Allied Telesis AT-9724TS Скачать руководство пользователя страница 86 | Manualshive

Страница: 86 / 197

background image

Port-Based Network Access Control

Figure 6- 73. Example of Typical Port-Based Configuration

Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent traffic on the Port is not subject to access

control restriction until an event occurs that causes the Port to become Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment

with more than one attached device, successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the shared

segment. Clearly, the security offered in this situation is open to attack.

MAC-Based Network Access Control

Figure 6- 74. Example of Typical MAC-Based Configuration

In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that

required access to the LAN.The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct

logical Ports, each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state.The Switch learns each

attached devices’ individual MAC addresses, and effectively creates a logical Port that the attached device can then use to communicate with the LAN via the

Switch.

85

Allied Telesyn AT-9724TS High-Density Layer 3 Stackable Gigabit Ethernet Switch

AT-9724TS Switch

Uncontrolled Port

Controlled Port - port blocked

RADIUS
Server

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

AT-9724TS Switch

802.1X Client

802.1X Client

802.1X Client 802.1X Client

RADIUS
Server

Uncontrolled Port

Controlled Port - port blocked

«
...
84
85
86
87
88
...
»

Содержание AT-9724TS

Страница 1: ...arks or registered trademarks of their respective owners Allied Telesyn Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein is subject to change without notice In no event shall Allied Telesyn Inc be liable for any incidental special indirect or consequential damages whatsoever includ...

Страница 2: ...pement Lorsque vous voyez le symbole reportez vous à l annexe A pour consulter la traduction de ces instructions dans votre langue Tärkeää Liite B sisältää tämän laitteen asentamiseen liittyvät käännetyt turvaohjeet Kun näet symbolin katso käännettyä turvaohjetta liitteestä A Importante l Appendice B contiene avvisi di sicurezza tradotti per l installazione di questa apparecchiatura Il simbolo ind...

Страница 3: ...y 19 Introduction To Switch Management 20 AT 9724TS Gigabit Layer 3 Switch Management Options 20 Web based Management Interface 20 SNMP Based Management 20 Command Line Console Interface Through The Serial Port 20 Connecting the Console Port RS 232 DCE 20 First Time Connecting to The Switch 21 Password Protection 22 SNMP Settings 22 Traps 23 MIBs 23 IP Address Assignment 23 Connecting Devices to t...

Страница 4: ... 85 Configure Authenticator 86 Local Users 87 PAE System Control 88 Port Capability Settings 88 Initializing Ports for Port Based 802 1x 89 Initializing Ports for MAC Based 802 1x 90 Reauthenticate Port s for Port Based 802 1x 90 Reauthenticate Port s for MAC Based 802 1x 91 RADIUS Server 92 Layer 3 IP Networking 93 Layer 3 Global Advanced Settings 93 Setting Up IP Interfaces 93 MD5 Key Table Conf...

Страница 5: ...0 IGMP Snooping Forwarding 170 Browse Router Port 171 Port Access Control 171 Authenticator State 171 Authenticator Statistics 172 Authenticator Session Statistics 174 Authenticator Diagnostics 175 RADIUS Authentication 176 RADIUS Accounting 177 Layer 3 Feature 178 Browse IP Address 178 Browse Routing Table 179 Browse ARP Table 179 Browse IP Multicast Forwarding Table 179 Browse IGMP Group Table 1...

Страница 6: ...cting devices to the switch Chapter 5 Introduction to Web based Switch Management Chapter 6 Configuring the Switch including accessing switch information setting up network configurations Chapter 7 Management security features user accounts access authentication control Chapter 8 SNMP Manager description of features and brief introduction Chapter 9 Monitoring Chapter 10 Maintenance switch utility ...

Страница 7: ...he File menu and choose Cancel Used for emphasis May also indicate system messages or prompts appearing on your screen For example You have mail Bold font is also used to represent filenames program names and commands For example use the copy command Typewriter Indicates commands and responses to prompts that must be typed exactly as printed in the manual Font Italics Indicates a window name or a ...

Страница 8: ...38 888 Support Fax Number 420 296 538 889 Support e mail Address Czech_support alliedtelesyn com Hungary Support Telephone number 36 1 382 6385 Support Fax number 36 1 382 6398 Support e mail Address Hungary_Helpdesk alliedtelesyn com Poland Support Telephone number 48 22 535 9670 Support Fax number 48 22 535 9671 Support e mail Address Polska_pomoc alliedtelesyn com Serbia Montenegro Macedonia Bo...

Страница 9: ...7 20152 Milano Tel 39 02 41304 1 Fax 39 02 41304 200 Italy East Tel 39 348 1522583 Tel Fax 39 049 8868175 Italy South Allied Telesyn International S r l Via Troilo il Grande 3 00131 Roma Tel 39 06 41294507 Fax 39 06 41404801 Turkey Allied Telesyn International 6 Cadde 61 2 Öveçler 06460 Ankara Tel 90 312 472 1054 55 Fax 90 312 472 1056 Germany South Allied Telesyn International GmbH Zeppelinstr 1 ...

Страница 10: ...f you have any comments or suggestions on how we might improve this or other Allied Telesyn documents please contact us at www alliedtelesyn com 9 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 11: ...tted with Gigabit Ethernet NIC s are able to perform 10 times the number of operations in the same amount of time In addition the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost effective method to take advantage of today and tomorrow s rapidly improving switching and routing internetworking technologies Switching Technology Another key development pushing the limits of Etherne...

Страница 12: ...compliant IEEE 802 3x Flow Control in full duplex compliant IEEE 802 3u compliant IEEE 802 3ab compliant IEEE 802 3ae compliant for optional XFP module IEEE 802 1p Priority Queues IEEE 802 3ad Link Aggregation Control Protocol support IEEE 802 1x Port based and MAC based Access Control IEEE 802 1QVLAN IEEE 802 1D Spanning Tree IEEE 802 1W Rapid Spanning Tree and IEEE 802 1s Multiple Spanning Tree ...

Страница 13: ...rminal or PC using a terminal emulation program Installing the SFP ports The Switch is equipped with four SFP Small Form Factor Portable ports which are to be used with fibre optical transceiver cabling in order to uplink various other networking devices for a gigabit link that may span great distances Figure 1 1 Inserting the fibre optic transceivers into the AT 9724TS 1 5 Front Panel Components ...

Страница 14: ...he port Stacking Ports SIO There are two LEDs in the front of the Switch marked SIO and they relate to the two 10 gigabit stacking ports at the rear of the Switch These LEDs are marked 1 and 2 and will light solid green to denote activity on the port while a blinking light will indicate a valid link Stack ID These two seven segment LEDs display the current switch stack order of the Switch while in...

Страница 15: ...etres 6 feet of the Switch Visually inspect the power cord and see that it is fully secured to the AC power port Make sure that there is proper heat dissipation from and adequate ventilation around the Switch Leave at least 10 cm 4 inches of space at the front and rear of the Switch for ventilation Install the Switch in a fairly cool and dry place for the acceptable temperature and humidity operat...

Страница 16: ...ounted in a standard 19 rack Use the following diagrams to guide you Fasten the mounting brackets to the Switch using the screws provided With the brackets attached securely you can mount the Switch in a standard rack as shown in Figure 2 2 15 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 17: ...nto the local power source outlet After the Switch is powered on the LED indicators will momentarily blink This blinking of the LED indicators represents a reset of the system 2 6 Power Failure As a precaution in the event of a power failure unplug the Switch When power is resumed plug the Switch back in 2 7 External Redundant Power System The Switch supports an external redundant power system Fig...

Страница 18: ...a twisted pair Category 3 4 or 5 UTP STP cable A 100TX hub or switch can be connected to the Switch via a twisted pair Category 5 UTP STP cable A 1000T switch can be connected to the Switch via a twisted pair Category 5e UTP STP cable A switch supporting a fibre optic uplink can be connected to the Switch s SFP ports via fibre optic cabling Figure 3 2 Switch connected to a port on a hub or switch ...

Страница 19: ...itch stack Figure 3 5 SIO 1 and SIO 2 Stacking ports at the rear of the AT 9724TS These two stacking ports named SIO 1 and SIO 2 can be used with other stacking switches for a scalable stacking solution of up to 288 ports in a ring topology These two stacking ports have corresponding LEDs at the front of the Switch labelled SIO 1 and SIO 2 will light solid green whenever the corresponding port is ...

Страница 20: ...improperly configured Switch stack can cause a broadcast storm Stacking Limitations Utilizing a Ring Topology There is a limit to the number of AT 9724TS Switches that can be stacked in a ring topology A maximum of 12 switches can be stacked Note All Switches must have the same firmware rev 19 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 21: ...complete access to all Switch management features 4 5 Connecting the Console Port RS 232 DCE The Switch provides an RS 232 serial port that enables a connection to a computer or terminal for monitoring and configuring the Switch This port is a female DB 9 connector implemented as a data terminal equipment DTE connection To use the console port you need the following equipment A terminal or a compu...

Страница 22: ...enu in you HyperTerminal window clicking on Properties in the drop down menu and then clicking the Settings tab This is where you will find the Emulation options If you still do not see anything try rebooting the Switch by disconnecting its power supply Once connected to the console the screen below will appear on your console screen This is where the user will enter commands to perform all the av...

Страница 23: ...anager AT 9724TS 4 create account admin newmanager Command create account admin newmanager Enter a case sensitive new password Enter the new password again for confirmation Success AT 9724TS 4 m Caution CLI configuration commands only modify the running configuration file and are not saved when the Switch is rebooted To save all your configuration changes in nonvolatile storage you must use the sa...

Страница 24: ...ious as a reboot someone accidentally turned OFF the Switch or less serious like a port status change The Switch generates traps and sends them to the trap recipient or network manager Typical traps include trap messages for Authentication Failure Topology Change and Broadcast Multicast Storm MIBs Management and counter information are stored by the Switch in the Management Information Base MIB Th...

Страница 25: ...0 0 The system message Success indicates that the command was executed successfully The Switch can now be configured and managed viaTelnet and the CLI or via the Web based management 4 10 Connecting Devices to the Switch After you assign IP addresses to the Switch you can connect devices to the Switch To connect a device to an SFP transceiver port Use your cabling requirements to select an appropr...

Страница 26: ... with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to access the same internal switching software and configure it Thus all settings encountered in web based management are the same as those found in the console program 5 2 Login to Web Manager To begin managing your Switch simply run the browser you have installed on your...

Страница 27: ...them Click the Allied Telesyn logo to go to the Allied Telesyn website 2 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules showing port activity duplex mode or flow control depending on the specified mode Various areas of the graphic can be selected for performing management functions including port configuration ...

Страница 28: ...onitoring Contains screens concerning monitoring the Switch pertaining to Port Utilization CPU Utilization Packets Errors Size MAC Address IGMP Snooping Group IGMP Snooping Forwarding VLAN Status Router Port Port Access Control and Layer 3 Feature Maintenance Contains screens concerning configurations and information about Switch maintenance including TFTP Services CF Services Dual Image Informati...

Страница 29: ... as changing IP settings and assigning user names and passwords for management access privileges as well as how to save the changes and restart the Switch Click the Switch Information link in the Configuration menu Figure 6 1 Switch Information Basic Settings window The Switch Information window shows the Switch s MAC Address assigned by the factory and unchangeable the Boot PROM Firmware Version ...

Страница 30: ...IP From Manual pull down menu to choose from BOOTP or DHCP This selects how the Switch will be assigned an IP address on the next reboot The IP Address Settings options are Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered up The BOOTP protocol allows IP addresses network masks and default gateways to be assigned by a central BOOTP server If this opt...

Страница 31: ...case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy yyy Where the x s represent the IP address to be assigned to the IP interface named System and the y s represent the corresp...

Страница 32: ...you will lose the ability to configure the system through the web interface as soon as these settings are applied RMON Status Remote monitoring RMON of the Switch is Enabled or Disabled here Link Aggregation Algorithm The algorithm that the Switch uses to balance the load across the ports that make up the port trunk group is defined by this definition Choose MAC Source MAC Destination MAC Src Dest...

Страница 33: ...itoring folder under Stack Information 6 4 Port Configuration This section contains information for configuring various attributes and properties for individual physical ports including port speed and address learning Clicking on Port Configurations in the Configuration menu will display the following window for the user Figure 6 5 Port Configuration and The Port Information Table window To config...

Страница 34: ... local source The slave setting 1000M Full_S uses loop timing where the timing comes form a data stream received from the master If one connection is set for 1000M Full_M the other side of the connection must be set for 1000M Full_S Any other configuration will result in a link down status for both ports Flow Control Displays the flow control scheme used for the various port configurations Ports c...

Страница 35: ... problems The port you are copying frames from should always support an equal or lower speed than the port to which you are sending the copies Also the target port for the mirroring cannot be a member of a trunk group Please note a target port and a source port cannot be the same port 6 7 Link Aggregation Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports toget...

Страница 36: ...uration options including theVLAN configuration that can be applied to the Master Port are applied to the entire link aggregation group Load balancing is automatically applied to the ports in the aggregated group and a link failure within the group causes the network traffic to be directed to the remaining links in the group The Spanning Tree Protocol will treat a link aggregation group as a singl...

Страница 37: ...port to allow transmission of broadcasts and unknown unicasts Active Port Shows the port that is currently forwarding packets Type This pull down menu allows you to select between Static and LACP Link Aggregation Control Protocol LACP allows for the automatic detection of links in a Port Trunking Group After setting the previous parameters click Apply to allow your changes to be implemented Succes...

Страница 38: ...meters click Apply to allow your changes to be implemented The LACP Port Table shows which ports are active and or passive 6 9 MAC Notification MAC Notification is used to monitor MAC addresses learned and entered into the forwarding database MAC Notification Global Settings To globally set MAC notification on the Switch open the following screen by opening the MAC Notification folder and clicking...

Страница 39: ... to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a subnetwork one router is elected as the querier This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine i...

Страница 40: ...up address 224 0 0 1 periodically to see whether any group members exist on their subnetworks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other subnetworks IGMP version 2 introduces some enhancements such as a method to elect a ...

Страница 41: ...heVLAN Name entry you want to change Use the Current IGMP Snooping Group Entries window to view IGMP Snooping settings To modify settings click the Modify button for theVLAN ID you want to change Figure 6 17 Current IGMP Snooping Group Entries Clicking the Modify button will open the IGMP Snooping Settings menu shown below Figure 6 18 IGMP Snooping Settings window The following parameters may be v...

Страница 42: ...elect Enabled to implement IGMP Snooping This field is Disabled by default Click Apply to implement the new settings Click the Show All IGMP Group Entries link to return to the Current IGMP Snooping Group Entries window Static Router Ports A static router port is a port that has a multicast router attached to it Generally this router would have a connection to a WAN or to the Internet Establishing...

Страница 43: ...ill also tag BDPU packets so receiving devices can distinguish spanning tree instances spanning tree regions and theVLANs associated with them These instances will be classified by an MSTI ID MSTP will connect multiple spanning trees with a Common and Internal Spanning Tree CIST The CIST will automatically determine each MSTP region its maximum possible extent and will appear as one virtual bridge...

Страница 44: ...this absence of immediate feedback from adjacent bridges 802 1d MSTP 802 1w RSTP 802 1d STP Forwarding Learning Discarding Discarding Disabled No No Discarding Discarding Blocking No No Discarding Discarding Listening No No Learning Learning Learning No Yes Forwarding Forwarding Forwarding Yes Yes Table 6 2 Comparing Port States RSTP is capable of a more rapid transition to a forwarding state it n...

Страница 45: ...Settings STP compatible Figure 6 22 STP Bridge Global Settings RSTP default Figure 6 23 STP Bridge Global Settings The following parameters can be set 44 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 46: ...is 20 Forward Delay 4 30 sec The Forward Delay can be from 4 to 30 seconds Any port on the Switch spends this time in the listening state while moving from the blocking state to the forwarding state Max Hops 1 20 Used to set the number of hops between devices in a spanning tree region before the BPDU bridge protocol data unit packet sent by the Switch will be discarded Each switch on the hop count...

Страница 47: ...orresponding 8 under the Delete heading in the Current MST Configuration Identification window Clicking the Add button will reveal the following window to configure Figure 6 25 Instance ID Settings window Add The user may configure the following parameters to create a MSTI in the Switch Parameter Description MSTI ID Enter a number between 1 and 15 to set a new MSTI on the Switch Type Create is sel...

Страница 48: ...tion Figure 6 27 Instance ID Settings window modify The user may configure the following parameters for a MSTI on the Switch Parameter Description MSTI ID Displays the MSTI ID previously set by the user Type This field allows the user to choose a desired method for altering the MSTI settings The user has 4 choices AddVID Select this parameter to addVIDs to the MSTI ID in conjunction with theVID Li...

Страница 49: ...ID which will reveal the following window Figure 6 29 MSTI Settings window Parameter Description Instance ID Displays the MSTI ID of the instance being configured An entry of 0 in this field denotes the CIST default MSTI Internal cost 0 Auto This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP instance The default ...

Страница 50: ...iguration set on the Switch Instance Status Displays the current status of the corresponding MSTI ID Instance Priority Displays the priority of the corresponding MSTI ID The lowest priority will be the root bridge Priority Click the Modify button to change the priority of the MSTI This will open the Instance ID Settings window to configure The Type field in this window will be permanently set to S...

Страница 51: ... this parameter with a value in the range of 1 2000000 will set the quickest route when a loop occurs A lower Internal cost represents a quicker transmission Designated Bridge This field will show the priority and MAC address of the Designated Bridge The information shown in this table comes from a BPDU packet originating from this bridge Root Port This is the port on the Switch that is physically...

Страница 52: ... group that is elected based on port priority and port cost to be the connection to the network for the group Redundant links will be blocked just as redundant links are blocked on the switch level The STP on the switch level blocks redundant links between switches and similar network devices The port level STP will block redundant links within an STP Group It is advisable to define an STP Group t...

Страница 53: ...ses edge port status Choosing the false parameter indicates that the port does not have edge port status P2P Choosing the True parameter indicates a point to point P2P shared link P2P ports are similar to edge ports however they are restricted in that a P2P port must operate in full duplex Like edge ports P2P ports transition to a forwarding state rapidly thus benefiting from RSTP A p2p value of f...

Страница 54: ...Switch in the switch stack to be modified VID TheVLAN ID of theVLAN the corresponding MAC address belongs to Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Allows the selection of ports that will be members of the static multicast group The options are None No restrictions on the port dynamically joining the multicast group...

Страница 55: ...rk into different broadcast domains so that packets are forwarded only between ports within theVLAN Typically aVLAN corresponds to a particular subnet although not necessarily VLANs can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains AVLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently co...

Страница 56: ...e of 0x8100 in the EtherType field When a packet s EtherType field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits ofVLAN ID VID The 3 bits of user pr...

Страница 57: ...n IEEE 802 1Q Tag 56 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch Octets 0 1 2 3 IEEE 802 1Q Tag Destination Address 6 Octets Cyclic Redundancy Check 4 Octets VLAN ID VID Source Address 6 Octets Ether Type 0x8100 Tag Control Information MAC Length Type Beginning of Data CFI User Priority 3 bits 1 bit 12 bits 4 Adding an IEEE 802 1 Tag Length EType Dest Src Data Ol...

Страница 58: ...riority and otherVLAN information into the header of all packets that flow into and out of it If a packet has previously been tagged the port will not alter the packet thus keeping theVLAN information intact TheVLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions Ports with untagging enabled will strip the 802 1Q tag from...

Страница 59: ...at is ports can belong to more than oneVLAN group For example settingVLAN 1 members to ports 1 2 3 and 4 andVLAN 2 members to ports 1 5 6 and 7 Port 1 belongs to two VLAN groups Ports 8 9 and 10 are not configured to anyVLAN group This means ports 8 9 and 10 are in the sameVLAN group VLAN and Trunk Groups The members of a trunk group have the sameVLAN setting AnyVLAN setting on the members of a tr...

Страница 60: ...In configuring the user defined protocol the administrator must make sure that the pre defined user type header does not match any other type header A match may cause discrepancies within the local network and failure to define theVLAN to forward packets to Static VLAN Entry In the Configuration folder open the VLAN folder and click the Static VLAN Entry link to open the following window Figure 6 ...

Страница 61: ... new menu Figure 6 41 802 1Q StaticVLANs Add To return to the Current 802 1Q Static VLANs Entries window click the Show All StaticVLAN Entries link To change an existing 802 1QVLAN entry click the Modify button of the corresponding entry you wish to modify A new menu will appear to configure the port settings and to assign a unique name and number to the newVLAN See the table below for a descripti...

Страница 62: ... by Novell and the Sub Network Access Protocol SNAP ipxEthernet2 Using this parameter will instruct the Switch to forward packets to thisVLAN if the tag in the packet header is concurrent with this protocol This packet header information is defined by the Ethernet Protocol AppleTalk Using this parameter will instruct the Switch to forward packets to thisVLAN if the tag in the packet header is conc...

Страница 63: ...he box will designate the port as Tagged None Allows an individual port to be specified as a non VLAN member Egress Select this to specify the port as a static member of theVLAN Egress member ports are ports that will be transmitting traffic for theVLAN These ports can be either tagged or untagged Forbidden Select this to specify the port as not being a member of theVLAN and that the port is forbi...

Страница 64: ...rt which may be manually assigned to aVLAN when created in the 802 1Q StaticVLANs table The Switch s default is to assign all ports to the defaultVLAN with aVID of 1 The PVID is used by the port to tag outgoing untagged packets and to make filtering decisions about incoming packets If the port is specified to accept only tagged frames as tagging and an untagged packet is forwarded to the port for ...

Страница 65: ...current source MAC addresses entered into the MAC address forwarding table can not be changed once the port lock is enabled The port can be locked by using the Admin State pull down menu to Enabled and clicking Apply Port Security is a security feature that prevents unauthorized computers with source MAC addresses unknown to the Switch prior to locking the port or ports from connecting to the Swit...

Страница 66: ... address to be deleted Click the Next button to view the next page of entries listed in this table This window displays the following information Parameter Description VID TheVLAN ID of the entry in the forwarding database table that has been permanently learned by the Switch VLAN NAME TheVLAN Name of the entry in the forwarding database table that has been permanently learned by the Switch MAC Ad...

Страница 67: ...kets for this tag acquires the tagged packets and maps them to a class queue on the Switch Then in turn the administrator will set a priority for this queue so that will be emptied before any other packet is forwarded This results in the end user receiving all packets sent as quickly as possible thus prioritizing the queue and allowing for an uninterrupted stream of packets which optimizes the use...

Страница 68: ...ollowing section regarding classes of service will refer to only the seven classes of service that may be used and configured by the Switch s Administrator Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port In the Configuration folder click Bandwidth Control to view the screen shown below Figure 6 48 Bandw...

Страница 69: ...obin WRR algorithm to handle packets in an even distribution in priority queues Click Apply to let your changes take effect Output Scheduling QoS can be customized by changing the output scheduling used for the classes of service in the Switch As with any changes to QoS implementation careful consideration should be given to how network traffic in lower classes of service is affected Changes in sc...

Страница 70: ...ket field will follow a weighted round robin WRR method of forwarding packets as long as the priority classes of service with a 0 in their Max Packet field are empty When a packet arrives in a priority class with a 0 in its Max Packet field this class of service will automatically begin forwarding packets until it is empty Once a priority class of service with a 0 in its Max Packet field is empty ...

Страница 71: ... the highest priority To implement a new default priority choose the Switch of the Switch stack to be configured by using the Unit pull down menu choose a port range by using the From and To pull down menus and then insert a priority value from 0 7 in the Priority field Click Apply to implement your settings 802 1p User Priority The AT 9724TS allows the assignment of classes of service to each of ...

Страница 72: ...two parts First you specify a switch from a switch stack by using the Unit pull down menu and then a port from that switch using the Port pull down menu Then specify a second switch from the switch stack and then you select which ports or different ports on the same switch on that switch that you want to be able to receive packets from the switch and port you specified in the first part Clicking t...

Страница 73: ...Figure 6 56 System Log Servers window The parameters configured for adding and editing System Log Server settings are the same To add a new Syslog Server click the Add button To modify a current entry click the hyperlinked number of the server in the Index field Both actions will result in the same screen to configure See the table below for a description of the parameters in the following window ...

Страница 74: ...ation messages 5 messages generated internally by syslog line printer subsystem 7 network news subsystem 8 UUCP subsystem 9 clock daemon 10 security authorization messages 11 FTP daemon 12 NTP subsystem 13 log audit 14 log alert 15 clock daemon 16 local use 0 local0 17 local use 1 local1 18 local use 2 local2 19 local use 3 local3 20 local use 4 local4 21 local use 5 local5 22 local use 6 local6 2...

Страница 75: ... Enable or Disable SNTP SNTP Primary Server This is the IP address of the primary server the SNTP information will be taken from SNTP Secondary Server This is the IP address of the secondary server the SNTP information will be taken from SNTP Poll Interval in Seconds This is the interval in seconds between requests for updated SNTP information 30 99999 Current Time Set Current Time Year Enter the ...

Страница 76: ...t week of October From Which Day Enter the week of the month that DST will start From Day of Week Enter the day of the week that DST will start on From Month Enter the month DST will start on From Time in HH MM Enter the time of day that DST will start on To Which Day Enter the week of the month the DST will end To Day of Week Enter the day of the week that DST will end To Month Enter the month th...

Страница 77: ...s To display the currently configured Access Profiles on the Switch open the Configuration folder and click on the Access Profile Table link This will open the Access Profile Table page as shown below Figure 6 60 Access Profile Table To add an entry to the Access Profile Table click the Add button This will open the Access Profile Configuration page as shown below There are three Access Profile Co...

Страница 78: ... port number in this field The port list is specified by listing the lowest switch number and the beginning port number on that switch separated by a colon Then the highest switch number and the highest port number of the range also separated by a colon are specified The beginning and end of the port list range are separated by a dash For example 1 3 specifies switch number 1 port 3 2 4 specifies ...

Страница 79: ...ck acknowledgement psh push rst reset syn synchronize fin finish src port mask Specify a TCP port mask for the source port in hex form hex 0x0 0xffff which you wish to deny dest port mask Specify a TCP port mask for the destination port in hex form hex 0x0 0xffff which you wish to deny Select UDP to use the UDP port number contained in an incoming packet as the forwarding criterion Selecting UDP r...

Страница 80: ... packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 Port The user may set the Access Profile Table on a per port basis by entering an entry in this field Entering all will denote all ports on the Switch The port list is specified by listing the lowest switch...

Страница 81: ...nt to re write the 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and m...

Страница 82: ...owing screen Figure 6 67 Access Rule Table To remove a previously created rule select it and click the 8 button To add a new Access Rule click the Add button Figure 6 68 Access Rule Configuration window Ethernet To set the Access Rule for Ethernet adjust the following parameters and click Apply 81 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 83: ...ty field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS section of this manual VLAN Name Allows the entry of a name...

Страница 84: ...re forwarded by the Switch according to any additional rule added see below Select Deny to specify that packets that do not match the access profile are not forwarded by the Switch and will be filtered Access ID Type in a unique identifier number for this access This value can be set from 1 50 Type Selected profile based on Ethernet MAC Address IP address or Packet Content Mask Ethernet instructs ...

Страница 85: ...e in hex form to mask the packet from byte 16 to byte 31 value 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 value 48 63 Enter a value in hex form to mask the packet from byte 48 to byte 63 value 64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 To view the settings of a previously correctly configured rule click View in the Access Rule Table t...

Страница 86: ...dia LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL exchanges and authorization state The Switch learns e...

Страница 87: ...gs on a different switch in the switch stack use the Unit pull down menu to select that switch by its ID number in the switch stack To configure the settings by port click on the hyperlinked port number under the Port heading which will display the following table to configure Figure 6 76 802 1X Authenticator Settings Modify 86 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Etherne...

Страница 88: ... machine This value determines the period of an EAP Request Identity packet transmitted to the client The default setting is 30 seconds QuietPeriod This allows you to set the number of seconds that the Switch remains in the quiet state following a failed authentication exchange with the client The default setting is 60 seconds SuppTimeout This value determines timeout conditions in the exchanges b...

Страница 89: ... be configured in the From and To fields Next enable the ports by selecting Authenticator from the drop down menu under Capability Click Apply to let your change take effect Configure the following 802 1x capability settings Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified From and To Ports being configured for 802 1x settings Capability Two r...

Страница 90: ...lays the following information Parameter Description Unit Choose the Switch ID number of the Switch in the switch stack to be modified From and To Select ports to be initialized Port A read only field indicating a port on the Switch Auth PAE State The Authenticator PAE State will display one of the following Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuth Fo...

Страница 91: ...tialization click Apply Note The user must first globally enable 802 1X in the Advanced Settings window in the Configuration folder before initializing ports Information in the Initialize Ports Table cannot be viewed before enabling 802 1X Reauthenticate Port s for Port Based 802 1x This window allows you to reauthenticate a port or group of ports by choosing a port or group of ports by using the ...

Страница 92: ...nced Settings window in the Configuration folder before reauthenticating ports Information in the Reauthenticate Ports Table cannot be viewed before enabling 802 1X Reauthenticate Port s for MAC Based 802 1x To reauthenticate ports for the MAC side of 802 1x the user must first enable 802 1x by MAC address in the Advanced Settings window Click Port Access Entity PAE System Control Reauthenticate P...

Страница 93: ...llowing information Parameter Description Succession Choose the desired RADIUS server to configure First Second or Third RADIUS Server Set the RADIUS server IP Authentic Port Set the RADIUS authentic server s UDP port The default port is 1812 Accounting Port Set the RADIUS account server s UDP port The default port is 1813 Key Set the key the same as that of the RADIUS server Confirm Key Confirm t...

Страница 94: ...he user may globally set the maximum amount of time in minutes that an Address Resolution Protocol ARP entry can remain in the Switch s ARP table without being accessed before it is dropped from the table The value may be set in the range of 0 65535 minutes with a default setting of 20 minutes Setting Up IP Interfaces EachVLAN must be configured prior to setting up theVLAN s corresponding IP inter...

Страница 95: ... the Setup IP Interface window To setup IP Interfaces on the Switch Go to the Configuration folder and click on the Layer 3 IP Networking folder and then click on the IP Interfaces Table link to open the following dialog box Figure 6 85 IP Interface Table window To setup a new IP interface click the Add button To edit an existing IP Interface entry click on an entry under the Interface Name headin...

Страница 96: ...erface as True or False True will set the interface as secondary and False will denote the interface as the primary interface of theVLAN entered above Secondary interfaces can only be configured if a primary interface is first configured State This field may be altered between Enabled and Disabled using the pull down menu This entry determines whether the interface will be active or not Link Statu...

Страница 97: ...l AT 9724TS switch is also redistributed Routing information source OSPF and the Static Route table Routing information will be redistributed to RIP The following table lists the allowed values for the routing metrics and the types or forms of the routing information that will be redistributed Route Source Metric Type OSPF 0 to 16 All Internal External ExtType1 ExtType2 Inter E1 Inter E2 RIP 0 to ...

Страница 98: ... table can be made using both MAC addresses and IP addresses Static IP forwarding is accomplished by the entry of an IP address into the Switch s Static IP Routing Table Figure 6 90 Static Default Route Settings window This window shows the following values Parameter Description IP Address The IP address of the Static Default Route Subnet Mask The corresponding Subnet Mask of the IP address entere...

Страница 99: ...e of the switch This table can be viewed by clicking Configuration Layer 3 IP Networking Route Preference Settings and it holds the list of possible routing protocols currently implemented on the Switch along with a Preference value which determines which routing protocol will be the most dependable to route packets Below is a list of the default route preferences set on the Switch Route Type Vali...

Страница 100: ... best path for routing packets The default value is 80 STATIC 1 999 Enter a value between 1 and 999 to set the route preference for Static The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets The default value is 60 OSPF Inter 1 999 Enter a value between 1 and 999 to set the route preference for OSPF Inter The lower the value the high...

Страница 101: ...their routing tables based upon RIP messages that active routers exchange Only routers can run RIP in the active mode Every 30 seconds a router running RIP broadcasts a routing update containing a set of pairs of network addresses and a distance represented by the number of hops or routers between the advertising router and the remote network So the vector is the network address and the distance i...

Страница 102: ... which version of RIP the packet was sent RIP 1 Message RIP is not limited to TCP IP Its address format can support up to 14 octets when using IP the remaining 10 octets must be zeros Other network protocol suites can be specified in the Family of Source Network field IP has a value of 2 This will determine how the address field is interpreted RIP specifies that the IP address 0 0 0 0 denotes a de...

Страница 103: ... Interface Settings link in the RIP folder The menu appears in table form listing settings for IP interfaces currently on the Switch To configure RIP settings for an individual interface click on the hyperlinked Interface Name To view the next page of RIP Interface Settings click the Next button Figure 6 96 RIP Interface Settings window Click the hyperlinked name of the interface you want to set u...

Страница 104: ...structured such that routing information changes in other areas will be introduced into the backbone and then propagated to the rest of the network When constructing a network to use OSPF it is generally advisable to begin with the backbone area 0 and work outward Link State Algorithm An OSPF router uses a link state algorithm to build a shortest path tree to all destinations known to the router T...

Страница 105: ...ugh Router C This higher cost route will not be included in the Router A s shortest path tree The resulting tree will look like this 104 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch 1 3 5 7 9 11 2 4 6 8 10 12 13 15 14 16 17 19 21 23 18 20 22 24 25 27 26 28 29 31 33 35 30 32 34 36 1 3 5 7 9 11 2 4 6 8 10 12 13 15 14 16 17 19 21 23 18 20 22 24 25 27 26 28 29 31 33 3...

Страница 106: ...ts There are a number of different types of link state packets four of which are illustrated below Router Link State Updates These describe a router s links to destinations within an area Summary Link State Updates Issued by Border Routers and describe links to networks outside the area but within the Autonomous System AS Network Link State Updates Issued by multi access areas that have more than ...

Страница 107: ...nnect the remote area to the backbone A virtual path is a logical path between two border routers that have a common area with one border router connected to the backbone Partitioning the Backbone OSPF also allows virtual links to be configured to connect the parts of the backbone that are discontinuous This is the equivalent to linking different area 0s together using a logical path between each ...

Страница 108: ...on whether one of the routers is a DR or a BDR or the link is a point to point or virtual link Exstart Exchange Start Routers establish the initial sequence number that is going to be used in the information exchange packets The sequence number insures that routers always get the most recent information One router will become the primary and the other will become secondary The primary router will ...

Страница 109: ... authentication scheme Hello Packet Hello packets are OSPF packet type 1 They are sent periodically on all interfaces including virtual links in order to establish and maintain neighbor relationships In addition Hello Packets are multicast on those physical networks having a multicast or broadcast capability enabling dynamic discovery of neighboring routers All routers connected to a common networ...

Страница 110: ...f there is no BDR Neighbor The Router IDs of each router from whom valid Hello packets have been seen within the Router Dead Interval on the network Database Description Packet Database Description packets are OSPF packet type 2 These packets are exchanged when an adjacency is being initialized They describe the contents of the topological database Multiple packets may be used to describe the data...

Страница 111: ... State Request packets are OSPF packet type 3 After exchanging Database Description packets with a neighboring router a router may find that parts of its topological database are out of date The Link State Request packet is used to request the pieces of the neighbor s database that are more up to date Multiple Link State Request packets may need to be used The sending of Link State Request packets...

Страница 112: ...cknowledgment packets If retransmission of certain advertisements is necessary the retransmitted advertisements are always carried by unicast Link State Update packets The format of the Link State Update packet is shown below Figure 6 104 Link State Update Packet The body of the Link State Update packet consists of a list of link state advertisements Each advertisement begins with a common 20 byte...

Страница 113: ...isement Formats There are five distinct types of link state advertisements Each link state advertisement begins with a standard 20 byte link state advertisement header Succeeding sections then diagram the separate link state advertisement types Each link state advertisement describes a piece of the OSPF routing domain Every router originates a router links advertisement In addition whenever the ro...

Страница 114: ...tisement The contents of this field depend on the advertisement s Link State Type Advertising Router The Router ID of the router that originated the Link State Advertisement For example in network links advertisements this field is set to the Router ID of the network s Designated Router Link State Sequence Number Detects old or duplicate link state advertisements Successive instances of a link sta...

Страница 115: ... connection to another router Connection to a transit network Connection to a stub network Virtual link Link ID Identifies the object that this router link connects to Value depends on the link s Type When connecting to an object that also originates a link state advertisement i e another router or a transit network the Link ID is equal to the neighboring advertisement s Link State ID This provide...

Страница 116: ...ric fields need not be specified in the network links advertisement The format of the Network Links Advertisement is shown below Figure 6 108 Network Link Advertisements Field Description Network Mask The IP address mask for the network Attached Router The Router Ids of each of the routers attached to the network Only those routers that are fully adjacent to the Designated Router DR are listed The...

Страница 117: ...costs in the router links advertisements Autonomous Systems External Link Advertisements Autonomous Systems AS link advertisements are Type 5 link state advertisements These advertisements are originated by AS boundary routers A separate advertisement is made for each destination known to the router that is external to the AS AS external link advertisements usually describe a particular external d...

Страница 118: ... Figure 6 111 OSPF Global Settings window The following parameters are used for general OSPF configuration Parameter Description OSPF Route ID A 32 bit number in the same format as an IP address xxx xxx xxx xxx that uniquely identifies the Switch in the OSPF domain It is common to assign the highest IP address assigned to the Switch router In this case it would be 10 53 13 189 but any unique 32 bi...

Страница 119: ...tifies the OSPF area in the OSPF domain Type This field can be toggled between Normal and Stub using the space bar When it is toggled to Stub additional fields appear Stub Import Summary LSA and Default Cost Stub Import Summary LSA Displays whether or not the selected Area will allow Summary Link State Advertisements Summary LSAs to be imported into the area from other areas Stub Default Cost Disp...

Страница 120: ...ed between None Simple and MD5 using the space bar This allows a choice of authorization schemes for OSPF packets that may be exchanged over the OSPF routing domain None specifies no authorization Simple uses a simple password to determine if the packets are from an authorized OSPF router When Simple is selected the Auth Key field allows the entry of a 8 character password that must be the same as...

Страница 121: ... 65535 Specify the interval between the transmission of OSPF Hello packets in seconds Enter a value between 1 and 65535 seconds The Hello Interval Dead Interval Authorization Type and Authorization Key should have identical settings for all routers on the same network Dead Interval 1 65535 Specify the length of time between receiving Hello packets from a neighbor router before the selected area de...

Страница 122: ...Configuration Add window Specify the OSPF aggregation settings and click the Apply button to add or change the settings The new settings will appear listed in the OSPF Area Aggregation Settings table To view the table click the Show All OSPF Aggregation Entries link to return to the previous window Configure the following settings for OSPF Area Aggregation Parameter Description Area ID Allows the ...

Страница 123: ...te Entries link to return to the previous window The following fields are configured for OSPF host route Parameter Description Host Address The IP address of the OSPF host Metric A value between 1 and 65535 that will be advertised for the route Area ID A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain DHCP BOOTP Relay The BOOTP h...

Страница 124: ...the Switch that will be connected directly to the DHCP BootP server using the following window Properly configured settings will be displayed in the BootP Relay Table at the bottom of the following window once the user clicks the Add button The user may add up to four Server IPs per IP interface on the Switch Entries may be deleted by clicking it s corresponding 8 Figure 6 123 DHCP BootP Relay Set...

Страница 125: ...eturns the address of the next DNS server the client should contact Each client must be able to contact at least one DNS server and each DNS server must be able to contact at least one root server The address of the machine that supplies domain name service is often supplied by a DHCP or BOOTP server or can be entered manually and configured into the operating system at startup Configuring DNS Rel...

Страница 126: ... assign a responsibility for a virtual router to one of theVRRP routers on the LAN When a virtual router fails the election protocol will select a virtual router with the highest priority to be the Master router on the LAN This retains the link and the connection is kept alive regardless of the point of failure To configureVRRP for virtual routers on the Switch an IP interface must be present on t...

Страница 127: ... virtual router SimpleText Password A Simple password has been selected to compareVRRP packets received by a virtual router for authentication IP Authentication Header An MD5 message digest algorithm has been selected to compareVRRP packets received by a virtual router for authentication VRID Displays the virtual router ID set by the user This will uniquely identify theVRRP Interface on the networ...

Страница 128: ... with all routers participating within the sameVRRP group The default setting is True Critical IP Address Enter the IP address of the physical device that will provide the most direct route to the Internet or other critical network connections from this virtual router This must be a real IP address of a real device on the network If the connection from the virtual router to this IP address fails t...

Страница 129: ...Initialize Master and Backup Admin State Displays the current state of the router Up will be displayed if the virtual router is enabled and Down if the virtual router is disabled Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increase the probability that this rou...

Страница 130: ... IGMP to be tuned for sub networks that are expected to lose a lot of packets A high value max 255 for the robustness variable will help compensate for lossy sub networks A low value min 2 should be used for less lossy sub networks The following fields can be set Parameter Description Interface Name Displays the name of the IP interface that is to be configured for IGMP This must be a previously c...

Страница 131: ...age If the message is not received on the shortest path back to the source the message is dropped Route cost is a relative number that is used by DVMRP to calculate which branches of a multicast delivery tree should be pruned The cost is relative to other costs assigned to other DVMRP routes throughout the network The higher the route cost the lower the probability that the current route will be c...

Страница 132: ... guarantee delivery of multicast packets not to reduce overhead The PIM DM multicast routing protocol is assumes that all downstream routers want to receive multicast messages and relies upon explicit prune messages from downstream routers to remove branches from the multicast delivery tree that do not contain multicast group members PIM DM has no explicit join messages It relies upon periodic flo...

Страница 133: ...ays the IP address for the IP interface named above Hello Interval 1 18724 This field allows an entry of between 1 and 18724 seconds and determines the interval between sending Hello packets to other routers on the network The default is 30 seconds Join Prune Interval 1 18724 This field allows an entry of between 1 and 18724 seconds This interval also determines the time interval the router uses t...

Страница 134: ...ions to manage the Switch If you choose to define one or more designated management stations only the chosen stations as defined by IP address will be allowed management privilege through the web manager or Telnet session To define a management station IP setting type in the IP address and click the Apply button 7 2 User Accounts Use the User Accounts Management window to control user privileges T...

Страница 135: ...f user privileges Admin and User Some menu selections available to users with Admin privileges may not be available to those with User privileges The following table summarizes the Admin and User privileges Management Admin User Configuration Yes Read Only Network Monitoring Yes Read Only Community Strings and Trap Stations Yes Read Only Update Firmware and Configuration Files Yes No System Utilit...

Страница 136: ...on configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TACACS and RADIUS protocols These built in Authentication Server Groups are used to authenticate users trying to access the Switch The users will set Authentication Server Hosts in a preferable order in the built in Authentication Server Groups and when a user tries to gain...

Страница 137: ...ration applications on the Switch The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console Command Line Interface application the Telnet application SSH and the WEB HTTP application Login Method List Using the pull down menu configure an application for normal login on the user level utilizing a previously configured method list The use...

Страница 138: ...nes listed click the add button revealing the following window to configure Figure 7 9 Authentication Server Group Table Add Settings window Enter a group name of up to 15 characters into the Group Name field and click Apply The entry should appear in the Authentication Server Group Settings window as shown in Figure 7 7 trinity Note The user must configure Authentication Server Hosts using the Au...

Страница 139: ...on IP Address The IP address of the remote server host the user wishes to add Protocol The protocol used by the server host The user may choose one of the following TACACS Enter this parameter if the server host utilizes the TACACS protocol XTACACS Enter this parameter if the server host utilizes the XTACACS protocol TACACS Enter this parameter if the server host utilizes the TACACS protocol RADIU...

Страница 140: ...local method is used the privilege level will be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a User privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admin window in which the user must enter a previously configured password set by the adminis...

Страница 141: ...on the Switch to gain administrator privileges on the Switch which is defined by the Administrator A maximum of eight 8 Enable Method Lists can be implemented on the Switch one of which is a default Enable Method List This default Enable Method List cannot be deleted but can be configured The sequence of methods implemented in this command will affect the authentication result For example if a use...

Страница 142: ...cacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server tacacs Adding this parameter will require the user to be authenticated using theTACACS protocol from a remote TACACS server server_group Adding a pre...

Страница 143: ...ivileges To gain access to administrator level privileges the user will open this window and will have to enter an authentication password Possible authentication methods for this function include TACACS XTACACS TACACS RADIUS user defined server groups local enable local account on the Switch or no authentication none Because XTACACS and TACACS do not support the enable function the user must crea...

Страница 144: ...SHA Secure Hash Algorithm These three parameters are uniquely assembled in four choices on the Switch to create a three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the ciphersuites available yet different ciphersuites will affect the security level and the performance of the secured connection The information inc...

Страница 145: ...ey on future connections with that particular host therefore speeding up the negotiation process The default setting is 600 seconds Ciphersuite RSA with RC4 128 MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm Use the pull down menu to enable or disable this ciphersuite This field is Enabled by default RSA with 3DES EDE CB...

Страница 146: ...Switch using a secure in band connection SSH Configuration The following window is used to configure and view settings for the SSH server and can be opened by clicking Security Management Secure Shell SSH SSH Configuration Figure 7 23 Current and New SSH Configuration Settings To configure the SSH server on the Switch modify the following parameters and click Apply Parameter Description SSH Server...

Страница 147: ... to enable or disable the Blowfish encryption algorithm with Cipher Block Chaining The default is Enabled AES128 CBC Use the pull down to enable or disable the Advanced Encryption Standard AES128 encryption algorithm with Cipher Block Chaining The default is Enabled AES192 CBC Use the pull down to enable or disable the Advanced Encryption Standard AES192 encryption algorithm with Cipher Block Chai...

Страница 148: ...Signature Algorithm encryption The default is Enabled Click Apply to implement changes made SSH User Authentication The following windows are used to configure parameters for users attempting to access the Switch through SSH To access the following window click Security Management Secure Shell SSH User Authentication Figure 7 25 Current Accounts window In the example screen above the User Account ...

Страница 149: ...word for authentication Upon entry of this parameter the Switch will prompt the administrator for a password and then to re type the password for confirmation Public Key This parameter should be chosen if the administrator wishes to use the publickey on a SSH server for authentication Host Name Enter an alphanumeric string of no more than 32 characters to identify the remote SSH user This paramete...

Страница 150: ...ers or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management functions The functions allowed or restricted are defined using the Object Identifier OID associated with a specific MIB An additional layer of security is available for SNMPv3 in that SNMP messages may be encrypted To read more about how to configure SNMPv3 settings for the Switch re...

Страница 151: ...otocol None Indicates that no authorization protocol is in use MD5 Indicates that the HMAC MD5 96 authentication level will be used SHA Indicates that the HMAC SHA authentication protocol will be used Priv Protocol None Indicates that no authorization protocol is in use DES Indicates that DES 56 bit encryption is in use based on the CBC DES DES 56 standard To return to the SNMP User Table click th...

Страница 152: ... use DES Specifies that DES 56 bit encryption is in use based on the CBC DES DES 56 standard This field is only operable whenV3 is selected in the SNMP Version field and the Encryption field has been checked This field will require the user to enter a password between 8 and 16 alphanumeric characters Encrypted Checking the corresponding box will enable encryption for SNMPV3 and is only operable in...

Страница 153: ...implement your new settings click Apply To return to the SNMP View Table click the Show All SNMPView Table Entries link SNMP Group Table An SNMP Group created with this table maps SNMP users identified in the SNMP UserTable to the views created in the previous menu To view the SNMP Group Table open the SNMP Manager folder and click the SNMP Group Table entry The following screen should appear Figu...

Страница 154: ...tion and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specifies that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager AuthPriv Specifies that authorization will be required and that packets sent between the Switch and a remote SNMP manger will be encrypted To implement your new setti...

Страница 155: ...community string created can read from and write to the contents of the MIBs on the Switch To implement the new settings click Apply To delete an entry from the SNMP Community Table click the 8 under the Delete heading corresponding to the entry you wish to delete SNMP Host Table Use the SNMP Host Table to set up SNMP trap recipients Open the SNMP Manager folder and click on the SNMP Host Table li...

Страница 156: ...riv security level Community String or SNMP V3 User Name Type in the community string or SNMPV3 user name as appropriate To implement your new settings click Apply To return to the SNMP Host Table click the Show All SNMP Host Table Entries link SNMP Engine ID The Engine ID is a unique identifier used for SNMPV3 implementations This is an alphanumeric string used to identify the SNMP engine on the ...

Страница 157: ... the web page by simply clicking on a port The following fields can be set Parameter Description Time Interval Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number Select number of times the Switch will be polled between 20 and 200 The default value is 200 Click Clear to refresh the graph Click Apply to set changes implemented 9 2 C...

Страница 158: ...lization 9 3 Packets The Web Manager allows various packet statistics to be viewed as either a line graph or a table Six windows are offered Received RX Click the Received RX link in the Packets folder of the Monitoring menu to view the following graph of packets received on the Switch To select a port to view these statistics for first select the Switch in the switch stack by using the Unit pull ...

Страница 159: ... the Received Packets Table click the link View Table which will show the following table Figure 9 4 Rx Packets Analysis window table for Bytes and Packets The following fields may be set or viewed 158 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 160: ... this window View Table Clicking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table UMB Cast RX Click the UMB Cast RX link in the Packets folder of the Monitoring menu to view the following graph of UMB cast packets received on the Switch To select a port to view these st...

Страница 161: ...ot to display Multicast Broadcast and Unicast Packets Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table Transmitted TX Click the Transmitted TX link in the Packets folder of the ...

Страница 162: ...es and Packets To view the Transmitted TX Table click the link View Table which will show the following table Figure 9 8 Tx Packets Analysis window table for Bytes and Packets 161 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 163: ...cking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table 9 4 Errors The Web Manager allows port error statistics compiled by the Switch s management agent to be viewed as either a line graph or a table Four windows are offered Received RX Click the Received RX link in the...

Страница 164: ...bber The number of packets with lengths more than the MAX_PKT_LEN bytes Internally MAX_PKT_LEN is equal to 1522 Drop The number of packets that are dropped by this port since the last Switch reboot Show Hide Check whether or not to display Crc Error Under Size Over Size Fragment Jabber and Drop errors Clear Clicking this button clears all statistics counters on this window View Table Clicking this...

Страница 165: ...Transmitted Error Packets Table click the link View Table which will show the following table Figure 9 12 Tx Error Analysis window table The following fields may be set or viewed 164 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 166: ...er or not to display ExDefer LateColl ExColl SingColl and Coll errors Clear Clicking this button clears all statistics counters on this window View Table Clicking this button instructs the Switch to display a table rather than a line graph View Line Chart Clicking this button instructs the Switch to display a line graph rather than a table 9 5 Size The Web Manager allows packets received by the Sw...

Страница 167: ...The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Show Hide Check whether or not to display 64 65 127 128 255 256 511 512 1023 and 1024 1518 packets received 1024 1518 packets received Clear Clicking this button clears all statistics counters on this window View Table Clicking this b...

Страница 168: ...tch This may be different from the values shown in the illustration Runtime Version Shows the firmware version in use for the Switch This may be different from the values shown in the illustrations H W Version Shows the hardware version in use for the Switch This may be different from the values shown in the illustration Topology Show the current topology employed using this Switch My Box ID Displ...

Страница 169: ...Fail will show the mechanism is not functioning correctly Side Fan A read only field denoting if the side fan of the Switch is functioning properly Back Fan A read only field denoting if the back fan of the Switch is functioning properly 9 6 MAC Address This allows the Switch s dynamic MAC address forwarding table to be viewed When the Switch learns an association between a MAC address and a port ...

Страница 170: ...w the next page of the address table Clear Dynamic Entry Clicking this button will clear Dynamic entries learned by the Switch This may be accomplished byVLAN Name or by Port View All Entry Clicking this button will allow the user to view all entries of the address table Clear All Entry Clicking this button will allow the user to delete all entries of the address table 9 7 Switch History Log The W...

Страница 171: ... Table byVLAN Name by entering it in the top left hand corner and clicking Search The following field can be viewed Parameter Description VLAN Name TheVLAN Name of the multicast group Multicast Group The IP address of the multicast group MAC Address The MAC address of the multicast group Reports The total number of reports received for this group Port Member These are the ports where the IGMP pack...

Страница 172: ...splayed as a static router port designated by S A router port that is dynamically configured by the Switch is designated by D Figure 9 21 Browse Router Port window 9 11 Port Access Control The following screens are used to monitor 802 1x statistics of the Switch on a per port basis To view the Port Access Control screens open the monitoring folder and click the Port Access Control folder There are...

Страница 173: ...s that the port s authenticator capability is disabled Backend State The Backend Authentication State can be Request Response Success Fail Timeout Idle Initialize or N A N A Not Available indicates that the port s authenticator capability is disabled Port Status Controlled Port Status can be Authorized Unauthorized or N A MAC Address Displays the MAC address of the Authenticator Up to 16 MAC addre...

Страница 174: ...mes that have been transmitted by this Authenticator RxLogOff The number of EAPOL Logoff frames that have been received by this Authenticator Tx Req The number of EAP Request frames other than Rq Id frames that have been transmitted by this Authenticator Rx RespId The number of EAP Resp Id frames that have been received by this Authenticator Rx Resp The number of valid EAP Response frames other th...

Страница 175: ...s transmitted in user data frames on this port during the session Frames Rx The number of user data frames received on this port during the session Frames Tx The number of user data frames transmitted on this port during the session ID A unique identifier for the session in the form of a printable ASCII string of at least three characters Authentic Method The authentication method used to establis...

Страница 176: ...d from the Supplicant Auth Success Counts the number of times that the state machine transitions from AUTHENTICATING to AUTHENTICATED as a result of the Backend Authentication state machine indicating successful authentication of the Supplicant authSuccess TRUE Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING as a result of the Backend Auth...

Страница 177: ...o the Authentication Server RADIUS Authentication This table contains information concerning the activity of the RADIUS authentication client on the client side of the RADIUS authentication protocol It has one row for each RADIUS authentication server that the client shares a secret with To view the RADIUS Authentication click Monitoring Port Access Control RADIUS Authentication Figure 9 27 RADIUS...

Страница 178: ...lient This is not necessarily the same as sysName in MIB II ServerAddress The conceptual table listing the RADIUS accounting servers with which the client shares a secret ServerPortNumber The UDP port the client is using to send requests to this server RoundTripTime The time interval between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting ...

Страница 179: ...r These settings and parameters have been previously described in Chapter 6 of this manual under Layer 3 IP Networking Browse IP Address The Browse IP Address window may be found in the Monitoring menu in the Layer 3 Feature folder The Browse IP Address window is a read only screen where the user may view IP addresses discovered by the Switch To search a specific IP address enter it into the field...

Страница 180: ...r This window will show current ARP entries on the Switch To search a specific ARP entry enter an interface name into the Interface Name or an IP address and click Find To clear the ARP Table click Clear All Figure 9 31 Browse ARP Table window Browse IP Multicast Forwarding Table The Browse IP Multicast Forwarding Table window may be found in the Monitoring menu in the Layer 3 Feature folder This ...

Страница 181: ...le link The OSPF Link State Database Table displays the current link state database in use by the OSPF routing protocol on a per OSPF area basis Figure 9 34 Browse OSPF LSDB Table The user may search for a specific entry by entering the following information into the fields at the top of the screen To browse the OSPF LSDB Table you first must select which browse method you want to use in the Searc...

Страница 182: ...e Browse OSPF Neighbor Table link Routers that are connected to the same area or segment become neighbors in that area Neighbors are elected via the Hello protocol IP multicast is used to send out Hello packets to other routers on the segment Routers become neighbors when they see themselves listed in a Hello packet sent by another router on the same segment In this way two way communication is gu...

Страница 183: ...lder under Browse DVMRP Monitoring contains one row for each port in a DVMRP mode Each routing entry contains information about the source and multicast group and incoming and outgoing interfaces You may define your search by entering a Source IP Address and its subnet mask into the fields at the top of the page Figure 9 37 DVMRP Routing Table Browse DVMRP Neighbor Address Table This table found i...

Страница 184: ...Figure 9 39 DVMRP Routing Next Hop Table PIM Monitoring Multicast routers use Protocol Independent Multicast PIM to determine which other multicast routers should receive multicast packets To find out more information concerning PIM and its configuration on the Switch see the IP Multicasting chapter of Chapter 6 Configuration PIM Neighbor Address Table The PIM Neighbor Address Table contains infor...

Страница 185: ...e same firmware Enter the IP address of the TFTP server in the Server IP Address field Select the Image ID of the firmware The AT 9724TS can hold two firmware images in its memory Image ID 1 will always be the boot up firmware for the Switch unless specified by the user Information on configuring Image IDs can be found in this section under the heading MULTIPLE IMAGE Services The TFTP server must ...

Страница 186: ...er Click Start to record the IP address of the TFTP server and to initiate the file transfer 10 2 Multiple Image Services The Multiple Image Services folder allow users of the AT 9724TS to configure and view information regarding firmware located on the Switch The Switch allows two firmware images to be stored in its memory and either can be configured to be the boot up firmware for the Switch For...

Страница 187: ...his letter attached to it it denotes a firmware upgrade through the Console Serial Port RS 232 T If the IP address has this letter attached to it it denotes a firmware upgrade through Telnet S If the IP address has this letter attached to it it denotes a firmware upgrade through the Simple Network Management Protocol SNMP W If the IP address has this letter attached to it it denotes a firmware upg...

Страница 188: ...witch unless specified here Click Apply to implement changes made 10 4 Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify The destination node then responds to or echoes the packets sent from the Switch This is very useful to verify connectivity between the Switch and other nodes on the network Figure 10 7 Ping Test The user may use Infinite times radio bu...

Страница 189: ...Log Only save log Clicking the radio button for this entry will save only the current current log file to NV RAM Save All Save config and log Clicking the radio button for this entry will save both the current switch configuration and the current log file to NV RAM These settings will be used every time the Switch is rebooted See the Reset section for more information on changing configurations sa...

Страница 190: ...instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Restart button to restart the Switch 10 8 Logout Use the Logout page to logout of the Switch s Web based management agent by clicking on the Log Out button Figure 10 11 Logout window 189 AlliedTelesy...

Страница 191: ...for 100Mbps UTP Cat 3 4 5 for 10Mbps EIA TIA 568 100 ohm screened twisted pair STP 100m Physical Environmental AC inputs External Redundant Power Supply 100 240VAC 50 60 Hz internal universal power supply Power Consumption 90 watts maximum DC fans 2 built in 40 x 40 x 10 mm fans 1 built in 60 x 60 x 18 mm fan Operating Temperature 0 to 40 degrees C Storage Temperature 25 to 55 degrees C Humidity O...

Страница 192: ...ice Packet Filtering Full wire speed for all connections Forwarding Rate 148 810 pps per port for 100Mbps 1 488 100 pps per port for 1000Mbps MAC Address Learning Automatic update Forwarding Table Age Time Max age 10 1000000 seconds Default 300 191 AlliedTelesyn AT 9724TS High Density Layer 3 Stackable Gigabit Ethernet Switch ...

Страница 193: ...g periods of LIGHTNING ACTIVITY 2 c CAUTION POWER CORD IS USED AS A DISCONNECTION DEVICE TO DE ENERGIZE EQUIPMENT disconnect the power cord 3 c ELECTRICAL TYPE CLASS 1 EQUIPMENT THIS EQUIPMENT MUST BE EARTHED Power plug must be connected to a properly wired earth ground socket outlet An improperly wired socket outlet could place hazardous voltages on accessible metal parts 4 m PLUGGABLE EQUIPMENT ...

Страница 194: ...emmelse med lokal og national lov givning for elektriske installationer Eisen Dit product voldoet aan de volgende eisen 1 c GEVAAR VOOR BLIKSEMINSLAG GEVAAR NIET aan toestellen of KABELS WERKEN bij BLIKSEM 2 c WAARSCHUWING HET TOESTEL WORDT UITGESCHAKELD DOOR DE STROOMKABEL TE ONTKOPPELEN OM HET TOESTEL STROOMLOOS TE MAKEN de stroomkabel ontkoppelen 3 c ELEKTRISCHE TOESTELLEN VAN KLASSE 1 DIT TOES...

Страница 195: ... oltava esteetön pääsy 5 m HUOMAUTUS Ilmavaihtoreikiä ei pidä tukkia ja niillä täytyy olla vapaa yhteys ympäröivään huoneilmaan jotta ilmanvaihto tapahtuisi 6 m KÄYTTÖLÄMPÖTILA Tämä tuote on suunniteltu ympäröivän ilman maksimilämpötilalle 40 C 7 m KAIKKI MAAT Asenna tuote paikallisten ja kansallisten sähköturvallisuusmääräysten mukaisesti Standard Questo prodotto è conforme ai seguenti standard 1...

Страница 196: ... DO TIPO CLASSE 1 DEVE SER FEITA LIGAÇÃO DE FIO TERRA PARA ESTE EQUIPAMENTO O plugue de alimen tação deve ser conectado a uma tomada com adequada ligação de fio terra Tomadas sem adequa da ligação de fio terra podem transmitir voltagens perigosas a peças metálicas expostas 4 m EQUIPAMENTO DE LIGAÇÃO a tomada eléctrica deve estar instalada perto do equipamento e ser de fácil acesso 5 m CUIDADO As a...

Страница 197: ...TRÖMBRYTARE FÖR ATT KOPPLA FRÅN STRÖMMEN dra ur nätkabeln 3 c ELEKTRISKT TYP KLASS 1 UTRUSTNING DENNA UTRUSTNING MÅSTE VARA JORDAD Nätkabeln måste vara ansluten till ett ordentligt jordat uttag Ett felaktigt uttag kan göra att närliggande metalldelar utsätts för högspänning Apparaten skall anslutas till jordat uttag när den ansluts till ett nätverk 4 m UTRUSTNING MED PLUGG Uttaget skall installera...

Отзывы:

Нет отзывов

Похожие инструкции для AT-9724TS

Бренд: QNAP Страницы: 20

QSR-3920 Series

Бренд: QTech Страницы: 120

Бренд: Salusfin Страницы: 6

Бренд: Watchguard Страницы: 24

Бренд: Vivotek Страницы: 136

ION 1200 Series

Бренд: PaloAlto Networks Страницы: 90

AirStation WHR-G300N

Бренд: Hornington Страницы: 6

Бренд: APARIAN Страницы: 2

Бренд: Z Microsystems Страницы: 51

Бренд: Gemtek Systems Страницы: 51

Бренд: RubyTech Страницы: 25

Бренд: Global Sun Страницы: 39

Бренд: Juniper Страницы: 420

NetVanta Analog Modem Dial Backup Interface Module

Бренд: ADTRAN Страницы: 2

Бренд: KYLAND Technology Страницы: 19

RoteFinder RF500S

Бренд: Multi-Tech Страницы: 134

Бренд: Avigilon Страницы: 12

Бренд: BinTec Страницы: 2

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды