background image

486

   

|    

Chapter 6.  Managing Device Security 

 

ProSafe® Gigabit L3 Managed Stackable Switches Software Administration Manual 

Port Security Interface Configuration

A MAC address can be defined as allowable by one of two methods: dynamically or statically. 
Both methods are used concurrently when a port is locked.

Dynamic locking implements a first arrival mechanism for Port Security. You specify how 
many addresses can be learned on the locked port. If the limit has not been reached, then a 
packet with an unknown source MAC address is learned and forwarded normally. When the 
limit is reached, no more addresses are learned on the port. Any packets with source MAC 
addresses that were not already learned are discarded. You can effectively disable dynamic 
locking by setting the number of allowable dynamic entries to zero.

Static locking allows you to specify a list of MAC addresses that are allowed on a port. The 
behavior of packets is the same as for dynamic locking: only packets with an allowable 
source MAC address can be forwarded.

To display the Port Security Interface Configuration page, click 

Security 

 Traffic Control> 

Port Security 

 Interface Configuration.

Summary of Contents for GSM7352S - ProSafe Switch - Stackable

Page 1: ...350 East Plumeria Drive San Jose CA 95134 USA October 27 2010 202 10757 01 v1 0 ProSafe Managed Switch Web Management User Manual ...

Page 2: ...Trademarks NETGEAR the NETGEAR logo ReadyNAS ProSafe Smart Wizard Auto Uplink X RAID2 and NeoTV are trademarks or registered trademarks of NETGEAR Inc Microsoft Windows Windows NT and Vista are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Statement of Conditions To improve internal design operationa...

Page 3: ...g System Information Management 19 System Information 20 Switch Statistics 26 System Resource 29 Slot Information 30 Loopback Interface 32 Network Interface 33 Time 38 DNS 46 License 49 Show License 49 License Features 50 Services 50 DHCP Server 51 DHCP Relay 62 DHCP L2 Relay 64 UDP Relay 67 DHCPv6 Server 71 DHCPv6 Relay 79 Stacking 79 Basic 80 Advanced 83 PoE 86 Basic 86 Advanced 89 SNMP 93 SNMPV...

Page 4: ... MFDB 168 IGMP Snooping 172 MLD Snooping 184 Address Table 192 Basic 192 Advanced 195 Ports 197 Port Configuration 198 Port Description 200 Link Aggregation Groups 201 LAG Configuration 201 LAG Membership 203 Chapter 4 Routing Routing Table 205 Basic 205 Advanced 209 IP 213 Basic 213 Advanced 220 IPv6 229 Basic 230 Advanced 233 VLAN 250 VLAN Routing Wizard 251 VLAN Routing Configuration 252 ARP 25...

Page 5: ...in Boundary Configuration 371 IPv6 Multicast 371 Mroute Table 372 IPv6 PIM DM 374 IPv6 PIM SM 377 MLD 385 Static Routes Configuration 397 Chapter 5 Configuring Quality of Service Class of Service 398 Basic 399 Advanced 401 Differentiated Services 407 DiffServ Wizard 409 Auto VoIP Configuration 411 Basic 412 Advanced 414 Chapter 6 Managing Device Security Management Security Settings 427 Local User...

Page 6: ...503 Dynamic ARP Inspection 505 Captive Portal 512 Configuring Access Control Lists 524 Basic 524 Advanced 531 Chapter 7 Monitoring the System Ports 546 Port Statistics 546 Port Detailed Statistics 549 EAP Statistics 557 Cable Test 559 Logs 560 Buffered Logs 561 Command Log Configuration 563 Console Log Configuration 564 SysLog Configuration 565 Trap Logs 566 Event Logs 568 Persistent Logs 570 Port...

Page 7: ...g IPv4 595 Ping IPv6 598 Traceroute IPv4 599 Traceroute IPv6 601 Chapter 9 Help Online Help 602 Support 602 User Guide 603 Appendix A Default Settings Appendix B Configuration Examples Virtual Local Area Networks VLANs 608 VLAN Example Configuration 609 Access Control Lists ACLs 610 MAC ACL Example Configuration 611 Standard IP ACL Example Configuration 612 Differentiated Services DiffServ 613 Cla...

Page 8: ...8 Contents ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Index ...

Page 9: ...overall network performance Web based management lets you monitor configure and control your switch remotely using a standard Web browser instead of using expensive and complicated SNMP software products From your Web browser you can monitor the performance of your switch and optimize its configuration for your network You can configure all switch features such as VLANs QoS and ACLs by using the W...

Page 10: ...nitor the components of the ProSafe Managed Switches software The method you use to manage the system depends on your network size and requirements and on your preference The ProSafe Managed Switch Web Management User Manual describes how to use the Web based interface to manage and monitor the system Using the Web Interface To access the switch by using a Web browser the browser must meet the fol...

Page 11: ...sword Type the username into the field on the login screen and then click Login Usernames and passwords are case sensitive 3 After the system authenticates you the System Information page displays The figure below shows the layout of the Managed Switch Web interface Page Menu Configuration Status and Options Help LInk Help Page Logout Button Navigation Tab Feature Link ...

Page 12: ...ct a tab the features for that tab appear as links directly under the tabs The feature links in the blue bar change according to the navigation tab that is selected The configuration pages for each feature are available as links in the page menu on the left side of the page Some items in the menu expand to reveal multiple configuration pages as the following figure shows When you click a menu item...

Page 13: ... options for the page Each page also contains command buttons Table 1 shows the command buttons that are used throughout the pages in the Web interface Table 1 Button Function Add Clicking Add adds the new item configured in the heading row of a table Apply Clicking the Apply button sends the updated configuration to the switch Configuration changes take effect immediately Cancel Clicking Cancel c...

Page 14: ...nd monitoring options The graphic also provides information about device ports current configuration and status table information and feature components The Device View is available from the System Device View page The port coloring indicates whether a port is currently active Green indicates that the port is enabled red indicates that an error has occurred on the port or red indicates that the li...

Page 15: ...d Stackable Switches Software Administration Manual Click the port you want to view or configure to see a menu that displays statistics and configuration options Click the menu option to access the page that contains the configuration or monitoring options ...

Page 16: ...nu appears This menu contains the same option as the navigation tabs at the top of the page Help Page Access Every page contains a link to the online help which contains information to assist in configuring and managing the switch The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays if you click Help ...

Page 17: ...SNMP is enabled by default The System Management System Information Web page which is the page that displays after a successful login displays the information you need to configure an SNMP manager to access the switch Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption the switch supports only one user which is admin therefore there is only one profil...

Page 18: ... all interfaces available on the switch Table 3 Interface Description Example Physical The physical ports are gigabit Ethernet interfaces and are numbered sequentially starting from one 1 0 1 1 0 2 1 0 3 and so on Link Aggregation Group LAG LAG interfaces are logical interfaces that are only used for bridging functions lag 1 lag 2 lag 3 and so on CPU Management Interface This is the internal switc...

Page 19: ... on page 79 PoE on page 86 SNMP on page 93 LLDP on page 102 ISDP on page 121 Management This section describes how to display the switch status and specify some basic switch information such as the management interface IP address system clock settings and DNS information From the Management link you can access the following pages System Information on page 20 Switch Statistics on page 26 System Re...

Page 20: ...ware Administration Manual System Information After a successful login the System Information page displays Use this page to configure and view general device information To display the System Information page click System Management System Information A screen similar to the following displays ...

Page 21: ...he location of this switch You may use up to 255 alphanumeric characters The factory default is blank c System Contact Enter the contact person for this switch You may use up to 25 alphanumeric characters The factory default is blank d Login Timeout Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 1...

Page 22: ...Network Interface The IPv6 prefix and prefix length assigned to the network interface IPv4 Loopback Interface The IPv4 address and mask assigned to the loopback interface IPv6 Loopback Interface The IPv6 prefix and prefix length assigned to the loopback interface System Date The current date System Up time The time in days hours and minutes since the last switch reboot System SNMP OID The base obj...

Page 23: ...wing table describes the Fan Status information Table 2 2 Field Description UNIT ID The unit identifier is assigned to the switch which the fan belongs to FAN The working status of the fan in each unit Click REFRESH to refresh the system information of the switch Temperature Status The screen shows the current temperature of the CPU and MACs The temperature is instant and can be refreshed when the...

Page 24: ...re version of each device The following table describes the Device Status information Table 2 4 Field Description Firmware Version The release version maintenance build number of the code currently running on the switch For example if the release was 8 the version was 0 the maintenance number was 3 and the build number was 11 the format would be 8 0 3 11 Boot Version The version of the boot code w...

Page 25: ...nnected OK RPS bank connected FAIL RPS is present but power is failed Power Module Indicates the status of the internal power module PoE Version Version of the PoE controller FW image MAX PoE Indicates the status of maximum PoE power available on the switch as follows ON Indicates less than 7W of PoE power available for another device OFF Indicates at least 7W of PoE power available for another de...

Page 26: ...igabit L3 Managed Stackable Switches Software Administration Manual Switch Statistics Use this page to display the switch statistics To display the Switch Statistics page click System Management Switch Statistics A screen similar to the following displays ...

Page 27: ...s received that were directed to the broadcast address Note that this does not include multicast packets Receive Packets Discarded The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Octets Transmitted The total...

Page 28: ... switch since the most recent reboot Address Entries in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch Maximum VLAN Entries The maximum number of Virtual LANs VLANs allowed on this switch Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the last reboot Static VLAN Entries The number of presentl...

Page 29: ... screen similar to the following displays CPU Memory Status The following table describes CPU Memory Status information Table 2 6 Field Description Total System Memory The total memory of the switch in KBytes Available Memory The available memory space for the switch in KBytes CPU Utilization Information This page displays the CPU Utilization information which contains the memory information task ...

Page 30: ...lays details of the different slots in the different units in the stack The following table displays Slot Summary information Table 2 7 Field Description Slot Identifies the slot using the format unit slot Status Displays whether the slot is empty or full Administrative State Displays whether the slot is administratively enabled or disabled Power State Displays whether the slot is powered on of of...

Page 31: ...plays Supported Cards information Table 2 8 Field Description Card Model Displays the list of models of all cards that can be supported Card Index Displays the index assigned to the selected card type Card Type Displays the hardware type of this supported card This is a 32 bit data field Card Descriptor Displays a data field used to identify the supported card ...

Page 32: ... option only visible when IPv4 loopback is selected 5 Use the Secondary IP Address field to input the secondary IP address for this interface in dotted decimal notation This input field is visible only when Add Secondary is selected This option only visible when IPv4 loopback is selected 6 Use the Secondary Subnet Mask field to input the secondary subnet mask for this interface in dotted decimal n...

Page 33: ...face IPv4 Network Configuration A screen similar to the following displays The network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the...

Page 34: ...ith a colon between each byte Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0 in other words byte 0 must have a value between x 40 and x 7F 5 Use MAC Address type to specify whether the burned in or the locally administered MAC address should be used for in band connectivity The factory default is to use the burned in MAC address 6 Use Current Network Configuration Protocol to specify what the...

Page 35: ...ation parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over an IPv6 network you must first configure it with IPv6 information IPv6 prefix prefix length and default gateway You can configure the IP information using any of the following IPv6 Auto Configuration DHCPv6 Te...

Page 36: ...rk interface by DHCPv6 protocol if this option is enabled The default value is None DHCPv6 can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces 4 Use DHCPv6 Client DUID to specify an Identifier used to identify the client s unique DUID value This option only displays when DHCPv6 is enabled 5 Use IPv6 Gateway to specify the gateway for the IPv6 net...

Page 37: ...ation Table 2 10 Field Description IPv6 address The Ipv6 Address of a neighbor switch visible to the network interface MAC address The MAC address of a neighbor switch IsRtr True 1 if the neighbor machine is a router false 2 otherwise Neighbor State The state of the neighboring switch reachable 1 The neighbor is reachable by this switch stale 2 Information about the neighbor is scheduled for delet...

Page 38: ...time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Information received from SNTP servers is evaluated based on the time level and server type SNTP time definitions are assessed and determined by the following time levels T1 Time at which the original request was sent by the cli...

Page 39: ...ta transfer is handled via the Internet 1 Use Client Mode to specify the mode of operation of SNTP Client An SNTP client may operate in one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client nor are any received SNTP messages processed Unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unica...

Page 40: ... Use Unicast Poll Retry to specify the number of times to retry a request to an SNTP server after the first time out before attempting to use the next configured server when configured in unicast mode Allowed range is 0 to 10 Default value is 1 7 When using SNTP NTP time servers to update the switch s clock the time data received from the server is based on Coordinated Universal Time UTC which is ...

Page 41: ...ion was successful and the system time was updated Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client Server Unsynchronized The SNTP server is not synchronized ...

Page 42: ...Server Max Entries Specifies the maximum number of unicast server entries that can be configured on this client Unicast Server Current Entries Specifies the number of current valid unicast server entries configured for this client Broadcast Count Specifies the number of unsolicited broadcast SNTP messages that have been received and processed by the SNTP client since last reboot Table 2 11 Field D...

Page 43: ...quests will be sent to this address If this address is a DNS hostname then that hostname should be resolved into an IP address each time a SNTP request is sent to it Port Enter a port number on the SNTP server to which SNTP requests are sent The valid range is 1 65535 The default is 123 Priority Specify the priority of this server entry in determining the sequence of servers to which SNTP requests...

Page 44: ...ver to remove and then click Delete The entry is removed and the device is updated 5 To change the settings for an existing SNTP server select the check box next to the configured server and enter new values in the available fields and then click Apply Configuration changes take effect immediately 6 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the late...

Page 45: ...uest to this server If no packet has been received from this server a status of Other is displayed Other None of the following enumeration values Success The SNTP operation was successful and the system time was updated Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid Version Not...

Page 46: ...name to include in DNS queries When the system is performing a lookup on an unqualified hostname this field is provided as the domain name for example if default domain name is netgear com and the user enters test then test is changed to test netgear com to resolve the name The length of the name should not be longer than 255 characters 3 Use Retry Number to specify the number of times to retry se...

Page 47: ...ch 8 Click Apply to send the updated configuration to the switch Configuration changes take effect immediately 9 Click ADD to add the specified DNS Server to the List of DNS Servers Configuration changes take effect immediately 10 Click Delete to delete the specified DNS Server from the list of DNS Servers If no DNS Server is specified then it will delete all the DNS Servers DNS Server Configurati...

Page 48: ... not exceed 255 characters and it is a mandatory field for the user 2 Specify the IP address in standard IPv4 dot notation to associate with the hostname 3 Click Add The entry appears in the list below 4 To remove an entry from the static DNS table select the check box next to the entry and click Delete 5 To change the hostname or IP address in an entry select the check box next to the entry and e...

Page 49: ...he dynamic entry was last updated Type The type of the dynamic entry Addresses Lists the IP address associated with the host name License The License link is available only for models GSM7328Sv1 GSM7352Sv1 GSM7328FS GSM7228PS and GSM7252PS From the License link you can access the following pages Show License on page 49 License Features on page 50 Show License To display the Show License page click...

Page 50: ...rchased License copy The information about the number of license License Status Show whether License is Active Inactive Inactive means that user should download a license file and reboot a system Description Show status of License Key License Features To display the License Features page click System License License Features A screen similar to the following displays Table 2 16 Feature Description...

Page 51: ... page 64 UDP Relay on page 67 DHCPv6 Server on page 71 DHCPv6 Relay on page 79 DHCP Server From the DHCP Server link you can access the following pages DHCP Server Configuration on page 52 DHCP Pool Configuration on page 54 DHCP Pool Options on page 57 DHCP Server Statistics on page 58 DHCP Bindings Information on page 60 DHCP Conflicts Information on page 61 ...

Page 52: ...ber of packets a server sends to a Pool address to check for duplication as part of a ping operation Default value is 2 Valid Range is 0 2 to 10 Setting the value to 0 will disable the function 3 Use Conflict Logging Mode to specify whether conflict logging on a DHCP Server is to be Enabled or Disabled Default value is Enable 4 Use Bootp Automatic Mode to specify whether Bootp for dynamic pools is...

Page 53: ...e of addresses Specify the address to be excluded in case you want to exclude a single address 2 Use the IP Range To field to specify the high address if you want to exclude a range of addresses To exclude a single address enter the same IP address as specified in IP range from or leave as 0 0 0 0 3 Click ADD to add the exclude addresses configured on the screen to the switch 4 Click DELETE to del...

Page 54: ...tion Pool Name For a user with read write permission this field would show names of all the existing pools along with an additional option Create When the user selects Create another text box Pool Name appears where the user may enter name for the Pool to be created For a user with read only permission this field would show names of the existing pools only Pool Name This field appears when the use...

Page 55: ...ypes are ethernet and ieee802 Default value is ethernet Client ID Specifies the Client Identifier for DHCP manual Pool Host Number Specifies the IP address for a manual binding to a DHCP client Host can be set only if at least one among of Client Identifier or Hardware Address is specified Deleting Host would delete Client Name Client ID Hardware Address for the Manual Pool and set the Pool Type t...

Page 56: ... user has specified Specified Duration as the Lease time Valid Range is 0 to 86399 Default Router Addresses Specifies the list of Default Router Addresses for the pool The user may specify up to 8 Default Router Addresses in order of preference DNS Server Addresses Specifies the list of DNS Server Addresses for the pool The user may specify up to 8 DNS Server Addresses in order of preference NetBI...

Page 57: ...ng displays 1 Use Pool Name to select the Pool Name 2 Option Code specifies the Option Code configured for the selected Pool 3 Use Option Type to specify the Option Type against the Option Code configured for the selected pool ASCII Hex IP Address 4 Option Value specifies the Value against the Option Code configured for the selected pool 5 Click ADD to add a new Option Code for the selected pool 6...

Page 58: ...n ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual DHCP Server Statistics To display the DHCP Server Statistics page click System Services DHCP Server DHCP Server Statistics A screen similar to the following displays ...

Page 59: ...DISCOVER Specifies the number of DHCPDISCOVER messages received by the DHCP Server DHCPREQUEST Specifies the number of DHCPREQUEST messages received by the DHCP Server DHCPDECLINE Specifies the number of DHCPDECLINE messages received by the DHCP Server DHCPRELEASE Specifies the number of DHCPRELEASE messages received by the DHCP Server DHCPINFORM Specifies the number of DHCPINFORM messages receive...

Page 60: ...plays 1 Choose All Dynamic Bindings to specify all dynamic bindings to be deleted Specific Dynamic Binding to specify specific dynamic binding to be deleted The following table describes the DHCP Bindings Information fields Table 2 19 Field Description IP Address Specifies the Client s IP Address Hardware Address Specifies the Client s Hardware Address Lease Time Left Specifies the Lease time left...

Page 61: ...o specify all address conflicts to be deleted Specific Address Conflict to specify a specific dynamic binding to be deleted The following table describes the DHCP Conflicts Information fields Table 2 20 Field Description IP Address Specifies the IP Address of the host as recorded on the DHCP server Detection Method Specifies the manner in which the IP address of the hosts were found on the DHCP Se...

Page 62: ...button When you select enable DHCP requests will be forwarded to the IP address you entered in the Server Address field 3 Use Minimum Wait Time to enter a Minimum Wait Time in seconds This value will be compared to the time stamp in the client s request packets which should represent the time since the client was powered up Packets will only be forwarded when the time stamp exceeds the minimum wai...

Page 63: ...fields Table 2 21 Field Description Requests Received The total number of DHCP requests received from all clients since the last time the switch was reset Requests Relayed The total number of DHCP requests forwarded to the server since the last time the switch was reset Packets Discarded The total number of DHCP packets discarded by this Relay Agent since the last time the switch was reset ...

Page 64: ...elay Global Configuration page click System Services DHCP L2 Relay DHCP L2 Relay Global Configuration A screen similar to the following displays DHCP L2 Relay Global Configuration 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the switch The default is Disable DHCP L2 Relay VLAN Configuration 1 VLAN ID shows the VLAN ID configured on the switch 2 Use Admin Mode to enable or disable the...

Page 65: ...e DHCP L2 Relay Interface Configuration page click System Services DHCP L2 Relay DHCP L2 Relay Interface Configuration A screen similar to the following displays 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the selected interface Default is disable 2 Use 82 Option Trust Mode to enable or disable an interface to be trusted for DHCP L2 Relay Option 82 received ...

Page 66: ...ay Interface Statistics fields Table 2 22 Field Description Interface Shows the interface from which the DHCP message is received UntrustedServerMsgsWithOpt82 Shows the number of DHCP message with option82 received from an untrusted server UntrustedClientMsgsWithOpt82 Shows the number of DHCP message with option82 received from an untrusted client TrustedServerMsgsWithoutOpt82 Shows the number of ...

Page 67: ... Address to specify the UDP Relay Server Address in x x x x format 3 Use UDP Port to specify the UDP Destination Port These ports are supported DefaultSet Relay UDP port 0 packets This is specified if no UDP port is selected when creating the Relay server dhcp Relay DHCP UDP port 67 packets domain Relay DNS UDP port 53 packets isakmp Relay ISAKMP UDP port 500 packets mobile ip Relay Mobile IP UDP ...

Page 68: ...n permits a user to enter their own UDP port in UDP Port Other Value 4 Use UDP Port Other Value to specify a UDP Destination Port that lies between 0 and 65535 5 Click ADD to create an entry in UDP Relay Table with the specified configuration 6 Click DELETE to remove all entries or a specified one from UDP Relay Table The following table describes the UDP Relay Global Configuration fields Table 2 ...

Page 69: ...elay server dhcp Relay DHCP UDP port 67 packets domain Relay DNS UDP port 53 packets isakmp Relay ISAKMP UDP port 500 packets mobile ip Relay Mobile IP UDP port 434 packets nameserver Relay IEN 116 Name Service UDP port 42 packets netbios dgm Relay NetBIOS Datagram Server UDP port 138 packets netbios ns Relay NetBIOS Name Server UDP port 137 packets ntp Relay network time protocol UDP port 123 pac...

Page 70: ...ess Discard mode can be set to Disable when user adds a new entry with a non zero IP address 6 Click ADD to create an entry in UDP Relay Table with the specified configuration 7 Click DELETE to remove all entries or a specified one from UDP Relay Interface Configuration Table The following table describes the UDP Relay Interface Configuration fields Table 2 24 Field Description Hit Count Show the ...

Page 71: ...CPv6 Server Statistics on page 77 DHCPv6 Server Configuration To display the DHCPv6 Server Configuration page click System Services DHCPv6 Server DHCPv6 Server Configuration A screen similar to the following displays 1 Use Admin Mode to specify DHCPv6 operation on the switch Value is enabled or disabled 2 Use Relay Option to specify Relay Agent Information Option value The values allowed are betwe...

Page 72: ...would show names of all the existing pools along with an additional option Create When the user selects Create another text box Pool Name appears where the user may enter name for the Pool to be created For a user with read only permission this field would show names of the existing pools only 2 Use Pool Name to specify a unique name for DHCPv6 pool It may be up to 31 alphanumeric characters 3 Use...

Page 73: ...ged Stackable Switches Software Administration Manual DHCPv6 Prefix Delegation Configuration To display the DHCPv6 Prefix Delegation Configuration page click System Services DHCPv6 Server DHCPv6 Prefix Delegation Configuration A screen similar to the following displays ...

Page 74: ... a device generating the DUID b Vendor assigned unique ID based on Enterprise Number 00 02 enterprise number identifier enterprise number 32 bit integer reserved by IANA identifier Variable length data for each vendor c Link layer address 00 03 hardware type link layer address hardware type 16 bit hardware type reserved by IANA 1 means an Ethernet device link layer address The link layer address o...

Page 75: ...gured for DHCPv6 server functionality 2 Use Admin Mode to specify DHCPv6 mode to configure server functionality DHCPv6 server and DHCPv6 relay functions are mutually exclusive 3 Use Pool Name to specify the DHCPv6 pool containing stateless and or prefix delegation parameters 4 Use the optional Rapid Commit parameter to allow abbreviated exchange between the client and server 5 Use Preference to sp...

Page 76: ...nt associated with the binding Client Interface Specifies the interface number where the client binding occurred Client DUID Specifies client s DHCPv6 unique identifier Prefix PrefixLength Specifies the IPv6 address and mask length for delegated prefix associated with this binding Prefix Type Specifies the type of prefix associated with this binding Expiry Time Specifies the number of seconds unti...

Page 77: ...al DHCPv6 Server Statistics To display the DHCPv6 Server Statistics page click System Services DHCPv6 Server DHCPv6 Server Statistics A screen similar to the following displays 1 Use Interface to select the interface for which data is to be displayed or configured On selecting all data will be shown for all interfaces ...

Page 78: ... DHCPv6 Decline Packets Received Specifies the number of Declines DHCPv6 Inform Packets Received Specifies the number of Informs DHCPv6 Relay forward Packets Received Specifies the number of Relay forwards DHCPv6 Relay reply Packets Received Specifies the number of Relay Replies DHCPv6 Malformed Packets Received Specifies the number of Malformed Packets Received DHCPv6 Packets Discarded Specifies ...

Page 79: ...mode to configure DHCPv6 Relay functionality DHCPv6 server and DHCPv6 relay functions are mutually exclusive 3 Use Relay Interface to specify an interface to reach a relay server 4 Use Destination IP Address to specify an IPv6 Address to reach a relay server 5 Use Remote ID to specify the relay agent information option Remote ID needs to be derived from the DHCPv6 server DUID and the relay interfa...

Page 80: ...cution the entire stack including all interfaces in the stack is unconfiugred and reconfigured with the configuration on the new Primary Management Unit After the reload is complete all stack management capability must be performed on the new Primary Management Unit To preserve the current configuration across a stack move save the current configuration to the NVRAM before performing the stack mov...

Page 81: ...also an ADD option visible only to Admin users which can be used to pre configure new members of the stack 3 Use Switch Type to specify the type of switch hardware when creating a new switch in the stack 4 Admin Management Preference is a 2 byte field that indicates whether the administrator wants this unit to become a management unit in preference to another unit The default value for this settin...

Page 82: ...ck Status fields Table 2 28 Field Description Unit ID Unit Id of the specific switch Switch Description The description for the unit can be configured by the user Serial Number The unique box serial number for this switch Up Time Displays the relative time since the last reboot of the switch Configured Model Identifier This field displays the model type assigned by the device manufacturer to ident...

Page 83: ...is prompted to confirm the management move To display the Stack Configuration page click System Stacking Advanced Stack Configuration A screen similar to the following displays 1 Use Management Unit Selected to select the unit to be managed unit and click APPLY to move the management to the selected unit 2 Unit ID Displays the list of units of the stack Details of the selected unit are displayed T...

Page 84: ...lowing table describes the Stack Status fields Table 2 30 Field Description Unit ID Unit Id of the specific switch Switch Description The description for the unit can be configured by the user Serial Number The unique box serial number for this switch Up Time Displays the relative time since the last reboot of the switch Configured Model Identifier This field displays the model type assigned by th...

Page 85: ...able 2 31 Field Description Unit ID Displays the unit Port Displays the stackable interfaces on the given unit Running Stack Mode Displays the run time mode of the stackable interface Link Status Displays the link status UP DOWN of the port Link Speed Gbps Displays the maximum speed of the stacking port Transmit Data Rate Mbps Displays the approximate transmit rate on the stacking port Total Trans...

Page 86: ...splays The following table describes the Stack Port Diagnostics fields Table 2 32 Field Definition Port Displays the stackable interface on the given unit Port Diagnostics Info Displays three text fields 80 character strings populated by the driver containing debug and status information PoE From the PoE link under the System tab you can view and configure PoE settings for the switch From the PoE ...

Page 87: ...r control the power management algorithm used by the PSE to deliver power to the requesting PDs Static value means that power allocated for each port depends on the type of power threshold configured on the port Dynamic value means that power consumption of each port is measured and calculated in real time 4 Use Auto Reset Mode to specify Enable or Disable When set to Enable the PSE port is reset ...

Page 88: ...system can deliver to all ports when the PoE unit is powered up by RPS unit Power Source The power source There are two possible power sources Main AC or RPS Threshold Power System can powerup one port if consumed power is less than this power i e Consumed power can be between Nominal and Threshold Power values The threshold power value is effected by changing System Usage Threshold Consumed Power...

Page 89: ...threshold level at which a trap is sent if consumed power is greater than threshold power 3 Use Power Management Mode to describe or control the power management algorithm used by the PSE to deliver power to the requesting PDs Static value means that power allocated for each port depends on the type of power threshold configured on the port Dynamic value means that power consumption of each port i...

Page 90: ... unit is powered up by RPS unit Power Source The power source There are two possible power sources Main AC or RPS Threshold Power System can powerup one port if consumed power is less than this power i e Consumed power can be between Nominal and Threshold Power values The threshold power value is effected by changing System Usage Threshold Consumed Power Total amount of a power which is currently ...

Page 91: ...ces Priority is used to determine which ports can supply power The lower numbered port which is one of the ports of the same priority will have a higher priority low Low priority high High priority critical Critical priority 4 Use High Power Mode to specify one of the following Disable value means that a port is powered in the IEEE 802 3af mode Legacy value means that a port is powered using high ...

Page 92: ...ans that the IEEE 802 3af 4point detection scheme is used and when it fails to detect a connected PD legacity capacity detection is used 802 3af 2point Only value means that the IEEE 802 3af 2point detection scheme is used 802 3af 2point and Legacy value means that the IEEE 802 3af 2point detection scheme is used and when it fails to detect a connected PD legacity capacity detection is used 8 Clic...

Page 93: ...power being delivered DeliveringPower indicates power is being drawn by device Fault indicates a problem with the port Test indicates port is in test mode otherFault indicates port is idle due to error condition Searching indicates port is not in one of the above states Fault Status Describes the error description when the PSE port is in fault status No Error value specifies that the PSE port is n...

Page 94: ...and status set to Enable These are well known communities Use this page to change the defaults or to add other communities Only the communities that you define using this page will have access to the switch using the SNMPv1 and SNMPv2c protocols Only those communities with read write level access can be used to change the configuration using SNMP Use this page when you are using the SNMPv1 and SNM...

Page 95: ... 255 255 255 255 and use that machine s IP address for Client Address 3 Client IP Mask Taken together the Client Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either Client Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s address is ANDed with the mask as is the Cli...

Page 96: ...otocol Select the protocol to be used by the receiver from the pull down menu Select the IPv4 if the receiver s address is IPv4 address or IPv6 if the receiver s address is IPv6 d Address Enter the IPv4 address in x x x x format or IPv6 address in xxxx xxxx xxxx xxxxx xxxx xxxx xxxx xxxx or a hostname starting with an alphabet to receive SNMP traps from this device Length of address can not exceed...

Page 97: ... Manual Trap Flags Use the Trap Flags page to enable or disable traps When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the Trap Flags page click System SNMP SNMP V1 V2 Trap Flags ...

Page 98: ... to enable or disable activation of spanning tree traps by selecting the corresponding radio button The factory default is enabled 5 Use ACL to enable or disable activation of ACL traps by selecting the corresponding radio button The factory default is disabled 6 Use DVMRP to enable or disable activation of DVMRP traps by selecting the corresponding radio button The factory default is disabled 7 U...

Page 99: ...m Information 99 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Supported MIBs This page displays all the MIBs supported by the switch To access this page click System SNMP SNMP V1 V2 Supported MIBs ...

Page 100: ... L3 Managed Stackable Switches Software Administration Manual The following table describes the SNMP Supported MIBs Status fields Table 2 33 Field Description Name The RFC number if applicable and the name of the MIB Description The RFC title or MIB description ...

Page 101: ... Software Administration Manual SNMP V3 This is the configuration for SNMP v3 From the SNMP V3 link you can access the following pages User Configuration on page 101 User Configuration To access this page click System SNMP SNMP V3 User Configuration A screen similar to the following displays ...

Page 102: ...elected DES in the Encryption Protocol field enter the SNMPv3 Encryption Key here otherwise this field is ignored Valid keys are 0 to 15 characters long The Apply checkbox must be checked in order to change the Encryption Protocol and Encryption Key 6 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 7 Click APPLY to send the upd...

Page 103: ...ry for creation of location databases Extended and automated power management of Power over Ethernet endpoints Inventory management enabling network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial asset number LLDP From the LLDP link you can access the following pages LLDP Global Configuration on page 104 LLDP Int...

Page 104: ...smit Hold Multiplier to specify the multiplier on Transmit Interval to assign TTL The range is from 2 to 10 secs Default value is 4 3 Use Re Initialization Delay to specify the delay before re initialization The range is from 1 to 10 secs Default value is 2 seconds 4 Use Notification Interval to specify the interval in seconds for transmission of notifications The range is from 5 to 3600 secs Defa...

Page 105: ...02 1AB transmit mode for the selected interface 4 Use Receive to specify the LLDP 802 1AB receive mode for the selected interface 5 Use Notify to specify the LLDP 802 1AB notification mode for the selected interface 6 Use Transmit Management Information to specify whether management address is transmitted in LLDP frames for the selected interface 7 Optional TLV s Use System Name to include system ...

Page 106: ...ote system Total Inserts Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been inserted into tables associated with the remote systems Total Deletes Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote sy...

Page 107: ...fies the number of invalid LLDP frames received by the LLDP agent on the corresponding port while the LLDP agent is enabled Age outs Specifies the number of age outs that occurred on a given port An age out is the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote entries because informati...

Page 108: ... Switches Software Administration Manual LLDP Local Device Information To display this page click System LLDP LLDP Local Device Information A screen similar to the following displays 1 Use Interface to specify the list of all the ports on which LLDP 802 1AB frames can be transmitted ...

Page 109: ...t identifier Port ID Specifies the string that describes the source of the port identifier System Name Specifies the system name of the local system System Description Specifies the description of the selected port associated with the local system Port Description Specifies the description of the selected port associated with the local system System Capabilities Supported Specifies the system capa...

Page 110: ...inistration Manual LLDP Remote Device Information This page displays information on remote devices connected to the port To display this page click System LLDP LLDP Remote Device Information A screen similar to the following displays 1 Use Interface to select the local ports which can receive LLDP frames ...

Page 111: ...em System Name Specifies the system name of the remote system System Description Specifies the description of the given port associated with the remote system Port Description Specifies the description of the given port associated with the remote system System Capabilities Supported Specifies the system capabilities of the remote system System Capabilities Enabled Specifies the system capabilities...

Page 112: ...ys The following table describes the LLDP Remote Device Inventory fields Table 2 37 Field Description Port Specifies the list of all the ports on which LLDP frame is enabled Management Address Specifies the advertised management address of the remote system MAC Address Specifies the MAC Address associated with the remote system System Name Specifies model name of the remote device Remote Port ID S...

Page 113: ...LLDP MED Remote Device Information on page 118 LLDP MED Remote Device Inventory on page 121 LLDP MED Global Configuration Use the LLDP MED Global Configuration page to specify LLDP MED parameters that are applied to the switch To display this page click System LLDP LLDP MED Global Configuration A screen similar to the following displays 1 Use Fast Start Repeat Count to specify the number of LLDP P...

Page 114: ...vice Class Specifies local device s MED Classification There are four different kinds of devices three of them represent the actual end points classified as Class I Generic IP Communication Controller etc Class II Media Conference Bridge etc Class III Communication IP Telephone etc The fourth device is Network Connectivity Device which is typically a LAN Switch Router IEEE 802 1 Bridge IEEE 802 11...

Page 115: ...topology notification mode of the interface 4 Use Transmit Type Length Values to specify which optional type length values TLVs in the LLDP MED will be transmitted in the LLDP PDUs frames for the selected interface MED Capabilities To transmit the capabilities TLV in LLDP frames Network Policy To transmit the network policy TLV in LLDP frames Location Identification To transmit the location TLV in...

Page 116: ...t on this interface 116 Chapter 2 Configuring System Information ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual LLDP MED Local Device Information To display this page click System LLDP LLDP MED Local Device Information A screen similar to the following displays 1 Use Interface to select the ports on which LLDP MED frames can be transmitted ...

Page 117: ...VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such application types If a network policy TLV has been transmitted only then would this information be displayed Inventory Specifies if inventory TLV is present in LLDP frames Hardware Revision Specifies hardware version Firmware Revision Specifies Firmware version Software Revision Specifies Software ve...

Page 118: ...ged Stackable Switches Software Administration Manual LLDP MED Remote Device Information To display this page click System LLDP LLDP MED Remote Device Information A screen similar to the following displays 1 Use Interface to select the ports on which LLDP MED is enabled ...

Page 119: ...s received in the LLDP frames on this port Media Application Type Specifies the application type Types of application types are unknown voicesignaling guestvoice guestvoicesignalling softphonevoice videoconferencing streammingvideo vidoesignalling Each application type that is received has the VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such applic...

Page 120: ... location TLV is received in LLDP frames on this port Sub Type Specifies type of location information Location Information Specifies the location information as a string for given type of location id Extended POE Specifies if remote device is a PoE device Device Type Specifies remote device s PoE device type connected to this port Extended POE PSE Specifies if extended PSE TLV is received in LLDP ...

Page 121: ...ields Table 2 42 Field Definition Port Specifies the list of all the ports on which LLDP MED is enabled Management Address Specifies the advertised management address of the remote system MAC Address Specifies the MAC Address associated with the remote system System Model Specifies model name of the remote device Software Revision Specifies Software version of the remote device ISDP From the ISDP ...

Page 122: ...122 Chapter 2 Configuring System Information ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Global Configuration on page 123 ...

Page 123: ...Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it The range 10 to 255 seconds Default value is 180 seconds 4 Use Version 2 Advertisements to enable or disable the sending of ISDP version 2 packets from the device The default value is Enabled The foll...

Page 124: ...ys 1 Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled The default value is Enabled 2 Use Timer to specify the period of time between sending new ISDP packets The range is 5 to 254 seconds Default value is 30 seconds 3 Use Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store info...

Page 125: ... table describes the ISDP Advanced Global Configuration fields Table 2 44 Field Description Neighbors table last time changed Displays when the Neighbors table last changed Device ID Displays the device ID of this switch Device ID format capability Displays the device ID format capability Device ID format Displays the device ID format ...

Page 126: ...istration Manual Interface Configuration To display this page click System ISDP Advanced Interface Configuration A screen similar to the following displays 1 Use Port to select the port on which the admin mode is configured 2 Use Admin Mode to enable or disable ISDP on the port The default value is enable ...

Page 127: ... which the neighbor is discovered Address Displays the address of the neighbor Capability Displays the capability of the neighbor These are supported Router Trans Bridge Source Route Switch Host IGMP Repeater Platform Display the model type of the neighbor 0 to 32 Port ID Display the port ID on the neighbor Hold Time Displays the hold time for ISDP packets that the neighbor transmits Advertisement...

Page 128: ...guring System Information ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ISDP Statistics To display this page click System ISDP Advanced Statistics A screen similar to the following displays ...

Page 129: ...the ISDPv1 packets received ISDPv1 Packets Transmitted Displays the ISDPv1 packets transmitted ISDPv2 Packets Received Displays the ISDPv2 packets received ISDPv2 Packets Transmitted Displays the ISDPv2 packets transmitted ISDP Bad Header Displays the ISDP bad packets received ISDP Checksum Error Displays the number of the checksum error ISDP Transmission Failure Displays the number of the transmi...

Page 130: ...ity and management of multicast traffic By default all ports on the switch are in the same broadcast domain VLANs electronically separate ports on the same switch into separate broadcast domains so that broadcast packets are not sent to all the ports on a single switch When you use a VLAN users can be grouped by logical function instead of physical location Each VLAN in a network has an associated...

Page 131: ... 3 Configuring Switching Information 131 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Basic From the Basic link you can access the following pages VLAN Configuration on page 132 ...

Page 132: ...nfiguration page click Switching VLAN Basic VLAN Configuration 1 Reset Configuration If you select this checkbox and click the APPLY button all VLAN configuration parameters will be reset to their factory default values Also all VLANs except for the default VLAN will be deleted The factory default values are All ports are assigned to the default VLAN of 1 All ports are configured with a PVID of 1 ...

Page 133: ...internal VLAN allocation There are two policies supported ascending and descending VLAN Configuration 1 Use VLAN ID to specify the VLAN Identifier for the new VLAN The range of the VLAN ID is 1 to 4093 2 Use the optional VLAN Name field to specify a name for the VLAN It can be up to 32 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default 3 Click...

Page 134: ...n on page 132 VLAN Membership on page 136 VLAN Status on page 138 Port PVID Configuration on page 139 MAC Based VLAN on page 141 IP Subnet Based VLAN on page 142 Port DVLAN Configuration on page 143 Protocol Based VLAN Group Configuration on page 144 Protocol Based VLAN Group Membership on page 146 Voice VLAN Configuration on page 147 GARP Switch Configuration on page 149 GARP Port Configuration o...

Page 135: ...of Admit All Frames All ports are configured with Ingress Filtering disabled All ports are configured to transmit only untagged frames GVRP is disabled on all ports and all dynamic entries are cleared Internal VLAN Configuration This page displays the allocation base and the allocation mode of internal VLAN The internal VLAN is reserved by port based routing interface and invisible to the end user...

Page 136: ... transmitted for this VLAN will be tagged All the ports will be included in the VLAN Remove All All the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding all ports from the selected VLAN 3 Use Port List to add the ports you selected to this VLAN Each port has three modes T Tagged Select the ports on which all frames transmitted for this VLAN ...

Page 137: ...fault VLAN Type This field identifies the type of the VLAN you selected The VLAN type Default VLAN ID 1 always present Static a VLAN you have configured Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove Chapter 3 Configuring Switching Information 137 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 138: ...D The VLAN Identifier VID of the VLAN The range of the VLAN ID is 1 to 4093 VLAN Name The name of the VLAN VLAN ID 1 is always named Default VLAN Type The VLAN type Default VLAN ID 1 always present Static a VLAN you have configured Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove Routing Interface The interface associated with the...

Page 139: ...rface There are certain requirements for a PVID All ports must have a defined PVID If no other value is specified the default VLAN PVID is used If you want to change the port s default PVID you must first create a VLAN that includes the port as a member Use the Port VLAN ID PVID Configuration page to configure a virtual LAN on a port To access the Port PVID Configuration page click Switching VLAN ...

Page 140: ...ions are VLAN only and Admit All When set to VLAN only untagged frames or priority tagged frames received on this port are discarded When set to Admit All untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance to the 802 1Q VLAN specification 6 Ingress Fi...

Page 141: ...he source MAC address of the packet is looked up If an entry is found the corresponding VLAN ID is assigned to the packet If the packet is already priority tagged it will maintain this value otherwise the priority will be set to zero The assigned VLAN ID is verified against the VLAN table if the VLAN is valid ingress processing on the packet continues otherwise the packet is dropped This implies t...

Page 142: ...LAN configurations are shared across all ports of the device To display the MAC Based VLAN page click Switching VLAN Advanced IP Subnet Based VLAN 1 Use IP Address to specify a valid IP Address bound to VLAN ID Enter the IP Address in dotted decimal notation 2 Use Subnet Mask to specify a valid Subnet Mask of the IP Address Enter the Subnet mask in dotted decimal notation 3 Use VLAN ID to specify ...

Page 143: ...ace for which you want to display or configure data Select All to set the parameters for all ports to same values 2 Use Admin Mode to specify the administrative mode via which Double VLAN Tagging can be enabled or disabled The default value for this is Disabled 3 Use the 2 byte hex Global EtherType as the first 16 bits of the DVlan tag 802 1Q Tag Commonly used tag representing 0x8100 vMAN Tag Comm...

Page 144: ... If you assign a port to a protocol based VLAN for a specific protocol untagged frames received on that port for that protocol will be assigned the protocol based VLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID either the default PVID 1 or a PVID you have specifically assigned to the port using the Port VLAN Configuration screen You define a proto...

Page 145: ...um access control MAC addresses IPX The Internetwork Packet Exchange IPX is a connectionless datagram Network layer protocol that forwards data over a network 3 Use VLAN ID to select the VLAN ID It can be any number in the range of 1 to 4093 All the ports in the group will assign this VLAN ID to untagged packets received for the protocols you included in this group 4 Click ADD to add a new Protoco...

Page 146: ...e Port List to add the ports you selected to this Protocol Based VLAN Group Note that a given interface can only belong to one group for a given protocol If you have already added a port to a group for IP you cannot add it to another group that also includes IP although you could add it to a new group for IPX Table 3 51 Field Description Group Name This field identifies the name for the protocol b...

Page 147: ...ministration Manual Voice VLAN Configuration Use this menu to configure the parameters for Voice VLAN Configuration Note that only a user with Read Write access privileges may change the data on this screen To display the Voice VLAN Configuration page click Switching VLAN Advanced Voice VLAN Configuration ...

Page 148: ... own configuration to send untagged voice traffic VLAN ID Configure the phone to send tagged voice traffic dot1p Configure Voice Vlan 802 1p priority tagging for voice traffic When this is selected please enter the dot1p value in the Value field Untagged Configure the phone to send untagged voice traffic 4 Use Value to enter the VLAN ID or dot1p value This is enable only when VLAN ID or dot1p is s...

Page 149: ...P Switch Configuration page click Switching VLAN Advanced GARP Switch Configuration 1 Use GVRP Mode to choose the GARP VLAN Registration Protocol administrative mode for the switch by selecting enable or disable from the radio button The factory default is disable 2 Use GMRP Mode to choose the GARP Multicast Registration Protocol administrative mode for the switch by selecting enable or disable fr...

Page 150: ...t L3 Managed Stackable Switches Software Administration Manual GARP Port Configuration Note It can take up to 10 seconds for GARP configuration changes to take effect To display the GARP Port Configuration page click Switching VLAN Advanced GARP Port Configuration ...

Page 151: ...each GARP participant for each port 6 Use Leave All Time centiseconds to control how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAllTime The timer is specified in centi...

Page 152: ...ridge Note For two bridges to be in the same region the force version should be 802 1s and their configuration name digest key and revision level should match For additional information about regions and their effect on network topology refer to the IEEE 802 1Q standard From the VLAN link you can access the following pages Basic on page 152 Advanced on page 155 Basic From the Basic link you can ac...

Page 153: ...3 Managed Stackable Switches Software Administration Manual STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching STP Basic STP Configuration ...

Page 154: ...TP domain borders and keep the active topology consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to administrative disable of the port ...

Page 155: ...ation on page 155 CST Configuration on page 157 CST Port Configuration on page 159 CST Port Status on page 161 MST Configuration on page 163 MST Port Status on page 165 STP Statistics on page 167 STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching STP Advanced STP Configu...

Page 156: ...omain borders and keep the active topology be consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to administrative disable of the port 7...

Page 157: ...ing Tree CST The valid range is 0 61440 The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 Bridge Max Age secs Specifies the bridg...

Page 158: ...ult value is 6 Table 3 55 Field Description Bridge identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time since topology change The time in seconds since the topology of the CST last changed Topology change count Number of times topology has changed for the CST Topology change The value of the topology change parameter for t...

Page 159: ... Port Configuration page click Switching STP Advanced CST Port Configuration To configure CST port settings 1 Interface One of the physical or port channel interfaces associated with VLANs associated with the CST 2 Use Port Priority to specify the priority for a particular port within the CST The port priority is set in multiples of 16 For example if the priority is attempted to be set to any valu...

Page 160: ...device from changing The port gets put into discarding state and does not forward any packets The possible values are Enable or Disable 10 Use Loop Guard to configure the loop guard on the port to protect layer 2 forwarding loops If loop guard is enabled the port moves into the STP loop inconsistent blocking state instead of the listening learning forwarding state 11 Use TCN Guard to configure the...

Page 161: ...witches Software Administration Manual CST Port Status Use the Spanning Tree CST Port Status page to display Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Status page click Switching STP Advanced CST Port Status ...

Page 162: ...ss of the bridge Designated Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of ...

Page 163: ...th the lowest priority value becomes the root bridge The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 The valid range is 0 61440...

Page 164: ...econds since the topology of the selected MST instance last changed Topology Change Count Number of times topology has changed for the selected MST instance Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance It takes a value if True or False Designated Root The bridge identifier ...

Page 165: ...n table that follows To configure MST port settings 1 Use MST ID to select one MST instance from existing MST instances 2 Use Interface to select one of the physical or port channel interfaces associated with VLANs associated with the selected MST instance 3 Use Port Priority to specify the priority for a particular port within the selected MST instance The port priority is set in multiples of 16 ...

Page 166: ... Hours Minutes and Seconds Port Mode Spanning Tree Protocol Administrative Mode associated with the port or port channel The possible values are Enable or Disable Port Forwarding State The Forwarding State of this port Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate P...

Page 167: ...s Software Administration Manual STP Statistics Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units BPDUs transmitted and received on each port To display the Spanning Tree Statistics page click Switching STP Advanced STP Statistics ...

Page 168: ...mber of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port MSTP BPDUs Received Number of MSTP BPDUs received at the selected port MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port Multicast Multicast IP traffic is traffic that is destined to a host group Host groups are identified by class D IP addres...

Page 169: ...n entry consists of a VLAN ID and MAC address pair Entries may contain data for more than one protocol To display the MFDB Table page click Switching Multicast MFDB MFDB Table 1 Use Search by MAC Address to enter a MAC Address whose MFDB table entry you want displayed Enter six two digit hexadecimal numbers separated by colons for example 00 01 23 43 45 67 Then click on the GO button If the addres...

Page 170: ...esponsible for this entry in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP Static Filtering and MLD Snooping Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted ForwardingInterfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing...

Page 171: ...Table 3 62 Field Description Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database table can hold Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since last reset This value is also known as the MFDB high water mark Current Entries The current number of entries in the Multicast ...

Page 172: ...kets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a small number of nodes Packets will be flooded into network segments where no node has any interest in receiving the packet While nodes will rarely incur any processing o...

Page 173: ...able radio button to select the administrative mode for IGMP Snooping for the switch The default is disable 2 Use the Unknown Multicast Filtering Enable Disable radio button to select the unknown multicast filtering mode for the switch The default is disable The following table displays information about the global IGMP snooping status and statistics on the page Table 3 63 Field Description Multic...

Page 174: ...ftware Administration Manual IGMP Snooping Interface Configuration Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces To access the IGMP Snooping Interface Configuration page click Switching Multicast IGMP Snooping Interface Configuration ...

Page 175: ...nterface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default is 10 seconds The configured value must be less than the Group Membership Interval 5 Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface befor...

Page 176: ... Switches Software Administration Manual IGMP VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system To access the IGMP Snooping VLAN Configuration page click Switching Multicast IGMP Snooping IGMP VLAN Configuration ...

Page 177: ...nse Time to set the value for maximum response time of IGMP Snooping for the specified VLAN ID Valid range is 1 to Group Membership Interval 1 Its value should be greater than group membership interval value Use Multicast Router Expiry Time to set the value for multicast router expiry time of IGMP Snooping for the specified VLAN ID Valid range is 0 to 3600 seconds 2 Click Cancel to cancel the conf...

Page 178: ...needed most of the time since the switch will automatically detect the presence of multicast router and forward IGMP packet accordingly It is only needed when you want to make sure the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router Configuration page click Switching Multicast IGMP Snooping Multicast Router Configuration 1 Use Inter...

Page 179: ...sence of a multicast router and forward IGMP packets accordingly It is only needed when you want to make sure that the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router VLAN Configuration page click Switching Multicast IGMP Snooping Multicast Router VLAN Configuration 1 Use Interface to select the interface for which you want Multicas...

Page 180: ...rent multicast group membership on a port by port basis If the switch does not receive updated membership information in a timely fashion it will stop forwarding multicasts to the port where the end device is located These pages enable you to configure and display information on IGMP snooping queriers on the network and separately on VLANs IGMP Snooping Querier Configuration Use this menu to confi...

Page 181: ...ch query is being sent 3 Use IGMP Version to specify the IGMP protocol version used in periodic IGMP queries IGMP queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier The Query Interval must be a value in the range of 1 and 1800 The default value is 60 5 Use Querier Expiry Interval secs to specify the time interval in secon...

Page 182: ...le or disable Querier Participate Mode Disabled Upon seeing another querier of the same version in the VLAN the snooping querier moves to the non querier state Enabled The snooping querier participates in querier election in which the least IP address operates as the querier in that VLAN The other querier moves to non querier state Snooping Querier VLAN Address Specify the Snooping Querier IP Addr...

Page 183: ...uerier is not operational on the VLAN The Snooping Querier moves to disabled mode when IGMP Snooping is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Operational Version Displays the operational IGMP protocol version of the querier Last Querier Address Displays the IP address of the last querier from which a query...

Page 184: ...ping link you can access the following pages MLD Snooping Configuration on page 185 MLD Snooping Interface Configuration on page 186 MLD VLAN Configuration on page 187 Multicast Router Configuration on page 188 Multicast Router VLAN Configuration on page 189 MLD Snooping Querier Configuration on page 190 MLD Snooping Querier VLAN Configuration on page 191 ...

Page 185: ...Snooping Configuration page click Switching Multicast MLD Snooping Configuration 1 Use MLD Snooping Admin Mode to select the administrative mode for MLD Snooping for the switch The default is disable Table 3 66 Field Definition Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for MLD Snooping A list of all the interfaces currentl...

Page 186: ...seconds The configured value must be greater than Max Response Time The default is 260 seconds 4 Use Max Response Time secs to specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default ...

Page 187: ...enable or disable the MLD Snooping Fast Leave Mode for the specified VLAN ID 4 Use Group Membership Interval to set the value for group membership interval of MLD Snooping for the specified VLAN ID Valid range is Maximum Response Time 1 to 3600 5 Use Maximum Response Time to set the value for maximum response time of MLD Snooping for the specified VLAN ID Valid range is 1 to Group Membership Inter...

Page 188: ...al Multicast Router Configuration To access the Multicast Router Configuration page click Switching Multicast MLD Snooping Multicast Router Configuration 1 Interface Select the interface for which you want Multicast Router to be enabled 2 Use Multicast Router to enable or disable Multicast Router on the selected interface ...

Page 189: ...cast Router VLAN Configuration page click Switching Multicast MLD Snooping Multicast Router VLAN Configuration 1 Use Interface to select the interface for which you want Multicast Router to be enabled 2 Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled 3 Use Multicast Router to enable or disable the multicast router for the Vlan ID ...

Page 190: ...rce address in periodic MLD queries This address is used when no address is configured on the VLAN on which query is being sent The supported IPv6 formats are x x x x x x x x and x x 3 Use MLD Version to specify the MLD protocol version used in periodic MLD queries MLD queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier Th...

Page 191: ...se Querier Election Participate Mode to enable or disable the MLD Snooping Querier participate in election mode When this mode is disabled up on seeing other querier of same version in the vlan the snooping querier move to non querier state Only when this mode is enabled the snooping querier will participate in querier election where in the least ip address will win the querier election and operat...

Page 192: ...is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Operational Version Displays the operational MLD protocol version of the querier Last Querier Address Displays the IP address of the last querier from which a query was snooped on the VLAN Last Querier Version Displays the MLD protocol version of the last querier fr...

Page 193: ...Address Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching Address Table Basic Address Table ...

Page 194: ... Select Port from pull down menu enter the port ID in Unit Slot Port for example 2 1 1 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Table 3 69 Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch...

Page 195: ...his page allows the user to set the Address Aging Interval for the specified forwarding database To display the Address Table page click Switching Address Table Advanced Dynamic Addresses 1 Use Address Aging Timeout seconds to specify the time out period in seconds for aging out dynamically learned forwarding information 802 1D 1990 recommends a default of 300 seconds The value may be specified as...

Page 196: ...dress Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching Address Table Advanced Address Table ...

Page 197: ...ddress exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Table 3 70 Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a 6 byte MAC Address that is separated by colons for example 01 ...

Page 198: ...n the network The factory default is enabled 4 Use LACP Mode to select the Link Aggregation Control Protocol administration state The mode must be enabled in order for the port to participate in Link Aggregation May be enabled or disabled by selecting the corresponding line on the pull down entry field The factory default is enabled 5 Use the Physical Mode pull down menu to select the port s speed...

Page 199: ... across a power cycle you must perform a save Table 3 71 Field Description Port Type For normal ports this field will be normal Otherwise the possible values are Mirrored The port is a mirrored port on which all the traffic will be copied to the probe port Probe Use this port to monitor mirrored port Trunk Number The port is a member of a Link Aggregation trunk Look at the LAG screens for more inf...

Page 200: ... 1 Use Port Description to enter the description string to be attached to a port It can be up to 64 characters in length Table 3 72 Field Description Port Selects the interface for which data is to be displayed or configured MAC Address Displays the physical address of the specified interface PortList Bit Offset Displays the bit offset value which corresponds to the port when the MIB object type P...

Page 201: ...ort up to 64 LAGs From the LAGs link you can access the following pages LAG Configuration on page 201 LAG Membership on page 203 LAG Configuration Use the LAG Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated together to form a link aggregation group which is also known as a port channel The switch treats the LAG as if it were a single link To access ...

Page 202: ...ACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable 5 Use STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are Disable Spanning tree is disabled for this LAG Enable Spanning tree is enabled for this LAG 6 Use Static Mode to select enable or disable from the pull down menu W...

Page 203: ...ffic will flow and LACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable 5 Use Link Trap to specify whether you want to have a trap sent when link status changes The factory default is enable which will cause the trap to be sent 6 Use STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possibl...

Page 204: ...ciated with the packet Src Dest MAC VLAN EType incoming port Source Destination MAC VLAN EtherType and incoming port associated with the packet Src IP and Src TCP UDP Port fields Source IP and Source TCP UDP fields of the packet Dest IP and Dest TCP UDP Port fields Destination IP and Destination TCP UDP Port fields of the packet Src Dest IP and TCP UDP Port fields Source Destination IP and source ...

Page 205: ...n page 325 Multicast on page 334 IPv6 Multicast on page 371 Routing Table The Routing Table collects routes from multiple sources static routes RIP routes OSPF routes and local routes The Routing Table may learn multiple routes to the same destination from multiple sources The Routing Table lists all routes From the Routing Table link you can access the following pages Basic on page 205 Advanced o...

Page 206: ... ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Route Configuration on page 206 Route Configuration To display the Route Configuration page click Routing Routing Table Basic Route Configuration ...

Page 207: ...ways be one of the adjacent neighbors or the IP address of the local interface for a directly attached network 5 Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding da...

Page 208: ... in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Metric Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Preference The pr...

Page 209: ...FRESH to refresh the web page to show the latest learned routes Advanced From the Advanced link you can access the following pages Route Configuration on page 209 Route Preferences on page 212 Route Configuration To display the Route Configuration page click Routing Routing Table Advanced Route Configuration ...

Page 210: ...ways be one of the adjacent neighbors or the IP address of the local interface for a directly attached network 5 Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding da...

Page 211: ... The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Metric Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Preference The preference is an integer value from 0 ...

Page 212: ...nces page click Routing Routing Table Advanced Route Preferences 1 Use Static to specify the static route preference value in the router The default value is 1 The range is 1 to 255 2 Use RIP to specify the RIP route preference value in the router The default value is 120 The range is 1 to 255 3 Use OSPF Intra to specify the OSPF intra route preference value in the router The default value is 110 ...

Page 213: ... links to the following web pages that configure and display IP routing data Basic on page 213 Advanced on page 220 Basic From the Basic link you can access the following pages IP Configuration on page 213 Statistics on page 215 IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface To display the IP Configuration page click Routing IP Basic IP Con...

Page 214: ... ICMP error packets that are allowed per burst interval By default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Rate limiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By default bur...

Page 215: ...5 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Statistics The statistics reported on this screen are as specified in RFC 1213 To display the Statistics page click Routing IP Basic Statistics ...

Page 216: ...rwDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful IpInUnknownProtos ...

Page 217: ...o be reassembled at this entity IpReasmOKs The number of IP datagrams successfully re assembled IpReasmFails The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received IpFragOKs The n...

Page 218: ... of ICMP Timestamp request messages received IcmpInTimestampReps The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted b...

Page 219: ... a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutEchoReps The number of ICMP Echo Reply messages sent IcmpOutTimestamps The number of ICMP Timestamp request messages IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent Ic...

Page 220: ... access the following pages IP Configuration on page 220 IP Statistics on page 222 IP Interface Configuration on page 227 Secondary IP Address on page 229 IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface To display the IP Configuration page click Routing IP Advanced IP Configuration ...

Page 221: ...f ICMP error packets that are allowed per burst interval By Default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Ratelimiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By Default bur...

Page 222: ...afe Gigabit L3 Managed Stackable Switches Software Administration Manual IP Statistics The statistics reported on this screen are as specified in RFC 1213 To display the IP Statistics page click Routing IP Advanced IP Statistics ...

Page 223: ...rwDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful IpInUnknownProtos ...

Page 224: ...o be reassembled at this entity IpReasmOKs The number of IP datagrams successfully re assembled IpReasmFails The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received IpFragOKs The n...

Page 225: ... of ICMP Timestamp request messages received IcmpInTimestampReps The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted b...

Page 226: ... a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutEchoReps The number of ICMP Echo Reply messages sent IcmpOutTimestamps The number of ICMP Timestamp request messages IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent Ic...

Page 227: ...ter the IP address for the interface 4 Use Subnet Mask to enter the subnet mask for the interface This is also referred to as the subnet network mask and defines the portion of the interface s IP address that is used to identify the attached network 5 Use Routing Mode to enable or disable routing for an interface The default value is enable 6 Use Administrative Mode to enable disable the Administr...

Page 228: ...ace If this is Disabled then this interface will not send ICMP Destination Unreachables By default Destination Unreachables mode is enable 13 Use ICMP Redirects to enable disable ICMP Redirects Mode The router sends an ICMP Redirect on an interface only if Redirects are enabled both globally and on the interface By default ICMP Redirects Mode is enable 14 Use IP MTU to specify the maximum size of ...

Page 229: ...D associated with the displayed or configured interface Primary IP Address The Primary IP Address for the Interface IPv6 IPv6 is the next generation of the Internet Protocol With 128 bit addresses versus 32 bit addresses for IPv4 IPv6 solves the address depletion issues seen with IPv4 and removes the requirement for Network Address Translation NAT which is used in IPv4 networks to reduce the numbe...

Page 230: ... to both Routing protocols are capable of computing routes for one or both IP versions From the IPv6 link you can access the following pages Basic on page 230 Advanced on page 233 Basic From the Basic link you can access the following pages IPv6 Global Configuration on page 231 IPv6 Route Table on page 232 ...

Page 231: ...ues for hops are 1 64 inclusive The default not configured means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node Note that this is not the same as configuring a value of 64 4 Use ICMPv6 Rate Limit Error Interval to control the ICMPv6 error packets by specifying the number of ICMP error packets that are allowed per burst interval By ...

Page 232: ...IPv6 routes Table 13 Field Description Number of Routes Displays the total number of active routes in the route table IPv6 Prefix Displays the Network Prefix for the Active Route Prefix Length Displays the Prefix Length for the Active Route Protocol Displays the Type of Protocol for the Active Route Next Hop Interface Displays the Interface over which the Route is Active For a Reject Route the nex...

Page 233: ...access the following pages IPv6 Global Configuration on page 234 IPv6 Interface Configuration on page 235 IPv6 Prefix Configuration on page 237 IPv6 Statistics on page 238 IPv6 Neighbor Table on page 244 IPv6 Route Configuration on page 246 IPv6 Route Table on page 247 IPv6 Route Preferences on page 248 Tunnel Configuration on page 249 ...

Page 234: ...lues for hops are 1 64 inclusive The default not configured means that a value of zero is sent in router advertisements and a value of 64 is sent in packets originated by the node Note that this is not the same as configuring a value of 64 4 Use ICMPv6 Rate Limit Error Interval to control the ICMPv6 error packets by specifying the number of ICMP error packets that are allowed per burst interval By...

Page 235: ...mode is not supported for Logical VLAN Interfaces 5 Use MTU to specify the maximum transmit unit on an interface If the value is 0 then this interface is not enabled for routing It is not valid to set this value to 0 if routing is enabled Range of MTU is 1280 to 1500 6 Use Duplicate Address Detection Transmits to specify the number of duplicate address detections transmits on an interface DAD tran...

Page 236: ...ault value of managed flag is disable 12 Use Adv Other Config Flag To specify router advertisement for other Stateful configuration flag Default value of other config flag is disable 13 Use Adv Suppress Flag to specify router advertisement suppression on an interface Default value of suppress flag is disable 14 Use Destination Unreachables to specify the Mode of Sending ICMPv6 Destination Unreacha...

Page 237: ...be in the range 0 to 4294967295 5 Use Preferred Lifetime to specify router advertisement per prefix time An auto configured address generated from this prefix is preferred Preferred lifetime must be in range 0 to 4294967295 6 Use OnLink Flag to specify selected prefix can be used for on link determination Default value is enable This selector lists the two options for on link flag enable and disab...

Page 238: ... Statistics page to display IPv6 traffic statistics for one or all interfaces To display the IPv6 Statistics page click Routing IPv6 Advanced Statistics 1 Use Interface to select the interface to be configured When the selection is changed a screen refresh will occur causing all fields to be updated for the newly selected port ...

Page 239: ...ransmit them to their destination Received Datagrams With Unknown Protocol The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol This counter is incremented at the interface to which these datagrams were addressed which might not be necessarily the input interface for some of the datagrams Received Datagrams Discarded Due To Inv...

Page 240: ...ed This counter is incremented at the interface to which these fragments were addressed which might not be necessarily the input interface for some of the fragments Datagrams Forwarded The number of output datagrams which this entity received and forwarded to their final destinations In entities which do not act as IPv6 routers this counter will include only those packets which were Source Routed ...

Page 241: ...ived by the interface ICMPv6 Messages Prohibited Administratively Received The number of ICMP destination unreachable communication administratively prohibited messages received by the interface ICMPv6 Time Exceeded Messages Received The number of ICMP Time Exceeded messages received by the interface ICMPv6 Parameter Problem Messages Received The number of ICMP Parameter Problem messages received ...

Page 242: ... not include errors discovered outside the ICMP layer such as the inability of IPv6 to route the resultant datagram In some implementations there may be no types of error which contribute to this counter s value ICMPv6 Destination Unreachable Messages Transmitted The number of ICMP Destination Unreachable Messages sent by the interface ICMPv6 Messages Prohibited Administratively Transmitted Number...

Page 243: ...ace ICMPv6 Redirect Messages Transmitted The number of Redirect messages sent ICMPv6 Group Membership Query Messages Transmitted The number of ICMPv6 Group Membership Query messages sent ICMPv6 Group Membership Response Messages Transmitted The number of ICMPv6 Group Membership Response messages sent ICMPv6 Group Membership Reduction Messages Transmitted The number of ICMPv6 Group Membership Reduc...

Page 244: ...ted by colons for example 2001 231F 1 Then click Go If the address exists that entry will be displayed An exact match is required Searched by Interface Select Interface from pull down menu enter the interface ID in Unit Slot Port for example 2 1 1 Then click Go If the IPv6 route exists the entry will be displayed Table 18 Field Description Interface Specifies the interface whose settings are displ...

Page 245: ... are sent Stale More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While in STALE state the device takes no action until a packet is sent Delay More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly A packet was ...

Page 246: ...Address If the Next Hop IPv6 address specified is a Link Local IPv6 Address specify the Interface for the Link local IPv6 Next Hop Address Select Static Reject from this menu to create a static reject route for a destination prefix No next hop address is specified in that case 3 Use Next Hop IPv6 Address to enter the Next Hop IPv6 Address for the Configured Route 4 Use Interface to specify the uni...

Page 247: ...show the latest IP information Table 19 Field Description Number of Routes Displays the total number of active routes in the route table IPv6 Prefix Displays the Network Prefix for the Active Route Prefix Length Displays the Prefix Length for the Active Route Protocol Displays the Type of Protocol for the Active Route Next Hop Interface Displays the Interface over which the Route is Active For a R...

Page 248: ...is still a tie the route with the best route metric will be chosen To avoid problems with mismatched metrics you must configure different preference values for each of the protocols To display the IPv6 Route Preferences page click Routing IPv6 Advanced Route Preferences 1 Use Static to specify the Static Route preference value for the router The default value is 1 The range is 1 to 255 2 Use OSPFv...

Page 249: ...explicit IPv6 address 4 Use IPv6 Unreachables to specify the Mode of Sending ICMPv6 Destination Unreachables on this interface If Disabled then this interface will not send ICMPv6 Destination Unreachables By default IPv6 Destination Unreachables mode is enable 5 Use IPv6 Address to select a list of configured IPv6 addresses for the selected interface Address must be entered in the format prefix le...

Page 250: ...l bridge router interface the packet is routed An inbound multicast packet is forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to re...

Page 251: ...N Routing Wizard page click Routing VLAN VLAN Routing Wizard 1 Use VLAN ID to specify the VLAN Identifier VID associated with this VLAN The range of the VLAN ID is 1 to 4093 2 Use Ports to display selectable physical ports and LAGs if any Selected ports will be added to the Routing VLAN Each port has three modes T Tagged Select the ports on which all frames transmitted for this VLAN will be tagged...

Page 252: ...AN Routing Interface specified in the VLAN ID field to the switch configuration 5 Click DELETE to remove the VLAN Routing Interface specified in the VLAN ID field from the switch configuration Table 21 Field Description Port The interface assigned to the VLAN for routing MAC Address The MAC Address assigned to the VLAN Routing Interface ARP The ARP protocol associates a layer 2 MAC address with a ...

Page 253: ...che The ARP response being unicast is normally seen only by the requestor who stores the sender information in its ARP cache Newer information always replaces existing content in the ARP cache The number of supported ARP entries is platform dependent Devices can be moved in a network which means the IP address that was at one time associated with a certain MAC address is now found using a differen...

Page 254: ... 1 Use Port to select the associated Unit Slot Port of the connection 2 IP Address displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 3 MAC Address displays the unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 4 Click REFRESH to show...

Page 255: ... Resolution Protocol table 1 Use IP Address to enter the IP address you want to add It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 2 Use MAC Address to specify the unicast MAC address of the device Enter the address as six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 3 Click ADD to add a new static AR...

Page 256: ...rt The associated Unit Slot Port of the connection IP Address Displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces MAC Address The unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 Click REFRESH to show the latest IP information ...

Page 257: ...s the switch will wait for a response to an ARP request The range for this field is 1 to 10 seconds The default value for Response Time is 1 second 3 Use Retries to enter an integer that specifies the maximum number of times an ARP request will be retried The range for this field is 0 to 10 The default value for Retries is 4 4 Use Cache Size to enter an integer that specifies the maximum number of...

Page 258: ... Total number of Active Static Entries in the ARP table Configured Static Entries Total number of Configured Static Entries in the ARP table Maximum Static Entries Maximum number of Static Entries that can be defined RIP RIP is an Interior Gateway Protocol IGP based on the Bellman Ford algorithm and targeted at smaller networks network diameter no greater than 15 hops The routing information is pr...

Page 259: ... in updates sent to the router from which it was learned but the metric will be set to infinity The default is simple 3 Use Auto Summary Mode to select enable or disable If you select enable groups of adjacent routes will be summarized into single entries in order to reduce the total number of entries The default is disable 4 Use Host Routes Accept Mode to select enable or disable If you select en...

Page 260: ...d link you can access the following pages RIP Configuration on page 260 Interface Configuration on page 262 Route Redistribution on page 265 RIP Configuration Use the RIP Configuration page to enable and configure or disable RIP in Global mode To display the RIP Configuration page click Routing RIP Advanced RIP Configuration ...

Page 261: ...ity The default is simple 3 Use Auto Summary Mode to select enable or disable If you select enable groups of adjacent routes will be summarized into single entries in order to reduce the total number of entries The default is disable 4 Use Host Routes Accept Mode to select enable or disable If you select enable the router will be accept host routes The default is enable 5 Use Default Information O...

Page 262: ...itches Software Administration Manual Interface Configuration Use the RIP Interface Configuration page to enable and configure or to disable RIP on a specific interface To display the Interface Configuration page click Routing RIP Advanced Interface Configuration ...

Page 263: ...e choices are None This is the initial interface state If you select this option from the pull down menu on the second screen you will be returned to the first screen and no authentication protocols will be run Simple If you select Simple you will be prompted to enter an authentication key This key will be included in the clear in the RIP header of all packets sent on the network All routers on th...

Page 264: ... packets the interface will accept from the pull down menu The value is one of the following RIP 1 accept only RIP version 1 formatted packets RIP 2 accept only RIP version 2 formatted packets The default is RIP 2 Both accept packets in either format None no RIP control packets will be accepted Admin Mode Enables RIP for an interface The default is Disable Link State Indicates whether the RIP inte...

Page 265: ...The Source select box is a dynamic selector and is populated by only those Source Routes that have already been configured for redistribute by RIP Use Source to configure another Source Route from among the Available Source Routes The valid values are Static Connected OSPF 2 Use Redistribute Mode to enable or disable RIP redistribute mode The default value is disable 3 Use Metric to specify the Me...

Page 266: ...tion RIP Route Redistribution Summary This screen displays the RIP Route Redistribution Configurations Table 27 Field Description Source The Source Route to be Redistributed by RIP Metric The Metric of redistributed routes for the given Source Route Displays Unconfigured when not configured Match List of Routes redistributed when OSPF is selected as Source The list may include one or more of Inter...

Page 267: ... Router ID to specify a 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS To change the Router ID you must first disable OSPF After you set the new Router ID you must re enable OSPF to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID 2 Use Admin Mode to select enable or disable If you select en...

Page 268: ...guration on page 269 Common Area Configuration on page 272 Stub Area Configuration on page 274 NSSA Area Configuration on page 276 Area Range Configuration on page 278 Interface Configuration on page 279 OSPF Interface Statistics on page 284 OSPF Neighbor Table on page 288 Link State Database on page 291 Virtual Link Configuration on page 293 Route Redistribution on page 295 ...

Page 269: ...n external LSA advertising a default route 0 0 0 0 0 0 0 0 2 Always If Default Information Originate is enabled but the Always option is FALSE OSPF will only originate a default route if the router already has a default route in its routing table Set Always to TRUE to force OSPF to originate a default route regardless of whether the router has a default route 3 Use Metric to specify the metric of ...

Page 270: ...efault external LSAs exceeds a configured limit the router enters an overflow state as defined in RFC 1765 In overflow state OSPF cannot originate non default external LSAs If the Exit Overflow Interval is 0 OSPF will not leave overflow state until it is disabled and re enabled The range is 0 to 2 147 483 647 seconds 6 Use SPF DelayTime secs to specify the number of seconds from when OSPF receives...

Page 271: ...nk state database External LSA Checksum The sum of the LS checksums of the external LSAs link state advertisements contained in the link state database This sum can be used to determine if there has been a change in a router s link state database and to compare the link state databases of two routers This value is in hexadecimal AS_OPAQUE LSA Count The number of opaque LSAs with domain wide floodi...

Page 272: ...Configuration The OSPF Common Area Configuration page lets you create a Common Area Configuration once you have enabled OSPF on an interface At least one router must have OSPF enabled for this web page to display To display the Common Area Configuration page click Routing OSPF Advanced Common Area Configuration ...

Page 273: ...pagate external LSAs SPF Runs The number of times that the intra area route table has been calculated using this area s link state database This is typically done using Dijkstra s algorithm Area Border Router Count The total number of area border routers reachable within this area This is initially zero and is calculated in each SPF Pass Area LSA Count The total number of link state advertisements...

Page 274: ...decimal format that uniquely identifies the area to which a router interface connects 2 Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into stub areas 3 Use Default Cost to enter the metric value you want applied for the default route advertised into the stub area Valid values range from 1 to 16 777 215 4 Click ADD to configure the area as a ...

Page 275: ...dvertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state data...

Page 276: ...e True or False Use Metric Value to set the Default Metric value for default information originate The valid range of values is 1 to 16777214 Use Metric Type to select the type of metric specified in the Metric Value field Comparable Cost External Type 1 metrics that are comparable to the OSPF metric Non comparable Cost External Type 2 metrics that are assumed to be larger than the cost of the OSP...

Page 277: ...of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the ...

Page 278: ...ress to enter the IP Address for the address range for the selected area 3 Use Subnet Mask to enter the Subnet Mask for the address range for the selected area 4 Use LSDB Type to select the type of Link Advertisement associated with the specified area and address range The default type is Network Summary 5 Use Advertise to select Enable or Disable If you select Enable the address range will be adv...

Page 279: ...a is to be displayed or configured 2 Use Area ID to enter the 32 bit integer in dotted decimal format that uniquely identifies the OSPF area to which the selected router interface connects If you assign an Area ID which does not exist the area will be created with default values 3 Use Admin Mode to select enable or disable The default value is disable You can configure OSPF parameters without enab...

Page 280: ...be the same for all routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds 7 Use Dead Interval to enter the OSPF dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network Th...

Page 281: ... ID 13 Use Authentication Key to enter the OSPF Authentication Key for the specified interface If you do not choose to use authentication you will not be prompted to enter a key If you choose simple authentication you cannot use a key of more than eight octets If you choose encrypt the key may be up to 16 octets long The key value will only be displayed if you are logged on with Read Write privile...

Page 282: ...p Designated Router for the network by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers att...

Page 283: ...admin mode is enabled Backup Designated Router The identity of the Backup Designated Router for this network in the view of the advertising router The Backup Designated Router is identified here by its router ID Set to 0 0 0 0 if there is no Backup Designated Router Number of Link Events This is the number of times the specified OSPF interface has changed its state Local Link LSAs The number of op...

Page 284: ... Interface Statistics This screen displays statistics for the selected interface The information will be displayed only if OSPF is enabled To display the OSPF Interface Statistics page click Routing OSPF Advanced OSPF Interface Statistics Interface Selects the interface for which data is to be displayed ...

Page 285: ...vents The number of state changes or errors that have occurred on this virtual link Neighbor Events The number of times this neighbor relationship has changed state or an error has occurred External LSA Count The number of external LS type 5 link state advertisements in the link state database Sent packets The number of OSPF packets transmitted on the interface Received packets The number of valid...

Page 286: ...cause the sender is not an existing neighbor or the sender s IP address does not match the previously recorded IP address for that neighbor Invalid OSPF Packet Type The number of OSPF packets discarded because the packet type field in the OSPF header is not a known type Hellos Ignored The number of received Hello packets that were ignored by this router from the new neighbors after the limit has b...

Page 287: ...stics Click CLEAR to clear all the statistics of the OSPF interface LS Updates Received The number of LS updates received on this interface by this router LS Acknowledgements Sent The number of LS acknowledgements sent on this interface by this router LS Acknowledgements Received The number of LS acknowledgements received on this interface by this router Table 33 Field Description ...

Page 288: ...ets are sent as unicasts along this adjacency Also used in router LSAs as the Link ID for the attached network if the neighboring router is selected to be designated router The Neighbor IP address is learned when Hello packets are received from the neighbor For virtual links the Neighbor IP address is learned during the routing table build process Area ID The area ID of the OSPF area associated wi...

Page 289: ...ep in creating an adjacency between the two neighboring routers The goal of this step is to decide which router is the master and to decide upon the initial DD sequence number Neighbor conversations in this state or greater are called adjacencies Exchange In this state the router is describing its entire link state database by sending Database Description packets to the neighbor In this state Link...

Page 290: ...Chapter 4 Routing ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Click REFRESH to show the latest DHCP bindings information Click CLEAR to clear all the neighbors in the table ...

Page 291: ...AS The Router ID is set on the IP Configuration page If you want to change the Router ID you must first disable OSPF After you set the new Router ID you must re enable OSPF to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Area ID The ID of an OSPF area to which one of the router interfaces is connected An Area ID is a 32 bit integer in dotted decim...

Page 292: ...ement Checksum The checksum is used to detect data corruption of an advertisement This corruption can occur while an advertisement is being flooded or while it is being held in a router s memory This field is the checksum of the complete contents of the advertisement except the LS age field Options The Options field in the link state advertisement header indicates which optional capabilities are a...

Page 293: ...a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e g 4 Valid values range from 1 to 2147483647 The default is 40 5 Use Iftransit Delay Interval to enter the OSPF Transit Delay for the specified interface This specifies the esti...

Page 294: ...ce parameters will be set to their initial values All interface timers will be disabled and there will be no adjacencies associated with the interface Waiting The router is trying to determine the identity of the Backup Designated Router by monitoring received Hello Packets The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting stat...

Page 295: ...buted routes This field displays the metric if the source was pre configured and can be modified The valid values are 0 to 16777214 4 Use Metric Type to set the OSPF metric type of redistributed routes 5 Use Tag to set the tag field in routes redistributed This field displays the tag if the source was pre configured otherwise 0 and can be modified The valid values are 0 to 4294967295 6 Use Subnets...

Page 296: ... s destination mask are significant for the filtering operation OSPFv3 OSPFv3 is the Open Shortest Path First routing protocol for IPv6 It is similar to OSPFv2 in its concept of a link state database intra inter area and AS external routes and virtual links It differs from its IPv4 counterpoint in a number of respects including the following peering is done via link local addresses the protocol is...

Page 297: ...able You must configure a Router ID before OSPFv3 can become operational This can also be done by issuing the CLI command router id in the IPv6 router OSPF mode 2 Use Router ID to specify the 32 bit integer in dotted decimal format that uniquely identifies the router within the autonomous system AS If you want to change the Router ID you must first disable OSPFv3 After you set the new Router ID yo...

Page 298: ... Configuration on page 299 Common Area Configuration on page 302 Stub Area Configuration on page 304 NSSA Area Configuration on page 306 Area Range Configuration on page 308 Interface Configuration on page 309 Interface Statistics on page 313 Neighbor Table on page 316 Link State Database on page 318 Virtual Link Configuration on page 321 Route Redistribution on page 323 ...

Page 299: ...ues for Always Metric and Metric Type can only be configured after Default Information Originate is set to enable If Default Information Originate is set to enable and values for Always Metric and Metric Type are already configured then setting Default Information Originate back to disable will set the Always Metric and Metric Type values to default 2 Use Always to set the router advertise when se...

Page 300: ...ate This allows the router to again originate non default AS external LSAs If you enter 0 the router will not leave Overflow State until restarted The range is 0 to 2147483647 seconds 4 Use External LSDB Limit to specify the maximum number of AS External LSAs that can be stored in the database A value of 1 implies there is no limit on the number that can be saved The valid range of values is 1 to ...

Page 301: ...SAs link state advertisements contained in the link state database This sum can be used to determine if there has been a change in a router s link state database and to compare the link state databases of two routers New LSAs Originated In any given OSPFv3 area a router will originate several LSAs Each router originates a router LSA If the router is also the Designated Router for any of the area s...

Page 302: ...figure an OSPFv3 area To display the Common Area Configuration page click Routing OSPFv3 Advanced Common Area Configuration 1 Use Area ID to enter the OSPF area ID An Area ID is a 32 bit integer in dotted decimal format that uniquely identifies the area to which a router interface connects 2 Click ADD to configure the area as a common area 3 Click DELETE to delete the common area ...

Page 303: ...d in each SPF Pass Area LSA Count The total number of link state advertisements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in...

Page 304: ... identifies the area to which a router interface connects 2 Use Import Summary LSAs to select enable or disable If you select enable summary LSAs will be imported into areas Defaults to Enable 3 Use Default Cost to enter the metric value you want applied for the default route advertised into the stub area Valid values range from 1 to 16 777 215 This value is applicable only to Stub areas 4 Click A...

Page 305: ...isements in this area s link state database excluding AS External LSAs Area LSA Checksum The 32 bit unsigned sum of the link state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database ...

Page 306: ... are True or False 5 Use Metric Value to set the Default Metric value for default information originate The valid range of values is 1 to 16777214 6 Use Metric Type to select the type of metric specified in the Metric Value field Comparable Cost External Type 1 metrics that are comparable to the OSPFv3 metric Non comparable Cost External Type 2 metrics that are assumed to be larger than the cost o...

Page 307: ... state advertisements LS checksums contained in this area s link state database This sum excludes external LS type 5 link state advertisements The sum can be used to determine if there has been a change in a router s link state database and to compare the link state database of two routers Translator State Translator State Enabled means that the NSSA router OSPFv3 Area NssA Translator Role has bee...

Page 308: ...figured 2 Use IPv6 Prefix to enter the IPv6 Prefix Prefix Length for the address range for the selected area 3 Use LSDB Type to select the type of Link Advertisement associated with the specified area and address range The default type is Network Summary 4 Use Advertise to select Enable or Disable If you select Enable the address range will be advertised outside the area via a Network Summary LSA ...

Page 309: ... Use Area ID to enter the 32 bit integer in dotted decimal format that uniquely identifies the OSPFv3 area to which the selected router interface connects If you assign an Area ID which does not exist the area will be created with default values 3 Use Admin Mode to select enable or disable The default value is disable You can configure OSPFv3 parameters without enabling OSPFv3 Admin Mode but they ...

Page 310: ...l routers attached to a network Valid values range from 1 to 65 535 The default is 10 seconds 7 Use Dead Interval to enter the OSPFv3 dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should ...

Page 311: ...s The router is not allowed to elect a Backup Designated Router or a Designated Router until it transitions out of Waiting state This prevents unnecessary changes of Backup Designated Router Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for t...

Page 312: ...the advertising router The Backup Designated Router is identified here by its router ID Set to 0 0 0 0 if there is no Backup Designated Router This field is only displayed if the OSPFv3 admin mode is enabled Number of Link Events This is the number of times the specified OSPFv3 interface has changed its state This field is only displayed if the OSPFv3 admin mode is enabled Table 41 Field Descripti...

Page 313: ...terface Statistics This screen displays statistics for the selected interface The information will be displayed only if OSPFv3 is enabled To display the Interface Statistics page click Routing OSPFv3 Advanced Interface Statistics 1 Use Interface to select the interface for which data is to be displayed ...

Page 314: ... OSPFv3 interface has changed its state or an error has occurred Virtual Events The number of state changes or errors that have occurred on this virtual link Neighbor Events The number of times this neighbor relationship has changed state or an error has occurred External LSA Count The number of external LS type 5 link state advertisements in the link state database Sent packets The number of OSPF...

Page 315: ...ored by this router from the new neighbors after the limit has been reached for the number of neighbors on an interface or on the system as a whole Hellos Sent The number of Hello packets sent on this interface by this router Hellos Received The number of Hello packets received on this interface by this router DD Packets Sent The number of Database Description packets sent on this interface by thi...

Page 316: ...ration Manual Neighbor Table This screen shows the OSPFv3 Neighbor Table This information is displayed only if OSPFv3 is enabled and there exists at least on OSPFv3 enabled interface having a valid neighbor To display the Neighbor Table page click Routing OSPFv3 Advanced Neighbor Table ...

Page 317: ...ghbor is not eligible to become the designated router on this particular network State State of the relationship with this neighbor Dead Time Number of seconds since last Hello was received from Adjacent Neighbors Set to 0 for neighbors in a state less than or equal to Init Events The number of times this neighbor relationship has changed state or an error has occurred Retransmission Queue Length ...

Page 318: ...format that uniquely identifies the router within the autonomous system AS The Router ID is set on the OSPFv3 Configuration page If you want to change the Router ID you must first disable OSPFv3 After you set the new Router ID you must re enable OSPFv3 to have the change take effect The default value is 0 0 0 0 although this is not a valid Router ID Area ID The ID of an OSPFv3 area to which one of...

Page 319: ...o routers attached to the link and also inform them of a list of IPv6 prefixes to associate with the link Intra Area Prefix LSA A link s designated router originates one or more intra areaprefix lsas to advertise the link s prefixes throughout the area A router may originate multiple intra area prefix lsas for a given area to advertise its own prefixes and those of its attached stub links LS ID Th...

Page 320: ...ilities are associated with the advertisement The options are Q This enables support for QoS Traffic Engineering E This describes the way AS external LSAs are flooded MC This describes the way IP multicast datagrams are forwarded according to the standard specifications O This describes whether Opaque LSAs are supported V This describes whether OSPF extensions for VPN COS are supported Router Opti...

Page 321: ...t is 10 seconds 4 Use Dead Interval to specify the OSPFv3 dead interval for the specified interface in seconds This specifies how long a router will wait to see a neighbor router s Hello packets before declaring that the router is down This parameter must be the same for all routers attached to a network This value should a multiple of the Hello Interval e g 4 Valid values range from 1 to 65535 Th...

Page 322: ...conds Designated Router This router is itself the Designated Router on the attached network Adjacencies are established to all other routers attached to the network The router must also originate a network LSA for the network node The network LSA will contain links to all routers including the Designated Router itself attached to the network Backup Designated Router This router is itself the Backu...

Page 323: ...l Use Metric to set the metric value to be used as the metric of redistributed routes This field displays the metric if the source was pre configured and can be modified The valid values are 0 to 16777214 Use Metric Type to set the OSPFv3 metric type of redistributed routes Use Tag to set the tag field in routes redistributed This field displays the tag if the source was pre configured else a defa...

Page 324: ...tion Manual Router Discovery Configuration on page 324 Router Discovery Configuration Use the Router Discovery Configuration page to enter or change Router Discovery parameters To display the Router Discovery Configuration page click Routing Router Discovery Router Discovery Configuration ...

Page 325: ...subnet Higher numbered addresses are preferred You must enter an integer VRRP The Virtual Router Redundancy protocol is designed to handle default router failures by providing a scheme to dynamically elect a backup router The driving force was to minimize black hole periods due to the failure of the default gateway router during which all traffic directed towards it is lost until the failure is de...

Page 326: ...326 Chapter 4 Routing ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 327: ...55 when the Virtual and interface IP Addresses are not the same the priority gets set to the default value of 100 5 Use Advertisement Interval to enter the time in seconds between the transmission of advertisement packets by this virtual router Enter a number between 1 and 255 The default value is 1 second 6 Use Primary IP Address to enter the IP Address associated with the Virtual Router The defa...

Page 328: ...e owner of the Virtual IP Address and will always win an election for master router when it is active VMAC Address The virtual MAC Address associated with the Virtual Router composed of a 24 bit organizationally unique identifier the 16 bit constant identifying the VRRP address block and the 8 bit VRID State The current state of the Virtual Router State Initialize Master Backup 328 Chapter 4 Routi...

Page 329: ...D in the range 1 to 255 3 Use Interface to select the Unit Slot Port for the new Virtual Router from the pull down menu 4 Use Pre empt Mode to select enable or disable If you select enable a backup router will preempt the master router if it has a priority greater than the master virtual router s priority provided the master is not the owner of the virtual router IP address The default is enable 5...

Page 330: ...11 Click ADD to add a new Virtual Router to the switch configuration 12 Click DELETE to delete the selected Virtual Router Note that the router can not be deleted if there are secondary addresses configured Table 47 Field Description Interface IP Address Indicates the IP Address associated with the selected interface Owner Set to True if the Virtual IP Address and the Interface IP Address are the ...

Page 331: ... 2 Use Secondary IP Address to enter the IP address for the interface This address must be a member of one of the subnets currently configured on the interface This value is read only once configured 3 Click ADD to add a new secondary IP address to the selected VRRP interface 4 Click DELETE to delete the selected secondary IP address Table 48 Field Description Virtual Router ID The Virtual Router ...

Page 332: ... and interface configuration Exception loopback and tunnels could not be tracked 3 Use Tracked Interface Priority Decrement to specify the priority decrement for the tracked interface The valid range is 1 254 default value is 10 4 Use Tracked Route Prefix to specify the Prefix of the route 5 Use Tracked Route Prefix Length to specify the prefix length of the route 6 Use Tracked Route Priority Decr...

Page 333: ...e VRID for the selected Virtual Router Interface The Unit Slot Port for the selected Virtual Router Up Time The time in days hours minutes and seconds that has elapsed since the virtual router transitioned to the initialized state State Transitioned to Master The total number of times that this virtual router s state has transitioned to Master Advertisement Received The total number of VRRP advert...

Page 334: ...rity of 0 Zero Priority Packets Sent The total number of VRRP packets sent by the virtual router with a priority of 0 Invalid Type Packets Received The number of VRRP packets received by the virtual router with an invalid value in the type field Address List Errors The total number of packets received for which the address list does not match the locally configured list for the virtual router Inva...

Page 335: ...Group IP to fully identify a single route whose Mroute table entry Group IP The destination group IP address Incoming Interface The incoming interface on which multicast packets for this source group arrive Outgoing Interface s The list of outgoing interfaces on which multicast packets for this source group are forwarded Up Time hh mm ss The time in seconds since the entry was created Expiry Time ...

Page 336: ...e multicast forwarding module Table Maximum Entry Count The maximum number of entries in the IP Multicast routing table Protocol The multicast routing protocol presently activated on the router if any Table Entry Count The number of multicast route entries currently present in the Multicast route table Protocol The multicast routing protocol which created this entry The possibilities are PIM DM PI...

Page 337: ... Configuration 1 Interface The routing interface you want to configure or displayed 2 Use TTL Threshold to enter the TTL threshold below which a multicast data packet will not be forwarded from the selected interface You should enter a number between 0 and 255 If you enter 0 all multicast packets for the selected interface will be forwarded You must configure at least one router interface before y...

Page 338: ... on page 344 DVMRP Route on page 345 DVMRP Global Configuration To display the Global Configuration page click Routing Multicast DVMRP Global Configuration 1 Use Admin Mode to set the administrative status of DVMRP to active or inactive The default is disable Table 53 Field Description Version The current value of the DVMRP version string Total Number of Routes The number of routes in the DVMRP ro...

Page 339: ...on 1 Use Interface to select the interface for which data is to be configured 2 Use Interface Mode to set the administrative mode of the selected DVMRP routing interface 3 Use Interface Metric to enter the DVMRP metric for the selected interface This value is sent in DVMRP messages as the cost to reach this network Valid values are from 1 to 31 The default value is 1 4 Click REFRESH to show the la...

Page 340: ...alue is reset every time an interface is re started and is placed in prune messages A change in generation ID informs the neighbor routers that any previous information about this router should be discarded Received Bad Packets The number of invalid packets received on the selected interface Received Bad Routes The number of invalid routes received on the selected interface Sent Routes The number ...

Page 341: ...anual DVMRP Neighbor To display the DVMRP Neighbor page click Routing Multicast DVMRP DVMRP Neighbor 1 Interface Select the interface for which data is to be displayed or all interfaces will be displayed 2 Use Neighbor IP to specify the IP address of the neighbor whose information is displayed ...

Page 342: ...eighbor on the selected interface Major Version The DVMRP Major Version for the specified neighbor on the selected interface Minor Version The DVMRP Minor Version for the specified neighbor on the selected interface Capabilities The DVMRP capabilities of the specified neighbor on the selected interface Received Routes The number of routes received for the specified neighbor on the selected interfa...

Page 343: ...t Hop Table 56 Field Description Source IP The IP address used with the source mask to identify the source network for this table entry Source Mask The network mask used with the source IP address Next Hop Interface The outgoing interface for this next hop Type The next hop type Leaf means that no downstream dependent neighbors exist on the outgoing interface Otherwise the type is branch ...

Page 344: ... source or source network which has been pruned Source Mask The subnet mask to be combined with the source IP address to identify the source or source network which has been pruned Expiry Time The amount of time remaining before this prune should expire at the upstream neighbor If no prune messages have been received from downstream neighbors this is set to value of the default prune lifetime time...

Page 345: ...e source address to identify the sources for this entry Upstream Neighbor The address of the upstream neighbor e g RPF neighbor from which IP datagrams from these sources are received Interface The interface on which IP datagrams sent by these sources are received A value of 0 typically means the route is an aggregate for which no next hop interface exists Metric The distance in hops to the source...

Page 346: ...uting Interface Statistics on page 349 IGMP Groups on page 351 IGMP Membership on page 353 IGMP Proxy Interface Configuration on page 354 IGMP Proxy Interface Statistics on page 356 IGMP Proxy Membership on page 357 IGMP Global Configuration To display the IGMP Global Configuration page click Routing Multicast IGMP Global Configuration 1 Use Admin Mode to set the administrative status of IGMP in t...

Page 347: ...afe Gigabit L3 Managed Stackable Switches Software Administration Manual IGMP Routing Interface Configuration To display the IGMP Routing Interface Configuration page click Routing Multicast IGMP Routing Interface Configuration ...

Page 348: ...erface Valid values are from 1 to 1800 The default value is 125 6 Use Query Max Response Time to enter the maximum query response time to be advertised in IGMPv2 queries on this interface in tenths of a second The default value is 100 Valid values are from 0 to 255 7 Use Startup Query Interval to enter the number of seconds between the transmission of startup queries on the selected interface The ...

Page 349: ... ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual IGMP Routing Interface Statistics To display the IGMP Routing Interface Statistics page click Routing Multicast IGMP Routing Interface Statistics ...

Page 350: ...ived The number of queries that have been received on the selected interface with an IGMP version that does not match the IGMP version configured for the interface over the lifetime of the entry IGMP requires that all routers on a LAN be configured to run the same version of IGMP Therefore a configuration error is indicated if any queries are received with the wrong version number Number of Joins ...

Page 351: ...Chapter 4 Routing 351 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual IGMP Groups To display the IGMP Groups page click Routing Multicast IGMP IGMP Groups ...

Page 352: ...he selected interface This field is displayed only if the interface is configured for IGMP version 1 Version 2 Host Timer The time remaining until the local router will assume that there are no longer any IGMP version 2 members on the IP subnet attached to this interface When an IGMPv2 membership report is received this timer is reset to the group membership timer While this timer is non zero the ...

Page 353: ...lity Mode This parameter shows group compatibility mode v1 v2 and v3 for this group on the specified interface Source Filter Mode The source filter mode Include Exclude NA for the specified group on this interface Source Hosts This parameter shows source addresses which are members of this multicast address Expiry Time This parameter shows expiry time interval against each source address which are...

Page 354: ... Use Admin Mode to set the administrative status of IGMP Proxy on the selected interface The default is disable Routing IGMP and Multicast global admin modes should be enabled to enable IGMP Proxy interface mode 3 Use Version to enter the version of IGMP you want to configure on the selected interface Valid values are 1 to 3 and the default value is 3 This field is configurable only when IGMP Prox...

Page 355: ...older IGMP version 1 querier timeout value in seconds The Older Version Querier Interval is the time out for transitioning a host back to IGMPv3 mode once an older version query is heard When an older version query is received hosts set their Older Version Querier Present Timer to Older Version Querier Interval Version 2 Querier Timeout The older IGMP version 2 querier timeout value in seconds Pro...

Page 356: ...scription Interface Displays the interface on which IGMP packets received Version The version of IGMP packets received Queries Received The number of IGMP queries received Report Received The number of IGMP reports received Reports Sent The number of IGMP reports sent Leaves Received The number of IGMP leaves received Leaves Sent The number of IGMP leaves sent Click REFRESH to refresh the data on ...

Page 357: ...pter 4 Routing 357 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual IGMP Proxy Membership To display the IGMP Proxy Membership page click Routing Multicast IGMP Proxy Membership ...

Page 358: ... after which the specified source entry is aged out State The state of the host entry A Host can be in one of the state Non member state does not belong to the group on the interface Delaying member state host belongs to the group on the interface and report timer running The report timer is used to send out the reports Idle member state host belongs to the group on the interface and no report tim...

Page 359: ...llowing pages PIM DM Global Configuration on page 359 PIM DM Interface Configuration on page 360 PIM DM Neighbor on page 361 PIM DM Global Configuration To display the PIM DM Global Configuration page click Routing Multicast PIM DM Global Configuration 1 Use Admin Mode to set the administrative status of PIM DM in the router The default is disable ...

Page 360: ...Use Admin Mode to set the administrative status of PIM DM for the selected interface The default is disable 3 Use Hello Interval to enter the number of seconds between PIM hello messages transmitted from the selected interface The default value is 30 Valid values are from 10 to 3600 Table 65 Field Description Protocol State The operational state of the PIM DM protocol on this interface IP Address ...

Page 361: ...eld Description Interface The physical interface on which PIM DM is enabled Neighbor IP The IP address of the PIM neighbor for which this entry contains information Up Time The time since this PIM neighbor last became a neighbor of the local router Expiry Time The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with latest PIM DM nei...

Page 362: ...M Global Configuration To display the PIM SM Global Configuration page click Routing Multicast PIM SM Global Configuration 1 Use Admin Mode to set the administrative status of PIM SM in the router The default is disable 2 Use Data Threshold Rate kbps to enter the rate in K bits second above which the last hop router will switch to a source specific shortest path tree The valid values are from 0 to...

Page 363: ...irectly connected LANs The SSM service model can be implemented with a strict subset of the PIM SM protocol mechanisms Both regular IP Multicast and SSM semantics can coexist on a single router and both can be implemented using the PIM SM protocol A range of multicast addresses currently 232 0 0 0 8 in IPv4 is reserved for SSM To display the PIM SSM Configuration page click Routing Multicast PIM S...

Page 364: ...ting ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual PIM SM Interface Configuration To display the PIM SM Interface Configuration page click Routing Multicast PIM SM Interface Configuration ...

Page 365: ...Interval secs to enter the frequency at which PIM Join Prune messages are transmitted on this PIM interface The valid values are from 0 to 18000 The default value is 60 5 Use BSR Border to set BSR border status on the selected interface 6 Use DR Priority to enter the DR priority for the selected interface The valid values are from 0 to 2147483647 The default value is 1 Table 67 Field Description P...

Page 366: ...Table 68 Field Description Interface The interface on which neighbor is displayed Neighbor IP The IP address of the PIM neighbor for this entry Up Time The time since this PIM neighbor last became a neighbor of the local router Expiry Time The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with the latest PIM SM neighbor information...

Page 367: ...ate RP Configuration 1 Use Interface to select the interface for which data is to be displayed 2 Use Group Address to specify the group address transmitted in Candidate RP Advertisements 3 Use Group Mask to specify the group address mask transmitted in Candidate RP Advertisements 4 Click ADD to add a new Candidate RP Address for the PIM SM router 5 Click DELETE to delete an extant Candidate RP Add...

Page 368: ...sed in bootstrap messages This hash mask length will be used in the hash algorithm for selecting the RP for a particular group The valid values are from 0 to 32 Default value is 30 4 Click DELETE to delete the RP address selected 5 Click REFRESH to refresh the data on the screen with the latest PIM SM neighbor information Table 69 Field Description IP Address Displays the IP address of the Elected...

Page 369: ...c RP Configuration 1 Use RP Address to specify the IP Address of the RP to be created or deleted 2 Use Group Address to specify the Group Address of the RP to be created or deleted 3 Use Group Mask to specify the Group Mask of the RP to be created or deleted 4 Use Override to indicate that if there is a conflict the RP configured with this option prevails over the RP learned by BSR 5 Click ADD to ...

Page 370: ...ed to the Source IP address 3 Use RPF Neighbor to enter the IP address of the neighbor router on the path to the source 4 Use Metric to enter the link state cost of the path to the multicast source The range is 0 255 and the default is one You can change the metric for a configured route by selecting the static route and editing this field 5 Use RPF Interface to select the interface number This is...

Page 371: ...nfigured 2 Use Group IP to enter the multicast group address for the start of the range of addresses to be excluded The address must be in the range of 239 0 0 0 through 239 255 255 255 3 Use Group Mask to enter the mask to be applied to the multicast group address The combination of the mask and the Group IP gives the range of administratively scoped addresses for the selected interface 4 Click A...

Page 372: ...Safe Gigabit L3 Managed Stackable Switches Software Administration Manual Mroute Table This screen displays contents of the Mroute Table in tabular form To display the Mroute Table page click Routing IPv6 Multicast Mroute Table ...

Page 373: ...re forwarded Up Time hh mm ss The time in seconds since the entry was created Expiry Time hh mm ss The time in seconds before this entry will age out and be removed from the table RPF Neighbor The IP address of the Reverse Path Forwarding neighbor Protocol The multicast routing protocol which created this entry The possibilities are PIM DM PIM SM Flags The value displayed in this field is valid if...

Page 374: ...llowing pages PIM DM Global Configuration on page 374 PIM DM Interface Configuration on page 375 PIM DM Neighbor on page 376 PIM DM Global Configuration To display the IPv6 PIM DM Global Configuration page click Routing IPv6 Multicast PIM DM Global Configuration 1 Use Admin Mode to set the administrative status of PIM DM in the router The default is disable ...

Page 375: ...ode to set the administrative status of PIM DM for the selected interface The default is disable 3 Use Hello Interval to enter the number of seconds between PIM hello messages transmitted from the selected interface The default value is 30 Valid values are from 10 to 3600 Table 71 Field Description Protocol State The operational state of the PIM DM protocol on this interface IPv6 Prefix Length The...

Page 376: ...eld Description Interface The physical interface on which PIM DM is enabled Neighbor IP The IP address of the PIM neighbor for which this entry contains information Up Time The time since this PIM neighbor last became a neighbor of the local router Expiry Time The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with the latest PIM DM...

Page 377: ... SM Global Configuration To display the IPv6 PIM SM Global Configuration page click Routing IPv6 Multicast PIM SM Global Configuration 1 Use Admin Mode to set the administrative status of PIM SM in the router The default is disable 2 Use Data Threshold Rate kbps to enter the rate in K bits second above which the last hop router will switch to a source specific shortest path tree The valid values a...

Page 378: ... with a strict subset of the PIM SM protocol mechanisms Both regular IP Multicast and SSM semantics can coexist on a single router and both can be implemented using the PIM SM protocol A range of multicast addresses currently FF3x 96 in IPv6 is reserved for SSM To display the PIM SSM Configuration page click Routing IPv6 Multicast PIM SM SSM Configuration 1 Use SSM Group Address to enter the sourc...

Page 379: ...ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual PIM SM Interface Configuration To display the IPv6 PIM SM Interface Configuration page click Routing IPv6 Multicast PIM SM Interface Configuration ...

Page 380: ... to enter the frequency at which PIM Join Prune messages are transmitted on this PIM interface The valid values are from 0 to 18000 The default value is 60 5 Use BSR Border to set BSR border status on the selected interface 6 Use DR Priority to enter the DR priority for the selected interface The valid values are from 0 to 2147483647 The default value is 1 Table 73 Field Description Protocol State...

Page 381: ...ighbor Table 74 Field Description Interface The interface on which neighbor is displayed Neighbor IP The IP address of the PIM neighbor for this entry Up Time The time since this PIM neighbor last became a neighbor of the local router Expiry Time The minimum time remaining before this PIM neighbor will be aged out Click REFRESH to refresh the data on the screen with latest PIM SM neighbor informat...

Page 382: ... Configuration 1 Use Interface to select the interface for which data is to be displayed 2 Use Group Address to specify the group IPv6 address prefix transmitted in Candidate RP Advertisements 3 Use Prefix Length to specify the group IPv6 Prefix Length transmitted in Candidate RP Advertisements 4 Click ADD to add a new Candidate RP Address for the PIM SM router 5 Click DELETE to delete an extant C...

Page 383: ...BSR 3 Use Hash Mask Length to enter the C BSR hash mask length to be advertised in bootstrap messages This hash mask length will be used in the hash algorithm for selecting the RP for a particular group The valid values are from 0 to 128 Default value is 126 Table 75 Field Description IP Address Displays the IP address of the Elected BSR Next bootstrap Message Time in hours minutes and seconds in ...

Page 384: ... Configuration 1 Use RP Address to specify the IP Address of the RP to be created or deleted 2 Use Group Address to specify the Group Address of the RP to be created or deleted 3 Use Prefix Length to specify the Group IPv6 Prefix Length of the RP to be created or deleted 4 Use Override to indicate that if there is a conflict the RP configured with this option prevails over the RP learned by BSR 5 ...

Page 385: ...outing Interface Statistics on page 388 MLD Groups on page 389 MLD Traffic on page 390 MLD Proxy Interface Configuration on page 392 MLD Proxy Interface Statistics on page 394 MLD Proxy Membership on page 395 MLD Global Configuration To display the MLD Global Configuration page click Routing IPv6 Multicast MLD Global Configuration 1 Use Admin Mode to set the administrative status of MLD in the rou...

Page 386: ...fe Gigabit L3 Managed Stackable Switches Software Administration Manual MLD Routing Interface Configuration To display the MLD Routing Interface Configuration page click Routing IPv6 Multicast MLD Routing Interface Configuration ...

Page 387: ...is variable allows tuning for the expected packet loss on a subnet If a subnet is expected to be lossy the robustness variable may be increased MLD is robust to robustness variable 1 packet losses 7 Use Startup Query Interval to specify the value that indicates the configured interval in seconds between General Queries sent by a Querier on startup 8 Use Startup Query Count to specify the value tha...

Page 388: ...IP The address of the MLD querier on the IP subnet to which the selected interface is attached Querier Up Time The time in seconds since the MLD interface querier was last changed Querier Expiry Time The time in seconds remaining before the other querier present timer expires If the local system is the querier this will be zero Wrong Version Queries Received Indicates the number of queries receive...

Page 389: ...he source of the last membership report received for this multicast group address on the interface Up Time Time elapsed in seconds since the multicast group has been known Expiry Time Time left in seconds before the entry is removed from the MLD membership table of this interface Filter Mode The filter mode of the multicast group on this interface The values it can take are INCLUDE and EXCLUDE Ver...

Page 390: ...val against each source address which are members of this multicast group This is the amount of time after which the specified source entry is aged out Table 79 Field Description Valid MLD Packets Received The number of valid MLD packets received by the router Valid MLD Packets Sent The number of valid MLD packets sent by the router Queries Received The number of valid MLD queries received by the ...

Page 391: ...ation Manual Click REFRESH to refresh the data on the screen with the latest MLD traffic Click CLEAR to clear all the MLD traffic Leaves Received The number of valid MLD leaves received by the router Leaves Sent The number of valid MLD leaves sent by the router Table 79 Field Description ...

Page 392: ...e The default is disable Routing MLD and Multicast global admin modes should be enabled to enable MLD Proxy interface mode 3 Use Version to enter the version of MLD you want to configure on the selected interface Valid values are 1 to 2 and the default value is 3 This field is configurable only when MLD Proxy interface mode is enabled 4 Use Unsolicited Report Interval to enter the unsolicited time...

Page 393: ...he cache table Version 1 Querier Timeout The older MLD version 1 querier timeout value in seconds The Older Version Querier Interval is the time out for transitioning a host back to MLDv2 mode once an older version query is heard When an older version query is received hosts set their Older Version Querier Present Timer to Older Version Querier Interval Proxy Start Frequency The number of times th...

Page 394: ...erface Displays the interface on which MLD Proxy packets received Version The version of MLD Proxy packets received Queries Received The number of MLD Proxy queries received Report Received The number of MLD Proxy reports received Reports Sent The number of MLD Proxy reports sent Leaves Received The number of MLD Proxy leaves received Leaves Sent The number of MLD Proxy leaves sent Click REFRESH t...

Page 395: ...ter 4 Routing 395 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual MLD Proxy Membership To display the MLD Proxy Membership page click Routing IPv6 Multicast MLD Proxy Membership ...

Page 396: ...is aged out State The state of the host entry A Host can be in one of the state Non member state does not belong to the group on the interface Delaying member state host belongs to the group on the interface and report timer running The report timer is used to send out the reports Idle member state host belongs to the group on the interface and no report timer running Filter Mode The group filter ...

Page 397: ...he Source IPv6 address 3 Use RPF Neighbor to enter the IP address of the neighbor router on the path to the source 4 Use Metric to enter the link state cost of the path to the multicast source The range is 0 255 and the default is 1 You can change the metric for a configured route by selecting the static route and editing this field 5 Use RPF Interface to select the interface number from the drop ...

Page 398: ...et dropped by the switch QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable The presence of at least one node whi...

Page 399: ... Manual From the Class of Service link under the QoS tab you can access the following pages Basic on page 399 Advanced on page 401 Basic From the Basic link you can access the following pages CoS Configuration on page 399 CoS Configuration To display the CoS Configuration page click QoS CoS Basic CoS Configuration ...

Page 400: ...rt default priority value instead All packets arriving at the ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress port s in accordance with the configured default priority of the ingress port This process is also used for cases where a trusted port mapping is unable to be honored such as when a non IP packet arrives at a port configured to trust the IP DSCP ...

Page 401: ...e click QoS CoS Advanced CoS Configuration 1 Use Global to specify all CoS configurable interfaces The option Global represents the most recent global configuration settings 2 Use Interface to specify CoS configuration settings based per interface 3 Use Global Trust Mode to specify whether to trust a particular packet marking at ingress Global Trust Mode can only be one of the following Default va...

Page 402: ... 802 1p Priority row contains traffic class selectors for each of the eight 802 1p priorities to be mapped The priority goes from low 0 to high 3 For example traffic with a priority of 0 is for most data traffic and is sent using best effort Traffic with a higher priority such as 3 might be time sensitive traffic such as voice or video The values in each drop down menu represent the traffic class ...

Page 403: ...To map DSCP values to queues 1 Use Interface to specify CoS configuration settings based per interface or specify all CoS configurable interfaces 2 The IP DSCP field displays an IP DSCP value from 0 to 63 3 For each DSCP value specify which internal traffic class to map the corresponding IP DSCP value The queue number depends on specific hardware 4 Click Cancel to cancel the configuration on the s...

Page 404: ...itches Software Administration Manual CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface To display the CoS Interface Configuration page click QoS CoS Advanced CoS Interface Configuration ...

Page 405: ...st dot1p trust ip dscp 3 Use Interface Shaping Rate to specify the maximum bandwidth allowed typically used to shape the outbound transmission rate This value is controlled independently of any per queue maximum bandwidth configuration It is effectively a second level shaping mechanism Default value is 0 Valid Range is 0 to 100 in increments of 1 The value 0 means maximum is unlimited 4 Click CANC...

Page 406: ...ount of bandwidth used by the queue the queue depth during times of congestion and the scheduling of packet transmission from the set of all queues on a port Each port has its own CoS queue related configuration The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration change is automatically applied to all ports in th...

Page 407: ...on a queue first 3 Queue Management Type displays the Queue depth management technique used for queues on this interface This is only used if device supports independent settings per queue Queue Management Type can only be taildrop All packets on a queue are safe until congestion occurs At this point any additional packets queued are dropped 4 Click Cancel to cancel the configuration on the screen...

Page 408: ...butes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the actions taken depend on which class matches the packet Packet processing begins by testing the class match criteria for a packet A policy is applied to a packet when a class match within that policy is found The Diff...

Page 409: ... criteria to HTTP destination port FTP sets match criteria to FTP destination port Telnet sets match criteria to Telnet destination port Every sets match criteria all traffic Create a Diffserv Policy and add it to the DiffServ Class created If Policing is set to YES then DiffServ Policy style is set to Simple Traffic which conforms to the Class Match criteria will be processed according to the Out...

Page 410: ... to the DiffServ Policy The policing rate will be applied 4 Committed Rate When Policing is enabled the committed rate will be applied to the policy and the policing action is set to conform When Policing is disabled the committed rate is not applied and the policy is set to markdscp 5 Outbound Priority When Policing is enabled Outbound Priority defines the type of policing conform action where Hi...

Page 411: ...isplay the Auto VoIP Configuration page click QoS DiffServ Auto VoIP 1 Interface Specifies the Auto VoIP configurable interfaces 2 Use Auto VoIP Mode to enable or disable the Auto VoIP mode Auto VoIP Mode can only be one of the following Enable Disable Default Table 5 74 Field Description Traffic Class Displays the Traffic Class used for VoIP traffic ...

Page 412: ...e configuration process begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class The any class type option defines ...

Page 413: ...d on the switch Policy table Displays the number of configured policies out of the total allowed on the switch Policy Instance table Displays the number of configured policy class instances out of the total allowed on the switch Policy Attributes table Displays the number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Service table Dis...

Page 414: ...tes that are applied when a match occurs The configuration process begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match th...

Page 415: ...n the Status table on the DiffServ Configuration page Table 5 76 Field Description Class table Displays the number of configured DiffServ classes out of the total allowed on the switch Class Rule table Displays the number of configured class rules out of the total allowed on the switch Policy table Displays the number of configured policies out of the total allowed on the switch Policy Instance ta...

Page 416: ...pe and click Add This field also lists all the existing DiffServ class names from which one can be selected The switch supports only the Class Type value All which means all the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the match criteria Only when a new class is created this field is a selector field After class creati...

Page 417: ...afe Gigabit L3 Managed Stackable Switches Software Administration Manual To configure the class match criteria 1 Click the class name for an existing class The class name is a hyperlink The following figure shows the configuration fields for the class ...

Page 418: ... content Destination MAC Address This is the destination MAC address specified as six two digit hexadecimal numbers separated by colons Destination MAC Mask This is a bit mask in the same format as MAC Address indicating which part s of the destination MAC Address to use for matching against packet content Protocol Type This lists the keywords for the layer 4 protocols from which one can be select...

Page 419: ...he IP ToS field ToS Bits This is the Type of Service octet value in the range 00 to ff to compare against ToS Mask This indicates which ToS bits are subject to comparison against the Service Type value 5 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 6 Click APPLY to send the updated configuration to the switch Configuration c...

Page 420: ...sensitive alphanumeric string from 1 to 31 characters 2 Member Class This lists all existing DiffServ classes currently defined as members of the specified Policy from which one can be selected This list is automatically updated as a new class is added to or removed from the policy This field is a selector field only when an existing policy class instance is to be removed After removal of the poli...

Page 421: ...21 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual To configure the policy attributes 1 Click the name of the policy The policy name is a hyperlink The following figure shows the configuration fields for the policy ...

Page 422: ...r more color classes that are valid for use with this policy instance A valid color class contains a single non excluded match criterion for one of the following fields provided the field does not conflict with the classifier of the policy instance itself CoS IP DSCP IP Precedence Committed Rate This value is specified in the range 1 to 4294967295 kilobits per second Kbps Committed Burst Size This...

Page 423: ... element This selection requires that the Mark IP Precedence value field be set 5 Click Cancel to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 6 If you change any of the settings on the page click Apply to send the updated configuration to the switch Configuration changes take effect immediately Table 5 77 Field Description Policy Name D...

Page 424: ...figure DiffServ policy settings on an interface 1 Use Interface to select the interface on which you will configure the DiffServer service 2 Policy Name Lists all the policy names from which one can be selected This field is not shown for Read Write users where inbound service policy attachment is not supported by the platform Table 5 78 Field Description Direction Shows that the traffic direction...

Page 425: ...s drop down list is populated on the basis of the specified interface and direction and hence the attached policy if any Highlighting a member class name displays the statistical information for the policy class instance for the specified interface and direction To display the Service Statistics page click QoS DiffServ Advanced Service Statistics Counter Mode Selector specifies the format of the d...

Page 426: ...d Policy Name Choose one member class name at a time to display its statistics If no class is associated with the chosen policy then nothing will be populated in the list Offered Packets Octets A count of the total number of packets octets offered to all class instances in this service policy before their defined DiffServ treatment is applied This is the overall count per interface per direction D...

Page 427: ...ol Lists on page 524 Management Security Settings From the Management Security Settings page you can configure the login password Remote Authorization Dial In User Service RADIUS settings Terminal Access Controller Access Control System TACACS settings and authentication lists To display the page click the Security Management Security tab The Management Security folder contains links to the follow...

Page 428: ...Write privileges guest with Read Only privileges By default both of these accounts have blank passwords The names are not case sensitive If you logon with a user account with Read Write privileges i e as admin you can use the User Accounts screen to assign passwords and set security parameters for the default accounts and to add and delete accounts other than admin up to the maximum of six Only a ...

Page 429: ...e Password to enter the optional new or changed password for the account It will not display as it is typed only asterisks will show Passwords are up to eight alpha numeric characters in length and are case sensitive 4 Use Confirm Password to enter the password again to confirm that you entered it correctly This field will not display but will show asterisks 5 Access Mode indicates the user s acce...

Page 430: ...lid in days from the time the password is set Once a password expires the user will be required to enter a new password following the first login after password expiration A value of 0 indicates that passwords never expire 3 Use Password History to specify the number of previous passwords to store for prevention of password reuse This ensures that each user does not reuse passwords often A value o...

Page 431: ...leged EXEC password Passwords are a maximum of 64 alphanumeric characters The password is case sensitive To display the Enable Password Configuration page click Security Management Security Enable Password 1 Use Password to specify a password Passwords are a maximum of 64 alphanumeric characters 2 Use Confirm Password to enter the password again to confirm that you entered it correctly ...

Page 432: ...of 64 alphanumeric characters 4 Use Confirm Telnet Password to enter the password again to confirm that you entered it correctly The Encrypted option allows the administrator to transfer the privileged EXEC password between devices without having to know the password The Password field must be exactly 128 hexidecimal characters 5 Use SSH Password to enter the SSH password Passwords are a maximum o...

Page 433: ...ollowing features Global Configuration on page 433 RADIUS Server Configuration on page 435 Accounting Server Configuration on page 438 Global Configuration Use the RADIUS Configuration page to add information about one or more RADIUS servers on the network To access the RADIUS Configuration page click Security Management Security RADIUS Radius Configuration The Current Server IP Address field is b...

Page 434: ... seconds for request retransmissions The valid range is 1 30 Consideration to maximum delay time should be given when configuring RADIUS maxretransmit and RADIUS time out If multiple RADIUS servers are configured the max retransmit value on each will be exhausted before the next server is attempted A retransmit will not occur until the configured time out value on that server has passed without a ...

Page 435: ...he valid range is 0 65535 Secret Configured The Secret will only be applied if this option is yes If the option is no anything entered in the Secret field will have no affect and will not be retained Use Secret to specify the shared secret for this server Use Primary Server to set the selected server to the Primary or Secondary server Use Message Authenticator to enable or disable the message auth...

Page 436: ...S Access Request packets retransmitted to this server Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets that were received from this server Access Rejects The number of RADIUS Access Reject packets including both valid and invalid packets that were received from this server Access Challenges The number of RADIUS Access Challenge packets including bo...

Page 437: ...istration Manual Unknown Types The number of RADIUS packets of unknown type which were received from this server on the authentication port Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason Table 6 83 Field Description ...

Page 438: ...ing Server Name field enter the Name of the accounting server to add 3 In the Port field specify the UDP port number the server uses to verify the RADIUS accounting server authentication The valid range is 0 65535 If the user has READONLY access the value is displayed but cannot be changed 4 From the Secret Configured menu select Yes to add a RADIUS secret in the next field You must select Yes bef...

Page 439: ...erver Accounting Responses Displays the number of RADIUS packets received on the accounting port from this server Malformed Accounting Responses Displays the number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators and unknown types are not included as malformed accounting responses Bad Authenticato...

Page 440: ...n Provides authentication during login and via user names and user defined passwords Authorization Performed at login When the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server The TAC...

Page 441: ...CACS settings 1 In the Key String field specify the authentication and encryption key for TACACS communications between the Managed Switch and the TACACS server The valid range is 0 128 characters The key must match the key configured on the TACACS server 2 In the Connection Timeout field specify the maximum number of seconds allowed to establish a TCP connection between the Managed Switch and the...

Page 442: ...t should be within the range 0 65535 3 Use Port to specify the authentication port It should be within the range 0 65535 4 Use Key String to specify the authentication and encryption key for TACACS communications between the device and the TACACS server The valid range is 0 128 characters The key must match the encryption used on the TACACS server 5 Use Connection Timeout to specify the amount of ...

Page 443: ... List on page 449 Login Authentication List You use this page to configure login lists A login list specifies the authentication method s you want to be used to validate switch or port access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to th...

Page 444: ... select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the dropdown menu to select the method if any that ...

Page 445: ...o be used to validate privileged EXEC access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList which you may not delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list To display the Enable Authentication List page click Security Management Secur...

Page 446: ...ACS server None The user will not be authenticated 3 Use the dropdown menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first crea...

Page 447: ...d To display the Dot1x Authentication List page click Security Management Security Authentication List Dot1x Authentication List 1 List Name Select the dot1x list name for which you want to configure data 2 Use the dropdown menu to select the method that should appear first in the selected authentication login list The options are Local The user s locally stored ID and password will be used for au...

Page 448: ... more than one method The options are Local The user s locally stored ID and password will be used for authentication Radius The user s ID and password will be authenticated using the RADIUS server instead of locally Tacacs The user s ID and password will be authenticated using the TACACS server None The user will not be authenticated 3 Use the dropdown menu to select the method if any that should...

Page 449: ...n if you have specified more than one method The options are Local The user s locally stored ID and password will be used for authentication Radius The user s ID and password will be authenticated using the RADIUS server instead of locally Tacacs The user s ID and password will be authenticated using the TACACS server None The user will not be authenticated 3 Use the dropdown menu to select the me...

Page 450: ...tion From Shows the user is connected from which machine Idle Time Shows the idle session time Session Time Shows the total session time Session Type Shows the type of session telnet serial or SSH Configuring Management Access From the Access page you can configure HTTP and Secure HTTP access to the ProSafe Managed Switches management interface The Security Access tab contains the following folder...

Page 451: ...guration on page 451 HTTP Configuration To access the switch over a web you must first configure it with IP information IP address subnet mask and default gateway You can configure the IP information using any of the following BOOTP DHCP Terminal interface via the EIA 232 port Once you have established in band connectivity you can change the IP information using a Web based management ...

Page 452: ...eft side of the screen The factory default is disabled 3 Use HTTP Session Soft Timeout Minutes to set the inactivity time out for HTTP sessions The value must be in the range of 1 to 60 minutes The default value is 5 minutes The currently configured value is shown when the web page is displayed 4 Use HTTP Session Hard Timeout Hours to set the hard time out for HTTP sessions This time out is unaffe...

Page 453: ...ion of HTTP over an encrypted Secure Sockets Layer SSL or Transport Layer Security TLS connection When you manage the switch by using a Web interface secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man in the middle attacks Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between...

Page 454: ...35 Port 443 is the default value The currently configured value is shown when the web page is displayed 5 Use HTTPS Session Soft Timeout Minutes to set the inactivity time out for HTTPS sessions The value must be in the range of 1 to 60 minutes The default value is 5 minutes The currently configured value is shown when the web page is displayed 6 Use HTTPS Session Hard Timeout Hours to set the har...

Page 455: ...ent page click Security Access HTTPS HTTPS Certificate Management 1 Use None to specify there is no certificate management This is the default selection 2 Use Generate Certificates to begin generating the Certificate files 3 Use Delete Certificates to delete the corresponding Certificate files if present Table 6 88 Field Description Certificate Generation Status Displays whether SSL certificate ge...

Page 456: ... server needs a public key certificate You can generate a certificate externally for example off line and download it to the switch To display the Certificate Download page click Security Access HTTPS Certificate Download Downloading SSL Certificates Before you download a file to the switch the following conditions must be true The file to download from the TFTP server is on the server in the appr...

Page 457: ...yption Parameter PEM File SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded 2 Use Transfer Mode to specify the protocol to use to transfer the file TFTP Trivial File Transfer Protocol SFTP Secure File Transfer Program SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 ...

Page 458: ...es Software Administration Manual SSH From the SSH link you can access the following pages SSH Configuration on page 458 Host Keys Management on page 460 Host Keys Download on page 461 SSH Configuration To display the SSH Configuration page click Security Access SSH SSH Configuration ...

Page 459: ...essions to the switch The acceptable range for this value is 1 160 minutes 5 Use Maximum Number of SSH Sessions to configure the maximum number of inbound SSH sessions allowed on the switch The currently configured value is shown when the web page is displayed The range of acceptable values for this field is 0 5 6 Use Login Authentication List to select an authentication list from the pull down me...

Page 460: ...SA key file if it is present 4 DSA Keys Management None is the default selection 5 Use Generate DSA Keys to begin generating the DSA host keys Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions 6 Use Delete DSA Keys to delete the corresponding DSA key file if it is present 7 Click APPLY to start to download the Host Key file Note that ...

Page 461: ...specify the protocol to use to transfer the file TFTP Trivial File Transfer Protocol SFTP Secure File Transfer Program SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Ad...

Page 462: ...h or port access for the users associated with the list The enable list specifies the authentication method s you want used to validate privileged EXEC access for the users associated with the list These list can be created by Authentication List page under Management Security 1 Use Login Authentication List to specify which authentication list to use when you login through telnet The default valu...

Page 463: ...ons to select how many simultaneous telnet sessions will be allowed The maximum is 5 which is also the factory default 4 Current Number of Sessions Displays the number of current sessions Outbound Telnet Client Configuration This page regulates new outbound telnet connections If Allow New Telnet Sessions are enabled new outbound telnet sessions can be established until there are no more sessions a...

Page 464: ...the pull down menu You may choose from 1200 2400 4800 9600 19200 38400 57600 and 115200 baud The factory default is 9600 baud 3 Use Login Authentication List to specify which authentication list to use when you login through Telnet The default value is defaultList 4 Use Enable Authentication List to specify which authentication list you are using when going into the privileged EXEC mode The defaul...

Page 465: ...er 6 Managing Device Security 465 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Denial of Service To display the Denial of Service page click Security Access Denial of Service ...

Page 466: ...owed This includes the ICMP header size of 8 bytes If ICMP DoS prevention is enabled the switch will drop ICMP ping packets that have a size greater then this configured Max ICMP Packet Size minus the ICMP header size of 8 bytes The factory default is 512 6 Use Denial of Service SIP DIP to enable SIP DIP DoS prevention causing the switch to drop packets that have a source IP address equal to the d...

Page 467: ... to the authenticated port requesting access to the system services Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services From the Port Authentication link you can access the following pages Basic on page 467 Advanced on page 470 Basic F...

Page 468: ...ed Stackable Switches Software Administration Manual 802 1X Configuration Use the 802 1X Configuration page to enable or disable port access control on the system To display the 802 1X Configuration page click Security Port Authentication Basic 802 1X Configuration ...

Page 469: ...thentication List and select RADIUS as method 1 for defaultList For more information see pdf Authentication List Configuration on page 6 443 Disable The switch does not check for 802 1X authentication before allowing traffic on any ports even if the ports are configured to allow only authenticated users Default value 2 Use VLAN Assignment Mode to select one of options for VLAN Assignment mode enab...

Page 470: ... click Security Port Authentication Advanced 802 1X Configuration 1 Use Administrative Mode to select one of the options for administrative mode enable and disable The default value is disable 2 Use VLAN Assignment Mode to select one of the options for VLAN Assignment mode enable and disable The default value is disable 3 Use Users to select the user name that will use the selected login list for ...

Page 471: ...tication Use the Port Authentication page to enable and configure port access control on one or more ports To access the Port Authentication page click Security Port Authentication Advanced Port Authentication Note Use the horizontal scroll bar at the bottom of the browser to view all the fields on the Port Authentication page ...

Page 472: ...472 Chapter 6 Managing Device Security ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 473: ... PAE unconditionally sets the controlled port to authorized auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server mac based The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the...

Page 474: ...is 0 Changing the value will not change the configuration until the Submit button is pressed Enter 0 to clear the Unauthenticated Vlan Id on the interface Supplicant Timeout This input field allows the user to enter the supplicant time out for the selected port The supplicant time out is the value in seconds of the timer used by the authenticator state machine on this port to time out the supplica...

Page 475: ...on until the APPLY button is pressed User Privileges This select field allows the user to add the specified user to the list of users with access to the specified port or all ports Max Users This field allows the user to enter the limit to the number of supplicants on the specified interface 3 Click INITIALIZE to begin the initialization sequence on the selected port This button is only selectable...

Page 476: ...able 6 94 Field Description Port Specifies the port whose settings are displayed in the current table row Control Mode This field indicates the configured control mode for the port Possible values are Force Unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized Force Authorized The authenticator PAE unconditionally sets the controlled port to...

Page 477: ... between Supplicant and Authenticator This affects whether the unauthorized controlled port exerts control over communication in both directions disabling both incoming and outgoing frames or just in the incoming direction disabling only the reception of incoming frames This field is not configurable on some platforms Protocol Version This field displays the protocol version associated with the se...

Page 478: ...gurable Possible values are Radius Unauth Default Not Assigned Key Transmission Enabled This field displays if key transmission is enabled on the selected port This is not a configurable field The possible values are true and false If the value is false key transmission will not occur Otherwise Key transmission is supported on the selected port Session Timeout This field displays Session Timeout s...

Page 479: ...orization status of the specified port The possible values are Authorized Unauthorized and N A If the port is in detached state the value will be N A since the port cannot participate in port access control Port Method This field shows the authorization mode of the specified port The possible values are Mac based Port based Table 6 94 Field Description ...

Page 480: ...licant s device Mac Address Session Time This field displays the time since the supplicant as logged in seconds Filter ID This field displays policy filter id assigned by the authenticator to the supplicant device Vlan ID This field displays vlan id assigned by the authenticator to the supplicant device Vlan Assigned This field displays reason for the vlan id assigned by the authenticator to the s...

Page 481: ...features MAC Filter on page 481 Port Security on page 484 Private Group on page 490 Protected Ports Configuration on page 492 Storm Control on page 493 MAC Filter The MAC Filter folder contains links to the following features MAC Filter Configuration on page 481 MAC Filter Summary on page 483 MAC Filter Configuration Use the MAC Filter Configuration page to create MAC filters that limit the traffi...

Page 482: ...option You cannot define filters for the following MAC addresses 00 00 00 00 00 00 01 80 C2 00 00 00 to 01 80 C2 00 00 0F 01 80 C2 00 00 20 to 01 80 C2 00 00 21 FF FF FF FF FF FF d Click the orange bar to display the available ports and select the port s to include in the inbound filter If a packet with the MAC address and VLAN ID you specify is received on a port that is not in the list it will b...

Page 483: ...d on the system To display the MAC Filter Summary page click Security Traffic Control MAC Filter MAC Filter Summary The following table describes the information displayed on the page Table 6 96 Field Description MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D VLAN ID The VLAN ID associated with the filter Source Port Members A list of ports to be used for filtering inbou...

Page 484: ...tic MAC Address on page 489 Port Security Configuration Use the Port Security feature to lock one or more ports on the system When a port is locked only packets with an allowable source MAC addresses can be forwarded All other packets are discarded To display the Port Security Configuration page click Security Traffic Control Port Security Port Administration To configure the global port security ...

Page 485: ... ports that are enabled for port security The following table describes the fields in the Port Security Violation table Table 6 97 Field Description Port Displays the physical interface for which you want to display data Last Violation MAC Displays the source MAC address of the last packet that was discarded at a locked port VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC addr...

Page 486: ...en a packet with an unknown source MAC address is learned and forwarded normally When the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned are discarded You can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero Static locking allows you to specify a list of MAC addresses that ...

Page 487: ...ding row to apply the same settings to all interfaces 3 Specify the following settings Security Mode Enables or disables the Port Security feature for the selected interface Max Allowed Dynamically Learned MAC Sets the maximum number of dynamically learned MAC addresses on the selected interface Max Allowed Statically Locked MAC Sets the maximum number of statically locked MAC addresses on the sel...

Page 488: ...ress to a statically locked address The Dynamic MAC address entries are converted to Static MAC address entries in a numerically ascending order until the Static limit is reached 3 Click REFRESH to refresh the web page to show the latest MAC address learned on a specific port The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port Use the Port ...

Page 489: ...ontrol Port Security Static MAC Address 1 Interface Select the physical interface for which you want to display data 2 Static MAC Address Accepts user input for the MAC address to be deleted 3 Use VLAN ID to select the VLAN ID corresponding to the MAC address being added 4 Click ADD to add a new static MAC address to the switch 5 Click DELETE to delete a existing static MAC address from the switch...

Page 490: ... to 24 bytes of non blank characters 2 Use the optional Group ID field to specify the private group identifier If not specified a group id not used will be assigned automatically The range of group id is 1 to 192 3 Use Group Mode to configure the mode of private group The group mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress tra...

Page 491: ...private group Table 6 99 Field Description Group Name This field identifies the name for the Private Group you selected It can be up to 24 non blank characters long Group Mode This field identifies the mode of the Private Group you selected The modes are community isolated The group mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egres...

Page 492: ...for the current platform The valid range of the Group ID is 0 to 2 2 Use the optional Group Name field to associate a name with the protected ports group used for identification purposes It can be up to 32 alphanumeric characters long including blanks The default is blank This field is optional 3 Click the orange bar to display the available ports 4 Click the box below each port to configure as a ...

Page 493: ...can overload network resources and or cause the network to time out The switch measures the incoming broadcast multicast unknown unicast packet rate per port and discards packets when the rate exceeds the defined value Storm control is enabled per interface by defining the packet type and the rate at which the packets are transmitted The Storm Control folder contains links to the following feature...

Page 494: ...mode on all ports by clicking the corresponding radio button When you specify Enable for Broadcast Storm Recovery and the broadcast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the broadcast traffic The factory default is enabled Multicast Storm Control All Enable or disable the Multicast Storm Recovery mode on all ports by clicking the corresponding rad...

Page 495: ... Gigabit L3 Managed Stackable Switches Software Administration Manual Storm Control Interface Configuration To display the Storm Control Interface Configuration page click Security Traffic Control Storm Control Storm Control Interface Configuration ...

Page 496: ...traffic The factory default is disabled Multicast Storm Recovery Level Type Specify the Multicast Storm Recovery Level as a percentage of link speed or as packages per second Multicast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Unicast Storm Recovery Mode Enable or disable this option by selecting the corr...

Page 497: ...ynamic ARP Inspection on page 505 Captive Portal on page 512 DHCP Snooping The DHCP Snooping folder contains links to the following features DHCP Snooping Global Configuration on page 498 DHCP Snooping Interface Configuration on page 499 DHCP Snooping Binding Configuration on page 500 DHCP Snooping Persistent Configuration on page 501 DHCP Snooping Statistics on page 502 ...

Page 498: ...ory default is disabled 2 Use MAC Address Validation to enable or disable the validation of sender MAC Address for DHCP Snooping The factory default is enabled DHCP Snooping VLAN Configuration 1 Use VLAN ID to enter the VLAN for which the DHCP Snooping Mode is to be enabled 2 Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature for entered VLAN The factory default is disabled 3 Cl...

Page 499: ...nabled DHCP snooping application logs invalid packets on this interface The factory default is disabled 4 Use Rate Limit pps to specify rate limit value for DHCP Snooping purpose If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds the port will be shutdown If this value is None there is no limit The factory default is 15pps packets per sec...

Page 500: ...e range of the VLAN ID is 1 to 4093 4 Use IP Address to specify valid IP Address for the binding rule 5 Click ADD to add DHCP snooping binding entry into the database 6 Click DELETE to delete selected static entries from the database Dynamic Binding Configuration 1 Interface Displays the interface to which a binding entry in the DHCP snooping database 2 Use MAC Address to display the MAC address f...

Page 501: ...to select the local store or remote store Local selection disable the Remote objects like Remote File Name and Remote IP address 2 Use Remote IP Address to configure Remote IP Address on which the snooping database will be stored when Remote is selected 3 Use Remote File Name to configure Remote file name to store the database when Remote is selected 4 Use Write Delay to configure the maximum writ...

Page 502: ...ace for which statistics to be displayed MAC Verify Failures Number of packets that were dropped by DHCP Snooping as there is no matching DHCP Snooping binding entry found Client Ifc Mismatch The number of DHCP messages that are dropped based on source MAC address and client HW address verification DHCP Server Msgs Received The number of Server messages that are dropped on an un trusted port Click...

Page 503: ...PSG Mode to enable or disable validation of Sender IP Address on this interface If IPSG is Enabled Packets will not be forwarded if Sender IP Address is not in DHCP Snooping Binding database The factory default is disabled 3 Use IPSG Port Security to enable or disables the IPSG Port Security on the selected interface If IPSG Port Security is enabled then the packets will not be forwarded if the se...

Page 504: ...he binding rule 4 Use IP Address to specify valid IP Address for the binding rule 5 Click ADD to add IPSG static binding entry into the database 6 Click DELETE to delete selected static entries from the database Table 6 102 Field Description Interface Displays the interface to add a binding into the IPSG database MAC Address Displays the MAC address for the binding entry VLAN ID Displays the VLAN ...

Page 505: ...guration 1 Use Validate Source MAC to choose the DAI Source MAC Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable Sender MAC validation for the ARP packets will be enabled The factory default is disable 2 Use Validate Destination MAC to choose the DAI Destination MAC Validation Mode for the switch by selecting Enable or Disable radio button If you sele...

Page 506: ...o indicate whether the Dynamic ARP Inspection logging is enabled on this VLAN If this object is set to Enable it will log the Invalid ARP Packets information If this object is set to Disable Dynamic ARP Inspection logging is disabled 4 Use ARP ACL Name to specify a name for the ARP Access list A vlan can be configured to use this ARP ACL containing rules as the filter for ARP packet validation The...

Page 507: ...interface will be forwarded without checking If this object is set to Disable the interface is not trusted ARP packets coming to this interface will be subjected to ARP inspection The factory default is disable 3 Use Rate Limit pps to specify rate limit value for Dynamic ARP Inspection purpose If the incoming rate of ARP packets exceeds the value of this object for consecutively burst interval sec...

Page 508: ...This screen shows the ARP ACLs configured To display the DAI ACL Configuration page click Security Control Dynamic ARP Inspection DAI ACL Configuration 1 Use Name to create New ARP ACL for DAI 2 Click ADD to add a new DAI ACL to the switch configuration 3 Click DELETE to remove the currently selected DAI ACL from the switch configuration ...

Page 509: ...l Dynamic ARP Inspection DAI ACL Rule Configuration 1 ACL Name Selects the DAI ARP ACL for which information want to be displayed or configured 2 Click ADD to add a new Rule to the selected ACL 3 Click DELETE to remove the currently selected Rule from the selected ACL Table 6 103 Field Description Source IP Address This indicates Sender IP address match value for the DAI ARP ACL Source MAC Address...

Page 510: ...urity ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual DAI Statistics This screen shows the Statistics per VLAN To display the DAI Statistics page click Security Control Dynamic ARP Inspection DAI Statistics ...

Page 511: ...he sender MAC address in ARP packet didn t match the source MAC in ethernet header Bad Dest MAC Number of ARP packets that were dropped by DAI as the target MAC address in ARP reply packet didn t match the destination MAC in ethernet header Invalid IP Number of ARP packets that were dropped by DAI as the sender IP address in ARP packet or target IP address in ARP reply packet is invalid Invalid ad...

Page 512: ...s to the following features Captive Portal Global Configuration on page 513 Captive Portal Configuration on page 515 Captive Portal Binding Configuration on page 517 Captive Portal Binding Table on page 518 Captive Portal Group Configuration on page 519 Captive Portal User Configuration on page 520 Captive Portal Trap Flags on page 522 Captive Portal Client on page 523 ...

Page 513: ...raffic uses port 80 but you can configure an additional port for HTTP traffic Enter a port number between 0 65535 excluding port 80 Enter 0 to unconfigure the Additional HTTP Port Default is 0 3 Use Additional HTTP Secure Port to configure an additional port for HTTP Secure traffic HTTP Secure traffic uses port 443 Enter a port number between 0 65535 excluding port 443 Enter 0 to unconfigure the A...

Page 514: ...ve portals in the system Configured Captive Portals Shows the number of captive portals configured on the switch Active Captive Portals Shows the number of captive portal instances that are operationally enabled System Supported Users Shows the number of authenticated users that the system can support Local Supported Users Shows the number of entries that the Local User database supports Authentic...

Page 515: ...Configuration Shown in two figures below 1 Use the CP ID pull down menu to select the CP ID for which to create or update 2 Use CP Name to enter the name of the configuration Name can contain 1 to 31 alphanumeric characters 3 Use Admin Mode to enable or disable this CP instance 4 Use Protocol to choose whether to use HTTP or HTTPs as the protocol for the portal to use during the verification proce...

Page 516: ...US client and performs all RADIUS transactions on behalf of the clients 11 Use Redirect URL to specify the URL to which the newly authenticated client is redirected The max length for the URL is 512 alphanumeric characters 12 Use Background Color to specify the value of the background color Example BFBFBF 13 Use Foreground Color to specify the value of the foreground color Example 999999 14 Use Se...

Page 517: ... A CP can have multiple interfaces associated with it but an interface can be associated to only one CP at a time To display the Captive Portal Global Configuration page click Security Control Captive Portal CP Binding Configuration 1 Use the CP ID pull down list to select the CP ID for which to create or update a CP instance 2 Use CP Name to enter the name of the configuration Name can contain 1 ...

Page 518: ...to remove the currently selected interface Table 6 106 Field Description Interface The interface for which you want to view information CP ID The ID of captive portal instance Operational Status Shows whether the portal is active on the specified interface Block Status Indicates whether the captive portal is temporarily blocked for authentications Authenticated users Displays the number of authent...

Page 519: ... add a new group to the User Group database To display the Captive Portal Group Configuration page click Security Control Captive Portal CP Group Configuration 1 Use the Group ID pull down menu to select the Group ID for which to create or update a group 2 Use Group Name to enter the name of the user group Name can contain 1 to 31 alphanumeric characters 3 Click ADD to add a new group 4 Click DELE...

Page 520: ...nual Captive Portal User Configuration When you click Add from the CP User Configuration page the screen refreshes and you can add a new user to the Local User database To display the Captive Portal User Configuration page click Security Control Captive Portal CP User Configuration Shown in following two figures ...

Page 521: ...seconds and the default value is 0 8 Use Idle Timeout to enable Logout once idle time out is reached seconds If the attribute is 0 or not present then use the value configured for the captive portal 9 Use Max Bandwidth Down to specify the maximum rate Rate in bits per seconds at which a client can receive data from the network 0 indicates use global configuration Range 0 536870911 bps 10 Use Max B...

Page 522: ...aptive portal trap mode status To enable or disable the mode use the System SNMP SNMPv1 v2 Trap Flags page 2 If you enable the Client Auth Failure field the SNMP agent sends a trap when a client attempts to authenticate with a captive portal but is unsuccessful 3 If you enable the Client Connect field the SNMP agent sends a trap when a client authenticates with and connects to a captive portal 4 I...

Page 523: ...ent connection protocol which is either HTTP or HTTPS Verification Shows the current account type which is Guest Local or RADIUS Session Time Shows the amount of time that has passed since the client was authorized Interface Identifies the interface the client is using CP ID The ID of the Captive Portal instance User Name Displays the user name or Guest ID of the connected client Bytes Received To...

Page 524: ...t or to a LAG The Security ACL folder contains links to the following features Basic The Basic folder contains links to the following features MAC ACL on page 524 MAC Rules on page 526 MAC Binding Configuration on page 528 MAC Binding Table on page 530 MAC ACL A MAC ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the s...

Page 525: ... for the MAC ACL in the Name field and click Add The name string may include alphabetic numeric dash underscore or space characters only The name must start with an alphabetic character Each configured ACL displays the following information Rules Displays the number of rules currently configured for the MAC ACL Direction Displays the direction of packet traffic affected by the MAC ACL which can be...

Page 526: ...Use the MAC Rules page to define rules for MAC based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded A default deny all rule is the last rule of every list To display the MAC Rules page click Security ACL Basic MAC Rules Following two figures ...

Page 527: ...lid format is xx xx xx xx xx xx Destination MAC Specifies the destination MAC address to compare against an Ethernet frame Valid format is xx xx xx xx xx xx The BPDU keyword may be specified using a Destination MAC address of 01 80 C2 xx xx xx Destination MAC Mask Specifies the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame Valid form...

Page 528: ...nding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces To display the MAC Binding Configuration page click Security ACL Basic MAC Binding Configuration ...

Page 529: ... specified by the user a sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used The valid range is 1 4294967295 3 Click the appropriate orange bar to expose the available ports or LAGs The Port Selection Table provides a list of all available valid interfaces for ACL binding All non routing physical interfaces vlan interf...

Page 530: ...e binding select the check box next to the interface and click Delete Table 6 108 Field Description Interface Displays the interface of the ACL assigned Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Displays the ACL Number in case of IP ACL or ACL Name in case of MAC ACL identifying the ACL assig...

Page 531: ...acket When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match On this menu the interfaces to which an IP ACL applies must be specified as well as whether it applies to inbound or outbound traffic Rules for the IP ACL are specified created using the IP ACL Rule Configuration menu To display the IP ACL page ...

Page 532: ...ress to a destination IP address This type of ACL provides more granularity and filtering capabilities than the standard IP ACL IP ACL Name Create a Named IP ACL which provides alternate to configure the IP Extended ACL IP ACL Name string which includes alphanumeric characters only and must start with an alphabetic character Each configured ACL displays the following information Rules Displays the...

Page 533: ...n IP ACL rule select the ACL ID to add the rule to complete the fields described in the following list and click Add Only displays ACL IDs from 1 to 99 Rule ID Specify a number from 1 12 to identify the IP ACL rule You can create up to 12 rules for each ACL Action Selects the ACL forwarding action which is one of the following Permit Forwards packets which meet the ACL criteria Deny Drops packets ...

Page 534: ...e for a Permit Action Redirect Interface Specifies the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is visible for a Permit Action Source IP Address Requires a packet s source IP address to match the address lis...

Page 535: ...e select the ACL ID to add the rule to select the check box in the Extended ACL Rule table and click Add The page displays the extended ACL Rule Configuration fields 2 Configure the new rule Rule ID Specify a number from 1 12 to identify the IP ACL rule You can create up to 12 rules for each ACL Action Selects the ACL forwarding action which is one of the following Permit Forwards packets which me...

Page 536: ... or not Set A packet matches this ACL rule if the TCP flag in this packet is set Clear A packet matches this ACL rule if the TCP flag in this packet is not set Src IP Address Enter an IP address using dotted decimal notation to be compared to a packet s source IP Address as a match criteria for the selected IP ACL rule Src IP Mask Specify the IP Mask in dotted decimal notation to be used with the ...

Page 537: ...r three bits of the Service Type octet in the IP header This is an optional configuration Enter an integer from 0 to 7 IP TOS The IP TOS field in a packet is defined as all eight bits of the Service Type octet in the IP header The TOS Bits value is a hexadecimal number from 00 to FF The TOS Mask value is a hexadecimal number from 00 to FF The TOS Mask denotes the bit positions in the TOS Bits valu...

Page 538: ...ACL Advanced IPv6 ACL 1 IP ACL is the IP ACL ID or IP ACL Name which is dependent on the IP ACL Type IP ACL ID must be an integer from 1 to 99 for an IP basic ACL and from 100 to 199 for an IP Extended ACL IPv6 ACL Name string includes alphanumeric characters only The name must start with an alphabetic character 2 Click ADD to add a new IP ACL to the switch configuration 3 Click DELETE to remove t...

Page 539: ...n Manual IPv6 Rules Use these screens to configure the rules for the IPv6 Access Control Lists which is created using the IPv6 Access Control List Configuration screen By default no specific value is in effect for any of the IPv6 ACL rules To display the IPv6 Rules page click Security ACL Advanced IPv6 Rules ...

Page 540: ...orwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is visible for a Permit Action 8 Use Match Every to select true or false from the pull down menu True signifies that all packets will match the selected IPv6 ACL and Rule and will be either permitted or denied In this case since all packets match the ...

Page 541: ...MTP SNMP TELNET TFTP and WWW Each of these values translates into its equivalent port number which is used as both the start and end of the port range 14 Flow label is 20 bit number that is unique to an IPv6 packet used by end stations to signify quality of service handling in routers Flow label can specified within the range 0 to 1048575 15 Use IPv6 DSCP Service to specify the IP DiffServ Code Po...

Page 542: ...inding Configuration When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the IP Binding Configuration page to assign ACL lists to ACL Priorities and Interfaces To display the IP Binding Configuration page click Security ACL Advanced IP Binding Configuration ...

Page 543: ...election Table specifies list of all available valid interfaces for ACL mapping All non routing physical interfaces and interfaces participating in LAGs are listed To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that an X appears in the box To remove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the ...

Page 544: ... select the check box next to the interface and click Delete Table 6 110 Field Description Interface Displays selected interface Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Name Displays the ACL Number in the case of IP ACL or ACL Name in the case of Named IP ACL and IPv6 ACL identifying the AC...

Page 545: ...Chapter 6 Managing Device Security 545 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 546: ...n page 571 sFlow on page 573 Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch From the Ports link you can access the following pages Port Statistics on page 546 Port Detailed Statistics on page 549 EAP Statistics on page 557 Cable Test on page 559 Port Statistics The Port Statistics page ...

Page 547: ...Chapter 7 Monitoring the System 547 ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 548: ... interface table entry associated with this port on an adapter Total Packets Received Without Errors The total number of packets received that were without errors Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of good packets received that were directed to ...

Page 549: ...tration Manual Port Detailed Statistics The Port Detailed Statistics page displays a variety of per port traffic statistics To access the Port Detailed page click Monitoring Ports Port Detailed Statistics Following two figures show some but not all of the fields on the Port Detailed Statistics page ...

Page 550: ...550 Chapter 7 Monitoring the System ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 551: ...nk Aggregation trunk Look at the Port Channel screens for more information Port Channel ID If the port is a member of a port channel the port channel s interface ID and name are shown Otherwise Disable is shown Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Back...

Page 552: ...kets received or transmitted that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets Packets RX and TX 1024 1518 Octets The total number of packets including bad packets received or transmitted that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Packets RX and TX 1519 2047 Octets The total numb...

Page 553: ... were without errors Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of good packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of good packets received that were direc...

Page 554: ...pe VLAN Membership Mismatch The number of frames discarded on this port due to ingress filtering VLAN Viable Discards The number of frames discarded on this port when a lookup on a particular VLAN occurs while that entry in the VLAN table is being modified or if the VLAN has not been configured Multicast Tree Viable Discards The number of frames discarded when a lookup in the multicast tree for a ...

Page 555: ...er of packets transmitted that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed This counter has a max increment rate of 815 counts per sec at 10 Mb s Maximum Frame Size The maximum ethernet frame size the interface supports or is configured including ethernet header CRC and payload 1518 to 9216 The default maximum frame size is 1518 Total...

Page 556: ... of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port MSTP BPDUs Received Number of MSTP BPDUs received at the selected port MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port 802 3x Pause Frames Transmitted A count of MAC Control frames transmitted on this interface with an opcode indicating the PAUS...

Page 557: ...bit L3 Managed Stackable Switches Software Administration Manual EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port To display the EAP Statistics page click Monitoring Ports EAP Statistics ...

Page 558: ...OL Start Frames Received This displays the number of EAPOL start frames that have been received by this authenticator EAPOL Logoff Frames Received This displays the number of EAPOL logoff frames that have been received by this authenticator EAPOL Last Frame Version This displays the protocol version number carried in the most recently received EAPOL frame EAPOL Last Frame Source This displays the ...

Page 559: ...e test on the selected interface The cable test may take up to 2 seconds to complete If the port has an active link then the link is not taken down and the cable status is always Normal The command returns a cable length estimate if this feature is supported by the PHY for the current link speed Note that if the link is down and a cable is attached to a 10 100 Ethernet adapter then the cable statu...

Page 560: ...n The failure location is only displayed if the cable status is Open or Short 560 Chapter 7 Monitoring the System ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Logs The switch may generate messages in response to events faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored locally and can be forw...

Page 561: ...his log exists only on the top of stack platform Other platforms in the stack forward their messages to the top of stack log 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding radio button 2 Behavior Indicates the behavior of the log when it is full It can either wrap around or stop when the log space is...

Page 562: ...5 Aug 24 05 34 05 0 0 0 0 1 MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a message with severity 7 15 mod 8 debug on a system that is stacked and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged with system IP 0 0 0 0 and task id 1 ...

Page 563: ...itches Software Administration Manual Command Log Configuration To access the Command Log Configuration page click Monitoring Logs Command Log Configuration 1 Use Admin Mode to enable disable the operation of the CLI Command logging by selecting the corresponding radio button ...

Page 564: ...essages Enable or Disable logging by selecting the corresponding radio button 2 Severity Filter A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the pull down entry field These severity levels have been enumerated below Emergency 0 system is unusable Alert 1 action must be taken immediately Critical 2 critica...

Page 565: ...s no messages will be sent to any collector relay Enable means messages will be sent to configured collector relays using the values configured for each collector relay Enable Disable the operation of the syslog function by selecting the corresponding radio button 2 Use Local UDP Port to specify the port on the local host from which syslog messages are sent The default port is 514 Specify the loca...

Page 566: ...ed Stackable Switches Software Administration Manual Trap Logs This screen lists the entries in the trap log The information can be retrieved as a file by using System Utilities Upload File from Switch To access the Trap Logs page click Monitoring Logs Trap Logs ...

Page 567: ...have occurred since the switch last reboot Trap Log Capacity The maximum number of traps stored in the log If the number of traps exceeds the capacity the entries will overwrite the oldest entries Number of Traps since log last viewed The number of traps that have occurred since the traps were last displayed Displaying the traps by any method terminal interface display Web display upload file from...

Page 568: ...3 Managed Stackable Switches Software Administration Manual Event Logs This panel displays the event log which contains error messages from the system Event log is not cleared on a system reset To access the Event Log page click Monitoring Logs Event Logs ...

Page 569: ...perform the following actions Click Clear to clear the messages out of the Event Log Click Refresh to refresh the data on the screen and display the most current information Table 7 117 Field Description Entry The sequence number of the event Type The type of the event File Name The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event...

Page 570: ...t Logs 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding line on the pull down entry field 2 Behavior A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the pull down entry field These severity levels have been enume...

Page 571: ...oring Port mirroring selects the network traffic for analysis by a network analyzer This is done for specific ports of the switch As such many switch ports are configured as source ports and one switch port is configured as a destination port You have the ability to configure how traffic is mirrored on a source port Packets that are received on the source port that are transmitted on a port or are...

Page 572: ...572 Chapter 7 Monitoring the System ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 573: ...t Mirroring is active on the selected port Disable Port mirroring is not active on the selected port but the mirroring information is retained 5 Direction Specifies the direction of the Traffic to be mirrored from the configured mirrored port s Default value is Tx and Rx 6 Click Apply to apply the settings to the system If the port is configured as a source port the Mirroring Port field value is M...

Page 574: ...sion Organization Software Revision where MIB Version 1 3 the version of this MIB Organization NETGEAR Inc Revision 1 0 Agent Address The IP address associated with this agent 574 Chapter 7 Monitoring the System ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Click REFRESH to refresh the web page to show the latest sFlow agent information ...

Page 575: ... To display the sFlow Agent page click Monitoring sFlow Advanced sFlow Agent Table 7 120 Field Description Agent Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where MIB Version 1 3 the version of this MIB Organization NETGEAR Inc Revision 1 0 Agent Address The IP address associa...

Page 576: ...nges can be made to other sampler objects 3 Use Receiver Timeout to specify the time in seconds remaining before the sampler is released and stops sampling A management entity wanting to maintain control of the sampler is responsible for setting a new value before the old one expires Allowed range is 0 to 4294967295 secs A value of zero sets the selected receiver configuration to its default value...

Page 577: ...fy the allowed range for the sFlowReceiver associated with this counter poller Allowed range is 1 to 8 3 Use Poller Interval to specify the maximum number of seconds between successive samples of the counters associated with this data source A sampling interval of 0 disables counter sampling Allowed range is 0 to 86400 secs 4 Use Receiver Index to specify the sFlow Receiver for this flow sampler I...

Page 578: ... 578 Reset on page 580 Upload File From Switch on page 583 Download File To Switch on page 587 File Management on page 592 Troubleshooting on page 595 Save Configuration The Save Configuration menu contains links to the following options Save Configuration on page 578 Auto Install Configuration on page 580 Save Configuration To access the Save Configuration page click Maintenance Save Config Save ...

Page 579: ...ble Switches Software Administration Manual 1 Select the check box and click the APPLY button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch ...

Page 580: ...es you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch 3 Use Auto Install Retry Count to specify the number of times the unicast TFTP tries should be made for the DHCP specified file before falling back for broadcast TFTP tries Reset The Reset menu contains links to the following options Device Reboot on page 580 ...

Page 581: ...l to run reset for all units 2 Select the Save prior to reboot radio button and click the APPLY button to reboot the switch Prior to reboot the unit the current configuration will be saved first 3 Select the Don t save prior to reboot radio button and click the APPLY button to reboot the switch This option permits the user to reboot the unit without saving the current configuration ...

Page 582: ...DHCP client is enabled If you lose network connectivity after you reset the switch to the factory defaults see Web Access on page 9 To access the Factory Defaults page click Maintenance Reset Factory Default To reset the switch to the factory default settings 1 Select the check box and click the APPLY button to have all configuration parameters reset to their factory default values All changes you...

Page 583: ...utton to have all user passwords reset to their factory default values All changes you have made will be lost even if you have issued a save Upload File From Switch Use the File Upload page to upload configuration ASCII log ASCII and image binary files from the switch to the TFTP server The Upload menu contains links to the following options File Upload on page 583 HTTP File Upload on page 586 USB...

Page 584: ...584 Chapter 8 Maintenance ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 585: ...stem trap records Tech Support Specify Tech Support to retrieve the switch information needed for trouble shooting The factory default is Archive 2 Use Transfer Mode to specify what protocol to use to transfer the file TFTP Trivial File Transfer Protocol SFTP Secure File Transfer Program SCP Secure Copy 3 Use Server Address Type to specify either IPv4 or IPv6 to indicate the format of the Server A...

Page 586: ...artup Configuration Specify configuration when you want to retrieve the stored configuration Text Configuration Specify configuration in text mode when you want to retrieve the stored configuration Script File Specify script file when you want to retrieve the stored configuration Error Log Specify error log to retrieve the system error persistent log sometimes referred to as the event log Trap Log...

Page 587: ...ode image2 when you want to retrieve b Use Text Configuration to specify configuration in text mode when you want to retrieve the stored configuration The factory default is image1 2 Use USB File to specify a name along with path for the file you want to upload You may enter up to 32 characters The factory default is blank 3 The last row of the table is used to display information about the progre...

Page 588: ... the file has errors the update will be stopped Text Configuration Specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman R...

Page 589: ...4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Name to enter the name of the file you want to download from the server You may enter up to 32 characters The factory default is blank 6 Use User Name to enter the username for remote login to SFTP SCP server...

Page 590: ...ration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded Use SSH 2 DSA Key PEM File to specify SSH 2 Digital Signat...

Page 591: ...nload 4 Click Cancel to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 5 Click the Apply button to initiate the file download Note After a file transfer is started please wait until the page refreshes When the page refreshes the Select File option will be blanked out This indicates that the file transfer is done Note To download SSH key files ...

Page 592: ... the update will be stopped The factory default is Image1 2 Use USB File to specify a name along with path for the file you want to download You may enter up to 32 characters The factory default is blank 3 Download Status displays the status during transfer file to the switch 4 The last row of the table is used to display information about the progress of the file transfer The screen will refresh ...

Page 593: ...n page 594 Copy To display the Copy page click Maintenance File Management Copy 1 Use Source Image to select the image1 or image2 as source image when copy occurs 2 Use Stack member to select the destination unit to which you are going to copy from master 3 Use Destination Image to select the image1 or image2 as destination image when copy occurs ...

Page 594: ...Configuration To configure Dual Image settings 1 Use Unit to select the unit whose code image you want to activate update or delete 2 Use Image Description to specify the description for the image that you have selected 3 Use Next Active Image to make the selected image the next active image for subsequent reboots 4 Use Update Bootcode to update the bootloader with the selected image 5 Click DELET...

Page 595: ...g IPv4 Use this screen to tell the switch to send a Ping request to a specified IP address You can use this to check whether the switch can communicate with a particular IP station Once you click the APPLY button the switch will send specified number of ping requests and the results will be displayed If a reply to the ping is not received you will see Tx Count Rx 0 Min Max Avg RTT 0 0 0 msec If a ...

Page 596: ...596 Chapter 8 Maintenance ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual ...

Page 597: ... you enter is not retained across a power cycle Interval secs Enter the Interval between ping packets in seconds initial value is default value The Interval you enter is not retained across a power cycle Datagram Size Enter the Size of ping packet initial value is default value The Size you enter is not retained across a power cycle 3 PING displays the result after the switch sends a Ping request ...

Page 598: ...isplayed below the configurable data The output will be Send count 3 Receive count n from IPv6 Address Average round trip time n ms To access the Ping IPv6 page click Maintenance Troubleshooting Ping IPv6 1 Use Ping to select either global IPv6 Address Hostname or Link Local Address to ping 2 Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to ping...

Page 599: ...s packets take to a remote destination Once you click the Apply button the switch will send traceroute and the results will be displayed below the configurable data If a reply to the traceroute is received you will see 1 x y z w 9869 usec 9775 usec 10584 usec 2 0 0 0 0 0 usec 0 usec 0 usec 3 0 0 0 0 0 usec 0 usec 0 usec Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute...

Page 600: ...ained across a power cycle InitTTL Enter the initial TTL to be used The initial value is default value The InitTTL you enter is not retained across a power cycle MaxFail Enter the maximum Failures allowed in the session The initial value is default value The MaxFail you enter is not retained across a power cycle Interval secs Enter the Time between probes in seconds The initial value is default va...

Page 601: ... to the traceroute is received you will see 1 a b c d e f g 9869 usec 9775 usec 10584 usec 2 0 0 0 0 0 0 0 0 0 usec 0 usec 0 usec Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute IPv6 page click Maintenance Troubleshooting Traceroute IPv6 1 Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to discover path The initial v...

Page 602: ... a link to Online Help Online Help The Online Help includes the following pages Support on page 602 User Guide on page 603 Support Use the Support page to connect to the Online Support site at netgear com To access the Support page click Help Online Help Support To connect to the NETGEAR support site for ProSafe Managed Switches click Apply ...

Page 603: ...ation Manual User Guide Use the User Guide page to access the ProSafe Managed Switch the guide you are now reading that is available on the NETGEAR Website To access the User Guide page click Help Online Help User Guide To access to the User Guide that is available online click Apply ...

Page 604: ... gateway 0 0 0 0 Protocol DHCP Management VLAN ID 1 Minimum password length 8 characters IPv6 management mode Enabled SNTP client Enabled SNTP server time d netgear com Global logging Enabled CLI command logging Disabled Console logging Enabled Severity level debug and above RAM logging Enabled Severity level debug and above Persistent FLASH logging Disabled DNS Enabled No servers configured SNMP ...

Page 605: ...isabled MAC Based Port Security All ports are unlocked Access Control Lists ACL None configured IP Source Guard IPSG Disabled DHCP Snooping Disabled Dynamic ARP Inspection Disabled Protected Ports None Private Groups None PoE Plus GSM7228PS and GSM7252PS Enabled Flow Control Support IEEE 802 3x Enabled Head of Line Blocking Prevention Disabled Maximum Frame Size 1518 bytes Auto MDI MDIX Support En...

Page 606: ...Guest VLAN Disabled RADIUS assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol STP Enabled STP Operation Mode IEEE 802 1s Multiple Spanning Tree Optional STP Features Disabled STP Bridge Priority 32768 Multiple Spanning Tree Enabled Link Aggregation No Link Aggregation Groups LAGs configured LACP System Priority 1 Routing Mode Disabled OSPF Admin Mode Enabled OSPF Router ID 0 0 0 ...

Page 607: ...iffServ Enabled Auto VoIP Enabled Auto VoIP Traffic Class 6 Bridge Multicast Filtering Disabled MLD Snooping Disabled IGMP Snooping Disabled IGMP Snooping Querier Disabled GMRP Disabled IPv4 Multicast Disabled IPv6 Multicast Disabled Licensing Support GSM72xxPS and GSM73xxSv1 Table 9 Default Settings Continued Feature Default ...

Page 608: ...r than geographic location for example by department type of user or primary application To enable traffic to flow between VLANs traffic must go through a router just as if the VLANs were on two separate LANs A VLAN is a group of PCs servers and other network resources that behave as if they were connected to a single network segment even though they might not be For example all marketing personne...

Page 609: ...ffected by the default VLAN ID setting The packet proceeds to the VLAN specified by its VLAN ID tag number If the port through which the packet entered does not have membership with the VLAN specified by the VLAN ID tag the packet is dropped If the port is a member of the VLAN specified by the packet s VLAN ID the packet can be sent to other ports with the same VLAN ID Packets leaving the switch a...

Page 610: ...h tags it with VLAN ID 20 The packet has access to port 5 and port 6 The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6 For port 5 the outgoing packet leaves as a tagged packet with VLAN ID 20 Access Control Lists ACLs ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resour...

Page 611: ...will examine traffic as it enters the port 2 From the MAC Rules screen create a rule for the Sales_ACL with the following settings ID 1 Action Permit Assign Queue ID 0 Match Every False CoS 0 Destination MAC 01 02 1A BC DE EF Destination MAC Mask 00 00 00 00 FF FF EtherType User Value Source MAC 02 02 1A BC DE EF Source MAC Mask 00 00 00 00 FF FF VLAN ID 2 For more information about MAC ACL rules ...

Page 612: ...ny Assign Queue ID 0 optional 0 is the default value Match Every False Source IP Address 192 168 187 0 Source IP Mask 255 255 255 0 For additional information about IP ACL rules see IP Rules on page 6 533 3 Click Add 4 From the IP Rules screen create a second rule for IP ACL 1 with the following settings Rule ID 2 Action Permit Match Every True 5 Click Add 6 From the IP Binding Configuration page ...

Page 613: ...de is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised There are two basic types of QoS Integrated Services network resources are apportioned based on request and are reserved resource reservation according to network management policy RSVP for example Differentiated Services network resource...

Page 614: ...pe Only classes of the same type can be nested class nesting does not allow for the negation i e exclude option of the referenced class To configure DiffServ you must define service levels namely the forwarding classes PHBs identified by a given DSCP value on the egress interface These service levels are defined by configuring BA classes for each Creating Policies Use DiffServ policies to associat...

Page 615: ...rop The packet is dropped mark cos The 802 1p user priority bits are re marked and forwarded mark dscp The packet DSCP is re marked and forwarded mark prec The packet IP Precedence is re marked and forwarded send the packet is forwarded without DiffServ modification Color Mode Awareness Policing in the DiffServ feature uses either color blind or color aware mode Color blind mode ignores the colora...

Page 616: ...tion L4 Port Other and enter 4568 as the destination port value For more information about this screen see Class Configuration on page 5 416 4 Click Apply 5 From the Policy Configuration screen create a new policy with the following settings Policy Selector Policy1 Member Class Class1 For more information about this screen see Policy Configuration on page 5 420 6 Click Add to add the new policy 7 ...

Page 617: ...physical characteristics of LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails In this context a port is a single point of attachment to the LAN such as ports of MAC bridges and as...

Page 618: ...stinct roles within an access control interaction 1 Authenticator A Port that enforces authentication before allowing access to services available via that Port 2 Supplicant A Port that attempts to access services offered by the Authenticator Additionally there exists a third role 3 Authentication server Performs the authentication function necessary to check the credentials of the Supplicant on b...

Page 619: ...rts 1 0 5 1 0 8 enter 150 to assign these ports to the guest VLAN You can configure additional settings to control access to the network through the ports See Port Security Interface Configuration on page 6 486 for information about the settings 4 Click Apply 5 From the 802 1X Configuration screen set the Port Based Authentication State and Guest VLAN Mode to Enable and then click Apply See Port S...

Page 620: ...w separate paths each based on an independent Multiple Spanning Tree Instance MSTI within Multiple Spanning Tree MST Regions composed of LANs and or MSTP Bridges These Regions and the other Bridges and LANs are connected into a single Common Spanning Tree CST IEEE DRAFT P802 1s D13 MSTP connects all Bridges and LANs with a single Common and Internal Spanning Tree CIST The CIST supports the automat...

Page 621: ...y 1 Ensuring that the allocation of VIDs to FIDs is unambiguous 2 Ensuring that each FID supported by the Bridge is allocated to exactly one Spanning Tree Instance The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances represented by the MST Configuration Table With this allocation we ensure that every VLAN is assigned to one and only one...

Page 622: ... see VLAN Configuration on page 3 132 3 From the STP Configuration screen enable the Spanning Tree State option see STP Configuration on page 3 153 Use the default values for the rest of the STP configuration settings By default the STP Operation Mode is MSTP and the Configuration Name is the switch MAC address 4 From the CST Configuration screen set the Bridge Priority value for each of the three...

Page 623: ...11 Create a second MST instance with the following settings MST ID 2 Priority 49152 VLAN ID 500 12 Click Add In this example assume that Switch 1 has become the Root bridge for the MST instance 1 and Switch 2 has become the Root bridge for MST instance 2 Switch 3 has hosts in the Sales department ports 1 0 1 1 0 2 and 1 0 3 and in the HR department ports 1 0 4 and 1 0 5 Switches 1 and 2 also have ...

Page 624: ...onents and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that ma...

Page 625: ...nd on the user is encouraged to try to correct the interference by one or more of the following methods Reorient or relocate the receiving antenna Increase the separation between the equipment and the receiver Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected Consult the dealer or an experienced radio TV technician for help Modif...

Page 626: ...IGMP Snooping 172 LAG 201 MAC Filter 481 Management Access 450 Policy 420 Port Security 484 Port VLAN ID 139 RADIUS Global 433 Secure HTTP 453 SNTP Server 43 Standard IP ACL Example 612 STP 151 TACACS 440 Trap 96 VLAN 132 VLAN example 609 CoS 400 D defaults CoS 611 DES 17 Device View 14 DiffServ 407 DNS 46 download from a remote system 587 E EAP 557 F file management 592 firmware download 587 G gu...

Page 627: ...on 12 P port authentication 466 summary 476 Q QoS 398 802 1p to Queue Mapping 402 R RADIUS 427 server 433 reboot 580 reset configuration to defaults 582 switch 580 RSTP 151 S Simple Network Time Protocol 38 SNMP traps 96 using 17 v1 v2 93 SNTP 38 server configuration 43 server status 45 SSL 453 storm control 493 STP 151 example configuration 620 Status 153 155 Stratum 0 38 1 38 2 38 T T1 38 T2 38 ...

Page 628: ...628 Index ProSafe Gigabit L3 Managed Stackable Switches Software Administration Manual Port VLAN ID 139 PVID 139 ...

Reviews: