Allied Telesis AT-S95 Скачать руководство пользователя страница 86

Страница: 86 / 246

Configuring Device Security

Defining Access Control

Page 86

•

Destination Port

— Defines the TCP/UDP destination port. This field is active only if 800/6-TCP or 800/17-

UDP are selected in the Select from List drop-down menu. The possible field range is 0 - 65535.

•

Source

–

IPv6 Address

— Matches the source port IPv6 address from which packets are addressed to the ACE.

–

Prefix Length —

Defines the number of bits that comprise the source IP address prefix, or the network

mask of the source IP address.

•

Destination

–

IPv6 Address

— Matches the destination port IPv6 address to which packets are addressed to the ACE.

–

Prefix Length —

Defines the number of bits that comprise the destination IP address prefix, or the

network mask of the destination IP address.

•

Flag Set

— Sets the indicated TCP flag that can be triggered. The possible values are:

–

Urg, Ack, Psh, Rst, Syn,

and

Fin

The indicated value setting is represented by one of the following:

–

— Flag is set.

–

— Flag is disabled.

–

— Don’t care.

•

ICMP Type

— Filters packets by ICMP message type. The field values are 0-255.

•

ICMP Code

— Indicates and ICMP message code for filtering ICMP packets. ICMP packets that are filtered

by ICMP message type can also be filtered by the ICMP message code.

•

IGMP

Type

— Filters packets by IGMP message or message types.

•

DSCP

— Matches the packets DSCP value.

•

IP Prec.

— Matches the packet IP Precedence value to the ACE. Either the DSCP value or the IP

Precedence value is used to match packets to ACLs. The possible field range is 0-7.

•

Action

— Indicates the action assigned to the packet matching the ACL. Packets are forwarded or dropped.

In addition, the port can be shut down, a trap can be sent to the network administrator, or packet is assigned
rate limiting restrictions for forwarding. The options are as follows:

–

Permit

— Forwards packets which meet the ACL criteria.

–

Deny

— Drops packets which meet the ACL criteria.

–

Shutdown

— Drops packet that meets the ACL criteria, and disables the port to which the packet was

addressed. Ports are reactivated from the

Port Management

Page

•

Delete

— To remove an ACE, click the ACE’s checkbox and click the

Delete

button.

Содержание AT-S95

Страница 1: ...613 001188 Rev A Management Software AT S95 Web Browser Interface User s Guide AT 8000GS Series Stackable Gigabit Ethernet Switches Version 2 0 0 19...

Страница 2: ...ntioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this docume...

Страница 3: ...Configurable Login Banner 20 Defining System Information 21 Configuring Internet Protocol Version 6 23 Defining IPv6 Interfaces 23 Defining the IPv6 Default Gateway 27 Configuring Tunnels 29 Defining...

Страница 4: ...Configuring Port Mirroring 103 Aggregating Ports 106 Defining Trunk Settings 107 Defining Port Trunking 110 Configuring LACP 112 Configuring Interfaces 114 Defining MAC Addresses 114 Configuring VLAN...

Страница 5: ...Viewing the LLDP Neighbors Information 188 Configuring Power Over Ethernet 191 Defining Power Over Ethernet Configuration 193 Configuring Services 195 Enabling Class of Service CoS 196 Configuring CoS...

Страница 6: ...g a Terminal 232 Initial Configuration 233 Configuration 233 Static IP Address and Subnet Mask 233 User Name 234 Downloading Software 234 Standalone Device Software Download 234 Stacking Member Softwa...

Страница 7: ...agement System EWS The Embedded Management System enables configuring monitoring and troubleshooting of network devices remotely via a web browser The web pages are easy to use and easy to navigate Th...

Страница 8: ...Configuring System Logs Provides information for setting up and viewing system logs and configuring switch log servers Section 10 Configuring Spanning Tree Provides information for configuring Classic...

Страница 9: ...nt Conventions This document uses the following conventions Note Provides related information or information of special importance Caution Indicates potential damage to hardware or software or loss of...

Страница 10: ...eturning Products Products for return or repair must first be assigned a Return Materials Authorization RMA number A product sent to Allied Telesis without a RMA number will be returned to the sender...

Страница 11: ...information for starting the application The login information is configured with a default user name and password The default password is friend the default user name is manager Passwords are both c...

Страница 12: ...Getting Started Starting the Application Page 12 5 Click Sign In The System General Page opens Figure 2 System General Page...

Страница 13: ...m Views provide a graphical representation of the device ports The Port Settings Page displays an example of the Zoom View with a detailed graphical representation of the device ports To open a zoom v...

Страница 14: ...components with their corresponding numbers Table 1 Interface Components Component Description 1 Menu The Menu provides easy navigation through the main management software features In addition the Me...

Страница 15: ...s maintained until reset or power up Apply Saves configuration changes to the device The configuration change is saved to the Running Configuration file and is maintained until reset or power up Confi...

Страница 16: ...the user into the WBI starts the management session Logout Signs the user out of the WBI ending the management session Help Opens the online help page Exit Help Closes the online help page Save Confi...

Страница 17: ...s To add information to tables or WBI pages 1 Open a WBI page 2 Click Add An Add page opens for example the Add Community Page Figure 5 Add Community Page 3 Define the fields 4 Click Apply The configu...

Страница 18: ...I pages 1 Open the WBI page 2 Select a table row 3 Click Delete The information is deleted and the device is updated Saving Configurations User defined information can be saved for permanent use or un...

Страница 19: ...g Out The Logout option enables the user to log out of the device thereby terminating the running session To log out In any page click Logout on the menu The current management session is ended and th...

Страница 20: ...device After the device is reset a prompt for a user name and password displays 3 Enter a user name and password to reconnect to the Web Interface To reset the device to the predefined default configu...

Страница 21: ...System General Page comprises two sections Administration and DHCP Configuration The Administration section of the System General Page contains the following fields System Name Indicates the user def...

Страница 22: ...ase the device following reset checks if the IP address is already defined in the Startup Configuration If not the device tries to receive an IP address from a BootIP server until either an IP address...

Страница 23: ...d therefore are not required to be expressed Any prefix that is less than 64 bits is a route or address range that is summarizing a portion of the IPv6 address space For every assignment of an IP addr...

Страница 24: ...set per device To define IPv6 Interfaces 1 Click System IPv6 Interface The IPv6 Interface Page opens Figure 9 IPv6 Interface Page The IPv6 Interface Page contains the following fields Interface Indic...

Страница 25: ...address is 2031 0 130F 0 0 9C0 876A 130D and the compressed version is represented as 2031 0 130F 9C0 876A 130D Up to five IP addresses can be set per interface with the limitation of up to 128 addres...

Страница 26: ...s the interface ID low order 64 bits of the IPv6 address is built from the system base MAC address The following fields options are Checked Enables the EUI 64 option This option is relevant only to Gl...

Страница 27: ...hat configuring a new static default gateway without deleting the previously configured one overwrites the previous configuration A configured default gateway has a higher precedence over automaticall...

Страница 28: ...Gateway Page opens Figure 12 Add Static Default Gateway Page 4 Define the Default Gateway IPv6 Address field for the IP Interface The address must be a valid IPv6 address specified in hexadecimal usi...

Страница 29: ...e following fields Tunnel Type Indicates the is the tunnel type The possible field values are ISATAP Indicates ISATAP is the selected tunnel type None IPv6 transition mechanism is not used This is the...

Страница 30: ...ce sends The range is 1 20 seconds The default is 3 2 Click Apply The Tunnel is defined and the device is updated Defining IPv6 Neighbors The IPv6 Neighbors Page contains information for defining IPv6...

Страница 31: ...from the IPv6 Neighbor Table Dynamic Only Deletes the dynamic IPv6 address entries from the IPv6 Neighbor Table All Dynamic and Static Deletes the IPv6 Neighbor Table static and dynamic address entrie...

Страница 32: ...System IPv6 Neighbors The IPv6 Neighbors Page opens 2 Select the IPv6 Address field to be edited 3 Click Modify The IPv6 Neighbor Configuration Page opens Notes Static IPv6 addresses require a MAC add...

Страница 33: ...e information entry The possible field values are Static Shows static neighbor discovery cache entries Dynamic Shows dynamic neighbor discovery cache entries State Displays the IPv6 Neighbor status Th...

Страница 34: ...em time reverts to the local hardware clock Daylight Savings Time can be enabled on the device To configure the system clock time 1 Click System System Time The System Time Page opens Figure 17 System...

Страница 35: ...he time source Stratum 1 A server that is directly linked to a Stratum 0 time source is used Stratum 1 time servers provide primary network time standards Stratum 2 The time source is distanced from t...

Страница 36: ...orted 2 Select the SNTP Status Supported IP Format and when applicable the IPv6 Address Type and Link Local Interface 3 Define the Server IP Address and the Poll Interval fields 4 Click Apply The SNTP...

Страница 37: ...The day of the week from which DST begins every year The possible field range is Sunday Saturday Week The week within the month from which DST begins every year The possible field range is 1 5 Month...

Страница 38: ...t weekend of March until the last weekend of October India India does not use Daylight Saving Time Iran From Farvardin 1 until Mehr 1 Iraq From April 1 until October 1 Ireland From the last weekend of...

Страница 39: ...kend of March until the last weekend of October Switzerland From the last weekend of March until the last weekend of October Syria From March 31 until October 30 Taiwan Taiwan does not use Daylight Sa...

Страница 40: ...This section describes setting security parameters for ports device management methods users and servers This section contains the following topics Configuring Management Security Configuring Server...

Страница 41: ...efined for interfaces according to IP addresses or IP subnets Access profiles contain management methods for accessing and managing the device The device management methods include All Telnet Secure T...

Страница 42: ...ains a table listing the currently defined profiles and their active status Access Profile Name The name of the profile The access profile name can contain up to 32 characters Current Active Access Pr...

Страница 43: ...If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users acc...

Страница 44: ...This option is only available the first time you configure the access profile Tunnel 1 Specifies that ISATAP tunneling Tunnel 1 mechanism is supported Note You must initially select the VLAN 1 option...

Страница 45: ...ty Profile Rules The Profile Rules Page opens Figure 20 Profile Rules Page Access Profile Name Displays the access profile to which the rule is attached Priority Defines the rule priority When the pac...

Страница 46: ...HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the r...

Страница 47: ...rface Global Specifies that global Unicast addressing is supported by the interface Link Local Interface If Link Local is selected as the supported IPv6 Address Type defines the supported interface Th...

Страница 48: ...dify an access rule 1 Click Mgmt Security Profile Rules The Profile Rules Page opens 2 Click Modify The Profiles Rules Configuration Page opens Figure 22 Profiles Rules Configuration Page 3 Define the...

Страница 49: ...Authentication Profiles Page contains two tables which display the currently defined profiles Login Authentication Profiles Provides the method by which system users logon to the device Enable Authent...

Страница 50: ...thentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session cannot be authenticated locally the session...

Страница 51: ...Using the arrows move the method s from the Optional Method list to the Selected Method list 6 Click Apply The authentication profile is defined The profile is added to the profiles table and the devi...

Страница 52: ...e 52 Figure 25 Authentication Profile Configuration Page 3 Select the Profile Name from the list 4 Using the arrows move the method s from the Optional Method list to the Selected Method list 5 Click...

Страница 53: ...ods are used To map authentication methods 1 Click Mgmt Security Authentication Mapping The Authentication Mapping Page opens Figure 26 Authentication Mapping Page The Authentication Mapping Page comp...

Страница 54: ...for access HTTP Indicates that authentication methods are used for HTTP access Possible methods are Local Authentication occurs locally RADIUS Authenticates the user at the RADIUS server TACACS Authen...

Страница 55: ...ing TACACS Terminal Access Controller Access Control System TACACS provides centralized security user access validation The system supports up to 8 TACACS servers TACACS provides a centralized user ma...

Страница 56: ...ies the authentication port The device communicates with the TACACS server through the authentication port The default is 49 Timeout for Reply Defines the time interval in seconds that passes before t...

Страница 57: ...Configuring Device Security Configuring Server Based Authentication Page 57 Figure 28 Add TACACS Page 3 Define the fields 4 Click Apply The TACACS profile is saved and the device is updated...

Страница 58: ...To modify TACACS server settings 1 Click Mgmt Protocols TACACS The TACACS Page opens 2 Click Modify The TACACS Configuration Page opens Figure 29 TACACS Configuration Page 3 Define the relevant field...

Страница 59: ...Page opens Figure 30 RADIUS Page The RADIUS Page contains the following fields Radius Accounting Usage Specifies the RADIUS recording session type The default value is None The possible field values...

Страница 60: ...rver authentication The authenticated port default is 1812 Accounting Port Identifies the accounting port The accounting port is used to verify the RADIUS server recording session The accounting port...

Страница 61: ...vice Security Configuring Server Based Authentication Page 61 2 Click Add The Add RADIUS Page opens Figure 31 Add RADIUS Page 3 Define the fields 4 Click Apply The RADIUS profile is saved and the devi...

Страница 62: ...modify RADIUS server settings 1 Click Mgmt Protocols RADIUS The RADIUS Page opens 2 Click Modify The RADIUS Configuration Page opens Figure 32 RADIUS Configuration Page 3 Define the relevant fields 4...

Страница 63: ...3 Local Users Page The Local Users Page displays the list of currently defined local users and contains the following fields User Name Displays the user s name Access Level Displays the user access le...

Страница 64: ...swords can contain up to 159 characters Confirm Password Verifies the password 3 Define the fields 4 Click Apply The user is added to the Local Users table and the device is updated To modify local us...

Страница 65: ...Password The Line Password Page opens Figure 36 Line Password Page The Line Password Page contains the following fields Console Line Password Defines the line password for accessing the device via a...

Страница 66: ...rned or statically configured Locked port security monitors both received and learned packets that are received on specific ports Access to the locked port is limited to users with specific MAC addres...

Страница 67: ...Port Security The Port Security Page opens Figure 37 Port Security Page The Port Security Page displays the Zoom View of the selected stacking member s defined in the Unit No field ports 2 In the Uni...

Страница 68: ...values are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks...

Страница 69: ...the device Unchecked Disables the 802 1x port access on the device This is the default value Authentication Method Displays the method by which the last session was authenticated The possible field va...

Страница 70: ...for reauthentication Immediate Reauthenticates the port immediately The 802 1x Port Access Page also displays the Zoom View of the selected stacking member s defined in the Unit No field ports 2 Selec...

Страница 71: ...that are not the supplicant s address while not learning the source addresses Discard Enables the discarding of frames with source addresses that are not the supplicant s address This is the default...

Страница 72: ...e is 0 65535 The field default is 60 seconds Resending EAP Defines the amount of time in seconds that lapses before EAP requests are resent The field default is 30 seconds Max EAP Requests Displays th...

Страница 73: ...eously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm control is enabled for...

Страница 74: ...es are Enabled Enables storm control on the selected port Disabled Disables storm control on the selected port Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible...

Страница 75: ...ntrol entries ACEs that are made of the filters that determine traffic classifications The total number of ACEs that can be defined in all ACLs together is 256 This section contains the following topi...

Страница 76: ...packets are addressed to the ACE Destination MAC Mask Indicates the destination MAC Address wild card mask Wildcards are used to mask all or part of a destination MAC Address Wild card masks specify...

Страница 77: ...ACL Page opens Figure 44 Add MAC Based ACL Page 3 In the ACL Name field type a name for the ACL 4 Enable Rule Priority and define the ACL s relevant fields 5 Click Apply The MAC Based ACL configurati...

Страница 78: ...ity MAC Based ACL The MAC Based ACL Page opens 2 Click the Add ACE button The Add MAC Based ACE Page opens Figure 45 Add MAC Based ACE Page 3 Define the fields 4 Click Apply The MAC Based ACE rule is...

Страница 79: ...Figure 46 MAC Based ACE Configuration Page 3 Define the fields 4 Click Apply The MAC Based ACL configuration is defined and the device is updated 5 Click Save Config on the menu to save the changes p...

Страница 80: ...net Group Management Protocol IGMP Allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific Multicast group IP Internet Protocol IP Specifies...

Страница 81: ...nnels between two routers This ensures that IPIP tunnel appears as a single interface rather than several separate interfaces IPIP enables tunnel intranets to access the internet and provides an alter...

Страница 82: ...packets ICMP packets that are filtered by ICMP message type can also be filtered by the ICMP message code IGMP Type Filters packets by IGMP message or message types DSCP Matches the packets DSCP valu...

Страница 83: ...classification to identify flows based on QoS values such as DSCP or IP Precedence The possible field values are Checked Enables identification of flows based on QoS values Selecting this option make...

Страница 84: ...Apply The IPv4 based ACE rule is defined and the device is updated 5 Click Save Config on the menu to save the changes permanently To modify the IPv4 based ACL configuration 1 Click Network Security I...

Страница 85: ...le is matched to a packet on a first match basis Protocol Creates an ACE based on a specific protocol The available protocols are ICMP Internet Control Message Protocol ICMP The ICMP allows the gatewa...

Страница 86: ...abled x Don t care ICMP Type Filters packets by ICMP message type The field values are 0 255 ICMP Code Indicates and ICMP message code for filtering ICMP packets ICMP packets that are filtered by ICMP...

Страница 87: ...classification to identify flows based on QoS values such as DSCP or IP Precedence The possible field values are Checked Enables identification of flows based on QoS values Selecting this option make...

Страница 88: ...sed ACE rule is defined and the device is updated 5 Click Save Config on the menu to save the changes permanently To modify the IPv6 based ACL configuration 1 Click Network Security IPv6 Based ACL The...

Страница 89: ...s 1 Click Network Security ACL Binding The ACL Binding Page opens Figure 52 ACL Binding Page The ACL Binding Page contains the following fields Interface Indicates the interface to which the ACL is bo...

Страница 90: ...ng fields Interface Choose the interface to which the ACL is bound The possible values are Port Port associated with the ACL Trunk Trunk associated with the ACL Select IPv4 Based ACL IPv6 Based ACL or...

Страница 91: ...n interface from outside the network or from a interface beyond the network firewall Trusted interfaces receive packets only from within the network or the network firewall DHCP with Option 82 attache...

Страница 92: ...value Pass Through Option 82 Indicates if DHCP Option 82 with data insertion is enabled on the device The possible field values are Enable If DHCP Option 82 with data insertion is enabled the DHCP rel...

Страница 93: ...e packets sent to DHCP Server via TCP IP network The option permits network administrators to limit address allocation to authorized hosts only This permits network administrators to limit address all...

Страница 94: ...ANs list 3 Click Save Config on the menu to save the changes permanently Defining Trusted Interfaces The Trusted Interfaces Page allows network manager to define Trusted interfaces Trusted interfaces...

Страница 95: ...Ports of Unit Displays the stacking member whose trusted interface configuration is displayed Trunk Displays the trunks whose trusted interface configuration is displayed Interface Contains a list of...

Страница 96: ...es whether the interface is a Trusted Interface Enable Interface is a trusted interface Disable Interface is an untrusted interface 5 Click Apply The Trusted Interfaces configuration is defined and th...

Страница 97: ...MAC address IPv4 Address Indicates the IPv4 addresses recorded in the DHCP Database The Database can be queried by IPv4 address VLAN Indicates the VLANs recorded in the DHCP Database The Database can...

Страница 98: ...rver Lease Time Displays the lease time The Lease Time defines the amount of time the DHCP Snooping entry is active Addresses whose lease times are expired are ignored by the switch The possible value...

Страница 99: ...e Setting Ports Configurations Aggregating Ports Setting Ports Configurations This section contains the following topics Defining Port Settings Configuring Port Mirroring Defining Port Settings The Po...

Страница 100: ...possible settings 3 Click Modify The Port Setting Configuration Page opens Figure 61 Port Setting Configuration Page The Port Setting Configuration Page contains the following fields Port Lists the n...

Страница 101: ...Indicates the port is currently disabled and is not receiving or transmitting traffic Unknown Indicates the port status is currently unknown Admin Speed Indicates the configured rate for the port The...

Страница 102: ...de Enable Indicates that flow control is currently enabled for the selected port Disable Indicates that flow control is currently disabled for the selected port This is the default value Current Flow...

Страница 103: ...yer 1 Port Mirroring The Port Mirroring Page opens Figure 62 Port Mirroring Page The Port Mirroring Page contains information about all port mirrors currently defined on the device The following infor...

Страница 104: ...s the port from which traffic is to be analyzed Type Indicates the port mode configuration for port mirroring The possible field values are Rx Only Defines the port mirroring on receiving ports Tx Onl...

Страница 105: ...ring Ports Setting Ports Configurations Page 105 3 Define the Type field 4 Click Apply The Port mirroring is modified and the device is updated 5 Click Save Config on the menu to permanently save the...

Страница 106: ...The port is not assigned to a different trunk Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the trunk have the same ingress filtering and tagged mod...

Страница 107: ...d The possible field values are Up Indicates the trunk is currently linked and is forwarding or receiving traffic Down Indicates the trunk is not currently linked and is not forwarding or receiving tr...

Страница 108: ...uplink is distributed to all interfaces 2 Click Modify The Trunk Setting Configuration Page opens Figure 66 Trunk Setting Configuration Page The Trunk Setting Configuration Page contains the following...

Страница 109: ...runk Current Advertisement Indicates the trunk advertises its speed to its neighbor trunk to start the negotiation process The possible field values are those specified in the Admin Advertisement fiel...

Страница 110: ...formation about all port trunks currently defined on the device The following information is displayed Trunk Displays the ID number of the trunk Name Displays the name of the trunk The name can be up...

Страница 111: ...trunking parameters are defined LACP Indicates if LACP is enabled on the trunk The possible field values are Checked Enables LACP on the trunk Unchecked Disables LACP on the trunk This is the default...

Страница 112: ...fields for configuring LACP trunks To configure LACP for trunks 1 Click Layer 1 LACP The LACP Page opens Figure 69 LACP Page The LACP Page contains the following fields LACP System Priority Specifies...

Страница 113: ...ing Ports Aggregating Ports Page 113 2 Click Modify the LACP Configuration Page opens Figure 70 LACP Configuration Page 3 Define the fields 4 Click Apply The LACP settings are saved and the device is...

Страница 114: ...C Addresses The MAC Address Page contains parameters for querying information in the Static MAC Address Table and the Dynamic MAC Address Table in addition to viewing and configuring Unicast addresses...

Страница 115: ...fy the MAC address The system automatically locates the port that is connected to the device Delete All Dynamic MAC Addresses Clicking Delete removes all dynamic addresses from the MAC Address Table 2...

Страница 116: ...kets arrive on the ports To view or remove static MAC addresses 1 Click Layer 2 MAC Address The MAC Address Page opens 2 Click View Depending on whether View Static or View Dynamic is chosen the View...

Страница 117: ...and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN awa...

Страница 118: ...4095 is reserved as the discard VLAN VLAN Name Displays the user defined VLAN name VLAN Type Displays the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created thr...

Страница 119: ...is a tagged member of a VLAN All packets forwarded by the interface are tagged The packets contain VLAN information Untagged Indicates the interface is an untagged VLAN member Packets forwarded by the...

Страница 120: ...3 Click Modify The VLAN Configuration opens Figure 76 VLAN Configuration 4 Change the Interface Status setting 5 Click Apply The VLAN configuration is modified and the device is updated 6 Click Save...

Страница 121: ...lays the port or trunk number Interface VLAN Mode Indicates the port or trunk mode in the VLAN The possible values are General Indicates the port belongs to VLANs and each VLAN s interface is user def...

Страница 122: ...cific port is not a member Disable Disables ingress filtering on the device Reserved VLAN Indicates the VLAN that is currently reserved for internal use by the system 2 Select an interface from the ta...

Страница 123: ...on a Port The settings for the three GVRP timers must be the same on all GVRP active devices in your network This is configurable only in the CLI using the config if garp timer command Configuring GV...

Страница 124: ...registration through GVRP is enabled on the interface The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device 2 Select Enable GVR...

Страница 125: ...the following fields MAC Based Group In the MAC Based Group table network managers group VLANs based on the VLAN MAC address MAC Address Displays the MAC address associated with the VLAN group Prefix...

Страница 126: ...Page the Add MAC Address Group Page contains the following additional fields Host Defines the specified MAC address as the only address associated with the VLAN group 3 Define the fields 4 Click Appl...

Страница 127: ...l fields Group Type Indicates the VLAN Group to which interfaces are mapped The possible field value is MAC based Indicates that interfaces are mapped to MAC based VLAN groups 3 Select a VLAN to map w...

Страница 128: ...or example Syslog and local device reporting messages are assigned a severity code and include a message mnemonic which identifies the source application generating the message This allows messages to...

Страница 129: ...s of a Flash memory log IP Address Displays the defined IP address of the syslog server Minimum Severity Indicates the defined minimum severity level Description Provides additional information about...

Страница 130: ...any additional information about the syslog server for example its location UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 65535 The default value is 514 Mini...

Страница 131: ...severity for logging to file is Error Console Temporary and or Flash Enables or disables device event logging to the severity indicated 2 Define the relevant fields 3 Click Apply The Server Log confi...

Страница 132: ...ry Log Page list the following information Log Index The log index number Log Time The date and time that the log was entered Severity The severity of the event for which the log entry was created Des...

Страница 133: ...n on configuring Classic STP see Configuring Classic Spanning Tree Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops...

Страница 134: ...are Enable Enables STP on the device Disable Disables STP on the device STP Operation Mode Specifies the STP mode that is enabled on the device The possible field values are Classic STP Enables Class...

Страница 135: ...is 6 40 seconds the default value is 20 seconds Forward Delay Specifies the device Forward Delay Time in seconds The Forward Delay Time is the time interval during which a bridge remains in the liste...

Страница 136: ...erface Configuration Page The STP Interface Configuration Page contains the following sections STP Port Parameters table Global System Trunk table The parameters listed in both tables are identical Th...

Страница 137: ...earning mode The interface cannot forward traffic however it can learn new MAC addresses Forwarding Indicates the port is currently in the forwarding mode The port can forward traffic and learn new MA...

Страница 138: ...n Page for ports or for trunks opens Figure 92 Spanning Tree Configuration Page In addition to the STP Interface Configuration Page the port level Spanning Tree Configuration Page contains the followi...

Страница 139: ...port and stacking member for which the RSTP settings are displayed Trunks Specifies the trunk for which the RSTP settings are displayed Interface Displays the port or trunk on which Rapid STP is enabl...

Страница 140: ...determines the state Point to Point Operational Status Displays the point to point operating state Activate Protocol Migration Test Select to run a Protocol Migration Test The test identifies the STP...

Страница 141: ...learn new MAC addresses Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses 3 Define the Interface Point to Point Admin Status and Act...

Страница 142: ...TP Page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops To define MSTP 1 Click Layer 2 MSTP The MSTP Page opens Figure 95 MSTP Page The MS...

Страница 143: ...Instance Settings Click Configure to define MSTP Instances settings 2 Define the Region Name Revision and Max Hops fields 3 Click Apply The MSTP properties are defined and the device is updated Defin...

Страница 144: ...the root device Designated Indicates the port or trunk through which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backu...

Страница 145: ...elected interface 5 Click Save Config on the menu to save changes permanently 6 To view the MSTP configurations of all interfaces click Interface Table The MSTP Interface Table is displayed In the MST...

Страница 146: ...ayer 2 MSTP The MSTP Page opens 2 Click Configure next to the Configure Instance Mapping option The MSTP Instance Mapping Page opens Figure 98 MSTP Instance Mapping Page The MSTP Instance Mapping Page...

Страница 147: ...Layer 2 MSTP The MSTP Page opens 2 Click Configure next to the Configure Instance Settings option The MSTP Instance Settings Page opens Figure 99 MSTP Instance Settings Page The MSTP Instance Setting...

Страница 148: ...figuring Multiple Spanning Tree Page 148 3 Define the fields 4 Click Apply MSTP is defined for the selected instance and the device is updated The MSTP Page is displayed 5 Click Save Config on the men...

Страница 149: ...he relevant ports The Internet Group Management Protocol IGMP allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific Multicast group Multica...

Страница 150: ...embers This results in the creation of the Multicast filtering database To configure IGMP Snooping 1 Click Multicast IGMP The IGMP Page opens Figure 100 IGMP Page The IGMP Page contains the following...

Страница 151: ...Auto Learn is enabled on the device If Auto Learn is enabled the devices automatically learns where other Multicast groups are located Enables or disables Auto Learn on the Ethernet device The possibl...

Страница 152: ...st times out as specified in the Leave Timeout field 3 Define the fields Select Reset as Default to use the default value 4 Click Apply The IGMP Snooping global parameters are modified and the device...

Страница 153: ...ticast frames are flooded to all ports in the relevant VLAN Disabled is the default value VLAN ID Displays the VLAN for which Multicast parameters are displayed Bridge Multicast Address Identifies the...

Страница 154: ...idge Multicast MAC Address and the Bridge Multicast IPv4 Address 6 Click Apply The new Multicast group is saved and the device is updated To modify a Multicast group 1 Click Modify The Multicast Group...

Страница 155: ...e 105 Multicast Forward All Page The Multicast Forward All Page contains the following fields VLAN ID Displays the VLAN for which Multicast parameters are displayed Select the interfaces displayed in...

Страница 156: ...6 3 Click Modify The Multicast Forward All Configuration Page opens Figure 106 Multicast Forward All Configuration Page 4 Define the Interface Status field 5 Click Apply The Multicast Forward All sett...

Страница 157: ...g Filtering then this port s configuration is valid for any VLAN it is a member of or will be a member of To define unregistered Multicast settings 1 Click Multicast Unregistered Multicast The Unregis...

Страница 158: ...Click Modify The Unregistered Multicast Configuration Page opens Figure 108 Unregistered Multicast Configuration Page 3 Define the Unregistered Multicast field 4 Click Apply The Multicast Forward All...

Страница 159: ...e MIB tree The SNMPv3 security structure consists of security models with each model having its own security levels There are three security models defined SNMPv1 SNMPv2c and SNMPv3 Users are assigned...

Страница 160: ...se Default Restores default SNMP settings using the Local Engine ID Enable SNMP Notifications Indicates if SNMP traps are enabled for the device The possible values are Checked Traps are enabled Unche...

Страница 161: ...s 1 Click SNMP Community The SNMP Global Page opens The SNMP Community Page opens Figure 110 SNMP Community Page The SNMP Community Page contains the Basic and the Advanced Table SNMP Communities Basi...

Страница 162: ...Name Contains a list of user defined SNMP views in addition to the Default and DefaultSuper views SNMP Communities Advanced Table The SNMP Communities Advanced Table contains the following fields Mana...

Страница 163: ...nced SNMP community is defined A value of 0 0 0 0 indicates all management station IP addresses Community String Defines the community name used to authenticate the management station to the device Ba...

Страница 164: ...entry in the Basic table or in the Advanced Table 2 Click Modify The Community Configuration Page opens Figure 112 Community Configuration Page 3 Define the Basic or Advanced configuration of the comm...

Страница 165: ...define an SNMP group 1 Click SNMP Groups The SNMP Group Page opens Figure 113 SNMP Group Page The SNMP Group Page contains the following fields Group Name Displays the user defined group to which acce...

Страница 166: ...ge s origin is authenticated Privacy Encrypts SNMP messages Operation Defines the group access rights The possible field values are Read Management access is restricted to read only and changes cannot...

Страница 167: ...Click SNMP Groups The SNMP Group Page opens 2 Click Modify The Group Configuration Page opens Figure 115 Group Configuration Page 3 Define the Group Name Security Level Security Model and Operation f...

Страница 168: ...defined user names The field range is up to 30 alphanumeric characters Group Name Contains a list of user defined SNMP groups SNMP groups are defined in the SNMP Group Profile Page Engine ID Displays...

Страница 169: ...Page opens Figure 117 Add SNMP User Page In addition to the SNMP Users Page the Add SNMP User Page contains the following fields Authentication Method Defines the SNMP Authentication method The possi...

Страница 170: ...on Privacy Key Defines the Privacy Key LSB If only authentication is required 20 bytes are defined If both privacy and authentication are required 36 bytes are defined Each byte in hexadecimal charact...

Страница 171: ...s The SNMP Views Page opens Figure 119 SNMP Views Page The SNMP Views Page contains the following fields View Name Displays the user defined views The view name can contain a maximum of 30 alphanumeri...

Страница 172: ...using one of the following options Select from List Select the Subtree from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or do...

Страница 173: ...sers and the trap type sent SNMP notification filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Ch...

Страница 174: ...ates the number of times the device resends an inform request The field range is 1 255 The default is 3 SNMPv3 Notification Recipient The SNMPv3 Notification Recipient table contains the following fie...

Страница 175: ...IPv6 Address Type Defines the type of configurable static IPv6 IP address for an interface The possible values are Link Local Defines a Link Local address non routable and can be used for communicati...

Страница 176: ...y notification settings 1 Click SNMP Notify The SNMP Notify Page opens 2 Select an entry from one of the tables and click Modify The SNMP Notify Configuration Page opens Figure 123 SNMP Notify Configu...

Страница 177: ...ter notifications To configure SNMP notification filters 1 Click SNMP Notify The SNMP Notify Page opens 2 Click Configure next to Configure Notification Filters The SNMP Notification Filter Configurat...

Страница 178: ...ed from either the Select from List or the Object ID field There are two configuration options Select from List Select the OID from the list provided Pressing the Up and Down buttons allows you to cha...

Страница 179: ...er systems and to store discovered information Device discovery information includes Device Identification Device Capabilities Device Configuration The advertising device transmits multiple advertisem...

Страница 180: ...ible field range is 5 32768 seconds The default value is 30 seconds Use Default Selecting the check box returns settings to default Hold Multiplier 2 10 Indicates the amount of time that LLDP packets...

Страница 181: ...waits before reinitializing LLDP transmissions in the Reinitializing Delay field 6 Define how long the system waits between LLDP packet transmissions if a change has occurred in the MIB in the Transmi...

Страница 182: ...le static and dynamic IP addresses The possible field values are Stop Advertising Indicates the IP address is not advertised Auto Advertise Indicates that the software automatically selects a manageme...

Страница 183: ...networks for QoS Policies Voice VLANs Provides Emergency Call Service E 911 via IP Phone location information Provides troubleshooting information LLDP MED sends network managers alerts for Port spee...

Страница 184: ...y is defined for tagged VLANs Untagged Indicates the network policy is defined for untagged VLANs User Priority Defines the user priority assigned to the network application DSCP Value Defines the Dif...

Страница 185: ...P Profile Rules The LLDP MED Network Policy Page opens 2 Click Modify The Network Policy Settings Configuration Page opens Figure 131 Network Policy Settings Configuration Page 3 Define the fields 4 C...

Страница 186: ...No Indicates the stacking member s ports for which the LLDP MED port settings are displayed Port Specifies the list of ports to which LLDP MED network policy can be attached LLDP MED Status Indicates...

Страница 187: ...ttached to the port Location Advertises the port s location PoE PSE Advertises the port PoE information Available Network Policies Network Policy Contains a list of network policies that can be assign...

Страница 188: ...P advertisements To view LLDP Neighbor information 1 Click LLDP Neighbors Information The LLDP Neighbors Information Page opens Figure 134 LLDP Neighbors Information Page The LLDP Neighbors Informatio...

Страница 189: ...The MAU performs physical layer functions including digital data conversion from the Ethernet interfaces collision detection and bit injection into the network System Name Displays the advertised syst...

Страница 190: ...N Guest VLAN Signaling Softphone Voice Video Conferencing Streaming Video Video Signaling Flags Displays the VLAN tagging status for the application type The possible field values are Tagged The packe...

Страница 191: ...remote monitoring Powered Devices are devices which receive power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports The PoE threshold...

Страница 192: ...rcent If maximum power available is 375 W and the power threshold is 95 the threshold is exceeded when the PoE devices require more than 356 25 W Maximum Power Available Indicates the maximum power al...

Страница 193: ...s is the default setting Disable Disables PoE on the port Priority Level Indicates the PoE ports priority The possible values are Critical High and Low The default is Low Class Indicates the power cla...

Страница 194: ...nnot be used to deliver power to the powered device The device has detected a fault on the powered device For example the powered device memory could not be read Test Indicates the powered device is b...

Страница 195: ...ority Ensures that time sensitive applications are always forwarded Strict Priority SP allows the prioritization of mission critical time sensitive traffic over less time sensitive applications For ex...

Страница 196: ...he device Unchecked Disables QoS on the device Trust Mode Defines which packet fields to use for classifying packets entering the device When no rules are defined the traffic containing the predefined...

Страница 197: ...Check the Restore Defaults option where needed 4 Click Modify The CoS Configuration Page opens Figure 139 CoS Configuration Page The CoS Configuration Page contains the following fields Interface Sets...

Страница 198: ...tains scheduling and Priority Queue settings for the defined CoS and DSCP and contains the following fields Select Schedule Defines the priority method in queuing Strict Priority Indicates that traffi...

Страница 199: ...oS Page The Configure CoS Page contains the following fields Restore Defaults Restores the device factory defaults for mapping CoS tags to a forwarding queue Class of Service Specifies the CoS priorit...

Страница 200: ...n select Configure DSCP 3 Click Configure The Configure DSCP Page opens Figure 142 Configure DSCP Page The Configure DSCP Page contains the following fields Restore Defaults Restores the device factor...

Страница 201: ...network managers to define the bandwidth settings for a specified egress interface The Bandwidth Page is not used with the Service mode as bandwidth settings are based on services To configure bandwi...

Страница 202: ...ss ports Defines the amount of bandwidth assigned to the interface The available values are 3 5 Mbps 1 Gbps for FE ports the maximum value equals the maximum port speed Egress Shaping Rates Indicates...

Страница 203: ...a backup copy of the device configuration Up to five backup configuration files can be saved on the device with user configured names These files are generated when the user copies the Running Config...

Страница 204: ...the Configuration File is restored to the factory defaults Unchecked After the Configuration File is restored to the factory defaults the system remains in session Unit No Indicates the unit number A...

Страница 205: ...d IP Format Defines the supported Internet Protocol for TFTP operations The possible field values are IPv4 Indicates that IPv4 is supported IPv6 Indicates that IPv6 is supported IPv6 Address Type If I...

Страница 206: ...below Firmware Device downloads or uploads a firmware file depending on the selection above Configuration Device downloads or uploads a configuration file depending on the selection above Source File...

Страница 207: ...Firmware Copies the Firmware or the Boot file from the Stacking Master Software Image Downloads the Image file Destination Unit Downloads firmware or the Boot file to the designated unit The values ar...

Страница 208: ...e Test Page opens Figure 147 Cable Test Page The Cable Test Page displays the following information Unit Number Indicates the stacking member for which the Ethernet ports information is displayed Port...

Страница 209: ...Utilities Page 209 3 Click Test The cable test is performed 4 Click Advanced The Cable Test Configuration Page opens and the copper cable test results are displayed Figure 148 Cable Test Configuratio...

Страница 210: ...ace configuration information is displayed Port Displays the IP address of the port on which the cable is tested Temperature Celsius Displays the temperature oC at which the cable is operating Voltage...

Страница 211: ...current device configuration from being lost To reset the device 1 Click Utilities Reset The Reset Page opens Figure 150 Reset Page 2 Select the Reset Unit No Select a specific unit number in the dro...

Страница 212: ...evice Statistics Managing RMON Statistics Viewing Device Statistics This section contains the following topics Viewing Interface Statistics Viewing Etherlike Statistics Viewing Interface Statistics Th...

Страница 213: ...statistics are not refreshed Receive Statistics Total Bytes Octets Displays the number of octets received on the selected interface Multicast Packets Displays the number of Multicast packets received...

Страница 214: ...nit No Specifies the unit for which the Etherlike statistics are displayed Port Specifies the port within the unit for which the Etherlike statistics are displayed Trunk Defines the specific trunk for...

Страница 215: ...ber of oversized packet errors on the selected interface Internal MAC Receive Errors Displays the number of internal MAC received errors on the selected interface Received Pause Frames Displays the nu...

Страница 216: ...t device utilization and errors that occurred on the device The RMON Statistics Page contains statistics for both received and transmitted packets To view RMON statistics 1 Click Statistics RMON Stati...

Страница 217: ...umber of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the in...

Страница 218: ...nk Specifies the trunk from which the RMON information was taken Sampling Interval Indicates in seconds the time period that samplings are taken from the ports The field range is 1 3600 The default is...

Страница 219: ...4 Click Apply The new entry is added to the history table and the device is updated To edit an RMON history entry 1 Click Statistics RMON History The RMON History Page opens 2 Click Modify The RMON Hi...

Страница 220: ...ed during a single sample To view the RMON History Table 1 Click Statistics RMON History The RMON History Page opens 2 Click View The RMON History Table Page opens Figure 157 RMON History Table Page T...

Страница 221: ...s last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Displays the number of o...

Страница 222: ...ent Entry Displays the event Community Displays the community to which the event belongs Description Displays the user defined event description Type Describes the event type Possible values are Log I...

Страница 223: ...k Modify The RMON Events Configuration Page opens 3 Select an event entry and define the fields for the entry 4 Click Apply The event control settings are saved and the device is updated Viewing the R...

Страница 224: ...ents Logs Page contains the following event log information Event Displays the RMON Events Log entry number Log No Displays the log number Log Time Displays the time when the log entry was entered Des...

Страница 225: ...ry Indicates a specific alarm Counter Name Displays the selected MIB variable Interface Displays interface for which RMON statistics are displayed The possible field values are Port Displays the RMON...

Страница 226: ...e field values are user defined RMON events Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher va...

Страница 227: ...Viewing Statistics Managing RMON Statistics Page 227 Figure 163 Alarm Configuration Page 3 Define the fields 4 Click Apply The RMON alarm is saved and the device is updated...

Страница 228: ...the same software version Switch stacking and configuration is maintained by the Stacking Master The Stacking Master detects and reconfigures the ports with minimal operational impact in the event of...

Страница 229: ...e stack continues to function however only the unit with the older join time joins the stack A message is sent to the user notifying that a unit failed to join the stack For first time Unit ID assignm...

Страница 230: ...Stacking mode and Stand alone mode Each time the system reboots the Startup configuration file in the Master unit is used to configure the stack If a stack member is removed from the stack and then r...

Страница 231: ...ter The unit is forced to be master of the stack Note that only Unit 1 or Unit 2 can be the stack master Select None for the system to decide which of the two master enabled units is the master in the...

Страница 232: ...minal or a desktop or portable system with a serial port and running VT100 terminal emulation software The CLI can be accessed through the connected Terminal To connect a terminal to the device Consol...

Страница 233: ...onfigurations are required Static IP Address and Subnet Mask User Name Static IP Address and Subnet Mask IP interfaces can be configured on each port of the device After entering the configuration com...

Страница 234: ...configured user name is entered as a login name for remote management sessions To configure user name and privilege level enter the command at the system prompt as shown in the configuration example D...

Страница 235: ...Copy 3329361 bytes copied in 00 03 00 hh mm ss console show bootvar Unit Image Filename Version Date Status 1 1 image 1 v1 1 0 29 25 Nov 2007 12 46 12 Not active 1 2 image 2 v1 1 0 29 25 Nov 2007 12 4...

Страница 236: ...t the device The device boots up with the updated boot and system files Console copy tftp 172 16 101 101 file1 ros image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 09 Jul...

Страница 237: ...g Member To download software an Stacking Member number 3 perform the following 1 Power up the stack as described in the Allied Telesis AT S95 Installation Guide The CLI command prompt is displayed 2...

Страница 238: ...umber 1 instead of number 3 as per the previous example 2 Enter the copy command to copy the software from the Stacking Master to the Stacking Member To copy the software from the Stacking Master to a...

Страница 239: ...ing time 36 Daylight Saving Time DST 36 Daylight Saving Time configuration broadcast time 35 DST per country 37 parameters 36 Default gateway 22 Delta 225 device management methods 41 43 DHCP 22 DHCP...

Страница 240: ...addresses 22 MAC Based ACL 75 Management methods 43 46 Management Station 161 162 MDI 102 MDIX 102 MED LLDP port settings 186 MED network policy 183 MSTP interface 143 MSTP mapping 146 MSTP properties...

Страница 241: ...dcast time 35 unicast time 35 SSH 53 Stacking 228 configuration 231 management interfaces 228 members 229 stacking chain topology 229 ring topology 228 Stacking Master 229 STP 134 136 140 STP configur...

Страница 242: ...system defaults and includes the following topics RS 232 Port Settings Port Defaults Configuration Defaults Security Defaults Jumbo Frame Defaults System Time Defaults Spanning Tree Defaults Address T...

Страница 243: ...t defaults Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 115 200 bps Auto Negotiation Enabled Auto Negotiation advertised capabilities Enabled Auto MDI MDIX Enabled Head of Line Bloc...

Страница 244: ...lts Jumbo Frame Defaults The following is the Jumbo Frame default System Time Defaults The following is the system time default Default User Name manager Default Password friend System Name None Comme...

Страница 245: ...wing are the VLAN defaults STP Enabled STP Port Enabled Rapid STP Enabled Multiple STP Disabled Fast Link Disabled Path Cost Long Number of MAC Entries 8 000 MAC Address Aging Time 300 seconds VLAN Aw...

Страница 246: ...The following are the Multicast defaults QoS Defaults The following are the QoS defaults Possible Trunks 8 Possible Ports per Trunk 8 LACP Ports Trunk 16 IGMP Snooping Disable Maximum Multicast Groups...

Результаты поиска

Содержание AT-S95

Отзывы:

Похожие инструкции для AT-S95

Бренды по названию

Популярные бренды

Allied Telesis AT-S95, Руководство пользователя

Результаты поиска

Содержание AT-S95

Отзывы:

Похожие инструкции для AT-S95

Бренды по названию

Популярные бренды