generated Log and Trap When an alarm occurs a log entry is recorded and a trap is generated Owner Enter the event owner Defining RMON Events Using the CLI Commands The following table contains the CLI commands for defining RMON events Table 21 8 RMON Event Definition CLI Commands C...

Page 637: ...m DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config rmon event 1 log console config exit console show rmon events Index Description Type Community Owner Last Time Sent 1 Errors Log Default Community CLI Jan 18 2002 23 58 17 2 High Broadcast Log Trap Router Manager Jan 18 2002 23 59 48 ...

Page 638: ... event is logged when the type of the event is Log or Log and Trap The action in the event is performed when the event is bound to an alarm see the Alarms page and the conditions of the alarm have occurred To display the events log Click Statistics RMON RMON Events Log in the tree view to display the Events Control page Figure 21 12 Events Control The following fields are displayed Event The event...

Page 639: ...ting thresholds and sampling intervals to generate exception events on a counter or any other SNMP object counter maintained by the agent Both the rising and falling thresholds must be configured in the alarm After a rising threshold is crossed another rising event is not generated until the companion falling threshold is crossed After a falling alarm is issued the next Table 21 9 Device Event Vie...

Page 640: ...s are bound to an event The event indicates the action to be taken when the alarm occurs To add an RMON alarm 1 Click Statistics RMON RMON Alarms in the tree view to display the Alarms Summary page Figure 21 13 Alarms Summary The currently defined alarms are displayed 2 To add a new alarm click Add and enter the fields Alarm Entry Displays a new alarm entry Interface Select the interface for which...

Page 641: ...ng counter value that triggers the rising event alarm Rising Event Select one of the previously defined events Falling Threshold 0 2147483647 Enter the falling counter value that triggers the falling event alarm Falling Event Select one of the previously defined events Startup Alarm Select the trigger that activates the alarm The possible options are Rising Alarm A rising counter value triggers th...

Page 642: ...wing table contains the CLI commands for defining device alarms Table 21 10 Device Alarm CLI Commands CLI Command Description rmon alarm index MIB_Object_ID interval rthreshold fthreshold revent fevent type type startup direction owner name no rmon alarm index Configures RMON alarm conditions Use the no form of this command to remove an alarm show rmon alarm table Displays summary of the alarm tab...

Page 643: ...CxUGStatistics fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console config rmon alarm 1000 1 3 6 1 2 1 2 2 1 10 1 360000 1000000 1000000 10 20 console show rmon alarm table Index 123 OID 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 9 Owner CLI Manager CLI ...

Page 644: ... 10 30 13 FOR PROOF ONLY Charts This section describes how to display statistics as charts It contains the following topics Ports LAGs CPU Utilization Ports To display port statistics in chart format 1 Click Statistics RMON Charts Ports in the tree view to display the Ports page Figure 21 14 Ports 2 Select the unit ID of a unit in the stack for which you want to display statistics ...

Page 645: ...yed Interface Statistics Select the interface statistics to display Etherlike Statistics Select the frame error statistics to display RMON Statistics Select the RMON statistics to display GVRP Statistics Select the GVRP statistics type to display Refresh Rate Select the amount of time that passes before the statistics are refreshed 4 To draw a chart for the selected statistics click Draw The chart...

Page 646: ... statistics are the same CLI commands described above The Ports page simply shows the same statistics in chart form LAGs To display LAG statistics in chart format 1 Click Statistics RMON Charts LAGs in the tree view to display the LAGs page Figure 21 15 LAGs 2 Check the type of statistics to be displayed Interface Statistics Select the interface statistics to display Etherlike Statistics Select th...

Page 647: ...G Statistics Using the CLI Commands The following table contains the CLI commands for viewing LAG statistics Table 21 11 LAG Statistic CLI Commands CLI Command Description show interfaces counters gigabitethernet tengigabitet hernet interface port channel LAG number Displays traffic seen by the physical interface show rmon statistics gigabitethernet tengigabitet hernet interface port channel LAG n...

Page 648: ...NARY 10 30 13 FOR PROOF ONLY The following is an example of the CLI commands console show rmon statistics gi1 0 1 Port gi1 0 1 Dropped 0 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbers 0 64 Octets 0 65 to 127 Octets 1 128 to 255 Octets 1 256 to 511 Octets 1 512 to 1023 Octets 0 1024 to max Octets 0 ...

Page 649: ...isplay the system s CPU utilization and percentage of CPU resources consumed by each unit in the stack Each unit in the stack is assigned a color on the graph To display CPU utilization in chart format 1 Click Statistics RMON Charts CPU Utilization in the tree view to display the CPU Utilization page Figure 21 16 CPU Utilization 2 Select the Refresh Rate to specify how frequently the statistics sh...

Page 650: ...F ONLY Viewing CPU Utilization Using CLI Commands The following table summarizes the CLI commands for viewing CPU utilization The following is an example of the CLI commands Table 21 12 CPU Utilization CLI Commands CLI Command Description show cpu utilization Displays CPU utilization console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes...

Page 651: ...e 651 DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY 22 Quality of Service This section provides information for configuring Quality of Service QoS It contains the following topics QoS Features and Components General QoS Basic Mode QoS Advanced Mode QoS Statistics ...

Page 652: ...ment to Hardware Queues Assigns incoming packets to forwarding queues Packets are sent to a particular queue for handling as a function of the traffic class to which they belong Other Traffic Class Handling Attribute Applies QoS mechanisms to various classes including bandwidth management QoS Modes A single QoS mode is selected and applies to all interfaces in the system The modes are Basic Mode C...

Page 653: ...s on out of profile excess traffic Disable Mode QoS is not enabled In this mode all traffic is mapped to a single best effort queue so that no type of traffic is prioritized over another Only a single mode can be active at a time When the system is configured to work in QoS Advanced mode settings for QoS Basic mode are not active and vice versa When the QoS mode is changed the following occurs Whe...

Page 654: ...PROOF ONLY General This section contains the following topics QoS Mode QoS Properties Queue Mapping to Queue Bandwidth TCP Congestion Avoidance QoS Mode To enable disable the QoS mode 1 Click Quality of Service General QoS Mode in the tree view to display the QoS Mode page Figure 22 1 QoS Mode 2 Select the QoS Mode The possible options are Basic QoS is enabled in Basic mode on the switch ...

Page 655: ...de on the switch Disable QoS is not enabled on the switch Setting QoS Mode Using CLI Commands The following table summarizes the CLI commands for setting the QoS mode The following is an example of the CLI commands Table 22 1 QoS Mode CLI Commands CLI Command Description qos basic advanced no qos Enables QoS on the device Use the no form of this command to disable QoS on the device show qos Displa...

Page 656: ...lue on incoming untagged packets 1 Click Quality of Service General QoS Properties in the tree view to display the QoS Properties Summary page Figure 22 2 QoS Properties Summary The default CoS values for all interfaces on the selected unit are displayed 2 To modify the CoS value for an interface click Edit and enter the fields Interface Select a port or LAG if required Set Default CoS Enter the d...

Page 657: ...ic from the lower queues is processed only after the highest queue has been transmitted thus providing the highest level of priority of traffic to the lowest numbered queue Weighted Round Robin WRR In WRR mode the number of packets sent from the queue is proportional to the weight of the queue the higher the weight the more frames are sent For example if all eight queues are WRR and the default we...

Page 658: ...assigned strict priority queues are serviced according to that order The following is true if some queues are assigned strict priority and others are assigned WRR If one queue is assigned strict priority all higher queues are also assigned strict priority Conversely if a queue is assigned a WRR weight all lower queues must also have a WRR weight assigned to them In the above case traffic for the s...

Page 659: ...e view to display the Queue page Figure 22 3 Queue The queues are displayed 2 Enter the parameters for the queues Strict Priority Check to indicate that traffic scheduling for the selected queue and all higher queues is based strictly on the queue priority WRR Check to indicate that traffic scheduling for the selected queue is based on WRR The time period is divided between the WRR queues that are...

Page 660: ...e The following is an example of the CLI commands Mapping to Queue This section provides information for mapping DSCP and CoS values to service queues and contains the following topics CoS to Queue DSCP to Queue Table 22 3 Queue Setting CLI Commands CLI Command Description priority queue out num of queues number of queues no priority queue out num of queues Configures the number of expedite queues...

Page 661: ...ets is based on the CoS priority in their VLAN Tags For incoming untagged packets the CoS priority is the default CoS priority assigned to ingress ports By changing CoS to Queue mapping Queue schedule method and bandwidth allocation it is possible to achieve the desired quality of services in a network The CoS to Queue mapping is applicable only if one of the following exists The switch is in QoS ...

Page 662: ...OR PROOF ONLY To map CoS values to egress queues 1 Click Quality of Service General CoS to Queue in the tree view to display the CoS to Queue page Figure 22 4 CoS to Queue The CoS queue mappings are displayed 2 Enter the fields Class of Service The CoS priority tag values where zero is the lowest priority and 7 is the highest priority Queue The queue to which the CoS priority is mapped ...

Page 663: ... VLAN Priority Tag of the packet is unchanged By changing the DSCP to Queue mapping the Queue schedule method and bandwidth allocation it is possible to achieve improved quality of service in a network The DSCP to Queue mapping is applicable to IP packets when The switch is in Basic mode and DSCP is the trusted mode The switch is in Advanced mode and the packets belongs to flows that are DSCP trus...

Page 664: ... Click Quality of Service General DSCP to Queue in the tree view to display the DSCP to Queue page Figure 22 5 DSCP to Queue The DSCP values in the incoming packet and its associated queues are displayed 2 Enter the fields DSCP In The values of the DSCP field in the incoming packet Queue The queue to which packets with the specific DSCP value is assigned The values are 1 8 where 1 is the lowest va...

Page 665: ...s per second that can be received from the ingress interface Excess bandwidth above this limit is discarded Egress Shaping Rates is defined by the following Committed Information Rate CIR sets the average maximum amount of data allowed to be sent on the egress interface measured in bits per second Committed Burst Shape CBS sets the maximum burst of data that is allowed to be sent even though it is...

Page 666: ...eral Bandwidth in the tree view to display the Bandwidth Summary page Figure 22 6 Bandwidth Summary The ingress and egress rates are displayed for all ports on the selected unit 2 To set interface parameters click Edit 3 Select an interface and enter the fields Enable Ingress Rate Limit Enable disable ingress traffic limit for the interface If this field is selected enter the Ingress Rate Limit In...

Page 667: ...ent on the egress interface even though it is above the CIR This is defined in number of bytes of data Configuring Bandwidth Using CLI Commands The following table summarizes the CLI commands for configuring fields in the Bandwidth pages The following is an example of the CLI commands Table 22 6 Bandwidth CLI Commands CLI Command Description traffic shape committed rate committed burst no traffic ...

Page 668: ...re the congestion is due to various sources sending packets with the same byte count To configure TCP congestion avoidance 1 Click Quality of Service General TCP Congestion Avoidance in the tree view to display the TCP Congestion Avoidance page NOTE TCP Congestion Avoidance increases network reliability but it also increases network traffic Continue only if you are sure it will improve overall net...

Page 669: ...zes the CLI commands for configuring fields in the TCP Congestion Avoidance page The following is an example of the CLI commands Table 22 7 TCP Congestion Avoidance CLI Commands CLI Command Description qos wrr queue wrtd no qos wrr queue wrtd Enables Weighted Random Tail Drop WRTD Use the no form of this command to disable WRTD console config qos wrr queue wrtd This setting will take effect only a...

Page 670: ...output queue The initial packet classification and marking of these fields is done in the ingress of the trusted domain Workflow to Configure Basic Mode To configure Basic QoS mode perform the following 1 Select Basic mode for the system in the QoS Mode page 2 Select the trust behavior in the Global Settings page 3 If there is any port that as an exception should not trust the incoming CoS mark di...

Page 671: ...to enable Trust on all interfaces on the switch This configuration is only active when the QoS mode is Basic Packets entering a QoS domain are classified at the edge of the QoS domain For more information on setting Trust mode on an interface see Interface Settings on page 675 To define Trust configuration 1 Click Quality of Service QoS Basic Mode Global Settings in the tree view to display the Gl...

Page 672: ... Check to always rewrite the DSCP values in the incoming packets with the new values set in the DSCP to Queue page When this field is enabled the switch uses the new DSCP values to select the egress queue Assigning Global Settings Using CLI Commands The following table summarizes the CLI commands for configuring fields in the Global Settings page The following is an example of the CLI commands Tab...

Page 673: ...in one domain to the DSCP value used in the other domain preserves the priority of traffic used in the first domain As an example assume that there are three levels of service Silver Gold and Platinum The DSCP incoming values used to mark these levels are 10 20 and 30 respectively If this traffic is forwarded to another service provider that has the same three levels of service but uses DSCP value...

Page 674: ...ckout_new Maintenance Projects Dell Contax sources CxUGQoS fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY To map DSCP In values to DSCP Out values 1 Click Quality of Service QoS Basic Mode DSCP Rewrite in the tree view to display the DSCP Rewrite page Figure 22 9 DSCP Rewrite ...

Page 675: ...terface Settings QoS Trust mode can be configured on each port of the switch as follows QoS Trust State Disabled on an Interface All inbound traffic on the port is mapped to the best effort queue and no classification prioritization takes place QoS Trust State Enabled on an Interface Port prioritized traffic on ingress is based on the system wide configured trusted mode which is either CoS Trusted...

Page 676: ...LY To define QoS Trust for an interface 1 Click Quality of Service QoS Basic Mode Interface Settings in the tree view to display the Interface Settings Summary page Figure 22 10 Interface Settings Summary Trust mode is displayed for each interface on the selected unit 2 To change the QoS trust state for an interface click Edit and select an interface on a unit 3 Enable disable the QoS Trust State ...

Page 677: ...st Enables each port trust state while the system is in the basic QoS mode Use the no form of this command to disable the trust state on each port show qos interface buffers queueing policers shapers rate limit interface id Displays QoS information on the interface console config interface gi1 0 15 console config if qos trust Table 22 11 Sample CLI Script to Configure QoS Basic Mode CLI Command De...

Page 678: ...s Dell Contax sources CxUGQoS fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY console config interface gi1 0 1 Enter Interface mode on port gi1 0 1 console config if service acl input mac1 Bind MAC1 to port gi1 0 1 Table 22 11 Sample CLI Script to Configure QoS Basic Mode Continued CLI Command Description ...

Page 679: ...p with Permit forward action belong to the same flow and are subject to the same quality of service action A policy can contain one or more flows each with a user defined QoS action The QoS of a class map flow may be enforced by the associated policer There are two type of policers as described in Defining Class Mapping Using CLI Commands on page 685 Per flow QoS actions are applied to flows by bi...

Page 680: ...ate Policers on page 688 Trust Interface Settings on page 675 Policy Class Maps on page 693 Set DSCP CoS Policy Class Maps on page 693 Set Queue DSCP Mapping on page 681 Binding Combination of rules and actions that are bound to one or more interfaces Workflow to Configure Advanced QoS Mode To configure Advanced QoS mode perform the following 1 Select Advanced mode for the system in the QoS Mode p...

Page 681: ...ing pages DSCP Mapping When a policer is assigned to a class map flow you can specify the action to take when the amount of traffic in the flow s exceeds the QoS specified limits The portion of the traffic that causes the flow to exceed its QoS limit is referred to as out of profile packets If the exceed action is Remark DSCP as opposed to Drop the switch rewrites the original DSCP value of the ou...

Page 682: ...RY 10 30 13 FOR PROOF ONLY To set new DSCP values 1 Click Quality of Service QoS Advanced Mode DSCP Mapping to display the DSCP Mapping page Figure 22 11 DSCP Mapping 2 If the Exceed Action is Out of Profile in the Policy Class Maps page or Remark DSCP in the Aggregate Policy page the DSCP In values are rewritten with the DSCP Out values Set the DSCP Out values as required ...

Page 683: ... on a first fit basis meaning that the action associated with the first matched class map is the action performed by the system Packets that match the same class map belong to the same flow There are two possible types of matching match all Traffic matches class map if it matches IP IPV6 and MAC ACLs match any Traffic matches class map if it matches at least one of the ACLs If a more complex set o...

Page 684: ...de Class Mapping to display the Class Mapping Summary page Figure 22 12 Class Mapping Summary The previously defined class maps are displayed 2 To add a class map click Add A new class map is added by selecting one or two ACLs and assigning them a class map name If a class map has two ACLs specify that a frame must match both ACLs or that it must match either one or both of the ACLs selected 3 Ent...

Page 685: ...match any IP ACL Select the IPv4 based ACL or the IPv6 based ACL for the class map MAC ACL Select the MAC based ACL for the class map Preferred ACL Select whether packets are first matched to an IP based ACL or a MAC based ACL Defining Class Mapping Using CLI Commands The following table summarizes the CLI commands for setting the fields in the Class Mapping pages Table 22 13 Class Mapping CLI Com...

Page 686: ...e Policers Single Policers match access group acl name no match access group acl name Defines the match criteria for classifying traffic Use the no form of this command to delete the match criteria show class map class map name Displays information about the class map console config qos advanced console config class map class1 match all console config cmap match access group enterprise console con...

Page 687: ... is created in the Policy Table and Policy Class Maps pages Aggregate Policer An aggregate policer applies QoS to one or more class maps and to one or more flows An aggregation policer can support class maps from various policies An aggregate policer applies QoS to all its flow s in aggregation regardless of policies and ports An aggregate policer is created in the Aggregate Policer pages An aggre...

Page 688: ...regate Policer Summary page Figure 22 13 Aggregate Policer Summary The existing aggregate policers are displayed 2 To add an aggregate policer click Add and enter the fields Aggregate Policer Name Enter the name of the Aggregate Policer Committed Information Rate CIR Enter the maximum bandwidth allowed in bits per second See the description of this field in Bandwidth on page 665 Committed Burst Si...

Page 689: ... value entered in the DSCP Mapping pages Defining Aggregate Policers Using CLI Commands The following table summarizes the CLI commands for setting the fields in the Aggregate Policer pages The following is an example of the CLI commands Table 22 14 Aggregate Policer CLI Commands CLI Command Description qos aggregate policer aggregate policer name committed rate kbps excess burst byte exceed actio...

Page 690: ...ining a single policer or it can be designated as containing Aggregate policers Policy Table A policy can consist of one of the following One or more class maps of ACLs that define the traffic flows in the policy One or more aggregate policers that apply the QoS to the traffic flows in the policy Table 22 15 Aggregate Policer CLI Commands CLI Command Description qos aggregate policer aggregate pol...

Page 691: ...ee the Policy Binding pages After a policy has been added class maps can be added in the Policy Table pages To create a QoS policy 1 Click Quality of Service QoS Advanced Mode Policy Table to display the Policy Table Summary page Figure 22 14 Policy Table Summary The previously defined policies are displayed 2 To create a policy click Add 3 Enter the name of the new policy in the Policy Name field...

Page 692: ...I Commands The following table summarizes the CLI commands for setting the fields in the Policy Table page The following is an example of the CLI commands Table 22 16 Policy Table CLI Commands CLI Command Description policy map policy map name no policy map policy map name Creates a policy map and enters the Policy map Configuration mode Use the no form of this command to delete a policy map conso...

Page 693: ... map defines the type of packets that are considered to belong to the same traffic flow To add a class map to a policy 1 Click Quality of Service QoS Advanced Mode Policy Class Maps to display the Policy Class Maps Summary page Figure 22 15 Policy Class Maps Summary 2 Select a policy in the Policy Name field The class maps in that policy are displayed 3 To add a class map click Add 4 Enter the par...

Page 694: ...ue mapping Set See the description of this field below Set If this option is selected enter a New Value which determines the egress queue of the matching packets DSCP If DSCP is selected the new DSCP value and the DSCP to Queue mapping determines the egress queue of the matching packets Queue If Queue is selected the new value is the egress queue number for all matching packets CoS If CoS is selec...

Page 695: ...LI commands for setting the fields in the Policy Class Maps pages Table 22 17 Policy Class Maps CLI Commands CLI Command Description class class map name access group acl name no class class map name Defines a traffic classification and enters the Policy map Class Configuration mode Use the no form of this command to detach a class map from the policy map trust cos dscp no trust Configures the tru...

Page 696: ...the policer parameters that can be applied to multiple traffic classes Use the no form of this command to remove an existing aggregate policer show policy map policy map name Displays all policy maps or a specific policy map console config policy map policy1 console config pmap class class1 access group enterprise console config pmap trust cos dscp console config pmap set dscp 56 console config pm...

Page 697: ...ange restrictions Only one policy can be active on a single interface but a single policy can be bound to more than one interface When a policy is bound to an interface it filters and applies QoS to ingress traffic that belongs to the flows defined in the policy The policy does not apply to traffic egress to the same port To edit a policy it must first be removed unbound from all those ports to wh...

Page 698: ...ect the Policy Name to be activated on the interface Defining Policy Binding Using CLI Commands The following table summarizes the CLI commands for setting the fields in the Policy Binding pages The following is an example of the CLI commands Table 22 18 Policy Binding CLI Commands CLI Command Description service policy input policy map name no service policy input Applies a policy map to the inpu...

Page 699: ...Checkout_new Maintenance Projects Dell Contax sources CxUGQoS fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY QoS Statistics This section describes how to view and manage QoS statistics It contains the following topics Policer Statistics Aggregated Policer Queues Statistics ...

Page 700: ...r more policies Use the Policer Statistics pages to view the number of in profile and out of profile packets received from an interface that meet the conditions defined in the class map of a policy To view policer statistics 1 Click Quality of Service QoS Statistics Policer Statistics to display the Policer Statistics Summary page Figure 22 17 Policer Statistics Summary The following statistics fo...

Page 701: ...ter is defined Policy Class Map Name Select a policy class map pair Defining Policer Statistics Using CLI Commands The following table summarizes the CLI commands for setting the fields in the Policer Statistics pages The following is an example of the CLI commands Table 22 19 Policer Statistics CLI Commands CLI Command Description qos statistics policer policy map name class map name no qos stati...

Page 702: ...f Service QoS Statistics Aggregate Policer to display the Aggregate Policer Summary page Figure 22 18 Aggregate Policer Summary The following statistics for the previously defined counters are displayed Aggregate Policer Name Policer on which statistics are based In Profile Bytes Number of in profile packets that were received Out of Profile Bytes Number of out of profile packets that were receive...

Page 703: ...mmands Queues Statistics Queue statistics include statistics of forwarded and dropped packets based on interface queue and drop precedence Lowest drop precedence has the lowest probability of being dropped Table 22 20 Aggregate Policer Statistics CLI Commands CLI Command Description qos statistics aggregate policer aggregate policer name no qos statistics aggregate policer aggregate policer name E...

Page 704: ...Queue Statistics 1 Click Quality of Service QoS Statistics Queues Statistics to display the Queues Statistics Summary Figure 22 19 Queues Statistics Summary The statistics for previously defined counters are displayed Counter Set Number of counter Port Number of port Queue Number of queue Total Packets Number of packets forwarded or tail dropped Tail Drop Packets Percentage of packets that were ta...

Page 705: ...ueue statistics are displayed Queue Select the queue on which packets were forwarded or tail dropped Defining QoS Statistics Using CLI Commands The following table summarizes the CLI commands for setting the fields in the QoS Statistics pages The following is an example of the CLI commands Table 22 21 QoS Statistics CLI Commands CLI Command Description qos statistics queues set number queue all dp...

Page 706: ...fined by the following criteria Ingress interfaces Source IP address or Source IP subnets ACL Access Control List Allow network managers to define classification actions and rules for specific ingress ports Aggregated VLAN Groups several VLANs into a single aggregated VLAN Aggregating VLANs enables routers to respond to ARP requests for nodes located on different sub VLANs belonging to the same Su...

Page 707: ...t to receive a message Backplane The main BUS that carries information in the switch module Backup Configuration Files Contains a backup copy of the switch module configuration The Backup file changes when the Running Configuration file or the Startup Configuration file is copied to the Backup file Bandwidth Bandwidth specifies the amount of data that can be transmitted in a fixed amount of time F...

Page 708: ...ies and forwarding costs Bridge A device that connect two networks Bridges are hardware specific however they are protocol independent Bridges operate at Layer 1 and Layer 2 levels Broadcast Domain device sets that receive Broadcast frames originating from any device within a designated set Routers bind Broadcast domains because routers do not forward Broadcast frames Broadcasting A method of tran...

Page 709: ...ne commands used to configure the system For more information on using the CLI see Using the CLI Communities Specifies a group of users which retains the same system access rights CPU Central Processing Unit The part of a computer that processes information CPUs are composed of a control unit and an ALU D DHCP Client A device using DHCP to obtain configuration parameters such as a network address ...

Page 710: ...uthenticated by the RADIUS server the user is automatically joined to the VLAN configured on the RADIUS server E Egress Ports Ports from which network traffic is transmitted End System An end user device on a network Ethernet Ethernet is standardized as per IEEE 802 3 Ethernet is the most common implemented LAN standard Supports data transfer rates of Mpbs where 10 100 or 1000 Mbps is supported EW...

Page 711: ... Flow Control Enables lower speed devices to communicate with higher speed devices that is that the higher speed device refrains from sending packets Fragment Ethernet packets smaller than 576 bits Frame Packets containing the header and trailer information required by the physical medium G GARP General Attributes Registration Protocol Registers client stations into a Multicast domain Gigabit Ethe...

Page 712: ...ource host for example to report a processing error IEEE Institute of Electrical and Electronics Engineers An Engineering organization that develops communications and networking standards IEEE 802 1d Used in the Spanning Tree Protocol IEEE 802 1d supports MAC bridging to avoid network loops IEEE 802 1p Prioritizes network traffic at the data link MAC sublayer IEEE 802 1Q Defines the operation of ...

Page 713: ... to a network device with two or more interconnected LANs or WANs IP Version 6 IPv6 A version of IP addressing with longer addresses than the traditional IPv4 IPv6 addresses are 128 bits long whereas IPv4 addresses are 32 bits allowing a much larger address space ISATAP Intra Site Automatic Tunnel Addressing Protocol ISATAP is an automatic overlay tunneling mechanism that uses the underlying IPv4 ...

Page 714: ...ing network topologies over multi vendor environments MED increases network flexibility by allowing different IP systems to co exist on a single network LLDP Load Balancing Enables the even distribution of data or processing packets across available network resources For example load balancing may distribute the incoming packets evenly to all servers or redirect the packets to the next available s...

Page 715: ...Digest 5 An algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication MDI Media Dependent Interface A cable used for end stations MDIX Media Dependent Interface with Crossover MDIX A cable used for hubs and switches MIB Management Information Base MIBs contain information...

Page 716: ...radigm each managed object must have an OID to identify it P Packets Blocks of information for transmission in packet switched systems PDU Protocol Data Unit A data unit specified in a layer protocol consisting of protocol control information and layer user data PING Packet Internet Groper Verifies if a specific IP address is available A packet is sent to another IP address and waits for a reply P...

Page 717: ...be isolated from other ports within the same VLAN Q QoS Quality of Service QoS allows network managers to decide how and what network traffic is forwarded according to priorities application types and source and destination addresses Query Extracts information from a database and presents the information for use R RA RADIUS Advertisement RD RADIUS Discovery RS Router Solicitation RADIUS Remote Aut...

Page 718: ...wn or rebooted all commands stored in the Running Configuration file are lost S Segmentation Divides LANs into separate LAN segments for bridging Segmentation eliminates LAN bandwidth limitations Server A central computer that provides services to other computers on a network Services may include file storage and access to applications SNMP Simple Network Management Protocol Manages LANs SNMP base...

Page 719: ...channels Startup Configuration Retains the exact switch module configuration when the switch module is powered down or rebooted Subnet Sub network Subnets are portions of a network that share a common address component On TCP IP networks devices that share a prefix are part of the same subnet For example all devices with a prefix of 157 100 100 100 are part of the same subnet Subnet Mask Used to m...

Page 720: ...ports together to form a single trunk aggregated groups U UDP User Data Protocol Transmits packets but does not guarantee their delivery Unicast A form of routing that transmits one packet to one user V VLAN Virtual Local Area Networks Logical subgroups with a Local Area Network LAN created via software rather than defining a hardware solution VoIP Voice over IP W WAN Wide Area Networks Networks t...

Page 721: ...he CLI 71 ACE IPv4 110 ACL binding 123 ACL IPv4 109 ACL IPv6 118 ACLs 31 103 Active users 275 Address pool 301 Address Resolution Protocol 249 706 Address Tables 422 Administrator Buttons 91 Advanced QoS 25 Advanced Switch Configuration 67 Aggregate Policer 686 701 Aggregated VLAN 706 Alarms 638 Anycast 178 183 Apply Save 91 ARP 249 251 706 ARP inspection 31 ARP dynamic inspection 560 ARP dynamic ...

Page 722: ...st Groups 521 Bridge Protocol Data Unit 708 Broadcast 179 183 Broadcast Storm Control 20 Buttons 38 C Cables testing 256 CBC 315 Cipher Block Chaining 315 Class Mapping 682 Class of Service 709 Classic lock 98 Classic STP 435 CLI 27 68 71 261 CLI macro 31 Clock Source 181 Command Line Interface 27 Command Mode Overview 68 Configuration file 354 Configuration file download 352 Configuration using t...

Page 723: ...297 299 DHCP server properties 298 DHCP server retreiving an IP address 72 DHCP Snooping 31 573 DHCP global parameters 575 DHCP trusted interfaces 581 DHCP VLAN settings 579 DiffServe Code Point 709 DNS 28 242 Domain 709 Domain Name System 28 242 Dot1x 29 Dot1x Authentication 132 Download boot image 85 Download system image 83 Download TFTP 353 Download USB HTTP 351 Downloading software 80 337 DSC...

Page 724: ...F Fans 160 Fast Forward Table 710 Fast link 23 442 447 FFT 710 FIFO 711 File information 365 Filtering 477 483 517 Filtering L2 Multicast Packets 517 Firmware download 352 First In First Out 711 Flapping 711 Flow Control 386 711 Flow Control Support IEEE 802 3X 17 Flow Monitoring sflow 26 Forwarding L2 Multicast Packets 517 Fragment 711 Frame 711 Frame Flow 468 Front Panel 37 Full 802 1Q VLAN Tagg...

Page 725: ...t name mapping 247 HTTP 261 269 286 712 HTTP password configuring 77 HTTPS 261 264 269 286 HyperText Transport Protocol 712 I IC 712 ICMP 712 Icons 91 Identifying a switch via LED 33 IEEE 712 IEEE 802 1d 712 IEEE 802 1p 712 IEEE 802 1Q 21 712 IEEE 802 1s Multiple Spanning Tree 23 IEEE 802 1w Rapid Spanning Tree 23 IGMP 518 IGMP Snooping 20 527 712 Image file 713 Image files active 360 Information ...

Page 726: ...1 LAN 713 Layer 2 714 Layer 2 Features 20 Layer 2 Switching 517 Layer 3 714 LED Definitions 40 LEDs 38 42 LEDs on Front Panel 38 Light Emitting Diodes 40 Limited dynamic lock 98 Line passwords 279 Link Aggregated Group 713 Link aggregation 24 508 510 Link Aggregation and LACP 24 Link Control Protocol LCP packets 399 451 Link Layer Discovery Protocol Media Endpoint Discovery 714 Link Duplex Activit...

Page 727: ...y 203 Logs 195 Loops 435 M MAC Address Capacity Support 18 MAC address learning 714 MAC addresses 98 714 MAC addresses supported features 18 MAC Layer 714 MAC Multicast Support 19 Mac based ACE 106 Mac based ACL 104 Management Access Lists 262 Management Access Methods 272 Management Information Base 314 715 Management IP Address Conflict Notification 26 Management methods 264 Management security ...

Page 728: ...rotocols 399 451 Network Management System 715 Network pool 303 NMS 715 NS 715 O Object ID 315 OID 315 Optical transciever diagnostics 258 Option 82 587 OUI 504 P Packets 716 Password configuration 75 Password management 30 286 Password recovery 82 Passwords 88 282 Path Cost 438 PDU 716 PING 716 PoE 16 162 Policer Statistics 699 Policers 685 Policy Binding 696 Policy Table 689 Port 716 Port Config...

Page 729: ...ocol Ports 488 Protocol VLAN Edge 717 PVE 717 PVID 475 482 Q QinQ 469 QoS 24 656 717 QoS Advanced mode 676 QoS Basic mode 670 QoS Modes 653 QoS Properties 655 QoS Advanced Mode Workflow 679 QoS Aggregate Policer 686 QoS assignment to hardware queues 651 QoS Bandwidth 664 QoS Basic mode 669 QoS Basic Mode Workflow 669 QoS Class Mapping 682 QoS DSCP Mapping 680 QoS DSCP Rewrite 671 QoS DSCP to Queue...

Page 730: ...291 Remote Log Server 206 Remote Monitoring 27 717 Reset button 38 Retrieving an IP Address 72 RMON 625 628 629 717 RMON Statistics 625 626 Router Solicitation 717 Routes Table IPv6 239 RS 717 RS 232 Console Port 37 RSTP 23 450 718 Rules 262 Running Configuration File 337 718 S Secure Shell 291 Secure Telnet SSH 261 272 Security Features 29 Security Management 75 Segmentation 718 Selecting the Mas...

Page 731: ...269 286 719 SSH password configuring 77 SSL 29 Stack ID LED 44 Stack management 46 367 Stack Menu 82 Stack Support 16 Stacking 46 Stacking failover topology 49 Stacking adding a unit to the stack 50 Stacking assigning unit IDs 50 Stacking automatic assignment of unit IDs 50 Starting the Application 88 Startup Configuration 337 719 Startup file 337 Startup Menu 80 Static addresses 424 425 Static ho...

Page 732: ...ystem LEDs 40 T Table Views 607 TACACS 30 271 282 TCP Congestion Avoidance 25 666 TCP IP 719 TDR technology 256 Telnet 261 264 269 272 280 286 291 719 Telnet Connection 71 Telnet password configuring 76 Terminal Access Controller Access Control System 282 Terminal Connection 72 TFTP 27 720 Time Domain Reflectometry 256 Time range 127 Time range absolute 128 Time range recurring 129 Time synchroniz...

Page 733: ...Data Protocol 720 User Security Model 314 Using Dell OpenManage Switch Administrator 87 Using the CLI 68 USM 314 Utilization Summary 610 V Ventilation System 40 Versions hardware software 370 Virtual Local Area Networks 720 VLAN 21 466 472 473 525 720 VLAN frame flow 468 VLAN membership 472 VLAN settings DHCP 579 VLAN Support 21 VLAN to MSTP Instance 458 VLAN ARP settings 568 VLAN LAG settings 481...

Page 734: ...734 FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources Dell_ContaxUG_PrintIX fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY X XG Ports 37 ...

Page 735: ...735 FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources Dell_ContaxUG_PrintIX fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 736: ...736 FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources Dell_ContaxUG_PrintIX fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 737: ...ed description of when traps are generated in Power over Ethernet on page 162 A5 May 1 2012 Added Auto Update Configuration Feature on page 338 A4 April 4 2012 Made the following corrections Put a the note of the recommendation of using HDMI cable version to 1 4 for stacking more clearly Fixed RDP description A4 April 2 2012 Following corrections made Add description regarding the Egress ACL featu...

Page 738: ...Dell PowerConnect 55xx Systems User Guide FILE LOCATION C Users gina Desktop Checkout_new Maintenance Projects Dell Contax sources CxRevision_History fm DELL CONFIDENTIAL PRELIMINARY 10 30 13 FOR PROOF ONLY ...

Page 739: ...www dell com support dell com Printed in the U S A ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands