LevelOne GEL-5261 User Manual Download Page 301 | Manualshive

Page: 301 / 570

background image

Chapter 12

| Security Measures

Configuring 802.1X Port Authentication

–

301

–

Security), PEAP (Protected Extensible Authentication Protocol), or TTLS (Tunneled
Transport Layer Security). The client responds to the appropriate method with its
credentials, such as a password or certificate. The RADIUS server verifies the client
credentials and responds with an accept or reject packet. If authentication is
successful, the switch allows the client to access the network. Otherwise, non-EAP

traffic on the port is blocked or assigned to a guest VLAN based on the “intrusion

-

action” setting.

In “multi

-

host” mode, only one host connected to a port needs to

pass authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.

Figure 190: Configuring Port Authentication

802.1x

client

RADIUS

server

1. Client attempts to access a switch port.

2. Switch sends client an identity request.

3. Client sends back identity information.

4. Switch forwards this to authentication server.

5. Authentication server challenges client.

6. Client responds with proper credentials.

7. Authentication server approves access.

8. Switch grants client access to this port.

The operation of 802.1X on the switch requires the following:

◆

The switch must have an IP address assigned.

◆

RADIUS authentication must be enabled on the switch and the IP address of
the RADIUS server specified.

◆

802.1X must be enabled globally for the switch.

◆

Each switch port that will be used must be set to dot1X

“Auto”

mode.

◆

Each client that needs to be authenticated must have dot1X client software
installed and properly configured.

◆

The RADIUS server and 802.1X client support EAP. (The switch only supports
EAPOL in order to pass the EAP packets from the server to the client.)

◆

The RADIUS server and client also have to support the same EAP authentication
type

–

MD5, PEAP, TLS, or TTLS. (Native support for these encryption methods is

provided in Windows 8, 7, Vista and XP, and in Windows 2000 with Service Pack
4. To support these encryption methods in Windows 95 and 98, you can use the
AEGIS dot1x client or other comparable client software)

«
...
299
300
301
302
303
...
»

Summary of Contents for GEL-5261

Page 1: ...GEL 5261 52 Port L2 Managed Gigabit Switch User Manual V1 0 Digital Data Communications Asia Co Ltd http www level1 com...

Page 2: ...User Manual GEL 5261 L2 Managed Gigabit Ethernet Switch with 48 10 100 1000BASE T RJ 45 Ports and 4 Gigabit SFP Ports E062017 ST R01...

Page 3: ...key features It also describes the switch s web browser interface For information on the command line interface refer to the CLI Reference Guide The guide includes these sections Section I Getting Sta...

Page 4: ...uick Start Guide Safety and Regulatory Information Conventions The following conventions are used throughout this guide to show information Note Emphasizes important information or calls your attentio...

Page 5: ...m Defaults 38 Section II Web Configuration 41 2 Using the Web Interface 43 Connecting to the Web Interface 43 Navigating the Web Browser Interface 44 Dashboard 44 Configuration Options 46 Panel Displa...

Page 6: ...87 Configuring Telnet Settings 89 Displaying CPU Utilization 90 Configuring CPU Guard 91 Displaying Memory Utilization 92 Resetting the System 93 4 Interface Configuration 97 Port Configuration 98 Con...

Page 7: ...nfiguring VLAN Groups 149 Adding Static Members to VLANs 152 IEEE 802 1Q Tunneling 156 Enabling QinQ Tunneling onthe Switch 160 Creating CVLAN to SPVLAN Mapping Entries 161 Adding an Interface to a Qi...

Page 8: ...er 3 4 Priority Settings 213 Setting Priority Processing to DSCP or CoS 214 Mapping CoS Priorities to Per hop Behavior 215 Mapping DSCP Priorities to Per hop Behavior 216 10 Quality of Service 219 Ove...

Page 9: ...ring the Secure Shell 270 Configuring the SSH Server 272 Generating the Host Key Pair 273 Importing User Public Keys 275 Access Control Lists 277 Showing TCAM Utilization 278 Setting the ACL Nameand T...

Page 10: ...g ARP Inspection Statistics 330 Displaying the ARP Inspection Log 331 13 Basic Administration Protocols 333 Configuring Event Logging 334 System Log Configuration 334 Remote Log Configuration 336 Send...

Page 11: ...ERPS Global Configuration 412 ERPS Ring Configuration 412 ERPS Forced and Manual Mode Operations 428 LBD Configuration 432 Configuring Global Settings for LBD 433 Configuring Interface Settings for LB...

Page 12: ...les 482 Configuring MLD Filtering and Throttling for Interfaces 485 Filtering MLD Query Packets on an Interface 486 15 IP Tools 489 Using the Ping Function 489 Using the Trace Route Function 491 Addre...

Page 13: ...rvers 530 Configuring Static DNS Host to Address Entries 531 Displaying the DNS Cache 532 Multicast Domain Name Service 533 Dynamic Host Configuration Protocol 534 Specifying a DHCP Client Identifier...

Page 14: ...14 Contents Glossary 551 Index 559...

Page 15: ...79 Figure 13 Configuring NTP 80 Figure 14 Specifying SNTP Time Servers 81 Figure 15 Adding an NTP Time Server 82 Figure 16 Showing the NTP Time Server List 82 Figure 17 Adding an NTP Authentication K...

Page 16: ...18 Figure 46 Configuring Connection Parameters for a Static Trunk 118 Figure 47 Showing Information for Static Trunks 119 Figure 48 Configuring Dynamic Trunks 119 Figure 49 Configuring the LACP Aggreg...

Page 17: ...N Members by Interface Range 156 Figure 81 QinQ Operational Concept 157 Figure 82 Enabling QinQ Tunneling 161 Figure 83 Configuring CVLAN to SPVLAN Mapping Entries 162 Figure 84 Showing CVLAN to SPVLA...

Page 18: ...the Priority for an MST Instance 201 Figure 115 Displaying Global Settings for an MST Instance 201 Figure 116 Adding a VLAN to an MST Instance 202 Figure 117 Displaying Members of an MST Instance 202...

Page 19: ...7 Figure 152 Configuring AAA Accounting Service for Command Service 248 Figure 153 Configuring AAA Accounting Service for Exec Service 248 Figure 154 Displaying a Summary of Applied AAA Accounting Met...

Page 20: ...igure 188 Showing IP Addresses Authorized for Management Access 297 Figure 189 Configuring Port Security 300 Figure 190 Configuring Port Authentication 301 Figure 191 Configuring Global Settings for 8...

Page 21: ...219 Displaying Remote Device Information for LLDP Port 357 Figure 220 Displaying Remote Device Information for LLDP Port Details 358 Figure 221 Displaying Remote Device Information for LLDP End Node 3...

Page 22: ...ing an RMON Statistical Sample 399 Figure 256 Showing Configured RMON Statistical Samples 399 Figure 257 Showing Collected RMON Statistical Samples 400 Figure 258 Configuring a Switch Cluster 402 Figu...

Page 23: ...459 Figure 292 Displaying IGMP Snooping Statistics Port 459 Figure 293 Enabling IGMP Filtering and Throttling 461 Figure 294 Creating an IGMP Filtering Profile 462 Figure 295 Showing the IGMP Filterin...

Page 24: ...e 324 Configuring General Settings for ARP 494 Figure 325 Configuring Static ARP Entries 495 Figure 326 Displaying Static ARP Entries 496 Figure 327 Displaying ARP Entries 496 Figure 328 Displaying AR...

Page 25: ...49 Showing the List of Name Servers for DNS 531 Figure 350 Configuring Static Entries in the DNS Table 532 Figure 351 Showing Static Entries in the DNS Table 532 Figure 352 Showing Entries in the DNS...

Page 26: ...26 Figures...

Page 27: ...Default Mapping of CoS CFI Values to Queue CFI 215 Table 14 Default Mapping of DSCP Values to Queue CFI 217 Table 15 Dynamic QoS Profiles 259 Table 16 HTTPS System Support 267 Table 17 802 1X Statist...

Page 28: ...v6 Neighbors display description 513 Table 32 Show IPv6 Statistics display description 515 Table 33 Show MTU display description 520 Table 34 Options 60 66 and 67 Statements 535 Table 35 Options 55 an...

Page 29: ...rovides an overview of the switch and introduces some basic concepts about network switches It also describes the basic settings required to access the management interface This section includes these...

Page 30: ...30 Section I Getting Started...

Page 31: ...name password RADIUS TACACS Port IEEE 802 1X MAC address filtering SNMP v1 2c Community strings SNMP version 3 MD5 or SHA password Telnet SSH Web HTTPS General Security Measures AAA ARP Inspection DH...

Page 32: ...ing bad frames Spanning Tree Algorithm Supports standard STP Rapid Spanning Tree Protocol RSTP and Multiple Spanning Trees MSTP Virtual LANs Up to 4094 using IEEE 802 1Q port based protocol based voic...

Page 33: ...n is also supported via the IEEE 802 1X protocol This protocol uses Extensible Authentication Protocol over LANs EAPOL to request user credentials from the 802 1X client and then uses the EAP between...

Page 34: ...redundancy by taking over the load if a port in the trunk should fail The switch supports up to 16 trunks Storm Control Broadcast multicast and unknown unicast storm suppression prevents traffic from...

Page 35: ...to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds compared to 30 seconds or more...

Page 36: ...pplication These functions can be used to provide independent priorities for delay sensitive data and best effortdata This switch also supports several common methods of prioritizing layer 3 4 traffic...

Page 37: ...to ensure that it does not interfere with normal network traffic and to guarantee real time delivery by setting the required priority level for the designated VLAN The switch uses IGMP Snooping and Q...

Page 38: ...600 seconds Authentication and Security Measures Privileged Exec Level Username admin Password admin Normal Exec Level Username guest Password guest EnablePrivilegedExecfrom Normal Exec Level Passwor...

Page 39: ...Port Trunking Static Trunks None LACP all ports Disabled Congestion Control Rate Limiting Disabled Storm Control Broadcast Enabled 64 kbits sec Multicast Disabled Unknown Unicast Disabled AutoTrafficC...

Page 40: ...192 168 1 1 Subnet Mask 255 255 255 0 Default Gateway Not configured DHCP Client Enabled DNS Proxy service Disabled BOOTP Disabled ARP Enabled Cache Timeout 20 minutes Multicast Filtering IGMP Snoopin...

Page 41: ...e 63 Interface Configuration on page 97 VLAN Configuration on page 147 Address Table Settings on page 171 Spanning Tree Algorithm on page 181 Congestion Control on page 205 Class of Service on page 20...

Page 42: ...42 Section II Web Configuration IP Services on page 527...

Page 43: ...ure it with a valid IP address subnet mask and default gateway To configure this device as the default gateway use the IP Routing Static Routes Add page set the destination address to the required int...

Page 44: ...password The administrator has Read Write access to all configuration parameters and statistics The default user name and password for the administrator is admin The administrator has full access priv...

Page 45: ...Chapter 2 Using the Web Interface NavigatingtheWebBrowserInterface 45 Figure 1 Dashboard...

Page 46: ...values and restores current values prior to pressing Apply Saves current settings Displays help for the selected page Refreshes the current page Displays the site map Logs out of the management interf...

Page 47: ...Sets the startup file 72 Show Shows the files stored in flash memory allows deletion of files 73 Time 77 Configure General Manual Manually sets the current time 78 SNTP Configures SNTP polling interva...

Page 48: ...and configures thresholds for alarm and warning messages for optical transceivers which support DDM Cable Test Performs cablediagnostics for selected porttodiagnose any cable faults short open etc an...

Page 49: ...history for specified interfaces 106 Green Ethernet Adjusts the power provided to ports based on the length of the cable 131 Mirror 132 Add Sets the source and target ports for mirroring 132 Show Show...

Page 50: ...ng 168 MAC Address 171 Dynamic Configure Aging Sets timeout for dynamically learned entries 173 Show Dynamic MAC Displays dynamic entries in the address table 171 Clear Dynamic MAC Removes any learned...

Page 51: ...ets the input and output rate limits for a port 205 Storm Control Sets the broadcast storm threshold for each interface 206 Priority Default Priority Sets the default priority for each port or trunk 2...

Page 52: ...ure Server Configures RADIUS and TACACS server message exchange settings 238 Configure Group 238 Add Specifies a group of authentication servers and sets the priority 238 sequence Show Shows the authe...

Page 53: ...re Host Key 273 Generate Generates the host key pair public and private 273 Show Displays RSA and DSA host keys deletes host keys 273 Configure User Key 275 Copy Imports user public keys from a TFTP s...

Page 54: ...authentication and EAPOL pass through 302 Configure Interface Sets authentication parameters for individual ports 302 Show Statistics Displays protocol statistics for the selected port 306 DoS Protect...

Page 55: ...remote logging process 336 SMTP Sends an SMTP client message to a participating server 337 LLDP 339 Configure Global Configures global LLDP timing parameters 339 Configure Interface 341 Configure Gene...

Page 56: ...roup 370 Add Adds a group with access policies for assigned users 370 Show Shows configured groups and access policies 370 Configure User Add Community Configures community strings and access mode 375...

Page 57: ...in the history group 395 Statistics Shows sampled data for each entry in the history group 398 Time Range Configures the time to apply an ACL 405 Add Specifies the name of a time range 405 Show Shows...

Page 58: ...configuration or link local 504 address and sets related protocol settings Add IPv6 Address Adds an global unicast EUI 64 or link local IPv6 address to an interface 509 Show IPv6 Address Show the IPv...

Page 59: ...st 440 Multicast Router 444 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 444 Show Static Multicast Router Displays ports statically configured as attac...

Page 60: ...ast Router 468 Add Static Multicast Router Assigns ports that are attached to a neighboring multicast router 468 Show Static Multicast Router Displays ports statically configured as attached to a neig...

Page 61: ...NavigatingtheWebBrowserInterface Table 4 Switch Main Menu Continued Menu Description Page Summary Shows summary statistics for querier and report leave messages 470 Clear Clears all MLD statics or st...

Page 62: ...62 Chapter 2 Using the Web Interface NavigatingtheWebBrowserInterface...

Page 63: ...rating software or configuration files and set the system start up files Setting the System Clock Sets the current time manually or through specified NTP or SNTP servers Configuring the Console Port S...

Page 64: ...of device type System Object ID MIB II object ID for switch s network management subsystem System Up Time Length of time the management agent has been up System Name Name assigned to the switch system...

Page 65: ...he serial number of the switch Number of Ports Number of built in ports Hardware Version Hardware version of the main board Main Power Status Displays the status of the internal power supply Managemen...

Page 66: ...or trunks Compared to standard Ethernet frames that run only upto 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields Usage Guidel...

Page 67: ...ticast Filtering Services This switch does not support the filtering of individual multicast addresses based on GMRP GARP Multicast Registration Protocol Traffic Classes This switch provides mapping o...

Page 68: ...egress status VLAN Tagged or Untagged on each port Refer to VLAN Configuration on page 147 Max Supported VLAN Numbers The maximum number of VLANs supported on this switch Max Supported VLAN ID The max...

Page 69: ...ransferring files between two network devices over an SSH2 secured connection SFTP functions similar to Secure Copy SCP using SSH for user authentication and data encryption Although the underlying pr...

Page 70: ...the runtime firmware can be stored in the file directory on the switch Note The maximum number of user defined configuration files is limited only by available flash memoryspace Note The file Factory...

Page 71: ...e subsequently set as the startup file Parameters The following parameters are displayed Copy Type The copy operation includes this option Running Config Copies the current configuration settings to a...

Page 72: ...the System Reset menu Setting the Start up File Use the System File Set Start Up page to specify the firmware or configuration file to use for system initialization Web Interface To set a file to use...

Page 73: ...o automatically download an operation code file when a file newer than the currently installed one is discovered on the file server After the file is transferred from the server and successfully writt...

Page 74: ...if the upgrade file is stored as Level1 2651 bix on a case sensitive server then the switch requesting level1 5261 bix will not be upgraded because the server does not recognize the requested file na...

Page 75: ...structures are accepted The directory name must be separated from the host and in nested directory structures from the parent directory with a prepended forward slash The forward slash must be the la...

Page 76: ...password and file location options presented ftp 192 168 0 1 The user name and password are empty so anonymous will be the user name and the password will be blank The image file is in the FTP root di...

Page 77: ...estart Setting the System Clock Simple Network Time Protocol SNTP allows the switch to set its internal clock based on periodic updates from a time server SNTP or NTP Maintaining an accurate time on t...

Page 78: ...switch Hours Sets the hour Range 0 23 Minutes Sets the minute value Range 0 59 Seconds Sets the second value Range 0 59 Month Sets the month Range 1 12 Day Sets the day of the month Range 1 31 Year Se...

Page 79: ...b Interface To set the polling interval for SNTP 1 Click System then Time 2 Select Configure General from the Step list 3 Select SNTP from the Maintain Type list 4 Modify the polling interval if requi...

Page 80: ...sts for a time update from NTP servers Fixed 1024seconds Web Interface To set the clock maintenance type to NTP 1 Click System then Time 2 Select Configure General from the Step list 3 Select NTP from...

Page 81: ...Specifying SNTP Time Servers Specifying NTP Time Servers Use the System Time Configure Time Server Add NTP Server page to add the IP address for up to 50 NTP time servers Parameters The following para...

Page 82: ...Range 1 65535 Web Interface To add an NTP time server to the server list 1 Click System then Time 2 Select Configure Time Server from the Step list 3 Select Add NTP Server from the Action list 4 Enter...

Page 83: ...eys can be configured on the switch Range 1 65535 Key Context An MD5 authentication key string The key string can be up to 32 case sensitive printable ASCII characters no spaces NTP authentication key...

Page 84: ...s The following parameters are displayed Predefined Configuration A drop down box provides access to the 80 predefined time zone configurations Each choice indicates it s offset from UTC and lists at...

Page 85: ...ers are displayed in the web interface General Configuration Summer Time in Effect Shows if the system time has been adjusted Status Shows if summer time is set to take effect during the specified per...

Page 86: ...s your summer time zone deviates from your regular time zone Offset Summer time offset from the regular time zone in minutes Range 1 120 minutes From Start time for summer timeoffset To End time for s...

Page 87: ...imeout interval the connection is terminated for the session Range 10 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is...

Page 88: ...ce connected to the serial port Range 9600 19200 38400 57600 or 115200 baud Default 115200 baud Note The password for the console connection can only be configured through the CLI see the password com...

Page 89: ...gin Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is not detected within the timeout interval the connection is terminated for the session Range 10...

Page 90: ...s required 3 Click Apply Figure 22 Telnet Connection Settings Displaying CPU Utilization Use the System CPU Utilization page to display information on CPU utilization Parameters The following paramete...

Page 91: ...already in the buffer until usage time falls below the low watermark Range 40 100 Default 90 Low Watermark If packet flow has been stopped after exceeding the high watermark normal flow will be resto...

Page 92: ...h the minimum threshold before the alarm is terminated and then exceed the maximum threshold again before another alarm is triggered Current Threshold Shows the configured threshold in packets per sec...

Page 93: ...ored in non volatile memory See Saving the Running Configuration to a Local File on page 71 Parameters The following parameters are displayed System Reload Information Reload Settings Displays informa...

Page 94: ...Range 01 31 MM The month at which to reload Range 01 12 YYYY The year at which to reload Range 1970 2037 HH The hour at which to reload Range 00 23 MM The minute at which to reload Range 00 59 Regula...

Page 95: ...95 Chapter 3 Basic Management Tasks Resetting the System 5 When prompted confirm that you want reset theswitch Figure 26 Restarting the Switch Immediately Figure 27 Restarting the Switch In...

Page 96: ...96 Chapter 3 Basic Management Tasks Resetting the System Figure 28 Restarting the Switch At Figure 29 Restarting the Switch Regularly...

Page 97: ...iguring Transceiver Thresholds Configures thresholds for alarm and warning messages for optical transceivers which support DDM Cable Test Performs cable diagnostics on the specified port Trunk Configu...

Page 98: ...d at 100full for 100BASE FX transceivers and 1000full for Gigabit transceivers When auto negotiation is enabled the only attributes which can be advertised include flow control and symmetric pause fra...

Page 99: ...e switch when its buffers fill When enabled back pressure is used for half duplex operation and IEEE 802 3 2005 formally IEEE 802 3x for full duplex operation Default Autonegotiation enabled Advertise...

Page 100: ...rtise or manually fix the speed duplex mode and flow control Parameters Except for the trap command refer to Configuring by Port List on page 98 for more information on command usage and a description...

Page 101: ...Admin Shows if the port is enabled or disabled Oper Status Indicates if the link is Up orDown Shutdown Reason Shows the reason this interface has been shut down if applicable Some of the reasons for...

Page 102: ...d to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different fra...

Page 103: ...iscarded or not sent Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Transmitted Broadc...

Page 104: ...able indication of Ethernet utilization Received Packets The total number of packets bad broadcast and multicast received Broadcast Packets The total number of good packets received that were directed...

Page 105: ...list of port statistics 1 Click Interface Port Statistics 2 Select the statistics mode to display Interface Etherlike RMON or Utilization 3 Select a port from the drop down list 4 Use the Refresh butt...

Page 106: ...e Trunk History page to display statistical history for the specified interfaces Command Usage For a description of the statistics displayed on these pages see Showing Port or Trunk Statistics on page...

Page 107: ...take Show Details Mode Status Shows the sample parameters Current Entry Shows current statistics for the specified port and named sample Input Previous Entries Shows statistical history for ingress t...

Page 108: ...Show from the Action menu 3 Select an interface from the Port or Trunklist Figure 36 Showing Entries for History Sampling To show the configured parameters for a sampling entry 1 Click Interface Port...

Page 109: ...urrent interval of a sample entry 1 Click Interface Port Statistics or Interface Trunk Statistics 2 Select Show Details from the Action menu 3 Select Current Entry from the options forMode 4 Select an...

Page 110: ...laying Transceiver Data Use the Interface Port Transceiver page to display identifying information and operational for optical transceivers which support Digital Diagnostic Monitoring DDM Parameters T...

Page 111: ...Data Configuring Transceiver Thresholds Use the Interface Port Transceiver page to configure thresholds for alarm and warning messages for optical transceivers which support Digital Diagnostic Monito...

Page 112: ...ning message when the high threshold is crossed Low Alarm Sends an alarm message when the low threshold is crossed Low Warning Sends a warning message when the low threshold is crossed The configurabl...

Page 113: ...default or manual settings 4 Set alarm and warning thresholds if manual configuration is used 5 Click Apply Figure 41 Configuring Transceiver Thresholds Performing Cable Diagnostics Use the Interface...

Page 114: ...o cable Not tested Not Supported This message is displayed for any Gigabit Ethernet ports linked up at a speed lower than 1000 Mbps Unknown Unknown error Ports are linked down while running cable diag...

Page 115: ...h The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link andthe switches must comply withthe...

Page 116: ...a connection must be configured as trunk ports When configuring static trunks on switches of different types they must be compatible with the Cisco EtherChannel standard The ports at both ends of a tr...

Page 117: ...g the ports and also disconnect the ports before removing a static trunk via the configuration interface Parameters These parameters are displayed Trunk ID Trunk identifier Range 1 8 Member The initia...

Page 118: ...port for an additional trunkmember 6 Click Apply Figure 45 Adding Static Trunks Members To configure connection parameters for a static trunk 1 Click Interface Trunk Static 2 Select Configure General...

Page 119: ...Dynamic Trunks dynamically enabled active links backup link configured members Command Usage To avoid creating a loop in the network be sure you enable LACP before connecting the ports and also discon...

Page 120: ...gure Aggregation Port Actor Partner used by the interfaces that joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 If the port channel admin key is set...

Page 121: ...plies to its administrative state not its operational state Note Configuring the partner admin key does not affect remote or local switch operation The local switch just records the partner admin key...

Page 122: ...s established with that port Note Configuring the port partner sets the remote side of an aggregate link i e theportsontheattacheddevice Thecommandattributeshavethesamemeaning as those used for the po...

Page 123: ...Port To configure LACP parameters for group members 1 Click Interface Trunk Dynamic 2 Select Configure Aggregation Port from the Step list 3 Select Configure from the Action list 4 Click Actor or Par...

Page 124: ...ct a Trunk Figure 52 Showing Members of a Dynamic Trunk To configure connection parameters for a dynamic trunk 1 Click Interface Trunk Dynamic 2 Select Configure Trunk from the Step list 3 Select Conf...

Page 125: ...d LACPDUs received on this channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker U...

Page 126: ...min State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expiredstate Defaulted The actor s receive machine is using defa...

Page 127: ...c transmission of LACPDUs uses a slow transmission rate LACP Activity Activity control value withregard tothislink 0 Passive 1 Active Web Interface To display LACP settings and status for the local si...

Page 128: ...Operational port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Prior...

Page 129: ...his mode works best for switch to router trunk links where traffic through the switch is destined for many different hosts Do not use this mode for switch to server trunk links where the destination I...

Page 130: ...This mode works best for switch to switch trunk links where traffic through the switch is received from many different hosts Parameters These parameters are displayed for the load balance mode Destin...

Page 131: ...ry entering Sleep Mode In this mode the low power energy detection circuit continuously checks for energy on the cable If none is detected the MAC interface is also powered down to save additional ene...

Page 132: ...abling Power Savings Configuring Local Port Mirroring Use the Interface Port Mirror page to mirror traffic from any source port to a target port for real time analysis You can then attach a logic anal...

Page 133: ...ot mirrored to the target port Parameters These parameters are displayed Source Port The port whose traffic will be monitored Target Port The port that will mirror the traffic on the source port Type...

Page 134: ...n the specified source ports for each session over a user specified VLAN dedicated to that RSPAN session in all participating switches Monitored traffic from one or more sources is copied onto the RSP...

Page 135: ...role Intermediate the RSPAN VLAN and the uplink port s 4 Set up the destination switch on the RSPAN configuration page by specifying the mirror session the switch s role Destination the destination po...

Page 136: ...dicates whether or not RSPAN is currently functioning Switch Role Specifies the role this switch performs in mirroring traffic None This switch will not participate in RSPAN Source Specifies this devi...

Page 137: ...e switch per session but a destination port can be configured on more than one switch for the same session Also note that a destination port can still send and receive switched traffic and participate...

Page 138: ...fic present on their network The sFlow Agent samples 1 out of n packets from all data traversing the switch re encapsulates the samples as sFlow datagrams and transmits them to the sFlow Collector Thi...

Page 139: ...ure Receiver Add page to create an sFlow receiver on the switch Parameters These parameters are displayed Receiver Owner Name2 The name of the receiver Range 1 256 characters Default None Receiver Tim...

Page 140: ...oad Range 200 1500 bytes Datagram Version Sends either v4 or v5 sFlow datagrams to the receiver Web Interface To configure an sFlow receiver 1 Click Interface sFlow 2 Select Configure Receiver from th...

Page 141: ...face that polls periodically based on a specified time interval or an sFlow data source instance for a specific interface that takes samples periodically based on the number of packets processed Data...

Page 142: ...g an sFlow Instance Web Interface To show configured instances 1 Click Interface sFlow 2 Select Configure Details from the Step list 3 Select Show from the Action list 4 Select the owner name from the...

Page 143: ...link ports used by other clients allowing different clients to share access to their uplink ports where security is less likely to be compromised Enabling Traffic Segmentation Use the Interface Traffi...

Page 144: ...nfigure Global page see page 143 When traffic segmentation is disabled all ports operate in normal forwarding mode based on the settings specified by other functions such as VLANs and spanning tree pr...

Page 145: ...ng the direction to uplink or downlink Default Uplink Interface Displays a list of ports ortrunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 8 Web Interface To configure the member...

Page 146: ...raffic Segmentation To show the members of the traffic segmentation group 1 Click Interface Traffic Segmentation 2 Select Configure Session from the Step list 3 Select Show from the Action list Figure...

Page 147: ...adcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 80...

Page 148: ...LAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or mo...

Page 149: ...s can be assigned to multiple tagged or untagged VLANs Each port on the switch is therefore capable of passing tagged or untagged frames When forwarding a frame from this switch along a path that cont...

Page 150: ...ress to a VLAN see Setting the Switch s IP Address IP Version 4 on page 499 Show VLAN ID ID of configured VLAN VLAN Name Name of the VLAN Status Operational status of configured VLAN Remote VLAN Shows...

Page 151: ...VLAN groups 1 Click VLAN Static 2 Select Modify from the Action list 3 Select the identifier of a configured VLAN 4 Modify the VLAN name or operational status as required 5 Enable the L3 Interface fi...

Page 152: ...ey are connected to 802 1Q VLAN compliant devices or untagged they are not connected to any VLAN aware devices Or configure a port as forbidden to prevent the switch from automatically adding it to a...

Page 153: ...for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled and a port receives frames tagged...

Page 154: ...unk Range Displays a list of ports Range 1 8 Note The PVID acceptable frame type and ingress filtering parameters for each interface within the specified range must be configured on either the Edit Me...

Page 155: ...LAN Members by Interface To configure static members by interface range 1 Click VLAN Static 2 Select Edit Member by Interface Range from the Action list 3 Set the Interface type to display as Port orT...

Page 156: ...e intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 QinQ tunneling uses a single Service Provider VLAN SPVLAN for customers who have multiple VLANs Cus...

Page 157: ...LAN 20 Customer B VLANs 1 50 Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets No matter how many tags the incoming packet has...

Page 158: ...ned to be a Customer VLAN CVLAN tag The uplink port s PVID VLAN native tag is added to the packet This outer tag is used for learning and switching packets within the service provider s network The TP...

Page 159: ...ffic to reduce the risk of misconfiguration Instead use VLAN 1 as a management VLAN instead of a data VLAN in the service provider network There are some inherent incompatibilities between Layer 2 and...

Page 160: ...hexadecimal 0800 FFFF Default 8100 Use this field to set a custom 802 1Q ethertype value for the 802 1Q Tunnel TPID This feature allows the switch to interoperate with third party switches that do no...

Page 161: ...56 When priority bits are found in the inner tag these are also copied to the outer tag This allows the service provider to differentiate service based on the indicated priority and appropriate method...

Page 162: ...ect Add from the Action list 4 Select an interface from the Port list 5 Specify the CVID to SVID mapping for packets exiting the specified port 6 Click Apply Figure 83 Configuring CVLAN to SPVLAN Mapp...

Page 163: ...nonstandard 2 byte ethertype to identify 802 1Q tagged frames Then use the Configure Interface page to set the access interface on the edge switch to Access mode and set the uplink interface on the s...

Page 164: ...rotocol When a frame is received at a port its VLAN membership can then be determined based on the protocol type being used by the inbound packets Command Usage To configure protocol based VLANs follo...

Page 165: ...raffic which matches IP Protocol Ethernet Frames is mapped to the VLAN VLAN 1 that has been configured with the switch s administrative IP IP Protocol Ethernet traffic must not be mapped to another VL...

Page 166: ...roup to a VLAN for each interface that will participate in the group Command Usage When creating a protocol based VLAN only assign interfaces using this configuration screen If you assign interfaces u...

Page 167: ...ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 Priority The priority assigned to untagged ingres...

Page 168: ...Mapping Configuring MAC based VLANs Use the VLAN MAC Based page to configure VLAN based on MAC addresses The MAC based VLAN feature assigns VLAN IDs to ingress untagged frames according to source MAC...

Page 169: ...i e it cannot be 101 or 001 A mask for the MAC address 00 50 6e 00 5f b1 translated into binary MAC 00000000 01010000 01101110 00000000 01011111 10110001 could be 11111111 11xxxxxx xxxxxxxx xxxxxxxx...

Page 170: ...nfiguration Configuring MAC based VLANs 170 Figure 90 Configuring MAC Based VLANs To show the MAC addresses mapped to a VLAN 1 Click VLAN MAC Based 2 Select Show from the Action list Figure 91 Showing...

Page 171: ...fication Traps Issue trap when a dynamic MAC address is added or removed Displaying the Dynamic Address Table Use the MAC Address Dynamic Show Dynamic MAC page to display the MAC addresses learned by...

Page 172: ...r Interface 4 Enter the search parameters MAC Address VLAN orInterface 5 Click Query Figure 92 Displaying the Dynamic MAC Address Table Clearing the Dynamic Address Table Use the MAC Address Dynamic C...

Page 173: ...g Entries in the Dynamic MAC Address Table Changing the Aging Time Use the MAC Address Dynamic Configure Aging page to set the aging time for entries inthe dynamic address table The aging timeis usedt...

Page 174: ...ccepted as authorized to access the network through that interface Dynamic addresses stored in the address table when MAC address learning is disabled are flushed from the system and no dynamic addres...

Page 175: ...st of ports ortrunks Port Port Identifier Range 1 52 Trunk Trunk Identifier Range 1 8 Status The status of MAC address learning Default Enabled Web Interface To enable or disable MAC address learning...

Page 176: ...l not be written to the address table Static addresses will not be removed from the address table when a given interface link is down A static address cannot be learned on another port until the addre...

Page 177: ...the Action list 3 Specify the VLAN the port or trunk to which the address will be assigned the MAC address and the time to retain this entry 4 Click Apply Figure 96 Configuring Static MAC Addresses T...

Page 178: ...ifies the interval between issuing two consecutive traps Range 1 3600 seconds Default 1 second Configure Interface Port Port Identifier Range 1 52 MAC Notification Trap Enables MAC authentication trap...

Page 179: ...enable MAC address traps at the interface level 1 Click MAC Address MAC Notification 2 Select Configure Interface from the Step list 3 Enable MAC notification traps for the required ports 4 Click App...

Page 180: ...Chapter 6 Address Table Settings Issuing MAC Address Traps 180...

Page 181: ...etwork and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions STP Spanning Tree Protocol IEEE...

Page 182: ...earning predefining an alternate route that can be used when a node or port fails and retaining the forwarding database for ports insensitive to changes in the tree structure when reconfiguration occu...

Page 183: ...nce MSTI the protocol will automatically build an MSTI tree to maintain connectivity among each of the VLANs MSTP maintains contact with the global network because each instance is treated as an RSTP...

Page 184: ...eased from discard mode This is only available if the interface is configured for manual release mode Action Sets the response for loopback detection to block user traffic or shut down the interface D...

Page 185: ...VLANs we recommend selecting the MSTP option Rapid Spanning Tree Protocol3 RSTP supports connections to either STP or RSTP nodes by monitoring the incoming protocol messages and dynamically adjusting...

Page 186: ...rotocol IEEE 802 1D i e when this option is selected the switch will use RSTP set to STP forced compatibility mode RSTP Rapid Spanning Tree IEEE 802 1w RSTP is the default MSTP Multiple Spanning Tree...

Page 187: ...1 65535 Transmission Limit The maximum transmission rate for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 When the...

Page 188: ...umber of MSTP instances to which this switch can be assigned Configuration Digest An MD5 signature key that contains the VLAN ID to MST ID mapping table Inother words this key is a mapping ofall VLANs...

Page 189: ...189 Chapter 7 Spanning Tree Algorithm Configuring Global Settings for STA 5 Click Apply Figure 104 Configuring Global Settings for STA STP Figure 105 Configuring Global Settings for STA RSTP...

Page 190: ...items Bridge ID A unique identifier for this bridge consisting of the bridge priority the MST Instance ID 0 for the Common Spanning Tree when spanning tree type is set to MSTP and MAC address where t...

Page 191: ...figuring Interface Settings for STA Use the Spanning Tree STA Configure Interface Configure page to configure RSTP and MSTP attributes for specific interfaces including port priority path cost link ty...

Page 192: ...ttached to faster media and higher values assigned to ports with slower media Note that path cost takes precedence over port priority Range 0 for auto configuration 1 65535 for the short path cost met...

Page 193: ...ports will still have the same root path cost and it will be impossible for i2 to become the root port just by changing its path cost on SW3 For RSTP mode the root port can be determined simply by adj...

Page 194: ...terface cannot function as an edge port under the following conditions If spanning tree mode is set to STP page 185 edge port mode cannot automatically transition to operational edge port state using...

Page 195: ...ther administrative edge is enabled on a port BPDU filtering is configured on a per port basis Default Disabled BPDU filter can only be configured on an interface if the edge port attribute is not dis...

Page 196: ...anning Tree Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter wit...

Page 197: ...is parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration on page 191 Oper Edge Port This parameter is initialized to the setti...

Page 198: ...for determining the port role is based on root bridge ID root path cost designated bridge designated port port priority and port number in that order and as applicable to the role under question Web I...

Page 199: ...MSTI Region page 185 with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions...

Page 200: ...the MST instance identifier and the initial VLAN member Additional member can be added using the Spanning Tree MSTP Configure Global Add Member page If the priority is not specified the default value...

Page 201: ...e priority for an MSTP Instance 5 Click Apply Figure 114 Modifying the Priority for an MST Instance To display global settings for MSTP 1 Click Spanning Tree MSTP 2 Select Configure Global from the St...

Page 202: ...ect an MST instance from the MST IDlist 5 Enter the VLAN group to add to the instance in the VLAN ID field Note that the specified member does not have to be a configured VLAN 6 Click Apply Figure 116...

Page 203: ...e the same the port with the highest priority i e lowest value will be configured as an active link in the Spanning Tree This makes a port with higher priority less likely to be blocked if the Spannin...

Page 204: ...rface from the Step list 3 Select Configure from the Action list 4 Enter the priority and path cost for aninterface 5 Click Apply Figure 118 Configuring MSTP Interface Settings To display MSTP paramet...

Page 205: ...the maximum rate for traffic received or transmitted on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into or out of the network Packets that exceed...

Page 206: ...onfigured If there is too much traffic on your network performance can be severely degraded or everything can come to complete halt You can protect your network from traffic storms by setting a thresh...

Page 207: ...oadcast Specifies storm control for broadcast traffic Status Enables or disables storm control Default Enabled for broadcast storm control disabled for multicast and unknown unicast storm control Rate...

Page 208: ...Chapter 8 Congestion Control Storm Control 208 Figure 121 Configuring Storm Control...

Page 209: ...s This section describes how to configure the default priority for untagged frames set the queue mode set the weights assigned to each queue and map class of service tags to queues Setting the Default...

Page 210: ...ure 122 Setting the Default Port Priority Selecting the QueueMode Use the Traffic Priority Queue page to set the queue mode for the egress queues on any interface The switch can be set to service the...

Page 211: ...ed queue mode applies to all interfaces Parameters These parameters are displayed Queue Mode Strict Services the egress queues in sequential order transmitting all traffic in the higher priority queue...

Page 212: ...eighted queue mode is selected the queue weight can be modified if required 4 If the queue mode that uses a combination of strict and weighted queueing is selected the queues which are serviced first...

Page 213: ...s are enabled the priorities are mapped to a Class of Service value by the switch and the traffic then sent to the corresponding output queue Because different priority information may be contained in...

Page 214: ...riority processing if the packet is tagged For an untagged packet the default port priority see page 209 is used for priority processing Ifthe QoS mapping modeissettoCoS andthe ingresspackettype is IP...

Page 215: ...4 0 5 5 0 5 0 6 6 0 6 0 7 7 0 7 0 Enter the per hop behavior for CoS CFI paired values If a packet arrives with a 802 1Q header but it is not an IP packet then the CoS CFI to Queue mapping table is us...

Page 216: ...the three precedence bits so that non DSCP compliant ToS enabled devices will not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds...

Page 217: ...1 0 3 0 3 0 3 0 3 0 3 0 3 0 3 3 0 3 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 0 4 5 0 5 0 5 0 5 0 5 0 5 0 5 0 5 0 6 0 6 0 5 6 0 6 0 6 0 6 0 6 0 6 0 7 0 7 0 7 0 7 0 6 7 0 7 0 7 0 7 0 The ingress DSCP is composed...

Page 218: ...218 Chapter 9 Class of Service Layer 3 4 Priority Settings Figure 128 Configuring DSCP to Queue Mapping...

Page 219: ...cies different kinds of traffic can be marked for different kinds offorwarding All switches or routers that access the Internet rely on class information to provide the same forwarding treatment to pa...

Page 220: ...also be configured to monitor the maximum throughput and burst rate Then specify the action to take for conforming traffic or the action to take for a policy violation 5 Use the Configure Interface pa...

Page 221: ...of ACL can be specified including standard or extended IPv4 IPv6 ACLs and MAC ACLs IP DSCP A DSCP value Range 0 63 IP Precedence An IP Precedence value Range 0 7 IPv6 DSCP A DSCP value contained in a...

Page 222: ...it the rules for a class map 1 Click Traffic DiffServ 2 Select Configure Class from the Step list 3 Select Add Rule from the Action list 4 Select the name of a classmap 5 Specify type of traffic for t...

Page 223: ...requires several steps A class map must first be configured which indicates how to match the inbound packets according to an access list a DSCP or IP Precedence value a member of specific VLAN or a C...

Page 224: ...f CoS CFI Values to Queue CFI on page 215 Meter Check this to define the maximum throughput Meter Mode Rate Limit Applies rate limiting to ingress or egress ports This function allows the network mana...

Page 225: ...from the Action list Figure 134 Showing Policy Maps To edit the rules for a policy map 1 Click Traffic DiffServ 2 Select Configure Policy from the Step list 3 Select Add Rule from the Action list 4 S...

Page 226: ...m the Step list 3 Select Show Rule from the Action list Figure 136 Showing the Rules for a Policy Map Attaching a Policy Map to a Port Use the Traffic DiffServ Configure Interface page to bind a polic...

Page 227: ...ess traffic Web Interface To bind a policy map to a port 1 Click Traffic DiffServ 2 Select Configure Interface from the Step list 3 Check the box under the Ingress field to enable a policy map for a p...

Page 228: ...228 Chapter 10 Quality of Service Attaching a Policy Map to a Port...

Page 229: ...ket delays packet loss and jitter This is best achieved by assigning all VoIP traffic to a single Voice VLAN The use of a Voice VLAN has several advantages It provides security by isolating the VoIP t...

Page 230: ...mode see Adding Static Members to VLANs on page 152 Parameters These parameters are displayed Auto Detection Status Enables the automatic detection of VoIP traffic on switch ports Default Disabled Voi...

Page 231: ...ers are displayed Telephony OUI Specifies a MAC address range to add to the list Format xx xx xx xx xx xx Mask Identifies a range of MAC addresses Setting a mask of FF FF FF 00 00 00 identifies all de...

Page 232: ...VoIP Traffic Ports Use the Traffic VoIP Configure Interface page to configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic pri...

Page 233: ...ic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source MAC address OUI numbers are assigned to vendors and form the first three octets of a device MAC address MAC...

Page 234: ...ise if the VoIP Mode is Disabled or set to Manual the remaining age will display NA Web Interface To configure VoIP traffic settings for a port 1 Click Traffic VoIP 2 Select Configure Interface from t...

Page 235: ...e MAC authentication intrusion response dynamic VLAN assignment and dynamic QoS assignment HTTPS Provide a secure web connection SSH Provide a secure shell for secure Telnetaccess ACL Access Control L...

Page 236: ...ns require the use of configured RADIUS or TACACS servers in the network The security servers can be defined as sequential groups that are applied as a method for controlling user access to specified...

Page 237: ...y default management access is always checked against the authentication database stored on the local switch If a remote authentication server is used you must specify the authentication sequence Then...

Page 238: ...on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege...

Page 239: ...obal Provides globally applicable RADIUS settings Server Index Specifies one of five RADIUS servers that may be configured The switch attempts authentication using the listed sequence of servers The p...

Page 240: ...the request Range 1 65535 Default 5 Authentication Retries Number of times the switch tries to authenticate logon access via the authentication server Range 1 30 Default 2 Set Key Mark this box to set...

Page 241: ...ver from the Step list 3 Select RADIUS or TACACS server type 4 Select Global to specify the parameters that apply globally to all specified servers or select a specific Server Index to specify the par...

Page 242: ...DIUS or TACACS server groups to use for accounting and authorization 1 Click Security AAA Server 2 Select Configure Group from the Step list 3 Select Add from the Action list 4 Select RADIUS or TACACS...

Page 243: ...e configured accounting methods the methods applied to specific interfaces and basic accounting information recorded for user sessions Command Usage AAA authentication through a RADIUS or TACACS serve...

Page 244: ...p names radius and tacacs specifies all configured RADIUS and TACACS hosts see Configuring Local Remote Logon Authentication on page 237 Any other group name refers to a server group configured on the...

Page 245: ...ules apply This field is null if the accounting method and associated server group has not been assigned to an interface Show Information Statistics User Name Displays a registered username Accounting...

Page 246: ...from the Step list 3 Select Add from the Action list 4 Select the accounting type 802 1X Command Exec 5 Specify the name of the accounting method and server group name 6 Click Apply Figure 149 Config...

Page 247: ...to specific interfaces console commands entered at specific privilege levels and local console Telnet or SSH connections 1 Click Security AAA Accounting 2 Select Configure Service from the Step list 3...

Page 248: ...ccounting Service for Command Service Figure 153 Configuring AAA Accounting Service for Exec Service To display a summary of the configured accounting methods and assigned server groups for specified...

Page 249: ...3 Click Statistics Figure 155 Displaying Statistics for AAA Accounting Sessions Configuring AAA Authorization Use the Security AAA Authorization page to enable authorization of requested services and...

Page 250: ...Remote Logon Authentication on page 237 Any other group name refers to a server group configured on the TACACS Group Settings page Authorization is only supported for TACACS servers Configure Service...

Page 251: ...Select Configure Method from the Step list 3 Specify the name of the authorization method and server group name 4 Click Apply Figure 156 Configuring AAA Authorization Methods To show the authorizatio...

Page 252: ...elect Configure Service from the Step list 3 Enter the required authorization method 4 Click Apply Figure 158 Configuring AAA Authorization Methods for Exec Service To display a the configured authori...

Page 253: ...0 7 provide the same default access to a limited number of commands which display the current status of the switch as well as several database clear and reset functions These commands are equivalent t...

Page 254: ...words Password Specifies the user password Range 0 32 characters case sensitive Confirm Password Re type the string entered in the previous field to ensure no errors were made The switch will not chan...

Page 255: ...originally requested web page Successful authentication is valid for all hosts connected to the port Note RADIUS authentication must be activated and configured properly for the web authentication fe...

Page 256: ...t 3 Enable web authentication globally on the switch and adjust any of the protocol parameters as required 4 Click Apply Figure 162 Configuring Global Settings for Web Authentication Configuring Inter...

Page 257: ...ost addresses that need to be re authenticated and click Re authenticate Figure 163 Configuring Interface Settings for Web Authentication Network Access MAC Address Authentication Some devices connect...

Page 258: ...namic entries in the switch secure MAC address table and are removed when the aging time expires The maximum number of secure MAC addresses supported for the switch system is 1024 Configured static MA...

Page 259: ...is used For example if the attribute is service policy in p1 service policy in p2 then the switch applies only the DiffServ profile p1 Any unsupported profiles in the Filter ID attribute are ignored F...

Page 260: ...e MAC Address Authentication process described in this section as well as to any secure MAC addresses authenticated by 802 1X regardless of the 802 1X Operation Mode Single Host Multi Host or MAC Base...

Page 261: ...this section Range 1 1024 Default 1024 Network Access Max MAC Count6 Sets the maximum number of MAC addresses that can be authenticated on a port interface via all forms of authentication including Ne...

Page 262: ...ess and the host is assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses mapped to that port are cleared from the secure MAC a...

Page 263: ...is no limitation on the number of entries used in a filter table Parameters These parameters are displayed Filter ID Adds a filter rule for the specified filter Range 1 64 MAC Address The filter rule...

Page 264: ...167 Showing the MAC Address Filter Table for Network Access Displaying Secure MACAddress Information Use the Security Network Access Show Information page to display the authenticated MAC addresses s...

Page 265: ...ss Time The time when the MAC address was last authenticated Attribute Indicates a static or dynamic address Web Interface To display the authenticated MAC addresses stored in the secure MAC address t...

Page 266: ...ecify the TCP port used for this service Command Usage Both the HTTP and HTTPS service can be enabled independently on the switch However you cannot configure both services to use the same TCP port HT...

Page 267: ...ndows 7 8 10 Linux Google Chrome 59 or later Windows 7 8 10 To specify a secure site certificate see Replacing the Default Secure site Certificate on page 268 Note Connection to the web interface is n...

Page 268: ...you must obtain a unique certificate and a private key and password from a recognized certification authority Caution For maximum security we recommend you obtain a unique Secure Sockets Layer certifi...

Page 269: ...ype the string entered in the previous field to ensure no errors were made The switch will not download the certificate if these two fields do not match Delete Deletes the HTTPS secure site certificat...

Page 270: ...cation If password authentication is specified by the SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the System...

Page 271: ...SH server on the switch 6 Authentication One of the following authentication methods is employed Password Authentication for SSH v1 5 or V2 Clients a The client sends its password to the server b The...

Page 272: ...client sessions The maximum number of client sessions includes both current Telnet sessions and SSH sessions Note The SSH server can be accessed using any configured IPv4 or IPv6 interface address on...

Page 273: ...he authentication parameters as required 5 Click Apply Figure 171 Configuring the SSH Server Generating the Host KeyPair Use the Security SSH Configure Host Key Generate page to generate a host public...

Page 274: ...her DES 56 bit or 3DES 168 bit for data encryption Note The switch uses only RSA Version 1 for SSHv1 5 clients and DSA Version 2 for SSHv2 clients Save Saves the host key from RAM i e volatile memory...

Page 275: ...ublic key authentication mechanism If the user s public key does not exist on the switch SSH will revert to the interactive password authentication mechanism to complete authentication Parameters Thes...

Page 276: ...key 1 Click Security SSH 2 Select Configure User Key from the Steplist 3 Select Copy from the Action list 4 Select the user name and the public key type from the respective drop down boxes input the T...

Page 277: ...packets against the conditions in an ACL one by one A packet will be accepted as soon as it matches a permit rule or dropped as soon as it matches a deny rule If no rules match the packet is accepted...

Page 278: ...found down to the end of the list the traffic is denied For this reason frequently hit entries should be placed at the top of the list There is an implied deny for traffic that is not explicitly permi...

Page 279: ...in the TCAM List Unit Stack unit identifier Device Memory chip used for indicated pools Pool Rule slice or call group Each slice has a fixed number of rules that are used for the specified features To...

Page 280: ...IP Standard IPv4 ACL mode filters packets based on the source IPv4 address IP Extended IPv4 ACL mode filters packets based on the source or destination IPv4 address as well as the protocol type and pr...

Page 281: ...gs used for ARP inspection see ARP Inspection on page 324 Web Interface To configure the name and type of an ACL 1 Click Security ACL 2 Select Configure ACL from the Steplist 3 Select Add from the Act...

Page 282: ...pecifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and Subnet...

Page 283: ...e Permit or Deny 7 Select the address type Any Host orIP 8 If you select Host enter a specific address If you select IP enter asubnet address and the mask for an address range 9 Click Apply Figure 17...

Page 284: ...the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default Others The following items are under TCP Control Code Decimal num...

Page 285: ...Click Security ACL 2 Select Configure ACL from the Steplist 3 Select Add Rule from the Action list 4 Select IP Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the...

Page 286: ...include all possible addresses Host to specify a specific host address in the Address field or IPv6 Prefix to specify a range of addresses Options Any Host IPv6 Prefix Default Any Source IPv6 Address...

Page 287: ...t or Deny 7 Select the source address type Any Host or IPv6 prefix 8 If you select Host enter a specific address If you select IPv6 prefix enter a subnet address and the prefix length 9 Click Apply Fi...

Page 288: ...t of the address comprise the prefix i e the networkportionoftheaddress Range 0 128bitsforthesourceprefix 0 8bits for the destination prefix DSCP DSCP traffic class Range 0 63 Source Port Protocol7 so...

Page 289: ...d Rule from the Action list 4 Select IPv6 Extended from the Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any or IPv6 prefi...

Page 290: ...ss Source or destination MAC address Source Destination Bit Mask Hexadecimal mask for source ordestination MAC address Packet Format This attribute includes the following packet types Any Any Ethernet...

Page 291: ...Type list 5 Select the name of an ACL from the Name list 6 Specify the action i e Permit or Deny 7 Select the address type Any Host orMAC 8 If you select Host enter a specific address e g 11 22 33 44...

Page 292: ...addresses Host to specify a specifichostaddressintheAddressfield or IP tospecifyarangeofaddresses with the Address and Mask fields Options Any Host IP Default Any Source Destination IP Address Source...

Page 293: ...enter a base address and a hexadecimal bit mask for an address range 10 Enable logging if required 11 Click Apply Figure 184 Configuring a ARP ACL Binding a Port toan Access ControlList After configu...

Page 294: ...from the Action list 4 Select IP MAC or IPv6 from the Type options 5 Select a port 6 Select the name of an ACL from the ACL list 7 Click Apply Figure 185 Binding a Port to an ACL Showing ACL HardwareC...

Page 295: ...ules Shows the rules for the ACL bound to this port Time Range Name of a timerange Hit Shows the number of packets matching this ACL Clear Counter Clears the hit counter for the specified ACL Web Inte...

Page 296: ...t access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges Whenenteringaddressesforthesamegroup i e SNMP weborTelnet th...

Page 297: ...ect the management interface to filter Web SNMP Telnet All 4 Enter the IP addresses or range of addresses that are allowed management access to an interface 5 Click Apply Figure 187 Creating an IP Add...

Page 298: ...l learn up to the maximum number of allowed address pairs source MAC address VLAN for frames received on the port When the port has reached the maximum number of MAC addresses the port will stop learn...

Page 299: ...n SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Max MAC Count The maximum number of MAC addresses that can be learned on a port Range 0 1...

Page 300: ...to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network This swit...

Page 301: ...t 3 Client sends back identity information 4 Switch forwards this to authentication server 5 Authentication server challenges client 6 Client responds with proper credentials 7 Authentication server a...

Page 302: ...nable 802 1X globally for the switch 4 Click Apply Figure 191 Configuring Global Settings for 802 1X Port Authentication Configuring Port Authenticator Settings for 802 1X Use the Security Port Authen...

Page 303: ...erver Clients that are not dot1x aware will be denied access Force Authorized Forces the port to grant access to all clients either dot1x aware or otherwise This is the defaultsetting Force Unauthoriz...

Page 304: ...send an EAP request identity frame to the client to request its identity followed by one or more requests for authentication information It may also send other EAP request frames to the client during...

Page 305: ...te is re entered Current Identifier Identifier sent in each EAP Success Failure or Request packet by the Authentication Server Backend State Machine State Current state including request response succ...

Page 306: ...hat have been received by this Authenticator Rx EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been...

Page 307: ...valid EAPOL frames of any type that have been received by this Supplicant Rx Last EAPOLVer The protocol version number carried in the most recent EAPOL frame received by this Supplicant Rx Last EAPOLS...

Page 308: ...that it can no longer provide its intended service or to obstruct the communication media between the intended users and the target so that they can no longer communicate adequately This section desc...

Page 309: ...simply discards the TCP SYN FIN scan Default Enabled TCP Xmas Scan A so called TCP XMAS scan message is used to identify listening TCP ports This scan uses a series of strangely configured TCP packet...

Page 310: ...g the dynamic bindings registered with DHCP Snooping or using the static bindings configured with IP Source Guard DHCP snooping allows a switch to protect a network from rogue DHCP servers or other de...

Page 311: ...ooping entry is also added to the binding table If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received but the port is not trusted it is processed as follo...

Page 312: ...s When the DHCP Snooping Information Option 82 is enabled the requesting client or an intermediate relay agent that has used the information fields to describe itself can be identified in the DHCP req...

Page 313: ...rcuit ID CID and remote ID RID in Option 82 information Default Enabled DHCP Snooping Information Option Remote ID Specifies the MAC address IP address or arbitrary identifier of the requesting device...

Page 314: ...request and forwards the packets to trusted ports Replace Replaces the Option 82 information circuit id and remote id fields in the client s request with information about the relay agent itself inse...

Page 315: ...hen DHCP snooping is globally enabled and DHCP snooping is then disabled on a VLAN all dynamic bindings learned for this VLAN are removed from the binding table Parameters These parameters are display...

Page 316: ...the local network or fire wall to untrusted state The format for TR101 option 82 is IP eth SID PORT VLAN Note that the SID Switch ID is always 0 By default the PVID is added to the end of the TR101 f...

Page 317: ...Time The time for which this IP address is leased to the client Type Entry types include DHCP Snooping Dynamically snooped Static DHCPSNP Statically configured VLAN VLAN to which this entry is bound...

Page 318: ...ress of a neighbor to access the network This section describes how to configure IPv4 Source Guard Configuring Ports for IPv4 Source Guard Use the Security IP Source Guard General page to set the filt...

Page 319: ...source IP address port number and source MAC address for the SIP MAC option If a matching entry is found in the binding table and the entry type is static IP source guard binding the packet will be f...

Page 320: ...ce To set the IP Source Guard filter for ports 1 Click Security IP Source Guard General 2 Set the required filtering type set the table type to use ACL or MAC address binding and then set the maximum...

Page 321: ...with the same VLAN ID and MAC address and the type of the entry is dynamic DHCP snooping binding then the new entry will replace the old one and the entry type will be changed to static IP source guar...

Page 322: ...ated with the entry IP Address IP address corresponding to the client VLAN VLAN to which this entry is bound Interface The port to which this entry is bound Web Interface To configure static bindings...

Page 323: ...ch VLAN ID of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C Dynamic Binding List VLAN VLAN to which thi...

Page 324: ...dress bindings stored in a trusted database the DHCP snooping binding database see DHCP Snooping Global Configuration on page 313 This database is built by DHCP snooping if it is enabled on globally o...

Page 325: ...switch to validate address information in each packet and configure logging Command Usage ARP Inspection Validation By default ARP Inspection Validation is disabled Specifying at least one of the fol...

Page 326: ...l be replaced with the newest entry Parameters These parameters are displayed ARP Inspection Status Enables ARP Inspection globally Default Disabled ARP Inspection Validation Enables extended ARP Insp...

Page 327: ...to use Command Usage ARP Inspection VLAN Filters ACLs By default no ARP Inspection ACLs are configured and the feature is disabled ARP Inspection ACLs are configured within the ARP ACL configuration p...

Page 328: ...mode also selected the switch only performs ARP Inspection and bypasses validation against the DHCP Snooping Bindings database When an ARP ACL is selected but static mode is not selected the switch fi...

Page 329: ...nd will always be forwarded while those arriving on untrusted interfaces are subject to all configured ARP inspection tests Packet Rate Limit Sets the maximum number of ARP packets that can be process...

Page 330: ...ditional validation Src MAC ARP packets dropped by ARP ACLs ARP packets dropped by DHCP snooping Count of ARP packets received but not exceeding the ARP Inspection rate limit Count of ARP packets exce...

Page 331: ...rs are displayed Table 19 ARP Inspection Log VLAN ID The VLAN where this packet was seen Port The port where this packet was seen Src IP Address The source IP address in thepacket Dst IP Address The d...

Page 332: ...Chapter 12 Security Measures ARP Inspection 332 Figure 207 Displaying the ARP Inspection Log...

Page 333: ...st domain Simple Network Management Protocol SNMP Configures switch management through SNMPv1 SNMPv2c or SNMPv3 Remote Monitoring RMON Configures local collection of detailed statistics or events whic...

Page 334: ...hat are logged to flash or RAM memory The default is for event levels 0 to 3 to be logged to flash and levels 0 to 7 to be logged to RAM Parameters These parameters are displayed System Log Status Ena...

Page 335: ...ommand Log Status Records the commands executed from the CLI including the execution time and information about the CLI user including the user name user interface console port telnet or SSH and user...

Page 336: ...s are displayed Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Disabled Logging Facility Sets the facility type for remote logging of s...

Page 337: ...te Logging of Error Messages Sending Simple Mail Transfer Protocol Alerts Use the Administration Log SMTP page to alert system administrators of problems by sending SMTP Simple Mail Transfer Protocol...

Page 338: ...rt messages You can specify up to five recipients Server IP Address Specifies a list of up to three recipient SMTP servers IPv4 or IPv6 addresses may be specified The switch attempts to connect to the...

Page 339: ...Timing Attributes Use the Administration LLDP Configure Global page to set attributes for general functions such as globally enabling LLDP on the switch setting the message ageout time and setting the...

Page 340: ...changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a notification are included in the transmission An SNMP agent should th...

Page 341: ...abled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Interval in the preceding section Trap notifications include information...

Page 342: ...through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Port Description Th...

Page 343: ...tion on configuring the maximum frame size for this switch Default Enabled MAC PHY Configuration Status The MAC PHY configuration and status which includes information about auto negotiation support c...

Page 344: ...entry refers to The type of device to which the location applies Location of DHCP server Location of network element closest to client Location of client This is thedefault Web Interface To configure...

Page 345: ...such as the city street number building and room information The address location is specified as a type and value pair with the civic address type defined in RFC 4776 The following table describes so...

Page 346: ...the total does not exceed 250 characters Parameters These parameters are displayed CA Type Descriptor of the data civic address value Range 0 255 CA Value Description of a location Range 1 32 characte...

Page 347: ...ation Parameters These parameters are displayed General Settings Chassis Type Identifies the chassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several wa...

Page 348: ...bled The primary function s of the system which are currently enabled Refer to the preceding table Management Address The management address associated with the local system If no management address i...

Page 349: ...circuit ID agent circuit ID IETFRFC 3046 Locally assigned locally assigned Port Trunk ID A string that contains the specific identifier for the local interface based on interface subtype used by this...

Page 350: ...tocols Link Layer Discovery Protocol 350 Figure 216 Displaying Local Device Information for LLDP General Figure 217 Displaying Local Device Information for LLDP Port Figure 218 Displaying Local Device...

Page 351: ...l switch Remote Index Index of remote device attached to this port Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identifies the chassis containing the IEEE 8...

Page 352: ...col VLANs configured on this interface whether the given port associated with the remote system supports port based protocol VLANs and whether the port based protocol VLANs are enabled on the given po...

Page 353: ...listed in IETF RFC 3636 and is equal to the last number in the respective dot3MauType OID Port Details 802 3 Extension Power Information Remote Power Class The port Class of the given port associated...

Page 354: ...ice Class Any of the following categories of endpoint devices Class 1 The most basic class of endpoint devices Class 2 Endpoint devices that supports media stream capabilities Class 3 Endpoint devices...

Page 355: ...d in IEEE 802 1Q A value of zero indicates that the port is using priority tagged frames meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is use...

Page 356: ...rimary Power Source Backup Power Source Power conservation mode Power Value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing ov...

Page 357: ...port 1 Click Administration LLDP 2 Select Show Remote Device Information from the Step list 3 Select Port Port Details Trunk or TrunkDetails 4 When the next page opens select a port on this switch and...

Page 358: ...Chapter 13 Basic Administration Protocols Link Layer Discovery Protocol 358 Figure 220 Displaying Remote Device Information for LLDP Port Details...

Page 359: ...display statistics for LLDP capable devices attached to the switch and for LLDP protocol messages transmitted or received on all local interfaces Parameters These parameters are displayed General Sta...

Page 360: ...TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count...

Page 361: ...Chapter 13 Basic Administration Protocols LinkLayerDiscoveryProtocol 361 Figure 222 Displaying LLDP Device Statistics General Figure 223 Displaying LLDP Device Statistics Port...

Page 362: ...P versions 1 2c and 3 This agent continuously monitors the status of the switch hardware as well as the traffic passing through its ports A network management station can access this information using...

Page 363: ...on SNMP Configure Global page to enable SNMP on the switch and to enable trap messages 2 Use the Administration SNMP Configure Trap page to specify trap managers so that key events are reported by thi...

Page 364: ...passwords Configuring Global Settings for SNMP Use the Administration SNMP Configure Global page to enable SNMPv3 service for all management clients i e versions 1 2c 3 and to enable trap messages Par...

Page 365: ...ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users Parameters These parameters are displayed Engine ID A new engine ID can be specified by enterin...

Page 366: ...herefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Configuring Remote SNMPv3 Users on page 379 Parameters These parameters are display...

Page 367: ...e SNMP view Range 1 32 characters OID Subtree Specifies the initial object identifier of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Use the Add OI...

Page 368: ...list 4 Enter a view name and specify the initial OID subtree in the switch s MIB database to be included or excluded in the view Use the Add OID Subtree page to add additional object identifier branch...

Page 369: ...e list of existing views and specify an additional OID subtree in the switch s MIB database to be included or excluded in the view 5 Click Apply Figure 230 Adding an OID Subtree to an SNMP View To sho...

Page 370: ...which the user is assigned Range 1 32 characters Security Model The user security model SNMP v1 v2c or v3 Security Level The following security levels are only used for the groups assigned to the SNMP...

Page 371: ...tity acting in an agent role has detected that the ifOperStatus object for one of its communication links is about to enter the down state from some other state but not from the notPresent state This...

Page 372: ...rm this swAtcMcastStormAlarmClearTrap 1 3 6 1 4 1 22426 44 2 1 0 75 When multicast storm is detected as normal traffic swAtcMcastStormTcApplyTrap 1 3 6 1 4 1 22426 44 2 1 0 76 When ATC is activated th...

Page 373: ...he lbdDetectionTrap 1 3 6 1 4 1 22426 44 2 1 0 141 This trap is sent when a loopback condition is lbdRecoveryTrap 1 3 6 1 4 1 22426 44 2 1 0 142 This trap is sent when a recovery is done by LBD sfpThr...

Page 374: ...re Group from the Step list 3 Select Add from the Action list 4 Enter a group name assign a security model and level and then select read write and notify views 5 Click Apply Figure 232 Creating an SN...

Page 375: ...s to the SNMP protocol Range 1 32 characters case sensitive Default strings public Read Only private Read Write Access Mode Specifies the access rights for the community string Read Only Authorized ma...

Page 376: ...unique name Users must be configured with a specific security level and assigned to a group The SNMPv3 group restricts users to a specific read write and notify view Parameters These parameters are di...

Page 377: ...use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required Web Interface To configure a local SNMPv3 user 1 Click Administration...

Page 378: ...sers 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Local User from the Action list Figure 237 Showing Local SNMPv3 Users To change a local SNMPv3 local us...

Page 379: ...esides The remote engine ID is used to compute the security digest for authentication and encryption of packets passed between the switch and the remote user See Specifying Trap Managers on page 382 a...

Page 380: ...Privacy Password A minimum of eight plain text characters is required Web Interface To configure a remote SNMPv3 user 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Ad...

Page 381: ...anagement Protocol 381 Figure 239 Configuring Remote SNMPv3 Users To show remote SNMPv3 users 1 Click Administration SNMP 2 Select Configure User from the Step list 3 Select Show SNMPv3 Remote User fr...

Page 382: ...affic You should consider these effects when deciding whether to issue notifications as traps or informs To send an inform to a SNMPv2c host complete these steps 1 Enable the SNMP agent page 364 2 Cre...

Page 383: ...only available for version 2c and 3 hosts Default traps are used Timeout The number of seconds to wait for an acknowledgment before resending an inform message Range 0 2147483647 centiseconds Default...

Page 384: ...ill be automatically generated Remote User Name The name of a remote user which is used to identify the source of SNMPv3 inform messages sent from the local switch Range 1 32 characters If an account...

Page 385: ...ic Administration Protocols Simple Network Management Protocol 385 5 Click Apply Figure 241 Configuring Trap Managers SNMPv1 Figure 242 Configuring Trap Managers SNMPv2c Figure 243 Configuring Trap Ma...

Page 386: ...ndividual MIBs can now bear less responsibility to record transient information associated with an event against the possibility that the Notification message is lost and applications can poll the log...

Page 387: ...lly It is not sent to a remote device This remote host parameter is only required to complete mandatory fields in the SNMP Notification MIB Filter Profile Name Notification log profile name Range 1 32...

Page 388: ...represented an SNMP operation which was not allowed by the SNMP community named in the message Encoding errors The total number of ASN 1 or BER errors encountered by the SNMP entity when decoding rec...

Page 389: ...es errors The total number of SNMP PDUs which were delivered to or generated by the SNMP protocol entity and for which the value of the error status field is badValue General errors The total number o...

Page 390: ...ly send a trap message to the management agent which can then respond to the event if so configured Configuring RMON Alarms Use the Administration RMON Configure Global Add Alarm page to define specif...

Page 391: ...in the event control table then no event will be generated Range 0 65535 Falling Threshold If the current value is less than or equal to the falling threshold and the last sample value was greater th...

Page 392: ...Monitoring 392 Figure 248 Configuring an RMON Alarm To show configured RMON alarms 1 Click Administration RMON 2 Select Configure Global from the Step list 3 Select Show from the Action list 4 Click...

Page 393: ...try Range 1 65535 Type Specifies the type of event to initiate None No event is generated Log Generates an RMON log entry when the event is triggered Log messages are processed based on the current co...

Page 394: ...list 4 Click Event 5 Enter an index number the type of event to initiate the community string to send with trap messages the name of the person who created this event and a brief description of the ev...

Page 395: ...ollection is already enabled on an interface the entry must be deleted before any changes can be made The information collected for each sample includes input octets packets broadcast packets multicas...

Page 396: ...terface To periodically sample statistics on a port 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Add from the Action list 4 Click History 5 Select a port from t...

Page 397: ...ry Figure 253 Showing Configured RMON History Samples To show collected RMON history samples 1 Click Administration RMON 2 Select Configure Interface from the Step list 3 Select Show Details from the...

Page 398: ...octets packets broadcast packets multicast packets undersize packets oversize packets CRC alignment errors jabbers fragments collisions drop events and frames of various sizes Parameters These parame...

Page 399: ...ct Configure Interface from the Step list 3 Select Show from the Action list 4 Select a port from the list 5 Click Statistics Figure 256 Showing Configured RMON Statistical Samples To show collected R...

Page 400: ...or the web interface to communicate directly with the Commander through its IP address and then use the Commander to manage Member switches through the cluster s internal IP addresses Clustered switc...

Page 401: ...work IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander Parameters These parameters are displayed...

Page 402: ...idate 4 Click Apply Figure 258 Configuring a Switch Cluster Cluster Member Configuration Use the Administration Cluster Configure Member Add page to add Candidate switches to the cluster as Members Pa...

Page 403: ...ep list 3 Select Add from the Action list 4 Select one of the cluster candidates discovered by this switch or enter the MAC address of a candidate 5 Click Apply Figure 259 Configuring a Cluster Member...

Page 404: ...Use the Administration Cluster Show Member page to manage another switch in the cluster Parameters These parameters are displayed Member ID The ID number of the Member switch Range 1 36 Role Indicates...

Page 405: ...ge to set a time range during which various functions are applied including applied ACLs or PoE Command Usage If both an absolute rule and one ormore periodic rules are configured for the sametimerang...

Page 406: ...c interval Start To Specifies the days of the week hours and minutes at which to start or end Web Interface To configure a time range 1 Click Administration Time Range 2 Select Add from the Action lis...

Page 407: ...lect the name of time range from the drop down list 4 Select a mode option of Absolute orPeriodic 5 Fill in the required parameters for the selected mode 6 Click Apply Figure 265 Add a Rule to a Time...

Page 408: ...t 16 nodes are used but should always run under than 500 ms Operational Concept Loop avoidance in the ring is achieved by guaranteeing that at any time traffic may flow on all but one of the ring link...

Page 409: ...multipoint to multipoint connectivity within interconnected rings called a multi ring ladder network topology This arrangement consists of conjoined rings connected by one or more interconnection poi...

Page 410: ...rate ERP Control Processes for each Ethernet Ring Figure 268 on page 410 Signal Fail Condition illustrates a situation where protection switching has occurred due to an SF condition on the ring link b...

Page 411: ...maintenance commands The CVLAN must NOT be configured with an IP address In addition only ring ports may be added to the CVLAN prior to configuring the VLAN as a CVLAN No other ports can be members o...

Page 412: ...ERPS Status Enables ERPS on the switch Default Disabled ERPS must be enabled globally on the switch before it can enabled on an ERPS ring by setting the Admin Status on the Configure Domain Configure...

Page 413: ...el The maintenance entity group MEG level providing a communication channel for ring automatic protection switching R APS information Control VLAN Shows the Control VLAN ID Node State Shows the follow...

Page 414: ...ed to the RPL Configure Details Domain Name Name of a configured ERPS ring Range 1 12 characters Service Instances within each ring are based on a unique maintenance association for the specific users...

Page 415: ...ringnodesrunningG 8032v1andG 8032v2co existonaring theringID of each node is configured as 1 In version 1 the MAC address 01 19 A7 00 00 01 is used for the node identifier The R APS Def MAC parameter...

Page 416: ...ation page The east and west connections to the ring must be specified for all ring nodes When this switch is configured as the RPL owner the west ring port is automatically set as being connected to...

Page 417: ...guard timer When another recovered ring node or nodes holding the link block receives this message it compares the Node ID information with its own Node ID If the received R APS NR message has the hig...

Page 418: ...Switch mode is in effect The clear command removes any existing local operator commands and triggers reversion if the ring is in revertive behavior mode The ring node where the Forced Switch was clea...

Page 419: ...h was blocked as result of an operator command Recovery for Manual Switching A Manual Switch command is removed by issuing the Clear command Configure Operation page at the same ring node where the Ma...

Page 420: ...he operator issues the Clear command Configure Operation page at the RPL Owner Node this ring node blocks the ring port attached to the RPL transmits an R APS NR RB message over both ring ports inform...

Page 421: ...irtual channel is not used to cross the intermediate Ethernet network data in the traffic channel will still flow across the network but the all R APS messages will be terminated at the interconnectio...

Page 422: ...nserted or extracted by other rings or sub rings at the interconnection nodes where a sub ring is attached Hence there is no need for either additional bandwidth or for different VIDs Ring IDs for the...

Page 423: ...on Sends non standard health check packets when an owner node enters protection state without any link down event having been detected through Signal Fault messages Default Disabled The RPL owner node...

Page 424: ...old off timer value is non zero Instead the hold off timer will be started When the timer expires whether a defect still exists or not the timer will be checked If one does exist that defect will be r...

Page 425: ...hat the ring has stabilized before blocking the RPL and returning to the Idle normal operating state WTB Expire The time before the wait to block timer expires WTR Expire The time before the wait to r...

Page 426: ...onitoring of a ring node specify the CFM MEPs used to monitor both the east and west ports of the ring node If CFM determines that a MEP node which has been configured to monitor a ring port with this...

Page 427: ...4 Configure the ERPS parameters for this node Note that spanning tree protocol cannot be configured on the ring ports nor can these ports be members of a static or dynamic trunk And the control VLAN m...

Page 428: ...witch Blocks specified ring port Options West or East A ring with no pending request has a logical topology with the traffic channel blocked at the RPL and unblocked on all other ring links In this si...

Page 429: ...node having a prior local forced switch request The ring nodes where further forced switch commands are issued block the traffic channel and R APS channel on the ring port at which the forced switch w...

Page 430: ...d Options West orEast A ring with no request has a logical topology with the traffic channel blocked at the RPL and unblocked on all other ring links In this situation the Manual Switch command trigge...

Page 431: ...NR messages The ring node keeps the ring port blocked due to the previous manual switch command c An ring node with a local manual switch command that receives an R APS message or a local request of h...

Page 432: ...ch monitors inbound traffic to see if the frame is looped back Usage Guidelines The default settings for the control frame transmit interval and recover time may be adjusted to improve performance for...

Page 433: ...ll ports placed in shutdown state can be restored to operation using the Release button To restore a specific port re enable Admin status on the Configure Interface page The recover time is the maximu...

Page 434: ...ends an SNMP trap message when a loopback condition is detected or when the switch recovers from a loopback condition Detect Sends an SNMP trap message when a loopback condition is detected None Does...

Page 435: ...to display the loopback operational state and the VLANs which are looped back Parameters These parameters are displayed Port Range 1 52 Trunk Range 1 8 Admin State Operation State Looped VLAN Web Int...

Page 436: ...Chapter 13 Basic Administration Protocols LBD Configuration 436...

Page 437: ...rface Configures the interface to drop MLD query packets Overview Multicasting is used to support real time applications such as video conferencing or streaming audio A multicast server does not have...

Page 438: ...requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multicast traffic IGMP Snooping conserves bandwidth on network segments where no...

Page 439: ...ached VLAN or flooded throughout the VLAN if unregistered flooding is enabled see Configuring IGMP Snooping and Query Parameters on page 440 Static IGMP Router Interface If IGMP snooping cannot locate...

Page 440: ...see Unregistered Data Flooding in the Command Attributes section IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there i...

Page 441: ...nism is used to delete all of the currently learned multicast channels When a new uplink port starts up the switch sends unsolicited reports for all currently learned channels out the new uplink port...

Page 442: ...option Unregistered Data Flooding Floods unregistered multicast traffic into the attached VLAN Default Disabled Once the table used to store multicast entries for IGMP snooping and multicast routing...

Page 443: ...figures the IGMP report query version used by IGMP snooping Versions 1 3 are all supported and versions 2 and 3 are backward compatible so the switch can operate with other devices regardless of the s...

Page 444: ...MP Snooping must be enabled globally on the switch see Configuring IGMP Snooping and Query Parameters on page 440 before a multicast router port can take effect Parameters These parameters are display...

Page 445: ...ttached to the multicast router 4 Click Apply Figure 281 Configuring a Static Interface for a Multicast Router To show the static interfaces attached to a multicast router 1 Click Multicast IGMP Snoop...

Page 446: ...ly assign a multicast service to an interface Multicast filtering can be dynamically configured using IGMP Snooping and IGMP Query messages see Configuring IGMP Snooping and Query Parameters on page 4...

Page 447: ...on list 3 Select the VLAN that will propagate the multicast service specify the interface attached to a multicast service through an IGMP enabled switch or multicast router and enter the multicast IP...

Page 448: ...and multicast routing devices MRD is used to discover which interfaces are attached to multicast routers allowing IGMP enabled devices to determine where to send multicast source and group membership...

Page 449: ...ce is administratively disabled The router is gracefully shut down Advertisement and Termination messages are sent to the All Snoopers multicast address Solicitation messages are sent to the All Route...

Page 450: ...this time out is set to Last Member Query Interval Robustness Variable fixed at 2 as defined in RFC 2236 If immediate leave is enabled the switch assumes that only one host is connected to the interfa...

Page 451: ...es sent to downstream hosts and in report and leave messages sent upstream from the multicast router port If a proxy query address is not configured the switch will use the VLAN s IP address as the IP...

Page 452: ...ing proxy reporting is enabled page 440 or IGMP querier is enabled page 440 Last Member Query Count The number of IGMP proxy group specific or group and source specific query messages that are sent ou...

Page 453: ...gure and update the required parameters 4 Click Apply Figure 286 Configuring IGMP Snooping on a VLAN To show the interface settings for IGMP snooping 1 Click Multicast IGMP Snooping Interface 2 Select...

Page 454: ...specified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Multicast Data Drop Configures an interface to stop multicast...

Page 455: ...lticast group address Group Address IP multicast group address with subscribers directly attached or downstream from the switch or a static multicast group assigned to this interface Interface A downs...

Page 456: ...ocal querier is assumed to have expired Self Querier Uptime Time local querier has been up General Query Received The number of general queries received on this interface General Query Sent The number...

Page 457: ...report leave or query was dropped Packets may be dropped due to invalid format rate limiting packet content not allowed or IGMP group report received Join Success The number of times a multicast group...

Page 458: ...g and Query for IPv4 458 Figure 290 Displaying IGMP Snooping Statistics Query To display IGMP snooping protocol related statistics for a VLAN 1 Click Multicast IGMP Snooping Statistics 2 Select Show V...

Page 459: ...gure 291 Displaying IGMP Snooping Statistics VLAN To display IGMP snooping protocol related statistics for a port 1 Click Multicast IGMP Snooping Statistics 2 Select Show Port Statistics from the Acti...

Page 460: ...le If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum numbe...

Page 461: ...he start and end of the range Parameters These parameters are displayed Add Profile ID Creates an IGMP profile Range 1 4294967295 Access Mode Sets the access mode of the profile either permit or deny...

Page 462: ...and set its accessmode 5 ClickApply Figure 294 Creating an IGMP Filtering Profile To show the IGMP filter profiles 1 Click Multicast IGMP Snooping Filter 2 Select Configure Profile from the Step list...

Page 463: ...rmation Figure 297 Showing the Groups Assigned to an IGMP Filtering Profile Configuring IGMP Filtering and Throttling for Interfaces Use the Multicast IGMP Snooping Filter Configure Interface page to...

Page 464: ...he same time Range 1 1024 Default 1024 Current Multicast Groups Displays the current multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of...

Page 465: ...ets include MLDv2 query and report messages as well as MLDv1 report and done messages Remember that IGMP Snooping and MLD Snooping are independent functions and can therefore both function at the same...

Page 466: ...the multicast groups they have joined Query Max Response Time The maximum response time advertised in MLD general queries Range 5 25 seconds Default 10seconds This attribute controls how long the host...

Page 467: ...the parent VLAN Default Disabled If MLD immediate leave is not used a multicast router or querier will send a group specific query message when an MLD group leave message is received The router querie...

Page 468: ...current multicast groups Command Usage MLD Snooping must be enabled globally on the switch see Configuring MLD Snooping and Query Parameters on page 465 before a multicast router port can take effect...

Page 469: ...3 Select the VLAN for which to display this information Figure 302 Showing Static Interfaces Attached an IPv6 Multicast Router To show all the interfaces attached to a multicast router 1 Click Multica...

Page 470: ...y be forwarded to ports within that VLAN Parameters These parameters are displayed VLAN Specifies the VLAN which is to propagate the multicast service Range 1 4094 Multicast IPv6 Address The IP addres...

Page 471: ...3 Select the VLAN for which to display this information Figure 305 Showing Static Interfaces Assigned to an IPv6 Multicast Service To display information about all IPv6 multicast groups MLD Snooping o...

Page 472: ...ess to a minimum set such that all nodes listening states are respected In Include mode the router only uses the request list indicating that the reception of packets sent to the specified multicast a...

Page 473: ...lay MLD snooping protocol related statistics Parameters These parameters are displayed Input Interface The unit port or VLAN interface Report The number of MLD membership reports received on this inte...

Page 474: ...ired Other Querier Uptime Time remote querier has been up Self Querier IP address of local querier on this interface Self Querier Expire Time after which local querier is assumed to have expired Self...

Page 475: ...membership reports sent from this interface Leave The number of leave messages sent from this interface Received Report The number of MLD membership reports received on this interface Leave The numbe...

Page 476: ...ber of group specific queries sent from this interface Receive General The number of general queries received on this interface Group Specific The number of group specific queries received on this int...

Page 477: ...g input related message statistics 1 Click Multicast MLD Snooping Statistics 2 Select Input Figure 308 Displaying MLD Snooping Statistics Input To display MLD snooping output related message statistic...

Page 478: ...ulticast Filtering MLD Snooping Snooping and Query for IPv6 478 To display MLD query message statistics 1 Click Multicast MLD Snooping Statistics 2 Select Query Figure 310 Displaying MLD Snooping Stat...

Page 479: ...ping Snooping and Query for IPv6 479 To display MLD summary statistics for a port or trunk 1 Click Multicast MLD Snooping Statistics 2 Select Summary 3 Select a port or trunk Figure 311 Displaying MLD...

Page 480: ...ing MLD Snooping Snooping and Query for IPv6 480 To display MLD summary statistics for a VLAN 1 Click Multicast MLD Snooping Statistics 2 Select Summary 3 Select a VLAN Figure 312 Displaying MLD Snoop...

Page 481: ...bles you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An MLD filter profile can contain one or more addresses or a range of multicast a...

Page 482: ...Step list 3 Enable MLD Filter Status 4 Click Apply Figure 314 Enabling MLD Filtering and Throttling Configuring MLD FilterProfiles Use the Multicast MLD Snooping Filter Configure Profile Add page to c...

Page 483: ...IPv6 Address Specifies the starting address of a range of multicast groups End Multicast IPv6 Address Specifies the ending address of a range of multicast groups Web Interface To create an MLD filter...

Page 484: ...ticast groups to an MLD filter profile 1 Click Multicast MLD Snooping Filter 2 Select Configure Profile from the Step list 3 Select Add Multicast Group Range from the Action list 4 Select the profile...

Page 485: ...the same time Command Usage MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take on...

Page 486: ...the interface Options True or False Web Interface To configure MLD filtering or throttling for a port or trunk 1 Click Multicast MLD Snooping Filter 2 Select Configure Interface from the Step list 3 S...

Page 487: ...pecified interface If this switch is acting as a Querier this prevents it from being affected by messages received from another Querier Web Interface To drop IGMP query packets 1 Click Multicast MLD S...

Page 488: ...488 Chapter 14 Multicast Filtering Filtering MLD Query Packets on an Interface...

Page 489: ...s or IPv4 IPv6 address of the host Probe Count Number of packets to send Range 1 16 Packet Size Number of bytes in a packet Range 32 512 bytes for IPv4 0 1500 bytes for IPv6 The actual packet size wil...

Page 490: ...rfaces nodes in different zones RFC 4007 Therefore when specifying a link local address include zone id information indicating the VLAN identifier after the delimiter For example FE80 7272 1 identifie...

Page 491: ...es the first router to discard the datagram and return an error message The trace function then sends several probe messages at each subsequent TTL level and displays the round trip time for each mess...

Page 492: ...this way with each routing device mapping the destination IP address to the MAC address of the next hop toward the recipient until the packet is delivered to the final destination If there is no entry...

Page 493: ...est for a remote network and Proxy ARP is enabled it determines if it has the best route to the remote network and then answers the ARP request by sending its own MAC address to the requesting node Th...

Page 494: ...g physical address in the ARP cache Command Usage The ARP cache is used to map 32 bit IP addresses into 48 bit hardware that is Media Access Control addresses This cache includes entries for hosts and...

Page 495: ...rehexadecimalnumbersintheformat xx xx xx xx xx xx or xxxxxxxxxxxx Web Interface To map an IP address to the corresponding physical address in the ARP cache 1 Click Tools ARP 2 Select Configure Static...

Page 496: ...cache The ARP cache contains static entries and entries for local interfaces including subnet host and broadcast addresses However most entries will be dynamically learned through replies to broadcas...

Page 497: ...Statistics Received Request Number of ARP Request packets received by the router Received Reply Number of ARP Reply packets received by the router Sent Request Number of ARP Request packets sent by t...

Page 498: ...Chapter 15 IP Tools Address Resolution Protocol 498...

Page 499: ...address or direct the switch to obtain an IPv4 address from a BOOTP or DHCP server An IPv6 global unicast or link local address can be manually configured or a link local address can be dynamically g...

Page 500: ...Mode Specifies whether IP functionality is enabled via manual configuration User Specified Dynamic Host Configuration Protocol DHCP or Boot Protocol BOOTP If DHCP BOOTP is enabled IP will not functio...

Page 501: ...st 4 Select any configured VLAN set IP Address Mode to User Specified set IP Address Type to Primary if no address has yet been configured for this interface and then enter the IP address and subnet m...

Page 502: ...to determine the new switch address Renewing DCHP DHCP may lease addresses to clients indefinitely or for a specific period of time If the address expires or the switch is moved to another network seg...

Page 503: ...e of the subnet A link local address is easy to set up and may be useful for simple networks or basic troubleshooting tasks However to connect to a larger network with multiple segments the switch mus...

Page 504: ...nfigure Interface page to configure general IPv6 settings for the selected VLAN including auto configuration of a global unicast interface address and explicit configuration of a link local interface...

Page 505: ...link local address has not yet been assigned to this interface this command will dynamically generate one The link local address is made with an address prefix in the range of FE80 FEBF and a host por...

Page 506: ...a pending state Duplicate address detection is automatically restarted when the interface is administratively re activated An interface that is re activated restarts duplicate address detection for a...

Page 507: ...uring that nodes on the same link use the same time value Setting the time limit to 0 means that the configured time is unspecified by this router Restart DHCPv6 When DHCPv6 is restarted the switch ma...

Page 508: ...Configure Interface from the Action list 3 Specify the VLAN to configure 4 Enable address auto configuration or enable IPv6 explicitly to automatically configure a link local address and enable IPv6...

Page 509: ...address with a network prefix in the range of FE80 FEBF To connect to a larger network with multiple subnets you must configure a global unicast address There are several alternatives to configuring t...

Page 510: ...of the address Note that the value specified in the IPv6 Address field may include some of the high order host bits if the specified prefix length is less than 64 bits If the specified prefix length...

Page 511: ...ss from the Action list 3 Specify the VLAN to configure select the address type and then enter an IPv6 address and prefix length 4 Click Apply Figure 334 Configuring an IPv6 Address Showing IPv6 Addre...

Page 512: ...assigned IPv6 addresses that differ only in the high order bits e g due to multiple high order prefixes associated with different aggregations will map to the same solicited node address thereby reduc...

Page 513: ...the neighbor was functioning While in Reachable state the device takes no special action when sending packets Stale More than the ReachableTime interval has elapsed since the last positive confirmati...

Page 514: ...ugh small packet networks ICMPv6 Internet Control Message Protocol for Version 6 addresses is a network layer protocol that transmits message packets to report errors in processing IPv6 packets ICMP i...

Page 515: ...agrams Truncated Packets The number of input datagrams discarded because datagram frame didn t carry enough data Discards The number of input IPv6 datagrams for which no problems were encountered to p...

Page 516: ...this outputinterface Fragment Succeeded The number of IPv6 datagrams that have been successfully fragmented at this output interface Fragment Failed The number of IPv6 datagrams that have been discard...

Page 517: ...517 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 interface...

Page 518: ...sages The number of ICMP Packet Too Big messages sent by the interface Time Exceeded Messages The number of ICMP Time Exceeded messages sent by the interface Echo Request Messages The number of ICMP E...

Page 519: ...519 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 No Port Errors The total number of received UDP datagrams for which there was no application at the destination port...

Page 520: ...er of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port Output The total number of UDP datagrams sent from thisentity Web Int...

Page 521: ...521 Chapter 16 IP Configuration Setting the Switch s IP Address IP Version 6 Figure 338 Showing IPv6 Statistics ICMPv6 Figure 339 Showing IPv6 Statistics UDP...

Page 522: ...ameters are displayed Table 33 Show MTU display description MTU Adjusted MTU contained in the ICMP packet too big message returned from this destination and now used for all traffic sent along thispat...

Page 523: ...first be configured to work Initial Configuration By default all ports belong to the same VLAN and the switch provides only Layer 2 functionality To segment the attached network first create VLANs for...

Page 524: ...ding switching based on the Layer 2 destination MAC address Layer 3 forwarding routing Based on the Layer 3 destination address Replacing destination source MAC addresses for each hop Incrementing the...

Page 525: ...red the packet is reformatted and sent out to the destination The reformat process includes decreasing the Time To Live TTL field of the IP header recalculating the IP header checksum and replacing th...

Page 526: ...tes have the same lowest cost the first route stored in the routing table will be used Parameters These parameters are displayed Destination IP Address IP address of the destination network subnetwork...

Page 527: ...is not enabled i e listed in the routing table unless there is at least one active link connected to that interface Command Usage The Forwarding Information Base FIB contains information required to f...

Page 528: ...ed by using the show ip route database command described in the CLI Reference Guide Parameters These parameters are displayed VLAN VLAN identifier i e configured as a valid IP subnet Destination IP Ad...

Page 529: ...s into IP addresses by forwarding DNS queries to the switch and waiting for a response You can manually configure entries in the DNS table used for mapping domain names to IP addresses configure defau...

Page 530: ...S General Add Domain Name page to configure a list of domain names to be tried in sequential order Command Usage Use this page to define a list of domain names that can be appended to incomplete host...

Page 531: ...s the host name from the domain name Range 1 127 characters Web Interface To create a list domain names 1 Click IP Service DNS 2 Select Add Domain Name from the Action list 3 Enter one domain name at...

Page 532: ...specified sequence until a response is received or the end of the list is reached with no response If all name servers are deleted DNS will automatically be disabled This is done by disabling the doma...

Page 533: ...to IP addresses Command Usage Static entries may be used for local devices connected directly to the attached network or for commonly used resources located elsewhere on the network Parameters These p...

Page 534: ...age Servers or other network devices may support one or more connections via multiple IP addresses If more than one IP address is associated with a host name via information returned from a name serve...

Page 535: ...of the form single dns label local Any name ending in local is therefore link local and names within this domain are meaningful only on the link where they originate When looking for the given host s...

Page 536: ...ing Multicast DNS Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol DHCP can dynamically allocate an IP address and other configuration information to network clients when they b...

Page 537: ...g the vendor class identifier 66 tftp server name a string indicating the tftp server name 67 bootfile name a string indicating the bootfile name By default DHCP option 66 67 parameters are not carrie...

Page 538: ...DHCP Client Identifier Configuring DHCP Relay Service Use the IP Service DHCP Relay page to configure DHCP relay service for attached host devices If DHCP relay is enabled and this switch sees a DHCP...

Page 539: ...Configuring Static Routes on page 524 or the IP IPv6Configuration ConfigureGlobal page see ConfiguringtheIPv6Default Gateway on page 503 DHCP relay configuration will be disabled if an active DHCP se...

Page 540: ...in the CLI Reference Guide By default the parameters for DHCP option 66 67 are not carried by the reply sent from the DHCP server To ask for a DHCP reply with option 66 67 the client can inform the s...

Page 541: ...539 Appendices This section provides additional information and includes these items Software Specifications on page 541 Troubleshooting on page 545 License Information on page 547...

Page 542: ...540 Section III Appendices...

Page 543: ...X 1000 Mbps at full duplex SFP Flow Control Full Duplex IEEE 802 3 2005 Half Duplex Back pressure Storm Control Broadcast multicast or unknown unicast traffic throttled above a critical threshold Port...

Page 544: ...P Routing ARP CIDR Classless Inter Domain Routing Additional Features BOOTP Client DHCP Client Relay Option 82 DNS Client ERPS EthernetRingProtectionSwitching LLDP Link Layer Discover Protocol RMON Re...

Page 545: ...k Aggregation Control Protocol LACP Full duplexflowcontrol ISO IEC8802 3 IEEE 802 3ac VLAN tagging ARP RFC 826 DHCP Client RFC 2131 DHCP Relay RFC 951 2132 3046 HTTPS ICMP RFC 792 IGMP RFC 1112 IGMPv2...

Page 546: ...B RFC 3636 MIB II RFC 1213 NTP RFC 1305 P Bridge MIB RFC 2674P Port Access Entity MIB IEEE 802 1X Port Access Entity Equipment MIB Private MIB Q Bridge MIB RFC 2674Q QinQ Tunneling IEEE 802 1ad Provid...

Page 547: ...ing Telnet you may have exceeded the maximum number of concurrent Telnet SSH sessions permitted Try connecting again at a latertime If you cannot connect using SSH you may have exceeded the maximum nu...

Page 548: ...Repeat the sequence of commands or other actions that lead up to the error 7 Make a list of the commands or circumstances that led to the fault Also make a list of any error messages displayed 8 Set...

Page 549: ...f free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software or use pieces of it in new free programs and that you...

Page 550: ...you distribute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this Lice...

Page 551: ...s These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License...

Page 552: ...k for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two go...

Page 553: ...und robin service to enforce priority service and prevent blockage of lower level queues Priority may be set according to the port default the packet s priority bit in the VLAN tag TCP UDP port number...

Page 554: ...at used by IPv6 to identify the host portion of the network address The interface identifier in EUI compatible addresses is based on the link layer MAC address of an interface Interface identifiers us...

Page 555: ...Spanning Tree Protocol RSTP which reduces the convergence time for network topology changes to about 10 of that required by the older IEEE 802 1D STP standard Now incorporated in IEEE 802 1D 2004 IEE...

Page 556: ...default but may be configured differently to suit the requirements for specific network applications LACP Link Aggregation Control Protocol Allows ports to automatically negotiate a trunked link with...

Page 557: ...group NTP Network Time Protocol provides the mechanisms to synchronize time across the network The time servers operate in a hierarchical master slave configuration in order to synchronize local clock...

Page 558: ...based on periodic updates from a Network Time Protocol NTP server Updates can be requested from a specific NTP server or can be received via broadcasts sent by NTP servers SSH Secure Shell is a secure...

Page 559: ...w or just unnecessary UTC Universal Time Coordinate UTC is a time scale that couples Greenwich Mean Time based solely on the Earth s rotation rate with highly accurate atomic time The UTC does not hav...

Page 560: ...Glossary 558...

Page 561: ...6 Standard 280 286 MAC 281 290 time range 405 Address Resolution Protocol See ARP address table 171 aging time 173 aging time displaying 173 aging time setting 173 ARP configuration 493 description 49...

Page 562: ...ted Code Point Service See DSCP Differentiated Services See DiffServ DiffServ 219 binding policy to interface 226 class map 220 classifying QoS traffic 220 configuring 219 policy map 223 policy map de...

Page 563: ...file 461 482 483 filtering throttling enabling 460 482 filtering throttling interface configuration 463 485 filtering throttling status 460 482 groups displaying 447 Layer 2 438 query 440 snooping 438...

Page 564: ...ing 358 359 remote port information displaying 351 timing attributes configuring 339 TLV 339 342 TLV management address 342 TLV port description 342 TLV system capabilities 342 TLV system description...

Page 565: ...hentication 260 secure MAC information 264 STA 197 PoE time range 405 policy map DiffServ 223 port authentication 300 port priority configuring 209 default ingress 209 STA 192 port security configurin...

Page 566: ...564 Index s ele cti ng DS CP Co S 21 4 Qu ali ty of Se rvi ce Se e Qo S query interval IGMP snooping 451 query response interval IGMP snooping 452...

Page 567: ...eneral measures 235 serial port configuring 87 sFlow 138 configuring receiver 139 datagram version 140 destination 139 maximum datagram 140 polling 141 receiver socket 140 receiver timeout 139 samplin...

Page 568: ...runk configuration 115 LACP 119 static 116 Type Length Value See LLDP TLV U unknown unicast storm threshold 207 unregistered data flooding IGMP snooping 442 upgrading software 69 user account 253 user...

Page 569: ...567 Index web interface access requirements 43 configuration buttons 46 menu list 47 panel display 46...

Page 570: ...568 Index E062017 ST R01...

Reviews:

No comments

Related manuals for GEL-5261

Allen-Bradley 194U Series

Brand: Rockwell Automation Pages: 2

Brand: Grizzly Pages: 2

2X2 VGA SWITCHER

Brand: Gefen Pages: 12

Brand: Kramer Pages: 2

Brand: Eaton Pages: 36

Brand: Scame electrical solutions Pages: 68

EdgeSwitch 8 150W

Brand: Ubiquiti Pages: 28

Brand: Black Box Pages: 44

Brand: Alaxala Pages: 522

Ascentic MH10-ARC

Brand: Audio Authority Pages: 5

Brand: Black Box Pages: 3

Brand: Opencockpits Pages: 30

Brand: Tripp Lite Pages: 8

Brand: Pilz Pages: 41

Brand: VNS Pages: 8

Brand: Edge-Core Pages: 3

Brand: Datacom Systems Pages: 54

Brand: Apex Digital Pages: 38

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands