Allied Telesis AT-GS950/16PS Скачать руководство пользователя страница 291 | Manualshive

Страница: 291 / 386

background image

AT-GS950/16PS Switch Web Interface User’s Guide

291

Overview

The DHCP Snooping feature provides security by inspecting ingress
packets for the correct IP and MAC address information. The DHCP
Snooping feature defines the AT-GS950/16PS ports as either trusted or
untrusted. With DHCP Snooping enabled, two network security issues are
addressed:



All ingress DHCP packets are examined on the
untrusted ports and only authorized packets are
passed through the switch. Unwanted ingress DHCP
packets are discarded. See "Unauthorized DHCP
Servers" below.



DHCP ingress packets on an untrusted port are
inspected to insure that the source IP Address and
MAC Address combination in each packet is valid
when compared to the DHCP Snooping Binding Table.
If match is not found, the packet is discarded.

Trusted Ports

By definition, trusted ports inherently trust all ingress Ethernet traffic.
There is no checking or testing on ingress packets for this type of port. A
trusted port connects to a DHCP server in one of the following ways:



Directly to the legitimate trusted DHCP Server



A network device relaying DHCP messages to and
from a trusted server



Another trusted source such as a switch with DHCP
Snooping enabled.

Untrusted Ports

The Ethernet traffic on an untrusted port is inherently not trusted. The
ingress packets are consequently tested against specific criteria to
determine if they can be forwarded through the switch or should be
immediately discarded. Untrusted ports are connected to DHCP clients
and to traffic that originates outside of the LAN.

Unauthorized

DHCP Servers

Normally in a network, a single DHCP server exists in a local area network
(LAN). The DHCP server supplies network configuration information to
individual devices on the network including the assigned IP address for
each host. A trusted DHCP server is connected to a trusted port on the
switch.

It is possible that another unauthorized and unwanted DHCP server could
be connected to the network. This situation can occur if a client on the
network happens to enable a DHCP server application on his workstation
of if someone outside the network attempts to send DHCP packets to your
network. These situations pose a security risk.

«
...
289
290
291
292
293
...
»

Содержание AT-GS950/16PS

Страница 1: ...613 001779 Rev A AT GS950 16PS Gigabit Ethernet PoE Switch AT GS950 16PS Switch Web Interface User s Guide AT S112 1 00 010...

Страница 2: ...espective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this document without prior written notice The information provided herein i...

Страница 3: ...an IP Address List Entry 33 User Name and Password Configuration 34 Add New User Name and Password 34 Modify User Name and Password 35 Delete User Name and Password 36 User Interface Configuration 37...

Страница 4: ...94 Create a Port Trunk 97 Modify a Port Trunk 99 Disable a Port Trunk 101 Chapter 7 LACP Port Trunks 103 Overview 104 System Priority 105 Port Priority Value 106 General Guidelines 107 Group Status 10...

Страница 5: ...hapter 15 Quality of Service and Cost of Service 175 Overview 176 Packet Priority 176 Egress Queue vs Packet Priority Mapping 177 Prioritizing Untagged Packets 178 Scheduling 178 Mapping CoS Prioritie...

Страница 6: ...trol Configuration 217 Overview 218 Classifier 219 Creating a Classifier 219 Modifying a Classifier 221 Deleting a Classifier 222 Profile Action 224 Creating a Profile Action 224 Modifying Profile Act...

Страница 7: ...Destination MAC Filter 279 Overview 279 Destination MAC Filter Configuration 279 Delete Destination MAC Filter 280 Chapter 22 Power Over Ethernet PoE 283 Overview 284 Power Sourcing Equipment PSE 284...

Страница 8: ...33 Chapter 27 Cable Diagnostics 335 Chapter 28 Rebooting the AT GS950 16PS 337 Switch Reboot 338 Configure Factory Default Values 340 Password Protection of Factory Reset 342 Disabling Factory Default...

Страница 9: ...nning Tree Configuration Page 80 Figure 26 AT GS950 16PS MSTP Port Configuration Page 83 Figure 27 MSTP VLAN Mapping Page 86 Figure 28 MSTP Port Settings Page 88 Figure 29 AT GS950 16PS Topology Infor...

Страница 10: ...80 Example of Profile Action Entry 225 Figure 81 Modify Profile Action Page 226 Figure 82 Create In Profile Action Page Example 227 Figure 83 Example of In Profile Action Entry 228 Figure 84 Modify In...

Страница 11: ...re Upgrade via HTTP Page 326 Figure 127 Firmware Upgrade via TFTP Page 328 Figure 128 Configuration File Upload Download via HTTP Page 329 Figure 129 Result Page 330 Figure 130 File Download with HTTP...

Страница 12: ...Figures 12...

Страница 13: ...ppings Priority Levels to Priority Queues 177 Table 5 Example of Weighted Round Robin Priority 179 Table 6 IEEE Powered Device Classes 284 Table 7 PoE Port Priorities 285 Table 8 Traffic Comparison Op...

Страница 14: ...List of Tables 14...

Страница 15: ...50 16PS Gigabit Ethernet PoE Switch The AT S112 Management software has a web browser interface that you can access from any management workstation on your network that has a web browser application T...

Страница 16: ...tions Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you tha...

Страница 17: ...s learn about RMAs and contact Allied Telesis technical experts USA and EMEA phone support Select the phone number that best fits your location and customer type Hardware warranty information Learn ab...

Страница 18: ...Preface 18...

Страница 19: ...19 Section I Getting Started This section contains the following chapters Chapter 1 Starting a Web Browser Session on page 21 Chapter 2 System Configuration on page 27...

Страница 20: ...20...

Страница 21: ...arting using and quitting a web browser management session on the AT GS950 16PS switch This chapter includes the following sections Establishing a Remote Connection to the Web Browser Interface on pag...

Страница 22: ...iguration from a DHCP server refer to DHCP Client Configuration on page 45 Whether you use the pre assigned IP address or assign a new one you must set your local PC to the same subnet as the switch T...

Страница 23: ...e is displayed See Figure 3 Note To change the user name and password refer to User Name and Password Configuration on page 34 Figure 3 AT GS950 16PS Switch Information Page The main menu appears on t...

Страница 24: ...lays the front of the switch Ports are green that have a link to an end node Ports without a link are grey The AT GS950 16PS switch front panel page is shown in Figure 4 Figure 4 Front Panel Page A we...

Страница 25: ...25 Web Browser Tools You can use the web browser tools to move around the management pages Selecting Back on your browser s toolbar returns you to the previous display You can also use the browser s...

Страница 26: ...Chapter 1 Starting a Web Browser Session 26 Quitting a Web Browser Management Session To exit a web browser management session close the web browser...

Страница 27: ...onfiguration on page 32 User Name and Password Configuration on page 34 User Interface Configuration on page 37 System Time on page 39 SSL Settings on page 42 DHCP and ATI Web Discovery Tool on page 4...

Страница 28: ...an also help to avoid performing a configuration procedure on the wrong switch To set a switch s administration information perform the following procedure 1 From the main menu on the left side of the...

Страница 29: ...s System Contact Specifies the name of the network administrator responsible for managing the switch This contact name is optional and may contain up to 30 characters 4 Click Apply 5 From the main men...

Страница 30: ...orm the following procedure 1 From the main menu on the left side of the page click the System folder The System folder expands 2 From the System folder select IP Setup The IP Setup Page is displayed...

Страница 31: ...ick Apply Note Changing the IP address ends your management session To resume managing the device enter the new IP address of the switch in the web browser s URL field as shown in Figure 1 on page 20...

Страница 32: ...ify IP address that has already been created it must first be deleted and them re created using the following procedures Create an IP Access List To create a list of accessible IP addresses perform th...

Страница 33: ...f the page select Save Configuration to Flash to permanently save your changes Delete an IP Address List Entry To delete an IP address from the IP Access List perform the following procedure 1 From th...

Страница 34: ...assword on page 36 Add New User Name and Password The default User Name and Password is manager and friend both without the quotes To configure new User Name and Password information perform the follo...

Страница 35: ...n the left side of the page click the System folder The System folder expands 2 From the System folder select Administration The Administration Page is shown in Figure 8 on page 34 3 Identify the user...

Страница 36: ...xpands 2 From the System folder select Administration The Administration Page is shown in Figure 8 on page 34 3 Identify the user name that you want to delete and click Delete The user name is removed...

Страница 37: ...tion only The Web Server cannot be disabled SNMP Interface To enable or disable the AT GS950 16PS SNMP interface perform the following procedure 1 From the main menu on the left side of the page click...

Страница 38: ...on to Flash to permanently save your changes User Interface Timeout To set the Web Idle Timeout perform the following procedure 1 From the main menu on the left side of the page click the System folde...

Страница 39: ...g System Time on page 39 Setting SNTP on page 40 Setting Daylight Savings Parameters on page 41 Manually Setting System Time To set the system time manually perform the following procedure 1 From the...

Страница 40: ...side of the page click the System folder The System folder expands 2 From the System folder select System Time The System Time Page is displayed See Figure 11 on page 39 3 Use the pull down menu to se...

Страница 41: ...See Figure 11 on page 39 3 In the Daylight Savings Time Status field select Enabled 4 Specify the Month Day Hour and Minute when Daylight Savings will take effect in the From time fields 5 Specify the...

Страница 42: ...sions that use the secure HTTPS mode with SSL protocol are protected against snooping because the packets exchanged between the switch and your management workstations are encrypted When operating in...

Страница 43: ...ch Web Interface User s Guide 43 4 Click Apply The SSL setting that you have selected is now active 5 From the main menu on the left side of the page select Save Configuration to Flash to permanently...

Страница 44: ...r When the DHCP feature is enabled a DHCP server automatically assigns an IP address which is not advertised over the network As a consequence you do not know what IP address has been assigned to the...

Страница 45: ...new IP address can be discovered using the ATI Discovery Tool See DHCP and ATI Web Discovery Tool on page 44 for more information To activate or deactivate the DHCP client on the switch perform the fo...

Страница 46: ...s enabled the software reverts to the previously saved IP address value when the switch is power cycled or rebooted If no IP address has been previously saved the IP address value reverts to 192 168 1...

Страница 47: ...r The System folder expands 2 From the System folder select System The DHCP Auto Configuration Settings Page is shown in Figure 13 Figure 13 DHCP Auto Configuration Settings Page 3 From the Auto Confi...

Страница 48: ...h Information Page is displayed See Figure 14 Figure 14 AT GS950 16PS Switch Information Page The Switch Information Page displays the following information System Up For The number of days hours and...

Страница 49: ...the system IP address Refer to Configuration of IP Address Subnet Mask and Gateway Address on page 30 to manually assign an IP address or DHCP Client Configuration on page 45 to activate the DHCP clie...

Страница 50: ...e vital information about system activity that can help in the identification and solutions of system problems To configure the System log perform the following procedure 1 From the main menu on the l...

Страница 51: ...ting of 0 0 0 0 no server is specified 7 In the Facility field enter the Facility local from the pull down menu The choices range from local0 through local7 8 Select the Logging Level This parameter s...

Страница 52: ...Chapter 2 System Configuration 52...

Страница 53: ...79 Chapter 6 Static Port Trunking on page 93 Chapter 7 LACP Port Trunks on page 103 Chapter 8 Port Mirroring on page 113 Chapter 9 Loopback Protection on page 119 Chapter 10 MAC Address Table on page...

Страница 54: ...54...

Страница 55: ...hat explains how to view and change the port settings This chapter includes the following sections Overview on page 56 Displaying and Configuring Ports on page 57 Note To permanently save your new set...

Страница 56: ...s of an AT GS950 16PS switch You can display and modify the settings of all the ports on one web page The port characteristics that are displayed are Trunk Group Number Port type Link Status Admin Sta...

Страница 57: ...icates ports 1 through 16 on the AT GS950 16PS switch You cannot change this parameter Note You can use the All row value in the Port column to set the Admin Status Mode Jumbo Flow Ctrl EAP Pass and B...

Страница 58: ...This parameter applies to the All row only and i Indicates that the Admin Status field must be set individually for each port Enabled This parameter indicates the port is able to send and receive Ethe...

Страница 59: ...is configured for 10Mbps operation in full duplex mode 1000 Half This parameter i Indicates the port is configured for 1000Mbps operation in half duplex mode 100 Half This parameter i Indicates the po...

Страница 60: ...idually Enabled This parameter indicates that the port is able to send and receive EAP packets Disabled This parameter indicates that the port is disabled and is not able to send or receive EAP packet...

Страница 61: ...r include Overview on page 62 Basic STP and RSTP Configuration on page 70 Configure RSTP Port Settings on page 73 Spanning Tree Topology on page 78 For detailed information about STP refer to IEEE Std...

Страница 62: ...th in case a main link fails Where the two protocols differ is in the time each takes to complete the process referred to as convergence When a change is made to the network topology such as the addit...

Страница 63: ...e bridge priority number in the AT S112 Management software You can designate which switch on your network as the root bridge by giving it the lowest bridge priority number You may also consider which...

Страница 64: ...nto blocking state Path cost is determined by evaluating port costs Every port on a bridge participating in STP has a cost associated with it The cost of a port on a bridge is typically based on port...

Страница 65: ...if a topology change is made before all bridges have been notified and that could adversely impact network performance To forestall the formation of temporary data loops during topology changes a por...

Страница 66: ...ot whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been an...

Страница 67: ...igure 18 Edge Port Mixed STP and RSTP Networks RSTP IEEE 802 1w is fully compliant with STP IEEE 802 1d Your network can consist of bridges running both protocols STP and RSTP in the same network can...

Страница 68: ...hes One link consisting of untagged ports connect each VLAN If STP or RSTP is activated on the switches two of the links are disabled As a direct result two VLANs are disconnected between the bridges...

Страница 69: ...re 20 STP and VLAN Compatibility with Tagged Ports Note For information about tagged and untagged ports refer to Chapter 13 VLAN Overview on page 150 T T T T T T Ports blocked by STP Blocked Data Link...

Страница 70: ...of the page select Bridge The Bridge folder expands 2 From the Bridge folder select the Spanning Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the RSTP folder The...

Страница 71: ...t RSTP or STP compatible and then click Apply at the top of the page In the middle section of the page the following fields are listed Note You cannot change these fields Root Port The active port on...

Страница 72: ...idges have the same bridge priority You cannot change this parameter Bridge Priority The priority number for the bridge in hexadecimal format This number is used to determine the root bridge for RSTP...

Страница 73: ...he RSTP folder The RSTP folder expands 4 From the RSTP folder select the RSTP Basic Port The AT GS950 16PS RSTP Basic Port Configuration Page is displayed See Figure 22 for a partial view of this page...

Страница 74: ...s state is not strictly part of STP However a network administrator can manually disable a port Role Indicates one of the following port roles Disabled The Disabled Port role is assigned if the port i...

Страница 75: ...igure one two or all of the following settings STP Status Priority and Port Cost 7 Click Apply 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save...

Страница 76: ...port during the convergence process The port in the listening state processes BPDUs and awaits new information that would cause the port to return to the blocking state Learning While the port does no...

Страница 77: ...ology or not True The port is connected to an edge device and the port will always be in a forwarding state False The port is not connected to an edge device Admin OperPtoP Indicates if the port is co...

Страница 78: ...s contains status information only and there are no parameters to configure The following information is displayed about the ports Port Indicates ports 1 through 16 on the AT GS950 16PS switch Trunk T...

Страница 79: ...ind an overview and configuration guidelines for this feature in MSTP Overview on page 349 When you configure MSTP the information should be entered in order on the following web pages Multiple Spanni...

Страница 80: ...anning Tree folder The Spanning Tree folder expands 3 From the Spanning Tree folder select the MSTP folder The MSTP folder expands 4 From the MSTP folder select MSTP The Multiple Spanning Tree Configu...

Страница 81: ...tical to the regional names specified on other switches in the same MSTP region See Multiple Spanning Tree Regions on page 358 for more information Region Revision The parameter indicates the region s...

Страница 82: ...It is decremented by 1 each time it is retransmitted by the next bridge When the Hop Count value reaches zero the bridge drops the BPDU packet Its range is 6 40 hops Transmit Hold Count The Transmit...

Страница 83: ...r a partial view of this page Figure 26 AT GS950 16PS MSTP Port Configuration Page You may choose a port and configure its MSTP parameters on this page The following information is displayed Port Indi...

Страница 84: ...ing MSTP supports a built in protocol migration mechanism that enables it to inter operate with legacy 802 1D switches True The switch is able to inter operate with 802 1D BPDU packets False This swit...

Страница 85: ...t cannot process receive transmit TCN BPDUs False The port can process receive transmit TCN BPDU packets 5 Once you have configured the parameters click Apply in the Action column 6 If you choose to c...

Страница 86: ...the Spanning Tree folder select the MSTP folder The MSTP folder expands 4 From the MSTP folder select MSTP VLAN Mapping The MSTP VLAN Mapping Page is displayed See Figure 27 Figure 27 MSTP VLAN Mappi...

Страница 87: ...t delete the instance and then redefine it Refer to Create VLAN Mapping to MST Instance on page 86 for more information Delete MST Instance 1 In the Action column of the table click on Delete for the...

Страница 88: ...age The following information is displayed Port Indicates ports 1 through 16 on the AT GS950 10PS switch You can select the All row to apply the same settings to all ports on your switch for the Port...

Страница 89: ...terface User s Guide 89 6 If you choose to change the MSTP port settings for other ports repeat steps 4 and 5 7 From the main menu on the left side of the page select Save Configuration to Flash to pe...

Страница 90: ...on Page is displayed See Figure 29 Figure 29 AT GS950 16PS Topology Information Page The following information displayed on this page shows the current status of MSTP for each port Port Indicates port...

Страница 91: ...dge type port See Point to Point and Edge Ports on page 66 for more information Role Indicates the port s role which may be Disabled Root Designated Backup or Alternate See the parameter definitions d...

Страница 92: ...Chapter 5 Multiple Spanning Tree Protocol 92...

Страница 93: ...view on page 94 Create a Port Trunk on page 97 Modify a Port Trunk on page 99 Disable a Port Trunk on page 101 Note For information about Link Aggregation Control Protocol LACP port trunking see Chapt...

Страница 94: ...sufficient to handle the traffic load A static port trunk consists of two to eight ports on the switch that function as a single virtual link between the switch and another device A static port trunk...

Страница 95: ...ating a static trunk Allied Telesis recommends setting static port trunks between Allied Telesis networking devices to ensure compatibility A static trunk can contain up to eight ports The ports of a...

Страница 96: ...be members of more than one VLAN The ports of a static trunk can be either untagged or untagged members of the same VLAN The switch selects a port in the trunk to handle broadcast packets and packets...

Страница 97: ...ich can severely limited the effective bandwidth of your network To create a port trunk perform the following procedure 1 Select the Bridge folder The Bridge folder expands 2 From the Bridge folder se...

Страница 98: ...l not broadcast LACPDU packets but it will respond to them This setting disables the LACP feature for the trunk Manual Enables static port trunking and disables the LACP feature for the trunk Disable...

Страница 99: ...Config folder expands 4 From the Trunk Config folder select Trunking The Trunking Page is shown in Figure 31 on page 97 5 Click the status of the port trunk you want to modify and change the status t...

Страница 100: ...tic Port Trunking 100 9 Configure the port trunk on the other switch with the same parameters 10 Connect the Ethernet cables between trunk ports on the AT GS950 16PS switch and the trunk ports on the...

Страница 101: ...t trunk perform the following procedure 1 Disconnect all of the Ethernet cables from the ports of the trunk 2 Select the Bridge folder The Bridge folder expands 3 From the Bridge folder select the Tru...

Страница 102: ...Chapter 6 Static Port Trunking 102...

Страница 103: ...s Overview on page 104 System Priority on page 105 Port Priority Value on page 106 General Guidelines on page 107 Group Status on page 109 Port Priority Configuration on page 112 Note For information...

Страница 104: ...s 1 to 4 as the active ports and ports 5 and 6 as reserve If an active port loses its link the switch automatically activates one of the reserve ports to maintain maximum bandwidth of the trunk The ma...

Страница 105: ...e problem and deciding whose LACP settings take precedence This is the function of the system LACP priority value This value is used whenever the devices encounter a conflict creating a trunk the lowe...

Страница 106: ...the next highest priority is automatically activated to take its place The selection of the active links in an aggregate trunk is dynamic and changes as links are added removed lost or reestablished...

Страница 107: ...nconsecutive for example ports 2 4 6 8 A port can belong to only one aggregator at a time A port cannot be a member of an aggregator and a static trunk at the same time The ports of an aggregate trunk...

Страница 108: ...upport in a trunk If the number is less than eight the maximum number for the AT GS950 16PS switch you should assign the other vendor s device a higher system LACP priority than your AT GS950 16PS swi...

Страница 109: ...older The Bridge folder expands 2 From the Bridge folder select the Trunk Config folder The Trunk Config folder expands 3 From the Trunk Config folder select LACP Group Status The LACP Group Status Pa...

Страница 110: ...ort Trunk on page 97 to configure Trunk ID 1 as Active with ports 3 4 and 5 The LACP Group Status Page is updated This configuration is shown in Figure 33 before the Ethernet cables are connected Figu...

Страница 111: ...witch Web Interface User s Guide 111 Figure 34 LACP Group Status Page with Three Cables Connected You can now see that each port has been grouped under a single aggregator since the ports are now in a...

Страница 112: ...a partial view of this page Figure 35 AT GS950 16PS Port Priority Page The System Priority is a preassigned value that you cannot alter This value applies to the switch See System Priority on page 105...

Страница 113: ...ess and egress traffic on a port by having the traffic copied to another port This chapter contains the following sections Overview on page 114 Port Mirroring Configuration on page 115 Disable Port Mi...

Страница 114: ...he mirroring port Observe the following guidelines when you create a port mirror You can select more than one source port at a time However the more ports you mirror the less likely the mirroring port...

Страница 115: ...uration parameters become active on the page Disable This parameter de activates the Port Mirroring feature and the rest of the configuration parameters become inactive on the page 4 Click Mirroring P...

Страница 116: ...Chapter 8 Port Mirroring 116 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Страница 117: ...elect Mirroring The Mirroring page is shown in Figure 36 on page 115 3 From the Status field select Disable and click Apply Port mirroring is immediately disabled on the switch and the parameters on t...

Страница 118: ...Chapter 8 Port Mirroring 118...

Страница 119: ...e same port are connected then this feature detects this condition and disables the port for a pre configured amount of time This chapter contains the following topics Configuration on page 120 Status...

Страница 120: ...iew of the AT GS950 16PS Loopback Detection Page is displayed See Figure 37 Figure 37 AT GS950 16PS Loopback Detection Page 3 For the Loopback Detection State field a the top of the page select one of...

Страница 121: ...gs parameters becomes active 6 In the table at the bottom of the page select one of the Loopback Detection State choices from the pull down menu Ignore This parameter indicates that the setting in the...

Страница 122: ...Rx pairs connected Disabled This status indicates that the port does not have the Tx to Rx pairs connected The Disabled state will be reset to Normal after two conditions are both met The loopback con...

Страница 123: ...ections Overview on page 124 Static Unicast MAC Address Configuration on page 126 Static Multicast Address Configuration on page 130 Modify Static Multicast Address on page 133 Delete Static Multicast...

Страница 124: ...by manually configuring the switch with the AT S112 Management Software There are two reasons to enter static MAC addresses You may want to enter end nodes the switch does not learn in its normal dyna...

Страница 125: ...AT GS950 16PS Switch Web Interface User s Guide 125 predefined ports entered in the MAC table without any configuration delays or loss of data...

Страница 126: ...1Q VLAN ID parameter Port Based VLAN Configuration on page 164 regarding the Port Based VLAN Index parameter To add a static MAC address to the switch perform the following procedure 1 From the main...

Страница 127: ...Assign the MAC address a Port Member or members by selecting the check box beside each port number Note You can assign a maximum limit of 256 static unicast addresses on the switch 6 Click Add The Sta...

Страница 128: ...8 on page 126 3 Select Modify next to the static MAC address that you want to change The Modify Static Unicast Address Page is displayed See Figure 40 Figure 40 Modify Static Unicast Address Page 4 In...

Страница 129: ...select the Bridge folder 2 From the Bridge folder select Static Unicast The Static Unicast Address Table Page is displayed See Figure 38 on page 126 3 Select delete next to the static unicast address...

Страница 130: ...N ID parameter Port Based VLAN Configuration on page 164 regarding the Port Based VLAN Index parameter To add a static MAC address to the switch perform the following procedure 1 From the main menu on...

Страница 131: ...0 5E 7F FF FF 5 Assign the MAC address a Group Member or members by selecting the check box beside each port number Note You can assign a maximum limit of 256 static multicast addresses on the switch...

Страница 132: ...Chapter 10 MAC Address Table 132 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Страница 133: ...Figure 41 on page 130 3 Select Modify next to the static MAC address that you want to change The Modify Static Multicast Address Page is displayed See Figure 43 Hello Figure 43 Modify Static Multicast...

Страница 134: ...ridge folder 1 From the Bridge folder select Static Multicast The Static Multicast Address Table Page is displayed See Figure 41 on page 130 2 Select delete next to the static multicast address that y...

Страница 135: ...s for working with IGMP Snooping in the web interface The following topics are discussed Overview on page 136 IGMP Snooping Configuration on page 138 Note To permanently save your new settings or any...

Страница 136: ...router ports where host nodes are located There are three versions of IGMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a mem...

Страница 137: ...t Such flooding of packets can negatively impact network performance The AT GS950 16PS switch maintains a list of multicast groups through an adjustable time out value which controls how frequently it...

Страница 138: ...k Config folder select IGMP Snooping The IGMP Snooping Page is displayed See Figure 44 Figure 44 IGMP Snooping Page 4 To enable or disable IGMP Snooping on the switch select Enable or Disable from the...

Страница 139: ...odes that are active members of multicast groups To set a static Multicast Group Address see Static Multicast Address Configuration on page 130 Figure 45 IGMP Snooping Page with MAC Addresses 10 To di...

Страница 140: ...Chapter 11 IGMP Snooping 140...

Страница 141: ...feature The following topics are discussed Overview on page 142 Configuration on page 144 Ingress Rate Limiting on page 146 Egress Rate Limiting on page 148 Note To permanently save your new settings...

Страница 142: ...nation Lookup Failure DLF setting is concerned with comparing the destination MAC address of a packet received by the switch to the forwarding database When the AT GS950 16PS switch receives a packet...

Страница 143: ...it is as follows Bandwidth 64Kbps x rate limit The rate limit parameter is an integer ranging from 1 to 15625 Egress Rate Limiting The Egress Rate Limiting feature restricts the traffic to a pre confi...

Страница 144: ...PS Storm Control page is displayed See Figure 46 for a partial view of this page Figure 46 AT GS950 16PS Storm Control Page 4 To enable or disable the DLF field select Enable or Disable from the DLF p...

Страница 145: ...ition in Overview on page 142 9 Click Apply 10 To set the Threshold field use the pull down menu next to the port that you want to change Select Low Medium or High which correspond to the following va...

Страница 146: ...Rate Limiting The AT GS950 16PS Ingress Rate Limiting page is displayed See Figure 47 for a partial view of this page Figure 47 AT GS950 16PS Ingress Rate Limiting Page 4 To set the Bandwidth field o...

Страница 147: ...AT GS950 16PS Switch Web Interface User s Guide 147 7 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Страница 148: ...e Limiting page is displayed See Figure 48 for a partial view of this page Figure 48 AT GS950 16PS Egress Rate Limiting Page To set the Bandwidth field enter a number in the range of 1 to 15625 You ca...

Страница 149: ...gn Ports to a VLAN Mode on page 155 Tagged VLAN Configuration on page 157 Port Based VLAN Configuration on page 164 Modify a Port Based VLAN on page 165 Delete a Port Based VLAN on page 165 Note The V...

Страница 150: ...ys within the separate logical LAN segment of the VLAN The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic that is not destined for t...

Страница 151: ...at form an independent traffic domain This type of VLAN is independent of the header information including VLAN tags in a frame Traffic generated by the end nodes of a VLAN remains within the VLAN and...

Страница 152: ...s type of VLAN membership is determined by tag information within the frames that are received on a port and the VLAN configuration of each port The VLAN information within an Ethernet frame is referr...

Страница 153: ...for Voice VLAN on page 257 Packet transmission from a tagged port differs from packet transmission from an untagged port When a packet is transmitted from a tagged port the tagged information within t...

Страница 154: ...ere is a summary of the rules to observe when you create a tagged VLAN Assign a unique name to each tagged VLAN Each tagged VLAN must be assigned a unique VLAN ID If a particular VLAN spans multiple s...

Страница 155: ...he default VLAN is permanent and must have at least one untagged port assigned to it at any time To assign ports to a 802 1Q Tagged VLAN or Port Based VLAN perform the following procedure 1 From the m...

Страница 156: ...on click Restore Note Once the VLAN assignment has been saved by clicking first on the Apply button and then saving the configuration the Restore button will not be active for those port assignments 7...

Страница 157: ...VLAN the frame is discarded You can create and delete tagged VLANs by following the procedures in the following sections Create a Tagged VLAN Modify a Tagged VLAN on page 158 Delete a Tagged VLAN on...

Страница 158: ...is only an untagged member of VLAN 1 and not a tagged member of another VLAN Disable This parameter disables Management VLAN on this VLAN If you change this parameter from Enable to Disable the Manag...

Страница 159: ...ged VLAN An example of a tagged VLAN Index 2 Sales VLAN is shown in the table at the bottom of Figure 51 on page 159 Figure 51 Example of AT GS950 16PS Tagged VLAN Page 4 In the VLAN Action column cli...

Страница 160: ...connected to a Tagged Member port you may loose your connection to the AT S112 Management software Disable This parameter disables Management VLAN on this VLAN If you change this parameter from Enable...

Страница 161: ...9 4 In the VLAN Action column select Delete next to the VLAN that you want to delete A confirmation prompt is displayed 5 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot d...

Страница 162: ...the PVID parameter see the Port VLAN Identifier section in VLAN Overview on page 150 4 Set the Acceptable Frame Type to one of the following choices from the pull down menu All This selection allows...

Страница 163: ...the selected port 6 Click Apply The port configuration becomes effective 7 If you need to configure other ports of the switch for the VLAN Port Settings repeat steps 4 through 7 8 From the main menu o...

Страница 164: ...Create a Port Based VLAN To create a port based VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder...

Страница 165: ...idge The Bridge folder expands 2 From the Bridge folder select VLAN The VLAN folder expands 3 From the VLAN folder select Port Based VLAN An example VLAN Index 2 Sales VLAN is shown in the table at th...

Страница 166: ...Action column click Delete next to the VLAN that you want to delete A confirmation prompt is displayed 5 Click OK to delete the VLAN or Cancel to cancel the deletion Note You cannot delete the Defaul...

Страница 167: ...167 Chapter 14 GVRP This chapter contains the following sections Overview and Guidelines on page 168 General Configuration on page 169 Port Settings on page 170 Time Settings on page 172...

Страница 168: ...mic VLANs To be detected by GVRP a VLAN must have at least one active node or have at least one port with a valid link to an end node GVRP cannot detect a VLAN that does not have any active nodes or v...

Страница 169: ...GVRP folder select GVRP Global Configuration The GVRP Global Configuration Page is displayed See Figure 56 Figure 56 GVRP Global Configuration Page 4 From the GVRP Status field select one of the follo...

Страница 170: ...efines the GVRP status of the port From the Dynamic Vlan Status field select one of the following choices from the pull down menu Ignore This parameter indicates that the setting in the All row does n...

Страница 171: ...tion is de active for the port row selected 5 Once you have configured the parameters click Apply for the affected port 6 If you want to configure GVRP for other ports repeat steps 4 and 5 7 From the...

Страница 172: ...must be greater than GARPJoinTimer x2 10 and the GARPLeaveAllTimer must be greater than GARPLeaveTimer 10 The acceptable input values are multiples of 10 If you try to enter a value that is not a mult...

Страница 173: ...Note To ensure compatibility between network devices you need to configure the same values for the GARP Join Timer GARP Leave Timer and GARP Leave All Timer on all participating GVRP devices in your n...

Страница 174: ...Chapter 14 GVRP 174...

Страница 175: ...Associate DSCP Classes to Egress Queues on page 183 Queue Scheduling Algorithm on page 185 Note Before mapping the QoS Priorities and the egress Queues you must disable the Jumbo frame parameter on ea...

Страница 176: ...manage the flow of traffic through a switch by having the switch ports give higher priority to some packets such as delay sensitive traffic over other packets This is referred to as prioritizing traff...

Страница 177: ...levels and the four egress queues of a switch port You can change these mappings For example you might decide that packets with a priority of 6 and 7 need to be handled by egress queue Q3 and packets...

Страница 178: ...a mechanism for knowing the order in which it should handle the packets in its four egress queues For example if all the queues contain packets should the packets in queue Q3 the highest priority queu...

Страница 179: ...et number of packets from each queue in a round robin fashion so that each has a chance to transmit traffic Normally the higher the queue s priority the more packets are transmitted in as the algorith...

Страница 180: ...rameter definition in Displaying and Configuring Ports on page 57 Note When Jumbo frames are enabled COS can not be enabled To configure CoS mapping perform the following procedure 1 From the main men...

Страница 181: ...hange click on the Queue 0 1 2 or 3 radio button that applies to your configuration 5 After you have completed this mapping process select Enable in the QoS Status field 6 Click Apply 7 From the main...

Страница 182: ...orm the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select QoS The QoS folder expands 3 From the QoS folder s...

Страница 183: ...efault queue for all DSCP values is 0 To assign the queue mappings to the DSCP values perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder...

Страница 184: ...ty of Service and Cost of Service 184 5 After you have completed this mapping process click Apply 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently sa...

Страница 185: ...igure 62 Figure 62 Scheduling Algorithm Page 4 In the Scheduling Algorithm list select the algorithm one of the following Strict Priority The port transmits all packets out of higher priority queues b...

Страница 186: ...Chapter 15 Quality of Service and Cost of Service 186...

Страница 187: ...r 17 SNMPv3 on page 201 Chapter 18 Access Control Configuration on page 217 Chapter 19 RMON on page 245 Chapter 20 Voice VLAN on page 257 Chapter 21 Security on page 267 Chapter 22 Power Over Ethernet...

Страница 188: ...188...

Страница 189: ...ollowing sections SNMPv1 and SNMPv2c Overview on page 190 Trap Receiver Attributes on page 191 SNMPv1 and SNMPv2c User and Group Names on page 193 SNMP Community Strings on page 196 SNMP Traps on page...

Страница 190: ...and loading new configurations via the agent in the managed equipment The NMS and agent communicate with each other using variables organized into pre defined hierarchies called Management Informatio...

Страница 191: ...use traps to monitor activities on the switch Trap receivers are the typically SNMP management stations that you want to receive the traps sent by the switch You specify a trap receiver by its IP add...

Страница 192: ...Chapter 16 SNMPv1 and v2c 192 Activate SNMP Interface The SNMP interface is activated by default If you want to de activate it or re activate it go to User Interface Configuration on page 37...

Страница 193: ...use the string and what the string allows a network management station to do on the switch The AT S112 Management Software does not provide any default community strings You must first define an SNMP...

Страница 194: ...Auth Protocol Priv Protocol and password fields are intended for SNMPv3 configurations only and are not used for SNMPv1 or v2c configurations 6 Click Add See Figure 64 for an example of the SNMP User...

Страница 195: ...e 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select SNMP User Group The SNMP User Group Page is displayed See Figure 63 on...

Страница 196: ...c community string do the following 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP folder select Community Table The Community Table P...

Страница 197: ...table entry See SNMPv1 and SNMPv2c User and Group Names on page 193 Delete SNMP Community Strings Use the following procedure to delete a community name of an SNMP community from the Community Table...

Страница 198: ...NMP folder The SNMP folder expands 2 From the SNMP folder select Trap Management The Trap Management Page is displayed See Figure 67 Figure 67 Trap Management Page 3 Enable trap management by selectin...

Страница 199: ...n menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modify a Trap Host Table Entry If you need to modify an SNMP Trap entry you must first delete th...

Страница 200: ...click Delete next to the entry in the table that you want to remove The Host table entry is removed from the table No confirmation message is displayed 5 From the main menu on the left side of the pag...

Страница 201: ...s the following sections Overview on page 202 SNMPv3 User and Group Names on page 206 SNMPv3 View Names on page 209 SNMPv3 View Table on page 212 SNMPv3 Traps on page 215 Note To permanently save your...

Страница 202: ...ewed by specific users In this way you restrict which MIBs a user can display and modify In addition you can restrict the types of messages or traps the user can send A trap is a type of SNMP message...

Страница 203: ...5 or SHA If you assign a DES privacy protocol to a user then you are also required to assign a privacy password If you choose to not assign a privacy value then SNMPv3 messages are sent in plain text...

Страница 204: ...btree view and enables you to restrict a MIB view to a specific row of the OID MIB table You need a thorough understanding of the OID MIB table to define a subtree mask SNMPv3 Configuration Process Th...

Страница 205: ...User s Guide 205 5 Finally the traps can be defined on the Trap Management page based on the Community or User Name See Figure 70 for an illustration of how the user configuration tables are linked Fi...

Страница 206: ...P User Group The SNMP User Group page is displayed See Figure 63 on page 193 Note There are no default User Names or Group Names defined for SNMPv3 3 Type a new User Name Enter a name up to 31 charact...

Страница 207: ...User Group page See Figure 71 Figure 71 SNMP User Group SNMPv3 Example 11 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modifying...

Страница 208: ...Group The SNMP User Group Page is displayed See Figure 63 on page 193 3 In the Action column of the table click Delete for the User Name and Group Name that you want to remove 4 From the main menu on...

Страница 209: ...e you can create an SNMPv3 View name you must defined a Group Name using the SNMP User Group page See Creating SNMPv3 User and Group Names on page 206 Use this procedure to create SNMPv3 View Names 1...

Страница 210: ...ection is the appropriate selection when no Auth Protocol or Priv Protocol no encryption are selected on the SNMP User Group page AuthNoPriv Choose this selection when encryption has been enabled but...

Страница 211: ...mes This procedure explains how to delete an entry on the SNMP Group Access Table page 1 From the main menu on the left side of the page select the SNMP folder The SNMP folder expands 2 From the SNMP...

Страница 212: ...on page 212 Modifying SNMPv3 View Table Entries on page 213 Deleting SNMPv3 View Table Entries on page 213 Creating SNMPv3 View Table Entries This procedure explains how to create entries in the SNMPv...

Страница 213: ...w Table page you must first delete the entry and then re enter it For information about how to delete an entry in this table see Deleting SNMPv3 View Table Entries For information about how to create...

Страница 214: ...Chapter 17 SNMPv3 214 3 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Страница 215: ...AT GS950 16PS Switch Web Interface User s Guide 215 SNMPv3 Traps The creation modification and deletion of traps for SNMPv3 is identical to the procedure for SNMPv1 v2 See SNMP Traps on page 198...

Страница 216: ...Chapter 17 SNMPv3 216...

Страница 217: ...feature and the procedures to create modify and delete a Access Control configuration This chapter contains the following sectio Overview on page 218 Classifier on page 219 Profile Action on page 224...

Страница 218: ...s be sure to configure the QoS parameters The QoS entries may have a direct affect on each policy s behavior For more information see Chapter 15 Quality of Service and Cost of Service on page 175 Befo...

Страница 219: ...ions Creating a Classifier next Modifying a Classifier on page 221 Deleting a Classifier on page 222 Creating a Classifier To create a classifier perform the following procedure 1 From the main menu o...

Страница 220: ...Destination MAC Mask ranging from 1 48 VLAN ID A unique number identifying a VLAN ranging from 1 to 4000 802 1p Priority 802 1p priority level of the frame ranging from 0 to 7 Ether Type Indicates the...

Страница 221: ...er table entry is shown in Figure 77 Figure 77 Create Classifier Example Page 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Modi...

Страница 222: ...Classifier Page 4 Change the parameters as required Note See Creating a Classifier on page 219 for the definitions of each parameters 5 Click Apply The modified classifier entry is displayed in the t...

Страница 223: ...3 From the Create Classifier page identify which classifier table entry that want to delete and click the Delete link in the Action column You are prompted with a verification message 4 Click on the...

Страница 224: ...e 227 and Creating a Out Profile Action on page 231 for more information You can create modify or delete a Profile Action by following the procedures in the following sections Creating a Profile Actio...

Страница 225: ...us table If you do not see you new entry you may need to navigate to another page of the table with the First Page Previous Page Next Page and Last Page buttons located below the table An example of a...

Страница 226: ...menu on the left side of the page select Save Configuration to Flash to permanently save your changes Deleting a Profile Action To delete a profile action entry perform the following procedure 1 From...

Страница 227: ...ng an In Profile Action next Modifying an In Profile Action on page 229 Deleting an In Profile Action on page 230 Creating an In Profile Action To create an in profile action perform the following pro...

Страница 228: ...ps ingress packets that conform to the specified Profile Action ID Permit This selection allows ingress packets that conform to the specified Profile Action ID to be processed by the switch Note You m...

Страница 229: ...ontrol Config folder select In Profile Action An example of the Create In Profile Action page with a In Profile Action table entry is shown in Figure 83 on page 228 3 Select the table entry that you w...

Страница 230: ...e Action An example of the Create In Profile Action page with a In Profile Action table entry is shown in Figure 83 3 From the Create In Profile Action page identify which In Profile action table entr...

Страница 231: ...Action To create a Out Profile Action perform the following procedure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands...

Страница 232: ...to the specified Profile Action ID to be processed by the switch Note You must enter a selection for Deny Permit field even if the Profile Action ID that you have entered ignores both the Policed DSC...

Страница 233: ...Config folder select Out Profile Action An example of the Create Out Profile Action page with a Out Profile Action table entry is shown in Figure 86 on page 232 3 Select the table entry that you want...

Страница 234: ...n example of the Create Out Profile Action page with a Out Profile Action table entry is shown in Figure 86 on page 232 3 From the Create Out Profile Action page identify which Out Profile action tabl...

Страница 235: ...e page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List The Create Port List page is displayed in Figure 88 Fig...

Страница 236: ...side of the page select Save Configuration to Flash to permanently save your changes Modify Port List To modify a Port List entry perform the following procedure Note Before you can modify an entry y...

Страница 237: ...edure 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Port List An exa...

Страница 238: ...Profile Action on page 231 for more information Port List Index See Create Port List on page 235 for more information You can create modify or delete a Policy by following the procedures in the follow...

Страница 239: ...policies applied to specific ports see Policy Sequence Status on page 243 In Profile Action Index The In Profile Action Index is a unique number within the range of 1 65535 This field is mandatory and...

Страница 240: ...n entry you must first enter a Policy see Create Policy on page 238 1 From the main menu on the left side of the page select the Access Control Config folder The Access Control Config folder expands 2...

Страница 241: ...ameters 5 Click Apply The modified Policy entry is displayed in the table at the bottom of the page of the Create Policy page 6 From the main menu on the left side of the page select Save Configuratio...

Страница 242: ...ble entry is shown in Figure 92 on page 240 3 From the Create Policy page identify which Policy table entry that want to delete and click the Delete button in the Action column You are prompted with a...

Страница 243: ...Access Control Config folder The Access Control Config folder expands 2 From the Access Control Config folder select Policy Sequence The Policy Sequence page is displayed in Figure 94 Figure 94 Policy...

Страница 244: ...Chapter 18 Access Control Configuration 244...

Страница 245: ...hapter 19 RMON This chapter contains the following sections Overview on page 246 Enable and Disable RMON on page 247 Port Statistics on page 248 Histories on page 250 Events on page 252 Alarms on page...

Страница 246: ...s group is used to collect histories of port statistics to identify traffic trends or patterns For information about configuring a History group refer to Histories on page 250 Event group This group i...

Страница 247: ...ons on how to configure SNMP on your switch refer to Chapter 16 SNMPv1 and v2c on page 189 or Chapter 17 SNMPv3 on page 201 Perform the following procedure to activate RMON 1 From the main menu on the...

Страница 248: ...ge is displayed See Figure 97 Figure 97 Ethernet Statistics Configuration Page 3 The following fields are listed Index This parameter specifies the ID number of the new group The range is 1 to 65535 P...

Страница 249: ...Figure 98 Ethernet Statistics Configuration Example 5 If you want to configure RMON statistics for other ports repeat steps 3 and 4 6 From the main menu on the left side of the page select Save Confi...

Страница 250: ...kets in a group the more snapshots it can store Perform the following procedure to configure RMON history 1 From the main menu on the left side of the page click the RMON folder The RMON folder expand...

Страница 251: ...an interval of sixty seconds Owner This parameter is used to identify the person who created an entry It is primarily intended for switches that are managed by more than one person and is an optional...

Страница 252: ...y 1 From the main menu on the left side of the page click the RMON folder The RMON folder expands 2 From the RMON folder select Event The RMON Event Configuration Page is displayed See Figure 101 Figu...

Страница 253: ...person and is an optional field 4 Once you have configured the parameters click Add Your entry appears in the table at the bottom of the page See Figure 102 Figure 102 RMON Event Configuration Exampl...

Страница 254: ...MON statistics group configured if it is to have an alarm When you create an alarm you specify the port to which it is to be assigned not by the port number but rather by the ID number of the port s s...

Страница 255: ...t the event is monitoring Sample type This parameter defines the type of change that has to occur to trigger the alarm on the monitored statistic There are two choices from the pull down menu DELTA va...

Страница 256: ...ies the event index for the falling threshold Its range is 1 to 65535 This field is mandatory and must match an Event Index that you previously entered in Events on page 252 Owner This parameter is us...

Страница 257: ...d delete a voice VLAN configuration This chapter contains the following sections Overview on page 258 General Guidelines on page 261 Configuration on page 262 OUI Setting on page 265 Note To permanent...

Страница 258: ...t the voice data packets are processed before other types of data so that the voice quality is maintained as the voice data passes through the AT GS950 16PS switch Note For more information about how...

Страница 259: ...or untagged ports that will serve as the voice VLAN uplink downlink By default a tagged or untagged port is a static member of a tagged VLAN Note See Create a Tagged VLAN on page 157 for more informa...

Страница 260: ...ave the port VLAN ID PVID configured to be the same as the voice VLAN ID This insures that all untagged packets entering the port are switched within the voice VLAN as the voice data passes through th...

Страница 261: ...ember ports of a tagged VLAN are static and cannot have the voice VLAN Auto Detection feature enabled IP phones that are not VLAN aware should be connected to Static tagged ports of the voice VLAN The...

Страница 262: ...h To configure a voice VLAN perform the following procedure 1 From the main menu on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select Voice VLAN The Voi...

Страница 263: ...dicates the amount of time in hours after the last IP phone s OUI was received on a port after which this port will be removed from the voice VLAN The range is 1 to 120 hours COS This parameter is CoS...

Страница 264: ...have the voice VLAN Auto Detection feature enabled The Status column displays Static for the member ports See Dynamic Auto Detection vs Static Ports on page 259 for more information 8 Click Apply in t...

Страница 265: ...e VLAN OUI Setting The Voice VLAN OUI Setting Page is displayed See Figure 106 Figure 106 Voice VLAN OUI Setting Page 4 Enter a text description that helps you identify the manufacturer s OUI in the U...

Страница 266: ...u on the left side of the page select Bridge The Bridge folder expands 2 From the Bridge folder select Voice VLAN The Voice VLAN folder expands 3 From the Voice VLAN folder select Voice VLAN OUI Setti...

Страница 267: ...chapter includes the following sections Port Access Control on page 268 RADIUS Client on page 273 Dial in User Local Authentication on page 276 Destination MAC Filter on page 279 Note To permanently s...

Страница 268: ...dual from connecting a computer to a port or using an unattended workstation to access your network resources Only those users to whom you have assigned a user name and password are able to use the sw...

Страница 269: ...0 to 9 a to z and A to Z Spaces are allowed Specifying an NAS ID is optional Port Access Control This parameter enables or disables Port Access Control Select one of the following choices from the pul...

Страница 270: ...he pull down menu choices are as follows 802 1x 802 1x is specified as the authentication mode This setting applies to configuration for either RADIUS or Dial In User authentication For configuration...

Страница 271: ...have to periodically reauthenticate after the initial authentication Reauthentication is still required if there is a change to the status of the link between a client and the switch or the switch is...

Страница 272: ...t to the authorized state Transmission Period Sets the switch to client retransmission time for EAP request frames The range is 1 to 65535 seconds Quiet Period Sets the number of seconds that authenti...

Страница 273: ...work access from a network device to an authentication protocol server The AT S112 Management software comes with RADIUS client software You can use the client software together with 802 1x port based...

Страница 274: ...ndard Radius Client Configuration To configure the RADIUS client perform the following procedure 1 From the main menu on the left side of the page select the Security folder The Security folder expand...

Страница 275: ...AT GS950 16PS Switch Web Interface User s Guide 275 8 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes...

Страница 276: ...se the user name and password combinations are entered with an optional VLAN when they are defined Based on these entries the authentication process of a supplicant is done locally by the AT S112 Mana...

Страница 277: ...will be ignored 6 Click the Add button The Dial in User page is refreshed See Figure 111 Figure 111 Dial In User Page Example 7 To permanently save these settings in the configuration file select Sav...

Страница 278: ...ash from the main menu to permanently save your changes Delete a Dial in User To delete a dial in user perform the following procedure 1 From the main menu on the left side of the page select the Secu...

Страница 279: ...e prevents the switch from forwarding it and drops the packet You may want to block access to a device within your organization For instance you may not want users on the Sales group switch to have ac...

Страница 280: ...s the Destination MAC Filter Page is updated with the MAC address 6 From the main menu on the left side of the page select Save Configuration to Flash to permanently save your changes Delete Destinati...

Страница 281: ...81 3 Select the Delete button next to the MAC address that you want to delete The MAC address is removed from the MAC address table 4 From the main menu on the left side of the page select Save Config...

Страница 282: ...Chapter 21 Security 282...

Страница 283: ...procedures to configure the PoE feature on each port The sections in this chapter include Overview on page 284 PoE Configuration on page 286 Note To permanently save your new settings or any changes t...

Страница 284: ...er network devices is referred to as power sourcing equipment PSE The AT GS950 16PS switch is a PSE device which provides DC power to the network cable and functions as a central power source for othe...

Страница 285: ...on the port number in ascending order For example when all of the ports in the switch are set to the low priority level and the power requirements are exceeded on the switch port 1 has the highest pri...

Страница 286: ...er Over Ethernet Configuration Page The Power Over Ethernet Configuration page displays the PoE status and allows you to configure PoE feature with the following parameters Port Indicates the port wit...

Страница 287: ...y Low High or Critical For more details see Port Prioritization on page 285 Power mW Indicates the Power in milliwatts that the port is supplying power to the PD Voltage V Indicates the Voltage in vol...

Страница 288: ...Chapter 22 Power Over Ethernet PoE 288...

Страница 289: ...289 Chapter 23...

Страница 290: ...g configuration This chapter contains the following sections Overview on page 291 General Configuration on page 294 VLAN Setting on page 296 Trusted and Untrusted Port Configuration on page 298 Bindin...

Страница 291: ...the following ways Directly to the legitimate trusted DHCP Server A network device relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enable...

Страница 292: ...on untrusted ports do not accept DHCP packets originating form a DHCP server and immediately drop them when they are detected The DHCP packets types that are not accepted are DHCPOFFER and DHCPACK How...

Страница 293: ...etwork device relaying DHCP messages to and from a trusted server Another trusted source such as a switch with DHCP Snooping enabled Untrusted ports are connected to DHCP clients and to traffic that o...

Страница 294: ...is parameter activates the DHCP Snooping feature on the AT GS950 16PS switch Disabled This parameter de activates the DHCP Snooping feature on the AT GS950 16PS switch 4 From the Pass Through Option 8...

Страница 295: ...The AT S112 Management Software does not save a backup copy of the Binding Table to flash 7 Select an interval of time for the Database Update Interval field The range of this interval is 600 to 8640...

Страница 296: ...xpands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings page is displayed See Figure 116 Figure 116 DHCP Snooping VLAN Settings Page 3 In the VLAN ID field enter a VLAN ID that h...

Страница 297: ...AN ID do the following 1 From the main menu on the left side of the page select DHCP Snooping The DHCP Snooping folder expands 2 From the DHCP Snooping folder select VLAN Settings The VLAN Settings pa...

Страница 298: ...usted Interfaces A partial view of the AT GS950 16PS Trusted Interfaces page is displayed See Figure 117 Figure 117 AT GS950 16PS Trusted Interfaces Page 3 From the Trust column select one of the foll...

Страница 299: ...igure 118 Trusted Interfaces Page Example 5 If you choose to configure other switch ports as trusted or untrusted repeat steps 3 and 4 6 From the main menu on the left side of the page select Save Con...

Страница 300: ...DHCP Snooping Binding Database on the AT GS950 16PS switch for static IP addresses and how to view the MAC Address and IP Address information for all of the hosts on your local area network 1 From th...

Страница 301: ...namically assigned IP address from the DHCP server automatically populates the table on the Binding Database page You must enter statically assigned IP Addresses and their corresponding fields at the...

Страница 302: ...assigned See Static IP Addresses on page 300 for more information Lease Time This parameter is the time that IP address assignment by the DHCP server is valid If the Page field located below the tabl...

Страница 303: ...cted devices on the network and to store data that is learned about other devices This chapter provides the following information Overview on page 304 Global Configuration on page 305 Neighbors Inform...

Страница 304: ...protocol That is the information transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not sol...

Страница 305: ...ystem Information The LLDP port settings are on the bottom of the page 3 See Figure 121 for an example of a partial view of this page A partial view of the AT GS950 16PS LLDP Global Settings Page is d...

Страница 306: ...be set to either enabled or disabled without affecting LLDP 4 Click the Apply button to the right of the either the Enable or Disable radio buttons The LLDP setting that you have selected is now activ...

Страница 307: ...is macAddress You cannot change this parameter Chassis ID This parameter lists the MAC Address of the switch You cannot change this parameter System Name This parameter lists the System Name of the s...

Страница 308: ...data packets To change the settings of all the ports to the same state select a state setting next to All In the Port column 3 In the Action column click the Apply button that corresponds to the port...

Страница 309: ...hat the LLDP information is received from them Port This parameter specifies the AT GS950 16PS local port number where the LLDP information was received Chassis ID Subtype This parameter describes the...

Страница 310: ...Chapter 24 LLDP 310...

Страница 311: ...switch and its ports This chapter includes the following sections Overview on page 312 Traffic Comparison Statistics on page 313 Error Group Statistics on page 316 Historical Status Charts on page 31...

Страница 312: ...affic Comparison statistics chart allows you to display a specified traffic statistic over all of the ports You can select 12 statistic types and 12 colors for each port This chart is described in Tra...

Страница 313: ...d 12 colors for each port To display traffic comparison statistics perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart...

Страница 314: ...Discards Pkts Measures the number of inbound discarded packets in packets per second Inbound Errors Pkts s Measures the number of inbound errors in packets per second Outbound Octets Bytes s Measures...

Страница 315: ...ect Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the traffic comparison graph select Draw 7 Fr...

Страница 316: ...lay error group statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select Error Group The...

Страница 317: ...nds 15 seconds 30 seconds 5 To select the color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Gree...

Страница 318: ...ay historical status charts statistics for a port perform the following procedure 1 Select the Statistics Chart folder The Statistics Chart folder expands 2 From the Statistics Chart folder select His...

Страница 319: ...kets per second Inbound Errors Pkts Measures the number of inbound errors in packets per second Outbound Octets Bytes Measures the number of outbound octet bits in bytes per second Outbound Unicast Pa...

Страница 320: ...color of the traffic comparison graph select Color Choose one of the following colors Green Blue Red Purple Yellow Orange Gray Light Red Light Blue Light Green Light Yellow Light Gray 6 To create the...

Страница 321: ...tion contains the following chapters Chapter 26 Software Configuration Updates on page 323 Chapter 27 Cable Diagnostics on page 335 Chapter 28 Rebooting the AT GS950 16PS on page 337 Chapter 29 Pingin...

Страница 322: ...322...

Страница 323: ...325 Upgrade Firmware Image via TFTP on page 327 Upload or Download a Configuration File via HTTP on page 329 Download or Upload a Configuration File via TFTP on page 332 Note For information about ho...

Страница 324: ...theAT S112 Management software or upload or download your configuration file Using a web browser via HTTP Using a TFTP server To perform one of these operations using HTTP you only need to have acces...

Страница 325: ...subnet mask assigned either manually or via DHCP For instructions on how to set the IP address and subnet mask on a switch see Configuration of IP Address Subnet Mask and Gateway Address on page 30 To...

Страница 326: ...necessary Firmware File Enter the path and the firmware file name or click the Browse button and select the file name 4 To begin the upgrade process on the switch click Apply The software begins to do...

Страница 327: ...ew AT S112 image file on the TFTP server Start the TFTP server software before you begin the download procedure Caution Downloading a new version of management software onto the switch causes the devi...

Страница 328: ...e new software Image File Name The full name of the AT S112 file including the file extension you are downloading Retry Count The number of times the firmware upgrade is retried The range is 1 20 4 To...

Страница 329: ...To enable a DHCP client see DHCP Client Configuration on page 45 To upload or download an AT S112 configuration file onto the switch using a web browser perform the following procedure 1 From the menu...

Страница 330: ...new configuration file is different than the one you currently have in your browser URL you will loose connectivity with the AT S112 Management software on the AT GS950 16PS switch after the new conf...

Страница 331: ...ct the Download button Select this button to download a configuration file from the switch to your PC The following window shown in Figure 130 is displayed Figure 130 File Download with HTTP 2 Click S...

Страница 332: ...the following procedure 1 From the menu on the left side of the home page select the Tools folder The Tools folder expands 2 From the Tools folder select the Config File Upload Download folder The Co...

Страница 333: ...r the new configuration file is loaded If this is the case you can identify the new IP address by using the ATI Web Discovery Tool See DHCP and ATI Web Discovery Tool on page 44 for more information C...

Страница 334: ...Chapter 26 Software Configuration Updates 334...

Страница 335: ...iguration file select Save Configuration to Flash from the main menu on the left side of the page To do these cable diagnostics perform the following procedure 1 From the main menu on the left side of...

Страница 336: ...one pair of wires and another pair within the cable Cable Fault Distance This parameter specifies the distance from the switch port to the cable fault Cable Length This parameter specifies the length...

Страница 337: ...iginal factory default settings There are two ways to accomplish this Press the front panel ecofriendly button for more than 10 seconds and release it Reboot the switch in the AT S112 management softw...

Страница 338: ...e your changes All configuration parameters that have not been previously saved are lost After the switch is reboots they are reset to the values stored in the flash memory Caution This procedure caus...

Страница 339: ...y Note Two additional options are available in the Reboot Type field The procedures for these options are described in Configure Factory Default Values 5 Click Apply The switch immediately begins to r...

Страница 340: ...er part of the page to the Reboot section 4 In the Reboot Type field use the pull down menu to select one of the following options Normal This setting reloads all configuration parameters that are sav...

Страница 341: ...ay settings are managed by the DHCP server 5 Click Apply The switch begins the reboot process You must wait approximately two minutes for the switch to complete the reboot process before you can re es...

Страница 342: ...disabled However you can still reset the switch via the management software without affecting the switch s configuration The factory default reset can be enabled again by using the password that you...

Страница 343: ...entering a password See Figure 134 Figure 134 Factory Default Reset Reboot Page with Password Entry 5 In the New Password field enter a password of up to 12 characters in length It is case sensitive T...

Страница 344: ...choose to Enable it perform the following procedure 1 From the main menu on the left side of the page select the Tools folder The Tools folder expands 2 From the Tools folder select Reboot The Factor...

Страница 345: ...ult Reset Reboot Page is displayed with the Factory Default Reset field Enabled See Figure 133 on page 338 In the Reboot section the Reboot Type field now includes the options presented in its pull do...

Страница 346: ...Chapter 28 Rebooting the AT GS950 16PS 346...

Страница 347: ...he switch through which the node is communicating with the switch must be an untagged or tagged member of the Default VLAN To ping a network device perform the following procedure 1 From the main menu...

Страница 348: ...s click Show Ping Results A sample Ping Test Results Page is displayed See Figure 138 Figure 138 Ping Test Results Page The following information is displayed Destination IP Address Indicates the IP a...

Страница 349: ...TI on page 352 General Guidelines on page 355 VLAN and MSTI Associations on page 356 Ports in Multiple MSTIs on page 357 Multiple Spanning Tree Regions on page 358 Associating VLANs to MSTIs on page 3...

Страница 350: ...tagged ports which can handle traffic from multiple VLANs simultaneously The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resu...

Страница 351: ...the following concepts and guidelines Like STP and RSTP you must activate this MSTP protocol on a switch and then configure the protocol parameters Note The implementation of MSTP in the management s...

Страница 352: ...16PS switches each containing the two VLANs Sales and Production The ports of each VLAN on each switch are connected with a direct link using untagged ports If the switches were running STP or RSTP on...

Страница 353: ...e VLANs Assigned to an MSTI A MSTI can contain more than one VLAN This is illustrated in Figure 141 on page 354 where there are two AT GS950 16PS switches with four VLANs There are two MSTIs each cont...

Страница 354: ...the VLAN parts is made with tagged not untagged ports so that they can carry traffic from more than one virtual LAN Referring again to Figure 141 the tagged link in MSTI 1 is carrying traffic for both...

Страница 355: ...one MSTI at a time A switch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTI s This is possible because a p...

Страница 356: ...of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to only one insta...

Страница 357: ...red to as generic parameters These are set just once on a port and apply to all the MSTI s where the port is a member One of these parameters is the external path cost which sets the operating cost of...

Страница 358: ...e used to keep track of the revision level of a region s configuration For example you might use this value to maintain the number of times you revise a particular MSTP region It is important that eac...

Страница 359: ...ndary port and the bridge connected to the port as belonging to another region The same is true for any ports connected to bridges running the single instance spanning tree STP Those ports are also co...

Страница 360: ...ge for an entire bridged network MSTI priority is used only to determine the regional root for a particular MSTI The range for this parameter is the same as the RSTP bridge priority from 0 to 61 440 i...

Страница 361: ...a regional root for locating loops in the instance MSTIs can share the same regional root or have different roots A regional root is determined by the MSTI Bridge Priority value and a bridge s MAC add...

Страница 362: ...f it was assigned to an MSTI because only CIST is active outside of a region As mentioned earlier every MSTI must have a root bridge referred to as a regional root in order to locate loops that might...

Страница 363: ...AN and has been assigned to MSTI ID 10 and port 8 is a member of VLAN 3 assigned to MSTI ID 10 The BPDUs transmitted by port 8 to switch B indicate that the port is a member of both CIST 0 and MSTI 15...

Страница 364: ...sure that loop detection is based on MSTI not CIST 1 3 5 7 9 11 13 15 AT GS950 16PSGigabit Ethernet PoE Switch plus 1 3 5 7 9 11 13 15R 2 4 6 8 10 12 14 16R 15 16 1 3 5 7 2 4 6 8 9 11 13 15R 10 12 14...

Страница 365: ...ged member of two different VLANs both associated to MSTI 12 If both switches were a part of the same region there would be no problem because the ports reside in different spanning tree instances How...

Страница 366: ...The two regions share three VLANs Accounting Sales and Presales You can group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 12 a...

Страница 367: ...STI and the forwarding state for another spanning tree instance A network can contain any number of regions and a region can contain any number of AT GS950 16PS switches The AT GS950 16PS switch can b...

Страница 368: ...Appendix A MSTP Overview 368...

Страница 369: ...6 1 4 1 207 1 4 203 System Name none 0 15 characters System Location none 0 30 characters System Contact none 0 30 characters System IP Setup IP Address 192 168 1 1 IPv4 address in xxx xxx xxx xxx he...

Страница 370: ...ode Local Time SNTP Local Time Date Setting YYYY MM DD 2009 1 1 Time Setting HH MM SS 1 00 00 SNTP Primary Server 0 0 0 0 IPv4 address in xxx xxx xxx xxx format SNTP Secondary Server 0 0 0 0 IPv4 addr...

Страница 371: ...tatus Disabled Enabled Disabled Time Stamp Enabled Enabled Disabled Messages Buffered Size 50 1 200 Syslog Server IP 0 0 0 0 IPv4 address in xxx xxx xxx xxx format Facility local0 local0 local 7 Loggi...

Страница 372: ...TP Compatible RSTP Bridge Priority 0x8000 0x0000 0xF000 step 0x1000 Bridge Hello Time 2 seconds 1 10 seconds Bridge Maximum Age 20 seconds 6 40 seconds Bridge Forward Delay 15 seconds 4 30 seconds Por...

Страница 373: ...onds Maximum Hop Count 20 6 40 Transient Hold Count 3 1 10 MSTP Instance ID none 1 31 Mapped VLAN none Path Cost 20000 1 200 000 000 Priority 128 0 240 16 steps PointToPoint Status Auto Auto ForceTrue...

Страница 374: ...68 32768 System ID MAC Address of AT GS950 16PS switch Port Priority 0 0 255 Bridge Mirroring Mirroring Status Disabled Enabled Disabled Mirroring Port All 1 16 Ingress Mirrored Port All 1 16 All 1 16...

Страница 375: ...D 1 4000 Port Based VALN Index ID 1 52 Group MAC Address none 01 00 5E 00 01 00 01 00 5E 7F FF FF Group Member All 1 16 Static Multicast group number 256 entries shared with IGMP Snooping Bridge IGMP...

Страница 376: ...Status Disabled Enabled Disabled VLAN Mode All ports 802 1Q Tagged VLAN 802 1Q Tagged VLAN or Port Based VLAN on any port Tagged VLAN ID none 2 4000 Tagged VLAN Name none 0 32 characters Tagged Manag...

Страница 377: ...inTime 200 milli seconds 10 1073741810 milli seconds GarpLeaveTime 600 milli seconds 30 2147483630 milli seconds GarpLeaveAllTime 10000 milli seconds 40 2147483640 milli seconds Bridge QoS QoS Status...

Страница 378: ...Version v1 v1 v2c v3 encrypted not checked not checked checked Auth Protocol MD5 MD5 SHA Password none Priv Protocol DES DES none Password none SNMP Community Table Community Name none User Name View...

Страница 379: ...63 Protocol none 1 255 Source IP Address none IPv4 address in xxx xxx xxx xxx hex format Source IP Mask Length none 1 32 Destination IP Address none IPv4 address in xxx xxx xxx xxx hex format Destinat...

Страница 380: ...port 1 ports 1 16 NAS ID Nas1 1 16 characters Authentication Method RADIUS RADIUS Local Port Number port 1 ports 1 16 Policy Index none 1 65535 Classifier Index none 1 65535 Policy Sequence none 1 64...

Страница 381: ...larms Falling Event Index none 1 65535 Alarms Owner none Event Index Nas1 1 65535 Event Description none Event Type None None Log SNMP Trap Log and Trap Event Community none Event Owner none Voice VLA...

Страница 382: ...DIUS Accounting Port 1813 1 65535 RADIUS Shared Secret none 1 20 characters Destination MAC Filter MAC Address none Rule 1 Not support Multicast Mac address 01 xx xx xx xx xx 2 Not support VRRP Mac ad...

Страница 383: ...none xx xx xx xx xx xx hex format Binding Database IP Address none IPv4 address in xxx xxx xxx xxx hex format Binding Database VLAN none Binding Database Port port 1 All 1 16 Binding Database Type Dy...

Страница 384: ...Historical Status Statistics Inbound Octet Rate Bytes s 12 statistics Historical Status Auto Refresh 5 seconds 5 10 15 30 seconds Historical Status Port 1 ports 1 16 Historical Status Color Green 12 c...

Страница 385: ...39 characters special characters are dependent on OS file name limitation Cable Diagnostics Port 1 ports 1 16 LED ECO Mode Disable Enable Disable Reboot Factory Default Reset Enable Enabled Disabled R...

Страница 386: ...Appendix B AT GS950 16PS Default Parameters 386...

Отзывы:

Нет отзывов

Похожие инструкции для AT-GS950/16PS

8 Port 10/100Mbit/s Ethernet Smart Switch with Fibre Uplink

Бренд: Tyco Electronics Страницы: 18

TRAK 2OP M11 Mill

Бренд: XYZ Machine Tools Страницы: 203

Storage Networking (Unified Fabric Pilot)

Бренд: Qlogic Страницы: 76

Бренд: BHU NETWORKS Страницы: 75

Бренд: CalAmp Страницы: 115

Бренд: Pakedge Device & Software Страницы: 14

Бренд: Matrix Switch Corporation Страницы: 60

Бренд: Active Communications Страницы: 10

Ether-GSH24T v3

Бренд: AirLive Страницы: 2

802.11a/b/g SDIO WiFi Module SDM3100

Бренд: Abocom Страницы: 14

Бренд: Zoom Страницы: 2

Airborne M2M ABDN-er-DP55 Series

Бренд: B+B SmartWorx Страницы: 120

Fibe-Air IP-10G

Бренд: Ceragon Страницы: 71

Бренд: Enterasys Страницы: 2

Sporlan Division SCS-PB Series

Бренд: Parker Страницы: 10

Бренд: Allynk Technology Страницы: 39

Бренд: ZyXEL Communications Страницы: 2

Бренд: ZyXEL Communications Страницы: 263

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды