Home
/
Enterasys
/
6E2 Series
/
User Manual

Enterasys 6E2 Series, User Manual

Share

Page: 83 / 436

Enterasys 6E2 Series User Manual Download Page 83

EAP (Port) Configuration Screen

Accessing Local Management

3-41

Authentication State
(Cont’d)

•

aborting: The port enters this state from authenticating when any
event occurs that interrupts the login exchange.

•

held: After any login failure, this state is entered where the port
remains for the number of seconds equal to quietPeriod (can be set
using mib).

•

forceAuth: Management has set this in “Port Control”. This allows
normal, unsecured switching on this port.

•

forceUnauth: Management has set this in “Port Control”.
Absolutely no frames are forwarded to or from this port.

Backend State
(Read-Only)

See the current backend state of each port.

The backend state machine controls the protocol interaction between
the authenticator (the switch) and the authentication server (typically a
radius server).

These following seven states are the possible internal states for the
authenticator. Some states are simply pass-through states causing a
small action and immediately moving to a new state. Therefore, you
may not observe all of the states in this interface.

For more detail, please see the IEEE Standard 802.1X-20001, Port
Based Network Access Control.

•

request: The port has received a request from the server and is
waiting for a response from the supplicant.

•

response: The port has received a response from the server and is
waiting for either another request or an accept or reject from the
server.

•

success: The port has received a success from the server. Send a
success to the supplicant and move to idle.

•

fail: The port has received a reject from the server. Send a fail to the
supplicant and move to idle.

•

timeout: The port has timed-out during the authentication exchange.

Table 3-11 EAP Port Configuration Screen Field Descriptions (Continued)

Use this field…

To…

«
...
81
82
83
84
85
...
»

Summary of Contents for 6E2 Series

Page 1: ...Matrix E7 Series and SmartSwitch 6000 Series Modules 6H2xx 6E2xx 6H3xx and 6G3xx Local Management User s Guide 9033528 06...

Page 2: ......

Page 3: ...OR THE INFORMATION CONTAINED IN THEM EVEN IF ENTERASYS NETWORKS HAS BEEN ADVISED OF KNEW OF OR SHOULD HAVE KNOWN OF THE POSSIBILITY OF SUCH DAMAGES Enterasys Networks Inc 50 Minuteman Road Andover MA...

Page 4: ...OF LIABILITY IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT OR ARE NOT AUTHORIZED TO ENTER INTO THIS AGREEMENT ENTERASYS IS UNWILLING TO LICENSE THE PROGRAM TO YOU AND YOU AGREE TO RETURN THE UNOP...

Page 5: ...controls as identified on the U S Commerce Control List or iii if the direct product of the technology is a complete plant or any major component of a plant export to Country Groups D 1 or E 2 the di...

Page 6: ...nd to the Program shall remain with Enterasys and or its suppliers All rights not specifically granted to You shall be reserved to Enterasys 10 ENFORCEMENT You acknowledge and agree that any breach of...

Page 7: ...ents 1 4 1 5 Local Management Keyboard Conventions 1 8 1 6 Getting Help 1 9 2 LOCAL MANAGEMENT REQUIREMENTS 2 1 Management Terminal Setup 2 1 2 1 1 Console Cable Connection 2 2 2 1 2 Management Termin...

Page 8: ...Setting the Local and Remote Servers 3 34 3 10 Name Services Configuration Screen 3 35 3 11 System Authentication Configuration Screen 3 37 3 12 EAP Port Configuration Screen 3 39 3 13 EAP Statistics...

Page 9: ...Module Time 5 13 5 2 8 Entering a New Screen Refresh Time 5 13 5 2 9 Setting the Screen Lockout Time 5 14 5 2 10 Configuring the COM Port 5 14 5 2 10 1 Changing the COM Port Application 5 16 5 2 11 Cl...

Page 10: ...nu Screen 6 24 6 8 1 802 3ad Port Screen 6 29 6 8 1 1 802 3ad Port Details Screen 6 31 6 8 1 2 802 3ad Port Statistics Screen 6 37 6 8 2 802 3ad Aggregator Screen 6 40 6 8 2 1 802 3ad Aggregator Detai...

Page 11: ...on Precedence Rules 8 29 8 8 2 Displaying the Current Classification Rule Assignments 8 32 8 8 3 Assigning a Classification to a VID 8 33 8 8 4 Deleting Line Items 8 34 8 9 Protocol Port Configuration...

Page 12: ...cs Menu Screen 11 2 11 2 Switch Statistics Screen 11 4 11 3 Interface Statistics Screen 11 6 11 3 1 Displaying Interface Statistics 11 9 11 4 RMON Statistics Screen 11 10 11 4 1 Displaying RMON Statis...

Page 13: ...21 13 12 Example 1 Single Switch Operation 13 22 13 12 1 Solving the Problem 13 22 13 12 2 Frame Handling 13 24 13 13 Example 2 VLANs Across Multiple Switches 13 24 13 13 1 Solving the Problem 13 26 1...

Page 14: ...Configuration Screen 3 37 3 13 EAP Port Configuration Screen 3 39 3 14 EAP Statistics Menu Screen 3 44 3 15 EAP Session Statistics Screen 3 46 3 16 EAP Authenticator Statistics Screen 3 49 3 17 EAP Di...

Page 15: ...creen 6 40 6 13 802 3ad Aggregator Details Screen 6 42 6 14 802 3ad System Screen 6 44 6 15 Broadcast Suppression Configuration Screen 6 46 7 1 802 1 Configuration Menu Screen 7 2 7 2 Spanning Tree Co...

Page 16: ...gement with Only Default VLAN 13 12 13 4 Switch Management with VLANs 13 13 13 5 802 1Q VLAN Screen Hierarchy 13 15 13 6 Walkthrough Stage One Static VLAN Configuration Screen 13 17 13 7 Walkthrough S...

Page 17: ...6 MAC Port Configuration Screen Field Descriptions 3 55 3 17 MAC Supplicant Configuration Screen Field Descriptions 3 57 4 1 Chassis Menu Screen Menu Item Descriptions 4 3 4 2 Chassis Configuration Sc...

Page 18: ...reen Field Descriptions 7 11 7 5 PVST Port Configuration Screen Field Descriptions 7 14 8 1 802 1Q VLAN Configuration Menu Screen Menu Item Descriptions 8 4 8 2 Static VLAN Configuration Screen Field...

Page 19: ...eld Descriptions 11 5 11 3 Interface Statistics Screen Field Descriptions 11 7 11 4 RMON Statistics Screen Field Descriptions 11 11 11 5 Chassis Environmental Statistics Configuration Screen Field Des...

Page 20: ......

Page 21: ...the following Access the Local Management application Identify and operate the types of fields used by Local Management Navigate through Local Management fields and menus Use Local Management screens...

Page 22: ...to configure chassis operation These screens are used to configure the operating parameters for the chassis assign community names and set SNMP traps and obtain the operating status of the chassis po...

Page 23: ...given port and list of priorities Chapter 10 Layer 3 Extensions Menu Screens introduces and describes how to enable or disable IGMP Internet Group Management Protocol RFC 2236 on selected VLANs or gl...

Page 24: ...ith the optional HSIM and VHSIM interface modules module installation user s guides and the manuals listed above can be obtained from the World Wide Web in Adobe Acrobat Portable Document Format PDF a...

Page 25: ...od in numerals signals the decimal point indicator e g 1 75 equals one and three fourths Or periods used in numerals signal the decimal point in Dotted Decimal Notation DDN e g 000 000 000 000 in an I...

Page 26: ......

Page 27: ...ve SNMP traps from the switch Designate which Network Management Workstations are allowed to access the switch module View switch interface and RMON statistics Important Notices Depending on the firmw...

Page 28: ...work Configure the module to control the rate of network traffic entering and leaving the switch on a per port priority basis Configure an optional HSIM or VHSIM installed in the device Configure the...

Page 29: ...out of band network management system A module connected out of band to the management agent is not connected to the LAN This type of connection allows you to communicate with a network module even wh...

Page 30: ...VT series emulation software package You can also access Local Management using a Telnet connection through one of the network ports of the switch module 1 4 LOCAL MANAGEMENT SCREEN ELEMENTS There are...

Page 31: ...Mode 802 1Q SWITCHING Module Type XXXX XX Slot Number X Event Message Field Display Field Input Fields Selection Field Command Fields Display Fields XXXX XX LOCAL MANAGEMENT Event Message Line RETURN...

Page 32: ...to access the module the heading will be the chassis name e g 6C105 If the module IP address is used to access the module the module name will be in the heading the same as listed next to Module Type...

Page 33: ...are in bold type In the field description the field is identified as being modifiable Selection Fields Selection fields provide a series of possible values Only applicable values appear in a selection...

Page 34: ...e ESCAPE ESC Key Used to escape from a Local Management screen without saving changes For example Press ESC twice means the ESC key must be pressed quickly two times SPACE Bar BACKSPACE Key Used to cy...

Page 35: ...sys Networks products in the network A description of your network environment layout cable type etc Network load and frame size at the time of trouble if known The device history i e have you returne...

Page 36: ......

Page 37: ...he power status in case of a power loss 2 1 MANAGEMENT TERMINAL SETUP Use one of the following systems to access Local Management An IBM PC or compatible device running a VT series emulation software...

Page 38: ...adapter supplied in the kit 3 Connect the RJ45 to DB9 adapter to the PC communications port Figure 2 1 Management Terminal Connection NOTE If using a modem between the VT compatible device and the COM...

Page 39: ...derline Cursor Style General Setup Menu Mode ID number Cursor Keys Power Supply VT100 7 Bit Controls VT100ID Normal Cursor Keys UPSS DEC Supplemental Communications Setup Menu Transmit Receive XOFF Bi...

Page 40: ...n 13 8 2 3 MONITORING AN UNINTERRUPTIBLE POWER SUPPLY If the switch module is connected to an American Power Conversion APC Uninterruptible Power Supply UPS device for protection against the loss of p...

Page 41: ...S Connection COM Port RJ45 to DB9 UPS Adapter UPS Device DB9 Port UTP Cable With RJ45 Connectors 1 2 3 4 5 PS1 PS2 COM 6H252 17 Fast Enet 2 RX TX 4 RX TX 3 RX TX 6 RX TX 5 RX TX 8 RX TX 7 RX TX 10 RX...

Page 42: ......

Page 43: ...r 6 Chapter 7 and Chapter 10 Module Statistics screens described in Chapter 11 Network Tools commands described in Chapter 12 and the Security screens which are described in this chapter starting with...

Page 44: ...or VHSIM is installed in a switch an additional statistics screen selection not shown in Figure 3 2 may display in the Module Statistics Menu screen This is dependent on the HSIM or VHSIM installed Fo...

Page 45: ...Network Tools Switch Statistics Interface Statistics RMON Statistics Module Menu Chassis Environment Statistics Configuration EAP Configuration EAP Authentication Statistics EAP Session Statistics EA...

Page 46: ...ens There are two ways to exit the Local Management LM screens Using the Exit Command To exit LM using the EXIT screen command proceed as follows 1 Use the arrow keys to highlight the EXIT command at...

Page 47: ...If a particular Local Management screen has more than one screen to display its information the NEXT and PREVIOUS commands are used to navigate between its screens To go to the next or previous displa...

Page 48: ...e associated Access Policy configured in the Password Configuration screen described in Section 4 4 How to Access Turn on the terminal Press ENTER this may take up to four times because the COM port o...

Page 49: ...ered the terminal beeps and the cursor returns to the beginning of the password entry field Entering a valid password causes the associated access level to display at the bottom of the screen and the...

Page 50: ...es installed in the chassis How to Access Enter a valid password in the Local Management Password screen as described in Section 3 2 and press ENTER The Main Menu screen Figure 3 5 displays Screen Exa...

Page 51: ...al is idle for several minutes the Local Management Password screen redisplays and the session ends This idle time can be changed in the General Configuration screen in Section 5 2 9 Table 3 1 Main Me...

Page 52: ...item in the Module Selection screen and press ENTER The Module Selection screen Figure 3 6 displays Screen Example Figure 3 6 Module Selection Screen 40462 39 EXIT Module 1 2 3 4 5 Module Type 6H258...

Page 53: ...ection 3 5 Table 3 2 Module Selection Screen Field Descriptions Use this field To Module Selectable Display the slot in which the module is installed The module number enclosed in angle brackets indic...

Page 54: ...or 6C107 chassis Password Module Selection Module Menu When to Use To access the Local Management screens for the switch module selected in the Module Selection screen How to Access Use the procedure...

Page 55: ...ific to each port The 802 1 Configuration Menu screen provides access to the Spanning Tree Configuration Menu screen 802 1Q VLAN Configuration Menu screen and the 802 1p Configuration Menu screen Thes...

Page 56: ...in Passwords screen refer to Section 3 8 The Radius Configuration screen enables you to configure the Radius client function on the switch module to provide another restriction for access to the Local...

Page 57: ...Configuration screen described in Section 4 4 SECURITY cont d The MAC Port Configuration screen enables you to monitor the authentication state of the supplicants associated with each port and enable...

Page 58: ...nd grant appropriate access to end user devices directly attached to switch module ports For more information refer to Section 3 6 3 3 6 1 Host Access Control Authentication HACA To use HACA the embed...

Page 59: ...assign different access levels All radius values except the server IPs and shared secrets are assigned reasonable default values when radius is installed on a new switch module The defaults are as fol...

Page 60: ...access accept response the user successfully authenticated it must also return a Radius FilterID attribute containing an ASCII string with the following fields in the specified format Enterasys versio...

Page 61: ...er user based policy that is specifically tailored to the end user s needs 3 6 2 1 Definitions of Terms and Abbreviations Table 3 4 provides an explanation of authentication terms and abbreviations us...

Page 62: ...deny access but do not validate logins User validation is the job of authentication servers This separation of functions allows network managers to put authentication servers on central servers Use th...

Page 63: ...Authentication Configuration screen only the valid set of global and per port authentication methods are available for selection These are EAP PWA MAC MAC EAP and NONE If there is an attempt to enabl...

Page 64: ...ect disables all 802 1X control over that interface However if a default policy exists on that port the switch forwards the frames according to that policy otherwise the switch drops them If a switch...

Page 65: ...method performs authentication Frames are forwarded Auto Enabled Yes Don t Care Yes Hybrid authentication both methods are active Frames are forwarded according to authorized policy Auto Enabled Yes Y...

Page 66: ...No Don t Care 802 1X performs authentication Frames are discarded Force Unauthori zation Enabled Yes Don t Care Yes MAC performs authentication Frames are forwarded according to authorized policy Forc...

Page 67: ...e portAdminDisabled c All policies are applied to ports as a result of a MAC Authentication reverting to the ports default policy if any d All ports currently authenticated using 802 1X are unaffected...

Page 68: ...screens allow you to configure additional limited access The Name Services Configuration screen allows you to set parameters for personalized web authentication The System Authentication Configuration...

Page 69: ...access policy For details refer to Section 3 8 RADIUS CONFIGURATION Used to configure the Radius Client Parameters on the switch primary server and secondary server For details refer to Section 3 9 NA...

Page 70: ...cation Statistics and EAP Diagnostic Statistics screens For details refer to Section 3 13 MAC PORT CONFIGURATION Used to view the current port authentication states enable or disable the authenticatio...

Page 71: ...r telnet connection This screen is also used to disable the function of hardware switch 8 to prevent the clearing of the login passwords How to Access Use the arrow keys to highlight the PASSWORDS men...

Page 72: ...user authorization read write This password allows read and write access to Local Management excluding security protected fields for super user access only super user This password permits read write...

Page 73: ...ge SAVED OK displays at the top of the screen 3 9 RADIUS CONFIGURATION SCREEN When to Use To configure the Radius client in the switch to restrict access to the management functions of the Local Manag...

Page 74: ...screen field Table 3 8 Radius Configuration Screen Field Descriptions Use this field To Timeout Modifiable Enter the maximum time in seconds to establish contact with the Radius Server before timing o...

Page 75: ...level with no further attempt at authentication CHALLENGE Reverts to local module legacy passwords REJECT Does not allow remote access For more details refer to Section 3 9 1 To set local and remote s...

Page 76: ...adius Server before timing out 2 Highlight the Retries field and enter the desired maximum number of attempts 1 N to contact the Radius Server before timing out 3 Highlight the Last Resort Action Loca...

Page 77: ...n Enable Disable Name Services and associate the switch name with the Secure Harbour IP address How to Access Use the arrow keys to highlight the NAME SERVICES CONFIGURATION menu item on the Security...

Page 78: ...re Harbour IP must be globally unique within your network and the end switch must contain the identical information Secure Harbour IP Read Only See the IP address used to access services NOTE The Swit...

Page 79: ...ENTICATION CONFIGURATION menu item on the Security Menu screen and press ENTER The System Authentication Configuration screen Figure 3 12 displays Screen Example Figure 3 12 System Authentication Conf...

Page 80: ...k by validating the MAC address of their connected devices EAP MAC enables using both MAC and EAP authentication methods concurrently for security NONE turns off all port authentication in the switch...

Page 81: ...mple Figure 3 13 EAP Port Configuration Screen RETURN EXIT NEXT SAVE 37831_03 1 initialize idle Auto FALSE FALSE 2 2 initialize idle Auto FALSE FALSE 2 3 initialize idle Auto FALSE FALSE 2 4 initializ...

Page 82: ...hen a EAP authentication is disabled b EAP authentication is enabled and the port is not linked or c EAP authentication is enabled and the port is linked In this case very little time is spent in this...

Page 83: ...adius server These following seven states are the possible internal states for the authenticator Some states are simply pass through states causing a small action and immediately moving to a new state...

Page 84: ...urrent configuration A policy string may be returned by the Radius Server in the filter id attribute This policy string can reference a set of VLAN and priority classification rules pre configured in...

Page 85: ...zed Port Single Setting Set to TRUE to initialize all state machines for this port After initialization authentication can proceed normally on this port according to its control settings This has the...

Page 86: ...ecurity Menu EAP Statistics Menu When to Use To access the EAP Session Statistics EAP Authenticator Statistics and EAP Diagnostic Statistics screens How to Access Use the arrow keys to highlight the E...

Page 87: ...rt For details refer to Section 3 13 1 EAP AUTHENTICATOR STATISTICS Used to review authenticator statistics for each port including EAP frame types received and transmitted and frame version number an...

Page 88: ...R The EAP Session Statistics screen Figure 3 15 displays Screen Example Figure 3 15 EAP Session Statistics Screen Field Descriptions Refer to Table 3 13 for a functional description of each screen fie...

Page 89: ...session Session Authenticate Method Read Only See whether the session was established by a remote Authentication Server or a local Authentication Server Session Time Read Only See the amount of time...

Page 90: ...Name Read Only See the user name associated with the PAE Point of Access Entity Port Number Selectable Select the port number to display the associated EAP Session Statistics To select a port number...

Page 91: ...r Total Frames Tx Read Only See counts of all EAP frames transmitted by the authenticator Start Frames Rx Read Only See counts of EAP start type frames received by the authenticator Logoff Frames Rx R...

Page 92: ...nticator with an invalid length field for the frame body Frame Version Read Only See the EAP protocol version present in the most recent EAP frame Frame Source Read Only See the source MAC address for...

Page 93: ...he EAP Statistics Menu screen and press ENTER The EAP Diagnostic Statistics screen Figure 3 17 displays Screen Example Figure 3 17 EAP Diagnostic Statistics Screen RETURN Port Number 1 CLEAR COUNTERS...

Page 94: ...enticating Read Only See counts of transitions from authenticating to authenticated state after backend authentication has a successful authentication with the supplicant end user requesting authentic...

Page 95: ...on failure or success type messages This frame count indicates that the authenticator picked an EAP method Non NAK resp From Supp Read Only See counts of initial responses to an EAP request from the s...

Page 96: ...ccess Use the arrow keys to highlight the MAC PORT CONFIGURATION menu item on the Security Menu screen and press ENTER The MAC Port Configuration screen Figure 3 18 displays CLEAR COUNTERS Command Set...

Page 97: ...See the current state of the MAC Authentication of a port supplicant If a supplicant is currently active on that port then authenticated is displayed in this field otherwise unauthenticated is displa...

Page 98: ...e 3 19 displays Initialize Port Single Setting Initialize the authentication status of the port When this field is set to TRUE the current authentication session is terminated the port returns to its...

Page 99: ...can be displayed at a time To see additional ports select NEXT and press ENTER to display the authentication type and status for the next 10 ports Duration Read Only See the time in days hours minute...

Page 100: ...to TRUE the current session is terminated It always displays a value of FALSE Reauthenticate Supplicant Single Setting Force a revalidation of the MAC credential for the supplicant When set to TRUE th...

Page 101: ...nvironmental Information screen to monitor the power supply status power supply redundancy status and the fan tray status Section 4 6 or Redirect Configuration Menu screen and its menu items to access...

Page 102: ...SNMP traps monitor the chassis environmental status and to perform port redirect functions How to Access Use the arrow keys to highlight the CHASSIS menu item on the Main Menu screen and press ENTER...

Page 103: ...ATION MENU Used to access the SNMP Community Names Configuration screen and the SNMP Traps Configuration screen These screens are used to modify SNMP community names and set SNMP traps For details ref...

Page 104: ...d view the chassis uptime How to Access Use the arrow keys to highlight the CHASSIS CONFIGURATION menu item on the Chassis Menu screen and press ENTER The Chassis Configuration screen Figure 4 2 displ...

Page 105: ...P address as part of the network or subnetwork address or to 0 if the corresponding bit identifies the host The chassis automatically uses the default subnet mask that corresponds to the IP class that...

Page 106: ...the changes have been saved to memory Screen Lockout Time Modifiable Set the maximum number of minutes that the Local Management application displays a module s screen while awaiting input or action...

Page 107: ...ht the SAVE command then press ENTER The changes are saved to memory 4 2 3 Setting the Chassis Date The chassis is year 2000 compliant so the Chassis Date may be set beyond the year 1999 To set the ch...

Page 108: ...esh time perform the following steps 1 Use the arrow keys to highlight the Screen Refresh Time field 2 Enter a number from 3 to 99 3 Press ENTER to set the refresh time to the time entered in the inpu...

Page 109: ...2 Enter a number from 1 to 30 3 Press ENTER to set the lockout time in the input field 4 Use the arrow keys to highlight the SAVE command at the bottom of the screen and press ENTER If the time enter...

Page 110: ...n screen These screens are used to modify SNMP community names and set SNMP traps How to Access Use the arrow keys to highlight the SNMP CONFIGURATION MENU item on the Chassis Menu screen and press EN...

Page 111: ...on SNMP COMMUNITY NAMES CONFIGURATION Used to enter new change or review the community names used as access passwords for module management operation Access is limited based on the password level of t...

Page 112: ...user How to Access Use the arrow keys to highlight the SNMP COMMUNITY NAMES CONFIGURATION menu item in the SNMP Configuration Menu screen and press ENTER The SNMP Community Names Configuration screen...

Page 113: ...only access to the 6C105 MIB objects and excludes access to security protected fields of read write or super user authorization read write This community name allows read and write access to the 6C105...

Page 114: ...munity names are saved to memory and their access modes implemented 4 5 SNMP TRAPS CONFIGURATION SCREEN When to Use To configure the chassis to establish which workstations are to receive trap alarms...

Page 115: ...o eight different destinations can be defined Trap Community Name Modifiable Enter the Community Name included in the trap message sent to the Network Management Station with the associated IP address...

Page 116: ...kstation or NO prevent alarms from being sent 7 Using the arrow keys highlight the SAVE command and press ENTER The message SAVED OK displays on the screen The designated workstations now receive trap...

Page 117: ...e current redundancy status of the chassis power supplies This field will read either Available or Not Available Power Supply X Status Read Only Display the current status of the chassis power supplie...

Page 118: ...red per installed module giving a maximum of 640 instances for a chassis with 5 modules Up to 24 instances per module can be configured as remote instances to other modules in the chassis How to Acces...

Page 119: ...ng to the screen settings The port redirect function is extremely useful for troubleshooting purposes as it allows traffic to be sent to a particular port where with the use of an analyzer or RMON pro...

Page 120: ...set as source ports Destination Module Read Only See which modules are currently set as destination modules Destination Port Read only See which ports are currently set as destination ports Only one...

Page 121: ...smitted on the source port regardless of the frame format setting NOTE See Section 4 8 1 for directions on how to change the settings for the following fields Src Port n Selectable Select the port n t...

Page 122: ...he Dest Module field near the bottom of the screen 8 Use the SPACE bar or BACKSPACE key to step to the appropriate module number for the destination module 9 Use the arrow keys to highlight the Frame...

Page 123: ...n the frame format as received tagged or untagged The VLAN redirect function is very useful for troubleshooting purposes as it allows traffic associated with a particular VLAN to be sent to a particul...

Page 124: ...VLAN Redirect Configuration Screen Field Descriptions Use this field To Source Module Read Only See which modules are currently set as source modules Source VLAN ID Read Only See the VLAN ID of the V...

Page 125: ...fiable Enter the VLAN ID of the VLAN that is to be redirected to a port A VLAN can not be redirected to more than one port at a time Src Module n Selectable Select the module n that is to be changed t...

Page 126: ...e destination module 9 Use the arrow keys to highlight the Frame Format field near the bottom of the screen 10 Use the SPACE bar or BACKSPACE key to step to the desired frame format setting RECEIVED T...

Page 127: ...Section 5 4 SNMP Traps Configuration screen Section 5 5 Access Control List screen Section 5 6 System Resources Information screen Section 5 7 Flash Download Configuration screen Section 5 8 Port Conf...

Page 128: ...set SNMP traps configure switch parameters and configure the switch module ports How to Access Use the arrow keys to highlight the MODULE CONFIGURATION MENU item on the Module Menu screen and press EN...

Page 129: ...AM in the module and the unused portion of each memory and displays the current CPU switch utilization and the peak switch utilization For details refer to Section 5 7 FLASH DOWNLOAD CONFIGURATION Use...

Page 130: ...e GENERAL CONFIGURATION menu item on the Module Configuration Menu screen and press ENTER The General Configuration screen Figure 5 2 displays Screen Example Figure 5 2 General Configuration Screen 35...

Page 131: ...ts in the mask to 1 when the network treats the corresponding bits in the IP address as part of the network or subnetwork address or to 0 if the corresponding bit identifies the host When an IP addres...

Page 132: ...ad Only See the total time that the module has been operating Operational Mode Read Only Display 802 1Q SWITCHING and cannot be changed Management Mode Toggle Set the switch module to operate in eithe...

Page 133: ...en replaced with the switch module default configuration settings For details refer to Section 5 2 11 IP Fragmentation Toggle Enable or disable IP Fragmentation The default setting for this field is E...

Page 134: ...consisting of a group of ports to increase the bandwidth between switches You can select either the Enterasys Networks SmartTrunking Huntgroup or the IEEE 802 3ad protocol This field toggles between H...

Page 135: ...t mask from its default perform the following steps 1 Use the arrow keys to highlight the Subnet Mask field 2 Enter the subnet mask into this field using Dotted Decimal Notation DDN format For example...

Page 136: ...le a default gateway must be specified When an SNMP Trap is generated the switch module sends out an ARP request to the default gateway which responds with its MAC address The switch module then sends...

Page 137: ...TP server is located on a different IP subnet than the switch module a Gateway IP address should be specified To set the TFTP Gateway IP address perform the following steps 1 Use the arrow keys to hig...

Page 138: ...ield 2 Enter the date in this format MM DD YYYY 3 Press ENTER to set the system calendar to the date in the input field 4 Use the arrow keys to highlight the SAVE command at the bottom of the screen a...

Page 139: ...een refresh time perform the following steps 1 Use the arrow keys to highlight the Screen Refresh Time field 2 Enter a number from 3 to 99 3 Press ENTER to set the refresh time to the time entered in...

Page 140: ...onnections American Power Conversion APC Uninterruptible Power Supply UPS connections To configure the COM port proceed as follows 1 Use the arrow keys to highlight the Com field CAUTION Before alteri...

Page 141: ...M port is reconfigured without a valid IP address set on the switch module or chassis the message shown in Figure 5 5 displays Do not continue unless the outcome of the action is fully understood NOTE...

Page 142: ...r all user entered parameters such as the IP address and Community Names from NVRAM To clear NVRAM proceed as follows 1 Use the arrow keys to highlight the Clear NVRAM field 2 Use the SPACE bar to tog...

Page 143: ...P Fragmentation proceed as follows 1 Use the arrow keys to highlight the IP Fragmentation field 2 Press the SPACE bar to choose either ENABLED or DISABLED 3 Use the arrow keys to highlight the SAVE co...

Page 144: ...dule Configuration Menu SNMP Configuration Menu When to Use To provide access to the SNMP Community Names Configuration SNMP Traps Configuration and Access Control List screens These screens are used...

Page 145: ...e management operation Access is limited based on the password level of the user For details refer to Section 5 4 SNMP TRAPS CONFIGURATION Provides display and configuration access to the table of IP...

Page 146: ...on the SNMP Configuration Menu screen and press ENTER The SNMP Community Names Configuration screen Figure 5 8 displays NOTE If the 6C105 has been assigned community names it is not necessary to assi...

Page 147: ...on of each screen field Table 5 5 SNMP Community Names Configuration Screen Field Descriptions Use this field To Community Name Modifiable Display the user defined name through which a user accesses t...

Page 148: ...displays The community names are saved to memory and their access modes implemented Access Policy Read Only Indicate the access accorded each community name The available access levels are as follows...

Page 149: ...the SNMP Configuration Menu screen and press ENTER The SNMP Traps Configuration screen Figure 5 9 displays Screen Example Figure 5 9 SNMP Traps Configuration Screen NOTE It is only necessary to assig...

Page 150: ...Name field Enter the community name 5 Press ENTER 6 Use the arrow keys to highlight the Enable Traps field Press the SPACE bar to choose either YES send alarms from the switch module to the workstati...

Page 151: ...o the switch module according to their IP addresses Up to 16 single IP addresses and or range of addresses can be configured To manage an ACL enabled switch module the management station must be a mem...

Page 152: ...2 1 12 1 6 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 180 150 200 3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Access Control Lists ENABLED IP Addr IP Addr Mask Mask 255 255 255 0 255 255...

Page 153: ...a new IP address of the devices that you want to have access to SNMP IP management The default value is 0 0 0 0 Up to 16 individual user IP addresses and or range of user IP addresses can be entered F...

Page 154: ...eys to highlight the Access Control Lists field 6 Press the SPACE bar to toggle the field to ENABLED 7 Press ENTER 8 Use the arrow keys to highlight the SAVE command and press ENTER The message SAVED...

Page 155: ...to highlight the SAVE command and press ENTER The message SAVED OK displays on the screen The designated devices associated with the range of IP addresses in the ACL will now have remote access to Loc...

Page 156: ...emory is available How to Access Use the arrow keys to highlight the SYSTEM RESOURCES INFORMATION menu item on the Module Configuration Menu screen and press ENTER The System Resources Information scr...

Page 157: ...ch microprocessor is used in the switch module Flash Memory Installed Read Only See the amount of FLASH memory that is installed in the switch module and how much is currently available DRAM Installed...

Page 158: ...restrictions on the version of firmware required for 6H302 48 modules with a serial number starting with 3655xxxxxx The serial number is visible on the top ejector tab of the switch or by querying the...

Page 159: ...oad Configuration Screen Field Descriptions Refer to Table 5 9 for a functional description of each screen field NOTE Configuration files cannot be downloaded or uploaded directly from one switch modu...

Page 160: ...acement of the image file currently stored in the switch module Section 5 8 1 describes how to download using Runtime DOWNLOAD CONFIG Used to download a configuration file from a TFTP server to a swit...

Page 161: ...ing defaults to YES and cannot be changed In UPLOAD CONFIG the setting defaults to NO and cannot be changed TFTP Gateway IP Addr Modifiable Enter the IP address of the TFTP gateway server defined on t...

Page 162: ...teway IP Addr field on the General Configuration screen 5 Use the arrow keys to highlight the Download Server IP field 6 Enter the IP address of the TFTP server using the DDN format For example nnn nn...

Page 163: ...t the Download Server IP field 6 Enter the IP address of the TFTP server using the DDN format For example nnn nnn nnn nnn 7 Use the arrow keys to highlight the Download File Name field 8 Enter the com...

Page 164: ...target TFTP server using the DDN format For example nnn nnn nnn nnn 7 Use the arrow keys to highlight the Download File Name field 8 Enter the complete pathway and file name of the configuration file...

Page 165: ...n Section 6 6 VLAN Redirect Configuration screen Section 6 7 SmartTrunk Configuration screen Screens are described in the SmartTrunk User s Guide Link Aggregation Menu screen 802 3ad Main Menu Screen...

Page 166: ...n the Aggregation Agg Mode selected in the General Configuration screen described in Section 5 2 If the Agg Mode HUNTGROUP is selected in the General Configuration Menu screen the Port Configuration s...

Page 167: ...n which allows the configuration of the switch module Ethernet ports For details refer to Section 6 2 HSIM VHSIM CONFIGURATION Provides access to the HSIM or VHSIM setup screen depending on the one in...

Page 168: ...t the ETHERNET INTERFACE CONFIGURATION menu item on the Port Configuration Menu screen and press ENTER The Ethernet Interface Configuration screen Figure 6 3 displays SMARTTRUNK CONFIGURATION Used to...

Page 169: ...l be displayed If a Fast Ethernet port is installed via an optional HSIM the interface displayed may be FE 100TX or FE100 FX If a Gigabit port is installed via an optional VHSIM the interface displaye...

Page 170: ...In normal operation the port with an FE 100TX interface is capable of auto negotiating the operational mode and no further user setup is required NOTE In normal operation the front panel ports of the...

Page 171: ...setting Half duplex flow control also known as back pressure is a collision based flow control mechanism used in half duplex configurations The port will display On Off or NA NA is displayed when the...

Page 172: ...ne on this screen How to Access Use the arrow keys to highlight the desired Ethernet port on the Ethernet Interface Configuration screen and press ENTER The Ethernet Port Configuration screen Figure 6...

Page 173: ...Default Speed refer to Section 6 3 1 Default Duplex Toggle Choose the default duplex mode Half for half duplex or Full for full duplex If Auto Negotiation is disabled for the port then the port defau...

Page 174: ...0 Mbps operation 10Base TFD 10 Mbps full duplex operation 100Base TX 100 Mbps operation 100Base TXFD 100 Mbps full duplex operation 1000Base X 1000Base SX 1000Base LX Gigabit Ethernet 1000Base T 1000...

Page 175: ...the port to ignore received PAUSE frames and prevent the port from transmitting PAUSE frames at any speed connection Auto Negotiate when supported the maximum flow control capabilities of the port ar...

Page 176: ...gotiate to the highest speed possible Under some circumstances the Network Administrator may want the port to advertise only some of the available modes and not operate in other modes To set the adver...

Page 177: ...e HSIM or VHSIM setup screen displays Refer to the appropriate HSIM or VHSIM user s guide for instructions on using the Local Management screens for that interface NOTE The HSIM VHSIM Configuration me...

Page 178: ...Redirect Configuration Menu When to Use To access the Port Redirect Configuration and VLAN Redirect Configuration screens Any combination up to 128 of port and or VLAN redirect instances can be config...

Page 179: ...ation Menu Screen Field Menu Item Descriptions Menu Item Screen Function PORT REDIRECT CONFIGURATION Used to redirect traffic from a source switch port to a destination switch port For details refer t...

Page 180: ...to a destination port where all current traffic from the source ports can be examined using analyzers RMON probes or IDS sensors When to Use for 6C107 Chassis To redirect frames in modules installed i...

Page 181: ...e screen How to Access Use the arrow keys to highlight the PORT REDIRECT CONFIGURATION menu item on the Redirect Configuration Menu screen and press ENTER The Port Redirect Configuration screen Figure...

Page 182: ...ther the corresponding source ports are configured ON to send errored frames to the destination ports or OFF to drop all errored frames and only forward valid frames to the destination ports All redir...

Page 183: ...format setting NORMAL TAGGED or UNTAGGED for the selected Destination Port 7 Use the arrow keys to highlight the Redirect Errors field near the bottom of the screen 8 Use the SPACE bar to select eith...

Page 184: ...LAN 1 are then automatically redirected to VLANs 2 and 5 according to the configured frame format and VLAN frames with errors are dropped TIP If more than 1 port is being redirected repeat steps 1 thr...

Page 185: ...screen and press ENTER The VLAN Redirect Configuration screen Figure 6 7 displays Screen Example Figure 6 7 VLAN Redirect Configuration Screen NOTE Although traffic associated with a particular VLAN i...

Page 186: ...rt with a VLAN tag inserted according to the frame classification of the receiving port UNTAGGED Frames are transmitted on the destination port without a VLAN tag regardless of the format of the recei...

Page 187: ...lections for the Source VLAN Destination Port and Frame Format made in steps 1 through 6 and also updates the screen 9 Use the arrow keys to highlight SAVE at the bottom of the screen Press ENTER The...

Page 188: ...f aggregating by comparing the operational keys of ports With this IEEE 802 3ad implementation the operation key is the same as the administrative key assigned by management so ports assigned differen...

Page 189: ...the aggregable bit ActorOperState A port is attached to another port on this same switch loopback There is no available aggregator for 2 or more ports with the same LAGID This can happen if either th...

Page 190: ...e would be used The remaining links would be placed in a disabled state called Blocking Link Aggregation It is desirable to have a way to use multiple interswitch links simultaneously to increase inte...

Page 191: ...sys Networks implementation is called SmartTrunking IEEE 802 3ad All the methods of trunking multiple links have involved manually choosing the links that are part of the trunk The IEEE 802 3ad specif...

Page 192: ...Main Menu Screen 6 28 Port Configuration Menu Screens Screen Example Figure 6 8 802 3ad Main Menu Screen Menu Descriptions Refer to Table 6 7 for a functional description of each menu item PORT AGGREG...

Page 193: ...to view port instances and to access the 802 3ad Port Details screen described in Section 6 8 1 1 and the Port Statistics screen described in Section 6 8 1 2 AGGREGATOR Used to access the 802 3ad Aggr...

Page 194: ...port instance then the port is not aggregating with any other port OperKey Read Only View operation key of the port For ports to be able to aggregate they must have the same operation key MUX Read On...

Page 195: ...nder the Port field 2 Press ENTER The 802 3ad Port Details screen described in Section 6 8 1 1 is displayed Once in this screen the parameters of any selected 802 3ad port can be edited and saved 6 8...

Page 196: ...e identifier for this port identical to Port Instance ActorSystemID Read Only See the System Identifier for the system in which this port resides 3650 011_16 EXIT STATS SAVE ActorSystemPriority ActorS...

Page 197: ...value to use for the PartnerOperSysPriority when no protocol partner is available PartnerAdminPortPriority Modifiable Set a default value to use for the PartnerOperPortPriority when no protocol partn...

Page 198: ...LACP PDU is not received for 90 seconds If this bit is set an S is displayed otherwise an l is displayed bit 2 Aggregation 1 indicates that a port is Aggregable 0 indicates that a port is individual I...

Page 199: ...n this bit position bit 7 Expired 1 indicates that we have Expired This indicates that no LACP PDUs have been received for a sufficient length of time so the partner information has expired If this is...

Page 200: ...ess ENTER The 802 3ad Port Statistics screen described in Section 6 8 1 2 is displayed showing the current port statistics SelectedAggID Read Only See the instance of the aggregator that this port has...

Page 201: ...e shows an example of how the details are displayed in this example for Port Instance 2 Screen Example Figure 6 11 802 3ad Port Statistics Screen Field Descriptions Refer to Table 6 10 for a functiona...

Page 202: ...Port can receive LACPDUsTx Read Only See the number of LAC PDUs that this Aggregation Port can transmit MarkerResponsePDUsRx Read Only See the number of Marker Response PDUs that this Aggregation Por...

Page 203: ...number of times this port s Partner Churn machine has entered the churn state AsyncTransCount Read Only See a count of how many times the Actor s Mux state machine enters the IN Sync state PsyncTransC...

Page 204: ...rity and the number of ports currently attached to the aggregator How to Access Use the arrow keys to highlight the AGGREGATOR menu item in 802 3ad Main Menu screen and press ENTER The 802 3ad Aggrega...

Page 205: ...laying Aggregator Details To display detail information about an Aggregator proceed as follows 1 Use the arrow keys to highlight the line containing the Aggregator of interest 2 Press ENTER The 802 3a...

Page 206: ...ght the line containing the Aggregator of interest on the 802 3ad Aggregator screen and press ENTER The 802 3ad Aggregator Details screen Figure 6 13 displays Screen Example Figure 6 13 802 3ad Aggreg...

Page 207: ...ority value of this aggregator Admin Key Read Only See the Key assigned by management Oper Key Read Only See the current Key being used by the aggregator Collector Max Delay Read Only See the value of...

Page 208: ...as System Identifier Number of Ports and Number of Aggregators How to Access Use the arrow keys to highlight the SYSTEM menu item in 802 3ad Main Menu screen and press ENTER The 802 3ad System screen...

Page 209: ...each screen field Table 6 13 802 3ad System Screen Field Descriptions Use this field To System Identifier Read Only See the uniquely identified system to protocol partner Number of Ports Read Only See...

Page 210: ...Configuration Screen NOTE Broadcast frames received above the threshold setting are dropped 2504 56w PORT 1 2 3 4 5 6 7 8 9 10 11 12 Time Since Peak 999 23 59 999 23 59 999 23 59 999 23 59 999 23 59 9...

Page 211: ...plays Table 6 14 Broadcast Suppression Configuration Screen Field Descriptions Use this field To PORT Read Only Identify the number of the port Total RX Read Only See the total number of broadcast fra...

Page 212: ...eak field to YES or NO proceed as follows 1 Use the arrow keys to highlight the Reset Peak field for the selected port 2 Press the SPACE bar to select YES or NO 3 Use the arrow keys to highlight the S...

Page 213: ...Spanning Tree Configuration Menu screen Section 7 2 Spanning Tree Configuration screen Section 7 3 Spanning Tree Port Configuration screen Section 7 4 PVST Port Configuration Screen Section 7 5 802 1...

Page 214: ...or 802 1p Configuration Menu screen How to Access Use the arrow keys to highlight the 802 1 CONFIGURATION MENU item on the Module Configuration Menu screen and press ENTER The 802 1 Configuration Menu...

Page 215: ...ides faster topology changes provides less transitioning time to the forwarding state when the switch module boots compatible with PVST and backwards compatible with traditional IEEE 802 1D Enable or...

Page 216: ...802 1 Configuration Menu Spanning Tree Configuration Menu When to Use To access the Spanning Tree Configuration or Spanning Tree Port Configuration screen How to Access Use the arrow keys to highligh...

Page 217: ...u Item Screen Function SPANNING TREE CONFIGURATION Used to create a Per VLAN Spanning Tree PVST instance for each VLAN currently configured on the switch For details about the Spanning Tree Port Confi...

Page 218: ...ion Menu screen and press ENTER The Spanning Tree Configuration screen Figure 7 3 displays PVST PORT CONFIGURATION Used to allow Multiple Spanning Trees This screen displays when you select a port of...

Page 219: ...d Table 7 3 Spanning Tree Configuration Screen Field Descriptions Use this field To VLAN top of screen Read Only See a list of the VLAN or Spanning Tree Instances This field also enables you to add or...

Page 220: ...t all switches in the network be configured for the same STP mode setting IEEE 802 1w Spanning Tree Protocol A single spanning tree for the entire network Redundant links are placed in standby mode St...

Page 221: ...The VLAN entered in the VLAN field is added or deleted from the list accordingly When a VLAN is added the age time default value of 300 seconds and the bridge priority value of 32768 are automatically...

Page 222: ...switch address of the selected STP VLAN ID its VLAN age time the total number of ports and the current MAC Address of a switch residing of each port The Spanning Tree Port Configuration screen is also...

Page 223: ...ff each port The first MAC Address is always associated with the VLAN ID selected in the STP VLAN ID field The default is the MAC Address of the Default VLAN State Read Only See the current state of e...

Page 224: ...shown in the STP VLAN ID field Switch Address Read Only See the MAC address of the switch Age Time Read Only See the time out of learned entries STP VLAN ID Selectable Select the STP VLAN ID Using th...

Page 225: ...f the screen to see the next eight ports 7 5 PVST PORT CONFIGURATION SCREEN When to Use To change the configuration parameters of a selected PVST port How to Access Use the arrow keys to highlight the...

Page 226: ...idge of the segment to which this port is attached Port Designated Bridge Read Only View the bridge id of the bridge this port considers to be designated bridge for this port s segment Port Priority M...

Page 227: ...5 Port Path Cost Modifiable View the cost contribution of this port in the path to the Spanning Tree root STP Vlan ID Read Only View the Id of the VLAN in which this port belongs Table 7 5 PVST Port C...

Page 228: ...PVST Port Configuration Screen 7 16 802 1 Configuration Menu Screens...

Page 229: ...nfiguration screen Section 8 8 Protocol Port Configuration screen Section 8 9 For 6C105 chassis Password Main Menu Module Selection Module Menu Module Configuration Menu 802 1 Configuration Menu 802 1...

Page 230: ...o good VLAN implementation Before attempting to configure a single switch for VLAN operation consider the following How many VLANs will be required What stations will belong to them What ports are con...

Page 231: ...ched port of the switch module Each port mode of operation can also be configured to handle untagged frames Hybrid Mode tagged frames 1Q Trunk Mode or frames of a legacy 802 1D switch fabric 1D Trunk...

Page 232: ...nd also display the Filter Database ID FDB ID associated with each VLAN This screen also allows you to access the Static VLAN Egress Configuration screen The Static VLAN Egress Configuration screen en...

Page 233: ...GURATION Used to view a list of ports and enables you to configure each port to either receive all frames or only tagged frames set the PVID enable or disable ingress filtering on each port and enable...

Page 234: ...n as described in Section 8 3 2 How to Access Use the arrow keys to highlight the STATIC VLAN CONFIGURATION menu item on the 802 1Q VLAN Configuration Menu screen and press ENTER The Static VLAN Confi...

Page 235: ...ue is allocated automatically by the device when the VLAN is created either dynamically by GVRP or when a Static VLAN is created using this screen VLAN Name top of screen Read Only See the VLAN Name o...

Page 236: ...ed the screen refreshes and shows the newly created VLAN If the VLAN is not created successfully an error is displayed in the Event Message Line at the top of the screen 8 3 2 Displaying the Current S...

Page 237: ...N To delete a VLAN from the VLAN list proceed as follows 1 Use the arrow keys to highlight the line containing the VLAN ID FDB ID and VLAN Name information The following message is displayed at the to...

Page 238: ...all ports associated with a VLAN selected on the Static VLAN Configuration screen The ports can be set using the following selections UNTAGGED sets the port to transmit frames without a tag header Th...

Page 239: ...ID VLAN Name Read Only See the VLAN Name associated with the VLAN ID Port Read Only See a list of ports associated with the VLAN ID Up to 32 ports may be listed on the screen If more than 32 ports ar...

Page 240: ...the VLAN are transmitted Egress Selectable Select the type of VLAN frame transmission egress for each port You can select UNTAGGED TAGGED or NO using the SPACE bar UNTAGGED the port will only transmi...

Page 241: ...the arrow keys to highlight the SAVE command at the bottom of the screen 4 Press ENTER The message SAVED OK displays and the screen refreshes showing all ports associated with the VLAN that are set to...

Page 242: ...gress list is how the switch keeps track of all VLANs that it will recognize How to Access Use the arrow keys to highlight the CURRENT VLAN CONFIGURATION menu item on the 802 1Q VLAN Configuration Men...

Page 243: ...reen shows the egress setting for each port associated with the VLAN ID in the highlighted line Table 8 4 Current VLAN Configuration Screen Field Descriptions Use this field To VLAN ID Read Only See a...

Page 244: ...The Current VLAN Egress Configuration screen Figure 8 6 displays showing the egress setting of each port associated with the VLAN ID Screen Example Figure 8 6 Current VLAN Egress Configuration Screen...

Page 245: ...transmit or receive frames of VLANs other than the static VLANs created on the switch the ingress filtering on the port which can be enabled or disabled to filter out drop frames that are not on the s...

Page 246: ...HYBRID HYBRID 1Q TRUNK HYBRID HYBRID RETURN EXIT NEXT Port 1 2 3 4 5 6 7 8 9 10 11 12 PVID 1 1 1 1 1 1 1 1 1 1 1 1 Acceptable Frame Types ADMIT ALL FRAMES ADMIT ALL FRAMES ADMIT ALL FRAMES ADMIT ALL F...

Page 247: ...not learned on a given port Port Read Only See a list of the switch ports NOTE In some cases this field may have an asterisk next to it It indicates that it is currently overridden by a policy If a po...

Page 248: ...AN List for the port includes all VLANs 1D TRUNK This mode sets the port for transmitting to a legacy 802 1D switch fabric In this mode all incoming frames are classified into the default VLAN and all...

Page 249: ...Press the SPACE bar to toggle the field to the correct setting ENABLED or DISABLED This will either enable or disable the filtering set in the Acceptable Frame Types field in step 5 9 Use the arrow ke...

Page 250: ...n screen described in Section 8 9 How to Access Use the arrow keys to highlight the VLAN CLASSIFICATION CONFIGURATION menu item on the 802 1Q VLAN Configuration Menu screen and press ENTER The VLAN Cl...

Page 251: ...sociated with the classification selected in the Classification field For details on how to enter the VID Classification refer to Section 8 8 3 CLASSIFICATION bottom of screen Selectable Select the cl...

Page 252: ...t and it is used to simultaneously delete all the configured Classification Rules The DEL MARKED command appears in place of the DEL ALL command when one or more lines are marked for deletion For deta...

Page 253: ...pe IP Protocol Type TCP UDP ICMP IGMP OSPF CUSTOM Protocol Type 000 IPX COS IPX Class Of Service 000 IPX Packet Type IPX Packet Type Hello or SAP RIP Echo Packet Error Packet Netware 386 SAP Seq Pkt P...

Page 254: ...Network IPX Network Num 0x00000000 Dest IPX Network IPX Network Num 0x00000000 Bil IPX Network IPX Network Num 0x00000000 Src UDP Port IP UDP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFT...

Page 255: ...c TCP Port TCP Port FTP Data FTP BOOTP Server BOOTP Client RIP Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM TCP Port Number 00000 Dest TCP Por...

Page 256: ...ion IPX Socket Type 00000 Bil IPX Socket IPX Socket Same selection as for Src IPX Socket Classification IPX Socket Type 00000 Src MAC Address MAC Address 00 00 00 00 00 00 Dest MAC Address MAC Address...

Page 257: ...End 00000 Dest TCP Range3 Start 00000 End 00000 Bil TCP Range3 Start 00000 End 00000 1 Bold type indicates a user entry 2 Any fragmented IP frame received is Classified to the priority identification...

Page 258: ...a match of an entire subnet or range of addresses within a subnet Table 8 9 Classification Precedence Classification Type Precedence Level Layer 2 Source MAC Address Best Match 1a Destination MAC Addr...

Page 259: ...DP Port Source 4a UDP Port Destination 4b TCP Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Des...

Page 260: ...he key thing to remember is that the switch modules will classify frames based on one of the classification options 8 8 2 Displaying the Current Classification Rule Assignments To see which ports are...

Page 261: ...to the appropriate protocol In some cases there is only one selection and a value needs to be entered This is indicated by bold zeros Table 8 8 lists the possible selections associated with each subc...

Page 262: ...highlight the line with the Classification Rule to be deleted 2 Press the M key and an asterisk appears next to the highlighted line to mark it The DEL ALL command is changed to DEL MARKED 3 If more...

Page 263: ...om being associated with the Classification Rule Add ports to the VLAN Forwarding List of the switch module How to Access Use the arrow keys to highlight the line item of interest on the VLAN Classifi...

Page 264: ...to access the Protocol Port Configuration screen All ports with YES in the Classify columns indicate that they are associated with VID 1 and the Ether II Type Classification This causes the VLAN 1 Eth...

Page 265: ...the screen indicates the port type For example Fast Ethernet Front Panel FTM Backplane Port 3 and Gigabit Ethernet VHSIM If a port cannot be configured NO will be displayed without brackets In some c...

Page 266: ...he SPACE bar to toggle the SET ALL PORTS field to YES or NO and press ENTER YES will set all the ports to the VID Classification shown in the Classification Rule field NO will remove all ports from th...

Page 267: ...reen Section 9 4 Transmit Queues Configuration screen Section 9 5 Priority Classification Configuration screen Section 9 6 Protocol Port Configuration screen Section 9 7 Rate Limiting Configuration sc...

Page 268: ...imiting How to Access Use the arrow keys to highlight the 802 1p CONFIGURATION MENU item on the 802 1 Configuration Menu screen and press ENTER The 802 1p Configuration Menu screen Figure 9 1 displays...

Page 269: ...MIT QUEUES CONFIGURATION Used to set each port individually or all ports simultaneously to either transmit frames according to the priority transmit queues set in the Advanced Port Priority Configurat...

Page 270: ...d through that port without a priority indicated in their tag header are classified as a priority 5 A frame with priority information in its tag header is transmitted according to that priority How to...

Page 271: ...icy Override NONE NONE NONE NONE NONE NONE NONE NONE NONE NONE Port 11 12 13 14 15 16 17 18 19 20 Priority 4 4 4 4 4 6 6 6 1 1 NOTE The Set field toggles from INDIVIDUAL to ALL PORTS When ALL PORTS is...

Page 272: ...olumns The list of ports can include both physical and virtual ports If the number of ports exceed these limits one or more other screens may be accessed using the NEXT and PREVIOUS commands Priority...

Page 273: ...e lowest priority 5 Use the arrow keys to highlight the SAVE ALL command at the bottom of the screen 6 Press ENTER The message SAVED OK displays and all ports are set to the priority selected in step...

Page 274: ...ffic Classes 2 through 0 How to Access Use the arrow keys to highlight the TRAFFIC CLASS INFORMATION menu item on the 802 1p Configuration Menu screen and press ENTER The Traffic Class Information scr...

Page 275: ...o select a port to display its Traffic Class Configuration screen where the current setting for that port or all ports may be changed simultaneously The Traffic Class Configuration screen is described...

Page 276: ...t the appropriate port number field above the column of the Traffic Class settings in the Traffic Class Information screen Press ENTER The Traffic Class Configuration screen Figure 9 4 for the selecte...

Page 277: ...See the list of eight priority levels 0 through 7 that can be associated with the Traffic Class settings Priority 0 is the lowest priority When the screen is displayed the current default Traffic Cla...

Page 278: ...transmit queues set in the Advanced Priority Configuration screen or transmit frames according to a priority based on a percentage of the port transmission capacity allocated for each transmit queue...

Page 279: ...figuration screen Figure 9 5 displays Screen Example Figure 9 5 Transmit Queues Configuration Screen WEIGHTED Q0 Q1 Q2 Q3 0 25 38 31 94 Must add up to 100 2504 96w Current Queueing Mode Weights These...

Page 280: ...Current Queueing Mode is set to STRICT 802 1 The weights selected must equal 100 or the values cannot be saved Default weight distribution is 25 per transmission queue Selectable percent weight value...

Page 281: ...be transmitted out the port according to the percent of transmit capacity allocated for each transmit queue The default percentages are 25 for each transmit queue Q0 through Q3 To set the priority tr...

Page 282: ...n screen Assign an 8 bit TOS also known as DF value to incoming IP frames For more information about IP TOS Rewrite refer to Section 9 6 2 Write over an existing TOS value When a frame is received tha...

Page 283: ...rt from a PID Classification used in the Protocol Port Configuration screen Classification top of screen Selectable Display the classification associated with the priority in the PID column which may...

Page 284: ...ed the order in which a frame is transmitted also depends on the Classification Precedence Rules discussed in Section 9 6 1 These rules come into effect when there are multiple classifications configu...

Page 285: ...9 7 Classification List Classification Subclassification and Options Custom or Mask Value Ethernet II Type Ethernet II Type IPX DOD IP ARP RARP AppleTalk Banyan Vines DECNET CUSTOM Type Value 0x00001...

Page 286: ...TOS PID CUSTOM Same Same Same Same Same IP Protocol Type TCP TOS Value 0x00 Range 0 255 UDP ICMP IGMP OSPF CUSTOM Protocol Type 000 IPX COS IPX Class of Service 000 IPX Packet Type IPX Packet Type Hel...

Page 287: ...S PID CUSTOM IP Address 000 000 000 000 TOS Value 0x00 Range 0 255 Mask 000 000 000 000 Bil IP Address New IP TOS NO CHANGE TOS PID CUSTOM IP Address 000 000 000 000 TOS Value 0x00 Range 0 255 Mask 00...

Page 288: ...elnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM UDP Port Number 00000 Dest UDP Port Same selections as for Src UDP Port IP UDP Port Same selection...

Page 289: ...Telnet TFTP HTTP DNS SMTP POP3 IMAP2 IMAP3 NETBIOS Name Serv NETBIOS Datagram NETBIOS Sess Serv CUSTOM TCP Port Number 00000 Dest TCP Port Same selections as for Src TCP Port TCP Port Same selection a...

Page 290: ...ification IPX Socket Type 00000 Bil IPX Socket IPX Socket Same selection as for Src IPX Socket Classification IPX Socket Type 00000 Src MAC Address MAC Address 00 00 00 00 00 00 Dest MAC Address MAC A...

Page 291: ...000 TOS Value 0x00 Range 0 255 End 00000 Bil UDP Range New IP TOS NO CHANGE TOS PID CUSTOM Start 00000 TOS Value 0x00 Range 0 255 End 00000 Src TCP Port New IP TOS NO CHANGE TOS PID CUSTOM Start 00000...

Page 292: ...00000 1 Bold type indicates a user entry 2 Any fragmented IP frame received is Classified to the priority identification PID and forwarded out the ports configured in the Protocol Port Configuration s...

Page 293: ...2 Source MAC Address Best Match 1a Destination MAC Address Best Match 1b EtherType 6 SAP 6 IP TOS 5a IP Type 5b IPX COS 5a IPX Type 5b Layer 3 Source IP Address Exact Match 2a Source IP Address Best...

Page 294: ...Source Port 4a TCP Destination Port 4b IPX Socket Source 4a IPX Socket Destination 4b UDP Source Port 4a UDP Source Port Range 4b UDP Dest Port 4c UDP Dest Port Range 4d TCP Source Port 4a TCP Source...

Page 295: ...itch will classify frames based on one of the classification options 9 6 2 About the IP TOS Rewrite Feature The Type of Service TOS field also known as the Differential Services DF field in RFC 2474 i...

Page 296: ...o see which ports are set to a particular PID Classification Classification Rule the Protocol Port Configuration screen must be displayed To access the Protocol Port Configuration proceed as follows 1...

Page 297: ...sification field requires a value to be entered in a third field to the right of the subclassification field If so use the arrow keys to highlight that third field and type in the appropriate value Ot...

Page 298: ...iguration screen described in Section 9 6 Each port can be changed so it will or will not transmit frames according to the Classification Rule How to Access Use the arrow keys to highlight the line of...

Page 299: ...OD IP was selected in the Priority Classification Configuration screen to access the Protocol Port Configuration screen All ports with YES in the Classify columns would be those ports associated with...

Page 300: ...e number of each port Classify Toggle See which ports are set to the PID Classification indicated in the Classification Rule field see Figure 9 8 The Classify field toggles between YES and NO which de...

Page 301: ...affic using classification rules In this example illustrated in Figure 9 9 the ABC Company wants to prioritize traffic to their SAP server and Mail server so that the SAP Server has the highest priori...

Page 302: ...all ports on the switch module to use this classification setting 3 To set the Mail Server IP 123 123 30 7 to the lowest priority 0 the following settings will be made using the Priority Classificatio...

Page 303: ...ies The list of priorities can include one some or all of the eight 802 1p priority levels The combined rate of all traffic entering and exiting the port with the priorities configured to that port is...

Page 304: ...tion for a port needs to be changed delete the line containing the incorrect configuration and then enter a new configuration with the correct settings Priority List top of screen Read Only See the pr...

Page 305: ...atus ENABLED or DISABLED and can be toggled between ENABLED and DISABLED When ENABLED is highlighted pressing ENTER disables the screen function and the field changes to DISABLED DISABLED is the defau...

Page 306: ...ing Inbound is the default value Up to four rate limit rules entries may be set per port two for Inbound and two for Outbound or any combination of the four Inbound or Outbound Inbound refers to traff...

Page 307: ...maximum transmission rate for this entry The maximum transmission rate includes all frames associated with the priorities selected in the Priority List field The default high setting is 100 Kbps maxim...

Page 308: ...port For further information refer to the rate_limit_ command in Chapter 12 9 To add the new port configuration to memory highlight the ADD command field and press ENTER The new entry displays in the...

Page 309: ...ht the DEL ALL command field and press ENTER Deleting One or More Line Items To delete one or more line items mark each entry and then delete them as follows 1 Use the arrow keys to highlight a line t...

Page 310: ...Example This is a simple example intended to show how the Rate Limiting feature can be applied to solve a problem Assume that a network was built using a 6C105 chassis in each closet and interconnecte...

Page 311: ...sible amount of traffic attempting to leave the chassis at high priority is 5 x 100 500 Mbps The gigabit link has ample capacity to carry this load out of the chassis Similar provisioning calculations...

Page 312: ......

Page 313: ...ons Menu screen and the IGMP VLAN Configuration screen Section 10 2 Screen Navigation Paths For 6C105 chassis Password Main Menu Module Selection Module Menu Module Configuration Menu Layer 3 Extensio...

Page 314: ...e IGMP VLAN Configuration screen How to Access Use the arrow keys to highlight the LAYER 3 EXTENSIONS MENU item on the Module Configuration Menu screen and press ENTER The Layer 3 Extensions Menu scre...

Page 315: ...p information This is performed by hosts multicasting IGMP Host Membership Reports Multicast switches listen for these messages and then pass them to other switches This allows distribution trees to b...

Page 316: ...information about IGMP refer to Appendix B How to Access Use the arrow keys to highlight the IGMP VLAN CONFIGURATION menu item on the Layer 3 Extensions Menu screen and press ENTER The IGMP VLAN Conf...

Page 317: ...is value is also used in calculations for other timers The default value is 125 seconds The range of possible entries is 1 to 300 seconds An entry outside of the range will cause the error message PER...

Page 318: ...ly display an asterisk NOTE To prevent the switch from participating in the IGMP querier election this IP address must be set to 000 000 000 000 McastMartPoolSize Selectable Select the multicast pool...

Page 319: ...y asterisks then the SPACE bar can be used to display the selectable fields and the numeric keys can be used to change the modifiable fields To update the Configuration and Statistics fields for a sel...

Page 320: ...roper IGMP version for the VLAN shown in the VLAN ID field 5 Use the arrow keys to highlight the remaining fields Query Interval Query Response Time Interface Robustness Last Member Query Interval Swi...

Page 321: ...ics screen Section 11 3 RMON Statistics screen Section 11 4 An HSIM or VHSIM Statistics screen may be selected from the Module Statistics Menu screen when an optional HSIM or VHSIM is installed in the...

Page 322: ...ded RMON agent on the switch Statistics on any optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM installed in the module How to Access Use the arrow keys to highlight the MODULE STATISTICS menu...

Page 323: ...r of frames received transmitted filtered and forwarded by each switch port For details refer to Section 11 2 INTERFACE STATISTICS Provides the MIB II statistics for each switched interface on an inte...

Page 324: ...n Figure 11 2 displays HSIM VHSIM STATISTICS Displays the statistics screen when an optional Fast Ethernet or Gigabit Ethernet HSIM or VHSIM is installed in the switch module An HSIM or VHSIM Statisti...

Page 325: ...nt panel ports and the optional HSIM or VHSIM installed Frames Rcvd Read Only See the number of frames received by the interface since the last power up or reset Frames Txmtd Read Only See the number...

Page 326: ...he interface since the last power up or reset Frames Frwded Read Only See the number of frames forwarded by the interface since the last power up or reset CLEAR COUNTERS Command Temporarily reset all...

Page 327: ...o view other interface statistics refer to Section 11 3 1 Name Read Only See the type of interface for which statistics are being displayed InOctets Read Only See the total number of octets bytes that...

Page 328: ...Only See the total number of frames that were discarded because the frames were in an unknown or unsupported format OutOctets Read Only See the total number of octets bytes that have been transmitted...

Page 329: ...erface If this field displays Testing no frames may be passed on this interface Oper Status Read Only See the current status of the interface If this field displays Testing no frames may be passed on...

Page 330: ...MON Statistics Screen NOTE The RMON Statistics screen provides statistics for all the switch module front panel Ethernet Interfaces and any Ethernet HSIM VHSIM installed in the switch module 25041_65w...

Page 331: ...splayed interface This field displays valid or invalid Drop Events Read Only See the total number of times that the RMON agent was forced to discard frames due to the lack of available switch resource...

Page 332: ...er a bad FCS or a bad CRC Total Packets Read Only See the total number of frames including bad frames broadcast frames and multicast frames received on this interface Total Octets Read Only See the to...

Page 333: ...ee the total number of frames including bad frames received that were between 512 and 1023 bytes in length excluding framing bits but including FCS bytes 1024 1518 Octets Read Only See the total numbe...

Page 334: ...arrow keys to highlight the Chassis Environmental Statistics Configuration screen on the Module Statistics menu screen and press ENTER The Chassis Environmental Statistics Configuration screen Figure...

Page 335: ...tics Configuration Screen Field Descriptions Use this field To Chassis Power Redundancy Determine whether there is power redundancy available Chassis Power 1 Status Determine the status of the redunda...

Page 336: ......

Page 337: ...2 1 NETWORK TOOLS When to Use To access and manage network devices using the Network Tools command set How to Access Use the arrow keys to highlight the NETWORK TOOLS menu item in the Module Menu scre...

Page 338: ...devices NOTE The atm_stp_state command only displays when an HSIM or VHSIM is installed that supports ATM such as the HSIM A6DP or VHSIM2 A6DP 36502_02 help SPECIAL done quit or exit Exit from the Net...

Page 339: ...n a gigabit interface module is installed igmpv3_drop lg_frame_admin link_trap loopback_detect maclock netstat non_bridge_if_num passiveStp ping policy radius rate_limit_mode reset sat_size show soft_...

Page 340: ...nables disables and configures alias snooping on a per port basis Syntax alias enable disable status ALL port port range i e 1 5 alias stats alias clear_stats alias fwd_list alias fwd_set rate burst v...

Page 341: ...64 0 Pkts Sent 65 128 0 Pkts Sent 129 256 0 Pkts Sent 257 512 0 Pkts Sent 512 1024 0 Pkts Sent 1024 0 Pkts Dropped Q full 0 Pkts Dropped Rate 0 Pkts Truncated 0 Port State Deltas 93 Port State No Cha...

Page 342: ...r 2 Invalid entry cannot ping device timed out etc 3 Dynamic route entry 4 Static route entry not subject to change You must specify the arp command with one of the options specified in this table Syn...

Page 343: ...response packets Other IP packets will be ignored status Displays the current status information about ARP Cache Example arp_learn status Current ARP Cache Learn status NORMAL arp_learn limited Settin...

Page 344: ...d cdp disable cdp status CDP is Disabled defroute Description Displays sets or deletes the default IP route to a managed device through the specified interface Syntax defroute defroute interface numbe...

Page 345: ...is not currently in STP blocking or listening on that port After a VLAN has been added to the dynamic Port VLAN List the entry is subject to time out age out if the port does not receive another frame...

Page 346: ...Logging Trapping begin logging events ev STOp Logging Trapping stop logging events trap ev Clear clear the log ev SEverity severity level set show current logging severity ev filter get set string get...

Page 347: ...ing severity ev filter get set string get set search string ev logsize get set 50 5000 get set dynamic log buffer size Commands for Listing Events ev List ENabled GROUPS Traps EVents Log list various...

Page 348: ...edundant port status Displays the current status of the gigabit port Examples gigabit_port_mode status gigabit_port_mode is redundant gigabit_port_mode active This will reset board and cause loss of p...

Page 349: ...l large IP frames that can be fragmented will be fragmented before being transmitted out the port If the large frame cannot be fragmented then it will be transmitted out the port as a large frame SMAL...

Page 350: ..._trap disable 2 Link traps have been DISABLED on port 2 link_trap disable all Link traps have been DISABLED on all ports 1 24 link_trap status 3 Link traps are ENABLED on port 3 loopback_detect Descri...

Page 351: ...ked MAC is sent as a trap to management Syntax maclock show port all Displays the status of MAC locking globally or on one or more ports as well as whether or not MAC lock trap messaging is enabled or...

Page 352: ...t all value Restricts MAC locking on a port to a maximum number of end station addresses first connected to that port maclock set static port all value Restricts MAC locking on a port to a maximum num...

Page 353: ...s globally enabled Port Port Trap Max Static Max FirstArrival Violating Number Status Status Allocated Allocated MAC Address ________ ________ ________ ____________ ________________ ________________ 1...

Page 354: ...anged to 6 on port 3 maclock set static 3 4 MAC Locking Static entry changed to 3 on port 4 maclock settrap 3 enable Enabling MAC Locking traps on Port 3 maclock clear static 3 Statically locked MACs...

Page 355: ...x07 0x50 0x11 netstat r Destination Next hop Interface Default Route DirectConnection 1 134 141 0 0 DirectConnection 2 134 141 0 0 DirectConnection 3 non_bridge_if_num Description Configures or displa...

Page 356: ...to a down state Moving the 802 1D Blocked state directly to forwarding and Using a default or locally defined Passive STP Max Age time Syntax passiveStp enable disable status Options enable Enables Pa...

Page 357: ...d authentication information authenticated MAC or UserName policy set port port_number_or_range_or_all profile_index Maps a policy statically to one or more ports policy clear profile port port_number...

Page 358: ...1D AA AA AA 3 none none none N A N A 4 Guest Employee EAP Auth john doe 8 none none none N A N A policy set port 1 2 1 Port DefaultPolicy CurrentPolicy AuthType AuthStatus AuthInfo 1 Default Default S...

Page 359: ...entication will run as before For more about Radius Client refer to Section 3 6 1 Syntax radius radius status radius enable disable radius prim_ip server ip radius sec_ip server ip radius prim_ip serv...

Page 360: ...t settings radius prim_auth_port n Shows sets the primary RADIUS server s UDP authentication port radius sec_auth_port n Shows sets the secondary RADIUS server s UDP authentication port radius prim_ac...

Page 361: ...code appears as asterisks on the screen Examples radius client RADIUS Configuration Cli Command Format radius status shows Radius status clear clears all entries timeout server timeout seconds last_r...

Page 362: ...are entered as the secret code 16 to 32 characters are recommended radius sec_secret Enter Secret max 32 Confirm Secret ERROR secret minimum length is 6 radius sec_secret Enter Secret max 32 Confirm S...

Page 363: ...o the other mode may result in current settings being removed if their range is no longer valid Changing rate limit mode will require a reset Syntax rate_limit_mode status high_range default low_range...

Page 364: ...RE Y sat_size Description Displays the current setting or sets the size of the Source Address Table Forwarding Database on the device to either 8000 or 16000 entries The default is 8000 entries When s...

Page 365: ...ported are ARP caches route tables FIB tables server tables and interface tables The number of valid entries in the table will be outputted at the end of the table display NOTE The Network Tools conne...

Page 366: ...esses for the filter database identifier fdbId address Show the address mac if it is known by the device port Show the addresses for the port portNumber only type Show addresses of the specified type...

Page 367: ...alid entries 2 show mac MAC Address FID Port Type 00 00 1D 00 00 20 1 0010 tp_learned 00 00 1D 00 03 20 1 0010 tp_learned 00 00 1D C3 BE 53 0 0001 self 00 00 1D C3 BE 63 0 0017 self more y or n soft_r...

Page 368: ...anning Tree into STP compatibility mode 0 or the default RSTP mode 2 Syntax stpForceVersion 0 2 status Options stpForceVersion 0 Indicates STP compatibility Enable stpForceVersion 0 only if the user d...

Page 369: ...evice to use spanning tree legacy 802 1D Path Cost values disable Returns the device to the default setting of using the spanning tree 802 1t Path Cost values status Displays the current status of the...

Page 370: ...AUTO Syntax stpPointToPointMAC status value stpPointToPointMAC value vlan id port range Options status Displays the current stpPointToPointMAC settings value Sets stpPointToPointMAC as true false or...

Page 371: ...abled as Spanning Tree ports enable port Enables a specific port disable port Disables a specific port Examples stpPort status The following ports are STP ENABLED 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 1...

Page 372: ...ology traps disable Allows the generation of topology traps Example suppress_topology_traps enable suppress_topology_traps disable telnet Description Allows the user to communicate with another host t...

Page 373: ...et reset_nv Resets non volatile memory dont_reset_nv Does not reset non volatile memory Example timed_soft_reset status timed_soft_reset 10 timed_soft_reset 30 timed_soft_reset 60 reset_nv timed_reset...

Page 374: ...1 52 next hop 0 122 144 60 45 next hop 1 122 144 8 113 next hop 2 122 144 61 45 122 144 11 52 is alive 3 hops away vrrpPort Description Enables disables or displays the status of Virtual Router Redund...

Page 375: ...Port 1 receives another frame the Red VLAN is added again to the dynamic Port VLAN List of Port 1 and the process continues The dynamic Port VLAN List is a temporary list used in the dynamic egress f...

Page 376: ...as the Port VLAN Identifier PVID on all ports The following additional steps are required to configure the switch to solve this problem 1 Define a new VLAN VLAN ID 2 using the Static VLAN Configurati...

Page 377: ...s routed only to AppleTalk users Ports 1 2 5 and 6 while IP traffic is allowed to be seen by IP users Ports 3 4 and 7 and by IP AppleTalk users Ports 1 2 5 and 6 12 5 SPECIAL COMMANDS done quit exit D...

Page 378: ...Special Commands 12 42 Network Tools Screens...

Page 379: ...VLAN Operation Section 13 5 Configuration Process Section 13 6 VLAN Switch Operation Section 13 7 VLAN Configuration Section 13 8 Summary of VLAN Local Management Section 13 9 Quick VLAN Walkthrough...

Page 380: ...ulticast and unknown traffic received from VLAN groups so that traffic from stations in a VLAN are confined to that VLAN When stations are assigned to a VLAN the performance of their network connectio...

Page 381: ...The SmartSwitches treat each port as being equivalent to any other port and have no understanding of the departmental memberships of each workstation In a VLAN environment each SmartSwitch understands...

Page 382: ...riety of addressing schemes including the recognition of groups of MAC addresses or types of traffic One of the best known VLAN like schemes is the use of IP Subnets to divide networks into smaller su...

Page 383: ...s stored in the filtering database assigned to that VLAN Several VLANs can be assigned to the same FDB ID to allow those VLANs to share addressing information This enables the devices in the different...

Page 384: ...Connection previously referred to as a 1Q Trunk A connection between 802 1Q switches that passes only traffic with a VLAN Tag Header inserted in each frame All VLANs in the port s Port VLAN List are...

Page 385: ...n 802 1Q VLAN it is important to understand the basic elements that are combined to make up an 802 1Q VLAN Stations A station is any end unit that belongs to a network In the vast majority of cases st...

Page 386: ...AN Now that a VLAN has been created rules are defined to classify all frames in a VLAN This is accomplished through management by associating a VLAN ID with each port on the switch Optionally frames c...

Page 387: ...tch has been configured to associate VLAN A and B with Filtering Database Identifier FDB ID 2 VLAN C and D with FDB ID 3 and VLAN E with FDB ID 4 Port 6 has been classified to serve as a VLAN trunk co...

Page 388: ...gged for VLAN C This frame may have already been through a VLAN aware switch or originated from a station capable of specifying a VLAN membership If a switch receives a frame containing a tag the swit...

Page 389: ...h is associated with VLAN C and VLAN D The switch recognizes the destination MAC address of the frame as being located out Port 4 Having made the forwarding decision the switch now examines the Port V...

Page 390: ...signed to other VLANs Figure 13 4 shows an example of a switch configured with port 1 on the Management VLAN port and the other users belonging to VLANs A B and C NOTE The switch s virtual Host Data P...

Page 391: ...ate the ports to particular VLANs For details on defining a Static VLAN refer to Section 8 3 1 3 Use the Static VLAN Egress Configuration screen to select the type of Egress setting for each port When...

Page 392: ...mes then the management station connected to the Management VLAN port of either switch could manage both switches No matter how many switches are connected a management station connected to any port o...

Page 393: ...re connected to those stations What ports will be configured as GARP aware ports Will Per VLAN Spanning Tree or Quick Convergence Spanning Tree be used It may also be helpful to sketch out a diagram o...

Page 394: ...Name 1 On the 802 1Q VLAN Configuration Menu screen use the arrow keys to highlight the STATIC VLAN CONFIGURATION menu item Press ENTER The Static VLAN Configuration screen displays 2 On the Static VL...

Page 395: ...ield of Port 3 3 Use the SPACE bar to step to UNTAGGED NOTE When a Static VLAN is created all ports on the Static VLAN Egress Configuration screen are set to the default setting of NO for that VLAN Th...

Page 396: ...their VLAN ID across multiple switches 5 Use the arrow keys to highlight the Egress field for port 10 in the Static VLAN Egress Configuration screen 6 Use the SPACE bar to step to TAGGED 7 Use the arr...

Page 397: ...ype in 2 which is the VLAN ID of the Test VLAN This will associate Port 3 with the VLAN ID thus making the port PVID of 2 NOTE Since Port 3 will connect to a single workstation and is not to be used f...

Page 398: ...t the Acceptable Frame Types field for Port 10 10 Use the SPACE bar to step to ADMIT VLAN TAGGED ONLY This causes Port 10 to drop all frames received that are untagged 11 Leave the INGRESS FILTERING f...

Page 399: ...e switches using the VLAN Local Management screens The actual procedures and screens used to configure a VLAN aware switch are covered in Chapter 8 Also provided in the discussion of each example is a...

Page 400: ...signed to two new VLANs red stations to the Red VLAN and blue stations to the Blue VLAN The information below describes how the switch is configured to create these two VLANs and how users are assigne...

Page 401: ...Ingress Filtering ENABLED GVRP Status DISABLED 5 The VLANs and ports are now configured and enabled Figure 13 11 shows the resulting VLAN assignment to each port Figure 13 11 Switch Configured for VL...

Page 402: ...lassifies this new untagged frame as belonging to the Red VLAN 5 The switch adds the source MAC address and VLAN for station R2 to its Source Address Table in FDB ID 2 and checks the Source Address Ta...

Page 403: ...ltiple Switches Floor 1 Floor 2 Floor 3 Floor 4 1 Bridge 1 Bridge 2 Bridge 3 Bridge 4 Redco Redco Blue Industries Red VLAN Red VLAN Red VLAN Red VLAN Blue VLAN Blue VLAN Blue VLAN Blue VLAN 22632_13 U...

Page 404: ...a VLAN Name of Blue Because the VLANs are assigned to two separate FDB IDs the users on VLAN ID 2 and VLAN ID 3 cannot communicate with each other 2 The Egress type for both VLAN ID 2 Port 1 and VLAN...

Page 405: ...iginal classification information inserted in the frame Tag Header the receiving switch will maintain the original frame classification GVRP is enabled on this port and will support dynamic VLANs crea...

Page 406: ...VLAN ID 2 Port 2 and VLAN ID 3 Port 2 to TAGGED using the Static VLAN Egress Configuration screen This means that these ports will only transmit tagged VLAN frames Egress Port 2 TAGGED 5 Port 2 is con...

Page 407: ...and immediately classifies it as belonging to the Red VLAN After the frame is classified Switch 4 checks the Destination Address and upon discovering that it is a Broadcast Destination Address forward...

Page 408: ...only eligible port is Port 3 which connects to Bridge 4 Switch 2 checks its Forwarding List which specifies that the VLAN frame type for that port is untagged Switch 2 then updates its Source Address...

Page 409: ...ser A The 802 1D switches update their Source Address Tables based on the source MAC address and receive port and the 802 1Q switches update their databases based on the source MAC address VLAN and re...

Page 410: ...ts from flooding the users terminals connected to S1 and S2 a new VLAN will be added to each switch but not assigned to any ports creating a Null VLAN Then each switch will be configured with a Layer...

Page 411: ...r used by RIP 13 15 EXAMPLE 4 SECURING SENSITIVE INFORMATION ACCORDING TO SUBNET The ABC Company wants to confine the sensitive information being transmitted by their Finance Department to its users o...

Page 412: ...n Bil IP Address IP Address 123 123 28 0 Data Mask 255 255 255 0 As a result of this setting any frame with a source or destination IP address of 123 123 28 xx where xx can be a value of 0 255 will be...

Page 413: ...the VLAN Classification Configuration screen This rule is assigned to all ports 3 Enable the Dynamic Egress control on VLAN 2 using the Network Tools command dynamic_egress enable 2 With the above co...

Page 414: ...ddress 00 00 00 00 00 0A and 00 00 00 00 00 0B of Workstation 1 and 2 respectively Figure 13 19 Locking Ports According to Classification Rule 13 17 1 Solving the Problem In this example switches S1 a...

Page 415: ...Ports 1 and 2 with Red VLAN and enable the port to receive all frames The VLAN Classification Configuration screen to create two src MAC address classification rules and assign them to the appropriate...

Page 416: ...cation MAC Address 00 00 00 00 00 0A ADD the rule It will display in the top half of the VLAN Classification Configuration screen 5 Enter the following settings on the Protocol Port Configuration scre...

Page 417: ...to dynamically create VLANs across a switched network When a VLAN is declared the information is transmitted out GVRP configured ports on the switch in a GARP formatted frame using the GVRP multicast...

Page 418: ...gure A 1 Example of VLAN Propagation via GVRP Configuring a VLAN on an 802 1Q switch creates a static GVRP entry The entry will always remain registered and will not time out However dynamic entries w...

Page 419: ...rame and a filter is created to send the stream of data only to those end stations that will receive it IGMP queries are sent periodically from routers An end station that will receive a multicast str...

Page 420: ...iority than GMRP The switch will snoop on all incoming multicast addresses to detect query responses as well as queries Query responses are sent to the multicast address detected in the stream from th...

Page 421: ...g protocols have a destination address of 01 00 5E DVMRP and PIM version 1 run over IGMP If the IGMP frame type is not a REPORT QUERY or LEAVE then the frame is assumed to be one of these PIM version...

Page 422: ......

Page 423: ...Key 6 33 ActorAdminState hex 6 33 ActorOperKey 6 33 ActorOperState 6 34 ActorPort 6 32 ActorPortPriority 6 33 ActorSystemID 6 32 ActorSystemPriority 6 32 AttachedAggID 6 36 LAGID 6 36 PartnerAdminKey...

Page 424: ...7 Total RX 6 47 Built in Commands use of 12 2 C Chassis Configuration screen 4 4 screen fields Chassis Date 4 5 Chassis Time 4 5 Chassis Uptime 4 6 IP Address 4 5 MAC Address 4 5 Screen Lockout Time 4...

Page 425: ...onse Id Frames Rx 3 50 Start Frames Rx 3 49 Total Frames Rx 3 49 Total Frames Tx 3 49 EAP Configuration screen See EAP Port Configuration screen EAP Diagnostic Statistics screen 3 51 screen fields Acc...

Page 426: ...selection 1 7 types 1 6 Filtering Database 13 6 Filtering Database ID 13 5 Filtering Network Traffic According to a Layer 4 Classification Rule 13 32 FLASH Download Configuration screen 5 32 Flash Do...

Page 427: ...stness 10 5 Last Member Query Interval 10 6 Multicast Pool Size 10 6 Querier Address 10 6 Querier Expire Time 10 6 Querier Uptime 10 6 Query Interval 10 5 Query Response Time 10 5 Switch Query IP 10 6...

Page 428: ...rt connection of 2 1 2 2 setup of 2 1 2 3 Managing the switch 13 11 when configured with VLANs 13 12 when not configured with VLANs 13 11 Module Configuration Menu screen 5 2 Module date 5 5 Module Lo...

Page 429: ...filtering 13 32 NEXT command how to use 3 5 NVRAM clearing of 5 16 P PAE 3 19 Password screen chassis 3 6 Passwords screen module login 3 29 Port Configuration Menu screen 6 2 Port mode 1D Trunk 8 20...

Page 430: ...ol Port Configuration screen VLAN 8 35 PVID assigning to port 8 21 PVST Port Configuration screen 7 13 screen fields Corresponding ifindex 7 14 Port 7 14 Port Designated Bridge 7 14 Port Designated Co...

Page 431: ...12 Owner 11 11 RMON Index 11 11 Status 11 11 Total Octets 11 12 Undersized Packets 11 12 total packets 11 12 Rules Classification Precedence 8 29 S Screen fields command fields 1 7 display fields 1 7...

Page 432: ...ing Configuration screen 9 37 Redirect Configuration Menu screen 6 14 RMON Statistics screen 11 10 Security Menu screen 3 26 EAP Authenticator Statistics screen 3 48 EAP Configuration screen See EAP P...

Page 433: ...ial Commands Network Tools 12 41 Static VLAN Configuration screen 8 6 screen fields ADD 8 7 DEL MARKED 8 7 FDB ID 8 7 VLAN ID 8 7 VLAN ID bottom of screen 8 7 VLAN Name 8 7 VLAN Name bottom of screen...

Page 434: ...LAN classifying frames to a 13 8 components 13 7 configuration process of 13 8 customizing the forwarding list 13 8 default VLAN 13 6 defining a 13 8 definition 13 2 to 13 4 Local Management for 7 3 t...

Page 435: ...Read Only 4 25 Destination Port Read Only 4 25 Frame Format Read Only 4 25 Frame Format Selectable 4 25 Redirect Errors 4 25 Source Module Read Only 4 24 Source VLAN ID 4 24 Src Module n Selectable 4...

Page 436: ......

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands