manualshive.com logo in svg

SMC Networks 6624FMST, Management Manual

Share
Download
SMC Networks 6624FMST Management Manual Download Page 150

7-10

Using Passwords, Port Security, and Authorized IP Managers To Protect Against Unauthorized Access     

Configuring and Monitoring Port Security

Usi

ng P

a

sswo

rds,

 P

o

rt

 

Se

c

u

rity,

 a

n

d

 A

u

th

o

riz

e

d

 IP 

b.

Which devices (MAC addresses) are authorized on each port (up to 8 
per port)?

c.

For each port, what security actions do you want? (The switch 
automatically blocks intruders detected on that port from transmit-
ting to the network.) You can configure the switch to (1) send intru-
sion alarms to an SNMP management station and to (2) optionally 
disable the port on which the intrusion was detected.

d.

How do you want to learn of the security violation attempts the switch 
detects? You can use one or more of these methods:

Through network management (That is, do you want an SNMP 
trap sent to a net management station when a port detects a 
security violation attempt?)

Through the switch’s Intrusion Log, available through the CLI, 
menu, and web browser interface

Through the Event Log (in the menu interface or through the CLI 

show log

 command)

2.

Use the CLI or web browser interface to configure port security operating 
and address controls. The following table describes the parameters.

Recommended Port Security Procedures

Before configuring port security, use the switch’s TFTP features to save a 
copy of the configuration. In the event that you later want to remove the 
switch’s port security configuration (including MAC addresses the switch 
has authorized) and reconfigure port security, your task will be easier.

If you want to manually configure the authorized MAC addresses for a 
port (instead of allowing the switch to learn whatever MAC addresses it 
detects first on the port), then prior to configuring the Static learn mode 
on a port, remove the LAN link from the port. This prevents the port from 
automatically learning MAC addresses that you do not want to include in 
the authorized list. After you use the 

port-security <port-list> mac-address 

<mac-addr>

 command to configure the authorized addresses you want in 

the list, reconnect the link.

After you configure the authorized MAC addresses you want on a port, 
execute the 

write memory

 command to make these addresses permanent 

in the switch’s configuration. 

Summary of Contents for 6624FMST

Page 1: ...dules Optional stack module for linking up to 16 units 8 8 Gbps of aggregate switch bandwidth LACP port trunking support Port mirroring for non intrusive analysis Port security Full support for IEEE 802 1Q VLANs with GVRP IP Multicasting with IGMP Snooping Manageable via console Web SNMP RMON TigerStack II 10 100 Management Guide SMC6624M ...

Page 2: ......

Page 3: ...6 Hughes Irvine CA 92618 Phone 949 707 2400 TigerStack II 10 100 Management Guide From SMC s Tiger line of feature rich workgroup LAN solutions October 2001 Pub 150000008200A R01 ...

Page 4: ...ted by implication or otherwise under any patent or patent rights of SMC SMC reserves the right to change specifications at any time without notice Copyright 2001 by SMC Networks Inc 6 Hughes Irvine CA 92618 All rights reserved Printed in Taiwan Trademarks SMC is a registered trademark and EZ Switch TigerStack and TigerSwitch are trademarks of SMC Networks Inc Other product and company names are t...

Page 5: ...n stored on or integrated with any products returned to SMC pursuant to any warranty Products returned to SMC should have any customer installed accessory or add on components such as expansion modules removed prior to returning the product for replacement SMC is not responsible for these items if they are returned with the product Customers must contact SMC for a Return Material Authorization num...

Page 6: ...CTS SO THE ABOVE LIMITATIONS AND EXCLUSIONS MAY NOT APPLY TO YOU THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS WHICH MAY VARY FROM STATE TO STATE NOTHING IN THIS WARRANTY SHALL BE TAKEN TO AFFECT YOUR STATUTORY RIGHTS SMC will provide warranty service for one year following discontinuance from the active SMC price list Under the limited lifetime warranty internal and external power supplies fans a...

Page 7: ...om the Console 2 4 Main Menu Features 2 6 Screen Structure and Navigation 2 8 Rebooting the Switch 2 11 Menu Features List 2 13 Where To Go From Here 2 14 3 Using the Command Line Interface CLI Accessing the CLI 3 1 Using the CLI 3 1 Privilege Levels at Logon 3 2 Privilege Level Operation 3 3 Operator Privileges 3 3 Manager Privileges 3 4 How To Move Between Levels 3 6 Listing Commands and Command...

Page 8: ...pport Mgmt URL Feature 4 10 Support URL 4 10 Status Reporting Features 4 11 The Overview Window 4 11 The Port Utilization and Status Displays 4 12 Port Utilization 4 12 Port Status 4 14 The Alert Log 4 15 Sorting the Alert Log Entries 4 15 Alert Types 4 16 Viewing Detail Views of Alert Log Entries 4 17 The Status Bar 4 17 5 Configuring IP Addressing Time Synchronization Interface Access and System...

Page 9: ...ring TimeP 5 25 CLI Viewing and Configuring TimeP 5 27 SNTP Unicast Time Polling with Multiple SNTP Servers 5 32 Address Prioritization 5 32 Adding and Deleting SNTP Server Addresses 5 33 Menu Interface Operation with Multiple SNTP Server Addresses Configured 5 34 SNTP Messages in the Event Log 5 34 Interface Access Console Serial Link Web and Inbound Telnet 5 35 Menu Modifying the Interface Acces...

Page 10: ...Restrictions 6 25 Trunk Group Operation Using the Trunk Option 6 26 How the Switch Lists Trunk Data 6 27 Outbound Traffic Distribution Across Trunked Links 6 27 7 Using Passwords Port Security and Authorized IP Managers To Protect Against Unauthorized Access Using Password Security 7 2 Menu Setting Manager and Operator Passwords 7 3 CLI Setting Manager and Operator Passwords 7 5 Web Configuring Us...

Page 11: ...ers 7 31 CLI Viewing and Configuring Authorized IP Managers 7 32 Listing the Switch s Current Authorized IP Manager s 7 32 Configuring IP Authorized Managers for the Switch 7 33 Web Configuring IP Authorized Managers 7 34 Building IP Masks 7 34 Configuring One Station Per Authorized Manager IP Entry 7 34 Configuring Multiple Stations Per Authorized Manager IP Entry 7 35 Additional Examples for Aut...

Page 12: ...ch 9 12 Using the Menu To Manage a Candidate Switch 9 14 Using the Commander To Manage The Stack 9 16 Using the Commander To Access Member Switches for Configuration Changes and Monitoring Traffic 9 23 Converting a Commander or Member to a Member of Another Stack 9 24 Monitoring Stack Status 9 25 Using the CLI To View Stack Status and Configure Stacking 9 29 Using the CLI To View Stack Status 9 31...

Page 13: ...9 66 Effect of VLANs on Other Switch Features 9 70 Spanning Tree Protocol Operation with VLANs 9 70 IP Interfaces 9 70 VLAN MAC Addresses 9 71 Port Trunks 9 71 Port Monitoring 9 71 VLAN Restrictions 9 72 Symptoms of Duplicate MAC Addresses in VLAN Environments 9 72 GVRP 9 73 General Operation 9 74 Per Port Options for Handling GVRP Unknown VLANs 9 76 Per Port Options for Dynamic VLAN Advertising a...

Page 14: ...s 9 110 10 Monitoring and Analyzing Switch Operation Status and Counters Data 10 2 Menu Access To Status and Counters 10 3 General System Information 10 4 Menu Access 10 4 CLI Access 10 4 Switch Management Address Information 10 5 Menu Access 10 5 CLI Access 10 5 Port Status 10 6 Menu Displaying Port Status 10 6 CLI Access 10 6 Web Access 10 6 Viewing Port and Trunk Group Statistics 10 7 Menu Acce...

Page 15: ...ted Problems 11 6 Problems Related to Spanning Tree Protocol STP 11 7 Stacking Related Problems 11 7 Timep or Gateway Problems 11 7 VLAN Related Problems 11 8 Using the Event Log To Identify Problem Sources 11 10 Menu Entering and Navigating in the Event Log 11 11 CLI 11 12 Diagnostic Tools 11 13 Ping and Link Tests 11 13 Web Executing Ping or Link Tests 11 14 CLI Ping or Link Tests 11 15 Displayi...

Page 16: ...eshooting TFTP Downloads A 8 Transferring Switch Configurations A 9 B MAC Address Management Determining MAC Addresses B 1 Menu Viewing the Switch s MAC Addresses B 2 CLI Viewing the Port and VLAN MAC Addresses B 3 C Switch Memory and Configuration Overview of Configuration File Management C 1 Using the CLI To Implement Configuration Changes C 3 Using the Menu and Web Browser Interfaces To Impleme...

Page 17: ...interface offering a subset of switch commands through the built in VT 100 ANSI console page 1 2 CLI a command line interface offering the full set of switch commands through the VT 100 ANSI console built into the switch page 1 3 Web browser interface a switch interface offering status information and a subset of switch commands through a standard web browser such as Netscape Navigator or Microsof...

Page 18: ...ack of configured or correct IP address and network downtime do not slow or prevent access Enables Telnet in band access to the menu functionality Allows faster navigation avoiding delays that occur with slower display of graphical objects over a web browser interface Provides more security configuration information and passwords are not seen on the network IP addressing VLANs Security Port and St...

Page 19: ...ommand prompt interfaces Provides help at each level for determining available options and vari ables CLI Usage For information on how to use the CLI refer to chapter 3 Using the Command Line Interface CLI To perform specific procedures such as configuring IP addressing or VLANs use the Contents listing at the front of the manual to locate the information you need To monitor and analyze switch ope...

Page 20: ...face locations of window objects consistent with commonly used browsers uses mouse clicking for navigation no terminal setup Many features have all their fields in one screen so you can view all values at once More visual cues using colors status bars device icons and other graphical objects instead of relying solely on alphanumeric values Display of acceptable ranges of values available in config...

Page 21: ...ad new software system Reboot the switch For a detailed list of menu features see the Menu Features List on page 2 13 Privilege Levels and Password Security SMC strongly recommends that you configure a Manager password to help prevent unauthorized access to your network A Manager password grantsfull read write accessto the switch An Operator password if configured grants access to status and count...

Page 22: ...LI from the Menu interface select Command Line CLI option Starting and Ending a Menu Session You can access the menu interface using any of the following A direct serial connection to the switch s console port as described in the installation guide you received with the switch A Telnet connection to the switch console from a networked PC or the switch s web browser interface Telnet requires that a...

Page 23: ...owing If you are using Telnet go to step 3 If you are using a PC terminal emulator or a terminal press Enter one or more times until a prompt appears 3 When the switch screen appears do one of the following If a password has been configured the password prompt appears Password _ Type the Manager password and press Enter Entering the Manager password gives you manager level access to the switch Ent...

Page 24: ...Default parameter to Menu For more information see the Installation Guide you received with the switch How To End a Menu Session and Exit from the Console The method for ending a menu session and exiting from the console depends on whether during the session you made any changes to the switch configu ration that require a switch reboot to activate Mostchanges need only a Save and do not require a ...

Page 25: ... If you have made configuration changes that require a switch reboot thatis ifan asterisk appears nexttoa configured item or nexttoSwitch Configuration in the Main menu a Return to the Main menu b Press 6 to select Reboot Switch and follow the instructions on the reboot screen Rebooting the switch terminates the menu session and if you are using Telnet disconnects the Telnet session See Rebooting ...

Page 26: ...ss to configuration screens for displaying and changing the current configuration settings See the Con tents listing at the front of this manual For a listing of features and parameters configurable through the menu interface see the Menu Fea tures List on page 2 13 Console Passwords Provides access to the screen used to set or change Manager level and Operator level passwords and to delete Manage...

Page 27: ...terface on page C 8 Download OS Enables you to download a new software version to the switch See appendix A Transferring an Operating System or Configu ration Run Setup Displays the Switch Setup screen for quickly configuring basic switch parameters such as IP addressing default gateway logon default interface spanning tree and others See the Installation Guide shipped with your switch Stacking En...

Page 28: ...hat use forms for data entry When you first enter these screens you see the current configuration for the item you have selected To change the configuration the basic operation is to 1 Press E to select the Edit action 2 Navigate through the screen making all the necessary configuration changes See Table 4 1 on the next page 3 Press Enter to return to the Actions line From there you can save the c...

Page 29: ...nt to change another parameter value return to step 3 6 If you are finished editing parameters in the displayed screen press Enter to return to the Actions line and do one of the following Tosaveandactivate configuration changes press S forthe Save action This saves the changes in the startup configuration and also implements the change in the currently running configuration See appendix C Switch ...

Page 30: ...n each screen Use the arrow keys or v to select an action or data field The help line under the Actions items describes the currently selected action or data field For guidance on how to navigate in a screen Seetheinstructionsprovided at the bottom of the screen or refer to Screen Structure and Navigation on page 2 8 Pressing H or highlighting Help and pressing Enter displays Help for the paramete...

Page 31: ...that require a reboot Resets statistical counters to zero Note that statistical counters can be reset to zero without rebooting the switch To Reboot the switch use the Reboot Switch option in the Main Menu Note that the Reboot Switch option is not available if you log on in Operator mode that is if you enter an Operator password instead of a manager password at the password prompt Figure 4 3 The R...

Page 32: ...e Maximum VLANs to support parameter an asterisk appears next to the VLAN Support entry in the VLAN Menu screen and also next to the the Switch Configuration entry in the Main menu as shown in figure 4 6 Figure 4 4 Indication of a Configuration Change Requiring a Reboot To activate changes indicated by the asterisk go to the Main Menu and select the Reboot Switch option N ot e Executing the write ...

Page 33: ...Information Switch Configuration System Information Port Trunk Settings Network Monitoring Port Spanning Tree Operation IP Configuration SNMP Community Names IP authorized Managers VLAN Menu Console Passwords Event Log Command Line CLI Reboot Switch Download OS Run Setup Stacking Stacking Status This Switch Stacking Status All Stack Configuration Stack Management Available in Stack Commander Only ...

Page 34: ...ment on page 9 2 To view and monitor switch status and counters Chapter 10 Monitoring and Analyzing Switch Operation To learn how to configure and use passwords Using Password Security on page 7 2 To learn how to use the Event Log Using the Event Log To Identify Problem Sources on page 11 10 To learn how the CLI operates Chapter 3 Using the Command Line Interface CLI To download software the OS Ap...

Page 35: ...sole and in the switch s factory default state is the default interface when you start a console session You can access the console out of band by directly connecting a terminal device to the switch or in band by using Telnet either from a terminal device or through the web browser interface Also if you are using the menu interface you can access the CLI by selecting the Command Line CLI option in...

Page 36: ... before using the Save command That is if you use the CLI to make a change to the running config file and then go to the Menu interface and execute a Save command without making a configuration change in the Menu interface the CLI change made to the running config file is not saved to the startup config file You can still save the change by returning to the global configuration level in the CLI an...

Page 37: ...rd does not prevent access to the Manager level by intruders who have the Operator password Pressing the Clear button on the front of the switch removes password protection For this reason it is recommended that you protect the switch from physical access by unauthorized persons If you are concerned about switch security and operation you should install the switch in a secure location such as a lo...

Page 38: ...vides all Operator and Manager level privileges and enables you to make configuration changes to any of the switch s software features The prompt for the Global Configuration level includes the system name and config To select this level enter the config command at the Manager prompt For example SMC6624M _ Enter config at the Manager prompt SMC6624M config _ The Global Config prompt Context Config...

Page 39: ...rator level to the Manager level Move from the CLI interface to the menu interface Exit from the CLI interface and terminate the console session Manager Privilige Manager Level SMC6624M Perform system level actions such as system control monitoring and diagnostic commands plus any of the Operator level commands For a list of available commands enter at the prompt Global Configuration Level SMC6624...

Page 40: ...settingoverridesanyearliersettingsfor thatparameter Change in Levels Example of Prompt Command and Result Operator level to Manager level SMC6624M enable Password _ After you enter enable the Password prompt appears After you enter the Manager password this prompt appears SMC6624M _ Manager level to Global configuration level SMC6624M config SMC6624M config Global configuration level to a Context ...

Page 41: ... s commands plus the commands made available at preceding levels For example at the Operator level you can list and execute only the Operator level commands However at the Manager level you can list and execute the commands available at both the Operator and Manager levels Type To List Available Commands Typing the symbol lists the commands you can execute at the current privilege level For exampl...

Page 42: ...able command options that begin with t For example SMC6624M config t Tab telnet server time trunk telnet SMC6624M config t SMC6624M boot Reboot the device configure Enter the Configuration context copy Copy datafiles to from the switch end Return to the Manager Exec context erase Erase configuration file stored in flash getMIB Retrieve and display the MIB objects specified kill Kill all other acti...

Page 43: ...to join transmission interval integer cr SMC6624M config stack Command Option Displays Conventions for Command Option Displays When you use the CLI to listoptionsfor a particular command youwill see one or more ofthe following conventions to help you interpret the command data Braces indicate a required choice Square brackets indicate optional elements Vertical bars separate alternative mutually e...

Page 44: ...nformation on how to use individual commands Displaying Command List Help You can display a listing of command Help summaries for all commands available at the current privilege level That is when you are at the Operator level you can display the Help summaries only for Operator Level commands At the Manager level you can display the Help summaries for both the Operator and Manager levels and so o...

Page 45: ...he previous context or terminate current session if in the outermost context link test Test the connection to a MAC address on the LAN logout Terminate this console telnet session menu Switch to the menu system ping Send IP Ping requests to a device on the network show Display configuration and status counter information SMC6624M config interface help Usage interface ethernet port list interface e...

Page 46: ...text configuration modes Port or Trunk Group Context Includes port or trunk specific commands that apply only to the selected port s or trunk group plus the global configuration Manager and Operator commands The prompt for this mode includes the identity of the selected port s SMC6624M config interface e 5 help flow control Enable disable flow control on the port speed duplex Define mode of operat...

Page 47: ...packet requesting it to join a VLAN enable Enable port disable Disable port lacp Define whether LACP is enabled on the port and whether it is in active or passive mode when enabled monitor Define that the port is to be monitored interface Enter the Interface Configuration Level or execute one command on that level vlan Add delete edit VLAN configuration or enter a VLAN context boot Reboot the devi...

Page 48: ...onfigures IP parameters for a VLAN monitor Define that the VLAN is to be monitored name Set the VLAN s name tagged Assign ports to current VLAN as tagged forbid Prevents ports from becoming a member of the current VLAN untagged Assign ports to current VLAN as untagged interface Enter the Interface Configuration Level or execute one command on that level vlan Add delete edit VLAN configuration or e...

Page 49: ...e cursor forward one character Ctrl K Deletes from the cursor to the end of the command line Ctrl L or Ctrl R Repeats current command line on a new line Ctrl N or v Enters the next command line in the history buffer Ctrl P or Enters the previous command line in the history buffer Ctrl U or Ctrl X Deletes from the cursor tothe beginning of the command line Ctrl W Deletes the last word typed Esc B M...

Page 50: ...3 16 Using the Command Line Interface CLI CLI Control and Editing Using the Command Line Interface CLI ...

Page 51: ...requirements for using the web browser interface page 4 3 Starting a web browser interface session page 4 4 Tasks for your first web browser interface session page 4 6 Creating usernames and passwords in the web browser interface page 4 7 Description of the web browser interface Overview window and tabs page 4 11 Port Utilization and Status displays page 4 12 Alert Log and Alert types page 4 15 N ...

Page 52: ...LANs and Primary VLAN Port monitoring mirroring System information Enable Disable Multicast Filtering IGMP and Spanning Tree IP Stacking Support URL Switch Security Passwords Authorized IP Managers Port security and Intrusion Log Switch Diagnostics Ping Link Test Device reset Configuration report Switch status Port utilization Port counters Port status Alert log Switch system information listing ...

Page 53: ... Entity and OS Version Minimum Recommended PC Platform 90 MHz Pentium 120 MHz Pentium RAM 16 Mbytes 32 Mbytes Screen Resolution 800 X 600 1 024 x 768 Color Count 256 65 536 Internet Browser English language browser only PCs Netscape Communicator 4 x Microsoft Internet Explorer 4 x UNIX Netscape Navigator 4 5 or later PCs Netscape Communicator4 5or later Microsoft Internet Explorer 5 0 or later UNI...

Page 54: ...plets are enabled for your browser If they are not do one of the following In Netscape 4 03 click on Edit Preferences Advanced then select Enable Java and Enable JavaScript options In Microsoft Internet Explorer 4 x click on View Internet Options Security Custom Settings and scroll to the Java Permissions Then refer to the online Help for specific information on enabling the Java applets 2 Type th...

Page 55: ...sion with the Switch Using the Web Browser Interface Figure 4 1 Example of Status Overview Screen N ot e The above screen appears somewhat different if the switch is configured as a stack Commander For an example see figure 1 3 on page 1 4 Alert Log First Time Install Alert ...

Page 56: ... and Operator passwords Viewing the First Time Install Window When you access the switch s web browser interface for the first time the Alert log contains a First Time Install alert as shown in figure 4 2 This gives you information about first time installations and provides an immediate opportunity to set passwords for security Double click on First Time Install in the Alert log figure 4 1 on pag...

Page 57: ... access the password screen by clicking on the Security tab Creating User Names and Passwords in the Browser Interface You may want to create both a user name and password to create access security for your switch There are two levels of access to the interface that can be controlled by setting user names and passwords Operator An Operator level user name and password allows read only access to mo...

Page 58: ...I characters 3 Click on Apply Changes to activate the user names and passwords N ot e Passwords you assign in the web browser interface will overwrite previous passwords assigned in either the web browser interface the Command Prompt or the switch console That is the most recently assigned passwords are the switch s passwords regardless of which interface was used to assign the string Using the Pa...

Page 59: ...the password window blank Note that the Command Prompt and switch console interfaces use only the password and do not prompt you for the User Name If You Lose a Password If you lose the passwords you can clear them by pressing the Clear button on the front of the switch This action deletes all password and user name protection from all of the switch s interfaces The Clear button is provided for yo...

Page 60: ...s Window Support URL This is the site that the switch accesses when you click on the Support tab on the web browser interface You can enter the URL for a local site that you use for entering reports about network performance or whatever other function you would like to be able to easily access by clicking on the Support tab 3 Enter URL for the support information source you want the switch to acce...

Page 61: ...tus page The Alert log page The Status bar page The Overview Window The Overview Window is the home screen for any entry into the web browser interface The following figure identifies the various parts of the screen Figure 4 6 The Overview Window Port Utiliza tion Graphs page 4 12 Active Tab Active Button Alert Log page 4 15 Port Status Indicators page 4 14 Button Bar Tab Bar Status Bar page 4 17 ...

Page 62: ...affic Non Unicast Pkts Rx All multicast and broadcast traffic received by the port This indicator a gold color on many systems enables you to know at a glance the source of any non unicast traffic that is causing high utilization of the switch For example if one port is receiving heavy broadcast or multicast traffic all ports will become highly utilized By color coding the received broadcast and m...

Page 63: ...zation bar graph shows Click onthebandwidthdisplaycontrolbuttoninthe upperleftcorner of the graph The button shows the current scale setting such as 40 In the resulting menu select the bandwidth scale you want the graph to show 3 10 25 40 75 or 100 as shown in figure 3 7 Note that when viewing activity on a gigabit port you may want to select a lower value such as 3 or 10 This is because the bandw...

Page 64: ...an active network device A cable may not be connected to the port or the device at the other end may be powered off or inoperable or the cable or connected device could be faulty Port Disabled the port has been configured as disabled through the web browser interface the switch console or SNMP network manage ment Port Fault Disabled a fault condition has occurred on the port that has caused it to ...

Page 65: ...cation Date Time The date and time the event was received by the web browser interface This value is shown in the format DD MM YY HH MM SS AM PM for example 16 Sep 99 7 58 44 AM Description A short narrative statement that describes the event For example Excessive CRC Alignment errors on port 8 Sorting the Alert Log Entries The alerts are sorted by default by the Date Time field with the most rece...

Page 66: ...dule Excessive late collisions Late collisions collisions detected after transmitting 64 bytes have been detected on this port Possible causes include An overextended LAN topology Duplex mismatch full duplex configured on one end of the link half duplex configured on the other A misconfigured or faulty device connected to the port High collision or drop rate A large number of collisions or packet ...

Page 67: ...s four management buttons Acknowledge Event removes the New symbol from the log entry Delete Event removes the alert from the Alert Log Cancel Button closes the detail view with no change to the status of the alert and returns you to the Overview screen The Status Bar The Status Bar is displayed in the upper left corner of the web browser interface screen Figure 4 12 shows an expanded view of the ...

Page 68: ...nowledged alert with the current highest severity in the Alert Log appearing in the right portion of the Status Bar In instances where multiple critical alerts have the same severity level only the earliest unacknowledged alert is deployed in the Status bar Product Name The product name of the switch to which you are connected in the current web browser interface session Color Switch Status Status...

Page 69: ... ports on the switch However to enable specific management access and control through your network you will need IP addressing See table 5 1 on page 5 9 Why Configure Time Synchronization Using time synchronization ensures a uniform time among interoperating devices This helps you to manage and troubleshoot switch operation by attaching meaningful time data to event and error messages Why Configur...

Page 70: ... IP Addressing Affects Switch Operation on page 5 8 Default Gateway Operation The default gateway is required when a router is needed for tasks such as reaching off subnet destinations or forward ing traffic across multiple VLANs The gateway value is the IP address of the next hop gateway node for the switch which is used if the requested destina tion address is not on a local subnet VLAN If the s...

Page 71: ...r remove it from the switch N ot e s If multiple VLANs are configured then each VLAN can have its own IP address This is because each VLAN operates as a separate broadcast domain and requires a unique IP address and subnet mask A default gateway IP address for the switch is optional but recommended The primary VLAN is the VLAN used for stacking operation as well as for determining the default gate...

Page 72: ...nection to the switch will be lost You can reconnect by either restarting Telnet with the new IP address or entering the new address as the URL in your web browser IP Addressing in a Stacking Environment Ifyou are installing the switch into a stack managementenvironment entering an IP address may not be required See Stack Management on page 9 2 for more information Menu Configuring IP Address Gate...

Page 73: ...gured 2 Press E for Edit 3 If the switch needs to access a router for example to reach off subnet destinations select the Default Gateway field and enter the IP address of the gateway router 4 If you need to change the packet Time To Live TTL setting select Default TTL and type in a value between 2 and 255 seconds 5 Do one of the following If you want to have the switch retrieve its IP configurati...

Page 74: ...ing command displays the IP addressing for each VLAN configured in the switch If only the DEFAULT_VLAN exists then its IP configuration applies to all ports in the switch Where multiple VLANs are configured the IP addressing is listed per VLAN The display includes switch wide packet time to live and if config ured the switch s default gateway and Timep configuration Syntax show ip For example in t...

Page 75: ...on the switch that is if the only VLAN is the default VLAN then the VLAN ID is always 1 N ot e The default IP address setting for the DEFAULT_VLAN is DHCP Bootp On additional VLANs you create the default IP address setting is Disabled Syntax vlan vlan id ip address ip address mask length or vlan vlan id ip address ip address mask bits or vlan vlan id ip address dhcp bootp This example configures I...

Page 76: ...ion level The TTL range is 2 255 seconds Web Configuring IP Addressing You can use the web browser interface to access IP addressing only if the switch already has an IP address that is reachable through your network 1 Click on the Configuration tab 2 Click on IP Configuration How IP Addressing Affects Switch Operation Without an IP address and subnet mask compatible with your network the switch c...

Page 77: ...tive Networking Features Available with an IP Address and Subnet Mask Direct connect access to the CLI and the menu interface Stacking Candidate or Stack Member DHCP or Bootp support for automatic IP address configuration and DHCP support for automatic Timep server IP address configuration Spanning Tree Protocol Port settings and port trunking Console based status and counters information for moni...

Page 78: ... not receive a reply to its DHCP Bootp requests it continues to periodically send request packets but with decreasing frequency Thus if a DHCP or Bootp server is not available or accessible to the switch when DHCP Bootp is first configured the switch may not immediately receive the desired configuration After verifying that the server has become accessible to the switch reboot the switch to re sta...

Page 79: ...pdate an IP address and subnet mask to the switch or a VLAN configured in the switch would be similar to this entry 6624mswitch ht ether ha 0030c1123456 ip 10 66 77 88 sm 255 255 248 0 gw 10 66 77 1 hn vm rfc1048 An entry in the Bootp table file etc bootptab to tell the switch or VLAN where to obtain a configuration file download would be similar to this entry 6624mswitch ht ether ha 0030c1123456 ...

Page 80: ...t e Designating a primary VLAN other than the default VLAN affects the switch s use of information received via DHCP Bootp For more on this topic see Which VLAN Is Primary on page 9 50 After you reconfigure or reboot the switch with DHCP Bootp enabled in a network providing DHCP Bootp service the switch does the following Receives an IP address and subnet mask and if configured in the server a gat...

Page 81: ... ISP can provide contact one of the following organizations For more information refer to Internetworking with TCP IP Principles Protocols and Architecture by Douglas E Comer Prentice Hall Inc publisher Country Phone Number E Mail URL Company Name Address United States Countries not in Europe or Asia Pacific 1 310 823 9358 icann icann org http www iana org The Internet Corporation for Assigned Nam...

Page 82: ...e from the first SNTP time broadcast detected In this case the SNTP server must be configured to broadcast time updates to the network broadcast address Refer to the documentation provided with your SNTP server application Once the switch detects a partic ular server itignorestime broadcastsfrom other SNTP servers unless the configurable Poll Interval expires three consecutive times without an upd...

Page 83: ...protocol to the other Thus if you select a time protocol the switch uses the parameters you last configured for the selected protocol Note that simply selecting a time synchronization protocol does not enable that protocol on the switch unless you also enable the protocol itself step 2 above For example in the factory default configuration TimeP is the selected time synchronization method However ...

Page 84: ...LI timesync command Unicast Directs the switch to poll a specific server for SNTP time synchronization Requires at least one server address Broadcast Directs the switch to acquire its time synchronization from data broadcast by any SNTP server to the network broadcast address The switch uses the first server detected and ignores any others However if the Poll Interval expires three times without t...

Page 85: ...gure 5 4 The System Information Screen Default Values 2 Press E for Edit The cursor moves to the System Name field 3 Use v to move the cursor to the Time Sync Method field 4 Use the Space bar to select SNTP then press v once to display and move to the SNTP Mode field 5 Do one of the following Use the Space bar to select the Broadcast mode then press v to move the cursor to the Poll Interval field ...

Page 86: ...receding step step ii If you are unsure which version to use SMC recommends leaving this value at the default setting of 3 and testing SNTP operation to determine whether any change is necessary Note Using the menu to enter the IP address for an SNTP server when the switch already has one or more SNTP servers config ured causes the switch to delete the primary SNTP server from the server list and ...

Page 87: ...e if you configured the switch with SNTP as the time synchroni zation method then enabled SNTP in broadcast mode with the default poll interval show sntp lists the following Figure 3 Example of SNTP Configuration When SNTP Is the Selected Time Synchronization Method In the factory default configuration where TimeP is the selected time syn chronizationmethod showsntpstillliststheSNTPconfigurationev...

Page 88: ...cast unicast EnablestheSNTPmode belowand page 5 21 sntp server ip addr Required only for unicast mode page 5 21 sntp poll interval 30 720 Enabling the SNTP mode also enables the SNTP poll interval default 720 seconds page 5 23 Enabling SNTP in Broadcast Mode Becausethe switch providesan SNTP polling interval default 720 seconds you need only these two commands for minimal SNTP broadcast configurat...

Page 89: ...with another To add a second or third server you must use the CLI For more on SNTP operation with multiple servers see SNTP UnicastTime Polling with Multiple SNTP Servers on page 5 32 Syntax timesync sntp Selects SNTP as the time synchronization method sntp unicast Configures the SNTP mode for Unicast operation sntp server ip addr version Specifies the SNTP server The default server version is 3 n...

Page 90: ...e current SNTP server version default 3 Figure 5 7 Example of Configuring SNTP for Unicast Operation If the SNTP server you specify uses SNTP version 4 or later use the sntp server command to specify the correct version number For example suppose you learned that SNTP version 4 was in use on the server you specified above IP address 10 28 227 141 You would use the following commands to delete the ...

Page 91: ...o use the timesync command This halts time synchronization without changing your SNTP configuration Syntax no timesync For example suppose SNTP is running as the switch s time synchronization protocol with Broadcast as the SNTP mode and the factory default polling interval You would halt time synchronization with this command SMC6624M config no timesync If you then viewed the SNTP configuration yo...

Page 92: ... Disabled For example if the switch is running SNTP in Unicast mode with an SNTP server at 10 28 227 141 and a server version of 3 the default no sntp changes the SNTP configuration as shown below and disables time synchronization on the switch Figure 5 10 Example of Disabling Time Synchronization by Disabling the SNTP Mode SMC6624M config no sntp SMC6624M config show sntp SNTP Configuration Time ...

Page 93: ...ne as the time synchronization method Timep Mode Disabled The Default Timep does not operate even if specified by the Menu interface Time Sync Method parameter or the CLI timesync command DHCP When Timep is selected as the time synchronization method the switch attempts to acquire a Timep server IP address via DHCP If the switch receives a server address it polls the server for updates according t...

Page 94: ...ady selected use the Space bar to select TIMEP then press v once to display and move to the TimeP Mode field 5 Do one of the following Use the Space bar to select the DHCP mode then press v to move the cursor to the Poll Interval field and go to step 6 Use the Space bar to select the Manual mode i Press to move the cursor to the Server Address field ii Enter the IP address of the TimeP server you ...

Page 95: ...e new time protocol configuration in both the startup config and running config files CLI Viewing and Configuring TimeP CLI Commands Described in this Section Thissection describeshowto use the CLIto view enable andconfigure TimeP parameters Viewing the Current TimeP Configuration This command lists both the time synchronization method TimeP SNTP or None and the TimeP configuration even if SNTP is...

Page 96: ...gure it for either broadcast or unicast mode Remember that to run TimeP as the switch s time synchronization protocol you must also select TimeP as the time synchronization method by using the CLI timesync command or the Menu interface Time Sync Method parameter Syntax timesync timep Selects TimeP as the time protocol ip timep dhcp manual Enables the selected TimeP mode no ip timep Disables the Ti...

Page 97: ...e configuring TimeP for Manual mode enables TimeP However for manual operation you must also specify the IP address of the TimeP server The switch allows only one TimeP server To enable the TimeP protocol Syntax timesync timep Selects Timep ip timep manual ip addr Activates TimeP in Manual mode with a specified TimeP server no ip timep Disables TimeP SMC6624M config show timep Timep Configuration ...

Page 98: ...iguring Timep for Manual Operation Changing the TimeP Poll Interval This command lets you specify how long the switch waits between time polling intervals The default is 720 minutes and the range is 1 to 9999 minutes This parameter is separate from the poll interval parameter used for SNTP operation Syntax ip timep dhcp interval 1 9999 ip timep manual interval 1 9999 For example to change the poll...

Page 99: ...TimeP prevents the switch from using it as the time synchronization protocol even if it is the selected Time Sync Method option Syntax no ip timep Disables TimeP by changing the TimeP mode configuration to Disabled For example ifthe switch isrunning TimeP inDHCPmode noiptimep changes the TimeP configuration as shown below and disables time synchronization on the switch Figure 5 17 Example of Disab...

Page 100: ...ch tries all servers in the list without success it sends an error message to the Event Log and reschedules to try the address list again after the configured Poll Interval time has expired Address Prioritization If you use the CLI to configure multiple SNTP servers the switch prioritizes them according to the decimal values of their IP addresses That is the switch compares the decimal value of th...

Page 101: ...nfigured on the switch and you want to use the CLI to replace one of the existing addresses with a new one you must delete the unwanted address before you configure the new one Deleting Addresses To delete an address you must use the CLI If there are multiple addresses and you delete one of them the switch re orders the address priority See Address Prioritization on page 5 32 Syntax no sntp server...

Page 102: ...itization on page 5 32 For example suppose the switch already has the following three SNTP server IP addresses configured 10 28 227 141 primary 10 28 227 153 secondary 10 29 227 100 tertiary If you use the Menu interface to add 10 28 227 160 the new prioritized list will be SNTP Messages in the Event Log If an SNTP time change of more than three seconds occurs the switch s event log records the ch...

Page 103: ...an gain additional security using IP authorized managers However if unauthorized access to the switch through in band means Telnet or the web browser interface then you can disallow in band access as described in this section and install the switch in a locked environment Feature Default Menu CLI Web Inactivity Time 0 Minutes disabled page 5 36 page 5 38 Inbound Telnet Access Enabled page 5 36 pag...

Page 104: ...s the Interface Access Parameters 1 From the Main Menu Select 2 Switch Configuration 1 System Information Figure 5 19 The Default Interface Access Parameters Available in the Menu Interface 2 Press E for Edit The cursor moves to the System Name field 3 Use the arrow keys v to move to the parameters you want to change Refer to the online help provided with this screen for further information on con...

Page 105: ...e 5 20 Listing of Show Console Command Reconfigure Inbound Telnet Access In the default configuration inbound Telnet access is enabled Syntax no telnet server To disable inbound Telnet access SMC6624M config no telnet server To re enable inbound Telnet access SMC6624M config telnet server show console below no telnet server below no web management page 5 38 console page 5 38 SMC6624M show console ...

Page 106: ...ense 1200 2400 4800 9600 19200 38400 57600 flow control xon xoff none inactivity timer 0 1 5 10 15 20 30 60 120 events none all non info critical debug N ot e If you change the Baud Rate or Flow Control settings for the switch you should make the corresponding changes in your console access device Oth erwise you may lose connectivity between the switch and your terminal emulatorduetodifferencesbet...

Page 107: ...nactivity timer 10 events critical Command will take effect after saving configuration and reboot SMC6624M config write memory SMC6624M config reload TheswitchimplementstheEventLogchangeimmediately Theswitchimplements the other console changes after executing write memory and reload Configure the individual parameters Save the changes Boot the switch SMC6624M config console baud speed sense Comman...

Page 108: ...ged out deleted Aging out occurs when there has been no traffic from the device belonging to that MAC address for the configured interval Time Zone The number of minutes your time zone location is to the West or East of Coordinated Universal Time formerly GMT The default 0 means no time zone is configured Daylight Time Rule Specifies the daylight savings time rule to apply for your location The de...

Page 109: ... The System Information Configuration Screen Default Values N ot e To help simplify administration it is recommended that you configure System Name to a character string that is meaningful within your system 2 Press E for Edit The cursor moves to the System Name field 3 Refer to the online help provided with this screen for further information on configuration options for these features 4 When you...

Page 110: ...onfigure a plain language identity for the switch Syntax hostname name string snmp server contact system contact location system location Note that no blank spaces are allowed in the variables for these commands For example to name the switch Blue with Ext 3002 as the system contact and North Data Room as the location SMC6624M config hostname Blue Blue config snmp server contact Ext 3002 location ...

Page 111: ...ese commands Set the time zone you want to use Define the daylight time rule for keeping the correct time when daylight saving time shifts occur Syntax time timezone 1440 1440 time daylight time rule none alaska continental us and canada middle europe and portugal southern hemisphere western europe user defined For example this command configures the time zone and daylight time rule for Vancouver ...

Page 112: ...tax time hh mm ss mm dd yy yy For example to set the switch to 3 45 p m on October 1 2000 SMC6624M config time 15 45 10 01 00 N ot e Executing reloadorboot resets the time and date to their default startup values Web Configuring System Parameters In the web browser interface you can enter the following system information System Name System Location System Contact For access to the MAC Age Interval...

Page 113: ... parameters page 6 1 Creating and modifying a dynamic LACP or static port trunk group page 6 9 Port numbers in the status and configuration screens correspond to the port numbers on the front of the switch ViewingPortStatusandConfiguringPort Parameters Port Status and ConfigurationFeatures Feature Default Menu CLI Web viewing port status n a page 6 4 page 6 5 page 6 8 configuring ports 10 100TX En...

Page 114: ... The port s speed and duplex data transfer operation setting 10 100Base T ports Auto default Senses speed and negotiates with the port at the other end of the link for data transfer operation half duplex or full duplex Note Ensure that the device attached to the port is configured for the same setting that you select here Also if Auto is used the device to which the port is connected must operate ...

Page 115: ...ates flow control packets and processes received flow control packets Withtheportmode setto Auto the default and FlowControl enabled the switchnegotiates FlowControl on the indicated port If the port mode is not set to Auto or if Flow Control is disabled on the port then Flow Control is not used Bcast Limit Specifies the theoretical maximumofnetwork bandwidth percentage thatcanbe used forbroadcast...

Page 116: ...View Port Status The menu interface displays the status for ports and if configured a trunk group From the Main Menu select 1 Status and Counters 3 Port Status Figure 6 26 Example of the Port Status Screen Using the Menu To Configure Ports N ot e The menu interface uses the same screen for configuring both individual ports and port trunk groups For information on port trunk groups see Port Trunkin...

Page 117: ...bove parameters press Enter then press S for Save CLI Viewing Port Status and Configuring Port Parameters Port Status and Configuration Commands From the CLI you can configure and view all port parameter settings and view all port status indicators Using the CLI To View Port Status Use the following commands to dis play port status and configuration show interfaces Lists the full status and config...

Page 118: ...0 full 100 half auto 1000 full flow control broadcast limit 0 99 SMC6624M show interfaces Status and Counters Port Status Intrusion Flow Bcast Port Type Alert Enabled Status Mode Ctrl Limit 1 10 100TX No Yes Down 10HDx off 0 2 10 100TX No Yes Down 10HDx off 0 3 10 100TX No Yes Down 10HDx off 0 4 10 100TX No Yes Down 10HDx off 0 5 10 100TX No Yes Down 10HDx off 0 6 10 100TX No Yes Down 10HDx off 0 ...

Page 119: ...t identified or go to the context level for that port and then enter the commands For example to enter the context level for port 7 and then configure that port for 100FDx with a broadcast limit of 20 SMC6624M config int e 7 SMC6624M eth 7 speed duplex 100 full SMC6624M eth 7 broadcast limit 20 If port 8 was disabled and you wanted to enable it and configure it for 100FDx with a broadcast limit of...

Page 120: ...he web browser interface 1 Click on the Configuration tab 2 Click on Port Configuration 3 Select the ports you want to modify and click on Modify Selected Ports 4 After you make the desired changes click on Apply Settings Note that the web browser interface displays an existing port trunk group However to configure a port trunk group you must use the CLI or the menu interface For more on this topi...

Page 121: ...th full duplex operation in a four port trunk group trunking enables the following bandwidth capabilities Table 6 2 Bandwidth Capacity for Trunk Groups Configured for Full Duplex Feature Default Menu CLI Web viewing port trunks n a page 6 15 page 6 17 page 6 22 configuring a static trunk group none page 6 15 page 6 20 configuring a dynamic LACP trunk group LACP passive page 6 21 10 Mbps Links 100 ...

Page 122: ...ty parameters for those ports to the factory default configuration Ca ut ion To avoid broadcast storms or loops in your network while configuring a trunk first disable or disconnect all ports you want to add to or remove from the trunk After you finish configuring the trunk enable or re connect the ports SMC6624M Port Trunk Features and Operation The SMC6624M switch offers these options for port t...

Page 123: ...n to Active on the ports you want to use for the trunk For example the following command sets ports 1 4 to LACP active SMC6624M config int e 1 4 lacp active Note that the above example works if the ports are not already operating in a trunk To change the LACP option on ports already operating as a trunk you must first remove them from the trunk For example if ports 1 4 were LACP active and operati...

Page 124: ...ink is configured for a static LACP trunk You want to configure non default spanning tree STP or IGMP parameters on an LACP trunk group You want an LACP trunk group to operate in a VLAN other than the default VLAN and GVRP is disabled You want to use a monitor port on the switch to monitor an LACP trunk See Trunk Group Operation Using LACP on page 6 23 Trunk non protocol Provides manually configur...

Page 125: ... the trunk to match the trunked port with the highest broadcast limit When a broadcast limit is configured on a trunk removing a port from the trunk sets the broadcast limit for that port to 0 the default LACP is a full duplex protocol See Trunk Group Operation Using LACP on page 6 23 Trunk Configuration All ports in the same trunk group must be the same trunk type LACP or Trunk All LACP ports in ...

Page 126: ...nk Also creating a new trunk automatically places the trunk in IGMP Auto status if IGMP is enabled for the default VLAN A dynamic LACP trunk operates only with the default IGMP settings and does not appear in the IGMP configuration display or show ip igmp listing VLANs Creating a new trunk automatically places the trunk in the DEFAULT_VLAN regardless of whether the ports in the trunk were in anoth...

Page 127: ...s procedure uses the Port Trunk Settings screen to configure a static port trunk group on the switch 1 Follow the procedures in the Important note above 2 From the Main Menu Select 2 Switch Configuration 2 Port Trunk Settings 3 Press E for Edit and then use the arrow keys to access the port trunk parameters Figure 6 4 Example of the Menu Screen for Configuring a Port Trunk Group 4 In the Group col...

Page 128: ...ual LANs Static VLANs on page 9 47 To return a port to a non trunk status keep pressing the Space bar until a blank appears in the highlighted Group value for that port Figure 6 5 Example of the Configuration for a Two Port Trunk Group 6 Move the cursor to the Type column for the selected port and use the Space bar to select the trunk type LACP Trunk the default type if you do not specify a type A...

Page 129: ...g the CLI To View Port Trunks You can list the trunk type and group for all ports on the switch or for selected ports You can also list LACP only status information for LACP configured ports Listing Static Trunk Type and Group for All Ports or Selected Ports Syntax show trunks port list Omitting the port list parameter results in a static trunk data listing for all LAN ports in the switch This exa...

Page 130: ...namic LACP trunking enables you to configure standby links for a trunk by including more than four ports in a dynamic LACP trunk configuration When four ports trunk links are up the remaining link s will be held in standby status If a trunked link that is Up fails it will be replaced by a standby link which maintains your intended bandwidth for the trunk In the next example ports 1 through 5 have ...

Page 131: ...e CLI To Configure Ports on page 6 6 On the SMC6624M you can configure one port trunk group having up to four links with additional standby links if you re using LACP Options include If no trunk group exists you can create a trunk group on the switch If a trunk group already exists on the switch you can add ports to the trunk group or delete ports within the group You can remove a subset of ports ...

Page 132: ...s ports 5 8 to create a non protocol static trunk group SMC6624M config trunk trk1 trunk 5 8 Removing Ports from a Static Trunk Group This command removes one or more ports from an existing Trk1 trunk group Ca ut ion Removing a portfrom a trunk can resultin a loopand cause a broadcaststorm When you remove a port from a trunk where STP is not in use SMC recom mends that you disable the port or disc...

Page 133: ...f Criteria for Automatically Forming a Dynamic LACP Trunk Syntax interface port list lacp active N ot e For port interface commands the command line accepts only one parameter at a time instead of combining several in one command This example uses ports 5 and 6 to enable a dynamic LACP trunk group SMC6624M config interface 5 6 lacp active Switch A withportsset to LACP passive the default Switch B ...

Page 134: ...runk where STP is not in use SMC recommends that you first disconnect the link on that port Syntax no interface port list lacp In this example port 1 belongs to an operating dynamic LACP trunk To remove port1fromthedynamictrunkandreturnittopassiveLACP youwould do the following SMC6624M config no interface 1 lacp SMC6624M config interface 1 lacp passive Note that in the above example if the port on...

Page 135: ...following conditions the switch automatically establishes a dynamic LACP port trunk group The ports on both ends of a link have compatible mode settings speed and duplex The port on one end of a link must be configured for LACP Active and the port on the other end of the same link must be configured for either LACP Passive the default or LACP Active For example Either of the above link configurati...

Page 136: ...igned ports use the CLI show trunk command or display the menu interface Port Trunk Settings screen Static LACP does not allow standby ports LACPPortTrunk Configuration Operation Status Name Meaning Port Numb Shows the physical port number for each port configured for LACP operation 1 2 3 Unlisted port numbers indicate that the missing ports are assigned to a static Trunk group or are not configur...

Page 137: ...xample a port that is not connected to the network or a speed mismatch between a pair of linked ports Disabled The port cannot carry traffic Blocked LACP or STP has blocked the port The port is not in LACP Standby mode This may be due to a trunk negotiation very brief or a configuration error such as differing port speeds on the same link or attempting to connect the SMC6624M to more than one trun...

Page 138: ...w you to configure it for a static or dynamic LACP trunk Dynamic Static LACP Interoperation A port configured for dynamic LACP can properly interoperate with a port configured for static Trk1 LACP but any ports configured as standby LACP links will be ignored Trunk Group Operation Using the Trunk Option This method creates a trunk group that operates independently of specific trunking protocols an...

Page 139: ...k and sends traffic from the same source address to a different destination address through a different link depending on the rotation of path assign ments among the links in the trunk Likewise the switch distributes traffic for the same destination address but from different source addresses through different links Because the amount of traffic coming from or going to various nodes in a network c...

Page 140: ...ifferent source addresses are dis tributed evenly across the links As links are added or deleted the switch redistributes traffic across the trunk group For example in figure 6 11 show ing a three port trunk traffic could be assigned as shown in table 6 8 Figure 6 11 Example of Port Trunked Network Table 6 8 Example of Link Assignments in a Trunk Group SA DA Distribution Source Destination Link No...

Page 141: ... specify on a per port basis which device s are authorized to access the network Authorized IP Managers page 7 28 Enhances security on the switch by using IP addresses and masks to determine which stations PCs or workstations can access the switch through the network This covers access through the following means Telnet The switch s web browser interface SNMP with a correct community name File tra...

Page 142: ...ger and Operator passwords have been set the level of access to the console interface will be determined by which password is entered in response to the prompt Feature Default Menu CLI Web Set a Password no passwords set page 7 3 page 7 5 page 7 6 Set User Names no user names set page 7 6 Delete Password Protection n a page 7 4 page 7 5 page 7 6 Level Actions Permitted Manager Access to all consol...

Page 143: ...sword set with no Operator password and the Manager password is not entered correctly when the console session begins access to the console will be denied If there are both a Manager password and an Operator password but neither is entered correctly access to the console will be denied If the switch has neither a Manager password nor an Operator password anyone having access to the console interfa...

Page 144: ...e session you will be prompted to enter the password To Delete Password Protection Including Recovery from a Lost Password This procedure deletes both passwords Manager and Opera tor If you have physical access to the switch press and hold the Clear button on the front of the switch for a minimum of one second to clear all password protection then enter new passwords as described earlier in this c...

Page 145: ...ommands Used in This Section Configuring Manager and Operator Passwords This procedure prompts you to enter a password twice to help verify that you have correctly entered the desired characters Syntax password manager operator no password To Delete Password Protection Thiscommandpromptsyoutoverifythat you want to clear the passwords then clears both the Manager and the Operator password Figure 7 ...

Page 146: ...y in the menu interface and the CLI they affect only your access to the switch through the web browser interface To Configure or Remove User Names and Passwords in the Web Browser Interface 1 Click on the Security tab Click on Device Passwords 2 Do one of the following To set user name and password protection enter the user names and passwords you want in the appropriate fields To remove user name...

Page 147: ...port is off or continuous That is any device can access a port without causing a security reaction Intruder Protection A port that detects an intruder blocks the intruding device from transmitting to the network through that port General Operation for Port Security On a per port basis you can configure security measuresto block unauthorizeddevices and to sendnotice of security violations Once you ...

Page 148: ...e connected to the port Provides the option for sending an SNMP trap notifying of an attempted security violation to a network management station and optionally disables the port For more on configuring the switch for SNMP management see Trap Receivers and Authentication Traps on page page 8 9 Blocking Unauthorized Traffic Unless you configure the switch to disable a port on which a security viola...

Page 149: ...figured for either Active or Passive LACP and which are not members of a trunk can be configured for port security Planning Port Security 1 Plan your port security configuration and monitoring according to the following a On which ports do you want to configure port security Switch A Port Security Configured Switch B MAC Address Authorized by Switch A PC 1 MAC Address Authorized by Switch A PC 2 M...

Page 150: ...he CLI show log command 2 Use the CLI or web browser interface to configure port security operating and address controls The following table describes the parameters Recommended Port Security Procedures Before configuring port security use the switch s TFTP features to save a copy of the configuration In the event that you later want to remove the switch s port security configuration including MAC...

Page 151: ...how port security page 7 14 CLI Displaying Current Port Security Settings port security page 7 15 CLI Configuring Port Security ethernet port list page 7 15 CLI Configuring Port Security learn mode continuous page 7 16 Adding an Authorized Device to a Port learn mode static page 7 16 Adding an Authorized Device to a Port address limit page 7 16 Adding an Authorized Device to a Port mac address pag...

Page 152: ...lly authorized MAC address to its authorized devices list and the first two additional MAC addresses it detects For example suppose You use mac address to authorize MAC address 0060b0 880a80 for port 4 You use address limit to allow three devices on port 4 and the port detects a series of MAC addresses in the following order 080090 1362f2 00f031 423fc1 080071 0c45a1 0060b0 880a80 the address you a...

Page 153: ...addresses toallow Range 1 the default to 8 Action action none send alarm send disable Specifies whether an SNMP trap is sent to a network management station when Learn Mode is set to static andtheportdetectsanunauthorizeddevice orwhenLearnModeissettocontinuousandthereisanaddress change on a port None the default Prevents an SNMP trap from being sent Send Alarm Causes the switch to send an SNMP tra...

Page 154: ...ty port number show port security port number port number port number Without port parameters show port security displays Operating Control settings for all ports on a switch For example Figure 7 4 Example Port Security Listing Ports 7 and 8 Show the Default Setting Withportnumbersincludedin the command showport securitydisplays Learn Mode Address Limit alarm Action and Authorized Addresses for th...

Page 155: ...e Intrusion flag on specific ports Syntax port security port list learn mode continuous learn mode static address limit integer mac address mac addr mac addr mac addr action none send alarm send disable clear intrusion flag no port security port list mac address mac addr mac addr mac addr For information on the individual control parameters see the Port Security Parameter tables on pages 7 12 and ...

Page 156: ... port SMC6624M config port security 5 learn mode static address limit 2 mac address 00c100 7fec00 0060b0 889e00 action send alarm If you manually configure authorized devices MAC addresses and or an alarm action on a port those settings remain unless you either manually change them or the switch is reset to its factory default configuration You can turn off authorized devices on a port by configur...

Page 157: ...ort back to static mode with the same authorized address es the Inconsistent value message appears because the port already has the address es in its Authorized list If you are adding a device MAC address to a port on which the Authorized Addresses list is already full as controlled by the port s current Address Limit setting then you must increase the Address Limit in order to add the device even...

Page 158: ... page 7 13 Ca ut ion When learn mode is set to static the Address Limit address limit parameter controls how many devices are allowed in the Authorized Addresses mac address for a given port If you remove a MAC address from the Authorized Addresses list without also reducing the Address Limit by 1 the port may subsequently detect and accept as authorized a MAC address that you do not intend to inc...

Page 159: ...he Authorized Address list The following command serves this purpose by removing 0c0090 123456 and reducing the Address Limit to 1 SMC6624M config port security 1 address limit 1 SMC6624M config no port security 1 mac address 0c0090 123456 The above command sequence results in the following configuration for port1 SMC6624M config show port security 1 Port Security Port 1 Learn Mode Static Address ...

Page 160: ...at port in the Intrusion Log until the alert flag for that port has been reset When a security violation occurs on a port configured for Port Security the switch responds in the following ways to notify you The switch sets an alert flag for that port This flag remains set until You use either the CLI menu interface or web browser interface to reset the flag The switch is reset to its factory defau...

Page 161: ... two or more entries for port 1 only the most recent entry has not been acknowledged by resetting the alert flag The other entries give you a history of past intrusions detected on port 1 Figure 7 6 Example of Multiple Intrusion Log Entries for the Same Port The log shows the most recent intrusion at the top of the listing You cannot delete Intrusion Log entries unless you reset the switch to its ...

Page 162: ...tails and the reset function in the Intrusion Log screen 1 From the Main Menu select 1 Status and Counters 3 Port Status Figure 7 7 Example of Port Status Screen with Intrusion Alert on Port 3 2 Type I Intrusion log to display the Intrusion Log Figure 7 8 Example of the Intrusion Log Display The Intrusion Alert column shows Yes for any port on whicha security violation has been detected System Tim...

Page 163: ...usion entry on port 3 and enable the switch to enter a subsequently detected intrusion on this port type R for Reset alertflags Note that if there are unacknowledged intrusions on two or more ports this step resets the alert flags for all such ports If you then re display the port status screen you will see that the Intrusion Alert entry for port 3 has changed to No That is your evidence that the ...

Page 164: ...play If you wanted to see the details of the intrusion you would then enter the show intrusion log command For example Figure 7 10 Example of the Intrusion Log with Multiple Entries for the Same Port The above example shows three intrusions for port 1 Since the switch can show only one uncleared intrusion per port the older two intrusions in this example have already been cleared by earlier use of...

Page 165: ...idence that the Intrusion Alert flag has been reset is the Intrusion Alert column in the port status display no longer shows Yes for the port on which the intrusion occurred port 1 in this example Executing show intrusion log again will result in the same display as above SMC6624M config port security 1 clear intrusion flag SMC6624M config show interface Figure 7 11 Example of Port Status Screen A...

Page 166: ...has not been cleared c To clear the current alert flags click on Reset Alert Flags Operating Notes for Port Security Identifying the IP Address of an Intruder The Intrusion Log lists detected intruders by MAC address If you are using EliteView to manage your network you can use reports to link MAC addresses to their corresponding IP addresses Proxy Web Servers If you are using the switch s web bro...

Page 167: ...ress and interprets your connection as unauthorized Prior To Entries in the Intrusion Log If you reset the switch using the Reset button Device Reset or Reboot Switch the Intrusion Log will list the time of all currently logged intrusions as prior to the time of the reset Alert Flag Status for Entries Forced Off of the Intrusion Log If the Intrusion Log is full of entries for which the alert flags...

Page 168: ... addresses where each address applies to either a single management station or a group of stations Manager or Operator access level N ot e This feature does not protect access to the switch through a modem or direct connection to the Console RS 232 port Also if the IP address assigned to an authorized management station is configured in another station the other station can gain management access ...

Page 169: ...r IP column and leave the IP Mask set to 255 255 255 255 This is the easiest way to use the Authorized Managers feature For more on this topic see Configuring One Station Per Authorized Manager IP Entry on page 7 34 Authorizing Multiple Stations The table entry uses the IP Mask to authorize access to the switch from a defined group of stations This is useful if you want to easily authorize several...

Page 170: ...ed Manager IP parameter to specify ranges of authorized IP addresses For example a mask of 255 255 255 0 and any value for the Authorized Manager IP parameter allows a range of 0 through 255 in the 4th octet of the authorized IP address which enables a block of up to 254 IP addresses for IP management access excluding 0 for the network and 255 for broadcasts A mask of 255 255 255 252 uses the 4th ...

Page 171: ... 13 Example of How To Add an Authorized Manager Entry Figure 7 14 Example of How To Add an Authorized Manager Entry Continued 1 Select Add to add an authorized manager to the list 5 Press Enter then S for Save to configure the IP Authorized Manager entry 4 Use the Space bar to select Manager or Operator access 3 Use the default mask to allow access by one management device or edit the mask to allo...

Page 172: ... Manager Display The above example shows an Authorized IP Manager List that allows stations to access the switch as shown below show ip authorized managers below ip authorized managers page 7 33 To Authorize Manager Access page 7 33 To Edit an Existing Manager Access Entry page 7 34 To Delete an Authorized Manager Entry ip address mask mask bits operator manager SMC6624M config show ip authorized ...

Page 173: ... authorized manager the switch automatically uses 255 255 255 255 for the mask If you do not specify either Manager or Operator access the switch automatically assigns the Manager access For example SMC6624M2 config ip authorized managers 10 28 227 105 The result of entering the above example is Authorized Station IP Address 10 28 227 105 IP Mask 255 255 255 255 which authorizes only the specified...

Page 174: ...r Delete an IP Authorized Manager address 1 Click on the Security tab 2 Click on Authorized Addresses 3 Enter the appropriate parameter settings for the operation you want 4 Click on Add Replace or Delete to implement the configuration change Building IP Masks The IP Mask parameter controls how the switch uses an Authorized Manager IP value to recognize the IP addresses of authorized manager stati...

Page 175: ...he Authorized Manager IP list Conversely if a bit in an octet of the mask is off set to 0 then the corresponding bit in the IP address of a potentially authorized station on the network does not have to match its counterpart in the IP address you entered in the Authorized Manager IP list Thus in the example shown above a 255 in an IP Mask octet all bits in the octet are on means only one value is ...

Page 176: ...ly bits 1 and 2 of the 4th octet are variable Any value that matches the authorized IP address settings for the fixed bits is allowed for the purposes ofIP management station access to the switch Thus any managementstation having an IPaddress of10 28 227 121 123 125 or 127 can access the switch Authorized IP Address 10 28 227 125 4th Octet of IP Mask 4th Octet of Authorized IP Address 249 5 Bit Nu...

Page 177: ...station and the switch This is because switch access through a web proxy server requires thatyou first addthe web proxy server to theAuthorizedManager IP list This reduces security by opening switch access to anyone who uses the web proxy server The following two options outline how to eliminate a web proxy server from the path between a station and the switch Even if you need proxy server access ...

Page 178: ...7 38 Using Passwords Port Security and Authorized IP Managers To Protect Against Unauthorized Access Using IP Authorized Managers Using Passwords Port Security and Authorized IP ...

Page 179: ...is tools For more on EliteView see the SMC website at http www smc com This chapter includes An overview of SNMP management for the switch Configuring the SMC6624M switch for SNMP management SNMP Communities Trap Receivers and Authentication Traps Information on advanced management through RMON support To implement SNMP management you must either configure the switch with an appropriate IP address...

Page 180: ... dot1dStp Ethernet MAU MIB RFC 1515 dot3IfMauBasicGroup Interfaces Evolution MIB RFC 1573 ifGeneralGroup ifRcvAddressGroup ifStackGroup RMON MIB RFC 1757 etherstats events alarms and history SNMP MIB II RFC 1213 system interfaces at ip icmp tcp udp snmp Entity MIB RFC 2037 SMC Proprietary MIBs include Statistics for message and packet buffers tcp telnet and timep netswtst mib Port counters forward...

Page 181: ...ccess to the preceding features are 1 From the Main menu select 2 Switch Configuration 6 SNMP Community Names 2 Configure the appropriate SNMP communities The public community exists by default and is used by network management applications For more on configuring SNMP communities see Menu Viewing and Config uring SNMP Communities on page 8 5 3 Configure the appropriate trap receivers For more on ...

Page 182: ...he Switch Ca ut ion Deleting the community named public disables many network management functions such as auto discovery traffic monitoring SNMP trap generation and threshold setting If security for network management is a concern it is recommended that you change the write access for the public community to Restricted ...

Page 183: ...s network man agement applications such as auto discovery traffic monitoring SNMP trap generation and threshold setting from operating in the switch Changing or deleting the public name also generates an Event Log message If security for network management is a concern it is recommended that you change the write access for the public community to Restricted Menu Viewing and Configuring SNMP Commun...

Page 184: ...rameter fields 3 Enter the name you want in the Community Name field and use the Space bar to select the appropriate value in each of the other fields Use the Tab key to move from one field to the next 4 Press Enter then S for Save Add and Edit options are used to modify the SNMP options See figure 8 2 Note This screen gives an overview of the SNMP communities that are currently configured All fie...

Page 185: ... community named red team Figure 8 3 Example of the SNMP Community Listing with Two Communities To list the data for only one community such as the public community use the above command with the community name included For example show snmp server community string below snmp server page 8 8 contact contact str page 8 8 location location str page 8 8 community community str page 8 8 host community...

Page 186: ...ver contact Site LANExt 449 location Level 2 North Configuring Community Names and Values If you enter a community name without an operator or manager designation the switch automatically assigns the community to Operator for the MIB view Also if you do not specify restricted or unrestricted for the read write MIB access the switch automatically restricts the community to read access for the MIB A...

Page 187: ...ame these traps will be lost Thresholds The switch automatically sends all messages resulting from thresholds to the network management station s that set the thresholds regardless of the trap receiver configuration In the default configuration there are no trap receivers configured and the authentication trap feature is disabled From the CLI you can configure up to ten SNMP trap receivers to rece...

Page 188: ... configured to send SNMP traps to management stations belonging to the public red team and blue team communities Figure 8 4 Example of Show SNMP Server Listing show snmp server below snmp server host ip addr community name none all non info critical debug page 8 11 snmp server enable traps authentication page 8 11 SMC6624M config show snmp server SNMP Communities Community Name MIB View Write Acce...

Page 189: ...130 to receive only critical log messages SMC6624M config snmp server trap receiver red team 10 28 227 130 critical N ot e If you do not specify the event level none all non info critical debug then the switch will not send event log messages as traps Well Known traps and threshold traps if configured will still be sent Using the CLI To Enable Authentication Traps If this feature is enabled an aut...

Page 190: ...and optimizing your network RMON The following RMON groups are supported EthernetStatistics exceptthe numbersofpacketsofdifferentframe sizes Alarm History of the supported Ethernet statistics Event The RMON agent automatically runs in the switch Use the RMON manage ment station on your network to enable or disable specific RMON traps and events Note that you can access the Ethernet statistics Alar...

Page 191: ... IP Multicast IGMP Page 9 87 Use the switch to reduce unnecessary bandwidthusage on a per portbasis by configuring IGMP controls Spanning Tree Protocol STP Page 9 102 Use STP to automati cally block loops in your network by ensuring that there is only one active path at a time between any two nodes on the network For general information on how to use the switch s built in interfaces see Chapter 2 ...

Page 192: ...a page 9 32 view status of all stacking enabled switches in the ip subnet n a page 9 32 configure stacking enable disable candidate Auto Join enabled Yes page 9 15 page 9 37 push a candidate into a stack n a page 9 15 page 9 38 configure aswitch to be a commander n a page 9 12 page 9 33 push a member into another stack n a page 9 24 page 9 39 remove a member from a stack n a page 9 21 page 9 40 or...

Page 193: ...ng closets while scaling your network to handle increased bandwidth demand Eliminate any specialized cables for stacking connectivity and remove thedistancebarriersthattypicallylimityourtopologyoptions when using other stacking technologies Add SMC6624M switches to your network without having to first perform IP addressing tasks ...

Page 194: ...s and the Commander s Manager password controls access to all stack Members Stack Consists of a Commander switch and any Member switches belonging to that Commander s stack Commander A switch that has been manually configured as the controlling device for a stack When this occurs the switch s stacking configuration appears as Commander Candidate A switch that is ready to join become a Member of a ...

Page 195: ...work A stack requires one Commander switch Only one Commander allowed per stack All switches in a particular stack must be in the same IP subnet broadcast domain A stack cannot cross a router A stack accepts up to 16 switches numbered 0 15 including the Commander always numbered 0 There is no limit on the number of stacks in the same IP subnet broadcast domain however a switch can belong to only o...

Page 196: ... an assigned IP address and mask for access via the network Stack Name Required Only one Commander switch is allowed per stack The Commander s Manager and Operator passwords are assigned to any switch becoming a Member of the stack If you change the Commander s passwords the Commander propagates the new passwords to all stack Members StandardSNMPcommunity operation The Commander also operates as a...

Page 197: ...efault configuration is the default VLAN If the primary VLAN is tagged then each switch in the stack must use the same VLAN ID VID for the primary VLAN See Which VLANIsPrimary on page 9 50 and Stacking Operation with Multiple VLANs Configured on page 9 44 Member IP Addr Optional Configuring an IP address allows access via Telnet or web browser interface without going through theCommanderswitch Thi...

Page 198: ...efault configuration a Candidate joins only when manually pulled by a Commander You can reconfigure a Commander to automatically pull in Candidates that are in the default stacking configura tion You can also reconfigure a Candidate switch to either push itself into a particular Commander s stack convert the Candidate to a Commander for a stack that does not already have a Commander or to operate ...

Page 199: ...utomatically becomes a stack Member Defaultstacking configuration StackState setto Candidate andAutoJoin set to Yes Same subnet broadcast domain and default VLAN as the Commander If VLANs are used in the stack environment see Stacking Operation with a Tagged VLAN on page 9 44 No Manager password 14 or fewer stack members at the moment Join Method1 Commander IP Addressing Required Candidate IP Addr...

Page 200: ...igure 9 4 Use of System Name to Help Identify Individual Switches 2 Configure the Commander switch Doing this first helps to establish consistency in your stack configuration which can help prevent startup problems AstackrequiresoneCommanderswitch Ifyouplantoimplement more than one stack in a subnet broadcast domain the easiest way to avoid unintentionally adding a Candidate to the wrong stack is ...

Page 201: ...e stacking environment you must use the default VLAN for stacking links For more information see Stacking Operation with a Tagged VLAN on page 9 44 6 Ensure that all switches intended for the stack are connected to the same subnet broadcast domain As soon as you connect the Commander it will begin discovering the available Candidates in the subnet If you configured the Commander to automatically a...

Page 202: ...g Using the Menu Interface To View and Configure a Commander Switch 1 Configure an IP address and subnet mask on the Commander switch See IP Configuration on page 5 2 2 Display the Stacking Menu by selecting Stacking in the Main Menu Figure 9 5 The Default Stacking Menu 3 Display the Stack Configuration menu by pressing to select Stack Configuration ...

Page 203: ...the Space bar to select the Commander option 5 Press the downarrow key to display the Commander configuration fields in the Stack Configuration screen Figure 9 7 The Default Commander Configuration in the Stack Configuration Screen 6 Enter a unique stack name up to 15 characters no spaces and press the downarrow key 7 Ensure that the Commander has the desired Auto Grab setting then press the downa...

Page 204: ...u Your Commander switch should now be ready to automatically or manually acquire Member switches from the list of discovered Candidates depending on your configuration choices Using the Menu To Manage a Candidate Switch Using the menu interface you can perform these actions on a Candidate switch Add push the Candidate into an existing stack Modify the Candidate s stacking configuration Auto Join a...

Page 205: ... IP address Other wise use a direct connection from a terminal device to the switch s console port 1 Display the Stacking Menu by selecting Stacking in the console Main Menu 2 Display the Stack Configuration menu by pressing 3 to select Stack Configuration Figure 9 8 The Default Stack Configuration Screen 3 Move the cursor to the Stack State field by pressing E for Edit Parameter Default Setting O...

Page 206: ...e new value in the range of 1 to 300 seconds Note All switches in the stack must be set to the same transmis sion interval to help ensure proper stacking operation SMC recommends that you leave this parameter set to the default 60 seconds Then go to step 5 5 press Enter to return the cursor to the Actions line 6 Press S for Save to save your configuration changes and return to the Stacking menu Us...

Page 207: ...rameter resets to No so that it will not immediately rejoin a stack from which it has just departed A Manager password is set in the Candidate The stack is full Unless the stack is already full you can use the Stack Management screen to manually convert a Candidate to a Member If the Candidate has a Manager password you will need to use it to make the Candidate a Member of the stack 1 To add a Mem...

Page 208: ... press the downarrow key to move the cursor to the Candidate Password field then type the password If the desired Candidate does not have a password go to step 6 6 Press Enter to return to the Actions line then press S for Save to complete the Add process for the selected Candidate You will then see a screen similar to the one in figure 9 11 below with the newly added Member listed Note If the mes...

Page 209: ...n page 9 44 This procedure is nearly identical to manually adding a Candidate to a stack page 9 17 If the stack from which you want to move the Member has a Manager password you will need to know the password to make the move 1 To move a Member from one stack to another go to the Main Menu of the Commander in the destination stack and display the Stacking Menu by selecting 9 Stacking 2 To learn or...

Page 210: ... see a screen listing any available candidates See figure 9 10 on page 9 18 Note that you will not see the switch you want to add because it is a Member of another stack and not a Candidate 6 Either accept the displayed switch number or enter another available number The range is 0 15 with 0 reserved for the Commander 7 Use the downarrow key to move the cursor to the MAC Address field then type th...

Page 211: ...ss of the destination stack Commander in the Member s Commander MAC Address field Using this method moves the Member to another stack without a need for knowing the Manager password in that stack but also blocks access to the Member from the original Commander Using the Commander s Menu To Remove a Stack Member These rules affect removals from a stack When a Candidate becomes a Member its Auto Joi...

Page 212: ...ample of Selecting a Member for Removal from the Stack 3 Type D for Delete to remove the selected Member from the stack You will then see the following prompt Figure 9 15 The Prompt for Completing the Deletion of a Member from the Stack 4 To continue deleting the selected Member press the Space bar once to select Yes for the prompt then press Enter to complete the deletion The Stack Management scr...

Page 213: ...u would do through a Telnet or direct connect access 1 From the Main Menu select 9 Stacking 5 Stack Access You will then see the Stack Access screen Figure 9 16 Example of the Stack Access Screen Use the downarrow key to select the stack Member you want to access then press X foreXecute todisplaytheconsoleinterfacefortheselected Member Forexample ifyou selected switchnumber 1 systemname CoralSea i...

Page 214: ...ress 0 for Logout then Y for Yes c Press Return You should now see the Commander s Stack Access screen For an example see figure 9 16 on page 9 23 Converting a Commander or Member to a Member of Another Stack When moving a commander the following procedure returns the stack mem bers to Candidate status with Auto Join set to No and converts the stack Commander to a Member of another stack When movi...

Page 215: ...our stack environment see Stacking Operation with a Tagged VLAN on page 9 44 This can help you in such ways as determining the stacking configuration for individual switches identifying stack Members and Candidates and determining the status of individual switches in a stack See table 9 5 on page 9 25 Table 9 5 Stack Status Environments Screen Name Commander Member Candidate Stack Status This Swit...

Page 216: ...9 Stacking 2 Stacking Status All You will then see a Stacking Status screen similar to the following Figure 9 18 Example of Stacking Status for All Detected Switches Configured for Stacking Viewing Commander Status This procedure displays the Commander and stack configuration plus information identifying each stack member To display the status for a Commander go to the console Main Menu for the sw...

Page 217: ...address and MAC address To display the status for a Member 1 Go to the console Main Menu of the Commander switch and select 9 Stacking 5 Stack Access 2 Use the downarrow key to select the Member switch whose status you want to view then press X for eXecute You will then see the Main Menu for the selected Member switch 3 In the Member s Main Menu screen select 9 Stacking 1 Stacking Status This Swit...

Page 218: ...date s stacking configuration To display the status for a Candidate 1 Use Telnet if the Candidate has a valid IP address for your network or a direct serial port connection to access the menu interface Main Menu for the Candidate switch and select 9 Stacking 1 Stacking Status This Switch You will then see the Candidate s Stacking Status screen Figure 9 21 Example of a Candidate s Stacking Screen ...

Page 219: ...vidual status all Lists all stack Commanders Members and Candidates with their individual status no stack Any Stacking Capable Switch Enables or disables stacking on the switch Default Stacking Enabled no stackcommander stackname Candidate or Commander Converts a Candidate to a Commander or changes the stack name of an existing commander No form eliminates named stack and returns Commander and sta...

Page 220: ...the list of SN assignments for a stack execute the show stack command in the Commander s CLI no stack join mac addr Candidate Causes the Candidate to join the stack whose Commander has the indicated MAC address No formis used ina Memberto remove it fromthestack of the Commander having the specified address Member Pushes the member to another stack whose Commander has the indicated MAC address no s...

Page 221: ...List the Stacking Configuration for an Individual Switch Viewing the Status of Candidates the Commander Has Detected This example illustrates how to list stack candidates the Commander has discovered in the ip subnet broadcast domain Syntax show stack candidates Figure 9 23 Example of Using the Show Stack Candidates Command To List Candidates Big_Waters 0 config show stack Stacking Stacking Status...

Page 222: ... the Status of the Commander and Current Members of the Commander s Stack The next example lists all switches in the stack of the selected switch Syntax show stack view Figure 9 25 Example of the Show Stack View Command To List the Stack Assigned to the Selected Commander SMC6624M config show stack all Stacking Stacking Status All Stack Name MAC Address System Name Status Big_Waters 0030c1 7fcc40 ...

Page 223: ...s in order for stacking to operate properly For more on the primary VLAN see Which VLAN Is Primary on page 9 50 2 Configure a Manager password on the switch intended for commander The Commander s Manager password controls access to stack Mem bers For more on passwords see chapter 7 Using Passwords Port Security and Authorized Managers To Protect Against Unauthorized Access Configure the Stack Comm...

Page 224: ...stack commander stack name Suppose for example that an SMC6624M named Bering Sea is a Member of a stack named Big_Waters To use the switch s CLI to convert it from a stack Member to the Commander of a new stack named Lakes you would use the following commands SMC6624M config show stack Stacking Stacking Status This Switch Stack State Commander Transmission Interval 60 Stack Name Big_Waters Number ...

Page 225: ...ive you manual control over which switches join the stack and when they join This prevents the Commander from automatically trying to add every Candidate it finds that has Auto Join set to Yes the default for the Candidate If you want any eligible Candidate to automatically join the stack when the Commander discovers it configure Auto Grab in the Commander to Yes When you do so any Candidate disco...

Page 226: ...ure 9 29 Example of How To Determine MAC Addresses of Discovered Candidates Knowing the available switch numbers SNs and Candidate MAC addresses you can proceed to manually assign a Candidate to be a Member of the stack Syntax stack member switch number mac address mac addr password password str Note When manually adding a switch you must assign an SN However if the Commander automatically adds a ...

Page 227: ...u want to prevent automatic joining in this case There is also the instance where a Candidate s Auto Join is disabled for example when a Commander leaves a stack and its members automatically return to Candidate status or if you manually remove a Member from a stack In this case you may want to reset Auto Join to Yes Status no stack auto join SMC6624M config no stack auto join Disables Auto Join o...

Page 228: ...ork You could Telnet to the Candidate use showstackall to determine the Commander s MAC address and then push the Candidate into the desired stack Figure 9 31 Example of Pushing a Candidate Into a Stack To verify that the Candidate successfully joined the stack execute show stack all again to view the stacking status Using the Destination Commander CLI To Pull a Member from Another Stack This meth...

Page 229: ...Candidate a password is not needed in this example You could then use show stack all again to verify that the move took place Using a Member CLI To Push the Member into Another Stack You can use the Member s CLI to push an SMC6624M stack Member into a destination stack if you know the MAC address of the destination Commander Syntax stack join mac addr where mac addr is the MAC address of the Comma...

Page 230: ...ember N ot e When you remove a Member from a stack the Member s Auto Join parameter is set to No Using the Commander CLI To Remove a Stack Member This option requires the switch number SN and the MAC address of the switch to remove Because the Commander propagates its Manager password to all stack members knowing the Manager password is necessary only for gaining access to the Commander Syntax no ...

Page 231: ...ress Using the Member s CLI To Remove the Member from a Stack Syntax no stack join mac addr To use this method you need the Commander s MAC address which is available using the show stack command in the Member s CLI For example Figure 9 35 Example of How To Identify the Commander s MAC Address from a Member Switch Remove this Member from the stack SMC6624M config show stack view Stack Members SN M...

Page 232: ... stack view command in the Commander s CLI For example suppose that you wanted to configure a port trunk on the switch named North Sea in the stack named Big_Waters Do do so you would go to the CLI for the Big_Waters Commander and execute show stack view to find the switch number for the North Sea switch Figure 9 36 Example of a Stack Showing Switch Number SN Assignments To access the North Sea co...

Page 233: ...use the gray community is only on switch 3 you could not use the Commander IP address for gray community access from the management station Instead you would access switch 3 directly using the switch s own IP address For example snmpget MIB variable 10 31 29 15 gray Commander Switch IP Addr 12 31 29 100 Community Names blue red Member Switch 2 IP Addr None Community Names none Member Switch 3 IP A...

Page 234: ...able stacking on the switch before it can become a Candidate Member or Commander Disabling a Member Removes the Member from the stack and changes it to a stand alone nonstacking switch You must re enable stacking on the switch before it can become a Candidate Member or Commander Disabling a Candidate Changes the Candidate to a stand alone non stacking switch Syntax no stack Disables stacking on th...

Page 235: ...acked switch Web Viewing and Configuring Stacking Figure 9 38 Example of the Web Browser Interface for a Commander The web browser interface for a Commander appears as shown above The interface for Members and Candidates appears the same as for a non stacking SMC6624M switch To view or configure stacking on the web browser interface 1 Click on the Configuration tab 2 Click on Stacking to display t...

Page 236: ... the stack Commander Down Member has lost connectivity to its Commander Check connectivity between the Commander and the Member Commander Up The Member has stacking connectivity with the Commander None required Mismatch This may be a temporary condition while a Candidate is trying to join a stack If the Candidate does not join then stack configuration is inconsistent Initially waitforanupdate Ifco...

Page 237: ... and allows up to 30 port based VLANs default 8 For information on GVRP see GVRP on page 9 73 The 802 1Q compatibility enables you to assign each switch port to multiple VLANs if needed and the port based nature of the configuration allows interoperation with older switches that require a separate port for each VLAN General Use and Operation Port based VLANs are typically used to enable broadcast ...

Page 238: ... 1 and 8 Figure 9 39 Example of Routing Between VLANs via an External Router Overlapping Tagged VLANs A port on the SMC6624M switch can be a member ofmore than one VLAN ifthe device towhich itisconnected complies with the 802 1Q VLAN standard For example a port connected to a central server using a network interface card NIC that complies with the 802 1Q standard can be a member of multiple VLANs ...

Page 239: ...e Link Introducing Tagged VLAN Technology into Networks Running Legacy Untagged VLANs You can introduce 802 1Q compliant devices into net works that have built untagged VLANs based on earlier VLAN technology The fundamental rule is that legacy untagged VLANs require a separate link for each VLAN while 802 1Q or tagged VLANs can combine several VLANs in one link This means that on the 802 1Q compli...

Page 240: ..._VLAN This places all ports in the switch into one physical broadcast domain In the factory default state the default VLAN is the primary VLAN You can partition the switch into multiple virtual broadcast domains by adding one or more additional VLANs and moving ports from the default VLAN to the new VLANs The switch supports up to 30 VLANs You can change the name of the default VLAN but you cannot...

Page 241: ...ult VLAN continues to operate as a standard VLAN except as noted above you cannot delete it or change its VID Any ports not specifically assigned to another VLAN will remain assigned to the Default VLAN regardless of whether it is the primary VLAN When TimeP is enabled and configured for DHCP operation the switch learns of TimeP servers from DHCP and Bootp packets received on the primary VLAN Cand...

Page 242: ...Effect on Port Participation in Designated VLAN Tagged Allows the port to join multiple VLANs Untagged Allows VLAN connection to a device that is configured for an untagged VLAN instead of a tagged VLAN The switch allows no more than one untagged VLAN assignment per port No or Auto No Appears when the switch is not GVRP enabled prevents the port from joining that VLAN Auto Appears when GVRP is ena...

Page 243: ...VLAN 3 Assign the desired switch ports to the new VLAN s 4 If you are managing VLANs with SNMP in an IP network each VLAN must have an IP address Refer to IP Configuration on page 5 2 Notes on Using VLANs If you are using DHCP Bootp to acquire the switch s configuration packet time to live and TimeP information you must designate the VLAN on which DHCP is configured for this purpose as the primary...

Page 244: ... including the default VLAN and any dynamic VLANs the switch creates if you enable GVRP page 9 73 Note that each port can be assigned to multiple VLANs by using VLAN tagging See VLAN Tagging Information on page 9 66 To Change VLAN Support Settings This section describes Changing the maximum number of VLANs to support Changing the primary VLAN selection See Changing the Primary VLAN on page 9 62 En...

Page 245: ...a switch reboot will be required at that time 3 Press Enter and then S to save the VLAN support configuration and return to the VLAN Menu screen If you changed the value for Maximum VLANs to support you will see an asterisk next to the VLAN Support option see below Figure 9 45 VLAN Menu Screen Indicating the Need To Reboot the Switch If you changed the VLAN Support option you must reboot the switc...

Page 246: ...mpted for a new VLAN name and VLAN ID 802 1Q VLAN ID 1 Name _ 3 Type in a VID VLAN ID number This can be any number from 2 to 4095 that is not already being used by another VLAN Remember that a VLAN must have the same VID in every switch in which you configure that same VLAN You can use GVRP to dynamically extend VLANs with correct VID numbering to other switches See GVRP on page 9 73 4 Press v to...

Page 247: ... any VLANs added dynamically due to GVRP operation 7 Return to the VLAN Menu to assign ports to the new VLAN s as described in the next section Adding or Changing a VLAN Port Assignment Adding or Changing a VLAN Port Assignment Use this procedure to add ports to a VLAN or to change the VLAN assign ment s for any port Ports not specifically assigned to a VLAN are automat ically in the default VLAN ...

Page 248: ...Untagged VLANs Only one untagged VLAN is allowed per port Also there must be at least one VLAN assigned to each port In the factory default configuration all ports are assigned to the default VLAN DEFAULT_VLAN For example if you want ports 4 and 5 to belong to both DEFAULT_VLAN and VLAN 22 and ports 6 and 7 to belong only to VLAN 22 you would use the settings in figure 9 49 This example assumes th...

Page 249: ...efault state all ports on the switch belong to the default VLAN DEFAULT_VLAN and are in the same broadcast multicast domain The default VLAN is also the default primary VLAN see Which VLAN Is Pri mary on page 9 50 You can configure up to 29 additional static VLANs by adding new VLAN names and then assigning one or more ports to each VLAN The switch accepts a maximum of 30 VLANs including the defau...

Page 250: ... Show VLAN Listing GVRP Enabled show vlans below show vlan vlan id page 9 61 max vlans 1 30 page 9 62 primary vlan vlan id page 9 62 no vlan vlan id page 9 63 name vlan name page 9 64 no tagged port list page 9 64 no untagged port list page 9 64 no forbid page 9 64 auto port list page 9 64 Available if GVRP enabled static vlan vlan id page 9 63 Available if GVRP enabled SMC6624M config show vlan S...

Page 251: ...c Dynamic VLAN SMC6624M config show vlan 22 Status and Counters VLAN Information Ports VLAN 22 802 1Q VLAN ID 22 Name VLAN 22 Status Static Port Information Mode Unknown VLAN Status 1 Tagged Learn Up 2 Tagged Learn Up 5 Untagged Learn Up 6 Untagged Learn Up 7 Untagged Learn Up Show VLAN lists this data when GVRP is enabled and at least oneportontheswitch has dynamically joined the designated VLAN ...

Page 252: ...ure 9 53 Example of Command Sequence for Changing the Number of VLANs Changing the Primary VLAN In the factory default configuration the default VLAN DEFAULT_VLAN is the primary VLAN However you can designate any static VLAN on the switch as the primary VLAN For more on the primary VLAN see Which VLAN Is Primary on page 9 50 To view the available VLANs and their respective VIDs use show vlan Synta...

Page 253: ...e context level for that VLAN vlan vlan name Places you in the context level for that static VLAN For example to create a new static VLAN with a VID of 100 To go to a different VLAN context level such as to the default VLAN SMC6624M vlan 100 vlan default_vlan SMC6624M vlan 1 _ Converting a Dynamic VLAN to a Static VLAN If GVRP is running on the switch and a port dynamically joins a VLAN you can us...

Page 254: ...settings as show below N ot e You can use these options from the configuration level by beginning the command with vlan vlan id or from the context level of the specific VLAN Syntax name vlan name Changes the name of the existing static VLAN No spaces allowed in the vlan name entry no tagged port list Configures the indicated port s as Tagged for the specified VLAN The no version sets the port s t...

Page 255: ...lan 100 tagged 1 5 To move to the vlan 100 context level and execute the same commands SMC6624M config vlan 100 SMC6624M vlan 100 name Blue_Team SMC6624M vlan 100 tagged 1 5 Similarly to change the tagged ports in the above examples to No or Auto if GVRP is enabled you could use either of the following commands At the config level use SMC6624M config no vlan 100 tagged 1 5 or At the VLAN 100 conte...

Page 256: ...4095 that is not already assigned to a VLAN When yousubsequently assign a portto a givenVLAN you mustimplementthe VLAN tag VID if the port will carry traffic for more than one VLAN Otherwise the port VLAN assignment can remain untagged because the tag is not needed On a given switch this means you should use the Untagged designation for a port VLAN assignment where the port is connected to non 802...

Page 257: ...ports Y1 Y4 can all be untagged because there is only one VLAN assignmentper port Devices connected to these ports do not have to be 802 1Q compliant Because both the Red VLAN and the Green VLAN are assigned to port Y5 at least one of the VLANs must be tagged for this port In both switches The ports on the link between the two switches must be configured the same As shown in figure 9 54 above the ...

Page 258: ...ort that has only one VLAN assigned to it can be configured as Untagged the default Any port that has two or more VLANs assigned to it can have one VLAN assignment for that port as Untagged All other VLANs assigned to the same port must be configured as Tagged There can be no more than one Untagged VLAN on a port If all end nodes on a port comply with the 802 1Q standard and are configured to use ...

Page 259: ...point to point connec tion both ports must have the same VLAN configuration that is both ports configure the Red VLAN as Untagged and the Green VLAN as Tagged Switch X Switch Y Port Red VLAN Green VLAN Port Red VLAN Green VLAN X1 Untagged Tagged Y1 Untagged Tagged X2 Untagged Tagged Y2 No Untagged X3 No Untagged Y3 No Untagged X4 Untagged No Y4 Untagged No Y5 Untagged Tagged No means the port is n...

Page 260: ...es For example in some switches STP operates on a per VLAN basis allowing redundant physical links as long as they are in separate VLANs IP Interfaces There is a one to one relationship between a VLAN and an IP network inter face Since the VLAN is defined by a group of ports the state up down of those ports determines the state of the IP network interface associated with that VLAN When a VLAN come...

Page 261: ...ses one per possible VLAN Port Trunks When assigning a port trunk to a VLAN all ports in the trunk are automatically assigned to the same VLAN You cannot split trunk members across multiple VLANs Also a port trunk is tagged untagged or excluded from a VLAN in the same way as for individual untrunked ports Port Monitoring If you designate a port on the switch for network monitoring this port will a...

Page 262: ...er vendor under what conditions if any the router uses the same MAC address on more than one interface Currently for the problem of duplicate MAC addresses in XNS and DEC net environments a satisfactory solution is not available from any vendor at this time N ot e Duplicate MAC addresses are likely to occur in VLAN environments where XNS and DECnet are used For this reason using VLANs in XNS and D...

Page 263: ...rors in VLAN configuration by automatically pro viding VLAN ID VID consistency across the network That is you can use GVRP to propagate VLANs to other GVRP aware devices instead of manually having to set up VLANs across your network After the switch creates a dynamic VLAN you can optionally use the CLI static vlan id command convert it to a static VLAN or allow it to continue as a dynamic VLAN for...

Page 264: ...ort 2 is a member of VIDs 1 2 3 1 Port 2 advertises VIDs 1 2 3 2 Port 1 receives advertise ment of VIDs 1 2 3 AND becomes a member of VIDs 1 2 3 3 Port3 advertises VIDs 1 2 3 but port 3 is NOT a member of VIDs 1 2 3 at this point 4 Port 4 receives advertise ment of VIDs 1 2 3 AND becomes a member of VIDs 1 2 3 5 Port 5 advertises VIDs 1 2 3 but port 5 is NOT a member of VIDs 1 2 3 at this point Po...

Page 265: ...s must be disabled in GVRP unaware devices to allow tagged packets to pass through A GVRP aware port receiving advertisements has these options If there is not already a static VLAN with the advertised VID on the receiving port then dynamically create a VLAN with the same VID as in the advertisement and begin moving that VLAN s traffic Switch A GVRP On Switch B No GVRP Switch C GVRP On Switch D GV...

Page 266: ...ng A dynamic VLAN does not have an IP address and moves traffic on the basis of port membership in VLANs However after GVRP creates a dynamic VLAN you can convert it to a static VLAN Note that it is then necessary to assign ports to the VLAN in the same way that you would for a static VLAN that you created manually In the static state you can configure IP addressing on the VLAN and access it in th...

Page 267: ...d advertisements it receives Block Prevents the port from dynamically joining a VLAN that is not statically configured on the switch The port will still forward advertisements that were received by the switch on other ports Block should typically be used on ports in unsecure networks where there is exposure to attacks such as ports where intruders can connect Disable Causes the port to ignore and ...

Page 268: ...ehavior on Ports with Static VLANs Per Port Unknown VLAN GVRP Configuration Per Port Static VLAN Options 1 Tagged or Untagged2 Auto2 Forbid2 Learn the Default Generate advertisements Forward advertisements for other VLANs Receive advertisements and dynamically join any advertised VLAN Receive advertisements and dynamically join any advertised VLAN that has the same VID as the static VLAN Do not al...

Page 269: ...rtisements and to dynamically join VLANs The two preceding sections describe the per port features you can use to control and limit VLAN propagation To summarize you can Allow a port to advertise and or join dynamic VLANs the default Allow a port to send VLAN advertisements but not receive them from other devices that is the port cannot dynamically join a VLAN but other devices can dynamically joi...

Page 270: ...s you want to use with dynamic VLANs and configure the appropriate Unknown VLAN parameter Learn Block or Disable for each port 6 Configure the static VLANs on the switch es where they are needed along with the per VLAN parameters Tagged Untagged Auto and Forbid see table 9 9 on page 9 78 on the appropriate ports 7 Dynamic VLANs will then appear automatically according to the config uration options...

Page 271: ...fields Figure 9 61 Example Showing Default Settings for Handling Advertisements 3 Use the arrow keys to select the port you want and the Space bar to select Unknown VLAN option for any ports you want to change 4 When you finish making configuration changes press Return then S for Save to save your changes to the Startup Config file The Unknown VLAN fields enable you to configure each port to Learn...

Page 272: ... gvrp Figure 9 62 Example of Show GVRP Listing with GVRP Disabled Figure 9 63 Example of Show GVRP Listing with GVRP Enabled show gvrp below gvrp page 9 83 unknown vlans page 9 83 SMC6624M show gvrp GVRP support Maximum VLANs to support 8 Primary VLAN DEFAULT_VLAN GVRP Enabled No SMC6624M show gvrp GVRP support Maximum VLANs to support 8 Primary VLAN DEFAULT_VLAN GVRP Enabled Yes Port Type Unknown...

Page 273: ...either the Manager level or the interface context level for the desired port s Syntax show gvrp Shows the current settings interface port list unknown vlans learn block disable Changes the Unknown VLAN field setting for the specified port s N ot e For port interface commands such as unknown vlans the command line accepts only one parameter at a time instead of combining several in one command For ...

Page 274: ... the default VLAN VLAN 222 and VLAN 333 In this scenario switch B will dynamically join VLAN 222 and VLAN 333 The show vlans command lists the dynamic and static VLANs in switch B Figure 9 64 Example of Listing Showing Dynamic VLANs Switch A GVRP enabled 3 Static VLANs DEFAULT_VLAN VLAN 222 VLAN 333 Switch B GVRP enabled 1 Static VLANs DEFAULT_VLAN Switch B show vlans Status and Counters VLAN Info...

Page 275: ...ment your changes to the Unknown VLAN fields GVRP Operating Notes A dynamic VLAN must be converted to a static VLAN before it can have an IP address Converting a dynamic VLAN to a static VLAN and then executing the write memory command saves the VLAN in the startup config file and makes it a permanent part of the switch s VLAN configuration Within the same broadcast domain a dynamic VLAN can pass ...

Page 276: ...learns of static VLANs on those other devices and dynamically automat ically creates tagged VLANs on the links to the advertising devices Similarly the switch advertises its static VLANs to other GVRP aware devices A GVRP enabled switch does not advertise any GVRP learned VLANs out of the port s on which it originally learned of those VLANs ...

Page 277: ...ast router or another switch functioning as a Querier IGMP Device A switch or router running IGMP traffic control features IGMP Host An end node device running an IGMP multipoint or multi cast communication application In a network where IP multicast traffic is transmitted for various multimedia applications you can use the switch to reduce unnecessary bandwidth usage on a per port basis by config...

Page 278: ...u can do so through the IGMP configuration MIB Refer to Changing the Querier Configuration Setting on page 9 99 N ot e IGMP configuration on the SMC6624M operates at the VLAN context level If you are not using VLANs then configure IGMP in VLAN 1 the default VLAN context Some IGMP features require an IP address and subnet mask for any VLAN used for IGMP traffic see IGMP Operation With or Without IP...

Page 279: ... the switch it examines the IGMP packetsitreceives To learn which of its ports are linked to IGMP hosts and multicast routers queriers belonging to any multicast group To become a querier if a multicast router querier is not discovered on the network Once the switch learns the port location of the hosts belonging to any partic ular multicast group it can direct group traffic to only those ports re...

Page 280: ...nd 6 are members of the same IP multicast group IGMP is configured on switches 3 and 4 Either of these switches can operate as querier because a multicast router is not present on the network If an IGMP switch does not detect a querier it automatically assumes this role assuming the querier feature is enabled the default within IGMP PC X Video Server Router Router PC 1 Video Client Switch 1 Router...

Page 281: ...nfigured on both switches 1 and 2 and the port on Switch 3 that connects to Switch 1 must be unblocked IP Multicast Filters IP multicast addresses occur in the range from 224 0 0 0 through 239 255 255 255 which corresponds to the Ethernet multicast address range of 01005e 000000 through 01005e 7fffff Devices that have static Traffic Security filters configured with a Multicast filter type and a Mu...

Page 282: ... received except the port on which the packets entered the VLAN The following table lists the 32 well known address groups 8192 total addresses that IGMP does not filter on the SMC6624M switch Table 9 10 Well Known IP Multicast Address Groups Excluded from IGMP Filtering Number of IP Multicast Addresses Allowed Multicast filters and IGMP filters addresses together can total up to 255 in the switch...

Page 283: ...MP packet information for ports belonging to a multicast group This means that IGMP traffic will be forwarded on a specific port only if an IGMP host or multicast router is connected to the port Blocked Causes the switch to drop all IGMP transmissions received from a specific port and to block all outgoing IP Multicast packets for that port This has the effect of preventing IGMP traffic from movin...

Page 284: ...nction Available With IP Addressing Configured on the VLAN Available Without IP Addressing Operating Differences Without an IP Address Drop multicast group traffic for which there have been no join requests from IGMP clients connected to ports on the VLAN Yes None Forward multicast group traffic to any port on the VLAN that has received a join request for that multicast group Yes None Forward join...

Page 285: ...e client If the switch detects multiple end nodes on the port automatic Fast Leave does not activate regardless of whether one or more of these end nodes are IGMP clients In the next figure automatic Fast Leave operates on the switch ports for IGMP clients 3A and 5B but not on the switch port for IGMP clients 7A and 7B Server 7C and printer 7D Figure 9 67 Example of Automatic Fast Leave IGMP Crite...

Page 286: ... igmp config IGMP configuration for all VLANs on the switch show ip igmp vid config IGMP configuration for a specific VLAN on the switch including per port data For IGMP operating status see Internet Group Management Protocol IGMP Status on page 10 16 For example suppose you have the following VLAN and IGMP configurations on the switch You could use the CLI to display this data as follows show ip ...

Page 287: ...an disable IGMP on a selected VLAN Note that this command must be executed in a VLAN context Syntax no ip igmp For example here are methods to enable and disable IGMP on the default VLAN VID 1 SMC6624M config vlan 1 ip igmp Enables IGMP on VLAN 1 SMC6624M show ip igmp config IGMP Service VLAN ID VLAN NAME IGMP Enabled Forward with High Priority Querier Allowed 1 DEFAULT_VLAN Yes No No 22 VLAN 2 Ye...

Page 288: ...auto For example suppose you wanted to configure IGMP as follows for VLAN 1 on the 10 100 ports on the SMC6624M Depending on the privilege level you could use one of the following com mands to configure IGMP on VLAN 1 with the above settings SMC6624M config vlan 1 ip igmp auto 1 7 forward 8 blocked 9 12 SMC6624M vlan 1 ip igmp auto 1 7 forward 8 blocked 9 12 The following command displays the VLAN...

Page 289: ... commands Configuring the Querier Function The function of the IGMP Querier is to poll other IGMP enabled devices in an IGMP enabled VLAN to elicit group membership information The switch performs this function if there is no other device in the VLAN such as a multicast router to act as Querier Although the switch automatically ceases Querier operation in an IGMP enabled VLAN if it detects another...

Page 290: ... detects this change and can become the Querier as long as it is not pre empted by some other IGMP Querier on the VLAN In this case the switch Event Log lists messages similar to the following to indicate that the switch has become the Querier on the VLAN I 01 15 01 09 21 55 igmp DEFAULT_VLAN Querier Election in process I 01 15 01 09 22 00 igmp DEFAULT_VLAN This switch has been elected as Querier ...

Page 291: ...le and use the CLI To Enable or Disable IGMP 1 Click on the Configuration tab 2 Click on Device Features 3 If more than one VLAN is configured use the VLAN pull down menu to select the VLAN on which you want to enable or disable IGMP 4 Use the Multicast Filtering IGMP menu to enable or disable IGMP 5 Click on Apply Changes to implement the configuration change Feature Default Settings Function For...

Page 292: ...ecommended that you enable STP on all switches belonging to a loop topology This topic is covered in more detail under How STP Operates on page 9 108 As recommended in the IEEE 802 1Q VLAN standard the SMC6624M uses single instance STP a single spanning tree is created to make sure there are no network loops associated with any of the connections to the switch regardless of whether VLANs are confi...

Page 293: ...ou should enable Spanning Tree N ot e STP retains its current parameter settings when disabled Thus if you disable STP then later re enable it the parameter settings will be the same as before STP was disabled Ca ut ion Because the switch automatically gives faster links a higher priority the default STP parameter settings are usually adequate for spanning tree operation Also because incorrect STP...

Page 294: ...e then type in the new value or press the Space Bar to select a value If you need information on STP parameters press Enter to select the Actions line then press H to get help 6 Repeat step 5 for each additional parameter you want to change For information on the Mode parameter see STP Fast Mode on page 9 109 7 When you are finished editing parameters press Enter to return to the Actions line 8 Pr...

Page 295: ...e of the Default STP Configuration Listing show spanning tree config Below spanning tree page 9 106 forward delay 4 30 page 9 106 hello time 1 10 page 9 106 maximum age 6 40 page 9 106 priority 0 65535 page 9 106 ethernet port list page 9 107 path cost 1 65535 page 9 107 priority 0 255 page 9 107 mode norm fast page 9 107 show spanning tree See SpanningTree Protocol STP Information on page10 14 SM...

Page 296: ...d cannot be included with the no spanning tree command Ca ut ion Because incorrect STP settings can adversely affect network performance SMC recommends that you use the defaultSTPparameter settings You should not change these settings unless you have a strong understanding of how STP operates For more on STP see the IEEE 802 1D standard SMC6624M config spanning tree Enables STP on the switch Recon...

Page 297: ...ameters Table 9 14 Per Port STP Parameters You can also include STP general parameters in this command See Recon figuring General STP Operation on the Switch on page 9 106 Syntax spanning tree ethernet port list path cost 1 65535 priority 0 255 mode norm fast Default See table 9 14 above Name Default Range Function path cost Ethernet 100 10 100Tx 10 100 Fx 10 Gigabit 5 1 65535 Assignsanindividualp...

Page 298: ...atures 3 Enable or Disable STP by selecting On or Off from the pull down menu 4 Click on Apply Changes to implement the configuration change How STP Operates The switch automatically senses port identity and type and automatically defines port cost and priority for each type The console interface allows you to adjust the Cost and Priority for each port as well as the Mode for each port and the glo...

Page 299: ...art up sequence because some end nodes are configured to automatically try to access a network server when ever the end node detects a network connection Typical server access includes to Novell servers DHCP servers and X terminal servers If the server access is attempted during the time that the switch port is negotiating its STP state the server access will fail To provide support for this end n...

Page 300: ...ple to configure Fast mode for ports 1 3 and 5 SMC6624M config spanning tree ethernet 1 3 5 mode fast In the menu interface go to the Main Menu and follow the steps under Menu Configuring STP on page 9 103 STP Operation with 802 1Q VLANs As recommended in the IEEE 802 1Q VLAN standard when spanning tree is enabled on the switch a single spanning tree is configured for all ports across the switch i...

Page 301: ... Spanning Tree Protocol Operation with VLANs on page 9 70 Problem STP enabled with 2 separate non trunked links blocks a VLAN link Solution STP enabled with one trunked link Nodes 1 and 2 cannot communicate because STP is blocking the link Nodes 1 and 2 can communicate because STP sees the trunk as a single link and 802 1Q tagged VLANs enable the use of one trunked link for both VLANs ...

Page 302: ...9 112 Configuring Advanced Features Spanning Tree Protocol STP Configuring Advanced Features ...

Page 303: ...lume on individual ports Event Log Lists switch operating events Alert Log Lists network occurrences detected by the switch in the Status Overview screen of the web browser interface Configurable trap receivers Uses SNMP to enable management sta tions on your network to receive SNMP traps from the switch Port or VLAN monitoring mirroring Copy all traffic from the spec ified ports or VLAN to a desi...

Page 304: ...ss IP address and IPX network number for each VLAN or if no VLANs are configured for the switch 10 5 Port Status Menu CLI Web Displays the operational status of each port 10 6 Port and Trunk Statistics Menu CLI Web Summarizes port activity 10 7 Address Table Address Forwarding Table Menu CLI Lists the MAC addresses of nodes the switch has detected on the network with the corresponding switch port ...

Page 305: ...us and Counters Beginning at the Main Menu display the Status and Counters menu by select ing 1 Status and Counters Figure 10 1 The Status and Counters Menu Each of the above menu items accesses the read only screens described on the following pages Refer to the online help for a description of the entries displayed in these screens ...

Page 306: ...Operation General System Information Menu Access From the console Main Menu select 1 Status and Counters 1 General System Information Figure 10 2 Example of General Switch Information This screen dynamically indicates how individual switch resources are being used CLI Access Syntax show system information ...

Page 307: ...the Main Menu select 1 Status and Counters 2 Switch Management Address Information Figure 10 3 Example of Management Address Information with VLANs Configured This screen displays addresses that are important for management of the switch If multiple VLANs are not configured this screen displays a single IP address for the entire switch CLI Access Syntax show management ...

Page 308: ...s The web browser interface and the console interface show the same port status data Menu Displaying Port Status From the Main Menu select 1 Status and Counters 3 Port Status Figure 10 4 Example of Port Status on the Menu Interface CLI Access Syntax show interfaces Web Access 1 Click on the Status tab 2 Click on Port Status ...

Page 309: ...e switch resets the counters to zero You can also reset the counters to zero for the current session This is useful for troubleshooting See the Note On Reset below N ot e on R es et The Reset action resets the counter display to zero for the current session but does not affect the cumulative values in the actual hardware counters In compliance with the SNMP standard the values in the hardware coun...

Page 310: ...nters Figure 10 5 Example of Port Counters on the Menu Interface To view details about the traffic on a particular port use the v key to highlight that port number then select Show Details For example selecting port 2 displays a screen similar to figure 10 6 below Figure 10 6 Example of the Display for Show details on a Selected Port This screen also includes the Reset action for the current sessi...

Page 311: ...r a Specific Port This com mand provides traffic details for the port you specify Syntax show statistics port number To Reset the Port Counters for a Specific Port This command resets the counters for the specified ports to zero for the current session See the Note on Reset on page 10 7 Syntax clear statistics ethernet port list Web Browser Access To View Port and Trunk Group Statistics 1 Click on...

Page 312: ... addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned Feature Default Menu CLI Web viewing MAC addresses on all ports n a page 10 11 page 10 13 viewing MAC addresses on a specific port n a page 10 12 page 10 13 viewing MAC addresses on a specific VLAN n a page 10 13 searching for a MAC address n a page 10 12 page 10 13 ...

Page 313: ... The MAC addresses that the switch has learned from network devices attached to the switch The port on which each MAC address was learned From the Main Menu select 1 Status and Counters 5 Address Table Figure 10 7 Example of the Address Table To page through the listing use Next page and Prev page Identifying the Port Connection for a Specific Device This feature uses a device s MAC address that y...

Page 314: ...re displays and searches for MAC addresses on the specified port instead of for all ports on the switch 1 From the Main Menu select 1 Status and Counters 6 Port Address Table Figure 10 9 Listing MAC Addresses for a Specific Port 2 Use the Space bar to select the port you want to list or search for MAC addresses then press Enter to list the MAC addresses detected on that port Determining Whether a ...

Page 315: ...t All Learned MAC Addresses on one or more ports with Their Corresponding Port Numbers For example to list the learned MAC address on ports 1 through 5 and port 7 SMC6624M show mac address 1 5 7 To List All Learned MAC Addresses on a VLAN with Their Port Numbers This command lists the MAC addresses associated with the ports for a given VLAN For example SMC6624M show mac address vlan 100 N ot e The...

Page 316: ...tion STP must be enabled on the switch to display the following data Figure 10 10 Example of Spanning Tree Information Use this screen to determine current switch level STP parameter settings and statistics You can use the Show ports action at the bottom of the screen to display port level information and parameter settings for each port in the switch including port type cost priority operating st...

Page 317: ... Monitoring and Analyzing Switch Operation Figure 10 11 Example of STP Port Information CLI Access to STP Data This option lists the STP configuration root data and per port data cost priority state and designated bridge Syntax show spanning tree SMC6624M show spanning tree ...

Page 318: ...e of IGMP Group Data Show Command Output show ip igmp GlobalcommandlistingIGMPstatusforallVLANsconfigured in the switch VLAN ID VID and name Active group addresses per VLAN Number of report and query packets per group Querier access port per VLAN show ip igmp vlan id Per VLAN command listing above IGMP status for specified VLAN VID show ip igmp group ip addr Lists the ports currently participating...

Page 319: ...d Status for ALL VLANs in the Switch Figure 10 13 Example of VLAN Listing for the Entire Switch Show Command Output show vlan Lists Maximum number of VLANs to support Existing VLANs Status static or dynamic Primary VLAN show vlan vlan id For the specified VLAN lists Name VID and status static dynamic Per Port mode tagged untagged forbid no auto Unknown VLAN setting Learn Block Disable Port status ...

Page 320: ...t 1 2 Status and Counters VLAN Information for ports 1 2 802 1Q VLAN ID Name Status 1 DEFAULT_VLAN Static 33 VLAN 33 Static Because ports 1 and 2 are not members of VLAN 44 it does not appear in this listing SMC6624M show vlan 1 Status and Counters VLAN Information Ports VLAN 1 802 1Q VLAN ID 1 Name DEFAULT_VLAN Status Static Port Information Mode Unknown VLAN Status 1 Untagged Learn Down 2 Untagg...

Page 321: ...it provides an overview of the status of the switch including summary graphs indicating the network utili zation on each of the switch ports symbolic port status indicators and the Alert Log which informs you of any problems that may have occurred on the switch For more information on this screen see chapter 4 Using the Web Browser Interface Figure 10 15 Example of a Web Browser Interface Status O...

Page 322: ...ed monitoring port to which a network analyzer can be attached N ot e Port trunk groups cannot be used as a monitoring port It is possible when monitoring multiple ports in networks with high traffic levels to copy more traffic to a monitor port than the link can support In this case some packets may not be copied to the monitor port Feature Default Menu CLI Web display monitoring configuration di...

Page 323: ...rently than shown in this procedure 1 From the Console Main Menu Select 2 Switch Configuration 3 Network Monitoring Port Figure 10 16 The Default Network Monitoring Configuration Screen 2 In the Actions menu press E for Edit 3 If monitoring is currently disabled the default then enable it by pressing the Space bar or Y to select Yes 4 Press the downarrow key to display a screen similar to the foll...

Page 324: ...itor parameter set to Ports and press the downar row key to move the cursor to the Action column for the individ ual ports ii Press the Space bar to select Monitor for each port that you want monitored Use the downarrow key to move from one port to the next in the Action column iii Press Enter then press S for Save to save your changes and exit from the screen To monitor all ports in a VLAN i Pres...

Page 325: ...ng in the CLI 1 Assign a monitoring mirror port 2 Designate the port s and or a VLAN to monitor Displaying the Port Monitoring Configuration This command lists the port assigned to receive monitored traffic and the ports being monitored Syntax show mirror port For example if you assign port 12 as the monitoring port and configure the switch to monitor ports 1 3 show mirror port displays the follow...

Page 326: ...6624M config no mirror port Selecting or Removing Ports or VLANs As Monitoring Sources After you configure a monitor port you can use either the global configuration level or the interface context level to select ports or VLANs as monitoring sources You can also use either level to remove monitoring sources Syntax no monitor vlan vlan id interface ethernet port list N ot e For port interface and V...

Page 327: ... button for Monitor Selected Ports ii Select the port s to monitor 4 Click on Apply Changes To remove port monitoring 1 Click on the Monitoring Off radio button 2 Click on Apply Changes SMC6624M eth 1 2 monitor SMC6624M vlan 1 monitor SMC6624M config int e 1 2 monitor SMC6624M config vlan 1 monitor From the global config level selects ports or VLAN as monitoring sources From the interface or VLAN ...

Page 328: ...10 26 Monitoring and Analyzing Switch Operation Port Monitoring Features Monitoring and Analyzing Switch Operation ...

Page 329: ...lation guide you received with the switch This chapter includes Troubleshooting Approaches page 11 2 Browser or Console Interface Problems page 11 3 Unusual Network Activity page 11 5 General Problems page 11 5 IGMP Related Problems page 11 6 Spanning Tree Protocol STP Related Problems page 11 7 VLAN Related Problems page 11 8 Using the Event Log To Identify Problem Sources page 11 10 Diagnostics ...

Page 330: ...stallation Guide shipped with the switch for correct cable types and connector pin outs Use EliteView if installed on your network to help isolate problems and recommend solutions Use the Port Utilization Graph and Alert Log in the web browser interface included in the switch to help isolate problems See chapter 3 Using the Web Browser Interface for operating information These tools are avail able...

Page 331: ...unters 2 Switch Management Address Information also check the DHCP Bootp server configuration to verify correct IP addressing If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address has changed For more information on how to reserve an IP address refer to the documentation for the DHCP application that you are using If one or...

Page 332: ...figuration 5 IP Configuration Note If DHCP Bootp is used to configure the switch see the Note above If you are using DHCP to acquire the IP address for the switch the IP address lease time may have expired so that the IP address has changed For more information on how to reserve an IP address refer to the documentation for the DHCP application that you are using If one or more IP Authorized manage...

Page 333: ...he ports in the trunk before connecting the related cables Otherwise you may inad vertently create a number of redundant links i e topology loops that will cause broadcast storms Turn on Spanning Tree Protocol to block redundant links i e topol ogy loops Check for FFI messages in the Event Log Duplicate IP Addresses This is indicated by this Event Log message ip Invalid ARP source IP address on IP...

Page 334: ...CPor Bootp server is not available or accessible to the switch when DHCP Bootp is first configured the switch may not immediately receive the desired configuration After verifying that the server has become accessible to the switch reboot the switch to re start the process IGMP Related Problems IP Multicast IGMP Traffic That Is Directed By IGMP Does Not Reach IGMP Hosts or a Multicast Router Conne...

Page 335: ...Are No Redundant Links in that VLAN In 802 1Q compliant switches such as the SMC6624M STP blocks redundant physical links even if they are in separate VLANs A solution is to use only one multiple VLAN tagged link between the devices Also if ports are available you can improve the bandwidth in this situation by using a port trunk See STP Operation with 802 1Q VLANs on page 9 110 Stacking Related Pr...

Page 336: ...LANs may not be properly configured as Tagged or Untagged A VLAN assigned to a port connecting two 802 1Q compliant devices must be configured the same on both ports For example VLAN_1 and VLAN_2 use the same link between switch X and switch Y Figure 11 1 Example of Correct VLAN Port Assignments on a Link Within Same Tagged VLAN as Monitor Port Within Same Untagged VLAN as Monitor Port Outside of ...

Page 337: ...hat the VLAN ID VID is the same on both switches Duplicate MAC Addresses Across VLANs Duplicate MAC addresses on different VLANs are not supported and can cause operating problems There are no explicit events or statistics to indicate the presence of duplicate MAC addresses in a VLAN environment However one symptom that may occur is that a duplicate MAC address can appear in the Port Address Table...

Page 338: ...d in the log System Module is the internal module such as ports for port manager that generated the log entry If VLANs are configured then a VLAN name also appears for an event that is specific to an individual VLAN Table 11 1 on page 11 11 lists the individual modules Event Message is a brief description of the operating event The event log holds up to 1000 lines in chronological order from the o...

Page 339: ... trunks bootp bootp addressing snmp SNMP communications console Console interface stack Stacking dhcp DHCP addressing stp Spanning Tree download file transfer sys system Switch management FFI Find Fix and Inform available in the console event log and web browser interface alert log telnet Telnet activity garp GARP GVRP tcp Transmission control igmp IP Multicast tftp File transfer for new OS or con...

Page 340: ...t of the switch All events recorded Event entries containing a specific keyword either since the last boot or all events recorded Syntax show logging a search text SMC6624M show logging Lists recorded log messages since last reboot SMC6624M show logging a Lists all recorded log messages SMC6624M show logging a system Lists all log messages having system in the text or module name SMC6624M show log...

Page 341: ...he switch and another device on the same or another IP network that can respond to IP packets ICMP Echo Requests Link Test This is a test of the connection between the switch and a desig nated network device on the same LAN or VLAN if configured During the link test IEEE 802 2 test packets are sent to the designated network device in the same VLAN or broadcast domain The remote device must be able...

Page 342: ...rloaded links or devices DestinationIP MAC Address is the network address of the target or destination device to which you want to test a connection with the switch An IP address is in the X X X X format where X is a decimal number between 0 and 255 A MACaddressismadeupof12hexadecimaldigits forexample 0060b0 080400 4 For a Ping test enter the IP address of the target device For a Link test enter t...

Page 343: ...ds The defaults and ranges are Repetitions 1 1 999 Timeout 5 seconds 1 256 seconds Syntax ping ip address repetitions 1 999 timeout 1 256 Figure 11 13 Examples of Ping Tests To halt a ping test before it concludes press Ctrl C Ping with Repetitions and Timeout Basic Ping Operation Ping Failure Ping with Repetitions SMC6624M ping 10 2 13 14 10 2 13 14 is alive time 15 ms SMC6624M ping 10 2 13 14 re...

Page 344: ...nk Test with Repetitions and Timeout Link Test Over a Specific VLAN Link Test Over a Specific VLAN Test Fail SMC6624M link 0030c1 7fcc40 Link test passed SMC6624M link 0030c1 7fcc40 repetitions 3 802 2 TEST packets sent 3 responses received 3 SMC6624M link 0030c1 7fcc40 repetitions 3 timeout 1 802 2 TEST packets sent 3 responses received 3 SMC6624M link 0030c1 7fcc40 repetitions 3 timeout 1 vlan 1...

Page 345: ...ration File Using the CLI you can display either the running configuration or the startup configuration For more on these topics see appendix C Switch Memory and Configuration Syntax write terminal Displays the running configuration show config Displays the startup configuration Web Viewing the Configuration File To display the running configuration through the web browser interface 1 Click on the...

Page 346: ...the Command Line Reference CLI Syntax show version Shows the software version currently running on the switch show boot history Displays the switch shutdown history show history Displays the current command history no page Toggles the paging mode for display commands between continuous listing and per page listing Setup Displays the Switch Setup screen from the menu interface Repeat Repeatedly exe...

Page 347: ...g the switch to itsfactory defaultconfiguration You can also save your configuration via Xmodem to a directly connected PC CLI Resetting to the Factory Default Configuration This command operates at any level except the Operator level Syntax erase startup config Deletes the startup config file in flash so that the switch will reboot with its factory default configuration N ot e The erase startup c...

Page 348: ...orm these steps 1 Using pointed objects simultaneously press both the Reset and Clear buttons on the front of the switch 2 Continue to press the Clear button while releasing the Reset button 3 When the Self Test LED begins to flash release the Clear button The switch will then complete its self test and begin operating with the configuration restored to the factory default settings ...

Page 349: ... an Operating System OS SMC periodically provides switch operating system OS updates through the SMC website http www smc com After you acquire the new OS file you can use one of the following methods for downloading the operating system OS code to the switch TheTFTP feature DownloadOS command in the Main Menu of the switch console interface page A 2 A switch to switch file transfer Xmodem transfe...

Page 350: ...already been configured with a compatible IP address and subnet mask The TFTP server is accessible to the switch via IP Before you use the procedure do the following Obtain the IP address of the TFTP server in which the OS file has been stored If VLANs are configured on the switch determine the name of the VLAN in which the TFTP server is operating Determine the name of the OS file stored in the T...

Page 351: ...en Default Values 2 Press E for Edit 3 Ensure that the Method field is set to TFTP the default 4 In the TFTP Server field type in the IP address of the TFTP server in which the OS file has been stored 5 In the Remote File Name field type the name of the OS file If you are using a UNIX system remember that the filename is case sensitive 6 Press Enter then X for eXecute to begin the OS download The ...

Page 352: ...load from a Server Syntax copy tftp flash ip address remote os file For example to download an OS file named F_2_07 swi from a TFTP server with the IP address of 10 2 3 9 1 Execute the copy command as shown below 2 When the switch finishes downloading the OS file from the server it displays this progress message Validating and Writing System Software to FLASH 3 After the switch reboots it displays...

Page 353: ...switch halts and the following messages appear Validating and writing system software to FLASH Transfer completed After the system flash memory has been updated with the new operating system the switch reboots itself and begins running with the new operat ing system 7 To confirm that the operating system downloaded correctly a From the Main Menu select Status and Counters General System Informatio...

Page 354: ...le option in the Transfer dropdown menu Menu Xmodem Download 1 From the console Main Menu select 7 Download OS 2 Press E for Edit 3 Use the Space bar to select XMODEM in the Method field 4 Press Enter then X for eXecute to begin the OS download The following message then appears Press enter and then initiate Xmodem transfer from the attached computer 5 Execute the terminal emulator command s to be...

Page 355: ...ator commands to begin the Xmodem transfer The download can take several minutes depending on the baud rate used in the transfer When the download finishes the switch automatically reboots itself and begins running the new OS version 3 To confirm that the operating system downloaded correctly SMC6624M show system Check the Firmware revision line SMC6624M config copy xmodem flash pc Device will be ...

Page 356: ...age 11 10 Some of the causes of download failures include Incorrect or unreachable address specified for the TFTP Server parameter This may include network problems Incorrect VLAN Incorrect name specified for the Remote File Name parameter or the specified file cannot be found on the TFTP server This can also occur if the TFTP server is a Unix machine and the case upper or lower for the filename o...

Page 357: ...from a switch TFTP Retrieving a Configuration from a Remote Host Syntax copy tftp startup config ip address remote file This command copies a configuration from a remote host to the startup config file in the switch See appendix C Switch Memory and Configuration for information on the startup config file For example to download a configuration file named sw6624 in the configs directory on drive d ...

Page 358: ...13 28 227 105 d con figs sw6624 Xmodem Copying a Configuration from the Switch to a Serially Connected PC or Unix Workstation To use this method the switch must be connected via the serial port to a PC or Unix workstation to which you want to copy the configuration file You will need to select a filename and to know the drive and directory location where you want to store the configura tion file S...

Page 359: ...ou will need to know the name of the file to copy and the drive and directory location of the file Syntax copy xmodem startup config pc unix For example to copy a configuration file from a PC serially connected to the switch 1 Execute the following command 2 After you see the above prompt press Enter 3 Execute the terminal emulator commands to begin the file transfer When the file transfer finishe...

Page 360: ...A 12 Transferring an Operating System or Startup Configuration File Transferring Switch Configurations Transferring an Operating System or Startup ...

Page 361: ... ports as they are added to the switch N ot e The switch s base MAC address is also printed on a label affixed to the back of the switch Determining MAC Addresses MAC Address Viewing Methods Use the menu interface to view the switch s base MAC address and the MAC address assigned to any non default VLAN you have configured on the switch N ot e The switch s base MAC address is used for the default ...

Page 362: ...ULT_VLAN unless the name has been changed by using the VLAN Names screen On the SMC6624M the VID VLAN identification number for the default VLAN is always 1 and cannot be changed To View the MAC Address and IP Address assignments for VLANs Configured on the Switch 1 From the Main Menu Select 1 Status and Counters 2 Switch Management Address Information If the switch has only the default VLAN the f...

Page 363: ... 00 01 e7 c0 41 21 ifPhysAddress 2 00 01 e7 c0 41 22 ifPhysAddress 3 00 01 e7 c0 41 23 ifPhysAddress 4 00 01 e7 c0 41 24 ifPhysAddress 5 00 01 e7 c0 41 25 ifPhysAddress 6 00 01 e7 c0 41 26 ifPhysAddress 7 00 01 e7 c0 41 27 ifPhysAddress 8 00 01 e7 c0 41 28 ifPhysAddress 9 00 01 e7 c0 41 29 ifPhysAddress 10 00 01 e7 c0 41 2a ifPhysAddress 11 00 01 e7 c0 41 2b ifPhysAddress 12 00 01 e7 c0 41 2c ifPh...

Page 364: ...B 4 MAC Address Management Determining MAC Addresses MAC Address Management ...

Page 365: ...I since the switch was last booted the running config file is identical to the startup config file Startup config File Exists in flash non volatile memory and is used to preserve the most recently saved configuration as the permanent configuration Running Config File Controls switch operation When the switch reboots the contents of this file are erased and replaced by the contents of the startup c...

Page 366: ...p config file with the contents of the current running config file In the menu interface Use the Save command This overwrites both the running config file and the startup config file with the changes you have specified in the menu interface screen In the web browser interface Use the Apply Changes button or other appropriate button This overwrites both the running config file and the startup confi...

Page 367: ...o view either the entire startup config file or the entire running config file use the following commands show config Displays a listing of the current startup config file show config run Displays a listing of the current running config file write terminal Displays a listing of the current running config file N ot e Theshowconfig showconfigrun andwriteterminalcommandslistthefollowing configuration...

Page 368: ...king the mode change permanent SMC6624M config interface e 5 speed duplex auto 10 After you are satisfied that the link is operating properly you can save the change to the switch s permanent configuration the startup config file by executing the following command SMC6624M config write memory The new mode auto 10 on port 5 is now saved in the startup config file and the startup config and running ...

Page 369: ...ou use the CLI to make a change to the running config file you must use the write memory command to save the change to the startup config file That is if you use the CLI to change a parameter setting but then reboot the switch from either the CLI or the menu interface without first executing the write memory command in the CLI the current startup config file will replace the running config file an...

Page 370: ... The menu and web browser interfaces offer these advantages Quick easy menu or window access to a subset of switch configuration features See the Menu Features List on page 2 13 and the web browser General Features list on page Viewing several related configuration parameters in the same screen with their default and current settings Immediately changing both the running config file and the startu...

Page 371: ...he curent opera tion For example suppose you have made the changes shown below in the System Information screen Figure 2 2 Example of Pending Configuration Changes that Can Be Saved or Cancelled N ot e If you reconfigure a parameter in the CLI and then go to the menu interface without executing a write memory command those changes are stored only in the running configuration even if you execute a ...

Page 372: ... To Reboot the switch use the Reboot Switch option in the Main Menu Note that the Reboot Switch option is not available if you log on in Operator mode that is if you enter an Operator password instead of a manager password at the password prompt Figure 2 1 The Reboot Switch Option in the Main Menu Rebooting To Activate Configuration Changes Configuration changes for most parameters become effectiv...

Page 373: ...t Using the Web Browser Interface To Implement Configuration Changes You can use the web browser interface to simultaneously save and implement a subset of switch configuration changes without having to reboot the switch That is when you save a configuration change in most cases by clicking on Apply Changes or Apply Settings you simultaneously change both the running config file and the startup co...

Page 374: ...C 10 Switch Memory and Configuration Using the Menu and Web Browser Interfaces To Implement Configuration Changes Switch Memory and Configuration ...

Page 375: ...t Sunday on or after April 1st End DST at 2am the first Sunday on or after October 25th Middle Europe and Portugal Begin DST at 2am the first Sunday on or after March 25th End DST at 2am the first Sunday on or after September 24th Southern Hemisphere Begin DST at 2am the first Sunday on or after October 25th End DST at 2am the first Sunday on or after March 1st Western Europe Begin DST at 2am the ...

Page 376: ...igured Beginning day and Ending day If the configured day is a Sunday the time changes at 2am on that day If the configured day is not a Sunday the time changes at 2am on the first Sunday after the configured day This is true for both the Beginning day and the Ending day With that algorithm one should use the value 1 to represent first Sunday of the month and a value equal to number of days in the...

Page 377: ...7 29 effect of duplicate IP addresses 7 37 IP mask for multiple stations 7 35 IP mask for single station 7 34 IP mask operation 7 30 operating notes 7 37 overview 7 28 troubleshooting 7 37 auto See GVRP auto negotiation 6 3 auto port setting 9 93 Auto 10 6 10 6 13 auto discovery 8 4 auto negotiation 6 2 B bandwidth displaying utilization 4 12 bandwidth savings with IGMP 9 89 blocked link from STP ...

Page 378: ...s 11 3 console for configuring authorized IP managers 7 31 D date format 11 10 date configure 5 44 default gateway 5 2 default trunk type 6 16 Device Passwords Window 4 7 DHCP 5 9 address problems 11 5 effect of no reply 11 5 DHCP Bootp differences 5 10 DHCP Bootp process 5 10 diagnostics tools 11 13 browsing the configuration file 11 17 ping and link tests 11 13 DNS name 4 4 domain 9 54 9 59 Doma...

Page 379: ...ic 9 79 reboot switch 9 79 recommended tagging 9 79 standard 9 73 tagged dynamic VLAN 9 74 unknown VLAN 9 79 unknown VLAN options 9 76 VLAN behavior 9 51 VLAN dynamic adds 9 57 H Help 2 10 Help line about 2 8 Help line location on screens 2 8 I ICANN 5 13 IEEE 802 1d 9 102 11 7 IEEE 802 3ab 6 3 IGMP benefits 9 87 configuration 9 101 configure per VLAN 9 93 effect on filters 9 91 example 9 89 9 90 ...

Page 380: ...o half duplex 6 26 outbound traffic distribution 6 27 overview 6 11 passive 6 21 6 24 removing port from dynamic trunk 6 22 restrictions 6 25 standby link 6 23 status terms 6 24 STP 6 25 VLANs 6 25 learning bridge 5 1 leave group See IGMP legacy VLAN 9 49 link speed port trunk 6 10 link test 11 13 for troubleshooting 11 13 link serial 5 35 load balancing See port trunk loop network 6 10 9 102 9 10...

Page 381: ...onsole access 7 3 case sensitive 7 4 creating 4 7 delete 2 6 4 9 7 4 deleting with the Clear button 7 5 if you lose the password 4 9 7 5 incorrect 7 3 length 7 4 lost 4 9 manager 4 7 operator 4 7 set 2 6 setting 4 8 7 3 using to access browser and console 4 8 path cost 9 109 ping test 11 13 for troubleshooting 11 13 port 1000 Mbps full duplex only 6 3 address table 10 11 Address Table screen 9 72 ...

Page 382: ...w 6 11 STP 6 14 STP operation 6 13 traffic distribution 6 13 Trk1 6 13 trunk non protocol option 6 12 trunk option described 6 26 types 6 12 VLAN 6 14 9 71 VLAN operation 6 13 web browser access 6 22 port trunk group interface access 6 1 power interruption effect on event log 11 10 primary VLAN See VLAN prior to 7 23 7 25 7 27 priority 9 93 See spanning tree proprietary MIB 8 2 proxy web server 7 ...

Page 383: ...tistics 10 14 using with port trunking 6 14 VLAN effect on 9 70 stacking benefits 9 2 9 3 primary VLAN 9 45 standard MIB 8 2 starting a console session 2 3 static VLAN convert to 9 73 statistical sampling 8 1 statistics 2 6 10 2 statistics clear counters 2 11 C 8 status and counters access from console 2 6 status and counters menu 10 3 status overview screen 4 5 STP See spanning tree spanning tree...

Page 384: ... for browser or console access 4 7 4 9 using the passwords 4 8 utilization port 4 12 V value inconsistent 7 17 version OS A 4 A 6 VID See VLAN virtual stacking transmission interval range 9 15 9 16 VLAN 5 3 9 47 9 70 9 72 10 22 10 23 11 9 B 1 802 1Q 9 110 address 8 1 Bootp 5 11 configuring Bootp 5 11 convert dynamic to static 9 73 DEFAULT_ VLAN 9 50 deleting 9 72 device not seen 11 8 DHCP primary ...

Page 385: ... details 4 17 alert types 4 16 bandwidth adjustment 4 13 bar graph adjustment 4 13 disable access 4 1 enabling 4 4 error packets 4 12 features 1 4 first time install 4 6 first time tasks 4 6 main screen 4 11 overview 4 11 Overview window 4 11 password lost 4 9 password setting 4 8 port status 4 14 port utilization 4 12 port utilization and status displays 4 12 screen elements 4 11 security 4 1 4 7...

Page 386: ...10 Index Index ...

Page 387: ......

Page 388: ...Spain 34 93 477 4920 Fax 34 93 477 3774 UK 44 0 1188 748700 Fax 44 0 1189 748701 Southern Europe 33 1 41 18 68 68 Fax 33 1 41 18 68 69 Central Eastern Europe 49 0 89 92861 200 Fax 49 0 89 92861 230 Nordic 46 8 564 33145 Fax 46 8 87 62 62 Middle East 971 48818410 Fax 971 48817993 South Africa 27 0 11 3936491 Fax 27 0 11 3936491 PRC 86 10 6235 4958 Fax 86 10 6235 4962 Taiwan 886 2 2659 9669 Fax 886 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands