Stephen STES2026 Configuration Manual Manual Download

Page: 1 / 102

Stephen Technologies Co.,Limited

www.stephen-tele.com

STES2026 Layer 2 managed Ethernet Switch

Configuration Guide Manual

VER:1.0.1

Summary of Contents for STES2026

Page 1: ...Stephen Technologies Co Limited www stephen tele com STES2026 Layer 2 managed Ethernet Switch Configuration Guide Manual VER 1 0 1 ...

Page 2: ...nual is intended for the following readers Network engineers Network administrators Customers who are familiar with network fundamentals Conventions The manual uses the following conventions I General conventions Convention Description Arial Normal paragraphs are in Arial Arial Narrow Warnings Cautions Notes and Tips are in Arial Narrow Boldface Headings are in Boldface Courier New Terminal Displa...

Page 3: ...side square brackets For example pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder IV Keyboard operation Format Description Key Press the key with the key name inside angle brackets For example Enter Tab Backspace or A Key1 Key2 Press the keys concurrently For example Ctrl Alt A means the three keys should be pressed concurrently Key1 Key2...

Page 4: ...ymbols Eye catching symbols are also used in the manual to highlight the points worthy of special attention during the operation They are defined as follows Caution Means reader be extremely careful during the operation Note Means a complementary description ...

Page 5: ...teristics of Command Line 12 Chapter 4 Basic Configuration 14 4 1 Console Connection 14 4 2 Navigating the Web Browser Interface 14 4 3 Setting Console Baud Rate 16 4 4 Creating user and setting password 17 4 5 Setting system service 18 4 6 Setting system contact name location information for SNMP 19 4 7 Setting system management IP Address 20 4 8 Setting default gateway 21 4 9 Restore system to d...

Page 6: ...abled State 53 9 5 How a Switch or Port Becomes the Root Switch or Root Port 54 9 6 Spanning Tree and Redundant Connectivity 54 9 7 Spanning Tree Address Management 55 9 8 Accelerated Aging to Retain Connectivity 55 9 9 Configuring STP Features 56 9 9 2 Configure the Bridge Priority for a Switch 56 9 9 3 Configure the Time Parameters of a Switch 57 9 9 4 Configure Port Priority 60 9 9 5 Enable Dis...

Page 7: ...78 12 3 6 Setting RADIUS Packet Encryption Key 80 Chapter 13 SNMP Configuration 82 13 1 SNMP Overview 82 13 2 SNMP Versions and Supported MIB 82 13 3 Configure SNMP 84 13 3 1 Setting Community Name 84 13 3 2 Setting the Destination Address of Trap 85 13 3 3 Setting Trap Parameters 86 Chapter 14 IGMP Snooping Configuration 88 14 1 IGMP Snooping Overview 88 14 1 1 IGMP Snooping Principle 88 14 1 2 I...

Page 8: ...STP protocol Supports Spanning Tree Protocol STP Flow control Supports IEEE 802 3x flow control full duplex Supports back pressure based flow control half duplex Broadcast Suppression Supports Broadcast Suppression Multicast Supports Internet Group Management Protocol Snooping IGMP Snooping Link aggregation Supports link aggregation Features Implementation Mirror Supports the port based mirror Qua...

Page 9: ...enance Supports Command Line Interface configuration Supports Local and remote configuration through Telnet on Ethernet port Supports SNMP management SupportsRMON MIB Group 1 2 3 and 9 Supports PING Supports the remote maintenance via Telnet Loading and updating Supports to load and upgrade software via Xmodem ...

Page 10: ...a PC or a terminal to the Console port of the switch with the Console cable Figure 2 1 Setting up the local configuration environment via the Console port Step 2 Run terminal emulator such as Terminal on Windows 3X or the Hyper Terminal on Windows 9X on the Computer Set the terminal communication parameters as follows Set the baud rate to 9600 data bit to 8 parity check to none stop bit to 1 flow ...

Page 11: ...Stephen Technologies Co Limited www stephen tele com Figure 2 2 Setting up new connection Figure 2 3 Configuring the port for connection ...

Page 12: ...and to configure the switch or view the operation state Input a for an immediate help For details of specific commands refer to the following chapters 2 2 Setting up Configuration Environment through Telnet 2 2 1 Connecting a PC to the Switch through Telnet After you have correctly configured IP address for an switch via Console port you can telnet this switch and configure it Step 1 Authenticate ...

Page 13: ...t the IP address of the VLAN connected to the PC port Figure 2 6 Running Telnet Step 4 The terminal displays Login and prompts the user to input the logon user name and password After you input the correct user name and password it displays the command line prompt such as switch Step 5 Use the corresponding commands to configure the switch or to monitor the running state Enter to get the immediate...

Page 14: ...itch provides an embedded HTTP web agent Using a web browser you can configure the switch and view statistics to monitor network activity The web agent can be accessed by any computer on the network using a standard web browser Internet Explorer 5 0 or above or Netscape Navigator 6 2 or above To access the web browser interface you must first enter a user name and password The default user name is...

Page 15: ...ands such as Ping to fast troubleshoot the network Log in and manage other switch directly using the Telnet command Provide the function similar to Dos key to execute a history command The command line interpreter searches for target not fully matching the keywords It is ok for you to key in the whole keyword or part of it as long as it is unique and not ambiguous 3 2 Command Line configure mode T...

Page 16: ...interface provides the following online help modes Full help Partial help You can get the help information through these online help commands which are described as follows Input in any configure mode to get all the commands in it and corresponding descriptions switch clear Clear the screen config Config system s setting download Download file for software upgrade or load user config exit Exit cur...

Page 17: ...g port speed Set port speed state Set port state type Set port type 3 Input a command with a separated by a space If this position is for parameters all the parameters and their brief descriptions will be listed switch config port speed Set port speed state Set port state add Add a port vlan set Set a port vlan delete Delete vlan entry 4 Input a character string with a then all the commands with t...

Page 18: ... Q when the display pauses Stop displaying and executing command Press any key when the display pauses Continue to display the next screen of information Press Enter when the display pauses Continue to display the next line of information 3 3 3 History Command of Command Line Command line interface provides the function similar to that of DosKey The commands entered by users can be automatically s...

Page 19: ...es Causes Cannot find the command Cannot find the keyword Wrong parameter type Unrecognized command The value of the parameter exceeds the range Incomplete command The input command is incomplete Too many parameters Enter too many parameters Ambiguous command The parameters entered are not specific 3 3 5 Editing Characteristics of Command Line Command line interface provides the basic command edit...

Page 20: ...l P Down cursor key or Ctrl N Retrieve the history command Tab Press Tab after typing the incomplete key word and the system will execute the partial help If the key word matching the typed one is unique the system will replace the typed one with the complete key word and display it in a new line if there is not a matched key word or the matched key word is not unique the system will do no modific...

Page 21: ...d Exec level using the default user name and password perform these steps 1 To initiate your console connection press Enter The User Access Verification procedure starts 2 At the Login prompt enter admin 3 At the Password prompt direct press enter The default password not set 4 The session is opened and the CLI displays the switch prompt indicating you have access at the Normal Exec level 5 At the...

Page 22: ...en Technologies Co Limited www stephen tele com Figure 4 1 User Authentication Window On entering a valid password and user name WEB management interface will be presented to the user as shown in Figure 4 2 ...

Page 23: ...uld be used for choosing appropriate configuration screens It is organized into folders for configuration of different features supported by the switch The right side of the browser window shows the corresponding configuration screens 4 3 Setting Console Baud Rate I CLI configuration Beginning in privileged EXEC mode follow these steps to set console baud rate ...

Page 24: ...5 write Optional Save your entries in the configuration file II WEB configuration Click Switch Information Serial Configuration Select Baud Rate then click Apply 4 4 Creating user and setting password When you create new user the default user is deleted automatically Beginning in privileged EXEC mode follow these steps to create user and set password Command Purpose Step 1 config terminal Enter gl...

Page 25: ...ave your entries in the configuration file 4 5 Setting system service The system provide SNMP telnet and webserver services you can enable or disable these service Beginning in privileged EXEC mode follow these steps to set system service Command Purpose Step 1 config terminal Enter global configuration mode Step 2 service snmp enable disable Enabling disabling SNMP service Step 3 service telnet e...

Page 26: ...ation Command Purpose Step 1 config terminal Enter global configuration mode Step 2 system contact string Setting system contact information for SNMP Step 3 system name string Setting system name for SNMP Step 4 system location string Setting system location information for SNMP Step 5 exit Return to privileged EXEC mode Step 6 show system config Verify your entries Step 7 write Optional Save your...

Page 27: ...onfig terminal Enter global configuration mode Step 2 Ip address ip addrss mask Setting system management IP address By default the management IP address is 192 168 16 1 Step 3 exit Return to privileged EXEC mode Step 4 show ip address Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click Switch information Switch Configuration Specify IP ...

Page 28: ...ddress Command Purpose Step 1 config terminal Enter global configuration mode Step 2 gateway ip addrss Setting system management IP address Step 3 exit Return to privileged EXEC mode Step 4 show gateway Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click Switch information Switch Configuration Specify gateway Address then click Apply ...

Page 29: ...ion after that you must reboot the system I CLI configuration Beginning in privileged EXEC mode follow these steps to restore system to default configuration Command Purpose Step 1 remove Save your entries in the configuration file Step 2 reboot Reboot the system II WEB configuration Click Switch Information Switch Configuration Specify Reset reset factory default then click Apply ...

Page 30: ...Reboot system I CLI configuration Beginning in privileged EXEC mode follow these steps to restart the system Command Purpose Step 1 reboot Reboot the system II WEB configuration Click Switch Information Switch Configuration Specify Reset reset then click Apply ...

Page 31: ... duplex mode which need not configuring 5 2 Ethernet Port Configuration Ethernet port configuration includes Enabling disabling an Ethernet port Setting the duplex attribute for the Ethernet port Setting speed for the Ethernet port Setting the Ethernet port broadcast suppression ratio Setting port mirror Setting rate Limits 5 2 1 Enabling Disabling an Ethernet Port The following command can be use...

Page 32: ...tate then click Apply 5 2 2 Setting the Duplex Attribute and speed of the Ethernet Port To configure a port to send and receive data packets at the same time set it to full duplex To configure a port to either send or receive data packets at a time set it to half duplex If the port has been set to auto negotiation mode the local and peer ports will automatically negotiate about the duplex mode You...

Page 33: ...half duplex or auto negotiation mode The Gigabit electrical Ethernet port can operate in full duplex half duplex or auto negotiation mode When the port operates at 1000Mbps the duplex mode can be set to full full duplex or auto auto negotiation The optical 100M Gigabit Ethernet ports work in full duplex mode which need not configuring The port defaults the auto auto negotiation mode Note that the ...

Page 34: ...flow control function of the Ethernet port can be enabled or disabled through the following command I CLI configuration Beginning in privileged EXEC mode follow these steps to enable flow control for the Ethernet port Command Purpose Step 1 config terminal Enter global configuration mode Step 2 l2 control port port number flow control enable back pressure enable Enable Ethernet port flow control W...

Page 35: ...ck Apply 5 2 4 Setting the Ethernet Port Broadcast Suppression You can use the following commands to restrict the broadcast traffic Once the broadcas traffic exceeds the value set by the user the system will maintain an appropriate broadcas packet number by discarding the overflow traffic so as to suppress broadcas storm avoid suggestion and ensure the normal service The parameter is taken the max...

Page 36: ...Broadcast Suppression Step 3 exit Return to privileged EXEC mode Step 4 show control rate Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click Misc Settings Specify Broadcast Storm Filter Mode then click Apply 5 2 5 Setting Port Mirroring Port mirroring duplicates data on the monitored port to the designated monitoring port for purpose of...

Page 37: ...6 show mirror all Verify your entries Step 7 write Optional Save your entries in the configuration file To delete mirror source port use no mirror monitored port global configuration command To delete target port use no mirror analysis port global configuration command Note Monitor port speed should match or exceed source port speed otherwise traffic may be dropped from the monitor port All mirror...

Page 38: ...orts or trunks When an interface is configured with this feature the traffic rate will be monitored by the hardware to verify conformity Non conforming traffic is dropped conforming traffic is forwarded without any changes I CLI configuration Beginning in privileged EXEC mode follow these steps to set rate limits Command Purpose Step 1 config terminal Enter global configuration mode Step 2 traffic...

Page 39: ...Stephen Technologies Co Limited www stephen tele com Click Port Controls Select Port Specify Ingress Bandwidth and Egress Bandwidth then click Apply ...

Page 40: ... two devices You can create up to seven One switch can support up to seven aggregation groups with each group containing a maximum of four ports 6 2 Configuring a Link Aggregation When configuring Link aggregation you may not be able to link switches of different types depending on the manufacturer s implementation I CLI configuration Beginning in privileged EXEC mode follow these steps to configu...

Page 41: ... Limited www stephen tele com To delete a trunk use the channel group delete group number global configuration command II WEB configuration Click Channel Group Enter TrunkID Specify channel group port member then click Apply ...

Page 42: ...ds The workstations of a VLAN do not have to belong to the same physical LAN segment With VLAN technology the broadcast and unicast traffic within a VLAN will not be forwarded to other VLANs therefore it is very helpful in controlling network traffic saving device investment simplifying network management and improving security 7 2 Configuring VLAN VLAN configuration includes Selecting VLAN mode C...

Page 43: ...n to privileged EXEC mode Step 4 show vlan mode Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click VLAN Mode Specify Vlan Mode State then click Apply 7 2 2 Configuring 802 1Q VLAN Configuring 802 1Q VLAN include Creating deleting a VLAN Setting pvid range Setting VLAN port pvid Specifying or removing a VALN port You can use the followin...

Page 44: ... pvid range as same time pvid is only one of these value range Note If you change pvid range you must confirm the new pvid range include all VLAN ID of vlan existed Vlan port pvid port number pvid Setting VLAN port pvid vlan static set vid vid port list Modifying an exist VLAN Port list port number u m u indicate untag port m indicate tag port and indicate remove a port from the VLAN Step 3 exit R...

Page 45: ...Co Limited www stephen tele com Setting VLAN port pvid Click 802 1q based Vlan VLAN GVRP Port Select Port Specify PVID then click Apply 7 2 3 Configuring port VALN Configuring port VLAN include Creating deleting a port VLAN ...

Page 46: ...p 2 port vlan add vid vid port list Creating port VLAN Step 3 port vlan set vid vid port list Port list port number m m indicate the port is a VLAN member and indicate not a VLAN member Step 4 exit Return to privileged EXEC mode Step 5 show port vlan table Verify your entries Step 6 write Optional Save your entries in the configuration file To delete a port VLAN use the port vlan delete vid vid gl...

Page 47: ...onsiders that the packets destined at MAC_SOURCE can be forwarded via the port A If the MAC address table contains the MAC_SOURCE the switch will update the corresponding entry otherwise it will add the new MAC address and the corresponding forwarding port as a new entry to the table The system forwards the packets whose destination addresses can be found in the MAC address table directly through ...

Page 48: ...e However this function takes no effect on the static MAC addresses 8 2 MAC Address Table Configuration MAC address table management includes Set MAC Address Aging Time Set MAC binding Set MAC filter 8 2 1 Setting MAC Address Aging Time The setting of an appropriate aging time can effectively implement the function of MAC address aging Too long or too short aging time set by subscribers will cause...

Page 49: ... table You can use the following commands to set the MAC address aging time for the system I CLI configuration Beginning in privileged EXEC mode follow these steps to set MAC aging time Command Purpose Step 1 config terminal Enter global configuration mode Step 2 fdb agingtime seconds Setting MAC aging time Seconds range is 300 to 765 By default seconds is 300 Step 3 exit Return to privileged EXEC...

Page 50: ...inding include Disabling learn MAC auto Add static MAC I CLI configuration Beginning in privileged EXEC mode follow these steps to disable MAC learning auto Command Purpose Step 1 config terminal Enter global configuration mode Step 2 fdb mac_learning disable port port number Disable Ethernet port MAC learning auto fdb add static mac address port port number vlanId vlan id Add static MAC entry Ste...

Page 51: ...ing MAC auto use the fdb mac_learning enable port port number global configuration command To delete static MAC use the fdb delete static mac address vlanId vlan id global configuration command II WEB configuration Disabling learn MAC auto Click Ports Controls Select Port Specify Learning state then click Apply Setting static MAC table Click Static Filter MAC Table Static MAC Table Specify MAC Add...

Page 52: ...ose Step 1 config terminal Enter global configuration mode Step 2 fdb add filter mac address vlanId vid Setting MAC filter Step 3 exit Return to privileged EXEC mode Step 4 show fdb filter Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click Static Filter MAC Table Filter MAC Table Specify MAC Address VID then click Apply ...

Page 53: ...Stephen Technologies Co Limited www stephen tele com ...

Page 54: ...ing tree topology Designated A forwarding port elected for every switched LAN segment Alternate A blocked port providing an alternate path to the root port in the spanning tree Backup A blocked port in a loopback configuration Switches that have ports with these assigned roles are called root or designated switches Spanning tree forces redundant data paths into a standby blocked state If a network...

Page 55: ...e sending switch Message age The identifier of the sending interface Values for the hello forward delay and max age protocol timers When a switch receives a configuration BPDU that contains superior information lower bridge ID lower path cost and so forth it stores the information for that port If this BPDU is received on the root port of the switch the switch also forwards it with an updated mess...

Page 56: ... the root port on a switch stack spanning tree follows this sequence Selects the lowest root bridge ID Selects the lowest path cost to the root switch Selects the lowest designated bridge ID Selects the lowest designated path cost Selects the lowest port ID Only one outgoing port on the root switch is selected as the root port The remaining switches in the stack become its designated switches Swit...

Page 57: ...eserved for the switch and a larger range of VLAN IDs can be supported all while maintaining the uniqueness of the bridge ID As shown in Table 9 1 the two bytes previously used for the switch priority are reallocated into a 4 bit priority value and a 12 bit extended system ID value equal to the VLAN ID Table 9 1 Switch Priority Value and Extended System ID Spanning tree uses the extended system ID...

Page 58: ...ch Layer 2 interface on a switch using spanning tree exists in one of these states Blocking The interface does not participate in frame forwarding Listening The first transitional state after the blocking state when the spanning tree decides that the interface should participate in frame forwarding Learning The interface prepares to participate in frame forwarding Forwarding The interface forwards...

Page 59: ...panning tree moves the interface to the forwarding state where both learning and frame forwarding are enabled 9 4 1 Blocking State A Layer 2 interface in the blocking state does not participate in frame forwarding After initialization a BPDU is sent to each switch interface A switch initially functions as the root until it exchanges BPDUs with other switches This exchange establishes which switch ...

Page 60: ...resses Receives BPDUs 9 4 4 Forwarding State A Layer 2 interface in the forwarding state forwards frames The interface enters the forwarding state from the learning state An interface in the forwarding state performs these functions Receives and forwards frames received on the interface Forwards frames switched from another interface Learns addresses Receives BPDUs 9 4 5 Disabled State A Layer 2 i...

Page 61: ...Tree Topology When the spanning tree topology is calculated based on default parameters the path between source and destination end stations in a switched network might not be ideal For instance connecting higher speed links to an interface that has a higher number than the root port can cause a root port change The goal is to make the fastest link the root port For example assume that one port on...

Page 62: ...00010 to be used by different bridge protocols These addresses are static addresses that cannot be removed Regardless of the spanning tree state each switch in the stack receives but does not forward packets destined for addresses between 0x0180C2000000 and 0x0180C200000F If spanning tree is enabled the CPU on each switch in the stack receives packets destined for 0x0180C2000000 and 0x0180C2000010...

Page 63: ...ort Enable disable STP on the device Enable disable STP on a port 9 9 2 Configure the Bridge Priority for a Switch Whether a switch can be elected as the spanning tree root depends on its Bridge priority The switch configured with a smaller Bridge priority is more likely to become the root I CLI configuration Beginning in privileged EXEC mode follow these steps to configure the Bridge priority for...

Page 64: ...iguration Click Spanning Tree Spanning Tree Bridge Parameters Specify Priority then click Apply 9 9 3 Configure the Time Parameters of a Switch The switch has three time parameters Forward Delay Hello Time and Max Age Forward Delay is the switch state transition mechanism The spanning tree will be recalculated upon link faults and its structure will change accordingly However the configuration BPD...

Page 65: ...igure the Bridge priority for a switch Command Purpose Step 1 config terminal Enter global configuration mode Step 2 spanning tree bridge forward centiseconds Configure Forward Delay on the switch For forward delay the range is 400 to 3000 the default is 1500 Step 3 spanning tree bridge hellotime centiseconds Configure Hello Time on the switch For hello time the range is 100 to 1000 the default is...

Page 66: ...se the network device frequently calculate the spanning tree and mistake the congestion as link fault However if the Max Age is too long the network device may not be able to discover the link fault and recalculate the spanning tree in time which will weaken the auto adaptation capacity of the network The default value is recommended To avoid frequent network flapping the values of Hello Time Forw...

Page 67: ...y value spanning tree puts the interface with the lowest interface number in the forwarding state and blocks the other interfaces I CLI configuration Beginning in privileged EXEC mode follow these steps to configure the port priority Command Purpose Step 1 config terminal Enter global configuration mode Step 2 spanning tree port port number priority priority Configure port priority For priority th...

Page 68: ...CLI configuration Beginning in privileged EXEC mode follow these steps to enable stp on the device Command Purpose Step 1 config terminal Enter global configuration mode Step 2 system span enable Enable STP on a device Step 3 exit Return to privileged EXEC mode Step 4 show system config Verify your entries Step 5 write Optional Save your entries in the configuration file To disable STP on a device...

Page 69: ... may disable STP on some Ethernet ports of a switch to spare them from spanning tree calculation This is a measure to flexibly control STP operation and save the CPU resources of the switch I CLI configuration Beginning in privileged EXEC mode follow these steps to enable stp on a port Command Purpose Step 1 config terminal Enter global configuration mode Step 2 spanning tree port port number enab...

Page 70: ...ort number disable global configuration command Note that redundant route may be generated after STP is disabled By default STP is enabled on all the ports after it is enabled on the device II WEB configuration Click Spanning Tree Spanning Tree Port Parameters Select Port Specify Enable then click Apply ...

Page 71: ...e will be transmitted before those in the lower priority queues You can set the priority for each interface and configure the mapping of frame priority tags to the switch s priority queues 10 1 Enabling disabling queues service The following command can be used to enable disable queues service I WEB configuration Click Switch Information Switch Configuration Specify Traffic Classes state then clic...

Page 72: ...figuration Beginning in privileged EXEC mode follow these steps to set the Queue mode Command Purpose Step 1 config terminal Enter global configuration mode Step 2 traffic policy running mode strict priority weight round ratio high weight high weight low weight low weight fcfs queue Setting the Queue running mode Step 3 exit Return to privileged EXEC mode Step 4 show traffic policy all Verify your...

Page 73: ...Stephen Technologies Co Limited www stephen tele com ...

Page 74: ...However in telecom access commercial LAN a typical example is the LAN in the office building and mobile office etc the LAN providers generally hope to control the user s access In these cases the requirement on the above mentioned Port Based Network Access Control originates As the name implies Port Based Network Access Control means to authenticate and control all the accessed devices on the port...

Page 75: ...mation through EAP Extensible Authentication Protocol frames The Supplicant and the Authenticator exchange information through the EAPoL Extensible Authentication Protocol over LANs frame defined by IEEE 802 1x Authentication data are encapsulated in the EAP frame which is to be encapsulated in the packets of other AAA upper layer protocols e g RADIUS so as to go through the complicated network to...

Page 76: ... Authentication Server System The EAPoL Encapsulated ASF Alert is related to the network management information and terminated by the Authenticator 802 1x provides an implementation solution of user ID authentication However 802 1x itself is not enough to implement the scheme The administrator of the access device should configure RADIUS or local authentication so as to assist 802 1x to implement ...

Page 77: ...config terminal Enter global configuration mode Step 2 dot1x system auth control enable Enable 802 1x Step 3 exit Return to privileged EXEC mode Step 4 show dot1x system auth control Verify your entries Step 5 write Optional Save your entries in the configuration file To disable 802 1x use dot1x system auth control disable global configuration command II WEB configuration Click 802 1x Authenticati...

Page 78: ...Purpose Step 1 config terminal Enter global configuration mode Step 2 dot1x ports port list Set port authentication state Port list format is port number m m indicate member indicate not a member Step 3 exit Return to privileged EXEC mode Step 4 show dot1x ports Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click 802 1x Authentication 80...

Page 79: ... to set maximum number of users via each port I CLI configuration Command Purpose Step 1 config terminal Enter global configuration mode Step 2 dot1x multiple host num number Set maximum number of users via each port Number range is 1 to 256 Step 3 exit Return to privileged EXEC mode Step 4 show dot1x ports Verify your entries Step 5 write Optional Save your entries in the configuration file II WE...

Page 80: ...server has a user database recording all the information of user authentication and network service access When receiving user s request from NAS RADIUS server performs AAA through user database query and update and returns the configuration information and accounting data to NAS Here NAS controls supplicant and corresponding connections while RADIUS protocol regulates how to transmit configuratio...

Page 81: ...US protocol configuration includes Enable disable radius client service Setting radius client ip address Setting a real time accounting interval Setting IP Address of RADIUS Server Setting Port Number of RADIUS Server Setting RADIUS packet encryption key 12 3 1 Enable disable radius client service I CLI configuration Beginning in privileged EXEC mode follow these steps to enable radius client serv...

Page 82: ...p address I CLI configuration Beginning in privileged EXEC mode follow these steps to setting radius client ip address Command Purpose Step 1 config terminal Enter global configuration mode Step 2 radiusclient ipaddress ip address Setting radius client ip address Ip address is vlan interface ip address Step 3 exit Return to privileged EXEC mode Step 4 show radiusclient ipaddress Verify your entrie...

Page 83: ...nd to set a real time accounting interval I CLI configuration Beginning in privileged EXEC mode follow these steps to setting a real time accounting interval Command Purpose Step 1 config terminal Enter global configuration mode Step 2 radiusclient accounting interval minutes Setting a real time accounting interval Minutes must be same as radius server setting When minutes is set to 0 the radius c...

Page 84: ...g servers You can use the following commands to configure the IP address for RADIUS servers I CLI configuration Beginning in privileged EXEC mode follow these steps to setting ip address for radius server Command Purpose Step 1 config terminal Enter global configuration mode Step 2 radiusserver master_ipaddress ip address Setting ip address for master radius server Step 3 radiusserver slave_ipaddr...

Page 85: ...ntication authorization and accounting servers are 0 0 0 0 II WEB configuration Click 802 1x Authentication Radius Server Specify Master Server address and Slave Radius Server address then click Apply 12 3 5 Setting Port of RADIUS Server Set port for the RADIUS servers including primary second authentication authorization servers and accounting servers You can use the following commands to configu...

Page 86: ...aster radius server Step 3 radiusserver slave_port authentication port account port optional Setting port for slave radius server Step 4 show radiusserver master_port Verify your entries Step 5 show radiusserver slave_port Verify your entries Step 6 write Optional Save your entries in the configuration file II WEB configuration Click 802 1x Authentication Radius Server Specify Master Server Authen...

Page 87: ...ds to accept the packets from each other end and give response You can use the following commands to set the encryption key for RADIUS packets II WEB configuration Beginning in privileged EXEC mode follow these steps to setting radius packet encryption key Command Purpose Step 1 config terminal Enter global configuration mode Step 2 radiusserver master_key string Setting encryption key for master ...

Page 88: ...e_key Verify your entries Step 6 write Optional Save your entries in the configuration file By default the keys of RADIUS authentication authorization and accounting packets are all test II WEB configuration Click 802 1x Authentication Radius Server Specify Master Server Authenticate key and Slave Server Authenticate key then click Apply ...

Page 89: ...two parts namely Network Management Station and Agent Network Management Station is the workstation for running the client program At present the commonly used NM platforms include Sun NetManager and IBM NetView Agent is the server software operated on network devices Network Management Station can send GetRequest GetNextRequest and SetRequest messages to the Agent Upon receiving the requests from...

Page 90: ...aged object B can be uniquely specified by a string of numbers 1 2 1 1 The number string is the Object Identifier of the managed object The current SNMP Agent of Ethernet switch supports SNMP V1 V2C and V3 The MIBs supported are listed in the following table Table 13 1 MIBs supported by the Ethernet Switch MIB attribute MIB content References Public MIB MIB II based on TCP IP network device RFC121...

Page 91: ... can only query the device information whereas the community with read write authority can also configure the device I CLI configuration Beginning in privileged EXEC mode follow these steps to set Community Name Command Purpose Step 1 config terminal Enter global configuration mode Step 2 snmp community set index string read only read write Set community string Index range is 1 to 8 Step 3 exit Re...

Page 92: ...Trap Command Purpose Step 1 config terminal Enter global configuration mode Step 2 snmp traps host host number hostaddr ip address port udp port Set the destination address of trap Host number range is 1 to 3 Step 3 exit Return to privileged EXEC mode Step 4 show snmp traps Verify your entries Step 5 write Optional Save your entries in the configuration file II WEB configuration Click SNMP Managem...

Page 93: ...steps to set trap parameters Command Purpose Step 1 config terminal Enter global configuration mode Step 2 snmp traps parameters index mpmodel v1 v2c v3 securemodel v1 v2c usm securename string securelevel AuthNoPriv AuthPriv noAuthNoPriv Set trap parameters Step 3 exit Return to privileged EXEC mode Step 4 show snmp traps Verify your entries Step 5 write Optional Save your entries in the configur...

Page 94: ...Stephen Technologies Co Limited www stephen tele com II WEB configuration Click SNMP Management Trap Target Configuration Select Entry Specify MP Model Security Model Security Level then click Apply ...

Page 95: ...hernet switch uses IGMP Snooping to analyze the information carried in the IGMP messages If the switch hears IGMP host report message from an IGMP host it will add the host to the corresponding multicast table If the switch hears IGMP leave message from an IGMP host it will remove the host from the corresponding multicast table The switch continuously listens to the IGMP messages to create and mai...

Page 96: ... stephen tele com Figure 14 6 Multicast packet transmission without IGMP Snooping When IGMP Snooping runs the packets are not broadcast on Layer 2 See the following figure Figure 13 7 Multicast packet transmission when IGMP Snooping runs ...

Page 97: ...mber port aging time When a port joins an IP multicast group the aging timer of the port will begin timing The multicast group member port aging time is set on this aging timer If the switch has not received any IGMP report message before the timer times out it transmits IGMP specific query message to the port Maximum response time When the switch transmits IGMP specific query message to the multi...

Page 98: ...c group contains any member When received IGMP specific query message the switch only transmits the specific query message to the IP multicast group which is queried 3 IGMP report message Transmitted from the host to the multicast router and used for applying to a multicast group or responding to the IGMP query message When received the IGMP report message the switch checks if the MAC multicast gr...

Page 99: ... a leave message of an IP multicast group the Ethernet switch transmits the specific query message concerning that group to the port received the message in order to check if the host still has some other member of this group and meanwhile starts a maximum response timer If the switch has not receive any report message from the multicast group the port will be removed from the corresponding MAC mu...

Page 100: ...g Time of Multicast Group Member This task is to manually set the aging time of the multicast group member port If the switch receives no multicast group report message during the member port aging time it will transmit the specific query message to that port and starts a maximum response timer Beginning in privileged EXEC mode follow these steps to configure Aging Time of Multicast Group Member C...

Page 101: ...ements To implement IGMP Snooping on the switch first enable it The switch is connected with the router via the router port and with user PC through the non router ports II Networking diagram Figure 14 9 IGMP Snooping configuration networking III Configuration procedure Enable IGMP snooping on switch switch config system igmp snooping enable ...

Page 102: ...information provided by this document is believed to be accurate and reliable to the publication date of this document However Stephen Technologies Co LTD assumes no responsibility for any errors in this document Furthermore Stephen Technologies Co LTD assumes no responsibility for the use or misuse of the information in this document and for any patent infringements that may arise from the use of...

Search results

Summary of Contents for STES2026

Reviews:

Related manuals for STES2026

Brands by name

Popular brands

Stephen STES2026, Configuration Manual Manual

Search results

Summary of Contents for STES2026

Reviews:

Related manuals for STES2026

Brands by name

Popular brands