manualshive.com logo in svg

Dell X1000 Series, User Manual

Introducing the Dell X1000 Series, a cutting-edge computer system designed for seamless performance and exceptional user experience. Ensure hassle-free setup and optimal usage with the comprehensive User Manual provided free of charge. Download the manual from manualshive.com to unlock the full potential of your Dell X1000 Series device.

Share
Download
background image

Network Administration: Security

259

FILE LOCATION:  C:\Users\gina\Desktop\Checkout_new\Dell Astute\User 

Guide\Dell_Astute_Network_Admin_Security.fm

D E L L  CO N F I D E N T I A L  –  P R E L I M I N A RY   8 / 9 / 16  -  F O R  P RO O F   O N L Y

Entries

 pages). If the packet’s IP address was not found in the ARP Inspection 

List, and DHCP Snooping is enabled for a VLAN, a search of the DHCP 

Snooping database is performed.
See 

Binding Database

 for an explanation of the DHCP Snooping database. If 

the IP address is found the packet is valid, and is forwarded.
Packets with invalid ARP Inspection bindings are logged and dropped. 
Ports are classified as follows:

• Trusted — Packets are not inspected.
• Untrusted —Packets are inspected as described above.

The following additional validation checks may be configured by the user:

• Source MAC — Compares the packet’s source MAC address in the 

Ethernet header against the sender’s MAC address in the ARP request. 

This check is performed on both ARP requests and responses.

• Destination MAC — Compares the packet’s destination MAC address in 

the Ethernet header against the destination interface’s MAC address. This 

check is performed for ARP responses.

• IP Addresses — Compares the ARP body for invalid and unexpected IP 

addresses. Addresses include 0.0.0.0, 255.255.255.255, and all IP Multicast 

addresses. 

Global Settings 

To enable ARP inspection on the device:

1

Click 

Network Administration > Security

 > 

Dynamic ARP Inspection 

(DAI) 

Global Settings

.

2

Enter the fields:

Enable ARP Inspection 

— Enable/disable ARP inspection.

ARP Inspection Validate 

— Enable/disable the following checking 

source MAC address, destination MAC address and IP addresses 

against the respective addresses in the ARP body. 

Minimal Syslog Interval (0 – 86400) 

— Enter the minimum time 

interval between successive ARP SYSLOG messages. 

Summary of Contents for X1000 Series

Page 1: ...Users gina Desktop Checkout_new Dell Astute User Guide Dell_AstuteCover fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY Template Last Updated 03 06 2010 Dell Networking X1000 and X4000 Series Switches User Guide ...

Page 2: ... hardware or loss of data and tells you how to avoid the problem WARNING A WARNING indicates a potential for property damage personal injury or death ____________________ Copyright 2016 Dell Inc All rights reserved This product is protected by U S and international copyright and intellectual property laws Dell and the Dell logo are trademarks of Dell Inc in the United States and or other jurisdict...

Page 3: ...Preface 13 2 Features 15 MAC Address Capacity Support 17 Layer 2 Features 18 VLAN Supported Features 19 Spanning Tree Protocol Features 21 Quality of Service Features 23 Device Management Features 24 Security Features 27 3 Hardware Description 33 Device Models 34 Device Structure 35 Managed Mode Button 36 Reset Button 36 Fans 37 LED Definitions 37 ...

Page 4: ...the GUI 43 Starting the Application 44 Understanding the Interface 44 Dashboard 45 Saving Configurations 45 Information Buttons 46 Field Definitions 47 Common GUI Features 48 5 Dashboard 49 Overview 50 Interfaces 51 Switch Information 53 Resources 55 Recent Logged Events 57 Active Alerts 58 Ports and VLANs 59 Configuration Wizards 60 ...

Page 5: ...sing Overview 71 Switch Information 72 IPv4 Addressing 73 IPv6 Addressing 75 File Update and Backup 83 Domain Name System DNS 98 Time Synchronization 100 Management Security 110 7 Logs and Alerts 125 Overview 125 Logs 126 Login History 127 Remote Log Servers 127 8 Statistics and Diagnostics 129 Monitoring 129 Statistics 135 Diagnostics 140 ...

Page 6: ...ice VLAN 156 10 Network Administration Port Settings 161 Ports 161 Address Tables 173 UDLD 175 11 Network Administration Spanning Tree and LAG 185 Spanning Tree 185 Link Aggregation LAG 196 12 Network Administration Link Layer Discovery Protocol LLDP 207 Overview 207 LLDP Properties 208 LLDP Port Settings 209 MED Network Policy 210 MED Port Settings 211 Neighbors Information 213 ...

Page 7: ... Route Settings 220 14 Network Administration Quality of Service 227 Overview 227 Global Settings 228 QoS Mapping 233 QoS Statistics 242 15 Network Administration Security 245 Dot1x Authentications 245 Storm Control Configuration 255 Port Security 256 Dynamic ARP Inspection DAI 258 ACL and ACE 261 16 Network Administration SNMP Monitoring 277 SNMP Overview 277 SNMP Global Parameters 279 View Setti...

Page 8: ...ities 284 Notification Filter 286 Notification Recipients 287 17 Network Administration Multicast 289 Overview 289 Global Parameters 291 Multicast Group 292 Multicast Forward All 293 IGMP Snooping 294 MLD Snooping 297 Unregistered Multicast 298 Multicast TV VLAN 299 18 Network Administration DHCP Snooping and DHCP Relay 301 DHCP Snooping 301 DHCP Relay 306 ...

Page 9: ...ties 310 Network Pool 311 Static Hosts 313 Address Binding 315 Excluded Addresses 316 20 Network Administration Power Management 317 Green Ethernet 317 Power Over Ethernet PoE 320 21 Network Administration sFlow 323 22 Using the CLI 327 Using the CLI 327 CLI Command Conventions 330 Accessing the Device Through the CLI 331 IPv6 Address Conventions 331 23 CLI 333 clear counters 333 ...

Page 10: ...ertificate import 340 crypto certificate request 343 crypto key generate dsa 345 crypto key generate rsa 346 crypto key import 347 debug mode 349 delete 350 dir 350 do 351 enable 353 end 353 exit EXEC 354 exit Configuration 355 help 355 interface 356 ip address 357 ip default gateway 358 ip https certificate 359 ip routing 360 ip ssh server 361 lldp transmit 362 lldp receive 363 login 364 ...

Page 11: ...rtificate 372 show crypto key 373 show interfaces counters 374 show interfaces status 377 show ip dhcp tftp server 378 show ip https 379 show ip interface 380 show power inline 381 show power inline consumption 384 show running config 385 show system 386 show tech support 387 show version 388 show vlan 388 spanning tree 390 username 391 vlan 392 write 394 24 Getting Help 395 Contacting Dell 395 Lo...

Page 12: ...TION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_AstuteUG_PrintTOC fm 12Contents Downloading Drivers Firmware and Software 396 Related Documentation 396 Documentation Feedback 396 Glossary 399 ...

Page 13: ...ELIMINARY 8 9 16 FOR PROOF ONLY 1 Preface This guide contains the information needed for configuring and maintaining the Dell Networking X1000 and X4000 Series devices through the Dell Networking Administrator For explanation of acronyms refer to the Glossary ...

Page 14: ...14 Preface FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Prefix fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 15: ...support This section provides a brief description of the following features IP Version 6 IPv6 Support Head of Line Blocking Prevention Back Pressure Support Virtual Cable Testing VCT Auto Negotiation MDI MDIX Support MAC Address Capacity Support Layer 2 Features IGMP Snooping MLD Snooping Port and VLAN Mirroring Broadcast Storm Control VLAN Support Spanning Tree Protocol Features Link Aggregation ...

Page 16: ...witch prevents HOL blocking by queueing packets such that packets in the front of a queue do not block the packets behind if they are to be sent to different ports Back Pressure Support On half duplex links the receiving port prevents buffer overflows by occupying the link so that it is unavailable for additional traffic For more information see Back Pressure Virtual Cable Testing VCT VCT detects ...

Page 17: ...t is MDIX crossed or MDI straight This enables both types to be used interchangeably If auto negotiation is disabled only MDI straight cables can be used For more information see MDI MDIX MAC Address Capacity Support MAC Address Capacity Support All SKUs support up to 16K MAC addresses except for the X4012 that supports 32K addresses They reserve specific MAC addresses for system use For more info...

Page 18: ...ommunication for information distribution In Layer 2 Multicast service a single frame is addressed to a specific Multicast address from which copies of the frame are transmitted to the relevant ports When Multicast groups are statically enabled you can set the destination port of registered groups as well as define the behavior of unregistered Multicast frames For more information see Network Admi...

Page 19: ...s the number of Multicast and Broadcast frames accepted and forwarded by the device When Layer 2 frames are forwarded Broadcast and Multicast frames are forwarded to multiple ports on the relevant VLAN and excess Broadcast and Multicast could degrade network performance and disrupt services For more information see Storm Control Configuration VLAN Supported Features VLAN Support VLANs are collecti...

Page 20: ...GVRP Parameters Voice VLAN Voice VLAN enables network administrators to enhance VoIP service by configuring ports to carry IP voice traffic from IP phones on a specific VLAN VoIP traffic has a preconfigured Organizationally Unique Identifiers OUI prefix in the source MAC address Network administrators can configure VLANs from which voice IP traffic is forwarded Non VoIP traffic is dropped from the...

Page 21: ...mation see Multicast TV VLAN Spanning Tree Protocol Features Spanning Tree Protocol STP 802 1d Spanning Tree is a standard Layer 2 switch requirement that enables bridges to automatically prevent and resolve Layer 2 forwarding loops Switches exchange configuration messages using specifically formatted frames and selectively enable and disable forwarding on ports For more information see Rapid Span...

Page 22: ...nder a common administration An MSTP region has one or more MSTP instances A LAN may consists of one or more connecting MSTP regions For more information see MSTP Properties STP BPDU Guard Bridge Protocol Data Unit BPDU Guard is used as a security mechanism to protect the network from invalid configurations BPDU Guard is usually used either when fast link ports ports connected to clients are enabl...

Page 23: ...view Quality of Service Features Class of Service 802 1p Support The IEEE 802 1p signaling technique is an OSI Layer 2 standard for marking and prioritizing network traffic at the data link MAC sub layer 802 1p traffic is classified and sent to the destination No bandwidth reservations or limits are established or enforced 802 1p is taken from the 802 1Q VLANs standard 802 1p establishes eight lev...

Page 24: ... Web based management enables managing the system from any web browser The system contains an Embedded Web Server EWS that serves HTML pages through which the system can be monitored and configured The system internally converts web based input into configuration commands MIB variable settings and other management related settings For more information see Using the GUI Management IP Address Confli...

Page 25: ...t image software and configuration upload download via TFTP For more information see File Update and Backup USB File Transfer Protocol The device supports boot image software and configuration upload download via USB For more information see Update Firmware Configuration Remote Monitoring Remote Monitoring RMON is an extension to SNMP that provides comprehensive network traffic monitoring capabili...

Page 26: ...nd keeps a record of these events for after the fact usage For more information on SYSLOG see Logs and Alerts SNTP The Simple Network Time Protocol SNTP assures accurate Coordinated Universal Time UTC synchronization up to the millisecond The time is synchronized from an SNTP server over a packet switched network Time sources are prioritized by strata Strata define the distance from the reference ...

Page 27: ...lity in supporting media applications devices of different policy and QoS in the same network With LLDP MED media endpoints such as IP phones and video camera can advertise information such as their identity civic locations Emergency Location Identifier Number ELIN media voice and video applications and network policies to their neighbors For more information see Network Administration Link Layer ...

Page 28: ...on For more information see RADIUS RADIUS Accounting This feature enables recording device management sessions Telnet serial and WEB but not SNMP and or 802 1x authentication sessions The 802 1x Monitor mode enables applying 802 1x functionality to the switch with all necessary RADIUS and or domain servers active without actually taking any action that may cause unexpected behavior In this way the...

Page 29: ... ACL rule to shutdown a port with matching packets For more information see ACL and ACE Dynamic ACL Dynamic Policy Assignment DACL DPA The network administrator can specify the user s ACL in the RADIUS server After successful authentication the user is assigned that ACL For more information see ACL and ACE DHCP Snooping DHCP Snooping expands network security by providing firewall security between ...

Page 30: ...figuration file For more information see Port Profile DHCP Server Dynamic Host Configuration Protocol DHCP provides a means of assigning IP addresses and passing configuration information including the IP address of a TFTP server and a configuration file name to hosts on a TCP IP network The switch can serve as a DHCP server or client For more information on the device serving as a DHCP server see...

Page 31: ...n see UDLD Static Routing Static routing enables the user to define a routing table manually IPv4 routes are supported on X1008 P X1018 P X1026 P in L2 mode only For more information see Network Administration Route Settings IPv6 Router IPv6 router enables routing of IPv6 protocol packets and uses Router Advertisements RAs to advertise IPv6 prefix to neighbors This is supported on X1008 P X1018 P ...

Page 32: ...32 Features FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Features fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 33: ...DENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY 3 Hardware Description This section describes Dell Networking X1000 and X4000 Series devices hardware It contains the following topics Device Models Device Structure Managed Mode Button Fans LED Definitions Power Supplies ...

Page 34: ... and 2 1GbE SFP ports X1018P 16 10 100 1000BASE T ports with 16 PoE PSE ports and 2 1GbE SFP ports X1026 24 10 100 1000BASE T ports and 2 1GbE SFP ports X1026P 24 10 100 1000BASE T ports with up to 24 PoE ports or 12 PoE ports up to 360W and 2 SFP ports X1052 48 10 100 1000BASE T ports and 4 10GbE SFP ports X1052P 48 10 100 1000BASE T ports with up to 24 PoE ports or 12 PoE ports up to 360W and 4 ...

Page 35: ...ption 35 FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Hardware fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY Device Structure The following describes the various devices ...

Page 36: ...ave a managed mode button that enables switching between the modes The following describes the transitions between the modes Reset Button The switches have a reset button that is used for manual reset or reboot of the device The reset buttons functions as follows To reboot switch Press reset button for 2 seconds or less To reset switch to factory defaults switch Press reset button for at least 7 s...

Page 37: ...d which results in less noise from the fans LED Definitions System LEDs The system LEDs provide information about the ports and activity on the device The following table describes the meaning of the colors of the system LEDs Table 3 1 LED Color Status LED Solid Green Normal operation Blinking Green Booting Blinking Amber System Error has occurred System Locator LED not available on X1008 X1008P O...

Page 38: ...following describes the LED indications for the Gigabit ports Table 3 2 LED Color LNK LED Link Speed Solid Green Link at 1000Mbps Solid Yellow Amber Link at 10 100Mbps OFF No Link Non PoE Switch ACT LED Green Blinking Activity OFF No activity PoE Switch PoE ACT LED Green Blinking Activity PoE power OFF Amber Blinking Activity PoE power ON Amber Solid No Activity PoE power ON OFF No Activity PoE po...

Page 39: ...ssociated with them The following describes these LEDs Power Supplies The power supply has a universal input 90V AC to 264V AC and 12V DC regulated output Table 3 3 LED Color LNK LED Link Speed Left bi color LED Off No Link Solid green Link on 1000Mbps speed Solid Amber Link on 100Mbps speeds ACT LED Right single color LED Green Blinking Activity OFF No activity Table 3 4 LED Color LNK LED Link Sp...

Page 40: ... AC Input Frequency Range 47 to 63 Hz Output Voltage and Current 24W PSU 150W PSU Table 3 5 Product Name Model Name 24W Adapter X1008 30W Adapter X1008 150W Adapter X1008P 40W Adapter X1018 X1026 100W Adapter X4012 X1052 280W Adapter X1018P 450W Adapter X1026P 525W Adapter X1052P Table 3 6 Output Voltage Line Regulation Load Regulation Minimum Current Maximum Current 12V DC 2 5 0 Amp 2 Amp Table 3...

Page 41: ...nt 12V DC 5 0 Amp 3 33 Amp Table 3 9 Output Voltage Minimum Current Maximum Current 12V DC 5 0 Amp 8 33 Amp Table 3 10 Output Voltage Minimum Current Maximum Current 12V DC 3 0 5 Amp 2 5 Amp 54V DC 3 0 2 Amp 4 63 Amp Table 3 11 Output Voltage Minimum Current Maximum Current 12V DC 3 0 1 Amp 5 1 Amp 54V DC 3 0 Amp 7 6 Amp Table 3 12 Output Voltage Line Regulation Load Regulation Minimum Current Max...

Page 42: ...42 Hardware Description FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Hardware fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 43: ...LY 4 Using the GUI This section describes how to manage the X1000 and X4000 devices using the Networking Administrator It contains the following topics Starting the Application Understanding the Interface Dashboard Saving Configurations Information Buttons Field Definitions Common GUI Features ...

Page 44: ...dmin NOTE Passwords are both case sensitive and alpha numeric 4 Click OK The dashboard displays This takes about 15 seconds NOTE The session times out after 10 minutes without activity Understanding the Interface The following describes the user workspace as seen after the user logs in Slide in Menu Located on the left side of the user interface the slide in menu displays the features When clicked...

Page 45: ...play important system information and how to configure the device quickly through a graphic interface Saving Configurations Configurations can be saved to one of the following configuration files Running Configuration This is a temporary save Before rebooting the device you must save this configuration to the Starting Configuration Running and Starting Configuration This is a permanent save that p...

Page 46: ...r and its features that provide access to online support and online help as well as information about the Networking Administrator interfaces These are displayed at the top of each page Table 4 1 Masthead Buttons Icon Description Displays the urgent alerts Displays the major alerts Displays the active user and opens the Log Out window Opens the following menu items Save to Startup Configuration Sa...

Page 47: ...ng Opens the following menu items About Contains the version and build number and Dell copyright information Help Open online help The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page is displayed when Help is clicked Table 4 2 Common Icons Button Icon Description Expand content associated with that feature title Expands content ass...

Page 48: ...figuration changes to the Running Configuration file Running and Startup Configuration Save all configuration changes to the Running Configuration file and then save the entire Running Configuration file to the Startup Configuration file Cancel Cancel changes entered in GUI page Clear Clear data entered in GUI page Delete Delete selected entry Edit Open the Edit modal window Graphical View statist...

Page 49: ...F ONLY 5 Dashboard This section the system dashboard that displays critical system information and enables simple configuration of the device It contains the following topics Interfaces Switch Information Resources Recent Logged Events Active Alerts Ports and VLANs Configuration Wizards ...

Page 50: ...out_new Dell Astute User Guide Dell_Astute_Dashboard fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY Overview The dashboard supplies device information at a glance as shown below To access the dashboard click on Dashboard on the slide in left menu ...

Page 51: ...d fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY Interfaces The interface buttons as outlined in the graphic below provides a graphic display of the Port Status Port Profile VLANs and LAGs configured on the device Port Tab The ports on the device are displayed in a color that designates its status ...

Page 52: ... is member Port Profile Whether port has been assigned to be connected to a desktop phone switch router or wireless VLAN Tab All the ports on the device are displayed as in the Port tab The ports that are members in VLANs are noted as either Access General Trunk or Other Private VLAN membership LAG Tab All the ports on the device are displayed and labelled with their LAG ID if configured Port Prof...

Page 53: ...device management IP address To configure whether the IP address of the device will be static or dynamic click on the Edit icon by the IP Address field If the device is in L2 the following fields are displayed IP Address Source Indicates how an IP address is assigned to the device Select one of the following options Static IP Assign the IP address of the device by entering the Static IP Properties...

Page 54: ...k Enter the subnet mask of the IP address of the device Gateway Enter the prefix of the gateway MAC Address Displays the device MAC address Asset Tag Asset tag for the device This is the user defined reference for the device If the device is in L2 mode the Edit page of IPv4 Addressing page is displayed Firmware Version of the firmware currently installed on the device Click Update to update the fi...

Page 55: ...ure Normal or X for temperature above thresholds Fan On Green check is On red X is Off Power Supply On or off on devices supporting PoE input PoE Input Connected not connected on devices supporting PoE input If power supply is off and PoE Input is connected the device is delivering power The Bandwidth block displays device information regarding the physical status of the device It displays the fol...

Page 56: ... device information regarding the power output of the device It displays the following fields Power Budget Amount of power that device can generate as follows X1008P 8 PoE ports budget 120W X1018P 16 PoE ports budget 240W X1026P 12 PoE ports 1 12 12 PoE ports 13 24 budget 360W X1052P 12 PoE ports 1 12 12 PoE ports 13 24 budget 360W X4012 Not supported Connected Powered Devices Number of powered de...

Page 57: ... ONLY Recent Logged Events The Recent Logged Events block as outlined in the graphic below displays the three most recent logged events Click View All to display a list of all active alerts or click the Active Alert level to see all the events logged for the alert level Click Learn More to view detailed information about the displayed recent logged event ...

Page 58: ...m DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY Active Alerts The Active Alerts block as outlined in the graphic below displays the number of the various types of alerts Click View All to see the list of all active alerts or click the Active Alert level to see all the events logged for the alert level ...

Page 59: ...e Ports and VLANs block as outlined in the graphic below displays important information about how the ports and VLANs are configured The following fields are displayed Ports Configured Out Of Number of ports that have been configured out of total ports on the device VLANs Number of VLANs configured on the device Click View All to select a port or VLAN and view its configuration ...

Page 60: ...tains buttons to open the various configuration wizards Ports To configure one or more ports 1 Click on the Ports button from the dashboard and select one or more ports to configure 2 Click Next 3 Enter a description of the port s in Port Description optional 4 Click Next and enter the following Port Status Enable disable traffic forwarding through the port Up Traffic is enabled through the port D...

Page 61: ... Negotiation is not enabled The options are Full The interface supports transmission between the device and the client in both directions simultaneously Half The interface supports transmission between the device and the client in only one direction at a time Auto Negotiation Select to enable disable auto negotiation on the port Auto Negotiation enables a port to advertise its transmission rate du...

Page 62: ...efault Auto Negotiation Enables auto negotiation of flow control on the port MDI MDIX Select one of the options that enables the device to decipher between crossed and uncrossed cables Hubs and switches are deliberately wired opposite to the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are match u...

Page 63: ...ng options are available Enable Disable Enable disable flow control on the port Enabled is the default Auto Negotiation Enables auto negotiation of flow control on the port 7 Click Next to view a summary of the port configuration 8 Click Apply to save the changes LAG The following processes can be performed in this wizard Assign Ports to a LAG To assign ports to a LAG 1 Select Assign Ports to a LA...

Page 64: ... both accepted by the LAG Admit Tagged Only Only tagged packets are accepted by the LAG Admit Untagged Only Only untagged packets are accepted on the LAG Ingress Filtering Select to Enable or Disable ingress filtering on the ports in the LAG 7 After reviewing the summary click Apply to save the LAG configuration After apply is selected the wizard will bring up LAG Configuration option Configure LA...

Page 65: ...AG Auto Negotiation Enable disable auto negotiation Auto Negotiation Enable disable auto negotiation Admin Advertisement Check the auto negotiation setting the port advertises The possible options are Max Capability The port advertises all the options that it can support 10 Half The port advertises for a 10 mbps speed port and half duplex mode setting 10 Full The port advertises for a 10 mbps spee...

Page 66: ...AN Name Enter the name of the VLAN Authentication Required Enable disable Dot1x authentication 4 Click OK 5 Click Next to view the VLAN 6 Click Apply to save the changes Configure and Assign Ports to VLAN To add ports to a VLAN 1 Select Configure and Assign Ports to VLAN 2 Click Next 3 Click on ports to be included in VLAN 4 Enter the following fields Port Edit Mode Select whether you are going to...

Page 67: ... reliability when connecting a desktop device such as a PC to a switch port Phone Interface Used when connecting a desktop device such as a PC to an IP phone to a switch port The voice data is tagged Switch Interface Used when connecting an access switch and a distribution switch or between access switches Router Interface Used when connecting the switch and a WAN router Wireless Interface Used wh...

Page 68: ...elearning and aging MAC addresses are enabled Max Entries Displays the maximum number of MAC addresses that can be learned on the port Action on Violation Action to be applied to packets arriving on a locked port The possible options are Discard Discard the packets from any unlearned source Forward Forward the packets from an unknown source without learning the MAC address Shutdown Discard the pac...

Page 69: ...6 Enter the following fields Username Enter a username Password Enter a password Re enter Password Confirm the password 7 Click Next 8 Enter the following fields MAC Address Displays the device MAC address System Name Enter a system name System Contact Enter a system contact System Location Enter the systems location 9 Click Next 10 Enter the following fields SNMP Mode Enable disable SNMP on the d...

Page 70: ...70 Dashboard FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Dashboard fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 71: ...Pv6 network while ISATAP tunnel enables device operations in combined in a combined IPv4 IPv6 network Difference Between IPv4 and IPv6 Addressing The primary difference between IPv4 to IPv6 is the length of network addresses IPv6 addresses are 128 bits whereas IPv4 addresses are 32 bits Thus IPv6 addresses enable the use of many more unique addresses The 128 bit IPv6 address format is divided into...

Page 72: ...as a virtual IPv6 local link with each IPv4 address mapped to a Link Local IPv6 address Switch Information Use the Switch Information page to view and configure general device information including the system name location contact system MAC Address System Object ID date time and system up time To configure general device parameters 1 Click Switch Management Switch Information 2 Click Edit and ent...

Page 73: ... following ways Static Assignment DHCP Assignment Default When the interface is configured as a DHCP client the default it requests an IP address from the DHCP server It then sends Address Resolution Protocol ARP packets to confirm the uniqueness of the IP address If the ARP response shows that the IP address is in use the switch sends a DHCPDECLINE message to the DHCP server and sends another DHC...

Page 74: ... L2 or L2 mode For these devices In Layer 2 mode the following are supported Dot1x guest VLAN Dynamic VLAN Assignment and Multi Session Only one IP address can be assigned on a VLAN In Layer 2 Routing mode the following are supported IPv4 Routing and IPv6 Routing Dot1x guest VLAN Dynamic VLAN Assignment and Multi Session is not supported Multiple static IP addresses can be assigned on one or more ...

Page 75: ...dynamically or Static IP Address Enter the IP address assigned to the device manually only if the DHCP option was not selected Address Class Select either Subnet Mask or Prefix Length Subnet Mask Select the subnetwork mask to which traffic can be routed Prefix Length Enter the number of bits that comprise the IP address prefix of the subnetwork Default Gateway Enter the IP address of the default g...

Page 76: ... of 10 messages translates to 100 ICMP error messages per second ICMPv6 Error Rate Limit Bucket Size 1 200 Enter the maximum number of ICMP error messages that can be sent by the device per interval The value of this parameter together with the ICMP Error Rate Limit Interval parameter determines how many ICMP error messages may be sent per time interval for example a rate limit interval of 100 ms ...

Page 77: ... stateless auto configuration of IPv6 address assignment When enabled the router solicitation ND procedure is initiated This discovers a router in order to assign an IP address to the interface based on prefixes received with RA messages When auto configuration is disabled no automatic assignment of IPv6 global Unicast addresses is performed and existing automatically assigned IPv6 global Unicast ...

Page 78: ...s link local non routable and can be used for communication on the same network only A Link Local address has a prefix of FE80 Global The IP address is a globally unique IPv6 address visible and reachable from other subnets IP Address Enter the IPv6 address assigned to the interface The address must be a valid IPv6 address specified in hexadecimal using 16 bit values between colons An example of a...

Page 79: ...cannot be removed An alert message is displayed after a user attempts to insert more than one IP address An alert message is displayed when attempting to insert a non Link Local type address To configure a router 1 Click Switch Management IPv6 Addressing IPv6 Default Gateway The previously defined routers are displayed with the following fields Default Gateway IPv6 Address The router s address Int...

Page 80: ...r 2 Cost of this hop 2 To add an IPv6 default gateway click Edit Add and enter the fields IPv6 Address Type Displays that the IP address was added to the interface through a link local address Link Local Interface Displays the outgoing interface through which the default gateway can be reached Default Gateway IPv6 Address Enter the Link Local IPv6 address of the default gateway Metric Enter the co...

Page 81: ...onds Stale The neighbor is no longer known to be reachable but until traffic is sent to the neighbor no attempt is made to verify its reachability Delay The neighbor is no longer known to be reachable and traffic has recently been sent to the neighbor Rather than probe the neighbor immediately however there is a delay sending probes for a short while in order to give upper layer protocols a chance...

Page 82: ..._SwitchManagement fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY If an entry for the specified IPv6 address already exists in the neighbor discovery cache as learned through the IPv6 neighbor discovery process you can convert the entry to a static entry To do this select Static in the Type field ...

Page 83: ...iguration File This file contains the commands used to configure the device at startup or after reboot The Startup Configuration file can be created from the Running Configuration file or by downloading a file to the Startup Configuration file in File Update and Backup Running Configuration File This file contains all Startup Configuration file commands as well as all commands entered during the c...

Page 84: ...Code Version Updating System Files System files can be updated or initially loaded in one of the following ways Manually System files can be updated manually using the Update Firmware Configuration page Automatically Auto Update Configuration System files can be updated automatically as follows Auto Configuration If the Auto Configure feature is enabled in the Auto Update page the Startup Configur...

Page 85: ...le options are Firmware Download A firmware file is downloaded Configuration Download A configuration file is downloaded Update Method Select the download method to be used The possible options are HTTP Download file using HTTP TFTP Download file using TFTP USB Download from a USB drive Flash Download from Flash memory Server IP Address Enter server address where the file to be downloaded is store...

Page 86: ...om the switch 1 Click Switch Management File Update and Backup Backup Files The current firmware version is displayed 2 Click Edit 3 Enter the following IP Format fields Supported IP Format Select whether IPv4 or IPv6 format is supported IPv6 Address Type When the server supports IPv6 this specifies the type of static address supported The possible options are Link Local A Link Local address that ...

Page 87: ...ess Enter server address where backup file is to be stored Destination File Name Name of backup file 5 Click Apply to start the backup process NOTE Each exclamation mark that is displayed on the screen after you click Apply indicates that ten packets were successfully transferred Active Firmware Image There are two firmware images Image1 and Image2 stored on the switch One of these images is ident...

Page 88: ... box device can be configured to retrieve its configuration file from the network allowing instant access to it from the administrator s management station and up to date configuration on the device NOTE If Auto Update is performed through the USB port in addition to upgrading the Startup Configuration and image file a new IP address can also be assigned to the device See Setup Files below Setup F...

Page 89: ... flag field is omitted it is considered to be blank A line can be in one of the following formats Format A Contains all possible fields MAC_address of device New_IP_Address New_IP_Mask Configuration File Name Image File Name flag Examples 0080 c200 0010 192 168 0 10 255 255 255 0 switch X text pc5500 4018 ros This means that the line applies to the device with MAC address 0080 c200 0010 a new IP a...

Page 90: ...uration file and x10xx 10059 ros is the new image file Format C Contains the following 5 fields IP_address IP_mask Configuration File Name Image File Name Flag Example 192 168 0 10 255 255 255 0 switch text x10xx 10059 ros This means that the line applies to any device no MAC address is supplied a new IP address of 192 168 0 10 is to be assigned to the device with mask 255 255 255 0 The switch x t...

Page 91: ...n Download at Next Startup has been enabled in the Auto Update page or the Startup Configuration file is empty See Performing Auto Update from a USB Drive The Auto Update from a TFTP server is triggered if the following conditions are fulfilled An IP address of a TFTP server is received from a DHCP server A file name is received from DHCP server The Auto Configuration from a TFTP server is trigger...

Page 92: ...Optional Create a line in the setup file for this device containing the required options and load it on the USB key 3 Load configuration image files on the USB key as required 4 Insert the USB key in the USB drive and reboot the device When Auto Update is initiated from a USB drive the following steps are performed 1 Locate the correct setup file The USB drive is searched for a setup file One of t...

Page 93: ...current image file version the USB image file is loaded and the switch is rebooted If a new image file was loaded it is loaded onto all units in the stack If the line contains a configuration file the configuration file is appended to running configuration file 4 Mark the flag in the applied line When the line is applied successfully or not its flag is set as follows If the line contains an IP add...

Page 94: ...uration One File Read Method This method requires the following preparations on the DHCP and TFTP servers TFTP Server Place a configuration file for example config txt in the main directory This file can be created by copying a configuration file from a device When the device is booted this becomes the Running configuration file DHCP Server Configure the DHCP server with option 67 and the name of ...

Page 95: ...itch applies the multi file method to download the configuration file The following steps are performed by the switch The switch gets the hostname as described below If the hostname was provided by the DHCP server this hostname is used If the hostname has not been provided by a DHCP server and if the user has configured the sysName variable its value is used as a hostname If neither of the above o...

Page 96: ...g preparations TFTP Server Create a sub directory in the main directory Place a software image file in it Create an indirect file that contains a path and the name of the software version for example indirect x10xx txt that contains x10xx version ros Copy this file to the TFTP server s main directory DHCP Server Configure the DHCP server with option 20 or 66 This is the IP address of the TFTP serv...

Page 97: ...ons described above must be completed on the DHCP server and TFTP servers 1 Click Switch Management File Update and Backup Auto Update of Configuration Image File The auto update configuration options are displayed 2 Modify the auto update configuration parameters as required Configuration Auto Configure Enable disable automatic download of the configuration parameters to the Running Configuration...

Page 98: ...rts user defined domain names into IP addresses Each time a domain name is assigned the DNS service translates the name into a numeric IP address for example www ipexample com is translated into 192 87 56 2 DNS servers maintain domain name databases and their corresponding IP addresses To add a DNS server and specify the active DNS server 1 Click Switch Management DNS Settings DNS DNS Settings The...

Page 99: ...s specifies the Link Local interface The possible options are VLAN 1 The VLAN on which the IPv6 interface is configured ISATAP The IPv6 interface is configured on an ISATAP tunnel DNS Server Enter the IP address of the DNS server being added DNS Server Currently Active Displays the DNS server that is currently active Set DNS Server Active Check to activate the selected DNS server Host Name Mapping...

Page 100: ...cifies the Link Local interface The possible options are VLAN The VLAN on which the IPv6 interface is configured ISATAP The IPv6 interface is configured on an ISATAP tunnel Host Name 1 158 Characters Enter the host name to be associated with the IP address entered below IP Address Enter the IP address of the domain Four addresses can be entered Time Synchronization The system clock runs from the m...

Page 101: ...eters as defined in System Time from an SNTP Server Local Time Settings Use the Local Time Settings page to set system date time manually as opposed to receiving them from an external SNTP server If system time is acquired from an external SNTP clock and the external SNTP clock is not received for some reason the manual system time is used In addition to setting the local clock you can use this pa...

Page 102: ... will set DST manually in the fields described below If you selected USA or European you are finished If you selected Other proceed to the next step There are two types of DST possible when Others is selected You can set a specific date in a particular year or you can set a recurring setting irrespective of the year For a specific setting in a particular year complete the SNTP Daylight Savings are...

Page 103: ... time at which DST begins every year To The recurring time that DST ends each year for example DST ends locally every fourth Friday in October at 5 00 am The possible options are Day The day of the week at which DST ends every year Week The week within the month at which DST ends every year Month The month of the year in which DST ends every year Time The time at which DST ends every year System T...

Page 104: ...ight SNTP servers can be defined If this method is selected SNTP information is accepted only from SNTP servers defined in the SNTP Servers page Time levels T1 T4 see the Algorithm for Selecting Designated SNTP Server section are used to determine from which server time information is accepted If Unicast polling is not enabled or if no servers are defined on the device the device accepts time info...

Page 105: ...m is the distance in terms of NTP hops from the most authoritative time server The lower the stratum where zero is the lowest the more accurate the clock The switch accepts time from stratum 1 and above The following provides examples of clocks from various stratums Stratum 0 A real time clock is used as the time source for example a GPS system Stratum 1 A server that is directly linked to a Strat...

Page 106: ...n file for example when an SNTP Unicast server is added This is configured by the user in the SNTP Global Settings page On power up when the switch sends a request and there is no reply it issues another request three retries at most after 20 seconds of waiting If no SNTP server is found the process is invoked every poll interval set in the SNTP Global Settings page and a management trap is trigge...

Page 107: ...ble receiving time information from the SNTP servers defined on the switch Poll Unicast Requests Enable disable sending SNTP Unicast server time information requests to the SNTP server SNTP Authentication Use the SNTP Authentication page to enable disable SNTP authentication between the device and an SNTP server and to set the means by which the SNTP server is authenticated To configure SNTP authe...

Page 108: ... server Polling Polls the selected SNTP server for system time information when enabled Encryption Key ID Key Identification used to communicate between the SNTP server and device Preference SNTP server providing SNTP system time information The system displays on of the following options Primary The server from which time was last accepted Secondary All other servers from which time was received ...

Page 109: ...ress supported Select one of the possible options Link Local A Link Local address that is non routable and used for communication on the same network only Global A globally unique IPv6 address visible and reachable from different subnets SNTP Server Enter the SNTP server s IP address Polling Enable disable polling the selected SNTP server for system time information when enabled Encryption Key ID ...

Page 110: ... Security This section describes the pages used to manage device security It contains the following topics Global Password Management Line Password for CLI Enable Password for CLI Active Users Local User Database Access Profiles and Rules Configuration Authentication Profiles Select Authentication TACACS RADIUS Global Password Management Password management provides increased network security and ...

Page 111: ...the user that the password must be changed If the password is not changed users are locked out of the system and can only log in using the console Password warnings are logged in the SYSLOG file NOTE Password aging is enabled only after setting the switch to use SNTP for setting time To define password management parameters 1 Click Switch Management Management Security Global Password Management 2...

Page 112: ...rs 1 Click Switch Management Management Security Line Password for CLI 2 Click Edit to enter the fields for each type of user separately Password Enter the line password for accessing the device Confirm Password Confirm the line password Expiry Date Displays the expiration date of the line password Lockout Status Displays whether the user currently has access status Usable or whether the user is l...

Page 113: ...d Confirm Password Confirm the password Expiry Date If Global Aging was selected in the Global Password Management displays the expiration date of the enable password Lockout Status Displays the number of failed authentication attempts since the user last logged in successfully if the Enable Login Attempts checkbox is selected in the Global Password Management page Specifies LOCKOUT when the user ...

Page 114: ...e the user last logged in successfully status Locked Reactivate Suspended User Check to reactivate the specified user s access rights Access rights can be suspended after unsuccessfully attempting to login If a user has been suspended it can be restored here by selecting the Reactivate Suspended User field 2 To add a user click Edit and then Add and enter the fields User Name 1 20 characters Enter...

Page 115: ...denying all users access to CLI Telnet management effectively disables CLI Telnet as an available management interface to the system By default management access to the system through all methods is enabled over all interfaces NOTE If you enable management access on certain types of interfaces the following holds Physical Port All VLANs and IP interfaces on this port are acceptable management traf...

Page 116: ...ck Add and enter the fields Access Profile Name Select a profile to add a rule to a previously created profile or select New Profile to create a new profile Access Profile Name Enter a name for a new access profile if New Profile was selected above Rule Priority Enter the rule priority Rules are applied to packets according to their priority Management Method Select the management method to which ...

Page 117: ...s Select one of the following options Subnet Mask Enter the IP subnetwork mask if Supported IP Format is IPv4 Prefix Length Enter the number of bits that comprise the source IP address prefix or the network mask of the source IP address Subnet Mask Enter the subnet mask of the IP address of the device Prefix Length Enter the number of bits that comprise the IP address prefix of the subnetwork Acti...

Page 118: ... options are selected the user is authenticated first locally If the local user database is empty the user is authenticated via the RADIUS server If an error occurs during the authentication the next selected method is used If an authentication method fails or the user has an insufficient privilege level the user is denied access to the switch The switch then stops does not continue and does not a...

Page 119: ...ce which checks the user name and password for authentication RADIUS The user authentication is performed by the RADIUS server For more information see RADIUS TACACS The user authentication is performed by the TACACS server For more information see TACACS None No user authentication occurs Select a method by highlighting it in the Optional Methods list and clicking on the right arrow to move it to...

Page 120: ...uthentication processes TACACS provides the following services Authentication Provides authentication during login and via user names and user defined passwords Authorization Performed at login after authentication The TACACS server checks the privileges of the authenticated user The TACACS protocol ensures network integrity through encrypted protocol exchanges between the device and TACACS server...

Page 121: ...nter the TACACS server IP address Priority Enter the order in which the TACACS servers are used if several are defined Authentication Port Enter the port number through which the TACACS session occurs Key String Enter the key of the TACACS server or select Use Default Timeout for Reply sec Enter the amount of time that can pass before the connection between the device and the TACACS server times o...

Page 122: ...of time that can pass before the connection between the device and the TACACS server times out Number of Retries Enter the number of requests sent to the RADIUS server before a failure occurs Dead Time sec The amount of time in minutes that a RADIUS server is bypassed for service requests 3 Click OK 4 To add a RADIUS server click Edit Add and enter the fields Supported IP Format Select whether the...

Page 123: ...fault value Number of Retries Enter the number of requests sent to the RADIUS server before a failure occurs Select Use Default to use the default value Timeout for Reply The amount of the time in seconds that the device waits for an answer from the RADIUS server before retrying the query or switching to the next server Select Use Default to use the default value Dead Time The amount of time in mi...

Page 124: ...124 Switch Management FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_SwitchManagement fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 125: ...log messages can be generated Urgent If the device is down or not functioning properly an urgent log message is generated Urgent messages include emergency alert and critical level messages Major An alert log is saved if there is a serious device malfunction for example all device features are down Major messages include error and warning level messages Information Provides device information to w...

Page 126: ...ffer are deleted when the device is reset Logging file flash Messages are stored in flash memory When the buffer is full messages are written starting at the beginning of the memory block overwriting the old messages SYSLOG Server Messages are sent to a remote server This is useful for central and remote management and to provide more space for storage of messages Up to eight SYSLOG servers can be...

Page 127: ... associated with the console log RAM log and Log file Flash memory When a severity level is selected all severity levels above the selection are selected automatically Login History Use the Login History page to monitor users including the time a user logged in and the protocol used to log on to the device To enable user history logging 1 Click Logs and Alerts Login History The login history for t...

Page 128: ...ription UDP Port Enter the UDP port to which the logs are sent for the selected server Facility Select a user defined application from which system logs are sent to the remote server Only a single facility can be assigned to a single server If a second facility level is assigned the first facility level is overridden All applications defined for a device utilize the same facility on a server Sever...

Page 129: ...rs to display network information from a remote location It contains the following topics Statistics CPU Utilization History Control History Table Threshold and Events Statistics To display device utilization statistics and errors that occurred on the device 1 Click Statistics and Diagnosis Monitoring RMON 2 Click Statistics 3 Select a port or LAG NOTE Figures can be displayed in either Tabular or...

Page 130: ...ived less than 64 octets long excluding framing bits but including FCS octets and otherwise well formed Oversize Packets Number of packets received longer than 1518 octets excluding framing bits but including FCS octets and otherwise well formed Fragments Number of packets received less than 64 octets in length excluding framing bits but including FCS octets which has either a bad Frame Check Sequ...

Page 131: ...he statistics should be refreshed 5 Select Reset All Counters to clear the counters CPU Utilization Use the CPU Utilization page to display interface utilization This page is refreshed periodically to minimize impact on performance Display may be disrupted during this period To display interface utilization statistics 1 Click Statistics and Diagnosis Monitoring RMON 2 Click CPU Utilization 3 Selec...

Page 132: ... statistical network samplings Each table entry represents the counter values compiled during a single sample To display RMON statistics for a specified sample 1 Click Statistics and Diagnosis Monitoring RMON 2 Click History Table 3 Select a History Entry number in the View By filter The following fields are displayed Sample No Number of the specific sample the information in the table reflects Dr...

Page 133: ... having a FCS received during the sampling session Jabbers Number of packets having more than 1632 octets and who had an FCS received during the sampling session Collisions Estimated number of packet collision that occurred during the sampling session Collisions are detected when repeater port detects two or more stations transmitting simultaneously Utilization Estimated main physical layer networ...

Page 134: ...nt Select one of the previously defined events Falling Threshold Enter the falling counter value that triggers the falling event alarm Falling Event Select one of the previously defined events Startup Event Select the trigger that activates the alarm The possible options are Rising Alarm A rising counter value triggers the alarm Falling Alarm A falling counter value triggers the alarm Rising and F...

Page 135: ...will be performed Log A SYSLOG will be generated Trap A trap will be generated Log and Trap Both a log and a trap will be generated Owner Enter the event owner Description Enter an event description Statistics This section describes the statistics counters available for review It contains the following topics Interface Counters Denied ACEs Counters EAP Statistics Etherlike Statistics GVRP Statisti...

Page 136: ...d interface Error Received Number of errors packets received on the selected interface Total Bytes Octets Transmitted Number of octets transmitted from the selected interface Unicast Packets Transmitted Number of Unicast packets transmitted from the selected interface Multicast Packets Transmitted Number of Multicast packets transmitted from the selected interface Broadcast Packets Transmitted Num...

Page 137: ...ames received on the port Log off Frames Receive The number of EAPOL Logoff frames received on the port Respond ID Frames Receive The number of EAP Resp ID frames received on the port Respond Frames Receive The number of valid EAP Response frames received on the port Request ID Frames Transmit The number of EAP Req ID frames transmitted via the port Request Frames Transmit The number of EAP Reques...

Page 138: ...FCS check Single Collision Frames Number of frames that are involved in a single collision and are subsequently transmitted successfully Late Collisions Number of collisions detected after the first 512 bits of data Internal MAC Transmit Errors Number of frames for which reception fails due to an internal MAC sublayer receive error Oversize Packets Number of frames received that exceed the maximum...

Page 139: ...packets Empty Transmitted The number of transmitted GVRP empty packets Leave Empty Received The number of received GVRP Leave Empty packets Leave Empty Transmitted The number of transmitted GVRP Leave Empty packets Join In Received The number of received GVRP Join In packets Join In Transmitted The number of transmitted GVRP Join In packets Leave In Received The number of received GVRP Leave In pa...

Page 140: ...based on the duplex mode of the interface Unicast Received Percentage of Unicast packets received on the interface Non Unicast Packets Received Percentage of non Unicast packets received on the interface Error Packets Received Percentage of packets with errors received on the interface Diagnostics This section describes how to perform hardware tests on the device It contains the following topics I...

Page 141: ...ns are No Cable There is no cable connected to the port Open Cable The cable is connected on only one side Short Cable A short has occurred in the cable OK The cable passed the test Unknown Test Result Test results are not known Cable Fault Distance Displays the distance from the port where the cable error occurred Last Update Displays the last time the port was tested Cable Length Displays the ap...

Page 142: ... Temperature Celsius at which the SFP is operating Voltage in V SFP s operating voltage Current in A SFP s current consumption Output Power in W Transmitted optical power Input Power in W Received optical power Transmitter Fault Remote SFP reports signal loss Values are True False and No Signal N S Loss of Signal Local SFP reports signal loss Values are True and False Data Ready SFP is operational...

Page 143: ...e fact that they might be intermingled with other teams Reconfiguration of the network can be done through software rather than by physically unplugging and moving devices or wires A VLAN can be thought of as a Broadcast domain that exists within a defined set of switches A VLAN consists of a number of end systems either hosts or network equipment such as bridges and routers connected by a single ...

Page 144: ...ess port belongs 3 A forwarding decision is made as a function of the VLAN ID and the destination MAC address 4 The egress rules define whether the frame is to be sent as tagged or untagged Special case VLANs VLAN 1 and VLAN 4095 are special case VLANs VLAN Defined as the default VLAN This means that if the VLAN whose VID is the current port s PVID is deleted from the port or from the system that ...

Page 145: ...et to Access mode belong to a single VLAN whose VID is the currently set PVID default 1 These ports accept all untagged frames and all frames tagged with the VID currently set as the port s PVID All traffic egress to access ports is sent untagged If the VLAN whose VID is set as the current PVID of the port is deleted from the system or deleted from the port the port s PVID will be set to 1 meaning...

Page 146: ...imits traffic to tagged frames Incoming untagged frames are silently discarded and no frames are sent untagged Trunk mode ports are intended for switch to switch links where traffic is usually tagged General Ports Ports set to General mode can be members of multiple VLANs Each of these VLANs may be configured to be tagged or untagged This setting applies to transmitted frames Incoming untagged fra...

Page 147: ...s It covers the following topics VLAN Membership VLAN Port Settings Protocol Group Protocol Port GVRP Parameters GARP Timers Private VLAN VLAN Membership The device supports up to 4094 VLANs VLANs 1 4094 Ports are assigned to a VLAN in the VLAN Port Settings page To configure the ports in a VLAN 1 Click Network Administration VLAN Standard VLAN VLAN Membership Each existing port LAG is labeled wit...

Page 148: ...n is required select Disabled VLAN Port Settings After a VLAN has been defined ports can be assigned to it To assign a VLAN to untagged packets arriving on the device set the port default VLAN ID PVID to the port All untagged packets arriving to the device are tagged by the ports PVID All ports must have a defined PVID If no other value is configured the default VLAN PVID is used VLAN ID 1 is the ...

Page 149: ...bled disabled on an access port Trunk The port belongs to VLANs on which all ports are tagged except for one port that can be untagged Customer When a port is in Customer mode an added tag provides a VLAN ID to each customer ensuring private and segregated network traffic for that customer Private VLAN Promiscuous The port is a promiscuous port Private VLAN Host The port is an isolated port Curren...

Page 150: ...ed on the port The possible options are Admit All Both tagged and untagged packets are accepted on the port Admit Tagged Only Only tagged packets are accepted on the port Admit Untagged Only Only untagged packets are accepted on the port Ingress Filtering Enable disable ingress filtering which discards packets that are destined to VLANs of which the specific port is not a member Native VLAN ID 1 4...

Page 151: ...oup port combination the user may set the VLAN to which incoming frames on that port will be classified if they belong to any of the protocols in the group Several protocol groups may be associated to a single port and a protocol group may be assigned to multiple ports if so desired It is not guaranteed that the VLAN to which the frame is classified exists in the system or is active on that port T...

Page 152: ...played 2 Click Edit Add and enter the fields Frame Type Select a frame type to be accepted in the protocol group Protocol Value Select a protocol name or Ethernet Based Protocol Value 0600 FFFF Enter the Ethernet protocol group type Protocol Group ID Assign a protocol group ID number Protocol Port A protocol port is a port assigned to a particular protocol group Traffic from particular types of fr...

Page 153: ...lly configure each bridge and register VLAN membership To ensure the correct operation of the GVRP protocol it is advised to set the maximum number of GVRP VLANs equal to a value which significantly exceeds The number of all static VLANs both currently configured and expected to be configured The number of all dynamic VLANs participating in GVRP both currently configured initial number of dynamic ...

Page 154: ...gated to devices in the bridged LAN and these devices form a reachability tree that is a subset of an active topology GARP defines the architecture rules of operation state machines and variables for the registration and deregistration of attribute values When configuring GARP ensure the following The leave time must be greater than or equal to three times the join time The leave all time must be ...

Page 155: ...ast domain The ports can be located anywhere in the Layer 2 network The switch ports belonging to a PVLAN can be Promiscuous ports that can communicate with all ports of the same PVLAN including the isolated ports of the same PVLAN Isolated ports that have complete Layer 2 isolation from the other ports within the same PVLAN but not from the promiscuous ports Isolated ports can communicate with pr...

Page 156: ...n ports to the private VLAN click Edit Membership 5 Select a Primary VLAN ID 6 Select the ports to be assigned to each VLAN and assign each port LAG a port type The possible options are H Host Isolated Port is isolated P Promiscuous Port is promiscuous C Conditional operational state depends on Port VLAN Mode Port receives the Port VLAN type set in VLAN Port Settings None Clears port type previous...

Page 157: ...iorate if IP traffic is received unevenly To summarize when Voice VLAN is enabled and configured and VoIP equipment is connected to one of the switch ports the VoIP traffic triggers the switch s Voice VLAN feature to add this port to the Voice VLAN and to assign traffic from this port a specific QoS profile ensuring high voice quality The device supports a single voice VLAN Properties To set voice...

Page 158: ... an interface click its Edit icon and enter the fields Interface Displays the specific port or LAG to which the Voice VLAN settings are applied Voice VLAN Mode Select the Voice VLAN mode The possible options are None Disables the selected port LAG on the Voice VLAN This is the default Static Statically adds the port to the Voice VLAN This is usually done for VoIP uplink ports that connect the devi...

Page 159: ...ing table Traffic from each type of IP phone contains the OUI for the phone manufacturer When frames are received in which the source MAC address s first three octets match one of the OUIs in the OUI list the port on which they are received is automatically assigned to the Voice VLAN To add a new OUI 1 Click Network Administration VLAN Voice VLAN OUI The previously defined OUIs are displayed 2 Cli...

Page 160: ...160 Network Administration VLAN FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Network_Admin_VLAN fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 161: ...n Port Settings This section describes how to configure port functionality It contains the following topics Ports Address Tables UDLD Ports This section covers the following topics Jumbo Frames Protected Ports Port Profile Port Configuration Port and VLAN Mirrorings Overview This section includes a description of port features and describes the following Auto Negotiation MDI MDIX Flow Control Back...

Page 162: ...ween two link partners to enable a port to advertise its transmission rate duplex mode and flow control abilities to its partner Both ports then operate at the highest common denominator If connecting a Network Interface Card NIC that does not support auto negotiation or is not set to auto negotiation both the device switching port and the NIC must be manually set to the same speed and duplex mode...

Page 163: ...e interfaces with enabled flow control receive PAUSE frames but do not send them When flow control is enabled the system buffers are allocated per port so that if the buffers of one port are consumed other ports will still have their free buffers Back Pressure The device supports back pressure for BaseT copper ports configured to Half Duplex mode By default this feature is disabled and it can be e...

Page 164: ... other interfaces This can be used to set up a group of ports that receive similar services Protected ports provides Layer 2 isolation within the device while Private VLAN can be used to create Layer 2 isolation that is carried on VLANs thus it can be used over multiple devices A protected port does not forward traffic Unicast Multicast or Broadcast to any other protected port on the same switch A...

Page 165: ... protected port forwarding rule so that if a packet enters a protected port it can be routed by the device to another protected port Configuration of Protected Ports To configure protected ports and establish their communities 1 Click Network Administration Ports Settings Protected Ports A summary of all the ports and their statuses is displayed 2 Click Edit 3 Select the interface and click its Ed...

Page 166: ...ll be connected to a switch Router The port will be connected to a router Wireless The port will be connected to a wireless access point 5 Each profile requires entering various elements of VLAN information Enter the fields according to the profile VLAN Port Mode Displays the port mode applied to ports in the profile VLAN ID Untagged 1 4094 Enter the VLAN for untagged traffic VLAN ID Tagged 1 4094...

Page 167: ... reset Spanning Tree fields Point to Point Admin Status Displays whether a point to point links is established The possible options are Enable Enables the device to establish a point to point link or specifies for the device to automatically establish a point to point link To establish communications over a point to point link the originating PPP first sends Link Control Protocol LCP packets to co...

Page 168: ...ices Port Configuration If port configuration is modified while the port is a LAG member the configuration change is only effective after the port is removed from the LAG To configure a port 1 Click Network Administration Ports Settings Ports Port Configuration All ports and their configuration settings are displayed 2 To modify the port settings click Edit and select a port 3 Click the Edit icon ...

Page 169: ... the port duplex mode this is only possible if Auto Negotiation is not enabled The options are Full The interface supports transmission between the device and the client in both directions simultaneously Half The interface supports transmission between the device and the client in only one direction at a time Current Duplex Mode Displays the synchronized port duplex mode Auto Negotiation Select to...

Page 170: ...t settings The field values are identical to the Admin Advertisement field values Back Pressure Enable disable Back Pressure mode that is used with Half Duplex mode to disable ports from receiving messages Current Back Pressure Displays the current Back Pressure setting Flow Control Set flow control on the port The following options are available Enable Disable Enable disable flow control on the p...

Page 171: ...h the source port at ingress prior to any switch action It is possible to specify several source ports to be monitored by a single target port However in this case the traffic sent to the target port is placed in the target port s queues on a first come first served basis and any excess traffic is silently discarded This may mean that the traffic actually seen by any device attached to the target ...

Page 172: ...smitted as they are received on the ingress port However in the device the packet is transmitted out of the destination port as untagged regardless of the input encapsulation Source Port Restrictions The following restrictions apply to ports specified as source ports Source ports cannot be a member of a LAG Source ports cannot be configured as a destination port Up to eight source ports can be mir...

Page 173: ... or the Dynamic Address tables Packets addressed to a destination stored in one of these tables are forwarded to the associated port MAC addresses are dynamically learned when packets arrive at the device Addresses are associated with ports by learning the source address of the frame Frames addressed to a destination MAC address that is not found in the Static and Dynamic Address tables are floode...

Page 174: ...n it is retained after rebooting Delete on Reset The MAC address is deleted when the device is reset Delete on Timeout The MAC address is deleted when a timeout occurs Secure The MAC address is secure when the interface is in classic locked mode To prevent Static MAC addresses from being deleted when the Ethernet device is reset ensure that the port attached to the MAC address is locked Dynamic Ad...

Page 175: ... table check Clear Table 6 To display a subset of the addresses in a particular order click the Filter icon and enter the following query criteria Interface Port or LAG associated with the MAC address MAC Address Interface MAC address VLAN ID VLAN ID in the entry 7 Click Query to see the results UDLD This section describes how the Unidirectional Link Detection UDLD feature It covers the following ...

Page 176: ...Detection System is attempting to determine whether the link is bidirectional or unidirectional This is a temporary state Bidirectional Traffic sent by a local device is known to be received by its neighbor and traffic from the neighbor is received by the local device Shutdown The link is unidirectional Traffic sent by a local device is received by its neighbor but traffic from the neighbor is not...

Page 177: ...passed If a new message is received before the expiration time the information in that message replaces the previous one When the expiration time expires the device does the following with the information received If the neighbor message contains the local device ID The link status of the port is set to bidirectional If the neighbor message does not contain the local device ID The link status of t...

Page 178: ... set to a different UDLD mode normal aggressive The UDLD mode is not contained in the UDLD messages so that the local device does not know the UDLD mode of the neighbor and vice versa If the UDLD modes are different on the local and neighbor devices the devices act as follows When the UDLD state of the link is bidirectional or unidirectional both devices shut down their ports When the UDLD state o...

Page 179: ...n a copper port you must enable it per port When you globally enable UDLD it is only enabled on fiber ports Set the UDLD mode to normal when you do not want to shut down ports unless it is known for sure that the link is unidirectional Set the UDLD mode to aggressive when you want to shut down any port whenever there is even a chance that the link is undetermined Dependencies On Other Features UDL...

Page 180: ...D Global Settings page Enter the Message Time Select either Disabled Normal or Aggressive as the global UDLD status Click Apply Workflow2 To change the UDLD configuration of a fiber port or to enable UDLD on a copper port perform the following steps 1 Open the UDLD Global Settings page Select a port Select either Default Disabled Normal or Aggressive as the port s UDLD status If you select Default...

Page 181: ...otification is issued Aggressive Device shuts down an interface if the link is unidirectional or undetermined UDLD Interface Settings Use the UDLD Interface Settings page to change the UDLD state for a specific port Here the state can be set for copper or fiber ports To copy a particular set of values to more than one port set that value for one port and use the Copy button to copy it to the other...

Page 182: ...te of the link between the port and its connected port cannot be determined either because no UDLD message was received or the UDLD message did not contain the local device ID in it Disabled UDLD has been disabled on this port Shutdown The port has been shut down because its link with the connected device is unidirectional or undetermined in aggressive mode Number of Neighbors Number of connected ...

Page 183: ...unning on the port so that the state is not yet determined Bidirectional Traffic sent by the local device is received by its neighbor and traffic from the neighbor is received by the local device Undetermined The state of the link between the port and its connected port cannot be determined either because no UDLD message was received or the UDLD message did not contain the local device ID in it Di...

Page 184: ...4 Network Administration Port Settings FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Network_Admin_PortSettings fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 185: ...Tree feature It contains the following topics Global Settings STP Port Settings Rapid Spanning Tree MSTP Properties VLAN to MSTP Instance MSTP Instance Settings MSTP Interface Settings Spanning Tree Overview Spanning Tree Protocol STP provides tree topography for any bridge arrangement STP eliminates loops by providing a unique path between end stations on a network Loops occur when alternate path...

Page 186: ...ree on page 191 Multiple STP MSTP MSTP is based on RSTP It detects Layer 2 loops and attempts to mitigate them by preventing the involved port from transmitting traffic Since loops exist on a per Layer 2 domain basis a situation occurs when a port is blocked to eliminate a STP loop Traffic will be forwarded to the port that is not blocked and no traffic will be forwarded to the port that is blocke...

Page 187: ...ion Mode Select the STP mode enabled on the device The possible options are Classic STP Enables Classic STP on the device Rapid STP Enables Rapid STP on the device This is the default value Multiple STP Enables Multiple STP on the device BPDU Handling Select how Bridge Protocol Data Unit BPDU packets are managed when STP is disabled on the port device BPDUs are used to transmit spanning tree infor...

Page 188: ...al of time in seconds that a root bridge waits between configuration messages Enter a value Max Age 6 40 Check to use device Maximum Age Time which is the time interval in seconds that a bridge waits before sending configuration messages Enter a value Forward Delay 4 30 Check to use device forward delay time which is the interval of time in seconds that a bridge remains in a listening and learning...

Page 189: ...State is automatically placed in the Forwarding state when the port is up Fast Link mode optimizes the time it takes for the STP protocol to converge STP convergence can take 30 60 seconds in large networks BPDU Guard Enable disable BPDU Guard on the port BPDU guard when enabled shuts down a port when BPUD messages are received from the port Root Guard Enable disable prevention of devices outside ...

Page 190: ...Disabled This port is not participating in the Spanning Tree Speed Displays the speed at which the port is operating Path Cost Enter the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Select Use Default to use the default path cost Priority Select the priority value that influences the port choi...

Page 191: ...t or LAG selected State Displays the RSTP state of the selected interface Role Displays the port role assigned by the STP algorithm in order to provide STP paths The possible options are Root This port provides the lowest cost path to forward packets to root bridge Designated This port is the interface through which the bridge is connected to the LAN which provides the lowest cost path from the LA...

Page 192: ... as needed by the LCP the originating PPP sends Network Control Protocols NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link or until some external ...

Page 193: ...ree and LAG Spanning Tree MSTP Properties 2 Click Edit and enter the following fields Region Name Enter the user defined MSTP region name Revision Enter the unsigned 16 bit number that identifies the current MST configuration revision The revision number is required as part of the MST configuration Max Hops 1 40 Enter the total number of hops that occur in a specific region before the BPDU is disc...

Page 194: ...stance 4 The following fields are displayed Included VLANs Displays VLANs included in this instance Designated Root Bridge ID Priority and MAC address of the Root Bridge for the MST instance Root Port Root port of the selected instance Root Path Cost Root path cost of the selected instance Bridge ID Bridge priority and the MAC address of this switch for the selected instance Remaining Hops Number ...

Page 195: ...gnated This port is the interface through which the bridge is connected to the LAN which provides the lowest cost path from the LAN to the Root Bridge Alternate This port provides an alternate LAG to the root switch from the root interface Backup This port provides a backup path to the designated port Backup ports occur only when two ports are connected in a loop by a point to point link Backup po...

Page 196: ...ttings Overview Link Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregation Group LAG Aggregating ports multiplies the bandwidth between two devices increases port flexibility and provides link redundancy The device supports the following types of LAGs Static LAGs Manually configured LAGs Link Aggregation Control Protocol LACP LAGs LACP LAGs negotia...

Page 197: ...ssign packets to a LAG member The hash function statistically load balances the aggregated link members The device considers a LAG to be a single logical port Aggregate ports can be linked into link aggregation port groups Each group comprises ports with the same speed set to full duplex operations LAG Membership Each device supports up to 12 LAGs per system and eight ports per LAG When you add a ...

Page 198: ... click its Edit icon and enter the fields LAG Mode Select the LAG mode The possible options are Static The ports in the LAG are manually configured LACP When enabled the device exchanges LACP messages with its neighbors to update and maintain LAG configurations automatically Description Enter a user defined description of the configured LAG LAG Type Displays the port types that comprise the LAG Ad...

Page 199: ...bps speed LAG and full duplex mode setting 1000 F The LAG advertises for a 1000 Mbps speed LAG and full duplex mode setting Current Advertisement Displays the speed that the LAG advertises to its neighbor LAG to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement Displays the neighboring LAG advertisement settings The ...

Page 200: ...h candidate ports will become members of the LAG The page displays the LACP settings of the ports 3 Click OK 4 To modify LACP parameters for a particular port click Edit select a port and enter the following fields Port Displays the port for which timeout and priority values are assigned LACP Port Priority Enter the LACP priority value for the port If this value is not entered the global default i...

Page 201: ...s LAG Displays the LAG to be modified Switchport Mode Enter the LAG system mode The possible options are Layer 2 Set the LAG to layer 2 mode Layer 3 Set the LAG to layer 3 mode in which static routing is supported Port VLAN Mode Enter the port VLAN mode The possible options are General The port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The port be...

Page 202: ... NOTE In Access mode a port can only be a member in a single VLAN so before adding an access port to the VLAN the VLAN the port is currently a member in should be manually removed by selecting it from the VLAN list and clicking the remove button Membership Packet tagging on VLAN The possible options are Tagged The LAG is a member of a VLAN All packets forwarded to the LAG are tagged The packets co...

Page 203: ...igured STP Enable disable STP on the LAG Fast Link Enable disable Fast Link mode for the LAG If Fast Link mode is enabled for a LAG the LAG State is automatically placed in Forwarding when the LAG is up Fast Link mode optimizes the time it takes for the STP protocol to converge STP convergence can take from 30 60 seconds in large networks BPDU Guard Enable disable BPDU Guard on the LAG Root Guard ...

Page 204: ...oot This LAG provides the lowest cost path to forward packets to the root bridge Designated This LAG is the interface through which the bridge is connected to the LAN which provides the lowest cost path from the LAN to the root bridge Alternate This LAG provides an alternate path to the root bridge from the root port Backup This LAG provides a backup path to the designated port Backup ports occur ...

Page 205: ...d Bridge ID Displays the priority and the MAC address of the designated bridge Designated Port ID Displays the ID of the selected interface Designated Cost Displays the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops Forward Transitions Displays the number of times the LAG State has changed from the Forwarding state to a...

Page 206: ...06 Network Administration Spanning Tree and LAG FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Network_Admin_STP fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 207: ... Information Overview LLDP enables network managers to troubleshoot and enhance network management by discovering and maintaining network topologies over multi vendor environments LLDP discovers network neighbors by standardizing methods for network devices to advertise themselves to other systems and to store discovered information Discovery information includes Device identification Device capab...

Page 208: ...ies Voice VLANs Emergency Call Service E 911 via IP phone location information Troubleshooting information LLDP MED sends network managers alerts for Port speed and duplex mode conflicts QoS policy misconfigurations LLDP Properties To enable and configure LLDP 1 Click Network Administration Link Layer Discovery Protocol LLDP LLDP Properties The current LLDP properties are displayed 2 Click Edit an...

Page 209: ...it and click the Edit icon of the port to be configured 3 Select the transmission type on which LLDP is to be configured in the State field The possible options are Tx Only Enables LLDP on transmitting LLDP packets only Rx Only Enables LLDP on receiving LLDP packets only Tx Rx Enables LLDP on transmitting and receiving LLDP packets Disabled LLDP is disabled on the port 4 Move the optional TLVs tha...

Page 210: ...e used These are Chassis subtype MAC address Port subtype port number and TTL time to leave 5 Enter the Management IP Address that is advertised from the interface Check Use Default to use the default Management IP address MED Network Policy A network policy instructs the connected media endpoint devices as to how to send traffic for example a policy can be created for VoIP phones that instructs t...

Page 211: ...to mark the traffic sent to the switch MED Port Settings To assign MED network policies to ports 1 Click Network Administration Link Layer Discovery Protocol LLDP MED Port Settings 2 The following fields are displayed for each port LLDP MED Status Specifies if LLDP MED is enabled on the selected port Network Policy Specifies whether a network policy is assigned to the port Location Specifies wheth...

Page 212: ...tion Status Enabled specifies that auto negotiation is enabled on the port Disabled indicates that it is not Advertised Capabilities The list of port capabilities advertised for the port MAU Type The Media Attachment Unit type The MAU performs physical layer functions including digital data conversion from the Ethernet interfaces collision detection and bit injection into the network for example 1...

Page 213: ...ice s civic or street address location for example 414 23rd Ave E ECS ELIN Device s ECS ELIN location Location Address Displays the port s LLDP location according to the Location Type Neighbors Information Use the Neighbors Information page to view information that was received in LLDP advertisements from neighboring devices The neighbor s information is deleted after timeout Timeout is the maximu...

Page 214: ...te a specific port entry 3 Click the Details button of a port In addition to the fields displayed in the MED Port Settings page the following fields are displayed for the neighbors of the selected port Power Type Port s power type Power Source Port s power source Power Priority Port s power priority Power Value Port s power value in Watts Hardware revision Hardware revision Firmware revision Firmw...

Page 215: ...tings System Routing Mode This section covers the following topics System Routing Mode System Routing Mode Some devices automatically support Layer 2 and Layer 2 Static Routing mode X1052 P and X4012 Other devices can be specifically placed in either Layer 2 mode or Layer 2 mode X1008 P X1018 P and X1026 P To set the system mode of the for devices where this is possible 1 Click Network Administrat...

Page 216: ... IPv4 Static Route table The switch uses the matched route with the longest prefix match NOTE A static route is displayed in the IPv4 Route table only if the IP interface on the device which is connected to the Next Hop is in the Up state For devices in Layer 2 Static Routing system mode To add an IPv4 static route 1 Click Network Administration Route Settings IPv4 Route Settings IPv4 Routes Table...

Page 217: ...rk Administration Route Settings IPv4 Route Settings IPv4 Routes Tables The following fields are displayed IP Address Destination IPv4 prefix If all zeros are entered this represents a default route Prefix Length Length of the destination IPv4 address prefix Interface Interface on which route is defined Default Gateway Gateway for this interface Type The possible options are Static User defined th...

Page 218: ...tries in the table are displayed 2 Click Edit Settings Icon and enter the parameters ARP Entry Age Out Seconds Enter the amount of time in seconds that can pass between ARP requests for this address After this period the entry is deleted from the table Clear ARP Table Entries Select the type of ARP entries that are cleared on all devices The possible options are None ARP entries are not cleared Al...

Page 219: ...f configured the switch can relay specific UDP Broadcast packets received from its IPv4 interfaces to specific destination IP addresses To configure the relaying of UDP packets received from a specific IPv4 interface with a destination UDP port 1 Click Network Administration Route Settings IPv4 Route Settings UDP Relay The UDP relays are displayed 2 To add a UDP relay click Edit Add and enter the ...

Page 220: ...dress 0 that uses the default router selected from the IPv6 Default Router List to send packets to destination devices that are not in the same IPv6 subnet as the device In addition to the default route the table also contains dynamic routes that are ICMP redirect routes received from IPv6 routers by using ICMP redirect messages This could happen when the default router the device uses is not the ...

Page 221: ...orted only for default gateway learned through the Neighbor Discover ND process ICMP The route was learned through ICMP Redirect messages sent by the router ND Route was learned by the ND protocol from Router Advertisement messages Metric The cost value used for comparing this route to other routes with the same destination in the IPv6 route table Life Time The timeout interval of the route if no ...

Page 222: ...face state becomes inactive and is represented as Down however the Admin state remains Enabled When defining tunneling note the following An IPv6 Link Local address is assigned to the ISATAP interface The initial IP address is assigned to the interface and the interface state becomes Active If an ISATAP interface is active the ISATAP router IPv4 address is resolved via DNS by using ISATAP to IPv4 ...

Page 223: ... always support Layer 2 Static Routing IPv6 routers are able to advertise their prefixes to neighboring devices This feature can be enabled or suppressed per interface as follows 1 Click Network Administration Route Settings IPv6 Routes Settings Router Advertisement 2 To configure an interface listed in the Router Advertisement Table click Edit 3 Select an interface and enter the following fields ...

Page 224: ...n address information regardless of the setting of this flag Other Stateful Configuration Flag Select this flag to indicate to attached hosts that they should use stateful auto configuration to obtain other non address information Neighbor Solicitation Retransmissions Interval mS Set the interval to determine the time between retransmissions of neighbor solicitation messages to a neighbor when res...

Page 225: ...llowing for the address to be defined on the interface Prefix Address The IPv6 network This argument must be in the form documented in RFC 4293 where the address is specified in hexadecimal using 16 bit values between colons Prefix Length The length of the IPv6 prefix A decimal value that indicates how many of the high order contiguous bits of the address comprise the prefix the network portion of...

Page 226: ...Prefix Status Select one of the following options Onlink Configures the specified prefix as on link Nodes sending traffic to addresses that contain the specified prefix consider the destination to be locally reachable on the link An onlink prefix is inserted into the routing table as a connected prefix L bit set No Onlink Configures the specified prefix as not onlink A no onlink prefix is inserted...

Page 227: ...e attributes including Device configuration Ingress interface Packet contents QoS includes the following features Traffic Classification Classifies each incoming packet as belonging to a specific traffic flow based on the packet contents and or interface The classification is done by an ACL Access Control List and only traffic that meets the ACL criteria is subject to classification Assignment to ...

Page 228: ...alue for an interface click Edit 3 Select a port click its Edit icon and enter the fields Interface Select a port or LAG if required Set Default CoS Enter the default CoS tag value for untagged packets The default CoS tag value is src Queue Scheduling The switch supports eight queues for each interface Queue number eight is the highest priority queue Queue number one is the lowest priority queue T...

Page 229: ...iority all higher queues are also assigned strict priority Conversely if a queue is assigned a WRR weight all lower queues must also have a WRR weight assigned to them In the above case traffic for the strict priority queues is always sent before traffic from the WRR queues Traffic from the WRR queues is forwarded only after the strict priority queues have been emptied The relative portion from ea...

Page 230: ...es of the incoming packets is based on the CoS priority in their VLAN Tags For incoming untagged packets the CoS priority is the default CoS priority assigned to ingress ports By changing CoS to Queue mapping Queue schedule method and bandwidth allocation it is possible to achieve the desired quality of services in a network The mapping of the CoS to Queue is displayed below To map CoS values to e...

Page 231: ... Queue mapping the Queue schedule method and bandwidth allocation it is possible to achieve improved quality of service in a network Non IP packets are always classified to the best effort queue The following displays the mapping where queue 1 is lowest priority To map DSCP to queues 1 Click Network Administration Quality of Service Global Settings DSCP to Queue The DSCP values in the incoming pac...

Page 232: ...tes is defined by the following Committed Information Rate CIR sets the average maximum amount of data allowed to be sent on the egress interface measured in bits per second Committed Burst Shape CBS sets the maximum burst of data that is allowed to be sent even though it is above the CIR This is defined in number of bytes of data To configure bandwidth limitation 1 Click Network Administration Qu...

Page 233: ...voidance algorithm The algorithm breaks up or prevents TCP global synchronization in a congested node where the congestion manifests when multiple sources reduce transmission to the congested node due to packet dropping and increase the transmission again at the same time To configure TCP congestion avoidance 1 Click Network Administration Quality of Service Global Settings TCP Congestion Avoidanc...

Page 234: ...r flow QoS actions are applied to flows by binding the policy maps to the desired ports A policy map and its class maps can be bound to one or more ports but each port is bound with at the most one policy map The following points should be considered An ACL can be configured to one or more class maps regardless of policies A class map can belong to only one policy map When a class map using a sing...

Page 235: ...defined create class maps and associate the ACLs with them in the Class Mapping on page 236 pages 4 Create a policy map in the Policy Class Maps on page 240 pages and associate the policy map with one or more class maps Specify the QoS action if needed for example by assigning a policer to a class map when you associate the class map to the policy a Single Policer Create a policy that associates a...

Page 236: ...ue in the DSCP Mapping on page 236 page Otherwise the action is null because the DSCP value in the packet is rewritten to the original DSCP value set by factory default To set new DSCP values 1 Click Network Administration QoS Mapping DSCP Mapping 2 If the Exceed Action is Out of Profile DSCP in the Policy Class Maps on page 240 page or Exceed Action is Remark DSCP in the Aggregate Policer on page...

Page 237: ...er the parameters Class Map Name Enter the name of a new class map Match ACL Type Enter the criteria that a packet must match in order to belong to the flow defined by the class map The possible options are IP A packet must match either of the IP based ACLs in the class map MAC A packet must match the MAC based ACL in the class map IP and MAC A packet must match the IP based ACL and the MAC based ...

Page 238: ... class maps and to one or more flows An aggregation policer can support class maps from various policies An aggregate policer applies QoS to all its flow s in aggregation regardless of policies and ports An aggregate policer is created in the Aggregated Policer pages An aggregate policer is defined if the policer is to be shared with more than one class Each policer is defined with its own QoS spe...

Page 239: ...on to be performed on incoming packets that exceed the CIR The possible options are None No action is performed on packets exceeding the defined CIR value Drop Packets exceeding the defined CIR value are dropped Remark DSCP The DSCP values of packets exceeding the defined CIR value are rewritten to a value entered in the DSCP Mapping pages Policy Table To create a single policer 1 Create a policy ...

Page 240: ... Policy Name field The class maps in that policy are displayed 3 To add a class map click Edit 4 Select a Class Map from the View By menu click Add and enter the parameters Policy Name Select the policy to which the class map is being added Class Map Name Select an existing class map to be associated with the policy Class maps are created in the Class Mapping pages Action Type Select the action re...

Page 241: ...ode only Select the policer type for the policy The possible options are None No policy is used Single The policer for the policy is a single policer Aggregate The policer for the policy is an aggregate policer Aggregate Policer Available in Layer 2 Mode only If Police Type is Aggregate select a previously defined aggregate policer If Police Type is Single enter the following QoS parameters Ingres...

Page 242: ...t be removed unbound from all those ports to which it is bound To define policy binding 1 Click Network Administration QoS Mapping Policy Binding Previously defined policy bindings are displayed 2 To bind a policy to an interface click Add 3 Select the interface type of the interface assigned to the policy Port or LAG 4 Select the interface assigned to the policy 5 Select the Policy Name to be act...

Page 243: ...Bytes Number of out of profile bytes received 2 Click Edit Add to add a new counter that applies to another policy class map 3 Enter the fields Interface Type Select either the port or LAG interface type Interface Select the interface for which the counter is defined Policy Class Map Name Select a policy class map pair Aggregated Policer To view aggregated policer statistics 1 Click Network Admini...

Page 244: ...reviously defined counters are displayed Counter Set Number of counter Port Number of port Queue Number of queue Total Packets Number of packets forwarded or tail dropped Tail Drop Packets Percentage of packets that were tail dropped 2 To add a new counter click Add and enter the fields Counter Set Select the counter set The possible options are Set 1 Displays the statistics that contains all inte...

Page 245: ...tion DAI ACL and ACE Dot1x Authentications This section describes Dot1x authentication It contains the following topics Port Based Authentication Overview Dot1x Overview Port Based Authentication Global Port Based Authentication Interface Settings Host Authentication Port Authentication Users Port Based Authentication Overview Port based authentication enables authenticating system users on a per ...

Page 246: ...RADIUS servers Dot1x Overview Dot1x is an IEEE standard for port based network access control The Dot1x framework enables a device the supplicant to request port access from a remote device authenticator to which it is connected The supplicant is permitted to send data to the port only after it is authenticated and authorized If it is not authenticated and authorized the authenticator discards the...

Page 247: ...lso referred to as RADIUS VLAN Assignment in this guide When a port is in Multiple Session mode and is DVA enabled the switch automatically adds the port as an untagged member of the VLAN that is assigned by the RADIUS server during the authentication process The switch classifies all the untagged packets from an authenticated device to the VLAN assigned to the device For a device to be authentica...

Page 248: ...t VLAN must be defined The port must be Guest VLAN enabled The packets from the first supplicant at the port before it is authorized must be untagged You can configure a port to use Dot1x only MAC based only or Dot1x and MAC based authentication If a port is configured to use both Dot1x and MAC based authentication a Dot1x supplicant has precedence over a non Dot1x device The Dot1x supplicant pree...

Page 249: ...ed as both the Voice VLAN and an unauthenticated VLAN The switch also uses the Guest VLAN for authentication at ports configured with Multiple Session mode and MAC based authentication Therefore you must configure a Guest VLAN before you can use the MAC based authentication mode For authentication to function it must be activated both globally in the Port Based Authentication Global page and indiv...

Page 250: ... TCAM the system can either reject disable or allow enable successful authentication Port Based Authentication Interface Settings To configure 802 1x authentication on an interface 1 Click Network Administration Security Dot1 Authentications Port Based Authentication Interface Settings Port parameters for the selected device are displayed 2 Click Edit 3 Select a port for which the authentication p...

Page 251: ...ss Only eight MAC based authentications can be used on the port 802 1x MAC Both 802 1X and MAC based authentication are performed on the switch The 802 1X authentication takes precedence NOTE To enable authentication according to MAC Only or 802 1x MAC the Enable Reauthentication field must be enabled ahead of time Therefore to use these methods do a Set authentication type to 802 1x Only b Enable...

Page 252: ...rts remain unauthenticated VLAN and Guest VLAN members Static VLAN configuration is not applied to the port The following list of VLANs cannot participate in DVA an Unauthenticated VLAN a Dynamic VLAN that was created by GVRP a Voice VLAN a Default VLAN and a Guest VLAN Delete the supplicant VLAN while the supplicant is logged in The supplicant is authorized during the next re authentication if th...

Page 253: ...ax EAP Requests 1 10 Enter the maximum number of EAP requests that can be sent If a response is not received after the defined period supplicant timeout the authentication process is restarted Host Authentication Use the Host Authentication page to define the authentication mode on the port and the action to perform if a violation is detected To view ports and their authentication information 1 Cl...

Page 254: ...ust be authorized and then the port is wide open for all who want to access the network If the host authentication fails or an EAPOL logoff message is received all attached clients are denied access to the network Multiple Session A number of specific authorized hosts may access the port Each host is treated as if it was the first and only user and must be authenticated Filtering is based on the s...

Page 255: ... RADIUS server MAC Address Displays the supplicant MAC address MAC Address MAC address of user who attempted to be authenticated VLAN VLAN assigned to the user Filter Filter that was applied to the user by receiving the policy ACL name from the RADIUS server Dynamic ACL Assignment Storm Control Configuration When Broadcast Multicast or unknown Unicast frames are received they are duplicated and a ...

Page 256: ...towards the bandwidth threshold Broadcast Rate Threshold 3500 1000000 Enter the maximum rate Kbits sec at which unknown packets are forwarded Port Security Network security can be enhanced by limiting access on a port to users with specific MAC addresses The MAC addresses can be dynamically learned or they can be statically configured Port security has the following modes Classic Lock Locked port ...

Page 257: ...Ports or LAGs 3 Select an interface and click its Edit icon 4 The following fields are displayed Interface Displays the selected interface Current Port Status Displays the current port status 5 When the port is unlocked Set Port Unlocked enter the following fields Learning Mode The possible options are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked rega...

Page 258: ...the port Ports remain shut down until they are reactivated or the device is reset Trap Enable disable traps being sent when a packet is received on a locked port Trap Frequency 1 1000000 Enter the amount of time in seconds between traps 10 Click OK The feature is operational on the interface Dynamic ARP Inspection DAI This section describes dynamic ARP inspection It contains the following topics O...

Page 259: ...mpares the packet s source MAC address in the Ethernet header against the sender s MAC address in the ARP request This check is performed on both ARP requests and responses Destination MAC Compares the packet s destination MAC address in the Ethernet header against the destination interface s MAC address This check is performed for ARP responses IP Addresses Compares the ARP body for invalid and u...

Page 260: ... it click Edit Add and enter the fields List Name Create and enter a list name IP Address Enter the IP address that will be mapped to the MAC address entered below MAC Address Enter the MAC address that will be mapped to the IP address entered above DAI Entries To add additional addresses to the lists defined in the DAI List page 1 Click Network Administration Security Dynamic ARP Inspection DAI D...

Page 261: ...lect a List Name to be associated with the VLAN Trusted Interfaces Interfaces are untrusted if the packet is received from an interface outside the network or from an interface beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall To configure an interface to be trusted 1 Click Network Administration Security Dynamic ARP Inspection DAI ...

Page 262: ... number 20 can receive TCP packets however if a UDP packet is received the packet is dropped ACLs are composed of Access Control Entries ACEs that are rules that determine traffic classifications Each ACE is a single rule and up to 256 rules may be defined on each ACL and up to 3000 rules globally Rules are not only used for user configuration purposes they are also used for features like DHCP Sno...

Page 263: ...ress from which packets have arrived to this source address In addition to the Source MAC address you can enter a Wildcard Mask that specifies which bits in the source address are used for matching and which bits are ignored A wildcard of 00 00 00 00 00 00 means the bits must be matched exactly ff ff ff ff ff ff means the bits are irrelevant Any combination of 0s and ffs can be used Dest MAC Addre...

Page 264: ...that meet the ACL criteria and disable the port to which the packet was addressed Logging of Dropped Packets Check to activate logging of dropped packets IPv4 Based ACLs To define an IPv4 based ACL 1 Click Network Administration Security ACL and ACE IPv4 Based ACL The previously defined IPv4 ACLs are displayed 2 To add a new ACL click Edit Add 3 Enter the name of the new ACL Names are case sensiti...

Page 265: ...s tunnel intranets occur the internet and provides an alternative to source routing TCP Transmission Control Protocol TCP Enables two hosts to communicate and exchange data streams TCP guarantees packet delivery and guarantees that packets are transmitted and received in the order they are sent EGP Exterior Gateway Protocol EGP Permits exchanging routing information between two neighboring gateway...

Page 266: ...s to operate Virtual Private Networks VPNs IPIP IP over IP IPinIP Encapsulates IP packets to create tunnels between two routers This ensures that the IPIP tunnel appears as a single interface rather than several separate interfaces IPIP enables tunnel intranets occur the internet and provides an alternative to source routing PIM Matches the packet to Protocol Independent Multicast PIM L2TP Matches...

Page 267: ...MAC address you can enter a mask that specifies which bits in the source address are used for matching and which bits are ignored A wildcard of 0 0 0 0 means the bits must be matched exactly in addition to the IP destination address ff ff ff ff means the bits are irrelevant Any combination of 0s and ffs can be used Any Check to indicate that the destination address is not matched TCP Flags To use ...

Page 268: ...cedence value IP precedence enables marking frames that exceed the CIR threshold In a congested network frames containing a higher DP value are discarded before frames with a lower DP value If this field is checked enter a value to be matched Time Range Name Check to associate a time range with the ACE Select one of the time ranges defined in the Time Range Configuration page Action Select the ACL...

Page 269: ...efined ACL for which a rule is being created 4 Enter the following fields New Rule Priority Enter the ACE priority that determines which ACE is matched to a packet based on a first match Protocol Select from List Select to create an ACE based on a specific protocol The following options are available ICMP Internet Control Message Protocol ICMP The ICMP allows the gateway or destination host to com...

Page 270: ...t are compared The following options are available Prefix Length The number of bits that comprise the destination IP address prefix of the subnetwork Any Check to indicate that the destination address is not matched TCP Flags To use TCP flags check the TCP Flag checkbox and then check the desired flag s ICMP Specifies an ICMP message type for filtering ICMP packets This field is available only whe...

Page 271: ...iteria Shutdown Drops packet that meet the ACL criteria and disables the port to which the packet was addressed Logging of Dropped Packets Check to activate logging of dropped packets ACL Binding When an ACL is bound to an interface all the rules that have been defined for the ACL are applied to that interface Whenever an ACL is assigned on a port or LAG flows from that ingress or egress interface...

Page 272: ...f you select this select an ACL of this type from the drop down menu to bind to the interface You can select one of each type MAC based ACL IPv4 based ACL or IPv6 based ACL or one IPv4 based ACL and one IPv6 based ACL Proprietary Protocol Filtering Protocol filters are used to disallow receiving specific proprietary protocol packets through an interface These can be enabled for specific ports If a...

Page 273: ...pes of time ranges Absolute This type of time range begins on a specific date or immediately and ends on a specific date or extends infinitely It is created in the Time Range Configuration page A recurring element can be added to it Recurring This is a time range element that is added to an absolute range and begins and ends on a recurring basis It is defined in the Time Range Recurrence pages If ...

Page 274: ... Click Network Administration Security ACL and ACE Time Range The existing Time Ranges are displayed 2 To add a new time range click Edit Add 3 Enter the name of the time range in the Time Range Name field 4 Define the Absolute Start time To begin the Time Range immediately click Immediate To determine at what time in the future the Time Range will begin enter values in the Date and Time fields 5 ...

Page 275: ...rt and Absolute End fields are displayed 4 Check if the recurrence is Daily or Weekly in Recurrence type 5 If the recurrence is Daily enter Start Time Select the time on which the time range starts End Time Select the time on which the time range ends Weekday Select the day of the week on which the time range occurs 6 If the recurrence is Weekly enter Start Select the Day of the Week and Time on w...

Page 276: ...276 Network Administration Security FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Network_Admin_Security fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 277: ...SNMP Global Parameters View Settings Access Control User Security Model Communities Notification Filter Notification Recipients SNMP Overview The switch supports the SNMPv1 SNMPv2 and SNMPv3 SNMP v1 and v2 The SNMP agent maintains a list of variables that are used to manage the switch These variables are stored in the Management Information Base MIB from which they may be presented The SNMP agent ...

Page 278: ...thentication Timeliness Protects against message delay or message redundancy The SNMP agent compares incoming message to the message time information Key Management Defines key generation updates and use The switch supports SNMP notification filters based on Object IDs OIDs which are used by the system to manage switch features Authentication or Privacy Keys are modified in the User Security Model...

Page 279: ... one with authentication and one with privacy must be created A group is a label for a combination of attributes that determines whether members have read write and or notify privileges Users can be associated with a group A group is operational only when it is associated with an SNMP user SNMP Global Parameters The Engine ID is used by SNMPv3 entities to uniquely identify themselves Both a remote...

Page 280: ...4 Fifth octet Set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device User Defined Enter the engine ID below Local Engine ID Check and enter the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined before SN...

Page 281: ... Access Control pages To add a new SNMP view 1 Click Switch Management SNMP Monitoring View Settings 2 Select a view name from the View By filter menu Its subtrees are displayed 3 To remove a subtree from an SNMP view select the checkbox next to the subtree and click Delete The subtrees of the default views Default DefaultSuper cannot be changed 4 To add a new view click Edit on View Settings and ...

Page 282: ...splayed 2 To add a new group click Edit Add and enter the fields Group Name Enter a group name Security Model Select the SNMP version of the group Security Level Select the security level attached to the group Security levels apply to SNMPv3 only The possible options are No Authentication Neither authentication nor the privacy security levels are assigned to the group No Priv Does not encrypt SNMP...

Page 283: ... not saved This means that if you configure another device with this configuration file you must define the SNMP communities users on that device To create an SNMP V3 user and assign it to a group and view 1 Click Switch Management SNMP Monitoring User Security Model The currently defined users and their groups are displayed 2 To add a user click Edit Add and enter the fields User Name 1 30 Charac...

Page 284: ...ss rights of a community can be read only read write or SNMP Admin In addition you can restrict access to the community to only certain MIB objects using a view Views are defined in the Views Setting pages Advanced Table Access rights to a community are assigned to a group that consists of users A group can have Read Write and Notify access to views Groups are defined in the Access Control pages T...

Page 285: ...cted community Access Mode If Basic is selected specify the access rights of the community The possible options are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community Access Mode Select either SNMP Admin in which the user has access...

Page 286: ...e SNMPv1 2 Notification Recipients pages To add a notification filter 1 Click Switch Management SNMP Monitoring Notification Filter 2 Click Edit and select Settings Icon for the New Filter configuration page 3 Enter the Filter Name of the new filter and save it 4 To configure the notification filter click Edit 5 Select the filter in the Filter Name list 6 Click Edit 7 Click New Object ID Subtree a...

Page 287: ...of an informational nature and are called informs instead of traps To add notification recipients and attach them to notification filters 1 Click Switch Management SNMP Monitoring Notification Recipients The previously defined notification recipients are displayed 2 Click Edit Add and enter the fields Supported IP Format Select whether the IPv4 or IPv6 format is supported IPv6 Address Type When th...

Page 288: ...The means by which the packet is authenticated The possible options are No Authentication The packet is neither authenticated nor encrypted Authentication The packet is authenticated Privacy The packet is both authenticated and encrypted 3 Enter the fields for all versions of SNMP UDP Port 1 65535 The UDP port used to send notifications The default is 162 Filter Name Select an SNMP filter from a l...

Page 289: ... Membership Multicast TV VLAN Mapping Overview Multicast forwarding enables a single packet to be forwarded to multiple destinations Layer 2 Multicast service is based on a Layer 2 device receiving a single packet addressed to a specific Multicast address Multicast forwarding creates copies of the packet and transmits the packets to the relevant ports There are two types of Multicast groups Regist...

Page 290: ...ilters enable forwarding of Layer 2 packets to a subset of ports instead of to all ports IGMP Snooping When IGMP Snooping is enabled globally all IGMP reports and queries are forwarded to the CPU The CPU analyzes the incoming packets and determines Which ports has hosts that want to join which Multicast groups Which ports have Multicast routers generating IGMP queries What routing protocols are fo...

Page 291: ...located This knowledge is used to exclude irrelevant ports ports on which no stations have registered to receive a specific Multicast group from the forwarding set of an incoming Multicast frame If you enable MLD snooping in addition to the manually configured Multicast groups the result is a union of the Multicast groups and port memberships derived from the manual setup and the dynamic discovery...

Page 292: ...ess Multicast Group The Multicast Group page displays the ports and LAGs attached to a Multicast service group and the manner in which the port or LAG joined it To add a Multicast group 1 Click Network Administration Multicast Multicast Group The ports and LAGs in the selected Multicast Group are displayed 2 To add a new Multicast group click Edit Add and enter the fields IP Format Select whether ...

Page 293: ...e forwarded to ports based on IGMP Snooping and MLD snooping If Bridge Multicast Filtering is disabled all Multicast packets are flooded to the corresponding VLAN You can statically manually configure a port to Forward All if the devices connecting to the port do not support IGMP and or MLD or the port is connected to a neighboring Multicast router switch Multicast packets excluding IGMP and MLD m...

Page 294: ...GMP Snooping is enabled per VLAN the switch forwards Multicast frames to ports that have registered as Multicast clients in the VLAN NOTE The switch supports IGMP Snooping only on static VLANs It does not support IGMP Snooping on dynamic VLANs The IGMP Snooping Querier is used to support a Layer 2 Multicast domain of snooping switches in the absence of a Multicast router for example where Multicas...

Page 295: ...o have losses the Robustness Value may be increased Operational Query Robustness Displays the robustness variable sent by the elected querier Query Interval sec Enter the interval between general queries sent by the querier Operational Query Interval sec The time interval in seconds between general queries sent by the elected querier Query Max Response Interval sec Enter the amount of time in whic...

Page 296: ...rier simulates the behavior of a Multicast router enabling snooping of the Layer 2 Multicast domain even though there is no Multicast router IGMP Querier Version Select the version of IGMP snooping querier to be used Querier Source IP Address Select the IP address of the IGMP Querier Use either the VLAN s IP address or define a unique IP address that will be used as a source address of the querier...

Page 297: ...nitors network traffic to determine which hosts have asked to be sent Multicast traffic The device performs MLD snooping only when MLD snooping and Bridge Multicast filtering are both enabled Operational MLD Snooping Status Displays the current status of MLD Snooping for the selected VLAN MRouter Ports Auto Learn Enable or disable Auto Learn for the Multicast router Query Robustness Enter the robu...

Page 298: ...d reduces the time it takes to block unnecessary MLD traffic sent to a device port MLD Querier Status Enable or disable MLD querier MLD Querier Election Enable or disable MLD election MLD Querier Version Select the MLD querier version Unregistered Multicast Multicast frames are generally forwarded to all ports in the VLAN If IGMP Snooping is enabled the device learns about the existence of Multica...

Page 299: ...ns Multicast TV VLAN Overview Multicast TV VLAN Membership Multicast TV VLAN Mapping Multicast TV VLAN Overview The Multicast TV VLAN feature provides the ability to supply Multicast transmissions to Layer 2 isolated subscribers without replicating the Multicast transmissions for all subscriber VLANs The subscribers are the only receivers of the Multicast transmissions A Multicast TV VLAN can be d...

Page 300: ...lways untagged The acceptable frame type of the port is set to Admit Untagged Only Multicast TV VLAN Membership To view Multicast TV VLANs Click Network Administration Multicast Multicast TV VLAN Membership The receiver and source ports in the selected TV VLAN are displayed Multicast TV VLAN Mapping To set the Multicast Group IP address for a TV VLAN 1 Click Network Administration Multicast Multic...

Page 301: ...he following topics DHCP Snooping DHCP Relay DHCP Snooping This section describes DHCP Snooping It contains the following sections Overview DHCP Snooping Global Settings VLAN Settings Trusted Interfaces Binding Database Overview DHCP snooping expands network security by providing layer security between untrusted interfaces and DHCP servers By enabling DHCP snooping network administrators can diffe...

Page 302: ...ins the untrusted interfaces MAC address IP address Lease Time VLAN ID and interface information Table 18 1 describes how DHCP packets are handled when DHCP snooping is enabled on an interface Table 18 1 DHCP Packet Handling when DHCP Snooping is Enabled Packet Type Arriving from Untrusted Ingress Interface Arriving from Trusted Ingress Interface DHCPDISCOVER Forward to trusted interfaces only For...

Page 303: ... writes changes to the binding database only when the switch system clock is synchronized with SNTP The switch does not update the Binding database when a station moves to another interface DHCPDECLINE Check if there is information in the database If the information exists and does not match the interface on which the message was received the packet is filtered Otherwise the packet is forwarded to...

Page 304: ...al Settings 2 Click Edit Settings Icon 3 Enable disable DHCP snooping on the device in the DHCP Snooping Status field 4 If DHCP snooping is enabled enter the fields Option 82 Passthrough Enable disable whether to forward enable or filter disable DHCP packets received from untrusted interfaces with option 82 information Verify MAC Address Enable disable MAC addresses verification This determines wh...

Page 305: ...Trusted Interfaces A list of the interfaces is displayed 2 Select to display either Ports or LAGs 3 Click Edit 4 To change the trust status of an interface select the interface click its Edit icon and enter the fields Trust Status Enable disable DHCP Snooping Trust mode on the selected port or LAG Binding Database Entries in the DHCP Snooping Binding database consist of pairs of MAC IP addresses I...

Page 306: ...the fields Type Select the entry type The possible options are Dynamic IP address was dynamically configured Static IP address was statically configured MAC Address Enter the MAC address to be recorded in the entry VLAN ID Select the VLAN ID to which the IP address is associated in the entry IP Address Enter the IP address to be recorded in the entry Interface Type Select the type and port or LAG ...

Page 307: ... uses the switch s IPv4 address of the interface where the message is received The switch uses the address from the response to determine how to forward the response back to the DHCP client DHCP Relay must be enabled globally and per VLAN Limitations The following limitations exist for DHCP Relay It is not supported on IPv6 It is not relayed to servers on the client s VLAN Packets that have option...

Page 308: ...and DHCP relay can insert option 82 into traversing packets DHCP snooping with option 82 insertion provides transparent Layer 2 relay agent functionality when the DHCP server is on the same VLAN as the clients To enable Option 82 insertion 1 Click Network Administration DHCP Snooping and Relay DHCP Relay Option 82 2 Click Edit 3 Enable disable Option 82 insertion Interface Settings NOTE For DHCP R...

Page 309: ...resses Overview A DHCPv4 server is used to assign IPv4 address and other information to another device DHCP client The DHCPv4 server allocates IPv4 addresses from a user defined pool of IPv4 addresses These can be in the following modes Static Allocation The hardware address or client identifier of a host is manually mapped to an IP address This is done in the Static Hosts page Dynamic Allocation ...

Page 310: ...g the DHCP Server Feature To configure the device as a DHCPv4 server 1 Enable the device as a DHCP server using the DHCP Server Properties page 2 If there are any IP addresses that you do not want to be assigned configure them using the Static Hosts page 3 Define the DHCP server and up to 8 network pools using the Network Pool page 4 Configure clients that will be assigned a permanent IP address u...

Page 311: ...er allocates an IP address according to the following Directly Attached Client The device allocates an address from the network pool whose subnet matches the subnet configured on the device s IP interface from which the DHCP request was received If the message arrived directly not via DHCP Relay the pool is a Local pool and belongs to one of IP subnets defined on the input layer 2 interface In thi...

Page 312: ...ss in the range of the network pool Address Pool End Enter the last IP address in the range of the network pool Lease Duration Enter the amount of time a DHCP client can use an IP address from this pool You can configure a lease duration of up to 49 710 days or an infinite duration Days The duration of the lease in number of days The range is 0 to 49710 days Hours The number of hours in the lease ...

Page 313: ...ry p node M node is typically not the best choice for larger networks because its preference for b node Broadcasts increases network traffic Hybrid A hybrid combination of b node and p node is used When configured to use h node a computer always tries p node first and uses b node only if p node fails This is the default SNTP Server Enter the IP address of the time server for the DHCP client This i...

Page 314: ...the static host using a standard set of ASCII characters The client name must not include the domain name 3 Enter the Static Hosts Options fields Default Router Enter the default router for the static host This is DHCP option 3 Domain Name Server Select one of the devices DNS servers if already configured or select Other and enter the IP address of the DNS server available to the DHCP client This ...

Page 315: ...he TFTP SCP server from which the configuration file is downloaded This is DHCP option siaddr Next Server Name Enter the name of the TFTP SCP server This is DHCP option 66 Image File Name file Option 67 Enter the name of the file that is used as a configuration file This is DHCP option 67 Address Binding Use the Address Binding page to view and remove the IP addresses allocated by the device and t...

Page 316: ...ther IP address 2 Click Delete The Running Configuration file is updated Excluded Addresses By default the DHCP server assumes that all pool addresses in a pool may be assigned to clients A single IP address or a range of IP addresses can be excluded The excluded addresses are excluded from all DHCP pools To define an excluded address range Click Network Administration DHCP Server Excluded Address...

Page 317: ...g topics Overview Global Settings Interface Settings Link Layer Discovery Protocol LLDP Ethernet Details Overview Energy Efficient Ethernet EEE is a name of a set of features that are designed to reduce the power consumption of a device and so make it environmentally friendly This feature reduces overall power usage in the following ways When using EEE systems on both sides of the link can disable...

Page 318: ...vings and current power consumption in Short Reach mode can be monitored The total amount of saved energy can be viewed as a percentage of the power that would have been consumed by the physical interfaces had they not been running in EEE mode To configure Energy Efficient Ethernet EEE global settings 1 Click Network Administration Power Management Green Ethernet Global Settings 2 Click Edit and e...

Page 319: ...the link Short Reach Oper Displays the operational status of Short Reach mode Fault Reason Reason if the operational mode is different than the administrative mode Energy Detect Oper Displays the operational status of Energy Detect mode Fault Reason Reason if the operational mode is different than the administrative mode Cable Length Meter Indicates the length of the cable Link Layer Discovery Pro...

Page 320: ...efore transmission of data following Low Power Idle LPI mode Remote Tx Timer μsec Indicates the local link partner s reflection of the remote link partner s Tx value Remote Rx Timer μsec Indicates the local link partner s reflection of the remote link partner s Rx value Power Over Ethernet PoE This section is only valid for devices supporting PoE It describes how to configure PoE and covers the fo...

Page 321: ... below the threshold Interface Settings To configure PoE settings on an interface 1 Click Network Administration Power Management Power Over Ethernet PoE Interface Settings 2 Select a port click Edit and enter the fields Port Displays the port being configured PoE Admin Status Enable or disable PoE on the port Select one of the following options Auto Enables the Device Discovery protocol and provi...

Page 322: ...a description used to identify this interface as a power device Overload Counter Displays the total number of power overload occurrences Short Counter Displays the total number of power shortage occurrences Denied Counter Displays number of times the powered device was denied power Absent Counter Displays the number of times that power was stopped to the powered device because the powered device w...

Page 323: ...low sampling technology based on sFlow V5 This sampling technology is embedded within switches and routers It provides the ability to continuously monitor traffic flows on some or all the interfaces simultaneously The sFlow monitoring system consists of an sFlow agent embedded in a switch or router or in a stand alone probe and a central data collector known as the sFlow receiver The sFlow agent u...

Page 324: ...iver Settings page for this 2 Enable flow and or counter sampling direct the samples to a receiving interface and configure the average sampling rate Use the sFlow Interface Settings pages for this 3 View and clear the sFlow statistics counters Use the sFlow Statistics page for this sFlow Receiver Settings To set the sFlow receiver parameters 1 Click Network Administration sFlow sFlow Receivers Se...

Page 325: ...ollect the sFlow information 1 Click Network Administration sFlow sFlow Interface Settings The sflow interface settings are displayed 2 To associate an sFlow receiver with a port click Edit Add and enter the fields Interface Type Displays the interface type which is Port Interface Select the port from which information is collected Flow Sampling Enable disable flow sampling Flow sampling cannot be...

Page 326: ...ne of the indices that was defined in these sFlow Receiver Settings pages sFlow Statistics To view sFlow statistics 1 Click Network Administration sFlow sFlow Statistics The following sflow statistics per interface are displayed Interface Port for which sample was collected Packets Sampled Number of packets sampled Datagrams Sent to Receiver Number of sFlow sampling packets sent 2 Click Edit Clear...

Page 327: ...n provides some general information for using the CLI Command Mode Overview The CLI is divided into command modes each with a specific command set Entering a question mark at the terminal prompt displays a list of commands available for that particular command mode In each mode a specific command is used to navigate from one mode to another These modes are described below User EXEC Mode During CLI...

Page 328: ...ompt To enter the next level Privileged EXEC mode a password is required if configured Privileged EXEC Mode Privileged EXEC mode provides access to the device global configuration Privileged access can be protected to prevent unauthorized access and to secure operating parameters Passwords are displayed on the screen and are case sensitive NOTE The enable command is only necessary if you login wit...

Page 329: ...guration mode at the Privileged EXEC Mode prompt type configure and press Enter The Global Configuration mode displays as the device host name followed by config and the pound sign To list the Global Configuration commands enter a question mark at the command prompt The following example illustrates how to access Global Configuration mode and return back to the Privileged EXEC mode Interface Confi...

Page 330: ...console config if sntp client enable console configure console config interface gi0 1 console config if sntp client enable console config if do show sntp configuration Button Description In a command line square brackets indicate an optional entry In a command line curly brackets indicate a mandatory parameter A selection of mandatory parameters is separated by the or character One option must be ...

Page 331: ...k local address Specifies the IPv6 Link Local address interface id port type port number port channel po port channel number tunnel tu tunnel number vlan vlan id If the egress interface is not specified the default interface is selected The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address o...

Page 332: ...C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Using_CLI fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ipv6_address Refers to the IPv6 address on the single interface on which an IPv6 address is defined ...

Page 333: ...rs interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel Default Configuration All counters are cleared Command Mode Privileged EXEC mode Example The following example clears the statistics counters for te0 1 console clear counters te0 1 clear logging Use the clear logging Privileged EXEC mode command to clea...

Page 334: ...al logging buffer console clear logging Clear Logging Buffer Y N N configure The configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure terminal Parameters terminal Enter the Global Configuration mode with or without the keyword terminal Command Mode Privileged EXEC mode Example The following example enters Global Configuration mode console configure copy The ...

Page 335: ...Image file If specified as the source file it is the active image file If specified as the destination file it is the non active image file boot Boot file tftp Source or destination URL for a TFTP network server The syntax for this alias is tftp host directory filename The host can be either an IP address or a host name null Null destination for copies or files A remote file can be copied to null ...

Page 336: ...d by the system when copy is being run Various Copy Options Guidelines Copying an Image File from a Server to Flash Memory Use the copy source url flash image command to copy an image file from a server to flash memory When the administrator copies an image file from the server to a device the image file is saved to the inactive image To use this image the administrator must switch the inactive im...

Page 337: ...artup config command to copy a configuration file from a network server to the device startup configuration file The startup configuration file is replaced by the copied configuration file Storing the Running Config or Startup Config on a Server Use the copy running config destination url command to copy the current configuration file to a network server using TFTP Use the copy startup config dest...

Page 338: ...figuration mode command generates a self signed certificate for HTTPS Syntax crypto certificate number generate key generate length cn common name ou organization unit or organization loc location st state cu country duration days Parameters number Specifies the certificate number Range 1 2 key generate length Regenerates SSL RSA key and specifies the SSL s RSA key length Range 512 2048 The follow...

Page 339: ...e s lowest static IPv6 address when the certificate is generated or to the device s lowest static IPv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address If duration days is not specified it defaults to 365 days Command Mode Global Configuration mode User Guidelines If the RSA key does not exist you must use the parameter key generate If both certificates 1 a...

Page 340: ...arameters number Specifies the certificate number Range 1 2 Default Configuration N A Command Mode Global Configuration mode User Guidelines To end the session return to the command line to enter the next command enter a blank line The imported certificate must be based on a certificate request created by the crypto certificate request command If only the certificate is imported and the public key...

Page 341: ...wCAYDVQQKEwEgMQowCAYDVQQ LEwEg MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK beogIcke73sBSL7tC2 DMZrY OOg9XM1AxfOiqLlQJHd4xP BHGZWwfkjKjUDBpZn52LxdDu1KrpB h0 TZP 0Fv38 7mIDqtnoF1NLsWxkVKRM5LPka0L ha1pYxp7EWAt5iDBzSw5sO4lv0bSN7o aGjFA 6t4SW2rrnDy8JbwjWQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAuqYQiNJ st6hI XFDxe7I8Od3Uyt3Dmf7KE AmUV0Pif2yUluy RuxRwKhDp lGrK12tzLQz s5Ox7 Klft IcjzbBYXLvih45ASWG3TRv2WVKyWs89rPPX...

Page 342: ...oGp0pxOv DA9ENYl7qsZ MWmCfXu52 IxC7fD8FWxEBtks4V81Xqa7K6ET657xS7m8yTJFLZJyVawGXK nIUs6uTzhhW dKWWc0e vwMgPtLlWyxWynnaP0fAJ PawOAdsK75bo79NBim3HcNVXhWNzq fg2s3AYCRBx WuGoazpxHZ0s4 7swmNZtS0xI4ek43d7RaoedGKljhPqLHuzXHUon7Zx15C UtP3sbHl XI B3u4EEcEngYMewy5obn1vnFSot d5JHuRwzEaRAIKfbHa34alVJaN 2AMCb 0hpI3IkreYo A8Lk6UMOuIQaMnhYf RyPXhPOQs01PpIPHKBGTi6pj39XMviyRXvSpn5 eI YPhve5jYaEn UeOnVZRhNCVnruJAYXS...

Page 343: ...xe7I8Od3Uyt3Dmf7KE AmUV0Pif2yUluy RuxRwKhDp lGrK12tzLQz s5Ox7 Klft IcjzbBYXLvih45ASWG3TRv2WVKyWs89rPPXu5hKxggEeTvWqpuS gX rIqjW WVZd0n1fXhMacoflgnnEmweIzmrqXBs END CERTIFICATE Certificate imported successfully Issued by C ST L CN 0 0 0 0 O OU Valid From Jan 24 18 41 24 2011 GMT Valid to Jan 24 18 41 24 2012 GMT Subject C US ST L CN router gm com O General Motors OU SHA1 Finger print DC789788 DC88A...

Page 344: ...he state or province name Length 1 64 characters cu country Specifies the country name Length 2 characters Default Configuration If cn common name is not specified it defaults to the device s lowest static IPv6 address when the certificate is generated or to the device s lowest static IPv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address Command Mode Privil...

Page 345: ... DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8e cwQ HdML0831i0fh F0MV Kib6Sz5p 3nUUenbfHp igVPmFM 1nbqTDekb2ymC u6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wzDLvW2rsy5NPmH1QVl 8Ubx3G yCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNA QkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05 m 2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEip cZa g uNpyTkDt3ZVU72p...

Page 346: ...ing to factory defaults automatically deletes the default keys and they are recreated during device initialization This command is not saved in the Running configuration file However the keys generated by this command are saved in a private configuration which is never displayed to the user or backed up to another device See Keys and Certificates for information on how to display and copy this key...

Page 347: ...has RSA keys a warning is displayed with a prompt to replace the existing keys with new keys See Keys and Certificates for information on how to display and copy this key pair Example The following example generates RSA key pairs where a RSA key already exists console config crypto key generate rsa Replace Existing RSA Key y n N console config crypto key import The crypto key import Global Configu...

Page 348: ...BEGIN SSH2 ENCRYPTED PRIVATE KEY Comment RSA Private Key 84et9C2XUfcRlpemuGINAygnLwfkKJcDM6m2OReALHScqqLhi0wMSSYNlT1IWFZP1k Fpt1aECZi7HfGLcp1pMZwjn1 HaXBtQjPDiEtbpScXqrg6ml1 OEnwpFK2TrmUy0Ii E mMfX3i 2rRZLkEBea5jrA6Q62gl5naRw1ZkOges GNeibtvZYSk1jzr56LUr6fT7 KMcU2b2NsuSD5yW8R x0CW2elqDDz biA2gSgd6FfnW2HV48bTC55eCKrsId2MmjbE RQRhzjcGMBYp6HzkD66z8HmShOU hKd7M1K9U4Sr Pr1vyWUJlEkOgz9O6aZoIGp4 VDy K G s...

Page 349: ...Nk6y33LcuKjIxpNNjK9n9KzRPkGNMFObprfenWKteDftjQ END SSH2 PRIVATE KEY BEGIN SSH2 PUBLIC KEY Comment RSA Public Key AAAAB3NzaC1yc2EAAAABIwAAAIEAvRHsKry6NKMKymb yWEp9042vupLvYVq3ngt1s OcdK 2nw7lCQguy1mLsX8 bKMXYSk 3aBEvaoJQ82 r nRf0y3HTy4Wp9zV0SiVC8j 7t0aHejzfUhr0FRhWWcLnvYwr nmrYDpS6FADMC2hVA85KZRye9ifxT7otE END SSH2 PUBLIC KEY debug mode The debug mode Privileged EXEC mode command mode switches to d...

Page 350: ...leted Length 1 160 characters Command Mode Privileged EXEC mode User Guidelines The following keywords and URL prefixes are supported flash URL of the FLASH file startup config Startup configuration file WORD Name of file e g backup config sys prv image 1 and image 2 files cannot be deleted Example The following example deletes the file called backup config from the flash memory console delete fla...

Page 351: ...size column for dynamic images specifies the real size in the FLASH occupied by the file console dir Directory of flash File Name Permission Flash Size Data Size Modified image 1 rw 10485760 10485760 01 Jan 2010 06 10 23 image 2 rw 10485760 10485760 01 Jan 2010 05 43 54 dhcpsn prv 262144 01 Jan 2010 05 25 07 syslog1 sys r 524288 01 Jan 2010 05 57 00 syslog2 sys r 524288 01 Jan 2010 05 57 00 direct...

Page 352: ...mple executes the show vlan Privileged EXEC mode command from Global Configuration mode Example console config do show vlan console config Vlan Name Ports Type Authorizat ion 1 1 te0 1 4 Po1 Po2 other Required 2 2 te0 1 dynamicGvrp Required 10 v0010 te0 1 permanent Not Required 11 V0011 te0 1 te0 3 permanent Required 20 20 te0 1 permanent Required 30 30 te0 1 te0 3 permanent Required 31 31 te0 1 p...

Page 353: ...ode command enters the Privileged EXEC mode Syntax enable Parameters N A Default Configuration The default privilege level is 15 Command Mode User EXEC mode Example The following example enters privilege level 15 console enable enter password console Accepted end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Parameters N A ...

Page 354: ...uration modes Example The following example ends the Global Configuration mode session and returns to the Privileged EXEC mode console config end exit EXEC The exit User EXEC mode command closes an active terminal session by logging off the device Syntax exit Parameters N A Default Configuration N A Command Mode User EXEC mode Example The following example closes an active terminal session console...

Page 355: ... to the next higher mode in the CLI mode hierarchy Syntax exit Parameters N A Default Configuration N A Command Mode All configuration modes Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode console config if exit console config exit help The help command displays a brief description of the Help system Syntax help Parameters N A...

Page 356: ...quest is within a command press the Backspace key and erase the entered characters to a point where the request results in a match Help is provided when 1 There is a valid command and a help request is made for entering a parameter or argument e g show All possible parameters or arguments for the entered command are then displayed 2 An abbreviated argument is entered and a help request is made for...

Page 357: ...dress mask prefix length no ip address ip address Parameters ip address Specifies the IP address mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 8 30 default gateway ip address Specifies the default gateway IP address Default Configuration No IP address is de...

Page 358: ...owing example configures 3 overlapped IP addresses console config interface vlan 1 console config if ip address 1 1 1 1 255 0 0 0 console config exit console config interface vlan 2 console config if ip address 1 2 1 1 255 255 0 0 console config This IP address overlaps IP address 1 1 1 1 8 on vlan1 are you sure Y N Y console config exit console config interface vlan 3 console config if ip address...

Page 359: ...efault gateway default route Use the no ip default gateway ip address command to delete one default gateway Use the no ip default gateway command to delete all default gateways Example The following example defines default gateway 192 168 1 1 console config ip default gateway 192 168 1 1 ip https certificate Use the ip https certificate Global Configuration mode command to configure the active cer...

Page 360: ...which is the active certificate Example The following example configures the active certificate for HTTPS console config ip https certificate 2 ip routing To enable IP routing use the ip routing command in global configuration mode To disable IP routing use the no form of this command Syntax ip routing no ip routing Parameters This command has no arguments or keywords Default Configuration IP rout...

Page 361: ...le The following example enables IP routing console config ip routing ip ssh server The ip ssh server Global Configuration mode command enables the device to be an SSH server and so to accept connection requests from remote SSH clients Remote SSH clients can manage the device through the SSH connection Use the no form of this command to disable the SSH server functionality from the device Syntax i...

Page 362: ... an interface Use the no form of this command to stop transmitting LLDP on an interface Syntax lldp transmit no lldp transmit Parameters N A Default Configuration Enabled Command Mode Interface Ethernet Configuration mode console config if User Guidelines LLDP manages LAG ports individually LLDP sends separate advertisements on each port in a LAG LLDP operation on a port is not dependent on the ST...

Page 363: ...an Interface Ethernet Configuration mode interface Syntax lldp receive no lldp receive Parameters N A Default Configuration Enabled Command Mode Interface Ethernet Configuration mode User Guidelines LLDP manages LAG ports individually LLDP data received through LAG ports is stored individually per port LLDP operation on a port is not dependent on the STP state of a port I e LLDP frames are receive...

Page 364: ... is prompted for a username password Syntax login Parameters N A Default Configuration N A Command Mode User EXEC mode Example The following example enters Privileged EXEC mode and logs in with the required username bob console login User Name bob Password console ping Use the ping EXEC mode command to send ICMP echo request packets to another node on the network Syntax ping ip ipv4 address hostna...

Page 365: ...ch part of the host name 58 size packet_size Number of bytes in the packet not including the VLAN tag The default is 64 bytes IPv4 64 1518 IPv6 68 1518 count packet_count Number of packets to send from 1 to 65535 packets The default is 4 packets If 0 is entered it pings until stopped 0 65535 time time out Timeout in milliseconds to wait for each reply from 50 to 65535 milliseconds The default is 2...

Page 366: ...rce keyword is configured and the source address is not an address of the switch the command is halted with an error message and pings are not sent Examples Example 1 Ping an IP address console ping ip 10 1 1 1 Pinging 10 1 1 1 with 64 bytes of data 64 bytes from 10 1 1 1 icmp_seq 0 time 11 ms 64 bytes from 10 1 1 1 icmp_seq 1 time 8 ms 64 bytes from 10 1 1 1 icmp_seq 2 time 8 ms 64 bytes from 10 ...

Page 367: ... 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 0 12 50 console ping ipv6 FF02 1 Pinging FF02 1 with 64 bytes of data 64 bytes from FF02 1 icmp_seq 1 time 0 ms 64 bytes from FF02 1 icmp_seq 1 time 70 ms 64 bytes from FF02 1 icmp_seq 2 time 0 ms 64 bytes from FF02 1 icmp_seq 1 time 1050 ms 64 bytes from FF02 1 icmp_seq 2 time 70 ms 64 bytes from FF02 1 icmp_seq 2 t...

Page 368: ...Syntax power inline legacy support disable no power inline legacy support disable Parameters N A Default Configuration Legacy support is enabled Command Mode Global Configuration mode Example The following example disables legacy PD support Console config power legacy support disable power inline usage threshold Use the power inline usage threshold Global Configuration mode command to configure th...

Page 369: ...e usage threshold 90 reload The reload Privileged EXEC mode command reloads the operating system at a user specified time Syntax reload in hhh mm mmm at hh mm day month cancel Parameters in hhh mm mmm Schedules a reload of the software to take effect in the specified minutes or hours and minutes The reload must take place within approximately 24 days at hh mm Schedules a reload of the software to ...

Page 370: ...ices to occur simultaneously synchronize the time on each device with SNTP When you specify the reload time using the at keyword if you specify the month and day the reload takes place at the specified time and date If you do not specify the month and day the reload takes place at the specified time on the current day if the specified time is later than the current time or on the next day if the s...

Page 371: ...ple reloads the operating system at 13 00 console reload at 13 00 This command will reset the whole system and disconnect your current session Reload is scheduled for 13 00 00 UTC Fri Apr 21 2012 in 1 hour and 3 minutes Do you want to continue y n Y Example 4 The following example cancels a reload console reload cancel Reload cancelled show bootvar Use the show bootvar EXEC mode command to display...

Page 372: ...nsole show bootvar Image Filename Version Date Status 1 image 1 1 1 0 73 19 Jun 2011 18 10 49 Not active 2 image 2 1 1 0 73 19 Jun 2011 18 10 49 Active designates that the image was selected for the next boot show crypto certificate The show crypto certificate Privileged EXEC mode command displays the device SSL certificates and key pair for both default and user defined keys Syntax show crypto ce...

Page 373: ...yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAE Ew CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD 47 ZvKBAEL9Ggp 6MIIBNgYDVR0fBIIBLTCCASkwgdKggc ggcyGgclsZGFwOi 8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcn Zl END CERTIFICATE Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88...

Page 374: ...lic DSA keys on the device console show crypto key mypubkey dsa BEGIN SSH2 PUBLIC KEY Comment RSA Public Key AAAAB3NzaC1yc2EAAAABIwAAAIEAzN31fu56KSEOZdrGVPIJHpAs8G8NDIkB dqZ2q0QPiKCnLPw0Xsk9tTVKaHZQ5jJbXn81QZpolaPLJIIH3B1cc96D7IFf VkbPbMRbz24dpuWmPVVLUlQy5nCKdDCui5KKVD6zj3gpuhLhMJor7AjAAu5e BrIi2IuwMVJuak5M098 END SSH2 PUBLIC KEY Public Key Fingerprint 6f 93 ca 01 89 6a de 6e ee c5 18 82 b2 10 bc ...

Page 375: ... for all interfaces If detailed is not used only present ports are displayed Command Mode Privileged EXEC mode Example The following example displays traffic seen by all the physical interfaces console show interfaces counters te0 1 Port InUcastPkts InMcastPkts InBcastPkts InOctets te0 1 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets te0 1 0 1 35 7051 Alignment Errors 0 FCS Errors 0...

Page 376: ...integral number of octets in length but do not pass the FCS check Single Collision Frames Number of frames that are involved in a single collision and are subsequently transmitted successfully Multiple Collision Frames Number of frames that are involved in more than one collision and are subsequently transmitted successfully SQE Test Errors Number of times that the SQE TEST ERROR is received The S...

Page 377: ...r non present ports in addition to present ports Command Mode Privileged EXEC mode Default Configuration Display for all interfaces If detailed is not used only present ports are displayed Example The following example displays the status of all configured interfaces Oversize Packets Number of frames received that exceed the maximum permitted frame size Internal MAC Rx Errors Number of frames for ...

Page 378: ...Full 1000 Disabled Off Up Disabled Off te0 2 1G Copper Down Flow Link PO Type Duplex Speed Neg control State Po1 1G Full 10000 Disabled Off Up show ip dhcp tftp server Use the show ip dhcp tftp server EXEC mode command to display information about the backup server Syntax show ip dhcp tftp server Parameters N A Default Configuration N A Command Mode User EXEC mode User Guidelines The backup server...

Page 379: ... Privileged EXEC mode Example The following example displays the HTTPS server configuration console show ip https HTTPS server enabled Port 443 Interactive timeout Follows the HTTP interactive timeout 10 minutes Certificate 1 is active Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certifica...

Page 380: ...es are defined Default Configuration All IP addresses Command Mode User EXEC mode Examples Example 1 The following example displays all configured IP addresses and their types console show ip interface source_precedence_is_supported broadcast_address_configuration_is_supported ip_redirects_is_supported IP Address I F I F Status Type Directed Status admin oper Broadcast 10 5 230 232 24 vlan 1 UP UP...

Page 381: ...show power inline Privileged EXEC mode command to display information about the inline power for all interfaces or for a specific interface This command is only supported on devices that support PoE Syntax show power inline interface id module stack member number Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Default Configuration There is no default co...

Page 382: ...reshold expressed in percent for comparing the measured power and initiating an alarm if threshold is exceeded Traps Indicates if inline power traps are enabled Port The Ethernet port number Powered device A description of the powered device type Admin State Indicates if the port is enabled to provide power The possible values are Auto or Never Priority The port inline power management priority Th...

Page 383: ...s in process Port is off non 802 3af powered device Port is off Overload Underload states Port is off Underload state Port is off Overload state Port is off power budget exceeded Port is off internal hardware fault Port is off voltage injection into the port Port is off improper Capacitor Detection results Port is off discharged load Port fails Capacitor Port is on detection regardless Force On Un...

Page 384: ...nt Static Power Management Static ovl Force Power Error Management Static Force Power Error Management Static ovl High power port is ON Chip Over Power Force Power Error Chip Over Power show power inline consumption Use the show power inline consumption Privileged EXEC mode command to display information about the inline power consumption for all interfaces or for a specific interface This command...

Page 385: ...lay the contents of the currently running configuration file show running config Parameters This command has no arguments or keywords Command Mode Privileged EXEC mode Example The following example displays the running configuration file contents console show running config config file header AA307 02 v1 2 5 76 R750_NIK_1_2_584_002 CLI v1 0 no spanning tree Console show power inline consumption Po...

Page 386: ... 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console show system The show system EXEC mode command displays system information Syntax show system Command Mode User EXEC mode Example console show system System Description System Type System Up Time days hour min sec 03 02 27 46 System Contact System Name switch151400 System Location System MAC Address 00 24 ab 15 14 00 System Object ID 1 ...

Page 387: ...ault this command displays the output of technical support related show commands Use keywords to specify the type of information to be displayed If you do not specify any parameters the system displays all configuration and memory data Command Types Switch command Command Mode User EXEC mode User Guidelines CAUTION Avoid running multiple show tech support commands on a switch or multiple switches ...

Page 388: ...tput of command show bootvar Buffers info like print os buff Memory info like print os mem Proc info like print OS tasks Output of command show cpu utilization show version The show version EXEC mode command displays system version information Syntax show version Command Mode User EXEC mode Example The following example displays system version information console show version SW Version 1 1 0 5 da...

Page 389: ...n name Parameters tag vlan id Specifies a VLAN ID name vlan name Specifies a VLAN name string length 1 32 characters Default Configuration All VLANs are displayed Command Mode Privileged EXEC mode Examples Example 1 The following example displays information for all VLANs console show vlan Created by D Default S Static G GVRP R Radius Assigned VLAN VLAN Name Ports Created by 1 Default te0 1 D 10 M...

Page 390: ...d VLAN Example 3 The following example displays information for the VLAN named Marketing console show vlan name Marketing Created by D Default S Static G GVRP R Radius Assigned VLAN spanning tree Use the spanning tree Global Configuration mode command to enable spanning tree functionality Use the no form of this command to disable the spanning tree functionality Syntax spanning tree no spanning tr...

Page 391: ...form to remove a user name Syntax username name nopassword password unencrypted password encrypted encrypted password no username name Parameters name The name of the user Range 1 20 characters nopassword No password is required for this user to log in password Specifies the password for this username Range 1 64 unencrypted password The authentication password for the user Range 1 159 encrypted en...

Page 392: ... username tom password 1234 vlan Use the vlan VLAN Configuration mode or Global Configuration mode command to create a VLAN and assign it a name if only a single VLAN is being created Use the no form of this command to delete the VLAN s Syntax vlan vlan range vlan id name vlan name no vlan vlan range Parameters vlan range Specifies a list of VLAN IDs Separate nonconsecutive VLAN IDs with a comma a...

Page 393: ... ONLY VLAN Database Configuration mode User Guidelines If the VLAN does not exist it is created If the VLAN cannot be created then the command is finished with error and the current context is not changed Example The following example creates VLAN 1972 which is assigned the name Marketing console config vlan 1972 name Marketing console config exit ...

Page 394: ...y Parameters This command has no arguments or keywords Command Mode Privileged EXEC mode Examples The following example shows how to overwrite the startup config file with the running config file with the write command console write Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 15...

Page 395: ...vice issues 1 Go to dell com support 2 For customized support a Enter your system service tag in the Enter your Service Tag field b Click Submit The support page that lists the various support categories is displayed 3 For general support a Select your product category b Select your product segment c Select your product The support page that lists the various support categories is displayed Locati...

Page 396: ...check for updates on dell com support manuals and read the updates first because they often supersede information in other documents Any media that ships with your system provides documentation and tools for configuring and managing your system including those pertaining to the operating system system management software system updates and system components that you purchased with your system The ...

Page 397: ...Getting Help 397 FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_GettingHelp fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 398: ...398 Getting Help FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_GettingHelp fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 399: ...ria Ingress interfaces Source IP address or Source IP subnets ACL Access Control List Allow network managers to define classification actions and rules for specific ingress ports Aggregated VLAN Groups several VLANs into a single aggregated VLAN Aggregating VLANs enables routers to respond to ARP requests for nodes located on different sub VLANs belonging to the same Super VLAN Routers respond wit...

Page 400: ...plane The main BUS that carries information in the switch module Backup Configuration Files Contains a backup copy of the switch module configuration The Backup file changes when the Running Configuration file or the Startup Configuration file is copied to the Backup file Bandwidth Bandwidth specifies the amount of data that can be transmitted in a fixed amount of time For digital switch modules b...

Page 401: ...ities and forwarding costs Bridge A device that connect two networks Bridges are hardware specific however they are protocol independent Bridges operate at Layer 1 and Layer 2 levels Broadcast Domain Device sets that receive Broadcast frames originating from any device within a designated set Routers bind Broadcast domains because routers do not forward Broadcast frames Broadcasting A method of tr...

Page 402: ...nds used to configure the system Communities Specifies a group of users which retains the same system access rights CPU Central Processing Unit The part of a computer that processes information CPUs are composed of a control unit and an ALU D DHCP Client A device using DHCP to obtain configuration parameters such as a network address DHCP Snooping DHCP Snooping expands network security by providin...

Page 403: ...ured on the RADIUS server E Egress Ports Ports from which network traffic is transmitted End System An end user device on a network Ethernet Ethernet is standardized as per IEEE 802 3 Ethernet is the most common implemented LAN standard Supports data transfer rates of Mpbs where 10 100 or 1000 Mbps is supported EWS Embedded Web Server Provides device management via a standard web browser Embedded ...

Page 404: ...from sending packets Fragment Ethernet packets smaller than 576 bits Frame Packets containing the header and trailer information required by the physical medium G GARP General Attributes Registration Protocol Registers client stations into a Multicast domain Gigabit Ethernet Gigabit Ethernet transmits at 1000 Mbps and is compatible with existing 10 100 Mbps Ethernet standards GVRP GARP VLAN Regist...

Page 405: ...ds IEEE 802 1d Used in the Spanning Tree Protocol IEEE 802 1d supports MAC bridging to avoid network loops IEEE 802 1p Prioritizes network traffic at the data link MAC sublayer IEEE 802 1Q Defines the operation of VLAN Bridges that permit the definition operation and administration of VLANs within Bridged LAN infrastructures IGMP Snooping IGMP Snooping examines IGMP frame contents when they are fo...

Page 406: ...AP is an automatic overlay tunneling mechanism that uses the underlying IPv4 network as a non Broadcast multicast access link layer for IPv6 ISATAP is designed for transporting IPv6 packets within a site where a native IPv6 infrastructure is not yet available L LAG Link Aggregated Group Aggregates ports or VLANs into a single virtual port or VLAN For more information on LAGs see Defining LAG Membe...

Page 407: ...g Enables the even distribution of data or processing packets across available network resources For example load balancing may distribute the incoming packets evenly to all servers or redirect the packets to the next available server M MAC Address Media Access Control Address The MAC Address is a hardware specific address that identifies each network node MAC Address Learning MAC Address Learning...

Page 408: ...ith Crossover MDIX A cable used for hubs and switches MIB Management Information Base MIBs contain information describing specific aspects of network components Multicast Transmits copies of a single packet to multiple ports Multicast TV VLAN Multicast Television Vlan or TV VLAN is used for television applications with a PC or with televisions equipped with a Set Top Box device N NA Neighbor Adver...

Page 409: ...on for transmission in packet switched systems PDU Protocol Data Unit A data unit specified in a layer protocol consisting of protocol control information and layer user data PING Packet Internet Groper Verifies if a specific IP address is available A packet is sent to another IP address and waits for a reply Port Physical ports provide connecting components that allow microprocessors to communica...

Page 410: ...ination addresses Query Extracts information from a database and presents the information for use R RA RADIUS Advertisement RD RADIUS Discovery RS Router Solicitation RADIUS Remote Authentication Dial In User Service A method for authenticating system users and tracking connection time RMON Remote Monitoring Provides network information to be collected from a single workstation Router A device tha...

Page 411: ...tware communicates with network devices with embedded SNMP agents SNMP agents gather network activity and device status information and send the information back to a workstation SNTP Simple Network Time Protocol SNTP assures accurate network switch clock time synchronization up to the millisecond SoC System on a Chip An ASIC that contains an entire system For example a telecom SoC application can...

Page 412: ...ents Switches support any packet protocol type T TCP IP Transmissions Control Protocol Enables two hosts to communicate and exchange data streams TCP guarantees packet delivery and guarantees packets are transmitted and received in the order their sent TCP IP Congestion Avoidance Transmissions Control Protocol Congestion Avoidance The TCP Congestion Avoidance feature activates an algorithm that br...

Page 413: ...vice U UDP User Data Protocol Transmits packets but does not guarantee their delivery Unicast A form of routing that transmits one packet to one user V VLAN Virtual Local Area Networks Logical subgroups with a Local Area Network LAN created via software rather than defining a hardware solution VoIP Voice over IP W WAN Wide Area Networks Networks that cover a large geographical area Wildcard Mask S...

Page 414: ...414 FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_Astute_Glossary fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 415: ...1 FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_AstuteBackCover fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY ...

Page 416: ...2 FILE LOCATION C Users gina Desktop Checkout_new Dell Astute User Guide Dell_AstuteBackCover fm DELL CONFIDENTIAL PRELIMINARY 8 9 16 FOR PROOF ONLY dell com support Printed in the U S A ...

Reviews:

No comments

Related manuals for X1000 Series

KELCO E30 Installation & Programming Manual preview
E30
Brand: KELCO Pages: 41
3Com SuperStack II Important Information preview
SuperStack II
Brand: 3Com Pages: 2
3Com CoreBuilder 5000 Quick Start And Reference preview
CoreBuilder 5000
Brand: 3Com Pages: 16
3Com CoreBuilder 9000 Quick Installation Manual preview
CoreBuilder 9000
Brand: 3Com Pages: 24
Kramer VS-421 User Manual preview
VS-421
Brand: Kramer Pages: 8
Lucent Technologies LambdaUnite MSS Installation Manual preview
LambdaUnite MSS
Brand: Lucent Technologies Pages: 388
DITEC COM500ER Installation Manual preview
COM500ER
Brand: DITEC Pages: 8
UfiSpace S9180-32X Hardware Installation Manual preview
S9180-32X
Brand: UfiSpace Pages: 25
Equip Vision 332702 Manual preview
Vision 332702
Brand: Equip Pages: 10
Crestron CLW-LSWEX-1GD Installation And Operation Manual preview
CLW-LSWEX-1GD
Brand: Crestron Pages: 2
StarTech.com VS123HD User Manual preview
VS123HD
Brand: StarTech.com Pages: 10
E-LINK LNK-IMC208P-SFP Quick Start Manual preview
LNK-IMC208P-SFP
Brand: E-LINK Pages: 6
Maiwe MIEN2208 Series User Manual preview
MIEN2208 Series
Brand: Maiwe Pages: 5
Eaton HOMECT Installation And Setup Manual preview
HOMECT
Brand: Eaton Pages: 5
S&T kontron KSwitch D4 MF User Manual preview
kontron KSwitch D4 MF
Brand: S&T Pages: 100
Pilz PSEN 1.2p-25 Operating Instructions Manual preview
PSEN 1.2p-25
Brand: Pilz Pages: 8
hager EHN010 Installation And Instruction Manual preview
EHN010
Brand: hager Pages: 6
BERNSTEIN CSMS-M-R-H-KA Installation And Operating Instructions Manual preview
CSMS-M-R-H-KA
Brand: BERNSTEIN Pages: 38

Brands by name

Popular brands

Load more brands