iPECS ES-3052G User Manual Download Page 1

U

SER

  G

UIDE

iPECS is an Ericsson-LG Brand

Please read this manual carefully before 
operating your set. Retain it for future reference.

ES-3052G / ES-3052GP

User Manual

Summary of Contents for ES-3052G

Page 1: ...USER GUIDE iPECS is an Ericsson LG Brand Please read this manual carefully before operating your set Retain it for future reference ES 3052G ES 3052GP User Manual...

Page 2: ...Layer 2 Managed Switch with 48 10 100 1000BASE T RJ 45 Ports and 4 Gigabit SFP Ports ES 3052GP MANAGED 52 PORT GE POE SWITCH Layer 2 Managed Switch with 48 10 100 1000BASE T RJ 45 PoE Ports and 4 Giga...

Page 3: ...ation NOTE Emphasizes important information or calls your attention to related features or instructions CAUTION Alerts you to a potential hazard that could cause loss of data or damage the system or e...

Page 4: ...DE 4 ES 3052 Series REVISION HISTORY This section summarizes the changes in each revision of this guide APRIL 2013 REVISION This is the first version of this guide This guide is valid for software rel...

Page 5: ...the Switch 57 Configuration Options 57 Required Connections 58 Remote Connections 59 Basic Configuration 60 Console Connection 60 Setting Passwords 60 Setting an IP Address 61 Downloading a Configura...

Page 6: ...g The Start Up File 104 Showing System Files 104 Automatic Operation Code Upgrade 105 Setting the System Clock 110 Setting the Time Manually 110 Setting the SNTP Polling Interval 111 Specifying SNTP T...

Page 7: ...1Q VLANs 167 Configuring VLAN Groups 170 Adding Static Members to VLANs 171 Configuring Dynamic VLAN Registration 176 IEEE 802 1Q Tunneling 180 Enabling QinQ Tunneling on the Switch 184 Adding an Inte...

Page 8: ...ces 241 Selecting the Queue Mode 242 Mapping CoS Values to Egress Queues 245 Layer 3 4 Priority Settings 248 Setting Priority Processing to DSCP or CoS 248 Mapping Ingress DSCP Values to Internal DSCP...

Page 9: ...12 Configuring the Secure Shell 314 Configuring the SSH Server 317 Generating the Host Key Pair 318 Importing User Public Keys 320 Access Control Lists 322 Showing TCAM Utilization 323 Setting the ACL...

Page 10: ...ion 376 DoS Protection 377 14 BASIC ADMINISTRATION PROTOCOLS 379 Configuring Event Logging 379 System Log Configuration 379 Remote Log Configuration 382 Sending Simple Mail Transfer Protocol Alerts 38...

Page 11: ...GURATION 455 Using the Ping Function 455 Address Resolution Protocol 457 Setting the ARP Timeout 457 Displaying ARP Entries 458 Setting the Switch s IP Address IP Version 4 459 Setting the Switch s IP...

Page 12: ...lticast VLAN Registration 507 Configuring Global MVR Settings 509 Configuring MVR Interface Status 510 Assigning Static Multicast Groups to Interfaces 512 Showing Multicast Group Members 514 SECTION I...

Page 13: ...20 SYSTEM MANAGEMENT COMMANDS 537 Device Designation 537 hostname 538 System Status 538 show access list tcam utilization 539 show memory 539 show process cpu 540 show running config 540 show startup...

Page 14: ...t Logging 566 logging facility 566 logging history 567 logging host 568 logging on 568 logging trap 569 clear log 569 show log 570 show logging 571 SMTP Alerts 572 logging sendmail 573 logging sendmai...

Page 15: ...er 590 rcommand 590 show cluster 591 show cluster members 591 show cluster candidates 592 21 SNMP COMMANDS 593 snmp server 594 snmp server community 595 snmp server contact 595 snmp server location 59...

Page 16: ...621 enable password 622 username 623 Authentication Sequence 624 authentication enable 624 authentication login 625 RADIUS Client 626 radius server acct port 626 radius server auth port 627 radius ser...

Page 17: ...45 ip telnet port 646 ip telnet server 646 show ip telnet 647 Secure Shell 647 ip ssh authentication retries 650 ip ssh server 650 ip ssh server key size 651 ip ssh timeout 652 delete public key 652 i...

Page 18: ...t 672 24 GENERAL SECURITY MEASURES 675 Port Security 676 port security 676 Network Access MAC Address Authentication 678 network access aging 679 network access mac filter 679 mac authentication reaut...

Page 19: ...h summary 697 DHCP Snooping 697 ip dhcp snooping 698 ip dhcp snooping database flash 700 ip dhcp snooping information option 700 ip dhcp snooping information policy 701 ip dhcp snooping verify mac add...

Page 20: ...ACLs 723 access list ip 724 permit deny redirect to Standard IP ACL 725 permit deny redirect to Extended IPv4 ACL 726 ip access group 729 show ip access group 729 show ip access list 730 IPv6 ACLs 73...

Page 21: ...rs 757 show interfaces status 759 show interfaces switchport 760 show interfaces transceiver 761 test cable diagnostics 763 show cable diagnostics 764 power save 764 show power save 765 27 LINK AGGREG...

Page 22: ...ic control action 800 auto traffic control alarm clear threshold 801 auto traffic control alarm fire threshold 802 auto traffic control auto control release 803 auto traffic control control release 80...

Page 23: ...mode 821 spanning tree pathcost method 822 spanning tree priority 823 spanning tree mst configuration 824 spanning tree transmission limit 824 max hops 825 mst priority 825 mst vlan 826 name 827 revi...

Page 24: ...vlan 850 Configuring VLAN Interfaces 851 interface vlan 851 switchport acceptable frame types 852 switchport allowed vlan 853 switchport ingress filtering 854 switchport mode 854 switchport native vl...

Page 25: ...port voice vlan 875 switchport voice vlan priority 875 switchport voice vlan rule 876 switchport voice vlan security 877 show voice vlan 877 35 CLASS OF SERVICE COMMANDS 879 Priority Commands Layer 2...

Page 26: ...option check 914 ip igmp snooping router port expire time 915 ip igmp snooping tcn flood 916 ip igmp snooping tcn query solicit 917 ip igmp snooping unregistered data flood 917 ip igmp snooping unsoli...

Page 27: ...ups 934 ip igmp max groups action 935 show ip igmp filter 936 show ip igmp profile 936 show ip igmp throttle interface 937 Multicast VLAN Registration 937 mvr 938 mvr immediate leave 939 mvr type 940...

Page 28: ...t poe 961 lldp med tlv inventory 961 lldp med tlv location 962 lldp med tlv med cap 962 lldp med tlv network policy 963 lldp notification 963 show lldp config 964 show lldp info local device 965 show...

Page 29: ...eway 987 show ip default gateway 988 show ip interface 988 traceroute 988 ping 989 ARP Configuration 991 arp timeout 991 clear arp cache 992 show arp 992 IPv6 Interface 993 ipv6 default gateway 993 ip...

Page 30: ...re Features 1013 Management Features 1014 Standards 1015 Management Information Bases 1015 B TROUBLESHOOTING 1017 Problems Accessing the Management Interface 1017 Using System Logs 1018 C LICENSE INFO...

Page 31: ...Setting the Polling Interval for SNTP 112 Figure 15 Specifying SNTP Time Servers 113 Figure 16 Setting the Time Zone 114 Figure 17 Summer Time Settings 116 Figure 18 Console Port Settings 118 Figure 1...

Page 32: ...meters for a Dynamic Trunk 152 Figure 48 Showing Connection Parameters for Dynamic Trunks 152 Figure 49 Showing Members of Dynamic Trunks 153 Figure 50 Displaying LACP Port Counters 154 Figure 51 Disp...

Page 33: ...Static MAC Addresses 199 Figure 86 Setting the Address Aging Time 200 Figure 87 Displaying the Dynamic MAC Address Table 201 Figure 88 Clearing Entries in the Dynamic MAC Address Table 202 Figure 89...

Page 34: ...oS Values to Egress Queue Mapping 247 Figure 120 Setting the Trust Mode 249 Figure 121 Configuring DSCP to DSCP Internal Mapping 251 Figure 122 Showing DSCP to DSCP Internal Mapping 251 Figure 123 Con...

Page 35: ...ethod 295 Figure 155 Configuring User Accounts 297 Figure 156 Showing User Accounts 297 Figure 157 Configuring Global Settings for Web Authentication 299 Figure 158 Configuring Interface Settings for...

Page 36: ...ure 193 Configuring Interface Settings for 802 1X Port Authenticator 360 Figure 194 Configuring Interface Settings for 802 1X Port Supplicant 362 Figure 195 Showing Statistics for 802 1X Port Authenti...

Page 37: ...P 414 Figure 226 Configuring a Remote Engine ID for SNMP 415 Figure 227 Showing Remote Engine IDs for SNMP 416 Figure 228 Creating an SNMP View 417 Figure 229 Showing SNMP Views 417 Figure 230 Adding...

Page 38: ...6 Figure 264 Setting the ARP Timeout 458 Figure 265 Displaying ARP Entries 459 Figure 266 Configuring a Static IPv4 Address 460 Figure 267 Configuring a Dynamic IPv4 Address 461 Figure 268 Configuring...

Page 39: ...ing Interface Settings for IGMP Snooping 500 Figure 294 Showing Multicast Groups Learned by IGMP Snooping 501 Figure 295 Enabling IGMP Filtering and Throttling 503 Figure 296 Creating an IGMP Filterin...

Page 40: ...FIGURES 40 ES 3052 Series...

Page 41: ...apping 245 Table 15 CoS Priority Levels 245 Table 16 Mapping Internal Per hop Behavior to Hardware Queues 246 Table 17 Default Mapping of DSCP Values to Internal PHB Drop Values 250 Table 18 Default M...

Page 42: ...2 Table 47 Line Commands 556 Table 48 Event Logging Commands 566 Table 49 Logging Levels 567 Table 50 show logging flash ram display description 571 Table 51 show logging trap display description 572...

Page 43: ...rotection Commands 720 Table 85 Access Control List Commands 723 Table 86 IPv4 ACL Commands 723 Table 87 Priority Bits Processed by Extended IPv4 ACL 728 Table 88 IPv4 ACL Commands 731 Table 89 MAC AC...

Page 44: ...AN Commands 870 Table 121 Voice VLAN Commands 871 Table 122 Priority Commands 879 Table 123 Priority Commands Layer 2 879 Table 124 Priority Commands Layer 3 and 4 884 Table 125 Default Mapping of CoS...

Page 45: ...terface Commands 985 Table 145 IPv4 Interface Commands 985 Table 146 Basic IP Configuration Commands 986 Table 147 Address Resolution Protocol Commands 991 Table 148 IPv6 Configuration Commands 993 Ta...

Page 46: ...TABLES 46 ES 3052 Series...

Page 47: ...an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these chapte...

Page 48: ...SECTION I Getting Started 48 ES 3052 Series...

Page 49: ...MAC address filtering General Security Measures Private VLANs Port Authentication Port Security DHCP Snooping IP Source Guard Access Control Lists Supports up to 512 rules 64 ACLs and a maximum of 32...

Page 50: ...can be configured locally or can be verified via a remote authentication server i e RADIUS or TACACS Port based authentication is also supported via the IEEE 802 1X protocol This protocol uses Extensi...

Page 51: ...be combined into an aggregate connection Trunks can be manually set up or dynamically configured using Link Aggregation Control Protocol LACP IEEE 802 3 2005 The additional ports dramatically increas...

Page 52: ...ltiple physical paths between segments this protocol will choose a single path and disable all others to ensure that only one route exists between any two stations on the network This prevents the cre...

Page 53: ...specified interfaces based on protocol type IEEE 802 1Q TUNNELING QINQ This feature is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is us...

Page 54: ...nd to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Query to manage multicast group registration SYSTEM DEFAULTS The swi...

Page 55: ...otiation Enabled Flow Control Disabled Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 500 kbps 1 Multicast Disabled...

Page 56: ...Disabled Multicast Filtering IGMP Snooping Layer 2 Snooping Disabled Querier Disabled IGMP Proxy Reporting Disabled IGMP Layer 3 Disabled System Log Status Enabled Messages Logged to RAM Levels 0 7 a...

Page 57: ...ics using a standard web browser such as Internet Explorer 5 x or above and Mozilla Firefox 2 0 0 0 or above The switch s web management interface can be accessed from any computer attached to the net...

Page 58: ...he switch provides an RS 232 serial port that enables a connection to a PC or terminal for monitoring and configuring the switch A null modem console cable is provided with the switch Attach a VT100 c...

Page 59: ...ection or DHCP protocol An IPv4 address for this switch is obtained via DHCP by default To manually configure this address or enable dynamic address assignment via DHCP see Setting an IP Address on pa...

Page 60: ...Verification procedure starts 2 At the User Name prompt enter admin 3 At the Password prompt also enter admin The password characters are not displayed on the console screen 4 The session is opened an...

Page 61: ...default gateway router Dynamic The switch can send IPv4 configuration requests to BOOTP or DHCP address allocation servers on the network or can automatically generate a unique IPv6 host address base...

Page 62: ...g if exit ES 3052G config ip default gateway 192 168 1 254 ASSIGNING AN IPV6 ADDRESS This section describes how to configure a link local address for connectivity within the local subnet only and also...

Page 63: ...group address es FF02 1 FF11 6700 FF02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ES 3052G Address for Multi segment Network B...

Page 64: ...address 2001 DB8 2222 7272 64 ES 3052G config if exit ES 3052G config ipv6 default gateway 2001 DB8 2222 7272 254 ES 3052G config end ES 3052G show ipv6 interface VLAN 1 is up IPv6 is enabled Link loc...

Page 65: ...ode Press Enter 2 At the interface configuration mode prompt use one of the following commands To obtain IP settings via DHCP type ip address dhcp and press Enter To obtain IP settings via BOOTP type...

Page 66: ...s None Joined group address es FF02 1 FF00 FD FF02 1 IPv6 link MTU is 1500 bytes ND DAD is enabled number of DAD attempts 3 ND retransmit interval is 1000 milliseconds ES 3052G Address for Multi segme...

Page 67: ...for the name of a bootup configuration file and TFTP servers where that file is stored If the switch receives information that allows it to download the remote bootup file it will save this file to a...

Page 68: ...class one section if the DHCP request packet s vendor class identifier matches that specified in this file the server will send Option 43 encapsulating Option 66 and 67 in the DHCP reply packet In the...

Page 69: ...NT ACCESS The switch can be configured to accept management commands from Simple Network Management Protocol SNMP applications You can configure the switch to respond to SNMP requests or generate SNMP...

Page 70: ...ing and mode is rw read write or ro read only Press Enter Note that the default mode is read only 2 To remove an existing string simply type no snmp server community string where string is the communi...

Page 71: ...vides the password greenpeace for authentication and the password einstien for encryption ES 3052G config snmp server view mib 2 1 3 6 1 2 1 included ES 3052G config snmp server view 802 1d 1 3 6 1 2...

Page 72: ...and then the start up configuration file is loaded Note that configuration files should be downloaded using a file name that reflects the contents or usage of the file settings If you download directl...

Page 73: ...g Write to FLASH finish Success ES 3052G To restore configuration settings from a backup server enter the following command 1 From the Privileged Exec mode prompt type copy tftp startup config and pre...

Page 74: ...CHAPTER 2 Initial Switch Configuration Managing System Files 74 ES 3052 Series...

Page 75: ...ic Management Tasks on page 95 Interface Configuration on page 127 VLAN Configuration on page 167 Address Table Settings on page 197 Spanning Tree Algorithm on page 205 Congestion Control on page 229...

Page 76: ...SECTION II Web Configuration 76 ES 3052 Series...

Page 77: ...page 61 2 Set user names and passwords using an out of band serial connection Access to the web agent is controlled by the same user names and passwords as the onboard configuration program See Setti...

Page 78: ...name and password for the administrator is admin HOME PAGE When your web browser connects with the switch s web agent the home page is displayed as shown below The home page displays the Main Menu on...

Page 79: ...Internet Explorer 5 0 you may have to manually refresh the screen after making configuration changes by pressing the browser s refresh button PANEL DISPLAY The web agent displays an image of the switc...

Page 80: ...of these pages will not display any information unless the switch is properly configured and in some cases the interface to which a command applies is up For example if a static router port is config...

Page 81: ...n Code Upgrade Automatically upgrades operation code if a newer version is found on the server 105 Time 110 Configure General Manually Manually sets the current time 110 SNTP Configures SNTP polling i...

Page 82: ...the remote side 148 Show Information 153 Counters Displays statistics for LACP protocol messages 153 Internal Displays configuration settings and operational state for the local side of a link aggreg...

Page 83: ...ic VLAN 176 Show VLAN Shows the VLANs this switch has joined through GVRP 176 Show VLAN Member Shows the interfaces assigned to a VLAN through GVRP 176 Tunnel IEEE 802 1Q QinQ Tunneling 180 Configure...

Page 84: ...ures global bridge settings for STP RSTP and MSTP 209 Show Information Displays STA values used for the bridge 215 Configure Interface Configure Configures interface settings for STA 216 Show Informat...

Page 85: ...ecedence values for internal priority processing 249 Show Shows the DSCP to DSCP mapping list 249 CoS to DSCP 252 Add Maps CoS CFI values in incoming packets to per hop behavior and drop precedence va...

Page 86: ...authentication servers and sets the priority sequence 282 Show Shows the authentication server groups and priority sequence 282 Accounting Enables accounting of requested services for billing or secur...

Page 87: ...can be authenticated the guest VLAN dynamic VLAN and dynamic QoS 304 Link Detection Configures detection of changes in link status and the response i e send trap or shut down port 306 Configure MAC F...

Page 88: ...response for security breach and maximum allowed MAC addresses 351 Port Authentication IEEE 802 1X 353 Configure Global Enables authentication and EAPOL pass through 355 Configure Interface Sets authe...

Page 89: ...w Local Device Information 396 General Displays general information about the local device 396 Port Trunk Displays information about each interface 396 Show Remote Device Information 399 Port Trunk Di...

Page 90: ...oup Assign a local user to a new group 424 Add SNMPv3 Remote User Configures SNMPv3 users from a remote device 426 Show SNMPv3 Remote User Shows SNMPv3 users set from a remote device 424 Configure Not...

Page 91: ...ime specified by a rule 451 IP 455 General Ping Sends ICMP echo request packets to another node on the network 455 ARP Address Resolution Protocol 457 Configure General Sets the aging time for dynamic...

Page 92: ...address verification information option and sets the information policy 373 Configure VLAN Enables DHCP snooping on a VLAN 374 Configure Interface Sets the trust mode for an interface 375 Show Inform...

Page 93: ...ted profile 503 Show Multicast Group Range Shows multicast groups assigned to a profile 503 Configure Interface Assigns IGMP filter profiles to port interfaces and sets throttling action 506 MVR Multi...

Page 94: ...CHAPTER 3 Using the Web Interface Navigating the Web Browser Interface 94 ES 3052 Series...

Page 95: ...stem start up files Setting the System Clock Sets the current time manually or through specified SNTP servers Configuring the Console Port Sets console port connection parameters Configuring Telnet Se...

Page 96: ...17389 201 System Up Time Length of time the management agent has been up System Name Name assigned to the switch system System Location Specifies the system location System Contact Administrator resp...

Page 97: ...METERS The following parameters are displayed in the web interface Main Board Information Serial Number The serial number of the switch Number of Ports Number of built in ports Hardware Version Hardwa...

Page 98: ...only up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields CLI REFERENCES System Management Commands on page 537 USAGE GUIDEL...

Page 99: ...are displayed in the web interface Extended Multicast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protoco...

Page 100: ...ers The maximum number of VLANs supported on this switch Max Supported VLAN ID The maximum configurable VLAN identifier supported on this switch GMRP GARP Multicast Registration Protocol GMRP allows n...

Page 101: ...wing parameters are displayed in the web interface Copy Type The firmware copy operation includes these options FTP Upgrade Copies a file from an FTP server to the switch FTP Download Copies a file fr...

Page 102: ...ERFACE To copy firmware files 1 Click System then File 2 Select Copy from the Action list 3 Select FTP Upgrade HTTP Upgrade or TFTP Upgrade as the file transfer method 4 If FTP or TFTP Upgrade is used...

Page 103: ...s option Running Config Copies the current configuration settings to a local file on the switch Destination File Name Copy to the currently designated startup file or to a new file The file name shoul...

Page 104: ...WEB INTERFACE To set a file to use for system initialization 1 Click System then File 2 Select Set Start Up from the Action list 3 Mark the operation code or configuration file to be used at startup 4...

Page 105: ...ade opcode auto on page 553 upgrade opcode path on page 554 USAGE GUIDELINES If this feature is enabled the switch searches the defined URL once during the bootup sequence FTP port 21 and TFTP port 69...

Page 106: ...d the stored file name as being equal A notable exception in the list of case sensitive Unix like operating systems is Mac OS X which by default is case insensitive Please check the documentation for...

Page 107: ...t be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the last character of the URL ftp username password h...

Page 108: ...parent directory relative to the TFTP root The following examples demonstrate the URL syntax for an FTP server at IP address 192 168 0 1 with various user name password and file location options pres...

Page 109: ...d the path and directory containing the operation code 5 Click Apply Figure 12 Configuring Automatic Code Upgrade If a new image is found at the specified location the following type of messages will...

Page 110: ...st for a time update to a configured time server You can configure up to three time server IP addresses The switch will attempt to poll each server in the configured sequence SETTING THE TIME MANUALLY...

Page 111: ...5 Click Apply Figure 13 Manually Setting the System Clock SETTING THE SNTP POLLING INTERVAL Use the System Time Configure General SNTP page to set the polling interval at which the switch will query t...

Page 112: ...e 14 Setting the Polling Interval for SNTP SPECIFYING SNTP TIME SERVERS Use the System Time Configure Time Server page to specify the IP address for up to three SNTP time servers CLI REFERENCES sntp s...

Page 113: ...e you must indicate the number of hours and minutes your time zone is east before or west after of UTC You can choose one of the 80 predefined time zone definitions or your can manually configure the...

Page 114: ...and minutes using either a predefined or custom definition 4 Click Apply Figure 16 Setting the Time Zone CONFIGURING SUMMER TIME Use the System Time Configure Summer Time menu to configures summer ti...

Page 115: ...is use Status Enables or disables Summer Time settings Name Name of the timezone while Summer Time is in effect usually an acronym Range 1 30 characters Mode Date Sets the start end and offset times o...

Page 116: ...the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 0 300 seconds Defau...

Page 117: ...erminal Set the speed to match the baud rate of the device connected to the serial port Range 9600 19200 38400 57600 or 115200 baud Auto Default Auto NOTE Due to a hardware limitation the terminal pro...

Page 118: ...following parameters are displayed in the web interface Telnet Status Enables or disables Telnet access to the switch Default Enabled TCP Port Sets the TCP port number for Telnet on the switch Default...

Page 119: ...the maximum number of Telnet sessions that can simultaneously connect to this system Range 0 4 Default 4 NOTE Password checking can be enabled or disabled for login to the console connection see login...

Page 120: ...parameters are displayed in the web interface Time Interval The interval at which to update the displayed utilization rate Options 1 5 10 30 60 seconds Default 1 second CPU Utilization CPU utilizatio...

Page 121: ...e for use Used Size The amount of memory allocated to active processes Total The total amount of system memory WEB INTERFACE To display memory utilization 1 Click System then Memory Status Figure 21 D...

Page 122: ...witch The specified time must be equal to or less than 24 days hours The number of hours combined with the minutes before the switch resets Range 0 576 minutes The number of minutes combined with the...

Page 123: ...efault Settings and Reboot Factory Default Settings Reboot Click this button to restore the factory default settings and reboot the system WEB INTERFACE To restart the switch 1 Click System then Reloa...

Page 124: ...CHAPTER 4 Basic Management Tasks Resetting the System 124 ES 3052 Series Figure 23 Restarting the Switch In Figure 24 Restarting the Switch At...

Page 125: ...CHAPTER 4 Basic Management Tasks Resetting the System 125 ES 3052 Series Figure 25 Restarting the Switch Regularly...

Page 126: ...CHAPTER 4 Basic Management Tasks Resetting the System 126 ES 3052 Series...

Page 127: ...Configures static or dynamic trunks Saving Power Adjusts the power provided to ports based on the length of the cable used to connect to other devices Traffic Segmentation Configures the uplinks and...

Page 128: ...d include flow control and symmetric pause frames PARAMETERS These parameters are displayed in the web interface Port Port identifier Type Indicates the port type 1000Base T 1000Base SFP Name Allows y...

Page 129: ...ports into a master slave configuration to enable 1000BASE T full duplex for ports 1 48 The following options are supported Master Sets the selected port as master Slave Sets the selected port as slav...

Page 130: ...and flow control For more information on command usage and a description of the parameters refer to Configuring by Port List on page 127 CLI REFERENCES Interface Commands on page 747 WEB INTERFACE To...

Page 131: ...rt Port identifier Type Indicates the port type 1000Base T 1000Base SFP Name Interface label Admin Shows if the port is enabled or disabled Oper Status Indicates if the link is Up or Down Media Type N...

Page 132: ...ource port speed otherwise traffic may be dropped from the monitor port When mirroring port traffic the target port must be included in the same VLAN as the source port when using MSTP see Spanning Tr...

Page 133: ...irror 2 Select Add from the Action List 3 Specify the source port 4 Specify the monitor port 5 Specify the traffic type to be mirrored 6 Click Apply Figure 30 Configuring Local Port Mirroring To displ...

Page 134: ...estination port on the same switch local port mirroring as described in Configuring Local Port Mirroring on page 132 or from one or more source ports on remote switches to a destination port on this s...

Page 135: ...BPDUs will not be flooded onto the RSPAN VLAN MAC address learning is not supported on RSPAN uplink ports when RSPAN is enabled on the switch Therefore even if spanning tree is enabled after RSPAN ha...

Page 136: ...N VLAN Only one uplink port can be configured on a source switch but there is no limitation on the number of uplink ports1 configured on an intermediate or destination switch Only destination and upli...

Page 137: ...mirror session 1 Click Interface RSPAN 2 Set the Switch Role to None Source Intermediate or Destination 3 Configure the required settings for each switch participating in the RSPAN VLAN 4 Click Apply...

Page 138: ...tistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per second...

Page 139: ...gher level protocols requested be transmitted and which were addressed to a broadcast address at this sub layer including those that were discarded or not sent Received Unknown Packets The number of p...

Page 140: ...nclude multicast packets Multicast Packets The total number of good packets received that were directed to this multicast address Undersize Packets The total number of packets received that were less...

Page 141: ...t of port statistics 1 Click Interface Port Statistics 2 Select the statistics mode to display Interface Etherlike RMON or Utilization 3 Select a port from the drop down list 4 Use the Refresh button...

Page 142: ...t is found the switch reports the length to the fault Otherwise it reports the cable length It can be used to determine the quality of the cable connectors and terminations Problems such as opens shor...

Page 143: ...parameters are displayed in the web interface Port Switch port identifier Range 1 48 Type Displays media type GE Gigabit Ethernet Link Status Shows if the port link is up or down Test Result The resu...

Page 144: ...switch The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply wi...

Page 145: ...hey must be compatible with the Cisco EtherChannel standard The ports at both ends of a trunk must be configured in an identical manner including communication mode i e speed duplex mode and flow cont...

Page 146: ...and also disconnect the ports before removing a static trunk via the configuration interface PARAMETERS These parameters are displayed in the web interface Trunk ID Trunk identifier Range 1 12 Trunk...

Page 147: ...ction list 4 Modify the required interface settings Refer to Configuring by Port List on page 127 for a description of the parameters 5 Click Apply Figure 41 Configuring Connection Parameters for a St...

Page 148: ...ID If more than eight ports attached to the same target switch have LACP enabled the additional ports will be placed in standby mode and will only be enabled if one of the active links fails All ports...

Page 149: ...to zero and the Oper Key is set based upon LACP PDUs received from the Partner System Priority LACP system priority is used to determine link aggregation group LAG membership and to identify this devi...

Page 150: ...ator from the Step list 3 Set the Admin Key for the required LACP group 4 Click Apply Figure 44 Configuring the LACP Aggregator Admin Key To enable LACP for a port 1 Click Interface Trunk Dynamic 2 Se...

Page 151: ...e LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Partner 5 Configure...

Page 152: ...Action list 4 Modify the required interface settings Refer to Configuring by Port List on page 127 for a description of the parameters 5 Click Apply Figure 47 Configuring Connection Parameters for a D...

Page 153: ...ce Table 8 LACP Port Counters Parameter Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group LACPDUs Received Number of valid LACPDUs received on this channel group Mar...

Page 154: ...Configure Aggregation Port Show Information Internal page to display the configuration settings and operational state for the local side of a link aggregation CLI REFERENCES show lacp on page 773 PAR...

Page 155: ...ion Collecting Collection of incoming frames on this link is enabled i e collection is currently enabled and is not expected to be disabled in the absence of administrative changes or changes in recei...

Page 156: ...R THE REMOTE SIDE Use the Interface Trunk Dynamic Configure Aggregation Port Show Information Neighbors page to display the configuration settings and operational state for the remote side of a link a...

Page 157: ...igned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned...

Page 158: ...et port must be included in the same VLAN as the source trunk when using MSTP see Spanning Tree Algorithm on page 205 When mirroring VLAN traffic see Configuring VLAN Mirroring on page 195 or packets...

Page 159: ...unk Mirror 2 Select Add from the Action List 3 Specify the source trunk 4 Specify the monitor port 5 Specify the traffic type to be mirrored 6 Click Apply Figure 54 Configuring Trunk Mirroring To disp...

Page 160: ...If none is detected the switch automatically turns off the transmitter and most of the receive circuitry entering Sleep Mode In this mode the low power energy detection circuit continuously checks fo...

Page 161: ...per media Power Saving Status Adjusts the power provided to ports based on the length of the cable used to connect to other devices Only sufficient power is used to maintain connection requirements De...

Page 162: ...nlink ports is only forwarded to and from uplink ports ENABLING TRAFFIC SEGMENTATION Use the Interface Traffic Segmentation Configure Global page to enable traffic segmentation CLI REFERENCES Configur...

Page 163: ...uring Port based Traffic Segmentation on page 862 PARAMETERS These parameters are displayed in the web interface Interface Displays a list of ports or trunks Port Port Identifier Range 1 52 Trunk Trun...

Page 164: ...g on the intermediate switch ports along the path connecting VLANs 1 and 2 you only need to create these VLAN groups in switches A and B Switches C D and E automatically allow frames with VLAN group t...

Page 165: ...Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 12 VLAN Trunking Status Enables VLAN trunking on the selected interface WEB INTERFACE To enable VLAN trunking on a port or trunk 1 Click Inte...

Page 166: ...CHAPTER 5 Interface Configuration VLAN Trunking 166 ES 3052 Series...

Page 167: ...fic for each subnet into separate domains This switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcas...

Page 168: ...devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either m...

Page 169: ...be configured to broadcast a message to your network indicating the VLAN groups it wants to join When this switch receives these messages it will automatically place the receiving port in the specifie...

Page 170: ...frame When the switch receives a tagged frame it will pass this frame onto the VLAN s indicated by the frame tag However when this switch receives an untagged frame from a VLAN unaware device it first...

Page 171: ...atic Modify VLAN and Member Ports Edit Member by Interface or Edit Member by Interface Range pages to configure port members for the selected VLAN index interface or a range of interfaces Use the menu...

Page 172: ...trunking is enabled on an interface then that interface cannot be set to access mode and vice versa Hybrid Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames 1Q Trunk S...

Page 173: ...f the VLAN All packets transmitted by the port will be tagged that is carry a tag and therefore carry VLAN or CoS information Untagged Interface is a member of the VLAN All packets transmitted by the...

Page 174: ...ts or Edit Member by Interface page WEB INTERFACE To configure static members by the VLAN index 1 Click VLAN Static 2 Select Modify VLAN and Member Ports from the Action list 3 Set the Interface type...

Page 175: ...configure static members by interface 1 Click VLAN Static 2 Select Edit Member by Interface from the Action list 3 Select a port or trunk configure 4 Modify the settings for any interface as required...

Page 176: ...VLAN Members by Interface Range CONFIGURING DYNAMIC VLAN REGISTRATION Use the VLAN Dynamic page to enable GVRP globally on the switch or to enable GVRP and adjust the protocol timers per interface CL...

Page 177: ...Leave The interval a port waits before leaving a VLAN group This time should be set to more than twice the join time This ensures that after a Leave or LeaveAll message has been issued the applicants...

Page 178: ...ist 3 Enable or disable GVRP 4 Click Apply Figure 67 Configuring Global Status of GVRP To configure GVRP status and timers on a port or trunk 1 Click VLAN Dynamic 2 Select Configure Interface from the...

Page 179: ...ect Show Dynamic VLAN from the Step list 3 Select Show VLAN from the Action list Figure 69 Showing Dynamic VLANs Registered on the Switch To show the members of a dynamic VLAN 1 Click VLAN Dynamic 2 S...

Page 180: ...pecific VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A...

Page 181: ...he outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming pa...

Page 182: ...is equal to the TPID of the uplink port no new VLAN tag is added If the uplink port is not the member of the outer VLAN of the incoming packets the packet will be dropped when ingress filtering is en...

Page 183: ...Layer 3 information are not supported on tunnel ports Spanning tree bridge protocol data unit BPDU filtering is automatically disabled on a tunnel port General Configuration Guidelines for QinQ 1 Ena...

Page 184: ...ts the switch to QinQ mode Default Disabled Ethernet Type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel port Range hexadecimal 0800 FFFF Default 8100 Use thi...

Page 185: ...y participating interface CLI REFERENCES Configuring IEEE 802 1Q Tunneling on page 858 COMMAND USAGE Use the Configure Global page to set the switch to QinQ mode before configuring a tunnel access por...

Page 186: ...ort to segregate and preserve customer VLAN IDs for traffic crossing the service provider network Uplink Configures QinQ tunneling for an uplink port to another device within the service provider netw...

Page 187: ...e suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a V...

Page 188: ...lost in this manner network access can be regained by removing the offending Protocol VLAN rule via the console Alternately the switch can be power cycled however all unsaved configuration changes wil...

Page 189: ...n If you assign interfaces using any of the other VLAN menus such as the VLAN Static table page 171 these interfaces will admit traffic of any protocol type into the associated VLAN When a frame enter...

Page 190: ...forwarded Range 1 4093 WEB INTERFACE To map a protocol group to a VLAN for a port or trunk 1 Click VLAN Protocol 2 Select Configure Interface from the Step list 3 Select Add from the Action list 4 Sel...

Page 191: ...address of untagged ingress frames are checked against the IP subnet to VLAN mapping table If an entry is found for that subnet these frames are assigned to the VLAN indicated in the entry If no IP s...

Page 192: ...entifies the host address bits of the IP subnet VLAN VLAN to which matching IP subnet traffic is forwarded Range 1 4093 Priority The priority assigned to untagged ingress traffic Range 0 7 where 7 is...

Page 193: ...matched untagged frames are assigned to the receiving port s native VLAN ID PVID CLI REFERENCES Configuring MAC Based VLANs on page 870 COMMAND USAGE The MAC to VLAN mapping applies to all ports on th...

Page 194: ...N MAC Based 2 Select Add from the Action list 3 Enter an address in the MAC Address field 4 Enter an identifier in the VLAN field Note that the specified VLAN need not already be configured 5 Enter a...

Page 195: ...the target port can receive a mirrored packet twice once from the source mirror port and again from the source mirrored VLAN The target port receives traffic from all monitored source VLANs and can b...

Page 196: ...re VLAN mirroring 1 Click VLAN Mirror 2 Select Add from the Action list 3 Select the source VLAN and select a target port 4 Click Apply Figure 82 Configuring VLAN Mirroring To show the VLANs to be mir...

Page 197: ...tatic MAC addresses A static address can be assigned to a specific interface on this switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on...

Page 198: ...er an address in the form of xx xx xx xx xx xx or xxxxxxxxxxxx Static Status Sets the time to retain the specified address Delete on reset Assignment lasts until the switch is reset Permanent Assignme...

Page 199: ...Use the MAC Address Dynamic Configure Aging page to set the aging time for entries in the dynamic address table The aging time is used to age out dynamically learned forwarding information CLI REFERE...

Page 200: ...urce address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated po...

Page 201: ...Interface 5 Click Query Figure 87 Displaying the Dynamic MAC Address Table CLEARING THE DYNAMIC ADDRESS TABLE Use the MAC Address Dynamic Clear Dynamic MAC page to remove any learned entries from the...

Page 202: ...target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner CLI REFERENC...

Page 203: ...ching packets will not be sent to target port specified for port mirroring PARAMETERS These parameters are displayed in the web interface Source MAC MAC address in the form of xx xx xx xx xx xx or xxx...

Page 204: ...le Settings Configuring MAC Address Mirroring 204 ES 3052 Series To show the MAC addresses to be mirrored 1 Click MAC Address Mirror 2 Select Show from the Action list Figure 90 Showing the Source MAC...

Page 205: ...compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary li...

Page 206: ...1 to 3 seconds compared to 30 seconds or more for STP by reducing the number of state changes before active ports start learning predefining an alternate route that can be used when a node or port fa...

Page 207: ...djacent MST Regions and acts as a virtual bridge node for communications with STP or RSTP nodes in the global network Figure 93 Common Internal Spanning Tree Common Spanning Tree Internal Spanning Tre...

Page 208: ...nterface receives it s own BPDU then the interface will drop the loopback BPDU according to IEEE Standard 802 1w 2001 9 3 4 Note 1 NOTE Loopback detection will not be active if Spanning Tree is disabl...

Page 209: ...isplay the required interface type 3 Modify the required loopback detection attributes 4 Click Apply Figure 94 Configuring Port Loopback Detection CONFIGURING GLOBAL SETTINGS FOR STA Use the Spanning...

Page 210: ...each instance This provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for fast...

Page 211: ...he range of values that can be assigned to each interface Long Specifies 32 bit based values that range from 1 200 000 000 This is the default Short Specifies 16 bit based values that range from 1 655...

Page 212: ...ge Age 2 1 Maximum 30 Configuration Settings for MSTP Max Instance Numbers The maximum number of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key that cont...

Page 213: ...1 Click Spanning Tree STA 2 Select Configure Global from the Step list 3 Select Configure from the Action list 4 Modify any of the required attributes Note that the parameters displayed for the spanni...

Page 214: ...CHAPTER 8 Spanning Tree Algorithm Configuring Global Settings for STA 214 ES 3052 Series Figure 96 Configuring Global Settings for STA RSTP Figure 97 Configuring Global Settings for STA MSTP...

Page 215: ...iority the MST Instance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where the address is taken from the switch system Designated Root The priority and MAC...

Page 216: ...shared media connection and edge port to indicate if the attached device can support fast forwarding References to ports in this section means interfaces which includes both ports and trunks CLI REFER...

Page 217: ...function as an edge port until the loopback state is released If an interface is in forwarding state and its role changes the interface cannot continue to function as an edge port even if the edge del...

Page 218: ...ge with a lower bridge identifier or same identifier and lower MAC address to take over as the root bridge at any time Root Guard can be used to ensure that the root bridge is not formed at a suboptim...

Page 219: ...ng BPDUs on configured edge ports that are connected to end nodes By default STA sends BPDUs to all ports regardless of whether administrative edge is enabled on a port BDPU filtering is configured on...

Page 220: ...nues learning addresses The rules defining port status are A port on a network segment with no other STA compliant bridging device is always forwarding If two ports of a switch are connected to the sa...

Page 221: ...t another bridge is attached to this port Port Role Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge i e root port connecting a...

Page 222: ...provides multiple pathways across the network thereby balancing the traffic load preventing wide scale disruption when a bridge node in a single instance fails and allowing for faster convergence of a...

Page 223: ...mber page NOTE All VLANs are automatically added to the IST Instance 0 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with the same MSTI...

Page 224: ...r can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value 32768 is used 5 Click Apply Figure 102 Creating an MST Instance To show...

Page 225: ...st 4 Select an MST instance from the MST ID list 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply F...

Page 226: ...used for this port in the Spanning Tree Protocol If the path cost for all ports on a switch are the same the port with the highest priority i e lowest value will be configured as an active link in the...

Page 227: ...The default path costs are listed in Table 12 on page 218 WEB INTERFACE To configure MSTP parameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Se...

Page 228: ...e Settings for MSTP 228 ES 3052 Series To display MSTP parameters for a port or trunk 1 Click Spanning Tree MSTP 2 Select Configure Interface from the Step list 3 Select Show Information from the Acti...

Page 229: ...ess or egress ports This function allows the network manager to control the maximum rate for traffic received or transmitted on an interface Rate limiting is configured on interfaces at the edge of a...

Page 230: ...each scale so there are still 100 packets per second When the packet size 1500 bytes and the gap 20 bytes each packet 1520 bytes 80 bytes The switch will only let one packet pass in each scale so ther...

Page 231: ...64 1 000 000 kbits per second WEB INTERFACE To configure rate limits 1 Click Traffic Congestion Control Rate Limit 2 Enable the Rate Limit Status for the required ports 3 Set the rate limit for the i...

Page 232: ...on that port Rate limits set by the storm control function are also used by automatic storm control when the control response is set to rate limiting Using both rate limiting and storm control on the...

Page 233: ...n USA SKU and disabled in SKU for other countries Unknown unicast and multicast storm control are disabled for all SKUs Rate Threshold level as a rate i e kilobits per second Range 64 1000000 Kbps NOT...

Page 234: ...hich a control response can be automatically terminated after the release timer expires When ingress traffic falls below this threshold ATC sends a Storm Alarm Clear Trap and logs it When traffic fall...

Page 235: ...n be applied to a port Enabling automatic storm control on a port will disable hardware level storm control on that port SETTING THE ATC TIMERS Use the Traffic Congestion Control Auto Traffic Control...

Page 236: ...lower threshold for broadcast storms Range 1 900 seconds Default 900 seconds Multicast Apply Timer The interval after the upper threshold has been exceeded at which to apply the control response to mu...

Page 237: ...storm control on a port will disable hardware level storm control on that port Action When the Alarm Fire Threshold upper threshold is exceeded and the apply timer expires one of the following contro...

Page 238: ...ase Timer has expired Note that if a port has been shut down by a control response it will not be re enabled by automatic traffic control It can only be manually re enabled using Manual Control Releas...

Page 239: ...stion Control Automatic Storm Control 2 Select Configure Interface from the Step field 3 Enable or disable ATC as required set the control response specify whether or not to automatically release the...

Page 240: ...CHAPTER 9 Congestion Control Automatic Traffic Control 240 ES 3052 Series...

Page 241: ...rnal processing LAYER 2 QUEUE SETTINGS This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of servi...

Page 242: ...e the queue mode 1 Click Traffic Priority Default Priority 2 Select the interface type to display Port or Trunk 3 Modify the default priority for any interface 4 Click Apply Figure 114 Setting the Def...

Page 243: ...ns assigned a specific priority value Service time is shared at the egress ports by defining scheduling weights for WRR or the queuing mode that uses a combination of strict and weighted queuing Servi...

Page 244: ...gure the queue mode 1 Click Traffic Priority Queue 2 Set the queue mode 3 If the weighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combinatio...

Page 245: ...to eight separate traffic priorities are defined in IEEE 802 1p Default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in Table 14 This table indicates...

Page 246: ...all interfaces PARAMETERS These parameters are displayed in the web interface PHB Per hop behavior or the priority used for this router hop Range 0 7 where 7 is the highest priority Queue Output queu...

Page 247: ...g on how an ingress packet is processed internally based on its CoS value and the assigned output queue the mapping done on this page can effectively determine the service priority for different traff...

Page 248: ...determine the hardware queues used for egress traffic not to replace the priority values These defaults are designed to optimize priority services for the majority of network applications It should n...

Page 249: ...rust mode 4 Click Apply Figure 120 Setting the Trust Mode MAPPING INGRESS DSCP VALUES TO INTERNAL DSCP VALUES Use the Traffic Priority DSCP to DSCP page to map DSCP values in incoming packets to per h...

Page 250: ...terface DSCP DSCP value in ingress packets Range 0 63 PHB Per hop behavior or the priority used for this router hop Range 0 7 Drop Precedence Drop precedence used for Random Early Detection in control...

Page 251: ...ic Priority DSCP to DSCP 2 Select Add from the Action list 3 Set the PHB and drop precedence for any DSCP value 4 Click Apply Figure 121 Configuring DSCP to DSCP Internal Mapping To show the DSCP to i...

Page 252: ...nternal DSCP consists of three bits for per hop behavior PHB which determines the queue to which a packet is sent and two bits for drop precedence namely color which is used by Random Early Detection...

Page 253: ...fic Priority CoS to DSCP 2 Select Add from the Action list 3 Set the PHB and drop precedence for any of the CoS CFI combinations 4 Click Apply Figure 123 Configuring CoS to DSCP Internal Mapping Table...

Page 254: ...4 Priority Settings 254 ES 3052 Series To show the CoS CFI to internal PHB drop precedence map 1 Click Traffic Priority CoS to DSCP 2 Select Show from the Action list 3 Select an interface Figure 124...

Page 255: ...ifferent kinds of traffic can be marked for different kinds of forwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to packets...

Page 256: ...igured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface page to assign...

Page 257: ...fied by the lone match command ACL Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An...

Page 258: ...Class Maps To edit the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a class map 5 Specify type...

Page 259: ...ured which indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value or a member of specific VLAN A policy map is then configured which indicates the boundar...

Page 260: ...Random Early Detection A packet is marked green if it doesn t exceed the committed information rate and committed burst size yellow if it does exceed the committed information rate and committed burst...

Page 261: ...imum throughput peak information rate PIR and their associated burst sizes committed burst size BC or burst rate and peak burst size BP Action may taken for traffic conforming to the maximum throughpu...

Page 262: ...red as red or if Tp t B 0 the packet is red else if the packet has been precolored as yellow or if Tc t B 0 the packet is yellow and Tp is decremented by B else the packet is green and both Tp and Tc...

Page 263: ...f CoS CFI to Internal PHB Drop Precedence on page 253 Set PHB Configures the service provided to ingress traffic by setting the internal per hop behavior for a matching packet as specified in rule set...

Page 264: ...formation rate CIR or maximum throughput committed burst size BC or burst rate and excess burst size BE and the action to take for traffic conforming to the maximum throughput exceeding the maximum th...

Page 265: ...3 Drop Drops out of conformance traffic trTCM Police Meter Defines the committed information rate CIR or maximum throughput peak information rate PIR and their associated burst sizes committed burst s...

Page 266: ...that traffic conforming to the maximum rate CIR will be transmitted without any change to the DSCP service level Transmit Transmits in conformance traffic without any change to the DSCP service level...

Page 267: ...elect Configure Policy from the Step list 3 Select Add from the Action list 4 Enter a policy name 5 Enter a description 6 Click Add Figure 129 Configuring a Policy Map To show the configured policy ma...

Page 268: ...er hop behavior for matching packets to specify the quality of service to be assigned to the matching traffic class Use one of the metering options to define parameters such as the maximum throughput...

Page 269: ...fic DiffServ Configure Interface page to bind a policy map to an ingress port CLI REFERENCES Quality of Service Commands on page 893 COMMAND USAGE First define a class map define a policy map and bind...

Page 270: ...ERFACE To bind a policy map to a port 1 Click Traffic DiffServ 2 Select Configure Interface from the Step list 3 Check the box under the Ingress field to enable a policy map for a port 4 Select a poli...

Page 271: ...ssive packet delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating t...

Page 272: ...the VoIP mode to Auto or Manual as described below first set the VLAN membership mode to hybrid5 see Adding Static Members to VLANs on page 171 PARAMETERS These parameters are displayed in the web in...

Page 273: ...eived packets OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses The MAC OUI numbers for VoIP equipment can be configured on the switch so that traffic f...

Page 274: ...devices WEB INTERFACE To configure MAC OUI numbers for VoIP equipment 1 Click Traffic VoIP 2 Select Configure OUI from the Step list 3 Select Add from the Action list 4 Enter a MAC address that speci...

Page 275: ...oice VLANs on page 871 COMMAND USAGE All ports are set to VLAN access mode by default Prior to enabling VoIP for a port by setting the VoIP mode to Auto or Manual as described below first set the VLAN...

Page 276: ...numbers must be configured in the Telephony OUI list so that the switch recognizes the traffic as being from a VoIP device LLDP Uses LLDP IEEE 802 1AB to discover VoIP devices attached to the port LL...

Page 277: ...S 3052 Series WEB INTERFACE To configure VoIP traffic settings for a port 1 Click Traffic VoIP 2 Select Configure Interface from the Step list 3 Configure any required changes to the VoIP settings eac...

Page 278: ...CHAPTER 12 VoIP Traffic Configuration Configuring VoIP Traffic Ports 278 ES 3052 Series...

Page 279: ...methods are infeasible or impractical Network Access Configure MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provid...

Page 280: ...on the network The AAA functions require the use of configured RADIUS or TACACS servers in the network The security servers can be defined as sequential groups that are applied as a method for contro...

Page 281: ...ACS protocols to verify management access CLI REFERENCES Authentication Sequence on page 624 COMMAND USAGE By default management access is always checked against the authentication database stored on...

Page 282: ...ote Authentication Dial in User Service RADIUS and Terminal Access Controller Access Control System Plus TACACS are logon authentication protocols that use software running on a central server to cont...

Page 283: ...and logon client This switch can pass authentication messages between the server and client that have been encrypted using MD5 Message Digest 5 TLS Transport Layer Security or TTLS Tunneled Transport...

Page 284: ...P Address Address of the TACACS server A Server Index entry must be selected to display this item Authentication Timeout The number of seconds the switch waits for a reply from the TACACS server befor...

Page 285: ...or TACACS authentication 1 Click Security AAA Server 2 Select Configure Server from the Step list 3 Select RADIUS or TACACS server type 4 Select Global to specify the parameters that apply globally t...

Page 286: ...ADIUS or TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACAC...

Page 287: ...display the configured accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions CLI REFERENCES AAA on page 633 COMMAND USAGE AAA authen...

Page 288: ...Authentication on page 281 Any other group name refers to a server group configured on the Security AAA Server Configure Group page Configure Service Accounting Type Specifies the service as 802 1X Co...

Page 289: ...terface Displays the receive port number through which this user accessed the switch Time Elapsed Displays the length of time this entry has been active WEB INTERFACE To configure global settings for...

Page 290: ...ist 3 Select Add from the Action list 4 Select the accounting type 802 1X Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 145 Configuring AAA Accounting Met...

Page 291: ...at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3 Select the accounting type 802 1X Exec 4 Enter...

Page 292: ...unting information and statistics recorded for user sessions 1 Click Security AAA Accounting 2 Select Show Information from the Step list 3 Click Statistics Figure 150 Displaying Statistics for AAA Ac...

Page 293: ...cters The group name tacacs specifies all configured TACACS hosts see Configuring Local Remote Logon Authentication on page 281 Any other group name refers to a server group configured on the TACACS G...

Page 294: ...Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name 4 Click Apply Figure 151 Configuring AAA Authorization Methods To show the authorizatio...

Page 295: ...Select Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 153 Configuring AAA Authorization Methods for Exec Service To display a the configured author...

Page 296: ...he user Maximum length 8 characters maximum number of users 16 Access Level Specifies the user level Options 0 Normal 15 Privileged Normal privilege level provides access to a limited number of the co...

Page 297: ...rity User Accounts 2 Select Add from the Action list 3 Specify a user name select the user s access level then enter a password if required and confirm it 4 Click Apply Figure 155 Configuring User Acc...

Page 298: ...g Local Remote Logon Authentication on page 281 NOTE Web authentication cannot be configured on trunk ports CONFIGURING GLOBAL SETTINGS FOR WEB AUTHENTICATION Use the Security Web Authentication Confi...

Page 299: ...uthentication on a port and display information for any connected hosts CLI REFERENCES Web Authentication on page 691 PARAMETERS These parameters are displayed in the web interface Port Indicates the...

Page 300: ...able to support 802 1X authentication due to hardware or software limitations This is often true for devices such as network printers IP phones and some wireless access points The switch enables netw...

Page 301: ...AC addresses are added to the secure address table when seen on a switch port Static addresses are treated as authenticated without sending a request to a RADIUS server When port status changes to dow...

Page 302: ...the user profile The Filter ID attribute is empty The Filter ID attribute format for dynamic QoS assignment is unrecognizable can not recognize the whole Filter ID attribute Dynamic QoS assignment fai...

Page 303: ...s parameter applies to authenticated MAC addresses configured by the MAC Address Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardl...

Page 304: ...enabling dynamic VLAN or dynamic QoS assignments CLI REFERENCES Network Access MAC Address Authentication on page 678 PARAMETERS These parameters are displayed in the web interface MAC Authentication...

Page 305: ...port providing the VLANs have already been created on the switch GVRP is not used to create the VLANs Default Enabled The VLAN settings specified by the first authenticated MAC address are implemented...

Page 306: ...pply Figure 160 Configuring Interface Settings for Network Access CONFIGURING PORT LINK DETECTION Use the Security Network Access Configure Interface Link Detection page to send an SNMP trap and or sh...

Page 307: ...Link Detection button 4 Modify the link detection status trigger condition and the response for any port 5 Click Apply Figure 161 Configuring Link Detection for Network Access CONFIGURING A MAC ADDRE...

Page 308: ...resses as defined by the MAC Address Mask MAC Address Mask The filter rule will check for the range of MAC addresses defined by the MAC bit mask If you omit the mask the system will assign the default...

Page 309: ...displayed and selected entries can be removed from the table CLI REFERENCES Network Access MAC Address Authentication on page 678 PARAMETERS These parameters are displayed in the web interface Query B...

Page 310: ...Click Security Network Access 2 Select Show Information from the Step list 3 Use the sort key to display addresses based MAC address interface or attribute 4 Restrict the displayed addresses by enteri...

Page 311: ...evice port_number When you start HTTPS the connection is established in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of sec...

Page 312: ...from the Step list 3 Enable HTTPS and specify the port number if required 4 Click Apply Figure 165 Configuring HTTPS REPLACING THE DEFAULT SECURE SITE CERTIFICATE Use the Security HTTPS Copy Certific...

Page 313: ...t for the new certificate to be activated To reset the switch see Resetting the System on page 121 or type reload at the command prompt ES 3052G reload CLI REFERENCES Web Server on page 641 PARAMETERS...

Page 314: ...te shell and rcp remote copy are not secure from hostile attacks The Secure Shell SSH includes server client applications intended as a secure replacement for the older Berkeley remote access tools SS...

Page 315: ...uld appear similar to the following example 10 1 0 54 1024 35 15684995401867669259333946775054617325313674890836547254 15020245593199868544358361651999923329781766065830956 10825913212890233 765468017...

Page 316: ...g SSH v1 5 Clients a The client sends its RSA public key to the switch b The switch compares the client s public key to those stored in memory c If a match is found the switch uses its secret key to g...

Page 317: ...the web interface SSH Server Status Allows you to enable disable the SSH server on the switch Default Disabled Version The Secure Shell version number Version 2 0 is displayed but the switch supports...

Page 318: ...ter generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the section Importing User Public Keys on page 320 NOT...

Page 319: ...latile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item prior to generating the host key pair Default Disabled WEB INTERFACE To genera...

Page 320: ...the user to be able to log in using the public key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanism t...

Page 321: ...A Version 2 for SSHv2 clients TFTP Server IP Address The IP address of the TFTP server that contains the public key file you wish to import Source File Name The public key file to upload WEB INTERFACE...

Page 322: ...r 4 protocol port number or TCP control code IPv6 frames based on address DSCP traffic class next header type or any frames based on MAC address or Ethernet type To filter incoming packets first creat...

Page 323: ...39 COMMAND USAGE Policy control entries PCEs are used by various system functions which rely on rule based searches including Access Control Lists ACLs IP Source Guard filter rules Quality of Service...

Page 324: ...web interface ACL Name Name of the ACL Maximum length 32 characters Type The following filter modes are supported IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended...

Page 325: ...ACE To configure the name and type of an ACL 1 Click Security ACL 2 Select Configure ACL from the Step list 3 Select Add from the Action list 4 Fill in the ACL Name field and select the ACL type 5 Cli...

Page 326: ...nother port Interface The unit and port to which a packet is redirected This switch does not support stacking so the unit is fixed at 1 Address Type Specifies the source IP address Use Any to include...

Page 327: ...Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or IP 8 If you select Host enter a specific address If you select IP enter a subnet address and the mask for an add...

Page 328: ...er port Interface The unit and port to which a packet is redirected This switch does not support stacking so the unit is fixed at 1 Source Destination Address Type Specifies the source or destination...

Page 329: ...The control bit mask is a decimal number for an equivalent binary bit mask that is applied to the control code Enter a decimal number where the equivalent binary bit 1 means to match a bit and 0 means...

Page 330: ...ct IP Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or IP 8 If you select Host enter a specific...

Page 331: ...packet is redirected This switch does not support stacking so the unit is fixed at 1 Source Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a spe...

Page 332: ...Add Rule from the Action list 4 Select IPv6 Standard from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the source address type Any Hos...

Page 333: ...Destination IPv6 Address An IPv6 address or network class The address must be formatted according to RFC 2373 IPv6 Addressing Architecture using 8 colon separated 16 bit hexadecimal values One double...

Page 334: ...Security ACL 2 Select Configure ACL from the Step list 3 Select Add Rule from the Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the ac...

Page 335: ...Address Type Use Any to include all possible addresses Host to indicate a specific MAC address or MAC to specify an address range with the Address and Bit Mask fields Options Any Host MAC Default Any...

Page 336: ...4 Select MAC from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host or MAC 8 If you select Host enter a specific...

Page 337: ...uest Response All Default All Source Destination IP Address Type Specifies the source or destination IPv4 address Use Any to include all possible addresses Host to specify a specific host address in t...

Page 338: ...from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the packet type Request Response All 8 Select the address type Any Host or IP 9 If yo...

Page 339: ...any port CLI REFERENCES ip access group on page 729 show ip access group on page 729 mac access group on page 740 show mac access group on page 741 Time Range on page 583 COMMAND USAGE This switch sup...

Page 340: ...rtain man in the middle attacks This is accomplished by intercepting all ARP requests and responses and verifying each of these packets before the local ARP cache is updated or the packet is forwarded...

Page 341: ...on will not affect the ARP Inspection configuration of any VLANs When ARP Inspection is disabled globally it is still possible to configure ARP Inspection for individual VLANs These configuration chan...

Page 342: ...ontrolled basis After the system message is generated the entry is cleared from the log buffer Each log entry contains flow information such as the receiving VLAN the port number the source and destin...

Page 343: ...ect Configure General from the Step list 3 Enable ARP inspection globally enable any of the address validation options and adjust any of the logging parameters if required 4 Click Apply Figure 182 Con...

Page 344: ...alidated against the selected ACL if no ACL rules match the packets then the DHCP snooping bindings database determines their validity PARAMETERS These parameters are displayed in the web interface AR...

Page 345: ...ify the ports that require ARP inspection and to adjust the packet inspection rate CLI REFERENCES ARP Inspection on page 711 PARAMETERS These parameters are displayed in the web interface Port Port id...

Page 346: ...g Interface Settings for ARP Inspection DISPLAYING ARP INSPECTION STATISTICS Use the Security ARP Inspection Show Information Show Statistics page to display statistics about the number of ARP packets...

Page 347: ...ackets that failed the destination MAC address test Total ARP packets processed by ARP inspection Count of all ARP packets processed by the ARP Inspection engine ARP packets dropped by additional vali...

Page 348: ...eb interface WEB INTERFACE To display the ARP Inspection log 1 Click Security ARP Inspection 2 Select Show Information from the Step list 3 Select Show Log from the Action list Figure 186 Displaying t...

Page 349: ...s can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addr...

Page 350: ...ist 3 Select the management interface to filter Web SNMP Telnet 4 Enter the IP addresses or range of addresses that are allowed management access to an interface 5 Click Apply Figure 187 Creating an I...

Reviews: