manualshive.com logo in svg

Planet IGSW-2840, User Manual

Share
Download
Planet IGSW-2840 User Manual Download Page 447

User’s Manual of  IGSW-2840   

 

 

447 

Authenticating SSH v1.5 Clients   

a.  The client sends its RSA public key to the switch.   

b.  The switch compares the client's public key to those stored in memory.   

c.  If a match is found, the switch uses its secret key to generate a random 256-bit string as a challenge, encrypts this string 

with the user’s public key, and sends it to the client.   

d.  The client uses its private key to decrypt the challenge string, computes the MD5 checksum, and sends the checksum 

back to the switch.   

e.  The switch compares the checksum sent from the client against that computed for the original string it sent. If the two 

checksums match, this means that the client's private key corresponds to an authorized public key, and the client is 

authenticated.   

 

Authenticating SSH v2 Clients   

a.  The client first queries the switch to determine if DSA public key authentication using a preferred algorithm is acceptable. 

b.  If the specified algorithm is supported by the switch, it notifies the client to proceed with the authentication process. 

Otherwise, it rejects the request.   

c.  The client sends a signature generated using the private key to the switch.   

d.  When the server receives this message, it checks whether the supplied key is acceptable for authentication, and if so, it 

then checks whether the signature is correct. If both checks succeed, the client is authenticated.   

 

 

The SSH server supports up to four client sessions. The maximum number of client 

sessions includes both current Telnet sessions and SSH sessions. 

 

ip ssh server   

This command enables the Secure Shell (SSH) server on this switch. Use the no form to disable this service.   

 

Syntax

   

[no] ip ssh server   

Default Setting 

 

Disabled   

Command Mode

   

Global Configuration   

Command Usage

   

The SSH server supports up to four client sessions. The maximum number of client sessions includes both current Telnet 

sessions and SSH sessions.   

The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and 

then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.   

You must generate DSA and RSA host keys before enabling the SSH server.   

Summary of Contents for IGSW-2840

Page 1: ...User s Manual of IGSW 2840 1 User s Manual IGSW 2840 24 Port 10 100Mbps 4 Gigabit TP SFP Combo Industrial Managed Switch ...

Page 2: ...otection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the...

Page 3: ...uipment end users of electrical and electronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision PLANET 24 Port 10 100Mbps 4 Gigabit TP SFP Combo Industrial Managed Switch User s Manual FOR MODEL IGSW 2840 REVISION 1 0 May 2010 Part No EM IGSW 2840 2080 A92440 000 ...

Page 4: ...tch Rear Panel 33 2 2 Install the Switch 34 2 2 1 Desktop Installation 34 2 2 2 Rack Mounting 35 2 2 3 Installing the SFP transceiver 36 2 2 4 Wiring the Power Inputs 38 2 2 5 Wiring the Fault Alarm Contact 39 3 SWITCH MANAGEMENT 40 3 1 Requirements 40 3 2 Management Access Overview 41 3 3 Administration Console 42 3 4 Web Management 44 3 5 SNMP Based Network Management 44 3 6 Protocols 45 3 6 1 V...

Page 5: ... 2 8 3 Displaying Log Messages 72 4 2 8 4 SMTP E Mail Alert 73 4 2 9 UPNP 75 UPnP Configuration 75 4 2 10 Reset 76 4 2 11 SNTP 77 4 2 11 1 SNTP Configuration 77 4 2 11 2 Clock Time Zone 78 4 2 12 LLDP 79 4 2 12 1 LLDP Configuration 79 4 2 12 2 LLDP Port Configuration 81 4 2 12 3 LLDP Trunk Configuration 84 4 2 12 4 LLDP Local Device Information 87 4 2 12 5 Remote Port Information 89 4 2 12 6 LLDP ...

Page 6: ...guration 121 4 4 6 Port Statistics 122 4 5 Link Aggregation 127 4 5 1 Trunk Information 128 4 5 2 Trunk Configuration 128 4 5 3 Trunk Broadcast Control 130 4 5 4 Trunk Membership 131 4 5 5 LACP 133 4 5 5 1 LACP Configuration 135 4 5 5 2 LACP Aggregation Port 136 4 5 5 3 Displaying LACP Port Counters 139 4 5 5 4 Displaying LACP Settings and Status for the Local Side 140 4 5 5 5 Displaying LACP Stat...

Page 7: ...8 3 2 Private VLAN Configuration 195 4 8 3 3 Private VLAN Association 196 4 8 3 4 Private VLAN Port Information 197 4 8 3 5 Private VLAN Port Configuration 198 4 8 4 Protocol VLAN 200 4 8 4 1 Protocol VLAN Configuration 201 4 8 4 2 Protocol VLAN Port Configuration 202 4 9 Multicast 204 4 9 1 Layer 2 IGMP Snooping and Query 204 4 9 1 1 IGMP Configuration 209 4 9 1 2 IGMP Immediate Leave 211 4 9 1 3...

Page 8: ...y Status 237 4 10 2 6 IP Precedence Priority 238 4 10 2 7 Mapping IP TOS Priority 238 4 10 2 8 IP TOS Priority Status 239 4 10 2 9 IP TOS Priority 240 4 10 2 10 Mapping IP Port Priority 240 4 10 2 11 IP Port Priority Status 241 4 10 2 12 IP Port Priority 242 4 10 2 13 Mapping CoS Values to ACLs 242 4 10 2 14 ACL CoS Priority 243 4 10 3 DiffServ 244 4 10 3 1 Configuring a DiffServ Class Map 245 4 1...

Page 9: ...9 802 1X Port Authentication 281 4 11 9 1 Understanding IEEE 802 1X Port Based Authentication 282 4 11 9 2 Displaying 802 1X Information 285 4 11 9 3 802 1X Configuration 285 4 11 9 4 802 1X Port Configuration 286 4 11 9 5 Displaying 802 1X Statistics 288 4 11 9 6 Windows Platform RADIUS Server Configuration 289 4 11 9 7 802 1X Client Configuration 291 4 11 10 Client Security 294 4 11 11 Port Secu...

Page 10: ...3 Dynamic Information 330 4 12 Cluster 332 4 12 1 Cluster Configuration 332 4 12 2 Cluster Member Configuration 334 4 12 3 Cluster Member Information 334 4 12 4 Cluster Candidate Information 335 5 COMMAND LINE INTERFACE 336 5 1 Using the Command Line Interface 336 5 1 1 Accessing the CLI 336 5 1 2 Console Connection 336 5 1 3 Telnet Connection 336 5 2 Entering Commands 337 5 2 1 Keywords and Argum...

Page 11: ...banner configure company 355 banner configure dc power info 355 banner configure department 356 banner configure equipment info 356 banner configure equipment location 357 banner configure ip lan 358 banner configure lp number 358 banner configure manager info 359 banner configure mux 360 banner configure note 360 show banner 361 5 5 3 System Status Commands 362 show startup config 362 show runnin...

Page 12: ...3 show line 383 5 7 Event Logging Commands 384 logging on 385 logging history 385 logging host 386 logging facility 387 logging trap 387 clear log 388 show logging 388 show log 390 5 8 SMTP Alert Commands 391 logging sendmail host 391 logging sendmail level 392 logging sendmail source email 392 logging sendmail destination email 393 logging sendmail 393 show logging sendmail 394 5 9 Time Commands ...

Page 13: ...nmp server contact 407 Related Commands 407 snmp server host 407 snmp server enable traps 409 snmp server engine id 410 show snmp engine id 411 snmp server view 412 show snmp view 413 snmp server group 413 show snmp group 414 snmp server user 416 show snmp user 417 5 12 Authentication Commands 419 5 12 1 User Account Commands 419 username 419 enable password 420 5 12 2 Authentication Sequence 421 ...

Page 14: ...434 aaa accounting commands 435 aaa accounting update 436 accounting dot1x 436 accounting exec 437 accounting commands 437 aaa authorization exec 438 authorization exec 438 show accounting 439 5 12 6 Web Server Commands 441 ip http port 441 ip http server 441 ip http secure server 442 ip http secure port 443 5 12 7 Telnet Server Commands 444 ip telnet server 444 5 12 8 Secure Shell Commands 445 ip...

Page 15: ...3 show management 464 5 13 Client Security Commands 465 5 13 1 Port Security Commands 466 port security 466 5 13 2 Network Access MAC Address Authentication 467 network access mode 468 network access max mac count 469 mac authentication intrusion action 469 mac authentication max mac count 470 network access dynamic vlan 470 network access guest vlan 471 mac authentication reauth time 471 clear ne...

Page 16: ...e Guard Commands 487 ip source guard 487 ip source guard binding 489 show ip source guard 490 show ip source guard binding 490 5 14 Access Control List Commands 490 5 14 1 IP ACLs 491 access list ip 491 permit deny Standard ACL 492 permit deny Extended ACL 493 show ip access list 495 ip access group 496 show ip access group 496 map access list ip 497 show map access list ip 497 5 14 2 MAC ACLs 498...

Page 17: ...cp 518 lacp system priority 520 lacp admin key Ethernet Interface 521 lacp admin key Port Channel 521 lacp port priority 522 show lacp 523 5 17 Mirror Port Commands 527 port monitor 527 show port monitor 528 5 18 Rate Limit Commands 528 rate limit 529 5 19 Address Table Commands 529 mac address table static 530 clear mac address table dynamic 530 show mac address table 531 mac address table aging ...

Page 18: ... tree mst cost 547 spanning tree mst port priority 548 spanning tree protocol migration 549 show spanning tree 550 show spanning tree mst configuration 552 5 21 VLAN Commands 553 5 21 1 GVRP and Bridge Extension Commands 553 bridge ext gvrp 553 show bridge ext 554 switchport gvrp 555 show gvrp configuration 555 garp timer 555 show garp timer 557 5 21 2 Editing VLAN Groups 558 vlan database 558 vla...

Page 19: ...7 Configuring Protocol based VLANs 576 protocol vlan protocol group Configuring Groups 576 protocol vlan protocol group Configuring Interfaces 577 show protocol vlan protocol group 578 show interfaces protocol group 579 5 21 8 Configuring Voice VLANs 580 voice vlan 580 voice vlan aging 581 voice vlan mac address 581 switchport voice vlan 582 switchport voice vlan rule 583 switchport voice vlan sec...

Page 20: ...on 600 lldp medtlv med cap 601 lldp medtlv network policy 601 show lldp config 602 show lldp info local device 604 show lldp info remote device 605 show lldp info statistics 605 5 23 Class of Service Commands 607 5 23 1 Priority Commands Layer 2 607 queue mode 607 switchport priority default 608 queue bandwidth 609 queue cos map 610 show queue mode 611 show queue bandwidth 611 show queue cos map 6...

Page 21: ...mediate leave 633 show ip igmp snooping 633 show mac address table multicast 634 5 25 2 IGMP Query Commands Layer 2 635 ip igmp snooping querier 635 ip igmp snooping query count 635 ip igmp snooping query interval 636 ip igmp snooping query max response time 637 5 25 3 Static Multicast Routing Commands 638 ip igmp snooping vlan mrouter 638 show ip igmp snooping mrouter 639 5 25 4 IGMP Filtering an...

Page 22: ...I CONFIGURATION To be Continued 658 System 658 System Information 658 Switch Information 659 Display Bridge Extension Capabilities 659 IP Address Configuration 660 Manual IP Configuration 660 Using DHCP BOOTP 660 Sending Simple Mail Transfer Protocol Alerts 660 Setting the System Clock 661 Setting the Time Zone 661 7 SWITCH OPERATION 662 7 1 Address Table 662 7 2 Learning 662 7 3 Forwarding Filter...

Page 23: ...User s Manual of IGSW 2840 23 A 2 10 100Mbps 10 100Base TX 665 APPENDEX B GLOSSARY 667 ...

Page 24: ...tain the carton including the original packing material and use them against to repack the product in case there is a need to return it to us for repair 1 2 Product Description Environmentally Hardened Design for Industrial Networks The PLANET IGSW 2840 is an environmentally hardened Industrial Managed Ethernet Switch with high Port density Gigabit Fiber link capability and 19 rack mountable desig...

Page 25: ...r built in GbE uplink ports also offer incredible extensibility flexibility and connectivity to the Core switch or Servers Flexibility of Power Input and Extension solution The four mini GBIC slots are compatible with 1000Base SX LX and WDM SFP Small Form Factor Pluggable fiber optic modules The distance can be extended from 550 meters Multi Mode fiber cable or up to 10 30 50 70 120 kilometers Sin...

Page 26: ...ation of the Industrial Managed Switch Section 8 TROUBSHOOTING The chapter explains how to trouble shooting of the Industrial Managed Switch Appendix A The section contains cable information of the Industrial Managed Switch 1 4 Product Features Physical Port 24 Port 10 100Mbps Fast Ethernet ports 4 x 10 100 1000Mbps TP and SFP shared combo interfaces SFP Mini GBIC supports 100 1000 Dual Mode Port2...

Page 27: ...oups up to 8 ports per trunk group with 1 6Gbps bandwidth Full Duplex Mode IEEE 802 3ad LACP Link Aggregation Control Protocol Cisco ether channel Static Trunk Spanning Tree Protocol STP IEEE 802 1D Classic Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN Port Mirroring to monitor the incoming or outgoing tr...

Page 28: ...ent SSH v1 v2 switch management SSL v3 switch management BOOTP and DHCP client for IP address assignment Built in Trivial File Transfer Protocol TFTP client Firmware upload download via TFTP Configuration upload download via TFTP SNTP Simple Network Time Protocol Message event error trap logs Logging to local file and syslog server Support Private Enterprise MIB Four RMON groups 1 2 3 9 history st...

Page 29: ...nction ESD Protection 6KV DC Layer 2 Function Management Interface Console Telnet SSH Web Browser SSL SNMPv1 v2c and v3 Port Configuration Port Disable Enable Auto Negotiation 10 100 1000Mbps Full and Half Duplex mode selection Flow Control Disable Enable Port Status Display each port s speed duplex mode link status and Flow control status Auto negotiation status trunk status Bandwidth Control Inp...

Page 30: ...802 3z IEEE 802 3ab IEEE 802 3x IEEE 802 3ad IEEE 802 1D IEEE 802 1w IEEE 802 1s IEEE 802 1p IEEE 802 1Q IEEE 802 1v IEEE 802 1x IEEE 802 1ab 10Base T 100Base TX 1000Base SX LX 1000Base T Flow Control and Back pressure Port trunk with LACP Spanning tree protocol Rapid spanning tree protocol Multiple Spanning tree protocol Class of service VLAN Tagging Protocol VLAN Port Authentication Network Cont...

Page 31: ...anel Figure 2 1 IGSW 2840 Front Panel Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters Gigabit SFP slots 1000Base SX LX mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters Multi mode fiber up to 10 30 50 70 120 kilometers Single mode fiber Console Port The console port is a DB9 RS 232 male seria port connector It is an interface for connectin...

Page 32: ... indicate that the port is operating at 100Mbps Off If LNK ACT LED light indicate that the port is operating at 10Mbps If LNK ACT LED Off indicate that the port is link down Per 10 100 1000Base T port SFP interfaces LED Color Function 1000 LNK ACT Green Lights To indicate the link through that port is successfully established with speed 1000Mbps Blink To indicate that the switch is actively sendin...

Page 33: ...l Power Notice The device is a power required device it means it will not work till it is powered If your networks should active all the time please consider using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime In some area installing a surge suppression device may also help to protect your Industrial Managed Switch from being damaged ...

Page 34: ... ventilation space between the Industrial Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Industrial Managed Switch to network devices Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Industrial Managed Switch Conn...

Page 35: ...ed Switch with supplied screws attached to the package Figure 2 5 Attach brackets to the Industrial Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step3 Secure the brackets tightly Step4 Follow the same steps to attach the second bracket to the opposite side Step5 After the brackets are a...

Page 36: ...e and Multi mode SFP transceiver The following list of approved PLANET SFP transceivers is correct at the time of publication MGB SX SFP 1000BASE SX SFP transceiver MGB LX SFP 1000BASE LX SFP transceiver It recommends using PLANET SFPs on the Industrial Managed Switch Before connect the other Industrial Managed Switches workstation or Media Converter 1 Make sure both side of the SFP transceiver ar...

Page 37: ...e fiber NICs or Media Converters set the Link mode to 1000 Force is needed Remove the transceiver module 1 Make sure there is no network activity by consult or check with the network administrator Or through the management interface of the switch converter if available to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Turn the handle of the MGB module to horizontal 4 Pull out ...

Page 38: ...low to insert the power wire 1 Insert positive negative DC power wires into the contacts 1 and 2 for POWER 1 or 5 and 6 for POWER 2 Figure 2 9 Wiring the redundant power inputs 2 Tighten the wire clamp screws for preventing the wires from loosing 1 2 3 4 5 6 DC 1 DC 2 Figure 2 10 6 Pin Terminal Block power wiring input The wire gauge for the terminal block should be in the range between 12 24 AWG ...

Page 39: ...elow Inserting the wires the Industrial Switch will detect the fault status of the power failure The following illustration shows an application example for wiring the fault alarm contacts 1 Insert the wires into the fault alarm contacts Figure 2 11 Power Fault Alarm trigger description The wire gauge for the terminal block should be in the range between 12 24 AWG ...

Page 40: ...cess Overview Administration Console Access Web Management Access SNMP Access Standards Protocols and Related Reading 3 1 Requirements Workstations of subscribers running Windows 98 ME NT4 0 2000 XP MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connect Terminal PC with COM Port DB 9 RS 232 o...

Page 41: ...et functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Must be near switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Web Browser Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Security can be compro...

Page 42: ...cess The following sections will describe more information about using the console refer to Chapter 5 Command Line Interface Console Management Figure 3 1 Console management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Industrial Managed Switch console serial p...

Page 43: ...u can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP ...

Page 44: ...lorer 6 0 or later Safari or Mozilla Firefox 1 5 or later Figure 3 3 Web management 3 5 SNMP Based Network Management You can use an external SNMP based application to configure and manage the Industrial Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management ...

Page 45: ...gement Protocol SNMP is the standard management protocol for multi vendor IP networks SNMP supports transaction based queries that allow the protocol to format messages and to transmit information between reporting devices and data collection programs SNMP runs on top of the User Datagram Protocol UDP offering a connectionless mode service 3 6 3 Management Architecture All of the management applic...

Page 46: ...to open sockets User has to modify the browser setting to enable Java Applets to use network ports The Industrial Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Industrial Managed Switch For example the default IP address of the IGSW 2840 Industrial Managed Switch is 192 168 0 100 then the manager PC shoul...

Page 47: ...ory default IP Address as following http 192 168 0 100 2 When the following login screen appears please enter the default username admin with default password admin or the username password you have changed via console to login the main screen of Industrial Managed Switch The login screen in Figure 4 1 2 appears Figure 4 1 2 Login screen Default User name admin Default Password admin ...

Page 48: ...ll the commands and statistics the Industrial Managed Switch provides 1 It is recommended to use Internet Explore 6 0 or above to access Industrial Managed Switch 2 Changed IP address will take effect immediately after click on the Apply button you need to use the new IP address to access the Web interface 3 After reboot the switch the IP will change back to the default unless the configuration is...

Page 49: ...n refresh be sure that Internet Explorer is configured so that the setting Check for newer versions of stored pages reads Every visit to the page Internet Explorer 6 x and earlier This option is available under the menu Tools Internet Options General Temporary Internet Files Settings Internet Explorer 7 x This option is available under Tools Internet Options General Browsing History Settings Tempo...

Page 50: ...onitor network conditions Via the Web Management the administrator can setup the Industrial Managed Switch by select the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 IGSW 2840 Industrial Managed Switch Main Funcrions Menu Configuration Options Configurable parameters have a dialog box or a drop down list Once a configuration change has been made on a ...

Page 51: ...User s Manual of IGSW 2840 51 The following Main functions can be configured here System SNMP Port Management Address Table Spanning Tree VLAN Multicast QoS Security Cluster ...

Page 52: ...Frames Enables jumbo frame packets File Management Copy Operation Allows the transfer and copying files Delete Allows deletion of files from the flash memory Set Start Up Sets the startup file Line Sets console port and telnet connection parameters Log Logs Stores and displays error messages System Logs Sends error messages to a logging process Remote Logs Configures the logging of messages to a r...

Page 53: ... Name Enter the name you want to use to identify this switch You may use up to 31 alpha numeric characters The factory default is blank Object ID The base object ID for the Industrial Managed Switch s enterprise MIB Location Enter the location of this Industrial Managed Switch You may use up to 31 alpha numeric characters The factory default is blank Contact Enter the contact person for this switc...

Page 54: ...gure 4 2 2 Switch Information screenshot The page includes the following fields Main Board Object Description Serial Number The serial number of the Industrial Managed Switch Number of Ports Number of built in RJ 45 ports Hardware Version Hardware version of the main board Management Software Object Description Loader Version Version number of loader code Boot ROM Version Version of Power On Self ...

Page 55: ...rotocol Traffic Classes This Industrial Managed Switch provides mapping of user priorities to multiple traffic classes Refer to Class of Service Configuration VLAN Learning This Industrial Managed Switch uses Independent VLAN Learning IVL where each port maintains its own filtering database Configurable PVID Tagging This Industrial Managed Switch allows you to override the default Port VLAN ID PVI...

Page 56: ...hot Object Description Management VLAN ID of the configured VLAN 1 4094 This is the only VLAN through which you can manage the Industrial Managed Switch By default all ports on the Industrial Managed Switch are members of VLAN 1 However the management station can be attached to a port belonging to any VLAN as long as that VLAN has been assigned an IP address IP Address Mode Specifies whether IP fu...

Page 57: ...CP BOOTP services you can configure the Industrial Managed Switch to be dynamically configured by these services 1 Click System IP Configuration IP Address Mode 2 Specify the VLAN to which the management station is attached set the IP Address Mode to DHCP or BOOTP 3 Click Apply to save your changes 4 Then click Restart DHCP to immediately request a new address The Industrial Managed Switch will al...

Page 58: ...ns firmware and configuration settings This section has the following options Copy Operation Allows the transfer and copying files such as Downloading System Software from a Server Downloading Configuration Settings from a Server Saving Configuration Settings Restoring Configuration Settings Delete Allows deletion of files from the flash memory Set Start Up Sets the startup file 4 2 6 1 Copy Opera...

Page 59: ... Copies the running configuration to a TFTP server startup config to file Copies the startup configuration to a file on the switch startup config to running config Copies the startup config to the running config startup config to tftp Copies the startup configuration to a TFTP server tftp to file Copies a file from a TFTP server to the switch tftp to running config Copies a file from a TFTP server...

Page 60: ...g as the file transfer method 3 Select the startup file name used for startup on the Industrial Managed Switch to overwrite or specify a new file name then click Apply Figure 4 2 7 Configuration saving screenshot You can also select any configuration file as the start up configuration by using the System File Management Set Start Up page 4 If you specify a new file name to startup config click Sys...

Page 61: ...t Copy Operation 2 Select tftp to file as the file transfer method enter the IP address of the TFTP server 3 Set the file type to opcode enter the file name of the software to download select a file on the Industrial Managed Switch to overwrite or specify a new file name and click Apply 4 If you replaced the current firmware used for startup and want to start using the new operation code reboot th...

Page 62: ...file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ Example 3 Downloading Configuration Settings from a Server You can download the configuration file under a new file name and then set it as the startup file or you can specify the current startup configuration file as the destination file to directly replace it 1 Click System Fil...

Page 63: ... 2 Select running config to tftp or startup config to tftp as the file transfer method enter the IP address of the TFTP server 3 Enter a new file name for the configuration to upload and click Apply Figure 4 2 12 Upload system configuration screenshot 1 The file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the Industrial Managed Switch 2 The ...

Page 64: ...ement Delete 2 Select the file name from the given list by checking the tick box and click Apply Figure 4 2 13 File Delete screenshot The currently designated startup version cannot be deleted 4 2 6 3 Set Startup You can download a file under a new file name and then set it as the startup file or you can specify the current startup file as the destination file to directly replace it Figure 4 2 14 ...

Page 65: ...s if this file is used when the system is started Size The length of the file in bytes If you download to a new file name using tftp to startup config the file is automatically set as the start up configuration file To use the new settings reboot the system via the Reset page The file Factory_Default_Config cfg can be copied to the TFTP server but cannot be used as the destination on the Industria...

Page 66: ... connection parameters 4 2 7 1 Console Port Settings Specify the console port connection parameters as required then click Apply The Console Port Settings screen in Figure 4 2 15 appears Figure 4 2 15 Console port settings screenshot The page includes the following fields Object Description Login Timeout Sets the interval that the system waits for a user to log into the CLI If a login attempt is n...

Page 67: ...5 Default 0 Data Bits Sets the number of data bits per character that are interpreted and generated by the console port If parity is being generated specify 7 data bits per character If no parity is required specify 8 data bits per character Default 8 bits Parity Defines the generation of a parity bit Communication protocols provided by some terminals can require a specific parity bit setting Spec...

Page 68: ... Telnet Port Number Sets the TCP port number for Telnet on the switch Default 23 Login Timeout Sets the interval that the system waits for a user to log into the Range 0 300 seconds Default 300 seconds Exec Timeout Sets the interval that the system waits until user input is detected If user input is not detected within the timeout interval the current session is terminated Range 0 65535 seconds De...

Page 69: ...ogged to RAM or flash memory Severe error messages that are logged to flash memory are permanently stored in the switch to assist in troubleshooting network problems Up to 4096 log entries can be stored in the flash memory with the oldest entries being overwritten first when the available log memory 256 kilobytes has been exceeded The System Logs page allows you to configure and limit system messa...

Page 70: ... Limits log messages saved to the switch s permanent flash memory for all levels up to the specified level For example if level 3 is specified all messages from level 0 to level 3 will be logged to flash Range 0 7 Default 3 RAM Level 0 7 Limits log messages saved to the switch s temporary RAM memory for all levels up to the specified level For example if level 7 is specified all messages from leve...

Page 71: ...st and then click Remove The page includes the following fields Object Description Remote Log Status Enables disables the logging of debug or error messages to the remote logging process Default Enabled Logging Facility Sets the facility type for remote logging of syslog messages There are eight facility types specified by values of 16 to 23 The facility type is used by the syslog server to dispat...

Page 72: ...sses that receive the syslog messages The maximum number of host IP addresses allowed is five Host IP Address Specifies a new server IP address to add to the Host IP List Host IP Address Syslog Server IP address 4 2 8 3 Displaying Log Messages The Logs page allows you to scroll through the logged system and event messages The Industrial Managed Switch can store up to 2048 log entries in temporary ...

Page 73: ...r IP List type the new IP address in the Server IP Address box and then click Add 3 To delete an IP address click the entry in the Server IP List and then click Remove The page includes the following fields Object Description Admin Status Enables disables the SMTP function Default Disabled Email Source Address Sets the email address used for the From field in alert messages You may use a symbolic ...

Page 74: ...tons to configure the list 1 The Industrial Managed Switch doesn t support DNS protocol to make the SMTP alert receiver to get the e mail send by the Industrial Managed Switch the correct SMTP Server s IP address has to be field in the Server List Check the correct IP address of the Mail Server before enter the field 2 It is recommended to send a test e mail to make sure you can receive the alert ...

Page 75: ...he device it can send actions to the devices service To do this a control point sends a suitable control message to the control URL for the service provided in the device description When a device is known to the control point periodic event notification messages are sent An UPnP description for a service includes a list of actions the service responds to and a list of variables that model the sta...

Page 76: ...omatically you have to save the configuration manually before system reboot 1 Click System Reset 2 Click the Reset button to reboot the Industrial Managed Switch 3 When prompted confirm that you want reset the switch Figure 4 2 23 Reset screenshot Figure 4 2 24 Reset screenshot When restarting the system it will always run the Power On Self Test ...

Page 77: ...itch to send time synchronization requests to specific time servers i e client mode update its clock based on broadcasts from time servers or use both methods When both methods are enabled the Industrial Managed Switch will update its clock using information broadcast from time servers but will query the specified server s if a broadcast is not received with the polling interval Figure 4 2 25 SNTP...

Page 78: ...ust indicate the number of hours and minutes your time zone is east before or west after of UTC Figure 4 2 26 Clock Time Zone screenshot The page includes the following fields Object Description Current Time Displays the current time Name Assigns a name to the time zone Range 1 29 characters Hours 0 12 The number of hours before after UTC Minutes 0 59 The number of minutes before after UTC Directi...

Page 79: ...int devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 2 12 1 LLDP Configuration Setting LLDP Timing Attributes Use the LLDP...

Page 80: ...res a delay between the successive transmission of advertisements initiated by a change in local LLDP MIB variables Range 1 8192 seconds Default 2 seconds The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in each transm...

Page 81: ...ast Start Count Configures the amount of LLDP MED Fast Start LLDPDUs to transmit during the activation process of the LLDP MED Fast Start mechanisim Range 1 10 packets Default 4 packets The MED Fast Start Count parameter is part of the timer which ensures that the LLDP MED Fast Start mechanism is active for the port LLDP MED Fast Start is critical to the timely startup of LLDP and therefore integr...

Page 82: ...lesChange notification events missed due to throttling or transmission loss TLV Type Configures the information included in the TLV field of advertised messages Port Description The port description is taken from the ifDescr object in RFC 2863 which includes information about the manufacturer the product name and the version of the interface hardware software System Description The system descript...

Page 83: ... are enabled The information advertised by this TLV is described in IEEE 802 1AB MED TLV Type Configures the information included in the MED TLV field of advertised messages Port Capabilities This option advertises LLDP MED TLV capabilities allowing Media Endpoint and Connectivity Devices to efficiently discover which LLDP MED related TLVs are supported on the switch Network Policy This option adv...

Page 84: ...ations about LLDP and LLDP MED changes Default Enabled This option sends out SNMP trap notifications to designated target stations at the interval specified by the Notification Interval in the preceding section Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB the LLDP MED MIB ANSI TIA 1057 or vendor specific LLDP EXT DOT1 and LLDP EXT DOT3 MIBs For informatio...

Page 85: ...rmance of network discovery by indicating enterprise specific or other starting points for the search such as the Interface or Entity MIB Since there are typically a number of different addresses associated with a Layer 3 device an individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a port and protocol VLAN...

Page 86: ...on or complete service disruption Location This option advertises location identification details Inventory This option advertises device details useful for inventory management such as manufacturer model software version and other pertinent information MED Notification Enables the transmission of SNMP trap notifications about LLDP MED changes Default Enabled Trunk Shows if the port is a member of...

Page 87: ...hassis containing the IEEE 802 LAN entity associated with the transmitting LLDP agent There are several ways in which a chassis may be identified and a chassis ID subtype is used to indicate the type of component being referenced by the chassis ID field Chassis ID An octet string indicating the specific identifier for the particular chassis in this system System Name An string that indicates the s...

Page 88: ...e of chassis 3 IETF RFC 2737 Interface alias IfAlias IETF RFC 2863 Port component EntPhysicalAlias when entPhysicalClass has a value port 10 or backplane 4 IETF RFC 2737 MAC address MAC address IEEE Std 802 2001 Network address networkAddress Interface name ifName IETF RFC 2863 Locally assigned locally assigned Table 4 2 1 Chassis ID Subtype ID Basis Reference Other Repeater IETF RFC 2108 Bridge I...

Page 89: ...t from which this LLDPDU was transmitted 4 2 12 5 Remote Port Information Use the LLDP Remote Port Trunk Information screen to display information about devices connected directly to the switch s ports which are advertising information through LLDP Figure 4 2 32 LLDP Port Remote Device Information screenshot The page includes the following fields Object Description Local Port The local port to whi...

Page 90: ...e Information Details screen to display detailed information about an LLDP enabled device connected to a specific port on the local switch Figure 4 2 33 LLDP Remote Device Information Detail screenshot The page includes the following fields Object Description Local Port The local port to which a remote LLDP capable device is attached Chassis Type Identifies the chassis containing the IEEE 802 LAN ...

Page 91: ...nction s of the system which are currently enabled Refer to the preceding table See Table 4 2 2 System Capabilities Management Address The IPv4 address of the remote device If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement ID Basis Reference Interface alias IfAlias IETF RFC 2863 Chassis component EntPhysicalAlias when...

Page 92: ...he time the LLDP neighbor entry list was last updated New Neighbor Entries Count The number of LLDP neighbors for which the remote TTL has not yet expired Neighbor Entries Deleted Count The number of LLDP neighbors which have been removed from the LLDP remote systems MIB for any reason Neighbor Entries Dropped Count The number of times which the local remote database dropped an LLDPDU because of i...

Page 93: ...on rules as well as any specific usage rules defined for the particular TLV Frames Invalid A count of all LLDPDUs received with one or more detectable errors Frames Received Number of LLDP PDUs received Frames Sent Number of LLDP PDUs transmitted TLVs Unrecognized A count of all TLVs not recognized by the receiving LLDP local agent TLVs Discarded A count of all LLDPDUs received and then discarded ...

Page 94: ...it a valid community string for authentication Access to the switch using from clients using SNMPv3 provides additional security features that cover message integrity authentication and encryption as well as controlling user access to specific areas of the MIB tree The SNMPv3 security structure consists of security models with each model having it s own security levels There are three security mod...

Page 95: ...nt clients i e versions 1 2c or 3 Figure 4 3 1 SNMP Agent Status screenshot The page includes the following fields Object Description Snmp Agent Status Enable Disable SNMP on the Industrial Managed Switch 4 3 2 SNMP Configuration Use this page to configure the community strings authorized for management access and to specify the trap managers that will receive SNMP notifications or trap messages 4...

Page 96: ...unity string Read Only Authorized management stations are only able to retrieve MIB objects Read Write Authorized management stations are able to both retrieve and modify MIB objects 4 3 2 2 SNMP Trap Management Traps indicating status changes are issued by the switch to specified trap managers You must specify trap managers so that key events are reported by this switch to your management station...

Page 97: ...a request for acknowledgement of receipt Informs can be used to ensure that critical information is received by the host However note that informs consume more system resources because they must be kept in memory until a response is received Informs also add to network traffic You should consider these effects when deciding whether to issue notifications as traps or informs To send an inform to a ...

Page 98: ... this string in the SNMP Configuration page for Version 1 or 2c clients or define a corresponding User Name in the SNMPv3 Users page for Version 3 clients Range 1 32 characters case sensitive Trap UDP Port Specifies the UDP port number used by the trap manager Default 162 Trap Version Specifies whether to send notifications as SNMP v1 v2c or v3 traps Default v1 Trap Security Level When trap versio...

Page 99: ...tion The engine ID is also used in combination with user passwords to generate the security keys for authenticating and encrypting SNMPv3 packets A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing users A new engin...

Page 100: ... remote host SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it See Specifying Trap Managers and Trap Types and Configuring Remote SNMPv3 Users A new engine ID can be specified by entering 10 to 6...

Page 101: ...urity level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication The ...

Page 102: ... a user click Change Group in the Actions column of the users table and select the new group Figure 4 3 7 SNMPv3 Users NEW screenshot The SNMPv3 User New page includes the following fields Object Description User Name The name of user connecting to the SNMP agent Range 1 32 characters Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Security Model The user ...

Page 103: ...l The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters is required Privacy Protocol The encryption algorithm use for data privacy only 56 bit DES is currently available Privacy Password A minimum of eight plain text characters is required EXAMPLE Add a new SNMPv3 user In the New User page define a name and assign it to...

Page 104: ...mote device you must first specify the engine identifier for the SNMP agent on the remote device where the user resides The remote engine ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host See Specifying Trap Managers and Trap Types and Specifying a Remote Engine ID Figure 4 3 10 SNMPv3 Remote Users screenshot 1 Click SNMP SNMPv3 R...

Page 105: ...ult for SNMPv3 AuthNoPriv SNMP communications use authentication but the data is not encrypted only available for the SNMPv3 security model AuthPriv SNMP communications use both authentication and encryption only available for the SNMPv3 security model Authentication The method used for user authentication Options MD5 SHA Default MD5 Authentication Password A minimum of eight plain text characters...

Page 106: ...k the box next to the group name then click Delete The page includes the following fields Object Description Group Name The name of the SNMP group to which the user is assigned Range 1 32 characters Model The user security model SNMP v1 v2c or v3 Level The security level used for the user noAuthNoPriv There is no authentication or encryption used in SNMP communications This is the default for SNMP...

Page 107: ...FC 1493 Traps newRoot 1 3 6 1 2 1 17 0 1 The newRoot trap indicates that the sendingagent has become the new root of the Spanning Tree the trap is sent by a bridge soon after its election as the new root e g upon expiration of the Topology Change Timer immediatelysubsequent to its election topologyChange 1 3 6 1 2 1 17 0 2 A topologyChange trap is sent by a bridge when any of its configured ports ...

Page 108: ...o some other state but not into the notPresent state This other state is indicated by the included value of ifOperStatus authenticationFailure 1 3 6 1 6 3 1 1 5 5 An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMPv2 must becapable of generating this trap the ...

Page 109: ...nfigure the object identifiers of branches within the MIB tree Wild cards can be used to mask a specific portion of the OID string Type Indicates if the object identifier of a branch within the MIB tree is included or excluded from the SNMP view 1 Click SNMP SNMPv3 Views 2 Click New to configure a new view 3 In the New View page define a name and specify OID subtrees in the switch MIB to be includ...

Page 110: ...User s Manual of IGSW 2840 110 Figure 4 3 14 SNMPv3 View Edit screenshot ...

Page 111: ... Sets the source and target ports for mirroring Rate Limit Input Port Configuration Sets the input rate limit for each port Output Port Configuration Sets the output rate limit for ports Port Statistics Lists Ethernet and RMON port statistics 4 4 1 Port Information You can use the Port Information or Trunk Information pages to display the current connection status including link state speed duplex...

Page 112: ...Flow Control Status Indicates the type of flow control currently in use IEEE 802 3x Back Pressure None Autonegotiation Shows if auto negotiation is enabled or disabled Trunk Member Shows if port is a trunk member Creation Shows if a trunk is manually configured or dynamically set via LACP Trunk Information only In some situation when the Industrial Managed Switch port is set to Auto Negotiation mo...

Page 113: ...n screenshot The page includes the following fields Object Description Name Allows you to label an interface Range 1 64 characters Admin Allows you to manually disable an interface You can disable an interface due to abnormal behavior e g excessive collisions and then re enable it after the problem has been resolved You may also disable an interface for security reasons Speed Duplex Allows you to ...

Page 114: ...100 Mbps full duplex operation 1000full Combo ports only Supports 1000 Mbps full duplex operation Default Autonegotiation enabled Advertised capabilities for 100BASE TX 10half 10full 100half 100full 1000BASE T 10half 10full 100half 100full 1000full 1000BASE SX LX LH 1000full Sym Check this item to transmit and receive pause frames or clear it to auto negotiate the sender and receiver for asymmetri...

Page 115: ...ng the specified threshold will then be dropped Command Usage Broadcast Control is enabled by default The default threshold is 1000K packets per second Broadcast control does not effect IP multicast traffic The specified threshold applies to each individual port on the Industrial Managed Switch Figure 4 4 3 Broadcast Control screenshot 1 Click Port Port Trunk Broadcast Control 2 Set the threshold ...

Page 116: ...000 Kbytes per second Level Range 1 127 Default 5 Port Port number Trunk Shows if a port is a trunk member Type Indicates the port type 100BASE TX 1000BASE T or 1000BASE SFP Protect Status Enables or disables broadcast storm control Default Enabled Trunk Shows if port is a trunk member Threshold Scale x Level ...

Page 117: ...rror traffic from any source port to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Command Usage Monitor port speed should match or exceed source port speed otherwise traffic may be dropped from the monitor port All mirror sessions must share the same desti...

Page 118: ...ist of current mirror sessions Source Port The port whose traffic will be monitored Range IGSW 2840 1 28 Type Allows you to select which traffic to mirror to the target port Rx receive Tx transmit Both receive and transmit Default Rx Target Port The port that will mirror the traffic on the source port Range IGSW 2840 1 28 Figure 4 4 6 Mirror Port Configuration screenshot ...

Page 119: ...User s Manual of IGSW 2840 119 Figure 4 4 7 Mirror Port Configuration screenshot ...

Page 120: ...ffic is forwarded without any changes 4 4 5 1 Input Rate Limit Port Configuration Use the rate limit configuration pages to apply input rate limiting Figure 4 4 8 Input Rate Limit Port Configuration screenshot 1 Click Port Rate Limit Inputt Port Configuration 2 Enable the Rate Limit Status for the required interfaces set the Rate Limit Scale and Rate Limit Level and click Apply The page includes t...

Page 121: ...us for the required interfaces set the Rate Limit Scale and Rate Limit Level and click Apply The page includes the following fields Object Description Port Trunk Displays the port trunk number Output Rate Limit Status Enables or disables the rate limit Default Enabled Output Rate Limit Scale Level Multiplied by one another the scale and level set the rate limit For example to limit port traffic to...

Page 122: ...ssing through each port This information can be used to identify potential problems with the switch such as a faulty port or unusually heavy loading RMON statistics provide access to a broad range of statistics including a total count of different frame types and sizes passing through each port All values displayed have been accumulated since the last system reboot and are shown as counts per seco...

Page 123: ...red by this sub layer to a higher sub layer which were addressed to a multicast address at this sub layer Received Broadcast Packets The number of packets delivered by this sub layer to a higher sub layer which were addressed to a broadcast address at this sub layer Received Discarded Packets The number of inbound packets which were chosen to be discarded even though no errors had been detected to...

Page 124: ...ad been detected to prevent their being deliverable to ahigher layer protocol One possible reason for discarding such a packet could be to free up buffer space Received Unknown Packets The number of packets received via the interface which were discardedbecause of an unknown or unsupported protocol Received Errors The number of inbound packets that contained errors preventing themfrom being delive...

Page 125: ... count of successfully transmitted frames for which transmission is inhibited by more than one collision Carrier Sense Errors The number of times that the carrier sense condition was lost or never asserted when attempting to transmit a frame SQE Test Errors A count of times that the SQE TEST ERROR message is generated by the PLS sublayer for a particular interface Frames Too Long A count of frames...

Page 126: ...ames received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Fragments The total number of frames received that were less than 64 octets in length excluding framing bits but including FCS octets and had either an FCS or alignment error 64 Bytes Frames The total number of frames including bad packets received andtransmitted that were...

Page 127: ...s well as providing a fault tolerant link between two devices You can create up to 5 12 trunks at a time The Industrial Managed Switch supports both static trunking and dynamic Link Aggregation Control Protocol LACP Static trunks have to be manually configured at both ends of the link and the switches must comply with the Cisco EtherChannel standard On the other hand LACP configured ports can auto...

Page 128: ...ll the ports in a trunk have to be treated as a whole when moved from to added or deleted from a VLAN STP VLAN and IGMP settings can only be made for the entire trunk 4 5 1 Trunk Information You can use the Trunk Information pages to display the current connection status including link state speed duplex mode flow control and auto negotiation To change any of the port settings use the Trunk Config...

Page 129: ...fill When enabled backpressure is used for half duplex operation and IEEE 802 3 2005 formally EEE 802 3x for full duplex operation Avoid using flow control on a port connected to a hub unless it is actually required o solve a problem Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub Autonegotiation Allows auto negotiation to be enabled disa...

Page 130: ...ne another the scale and level set the broadcast threshold For example to set a threshold of 500 Kbytes per second choose 100K under Scale and 5 under Level Scale Range 1 10 100 1000 Kbytes per second Default 1000 Kbytes per second Level Range 1 127 Default 5 Port Port number Trunk Shows if a port is a trunk member Type Indicates the port type 100BASE TX 1000BASE T or 1000BASE SFP Protect Status E...

Page 131: ...e network be sure you add a static trunk via the configuration interface before connecting the ports and also disconnect the ports before removing a static trunk via the configuration interface Figure 4 5 4 For additional information see Configuring Trunks Command Sequence To configure a static trunk Enter a trunk ID of 1 5 in the Trunk field Select any of the Industrial Managed Switch ports from ...

Page 132: ...oll down port list and click Add 3 After you have completed adding ports to the member list click Apply The page includes the following fields Object Description Member List Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Trunk Trunk identifier IGSW 2840 Range 1 12 Port Port identifier IGSW 2840 Range 1 28 Figure 4 5 6 Trunk Membership screenshot ...

Page 133: ...igured as part of a static trunk If ports on another device are also configured as LACP the Industrial Managed Switch and the other device will negotiate a trunk link between them If an LACP trunk consists of more than eight ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Enabling LACP o...

Page 134: ...tomatically be assigned the next available trunk ID If more than eight ports attached to the same mode and will only be enabled if one of the active links fails All ports on both ends of an LACP trunk must be configured for full duplex and auto negotiation Trunks dynamically established through LACP will also be shown in the Member List on the Trunk Membership menu Figure 4 5 9 Figure 4 5 10 ...

Page 135: ...k Port LACP Configuration 2 Select any of the switch ports from the scroll down port list and click Add 3 After you have completed adding ports to the member list click Apply The page includes the following fields Object Description Member List Shows configured trunks Trunk ID Unit Port New Includes entry fields for creating new trunks Port Port identifier IGSW 2840 Range 1 28 ...

Page 136: ...t Dynamically Creating a Port Channel Ports assigned to a common port channel must meet the following criteria Ports must have the same LACP System Priority Ports must have the same LACP port Admin Key However if the port channel Admin Key is set then the port Admin Key must be set to the same value for a port to be allowed to join a channel group ...

Page 137: ...m Priority Admin Key and Port Priority for the Port Actor 3 You can optionally configure these settings for the Port Partner Be aware that these settings only affect the administrative state of the partner and will not take effect until the next time an aggregate link is formed with this device 4 After you have completed setting the port LACP parameters click Apply ...

Page 138: ...s to form the LAG identifier This identifier is used to indicate a specific LAG during LACP negotiations with other systems Admin Key The LACP administration key must be set to the same value for ports that belong to the same LAG Range 0 65535 Default 1 Port Priority If a link goes down LACP port priority is used to select a backup link Range 0 65535 Default 32768 Set Port Partner This menu sets t...

Page 139: ...is channel group Marker Sent Number of valid Marker PDUs transmitted from this channel group Marker Received Number of valid Marker PDUs received by this channel group Marker Unknown Pkts Number of frames received that either 1 Carry the Slow Protocols Ethernet Type value but contain an unknown PDU or 2 are addressed to the Slow Protocols group MAC Address but do not carry the Slow Protocols Ether...

Page 140: ...P System Priority LACP system priority assigned to this port channel LACP Port Priority LACP port priority assigned to this interface within the channel group Admin State Oper State Administrative or operational values of the actor s state parameters Expired The actor s receive machine is in the expired state Defaulted The actor s receive machine is using defaulted operational partner information ...

Page 141: ...y of the Link Aggregation Group is consistent with the System ID and operational Key information transmitted Aggregation The system considers this link to be aggregatable i e a potential candidate for aggregation Long timeout Periodic transmission of LACPDUs uses a slow transmission rate LACP Activity Activity control value with regard to this link 0 Passive 1 Active 4 5 5 5 Displaying LACP Status...

Page 142: ...port number assigned to this aggregation port by the port s protocol partner Port Admin Priority Current administrative value of the port priority for the protocol partner Port Oper Priority Priority value assigned to this aggregation port by the partner Admin Key Current administrative value of the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner...

Page 143: ...rial Managed Switch Static addresses are bound to the assigned interface and will not be moved When a static address is seen on another interface the address will be ignored and will not be written to the address table Command Sequence Specify the interface the MAC address and VLAN then click Add Static Address Figure 4 6 1 Static Addresses screenshot 1 Click Address Table Static Addresses 2 Speci...

Page 144: ...es The Dynamic Address Table contains the MAC addresses learned by monitoring the source address for traffic entering the switch When the destination address for inbound traffic is found in the database the packets intended for that address are forwarded directly to the associated port Otherwise the traffic is flooded to all ports Command Sequence Specify the search type i e mark the Interface MAC...

Page 145: ... then click Query The page includes the following fields Object Description Interface Indicates a port or trunk MAC Address Physical address associated with this interface VLAN ID of configured VLAN 1 4094 Address Table Sort Key You can sort the information displayed based on MAC address VLAN or interface port or trunk Dynamic Address Counts The number of addresses dynamically learned Current Dyna...

Page 146: ...entries in the Dynamic Address Table Figure 4 6 4 Dynamic Addresses screenshot The page includes the following fields Object Description Aging Status Enables disables the function Aging Time The time after which a learned entry is discarded Range 10 98301 seconds Default 300 seconds ...

Page 147: ...idging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops Once a stable network topology has been established all bridges listen for Hello BPDUs Bridge Protocol D...

Page 148: ...nsists of a group of interconnected bridges that have the same MST Configuration Identifiers including the Region Name Revision Level and Configuration Digest see Configuring Multiple Spanning Trees An MST Region may contain multiple MSTP Instances An Internal Spanning Tree IST is used to connect all the MSTP switches within an MST region A Common Spanning Tree CST interconnects all adjacent MST R...

Page 149: ...h in user specified groups Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used The unique switch identifier The path cost to the root associated with each switch...

Page 150: ...re starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology ...

Page 151: ...ation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On...

Page 152: ...ription Default Value Port Priority A relative priority for each port lower numbers give a higher priority and a greater chance of a given port being elected as the root port 128 Port Cost A value used by STP to evaluate paths STP calculates path costs and selects the path with the minimum cost as the active path 200 000 100Mbps Fast Ethernet ports 20 000 1000Mbps Gigabit Ethernet ports 0 Auto Def...

Page 153: ... probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance i...

Page 154: ... with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 20 000 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link between switch B and C is deliberately chosen as a 100 Mbps ...

Page 155: ...oot ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports and designated ports eliminating any possible network loops RSTP is designed as a general replacement for the slower legacy STP RSTP is also incorporated into MSTP RSTP achieves must faster reconfiguration i e around one tenth of the time required by STP by reducing the numbe...

Page 156: ...t device will wait before changing states i e discarding to learning to forwarding This delay is required because every device must receive information about topology changes before it starts to forward frames In addition each port needs time to listen for conflicting information that would make it return to a discarding state otherwise temporary data loops might result Designated Root The priorit...

Page 157: ...an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol MSTP generates a unique spanning tree for each instance This provides multiple pathways across the network thereby balancing ...

Page 158: ...Multiple Spanning Tree IEEE 802 1s Priority Bridge priority is used in selecting the root device root port and designated port The device with the highest priority becomes the STA root device However if all devices have the same priority the device with the lowest MAC address will then become the root device Note that lower numeric values indicate higher priority Default 32768 Range 0 61440 in ste...

Page 159: ...ted from among the device ports attached to the network References to ports in this section mean interfaces which includes both ports and trunks Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 Forward Delay The maximum time in seconds this device will wait before changing states i e discarding to learning to forwarding This delay is required be...

Page 160: ... for BPDUs is specified by setting the minimum interval between the transmission of consecutive protocol messages Range 1 10 Default 3 Configuration Settings for MSTP Figure 4 7 5 MSTP Configuration screenshot The page includes the following fields Object Description Max Instance Numbers The maximum number of MSTP instances to which this Industrial Managed Switch can be assigned Configuration Dige...

Page 161: ... parameters are for port or trunk STA Information Figure 4 7 6 STA Port Information screenshot The page includes the following fields Object Description Spanning Tree Shows if STA has been enabled on this interface STA Status Displays current state of this port within the Spanning Tree Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted co...

Page 162: ...ing tree root which include this port Oper Link Type The operational point to point status of the LAN segment attached to this interface This parameter is determined by manual configuration or by auto detection as described for Admin Link Type in STA Port Configuration Oper Edge Port This parameter is initialized to the setting for Admin Edge Port in STA Port Configuration i e true or false but wi...

Page 163: ...ks Figure 4 7 7 STA Port Configuration screenshot The following attributes are read only and cannot be changed Object Description STA State Displays current state of this port within the Spanning Tree See Displaying Interface Settings for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for ...

Page 164: ...idges Auto The switch automatically determines if the interface is attached to a point to point link or to shared media Default setting Auto Admin Edge Port Fast Forwarding You can enable this option if an interface is attached to a LAN segment that is at the end of a bridged LAN or to an end node Since end nodes cannot cause forwarding loops they can pass directly through to the spanning tree for...

Page 165: ...bit Ethernet 3 10 2 000 200 000 Table 4 7 1 Recommended STA Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 100 95 90 2 000 000 1 999 999 1 000 000 Fast Ethernet Half Duplex Full Duplex Trunk 19 18 15 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 4 3 10 000 5 000 Table 4 7 2 Recommended STA Path Costs Refer to Configuring Glo...

Page 166: ... must configure all bridges within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set of VLANs Also note that RSTP treats each MSTI region as a single node connecting all regions to the Common Spanning Tree To use multiple spanning trees 1 Set the spanning tree type to MSTP STA Configuration 2 Enter the spanning tree priority for the selected...

Page 167: ...s selected MST instance Range 1 4094 1 All VLANs are automatically added to the IST Instance 0 2 To ensure that the MSTI maintains connectivity across the network you must configure a related set of bridges with the same MSTI settings 4 7 2 2 Displaying Interface Settings for MSTP The MSTP Port Information and MSTP Trunk Information pages display the current status of ports and trunks in the selec...

Page 168: ...in the Spanning Tree See Displaying Interface Settings on page 3 156 for additional information Discarding Port receives STA configuration messages but does not forward packets Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information Port address table is cleared and the port begins learning addresses Forwar...

Page 169: ...f 16 Default 128 Admin MST Path Cost This parameter is used by the MSTP to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media Path cost takes precedence over port priority Note that when the Path Cost Method is set to short the maximum path cost is 65 535 By default the system aut...

Page 170: ...ysically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Industrial M...

Page 171: ...upports the following VLAN features Up to 255 VLANs based on the IEEE 802 1Q standard Distributed VLAN learning across multiple switches using explicit or implicit tagging and GVRP protocol Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging 1 The Industrial Managed ...

Page 172: ...tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 409...

Page 173: ...untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packe...

Page 174: ...n be used to manually isolate user groups or subnets However you should use IEEE 802 3 tagged VLANs with GVRP whenever possible to fully automate VLAN registration Automatic VLAN Registration GVRP GARP VLAN Registration Protocol defines a system whereby the switch can automatically learn the VLANs to which each end station should be assigned If an end station or its network adapter supports the IE...

Page 175: ...the port link aggregation group settings VLAN settings will automatically change in conjunction with the change of the port link aggregation group settings 4 8 1 1 VLAN Basic Information The VLAN Basic Information page displays basic information on the VLAN type supported by the Industrial Managed Switch Figure 4 8 1 VLAN Basic Information screenshot The page includes the following fields Object D...

Page 176: ...eyond the local switch Figure 4 8 2 GVRP Status screenshot The page includes the following fields Object Description GVRP Enables and disables GVRP on the device Default Disabled 4 8 1 3 VLAN Current Table This page shows the current port members of each VLAN and whether or not the port supports VLAN tagging Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging...

Page 177: ...hows how this VLAN was added to the switch Permanent Added as a static entry Dynamic GVRP Automatically learned via GVRP Egress Ports Shows the ports that have been added to the displayed VLAN group Untagged Ports Shows the untagged VLAN port members 4 8 1 4 VLAN Static List Creating VLANs Use the VLAN Static List to create or remove VLAN groups To propagate information about VLAN groups used on t...

Page 178: ...Name of the VLAN 1 to 32 characters no spaces Status Enables or disables the specified VLAN Enabled VLAN is operational Disabled VLAN is suspended i e does not pass packets Add Adds a new VLAN group to the current list Remove Removes a VLAN group from the current list If any port is assigned to this group as untagged it will be reassigned to VLAN group 1 as untagged 4 8 1 5 VLAN Static Table Addin...

Page 179: ...e 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant net...

Page 180: ...aracters Status Enables or disables the specified VLAN Enable VLAN is operational Disable VLAN is suspended i e does not pass packets Port Port identifier Membership Type Select VLAN membership for each interface by marking the appropriate radio button for a port or trunk Tagged Interface is a member of the VLAN All packets transmitted by the port will be tagged that is carry a tag and therefore c...

Page 181: ...a member of the VLAN Packets associated with this VLAN will not be transmitted by the interface Trunk Member Indicates if a port is a member of a trunk To add a trunk to the selected VLAN use the last table on the VLAN Static Table page 1 You can also use the VLAN Static Membership by Port page to configure VLAN groups based on the port index VLAN Static Membership by Port However note that this c...

Page 182: ...ce 3 Select a VLAN ID and then click Add to add the interface as a tagged member or click Remove to remove the interface 4 After configuring VLAN membership for each interface click Apply Figure 4 8 6 VLAN Static Membership by Port screenshot The page includes the following fields Object Description Interface Port or trunk identifier Query To display membership information for the interface Member...

Page 183: ... for switches to exchange VLAN information in order to automatically register VLAN members on interfaces across the network Group Address Registration Protocol GARP is used by GVRP to register or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unle...

Page 184: ...tagged for VLANs for which the ingress port is not a member Ingress Filtering is always enabled Default Enabled Ingress filtering only affects tagged frames If ingress filtering is disabled and a port receives frames tagged for VLANs for which it is not a member these frames will be flooded to all other ports except for those VLANs explicitly forbidden on this port If ingress filtering is enabled ...

Page 185: ...ve Time to minimize the amount of traffic generated by nodes rejoining the group Range 500 18000 centiseconds Default 1000 centiseconds Mode Indicates VLAN membership mode for an interface Access Sets the port to operate as an untagged interface All frames are sent untagged General Specifies a hybrid VLAN interface The port may transmit tagged or untagged frames Trunk Specifies a port as an end po...

Page 186: ...c VLAN IDs QinQ tunneling expands VLAN space by using a VLAN in VLAN hierarchy preserving the customer s original tagged packets and adding SPVLAN tags to each frame also called double tagging A port configured to support QinQ tunneling must be set to tunnel port mode The Service Provider VLAN SPVLAN ID for the specific customer must be assigned to the QinQ tunnel access port on the edge switch wh...

Page 187: ...ntifier TPID that is the ether type of the tag This outer tag is used for learning and switching packets The priority of the inner tag is copied to the outer tag if it is a tagged or priority tagged packet 2 After successful source and destination lookup the ingress process sends the packet to the switching process with two tags If the incoming packet is untagged the outer tag is an SPVLAN tag and...

Page 188: ... If the outer tag of an incoming double tagged packet is equal to the port TPID and the inner tag is 0x8100 it is treated as a double tagged packet If a single tagged packet has 0x8100 as its TPID and port TPID is not 0x8100 a new VLAN tag is added and it is also treated as double tagged packet 5 If the destination address lookup fails the packet is sent to all member ports of the outer tag s VLAN...

Page 189: ...ee Adding Static Members to VLANs VLAN Index 6 Configure the SPVLAN ID as the native VID on the QinQ tunnel access port see Configuring VLAN Behavior for Interfaces 7 Configure the QinQ tunnel uplink port to 802 1Q Tunnel Uplink mode see Adding an Interface to a QinQ Tunnel 8 Configure the QinQ tunnel uplink port to join the SPVLAN as a tagged member see Adding Static Members to VLANs VLAN Index o...

Page 190: ... mode before configuring a tunnel port see Enabling QinQ Tunneling on the Switch Use the TPID field to set a custom 802 1Q ethertype value on the selected interface This feature allows the switch to interoperate with third party switches that do not use the standard 0x8100 ethertype to identify 802 1Q tagged frames For example if 0x1234 is set as the custom 802 1Q ethertype on a trunk port incomin...

Page 191: ... Tunnel Uplink Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network Default None 802 1Q Ethernet Type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port Range 0800 FFFF hexadecimal Default 8100 Trunk Member Shows if a port is a member or a trunk If you have host devices that do not support G...

Page 192: ... the secondary VLAN and with any of the promiscuous ports in the associated primary VLAN Isolated VLANs on the other hand consist a single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports In all cases the promiscuous ports are designed to provide open access to an external network such as the Internet while the community or isolated ports provide restricte...

Page 193: ...s in the primary VLAN or host i e having access restricted to community VLAN members and channeling all other traffic through promiscuous ports Then assign any promiscuous ports to a primary VLAN and any host ports a community VLAN Isolated VLAN To configure an isolated VLAN follow these steps 1 Use the Private VLAN Configuration menu to designate an isolated VLAN that will channel all traffic thr...

Page 194: ...eir assigned interfaces Figure 4 8 10 Private VLAN Information screenshot The page includes the following fields Object Description VLAN ID ID of configured VLAN 2 4094 and VLAN type Primary VLAN The VLAN with which the selected VLAN ID is associated A primary VLAN displays its own ID a community VLAN displays the associated primary VLAN and an isolated VLAN displays the stand alone VLAN Ports Lis...

Page 195: ...ds Object Description VLAN ID ID of configured VLAN 2 4094 Type There are three types of private VLANs Primary VLANs Conveys traffic between promiscuous ports and to community ports within secondary or community Community VLANs Conveys traffic between community ports and to their promiscuous ports in the associated primary VLAN Isolated VLANs Conveys traffic only between the VLAN s isolated ports ...

Page 196: ...th a primary VLAN Figure 4 8 12 Private VLAN Association screenshot The page includes the following fields Object Description Primary VLAN ID ID of primary VLAN 2 4094 Association Community VLANs associated with the selected primary VLAN Non Association Community VLANs not associated with the selected VLAN ...

Page 197: ... port s Or the port is an isolated port that can only communicate with the lone promiscuous port within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and between promiscuous ports and community ports within the associated secondary VLANs Community VLAN Conveys traffic between...

Page 198: ...community port and can only communicate with other ports in its own community VLAN and with the designated promiscuous port s Or the port is an isolated port that can only communicate with the lone promiscuous port within its own isolated VLAN Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN Primary VLAN Conveys traffic between promiscuous ports and betw...

Page 199: ...t and then specify the associated Community VLAN Isolated VLAN A single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Trunk Shows if a port is a member or a trunk ...

Page 200: ... on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the Protocol VLAN Configuration page 3 Then map the protocol for each interface to the appropriate VLAN using the Protocol VLAN Port Configuration page The following limitations apply to the use of Protocol VLANs A maximum of 20 Protocol VLAN groups can be co...

Page 201: ...page includes the following fields Special Protocol Object Description Special Protocol Three fixed protocol types have been preconfigured Protocol Group ID Protocol Group ID assigned to the Special Protocol VLAN Group Range 1 2147483647 Protocol Type For these Protocol VLAN groups the frame type of network traffic is not considered all frame types are accepted IP 0x0800 IPX 0x8137 Apple talk 0x80...

Page 202: ... switch can be power cycled however all unsaved configuration changes will be lost 4 8 4 2 Protocol VLAN Port Configuration Use the Protocol VLAN Port Configuration menu to map a Protocol VLAN Group to a VLAN for the currently selected port or trunk Command Usage Before assigning a protocol group and associated VLAN to a port or trunk first select the required interface from the scroll down list a...

Page 203: ...s Object Description Interface Port or Trunk identifier Query Use this button to display the current protocol settings and to select an interface for configuration Protocol Group ID Protocol Group ID assigned to the Protocol VLAN Group Range 1 2147483647 VLAN ID VLAN to which matching protocol traffic is forwarded Range 1 4094 ...

Page 204: ...curity and data isolation Multicast VLAN Registration 4 9 1 Layer 2 IGMP Snooping and Query IGMP Snooping and Query If multicast routing is not supported on other switches in your network you can use IGMP Snooping and Query to monitor IGMP service requests passing between multicast clients and servers and dynamically configure the switch ports which need to forward multicast traffic The Internet G...

Page 205: ...User s Manual of IGSW 2840 205 Multicast Service Multicast flooding ...

Page 206: ...a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Type Meaning 0x11 Membership Query if Group Address is 0 0 0 0 0x11 Specific Group Membership Query if Group...

Page 207: ...0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queri...

Page 208: ...n 1 depending on the version of the IGMP query packets detected on each VLAN 2 IGMP snooping will not function unless a multicast router port is enabled on the switch This can be accomplished in one of two ways A static router port can be manually configured see Specifying Static Interfaces for a Multicast Router Using this method the router port is never timed out and will continue to function un...

Page 209: ...and configures the multicast filters accordingly Unknown multicast traffic is flooded to all ports in the VLAN for several seconds when first received If a multicast router port exists on the VLAN the traffic will be filtered by subjecting it to IGMP snooping If no router port exists on the VLAN or the multicast filtering table is already full the switch will continue flooding the traffic into the...

Page 210: ...unt Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group Range 2 10 Default 2 IGMP Query Interval Sets the frequency at which the switch sends IGMP host query messages Range 60 125 seconds Default 125 IGMP Report Delay Sets the time between receiving an IGMP Report for an IP multicast address on a po...

Page 211: ...l send a group specific query message when an IGMPv2 v3 group leave message is received The router querier stops forwarding traffic for that group only if no host replies to the query within the specified timeout period Note that the timeout period is determined by the IGMP Query Report Delay see Configuring IGMP Snooping and Query Parameters If immediate leave is enabled the Managed witch assumes...

Page 212: ...P multicasting across the Internet These routers may be dynamically discovered by the switch or statically assigned to an interface on the switch You can use the Multicast Router Port Information page to display the ports on this Industrial Managed Switch attached to a neighboring multicast router switch for each VLAN ID Figure 4 9 3 Multicast Router Port Information screenshot The page includes t...

Page 213: ...e attached router This can ensure that multicast traffic is passed to all the appropriate interfaces within the Industrial Managed Switch Figure 4 9 4 Static Multicast Router Port Configuration screenshot The page includes the following fields Object Description Interface Activates the Port or Trunk scroll down list VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attach...

Page 214: ...pecific multicast service Multicast Group Port List Shows the interfaces that have already been assigned to the selected VLAN to propagate a specific multicast service To show all the multicast services groups on the Industrial Managed Switch and the member ports of each multicast group type the below command at command line mode Console show mac address table multicast VLAN M cast IP addr Member ...

Page 215: ...corresponding traffic can only be forwarded to ports within that VLAN Command Sequence 1 Specify the interface attached to a multicast service via an IGMP enabled switch or multicast router 2 Indicate the VLAN that will propagate the multicast service 3 Specify the multicast IP address 4 Click Add 5 After you have completed adding ports to the member list click Apply Figure 4 9 6 IGMP Member Port ...

Page 216: ...User s Manual of IGSW 2840 216 Figure 4 9 7 IGMP Member Port Table screenshot ...

Page 217: ... checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny o...

Page 218: ... created an IGMP profile number you can then configure the multicast groups to filter and set the access mode Command Usage Each profile has only one access mode either permit or deny When the access mode is set to permit IGMP join reports are processed when a multicast group falls within the controlled range When the access mode is set to deny IGMP join reports are only processed when the multica...

Page 219: ... Range List Lists multicast groups currently included in the profile Select an entry and click the Remove button to delete it from the list 4 9 2 3 IGMP Filter Throttling Port Configuration Once you have configured IGMP profiles you can assign them to interfaces on the Industrial Managed Switch Also you can set the IGMP throttling number to limit the number of multicast groups an interface can joi...

Page 220: ...ime Range 0 255 Default 255 Current Multicast Groups Displays the current number of multicast groups the interface has joined Throttling Action Mode Sets the action to take when the maximum number of multicast groups for the interface has been exceeded Default Deny deny The new multicast group join report is dropped replace The new multicast group replaces an existing group Throttling Status Indic...

Page 221: ...ting protocol MVR maintains the user isolation and data security provided by VLAN segregation by passing only multicast traffic into other VLANs to which the subscribers belong Even though common multicast streams are passed onto different VLAN groups from the MVR VLAN users in different IEEE 802 1Q or private VLANs cannot exchange any information except through upper level routing services Genera...

Page 222: ...e VLAN that will serve as the sole channel for common multicast streams supported by the service provider and assigning the multicast group address for each of these services to the MVR VLAN Figure 4 9 11 MVR Configuration screenshot The page includes the following fields Object Description MVR Status When MVR is enabled on the switch any multicast data associated with an MVR group is sent from al...

Page 223: ...IGMP snooping can be used to allow a receiver port to dynamically join or leave multicast groups within an MVR VLAN Multicast groups can also be statically assigned to a receiver port see Assigning Static Multicast Groups to Interfaces However if a receiver port is statically configured as a member of an MVR VLAN its MVR status will be inactive Also note that VLAN membership for MVR receiver ports...

Page 224: ...ber port that can receive multicast data sent through the MVR VLAN Any port configured as an receiver port will be dynamically added to the MVR VLAN when it forwards an IGMP report or join message from an attached host requesting any of the designated multicast services supported by the MVR VLAN Non MVR An interface that does not participate in the MVR VLAN Default type Non MVR Immediate Leave Con...

Page 225: ... Oper Status Shows the link status MVR Status Shows the MVR status MVR status for source ports is ACTIVE if MVR is globally enabled on the Industrial Managed Switch MVR status for receiver ports is ACTIVE only if there are subscribers receiving multicast traffic from one of the MVR groups or a multicast group has been statically assigned to an interface Immediate Leave Shows if immediate leave is ...

Page 226: ... fall within the reserved IP multicast address range of 224 0 0 x Figure 4 9 14 MVR Static Group Member screenshot 1 Click MVR Group Member Configuration 2 Select a port or trunk from the Interface field and click Query to display the assigned multicast groups 3 Select a multicast address from the displayed lists and click the Add or Remove button to modify the Member list The page includes the fo...

Page 227: ...VR VLAN either through IGMP snooping or static configuration Figure 4 9 15 MVR Group IP Table screenshot The page includes the following fields Object Description Group IP Multicast groups assigned to the MVR VLAN Group Port List Shows the interfaces with subscribers for multicast services provided through the MVR VLAN ...

Page 228: ...traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Based on network policies different kinds of traffic can be marked for different kinds of forwarding This section has the following items Priority Default Port Priority Sets the default priority for each port Default Trunk Priority Sets the default priority for each trunk Traffic Classes Maps IEEE 802 1p priority tags...

Page 229: ...then sorted into the appropriate priority queue at the output port Command Usage This Industrial Managed Switch provides four priority queues for each port It uses Weighted Round Robin to prevent head of queue blockage The default priority applies for an untagged frame received on a port set to accept all frame types i e receives both untagged and tagged frames This priority does not apply to IEEE...

Page 230: ...s i e receives both untagged and tagged frames This priority does not apply to IEEE 802 1Q VLAN tagged frames If the incoming frame is an IEEE 802 1Q VLAN tagged frame the IEEE 802 1p User Priority bits will be used If the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Figure 4 10 1 Default Port Priority screenshot The page...

Page 231: ...owing table 802 1p Priority 0 1 2 3 4 5 6 7 Queue 1 0 0 1 2 2 3 3 Table 4 10 1 Mapping CoS Values to Egress Queues Command Sequence 1 Mark an interface and click Select to display the current mapping of CoS values to output queues 2 Assign priorities to the traffic classes i e output queues for the selected interface then click Apply Figure 4 10 2 Traffic Classes screenshot The page includes the f...

Page 232: ...e Industrial Managed Switch s output queues in any way that benefits application traffic for your own network Priority Level Traffic Type 1 Background 2 Spare 0 default Best Effort 3 Excellent Effort 4 Controlled Load 5 Video less than 100 milliseconds latency and jitter 6 Voice less than 10 milliseconds latency and jitter 7 Network Control Table 4 10 2 CoS Priority Levels ...

Page 233: ...Thus a queue weighted 8 will be allowed to transmit up to 8 packets after which the next lower priority queue will be serviced according to it s weighting This prevents the head of line blocking that can occur with strict priority queuing Hybrid mode uses strict priority queuing for the highest priority queue queue 3 processing queues 2 through 0 according to their WRR weights Figure 4 10 3 Queue ...

Page 234: ...ns assigned a specific priority value Command Usage WRR controls bandwidth sharing at the egress port by defining scheduling weights for allocated service priorities When using WRR assign a weight of 1 15 to each of the hardware queues A queue s weight must be less than or equal to the weight of the next higher priority queue that is Q0 Q1 Q2 Q3 1 Click Priority Queue Scheduling 2 Select and highl...

Page 235: ...ee page 3 227 or six bits for Differentiated Services Code Point DSCP service When these services are enabled the priorities are mapped to a Class of Service output queue Because different priority information may be contained in the traffic the Industrial Managed Switch maps priority values to the output queues in the following manner The precedence for priority mapping is IP Port Priority IP Pre...

Page 236: ...ng The DSCP default values are defined in the following table Note that all the DSCP values that are not specified are mapped to CoS queue 0 IP DSCP Value CoS Queue 0 8 0 10 12 14 16 18 20 22 24 1 26 28 30 32 34 36 38 40 42 2 46 48 56 3 Table 4 10 3 IP DSCP to CoS Queue Mapping Figure 4 10 6 IP DSCP Priority screenshot The page includes the following fields Object Description DSCP Priority Table S...

Page 237: ...iate 1 3 Flash 1 4 Flash Override 2 5 Critical 2 6 Internetwork Control 3 7 Network Control 3 Table 4 10 4 Mapping IP Precedence Values to CoS Priority Queues 1 Click QoS Priority IP Precedence Priority Status 2 Set the IP Precedence Priority Status to Enabled 3 Click QoS Priority IP Precedence Priority 4 Select an entry from the IP Precedence Priority Table enter a queue number in the Class of Qu...

Page 238: ...ity and 3 represent high priority 4 10 2 7 Mapping IP TOS Priority The Type of Service TOS octet in the IPv4 header is divided into three parts Precedence 3 bits TOS 4 bits and MBZ 1 bit The Precedence bits indicate the importance of a packet whereas the TOS bits indicate how the network should make tradeoffs between throughput delay reliability and cost as defined in RFC 1394 The MBZ bit for must...

Page 239: ...st 0 2 Maximize reliability 1 4 Maximize throughput 2 8 Minimize delay 3 Table 4 10 5 Mapping IP TOS Values to CoS Priority Queues 1 Click QoS Priority IP TOS Priority Status 2 Set the IP TOS Priority Status to Enabled 3 Click QoS Priority IP TOS Priority 4 Select an IP TOS value in the IP TOS Priority Table enter a queue number in the Class of Queue Service Value field and then click Apply 4 10 2...

Page 240: ...ity 4 10 2 10 Mapping IP Port Priority You can also map network applications to Class of Service queues based on the IP port number i e TCP UDP port number in the frame header Some of the more common TCP service ports include HTTP 80 FTP 21 Telnet 23 and POP3 110 1 Click QoS Priority IP Port Priority Status 2 Set IP Port Priority Status to Enabled 3 Click QoS Priority IP Port Priority 4 Enter the ...

Page 241: ...Description IP Port Priority Status Enables or disables the IP port priority IP Port Priority Table Shows the IP port to CoS queue map IP Port Number TCP UDP Set a new IP port number Class of Queue Service Value Sets a CoS queue for a new IP port Note that 0 represents low priority and 3 represent high priority IP Port Priority settings apply to all interfaces ...

Page 242: ...r Class of Queue Service Value Sets a CoS queue for a new IP port Note that 0 represents low priority and 3 represent high priority 4 10 2 13 Mapping CoS Values to ACLs Use the ACL CoS Mapping page to set the output queue for packets matching an ACL rule as shown in the following table Note that the specified CoS value is only used to map the matching packet to an output queue it is not written to...

Page 243: ...CoS Priority screenshot The page includes the following fields Object Description Port Port identifier Name Name of a configured ACL Type Type of ACL IP or MAC CoS Values CoS values used for packets matching the ACL rule Range 0 7 Figure 4 10 14 ACL CoS Priority page screenshot ...

Page 244: ...ation to prioritize the resources allocated to different traffic classes The manner in which an individual device handles traffic in the DiffServ architecture is called per hop behavior All devices along a path should be configured in a consistent manner to construct a consistent end to end QoS solution 1 You can configure up to 16 rules per Class Map You can also include multiple classes in a Pol...

Page 245: ...create a service policy for a specific interface that defines packet classification service tagging and bandwidth policing Note that one or more class maps can be assigned to a policy map Figure 4 10 15 Class Map screenshot The page includes the following fields Object Description Modify Name and Description Configures the name and a brief description of a class map Range 1 16 characters for the n...

Page 246: ...ields Object Description Class Name Name of the class map Range 1 16 characters Type Only one match command is permitted per class map so the match any field refers to the criteria specified by the lone match command Description A brief description of a class map Range 1 64 characters Add Adds the specified class Back Returns to previous page with making any changes ...

Page 247: ...ption Class Name List of class maps ACL List Name of an access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters Add Adds specified criteria to the class Up to 16 items are permitted per class Remove Deletes the selected criteria from the class Figure 4 10 19 Standard ACL screenshot ...

Page 248: ...cy map can contain multiple class statements that can be applied to the same interface with the Service Policy Settings You can configure up to 64 policers i e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL IPv6 Standard ACL and IPv6 Extended ACL Also note that the maximum number of classes that can be applied to a policy map...

Page 249: ...es Opens the Policy Rule Settings page for the selected class entry Modify the criteria used to service ingress traffic on this page Add Policy Opens the Policy Configuration page Enter a policy name and description on this page and click Add to open the Policy Rule Settings page Enter the criteria used to service ingress traffic on this page Remove Policy Deletes a specified policy Figure 4 10 21...

Page 250: ...s the following fields Object Description Policy Name Name of policy map Range 1 16 characters Description A brief description of a policy map Range 1 64 characters Add Adds the specified policy Back Returns to previous page with making any changes Policy Rule Settings Figure 4 10 24 Policy Rule Settings screenshot ...

Page 251: ...ettings Range CoS 0 7 DSCP 0 63 Meter Check this to define the maximum throughput burst rate and the action that results from a policy violation Rate bps Rate in kilobits per second Range 1 100000 kbps or maximum port speed whichever is lower Burst byte Burst in bytes Range 64 1522 Exceed Action Specifies whether the traffic that exceeds the specified rate will be dropped Add Adds the specified cr...

Page 252: ...p to an interface The current firmware does not allow you to bind a policy map to an egress queue 1 Click QoS DiffServ Service Policy Settings 2 Check Enabled and choose a Policy Map for a port from the scroll down box then click Apply Figure 4 10 25 Service Policy Settings screenshot The page includes the following fields Object Description Ports Specifies a port Ingress Applies the rule to ingre...

Page 253: ...rity for the VoIP traffic VoIP traffic can be detected on switch ports by using the source MAC address of packets or by using LLDP IEEE 802 1AB to discover connected VoIP devices When VoIP traffic is detected on a configured port the switch automatically assigns the port as a tagged member the Voice VLAN Alternatively switch ports can be manually configured 4 10 4 1 VoIP Traffic Configuration To c...

Page 254: ...onger received on the port Range 5 43200 minutes Default 1440 minutes The Voice VLAN ID cannot be modified when the global Auto Detection Status is enabled 4 10 4 2 VoIP Port Configuration To configure ports for VoIP traffic you need to set the mode Auto or Manual specify the discovery method to use and set the traffic priority You can also enable security filtering to ensure that only VoIP traffi...

Page 255: ...entified by source MAC addresses configured in the Telephony OUI list or through LLDP that discovers VoIP devices attached to the switch Packets received from non VoIP sources are dropped Default Disabled Discovery Protocol Selects a method to use for detecting VoIP traffic on the port Default OUI OUI Traffic from VoIP devices is detected by the Organizationally Unique Identifier OUI of the source...

Page 256: ...address that specifies the OUI for VoIP devices in the network 3 Select a mask from the pull down list to define a MAC address range 4 Enter a description for the devices and then click Add Figure 4 10 28 Telephony OUI List screenshot The page includes the following fields Object Description Telephony OUI Specifies a MAC address range to add to the list Enter the MAC address in format 01 23 45 67 ...

Page 257: ... Settings Provide a secure web connection SSH Settings Provide a secure shell for secure Telnet access Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports IP Filter Filters management access to the web SNMP or Telnet interface 4 11 2 Configuring User Accounts The guest only has read access for most configurati...

Page 258: ...min and guest New Account Displays configuration settings for a new account User Name The name of the user Maximum length 8 characters Maximum number of users 16 Access Level Specifies the user level Options Normal Privileged Password Specifies the user password Range 0 8 characters plain text case sensitive Change Password Sets a new password for the specified user name Add Remove Adds or removes...

Page 259: ...erver contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Industrial Managed Switch RADIUS uses UDP while TACACS uses TCP UDP only offers best effort delivery while TCP offers a connection oriented transport Also note that RADIUS encrypts only the password in the access request packet from the client to the ...

Page 260: ... any user to indicate the authentication sequence For example if you select 1 RADIUS 2 TACACS and 3 Local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted using the TACACS server and finally the local user name and password is checked Figure 4 11 2 Authentication Settings screenshot The page includes the follow...

Page 261: ...ervers The process ends when a server either approves or denies access to a user Server IP Address Address of the RADIUS server Server Port Number Network UDP port of authentication server used for authentication messages Range 1 65535 Default 1812 Secret Text String Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Numbe...

Page 262: ...P Address Address of the TACACS server Server Port Number Network TCP port of TACACS server used for authentication messages Range 1 65535 Default 49 Number of Server Transmits Number of times the switch attempts to send an authentication request to the server Range 1 30 Default 2 Timeout for a reply The number of seconds the switch waits for a reply from the server before it resends the request R...

Page 263: ...rts the following AAA features Accounting for IEEE 802 1X authenticated users that access the network through the Industrial Managed Switch Accounting for users that access management interfaces on the Industrial Managed Switch through the console and Telnet Accounting for commands that users enter at specific CLI privilege levels Authorization of users that access management interfaces on the Ind...

Page 264: ...ver group 1 255 characters Server Index Specifies a RADIUS server and the sequence to use for the group Range 1 5 When specifying the index for a RADIUS sever the server index must already be defined see Configuring Local Remote Logon Authentication 4 11 6 2 AAA TACACS Group Settings The AAA TACACS Group Settings screen defines the configured TACACS servers to use for accounting and authorization ...

Page 265: ...ription Group Name Defines a name for the TACACS server group 1 255 characters Server Spefies the TACACS server to use for the group Range 1 4 11 6 3 AAA Accounting Settings AAA accounting is a feature that enables the accounting of requested services for billing or security purposes Figure 4 11 7 AAA Accounting Settings screenshot ...

Page 266: ...formation to the servers about the methods to use Service Request Specifies the service as either 802 1X user accounting or Exec administrative accounting for local console Telnet or SSH connections Accounting Notice Records user activity from log in to log off point Group Name Specifies the accounting server group Range 1 255 characters The group names radius and tacacs specifies all configured R...

Page 267: ...abled 4 11 6 5 AAA Accounting 802 1X Port Settings This feature applies the specified accounting method to an interface Figure 4 11 9 AAA Accounting 802 1X Port Settings screenshot Click Security AAA Accounting 802 1X Port Settings Enter the required accounting method and click Apply The page includes the following fields Object Description Port Trunk Specifies a port or trunk number Method Name S...

Page 268: ...ounting EXEC Command Privileges screenshot Click Security AAA Accounting Command Privilges Enter a defined method name for console and Telnet privilege levels Click Apply The page includes the following fields Object Description Commands Privilege Level The CLI privilege levels 0 15 Console Telnet Specifies a user defined method name to apply to commands entered at the specified CLI privilege leve...

Page 269: ...connections Figure 4 11 11 AAA Accounting Exec Settings screenshot Click Security AAA Accounting Exec Settings Enter a defined method name for console and Telnet connections and click Apply The page includes the following fields Object Description Method Name Specifies a user defined method name to apply to console and Telnet connections ...

Page 270: ...re 4 11 12 AAA Accounting Summary screenshot The page includes the following fields Object Description Accounting Type Displays the accounting service Method List Displays the user defined or default accounting method Group List Displays the accounting server group Interface Displays the port or trunk to which these rules apply This field is null if the accounting method and associated server grou...

Page 271: ...d specify a method name and a group name select the service then click Add The page includes the following fields Object Description Method Name Specifies an authorization method for service requests The default method is used for a requested service if no other methods have been defined Range 1 255 characters Service Request Specifies the service as Exec authorization for local console or Telnet ...

Page 272: ...es the following fields Object Description Method Name Specifies a user defined method name to apply to console and Telnet connections 4 11 6 12 AAA Authorization Summary The Authorization Summary displays the configured authorization methods and the interfaces to which they are applied Figure 4 11 15 AAA Authorization Summary screenshot The page includes the following fields Object Description Au...

Page 273: ...in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or above Nets...

Page 274: ...is because the certificate has not been signed by an approved certification authority If you want this warning to be replaced by a message confirming that the connection to the switch is secure you must obtain a unique certificate and a private key and password from a recognized certification authority For maximum security we recommend you obtain a unique Secure Sockets Layer certificate at the ea...

Page 275: ...e SSH client then the password can be authenticated either locally or via a RADIUS or TACACS remote authentication server as specified on the Authentication Settings page If public key authentication is specified by the client then you must configure authentication keys on both the client and the switch as described in the following section Note that regardless of whether you use public key or pas...

Page 276: ...ed Switch compares the client s password to those stored in memory c If a match is found the connection is allowed To use SSH with only password authentication the host public key must still be given to the client either during initial connection or manually entered into the known host file However you do not need to configure the client s keys 7 Public Key Authentication When an SSH client attemp...

Page 277: ...ssions includes both current Telnet sessions and SSH sessions 4 11 8 2 SSH Server Settings The SSH server includes basic settings for authentication Figure 4 11 17 SSH Server Settings screenshot Click Security SSH Settings Enable SSH and adjust the authentication parameters as required then click Apply Note that you must first generate the host key pair on the SSH Host Key Settings page before you...

Page 278: ... the SSH client and is fixed at 1024 bits 4 11 8 3 SSH Host Key Settings A host public private key pair is used to provide secure communications between an SSH client and the switch After generating this key pair you must provide the host public key to SSH clients and import the client s public key to the switch as described in the proceeding section Command Usage Figure 4 11 18 SSH Host Key Setti...

Page 279: ...e SSH server uses RSA or DSA for key exchange when the client first establishes a connection with the switch and then negotiates with the client to select either DES 56 bit or 3DES 168 bit for data encryption Save Host Key from Memory to Flash Saves the host key from RAM i e volatile memory to flash memory Otherwise the host key pair is stored to RAM by default Note that you must select this item ...

Page 280: ...User s Manual of IGSW 2840 280 Figure 4 11 19 SSH Host Key Settings screenshot ...

Page 281: ...ation of the client software and the RADIUS server The encryption method used to pass authentication messages can be MD5 Message Digest 5 TLS Transport Layer Security PEAP Protected Extensible Authentication Protocol or TTLS Tunneled Transport Layer Security The client responds to the appropriate method with its credentials such as a password or certificate The RADIUS server verifies the client cr...

Page 282: ...h The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to acce...

Page 283: ...uest its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which...

Page 284: ...tiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and...

Page 285: ...gs for 802 1X 4 11 9 3 802 1X Configuration The 802 1X protocol provides port authentication The 802 1X protocol must be enabled globally for the switch system before port settings are active Figure 4 11 21 802 1X Configuration screenshot 1 Select Security 802 1X Configuration 2 Enable 802 1X globally for the switch and click Apply The page includes the following fields Object Description 802 1X S...

Page 286: ... Status Indicates if authentication is enabled or disabled on the port Default Disabled Operation Mode Allows single or multiple hosts clients to connect to an 802 1X authorized port Options Single Host Multi Host Default Single Host Max Count The maximum number of hosts that can connect to a port when the Multi Host operation mode is selected Range 1 1024 Default 5 Mode Sets the authentication mo...

Page 287: ...ts the time period after which a connected client must be re authenticated Range 1 65535 seconds Default 3600 seconds Tx Period Sets the time period during an authentication session that the switch waits before re transmitting an EAP packet Range 1 65535 Default 30 seconds Intrusion Action Sets the port s response to a failed authentication Block Traffic Blocks all non EAP traffic on the port This...

Page 288: ...EAPOL Logoff The number of EAPOL Logoff frames that have been received by this Authenticator Rx EAPOL Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized Rx EAPOL Total The number of valid EAPOL frames of any type that have been received by this Authenticator Rx EAP Resp Id The number of EAP Resp Id frames that have been receiv...

Page 289: ... EAP Req Oth The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator 4 11 9 6 Windows Platform RADIUS Server Configuration 1 Setup the RADIUS server and assign the client IP address to the switch In this case field in the default IP Address of the switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set a...

Page 290: ... Server setting path 4 Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed Figure 4 11 27 TsInternetUser Properties screen Set the Ports Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is a uplink port that is connected to another switch Or once th...

Page 291: ... 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting wi...

Page 292: ... 292 6 Select MD 5 Challenge from the drop down list box for EAP type 7 Click OK 8 When client has associated with the Industrial Managed Switch a user authentication notice appears in system tray Click on the notice to continue ...

Page 293: ...User s Manual of IGSW 2840 293 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process ...

Page 294: ...See Private VLANs Port Security Configure secure addresses for individual ports 802 1X Use IEEE 802 1X port authentication to control access to specific ports See Configuring 802 1X Port Authentication Web Authentication Allows stations to authenticate and access the network in situations where 802 1X or Network Access authentication methods are infeasible or impractical Network Access Configures ...

Page 295: ...m number of addresses to allow on the port and then let the switch dynamically learn the source MAC address VLAN pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table When the port has reached the maximum number of MAC addresses the selected port will stop learning The MAC addresses already in the address table will be ...

Page 296: ...ields Object Description Port Port number Name Descriptive text Action Indicates the action to be taken when a port security violation is detected None No action should be taken Trap Send an SNMP trap message Shutdown Disable the port Trap and Shutdown Send an SNMP trap message and disable the port Default None Security Status Enables or disables port security on the port Default Disabled Max MAC ...

Page 297: ... port sets the port security action to send a trap and disable the port sets the maximum MAC addresses allowed on the port and then enables port security for the port Figure 4 11 29 Port Security Settings screenshot Figure 4 11 30 Port Security Settings screenshot ...

Page 298: ...All other traffic except for HTTP protocol traffic is blocked The switch intercepts HTTP protocol traffic and redirects it to a switch generated web page that facilitates username and password authentication via RADIUS Once authentication is successful the web browser is forwarded on to the originally requested web page 1 RADIUS authentication must be activated and configured properly for the web ...

Page 299: ...fields Object Description System Authentication Control Enables Web Authentication for the switch Default Disabled Session Timeout Configures how long an authenticated session stays active before it must be re authenticated Range 300 3600 seconds Default 3600 seconds Quiet Period Configures how long a host must wait to attempt authentication again after it has exceeded the maximum allowable failed...

Page 300: ...uration 2 Set the status box to enabled for any port that requires web authentication and click Apply The page includes the following fields Object Description Port Indicates the port being configured Status Configures web authentication status for a port Authenticated Host Counts Indicates how many authenticated hosts are connected to the port 4 11 12 3 Web Authentication Port Information This In...

Page 301: ...onnected host Status Indicates the authorization status of each connected host Remaining Session Time seconds Indicates the remaining time until the current authorization session for a host expires 4 11 12 4 Re Authentication The Industrial Managed Switch allows an administrator to manually force re authentication of any web authenticated host connected to any port Figure 4 11 34 Web Authenticatio...

Page 302: ...User s Manual of IGSW 2840 302 The page includes the following fields Object Description Interface Indicates the port to query Host IP Indicates the IP address of the host selected for re authentication ...

Page 303: ... the switch port When enabled on a port the authentication process sends a Password Authentication Protocol PAP request to a configured RADIUS server The username and password are both equal to the MAC address being authenticated On the RADIUS server PAP username and passwords must be configured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as...

Page 304: ...secure MAC address table aging time This parameter setting is the same as switch MAC address table aging time and is only configurable from the Address Table Aging Time web page Default 300 seconds MAC Authentication Reauthentication Time Sets the time period after which a connected MAC address must be reauthenticated When the reauthentication time expires for a secure MAC address it is reauthenti...

Page 305: ... number of MAC addresses that can be authenticated on a port The maximum number of MAC addresses per port is 2048 and the maximum number of secure MAC addresses supported for the switch system is 1024 When the limit is reached all new MAC addresses are treated as an authentication failure Range 1 1024 Default 1024 Guest VLAN Specifies the VLAN to be assigned to the port when MAC Authentication thr...

Page 306: ...c VLAN assignment is enabled on a port and the RADIUS server returns no VLAN configuration the authentication is still treated as a success and the host assigned to the default untagged VLAN When the dynamic VLAN assignment status is changed on a port all authenticated addresses are cleared from the secure MAC address table MAC authentication cannot be configured on trunk ports Ports configured as...

Page 307: ...on Attribute Displays static or dynamic addresses Address Table Sort Key Sorts the information displayed based on MAC address or port interface Unit Port The port interface associated with a secure MAC address MAC Address The authenticated MAC address RADIUS Server The IP address of the RADIUS server that authenticated the MAC address Time The time when the MAC address was last authenticated Attri...

Page 308: ...ny rules the packet is accepted The following filtering modes are supported Standard IP ACL mode STD ACL filters packets based on the source IP address Extended IP ACL mode EXT ACL filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified packets can also be filtered based on the TCP control code MAC ACL mode MAC AC...

Page 309: ...page includes the following fields Object Description Name Name of the ACL Maximum length 15 characters Type There are three filtering modes Standard IP ACL mode that filters packets based on the source IP address Extended IP ACL mode that filters packets based on source or destination IP address as well as protocol type and protocol port number If the TCP protocol is specified then you can also f...

Page 310: ...rmit or deny rules Address Type Specifies the source IP address Use Any to include all possible addresses Host to specify a specific host address in the Address field or IP to specify a range of addresses with the Address and SubMask fields Options Any Host IP Default Any IP Address Source IP address Subnet Mask A subnet mask containing four integers from 0 to 255 each separated by a period The ma...

Page 311: ...ACL Specify the action i e Permit or Deny Specify the source and or destination addresses Select the address type Any Host or IP If you select Host enter a specific address If you select IP enter a subnet address and the mask for an address range Set any other required criteria such as service type protocol type or TCP control code Then click Add ...

Page 312: ... 7 DSCP DSCP priority level Range 0 63 Protocol Specifies the protocol type to match as TCP UDP or Others where others indicates a specific protocol number 0 255 Options TCP UDP Others Default TCP Source Destination Port Start Source destination port number for the specified protocol type Range 0 65535 Source Destination Port End Upper bound of the protocol port range Range 0 65535 Control Flag De...

Page 313: ... a specific address e g 11 22 33 44 55 66 5 If you select MAC enter a base address and a hexadecimal bitmask for an address range 6 Set any other required criteria such as VID Ethernet type or packet format 7 Then click Add The page includes the following fields Object Description Action An ACL can contain any combination of permit or deny rules Source Destination Address Type Use Any to include a...

Page 314: ...pe This option can only be used to filter Ethernet II formatted packets Range 600 fff hex A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types include 0800 IP 0806 ARP 8137 IPX Packet Format This attribute includes the following packet types Any Any Ethernet packet type eth2 Ethernet II packets 802 3 Ethernet 802 3 packets Figure 4 11 43 MAC ACL Set...

Page 315: ...User s Manual of IGSW 2840 315 Figure 4 11 44 MAC ACL Settings screenshot ...

Page 316: ... ACL Port Binding screenshot 1 Click Security ACL Port Binding 2 Mark the Enable field for the port you want to bind to an ACL for ingress or egress traffic select the required ACL from the drop down list then click Apply The page includes the following fields Object Description Port Fixed port or SFP module IGSW 2840 Range 1 28 IP Specifies the IP ACL to bind to a port MAC Specifies the MAC ACL t...

Page 317: ...User s Manual of IGSW 2840 317 Figure 4 11 46 ACL Port Binding Settings screenshot ...

Page 318: ...ss can be configured for SNMP web and Telnet access respectively Each of these groups can include up to five different sets of addresses either individual addresses or address ranges When entering addresses for the same group i e SNMP web or Telnet the switch will not accept overlapping address ranges When entering addresses for different groups the switch will accept overlapping address ranges Yo...

Page 319: ...s A single IP address or the starting address of a range End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list 4 11 15 2 SNMP IP Filter You can create IP address groups that are allowed management access to the Industrial Managed Switch through the SNMP application Figure 4 11 48 SNMP IP Filter screenshot 1 Click Security IP Filter 2 Enter th...

Page 320: ...ilter You can create IP address groups that are allowed management access to the Industrial Managed Switch through telnet Figure 4 11 49 Telnet IP Filter page screenshot 1 Click Security IP Filter 2 Enter the IP addresses or range of addresses that are allowed management access to an interface and click Add Telnet IP Filtering Entry to update the filter list The page includes the following fields ...

Page 321: ...User s Manual of IGSW 2840 321 End IP Address The end address of a range Add Remove Filtering Entry Adds removes an IP address from the list ...

Page 322: ...imit are dropped When DHCP snooping is enabled DHCP messages entering an untrusted interface are filtered based upon dynamic entries learned via DHCP snooping Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and also enabled on the VLAN where the DHCP packet is received all DHCP packets are forwar...

Page 323: ...any packets received from untrusted ports are dropped 4 11 16 1 DHCP Snooping Configuration Use the DHCP Snooping Configuration page to enable DHCP Snooping globally on the Industrial Managed Switch or to configure MAC Address Verification Figure 4 11 50 DHCP Snooping Configuration screenshot The page includes the following fields Object Description DHCP Snooping Status Enables DHCP snooping globa...

Page 324: ...ents It is also an effective tool in preventing malicious network attacks from attached clients on DHCP services such as IP Spoofing Client Identifier Spoofing MAC Address Spoofing and Address Exhaustion Command Usage DHCP Snooping must be enabled for Option 82 to function When Option 82 is enabled the requesting client or an intermediate relay agent that has used the information fields to describ...

Page 325: ...r these packets Either the Industrial Managed Switch can discard the Option 82 information keep the existing information or replace it with the switch s relay information Figure 4 11 52 DHCP Snooping Information Option Configuration screenshot The page includes the following fields Object Description DHCP Snooping Information Option Status Enables or disables DHCP Option 82 information relay Defau...

Page 326: ...abled both globally and on a VLAN DHCP packet filtering will be performed on any untrusted ports within the VLAN When an untrusted port is changed to a trusted port all the dynamic DHCP snooping bindings associated with this port are removed Set all ports connected to DHCP servers within the local network or firewall to trusted state Set all other ports outside the local network or firewall to unt...

Page 327: ...led traffic is filtered based upon dynamic entries learned via DHCP snooping see Configuring DHCP Snooping or static addresses configured in the source guard binding table If IP source guard is enabled an inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac option will be checked against the binding table If no matching entry is found the packet will ...

Page 328: ... the switch to filter inbound traffic based source IP address or source IP address and corresponding MAC address None Disables IP source guard filtering on the port SIP Enables traffic filtering based on IP addresses stored in the binding table SIP MAC Enables traffic filtering based on IP addresses and corresponding MAC addresses stored in the binding table Default None ...

Page 329: ...red lease time Static bindings are processed as follows If there is no entry with the same VLAN ID and MAC address a new entry is added to the binding table using the type static IP source guard binding If there is an entry with the same VLAN ID and MAC address and the type of entry is static IP source guard binding then the new entry will replace the old one If there is an entry with the same VLA...

Page 330: ...ge 1 28 VLAN ID ID of a configured VLAN Range 1 4094 MAC Address A valid unicast MAC address IP Address A valid unicast IP address including classful types A B or C 4 11 17 3 Dynamic Information Use the Dynamic Information page to display the source guard binding table for a selected interface Figure 4 11 56 Dynamic IP Source Guard Binding Information screenshot The page includes the following fie...

Page 331: ...terface to display the source guard binding Options Port VLAN MAC Address IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source guard binding table Current Dynamic Binding Table Displays the IP addresses in the source guard binding table ...

Page 332: ...t automatically discovers other cluster enabled switches in the network These Candidate switches only become cluster Members when manually selected by the administrator through the management station Cluster switches are limited to the same Ethernet broadcast domain There can be up to 100 candidates and 36 member switches in one cluster A switch can only be a member of one cluster After the Comman...

Page 333: ...ster IP Pool An internal IP address pool that is used to assign IP addresses to Member switches in the cluster Internal cluster IP addresses are in the form 10 x x member ID Only the base IP address of the pool needs to be set since Member IDs can only be between 1 and 36 Note that you cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode must first be dis...

Page 334: ...des the following fields Object Description Member ID Specify a Member ID number for the selected Candidate switch Range 1 36 MAC Address Select a discoverd switch MAC address from the Candidate Table or enter a specific MAC address of a known switch 4 12 3 Cluster Member Information Displays current cluster Member switch information Figure 4 12 3 Cluster Member Information screenshot ...

Page 335: ...ription The system description string of the Member switch 4 12 4 Cluster Candidate Information Displays information about discovered switches in the network that are already cluster Members or are available to become cluster Members Figure 4 12 4 Cluster Candidate Information screenshot The page includes the following fields Object Description Role Indicates the current status of Candidate switch...

Page 336: ...sole prompt and enters privileged access mode i e Privileged Exec But when the guest user name and password is entered the CLI displays the Console prompt and enters normal access mode i e Normal Exec 2 Enter the necessary commands to complete your desired tasks 3 When finished exit the session with the quit or exit command After connecting to the system through the console port the login screen d...

Page 337: ...figure the switch with an IP address you can open a Telnet session by performing these steps 1 From the remote host enter the Telnet command and the IP address of the device you want to access 2 At the prompt enter the user name and system password The CLI will display the Vty n prompt for the administrator to show that you are using privileged access mode i e Privileged Exec or Vty n for the gues...

Page 338: ... 2 Minimum Abbreviation The CLI will accept a minimum number of characters that uniquely identify a command For example the command configure can be entered as con If an entry is ambiguous the system will prompt for further input 5 2 3 Command Completion If you terminate input with a Tab key the CLI will print the remaining characters of a partial keyword up to the point of ambiguity In the loggin...

Page 339: ...ss maps Display cluster dot1q tunnel 802 1x content GARP properties GVRP interface information History information Interface information IP information LACP statistics TTY line information LLDP Login records Logging setting MAC access list Shows the MAC address table Show management information Maps priority Show mvr interface information Shows the entries of the secure port Displays policy maps P...

Page 340: ...on about terminal lines System hardware and software versions Virtual LAN settings Shows the voice VLAN information Shows web authentication configuration The command show interfaces will display the following information Console show interfaces counters protocol group status switchport Console show interfaces Interface counters information Protocol group Interface status information Interface swi...

Page 341: ...that have been entered You can scroll back through the history of commands by pressing the up arrow key Any command displayed in the history list can be executed again or first modified and then executed Using the show history command displays a longer list of recently executed commands 5 2 9 Understanding Command Modes The command set is divided into Exec and Configuration classes Exec commands g...

Page 342: ...ly from the Privileged Exec command mode or administrator mode To access Privilege Exec mode open a new console session with the user name and password admin The system will now display the Console command prompt You can also enter Privileged Exec mode from within Normal Exec mode by entering the enable command followed by the privileged level password super To enter Privileged Exec mode enter the...

Page 343: ...ation and include command such as parity and data bits Multiple Spanning Tree Configuration These commands configure settings for the selected multiple spanning tree instance Policy Map Configuration Creates a DiffServ policy map for multiple interfaces VLAN Configuration Includes the command to create VLAN groups To enter the Global Configuration mode enter the command configure in Privileged Exe...

Page 344: ...racter to display a list of possible matches You can also use the following editing keystrokes for command line processing Keystroke Function Ctrl A Shifts cursor to start of command line Ctrl B Shifts cursor to the left one character Ctrl C Terminates the current task and displays the command prompt Ctrl E Shifts cursor to end of command line Ctrl F Shifts cursor to the right one character Ctrl K...

Page 345: ...ccess Control List Provides filtering for IP frames based on address protocol or TCP UDP port number or TCP control code or non IP frames based onMAC address or Ethernet type Interface Configures the connection parameters for all Ethernet ports aggregated links and VLANs Link Aggregation Statically groups multiple ports into a single logical trunk configures Link Aggregation Control Protocol for p...

Page 346: ...he command access mode configuration mode and other basic functions Command Function Mode enable Activates privileged mode NE disable Returns to normal mode from privileged mode PE configure Activates global configuration mode PE show history Shows the command history buffer NE PE reload Restarts the system PE prompt Customizes the prompt used in PE and NE mode GC end Returns to Privileged Exec mo...

Page 347: ...in privileged access mode Example Console enable Password privileged level password Console Related Commands disable enable password disable This command returns to Normal Exec mode from privileged mode In normal access mode you can only display basic information on the switch s configuration or Ethernet statistics To gain access to all commands you must use the privileged mode See Understanding C...

Page 348: ... See Understanding Command Modes Default Setting None Command Mode Privileged Exec Example Console configure Console config Related Commands end show history This command shows the contents of the command history buffer Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The history buffer size is fixed at 10 Execution commands and 10 Configuration commands Example In this ...

Page 349: ...nfig Console 2 Console config Console config reload This command restarts the system When the system is restarted it will always run the Power On Self Test It will also retain all configuration information stored in non volatile memory by the copy running config startup config command Default Setting None Command Mode Privileged Exec Command Usage This command resets the entire system Example This...

Page 350: ...nfiguration Line Configuration and VLAN Database Configuration Example This example shows how to return to the Privileged Exec mode from the Interface Configuration mode Console config if end Console exit This command returns to the previous configuration mode or exit the configuration program Default Setting None Command Mode Any Example This example shows how to return to the Privileged Exec mod...

Page 351: ...ogram Default Setting None Command Mode Normal Exec Privileged Exec Command Usage The quit and exit commands can both exit the configuration program Example This example shows how to quit a CLI session Console quit Press ENTER to start session User Access Verification Username ...

Page 352: ...ncluding baud rate and console time out Event Logging Controls logging of error messages SMTP Alerts Configures SMTP email alerts Time System Clock Sets the system clock automatically via SNTP server or manually Switch Clustering Configures management of multiple devices via a single IP address Table 5 6 System Management Commands 5 5 1 Device Designation Commands Command Function Mode hostname Sp...

Page 353: ...anner configuredepartment Configures Department information displayed by the banner GC banner configureequipment info Configures Equipment information displayed by the banner GC banner configureequipment location Configures Equipment Location information displayed by thebanner GC banner configureip lan Configures IP and LAN information displayed by the banner GC banner configurelp number Configure...

Page 354: ...n be corrected with the banner configure company command Example Console config banner configure Company ABC Co Responsible department R D Dept Name and telephone to Contact the management people Manager1 name Sr Network Admin phone number 123 555 1212 Manager2 name Jr Network Admin phone number 123 555 1213 Manager3 name Night shift Net Admin Janitor phone number 123 555 1214 The physical locatio...

Page 355: ...where whitespace is necessary for clarity Example Console config banner configure company ABC Co Console config banner configure dc power info This command is use to configure DC power information displayed in the banner Use the no form to restore the default setting Syntax banner configure dc power info floor floor id row row id rack rack id electrical circuit ec id no banner configure dc power i...

Page 356: ... name of the department Maximum length 32 characters Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces The banner configure department command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example Console confi...

Page 357: ...suggested for situations where whitespace is necessary for clarity Example Console config banner configure equipment info manufacturer id switch35 floor 3 row 10 rack 15 shelf rack 12 manufacturer ABC Co Console config banner configure equipment location This command is used to configure the equipment location information displayed in the banner Use the no form to restore the default setting Synta...

Page 358: ...efault Setting None Command Mode Global Configuration Command Usage Inpu strings cannot contain spaces The banner configure ip lan command interprets spaces as data input boundaries The use of underscores _ or other unobtrusive non letter characters is suggested for situations where whitespace is necessary for clarity Example Console config banner configure ip lan 192 168 1 1 255 255 255 0 Console...

Page 359: ...phone number mgr2 number name3 mgr3 name phone number mgr3 number no banner configure manager info name1 name2 name3 mgr1 name The name of the first manager mgr1 number The phone number of the first manager mgr2 name The name of the second manager mgr2 number The phone number of the second manager mgr3 name The name of the third manager mgr3 number The phone number of the third manager Default Set...

Page 360: ...ggested for situations where whitespace is necessary for clarity Example Console config banner configure mux telco 8734212kx_PVC 1 23 Console config banner configure note This command is used to configure the note displayed in the banner Use the no form to restore the default setting Syntax banner configure note note info no banner configure note note info Miscellaneous information that does not f...

Page 361: ...r ABC Co WARNING MONITORED ACTIONS AND ACCESSES R D_Dept Albert_Einstein 123 555 1212 Steve 123 555 9876 Lamar 123 555 3322 Station s information 710_Network_Path Indianapolis ABC Co switch35 Floor Row Rack Sub Rack 7 10 15 6 DC power supply Power Source A Floor Row Rack Electrical circuit 3 15 24 48V id_3 15 24 2 Number of LP 4 Position MUX telco 9734212kx_PVC 1 23 IP LAN 216 241 132 3 255 255 25...

Page 362: ...t is used to start up the system Default Setting None Command Mode Privileged Exec Command Usage Use this command in conjunction with the show running config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and...

Page 363: ...blic ro snmp server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7 1b3231655cebb7a1f783eddf27d254ca snmp server community public ro snmp server community private rw no logging trap vlan database vlan 1 name DefaultVlan m...

Page 364: ...d Usage Use this command in conjunction with the show startup config command to compare the information in running memory to the information stored in non volatile memory This command displays settings for key command modes Each mode group is separated by symbols and includes the configuration mode command and corresponding commands This command displays the following information Switch s MAC addr...

Page 365: ... phymap 00 30 4f 10 22 SNTP server 0 0 0 0 0 0 0 0 0 0 0 0 broadcast byte rate 1000 level 5 no dot1q tunnel system tunnel control SNMP server community public ro SNMP server community private rw username admin access level 15 username admin password 7 21232f297a57a5a743894a0e4a801fc3 username guest access level 0 username guest password 7 084e0343a0486ff05530df6c705c8bb4 enable password level 15 7...

Page 366: ...rmal Exec Privileged Exec Command Usage For a description of the items shown by this command refer to Displaying System Information on page 3 12 The POST results should all display PASS If any POST test indicates FAIL contact your distributor for assistance Example Console show system System Description PLANET 8 2G Industrial Managed Switch IGSW 2840 System OID String 1 3 6 1 4 1 10456 1 1482 Syst...

Page 367: ...Test PASS Done All Pass Console show users Shows all active console and Telnet sessions including user name idle time and IP address of Telnet client Command Mode Normal Exec Privileged Exec Command Usage The session used to execute this command is indicated by a symbol next to the Line i e session index number System Management Commands Example Console show users Username accounts Username Privil...

Page 368: ...dware and software version information for the system Command Mode Normal Exec Privileged Exec Command Usage See Displaying Switch Hardware Software Versions on page 3 14 for detailed information on the items displayed by this command Example Console show version Serial Number 0012CF422DC0 Service Tag Hardware Version R0B EPLD Version 0 00 Number of Ports 28 Main Power Status Up Loader Version 1 0...

Page 369: ...y up to 1 5 KB using jumbo frames significantly reduces the per packet overhead required to process protocol encapsulation fields T To use jumbo frames both the source and destination end nodes such as a computer or server must support this feature Also when the connection is operating at full duplex all switches in the network between the two end nodes must be able to accept the extended frame si...

Page 370: ...a switch configuration to or from flash memory or a TFTP server PE delete Deletes a file or code image PE dir Displays a list of files in flash memory PE whichboot Displays the files booted PE boot system Specifies the file or image used to start up the system GC Table 5 11 Flash File Commands copy This command moves upload download a code image or configuration file between the switch s flash mem...

Page 371: ...destination The Boot ROM and Loader cannot be uploaded or downloaded from the TFTP server You must follow the instructions in the release notes for new firmware or contact your distributor for help For information on specifying an https certificate see Replacing the Default Secure site Certificate on page 3 74 For information on configuring the switch to use HTTPS SSL for a secure connection see i...

Page 372: ...guration file name startup Write to FLASH Programming Write to FLASH finish Success Console This example shows how to copy a secure site certificate from an TFTP server It then reboots the switch to activate the certificate Console copy tftp https certificate TFTP server ip address 10 1 0 19 Source certificate file name SS certificate Source private file name SS private Private password Success Co...

Page 373: ...ation file or image name Command Mode Privileged Exec Command Usage If the file type is used for system startup then this file cannot be deleted Factory_Default_Config cfg cannot be deleted Example This example shows how to delete the test2 cfg configuration file from flash memory for unit 1 Console delete 1 test2 cfg Console Related Commands dir delete public key dir This command displays a list ...

Page 374: ...hen the system is started size The length of the file in bytes Table 5 12 File Directory Information Example The following example shows how to display all file information Console dir File name File type Startup Size byte Unit1 IGSW 2840_DIAG_V0011 bix Boot Rom Image Y 305424 IGSW 2840_RUNTIME_V0035_m bix Operation Code Y 3018936 Factory_Default_Config cfg Config File N 490 startup1 cfg Config Fi...

Page 375: ... boot rom config opcode filename The type of file or image to set as a default includes boot rom Boot ROM config Configuration file opcode Run time operation code filename Name of the configuration file or code image The colon is required Default Setting None Command Mode Global Configuration Command Usage A colon is required after the specified unit number and file type If the file contains an er...

Page 376: ...n threshold which limits the number of failed logon attempts LC silent time Sets the amount of time the management console is inaccessible after the number of unsuccessful logon attemptsexceeds the threshold set by the password thresh command LC databits Sets the number of data bits per character that are interpreted and generated by hardware LC parity Defines the generation of a parity bit LC spe...

Page 377: ...l Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login login selects authentication by a single global password as specified by the password line configuration command When using this method the management interface starts in Normal Exec NE mode login local selects authentication via the user name and password specified by the us...

Page 378: ...ect password the system shows a prompt You can use the password thresh command to set the number of times a user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state The encrypted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bo...

Page 379: ...setting Example To set the timeout to two minutes enter this command Console config line timeout login response 120 Console config line Related Commands silent time exec timeout exec timeout This command sets the interval that the system waits until user input is detected Use the no form to restore the default Syntax exec timeout seconds no exec timeout seconds Integer that specifies the number of...

Page 380: ... Command Mode Line Configuration Command Usage When the logon attempt threshold is reached the system interface becomes silent for a specified amount of time before allowing the next logon attempt Use the silent time command to set this interval When this threshold is reached for Telnet the Telnet logon interface shuts down This command applies to both the local console and Telnet connections Exam...

Page 381: ...character that are interpreted and generated by the console port Use the no form to restore the default value Syntax databits 7 8 no databits 7 Seven data bits per character 8 Eight data bits per character Default Setting 8 data bits per character Command Mode Line Configuration Command Usage The databits command can be used to mask the high bit on input from devices that generate 7 data bits with...

Page 382: ...none Console config line speed This command sets the terminal line s baud rate This command sets both the transmit to terminal and receive from terminal speeds Use the no form to restore the default setting Syntax speed bps no speed bps Baud rate in bits per second Options 9600 19200 38400 bps Default Setting 9600 Command Mode Line Configuration Command Usage Set the speed to match the baud rate o...

Page 383: ...sole config line disconnect This command terminates an SSH Telnet or console connection Syntax disconnect session id session id The session identifier for an SSH Telnet or console connection Range 0 4 Command Mode Privileged Exec Command Usage Specifying session identifier 0 will disconnect the console connection Specifying any other identifiers for an active session will disconnect an SSH or Teln...

Page 384: ...imeout 65535 sec Login Timeout Disabled Silent Time Disabled Baudrate 9600 Databits 8 Parity None Stopbits 1 VTY Configuration Password Threshold 3 times Interactive Timeout 300 sec Login Timeout 1 sec console 5 7 Event Logging Commands This section describes commands used to configure event logging on the switch Command Function Mode logging on Controls logging of error messages GC logging histor...

Page 385: ...age The logging process controls error messages saved to switch memory or sent to remote syslog servers You can use the logging history command to control the type of error messages that are stored in memory You can use the logging trap command to control the type of error messages that are sent to specified syslog servers Example Console config logging on Console config Related Commands logging h...

Page 386: ...ry allocation or free memory error resource exhausted 1 alerts Immediate action needed 0 emergencies System unusable There are only Level 2 5 and 6 error messages for the current firmware release Default Setting Flash errors level 3 0 RAM warnings level 7 0 Command Mode Global Configuration Command Usage The message level specified for flash memory must be a higher priority i e numerically lower t...

Page 387: ...e The command specifies the facility type tag sent in syslog messages See RFC 3164 This type has no effect on the kind of messages reported by the switch However it may be used by the syslog server to sort messages or to store messages in the corresponding database Example Console config logging facility 19 Console config logging trap This command enables the logging of system messages to a remote...

Page 388: ...am flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset Default Setting Flash and RAM Command Mode Privileged Exec Example Console clear log Console Related Commands show logging show logging This command displays the configuration settings for logging messages to local switch memory to an SMTP event handler or ...

Page 389: ...l debugging Console Table 4 16 show logging flash ram display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command History logging in FLASH The message level s reported based on the logging history command History logging in RAM The message level s reported based on the logging history command The following example displays settings for t...

Page 390: ...ecified in the logging host command Related Commands show logging sendmail show log This command displays the system and event messages stored in memory Syntax show log flash ram login flash Event history stored in flash memory i e permanent memory ram Event history stored in temporary RAM i e memory flushed on power reset login Shows the login record only Default Setting None Command Mode Privile...

Page 391: ...MTP servers that will be sent alert messages Use the no form to remove an SMTP server Syntax no logging sendmail host ip_address ip_address IP address of an SMTP server that will be sent alert messages for event handling Default Setting None Command Mode Global Configuration Command Usage You can specify up to three SMTP servers for event handing However you must enter a separate command to specif...

Page 392: ...he configured email recipients For example using Level 7 will report all events from level 7 to level 0 Example This example will send email alerts for system errors from level 4 through 0 Console config logging sendmail level 4 Console config logging sendmail source email This command sets the email address used for the From field in alert messages Use the no form to delete the source email addre...

Page 393: ...ss The source email address used in alert messages Range 1 41 characters Default Setting None Command Mode Global Configuration Command Usage You can specify up to five recipients for alert messages However you must enter a separate command to specify each recipient Example Console config logging sendmail destination email ted this company com Console config logging sendmail This command enables S...

Page 394: ...or SNTP Maintaining an accurate time on the switch enables the system log to record meaningful dates and times for event entries If the clock is not set the switch will only record the time from the factory default set at the last bootup Command Function Mode sntp client Accepts time from specified time servers GC sntp server Specifies one or more time servers GC sntp poll Sets the interval at whi...

Page 395: ...Jan 1 2001 This command enables client time requests to time servers specified via the sntp servers command It issues time synchronization requests based on the interval set via the sntp poll command Example Console config sntp server 10 1 0 19 Console config sntp poll 60 Console config sntp client Console config end Console show sntp Current time Dec 23 02 52 44 2002 Poll interval 60 Current mode...

Page 396: ... It issues time synchronization requests based on the interval set via the sntp poll command Example Console config sntp server 10 1 0 19 Console config Related Commands sntp client sntp poll show sntp sntp poll This command sets the interval between sending time requests when the switch is set to SNTP client mode Use the no form to restore to the default Syntax sntp poll seconds no sntp poll seco...

Page 397: ...ver 137 92 140 80 Console clock timezone This command sets the time zone for the switch s internal clock Syntax clock timezone name hour hours minute minutes before utc after utc name Name of timezone usually an acronym Range 1 29 characters hours Number of hours before after UTC Range 0 13 hours minutes Number of minutes before after UTC Range 0 59 minutes before utc Sets the local time zone befo...

Page 398: ... a time server Syntax calendar set hour min sec day month year month day year hour Hour in 24 hour format Range 0 23 min Minute Range 0 59 sec Second Range 0 59 day Day of month Range 1 31 month january february march april may june july august september october november december year Year 4 digit Range 2001 2100 Default Setting None Command Mode Privileged Exec Example This example shows how to s...

Page 399: ... PE show cluster candidates Displays current cluster Candidates in the network PE Table 5 20 Switch Cluster Commands Using Switch Clustering A switch cluster has a primary unit called the Commander which is used to manage all other Member switches in the cluster The management station uses both Telnet and the web interface to communicate directly with the Commander through its IP address while the...

Page 400: ... can only be a Member of one cluster Configured switch clusters are maintained across power resets and network changes Example Console config cluster Console config cluster commander This command enables the switch as a cluster Commander Use the no form to disable the switch as a cluster Commander Syntax no cluster commander Default Setting Disabled Command Mode Global Configuration Command Usage ...

Page 401: ... be set since Member IDs can only be between 1 and 36 Set a Cluster IP Pool that does not conflict with addresses in the network IP subnet Cluster IP addresses are assigned to switches when they become Members and are used for communication between Member switches and the Commander You cannot change the cluster IP pool when the switch is currently in Commander mode Commander mode must first be dis...

Page 402: ... of the Member switch Range 1 36 Command Mode Privileged Exec Command Usage This command only operates through a Telnet connection to the Commander switch Managing cluster Members using the local console CLI on the Commander is not supported There is no need to enter the username and password for access to the Member switch CLI Example Vty 0 rcommand id 1 CLI session with the 24 48 L2 L4 GE Switch...

Page 403: ...ter Members ID 1 Role Active member IP Address 10 254 254 2 MAC Address 00 30 4f 28 40 c0 Description 24 48 L2 L4 IPV4 IPV6 GE Switch Console show cluster candidates This command shows the discovered Candidate switches in the network Command Mode Privileged Exec Example Console show cluster candidates Cluster Candidates Role Mac Description ACTIVE MEMBER 00 30 4f 23 49 c0 24 48 L2 L4 IPV4 IPV6 GE ...

Page 404: ... SNMP communications NE PE snmp server community Sets up the community access string to permit access to SNMP commands GC snmp server contact Sets the system contact string GC snmp server location Sets the system location string GC snmp server host Specifies the recipient of an SNMP notification operation GC snmp server enable traps Enables the device to send SNMP traps i e SNMPnotifications GC sn...

Page 405: ...information for SNMP input and output protocol data units and whether or not SNMP logging has been enabled with the snmp server enable traps command Example Console show snmp SNMP Agent enabled SNMP traps Authentication enable Link up down enable SNMP communities private and the privilege is read write public and the privilege is read only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown c...

Page 406: ... string Community string that acts like a password and permits access to the SNMP protocol Maximum length 32 characters case sensitive Maximum number of strings 5 ro Specifies read only access Authorized management stations are only able to retrieve MIB objects rw Specifies read write access Authorized management stations are able to both retrieve and modify MIB objects Default Setting public Read...

Page 407: ... Paul Console config Related Commands snmp server location snmp server location This command sets the system location string Use the no form to remove the location string Syntax snmp server location text no snmp server location text String that describes the system location Maximum length 255 characters Default Setting None Command Mode Global Configuration Example Console config snmp server locat...

Page 408: ...s group uses SNMPv3 with authentication no authentication or with authentication and privacy See Simple Network Management Protocol on page 3 39 for further information about these authentication and encryption options port Host UDP port to use Range 1 65535 Default 162 Default Setting Host Address None Notification Type Traps SNMP Version 1 UDP Port 162 Command Mode Global Configuration Command U...

Page 409: ...ew with the required notification messages page 4 77 Create a group that includes the required notify view page 4 79 Specify a remote engine ID where the user resides page 4 75 Then configure a remote user page 4 81 The switch can send SNMP Version 1 2c or 3 notifications to a host IP address depending on the SNMP version that the management station supports If the snmp server host command does no...

Page 410: ...h host or hosts receive SNMP notifications In order to send notifications you must configure at least one snmp server host command The authentication link up and link down traps are legacy notifications and therefore when used for SNMP Version 3 hosts they must be enabled in conjunction with the corresponding entries in the Notify View assigned by the snmp server group command page 4 79 Example Co...

Page 411: ...uthoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it A local engine ID is automatically generated that is unique to the switch This is referred to as the default engine ID If the local engine ID is deleted or changed all SNMP users will be cleared You will need to reconfigure all existing u...

Page 412: ... characters oid tree Object identifier of a branch within the MIB tree Wild cards can be used to mask a specific portion of the OID string Refer to the examples included Defines an included view excluded Defines an excluded view Default Setting defaultview includes access to the entire MIB tree Command Mode Global Configuration Command Usage Views are used in the snmp server group command to restr...

Page 413: ...s active View Name defaultview Subtree OID 1 View Type included Storage Type volatile Row Status active Console Field Description View Name Name of an SNMP view Subtree OID A branch in the MIB tree View Type Indicates if the view is included or excluded Storage Type The storage type for this entry Row Status The row status of this entry Table 5 23 show snmp view display description snmp server gro...

Page 414: ...ined notifyview Nothing is defined Command Mode Global Configuration Command Usage A group sets the access policy for the assigned users When authentication is selected the MD5 or SHA algorithm is used as specified in the snmp server user command When privacy is selected the DES 56 bit algorithm is used for data encryption For additional information on the notification messages supported by this s...

Page 415: ...view Write View none Notify View none Storage Type volatile Row Status active Group Name public Security Model v2c Read View defaultview Write View none Notify View none Storage Type volatile Row Status active Group Name private Security Model v1 Read View defaultview Write View defaultview Notify View none Storage Type volatile Row Status active Group Name private Security Model v2c Read View def...

Page 416: ...rd no snmp server user username v1 v2c v3 remote username Name of user connecting to the SNMP agent Range 1 32 characters groupname Name of an SNMP group to which the user is assigned Range 1 32 characters remote Specifies an SNMP engine on a remote device ip address The Internet address of the remote device v1 v2c v3 Use SNMP version 1 2c or 3 encrypted Accepts the password as encrypted input aut...

Page 417: ...the remote engine ID is not first configured the snmp server user command specifying a remote user will fail SNMP passwords are localized using the engine ID of the authoritative agent For informs the authoritative SNMP agent is the remote agent You therefore need to configure the remote agent s SNMP engine ID before you can send proxy requests or informs to it Example Console config snmp server u...

Page 418: ...d Description EngineId String identifying the engine ID User Name Name of user connecting to the SNMP agent Authentication Protocol The authentication protocol used with SNMPv3 Privacy Protocol The privacy protocol used with SNMPv3 Storage Type The storage type for this entry Row Status The row status of this entry SNMP remote user A user associated with an SNMP engine on a remote device ...

Page 419: ... 802 1X Management IP Filter Configures IP addresses that are allowed management access Table 5 26 Authentication Commands 5 12 1 User Account Commands The basic commands required for management access are listed in this section This switch also includes other options for password checking via the console or a Telnet connection page 4 39 user authentication via a remote authentication server page ...

Page 420: ...ted password is required for compatibility with legacy password settings i e plain text or encrypted when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example This Example shows how to set the access level and password for a user Console config username bob access...

Page 421: ...n file during system bootup or when downloading the configuration file from a TFTP server There is no need for you to manually configure encrypted passwords Example Console config enable password level 15 0 admin Console config Related Commands enable authentication enable 5 12 2 Authentication Sequence Three authentication methods can be specified to authenticate users logging into the system for...

Page 422: ...specify three authentication methods in a single command to indicate the authentication sequence For Example if you enter authentication login radius tacacs local the user name and password on the RADIUS server is verified first If the RADIUS server is not available then authentication is attempted on the TACACS server If the TACACS server is not available the local user name and password is check...

Page 423: ...server If the TACACS server is not available the local user name and password is checked Example Console config authentication enable radius Console config Related Commands enable password sets the password for changing command modes 5 12 3 RADIUS Client Remote Authentication Dial in User Service RADIUS is a logon authentication protocol that uses software running on a central server to control ac...

Page 424: ...65535 timeout Number of seconds the switch waits for a reply before resending a request Range 1 65535 retransmit Number of times the switch will try to authenticate logon access via the RADIUS server Range 1 30 key Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 48 characters Default Setting auth port 1812 acct port 1813 timeout 5 se...

Page 425: ...sed for accounting messages Range 1 65535 Default Setting 1813 Command Mode Global Configuration Example Console config radius server acct port 8181 Console config radius server key This command sets the RADIUS encryption key Use the no form to restore the default Syntax radius server key key_string no radius server key key_string Encryption key used to authenticate logon access for client Do not ...

Page 426: ...ver retransmit 5 Console config radius server timeout This command sets the interval between transmitting authentication requests to the RADIUS server Use the no form to restore the default Syntax radius server timeout number_of_seconds no radius server timeout number_of_seconds Number of seconds the switch waits for a reply before resending a request Range 1 65535 Default Setting 5 Command Mode G...

Page 427: ...ol that uses software running on a central server to control access to TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user or group that require management access to a switch Command Function Mode tacacs server host Specifies the TACACS server GC tacacs server port Specifies the TACACS ...

Page 428: ...mber of times the switch will resend an authentication request to the TACACS server Range 1 30 key Encryption key used to authenticate logon access for client Do not use blank spaces in the string Maximum length 20 characters Default Setting port 49 timeout 5 seconds retransmit 2 Command Mode Global Configuration Example Console config tacacs server 1 host 192 168 1 25 Console config tacacs server...

Page 429: ...tacacs server key green Console config tacacs server retransmit This command sets the number of retries Use the no form to restore the default Syntax tacacs server retransmit number_of_retries no tacacs server retransmit number_of_retries Number of times the switch will try to authenticate logon access via the TACACS server Range 1 30 Default Setting 2 Command Mode Global Configuration Example Con...

Page 430: ...eout 10 Console config show tacacs server This command displays the current settings for the TACACS server Default Setting None Command Mode Privileged Exec Example Console show tacacs server Remote TACACS server configuration Global Settings Communication Key with TACACS Server Server Port Number 49 Retransmit Times 2 Request Times 5 Server 1 Server IP address 1 2 3 4 Communication key with TACAC...

Page 431: ...User s Manual of IGSW 2840 431 tacacs 1 Console ...

Page 432: ...face for 802 1X service requests IC accounting exec Applies an accounting method to local console Telnet orSSH connections Line accounting commands Applies an accounting method to CLI commands entered by a user Line aaa authorization exec Enables authorization of Exec sessions GC authorization exec Applies an authorization method to local console Telnet orSSH connections Line show accounting Displ...

Page 433: ... Example Specify the group name for a list of RADIUS servers and then specify the server to add to the group Console config aaa group server radius tps Console config sg radius server 10 2 68 120 Console config sg radius aaa accounting dot1x This command enables the accounting of requested 802 1X services for network connections Use the no form to disable the accounting service Syntax aaa accounti...

Page 434: ... for network connections Use the no form to disable the accounting service Syntax aaa accounting exec default method name start stop group radius tacacs server group no aaa accounting exec default method name default Specifies the default accounting method for service requests method name Specifies an accounting method for service requests Range 1 255 characters start stop Records accounting from ...

Page 435: ...efault Specifies the default accounting method for service requests method name Specifies an accounting method for service requests Range 1 255 characters start stop Records accounting from starting point and stopping point group Specifies the server group to use tacacs Specifies all TACACS hosts configure with the tacacs server host command described on page 4 93 server group Specifies the name o...

Page 436: ...g the command without specifying an interim interval enables updates but does not change the current interval setting Example Console config aaa accounting update periodic 30 Console config accounting dot1x This command applies an accounting method for 802 1X service requests on an interface Use the no form to disable accounting on the interface Syntax accounting dot1x default list name no account...

Page 437: ...g line console Console config line accounting exec tps Console config line exit Console config line vty Console config line accounting exec default Console config line accounting commands This command applies an accounting method to entered CLI commands Use the no form to disable accounting for entered commands Syntax accounting commands level default list name no accounting commands level level T...

Page 438: ...onfigured with the aaa group server command described on 4 97 Range 1 255 characters Default Setting Authorization is not enabled No servers are specified Command Mode Global Configuration Command Usage This command performs authorization to determine if a user is allowed to run an Exec shell The user must be authenticated before AAA authorization is enabled If this command is issued without a spe...

Page 439: ...lays the current accounting settings per function and per port Syntax show accounting commands level dot1x statistics username user name interface exec statistics statistics commands Displays accounting information for CLI commands entered at the specified privilege level level The CLI command privilege level Range 0 15 dot1x Displays dot1x accounting information exec Displays Exec accounting reco...

Page 440: ...xample Console show accounting Accounting type dot1x Method list default Group list radius Interface Method list tps Group list radius Interface eth 1 2 Accounting type Exec Method list default Group list radius Interface vty Console ...

Page 441: ...fies the UDP port number for HTTPS GC Table 5 33 Web Server Commands ip http port This command specifies the TCP port number used by the web browser interface Use the no form to use the default port Syntax ip http port port number no ip http port port number The TCP port to be used by the browser interface Range 1 65535 Default Setting 80 Command Mode Global Configuration Example Console config ip...

Page 442: ...ablished in this way The client authenticates the server using the server s digital certificate The client and server negotiate a set of security protocols to use for the connection The client and server generate session keys for encrypting and decrypting data The client and server establish a secure encrypted connection A padlock icon should appear in the status bar for Internet Explorer 5 x or a...

Page 443: ...Syntax ip http secure port port_number no ip http secure port port_number The UDP port used for HTTPS SSL Range 1 65535 Default Setting 443 Command Mode Global Configuration Command Usage You cannot configure the HTTP and HTTPS servers to use the same port If you change the HTTPS port number clients attempting to connect to the HTTPS server must specify the port number in the URL in this format ht...

Page 444: ...lso specifies the TCP port number used by the Telnet interface Use the no form without the port keyword to disable this function Use the no from with the port keyword to use the default port Syntax ip telnet server port port number no telnet server port port The TCP port used by the Telnet interface port number The TCP port number to be used by the browser interface Range 1 65535 Default Setting S...

Page 445: ...tatus of current SSH sessions PE show public key Shows the public key for the specified user or for the host PE show users Shows SSH users including privilege level and public key type PE Table 5 36 Secure Shell Commands Configuration Guidelines The SSH server on this Industrial Managed Switch supports both password and public key authentication If password authentication is specified by the SSH c...

Page 446: ...828519254374603100937187721199 69631781366277414168985132049117204830339254324101637997592371449011938 00609025394840848271781943722884025331159521348610229029789827213532671 31629432532818915045306393916643 steve 192 168 1 19 4 Set the Optional Parameters Set other optional parameters including the authentication timeout the number of retries and the server key size 5 Enable SSH Service Use the i...

Page 447: ...fies the client to proceed with the authentication process Otherwise it rejects the request c The client sends a signature generated using the private key to the switch d When the server receives this message it checks whether the supplied key is acceptable for authentication and if so it then checks whether the signature is correct If both checks succeed the client is authenticated The SSH server...

Page 448: ...h timeout seconds no ip ssh timeout seconds The timeout for client response during SSH negotiation Range 1 120 Default Setting 10 seconds Command Mode Global Configuration Command Usage The timeout specifies the interval the switch will wait for a response from the client during the SSH negotiation phase Once an SSH session has been established the timeout for user input is controlled by the exec ...

Page 449: ...nfiguration Example Console config ip ssh authentication retires 2 Console config Related Commands show ip ssh ip ssh server key size This command sets the SSH server key size Use the no form to restore the default setting Syntax ip ssh server key size key size no ip ssh server key size key size The size of server key Range 512 896 bits Default Setting 768 bits Command Mode Global Configuration Co...

Page 450: ... generate dsa rsa dsa DSA Version 2 key type rsa RSA Version 1 key type Default Setting Generates both the DSA and RSA key pairs Command Mode Privileged Exec Command Usage This command stores the host key pair in memory i e RAM Use the ip ssh save host key command to save the host key pair to flash memory Some SSH client programs automatically add the public key to the known hosts file as part of ...

Page 451: ...is command clears the host key from volatile memory RAM Use the no ip ssh save host key command to clear the host key from flash memory The SSH server must be disabled before you can execute this command Example Console ip ssh crypto zeroize dsa Console Related Commands ip ssh crypto host key generate ip ssh save host key no ip ssh server ip ssh save host key This command saves host key from RAM t...

Page 452: ...nt access to the SSH server Command Mode Privileged Exec Example Console show ip ssh SSH Enabled version 1 99 Negotiation timeout 120 secs Authentication retries 3 Server key size 768 bits Console show ssh This command displays the current SSH server connections Command Mode Privileged Exec Example Console show ssh Connection Version State Username Encryption 0 2 0 Session Started admin ctos aes12...

Page 453: ...ifferent algorithms for the client to server ctos and server to client stoc aes128 cbc hmac sha1 aes192 cbc hmac sha1 aes256 cbc hmac sha1 3des cbc hmac sha1 blowfish cbc hmac sha1 aes128 cbc hmac md5 aes192 cbc hmac md5 aes256 cbc hmac md5 3des cbc hmac md5 blowfish cbc hmac md5 Terminology DES Data Encryption Standard 56 bit key 3DES Triple DES Uses three iterations of DES 112 bit key aes Advanc...

Page 454: ...public key host Host RSA 1024 35 1568499540186766925933394677505461732531367489083654725415020245593199868 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA ssh dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3d...

Page 455: ...port IC dot1x re authenticate Forces re authentication on specific ports PE dot1x re authentication Enables re authentication for all ports IC dot1x timeout quiet period Sets the time that a switch port waits after the Max Request Count has been exceeded before attempting to acquire a new client IC dot1x timeout re authperiod Sets the time period after which a connected client must be re authentic...

Page 456: ...uests Range 1 10 Default 2 Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x max req 2 Console config if dot1x port control This command sets the dot1x mode on a port interface Use the no form to restore the default Syntax dot1x port control auto force authorized force unauthorized no dot1x port control auto Requires a dot1x aware connected clien...

Page 457: ...t to this port multi host Allows multiple host to connect to this port max count Keyword for the maximum number of hosts count The maximum number of hosts that can connect to a port Range 1 1024 Default 5 Default Single host Command Mode Interface Configuration Command Usage The max count parameter specified by this command is only effective if the dot1x mode is set to auto by the dot1x port contr...

Page 458: ...sole dot1x re authenticate Console dot1x re authentication This command enables periodic re authentication globally for all ports Use the no form to disable re authentication Syntax no dot1x re authentication Command Mode Interface Configuration Command Usage The re authentication process verifies the connected client s user ID and password on the RADIUS server During re authentication the client ...

Page 459: ...s Range 1 65535 Default 60 seconds Command Mode Interface Configuration Example Console config interface eth 1 2 Console config if dot1x timeout quiet period 350 Console config if dot1x timeout re authperiod This command sets the time period after which a connected client must be re authenticated Syntax dot1x timeout re authperiod seconds no dot1x timeout re authperiod seconds The number of second...

Page 460: ...action This command sets the port s response to a failed authentication either to block all traffic or to assign all traffic for the port to a guest VLAN Use the no form to reset the default Syntax dot1x intrusion action block traffic guest vlan no dot1x intrusion action block traffic Blocks traffic on this port guest vlan Assigns the user to the Guest VLAN Default block traffic Command Mode Inter...

Page 461: ...l mode Authorized Authorization status yes or n a not authorized 802 1X Port Details Displays the port access control parameters for each interface including the following items reauth enabled Periodic re authentication reauth period Time after which a connected client must be re authenticated quiet period Time a port waits after Max Request Count is exceeded before attempting to acquire a new cli...

Page 462: ...mes connecting state is re entered Backend State Machine State Current state including request response success fail timeout idle initialize Request Count Number of EAP Request packets sent to the Supplicant without receiving a response Identifier Server Identifier carried in the most recent EAP Success Failure or Request packet received from the Authentication Server Reauthentication State Machin...

Page 463: ...commands used to configure IP management access to the switch Command Function Mode management Configures IP addresses that are allowed management access GC show management Displays the switch to be monitored or configured from a browser PE Table 5 39 IP Filter Commands management This command specifies the client IP addresses that are allowed management access to the switch through various protoc...

Page 464: ...ifferent groups the switch will accept overlapping address ranges You cannot delete an individual address from a specified range You must delete the entire range and reenter the addresses You can delete an address range just by specifying the start address or by specifying both the start address and end address Example This Example restricts management access to the indicated addresses Console con...

Page 465: ...ured to allow network client access by specifying a fixed set of MAC addresses The addresses assigned to DHCP clients can also be carefully controlled using static or dynamic bindings with the IP Source Guard and DHCP Snooping commands Table 4 40 Client Security Commands Command Group Function Private VLANs Configures private VLANs including uplink and downlink ports Port Security Configures secur...

Page 466: ... a static address to a port in a VLAN GC show mac address table Displays entries in the bridge forwarding database PE Table 5 41 Port Security Commands port security This command enables or configures port security Use the no form without any keywords to disable port security Use the no form with the appropriate keyword to restore the default settings for a response to security violation or for th...

Page 467: ...rap Console config if Related Commands shutdown mac address table static show mac address table 5 13 2 Network Access MAC Address Authentication Network Access authentication controls access to the network by authenticating the MAC address of each host that attempts to connect to a switch port Traffic received from a specific MAC address is forwarded by the switch only if the source MAC address is...

Page 468: ...both equal to the MAC address being authenticated On the RADIUS server PAP usernames and passwords must be configured in the MAC address format XX XX XX XX XX XX all in upper case Authenticated MAC addresses are stored as dynamic entries in the switch secure MAC address table and are removed when the aging time expires The maximum number of secure MAC addresses supported for the switch system is 1...

Page 469: ...mand Usage The maximum number of MAC addresses per port is 2048 and the maximum number of secure MAC addresses supported for the switch system is 1024 When the limit is reached all new MAC addresses are treated as an authentication failed Example Console config if network access max mac count 5 Console config if mac authentication intrusion action Use this command to configure the port response to...

Page 470: ...m to disable dynamic VLAN assignment Syntax no network access dynamic vlan Default Setting Enabled Command Mode Interface Configuration Command Usage When enabled the VLAN identifiers returned by the RADIUS server will be applied to the port providing the VLANs have already been created on the switch GVRP is not used to create the VLANs The VLAN settings specified by the first authenticated MAC ad...

Page 471: ...Command Mode Interface Configuration Command Usage The VLAN to be used as the guest VLAN must be defined and set as active see vlan database on page 4 225 When used with 802 1X authentication the intrusion action must be set for guest vlan to be effective see dot1x intrusion action Example Console config interface ethernet 1 1 Console config if network access guest vlan 25 Console config if mac au...

Page 472: ...th time 300 Console config clear network access Use this command to clear entries from the secure MAC addresses table Syntax clear network access mac address table static dynamic address mac address interface interface static Specifies static address entries dynamic Specifies dynamic address entries mac address Specifies a MAC address entry Format xx xx xx xx xx xx interface Specifies a port inter...

Page 473: ... 1 Global secure port information Reauthentication Time 1800 Port 1 1 MAC Authentication Disabled MAC Authentication Intrusion action Block traffic MAC Authentication Maximum MAC Counts 1024 Maximum MAC Counts 2048 Dynamic VLAN Assignment Enabled Guest VLAN Disabled Console show network access mac address table Use this command to display secure MAC address table entries Syntax show network access...

Page 474: ...DIUS Server Attribute Time 1 1 00 00 01 02 03 04 172 155 120 17 Static 00d06h32m50s 1 1 00 00 01 02 03 05 172 155 120 17 Dynamic 00d06h33m20s 1 1 00 00 01 02 03 06 172 155 120 17 Static 00d06h35m10s 1 3 00 00 01 02 03 07 172 155 120 17 Dynamic 00d06h34m20s Console 5 13 3 Web Authentication Web authentication allows stations to authenticate and access the network in situations where 802 1X or Netwo...

Page 475: ...orces the users to re authenticate PE web auth re authenticate IP Ends the web authentication session associated with the designated IP address and forces the user to re authenticate PE show web auth Displays global web authentication parameters PE show web auth interface Displays interface specific web authenticationparameters and statistics PE show web auth summary Displays a summary of web auth...

Page 476: ...eb auth session timeout This command defines the amount of time a web authentication session remains valid When the session timeout has been reached the host is logged off and must be re authenticated the next time data is transmitted Use the no form to restore the default Syntax web auth session timeout timeout no web auth session timeout timeout The amount of time that an authenticated session r...

Page 477: ...ore the default Syntax no web auth Default Setting Disabled Command Mode Interface Configuration Command Usage Both web auth system auth control for the switch and web auth for a port must be enabled for web authentication to be active Example Console config if web auth Console config if web auth re authenticate Port This command ends all web authentication sessions connected to the port and force...

Page 478: ...ces the user to re authenticate Syntax web auth re authenticate interface interface ip interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 28 ip IPv4 formatted IP address Default Setting None Command Mode Privileged Exec Example Console web auth re authenticate interface ethernet 1 2 192 168 1 5 Console show web auth This command displays global web...

Page 479: ... and statistics Syntax show web auth interface interface interface Specifies a port interface ethernet unit port unit This is unit 1 port Port number Range 1 20 Default Setting None Command Mode Privileged Exec Command Usage The session timeout displayed by this command is expressed in seconds Example Console show web auth interface ethernet 1 2 Web Auth Status Enabled Host Summary IP address Web ...

Page 480: ... information to a DHCP server This information can be useful in tracking an IP address back to a physical port This section describes commands used to configure DHCP snooping Command Function Mode ip dhcp snooping Enables DHCP snooping globally GC ip dhcp snooping vlan Enables DHCP snooping on the specified VLAN GC ip dhcp snooping trust Configures the specified interface as trusted IC ip dhcp sno...

Page 481: ...ess lease time VLAN identifier and port identifier When DHCP snooping is enabled the rate limit for the number of DHCP messages that can be processed by the switch is 100 packets per second Any DHCP packets in excess of this limit are dropped Filtering rules are implemented as follows If the global DHCP snooping is disabled all DHCP packets are forwarded If DHCP snooping is enabled globally and al...

Page 482: ...Also when the switch sends out DHCP client packets for itself no filtering takes place However when the switch receives any messages from a DHCP server any packets received from untrusted ports are dropped Example This Example enables DHCP snooping globally for the switch Console config ip dhcp snooping Console config Related Commands ip dhcp snooping vlan ip dhcp snooping trust ip dhcp snooping v...

Page 483: ...ve only messages from within the network An untrusted interface is an interface that is configured to receive messages from outside the network or firewall Set all ports connected to DHCP servers within the local network or firewall to trusted and all other ports outside the local network or firewall to untrusted When DHCP snooping ia enabled globally using the ip dhcp snooping command page 4 146 ...

Page 484: ...rify mac address Default Setting Enabled Command Mode Global Configuration Command Usage If MAC address verification is enabled and the source MAC address in the Ethernet header of the packet is not same as the client s hardware address in the DHCP packet the packet is dropped Example This Example enables MAC address verification Console config ip dhcp snooping verify mac address Console config Re...

Page 485: ...lowing situations DHCP snooping is disabled The request packet contains a valid relay agent address field DHCP reply packets are flooded onto all attached VLANs other than the inbound management VLAN under the following situations The reply packet does not contain Option 82 information The reply packet contains a valid relay agent address field that is not the address of this switch or a zero rela...

Page 486: ...ormation Example Console config ip dhcp snooping information policy drop Console config Related Commands ip dhcp snooping information option ip dhcp snooping show ip dhcp snooping This command shows the DHCP snooping configuration settings Command Mode Privileged Exec Example Console show ip dhcp snooping Global DHCP Snooping status disable DHCP Snooping Information Option Status disable DHCP Snoo...

Page 487: ...section describes commands used to configure IP Source Guard Command Function Mode ip source guard Configures the switch to filter inbound traffic based on source IPaddress or source IP address and corresponding MAC address IC ip source guard binding Adds a static address to the source guard binding table GC show ip source guard Shows whether source guard is enabled or disabled on eachinterface PE...

Page 488: ... configured by the DHCP server itself static entries include a manually configured lease time If the IP source guard is enabled an inbound packet s IP address sip option or both its IP address and corresponding MAC address sip mac option will be checked against the binding table If no matching entry is found the packet will be dropped Filtering rules are implemented as follows If DHCP snooping is ...

Page 489: ... zero by the show ip source guard command When source guard is enabled traffic is filtered based upon dynamic entries learned via DHCP snooping or static addresses configured in the source guard binding table with this command Static bindings are processed as follows If there is no entry with same VLAN ID and MAC address a new entry is added to binding table using the type of static IP source guar...

Page 490: ...mmands see page 4 146 static Shows static entries configured with the ip source guard binding command see page 4 155 Command Mode Privileged Exec Access Control List Commands Example Console show ip source guard binding MacAddress IpAddress Lease sec Type VLAN Interface 11 22 33 44 55 66 192 168 0 99 0 Static 1 Eth 1 5 Console 5 14 Access Control List Commands Access Control Lists ACL provide pack...

Page 491: ...source IP address STD ACL permit deny Filters packets meeting the specified criteria including source and destination IP address TCP UDP port number protocol type and TCP control code EXT ACL show ip access list Displays the rules for configured IP ACLs PE ip access group Adds a port to an IP ACL IC show ip access group Shows port assignments for IP ACLs PE map access list ip Sets the CoS value an...

Page 492: ...ands permit deny 4 159 ip access group show ip access list permit deny Standard ACL This command adds a rule to a Standard IP ACL The rule sets a filter condition for packets emanating from the specified source Use the no form to remove a rule Syntax no permit deny any source bitmask host source any Any source IP address source Source IP address bitmask Decimal number representing the address bits...

Page 493: ...o remove a rule Syntax no permit deny protocol number udp any source address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport end destination port dport end no permit deny tcp any source address bitmask host source any destination address bitmask host destination precedence precedence dscp dscp source port sport end destination ...

Page 494: ...ering the port s to which this ACL has been assigned The following control codes may be specified 1 fin Finish 2 syn Synchronize 4 rst Reset 8 psh Push 16 ack Acknowledgement 32 urg Urgent pointer To define more than one control code set the equivalent binary bit to 1 to indicate the required codes For Example to set both SYN and ACK valid use control code 18 Example This Example accepts any incom...

Page 495: ...ole config ext acl Related Commands access list ip show ip access list This command displays the rules for configured IP ACLs Syntax show ip access list standard extended acl_name standard Specifies a standard IP ACL extended Specifies an extended IP ACL acl_name Name of the ACL Maximum length 16 characters Command Mode Privileged Exec Example Console show ip access list standard IP standard acces...

Page 496: ...t can only be bound to one ACL If a port is already bound to an ACL and you bind it to a different ACL the switch will replace the old binding with the new one You must configure a mask for an ACL rule before you can bind it to a port Example Console config int eth 1 25 Console config if ip access group david in Console config if Related Commands show ip access list show ip access group This comma...

Page 497: ...rnet Command Usage You must configure an ACL before you can map CoS values to the rule A packet matching a rule within the specified ACL is mapped to one of the output queues as shown in the following table For information on mapping the CoS values to output queues see queue cos map Priority 1 2 0 3 4 5 6 7 Queue 0 1 2 3 Table 5 48 Egress Queue Priority Mapping Example Console config interface eth...

Page 498: ...list mac Creates a MAC ACL and enters configuration mode GC permit deny Filters packets matching a specified source and destination address packet format and Ethernet type MAC ACL show mac access list Displays the rules for configured MAC ACLs PE mac access group Adds a port to a MAC ACL IC show mac access group Shows port assignments for MAC ACLs PE map access list mac Sets the CoS value and corr...

Page 499: ...ermit deny mac access group show mac access list permit deny MAC ACL This command adds a rule to a MAC ACL The rule filters packets matching a specified MAC source or destination address i e physical layer address or Ethernet protocol type Use the no form to remove a rule Syntax no permit deny any host source source address bitmask any host destination destination address bitmask cos cos value vid...

Page 500: ...0 ffff hex protocol bitmask22 Protocol bitmask Range 600 fff hex Default Setting None Command Mode MAC ACL 22 For all bitmasks 1 means care and 0 means ignore Command Usage New rules are added to the end of the list The ethertype option can only be used to filter Ethernet II formatted packets A detailed listing of Ethernet protocol types can be found in RFC 1060 A few of the more common types incl...

Page 501: ...inds a port to a MAC ACL Use the no form to remove the port Syntax mac access group acl_name in out acl_name Name of the ACL Maximum length 16 characters in Indicates that this list applies to ingress packets out Indicates that this list applies to egress packets Default Setting None Command Mode Interface Configuration Ethernet Command Usage A port can only be bound to one ACL If a port is alread...

Page 502: ...ly used to map the matching packet to an output queue it is not written to the packet itself Use the no form to remove the CoS mapping Syntax no map access list mac acl_name cos cos queue acl_name Name of the MAC ACL Maximum length 16 characters cos queue Port CoS queue Range 0 3 Default Setting None Command Mode Interface Configuration Ethernet Command Usage You must configure an ACL before you c...

Page 503: ...etermines the output queue for packets matching an ACL rule Syntax show map access list mac interface interface ethernet unit port unit This is unit 1 port Port number Command Mode Privileged Exec Example Console show map access list mac Access list to COS of Eth 1 5 Access list jerry cos 0 Console Related Commands map access list mac 5 14 3 ACL Information Command Function Mode show access list S...

Page 504: ...5 255 0 any permit 192 168 1 0 255 255 255 0 any destination port 80 80 permit 192 168 1 0 255 255 255 0 any protocol tcp control code 2 IP access list jerry permit any host 00 30 29 94 34 de ethertype 800 800 IP extended access list A6 deny tcp any any control flag 2 permit any any Console show access group This command shows the port assignments of ACLs Command Mode Privileged Executive Example ...

Page 505: ...flow control on a given interface IC shutdown Disables an interface IC broadcast byte rate Configures the broadcast storm control threshold GC switchport broadcast Enables broadcast storm control on an interface IC clear counters Clears statistics on an interface PE show interfaces status Displays status for the specified interface NE PE show interfaces counters Displays statistics for the specifi...

Page 506: ...er what is attached to this interface Range 1 64 characters Default Setting None Command Mode Interface Configuration Ethernet Port Channel Example The following Example adds a description to port 24 Console config interface ethernet 1 24 Console config if description RD SW 3 Console config if speed duplex This command configures the speed and duplex mode of a given interface when autonegotiation ...

Page 507: ...uplex mode specified in a speed duplex command use the no negotiation command to disable auto negotiation on the selected interface When using the negotiation command to enable auto negotiation the optimal settings will be determined by the capabilities command To set the speed duplex mode under auto negotiation the required mode must be specified in the capabilities list for an interface Example ...

Page 508: ...pabilities speed duplex capabilities This command advertises the port capabilities of a given interface during autonegotiation Use the no form with parameters to remove an advertised capability or the no form without parameters to restore the default values Syntax no capabilities 1000full 100full 100half 10full 10half flowcontrol symmetric 1000full Supports 1000 Mbps full duplex operation 100full ...

Page 509: ...ontrol Console config interface ethernet 1 5 Console config if capabilities 100half Console config if capabilities 100full Console config if capabilities flowcontrol Console config if Related Commands negotiation speed duplex flowcontrol flowcontrol This command enables flow control Use the no form to disable flow control Syntax no flowcontrol Default Setting Disabled Command Mode Interface Config...

Page 510: ...bles flow control on port 5 Console config interface ethernet 1 5 Console config if flowcontrol Console config if no negotiation Console config if Related Commands negotiation capabilities flowcontrol symmetric shutdown This command disables an interface To restart a disabled interface use the no form Syntax no shutdown Default Setting All interfaces are enabled Command Mode Interface Configuratio...

Page 511: ... broadcast threshold For example to set a threshold of 500 Kbytes per second choose 100K for the scale and 5 for the level The specified threshold value applies to all ports on the switch Example The following shows how to set the broadcast storm control threshold at 500 Kbytes per second Console config broadcast byte rate 100 level 5 Console config switchport broadcast This command enables broadc...

Page 512: ...channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Command Usage Statistics are only initialized for a power reset This command sets the base value for displayed statistics to zero for the current management session However if you log out and back into the management interface the statistics displayed will show the absolute value accumulated since the last power reset ...

Page 513: ... 5 Information of Eth 1 5 Basic Information Port Type 100TX Mac Address 00 30 4F 10 22 A1 Configuration Name Port Admin Up Speed duplex Auto Capabilities 10half 10full 100half 100full Broadcast Storm Enabled Broadcast Storm Limit scale 1000K level 5 octets second Flow Control Disabled LACP Disabled Port Security Disabled Max MAC Count 0 Port Security Action None Current Status Link Status Up Port ...

Page 514: ...Discard input 0 Discard output 0 Error input 0 Error output 0 Unknown protos input 0 QLen output 0 Extended iftable stats Multi cast input 0 Multi cast output 3064 Broadcast input 262 Broadcast output 1 Ether like stats Alignment errors 0 FCS errors 0 Single Collision frames 0 Multiple collision frames 0 SQE Test errors 0 Deferred transmissions 0 Late collisions 0 Excessive collisions 0 Internal m...

Page 515: ...ileged Exec Command Usage If no interface is specified information on all interfaces is displayed Example This Example shows the configuration setting for port 2 Console show interfaces switchport ethernet 1 2 Information of Eth 1 2 Broadcast Threshold Enabled scale 1000K level 5 octets second LACP Status Disabled Ingress Rate Limit Disabled scale 10M level 1 Egress Rate Limit Disabled scale 10M l...

Page 516: ...clude all types or tagged frames only Native VLAN Indicates the default Port VLAN ID Priority for UntaggedTraffic Indicates the default priority for untagged frames GVRP Status Shows if GARP VLAN Registration Protocol is enabled or disabled Allowed VLAN Shows the VLANs this interface has joined where u indicates untagged and t indicates tagged Forbidden VLAN Shows the VLANs this interface can not ...

Page 517: ...s LACP system priority IC Ethernet lacp admin key Configures a port s administration key IC Ethernet lacp admin key Configures an port channel s administration key IC Port Channel lacp port priority Configures a port s LACP port priority IC Ethernet Trunk Status Display Command show interfaces status port channel Shows trunk information NE PE show lacp Shows LACP information PE Table 5 54 Link Agg...

Page 518: ...is used to select the backup link channel group This command adds a port to a trunk Use the no form to remove a port from a trunk Syntax channel group channel id no channel group channel id Trunk index Range 1 12 Default Setting The current port will be added to this trunk Command Mode Interface Configuration Ethernet Command Usage When configuring static trunks the switches must comply with the C...

Page 519: ... be enabled if one of the active links fails Example The following shows LACP enabled on ports 11 13 Because LACP has also been enabled on the ports at the other end of the links the show interfaces status port channel 1 command shows that Trunk 1 has been established Console config interface ethernet 1 11 Console config if lacp Console config if exit Console config interface ethernet 1 12 Console...

Page 520: ...ggregation group LAG membership and to identify this device to other switches during LAG negotiations Range 0 65535 Default Setting 32768 Command Mode Interface Configuration Ethernet Command Usage Port must be configured with the same system priority to join the same LAG System priority is combined with the switch s MAC address to form the LAG identifier This identifier is used to indicate a spec...

Page 521: ... 2 the LACP port admin key matches and 3 the LACP port channel key matches if configured If the port channel admin key lacp admin key Port Channel is not set when a channel group is formed i e it has the null value of 0 this key is set to the same value as the port admin key lacp admin key Ethernet Interface used by the interfaces that joined the group Once the remote side of a link has been estab...

Page 522: ... joined the group Note that when the LAG is no longer used the port channel admin key is reset to 0 Example Console config interface port channel 1 Console config if lacp actor admin key 3 Console config if lacp port priority This command configures LACP port priority Use the no form to restore the Default Setting Syntax lacp actor partner port priority priority no lacp actor partner port priority...

Page 523: ...command displays LACP information Syntax show lacp port channel counters internal neighbors sysid port channel Local identifier for a link aggregation group Range 1 12 counters Statistics for LACP protocol messages internal Configuration settings and operational state for local side neighbors Configuration settings and operational state for remote side sysid Summary of system priority and MAC addr...

Page 524: ...Type value but contain a badly formed PDU or an illegal value of Protocol Subtype Table 5 55 show lacp counters display description Console show lacp 1 internal Port channel 1 Oper Key 4 Admin Key 0 Eth 1 1 LACPDUs Internal 30 sec LACP System Priority 32768 LACP Port Priority 32768 Admin Key 4 Oper Key 4 Admin State defaulted aggregation long timeout LACP activity Oper State distributing collectin...

Page 525: ... to be IN_SYNC i e it has beenallocated to the correct Link Aggregation Group the group has been associatedwith a compatible Aggregator and the identity of the Link Aggregation Group is consistent with the System ID and operational Key information transmitted Aggregation The system considers this link to be aggregatable i e a potential candidate for aggregation Long timeout Periodic transmission o...

Page 526: ...the Key for the protocol partner Oper Key Current operational value of the Key for the protocol partner Admin State Administrative values of the partner s state parameters See preceding table Oper State Operational values of the partner s state parameters See preceding table Table 5 57 show lacp neighbors display description Console show lacp sysid Port Channel System Priority System MAC Address 1...

Page 527: ...oring is for both received and transmitted packets Command Mode Interface Configuration Ethernet destination port Command Usage You can mirror traffic from any source port to a destination port for real time analysis You can then attach a logic analyzer or RMON probe to the destination port and study the traffic crossing the source port in a completely unobtrusive manner The destination port is se...

Page 528: ...le config if end Console show port monitor Port Mirroring Destination port listen port Eth1 11 Source port monitored port Eth1 6 Mode RX Console 5 18 Rate Limit Commands This function allows the network manager to control the maximum rate for traffic received on an interface Rate limiting is configured on interfaces at the edge of a network to limit traffic into the network Packets that exceed the...

Page 529: ... limit port traffic to 500K bytes per second select the scale as 100K and set the level to 5 Example Console config interface ethernet 1 1 Console config if rate limit input scale 100k level 5 Console config if 5 19 Address Table Commands These commands are used to configure the address table for filtering specified addresses displaying current entries clearing the table or setting the aging time ...

Page 530: ...r a host device can be assigned to a specific port within a specific VLAN Use this command to add static addresses to the MAC Address Table Static addresses have the following characteristics Static addresses will not be removed from the address table when a given interface link is down Static addresses are bound to the assigned interface and will not be moved When a static address is seen on anot...

Page 531: ...ort by address vlan or interface Default Setting None Command Mode Privileged Exec Command Usage The MAC Address Table contains the MAC addresses associated with each interface Note that the Type field may include the following types Learned Dynamic address entries Permanent Static entry Delete on reset Static entry to be deleted when system is reset The mask should be hexadecimal numbers represen...

Page 532: ...t aging time Syntax mac address table aging time seconds no mac address table aging time seconds Aging time Range 10 98301 seconds 0 to disable aging Default Setting 300 seconds Command Mode Global Configuration Command Usage The aging time is used to age out dynamically learned forwarding information Example Console config mac address table aging time 100 Console config show mac address table agi...

Page 533: ...ransmission limit for RSTP MSTP GC spanning tree mst configuration Changes to MSTP configuration mode GC mst vlan Adds VLANs to a spanning tree instance MST mst priority Configures the priority of a spanning tree instance MST name Configures the name for the multiple spanning tree MST revision Configures the revision number for the multiple spanning tree MST max hops Configures the maximum number ...

Page 534: ...bled Command Mode Global Configuration Command Usage The Spanning Tree Algorithm STA can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices that is an STA compliant switch bridge or router in your network to ensure that only one route exists between any two stations on the networ...

Page 535: ...r expires the switch assumes it is connected to an 802 1D bridge and starts using only 802 1D BPDUs RSTP Mode If RSTP is using 802 1D BPDUs on a port and receives an RSTP BPDU after the migration delay expires RSTP restarts the migration delay timer and begins using RSTP BPDUs on that port Multiple Spanning Tree Protocol To allow multiple spanning trees to operate over the network you must configu...

Page 536: ...turn to the discarding state otherwise temporary data loops might result Example Console config spanning tree forward time 20 Console config spanning tree hello time This command configures the spanning tree bridge hello time globally for this switch Use the no form to restore the default Syntax spanning tree hello time time no spanning tree hello time time Time in seconds Range 1 10 seconds The m...

Page 537: ... for designated ports should receive configuration messages at regular intervals Any port that ages out STA information provided in the last configuration message becomes the designated port for the attached LAN If it is a root port a new root port is selected from among the device ports attached to the network Example Console config spanning tree max age 40 Console config Related Commands spannin...

Page 538: ... to restore the default Syntax spanning tree pathcost method long short no spanning tree pathcost method long Specifies 32 bit based values that range from 1 200 000 000 This method is based on the IEEE 802 1w Rapid Spanning Tree Protocol short Specifies 16 bit based values that range from 1 65535 This method is based on the IEEE 802 1 Spanning Tree Protocol Default Setting Long method Command Mod...

Page 539: ...Command Mode Global Configuration Command Usage This command limits the maximum transmission rate for BPDUs Example Console config spanning tree transmission limit 4 Console config spanning tree mst configuration This command changes to Multiple Spanning Tree MST configuration mode Default Setting No VLANs are mapped to any MST instance The region name is set the switch s MAC address Command Mode ...

Page 540: ...assigned to the Internal Spanning Tree MSTI 0 that connects all bridges and LANs within the MST region This switch supports up to 58 instances You should try to group VLANs which cover the same general area of your network However remember that you must configure all bridges within the same MSTI Region with the same set of instances and the same instance on each bridge with the same set of VLANs A...

Page 541: ... specifying a priority of 16384 Example Console config mstp mst 1 priority 4096 Console config mstp name This command configures the name for the multiple spanning tree region in which this switch is located Use the no form to clear the name Syntax name name name Name of the spanning tree Default Setting Switch s MAC address Command Mode MST Configuration Command Usage The MST region name and revi...

Page 542: ...p revision 1 Console config mstp Related Commands name max hops This command configures the maximum number of hops in the region before a BPDU is discarded Use the no form to restore the default Syntax max hops hop number hop number Maximum hop number for multiple spanning tree Range 1 40 Default Setting 20 Command Mode MST Configuration Command Usage An MSTI region is treated as a single node by ...

Page 543: ... spanning disabled Console config if spanning tree cost This command configures the spanning tree path cost for the specified interface Use the no form to restore the default Syntax spanning tree cost cost no spanning tree cost Range 0 for auto configuration 1 65535 for short path cost method23 1 200 000 000 for long path cost method Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Ethernet 50 600 200 ...

Page 544: ...e IEEE 802 1w 2001 Ethernet Half Duplex Full Duplex Trunk 2 000 000 1 000 000 500 000 Fast Ethernet Half Duplex Full Duplex Trunk 200 000 100 000 50 000 Gigabit Ethernet Full Duplex Trunk 10 000 5 000 Table 5 65 Default STA Path Costs Command Mode Interface Configuration Ethernet Port Channel Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devic...

Page 545: ...bled Example Console config interface ethernet 1 5 Console config if spanning tree port priority 0 Related Commands spanning tree cost spanning tree edge port This command specifies an interface as an edge port Use the no form to restore the default Syntax no spanning tree edge port Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage You can enable thi...

Page 546: ... fast spanning tree mode for the selected port In this mode ports skip the Discarding and Learning states and proceed straight to Forwarding Since end nodes cannot cause forwarding loops they can be passed through the spanning tree state changes more quickly than allowed by standard convergence time Fast forwarding can achieve quicker convergence for end node workstations and servers and also over...

Page 547: ...more bridges When automatic detection is selected the switch derives the link type from the duplex mode A full duplex interface is considered a point to point link while a half duplex interface is assumed to be on a shared link RSTP only works on point to point links between two bridges If you designate a port as a shared link RSTP is forbidden Since MSTP is an extension of RSTP this same restrict...

Page 548: ... IDs This command is used by the multiple spanning tree algorithm to determine the best path between devices Therefore lower values should be assigned to interfaces attached to faster media and higher values assigned to interfaces with slower media Use the no spanning tree mst cost command to specify auto configuration mode Path cost takes precedence over interface priority Example Console config ...

Page 549: ...e config if Related Commands spanning tree mst cost spanning tree protocol migration This command re checks the appropriate BPDU format to send on the selected interface Syntax spanning tree protocol migration interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Command Mode Privileged Exec Command Usage If at any time the sw...

Page 550: ...g Tree CST and for every interface in the tree Use the show spanning tree interface command to display the spanning tree configuration for an interface within the Common Spanning Tree CST Use the show spanning tree mst instance_id command to display the spanning tree configuration for an instance within the Multiple Spanning Tree MST For a description of the items displayed under Spanning tree inf...

Page 551: ...ng Eth 1 1 information Admin status enable Role root State forwarding External admin path cost 10000 Internal admin cost 10000 External oper path cost 10000 Internal oper path cost 10000 Priority 128 Designated cost 200000 Designated port 128 24 Designated root 32768 0 0000ABCD0000 Designated bridge 32768 0 0030F1552000 Fast forwarding disable Forward transitions 1 Admin edge port enable Oper edge...

Page 552: ...ation This command shows the configuration of the multiple spanning tree Command Mode Privileged Exec Example Console show spanning tree mst configuration Mstp Configuration Information Configuration name R D Revision level 0 Instance Vlans 0 1 3 4094 1 2 Console ...

Page 553: ...nk and downlink ports Configuring Protocol VLANs Configures protocol based VLANs based on frame type and protocol Configuring Voice VLANs Configures VoIP traffic detection and enables a Voice VLAN Table 5 66 VLAN Command Groups 5 21 1 GVRP and Bridge Extension Commands GARP VLAN Registration Protocol defines a way for switches to exchange VLAN information in order to automatically register VLAN me...

Page 554: ...rp Console config show bridge ext This command shows the configuration for bridge extension commands Default Setting None Command Mode Privileged Exec Command Usage See Displaying Basic VLAN Information on page 3 172 and Displaying Bridge Extension Capabilities on page 3 16 for a description of the displayed items Example Console show bridge ext Max Support VLAN Numbers 256 Max Support VLAN ID 409...

Page 555: ...on This command shows if GVRP is enabled Syntax show gvrp configuration interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting Shows both global and interface specific configuration Command Mode Normal Exec Privileged Exec Example Console show gvrp configuration ethernet 1 6 Eth 1 6 GVRP configuration Enabled Co...

Page 556: ...or deregister client attributes for client services within a bridged LAN The default values for the GARP timers are independent of the media access method or data rate These values should not be changed unless you are experiencing difficulties with GMRP or GVRP registration deregistration Timer values are applied to GVRP for all the ports on all VLANs Timer values must meet the following restricti...

Page 557: ...nit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting Shows all GARP timers Command Mode Normal Exec Privileged Exec VLAN Commands Example Console show garp timer ethernet 1 1 Eth 1 1 GARP timer status Join timer 100 centiseconds Leave timer 60 centiseconds Leaveall timer 1000 centiseconds Console Related Commands garp timer ...

Page 558: ...nges you can display the VLAN settings by entering the show vlan command Use the interface vlan Command Mode to define the port membership mode and add or remove ports from a VLAN The results of these commands are written to the running configuration file and you can display this file by entering the show running config command Example Console config vlan database Console config vlan Related Comma...

Page 559: ...h allows 255 user manageable VLANs One other VLAN VLAN ID 4093 is reserved for switch clustering Example The following Example adds a VLAN using VLAN ID 105 and name RD5 The VLAN is activated by default Console config vlan database Console config vlan vlan 105 name RD5 media ethernet Console config vlan Related Commands show vlan 5 21 3 Configuring VLAN Interfaces Command Function Mode interface v...

Page 560: ...w to set the interface configuration mode to VLAN 1 and then assign an IP address to the VLAN Console config interface vlan 1 Console config if ip address 192 168 1 254 255 255 255 0 Console config if Related Commands shutdown switchport mode This command configures the VLAN membership mode for a port Use the no form to restore the default Syntax switchport mode trunk hybrid private vlan no switch...

Page 561: ...types This command configures the acceptable frame types for a port Use the no form to restore the default Syntax switchport acceptable frame types all tagged no switchport acceptable frame types all The port accepts all frames tagged or untagged tagged The port only receives tagged frames Default Setting All frame types Command Mode Interface Configuration Ethernet Port Channel Command Usage When...

Page 562: ...ring enabled a port will discard received frames tagged for VLANs for it which it is not a member Ingress filtering does not affect VLAN independent BPDU frames such as GVRP or STA However they do affect VLAN dependent BPDU frames such as GMRP Example The following example shows how to select port 1 and then enable ingress filtering Console config interface ethernet 1 1 Console config if switchpor...

Page 563: ...s with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting All ports are assigned to VLAN 1 by default The default frame type is untagged Command Mode Interface Configuration Ethernet Port Channel Command Usage A port or a trunk with switchport mode set to hybrid must be assigned to a VLAN as untagged If a trunk has switchport mode...

Page 564: ...N identifiers to remove vlan list Separate nonconsecutive VLAN identifiers with a comma and no spaces use a hyphen to designate a range of IDs Do not enter leading zeros Range 1 4094 Default Setting No VLANs are included in the forbidden list Command Mode Interface Configuration Ethernet Port Channel Command Usage This command prevents a VLAN from being automatically added to the specified interfa...

Page 565: ... the configured VLAN Range 1 4094 no leading zeroes name Keyword to be followed by the VLAN name vlan name ASCII string from 1 to 32 characters Default Setting Shows all VLANs Command Mode Normal Exec Privileged Exec Example The following example shows how to display information for VLAN 1 Console show vlan id 1 Default VLAN ID 1 VLAN ID 1 Type Static Name DefaultVlan Status Active Ports Port Chan...

Page 566: ... switch to QinQ mode dot1q tunnel system tunnel control 2 Create a SPVLAN vlan 3 Configure the QinQ tunnel access port to dot1Q tunnel access mode switchport dot1q tunnel mode 4 Set the Tag Protocol Identifier TPID value of the tunnel access port This step is required if the attached client is using a nonstandard 2 byte ethertype to identify 802 1Q tagged frames The standard ethertype value is 0x8...

Page 567: ...ures an interface as a QinQ tunnel port Use the no form to disable QinQ on the interface Syntax switchport dot1q tunnel mode access uplink no switchport dot1q tunnel mode access Sets the port as an 802 1Q tunnel access port uplink Sets the port as an 802 1Q tunnel uplink port Default Setting Disabled Command Mode Interface Configuration Ethernet Port Channel Command Usage QinQ tunneling must be en...

Page 568: ...ype to identify 802 1Q tagged frames The standard ethertype value is 0x8100 Range 0800 FFFF hexadecimal Default Setting 0x8100 Command Mode Interface Configuration Ethernet Port Channel Command Usage Use the switchport dot1q tunnel tpid command to set a custom 802 1Q ethertype value on the selected interface This feature allows the switch to interoperate with third party switches that do not use t...

Page 569: ...ort dot1q tunnel mode access Console config if interface ethernet 1 2 Console config if switchport dot1q tunnel mode uplink Console config if end Console show dot1q tunnel Current double tagged status of the system is Enabled The dot1q tunnel mode of the set interface 1 1 is Access mode TPID is 0x8100 The dot1q tunnel mode of the set interface 1 2 is Uplink mode TPID is 0x8100 The dot1q tunnel mod...

Page 570: ...to configure private VLANs Command Function Mode Edit Private VLAN Groups private vlan Adds or deletes primary community or isolated VLANs VC private vlan association Associates a community VLAN with a primary VLAN VC Configure Private VLAN Interfaces switchport modeprivate vlan Sets an interface to host mode or promiscuous mode IC switchport private vlan host association Associates an interface w...

Page 571: ...miscuous ports in the associate primary VLAN primary A VLAN which can contain one or more community VLANs and serves to channel traffic between community VLANs and other locations isolated Specifies an isolated VLAN Ports assigned to an isolated VLAN can only communicate with the promiscuous port within their own VLAN Default Setting None Command Mode VLAN Configuration Command Usage Private VLANs...

Page 572: ...r network resources within the primary VLAN e g servers configured with promiscuous ports and to resources outside of the primary VLAN via promiscuous ports Example Console config vlan private vlan 2 association 3 Console config switchport mode private vlan Use this command to set the private VLAN mode for an interface Use the no form to restore the Default Setting Syntax switchport mode private v...

Page 573: ...d to associate an interface with a secondary VLAN Use the no form to remove this association Syntax switchport private vlan host association secondary vlan id no switchport private vlan host association secondary vlan id ID of secondary i e community VLAN Range 1 4094 no leading zeroes Default Setting None Command Mode Interface Configuration Ethernet Port Channel Command Usage All ports assigned ...

Page 574: ...onsole config interface ethernet 1 3 Console config if switchport private vlan isolated 3 Console config if switchport private vlan mapping Use this command to map an interface to a primary VLAN Use the no form to remove this mapping Syntax switchport private vlan mapping primary vlan id no switchport private vlan mapping primary vlan id ID of primary VLAN Range 1 4094 no leading zeroes Default Se...

Page 575: ...d assigned host interfaces isolated Displays an isolated VLAN along with the assigned promiscuous interface and host interfaces The Primary and Secondary fields both display the isolated VLAN ID primary Displays all primary VLANs along with any assigned promiscuous interfaces Default Setting None Command Mode Privileged Executive Example Console show private vlan Primary Secondary Type Interfaces ...

Page 576: ...igure protocol based VLANs follow these steps 1 First configure VLAN groups for the protocols you want to use page 4 226 Although not mandatory we suggest configuring a separate VLAN for each major protocol running on your network Do not add port members at this time 2 Create a protocol group for each of the protocols you want to assign to a VLAN using the protocol vlan protocol group command Gene...

Page 577: ...rotocol groups are mapped for any interface Command Mode Interface Configuration Ethernet Port Channel Command Usage When creating a protocol based VLAN only assign interfaces via this command If you assign interfaces using any of the other VLAN commands such as the vlan command on page 4 226 these interfaces will admit traffic of any protocol type into the associated VLAN A maximum of 20 protocol...

Page 578: ...a protocol group Range 1 2147483647 Default Setting All protocol groups are displayed Command Mode Privileged Exec Example This example shows many protocol groups configured for various protocol types and frame types Console show protocol vlan protocol group ProtocolGroup ID Frame Type Protocol Type 4 Ethernet 0B AD 8 Ethernet 80 2E 5000 Ethernet 81 37 12 Ethernet 81 46 5000 Ethernet 86 DD 6 RFC 1...

Page 579: ...thernet unit port unit Stack unit Range 1 port Port number Range 1 26 port channel channel id Range 1 12 Default Setting The mapping for all interfaces is displayed Command Mode Privileged Exec Example This shows that traffic entering Port 1 that matches the specifications for protocol group 1 will be mapped to VLAN 2 Console show interfaces protocol vlan protocol group Port ProtocolGroup ID Vlan ...

Page 580: ...oice VLAN settings PE Table 5 74 Voice VLAN Commands voice vlan This command enables VoIP traffic detection and defines the Voice VLAN ID Use the no form to disable the Voice VLAN Syntax voice vlan voice vlan id no voice vlan voice vlan id Specifies the voice VLAN ID Range 1 4094 Default Setting Disabled Command Mode Global Configuration Command Usage When IP telephony is deployed in an enterprise...

Page 581: ...e VLAN when VoIP traffic is no longer received on that port Example The following example configures the Voice VLAN aging time as 3000 minutes Console config voice vlan aging 3000 Console config voice vlan mac address This command specifies MAC address ranges to add to the OUI Telephony list Use the no form to remove an entry from the list Syntax voice vlan mac address mac address mask address mas...

Page 582: ...I Telephony list Console config voice vlan mac address 00 12 34 56 78 90 mask ff ff ff 00 00 00 description A new phone Console config switchport voice vlan This command specifies the Voice VLAN mode for ports Use the no form to disable the Voice VLAN feature on the port Syntax switchport voice vlan manual auto no switchport voice vlan manual The Voice VLAN feature is enabled on the port but the p...

Page 583: ... Command Usage When OUI is selected be sure to configure the MAC address ranges in the Telephony OUI list see the voice vlan mac address command MAC address OUI numbers must be configured in the Telephony OUI list so that the switch recognizes the traffic as being from a VoIP device LLDP checks that the telephone bit in the system capability TLV is turned on See LLDP Commands for more information ...

Page 584: ...g interface ethernet 1 1 Console config if switchport voice vlan security Console config if switchport voice vlan priority This command specifies a CoS priority for VoIP traffic on a port Use the no form to restore the default priority on a port Syntax switchport voice vlan priority priority value no switchport voice vlan priority priority value The CoS priority value Range 0 6 Default Setting 6 C...

Page 585: ...ID 1234 Voice VLAN aging time 1440 minutes Voice VLAN Port Summary Port Mode Security Rule Priority Eth 1 1 Auto Enabled OUI 6 Eth 1 2 Disabled Disabled OUI 6 Eth 1 3 Manual Enabled OUI 5 Eth 1 4 Auto Enabled OUI 6 Eth 1 5 Disabled Disabled OUI 6 Eth 1 6 Disabled Disabled OUI 6 Eth 1 7 Disabled Disabled OUI 6 Eth 1 8 Disabled Disabled OUI 6 Eth 1 9 Disabled Disabled OUI 6 Eth 1 10 Disabled Disable...

Page 586: ...obally on the switch GC lldp holdtime multiplier Configures the time to live TTL value sent in LLDP advertisements GC medFastStartCount Configures how many medFastStart packets are transmitted GC lldp notification interval Configures the allowed interval for sending SNMPnotifications about LLDP changes GC lldp refresh interval Configures the periodic transmit interval for LLDP advertisements GC ll...

Page 587: ...rtise its maximum frame size IC lldp medtlv inventory Configures an LLDP MED enabled port to advertise its inventory identification details IC lldp medtlv location Configures an LLDP MED enabled port to advertise its location identification details IC lldp medtlv med cap Configures an LLDP MED enabled port to advertise its Media Endpoint Device capabilities IC lldp medtlv network policy Configures...

Page 588: ...0 Default Setting Holdtime multiplier 4 TTL 4 30 120 seconds Command Mode Global Configuration Command Usage The time to live tells the receiving LLDP agent how long to retain all information pertaining to the sending LLDP agent if it does not transmit updates in a timely manner Example Console config lldp holdtime multiplier 10 Console config lldp medFastStartCount This command specifies the amou...

Page 589: ...fication interval seconds no lldp notification interval seconds Specifies the periodic interval at which SNMP notifications are sent Range 5 3600 seconds Default Setting 5 seconds Command Mode Global Configuration Command Usage This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management Information about changes in LLDP neighbors that...

Page 590: ...erval holdtime multiplier 65536 Example Console config lldp refresh interval 60 Console config lldp reinit delay This command configures the delay before attempting to re initialize after LLDP ports are disabled or the link goes down Use the no form to restore the Default Setting Syntax lldp reinit delay seconds no lldp reinit delay seconds Specifies the delay before attempting to re initialize LL...

Page 591: ... transmit delay Range 1 8192 seconds Default Setting 2 seconds Command Mode Global Configuration Command Usage The transmit delay is used to prevent a series of successive LLDP transmissions during a short period of rapid changes in local LLDP MIB objects and to increase the probability that multiple rather than single changes are reported in each transmission This attribute must comply with the f...

Page 592: ...Syntax no lldp notification Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This option sends out SNMP trap notifications to designated target stations at the interval specified by the lldp notification interval command page 4 257 Trap notifications include information about state changes in the LLDP MIB IEEE 802 1AB or organization specific LLDP EX...

Page 593: ...057 or oganization specific LLDP EXT DOT1 and LLDP EXT DOT3 MIBs SNMP trap destinations are defined using the snmp server host command Information about additional changes in LLDP neighbors that occur between SNMP notifications is not transmitted Only state changes that exist at the time of a trap notification are included in the transmission An SNMP agent should therefore periodically check the v...

Page 594: ...individual LLDP PDU may contain more than one management address TLV Every management address TLV that reports an address that is accessible on a port and protocol VLAN through the particular port should be accompanied by a port and protocol VLAN TLV that indicates the VLAN identifier VID associated with the management address reported by this TLV Example Console config interface ethernet 1 1 Cons...

Page 595: ...mple Console config interface ethernet 1 1 Console config if lldp basic tlv system capabilities Console config if lldp basic tlv system description This command configures an LLDP enabled port to advertise the system description Use the no form to disable this feature Syntax no lldp basic tlv system description Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Comm...

Page 596: ...is in turn based on the hostname command page 4 16 Example Console config interface ethernet 1 1 Console config if lldp basic tlv system name Console config if lldp dot1 tlv proto ident This command configures an LLDP enabled port to advertise the supported protocols Use the no form to disable this feature Syntax no lldp dot1 tlv proto ident Default Setting Enabled Command Mode Interface Configura...

Page 597: ...rotocol based VLANs on page 4 244 Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv proto vid Console config if lldp dot1 tlv pvid This command configures an LLDP enabled port to advertise its default VLAN ID Use the no form to disable this feature Syntax no lldp dot1 tlv pvid Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command ...

Page 598: ...age 4 245 Example Console config interface ethernet 1 1 Console config if no lldp dot1 tlv vlan name Console config if lldp dot3 tlv link agg This command configures an LLDP enabled port to advertise link aggregation capabilities Use the no form to disable this feature Syntax no lldp dot3 tlv link agg Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage ...

Page 599: ...ties port speed and duplex mode Example Console config interface ethernet 1 1 Console config if no lldp dot3 tlv mac phy Console config if lldp dot3 tlv max frame This command configures an LLDP enabled port to advertise its maximum frame size Use the no form to disable this feature Syntax no lldp dot3 tlv max frame Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel...

Page 600: ...rer model software version and other pertinent information Example Console config interface ethernet 1 1 Console config if no lldp medtlv inventory Console config if lldp medtlv location This command configures an LLDP MED enabled port to advertise its location identification details Use the no form to disable this feature Syntax no lldp medtlv location Default Setting Enabled Command Mode Interfa...

Page 601: ...mple Console config interface ethernet 1 1 Console config if lldp medtlv med cap Console config if lldp medtlv network policy This command configures an LLDP MED enabled port to advertise its network policy configuration Use the no form to disable this feature Syntax no lldp medtlv network policy Default Setting Enabled Command Mode Interface Configuration Ethernet Port Channel Command Usage This ...

Page 602: ...annel id Range 1 12 Command Mode Privileged Exec Example Console show lldp config LLDP Global Configuation LLDP Enable Yes LLDP Transmit interval 30 LLDP Hold Time Multiplier 4 LLDP Delay Interval 2 LLDP Reinit Delay 2 LLDP Notification Interval 5 LLDP MED fast start counts 4 LLDP Port Configuration Interface AdminStatus NotificationEnabled Eth 1 1 Tx Rx True Eth 1 2 Tx Rx True Eth 1 3 Tx Rx True ...

Page 603: ...em description system capabilities management ip address 802 1 specific TLVs Advertised port vid vlan name proto vlan proto ident 802 3 specific TLVs Advertised mac phy link agg max frame MED Configuration MED Notification Enabled True MED Enabled TLVs Advertised med cap network policy location inventory Console ...

Page 604: ...05 System Name System Description PLANET 8 2G Industrial Managed Switch System Capabilities Support Bridge System Capabilities Enable Bridge Management Address 192 168 0 101 IPv4 LLDP Port Information Interface PortID Type PortID PortDesc Eth 1 1 MAC Address 00 01 02 03 04 06 Ethernet Port on unit 1 port 1 Eth 1 2 MAC Address 00 01 02 03 04 07 Ethernet Port on unit 1 port 2 Eth 1 3 MAC Address 00 ...

Page 605: ...emote device LLDP Remote Devices Information Interface ChassisId PortId SysName Eth 1 1 00 01 02 03 04 05 00 01 02 03 04 06 Console show lldp info remote device detail ethernet 1 1 LLDP Remote Devices Information Detail Local PortName Eth 1 1 Chassis Type MAC Address Chassis Id 00 01 02 03 04 05 PortID Type MAC Address PortID 00 01 02 03 04 06 SysName SysDescr IGSW 2840 PortDescr Ethernet Port on ...

Page 606: ...or Entries List Last Updated 2450279 seconds New Neighbor Entries Count 1 Neighbor Entries Deleted Count 0 Neighbor Entries Dropped Count 0 Neighbor Entries Ageout Count 0 Interface NumFramesRecvd NumFramesSent NumFramesDiscarded Eth 1 1 10 11 0 Eth 1 2 0 0 0 Eth 1 3 0 0 0 Eth 1 4 0 0 0 Eth 1 5 0 0 0 switch show lldp info statistics detail ethernet 1 1 LLDP Port Statistics Detail PortName Eth 1 1 ...

Page 607: ...ibes commands used to configure Layer 2 traffic priority on the switch Command Function Mode queue mode Sets the queue mode to strict priority Weighted Round Robin WRR or hybrid GC switchport priority default Sets a port priority for incoming untagged frames IC queue bandwidth Assigns round robin weights to the priority queues GC queue cos map Assigns class of service values to the priority queues...

Page 608: ...ueue weighted 8 will be allowed to transmit up to 8 packets after which the next lower priority queue will be serviced according to it s weighting This prevents the head of line blocking that can occur with strict priority queuing When using hybrid priority queuing mode the switch employ strict priority queuing for the highest priority queue queue 3 before processing queues 2 through 0 according t...

Page 609: ... will be placed in queue 0 of the output port Note that if the output port is an untagged member of the associated VLAN these frames are stripped of all VLAN tags prior to transmission Example The following example shows how to set a default priority on port 3 to 5 Console config interface ethernet 1 3 Console config if switchport priority default 5 Console config if Related Commands show interfac...

Page 610: ... separated list of numbers The CoS value is a number from 0 to 7 where 7 is the highest priority Default Setting This switch supports Class of Service by using four priority queues with Weighted Round Robin queuing for each port Eight separate traffic classes are defined in IEEE 802 1p The default priority levels are assigned according to recommendations in the IEEE 802 1p standard as shown below ...

Page 611: ...Related Commands show queue cos map show queue mode This command shows the current queue mode Default Setting None Command Mode Privileged Exec Example Console show queue mode Queue mode wrr Console show queue bandwidth This command displays the weighted round robin WRR bandwidth allocation for the four priority queues Default Setting None Command Mode Privileged Exec Example Console show queue ba...

Page 612: ... show queue cos map interface interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Example Console show queue cos map ethernet 1 1 Information of Eth 1 1 Traffic Class 0 1 2 3 4 5 6 7 Priority Queue 1 0 0 1 2 2 3 3 Console ...

Page 613: ...ip port Shows the IP port map PE show map ip precedence Shows the IP precedence map PE show map ip tos Shows the IP ToS map PE show map access list Shows CoS value mapped to an access list for an interface PE Table 5 79 Priority Commands Layer 3 and 4 map ip dscp This command enables and sets IP DSCP priority mapping i e Differentiated Services Code Point priority mapping Use the no form to restor...

Page 614: ... to queue 0 then enable the feature on the switch Console config map ip dscp 1 cos 0 Console config map ip dscp Console config map ip port Use this command to enable and set IP port priority mapping i e TCP UDP port priority mapping Use the no form to disable the feature or remove a settting Syntax map ip port port number cos cos queue no map ip port port number port number 16 bit TCP UDP port num...

Page 615: ...g IP Precedence Value 0 1 2 3 4 5 6 7 CoS Queue 0 0 1 1 2 2 3 3 Table 5 81 Mapping IP Precedence to CoS Queues Command Mode Global Configuration Command Usage The command map ip precedence enables the feature on the switch The command map ip precedence precedence value cos cos queue maps IP Precedence values to port CoS queues The precedence for priority mapping is IP Port IP Precedence DSCP TOS a...

Page 616: ...netary cost 0 2 Maximize reliability 1 4 Maximize throughput 2 8 Minimize delay 3 Table 5 82 Mapping IP TOS to CoS Queues Command Mode Global Configuration Command Usage The command map ip tos enables the feature on the switch The command map ip tos tos value cos cos queue maps IP TOS values to port CoS queues The precedence for priority mapping is IP Port IP Precedence DSCP TOS and default switch...

Page 617: ...e Example Console config interface ethernet 1 2 Console config if map access list ip bill cos 0 Console config if map access list mac This command sets the output queue for packets matching a MAC ACL rule Use the no form to remove the CoS queue mapping Syntax no map access list mac acl_name cos cos queue acl_name Name of the MAC ACL Maximum length 16 characters cos queue Port CoS queue Range 0 3 D...

Page 618: ...cp Mapping Status Disabled DSCP COS 0 1 1 0 2 0 3 0 61 0 62 0 63 0 Console Related Commands map ip dscp show map ip port Use this command to show the IP port priority map Syntax show map ip port Command Mode Privileged Exec Example The following shows that FTP traffic has been mapped to CoS value 2 Console show map ip port TCP Port Mapping Status Disabled Port no COS 21 2 Console ...

Page 619: ...ip precedence Command Mode Privileged Exec Example Console show map ip precedence Precedence Mapping Status Enabled Precedence COS 0 0 1 0 2 1 3 1 4 2 5 2 6 3 7 3 Console Related Commands map ip precedence show map ip tos Use this command to show the IP ToS priority map Syntax show map ip tos Command Mode Privileged Exec Class of Service Commands Example ...

Page 620: ...User s Manual of IGSW 2840 620 Console show map ip tos tos Mapping Status Disabled TOS COS 0 0 1 0 2 1 3 0 4 2 5 0 6 0 7 0 8 3 9 0 10 0 11 0 12 0 13 0 14 0 15 0 Console Related Commands map ip tos ...

Page 621: ... traffic based on access lists IP Precedence or DSCP values or VLANs Using access lists allows you select traffic based on Layer 2 Layer 3 or Layer 4 information contained in each packet Command Function Mode class map Creates a class map for a type of traffic GC match Defines the criteria used to classify traffic CM policy map Creates a policy map for multiple interfaces GC class Defines a traffi...

Page 622: ...lass map and enter Policy Map Class configuration mode A policy map can contain multiple class statements 6 Use the set command to modify the QoS value for matching traffic class and use the policer command to monitor the average flow and burst rate and drop any traffic that exceeds the specified rate or just reduce the DSCP service level for traffic exceeding the specified rate 7 Use the service ...

Page 623: ...d Commands show class map match This command defines the criteria used to classify traffic Use the no form to delete the matching criteria Syntax no match access list acl name acl name Name of the access control list Any type of ACL can be specified including standard or extended IP ACLs and MAC ACLs Range 1 16 characters Default Setting None Command Mode Class Map Configuration Command Usage Firs...

Page 624: ... a Class Map before assigning it to a Policy Map Example This example creates a policy called rd_policy uses the class command to specify the previously defined rd_class uses the set command to classify the service that incoming packets will receive and then uses the police command to limit the average bandwidth to 100 000 Kbps the burst rate to 1522 bytes and configure the response to drop any vi...

Page 625: ... the response to drop any violating packets Console config policy map rd_policy Console config pmap class rd_class Console config pmap c set ip dscp 3 Console config pmap c police 100000 1522 exceed action drop Console config pmap c set This command services IP traffic by setting a CoS DSCP or IP Precedence value in a matching packet as specified by the match command on page 4 292 Use the no form ...

Page 626: ...e meters or class maps for each of the following access list types MAC ACL IP ACL including Standard ACL and Extended ACL Policing is based on a token bucket where bucket depth i e the maximum burst before the bucket overflows is by specified the burst byte field and the average rate at which tokens are removed from the bucket is specified by the rate kbps option Example This example creates a pol...

Page 627: ... this interface Range 1 16 characters Default Setting No policy map is attached to an interface Command Mode Interface Configuration Ethernet Port Channel Command Usage You can only assign one policy map to an interface You must first define a class map then define a policy map and finally use the service policy command to bind the policy map to the required interface Example This example applies ...

Page 628: ...match any rd_class 1 Match ip dscp 3 Class Map match any rd_class 2 Match ip precedence 5 Class Map match any rd_class 3 Match vlan 1 Console show policy map This command displays the QoS policy maps which define classification criteria for incoming traffic and may include policers for bandwidth limitations Syntax show policy map policy map name class class map name policy map name Name of the pol...

Page 629: ...p 3 Console show policy map interface This command displays the service policy assigned to the specified interface Syntax show policy map interface interface input interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Command Mode Privileged Exec Example Console show policy map interface ethernet 1 5 Service policy rd_policy input Conso...

Page 630: ...lticast VLAN Registration Configures a single network wide multicast VLAN shared by hosts residing in other standard or private VLAN groups preserving security and data isolation for normal traffic Table 5 84 Multicast Filtering Commands 5 25 1 IGMP Snooping Commands This section describes commands used to configure IGMP snooping on the switch Command Function Mode ip igmp snooping Enables IGMP sn...

Page 631: ...lan id static ip address interface vlan id VLAN ID Range 1 4094 ip address IP address for multicast group interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting None Command Mode Global Configuration Example The following shows how to statically configure a multicast group on a port Console config ip igmp snooping vlan 1 ...

Page 632: ... query interval and ip igmp snooping immediate leave Example The following configures the switch to use IGMP Version 1 Console config ip igmp snooping version 1 Console config ip igmp snooping leave proxy This command enables IGMP leave proxy on the switch Use the no form to disable the feature Syntax no ip igmp snooping leave proxy Default Setting Disabled Command Mode Global Configuration Comman...

Page 633: ... specified timeout period Note that the timeout period is determined by ip igmp snooping query max response time see 4 305 If immediate leave is enabled the switch assumes that only one host is connected to the interface Therefore immediate leave should only be enabled on an interface if it is connected to only one IGMP enabled device eiter a service host or a neighbor running IGMP snooping This c...

Page 634: ... This command shows known multicast addresses Syntax show mac address table multicast vlan vlan id user igmp snooping vlan id VLAN ID 1 to 4094 user Display only the user configured multicast entries igmp snooping Display only entries learned through IGMP snooping Default Setting None Command Mode Privileged Exec Command Usage Member types displayed include IGMP or USER depending on selected optio...

Page 635: ... 5 86 IGMP Query Commands Layer 2 ip igmp snooping querier This command enables the switch as an IGMP querier Use the no form to disable it Syntax no ip igmp snooping querier Default Setting Enabled Command Mode Global Configuration Command Usage IGMP snooping querier is not supported for IGMPv3 snooping see ip igmp snooping version page 4 300 If enabled the switch will serve as querier if elected...

Page 636: ... finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the query count to 10 Console config ip igmp snooping query count 10 Console config Related Commands ip igmp snooping query max response time ip igmp snooping query interval This command configures the query interval Use the no form to restor...

Page 637: ...g an initial value set by this command If the countdown finishes and the client still has not responded then that client is considered to have left the multicast group Example The following shows how to configure the maximum response time to 20 seconds Console config ip igmp snooping query max response time 20 Console config Related Commands ip igmp snooping version ip igmp snooping router port ex...

Page 638: ...he no form to remove the configuration Syntax no ip igmp snooping vlan vlan id mrouter interface vlan id VLAN ID Range 1 4094 interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 Default Setting No static multicast router ports are configured Command Mode Global Configuration Command Usage Depending on your network connections IGMP sno...

Page 639: ...id vlan id VLAN ID Range 1 4094 Default Setting Displays multicast router ports for all configured VLANs Command Mode Privileged Exec Command Usage Multicast router port types displayed include Static or Dynamic Example The following shows that port 11 in VLAN 1 is attached to a multicast router Console show ip igmp snooping mrouter vlan 1 VLAN M cast Router Ports Type 1 Eth 1 11 Static 2 Eth 1 12...

Page 640: ... Displays the IGMP filtering status PE show ip igmp profile Displays IGMP profiles and settings PE show ip igmp throttle interface Displays the IGMP throttling setting for interfaces PE Table 5 88 IGMP Filtering and Throttling Commands ip igmp filter Global Configuration This command globally enables IGMP filtering and throttling on the switch Use the no form to disable the feature Syntax no ip ig...

Page 641: ...lied to many interfaces but only one profile can be assigned to one interface Each profile has only one access mode either permit or deny Example Console config ip igmp profile 19 Console config igmp profile permit deny This command sets the access mode for an IGMP filter profile Use the no form to delete a profile number Syntax permit deny Default Setting Deny Command Mode IGMP Profile Configurat...

Page 642: ...ing None Command Mode IGMP Profile Configuration Command Usage Enter this command multiple times to specify more than one multicast address or address range for a profile Example Console config igmp profile range 239 1 1 1 Console config igmp profile range 239 2 3 1 239 2 3 100 Console config ip igmp profile 19 Console config igmp profile ip igmp filter Interface Configuration This command assigns...

Page 643: ...ber no ip igmp max groups number The maximum number of multicast groups an interface can join at the same time Range 0 64 Default Setting 64 Command Mode Interface Configuration Command Usage IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or rep...

Page 644: ...ace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group Example Console config interface ethernet 1 1 Console config if ip igmp max groups action replace Console config if show ip igmp filter This command displays the global and interface settings for IGMP f...

Page 645: ...ed on the switch Syntax show ip igmp profile profile number profile number An existing IGMP filter profile number Range 1 4294967295 Default Setting None Command Mode Privileged Exec Example Console show ip igmp profile IGMP Profile 19 IGMP Profile 50 Console show ip igmp profile 19 IGMP Profile 19 Deny range 239 1 1 1 239 1 1 1 range 239 2 3 1 239 2 3 100 Console show ip igmp throttle interface T...

Page 646: ...rt channel channel id Range 1 12 Default Setting None Command Mode Privileged Exec Command Usage Using this command without specifying an interface displays all interfaces Multicast Filtering Commands Example Console show ip igmp throttle interface ethernet 1 1 Eth 1 1 Information Status TRUE Action Deny Max Multicast Groups 32 Current Multicast Groups 0 Console ...

Page 647: ...ity or configures an interface as a staticmember of the MVR VLAN IC show mvr Shows information about the global MVR configuration settings theinterfaces attached to the MVR VLAN or the multicast groups assignedto the MVR VLAN PE Table 5 89 Multicast VLAN Registration Commands mvr Global Configuration This command enables Multicast VLAN Registration MVR globally on the switch statically configures ...

Page 648: ...snooping and MVR share a maximum number of 255 groups Any multicast streams received in excess of this limitation will be flooded to all ports in the associated VLAN Example The following example enables MVR globally designates the MVR VLAN as VLAN 1 and configures a range of MVR group addresses Console config mvr Console config mvr vlan 1 Console config mvr group 228 1 23 1 10 Console config mvr ...

Page 649: ...P address range from 224 0 0 0 to 239 255 255 255 is used for multicast streams MVR group addresses cannot fall within the reserved IP multicast address range of 224 0 0 x Immediate leave applies only to receiver ports When enabled the receiver port is immediately removed from the multicast group identified in the leave message When immediate leave is disabled the switch follows the standard rules...

Page 650: ...ax show mvr interface interface members ip address interface ethernet unit port unit Stack unit Range 1 port Port number Range 1 28 port channel channel id Range 1 12 ip address IP address for an MVR multicast group Range 224 0 1 0 239 255 255 255 Default Setting Displays global configuration settings for MVR when no keywords are used Command Mode Privileged Exec Command Usage Enter this command w...

Page 651: ...s information about the interfaces attached to the MVR VLAN Console show mvr interface Port Type Status Immediate Leave eth1 1 SOURCE ACTIVE UP Disable eth1 2 RECEIVER ACTIVE UP Disable eth1 5 RECEIVER INACTIVE DOWN Disable eth1 6 RECEIVER INACTIVE DOWN Disable eth1 7 RECEIVER INACTIVE DOWN Disable Console Field Description Port Shows interfaces attached to the MVR Type Shows the MVR port type Sta...

Page 652: ...CTIVE None 225 0 0 9 INACTIVE None 225 0 0 10 INACTIVE None Console Field Description MVR Group IP Multicast groups assigned to the MVR VLAN Status Shows whether or not the there are active subscribers for this multicast group Note that this field will also display INACTIVE if MVR is globally disabled Members Shows the interfaces with subscribers for multicast services provided through the MVR VLA...

Page 653: ...request packets to another node on thenetwork NE PE Table 5 93 IP Interface Commands ip address This command sets the IP address for the currently selected VLAN interface Use the no form to restore the default IP address Syntax ip address ip address netmask bootp dhcp no ip address ip address IP address netmask Network mask for the associated IP subnet This mask identifies the host address bits us...

Page 654: ...agement VLAN Example In the following example the device is assigned an address in VLAN 1 Console config interface vlan 1 Console config if ip address 192 168 1 5 255 255 255 0 Console config if Related Commands ip dhcp restart ip default gateway This command establishes a static route between this switch and devices that exist on another network segment Use the no form to remove the static route ...

Page 655: ...TP or DHCP server has been moved to a different domain the network portion of the address provided to the client will be based on this new domain Example In the following example the device is reassigned the same address Console config interface vlan 1 Console config if ip address dhcp Console config if end Console ip dhcp restart Console show ip interface IP address and netmask 192 168 1 54 255 2...

Page 656: ...Mode Privileged Exec Example Console show ip redirects IP default gateway 10 1 0 254 Console Related Commands ip default gateway ping This command sends ICMP echo request packets to another node on the network Syntax ping host count count size size host IP address of the host count Number of packets to send Range 1 16 size Number of bytes in a packet Range 32 512 The actual packet size will be eig...

Page 657: ...eachable The gateway for this destination indicates that the destination is unreachable Network or host unreachable The gateway found no corresponding entry in the route table Press Esc to stop pinging IP Interface Commands Example Console ping 10 1 0 9 Type ESC to abort PING to 10 1 0 9 by 5 32 byte payload ICMP packets timeout is 5 seconds response time 10 ms response time 10 ms response time 10...

Page 658: ...ription Layer2 Fast Ethernet Standalone Switch IGSW 2840 System OID String 1 3 6 1 4 1 259 6 10 103 System Information System Up Time 0 days 0 hours 57 minutes and 56 69 seconds System Name R D 5 System Location WC 9 System Contact Ted MAC Address Unit1 00 30 4F 3F D2 4E Web Server Enabled Web Server Port 80 Web Secure Server Enabled Web Secure Server Port 443 Telnet Server Enable Telnet Server Po...

Page 659: ...1 0 0 2 Boot ROM Version 0 0 1 1 Operation Code Version 0 0 3 5 Console Display Bridge Extension Capabilities Console show bridge ext Max Support VLAN Numbers 256 Max Support VLAN ID 4094 Extended Multicast Filtering Services No Static Entry Individual Port Yes VLAN Learning IVL Configurable PVID Tagging Yes Local VLAN Capable No Traffic Classes Enabled Global GVRP Status Disabled GMRP Disabled Co...

Page 660: ... Console config interface vlan 1 Console config if ip address dhcp Console config if end Console config ip dhcp restart Console config show ip interface IP address and netmask 192 168 1 1 255 255 255 0 on VLAN 1 and address mode DHCP Console Sending Simple Mail Transfer Protocol Alerts Console config logging sendmail host 192 168 1 4 Console config logging sendmail level 3 Console config logging s...

Page 661: ... Jan 6 14 56 05 2004 Poll interval 60 Current mode unicast SNTP status Enabled SNTP server 10 1 0 19 137 82 140 80 128 250 36 2 Current server 128 250 36 2 Console Setting the Time Zone SNTP uses Coordinated Universal Time or UTC formerly Greenwich Mean Time or GMT based on the time at the Earth s prime meridian zero degrees longitude To display a time corresponding to your local time you must ind...

Page 662: ...is packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficiency ...

Page 663: ...n or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps wi...

Page 664: ...e full duplex status of the Ethernet Switch If the Ethernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable i...

Page 665: ...When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Co...

Page 666: ...een 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 2 Straight Cable SIDE 1 SIDE2 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown SIDE 2 F...

Page 667: ...ocol that can be used by endstations and switches to register and propagate multicast group membership information in a switched environment such that multicast data frames are propagated only to those parts of a switched LAN containing registered endstations Formerly called Group Address Registration Protocol Group Attribute Registration Protocol See Generic Attribute Registration Protocol Generi...

Page 668: ...rs is elected querier and assumes the responsibility of keeping track of group membership IGMP Snooping Listening to IGMP Query and IGMP Report packets transferred between IP Multicast Routers and IP Multicast host groups to learn IP Multicast group members In Band Management Management of the network from a station attached directly to the network IP Multicast Filtering A process whereby this swi...

Page 669: ...y data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe This allows data on the target port to be studied unobtrusively Port Trunk Defines a network link aggregation and trunking method which specifies how to create a single high speed logical link that combines several lower speed physical links Remote Monitoring RMON RMON provides comprehensi...

Page 670: ...e network Telnet Defines a remote communication facility for interfacing to a terminal device over TCP IP Trivial File Transfer Protocol TFTP A TCP IP protocol commonly used for software downloads Virtual LAN VLAN A Virtual LAN is a collection of network nodes that share the same collision domain regardless of their physical location or connection point in the network A VLAN serves as a logical wo...

Page 671: ...006 EN 61000 3 3 1995 A1 2001 A2 2005 EN55024 1998 A1 2001 A2 2003 IEC 61000 4 2 2001 IEC 61000 4 3 2006 IEC 61000 4 4 2004 IEC 61000 4 5 2006 IEC 61000 4 6 2007 IEC 61000 4 8 2001 IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer Authorized representative established within the EU Authorized representative established within the EU if applicable Company Name Planet ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands