Extreme Networks Summit 300-48 Software User'S Manual Download Page 87 | Manualshive

Page: 87 / 198

background image

Network Security Policies

Summit 300-48 Switch Software User Guide

87

Network Security Policies

Network security policy refers to a set of network rules that apply to user access. You can base the rules
on a variety of factors, including user identification, time and location, and method of authentication. It
is possible to design network security policies to do all of the following:

•

Permit or deny network access based on location and time of day.

•

Place the user into a VLAN based on identity or authentication method.

•

Limit where the user is permitted to go on the network based on identity or authentication method .

Policy Design

When designing a security policy for your network, keep the following objectives in mind:

•

Make each wired and wireless client as secure as possible.

•

Protect company resources.

•

Make the network infrastructure as secure as possible.

•

Be able to track and identify wired and wireless rogues.

To achieve these objectives, it is necessary to work within the constraints of your environment:

•

Technology of all the clients

—

802.11 radio technology (b, a, g, a/b, a/g)

—

Operating system (W2K, XP, Pocket PC, ….)

—

Client readiness for 802.1x; client upgrades

•

Authentication servers available or planned

—

Operating System Login only (i.e. Domain Access, LDAP)

—

RADIUS for Users

—

PKI Infrastructure

•

Nature of the user population

•

Ability to divide users into meaningful groups

•

Network resources required by users

•

Desired access restrictions based on resources, locations, times, and security level

•

Acceptable level of network management and user training

•

Anticipated changes in the network

«
...
85
86
87
88
89
...
»

Summary of Contents for Summit 300-48

Page 1: ...ks Inc 3585 Monroe Street Santa Clara California 95051 888 257 3000 http www extremenetworks com Summit 300 48 Switch Software User Guide Software Version 6 2a Published September 2003 Part number 123...

Page 2: ...rvice mark of Extreme Networks which may be registered or pending registration in certain jurisdictions Specifications are subject to change without notice NetWare and Novell are registered trademarks...

Page 3: ...Quality of Service 19 Load Sharing 19 ESRP Aware Switches 19 Software Licensing 19 Security Licensing 20 Obtaining a Security License 20 Security Features Under License Control 20 Software Factory De...

Page 4: ...olling Telnet Access 39 Using Secure Shell 2 SSH2 39 Enabling SSH2 for Inbound Switch Access 39 Using SNMP 40 Accessing Switch Agents 40 Supported MIBs 41 Configuring SNMP Settings 41 Displaying SNMP...

Page 5: ...reme Discovery Protocol 61 EDP Commands 61 Chapter 5 Virtual LANs VLANs Overview of Virtual LANs 63 Benefits 63 Types of VLANs 64 Port Based VLANs 64 Tagged VLANs 66 VLAN Names 69 Default VLAN 69 Rena...

Page 6: ...utes 88 CLI Commands for Security on the Switch 89 Security Profile Commands 89 Example Wireless Configuration Process 91 93 Chapter 8 Power Over Ethernet Overview 95 Summary of PoE Features 95 Port P...

Page 7: ...ss Control List Examples 116 Chapter 11 Quality of Service QoS Overview of Policy Based Quality of Service 121 Applications and Types of QoS 122 Voice Applications 122 Video Applications 122 Critical...

Page 8: ...ng Tree Protocol 145 Spanning Tree Domains 145 Defaults 146 STPD BPDU Tunneling 146 STP Configurations 146 Configuring STP on the Switch 148 STP Configuration Example 151 Displaying STP Settings 151 D...

Page 9: ...ndix C Software Upgrade and Boot Options Downloading a New Image 175 Rebooting the Switch 176 Saving Configuration Changes 176 Returning to Factory Defaults 176 Using TFTP to Upload the Configuration...

Page 10: ...10 Summit 300 48 Switch Software User Guide Contents Debug Tracing 187 TOP Command 187 Contacting Extreme Technical Support 187 Index Index of Commands...

Page 11: ...reless network 74 7 Permit established access list example topology 116 8 Access control list denies all TCP and UDP traffic 117 9 Access list allows TCP traffic 118 10 Host A initiates a TCP session...

Page 12: ...12 Summit 300 48 Switch Software User Guide Figures...

Page 13: ...tch Port Mirroring Configuration Commands 60 17 EDP Commands 61 18 VLAN Configuration Commands 70 19 RF Configuration Commands 76 20 RF Profile Property Values 76 21 Switch Level Wireless Configuratio...

Page 14: ...Commands 127 45 DiffServ Configuration Commands 128 46 Default Code Point to QoS Profile Mapping 129 47 Status Monitoring Commands 134 48 Port Monitoring Display Keys 137 49 Fault Levels Assigned by...

Page 15: ...ors who are responsible for installing and setting up network equipment It assumes a basic working knowledge of Local area networks LANs Ethernet concepts Ethernet switching and bridging concepts Rout...

Page 16: ...lays This typeface indicates command syntax or represents information as it appears on the screen The words enter and type When you see the word enter in this guide you must type something and then pr...

Page 17: ...00 48 switch supports the following ExtremeWare features Unified Access support Virtual local area networks VLANs including support for IEEE 802 1Q and IEEE 802 1p Spanning Tree Protocol STP IEEE 802...

Page 18: ...local area network LAN Implementing VLANs on your network has the following three advantages They help to control broadcast traffic If a device in VLAN Marketing transmits a broadcast frame only VLAN...

Page 19: ...ches Extreme switches that are not running ESRP but are connected on a network that has other Extreme switches running ESRP are ESRP aware When ESRP aware switches are attached to ESRP enabled switche...

Page 20: ...sion 6 0 and above supports the SSH2 protocol SSH2 allows the encryption of session data The encryption methods used are under U S export restriction control Software Factory Defaults Table 3 shows fa...

Page 21: ...ndividual ExtremeWare features see the applicable individual chapters in this guide IP multicast routing Disabled IGMP Enabled IGMP snooping Disabled SNTP Disabled DNS Disabled Port Mirroring Disabled...

Page 22: ...22 Summit 300 48 Switch Software User Guide ExtremeWare Overview...

Page 23: ...appropriate privilege level Most configuration commands require you to have the administrator privilege level To use the CLI follow these steps 1 Enter the command name If the command does not include...

Page 24: ...iated syntax you must enter enough characters to make the command unambiguous and distinguishable to the switch Command Shortcuts All named components of the switch configuration must have a unique na...

Page 25: ...r example in the syntax use image primary secondary you must specify either the primary or secondary image when entering the command Do not type the square brackets vertical bar Separates mutually exc...

Page 26: ...es cursor at end of command Ctrl N or Down Arrow Displays next command in command history buffer and places cursor at end of command Table 6 Common Commands Command Description clear session number Te...

Page 27: ...c Daylight Savings Time change The default setting is autodst config vlan name ipaddress ip_address mask Configures an IP address and subnet mask for a VLAN create account admin user username encrypte...

Page 28: ...command output reaches the end of the page The default setting is enabled enable idletimeouts Enables a timer that disconnects all sessions both Telnet and console after 20 minutes of inactivity The...

Page 29: ...he user logged on by way of the Telnet connection is notified that the session has been terminated If you have logged on with administrator capabilities the command line prompt ends with a sign For ex...

Page 30: ...configured for the admin account 3 Add a default user password by entering the following command config account user 4 Enter the new password at the prompt 5 Re enter the new password at the prompt NO...

Page 31: ...et download bootrom configuration image upload configuration ping traceroute In addition the nslookup utility can be used to return the IP address of a hostname Table 8 describes the commands used to...

Page 32: ...en the switch and a destination endstation The traceroute command syntax is traceroute ip_address hostname from src_ipaddress ttl TTL port port where ip_address is the IP address of the destination en...

Page 33: ...User Guide 33 from uses the specified source address in the ICMP packet If not specified the address of the transmitting interface is used ttl configures the switch to trace up to the time to live num...

Page 34: ...34 Summit 300 48 Switch Software User Guide Accessing the Switch...

Page 35: ...sing ExtremeWare you can manage the switch using the following methods Access the CLI by connecting a terminal or workstation with terminal emulation software to the console port Access the switch rem...

Page 36: ...IP address of the device that you want to manage Check the user manual supplied with the Telnet facility if you are unsure of how to do this After the connection has been established you will see the...

Page 37: ...he following tasks Log in to the switch with administrator privileges Assign an IP address and subnet mask to a VLAN The switch comes configured with a default VLAN named default To use Telnet or an S...

Page 38: ...the one above would be config vlan default ipaddress 123 45 67 8 24 6 Configure the default route for the switch using the following command config iproute add default gateway metric For example confi...

Page 39: ...erating systems For more information refer to the Data Fellows website at http www datafellows com NOTE SSH2 is compatible with the Data Fellows SSH2 client version 2 0 12 or above SSH2 is not compati...

Page 40: ...private host key and is automatically transmitted to the SSH2 client at the beginning of an SSH2 session Before you initiate a session from an SSH2 client ensure that the client is configured for any...

Page 41: ...NMP community strings can contain up to 127 characters System contact optional The system contact is a text field that enables you to enter the name of the person s responsible for managing the switch...

Page 42: ...the name of the switch A maximum of 32 characters is allowed The default sysname is the model name of the device for example Summit 300 48 The sysname appears in the switch prompt disable snmp access...

Page 43: ...itch database Configuring RADIUS Client You can define primary and secondary server communication information and for each RADIUS server the RADIUS port number to use when talking to the RADIUS server...

Page 44: ...source machine source name and access level The user configuration file users defines username password and service type information ClientCfg txt Client Name Key type version prefix 10 1 2 3 256 tes...

Page 45: ...es in an ASCII configuration file called profiles This file contains named profiles of exact or partial strings of CLI commands A named profile is linked with a user through the users file A profile w...

Page 46: ...ilter Id unlim Extreme Extreme CLI Authorization Enabled lulu Password Service Type Administrative Profile Name Profile1 Filter Id unlim Extreme Extreme CLI Authorization Enabled gerald Password Servi...

Page 47: ...gning an IP address see Configuring Switch IP Parameters on page 36 The default home page of the switch can be accessed using the following command http ipaddress When you access the home page of the...

Page 48: ...n If you will be using ExtremeWare Vista to send an email to the Extreme Networks Technical Support department configure the email settings in your browser Configure the browser to use the following r...

Page 49: ...ta For example if you select an option from the Configuration task button enter configuration parameters in the content frame If you select the Statistics task button statistics are displayed in the c...

Page 50: ...a prompts you to save your changes If you select Yes the changes are saved to the selected configuration area To change the selected configuration area you must go to the Configuration task button Swi...

Page 51: ...sending to Extreme Networks Using the Simple Network Time Protocol ExtremeWare supports the client portion of the Simple Network Time Protocol SNTP Version 3 based on RFC1769 SNTP can be used by the...

Page 52: ...ds The default sntp client update interval value is 64 seconds 6 You can verify the configuration using the following commands show sntp client This command provides configuration and statistics assoc...

Page 53: ...Istanbul Turkey Jerusalem Israel Harare Zimbabwe 3 00 180 BT Baghdad Russia Zone 2 Kuwait Nairobi Kenya Riyadh Saudi Arabia Moscow Russia Tehran Iran 4 00 240 ZP4 Russia Zone 3 Abu Dhabi UAE Muscat Tb...

Page 54: ...r 10 0 1 2 Table 14 SNTP Configuration Commands Command Description config sntp client primary secondary server ipaddress host_name Configures an NTP server for the switch to obtain time information Q...

Page 55: ...u can use wildcard combinations to specify multiple slot and port combinations The following wildcard combinations are allowed slot Specifies all ports on a particular I O module slot x slot y Specifi...

Page 56: ...Table 15 Switch Port Commands Command Description config ports portlist auto off speed 10 100 1000 duplex half full Changes the configuration of a group of ports Specify the following auto off The por...

Page 57: ...to determine the output port selection Algorithm selection is not intended for use in predictive traffic engineering enable sharing port grouping portlist address based Defines a load sharing group of...

Page 58: ...ource_destination ip_source ip_destination ip_source_destination where mac_source Indicates that the switch should examine the MAC source address mac_destination Indicates that the switch should exami...

Page 59: ...ogical port 9 enable sharing 1 9 grouping 1 9 1 12 In this example logical port 9 represents physical ports 1 9 through 1 12 When using load sharing you should always reference the master logical port...

Page 60: ...st domains for example across VLANs when routing NOTE For optimum performance mirror three or fewer ports at any given time Mirror ports and monitor ports should both be confined to the following rang...

Page 61: ...information Information communicated using EDP includes Switch MAC address switch ID Switch software version information Switch IP address Switch VLAN IP information Switch port number CAUTION With E...

Page 62: ...62 Summit 300 48 Switch Software User Guide Configuring Ports on a Switch...

Page 63: ...switch is considered a VLAN LAN segments are not restricted by the hardware that physically connects them The segments are defined by flexible user groups you create with the command line interface Be...

Page 64: ...ore ports on the switch A port can be a member of only one port based VLAN The Summit 300 48 switch supports L2 port based VLANs For example on the Summit 300 48 switch in Figure 1 ports 1 1 through 1...

Page 65: ...ong to VLAN Sales Ports 1 1 through 1 24 and port 1 26 on the Summit 300 48 switch also belong to VLAN Sales The two switches are connected using slot 8 port 4 on system 1 the BlackDiamond switch and...

Page 66: ...tem 2 slot 1 port 6 VLAN Engineering spans system 1 and system 2 by way of a connection between system 1 port 1 52 and system 2 slot 8 port 6 Using this configuration you can create multiple VLANs tha...

Page 67: ...is particularly useful if you have a device such as a server that must belong to multiple VLANs The device must have a NIC that supports 802 1Q tagging A single port can be a member of only one port b...

Page 68: ...VLAN Marketing and VLAN Sales The trunk port on each switch is tagged LB48008A 1 49 1 2 3 4 A B 5 6 7 8 4 3 2 1 M S S 50015 Marketing Sales M M S S S Tagged port Marketing Sales M M S S System 2 S S...

Page 69: ...d VLAN and multiple tag based VLANs NOTE For the purposes of VLAN classification packets arriving on a port with an 802 1Q tag containing a VLANid of zero are treated as untagged VLAN Names Each VLAN...

Page 70: ...will use a tag 4 Assign one or more ports to the VLAN As you add each port to the VLAN decide if the port will use an 802 1Q tag VLAN Configuration Commands Table 18 describes the commands used to co...

Page 71: ...untagged create vlan sales config sales tag 120 config sales add port 1 1 1 3 tagged config sales add port 1 4 1 7 Displaying VLAN Settings To display VLAN settings use the following command show vla...

Page 72: ...72 Summit 300 48 Switch Software User Guide Virtual LANs VLANs...

Page 73: ...g on page 81 Overview of Wireless Networking The Summit 300 48 switch and the Altitude 300 wireless port extend network service to wireless 802 11a b g clients within a fully integrated network infras...

Page 74: ...EAP authentication for 802 1X devices PEAP EAP TLS and EAP TTLS WPA using TKIP and AES Per user VLAN classification AccessAdapt management Remote troubleshooting Easy upgrading of wireless ports Detai...

Page 75: ...xtremely easy since it is only necessary to upgrade the switch not the wireless ports There are two interfaces A and G available on each Summit 300 48 switch port All CLI commands refer to the A radio...

Page 76: ...ofiles for each supported wireless port Table 19 RF Configuration Commands Command Description create rf profile name copy name Creates a new profile identified by the string name The copy argument sp...

Page 77: ...adcast and multicast messages rts threshold 2330 0 2347 Identifies request to send RTS threshold in bytes Should you encounter inconsistent data flow only minor modifications are recommended If a netw...

Page 78: ...hipped with a pre programmed code for certain countries where required by law and as Rest of World for other countries If you do not program the country code in the Summit 300 48 switch then the switc...

Page 79: ...roperty for the specified port or ports See Table 24 for property values reset wireless ports portlist Resets the specified ports enable disable wireless ports portlist Administratively enables or dis...

Page 80: ...for the specified interface full half min one eighth quarter Default is full config wireless ports portlist interface 1 2 transmit rate Configures a transmission rate for the specified port Choice of...

Page 81: ...ields are included in syslog messages for filtering by external tools An additional CLI command is included for more granularity show wireless ports portlist log show wireless ports portlist interface...

Page 82: ...82 Summit 300 48 Switch Software User Guide Wireless Networking...

Page 83: ...rks or those with thick access points Unified Access Security provides the following key capabilities Consolidated management Up to 48 wireless ports from a single Summit 300 48 switch larger network...

Page 84: ...network consisting of the Summit 300 48 switch and Altitude 300 wireless port supports 802 11 open system authentication in which the station identifies the SSID Although open authentication may be ac...

Page 85: ...Based Authentication Location based authentication restricts access to users in specific buildings The Summit 300 48 switch sends the user s location information to the RADIUS server which then deter...

Page 86: ...ossible to support WEP40 and WEP104 as unicast cipher suites along with legacy and WPA based clients You can configure the WEP options independently of the AES and TKIP options used for WPA The multic...

Page 87: ...e following objectives in mind Make each wired and wireless client as secure as possible Protect company resources Make the network infrastructure as secure as possible Be able to track and identify w...

Page 88: ...ests provide the RADIUS server with the user name and password Based on the user name the RADIUS server sends back authentication information including allow deny assigned VLAN and VLAN tag Location b...

Page 89: ...ion EXTREME_NETLOGIN_VLAN_TAG VLAN for this MAC Table 32 Vendor Specific Attributes VSA Attribute Value Type Sent In EXTREME_NETLOGIN_VLAN_TAG 209 Integer Access accept EXTREME_USER_LOCATION 208 Strin...

Page 90: ...ed for WEP or legacy dot1x clients For legacy dot1x clients the switch generates a random key based on the given length and WEP encryption WPA clients use TKIP AES as their cipher suite This command c...

Page 91: ...broadcast twice once with each encryption key dot1x auth suite dot1x Sets the authentication suite to be dot1x which means that keys are dynamically generated Keys are not pushed from the RADIUS serv...

Page 92: ...ile RF_G copy DEFAULT_G 10 Assign network name ess name to the RF profile for the G interface configure rf profile RF_G ess name 80211_G To configure WEP security follow these steps 1 Create a securit...

Page 93: ...cryption length of 128 for the security profile You also need to configure the RADIUS server for dot1x authentication There is a special command enable radius wireless to enable radius for wireless ac...

Page 94: ...94 Summit 300 48 Switch Software User Guide Unified Access Security...

Page 95: ...ameras or other devices With PoE a single Ethernet cable supplies power and the data connection thereby saving time and expense associated with separate power cabling and supply The 802 3af specificat...

Page 96: ...emoved if the PD consumes more than the operator specified limit Maximum of operator limit and class Power is removed if the PD consumes more than the operator limit or discovered class limit whicheve...

Page 97: ...n order During normal system operations port power order is determined first based upon priority then discovery time Thus the highest priority port with the earliest discovery time is powered first Po...

Page 98: ...ports NOTE Configuration parameters affecting operational parameters require the port or slot to be first disabled Table 35 Per Port LEDs Port Disabled Link Up Link Down Activity Non powered device o...

Page 99: ...e default config inline power label string ports portlist Provides a user controllable label to the power port config inline power operator limit milliwatts ports portlist Sets the power limit on the...

Page 100: ...yond the maximum of the detected class limit and the operator limit none removes denies power in case the PD device exceeds the maximum allowable wattage according to regulatory maximum of 20 000 mW T...

Page 101: ...port Clears inline power stats on the specified ports Table 37 PoE Show Commands Command Description show inline power Displays inline power status information for the system show inline power configu...

Page 102: ...102 Summit 300 48 Switch Software User Guide Power Over Ethernet...

Page 103: ...tries in the FDB Dynamic entries Initially all entries in the database are dynamic Entries in the database are removed aged out if after a period of time aging time the device has not transmitted This...

Page 104: ...specific destination address must be discarded Blackhole entries are treated like permanent entries in the event of a switch reset or power off on cycle Blackhole entries are never aged out of the da...

Page 105: ...a permanent MAC entry packets are multicast to the multiple destinations create fdbentry mac_address vlan name dynamic qosprofile qosprofile ingress qosprofile qosprofile ingress qosprofile qosprofil...

Page 106: ...tics MAC address is 00A023123456 VLAN name is net34 The entry will be learned dynamically QoS profile qp2 will be applied when the entry is learned Displaying FDB Entries To display FDB entries use th...

Page 107: ...packet arriving on an ingress port is compared to the access list in sequential order and is either forwarded to a specified QoS profile or dropped These forwarded packets can also be modified by cha...

Page 108: ...address and netmask Layer 4 source port or ICMP type and or ICMP code TCP session initiation bits permit established keyword Egress port Ingress ports An access mask can also have an optional unique p...

Page 109: ...rop Drop the packets Excess packets are not forwarded Permit with rewrite Forward the packet but modify the packet s DiffServe code point The allowable rate limit values for the 100BT ports are 1 2 3...

Page 110: ...ce for the default rule access control list If no other access control list entry is satisfied the default rule is used to determine whether the packet is forwarded or dropped If no default rule is sp...

Page 111: ...Table 39 for the full command syntax For access lists and rate limits you must specify an access mask to use To modify an existing entry you must delete the entry and retype it or create a new entry w...

Page 112: ...ccess masks access lists and rate limits An access mask entry cannot be deleted until all the access lists and rate limits that reference it are also deleted To delete an access mask entry use the fol...

Page 113: ...e destination MAC address source mac Specifies the source MAC address vlan Specifies the VLANid ethertype Specify IP ARP or the hex value to match tos Specifies the IP precedence value code point Spec...

Page 114: ...pecifies the Ethertype field tos Specifies the IP precedence field code point Specifies the DiffServ code point field ipprotocol Specifies the IP protocol field dest ip Specifies the IP destination fi...

Page 115: ...pecify IP ARP or the hex value to match tos Specifies the IP precedence value code point Specifies the DiffServ code point value ipprotocol Specify an IP protocol or the protocol number dest ip Specif...

Page 116: ...1 24 The IP address for NET20 VLAN is 10 10 20 1 24 The workstations are configured using addresses 10 10 10 100 and 10 10 20 100 IPForwarding is enabled Figure 7 Permit established access list exampl...

Page 117: ...llustrates the outcome of the access control list Figure 8 Access control list denies all TCP and UDP traffic Step 2 Allow TCP traffic The next set of access list commands permits TCP based traffic to...

Page 118: ...eyword to allow only host A to be able to establish a TCP session to host B and to prevent any TCP sessions from being initiated by host B as illustrated in Figure 10 The commands for this access cont...

Page 119: ...s access list is shown in Figure 12 Figure 12 ICMP packets are filtered out Example 3 Rate limiting Packets This example creates a rate limit to limit the incoming traffic from the 10 10 10 x subnet t...

Page 120: ...120 Summit 300 48 Switch Software User Guide Access Policies...

Page 121: ...nism for networks that have heterogeneous traffic patterns Using Policy based QoS you can specify the service level that a particular traffic type receives Overview of Policy Based Quality of Service...

Page 122: ...small amounts of bandwidth However the bandwidth must be constant and predictable because voice applications are typically sensitive to latency inter packet delay and jitter variation in inter packet...

Page 123: ...reduce session loss if the queue that floods Web traffic becomes over subscribed File Server Applications With some dependencies on the network operating system file serving typically poses the greate...

Page 124: ...more specific traffic grouping takes precedence By default all traffic groupings are placed in the QoS profile Qp1 The supported traffic groupings are listed in Table 42 The groupings are listed in o...

Page 125: ...QoS profile whenever traffic is destined to the MAC address For any port on which the specified MAC address is learned in the specified VLAN the port is assigned the specified QoS profile For example...

Page 126: ...witching or routing configuration of the switch For example 802 1p information can be preserved across a routed switch boundary and DiffServ code points can be observed or overwritten across a layer 2...

Page 127: ...nformation By default 802 1p priority information is not replaced or manipulated and the information observed on ingress is preserved when transmitting the packet This behavior is not affected by the...

Page 128: ...header encapsulation Table 45 lists the commands used to configure DiffServ Some of the commands are described in more detail in the following paragraphs Table 45 DiffServ Configuration Commands Comma...

Page 129: ...fServ code point has 64 possible values 26 64 By default the values are grouped and assigned to the default QoS profiles listed in Table 46 You can change the QoS profile assignment for a code point b...

Page 130: ...implies that any traffic sourced from this physical port uses the indicated QoS profile when the traffic is transmitted out to any other port To configure a source port traffic grouping use the follo...

Page 131: ...monitored port Real Time Performance Monitoring The real time display scrolls through the given portlist to provide statistics You can choose screens for packet count and packets per second The view...

Page 132: ...on for the port Modifying a QoS Configuration If you make a change to the parameters of a QoS profile after implementing your configuration the timing of the configuration change depends on the traffi...

Page 133: ...ing If you keep simple daily records you will see trends emerging and notice problems arising before they cause major network faults In this way statistics can help you get the best out of your networ...

Page 134: ...w log config Displays the log configuration including the syslog host IP address the priority level of messages being logged locally and the priority level of messages being sent to the syslog host sh...

Page 135: ...s connected to a Summit Virtual Chassis Transmitted Packet Count Tx Pkt Count The number of packets that have been successfully transmitted by the port Transmitted Byte Count Tx Byte Count The total n...

Page 136: ...llisions Transmit Late Collisions TX Late Coll The total number of collisions that have occurred after the port s transmit window has expired Transmit Deferred Frames TX Deferred The total number of f...

Page 137: ...e displays that appear when you issue any of the show port commands Setting the System Recovery Level You can configure the system to automatically reboot after a software task exception using the fol...

Page 138: ...levels including warning or critical use the following command clear log static Subsystem The subsystem refers to the specific functional area to which the error refers Table 50 describes the subsyst...

Page 139: ...If priority is not specified only messages of critical priority are displayed If you enable the log display on a terminal connected to the console port your settings will remain in effect even after y...

Page 140: ...and the source IP address of the client if Telnet was used Configuration logging applies only to commands that result in a configuration change To enable configuration logging use the following comman...

Page 141: ...ties include critical emergency alert error warning notice info and debug If not specified only critical priority messages and are sent to the syslog host disable cli config logging Disables configura...

Page 142: ...igent remotely controlled device or software agent that continually collects statistics about a LAN segment or VLAN The probe transfers the information to a management workstation on request or when a...

Page 143: ...r to both log and send a trap The RMON traps are defined in RFC 1757 for rising and falling thresholds Effective use of the Events group saves you time Rather than having to watch real time graphs for...

Page 144: ...ne for each alarm are shown in Table 52 To be notified of events using SNMP traps you must configure one or more trap receivers as described in Chapter 3 Managing the Switch Table 52 Event Actions Act...

Page 145: ...specification defined by the IEEE Computer Society To explain STP in terms used by the 802 1D specification the switch will be referred to as a bridge Overview of the Spanning Tree Protocol STP is a...

Page 146: ...he default device configuration contains a single STPD called s0 The default VLAN is a member of STPD s0 All STP parameters default to the IEEE 802 1D values as appropriate STPD BPDU Tunneling You can...

Page 147: ...nto blocking state and the connection between switch Y and switch Z is put into blocking state After STP converges all the VLANs can communicate and all bridging loops are prevented The VLAN Marketing...

Page 148: ...y disabling the trunk ports for that connection on each switch Switch 2 has no ports assigned to VLAN marketing Therefore if the trunk for VLAN marketing on switches 1 and 3 is blocked the traffic for...

Page 149: ...ay Max age Bridge priority The following parameters can be configured on each port Path cost Port priority NOTE The device supports the RFC 1493 Bridge MIB Parameters of only the s0 default STPD are a...

Page 150: ...come the root bridge The range is 0 through 65 535 The default setting is 32 768 A setting of 0 indicates the highest priority create stpd stpd_name Creates an STPD When created an STPD has the follow...

Page 151: ...t add vlan manufacturing enable stpd backbone_st disable stpd backbone_st port 1 1 1 7 1 12 Displaying STP Settings To display STP settings use the following command show stpd stpd_name This command d...

Page 152: ...it The default STPD s0 cannot be deleted disable ignore bpdu vlan name Allows the switch to recognize STP BPDUs disable ignore stp vlan name Allows a VLAN to use STP port information disable stpd stp...

Page 153: ...rding on page 165 This chapter assumes that you are already familiar with IP unicast routing If not refer to the following publications for additional information RFC 1256 ICMP Router Discovery Messag...

Page 154: ...5 are assigned to Personnel Finance belongs to the IP network 192 207 35 0 the router interface for Finance is assigned the IP address 192 206 35 1 Personnel belongs to the IP network 192 207 36 0 it...

Page 155: ...route to a particular destination the router picks the route with the longest matching network mask If these are still equal the router picks the route using the following criteria in the order speci...

Page 156: ...Request regardless of the ingress VLAN the always parameter must be applied Once all the proxy ARP conditions are met the switch formulates an ARP Response using the configured MAC address in the pack...

Page 157: ...ociated with configuring IP unicast routing on the switch To configure routing follow these steps 1 Create and configure two or more VLANs 2 Assign each VLAN that will be using routing an IP address u...

Page 158: ...If no options are specified all dynamic IP FDB entries are removed config bootprelay add ipaddress Adds the IP destination address to forward BOOTP packets config bootprelay delete ipaddress all Remov...

Page 159: ...or all VLANs that have been configured with an IP address The default setting for ipforwarding is disabled enable ipforwarding broadcast vlan name Enables forwarding IP broadcast traffic for one or al...

Page 160: ...to the same destination are available Only paths with the same lowest cost are shared The default setting is disabled rtlookup ipaddress hostname Performs a look up in the route table to determine the...

Page 161: ...e generation of an ICMP time exceeded message type 11 when the TTL field expires during forwarding IP multicast packets do not trigger ICMP time exceeded messages The default setting is enabled If a V...

Page 162: ...e Ports 3 and 5 reach the router by way of the VLAN Personnel enable ip option use router alert Enables the switch to generate the router alert IP option with routing protocol packets enable irdp vlan...

Page 163: ...y IP address VLAN or permanent entries show iparp proxy ipaddress mask Displays the proxy ARP table show ipconfig vlan name Displays configuration information for one or all VLANs show ipconfig vlan n...

Page 164: ...ed the command applies to all IP interfaces disable icmp redirects vlan name Disables the generation of ICMP redirect messages If a VLAN is not specified the command applies to all IP interfaces disab...

Page 165: ...P destination address modified as configured and changes are made to the IP and UDP checksums and decrements to the TTL field as appropriate If the UDP forwarding is used for BOOTP or DHCP forwarding...

Page 166: ...rol on a per type per VLAN basis You would alter the default settings for security reasons to restrict the success of tools that can be used to find an important application host or topology informati...

Page 167: ...BOOTP port number appropriate DHCP BOOTP proxy functions are invoked create udp profile profile_name Creates a UDP forwarding profile You must use a unique name for the UDP forwarding profile delete u...

Page 168: ...168 Summit 300 48 Switch Software User Guide IP Unicast Routing...

Page 169: ...ure and humidity controlled indoor area free or airborne materials that can conduct electricity Too much humidity can cause a fire Too little humidity can produce electrical shock and fire NOTE For mo...

Page 170: ...ed current capacity of at least the amount rated for each specific product The AC attachment plug must be an Earth grounding type with a NEMA 5 15P 10 A 125 V configuration Denmark The supply plug mus...

Page 171: ...country and by state Lithium batteries are not listed by the Environmental Protection Agency EPA as a hazardous waste Therefore they can typically be disposed of as normal waste If you are disposing...

Page 172: ...172 Summit 300 48 Switch Software User Guide Safety Information...

Page 173: ...relay RFC 2030 Simple Network Time Protocol RFC 1256 Router discovery protocol RFC 1812 IP router requirement RFC 1519 CIDR Management and Security RFC 1157 SNMP v1 v2c RFC 1213 MIB II RFC 1354 IP fo...

Page 174: ...174 Summit 300 48 Switch Software User Guide Supported Standards...

Page 175: ...d procedure from either a Trivial File Transfer Protocol TFTP server on the network Downloading a new image involves the following steps Load the new image onto a TFTP server on your network if you wi...

Page 176: ...latile storage The switch can store two different configurations a primary and a secondary When you save configuration changes you can select to which configuration you want the changes saved If you d...

Page 177: ...every day so that the TFTP server can archive the configuration on a daily basis Because the filename is not changed the configured file stored in the TFTP server is overwritten every day To upload t...

Page 178: ...the downloaded configuration file as a script of CLI commands and automatically executes the commands If your CLI connection is through a Telnet connection and not the console port your connection is...

Page 179: ...oaders called primary and secondary In the event the switch does not boot properly both bootstrap and bootloader will allow the user to access the boot options using the CLI If necessary the bootloade...

Page 180: ...The BOOTLOADER prompt will appear on the screen Table 64 lists the Bootloader commands Table 62 Bootstrap Command Options Option Description boot Boots a loader enable Enables features h Accesses onl...

Page 181: ...is 0 to 23 download image ipaddress hostname filename primary secondary Downloads a new image from a TFTP server over the network If no parameters are specified the image is saved to the current image...

Page 182: ...Configures the switch to use a particular configuration on the next reboot Options include the primary configuration area or the secondary configuration area use image primary secondary Configures th...

Page 183: ...esentative LEDs Power LED does not light Check that the power cable is firmly connected to the device and to the supply outlet On powering up the MGMT LED lights yellow The device has failed its Power...

Page 184: ...or terminal emulator The settings are 9600 baud 8 data bits 1 stop bit no parity no flow control The SNMP Network Manager cannot access the device Check that the device IP address subnet mask and def...

Page 185: ...emains You should manually delete the routes if no VLAN IP address is capable of using them You forget your password and cannot log in If you are not an administrator another user having administrator...

Page 186: ...nd config port port auto off if you are connecting it to devices that do not support auto negotiation Ensure that you are using multi mode fiber MMF when using a 1000BASE SX Mini GBIC 1000BASE SX does...

Page 187: ...nd devices to which it is attempting to connect and then reboot the endstation The switch keeps aging out endstation entries in the switch Forwarding Database FDB Reduce the number of topology changes...

Page 188: ...User Guide Troubleshooting support extremenetworks com You can also visit the support website at http www extremenetworks com extreme support techsupport asp to download software updates requires a s...

Page 189: ...es outside subnet 156 configuring proxy ARP 156 incapable device 156 proxy ARP between subnets 156 proxy ARP description of 156 responding to ARP requests 156 table displaying 158 authentication 84 au...

Page 190: ...description 61 enabling a switch port 55 errors port 136 establishing a Telnet session 36 Events RMON 143 export restrictions 20 Extreme Discovery Protocol See EDP ExtremeWare factory defaults 20 fea...

Page 191: ...irroring See port mirroring monitoring the switch 133 multiple routes 155 N names VLANs 69 network security policies 87 non aging entries FDB 103 O opening a Telnet session 36 P passwords default 30 f...

Page 192: ...s 44 servers 43 TCP port 43 RADIUS attributes wireless 88 rate limits adding 111 deleting 112 rate limiting 132 receive errors 136 remote logging 139 Remote Monitoring See RMON renaming a VLAN 70 rese...

Page 193: ...tures 142 switch port commands table 56 syntax understanding 23 syslog host 139 system contact SNMP 41 system location SNMP 41 system name SNMP 41 T tagging VLAN 66 technical support 187 Telnet connec...

Page 194: ...QoS 122 W Web access controlling 47 web browsing applications and QoS 123 WEP 84 wireless event logging and reporting 81 example network 74 features 74 networking 73 show commands 80 wireless ports c...

Page 195: ...lt 38 157 160 config iproute delete 160 config iproute delete blackhole 160 config iproute delete default 160 config iproute priority 157 160 config irdp 160 config log display 139 140 config mirrorin...

Page 196: ...bpdu 146 disable ignore bpdu vlan 152 disable ignore stp vlan 152 disable inline power 98 disable inline power ports 99 disable inline power slot 98 disable ipforwarding 159 164 disable ipforwarding...

Page 197: ...181 show access list 112 116 show access mask 112 116 show accounts 31 show banner 28 show configuration 181 show debug tracing 187 show dns client 31 show edp 61 show fdb 106 show fdb permanent 125 1...

Page 198: ...101 unconfig inline power reserved budget ports 101 unconfig inline power usage threshold 99 unconfig inline power violation precedence ports 101 unconfig irdp 162 164 unconfig management 42 unconfig...

Reviews:

No comments

Related manuals for Summit 300-48

Brand: D-Link Pages: 357

Brand: tbs electronics Pages: 2

Brand: 6TL Pages: 25

Brand: Audio Authority Pages: 12

EX ZS 92 S 22 VD F

Brand: steute Pages: 28

Brand: Kobold Pages: 10

Brand: REV Ritter Pages: 15

Raritan Dominion LX II

Brand: LEGRAND Pages: 7

Brand: Enttec Pages: 22

Brand: Kramer Pages: 17

Brand: Eaton Pages: 36

Brand: LINK-MI Pages: 12

Brand: HighSecLabs Pages: 2

Brand: TLS Electronics Pages: 12

Brand: MiLAN Pages: 13

Brand: KDS Pages: 10

Brand: Alaxala Pages: 249

Brand: 3onedata Pages: 4

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands