manualshive.com logo in svg

GarrettCom MNS-6K 4.1.4, Cli User'S Manual

Share
Download
GarrettCom MNS-6K 4.1.4 Cli User'S Manual Download Page 103

M A G N U M   6 K   S W I T C H E S ,     M N S - 6 K   U S E R   G U I D E  
 

attempts. This provides a chronological entry of all intrusions attempted on a specific 
port. 
 
The event log records events as single-line entries listed in chronological order, and serves 
as a tool for isolating problems. Each event log entry is composed of four fields 

Severity

 – the level of severity (see below) 

Date

 – date the event occurred on. See Chapter 3 on setting the 

date and time 

on the 

switch 

Time

 – time the event occurred on. See Chapter 3 on setting the 

date and time 

on the 

switch 

Log  Description

 – description of event as detected by the switch 

 

Severity 

is one of 8 severities described at the beginning of this section. 

 

 

Authorized managers 

 

This feature is available in MNS-6K-SECURE. 

 

 

Just as port security allows and disallows specific MAC addresses from accessing a 
network, the MNS-6K software can allow or block specific IP addresses or a range of IP 
addresses to access the switch. The command used for that is 

 

Syntax  

 

access 

– access configuration mode

 

Syntax   

allow   ip=<ipaddress> mask=<netmask> service=<name|list> 

- authorize 

managers

 

Syntax  

 

deny    ip=<ipaddress> mask=<netmask> service=<name|list> 

- deny access 

to a specific IP address(s) or a subnet

 

Syntax

       

remove  ip=<ipaddress> mask=<netmask> 

- remove specific IP address(s) or 

subnet 

Syntax

    removeall 

- remove all managers 

 

Syntax

   show  ip-access 

– display list of authorized managers 

 

access

 – context are the access commands 

allow

 – allow specified services for specified IP addresses – IP addresses can be individual 

stations, a group of stations or subnets. The range is determined by the IP address and 
netmask settings 

102

 

Summary of Contents for MNS-6K 4.1.4

Page 1: ...MAGNUM 6K FAMILY OF SWITCHES Managed Network Software MNS MNS 6K SECURE 14 1 4 and MNS 6K 4 1 4 CLI User Guide...

Page 2: ...word help help command or just type command Enter If you need information on a specific feature in Web Management Interface use the online help provided in the interface If you need further informati...

Page 3: ...demarks and Personal Hub is a registered trademark of GarrettCom Inc NEBS is a registered trademark of Telcordia Technologies UL is a registered trademark of Underwriters Laboratories Ethernet is a tr...

Page 4: ...le screen 25 Logging in for the first time 26 Setting the IP parameters 26 Privilege levels 29 Operator Privileges 30 Manager Privileges 30 User management 30 Add User 30 Delete User 31 Modify Passwor...

Page 5: ...em DNS 48 Setting serial port parameters 50 System parameters 50 Date and time 52 Network time SNTP Client 53 Network time SNTP Server 54 Saving and loading configuration 54 Config files 58 Script fil...

Page 6: ...Configuration 81 MNS 6K SECURE Implementation 81 List of commands in this chapter 83 6 SNTP Server 84 SNTP prerequisites 84 Background 84 Stratum clocks 85 MNS 6K SECURE Implementation 87 List of com...

Page 7: ...Mirroring and Setup 122 Port monitoring and mirroring 122 Port mirroring 122 Port setup 123 Speed settings 124 Flow Control 125 Back Pressure 126 Broadcast Storms 128 Preventing broadcast storms 129...

Page 8: ...Operation without S Ring 177 RSTP STP Operation with S Ring 179 LLL with S Ring 181 Ring learn features 181 Configuring S Ring 181 List of commands in this chapter 185 15 Dual Homing 187 Dual Homing c...

Page 9: ...rations 231 Configuring GVRP 235 GVRP Operations Notes 237 List of commands in this chapter 238 20 SNMP 239 SNMP concepts 239 Traps 241 Standards 241 Configuring SNMP 242 Configuring RMON 251 List of...

Page 10: ...S 290 Chapter 10 Port mirroring and setup 291 Chapter 11 VLAN 291 Chapter 12 Spanning Tree Protocol STP 292 Chapter 13 Rapid Spanning Tree Protocol 293 Chapter 14 S Ring and Link Loss Learn 294 Chapte...

Page 11: ...tware 342 Accessing the switch 342 Serial Connection 342 Network Access 343 Saving the Configuration 343 Serial Connection 344 Network Access 346 Next steps 347 3 Loading the MNS 6K software 348 Befor...

Page 12: ...ivilege levels Note the prompt changes with the new privilege level 30 FIGURE 8 Adding a user with Manager level privilege 31 FIGURE 9 Deleting a user 31 FIGURE 10 Changing the password for a specific...

Page 13: ...act information 52 FIGURE 34 Setting the system date time and time zone 52 FIGURE 35 Setting the system daylight saving time 53 FIGURE 36 Setting up SNTP services 54 FIGURE 37 Saving the configuration...

Page 14: ...ormation 92 FIGURE 59 Enabling and disabling port security 92 FIGURE 60 Viewing port security settings on a switch On port 9 learning is enabled This port has 6 stations connected to it with the MAC a...

Page 15: ...switch 134 FIGURE 81 configuring VLANs on Magnum 6K switch 135 Figure 82 STP default values refer to next section Using STP for more detailed explanation on the variables 148 FIGURE 83 Viewing STP con...

Page 16: ...and cannot span different modules 195 FIGURE 104 In this figure even though the connections are from one module to another this is still not a valid configuration for LACP using 4 ports as the trunk...

Page 17: ...fic as shown above Each switch has the IGMPL2 turned on Each switch can exchange the IGMP query message and respond properly R4 wants to view surveillance traffic from T1 As shown by 1 a join request...

Page 18: ...gger this mismatch 329 FIGURE 150 Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates 330 FIGURE 151 Firefox forces you to get the certificate before it...

Page 19: ...transfer from saveconf command 346 FIGURE 166 Example of saveconf command for tftp 346 FIGURE 167 Upgrade using serial connection 349 FIGURE 168 File upload status window under Xmodem using HyperTerm...

Page 20: ...mpt shown in Bold font with a or at the end For the document we will use Magnum6K25 as the default prompt Syntax rules Optional entries are shown in square brackets Parameter values within are shown i...

Page 21: ...e manual will be shown by the lock icon shown here MNS 6K SECURE is a licensed feature of GarrettCom Inc Each switch with MNS 6K is upgraded to MNS 6K SECURE with the license key provided for that swi...

Page 22: ...he switch can be used as a DHCP server Chapter 6 discusses time synchronization issues and SNTP services Chapter 7 discusses access consideration and how the access can be secured Chapter 8 describes...

Page 23: ...to increase the throughput using 10 100 Mbps ports or in situations where resiliency is needed between switches trunks Once the network is made resilient the network manager may want to setup priorit...

Page 24: ...ternately a USB to serial cable can also be used This cable is also available from LAN store or GarrettCom Inc 3 A PC or a workstation computer with a terminal emulation program such as HyperTerminal...

Page 25: ...as an Appendix in this manual j The Login prompt is shown when the connection to the GarrettCom Magnum 6K Switch is successful and the switch is ready for the configuration commands Should you get a b...

Page 26: ...ommands which allow effective monitoring configuration and debugging of the devices on the network Console setup Connect the console port on the switch to the serial port on the computer using the ser...

Page 27: ...e details This manual was documented on a Magnum 6K25 switch and for clarity the prompt shown in the manual will be Magnum6K25 Fo Us r additional information on default users user levels and more see...

Page 28: ...er of times A continuous ping to the switch will show an intermittent response as this happens This is normal behavior and is shown below Once the switch assigns itself an IP address the intermittent...

Page 29: ...address mask subnet mask dgw gateway add del Magnum6K25 ipconfig ip 192 168 1 150 mask 255 255 255 0 dgw 192 168 1 10 Magnum6K25 save FIGURE 4 Setting IP address on the switch This document assumes th...

Page 30: ...ic setup parameters You can use show setup or show sysconfig to view setup parameters Some of the parameters in the Magnum 6K family of switches are shown above The list of parameters below indicates...

Page 31: ...r delimits any Manager prompt User management A maximum of five users can be added per switch for MNS 6K and a maximum of twenty users can be added for MNS 6K SECURE Users can be added deleted or chan...

Page 32: ...er FIGURE 9 Deleting a user In this example user peter was deleted Modify Password Syntax passwd user name Magnum6K25 user passwd user peter Enter New Password Confirm New Password Password has been m...

Page 33: ...access the device for modifying the configuration Syntax useraccess user name group list type read write enable disable set read or write access for the command group Syntax useraccess groups displays...

Page 34: ...URE 12 Creating user access privileges After this command user Peter will not have read access to the VLAN system and user groups In another example if the user Peter is not allowed to access the swit...

Page 35: ...or any command that is available at the current context level can be viewed by typing help followed by enough of the command string to identify the command Syntax help command string For example to li...

Page 36: ...set of commands use the TAB key Syntax TAB Syntax Command string TAB Syntax First character of the command TAB For example following the syntax listed above the TAB key will list the available command...

Page 37: ...Connection to the host lost FIGURE 20 logout command Upgrading to MNS 6K SECURE MNS 6K SECURE license can be purchased with the purchase of the switch In that case a license key will be issues to you...

Page 38: ...ateway add del to set IP address on the switch Syntax save save changes made to the configuration Syntax reboot restart the switch same effect as physically turning off the power Syntax show setup sho...

Page 39: ...cter Syntax logout logout from the CLI session Syntax useraccess user name service telnet web enable disable defines the services available to the user to access the device for modifying the configura...

Page 40: ...switch will operate as a standalone Layer 2 switch Without an IP address you cannot Use the web interface to manage the switch Use telnet to access the CLI Use any SNMP Network Management software to...

Page 41: ...ely used in the industry It s best to check with your network administrator as to what protocol to use and what the related parameters are DHCP and bootp require respective services on the network DHC...

Page 42: ...t mode for the switch Where dhcp bootp manual auto where dhcp look only for DHCP servers on the network for the IP address Disable bootp or other modes bootp look only for bootp servers on the network...

Page 43: ...iscuss or edit changes to the MNS 6K This also becomes useful as two remote people want to view the commands and other settings on the switch The telnet client can be disabled by using the telnet disa...

Page 44: ...ote host from the Magnum 6K family of switches Syntax telnet ipaddress port port number The default port for telnet is 23 Magnum6K25 show ipconfig IP Address 192 168 1 11 Subnet Mask 255 255 255 0 Gat...

Page 45: ...the switch The commands in these telnet windows are executed in a round robin i e if one window takes a long time to finish a command the other windows may encounter a delay before the command is comp...

Page 46: ...of SSH it is important to verify unknown public keys before accepting them as valid Accepting an attacker s public key as a valid public key has the effect of disclosing the transmitted password and...

Page 47: ...ports just the plain password authentication method This method is not supported o GSSAPI authentication methods which provide an extensible scheme to perform SSH authentication using external mechani...

Page 48: ...ill be saved to flash memory Magnum6K25 access ssh enable Enabling Access to SSH ML2400 access show ssh SSH is enabled Magnum6K25 access telnet disable ERROR Connected through telnet Magnum6K25 access...

Page 49: ...switch to another device A maximum of four SSH session can be active at the same time Domain Name System DNS DNS functionality is available in MNS 6K SECURE Domain Name System DNS associates various...

Page 50: ...ns enable DNS enabled Magnum6K25 show dns DNS Server Address 192 168 5 254 Domain Name customer domain com DNS Status Enabled Magnum6K25 ping server 192 168 5 2 is alive count 1 time 20ms Magnum6K25 s...

Page 51: ...rt will cause loss of connectivity the parameters of the terminals software e g Hyper Terminal etc will also have to be changed to match the new settings To see the current settings of the serial port...

Page 52: ...ime Rule USA System UpTime 7 Days 12 Hours 30 Mins 46 Secs Magnum6K25 FIGURE 32 System parameters using the show sysconfig command Most parameters here can be changed System variables can be changed B...

Page 53: ...x set date year 2001 2035 month 1 12 day 1 31 format mmddyyyy ddmmyyyy yyyymmdd Syntax set time hour 0 23 min 0 59 sec 0 59 Thus to set the time to be 08 10 am in the 8 hours from GMT PST or time zone...

Page 54: ...witzerland Syria USA Network time SNTP Client Many networks synchronize the time using a Network time server The network time server provides time to the different machines using the Simple Network Ti...

Page 55: ...RE 36 Setting up SNTP services Network time SNTP Server SNTP server feature is available in MNS 6K SECURE only Refer to the chapter on SNTP server in this manual Saving and loading configuration After...

Page 56: ...te and kept for historical reasons These commands are replaced with the ftp or tftp or xmodem commands listed below Before the software is updated it is advised to save the configurations The re loadi...

Page 57: ...get put list del type app config oldconf script hosts log host hostname ip ipaddress file filename upload and download information using sftp Secure ftp command Where get put list del different sftp o...

Page 58: ...y whether a log file or host file is uploaded or downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch The details are conceptually explain...

Page 59: ...mand the sequence of commands are shown below Magnum6K25 show ftp Current FTP Mode NORMAL Magnum6K25 set ftp mode passive FTP Set to Passive Mode Magnum6K25 show ftp Current FTP Mode PASSIVE Magnum6K2...

Page 60: ...P MDIX Module Slot B 2 Port Fiber10 Module Slot C 4 Port Fiber100 Module Slot D 1 10 100 1000T 1 Giga SFP 1000 System Manager This area configures System related information set bootmode type auto set...

Page 61: ...is replaced back in clear text To encrypt and save the config file use the CLI command Syntax set secrets hide show hides or encrypts the user access password Default is show The script file will look...

Page 62: ...ration of Magnum MNS 6K settings GarrettCom recommends that modifications of this file and the commands should be verified by the User in a test environment prior to use in a live production network T...

Page 63: ...bling or disabling the pagination Displaying configuration To display the configuration or to view specific modules configured the show config command is used as described below Syntax show config mod...

Page 64: ...em related information SYSTEM Edit below this line only system_name Main system_contact someone joe com system_location Sunnyvale CA boot_mode manual system_ip 192 168 1 15 system_subnet 0 0 0 0 syste...

Page 65: ...ystem_name Main system_contact someone joe com system_location Sunnyvale CA boot_mode manual system_ip 192 168 1 15 system_subnet 0 0 0 0 system_gateway 192 168 1 11 idle_timeout 10 telnet_access enab...

Page 66: ...mmand discussed above before using the kill config command The kill config will also reset the IP address and all other parameters as well unless the save option described below is used Syntax kill co...

Page 67: ...the serial number of the unit use the command show setup as shown below The command also displays other information related to the switch Syntax show setup display the setup serial number factory code...

Page 68: ...the network for DHCP server then BootP server then check if the IP address 192 68 1 2 is freed up bootimg enable disable valiad with type bootp only Allows the switch to load the image file from the...

Page 69: ...our 0 24 min 0 59 setup the frequency at which the SNTP server is queried Syntax sntp enable disable enables or disables the SNTP services Syntax saveconf mode serial tftp ftp ipaddress file name save...

Page 70: ...downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch host hostname ip ipaddress file filename parameters associated with tftp server for...

Page 71: ...climode script console show set the interactive CLI mode on console or off script To see the mode use the show option Syntax more enable disable show enable or disable the scrolling of lines one page...

Page 72: ...6 K S W I T C H E S M N S 6 K U S E R G U I D E 71 Syntax show timezone shows the system timezone Syntax show date shows the system date Syntax show uptime shows the amount of time the switch has been...

Page 73: ...C 1752 The Recommendation for the IP Next Generation Protocol The recommendation was approved by the Internet Engineering Steering Group and made a proposed standard on November 17 1994 The core set o...

Page 74: ...use of anycast addresses in the IPv6 source route allows nodes to control the path which their traffic flows Header Format Simplification Some IPv4 header fields have been dropped or made optional to...

Page 75: ...es per square meter of the surface of the planet Earth assuming the earth surface is 511 263 971 197 990 square meters In the most pessimistic estimate this would provide 1 564 addresses for each squa...

Page 76: ...ftp fe80 220 6ff fe25 ed80 yntax telnet IPv6 address telnet to an IPv6 station Example telnet fe80 220 6ff fe25 ed80 Besides if the end station supports IPv6 addressing as most Linux and Windows syst...

Page 77: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 76...

Page 78: ...ehavior of BOOTP relay agents and DHCP participants can interoperate with BOOTP participants The DHCP server ensures that all IP addresses are unique4 e g no IP address is assigned to a second client...

Page 79: ...same IP address throughout its connection to a single network Maintaining the same IP address is important to correct functioning of higher layer protocols and applications However if the lease actua...

Page 80: ...mated and controlled the network manager can leverage this automation for security automation as well Technical Details Since the DHCP client evolved from BOOTP the DHCP protocol uses the same two IAN...

Page 81: ...ver is offering the subnet mask the lease duration and the IP address of the DHCP server making the offer The server determines the configuration based on the client s hardware address as specified in...

Page 82: ...e release of IP address is up to the client Client Configuration A DHCP server can provide optional configuration parameters to the client RFC 2132 defines the available DHCP options which are summari...

Page 83: ...tarting ip and ending ip of DHCP server lease pool and leas e time Usage config startip start ip endip end ip mask mask dns dns gateway gatew ay leasetime lease time 1 10 hours Magnum6K25 dhcpserver c...

Page 84: ...rtip start ip endip endip mask mask dns dns1 dns2 dns10 gateway gateway leasetime lease time 1 10 hours configure the DHCP lease request parameters such as starting IP address ending IP address DNS se...

Page 85: ...is available only on MNS 6K SECURE Not all models of the GarrettCom 6K family of switches support SNTP server as this functionality requires a clock that needs to be accurate While all devices can be...

Page 86: ...he IPv4 IPv6 and OSI protocol stacks SNTP has been used in several standalone NTP servers integrated with GPS receivers The article from NIST http tf nist gov timefreq service pdf computertime pdf pro...

Page 87: ...se receivers are available for many time dissemination services including the Global Position System GPS and other services operated by various national governments For reasons of cost and convenience...

Page 88: ...p Groups system Magnum6K25 sntpserver show sntpsrv SNTP SERVER Running Magnum6K25 sntpserver sntpsrv stop Stopping SNTP Server SNTP Server Stopped Magnum6K25 sntpserver show sntpsrv SNTP SERVER Stoppe...

Page 89: ...N S 6 K U S E R G U I D E 88 List of commands in this chapter Syntax sntpserver enter the SNTP Server configuration mode Syntax sntpsrv start stop Start or stop the SNTP Services Syntax show sntpsrv...

Page 90: ...Secure cess on a network can be provided by authenticating against an allowed MAC address as well as IP address j Passwords Magnum 6K family of switches comes with a factory default password for the m...

Page 91: ...urity etwork security hinges on the ability to allow or deny access to network sources The access control aspect of secure network services involves allowing or disallowing traffic based on informatio...

Page 92: ...address list range port num list range Syntax signal port num list range none log trap logandtrap Where allow mac configures the switch to setup allowed MAC addresses on specific ports learn port con...

Page 93: ...between specified MAC addresses Magnum6K25 port security action port 9 10 none Magnum6K25 port security learn port 9 10 enable FIGURE 58 Port security the port learns the MAC addresses Note a maximum...

Page 94: ...E 6 00 e0 29 2a f1 bd 00 01 03 e2 27 89 00 07 50 ef 31 40 00 e0 29 22 15 85 00 03 47 ca ac 45 00 30 48 70 71 23 10 ENABLE NONE NONE DISABLE 0 Not Configured 11 ENABLE NONE NONE ENABLE 0 Not Configured...

Page 95: ...d Trap on selected port s FIGURE 64 Setting the logging on a port The figures listed above show the necessary commands to setup port security The recommended steps to setup security are 1 Set the MNS...

Page 96: ...ABLE 0 00 c1 00 7f ec 00 12 ENABLE NONE NONE DISABLE 0 Not Configured 13 ENABLE NONE NONE DISABLE 0 Not Configured 14 ENABLE NONE NONE DISABLE 0 Not Configured 15 ENABLE NONE NONE DISABLE 0 Not Config...

Page 97: ...figure the disposition of the event messages the process of having them sent to a syslog collector generally consists of deciding which facility messages and which severity levels will be forwarded an...

Page 98: ...the first six levels The event log is now automatically saved to flash so rebooting will not loose them NOTE since the event logs are written on the flash once the flash memory is full the logs stop w...

Page 99: ...the syslog settings Magnum6K25 show log S Date Time Log Description Note 06 17 2007 09 57 27 P M CLI Session Timed Out for User manager on Telnet Note 06 17 2007 09 57 27 P M CLI Session Term User ma...

Page 100: ...05 P M CLI Session Started from Telnet 192 168 5 2 Note 06 23 2007 06 18 16 P M CLI User manager Login From Telnet 192 168 5 2 Magnum6K25 clear log Clear Logged Events Y or N Y Magnum6K25 show log Ma...

Page 101: ...server edit id 2 event warn Server Modified Magnum6K25 syslog show syslog SysLog Status Enabled Server ID 1 SysLog Server Host 192 168 5 2 Server Logging Disabled Log Events Default Server ID 2 SysLog...

Page 102: ...e log shows the most recent event at the top of the listing If the log is filled when the switch detects a new event the oldest entry is dropped off the listing As discussed in the prior section any p...

Page 103: ...This feature is available in MNS 6K SECURE Just as port security allows and disallows specific MAC addresses from accessing a network the MNS 6K software can allow or block specific IP addresses or a...

Page 104: ...mask is used to indicate that Also a specific station with IP address 192 168 15 25 is allowed again note how the subnet mask is used to allow only one specific station in the network Older station w...

Page 105: ...y Syntax show log fatal alert crit error warn note info debug display the log Syntax clear log fatal alert crit error warn note info debug clear the log Syntax set logsize size 1 1000 set the number o...

Page 106: ...c IP address from the access or trusted host list Syntax removeall remove all IP addresses of trusted hosts Syntax show ip access display all trusted hosts Syntax clear history log 1 5 informational a...

Page 107: ...for authenticating users connecting into a network For example if a user connects a PC into the network whether the PC should be allowed access or not provides the same issues as to whether or not a d...

Page 108: ...Authenticator Authentication Server RADIUS 802 1x Switch The RADIUS server is the authentication server The authentication server provides a standard way of providing Authentication Authorization and...

Page 109: ...an EAP Request frame This will request the supplicant to pass its credentials for authentication 6 The supplicant will send its credentials using an EAP Response packet 7 The authenticator will relay...

Page 110: ...te the port use the setport command The CLI commands to configure and perform authentication with a RADIUS server are Syntax auth configuration mode to configure the 802 1x parameters Syntax show auth...

Page 111: ...onds Syntax reauth port num list range status enable disable period 10 86400 set values on how the authenticator Magnum 6K switch does the re authentication with the supplicant or PC port mandatory po...

Page 112: ...Auto Deasserted Unauthorized 8 Enabled Auto Deasserted Unauthorized 9 Enabled Auto Deasserted Unauthorized 10 Enabled Auto Deasserted Unauthorized 11 Enabled Auto Deasserted Unauthorized 12 Enabled A...

Page 113: ...parameter s The amount of time in seconds the supplicant is held after an authentication failure before the authenticator retries the supplicant for connection is changed to 120 seconds the number of...

Page 114: ...pLogoffsWhileConnecting 0 authEntersAuthenticating 3 authAuthSuccessesWhileAuthenticating 2 authAuthTimeoutsWhileAuthenticating 0 authAuthFailWhileAuthenticating 0 authAuthReauthsWhileAuthenticating 0...

Page 115: ...in seconds the authenticator waits for the backend RADIUS server to respond back The default value is 30 seconds Values can range from 1 to 240 seconds maxreq optional The maximum number of times the...

Page 116: ...gured status optional This enables disables re authentication period optional this is the re authentication period in seconds This is the time the authenticator waits before a re authentication proces...

Page 117: ...or the MILNET Military Network Cisco s enhancements to TACACS are called XTACACS XTACACS is now replaced by TACACS TACACS is a TCP based access control protocol TCP offers a reliable connection orient...

Page 118: ...rized as Manager Login as Manager Start Additional Servers Logout Connection failure No Yes Login User in Local User List Yes Is User Manager Yes Login as Manager Login as Operator No No TACACS Enable...

Page 119: ...ersion Minor Version Packet type Sequence no Flags Session ID Length FIGURE 72 TACACS packet format Major Version The major TACACS version number Minor version The minor TACACS version number This is...

Page 120: ...able disable optional for add enable or disable packet encryption key string optional for add mandatory with encrypt when encryption is enabled the secret shared key string must be supplied mgrlevel l...

Page 121: ...order tac local local tac enable or disable TACACS authentication specifying the order in which the server or local database is looked up where tac local implies first the TACAS server then local log...

Page 122: ...tring optional for add mandatory with encrypt when encryption is enabled the secret shared key string must be supplied mgrlevel level and oprlevel level optional specifies the manager and operator lev...

Page 123: ...ll the traffic for a specific port is reflected on another port typically a monitoring port The Magnum 6K family of switches can be instructed to repeat the traffic from one port onto another port Thi...

Page 124: ...mr diable command 1 Only one port can be set to port mirror at a time 2 Both the ports monitored port and sniffer port have to belong to the same VLAN 3 The mirrored port shows both incoming as well a...

Page 125: ...port 11 name JohnDoe Magnum6K25 device setport port 12 name JaneDoe Magnum6K25 device show port Keys E Enable D Disable H Half Duplex F Full Duplex M Multiple VLANs NA Not Applicable LI Listening LE L...

Page 126: ...ntrol is for full duplex operation and the controls provided indicates the number of buffers allowed for incoming traffic before a Rxon or Rxoff information is sent RXon is sent when the number of buf...

Page 127: ...ed congestion control is possible only on half duplex 10 Mbps Ethernet ports Other technologies are not supported on Magnum 6K family of switches Syntax backpressure rxthreshold value where rxthreshol...

Page 128: ...M Multiple VLAN s NA Not Applicable LI Listening LE Learning F Forwarding B Blocking Port Name Status Dplx Media Link Speed Part Auto Vlan GVRP STP 9 B1 E H 10Tx UP 10 No E 1 10 B2 E H 10Tx DOWN 10 No...

Page 129: ...eed 10Mbps Port Duplex Mode half duplex Port Auto negotiation State Enable Port STP State NO STP Port GVRP State No GVRP Port Priority Type None Port Security Enable Port Flow Control Enable Admin Sta...

Page 130: ...st packets received Syntax broadcast protect enable disable enable or disable the broadcast storm protection capabilities Syntax rate threshold port port list range rate frames sec set the rate limit...

Page 131: ...o sh 7 ows how the threshold can be lowered for a specific port Port Rate limiting for broadcast traffic Please refer to the above section on broadcast storms List of commands in this chapter Syntax s...

Page 132: ...ow flowcontrol display flow control buffers yntax backpressure rxthreshold value configure backpressure buffers yntax show backpressure display backpressure buffers yntax broadcast protect enable disa...

Page 133: ...y of having two or more Ethernet segments exist on common hardware The reason for creating multiple segments in Ethernet is to isolate collision domains VLANs can isolate groups of users or divide up...

Page 134: ...to the default VLAN DEFAULT VLAN This places all ports on the switch into one physical broadcast domain Users familiar with VLANs and plan to deploy GarrettCom switches to interoperate with Cisco swit...

Page 135: ...switch MNS 6K supports up to 32 VLANs per switch MNS 6K SECURE supports up to 256 VLANs per switch Creating VLANs Creating VLAN and to configure VLAN related commands Syntax set vlan type tag none de...

Page 136: ...gnum6K25 vlan Magnum6K25 tag vlan add id 2 name test port 1 10 Magnum6K25 tag vlan start vlan all Magnum6K25 tag vlan save Saving current configuration Configuration saved FIGURE 81 configuring VLANs...

Page 137: ...e VLAN For example if port 1 is a member of VLANs 10 20 and 30 if a packet with VLAN id 40 arrives at port 1 it will be dropped Syntax set port port number list range tagging id number status tagged u...

Page 138: ...is set to VLAN 1 and can be changed to another VLAN A word of caution on changing the default VLAN as well there can be repercussions on management as well as multicast and other issues 4 Tag VLAN su...

Page 139: ...N Magnum6K25 vlan Magnum6K25 tag vlan add id 10 name mkt port 14 16 Tag based vlan Added Successfully Vlan id 10 Vlan name mkt Ports 14 16 Magnum6K25 tag vlan edit id 10 name engineering port 14 16 Ta...

Page 140: ...4 16 Magnum6K25 tag vlan show vlan VLAN ID 1 Name Default VLAN Status Active PORT MODE STATUS 9 UNTAGGED UP 10 UNTAGGED DOWN 11 UNTAGGED DOWN 12 UNTAGGED DOWN 13 UNTAGGED UP 14 UNTAGGED DOWN 15 UNTAGG...

Page 141: ...er Enabled Magnum6K25 tag vlan show vlan Magnum 6K25 tag vlan show vlan VLAN ID 1 Name Default VLAN Status Active PORT MODE STATUS 1 UNTAGGED UP 2 UNTAGGED DOWN 3 UNTAGGED DOWN 4 UNTAGGED DOWN 5 UNTAG...

Page 142: ...gging id 10 status tagged Port tagging enabled Magnum6K25 tag vlan set port port 14 16 tagging id 20 status tagged Port tagging enabled Magnum6K25 tag vlan set port port 14 16 tagging id 30 status tag...

Page 143: ...LAN ID 10 Name mkt Status Active PORT MODE STATUS 14 TAGGED DOWN 15 TAGGED DOWN 16 TAGGED DOWN VLAN ID 20 Name sales Status Active PORT MODE STATUS 14 TAGGED DOWN 15 TAGGED DOWN 16 TAGGED DOWN VLAN ID...

Page 144: ...s ENABLED VLAN Memberships Vlan 1 Status Active UNTAGGED Vlan 10 Status Pending TAGGED Vlan 20 Status Pending TAGGED Vlan 30 Status Pending TAGGED Port 15 Default ID 1 Filter Status ENABLED VLAN Membe...

Page 145: ...lan 1 Status Active UNTAGGED Port 14 Default ID 1 Filter Status ENABLED VLAN Memberships Vlan 1 Status Active UNTAGGED Vlan 10 Status Active TAGGED Vlan 20 Status Active TAGGED Vlan 30 Status Active T...

Page 146: ...page look for the drop down on Technical Briefs List of commands in this chapter Syntax set vlan type tag none defines the VLAN type Syntax vlan enable disable allow VLAN commands or configure vlan c...

Page 147: ...will be tagged or untagged Syntax set port port number list range join id number adds the specified port s to the specified VLAN id Syntax set port port number list range leave id number releases a s...

Page 148: ...ate messages This duplication leads to a broadcast storm or other erratic behavior that can bring down the network j As recommended in the IEEE 802 1Q VLAN standard the Magnum 6K family of switches us...

Page 149: ...o use STP it has to be manually enabled 2 If you are using tagged VLANs at least one untagged VLAN must be available for the BPDU s to propagate through the network to update STP status 3 Whenever cha...

Page 150: ...which is elected as the root port of the switch A oot Path Cost A path cost is assigned to individual ports for the switch to determine converge resulting in a slower system IGURE 83 View Spanning Tr...

Page 151: ...nds This value can be set between 4 30 seconds Root Bridge Hello Time indicates the designated root bridge s in Root Bridge Max Age indicates the de it These variables can be changed using the priori...

Page 152: ...State indicates the STP state of individual ports V F Des Bridge This is the port s design Des Port This is the port s designated root port To enable or disable STP enter the STP co yntax stp STP Conf...

Page 153: ...d 80 00 00 20 06 25 ed 80 80 0c 13 TP 10 100 128 19 Forwarding 80 00 00 20 06 25 ed 80 80 0d 14 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0e 15 TP 10 100 128 100 Disabled 80 00 00 20 06 25...

Page 154: ...efault value is 32768 Cost A path cost is assigned to individual ports for the switch to determine whic a falls in the passive mode compared to the link with a lower cost Value ranges from 0 to 65535...

Page 155: ...Spanning Tree Enabled Global YES Spanning Tree Enabled Ports YES 9 10 11 12 13 14 15 16 Protocol Normal STP Bridge ID 80 00 00 20 06 25 ed 80 Bridge Priority 32768 Bridge Forward Delay 15 Bridge Hello...

Page 156: ...e Max Age 20 RSTP CONFIGURATION Rapid STP STP Enabled Global NO Magnum6K25 stp priority port 13 value 20 Successfully set the priority for port 13 Magnum6K25 stp show stp ports STP Port Configuration...

Page 157: ...0 0a 10 11 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0b 12 TP 10 100 128 100 Disabled 80 00 00 20 06 25 ed 80 80 0c 13 TP 10 100 20 19 Forwarding 80 00 00 20 06 25 ed 80 80 0d 14 TP 10 100...

Page 158: ...Global NO Magnum6K25 stp timers forward delay 20 hello 5 age 40 ERROR Invalid Values Max Age 2 Forward Delay 1 and Max Age 2 Hello Time 1 Magnum6K25 stp timers forward delay 20 hello 5 age 30 Success...

Page 159: ...may not need to participate in STP process These ports typically would be end stations If you Syntax timers forward delay 4 30 hello 1 10 age 6 160 change the STP Forward Delay Hello timer and Aging t...

Page 160: ...EE 802 1w is a further evolution of the 802 1d Spanning Tree Protocol It replaces the settling period with an active handshake between switches bridges that guarantees topology information to be rapid...

Page 161: ...n this state is usually quite short RSTP switches bridges operating in STP compatibility mode will spend between 6 to 40 seconds in this state After learning the bridge will place the port in the forw...

Page 162: ...sent and received In order to allow RSTP switches to support applications and protocols that may be sensitive to frame duplication and out of sequence frames RSTP may have to be explicitly set to be...

Page 163: ...EEE 802 1d STP services but cannot support RSTP services p2p This parameter is used to tell the port if it is connected to another switch or a hub or a bridge device This parameter should be set to of...

Page 164: ...rts have RSTP enabled Protocol indicates type of RSTP protocol active Bridge Priority specifies the switch bridge priority value This value is used along with the switch MAC address to determine which...

Page 165: ...lo time Hello information is sent out every 2 seconds Root Bridge Max Age indicates the designated root bridge s maximum age after which it discards the information as being old and receives new updat...

Page 166: ...ared to the path cost in RSTP Port Type STP Path cost RSTP Path cost 10 Mbps 100 2 000 000 100 Mbps 19 200 000 1 Gbps 4 20 000 10 Gbps 2 2 000 Figure 89 Path cost as defined in IEEE 802 1d STP and 802...

Page 167: ...ow the values of the timers set for RSTP Syntax priority port number list range value 0 255 0 65535 specifies the port or switch level priority When a port s are specified the priority is associated w...

Page 168: ...e the switch discards the information and updates the address table again Value ranges from 6 to 160 seconds with default value of 20 seconds Use a larger number when there are a large number of nodes...

Page 169: ...0 0d 14 TP 10 100 128 2000000 Disabled 00 0e 15 TP 10 100 128 2000000 Disabled 00 0f 16 TP 10 100 128 2000000 Disabled 00 10 Magnum6K25 rstp forceversion rstp Error Force Version already set to Normal...

Page 170: ...ay 15 Root Bridge Hello Time 02 Root Bridge Max Age 20 Topology Change count 0 Time Since topology Chg 141 Magnum6K25 rstp show timers Forward Delay Timer 15 sec Hello Timer 2 sec Max Age 20 sec Magnu...

Page 171: ...rt Type Priority Path Cost State Des Bridge Des Port 09 TP 10 100 128 2000000 Forwarding 00 00 00 20 06 25 ed 89 00 09 10 TP 10 100 128 2000000 Disabled 00 0a 11 TP 10 100 128 2000000 Disabled 00 0b 1...

Page 172: ...15 TP 10 100 128 2000000 Disabled 00 0f 16 TP 10 100 128 2000000 Disabled 00 10 Magnum6K25 rstp timers forward delay 20 hello 5 age 30 Successfully set the bridge time parameters Magnum6K25 rstp show...

Page 173: ...list range migration enable set this for all ports connected to other devices such as hubs bridges and switches known to support IEEE 802 1d STP services but cannot support RSTP services Syntax show...

Page 174: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 173 Syntax timers forward delay 4 30 hello 1 10 age 6 160 change the STP Forward delay Hello timer and Aging timer values...

Page 175: ...ed with networking switches from different vendors LLL triggers action on the device supporting LLL when a connection is broken or there is loss of the link signal on a ring port LLL can be used with...

Page 176: ...hever occurs first In most instances the link loss will be detected faster than the two second interval at which the BPDU packets are successfully passed around the ring Typical ring recovery times us...

Page 177: ...License A license key is needed One key per ring manager switch Included in MNS 6K Included in MNS 6K Spanning Tree Works with RSTP or STP devices Devices supported Managed or certain non managed Magn...

Page 178: ...al homing to members in the ring Supports dual homed device to devices in the network Supports dual homed device to devices in the network RSTP STP Operation without S Ring S Ring supports non managed...

Page 179: ...re in the ring will interrupt the flow of standard RSTP STP status checking BPDU packets and will signal to RSTP STP that a fault has occurred According to the standard RSTP STP defined sequence proto...

Page 180: ...tes depending on the number of switches and other RSTP STP parameters in operation RSTP STP Operation with S Ring When the Magnum 6K family of switches is used in the network and the S Ring feature is...

Page 181: ...r remote operation access security event logs and other industry standard managed network capabilities suitable for industrial applications requiring redundancy When S Ring is enabled for a port pair...

Page 182: ...kly re learn where to send packets enabling them to participate in a very quick recovery or restoration Note that a Link loss on any Magnum 6K Switch port somewhere in the ring is an alternative trigg...

Page 183: ...eboot Proceed on rebooting the switch Y or N Y Do you wish to save current configuration Y or N Y Saving current configuration Configuration saved Rebooting now FIGURE 95 Activating S Ring on the swit...

Page 184: ...Syntax s ring enable disable enable or disable S Ring capabilities Syntax s ring learn start the learning process to discover the ring and the ports which make up the S Ring Syntax s ring add port po...

Page 185: ...en in quick successions If the ring system sees a sequence of changes in the duration of a less than a second each it will temporarily ignore the signals and leave STP to reconfigure the ring network...

Page 186: ...p enable disable Start Enable or stop Disable STP Syntax set stp type stp rstp set the spanning tree protocol to be IEEE 802 1d or 802 1w Spanning Tree Protocol or Rapid Spanning Tree Protocol Syntax...

Page 187: ...ange disable LLL on the list of specified ports Syntax show lll display the status of LLL Syntax rstp STP Configuration mode Syntax rstp enable disable Start Enable or stop Disable STP Syntax set stp...

Page 188: ...iability by allowing a device to be connected to the network by way of two independent connection points points of attachment One connection point is the operating connection and the other is a standb...

Page 189: ...s well as other advantages such as IGMP managed configuration and more To provide the managed reliability to the end devices dual homing can be used with MNS 6K devices FIGURE 99 Dual homing using Mag...

Page 190: ...tors cables in the switch6 Only one set of dual homing ports can be defined per switch Port types Copper vs fiber as well as speeds can be mixed and matched both ports need not be identical By default...

Page 191: ...has to be explicitly setup The primary secondary mode of operation is only possible on managed switches such as the Magnum 6K family of switches The primary secondary mode of operation allows the netw...

Page 192: ...ual Homing Active On Port 10 Magnum6K25 dualhome dualhome del Dual Homing Ports Deleted and Dual Homing Disabled Magnum6K25 dualhome show dualhome Dual Homing Status DISABLED Magnum6K25 dualhome dualh...

Page 193: ...ntax dualhome enable disable enable or disable dual homing Syntax dualhome add port1 port port2 port dual homing setup similar to that of unmanaged switches such as ESD42 OR Syntax dualhome add primar...

Page 194: ...links into a single logical link for increased bandwidth With LACP the effective bandwidth of a trunk and network availability is increased Two or more Fast Ethernet connections are combined as one l...

Page 195: ...t is possible to hook up multiple ports to these switches and create an Ethernet loop In many cases this is prevented by Spanning Tree running on these switches All ports in a trunk group should be me...

Page 196: ...fferent modules Another example is highlighted below where some ports belong to VLAN 10 shown in red and other ports belong to VLAN 20 shown in blue If the port groups do not have a common VLAN betwee...

Page 197: ...n will not work in the LACP mode VLAN 20 VLAN 10 Switch 2 Switch 1 FIGURE 105 In the figure above there is no common VLAN between the two sets of ports so packets from one VLAN to another cannot be fo...

Page 198: ...architecture above using RSTP and LACP allows multiple switches to be configured together in a meshed redundant link architecture First define the RSTP configuration on the switches Then define the L...

Page 199: ...redundancy to the edge of the network It is recommended not to use LACP with S Ring at this time Since S Ring and LACP use the same BPDUs called LACPDUs the architecture shown below is not supported i...

Page 200: ...ween two facilities connected via a wireless bridge As shown in the figure below four trunk ports are connected to four wireless bridge pairs This increases the effective throughput of the wireless co...

Page 201: ...e priority The port with the highest priority is the primary port Syntax del port number list range delete specified ports from the LACP membership Syntax edit port number list range priority priority...

Page 202: ...as the primary port So in the example above if port 4 fails port 5 will be designated as the primary port Magnum6K25 show lacp LACP is Disabled Magnum6K25 lacp Magnum6K25 lacp add port 14 15 16 Error...

Page 203: ...nnected Half duplex A Half Duplex port Half Duplex ports cannot participate in LACP Loop Detected Indicates the other side does not have LACP configured Without LACP configured on both switches the ne...

Page 204: ...ports 17 and 23 forming the second trunk on Switch 2 The show lacp command was executed on Switch 1 Magnum 6K lacp show lacp Trunk Id 1 Trunk Status Trunk Active Primary Port 11 Trunk Partner 00 20 06...

Page 205: ...ecified list of ports Syntax ecified ports from the LACP membership of the Syntax to form the logical LACP trunk Default value for priority is 32768 The lower the value assigned to priority the higher...

Page 206: ...implement buffers to queue incoming packets as well as outgoing packets In a queue mechanism normally the packet which comes in first leaves first FIFO and all the packets are serviced accordingly Ima...

Page 207: ...n the LAN MAN and WAN DiffServ works by tagging each packet at the originating device or an intermediate switch for the requested level of service it requires across the network FIGURE 114 ToS and DSC...

Page 208: ...need to differentiate these bits from the rest of the ToS byte The Magnum 6K family of switches has the capability to provide QoS at Layer 2 At Layer 2 the frame uses Type of Service ToS as specified...

Page 209: ...e IPv4 packet which has 64 bits are used If the 6 bits are set to ToS QoS for the specific port number the packet went to that packet is assigned high priority by that port Configuring QoS Magnum 6K f...

Page 210: ...For instance traffic with an IP precedence field value of 7 gets a lower weight than traffic with an IP Precedence field value of 3 and thus has priority in the transmit order Once the port weight is...

Page 211: ...ged received packets to be transmitted as tagged from the priority queue Magnum6K25 show port Keys E Enable D Disable H Half Duplex F Full Duplex M Multiple VLAN s NA Not Applicable LI Listening LE Le...

Page 212: ...7 None DOWN 9 None DOWN 10 HIGH DOWN 11 None DOWN 13 None DOWN 14 None DOWN 15 None DOWN Magnum6K25 qos setqos port 11 priority high type tag tag 6 Successfully set QOS Magnum6K25 qos show qos PORT Q...

Page 213: ...ag tag 5 Successfully set QOS Magnum6K25 qos show qos type tag PORT Pri for VPT STATUS 76543210 1 UP 2 DOWN 3 DOWN 5 DOWN 6 DOWN 7 DOWN 9 DOWN 10 DOWN 11 LHLLLLL DOWN L 13 LLMLLLLL DOWN 14 DOWN 15 DOW...

Page 214: ...tings on a port yntax show qos type port tag tos port port list range displays the QoS yntax set untag port port list range priority high low tag 0 7 The priority high low tos 0 63 list range tag 0 7...

Page 215: ...am i e the datagram is not guaranteed to arrive at all members of the destination group or in the same order relative to other datagram The membership of a host group is dynamic that is hosts may join...

Page 216: ...IGMP is not present then the switch must assume this function in order to elicit group membership information from the hosts on the network If you need to disable the querier feature you can do so thr...

Page 217: ...fic and does not distinguish between IP multicast group members and non members Thus it is sending large amounts of unwanted multicast traffic out the ports to PCs 2 and 3 Switch 2 is recognizing IGMP...

Page 218: ...rk In the above figure the multicast group traffic does not go to switch 1 and beyond This is because either the port on switch 3 that connects to switch 1 has been configured as blocked or there are...

Page 219: ...of the ports sends a join report or invokes the IGMP Pruning action the behavior changes A multicast group is formed in the switch and the stream is sent only to those ports that actually want to joi...

Page 220: ...nor is there any capability for the devices to use IGMP snooping to join a multicast group Thus the traffic picture from a multicast device would look as shown below R1 R2 R3 R4 R5 R6 T1 T1 T2 T2 FIGU...

Page 221: ...family of switches a Layer 2 network can minimize multicast traffic as shown above Each switch has the IGMPL2 turned on Each switch can exchange the IGMP query message and respond properly R4 wants to...

Page 222: ...e forwarded on the same port groups It is not possible to do forwarding based on IP addresses as the Magnum 6K family of switches operate at Layer 2 Magnum 6K family of switches configured for IGMP L2...

Page 223: ...unknown streams Enabled Magnum6K25 igmp mcast disable MCAST is disabled Magnum6K25 igmp show igmp IGMP State Enabled ImmediateLeave Disabled Querier Enabled Querier Interval 125 Querier Response Inter...

Page 224: ...es maximum amount of time in seconds that can elapse between when the querier sends a host query message and when it receives a response from a host Syntax show group shows the multicast groups Magnum...

Page 225: ...it for the timer to expire Syntax set querier enable disable enables or disables a switch as IGMP querier Syntax set qi interval value The IGMP querier router periodically sends general host query mes...

Page 226: ...bled Magnum6K25 igmp show igmp IGMP State Enabled ImmediateLeave Enabled Querier Enabled Querier Interval 125 Querier Response Interval 10 Magnum6K25 igmp set leave disable IGMP immediate leave status...

Page 227: ...MP State Enabled ImmediateLeave Disabled Querier Disabled Querier Interval 127 Querier Response Interval 10 Magnum6K25 igmp set qri interval 11 Query response interval successfully set Magnum6K25 igmp...

Page 228: ...9 0 1 10 10 STATIC 0 0 239 0 1 10 11 STATIC 0 0 239 0 1 10 12 STATIC 0 0 Magnum6K25 igmp IGURE 125 Adding broadcast groups using the group command or setting IGMP L2 mode make sure the set of commands...

Page 229: ...t groups yntax set port port port list range mode auto forward block set the port yntax show port display the port characteristics for IGMP P enabled router ports ables or disables the switch to immed...

Page 230: ...hat can elapse between when the querier router sends a host query message and when it receives a response from a Syntax m is in lower case and is shown in upper case for clarity host The Default value...

Page 231: ...idge Protocol Data Units GVRP BPDUs to advertise static VLANs We refer to GVRP BPDU as an advertisement GVRP enables the Magnum 6K family of switches to dynamically create 802 1q compliant VLANs on li...

Page 232: ...or switch with GVRP on 6 Static VLAN configured end device NIC or switch with GVRP on 6 Switch 1 with static VLANs VID 1 2 3 Port 2 is a member of VIDs 1 2 3 1 Port 2 advertises VIDs 1 2 3 2 On Switc...

Page 233: ...rt 3 dynamically joined VLAN 33 Ports 6 dynamically joined VLAN 33 Switch A GVRP On Tagged VLAN 22 Switch B No GVRP Tagged VLAN 22 Switch C GVRP On Tagged VLAN 22 Tagged VLAN 33 Switch D GVRP On Dynam...

Page 234: ...ents but ignore advertisements received from other ports Avoid GVRP participation by not sending advertisements and dropping any advertisements received from other devices Unknown VLAN Mode Operations...

Page 235: ...ynamic VLAN to be converted to a static VLAN The command to use is Syntax static vlan VID convert a dynamic VLAN to a static VLAN Note show vlan type tag will display VID in case the VID is not known...

Page 236: ...untagged static VLAN has the option to both generate advertisements and dynamically join other VLANs The unknown VLAN parameters are configured on a per interface basis using the CLI The tagged untag...

Page 237: ...le Syntax static vlan VID convert a dynamic VLAN to a static VLAN Syntax set forbid vlan tag vlanid forbid port number list range sets the forbid GVRP capability on the ports specified Syntax show for...

Page 238: ...ver the dynamic VLAN re y receiving advertisements from other devices running GVRP the switch learns of static GVRP enabled switch does not advertise any GVRP learned VLANs out of the port s on A chan...

Page 239: ...RP Syntax show vlan list all the VLANs including dynamic VLANs on the switch Syntax set ports port port list range state learn block disable set the state of the port to learn block or disable for GVR...

Page 240: ...ne the SNMP standards The most common standards for SNMP are SNMP v1 the original version of SNMP SNMP v2 and more recently SNMP v3 SNMP is a poll based mechanism SNMP manager polls the managed device...

Page 241: ...ludes both data integrity and data origin authentication Authoritative SNMP engine One of the SNMP copies involved in network communication designated to be the allowed SNMP engine which protects agai...

Page 242: ...et by a string match of the user name auth authenticates a packet by using either the HMAC MD5 algorithms priv authenticates a packet by using either the HMAC MD5 algorithms and encrypts the packet us...

Page 243: ...NMPv2 Working Group RFC 1908 Coexistence between Version 1 and Version 2 of the Internet standard Network Management Framework SNMPv2 Working Group RFC 2271 2275 SNMPv3 RFC 2104 Keyed Hashing for Mess...

Page 244: ...ew based access control model This allows any manager station to access the Magnum 6K switch either via SNMP v1 v2c or v3 The community name is public This command is only intended for first time user...

Page 245: ...ned in RFC 2275 This command defines a manager or group or manager stations what it can access inside the MIB object tree On MNS 6K up to 10 entries can be specified Syntax show view id id display all...

Page 246: ...Magnum6K25 snmp mgrip add ip 192 168 1 111 Manager IP Address added successfully Magnum6K25 snmp mgrip add ip 192 168 1 222 Manager IP Address added successfully Magnum6K25 snmp show snmp SNMP CONFIG...

Page 247: ...222 SNMP TRAP STATIONS INFO IP Address 192 168 1 2 Trap Type SNMP RMON Magnum6K25 snmp exit Magnum6K25 show snmp SNMP CONFIGURATION INFORMATION SNMP Get Community Name public SNMP Set Community Name...

Page 248: ...ocation lab Magnum6K25 snmpv3 quickcfg This will enable default VACM Do you wish to proceed Y or N Y Quick configuration done default VACM enabled Magnum6K25 snmpv3 engineid string Magnum6K Engine ID...

Page 249: ...dd id 1 secname public source default community public Entry is added successfully Magnum6K25 snmpv3 com2sec add id 2 ERROR secname parameter is required for add directive Magnum6K25 snmpv3 com2sec ad...

Page 250: ...v1 v1 1 2 public v2c 1 3 public usm 1 4 5 6 7 8 9 10 Magnum6K25 snmpv3 show group id 1 Group ID 1 Group Name v1 Model v1 Com2Sec ID 1 Magnum6K25 snmpv3 view add id 1 viewname all type included subtree...

Page 251: ...e none exact 2 3 4 5 6 7 8 9 10 Magnum6K25 snmpv3 show access id 1 Access ID 1 Access Name v1 Sec Model v1 Sec Level noauth Read View ID 1 Write View ID none Notify View ID none Context Prefix exact M...

Page 252: ...l connected network segments This allows for troubleshooting and optimizing your network The Magnum 6K family of switches provides hardware based RMON counters The switch manager or a network manageme...

Page 253: ...string def comm string define the RMON alarm group and the community string associated with the group Syntax event def owner string def comm string define the RMON event group and the community strin...

Page 254: ...nmp displays the SNMP configuration information Syntax setvar sysname syscontact syslocation string sets the system name contact and location All parameters are optional but a user must supply at leas...

Page 255: ...play all or specific group entries id is optional and is the number corresponding to the group entry number in the table Syntax view add delete id id viewname name type included excluded subtree oid m...

Page 256: ...associated with the group Syntax alarm def owner string def comm string define the RMON alarm group and the community string associated with the group Syntax event def owner string def comm string def...

Page 257: ...rovision for tripping or activating an external relay to electrically trigger any circuit desired These could be an indicator light a flashing strobe light an audible alarm or any other such devices T...

Page 258: ...dition The relay will revert to closed position when the S RING goes to CLOSED position This information is covered in more details in Chapter 11 on S Ring and Link Loss Learn To customize these capab...

Page 259: ...2 Magnum6K25 alarm add event 1 5 Event 2 is Already Enabled Alarm Event s Added 1 3 4 5 Magnum6K25 alarm add event 6 8 Alarm Event s Added 6 8 Magnum6K25 alarm add event all Event 1 is Already Enable...

Page 260: ...tart MOMENTARY 3 Warm Start MOMENTARY 4 Link Up MOMENTARY 5 Link Down MOMENTARY 6 Authentication Failure MOMENTARY 7 RMON Raising Alarm MOMENTARY 8 RMON Falling Alarm MOMENTARY 9 Intruder Alarm MOMENT...

Page 261: ...Intruder Alarm MOMENTARY 10 Link Loss Learn Triggered MOMENTARY 11 Broadcast Storm Detected MOMENTARY 12 STP RSTP Reconfigured MOMENTARY Magnum6K25 alarm exit Magnum6K25 FIGURE 137 Setting up the exte...

Page 262: ...ients and filters The SMTP alerts provide the following capabilities SMTP alerts can be enabled or disabled globally User can define a global default SMTP server identified by its IP address TCP port...

Page 263: ...If this option is not defined the global default SMTP server is used port optional TCP port of the SMTP server If this is not defined the global default TCP port is used Syntax delete id 1 5 delete th...

Page 264: ...d 2 email jsmith garrettcom com traps S events CF Recipient successfully added Magnum6K25 smtp show smtp recipients ID E mail Address SMTP Server Port Traps Events 1 rk gci sys gci com 67 109 247 195...

Page 265: ...rrettcom com from support garrettcom com subject test body hello Magnum6K25 smtp show smtp config SMTP Global Configuration Status Enabled SMTP Server IP 67 109 247 195 SMTP Server Port 25 Retry Count...

Page 266: ...ly of switches is not overrun The important parameters to set for any serial connectivity software is to set the line delay to be 500 milliseconds and the character delay to be 50 milliseconds For exa...

Page 267: ...y appropriate to terminate the connection Responsible users will follow the directive much like a No Trespassing sign posted outside of the security fences o To change the banner message the following...

Page 268: ...opened up using telnet to display the effects of changing the MOTD on the switch C telnet switch Copyright c 2001 2005 GarrettCom Inc All rights reserved This is a secure device Unauthorized access i...

Page 269: ...every time the key is pressed the last command is printed on the screen but not executed ws for editing errors made in typing Syntax show version displays the version of MNS 6K being used S up to a ma...

Page 270: ...1217245902 Magnum6K25 FIGURE 141 History commands Prompt Setting a meaningful host prompt can be useful when a network administrator is managing has multiple telnet or console sessions open at the sa...

Page 271: ...prompt n b i b Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 Magnum6K25 192 168 5 5 set prompt Some bthing i Some thing192 168 5 5 set prompt Some bthing b i Some thing 192 168...

Page 272: ...ve ftp in odes The file transfer protocol or ftp passive ftp Passive FTP is used b security policies set by companies Syntax set ftp mode normal passive set the ftp mode of operation Syntax show ftp d...

Page 273: ...ing is limited to the first six levels them NOTE since memory is full the logs stop writing It is important to erase the log periodically or use syslog capability to download the logs to a syslog serv...

Page 274: ...is enabled A 03 03 2005 9 35 40 A M IGMP IGMP Snooping is disabled A 03 03 2005 9 41 46 A M IGMP IGMP Snooping is enabled Magnum6K25 F 145 Event log shown on the screen IGURE Event logs can be exporte...

Page 275: ...log to export the event log information In the table below the following acronyms are used for Severity E Alert C Critical F Fail or Error conditions W Warning N Notice I I low The table is sorted by...

Page 276: ...ailure F DEVICE Ethernet hardware error F DEVICE Ethernet interrupt init failure F DEVICE Unable to allocate ethernet memory F DEVICE System started I DEVICE Network Stack not yet configured I DEVICE...

Page 277: ...d I RMON Event entry X is set to invalid I RMON Alarm entry X is set to valid I RMON Alarm entry X is set to invalid I SNMP Snmp snmpEnableAuthenTraps is set to enabled A SNMP Snmp snmpEnableAuthenTra...

Page 278: ...VLAN pvlan vlan X enabled I VLAN pvlan vlan X disabled I VLAN pvlan vlan X deleted I VLAN pvlan port based VLAN started I VLAN pvlan port based VLAN stopped I VLAN pvlan default vlan is modified I VLA...

Page 279: ...otice that there are other MAC addresses associated with port 3 indicating that the port has a hub or a switch connected to it List of commands in this chapter Syntax alarm enter the alarm configurati...

Page 280: ...ill be sent to recipient or a combination of I informational A activity C critical F fatal and D debug With event ACF implies that events of severity types activity critical and fatal will be sent to...

Page 281: ...Syntax n repeat the n th command as indicated by a show history Syntax show history show the last 25 commands executed if less than 25 commands are executed only those commands executed are shown Syn...

Page 282: ...arameters Syntax show config show setup parameters configured Syntax enable user name changing the privilege level Syntax add user name level number adding a user Syntax delete user name deleting a us...

Page 283: ...otp look only for bootp servers on the network Disable dhcp or other mode manual do not set the IP address automatically auto the switch will first look for a DHCP server If a DHCP server is not found...

Page 284: ...dress as well as an IPV4 address Syntax show dns display the DNS settings Syntax set serial baud rate data 5 6 7 8 parity none odd even stop 1 1 5 2 flowctrl none xonxoff sets serial port parameters S...

Page 285: ...using ftp command Where get put list del different ftp operations type app config oldconf script hosts log optional type field This is useful to specify whether a log file or host file is uploaded or...

Page 286: ...fer operations get a file from the server or put the information on the server type app config oldconf script hosts log optional type field This is useful to specify whether a log file or host file is...

Page 287: ...ter 4 IPv6 Syntax ipconfig ip ip address mask subnet mask dgw gateway add del configure and IPv6 address The add delete option can be used to add or delete IPv4 IPv6 addresses Syntax show ipconfig dis...

Page 288: ...sntpsrv start stop Start or stop the SNTP Services Syntax show sntpsrv display the status of SNTP server Chapter 7 Access Considerations Syntax set password set or change password Syntax configure po...

Page 289: ...slog server Maximum of five servers can be defined Syntax server edit id id host host ip port port event all none default list edit the server setup as well as which syslog messages the server should...

Page 290: ...port s to be configured supptimeout optional This is the timeout in seconds the authenticator waits for the supplicant to respond back Default value is 30 seconds Values can range from 1 to 240 second...

Page 291: ...Access using TACACS Syntax show tacplus status servers show status of TACACS or servers configured as TACACS servers Syntax tacplus enable disable order tac local local tac enable or disable TACACS a...

Page 292: ...settings Syntax show port Port number display port settings Syntax flowcontrol xonlimit value xofflimit value configure flow control buffers Syntax show flowcontrol display flow control buffers Synta...

Page 293: ...join id number adds the specified port s to the specified VLAN id Syntax set port port number list range leave id number releases a specific port from a VLAN Syntax show port port port list range sho...

Page 294: ...gration enable edge enable disable p2p on off auto set the port type for RSTP Example port port number list range p2p off Set the point to point value to off on all ports that are connected to shared...

Page 295: ...y security key activate the S Ring capabilities Don t forget to use the save command to save the key Syntax stp STP Configuration mode Syntax stp enable disable Start Enable or stop Disable STP Syntax...

Page 296: ...guration sub system Syntax dualhome enable disable enable or disable dual homing Syntax dualhome add port1 port port2 port dual homing setup similar to that of unmanaged switches such as ESD42 OR Synt...

Page 297: ...set it then defaults to low priority ToS has 64 levels and the valid values are 0 63 and a tagged packet has 8 levels and the valid values are 0 7 Syntax set weight weight 0 7 sets the port priority w...

Page 298: ...embership information This is sent to the all system multicast group address 224 0 0 1 The default value is 125 seconds The valid range can be from 60 to 127 seconds Syntax set qri interval value The...

Page 299: ...terprise All ip ipaddress add v1 traps as well as define the trap receiver Syntax show snmp displays the SNMP configuration information Syntax mgrip add delete ip IPaddress adds or deletes a managemen...

Page 300: ...CM as defined in RFC 2275 This specifies the mapping from a source community pair to a security name On MNS 6K up to 10 entries can be specified Syntax group add delete id id groupname name model v1 v...

Page 301: ...iated with the group Syntax event def owner string def comm string define the RMON event group and the community string associated with the group Syntax show rmon stats hist event alarm list the speci...

Page 302: ...ty types will be sent to recipient none no event will be sent to recipient or a combination of I informational A activity C critical F fatal and D debug With event ACF implies that events of severity...

Page 303: ...eat the last command Syntax n repeat the n th command as indicated by a show history Syntax show history show the last 25 commands executed if less than 25 commands are executed only those commands ex...

Page 304: ...s printed on the screen but not executed This allows for editing errors made in typing access setup access configuration parameters action port num list range none disable drop action to perform in ca...

Page 305: ...ip ipaddress mask netmask service name list allow specific IP address or range of addresses as a trusted host s allow mac address list range port num list range specify a specific MAC address or MAC a...

Page 306: ...command Enter options for a command community write write community read read community trap trap community set the necessary community strings config startip start ip endip endip mask mask dns dns1 d...

Page 307: ...addresses device configure device and port specific settings dhcpsrv start stop start or stop the DHCP server By default the server is off dualhome enter the dual homing configuration sub system dual...

Page 308: ...rol xonlimit value xofflimit value configure flow control buffers forceversion stp rstp set the STP or RSTP compatibility mode ftp get put list del type app config oldconf script host s log host hostn...

Page 309: ...for accessing host This is equivalent to creating a host table on many systems Maximum of 10 such entries are allowed help command string help for a specific command history def owner string def comm...

Page 310: ...ns allowed mode l2 normal Set the IGMP mode to be IGMP L2 mode or normal IGMP mode more enable disable show enable or disable the scrolling of lines one page at a time passwd user name changing a pass...

Page 311: ...ty qos enter the QoS configuration mode quickcfg quick setup for snmpv3 configuration It automatically configures a default VACM view based access control model This allows any manager station to acce...

Page 312: ...body of the text See example fo the body of the text message later in this chapter server ip ip addr port 1 65535 retry 0 3 configure the global SMTP server settings server add host host ip port port...

Page 313: ...L3 device is in the network and is the IGMP root The IGMP L2 is used when there is no L3 device in the network set logsize size 1 1000 set the log buffer size set motd after the command is typed MNS a...

Page 314: ...er to expire setport monitor monitor port number sniffer sniffer port number set port mirror settings set port port port list range mode auto forward block set the port characteristics for IGMP Block...

Page 315: ...f full auto enable disable flow enable disable bp enable disable status enable disable configure port settings set ports port port list range state learn block disable set the state of the port to lea...

Page 316: ...levels have to be set and for QOS type ToS the ToS levels have to be set If the priority field is not set it then defaults to low priority ToS has 64 levels and the valid values are 0 63 and a tagged...

Page 317: ...set all the ports will be the same weight across the switch The valid value for weight is 0 7 stftp get put list del type app config oldconf script host s log host hostname ip ipaddress file filename...

Page 318: ...buffers show config show setup parameters configured show console displays the console settings show date displays the date show dhcpsrv config status leases display the DHCP server configuration lea...

Page 319: ...age set show port Port number display port settings show port mirror display port mirror settings show port security display port security settings show qos type port tag tos port port list range disp...

Page 320: ...ystem time show timezone displays the timezone information show uptime displays the amount the time elapsed since the last reboot or power failure show version displays the version of MNS 6K being use...

Page 321: ...le show user id id display all or specific view entries id is optional and is the number corresponding to the view entry number in the table show view id id display all or specific view entries id is...

Page 322: ...ssh enable disable keygen enable or disable the server Also can be used for generating the key ssh port port default select a different port number for SSH communication s ring enable disable enable o...

Page 323: ...where tac local implies first the TACAS server then local logins on the device tacserver add delete id num ip ip addr port tcp port encrypt enable disable key string mgrlevel level oprlevel level adds...

Page 324: ...or downloaded This can also perform the task of exporting a configuration file or uploading a new image to the switch host hostname ip ipaddress file filename parameters associated with tftp server f...

Page 325: ...groups displays the current groups view add delete id id viewname name type included excluded subtree oid mask hex string a part of the View based Access control model VACM as defined in RFC 2275 Thi...

Page 326: ...M A G N U M 6 K S W I T C H E S M N S 6 K U S E R G U I D E 325 Intentionally left blank...

Page 327: ...or after April 24th End DST at 2am the first Sunday on or after October 25th Canada and Continental US Begin DST at 2am the first Sunday on or after April 1st End DST at 2am the first Sunday on or aft...

Page 328: ...ile Cuba Egypt France Finland Germany Greece Iraq Italy London Namibia Portugal Russia Spain Sweden Switzerland Syria USA Note as of Release 3 7 the new daylight saving times dates enforced as of 2007...

Page 329: ...appendix Many devices as well as web sites today use secure methods to communicate via the web Once secure web communications are required the browsers look at the certificate and match the URL infor...

Page 330: ...site when the address URL does not match the information in the self signed certificate FIGURE 149 On finding a mismatch between the certificate and the accesses site Mozilla Firefox pops the window...

Page 331: ...E R C E R T I F I C A T E S FIGURE 150 Mozilla Firefox tries to warn the user again about the dangers of sites with improper certificates Once the Add Exception button is displayed make sure you click...

Page 332: ...ss the site Notice that the browser points out that valid sites such as banks online web stores government sites secure sites etc will not ask you to do that Since the GarrettCom MNS 6K is a self sign...

Page 333: ...S FIGURE 152 Here you can view the certificate permanently make an exception and confirm the exception The locations to do those are identified in this figure The self signed certificate from Garrett...

Page 334: ...d the user does not need to go through these steps again Using Internet Explorer ver 7 x Internet Explorer version 7 x provides a warning when the certificates do not match There is no mechanism to cr...

Page 335: ...7 Using Other Browsers There are many other browsers such as Opera Safari which are also widely used There are similar mechanisms built into these browsers to inspect the certificate and create an exc...

Page 336: ...APPENDIX 5 APPENDIX 5 Updating MNS 6K Software Keep up to date The steps required to update the MNS 6K software on your Magnum switch are listed Intentionally left blank 335...

Page 337: ...ot have a serial port you may want to invest in a USB to serial converter This is again available from LANstore or from GarrettCom Alternately a USB to serial cable can also be used This cable is avai...

Page 338: ...t determine the version of the software on your switch To do that use the command show version after connecting to the switch and logging in as manager with the proper password If the password is lost...

Page 339: ...member the file name and the directory where the MNS 6K software is stored This will be needed later for the upgrade irrespective of whether the MNS 6K software is updated via the serial port or over...

Page 340: ...ort the login prompt you can type in the user name and password on the URL as follows ftp m6kuser m6kuser ftp garrettcom com 3 After successful login select the proper folder for downloading the prope...

Page 341: ...nt the release is The release notes provide additional information on the latest features and functionality plus any other additional information not covered in the manuals FIGURE 157 Navigate to MNS...

Page 342: ...6K switch The access can be over the console port using the null modem cable or through the network using telnet This is described in step 2 2 Save the existing configuration either through the seria...

Page 343: ...num 6K switch can be accessed via the serial port or through the network using telnet For using telnet make sure the switch is configured with the proper IP address netmask and default gateway informa...

Page 344: ...ct to a Magnum 6K switch with IP address 192 168 10 11 If the telnet command does not work check for network connectivity using the ping command Please ensure that a personal firewall or other firewal...

Page 345: ...lt do not over write files If the file transfer fails check to see if the file name already exists or use a different file name with the saveconf command Also make sure the ftp or TFTP FTP services ar...

Page 346: ...Receive File is invoked as shown in Figure above follow the dialog to save the file in the proper directory with the proper name as shown in Figure below FIGURE 163 Make sure to select the Xmodem prot...

Page 347: ...orkstations computers can be one and the same To save using TFTP or FTP first ensure that you have the FTP or TFTP server set up and the switch can ping the TFTP or the FTP server For ftp services mak...

Page 348: ...cked Check for network connectivity using the ping command If the connectivity is OK please contact your system or network administrator to unblock FTP or TFTP packets If that is not possible the alte...

Page 349: ...iate users are informed of this outage Alternately if the S Ring technology is used the outage will not be noticeable and the switch will be re inserted in the S Ring after the upgrade is performed It...

Page 350: ...e the image Y or N Y FIGURE 167 Upgrade using serial connection Once the upgrade process is started the VT100 emulation software e g HyperTerminal will ask for the file location Once the file location...

Page 351: ...e Network Access Prerequisites make sure the directory and the file name of the MNS 6K software image downloaded in steps 1 and 2 is known To upgrade using TFTP or FTP ensure that the FTP or TFTP serv...

Page 352: ...question will not be visible and the boot code will not be automatically updated See step 4 updating boot code over the network on how to update the boot code manually Magnum6K25 show version MNS 6K S...

Page 353: ...te the boot code A Accessing the switch Continue to use the access method defined in steps 1 2 and 3 Reloading the configuration The command used for restoring the original configuration is Syntax loa...

Page 354: ...e console port serial connection or through the network telnet to the switch Continue to use the network access method defined in steps 1 2 and 3 Use the upgrade command as shown in Figure 17 and rebo...

Page 355: ...U P D A T I N G S O F T W A R E S T E P 4 354 Intentionally left blank...

Page 356: ...low mac 91 92 104 287 anycast address 73 app 56 57 284 285 307 324 auth 34 109 110 111 112 113 114 289 Authentication 240 Authentication Server 106 authenticator 106 108 109 110 114 115 289 290 Authen...

Page 357: ...fferentiated Services See Diffserv Diffie Hellman 45 DiffServ 206 disable mode 90 dns 48 67 283 312 DNS 48 67 283 312 317 drop mode 90 DS See Diffserv DSA 46 DSCP 206 dualhome 190 191 192 295 306 Dual...

Page 358: ...96 297 326 328 335 IGMP L2 218 219 220 221 228 296 297 309 312 IMAP 260 ipconfig 28 37 74 75 281 286 IPv4 72 73 74 207 208 307 323 IPv6 72 73 74 75 78 79 80 81 87 286 307 323 ISP 106 Kerberos 46 kill...

Page 359: ...t security 90 94 95 104 287 priority 150 152 155 158 166 170 172 205 292 294 Private VLAN 135 privilege level 29 prtmr 122 130 291 ps 91 92 104 288 public keys 45 put 56 57 284 285 307 324 qos 208 213...

Page 360: ...165 RTSP 159 save 28 37 55 65 94 95 145 237 281 292 saveconf 55 65 68 284 saveconf mode 68 284 script 56 57 284 285 307 324 Secure ftp 56 69 Secure Shell See SSH sendmail 262 264 279 301 serial numbe...

Page 361: ...set ports 236 297 set qi 224 226 228 297 setqos 210 211 212 set qri 224 226 229 297 set querier 224 225 226 setsntp 53 54 68 283 setsntp server 68 283 set untag 213 296 setvar 51 52 68 243 247 253 270...

Page 362: ...5 show ipv6 74 75 286 show lacp 200 201 202 203 204 296 show lll 184 186 295 show log 97 98 99 104 272 273 288 show motd 266 267 278 300 318 show port 124 127 130 210 291 show port mirror 122 130 291...

Page 363: ...5 247 251 252 253 261 262 263 265 276 278 279 280 298 301 302 303 310 312 319 320 321 SNMP engine 240 SNMP group 240 SNMP user 240 SNMPv2c 239 240 snmpv3 243 247 253 298 sntp 54 68 SNTP 53 54 62 65 68...

Page 364: ...120 290 322 TAI 84 Tatu Yl nen 45 TCP 26 116 119 120 290 322 telnet 42 43 47 67 75 267 283 286 Telnet 44 45 telnet enable 42 tftp 56 58 69 273 285 323 timers 150 153 157 158 166 171 173 293 294 ToS 20...

Reviews:

No comments

Brands by name

Popular brands

Load more brands