Nortel BES50FE-12T PWR User Manual Download Page 152 | Manualshive

Page: 152 / 166

background image

152

BES50 advanced features fundamentals

network through that port. If a device with an unauthorized MAC address
attempts to use the switch port, the intrusion are detected and the switch can
automatically take action by disabling the port and sending a trap message.

802.1X port authentication

Network switches can provide open and easy access to network resources
by simply attaching a client PC. Although this automatic configuration and
access is a desirable feature, it also allows unauthorized personnel to easily
intrude and possibly gain access to sensitive network data.

The IEEE 802.1X standard defines a port-based access control procedure
that prevents unauthorized access to a network by requiring users to first
submit credentials for authentication. Access to all switch ports in a network
can be centrally controlled from a server, which means that authorized
users can use the same credentials for authentication from any point within
the network.

The following figure illustrates an 802.1X port authentication configuration.

Configuring 802.1X port authentication

The switch uses the Extensible Authentication Protocol over LANs (EAPOL)
to exchange authentication protocol messages with the client, and a
remote RADIUS authentication server to verify user identity and access
rights. When a client (Supplicant) connects to a switch port, the switch
(Authenticator) responds with an EAPOL identity request. The client
provides its identity (such as a user name) in an EAPOL response to the

SMB

Using the Nortel Business Ethernet Switch 50 Series

NN47924-301

01.01

Standard

1.00

October 2006

Copyright © 2006, Nortel Networks

Nortel Networks Confidential

.

«
...
150
151
152
153
154
...
»

Summary of Contents for BES50FE-12T PWR

Page 1: ...e Nortel Business Ethernet Switch 50 Series ATTENTION Clicking on a PDF hyperlink takes you to the appropriate page If necessary scroll up or down the page to see the beginning of the referenced section NN47924 301 ...

Page 2: ...Document status Standard Document version 01 01 Document date October 2006 Copyright 2006 Nortel Networks All Rights Reserved ...

Page 3: ...administrator password 23 Adding system information 24 Setting the IP address 24 Setting the IP address manually 25 Setting the IP address automatically 25 BES50 basic configuration 27 Configuring initial settings by using the Quick Start feature 27 Configuring user authentication 29 Configuring user accounts 30 Configuring local and remote logon authentication 31 Configuring port security 32 Conf...

Page 4: ...5 Creating trunk groups 56 Configuring a static trunk 57 Enabling LACP on selected ports 58 Configuring LACP parameters 59 Setting broadcast storm thresholds 60 Configuring port mirroring 61 Configuring rate limits 62 Setting Power over Ethernet 63 Setting the switch power budget 63 Configuring port PoE power priorities 64 Configuring Spanning Tree Algorithm 65 Configuring STA switch settings glob...

Page 5: ...ring Access Control Lists 90 Configuring an Access Control List 90 Binding a port to an Access Control List 93 BES50 administration 95 Resetting the system 95 Changing a PC IP address 96 Displaying system and switch information 97 Displaying switch hardware and software versions 98 Displaying bridge extension capabilities 98 Displaying log messages 99 Displaying connection status 99 Displaying LAC...

Page 6: ...isplay left menu panel of the Web based user interface 120 Determining the BES50 IP address allocated by the DHCP server 120 BES50 installation options 123 Installing the BES50 on a brick or concrete wall 123 Installing the BES50 on a wood wall 124 Installing the BES50 on a rack 124 BES50 fundamentals 125 Switch architecture 125 Power over Ethernet capability 126 Network management options 126 Har...

Page 7: ...tting 147 Link Layer Discovery Protocol 147 Class of Service 147 Default priority for interfaces 148 CoS values and egress queues 148 Weighted Round Robin WRR queuing 148 Layer 3 4 priorities to CoS values 149 DSCP priority 149 Address tables 149 Static addresses 149 Dynamic addresses 150 Voice VLAN autodetection device 150 Simple Network Time Protocol 151 Logon authentication protocols 151 Port s...

Page 8: ...E T pin assignments 160 Specifications 161 Compliances 164 SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 9: ...ing background basic knowledge of networks Ethernet bridging and IP routing familiarity with networking concepts and terminology basic knowledge of network topologies Text conventions This guide uses the following text conventions angle brackets Indicate that you choose the text to enter based on the description inside the brackets Do not type the brackets when you enter the command Example If the...

Page 10: ... Where a variable is two or more words the words are connected by an underscore Example If the command syntax is show at valid_route valid_route is one variable and you substitute one value for it plain Courier text Indicates command syntax and system output for example prompts and system messages Example Set Trap Monitor Filters separator Shows menu paths Example Protocols IP identifies the IP co...

Page 11: ... your Nortel product from a distributor or authorized reseller contact the technical support staff for that distributor or reseller for assistance If you purchased a Nortel service program contact Nortel Technical Support The following information is available online contact information for Nortel Technical Support information about the Nortel Technical Solutions Centers information about the Expr...

Page 12: ...12 Preface SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 13: ...lease 1 00 Features See the following sections for information about feature changes Release 1 0 This is the first release of Using the Nortel Business Ethernet Switch 50 Series SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 14: ...14 New in this release SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 15: ...features see BES50 basic configuration page 27 To set up advanced BES50 management features see BES50 advanced features configuration page 41 To reset the system to change the IP address to view system details or to manage BES50 firmware see BES50 administration page 95 For installation options other than those covered by the Quick Installation Guide for the Nortel Business Ethernet Switch 50 NN47...

Page 16: ...16 Introduction SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 17: ...fault 192 168 1 128 255 255 255 0 0 0 0 0 See Initial configuration page 22 Set a new password by using the Web based user interface Web based user interface access is password controlled Default user name nnadmin default password PlsChgMe See Changing the administrator password page 23 ATTENTION The Web pages of the Web based user interface can load at different speeds depending on which Web brow...

Page 18: ...on 1 5 0_07 b03 or later is installed on your PC Download the latest version from www java com if required ATTENTION The menu on left side of the Web based user interface may not appear if the Java Runtime Environment JRE is not installed 2 Ensure the software programs on your PC enable Java script and Java applets Refer to the corresponding software documentation for instructions Software program...

Page 19: ...uration parameters and statistics ATTENTION If user input does not occur within 5 minutes the current session terminates Procedure steps Step Action 1 In the Web based user interface address bar type the IP address for your host switch For example type http 192 168 1 128 and press Enter 2 Enter the user name and password and click OK Default user name nnadmin Default password PlsChgMe End Logging ...

Page 20: ...gure shows the home page for the BES50GE 12T PWR 12 port switch Other than the number of fixed ports there are no major differences between the 12 port and 24 port switch user interface Menu and management pages Using the onboard Web agent you can define system parameters manage and control the switch and all its ports or monitor network conditions The menu is the same for all pages It contains a ...

Page 21: ... a check box When a check mark appears in the box that selection is enabled You disable a selection by clearing the check box Icons and buttons Icons and buttons perform an action concerning the displayed page or the switch Some pages include a button that opens another page or updates the values shown on the current page Some pages include icons that initiate an action such as reformatting the cu...

Page 22: ...the switch Procedure steps Step Action 1 Place your switch close to the PC that you will use to configure it It helps if you can see the front panel of the switch while you work on your PC 2 Connect the Ethernet port of your PC to any port on the front panel of your switch 3 Insert the power adapter into the DC power socket in front of the switch 4 Plug the other end of the power adapter into a gr...

Page 23: ...guration page enter the new IP address subnet mask and gateway IP address 11 Click Submit End No other configuration changes are required at this stage but Nortel recommends that you change the administrator password before you log off Changing the administrator password Use the User Accounts page to change the switch access passwords Procedure steps Step Action 1 From the main menu choose Adminis...

Page 24: ...use an IP address to manage access to the switch over your network By default the switch uses Dynamic Host Configuration Protocol DHCP to assign IP settings to the management VLAN Default VLAN 1 If you want to manually configure IP settings the IP address and subnet mask must be compatible with your network You may also need to establish a default gateway between the switch and management stations...

Page 25: ...ion page to set the IP address dynamically and to request an IP address from the DHCP server Prerequisites To configure the switch dynamically the network must provide DHCP or BOOTP services Procedure steps to set the IP address automatically Step Action 1 From the main menu choose Configuration IP 2 Select the VLAN through which the management station is attached 3 In the IP Address Mode box sele...

Page 26: ... the management VLAN IP Address Mode Select the configuration method If you select DHCP or BOOTP the IP address does not function until a reply is received from the server The switch periodically broadcasts a request for an IP address IP Address For Static IP Address Mode enter the IP address of the management access VLAN interface Valid IP addresses consist of four numbers 0 to 255 separated by p...

Page 27: ...Configuring initial settings by using the Quick Start feature Use the Quick Start page to quickly set up BES50 features including IP configuration Simple Network Management Protocol SNMP community and trap managers Procedure steps Step Action 1 From the main menu choose Administration Quick Start 2 Enter and select the data for IP configuration SNMP community and trap managers as required by your ...

Page 28: ...55 separated by periods Default 192 168 1 128 Subnet Mask For Static IP Address Mode enter the host address bits used for routing to specific subnets Default 255 255 255 0 Gateway IP address For Static IP Address Mode enter the IP address of the gateway router between this device and management stations that exist on other network segments Default 0 0 0 0 MAC Address The MAC address of this switch...

Page 29: ...s do not use authentication or encryption AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Trap Inform For version 2c and 3 hosts notifications are sent as inform messages Default traps are used Timeout The numb...

Page 30: ... 23 Procedure steps Step Action 1 From the main menu choose Administration Security User Accounts 2 To configure a new user account enter the user name access level and password The default administrator name is nnadmin with the password PlsChgMe 3 Click Add ATTENTION To change the password for a specific user enter the user name and new password and then confirm the password by entering it again ...

Page 31: ...m the main menu choose Administration Security Authentication Settings 2 To configure local or remote authentication preferences select the authentication sequence from the Authentication list one to two methods 3 For RADIUS authentication fill in the required parameters 4 Click Apply End Variable definitions Variable Value Authentication Select the authentication or authentication sequence Local ...

Page 32: ...dividual ports Using the port security feature you can configure a switch port with one or more device MAC addresses authorized to access the network through that port To use port security specify a maximum number of addresses to allow on the port and then let the switch dynamically learn the source pair MAC address VLAN for frames received on the port See Configuring 802 1X port settings page 88 ...

Page 33: ...port Default Disabled Trunk Trunk number if port is a member LACP Indicates whether Link Aggregation Control Protocol LACP is enabled or disabled Configuring event logging Use these procedures to control the logging of error messages including the type of events recorded in switch memory and logging to a remote System Log syslog server Navigation Configuring the system logs page 33 Configuring the...

Page 34: ...e logging of debug or error messages to the logging process Flash Level Enter the highest level of log message to save to the switch permanent flash memory For example specify level 3 to log all messages from level 0 to level 3 to flash Range 0 to 7 Default 3 RAM Level Enter the highest level of log message to save to the switch temporary RAM memory For example specify level 7 to log all messages ...

Page 35: ...e Logging Trap fields type the event level 4 To add an IP address to the Host IP List type the new IP address in the Host IP Address box and then click Add 5 To delete an IP address click the entry in the Host IP List and then click Remove 6 Click Submit End Variable definitions Variable Value Remote Logs Remote Log Status Select to enable the logging of debug or error messages to the remote loggi...

Page 36: ...y preventing illegal users from logging on to and accessing switches Procedure steps Step Action 1 From the main menu choose Applications Application Filtering 2 For each port select the appropriate check boxes to enable the required access 3 Click Submit End Variable definitions Variable Value FTP Select to enable filtering SSH Select to enable filtering TELNET Select to enable filtering TFTP Sel...

Page 37: ... Month Day and Year fields ATTENTION The Year field must be at least 2001 3 To set time automatically a Select Set the system time using Simple Network Time Protocol SNTP automatically b From the Time Zone list select the appropriate time zone c Complete the settings in the Automatic and SNTP Server tables as required See Setting daylight saving time page 37 for details 4 Click Submit End Setting ...

Page 38: ...g the system time Options set the system time manually or set the system time automatically using SNTP Manual For manual time setting enter the time and date If the time is set manually the system clock resets each time the switch is rebooted Automatic For automatic time setting configure the switch so the SNTP automatically sets the time and date Enter the values for the parameters as required Ti...

Page 39: ...erver if this fails it attempts an update from the second server Polling Interval For automatic time setting select the interval between sending requests for a time update from a time server Range 16 to 16384 seconds Default 16 seconds SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 40: ...40 BES50 basic configuration SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 41: ...e 62 Setting Power over Ethernet page 63 Configuring Spanning Tree Algorithm page 65 Configuring IEEE 802 1Q VLANs page 69 Link Layer Discovery Protocol LLDP configuration page 75 Configuring Class of Service page 76 Configuring Quality Of Service QoS page 81 Configuring address tables page 84 Voice VLAN configuration page 85 Configuring 802 1X port authentication page 87 Configuring Access Contro...

Page 42: ... with the required notification messages See Setting SNMP version 3 views page 48 4 Create a group that includes the required notify view See Creating SNMP version 3 groups page 52 Sending an inform message to an SNMP version 3 host You can send an inform message to an SNMP version 3 host by completing the following procedures 1 Enable the SNMP agent See Enabling SNMP service page 46 2 Enable trap...

Page 43: ...urrently configured community strings Community String Type the name of the community string The name acts like a password and permits access to the SNMP protocol Default strings PlsChgMe RO read only access PlsChgMe RW read write access Range 1 to 32 characters case sensitive Access Mode Specify the access rights for the community string Read Only Authorized management stations can only retrieve ...

Page 44: ...ord authentication and SNMP access to the switch However if you specify a SNMP version 3 host with the no authentication noAuth option an SNMP user account is automatically generated and the switch authorizes SNMP access for the host Prerequisites For SNMP version 3 authentication or encryption options authNoPriv or authPriv you must first define the user name in the SNMP version 3 Users page See ...

Page 45: ...t noAuthNoPriv noAuthNoPriv SNMP communications do not use authentication or encryption AuthNoPriv SNMP communications use authentication but the data is not encrypted AuthPriv SNMP communications use both authentication and encryption Trap Inform For version 2c and 3 hosts notifications are sent as inform messages Default traps are used Timeout The number of seconds to wait for an acknowledgment ...

Page 46: ...gine ID page 46 Setting a remote engine ID page 47 Setting SNMP version 3 views page 48 Configuring SNMP version 3 users page 49 Changing the assigned group for an SNMP version 3 user page 50 Configuring remote SNMP version 3 users page 51 Creating SNMP version 3 groups page 52 Setting the local engine ID Use this procedure to set the SNMP version 3 engine ID on the BES50 if it is different from t...

Page 47: ...er for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host SNMP passwords are localized by using the engine ID of the authoritative agent For inform messages the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent S...

Page 48: ...ion 1 From the main menu choose Configuration SNMPv3 Views 2 Click New 3 In the SNMPv3 View Edit page for each Object Identifier OID subtree type a view name and select the type to specify which OID subtrees to include or exclude 4 Click Add to save the new view 5 Click Back to return to the SNMPv3 Views list End Variable definitions SNMPv3 View Edit page Variable Value View Name Type the name of ...

Page 49: ...NMP version 3 users Use this procedure to assign SNMP version 3 users to groups A unique name defines each SNMP version 3 user Each user must be configured with a specific security level and assigned to a group community access string The SNMP version 3 group restricts users to a specific read write and notify view Procedure steps Step Action 1 From the main menu choose Configuration SNMPv3 Users ...

Page 50: ...t the user authentication method Options MD5 SHA Default MD5 Authentication Password For AuthNoPriv or AuthPriv security level type an authorization password with a minimum of eight plain text characters Privacy The encryption algorithm used for data privacy only 56 bit DES is currently available Changing the assigned group for an SNMP version 3 user Use the SNMPv3 Users page to change the assigne...

Page 51: ...ox appears Click OK to access the Remote Engine ID configuration page See Setting a remote engine ID page 47 to configure the remote engine ID before proceeding to the next step 4 In the Remote Users New page type a name for the user and assign the user to a group 5 Select the Security Model and Level User Authentication and Data Privacy settings for the user 6 Click Submit End Variable definition...

Page 52: ...pe an authorization password with a minimum of eight plain text characters Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password Type a privacy password with a minimum of eight plain text characters Creating SNMP version 3 groups An SNMP version 3 group sets the access policy for its assigned users restricting them to specific read w...

Page 53: ...per option button and type a name for notifications or click the lower option button and select the configured view from the list Range 1 to 64 characters Supported notification messages Object label Object ID Description RFC 1493 Traps newRoot 1 3 6 1 2 1 17 0 1 This trap indicates that the sending agent is the new Spanning Tree root A bridge sends the trap soon after its election as the new root...

Page 54: ...he corresponding traps on the SNMP Configuration menu authenticationFailure 1 3 6 1 6 3 1 1 5 5 This trap signifies that the SNMP version 2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMP version 2 must be capable of generating this trap the snmpEnableAuthenTraps object indicates whether this trap is generated ...

Page 55: ...notification indicates that the PSE Threshold usage indication is on The power usage is above the threshold pethMainPower UsageOffNotification 1 3 6 1 4 1 202 20 41 63 2 1 0 46 This notification indicates that the PSE Threshold usage indication is off The power usage is below the threshold Configuring ports and trunks Use these procedures to configure ports and trunks In this section the term inte...

Page 56: ...alf duplex operation 10full Supports 10 Mb s full duplex operation 100half Supports 100 Mb s half duplex operation 100full Supports 100 Mb s full duplex operation 1000full Supports 1000 Mb s full duplex operation Clear to disable autonegotiation and to configure speed duplex and flow control manually Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10half 10full 100half 100fu...

Page 57: ...ll 1000BASE TX Treat all the ports in a trunk as a whole when moving adding or deleting them to or from a VLAN Configuring a static trunk Use this procedure to configure static trunks You can create up to six trunks on the switch with up to four ports for each trunk When you configure static trunks keep in mind the following You may not be able to link switches of different types depending on the ...

Page 58: ...in the network enable LACP before you connect the ports and disconnect the ports before you disable LACP After LACP is enabled on the connected ports the trunk is activated automatically A trunk formed with another switch by using LACP is automatically assigned to the next available trunk ID If more than four ports attached to the same target switch are LACP enabled the additional ports are placed...

Page 59: ...orts must have the same LACP port administration key However if the port channel administration key is set then the port administration key must be set to the same value for a port to be allowed to join a channel group If the port channel LACP administration key is not set when a channel group is formed if it has a null value of 0 this key is set to the same value as the port administration key us...

Page 60: ... is used to indicate a specific LAG during LACP negotiations with other systems Range 0 to 65 535 Default 32 768 Admin Key Enter the same value for ports that belong to the same LAG Range 0 to 65535 Default 1 Port Priority Enter the value to determine the LACP port priority backup link if a link goes down Range 0 to 65 535 Default 32 768 Set Port Partner This menu sets the remote side of an aggreg...

Page 61: ...threshold setting is a global setting for all ports Default 64 packets per second Trunk Indicates the trunk number if the port is a member Configuring port mirroring Use this procedure to configure traffic to mirror from any source port to a target port for real time analysis Prerequisites All mirror sessions must share the same destination port The VLAN must include the target port and the source...

Page 62: ...guring rate limits Use this procedure to configure the input and output rate limits for ports and trunks Procedure steps Step Action 1 From the main menu choose Rate Limit then choose one of the following options a Input Port Configuration For BES50FE 12 24T only b Input Trunk Configuration c Output Port Configuration d Output Trunk Configuration 2 For each port and trunk select the Rate Limit Sta...

Page 63: ...ts so that power can be centrally managed preventing overload conditions at the power source If the power demand from devices connected to the switch exceeds the power budget setting the switch uses port power priority settings to limit the supplied power Procedure steps Step Action 1 From the main menu choose Configuration PoE Power Configuration 2 Type the desired power allocation ATTENTION Nort...

Page 64: ...e Priority and type the required Power Allocation value 4 Click Submit End Variable definitions Variable Value Port The port number on the switch Admin Status Select to enable PoE power on the port Power is automatically supplied when a device is detected on the port providing that the power demanded does not exceed the switch or port power budget Default Enabled ATTENTION If the power required by...

Page 65: ... to apply STA settings to the entire switch Procedure steps Step Action 1 From the main menu choose Applications Spanning Tree STA Configuration 2 In the Switch When the Switch Becomes Root and Advanced tables modify the required attributes 3 Click Submit End Variable definitions Variable Value Switch Spanning Tree State Select to enable STA on this switch Default Enabled Spanning Tree Type Select...

Page 66: ...work LAN If it is a root port a new root port is selected from among the device ports attached to the network In this instance the term ports refers to both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay Type the maximum time in seconds the device waits before changing states For example changing from discarding ...

Page 67: ...ications Spanning Tree STA Trunk Configuration 2 Modify the required attributes 3 Click Submit End Variable definitions Variable Value Port The port number Spanning Tree Select to enable STA on this interface Default Enabled STA State Indicates the current state of this port within the Spanning Tree Protocol Discarding Port receives STA configuration messages but does not forward packets Learning ...

Page 68: ...lex 1 000 000 Trunk 500 000 Fast Ethernet Half duplex 200 000 Full duplex 100 000 Trunk 50 000 Gigabit Ethernet Full duplex 10 000 Trunk 5 000 Admin Link Type Select the link type attached to this interface as follows Point to Point To connect to exactly one other bridge Shared To connect to two or more bridges Auto To configure the switch to automatically determine the link type Default Auto Admi...

Page 69: ...you must first assign each port to the VLAN groups in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want the port to carry traffic for one or more VLANs and for any intermediate network devices or for the host at the other end of the connection support VLANs Assign ports on the other VLAN aware network devices along the p...

Page 70: ... the network Procedure steps Step Action 1 From the main menu choose Applications VLAN 802 1Q VLAN GVRP Status 2 Select the GVRP check box to enable the global setting 3 Click Submit End Setting up VLANs Use this procedure to create or remove VLAN groups To propagate information about VLAN groups used on this switch to external network devices you must specify a VLAN ID for each group Procedure st...

Page 71: ...e connected to 802 1Q VLAN compliant devices or untagged if they are not connected to any VLAN aware devices Or configure a port as forbidden to prevent the switch from automatically adding it to a VLAN through the GVRP You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index However this configuration page can add ports to VLANs only as tagged memb...

Page 72: ...bidden Select if the interface is forbidden from automatically joining the VLAN through GVRP None Select if the interface is not a member of the VLAN Packets associated with this VLAN are not transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page Adding static members to VLANs port in...

Page 73: ...ration Protocol GMRP use GARP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate Do not change these values unless you are experiencing difficulties with GMRP or GVRP registration or deregistration Prerequisites At least one port on the switch must be a member of the VLA...

Page 74: ...they are not a member are flooded to all other ports except for those VLANs explicitly forbidden on this port Default Disabled GVRP Status Select to enable GVRP for the interface GVRP must be globally enabled for the switch before this setting can take effect When disabled any GVRP packets received on this port are discarded and no GVRP registrations are propagated from other ports Default Disable...

Page 75: ... last table on the VLAN Static Table page Link Layer Discovery Protocol LLDP configuration Use these procedures to configure devices to share information Navigation Configuring the LLDP page 75 Configuring the LLDP interfaces page 76 Configuring the LLDP Use the LLDP Configuration page to configure the LLDP for the switch Procedure steps Step Action 1 From the main menu choose Application LLDP Con...

Page 76: ...interface Procedure steps Step Action 1 From the main menu choose Application LLDP Port Configuration or choose Application LLDP Trunk Configuration 2 Select the required setting values for each port and trunk 3 Click Submit End Variable definitions Variable Value Admin Status Select the required status Transmit Tx Receive Rx Transmit and Receive TxRx or Disabled SNMP Notification Select to enable...

Page 77: ...ose Applications Priority Default Trunk Priority 2 Type the default priority level for each port and trunk 3 Click Submit End Variable definitions Variable Value Default Priority Type priority level assigned to untagged frames received on the specified interface Range 0 to 7 Default 0 Number of Egress Traffic Classes The number of queue buffers provided for each port Mapping CoS values to egress q...

Page 78: ...to 3 where 3 is the highest CoS priority queue Mapping CoS values to egress queues table Queue 0 1 2 3 Priority 1 2 0 3 4 5 6 7 CoS priority levels table Priority level Traffic type 0 default Best Effort 1 Background 2 Spare 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 10 milliseconds latency and jitter 7 Network Control Selecting the...

Page 79: ...ress queues in sequential order transmitting all traffic in the higher priority queues before servicing lower priority queues Setting the service weight for traffic classes Use this procedure to set the frequency at which each queue is polled for service and subsequently affect the response time for software applications assigned a specific priority value Procedure steps Step Action 1 From the mai...

Page 80: ...d Variable definitions Variable Value IP DSCP Priority Status Select to enable mapping of Layer 3 4 priorities by using Differentiated Services Code Point mapping Mapping DSCP priority Use this procedure and the Mapping DSCP priority table page 81 to map Layer 3 4 traffic priorities to CoS values IP DSCP settings apply to all interfaces Procedure steps Step Action 1 From the main menu choose Appli...

Page 81: ... 20 22 24 3 26 28 30 32 34 36 4 38 40 42 5 48 6 46 56 7 Configuring Quality Of Service QoS Use these procedures to set the QoS values Navigation Configuring class maps page 81 Configuring policy maps page 82 Configuring service policy settings page 83 Configuring class maps Use the Class Map page to remove a class update the name and description or edit the rules for a class map Procedure steps St...

Page 82: ...vices Code Point Mapping Source IP Filters packets matching a specified source IP address Destination IP Filters packets matching a specified destination IP address Priority The priority that is assigned to untagged frames received on the specified interface Source MAC Filters packets matching a specified source MAC address Destination MAC Filters packets matching a specified destination MAC addre...

Page 83: ...Policy Rules Setting Set and define either CoS IP DSCP or IP Precedence Meter Set the meter rate and burst Exceed Set or drop IP DSCP Configuring service policy settings Use this procedure to configure ingress for policies Prerequisites A policy map must be configured See Configuring policy maps page 82 Procedure steps Step Action 1 From the main menu choose Applications QoS DiffServ Service Polic...

Page 84: ...aging time page 84 Setting static addresses page 85 Changing the aging time You can change the aging time for entries in the dynamic address table Procedure steps Step Action 1 From the main menu choose Applications Address Table Address Aging 2 Specify the new aging time 3 Click Submit End Variable definitions Variable Value Aging Status Select to enable the aging time Aging Time Type the time af...

Page 85: ...the device assigned a static address VLAN Select the ID of the configured VLAN Range 1 to 4 094 MAC Address Type the physical address of a device mapped to this interface Voice VLAN configuration Use these procedures to manually configure voice VLAN Navigation Configuring voice VLAN on the BES50 global setting page 85 Configuring voice VLAN on ports page 86 Configuring voice VLAN on the BES50 glob...

Page 86: ...port within the aging time the port is automatically deleted from voice VLAN Default 1 440 minutes For BES50FE 12 24T only Telephony OUI To create the OUI address type the first 3 byte values of the MAC address and set the remaining 3 bytes values to zero Mask Select the MAC address Description Type a description for the telephony OUI Configuring voice VLAN on ports Use this procedure to manually ...

Page 87: ...to filter out traffic Options OUI or 802 1AB Configuring jumbo frames BES50GE 12 24T PWR only On the BES50GE 12 24T PWR version use the Jumbo Frames page to enable jumbo frames to support data packets 9000 bytes in size Procedure steps Step Action 1 From the main menu choose Configuration Jumbo Frames 2 Select the Enable check box to enable jumbo packet status End Configuring 802 1X port authentic...

Page 88: ...ndows otherwise the 802 1x client must support MD5 Configuring 802 1X global settings Use this procedure to set up client authentication Procedure steps Step Action 1 From the main menu choose Administration Security 802 1X 802 1X Configuration 2 Enable 802 1X globally for the switch 3 Click Submit End Variable definitions Variable Value 802 1X System Authentication Control Select to enable the gl...

Page 89: ...nts either 802 1x aware or otherwise Force Unauthorized Forces the port to deny access to all clients either 802 1x aware or otherwise Re authen Select to reauthenticate the client after the interval specified by the reauthentication period When enabled reauthentication can detect if a new device is plugged into a switch port Default Disabled Max Request Type the maximum number of times the switch...

Page 90: ...umber or TCP control code To filter incoming packets first create an access list add the required rules specify a mask to modify the precedence in which the rules are checked and then bind the list to a specific port Navigation Configuring an Access Control List page 90 Binding a port to an Access Control List page 93 Configuring an Access Control List Use this procedure to designate the name and ...

Page 91: ...p additional ACLs End Variable definitions for the ACL configuration page Variable Value Name Type the name of the ACL Maximum length 15 characters Type Select the ACL filter type Standard filters packets based on the source IP address Extended filters packets based on the source or destination IP address as well as the protocol type and protocol port number Variable definitions for the Standard I...

Page 92: ...fies a range of addresses Source Destination IP Address For Host and IP address types type a source IP or destination address The address is automatically generated if Any is the selected address type Format xxx xxx xxx xxx Source Destination Subnet Mask For IP address type type a subnet mask The mask is automatically generated if Any is the selected address type Format xxx xxx xxx xxx Protocol Se...

Page 93: ...mask must be configured for an ACL If the IP address type is Any the mask is automatically generated Procedure steps Step Action 1 From the main menu choose Administration Security ACL Port Binding 2 Select the Enable check box for the port you want to bind to an ACL for ingress traffic 3 Select the required ACL 4 Click Submit End Variable definitions Variable Value Port Fixed port or optional mod...

Page 94: ...94 BES50 advanced features configuration SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 95: ...tton is located inside the housing approximately 2 54 cm 1 inch from the faceplate Use a nonmetallic object to press the reset button at the location indicated on the front panel See BES50FE GE 12T PWR front panel page 127 or BES50FE GE 24T PWR front panel page 127 2 From the main menu choose Administration Reset 3 To reboot the switch and maintain current settings click Reset 4 To reset the switc...

Page 96: ...otocol TCP IP Properties dialog box click Use the following IP address Then type your intended IP address subnet mask and default gateway in the provided boxes 5 Click OK to save the changes End Procedure steps to change the IP address of a Windows XP PC Step Action 1 From the PC start menu choose Start Control Panel Network Connections 2 For the IP address you want to change right click the netwo...

Page 97: ...wer status page 103 Displaying port statistics page 103 Displaying STA switch settings global settings page 106 Displaying STA settings for interfaces page 107 Displaying basic VLAN information page 109 Displaying current VLANs page 109 Displaying LLDP local device information page 110 Displaying LLDP remote device information page 110 Displaying detailed LLDP remote information page 111 Displayin...

Page 98: ...tension capabilities The bridge Management Information Base MIB includes extensions for managed devices that support multicast filtering traffic classes and VLANs You can access these extensions to display default settings for the key variables To open this page from the main menu choose Configuration Bridge Extension Configuration Bridge Capability page items Item Description Extended Multicast F...

Page 99: ...and autonegotiation To open these pages from the main menu choose Configuration Port Port Information or choose Configuration Port Trunk Information Port Information and Trunk Information page items Item Description Port The port number Name The interface label Type The port type 100BASE TX 1000BASE GBIC 100BASE FX S 100BASE FX M 1000BASE T or SFP Admin Status Indicates whether the interface is en...

Page 100: ...t type Marker Illegal Pkts Number of frames that carry the Slow Protocols Ethernet type value but contain a badly formed PDU or an illegal value of the protocol subtype Displaying local LACP settings and status Use the Link Aggregation Control Protocol LACP Port Internal Information page to display the configuration settings and operational state for the local side of a link aggregation To open th...

Page 101: ...o be aggregatable That is the link is a potential candidate for aggregation Timeout Periodic transmission of LACPDUs uses a slow transmission rate LACP Activity The activity control value with regard to this link 0 Passive 1 Active Displaying remote LACP settings and status Use the LACP Port Neighbors Information page to display the configuration settings and operational state for the remote side ...

Page 102: ...ation Group the group is associated with a compatible aggregator and the identity of the Link Aggregation Group is consistent with the system ID and operational key information transmitted Aggregation The system considers this link to be aggregatable That is the link is a potential candidate for aggregation Timeout Periodic transmission of LACPDUs uses a slow transmission rate LACP Activity The ac...

Page 103: ... breakdown of traffic based on the RMON MIB Interfaces and Ethernet like statistics display errors on the traffic passing through each port You can use this information to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing throug...

Page 104: ...g them from being deliverable to a higher layer protocol Transmit Octets The total number of octets transmitted out of the interface including framing characters Transmit Unicast Packets The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Transmit Multicast Packets The total number of packe...

Page 105: ...s A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a particular interface Frames Too Long A count of frames received on a particular interface that exceed the maximum permitted frame size Deferred Transmissions A count of frames for which the first transmission attempt on a particular interface is delayed because the medium is busy Internal MAC Receive Errors A...

Page 106: ...number of octets fall within the specified range excluding framing bits but including FCS octets Displaying STA switch settings global settings Use the STA Information page to display a summary of the current bridge Spanning Tree Algorithm STA information that applies to the entire switch To open this page from the main menu choose Applications Spanning Tree STA Information STA Information page it...

Page 107: ...ange Time since the Spanning Tree was last reconfigured Displaying STA settings for interfaces Use the STA Port Information and STA Trunk Information pages to display the current status of ports and trunks in the Spanning Tree To open these pages from the main menu choose Applications Spanning Tree STA Port Information or Applications Spanning Tree STA Trunk Information Port Information and Trunk ...

Page 108: ...guring STA settings for interfaces page 67 Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by autodetection as described for Admin Link Type in Configuring STA settings for interfaces page 67 Oper Edge Port This parameter is initialized to the setting for Admin Edge Port in Configuring STA se...

Page 109: ...Use VLAN tagging to assign ports to a large VLAN group that crosses several switches However to create a small port based VLAN for one or two switches you can disable tagging Use the VLAN Current Table page to display current VLANs To open this page from the main menu choose Applications VLAN 802 1Q VLAN Current Table and select the VLAN ID from the list VLAN Current Table page items Item Descript...

Page 110: ...mber of the port Port ID MAC address for the port Trunk Trunk number if the port is a member Displaying LLDP remote device information Use the Remote Port Information and Remote Trunk Information pages to display the Link Layer Discovery Protocol LLDP information for the remote devices connected to the interfaces To open these pages from the main menu choose Applications LLDP Remote Port Informati...

Page 111: ...Device Statistics Neighbor Entries List Last Updated Time since the LLDP neighbor entry list was last updated New Neighbor Entries Count Number of the neighbor entries on the list Neighbor Entries Dropped Count Number of the neighbor entries dropped from the list Neighbor Entries AgeOutCount Number of aged out neighbor entries Reinitialization Delay 0 10 Delay in seconds for reinitialization LLDP ...

Page 112: ...d by the port TLVs Discarded Number of TLVs discarded by the port Neighbor Ageouts Number of aged out neighbor entries Displaying the address table Use the Dynamic Addresses page to display the MAC addresses learned by monitoring the source address for traffic entering the switch Procedure steps Step Action 1 From the main menu choose Applications Address Table Dynamic Addresses 2 Specify the sear...

Page 113: ...tion System Information System Information page items Item Description sysDescription Description of the switch sysUpTime Length of time the management agent has been operational sysContact Administrator responsible for the system sysName Name assigned to the switch sysLocation The system location Displaying 802 1X global settings The 802 1X protocol provides client authentication To open this pag...

Page 114: ...l EAP Resp Id frames received by this authenticator Rx EAP Resp Oth The number of valid EAP Response frames other than Resp Id frames received by this authenticator Rx EAP LenError The number of EAPOL frames received by this authenticator in which the Packet Body Length field is invalid Rx Last EAPOLVer The protocol version number carried in the most recently received EAPOL frame Rx Last EAPOLSrc ...

Page 115: ... code page 116 Downloading system software from a server When you download runtime code you can specify the destination file name to replace the current image or you can first download the file by using a different name from the current runtime code file and then set the new file as the startup file Procedure steps Step Action 1 From the main menu choose Configuration File Software Maintenance 2 F...

Page 116: ...e a new file name Deleting files Use this procedure to delete files from the switch Procedure steps Step Action 1 From the main menu choose Configuration File Delete 2 Select the check box beside the name of the file that you want to delete 3 Click Submit ATTENTION You cannot delete the file currently designated as the startup code End Setting the startup code Use this procedure to set the startup...

Page 117: ...ast update of the test appears Each number represents a fault distance in meters for both transmit and receive For example 0 0 represents no fault found during the cable test 20 20 represents a fault 20 meters from the switch in the cable line for transmit and receive End Variable definitions Variable Value Port The port number Test Result The test result Cable Fault Distance The cable fault dista...

Page 118: ...e steps Step Action 1 Check for loose connections 2 Check the power outlet by using it for another device 3 Replace the AC power cord End Link LED does not light after connection is made Use the procedure in this section to troubleshoot this problem Probable causes The switch port network card or cable may be defective Procedure steps Step Action 1 Check that the switch and attached device are bot...

Page 119: ...d default gateway 5 Make sure that the management station has an IP address in the same subnet as the switch IP interface to which it is connected 6 If you are trying to connect to the switch through the IP address for a tagged VLAN group confirm that the management station and the ports connecting intermediate switches in the network are configured with the appropriate tag End Forgotten IP addres...

Page 120: ... Java scripting and Java applets are enabled on each of the following Web browser firewall software that controls Java behavior Refer to the respective documentation for details about enabling Java scripting and Java applets 4 Launch the Web based user interface to the BES50 switch End Determining the BES50 IP address allocated by the DHCP server By default the BES50 tries to obtain IP configurati...

Page 121: ... Elements and then choose Find Network Element Business Ethernet Switch 5 From the Network Device Search dialog box click OK to initiate the IP address discovery process The BES50 devices found within the IP address range are added to the Network Elements tree in the Element Navigation Panel 6 In the Navigation Panel right click on the newly discovered IP address or element name and select Web Pag...

Page 122: ...122 BES50 administration SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 123: ... 1 If you mount the switch on a plastered brick or concrete wall mark the position of the mounting screws on the wall so they line up with the two mounting slots on the bottom of the switch 2 Drill two holes of appropriate size for the wall plugs and screws recommended size T3 x 15L Press the plugs firmly into the drilled holes until they are flush with the surface of the wall 3 Insert the screws ...

Page 124: ...se this procedure to install your BES50 on a rackmount Procedure steps Step Action 1 If you mount the switch on a rackmount you need a rackmount shelf The rackmount shelf can be mounted in a standard 19 inch equipment rack with screws The switch then clips into the tabs on the rackmount shelf These tabs prevent the switch from sliding around or falling off the shelf 2 Slide one or two switches ont...

Page 125: ...s support IEEE 802 3af draft standard 802 3af Power over Ethernet capabilities Each port can detect connected 802 3af compliant network devices such as IP Phones or wireless access points and automatically supply the required DC power Navigation Switch architecture page 125 Power over Ethernet capability page 126 Network management options page 126 Hardware components page 126 Key software feature...

Page 126: ...ing its embedded management software You can manage the switch through a network connection in band by using the onboard Web based user interface Hardware components This section describes the BES50 Series hardware components 10 100 1000BASE T ports The BES50FE 12 24T PWR features 12 24 10 100BASE T ports and the BES50GE 12 24T PWR features 12 24 10 100 1000BASE T ports with RJ 45 connectors locat...

Page 127: ...E 24T PWR front panel page 127 and described in the following tables BES50FE GE 12T PWR front panel BES50FE GE 24T PWR front panel Port status LEDs LED Condition Status On green GE amber FE A valid network connection is established with the port Flashing green GE amber FE Traffic is passing through the port Link Act Off A valid network connection is not established with the port SMB Using the Nort...

Page 128: ...y default settings if for example you forget the default IP address your user name or your password Key software features The following table lists the BES50 Series key software features Feature Description Power over Ethernet Powers attached devices using IEEE 802 3af Power over Ethernet PoE Configuration backup and restore Backup to TFTP server Authentication Web based user interface User name a...

Page 129: ...stration Protocol GVRP provide traffic security and efficient use of network bandwidth CoS priority queueing ensures the minimum delay for moving real time multimedia data across the network Some of the management features are briefly described in the following sections For further information see BES50 advanced features fundamentals page 139 Authentication The switch authenticates management acce...

Page 130: ...ks that pass or filter packets matching the permit and deny rules specified in an ingress ACL You can also configure up to seven user defined masks for an ingress ACL The following restrictions apply to ACLs Each frame can process a maximum of 32 ACLs Each ACL can process a maximum of 32 rules Due to resource restrictions do not exceed 10 rules per port The active ACLs are checked in the following...

Page 131: ...rotocol LACP The additional ports dramatically increase the throughput across any connection and provide redundancy by taking over the load if a port in the trunk fails The switch supports up to six trunks Broadcast storm control Broadcast suppression prevents broadcast traffic from overwhelming the network When enabled on a port the level of broadcast traffic passing through the port is restricte...

Page 132: ...ure that only one route exists between any two stations on the network This prevents the creation of network loops However if the chosen path fails for any reason an alternate path is activated to maintain the connection Rapid Spanning Tree Protocol RSTP IEEE 802 1w This protocol reduces the convergence time for network topology changes to about 3 to 5 seconds compared to 30 seconds or more for th...

Page 133: ...ridge does not receive a Hello BPDU after a predefined interval Maximum Age the bridge assumes that the link to the root bridge is down This bridge then initiates negotiations with other bridges to reconfigure the network to reestablish a valid network topology Virtual LANs The switch supports up to 32 Virtual LANs VLANs A VLAN is a collection of network nodes that share the same collision domain ...

Page 134: ...kup and restore You can save the current configuration settings to a file on a TFTP server and later download this file to restore the switch configuration settings Network planning A network switch allows simultaneous transmission of multiple packets through noncrossbar switching This means that it can partition a network more efficiently than bridges or routers The switch is one of the most impo...

Page 135: ...rts built into the front panel In the figure Example of collapsed backbone application page 135 the switch is operating as a collapsed backbone for a small LAN It is providing dedicated 10 100 1000 Mbps full duplex connections to workstations PoE devices and servers Example of collapsed backbone application Network aggregation plan With 12 24 parallel bridging ports that is 12 24 distinct collisio...

Page 136: ...t based VLANs across several switches you need to make a separate connection for each VLAN group This approach is however inconsistent with the Spanning Tree Protocol which can easily segregate ports that belong to the same VLAN When VLANs cross separate switches you need to use VLAN tagging This allows you to assign multiple VLAN groups to the trunk ports that is tagged ports connecting different...

Page 137: ...ub both devices must operate in half duplex mode Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel ...

Page 138: ...138 BES50 fundamentals SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 139: ... Network Management Protocol SNMP is a communication protocol designed specifically for managing devices on a network Equipment commonly managed with SNMP includes switches routers and host computers SNMP is typically used to configure these devices for proper operation in a network environment as well as to monitor them to evaluate performance or detect potential problems Managed devices supporti...

Page 140: ...e security models are defined SNMP version 1 SNMP version 2c and SNMP version 3 Users are assigned to groups that are defined by a security model and specified security levels Each group also has defined security access to a set of MIB objects for reading and writing which are known as views The switch has a default view all MIB objects and default groups defined for security models v1 and v2c Loc...

Page 141: ...lly configured trunk The switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks must be manually configured at both ends of the link and the switches must comply with the IEEE802 3ad link aggregation standard However LACP configured ports can automatically negotiate a trunked link with LACP configured ports on another device You can configure any numb...

Page 142: ...tch power management enables total switch power and individual port power to be controlled within a configured power budget Port power can be automatically turned on and off for connected devices and a per port power priority can be set so that the switch never exceeds its allocated power budget When a device is connected to a switch port its power requirements are detected by the switch before po...

Page 143: ... or high priority port and causes the switch to exceed its budget port power is turned on but the switch drops power to one or more lower priority ports Power is dropped from low priority ports in sequence starting from port number 12 IEEE 802 1Q VLANs In large networks routers are used to isolate broadcast traffic for each subnet into separate domains The switch provides a similar service at Laye...

Page 144: ...ou enable VLANs for the switch you must first assign each port to the VLAN groups in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want the port to carry traffic for one or more VLANs and for any intermediate network devices or for the host at the other end of the connection support VLANs Assign ports on the other VLAN aw...

Page 145: ...pping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers If you implement VLANs that do not overlap but still need to communicate you can connect them by using an external router Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned ...

Page 146: ...uirements are propagated in this way throughout the network allowing GVRP compliant devices to be automatically configured for VLAN groups based solely on end station requests The following figure illustrates how you can you port based VLANs Using port based VLANs To implement GVRP in a network first add the host devices to the required VLANs using the operating system or other application softwar...

Page 147: ...dicated by the frame tag However when the switch receives an untagged frame from a VLAN unaware device it first decides where to forward the frame and then it inserts a VLAN tag reflecting the ingress port default VID GVRP global setting GARP VLAN Registration Protocol GVRP defines a way for switches to exchange VLAN information to register VLAN members on ports across the network VLANs are dynami...

Page 148: ... Class of Service CoS priority tagged traffic by using four priority queues for each port with service schedules based on Weighted Round Robin WRR Up to eight separate traffic priorities are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown in the Mapping CoS values to egress queues table page 78 The priority levels re...

Page 149: ...ty The DSCP is six bits wide allowing coding for up to 64 different forwarding behaviors The DSCP replaces the ToS bits and it retains backward compatibility with the three precedence bits so that non DSCP compliant ToS enabled devices do not conflict with the DSCP mapping Based on network policies different kinds of traffic can be marked for different kinds of forwarding The DSCP default values a...

Page 150: ...e untagged packets sent out when the IP Phone is powered on in manual mode however you must add ports to a voice VLAN manually Both of the modes forward the tagged packets sent by the IP Phone without learning the address Because there are multiple types of IP Phones you must ensure that the mode on a port matches the IP Phone Correspondence between port mode and IP Phone Voice VLAN mode Type of I...

Page 151: ...erver IP addresses The switch attempts to poll each server in the configured sequence Logon authentication protocols Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to control access to RADIUS aware devices on the network An authentication server contains a database of multiple user name and password pairs with ass...

Page 152: ...bmit credentials for authentication Access to all switch ports in a network can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network The following figure illustrates an 802 1X port authentication configuration Configuring 802 1X port authentication The switch uses the Extensible Authentication Prot...

Page 153: ...f the client software and the RADIUS server The authentication method must be MD5 The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client credentials and responds with an accept or reject packet If authentication is successful the switch allows the client to access the network Otherwise network access is denied and ...

Page 154: ...154 BES50 advanced features fundamentals SMB Using the Nortel Business Ethernet Switch 50 Series NN47924 301 01 01 Standard 1 00 October 2006 Copyright 2006 Nortel Networks Nortel Networks Confidential ...

Page 155: ...efaults set this file as the startup configuration file See Downloading system software from a server page 115 The following table lists some of the basic system defaults System defaults table Function Parameter Default Privileged Level User name nnadmin Password PlsChgMe RADIUS Authentication Disabled 802 1X Port Authentication Disabled Authentication Port Security Disabled HTTP Server Enabled We...

Page 156: ... Port trunking LACP Disabled Status Enabled all ports Broadcast storm protection Broadcast Limit Rate 64 packets per second Status Enabled STP Defaults All values based on IEEE 802 1D Spanning Tree Protocol Fast Forwarding Edge Port Disabled Address Table Aging Time 300 seconds Default VLAN 1 PVID 1 Acceptable Frame Type All Ingress Filtering Enabled For the BES50GE disabled is not available Switc...

Page 157: ... and pin assignments CAUTION Do not plug a phone jack connector into any RJ 45 port Use only twisted pair cables with RJ 45 connectors that conform with FCC standards For 10 100BASE TX connections the twisted pair cable must have two pairs of wires For 1000BASE T connections the twisted pair cable must have four pairs of wires Each wire pair is identified by two different colors For example one wi...

Page 158: ...rts on the switch base unit support automatic MDI MDI X operation you can use straight through cables for all network connections to PCs or servers or to other switches or hubs In straight through cable pins 1 2 3 and 6 at one end of the cable are connected straight through to pins 1 2 3 and 6 at the other end of the cable When using any RJ 45 port on this switch you can use either straight throug...

Page 159: ...nnect all four wire pairs as shown in the following diagram to support Gigabit Ethernet connections Straight through wiring diagram Crossover wiring If the twisted pair cable is to join two ports and either both ports are labeled with an X MDI X or neither port is labeled with an X MDI a crossover must be implemented in the wiring When autonegotiation is enabled for any RJ 45 port on this switch y...

Page 160: ...ble for 1000BASE T connections Also be sure that the length of any twisted pair connection does not exceed 100 meters 328 feet 1000BASE T MDI and MDI X port pinouts table Pin MDI signal name MDI X signal name 1 Bi directional Data One Plus BI_D1 Bi directional Data Two Plus BI_D2 2 Bi directional Data One Minus BI_D1 Bi directional Data Two Minus BI_D2 3 Bi directional Data Two Plus BI_D2 Bi direc...

Page 161: ...o run 1000BASE T If your existing Category 5 installation does not meet one of the test parameters for 1000BASE T you can apply three measures to try to correct the problem 1 Replace any Category 5 patch cables with high performance Category 5e or Category 6 cables 2 Reduce the number of connectors used in the link 3 Reconnect some of the connectors in the link Specifications The tables in this se...

Page 162: ... 1 2 3 9 SMTP Email Alerts Management features Feature Description In band management Web based HTTP Software loading TFTP in band SNMP Management access through the MIB database Trap management to specified hosts RMON Groups 1 2 3 9 Statistics History Alarm Event Physical characteristics Feature Description Ports BES50FE 12 24T PWR 12 24 10 100BASE TX with auto negotiation BES50GE 12 24T PWR 12 2...

Page 163: ...scription Spanning Tree Protocol IEEE 802 1D Spanning Tree Protocol Forwarding mode Store and forward Throughput Wire speed Flow control Full Duplex IEEE 802 3 2002 Half Duplex Back pressure Broadcast storm suppression Traffic throttled above a critical threshold VLAN support Up to 16 groups port based or with 802 1Q VLAN tagging GVRP for automatic VLAN learning private VLANs Multicast switching I...

Page 164: ...EE 802 1D Bridging IEEE 802 3ad Link Aggregation IEEE 802 1Q VLAN Bridge Management IEEE 802 1x Port access control IEEE 802 3x full duplex flow control ISO IEC 8802 3 Carrier sense multiple access with collision detection CSMA CD Compliances The following table lists compliances associated with the BES50 Series Feature Description Emissions Industry Canada Class A EN55022 CISPR 22 Class A EN 6100...

Page 165: ......

Page 166: ...ada and the United States of America The information in this document is subject to change without notice The statements configurations technical data and recommendations in this document are believed to be accurate and reliable but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information...

Reviews:

No comments

Related manuals for BES50FE-12T PWR

i-bus KNX IPR/S 3.5.1

Brand: ABB Pages: 44

BiPAC 4500NZ(L)

Brand: Billion Pages: 146

Sure Cross DX70

Brand: Banner Pages: 35

AT-9424Ts/XP AC

Brand: Allied Telesis Pages: 3

LoadMaster 1500

Brand: KEMP Technologies Pages: 71

Brand: E-TOP Pages: 24

Brand: Intellinet Pages: 12

Brand: TRENDnet Pages: 10

Brand: Lantech Pages: 40

Brand: WABCO Pages: 29

Brand: Aewin Technologies Pages: 86

Brand: MA lighting Pages: 49

Brand: Dataprobe Pages: 16

Brand: Flexwatch Pages: 13

Brand: Net Optics Pages: 2

Brand: Carrier Pages: 18

Brand: Qvis Pages: 233

Brand: Billion Pages: 158

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands